| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2009 The WebRTC project authors. All Rights Reserved. | 2 * Copyright 2009 The WebRTC project authors. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 70 const uint8_t* send_key, | 70 const uint8_t* send_key, |
| 71 int send_key_len, | 71 int send_key_len, |
| 72 int recv_cs, | 72 int recv_cs, |
| 73 const uint8_t* recv_key, | 73 const uint8_t* recv_key, |
| 74 int recv_key_len) { | 74 int recv_key_len) { |
| 75 if (IsActive()) { | 75 if (IsActive()) { |
| 76 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active"; | 76 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active"; |
| 77 return false; | 77 return false; |
| 78 } | 78 } |
| 79 CreateSrtpSessions(); | 79 CreateSrtpSessions(); |
| 80 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) | 80 send_session_->SetEncryptedHeaderExtensionIds( |
| 81 send_encrypted_header_extension_ids_); |
| 82 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) { |
| 81 return false; | 83 return false; |
| 84 } |
| 82 | 85 |
| 83 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) | 86 recv_session_->SetEncryptedHeaderExtensionIds( |
| 87 recv_encrypted_header_extension_ids_); |
| 88 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) { |
| 84 return false; | 89 return false; |
| 90 } |
| 85 | 91 |
| 86 state_ = ST_ACTIVE; | 92 state_ = ST_ACTIVE; |
| 87 | 93 |
| 88 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" | 94 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" |
| 89 << " send cipher_suite " << send_cs | 95 << " send cipher_suite " << send_cs |
| 90 << " recv cipher_suite " << recv_cs; | 96 << " recv cipher_suite " << recv_cs; |
| 91 return true; | 97 return true; |
| 92 } | 98 } |
| 93 | 99 |
| 100 bool SrtpFilter::UpdateRtpParams(int send_cs, |
| 101 const uint8_t* send_key, |
| 102 int send_key_len, |
| 103 int recv_cs, |
| 104 const uint8_t* recv_key, |
| 105 int recv_key_len) { |
| 106 if (!IsActive()) { |
| 107 LOG(LS_ERROR) << "Tried to update SRTP Params when filter is not active"; |
| 108 return false; |
| 109 } |
| 110 send_session_->SetEncryptedHeaderExtensionIds( |
| 111 send_encrypted_header_extension_ids_); |
| 112 if (!send_session_->UpdateSend(send_cs, send_key, send_key_len)) { |
| 113 return false; |
| 114 } |
| 115 |
| 116 recv_session_->SetEncryptedHeaderExtensionIds( |
| 117 recv_encrypted_header_extension_ids_); |
| 118 if (!recv_session_->UpdateRecv(recv_cs, recv_key, recv_key_len)) { |
| 119 return false; |
| 120 } |
| 121 |
| 122 LOG(LS_INFO) << "SRTP updated with negotiated parameters:" |
| 123 << " send cipher_suite " << send_cs |
| 124 << " recv cipher_suite " << recv_cs; |
| 125 return true; |
| 126 } |
| 127 |
| 94 // This function is provided separately because DTLS-SRTP behaves | 128 // This function is provided separately because DTLS-SRTP behaves |
| 95 // differently in RTP/RTCP mux and non-mux modes. | 129 // differently in RTP/RTCP mux and non-mux modes. |
| 96 // | 130 // |
| 97 // - In the non-muxed case, RTP and RTCP are keyed with different | 131 // - In the non-muxed case, RTP and RTCP are keyed with different |
| 98 // keys (from different DTLS handshakes), and so we need a new | 132 // keys (from different DTLS handshakes), and so we need a new |
| 99 // SrtpSession. | 133 // SrtpSession. |
| 100 // - In the muxed case, they are keyed with the same keys, so | 134 // - In the muxed case, they are keyed with the same keys, so |
| 101 // this function is not needed | 135 // this function is not needed |
| 102 bool SrtpFilter::SetRtcpParams(int send_cs, | 136 bool SrtpFilter::SetRtcpParams(int send_cs, |
| 103 const uint8_t* send_key, | 137 const uint8_t* send_key, |
| 104 int send_key_len, | 138 int send_key_len, |
| 105 int recv_cs, | 139 int recv_cs, |
| 106 const uint8_t* recv_key, | 140 const uint8_t* recv_key, |
| 107 int recv_key_len) { | 141 int recv_key_len) { |
| 108 // This can only be called once, but can be safely called after | 142 // This can only be called once, but can be safely called after |
| 109 // SetRtpParams | 143 // SetRtpParams |
| 110 if (send_rtcp_session_ || recv_rtcp_session_) { | 144 if (send_rtcp_session_ || recv_rtcp_session_) { |
| 111 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; | 145 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; |
| 112 return false; | 146 return false; |
| 113 } | 147 } |
| 114 | 148 |
| 115 send_rtcp_session_.reset(new SrtpSession()); | 149 send_rtcp_session_.reset(new SrtpSession()); |
| 116 if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len)) | 150 if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len)) { |
| 117 return false; | 151 return false; |
| 152 } |
| 118 | 153 |
| 119 recv_rtcp_session_.reset(new SrtpSession()); | 154 recv_rtcp_session_.reset(new SrtpSession()); |
| 120 if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len)) | 155 if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len)) { |
| 121 return false; | 156 return false; |
| 157 } |
| 122 | 158 |
| 123 LOG(LS_INFO) << "SRTCP activated with negotiated parameters:" | 159 LOG(LS_INFO) << "SRTCP activated with negotiated parameters:" |
| 124 << " send cipher_suite " << send_cs | 160 << " send cipher_suite " << send_cs |
| 125 << " recv cipher_suite " << recv_cs; | 161 << " recv cipher_suite " << recv_cs; |
| 126 | 162 |
| 127 return true; | 163 return true; |
| 128 } | 164 } |
| 129 | 165 |
| 130 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { | 166 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { |
| 131 if (!IsActive()) { | 167 if (!IsActive()) { |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 217 bool SrtpFilter::IsExternalAuthActive() const { | 253 bool SrtpFilter::IsExternalAuthActive() const { |
| 218 if (!IsActive()) { | 254 if (!IsActive()) { |
| 219 LOG(LS_WARNING) << "Failed to check IsExternalAuthActive: SRTP not active"; | 255 LOG(LS_WARNING) << "Failed to check IsExternalAuthActive: SRTP not active"; |
| 220 return false; | 256 return false; |
| 221 } | 257 } |
| 222 | 258 |
| 223 RTC_CHECK(send_session_); | 259 RTC_CHECK(send_session_); |
| 224 return send_session_->IsExternalAuthActive(); | 260 return send_session_->IsExternalAuthActive(); |
| 225 } | 261 } |
| 226 | 262 |
| 263 void SrtpFilter::SetEncryptedHeaderExtensionIds(ContentSource source, |
| 264 const std::vector<int>& extension_ids) { |
| 265 if (source == CS_LOCAL) { |
| 266 recv_encrypted_header_extension_ids_ = extension_ids; |
| 267 } else { |
| 268 send_encrypted_header_extension_ids_ = extension_ids; |
| 269 } |
| 270 } |
| 271 |
| 227 bool SrtpFilter::ExpectOffer(ContentSource source) { | 272 bool SrtpFilter::ExpectOffer(ContentSource source) { |
| 228 return ((state_ == ST_INIT) || | 273 return ((state_ == ST_INIT) || |
| 229 (state_ == ST_ACTIVE) || | 274 (state_ == ST_ACTIVE) || |
| 230 (state_ == ST_SENTOFFER && source == CS_LOCAL) || | 275 (state_ == ST_SENTOFFER && source == CS_LOCAL) || |
| 231 (state_ == ST_SENTUPDATEDOFFER && source == CS_LOCAL) || | 276 (state_ == ST_SENTUPDATEDOFFER && source == CS_LOCAL) || |
| 232 (state_ == ST_RECEIVEDOFFER && source == CS_REMOTE) || | 277 (state_ == ST_RECEIVEDOFFER && source == CS_REMOTE) || |
| 233 (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_REMOTE)); | 278 (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_REMOTE)); |
| 234 } | 279 } |
| 235 | 280 |
| 236 bool SrtpFilter::StoreParams(const std::vector<CryptoParams>& params, | 281 bool SrtpFilter::StoreParams(const std::vector<CryptoParams>& params, |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 377 // TODO(juberti): Zero these buffers after use. | 422 // TODO(juberti): Zero these buffers after use. |
| 378 bool ret; | 423 bool ret; |
| 379 rtc::Buffer send_key(send_key_len + send_salt_len); | 424 rtc::Buffer send_key(send_key_len + send_salt_len); |
| 380 rtc::Buffer recv_key(recv_key_len + recv_salt_len); | 425 rtc::Buffer recv_key(recv_key_len + recv_salt_len); |
| 381 ret = (ParseKeyParams(send_params.key_params, send_key.data(), | 426 ret = (ParseKeyParams(send_params.key_params, send_key.data(), |
| 382 send_key.size()) && | 427 send_key.size()) && |
| 383 ParseKeyParams(recv_params.key_params, recv_key.data(), | 428 ParseKeyParams(recv_params.key_params, recv_key.data(), |
| 384 recv_key.size())); | 429 recv_key.size())); |
| 385 if (ret) { | 430 if (ret) { |
| 386 CreateSrtpSessions(); | 431 CreateSrtpSessions(); |
| 432 send_session_->SetEncryptedHeaderExtensionIds( |
| 433 send_encrypted_header_extension_ids_); |
| 434 recv_session_->SetEncryptedHeaderExtensionIds( |
| 435 recv_encrypted_header_extension_ids_); |
| 387 ret = (send_session_->SetSend( | 436 ret = (send_session_->SetSend( |
| 388 rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), | 437 rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), |
| 389 send_key.data(), send_key.size()) && | 438 send_key.data(), send_key.size()) && |
| 390 recv_session_->SetRecv( | 439 recv_session_->SetRecv( |
| 391 rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), | 440 rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), |
| 392 recv_key.data(), recv_key.size())); | 441 recv_key.data(), recv_key.size())); |
| 393 } | 442 } |
| 394 if (ret) { | 443 if (ret) { |
| 395 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" | 444 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" |
| 396 << " send cipher_suite " << send_params.cipher_suite | 445 << " send cipher_suite " << send_params.cipher_suite |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 449 if (session_) { | 498 if (session_) { |
| 450 srtp_set_user_data(session_, nullptr); | 499 srtp_set_user_data(session_, nullptr); |
| 451 srtp_dealloc(session_); | 500 srtp_dealloc(session_); |
| 452 } | 501 } |
| 453 } | 502 } |
| 454 | 503 |
| 455 bool SrtpSession::SetSend(int cs, const uint8_t* key, size_t len) { | 504 bool SrtpSession::SetSend(int cs, const uint8_t* key, size_t len) { |
| 456 return SetKey(ssrc_any_outbound, cs, key, len); | 505 return SetKey(ssrc_any_outbound, cs, key, len); |
| 457 } | 506 } |
| 458 | 507 |
| 508 bool SrtpSession::UpdateSend(int cs, const uint8_t* key, size_t len) { |
| 509 return UpdateKey(ssrc_any_outbound, cs, key, len); |
| 510 } |
| 511 |
| 459 bool SrtpSession::SetRecv(int cs, const uint8_t* key, size_t len) { | 512 bool SrtpSession::SetRecv(int cs, const uint8_t* key, size_t len) { |
| 460 return SetKey(ssrc_any_inbound, cs, key, len); | 513 return SetKey(ssrc_any_inbound, cs, key, len); |
| 461 } | 514 } |
| 462 | 515 |
| 516 bool SrtpSession::UpdateRecv(int cs, const uint8_t* key, size_t len) { |
| 517 return UpdateKey(ssrc_any_inbound, cs, key, len); |
| 518 } |
| 519 |
| 463 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { | 520 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { |
| 464 RTC_DCHECK(thread_checker_.CalledOnValidThread()); | 521 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 465 if (!session_) { | 522 if (!session_) { |
| 466 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; | 523 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; |
| 467 return false; | 524 return false; |
| 468 } | 525 } |
| 469 | 526 |
| 470 int need_len = in_len + rtp_auth_tag_len_; // NOLINT | 527 int need_len = in_len + rtp_auth_tag_len_; // NOLINT |
| 471 if (max_len < need_len) { | 528 if (max_len < need_len) { |
| 472 LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length " | 529 LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length " |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 608 return false; | 665 return false; |
| 609 } | 666 } |
| 610 | 667 |
| 611 // Shift packet index, put into network byte order | 668 // Shift packet index, put into network byte order |
| 612 *index = static_cast<int64_t>( | 669 *index = static_cast<int64_t>( |
| 613 rtc::NetworkToHost64( | 670 rtc::NetworkToHost64( |
| 614 srtp_rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); | 671 srtp_rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); |
| 615 return true; | 672 return true; |
| 616 } | 673 } |
| 617 | 674 |
| 618 bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) { | 675 |
| 676 bool SrtpSession::DoSetKey(int type, int cs, const uint8_t* key, size_t len) { |
| 619 RTC_DCHECK(thread_checker_.CalledOnValidThread()); | 677 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 620 if (session_) { | |
| 621 LOG(LS_ERROR) << "Failed to create SRTP session: " | |
| 622 << "SRTP session already created"; | |
| 623 return false; | |
| 624 } | |
| 625 | |
| 626 if (!Init()) { | |
| 627 return false; | |
| 628 } | |
| 629 | 678 |
| 630 srtp_policy_t policy; | 679 srtp_policy_t policy; |
| 631 memset(&policy, 0, sizeof(policy)); | 680 memset(&policy, 0, sizeof(policy)); |
| 632 if (cs == rtc::SRTP_AES128_CM_SHA1_80) { | 681 if (cs == rtc::SRTP_AES128_CM_SHA1_80) { |
| 633 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); | 682 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); |
| 634 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); | 683 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); |
| 635 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { | 684 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { |
| 636 // RTP HMAC is shortened to 32 bits, but RTCP remains 80 bits. | 685 // RTP HMAC is shortened to 32 bits, but RTCP remains 80 bits. |
| 637 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); | 686 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); |
| 638 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); | 687 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); |
| 639 } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) { | 688 } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) { |
| 640 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); | 689 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); |
| 641 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); | 690 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); |
| 642 } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) { | 691 } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) { |
| 643 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp); | 692 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp); |
| 644 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp); | 693 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp); |
| 645 } else { | 694 } else { |
| 646 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" | 695 LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create") |
| 647 << " cipher_suite " << cs; | 696 << " SRTP session: unsupported cipher_suite " << cs; |
| 648 return false; | 697 return false; |
| 649 } | 698 } |
| 650 | 699 |
| 651 int expected_key_len; | 700 int expected_key_len; |
| 652 int expected_salt_len; | 701 int expected_salt_len; |
| 653 if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len, | 702 if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len, |
| 654 &expected_salt_len)) { | 703 &expected_salt_len)) { |
| 655 // This should never happen. | 704 // This should never happen. |
| 656 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" | 705 LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create") |
| 657 << " cipher_suite without length information" << cs; | 706 << " SRTP session: unsupported cipher_suite without length information" |
| 707 << cs; |
| 658 return false; | 708 return false; |
| 659 } | 709 } |
| 660 | 710 |
| 661 if (!key || | 711 if (!key || |
| 662 len != static_cast<size_t>(expected_key_len + expected_salt_len)) { | 712 len != static_cast<size_t>(expected_key_len + expected_salt_len)) { |
| 663 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key"; | 713 LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create") |
| 714 << " SRTP session: invalid key"; |
| 664 return false; | 715 return false; |
| 665 } | 716 } |
| 666 | 717 |
| 667 policy.ssrc.type = static_cast<srtp_ssrc_type_t>(type); | 718 policy.ssrc.type = static_cast<srtp_ssrc_type_t>(type); |
| 668 policy.ssrc.value = 0; | 719 policy.ssrc.value = 0; |
| 669 policy.key = const_cast<uint8_t*>(key); | 720 policy.key = const_cast<uint8_t*>(key); |
| 670 // TODO(astor) parse window size from WSH session-param | 721 // TODO(astor) parse window size from WSH session-param |
| 671 policy.window_size = 1024; | 722 policy.window_size = 1024; |
| 672 policy.allow_repeat_tx = 1; | 723 policy.allow_repeat_tx = 1; |
| 673 // If external authentication option is enabled, supply custom auth module | 724 // If external authentication option is enabled, supply custom auth module |
| 674 // id EXTERNAL_HMAC_SHA1 in the policy structure. | 725 // id EXTERNAL_HMAC_SHA1 in the policy structure. |
| 675 // We want to set this option only for rtp packets. | 726 // We want to set this option only for rtp packets. |
| 676 // By default policy structure is initialized to HMAC_SHA1. | 727 // By default policy structure is initialized to HMAC_SHA1. |
| 677 // Enable external HMAC authentication only for outgoing streams and only | 728 // Enable external HMAC authentication only for outgoing streams and only |
| 678 // for cipher suites that support it (i.e. only non-GCM cipher suites). | 729 // for cipher suites that support it (i.e. only non-GCM cipher suites). |
| 679 if (type == ssrc_any_outbound && IsExternalAuthEnabled() && | 730 if (type == ssrc_any_outbound && IsExternalAuthEnabled() && |
| 680 !rtc::IsGcmCryptoSuite(cs)) { | 731 !rtc::IsGcmCryptoSuite(cs)) { |
| 681 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; | 732 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; |
| 682 } | 733 } |
| 734 if (!encrypted_header_extension_ids_.empty()) { |
| 735 policy.enc_xtn_hdr = const_cast<int*>(&encrypted_header_extension_ids_[0]); |
| 736 policy.enc_xtn_hdr_count = encrypted_header_extension_ids_.size(); |
| 737 } |
| 683 policy.next = nullptr; | 738 policy.next = nullptr; |
| 684 | 739 |
| 685 int err = srtp_create(&session_, &policy); | 740 if (!session_) { |
| 686 if (err != srtp_err_status_ok) { | 741 int err = srtp_create(&session_, &policy); |
| 687 session_ = nullptr; | 742 if (err != srtp_err_status_ok) { |
| 688 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err; | 743 session_ = nullptr; |
| 689 return false; | 744 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err; |
| 745 return false; |
| 746 } |
| 747 srtp_set_user_data(session_, this); |
| 748 } else { |
| 749 int err = srtp_update(session_, &policy); |
| 750 if (err != srtp_err_status_ok) { |
| 751 LOG(LS_ERROR) << "Failed to update SRTP session, err=" << err; |
| 752 return false; |
| 753 } |
| 690 } | 754 } |
| 691 | 755 |
| 692 srtp_set_user_data(session_, this); | |
| 693 rtp_auth_tag_len_ = policy.rtp.auth_tag_len; | 756 rtp_auth_tag_len_ = policy.rtp.auth_tag_len; |
| 694 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; | 757 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; |
| 695 external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1); | 758 external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1); |
| 696 return true; | 759 return true; |
| 697 } | 760 } |
| 698 | 761 |
| 762 bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) { |
| 763 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 764 if (session_) { |
| 765 LOG(LS_ERROR) << "Failed to create SRTP session: " |
| 766 << "SRTP session already created"; |
| 767 return false; |
| 768 } |
| 769 |
| 770 if (!Init()) { |
| 771 return false; |
| 772 } |
| 773 |
| 774 return DoSetKey(type, cs, key, len); |
| 775 } |
| 776 |
| 777 bool SrtpSession::UpdateKey(int type, int cs, const uint8_t* key, size_t len) { |
| 778 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 779 if (!session_) { |
| 780 LOG(LS_ERROR) << "Failed to update non-existing SRTP session"; |
| 781 return false; |
| 782 } |
| 783 |
| 784 return DoSetKey(type, cs, key, len); |
| 785 } |
| 786 |
| 787 void SrtpSession::SetEncryptedHeaderExtensionIds( |
| 788 const std::vector<int>& encrypted_header_extension_ids) { |
| 789 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 790 encrypted_header_extension_ids_ = encrypted_header_extension_ids; |
| 791 } |
| 792 |
| 699 bool SrtpSession::Init() { | 793 bool SrtpSession::Init() { |
| 700 rtc::GlobalLockScope ls(&lock_); | 794 rtc::GlobalLockScope ls(&lock_); |
| 701 | 795 |
| 702 if (!inited_) { | 796 if (!inited_) { |
| 703 int err; | 797 int err; |
| 704 err = srtp_init(); | 798 err = srtp_init(); |
| 705 if (err != srtp_err_status_ok) { | 799 if (err != srtp_err_status_ok) { |
| 706 LOG(LS_ERROR) << "Failed to init SRTP, err=" << err; | 800 LOG(LS_ERROR) << "Failed to init SRTP, err=" << err; |
| 707 return false; | 801 return false; |
| 708 } | 802 } |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 762 // Callback will be executed from same thread that calls the "srtp_protect" | 856 // Callback will be executed from same thread that calls the "srtp_protect" |
| 763 // and "srtp_unprotect" functions. | 857 // and "srtp_unprotect" functions. |
| 764 SrtpSession* session = static_cast<SrtpSession*>( | 858 SrtpSession* session = static_cast<SrtpSession*>( |
| 765 srtp_get_user_data(ev->session)); | 859 srtp_get_user_data(ev->session)); |
| 766 if (session) { | 860 if (session) { |
| 767 session->HandleEvent(ev); | 861 session->HandleEvent(ev); |
| 768 } | 862 } |
| 769 } | 863 } |
| 770 | 864 |
| 771 } // namespace cricket | 865 } // namespace cricket |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2761143002:
Support encrypted RTP extensions (RFC 6904) (Closed)
