Support encrypted RTP extensions (RFC 6904)

webrtc/pc/srtpfilter.h

 /*
  *  Copyright 2009 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 58 matching lines @@
   bool SetProvisionalAnswer(const std::vector<CryptoParams>& answer_params,
                             ContentSource source);
   // Indicates which crypto algorithms and keys were contained in the answer.
   // answer_params should contain the negotiated parameters, which may be none,
   // if crypto was not desired or could not be negotiated (and not required).
   // This must be called after SetOffer. If crypto negotiation completes
   // successfully, this will advance the filter to the active state.
   bool SetAnswer(const std::vector<CryptoParams>& answer_params,
                  ContentSource source);
 
+  // Set the header extension ids that should be encrypted for the given source.
+  void SetEncryptedHeaderExtensionIds(ContentSource source,
+      const std::vector<int>& extension_ids);
+
   // Just set up both sets of keys directly.
   // Used with DTLS-SRTP.
   bool SetRtpParams(int send_cs,
                     const uint8_t* send_key,
                     int send_key_len,
                     int recv_cs,
                     const uint8_t* recv_key,
                     int recv_key_len);
+  bool UpdateRtpParams(int send_cs,
+                       const uint8_t* send_key,
+                       int send_key_len,
+                       int recv_cs,
+                       const uint8_t* recv_key,
+                       int recv_key_len);
   bool SetRtcpParams(int send_cs,
                      const uint8_t* send_key,
                      int send_key_len,
                      int recv_cs,
                      const uint8_t* recv_key,
                      int recv_key_len);
 
   // Encrypts/signs an individual RTP/RTCP packet, in-place.
   // If an HMAC is used, this will increase the packet size.
   bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
@@ skipping 73 matching lines @@
   };
   State state_ = ST_INIT;
   bool external_auth_enabled_ = false;
   std::vector<CryptoParams> offer_params_;
   std::unique_ptr<SrtpSession> send_session_;
   std::unique_ptr<SrtpSession> recv_session_;
   std::unique_ptr<SrtpSession> send_rtcp_session_;
   std::unique_ptr<SrtpSession> recv_rtcp_session_;
   CryptoParams applied_send_params_;
   CryptoParams applied_recv_params_;
+  std::vector<int> send_encrypted_header_extension_ids_;
+  std::vector<int> recv_encrypted_header_extension_ids_;
 };
 
 // Class that wraps a libSRTP session.
 class SrtpSession {
  public:
   SrtpSession();
   ~SrtpSession();
 
   // Configures the session for sending data using the specified
   // cipher-suite and key. Receiving must be done by a separate session.
   bool SetSend(int cs, const uint8_t* key, size_t len);
+  bool UpdateSend(int cs, const uint8_t* key, size_t len);
+
   // Configures the session for receiving data using the specified
   // cipher-suite and key. Sending must be done by a separate session.
   bool SetRecv(int cs, const uint8_t* key, size_t len);
+  bool UpdateRecv(int cs, const uint8_t* key, size_t len);
+
+  void SetEncryptedHeaderExtensionIds(
+      const std::vector<int>& encrypted_header_extension_ids);
 
   // Encrypts/signs an individual RTP/RTCP packet, in-place.
   // If an HMAC is used, this will increase the packet size.
   bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
   // Overloaded version, outputs packet index.
   bool ProtectRtp(void* data,
                   int in_len,
                   int max_len,
                   int* out_len,
                   int64_t* index);
@@ skipping 18 matching lines @@
 
   // A SRTP session supports external creation of the auth tag if a non-GCM
   // cipher is used. This method is only valid after the RTP params have
   // been set.
   bool IsExternalAuthActive() const;
 
   // Calls srtp_shutdown if it's initialized.
   static void Terminate();
 
  private:
+  bool DoSetKey(int type, int cs, const uint8_t* key, size_t len);
   bool SetKey(int type, int cs, const uint8_t* key, size_t len);
+  bool UpdateKey(int type, int cs, const uint8_t* key, size_t len);
+  bool SetEncryptedHeaderExtensionIds(int type,
+      const std::vector<int>& encrypted_header_extension_ids);
     // Returns send stream current packet index from srtp db.
   bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index);
 
   static bool Init();
   void HandleEvent(const srtp_event_data_t* ev);
   static void HandleEventThunk(srtp_event_data_t* ev);
 
   rtc::ThreadChecker thread_checker_;
   srtp_ctx_t_* session_ = nullptr;
   int rtp_auth_tag_len_ = 0;
   int rtcp_auth_tag_len_ = 0;
   static bool inited_;
   static rtc::GlobalLockPod lock_;
   int last_send_seq_num_ = -1;
   bool external_auth_active_ = false;
   bool external_auth_enabled_ = false;
+  std::vector<int> encrypted_header_extension_ids_;
   RTC_DISALLOW_COPY_AND_ASSIGN(SrtpSession);
 };
 
 }  // namespace cricket
 
 #endif  // WEBRTC_PC_SRTPFILTER_H_