Support encrypted RTP extensions (RFC 6904)

webrtc/pc/mediasession.cc

 /*
  *  Copyright 2004 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 914 matching lines @@
           rtc::ToString(matching_codec.id);
       used_pltypes->FindAndSetIdUsed(&rtx_codec);
       offered_codecs->push_back(rtx_codec);
     }
   }
 }
 
 static bool FindByUri(const RtpHeaderExtensions& extensions,
                       const webrtc::RtpExtension& ext_to_match,
                       webrtc::RtpExtension* found_extension) {
+  // We assume that all URIs are given in a canonical format.
+  const webrtc::RtpExtension* found =
+      webrtc::RtpExtension::FindHeaderExtensionByUri(extensions,
+                                                     ext_to_match.uri);
+  if (!found) {
+    return false;
+  }
+  if (found_extension) {
+    *found_extension = *found;
+  }
+  return true;
+}
+
+static bool FindByUriWithEncryptionPreference(
+    const RtpHeaderExtensions& extensions,
+    const webrtc::RtpExtension& ext_to_match, bool encryption_preference,
+    webrtc::RtpExtension* found_extension) {
+  const webrtc::RtpExtension* regular_extension = nullptr;
   for (RtpHeaderExtensions::const_iterator it = extensions.begin();
        it  != extensions.end(); ++it) {
     // We assume that all URIs are given in a canonical format.
     if (it->uri == ext_to_match.uri) {
-      if (found_extension != NULL) {
+      if (!found_extension) {
+        return true;
+      }
+      if (!encryption_preference || it->encrypt) {
         *found_extension = *it;
+        return true;
       }

[pthatcher1, 2017/05/05 21:26:38]

This would be more clear the way you did it in the previous method:

if (!encryption_preference || it->encrypt) {
  if (found_extension) {
    *found_extension = *it;
  }
  return true;
}

[joachim, 2017/05/06 14:52:33]

Done.

-      return true;
+      regular_extension = &(*it);

[pthatcher1, 2017/05/05 21:26:38]

unencrypted_extension might be more clear

[joachim, 2017/05/06 14:52:33]

Done.

     }
   }
+  if (regular_extension) {
+    *found_extension = *regular_extension;
+    return true;

[pthatcher1, 2017/05/05 21:26:38]

I know you mixed it into the logic up above, but it would be feel much safer to
put the check here right before using it:

if (regular_extension) {
  if (found_extension) {
    *found_extension = *regular_extension;
  }
  return true;
}

[joachim, 2017/05/06 14:52:33]

Done.

+  }
   return false;
 }
 
-// Iterates through |offered_extensions|, adding each one to |all_extensions|
-// and |used_ids|, and resolving ID conflicts. If an offered extension has the
-// same URI as one in |all_extensions|, it will re-use the same ID and won't be
-// treated as a conflict.
+// Iterates through |offered_extensions|, adding each one to
+// |regular_extensions| (or |encrypted_extensions| if encrypted) and |used_ids|,
+// and resolving ID conflicts.
+// If an offered extension has the same URI as one in |regular_extensions| or
+// |encrypted_extensions|, it will re-use the same ID and won't be treated as
+// a conflict.
 static void FindAndSetRtpHdrExtUsed(RtpHeaderExtensions* offered_extensions,
-                                    RtpHeaderExtensions* all_extensions,
+                                    RtpHeaderExtensions* regular_extensions,
+                                    RtpHeaderExtensions* encrypted_extensions,
                                     UsedRtpHeaderExtensionIds* used_ids) {
   for (auto& extension : *offered_extensions) {
     webrtc::RtpExtension existing;
-    if (FindByUri(*all_extensions, extension, &existing)) {
+    if ((extension.encrypt &&
+        FindByUri(*encrypted_extensions, extension, &existing)) ||
+       (!extension.encrypt &&
+        FindByUri(*regular_extensions, extension, &existing))) {
       extension.id = existing.id;
     } else {
       used_ids->FindAndSetIdUsed(&extension);
-      all_extensions->push_back(extension);
+      if (extension.encrypt) {
+        encrypted_extensions->push_back(extension);
+      } else {
+        regular_extensions->push_back(extension);
+      }
     }
   }
 }
 
 // Adds |reference_extensions| to |offered_extensions|, while updating
 // |all_extensions| and |used_ids|.
 static void FindRtpHdrExtsToOffer(
     const RtpHeaderExtensions& reference_extensions,
     RtpHeaderExtensions* offered_extensions,
     RtpHeaderExtensions* all_extensions,
     UsedRtpHeaderExtensionIds* used_ids) {
   for (auto reference_extension : reference_extensions) {
     if (!FindByUri(*offered_extensions, reference_extension, NULL)) {
       webrtc::RtpExtension existing;
       if (FindByUri(*all_extensions, reference_extension, &existing)) {
         offered_extensions->push_back(existing);
       } else {
         used_ids->FindAndSetIdUsed(&reference_extension);
         all_extensions->push_back(reference_extension);
         offered_extensions->push_back(reference_extension);
       }
     }
   }
 }
 
+static void AddEncryptedVersionsOfHdrExts(RtpHeaderExtensions* extensions,
+                                          RtpHeaderExtensions* all_extensions,
+                                          UsedRtpHeaderExtensionIds* used_ids) {
+  RtpHeaderExtensions encrypted_extensions;
+  for (const webrtc::RtpExtension& extension : *extensions) {
+    webrtc::RtpExtension existing;
+    // Don't add encrypted extensions again that were already included in a
+    // previous offer or regular extensions that are also included as encrypted
+    // extensions.
+    if (extension.encrypt ||
+        !webrtc::RtpExtension::IsEncryptionSupported(extension.uri) ||
+        (FindByUriWithEncryptionPreference(*extensions, extension, true,
+            &existing) && existing.encrypt)) {
+      continue;
+    }
+
+    if (FindByUri(*all_extensions, extension, &existing)) {
+      encrypted_extensions.push_back(existing);
+    } else {
+      webrtc::RtpExtension encrypted(extension);
+      encrypted.encrypt = true;
+      used_ids->FindAndSetIdUsed(&encrypted);
+      all_extensions->push_back(encrypted);
+      encrypted_extensions.push_back(encrypted);
+    }
+  }
+  extensions->insert(extensions->end(), encrypted_extensions.begin(),
+      encrypted_extensions.end());
+}
+
 static void NegotiateRtpHeaderExtensions(
     const RtpHeaderExtensions& local_extensions,
     const RtpHeaderExtensions& offered_extensions,
+    bool enable_encrypted_rtp_header_extensions,
     RtpHeaderExtensions* negotiated_extenstions) {
   RtpHeaderExtensions::const_iterator ours;
   for (ours = local_extensions.begin();
        ours != local_extensions.end(); ++ours) {
     webrtc::RtpExtension theirs;
-    if (FindByUri(offered_extensions, *ours, &theirs)) {
+    if (FindByUriWithEncryptionPreference(offered_extensions, *ours,
+        enable_encrypted_rtp_header_extensions, &theirs)) {
       // We respond with their RTP header extension id.
       negotiated_extenstions->push_back(theirs);
     }
   }
 }
 
 static void StripCNCodecs(AudioCodecs* audio_codecs) {
   AudioCodecs::iterator iter = audio_codecs->begin();
   while (iter != audio_codecs->end()) {
     if (STR_CASE_CMP(iter->name.c_str(), kComfortNoiseCodecName) == 0) {
@@ skipping 14 matching lines @@
 // from the incoming session-initiate.  If the negotiation fails, this
 // method returns false.  The created content is added to the offer.
 template <class C>
 static bool CreateMediaContentAnswer(
     const MediaContentDescriptionImpl<C>* offer,
     const MediaSessionOptions& options,
     const std::vector<C>& local_codecs,
     const SecurePolicy& sdes_policy,
     const CryptoParamsVec* current_cryptos,
     const RtpHeaderExtensions& local_rtp_extenstions,
+    bool enable_encrypted_rtp_header_extensions,
     StreamParamsVec* current_streams,
     bool add_legacy_stream,
     bool bundle_enabled,
     MediaContentDescriptionImpl<C>* answer) {
   std::vector<C> negotiated_codecs;
   NegotiateCodecs(local_codecs, offer->codecs(), &negotiated_codecs);
   answer->AddCodecs(negotiated_codecs);
   answer->set_protocol(offer->protocol());
   RtpHeaderExtensions negotiated_rtp_extensions;
   NegotiateRtpHeaderExtensions(local_rtp_extenstions,
                                offer->rtp_header_extensions(),
+                               enable_encrypted_rtp_header_extensions,
                                &negotiated_rtp_extensions);
   answer->set_rtp_header_extensions(negotiated_rtp_extensions);
 
   answer->set_rtcp_mux(options.rtcp_mux_enabled && offer->rtcp_mux());
   if (answer->type() == cricket::MEDIA_TYPE_VIDEO) {
     answer->set_rtcp_reduced_size(offer->rtcp_reduced_size());
   }
 
   if (sdes_policy != SEC_DISABLED) {
     CryptoParams crypto;
@@ skipping 518 matching lines @@
                                &used_pltypes);
 }
 
 void MediaSessionDescriptionFactory::GetRtpHdrExtsToOffer(
     const SessionDescription* current_description,
     RtpHeaderExtensions* audio_extensions,
     RtpHeaderExtensions* video_extensions) const {
   // All header extensions allocated from the same range to avoid potential
   // issues when using BUNDLE.
   UsedRtpHeaderExtensionIds used_ids;
-  RtpHeaderExtensions all_extensions;
+  RtpHeaderExtensions all_regular_extensions;
+  RtpHeaderExtensions all_encrypted_extensions;
   audio_extensions->clear();
   video_extensions->clear();
 
   // First - get all extensions from the current description if the media type
   // is used.
   // Add them to |used_ids| so the local ids are not reused if a new media
   // type is added.
   if (current_description) {
     const AudioContentDescription* audio =
         GetFirstAudioContentDescription(current_description);
     if (audio) {
       *audio_extensions = audio->rtp_header_extensions();
-      FindAndSetRtpHdrExtUsed(audio_extensions, &all_extensions, &used_ids);
+      FindAndSetRtpHdrExtUsed(audio_extensions, &all_regular_extensions,
+          &all_encrypted_extensions, &used_ids);
     }
     const VideoContentDescription* video =
         GetFirstVideoContentDescription(current_description);
     if (video) {
       *video_extensions = video->rtp_header_extensions();
-      FindAndSetRtpHdrExtUsed(video_extensions, &all_extensions, &used_ids);
+      FindAndSetRtpHdrExtUsed(video_extensions, &all_regular_extensions,
+          &all_encrypted_extensions, &used_ids);
     }
   }
 
   // Add our default RTP header extensions that are not in
   // |current_description|.
   FindRtpHdrExtsToOffer(audio_rtp_header_extensions(), audio_extensions,
-                        &all_extensions, &used_ids);
+                        &all_regular_extensions, &used_ids);
   FindRtpHdrExtsToOffer(video_rtp_header_extensions(), video_extensions,
-                        &all_extensions, &used_ids);
+                        &all_regular_extensions, &used_ids);
+  // TODO(jbauch): Support adding encrypted header extensions to existing
+  // sessions.
+  if (enable_encrypted_rtp_header_extensions_ && !current_description) {
+    AddEncryptedVersionsOfHdrExts(audio_extensions, &all_encrypted_extensions,
+        &used_ids);
+    AddEncryptedVersionsOfHdrExts(video_extensions, &all_encrypted_extensions,
+        &used_ids);
+  }
 }
 
 bool MediaSessionDescriptionFactory::AddTransportOffer(
   const std::string& content_name,
   const TransportOptions& transport_options,
   const SessionDescription* current_desc,
   SessionDescription* offer_desc) const {
   if (!transport_desc_factory_)
      return false;
   const TransportDescription* current_tdesc =
@@ skipping 253 matching lines @@
   // Do not require or create SDES cryptos if DTLS is used.
   cricket::SecurePolicy sdes_policy =
       audio_transport->secure() ? cricket::SEC_DISABLED : secure();
   if (!CreateMediaContentAnswer(
           offer_audio,
           options,
           audio_codecs,
           sdes_policy,
           GetCryptos(GetFirstAudioContentDescription(current_description)),
           audio_rtp_extensions_,
+          enable_encrypted_rtp_header_extensions_,
           current_streams,
           add_legacy_,
           bundle_enabled,
           audio_answer.get())) {
     return false;  // Fails the session setup.
   }
 
   bool secure = bundle_transport ? bundle_transport->description.secure()
                                  : audio_transport->secure();
   bool rejected = !options.has_audio() || audio_content->rejected ||
@@ skipping 36 matching lines @@
   bool bundle_enabled =
       offer->HasGroup(GROUP_TYPE_BUNDLE) && options.bundle_enabled;
   if (!CreateMediaContentAnswer(
           static_cast<const VideoContentDescription*>(
               video_content->description),
           options,
           video_codecs_,
           sdes_policy,
           GetCryptos(GetFirstVideoContentDescription(current_description)),
           video_rtp_extensions_,
+          enable_encrypted_rtp_header_extensions_,
           current_streams,
           add_legacy_,
           bundle_enabled,
           video_answer.get())) {
     return false;
   }
   bool secure = bundle_transport ? bundle_transport->description.secure()
                                  : video_transport->secure();
   bool rejected = !options.has_video() || video_content->rejected ||
                   !IsMediaProtocolSupported(MEDIA_TYPE_VIDEO,
@@ skipping 41 matching lines @@
   bool bundle_enabled =
       offer->HasGroup(GROUP_TYPE_BUNDLE) && options.bundle_enabled;
   if (!CreateMediaContentAnswer(
           static_cast<const DataContentDescription*>(
               data_content->description),
           options,
           data_codecs_,
           sdes_policy,
           GetCryptos(GetFirstDataContentDescription(current_description)),
           RtpHeaderExtensions(),
+          enable_encrypted_rtp_header_extensions_,
           current_streams,
           add_legacy_,
           bundle_enabled,
           data_answer.get())) {
     return false;  // Fails the session setup.
   }
 
   // Respond with sctpmap if the offer uses sctpmap.
   const DataContentDescription* offer_data_description =
       static_cast<const DataContentDescription*>(data_content->description);
@@ skipping 175 matching lines @@
       GetFirstMediaContentDescription(sdesc, MEDIA_TYPE_VIDEO));
 }
 
 DataContentDescription* GetFirstDataContentDescription(
     SessionDescription* sdesc) {
   return static_cast<DataContentDescription*>(
       GetFirstMediaContentDescription(sdesc, MEDIA_TYPE_DATA));
 }
 
 }  // namespace cricket