Support encrypted RTP extensions (RFC 6904)

webrtc/pc/mediasession.cc

 /*
  *  Copyright 2004 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 914 matching lines @@
           rtc::ToString(matching_codec.id);
       used_pltypes->FindAndSetIdUsed(&rtx_codec);
       offered_codecs->push_back(rtx_codec);
     }
   }
 }
 
 static bool FindByUri(const RtpHeaderExtensions& extensions,
                       const webrtc::RtpExtension& ext_to_match,
                       webrtc::RtpExtension* found_extension) {
+  // We assume that all URIs are given in a canonical format.
+  const webrtc::RtpExtension* found =
+      webrtc::RtpExtension::FindHeaderExtensionByUri(extensions,
+                                                     ext_to_match.uri);
+  if (!found) {
+    return false;
+  }
+  if (found_extension) {
+    *found_extension = *found;
+  }
+  return true;
+}
+
+static bool FindByUriWithEncryptionPreference(
+    const RtpHeaderExtensions& extensions,
+    const webrtc::RtpExtension& ext_to_match, bool encryption_preference,
+    webrtc::RtpExtension* found_extension) {
+  const webrtc::RtpExtension* regular_extension = nullptr;
   for (RtpHeaderExtensions::const_iterator it = extensions.begin();
        it  != extensions.end(); ++it) {
     // We assume that all URIs are given in a canonical format.
     if (it->uri == ext_to_match.uri) {
-      if (found_extension != NULL) {
+      if (!found_extension) {
+        return true;
+      }
+      if (!encryption_preference || it->encrypt) {
         *found_extension = *it;
+        return true;
       }
-      return true;
+      regular_extension = &(*it);
     }
   }
+  if (regular_extension) {
+    *found_extension = *regular_extension;
+    return true;
+  }
   return false;
 }
 
 // Iterates through |offered_extensions|, adding each one to |all_extensions|
 // and |used_ids|, and resolving ID conflicts. If an offered extension has the
 // same URI as one in |all_extensions|, it will re-use the same ID and won't be
 // treated as a conflict.
 static void FindAndSetRtpHdrExtUsed(RtpHeaderExtensions* offered_extensions,
                                     RtpHeaderExtensions* all_extensions,
                                     UsedRtpHeaderExtensionIds* used_ids) {
@@ skipping 22 matching lines @@
         offered_extensions->push_back(existing);
       } else {
         used_ids->FindAndSetIdUsed(&reference_extension);
         all_extensions->push_back(reference_extension);
         offered_extensions->push_back(reference_extension);
       }
     }
   }
 }
 
+static void AddEncryptedVersionsOfHdrExts(RtpHeaderExtensions* extensions,
+                                          UsedRtpHeaderExtensionIds* used_ids) {
+  RtpHeaderExtensions encrypted_extensions;
+  for (const webrtc::RtpExtension& extension : *extensions) {
+    if (extension.encrypt ||

[Taylor Brandstetter, 2017/03/23 20:10:56]

Could you leave a comment explaining why "extension.encrypt" is checked? I
assume it's because this ensures that the encrypted extension isn't added twice
for a subsequent offer.

[joachim, 2017/03/30 22:43:49]

Done and also updated the condition.

+        !webrtc::RtpExtension::IsEncryptionSupported(extension.uri)) {
+      continue;
+    }
+
+    webrtc::RtpExtension encrypted(extension);
+    encrypted.encrypt = true;
+    used_ids->FindAndSetIdUsed(&encrypted);

[Taylor Brandstetter, 2017/03/23 20:10:56]

If the same encrypted extension is used for audio and video, won't this result
in it using different IDs? This could be solved by doing the same thing as in
FindRtpHdrExtsToOffer, using the "all_extensions" list.

[joachim, 2017/03/30 22:43:49]

Done. Also added a test for encrypted id reuse and offer update
("MediaSessionDescriptionFactoryTest::RtpExtensionIdReusedEncrypted").

+    encrypted_extensions.push_back(encrypted);
+  }
+  extensions->insert(extensions->end(), encrypted_extensions.begin(),
+      encrypted_extensions.end());
+}
+
 static void NegotiateRtpHeaderExtensions(
     const RtpHeaderExtensions& local_extensions,
     const RtpHeaderExtensions& offered_extensions,
+    bool enable_encrypted_rtp_header_extensions,
     RtpHeaderExtensions* negotiated_extenstions) {
   RtpHeaderExtensions::const_iterator ours;
   for (ours = local_extensions.begin();
        ours != local_extensions.end(); ++ours) {
     webrtc::RtpExtension theirs;
-    if (FindByUri(offered_extensions, *ours, &theirs)) {
+    if (FindByUriWithEncryptionPreference(offered_extensions, *ours,
+        enable_encrypted_rtp_header_extensions, &theirs)) {
       // We respond with their RTP header extension id.
       negotiated_extenstions->push_back(theirs);
     }
   }
 }
 
 static void StripCNCodecs(AudioCodecs* audio_codecs) {
   AudioCodecs::iterator iter = audio_codecs->begin();
   while (iter != audio_codecs->end()) {
     if (STR_CASE_CMP(iter->name.c_str(), kComfortNoiseCodecName) == 0) {
@@ skipping 14 matching lines @@
 // from the incoming session-initiate.  If the negotiation fails, this
 // method returns false.  The created content is added to the offer.
 template <class C>
 static bool CreateMediaContentAnswer(
     const MediaContentDescriptionImpl<C>* offer,
     const MediaSessionOptions& options,
     const std::vector<C>& local_codecs,
     const SecurePolicy& sdes_policy,
     const CryptoParamsVec* current_cryptos,
     const RtpHeaderExtensions& local_rtp_extenstions,
+    bool enable_encrypted_rtp_header_extensions,
     StreamParamsVec* current_streams,
     bool add_legacy_stream,
     bool bundle_enabled,
     MediaContentDescriptionImpl<C>* answer) {
   std::vector<C> negotiated_codecs;
   NegotiateCodecs(local_codecs, offer->codecs(), &negotiated_codecs);
   answer->AddCodecs(negotiated_codecs);
   answer->set_protocol(offer->protocol());
   RtpHeaderExtensions negotiated_rtp_extensions;
   NegotiateRtpHeaderExtensions(local_rtp_extenstions,
                                offer->rtp_header_extensions(),
+                               enable_encrypted_rtp_header_extensions,
                                &negotiated_rtp_extensions);
   answer->set_rtp_header_extensions(negotiated_rtp_extensions);
 
   answer->set_rtcp_mux(options.rtcp_mux_enabled && offer->rtcp_mux());
   if (answer->type() == cricket::MEDIA_TYPE_VIDEO) {
     answer->set_rtcp_reduced_size(offer->rtcp_reduced_size());
   }
 
   if (sdes_policy != SEC_DISABLED) {
     CryptoParams crypto;
@@ skipping 547 matching lines @@
       FindAndSetRtpHdrExtUsed(video_extensions, &all_extensions, &used_ids);
     }
   }
 
   // Add our default RTP header extensions that are not in
   // |current_description|.
   FindRtpHdrExtsToOffer(audio_rtp_header_extensions(), audio_extensions,
                         &all_extensions, &used_ids);
   FindRtpHdrExtsToOffer(video_rtp_header_extensions(), video_extensions,
                         &all_extensions, &used_ids);
+  if (enable_encrypted_rtp_header_extensions_) {
+    AddEncryptedVersionsOfHdrExts(audio_extensions, &used_ids);
+    AddEncryptedVersionsOfHdrExts(video_extensions, &used_ids);
+  }
 }
 
 bool MediaSessionDescriptionFactory::AddTransportOffer(
   const std::string& content_name,
   const TransportOptions& transport_options,
   const SessionDescription* current_desc,
   SessionDescription* offer_desc) const {
   if (!transport_desc_factory_)
      return false;
   const TransportDescription* current_tdesc =
@@ skipping 253 matching lines @@
   // Do not require or create SDES cryptos if DTLS is used.
   cricket::SecurePolicy sdes_policy =
       audio_transport->secure() ? cricket::SEC_DISABLED : secure();
   if (!CreateMediaContentAnswer(
           offer_audio,
           options,
           audio_codecs,
           sdes_policy,
           GetCryptos(GetFirstAudioContentDescription(current_description)),
           audio_rtp_extensions_,
+          enable_encrypted_rtp_header_extensions_,
           current_streams,
           add_legacy_,
           bundle_enabled,
           audio_answer.get())) {
     return false;  // Fails the session setup.
   }
 
   bool secure = bundle_transport ? bundle_transport->description.secure()
                                  : audio_transport->secure();
   bool rejected = !options.has_audio() || audio_content->rejected ||
@@ skipping 36 matching lines @@
   bool bundle_enabled =
       offer->HasGroup(GROUP_TYPE_BUNDLE) && options.bundle_enabled;
   if (!CreateMediaContentAnswer(
           static_cast<const VideoContentDescription*>(
               video_content->description),
           options,
           video_codecs_,
           sdes_policy,
           GetCryptos(GetFirstVideoContentDescription(current_description)),
           video_rtp_extensions_,
+          enable_encrypted_rtp_header_extensions_,
           current_streams,
           add_legacy_,
           bundle_enabled,
           video_answer.get())) {
     return false;
   }
   bool secure = bundle_transport ? bundle_transport->description.secure()
                                  : video_transport->secure();
   bool rejected = !options.has_video() || video_content->rejected ||
                   !IsMediaProtocolSupported(MEDIA_TYPE_VIDEO,
@@ skipping 41 matching lines @@
   bool bundle_enabled =
       offer->HasGroup(GROUP_TYPE_BUNDLE) && options.bundle_enabled;
   if (!CreateMediaContentAnswer(
           static_cast<const DataContentDescription*>(
               data_content->description),
           options,
           data_codecs_,
           sdes_policy,
           GetCryptos(GetFirstDataContentDescription(current_description)),
           RtpHeaderExtensions(),
+          enable_encrypted_rtp_header_extensions_,
           current_streams,
           add_legacy_,
           bundle_enabled,
           data_answer.get())) {
     return false;  // Fails the session setup.
   }
 
   // Respond with sctpmap if the offer uses sctpmap.
   const DataContentDescription* offer_data_description =
       static_cast<const DataContentDescription*>(data_content->description);
@@ skipping 175 matching lines @@
       GetFirstMediaContentDescription(sdesc, MEDIA_TYPE_VIDEO));
 }
 
 DataContentDescription* GetFirstDataContentDescription(
     SessionDescription* sdesc) {
   return static_cast<DataContentDescription*>(
       GetFirstMediaContentDescription(sdesc, MEDIA_TYPE_DATA));
 }
 
 }  // namespace cricket