Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(103)

Side by Side Diff: webrtc/pc/srtpfilter.cc

Issue 2761143002: Support encrypted RTP extensions (RFC 6904) (Closed)
Patch Set: Don't negotiate extension ids in SrtpFilter, more changes after feedback from Taylor. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright 2009 The WebRTC project authors. All Rights Reserved. 2 * Copyright 2009 The WebRTC project authors. All Rights Reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
70 const uint8_t* send_key, 70 const uint8_t* send_key,
71 int send_key_len, 71 int send_key_len,
72 int recv_cs, 72 int recv_cs,
73 const uint8_t* recv_key, 73 const uint8_t* recv_key,
74 int recv_key_len) { 74 int recv_key_len) {
75 if (IsActive()) { 75 if (IsActive()) {
76 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active"; 76 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active";
77 return false; 77 return false;
78 } 78 }
79 CreateSrtpSessions(); 79 CreateSrtpSessions();
80 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) 80 send_session_->SetEncryptedHeaderExtensionIds(
81 send_encrypted_header_extension_ids_);
82 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) {
81 return false; 83 return false;
84 }
82 85
83 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) 86 recv_session_->SetEncryptedHeaderExtensionIds(
87 recv_encrypted_header_extension_ids_);
88 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) {
84 return false; 89 return false;
90 }
85 91
86 state_ = ST_ACTIVE; 92 state_ = ST_ACTIVE;
87 93
88 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" 94 LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
89 << " send cipher_suite " << send_cs 95 << " send cipher_suite " << send_cs
90 << " recv cipher_suite " << recv_cs; 96 << " recv cipher_suite " << recv_cs;
91 return true; 97 return true;
92 } 98 }
93 99
100 bool SrtpFilter::UpdateRtpParams(int send_cs,
101 const uint8_t* send_key,
102 int send_key_len,
103 int recv_cs,
104 const uint8_t* recv_key,
105 int recv_key_len) {
106 if (!IsActive()) {
107 LOG(LS_ERROR) << "Tried to update SRTP Params when filter is not active";
108 return false;
109 }
110 send_session_->SetEncryptedHeaderExtensionIds(
111 send_encrypted_header_extension_ids_);
112 if (!send_session_->UpdateSend(send_cs, send_key, send_key_len)) {
113 return false;
114 }
115
116 recv_session_->SetEncryptedHeaderExtensionIds(
117 recv_encrypted_header_extension_ids_);
118 if (!recv_session_->UpdateRecv(recv_cs, recv_key, recv_key_len)) {
119 return false;
120 }
121
122 LOG(LS_INFO) << "SRTP updated with negotiated parameters:"
123 << " send cipher_suite " << send_cs
124 << " recv cipher_suite " << recv_cs;
125 return true;
126 }
127
94 // This function is provided separately because DTLS-SRTP behaves 128 // This function is provided separately because DTLS-SRTP behaves
95 // differently in RTP/RTCP mux and non-mux modes. 129 // differently in RTP/RTCP mux and non-mux modes.
96 // 130 //
97 // - In the non-muxed case, RTP and RTCP are keyed with different 131 // - In the non-muxed case, RTP and RTCP are keyed with different
98 // keys (from different DTLS handshakes), and so we need a new 132 // keys (from different DTLS handshakes), and so we need a new
99 // SrtpSession. 133 // SrtpSession.
100 // - In the muxed case, they are keyed with the same keys, so 134 // - In the muxed case, they are keyed with the same keys, so
101 // this function is not needed 135 // this function is not needed
102 bool SrtpFilter::SetRtcpParams(int send_cs, 136 bool SrtpFilter::SetRtcpParams(int send_cs,
103 const uint8_t* send_key, 137 const uint8_t* send_key,
104 int send_key_len, 138 int send_key_len,
105 int recv_cs, 139 int recv_cs,
106 const uint8_t* recv_key, 140 const uint8_t* recv_key,
107 int recv_key_len) { 141 int recv_key_len) {
108 // This can only be called once, but can be safely called after 142 // This can only be called once, but can be safely called after
109 // SetRtpParams 143 // SetRtpParams
110 if (send_rtcp_session_ || recv_rtcp_session_) { 144 if (send_rtcp_session_ || recv_rtcp_session_) {
111 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; 145 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active";
112 return false; 146 return false;
113 } 147 }
114 148
115 send_rtcp_session_.reset(new SrtpSession()); 149 send_rtcp_session_.reset(new SrtpSession());
116 SignalSrtpError.repeat(send_rtcp_session_->SignalSrtpError); 150 SignalSrtpError.repeat(send_rtcp_session_->SignalSrtpError);
117 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_); 151 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_);
118 if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len)) 152 if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len)) {
119 return false; 153 return false;
154 }
120 155
121 recv_rtcp_session_.reset(new SrtpSession()); 156 recv_rtcp_session_.reset(new SrtpSession());
122 SignalSrtpError.repeat(recv_rtcp_session_->SignalSrtpError); 157 SignalSrtpError.repeat(recv_rtcp_session_->SignalSrtpError);
123 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_); 158 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_);
124 if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len)) 159 if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len)) {
125 return false; 160 return false;
161 }
126 162
127 LOG(LS_INFO) << "SRTCP activated with negotiated parameters:" 163 LOG(LS_INFO) << "SRTCP activated with negotiated parameters:"
128 << " send cipher_suite " << send_cs 164 << " send cipher_suite " << send_cs
129 << " recv cipher_suite " << recv_cs; 165 << " recv cipher_suite " << recv_cs;
130 166
131 return true; 167 return true;
132 } 168 }
133 169
134 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { 170 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) {
135 if (!IsActive()) { 171 if (!IsActive()) {
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after
235 send_session_->set_signal_silent_time(signal_silent_time_in_ms); 271 send_session_->set_signal_silent_time(signal_silent_time_in_ms);
236 RTC_CHECK(recv_session_); 272 RTC_CHECK(recv_session_);
237 recv_session_->set_signal_silent_time(signal_silent_time_in_ms); 273 recv_session_->set_signal_silent_time(signal_silent_time_in_ms);
238 if (send_rtcp_session_) 274 if (send_rtcp_session_)
239 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); 275 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms);
240 if (recv_rtcp_session_) 276 if (recv_rtcp_session_)
241 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); 277 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms);
242 } 278 }
243 } 279 }
244 280
281 void SrtpFilter::SetEncryptedHeaderExtensionIds(ContentSource source,
282 const std::vector<int>& extension_ids) {
283 if (source == CS_LOCAL) {
284 send_encrypted_header_extension_ids_ = extension_ids;
285 } else {
286 recv_encrypted_header_extension_ids_ = extension_ids;
287 }
288 }
289
245 bool SrtpFilter::ExpectOffer(ContentSource source) { 290 bool SrtpFilter::ExpectOffer(ContentSource source) {
246 return ((state_ == ST_INIT) || 291 return ((state_ == ST_INIT) ||
247 (state_ == ST_ACTIVE) || 292 (state_ == ST_ACTIVE) ||
248 (state_ == ST_SENTOFFER && source == CS_LOCAL) || 293 (state_ == ST_SENTOFFER && source == CS_LOCAL) ||
249 (state_ == ST_SENTUPDATEDOFFER && source == CS_LOCAL) || 294 (state_ == ST_SENTUPDATEDOFFER && source == CS_LOCAL) ||
250 (state_ == ST_RECEIVEDOFFER && source == CS_REMOTE) || 295 (state_ == ST_RECEIVEDOFFER && source == CS_REMOTE) ||
251 (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_REMOTE)); 296 (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_REMOTE));
252 } 297 }
253 298
254 bool SrtpFilter::StoreParams(const std::vector<CryptoParams>& params, 299 bool SrtpFilter::StoreParams(const std::vector<CryptoParams>& params,
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after
400 // TODO(juberti): Zero these buffers after use. 445 // TODO(juberti): Zero these buffers after use.
401 bool ret; 446 bool ret;
402 rtc::Buffer send_key(send_key_len + send_salt_len); 447 rtc::Buffer send_key(send_key_len + send_salt_len);
403 rtc::Buffer recv_key(recv_key_len + recv_salt_len); 448 rtc::Buffer recv_key(recv_key_len + recv_salt_len);
404 ret = (ParseKeyParams(send_params.key_params, send_key.data(), 449 ret = (ParseKeyParams(send_params.key_params, send_key.data(),
405 send_key.size()) && 450 send_key.size()) &&
406 ParseKeyParams(recv_params.key_params, recv_key.data(), 451 ParseKeyParams(recv_params.key_params, recv_key.data(),
407 recv_key.size())); 452 recv_key.size()));
408 if (ret) { 453 if (ret) {
409 CreateSrtpSessions(); 454 CreateSrtpSessions();
455 send_session_->SetEncryptedHeaderExtensionIds(
456 send_encrypted_header_extension_ids_);
457 recv_session_->SetEncryptedHeaderExtensionIds(
458 recv_encrypted_header_extension_ids_);
410 ret = (send_session_->SetSend( 459 ret = (send_session_->SetSend(
411 rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), 460 rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite),
412 send_key.data(), send_key.size()) && 461 send_key.data(), send_key.size()) &&
413 recv_session_->SetRecv( 462 recv_session_->SetRecv(
414 rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), 463 rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite),
415 recv_key.data(), recv_key.size())); 464 recv_key.data(), recv_key.size()));
416 } 465 }
417 if (ret) { 466 if (ret) {
418 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" 467 LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
419 << " send cipher_suite " << send_params.cipher_suite 468 << " send cipher_suite " << send_params.cipher_suite
420 << " recv cipher_suite " << recv_params.cipher_suite; 469 << " recv cipher_suite " << recv_params.cipher_suite;
421 applied_send_params_ = send_params; 470 applied_send_params_ = send_params;
422 applied_recv_params_ = recv_params; 471 applied_recv_params_ = recv_params;
423 } else { 472 } else {
424 LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters"; 473 LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters";
425 } 474 }
426 return ret; 475 return ret;
427 } 476 }
428 477
429 bool SrtpFilter::ResetParams() { 478 bool SrtpFilter::ResetParams() {
430 offer_params_.clear(); 479 offer_params_.clear();
431 state_ = ST_INIT; 480 state_ = ST_INIT;
432 send_session_ = nullptr; 481 send_session_ = nullptr;
433 recv_session_ = nullptr; 482 recv_session_ = nullptr;
434 send_rtcp_session_ = nullptr; 483 send_rtcp_session_ = nullptr;
435 recv_rtcp_session_ = nullptr; 484 recv_rtcp_session_ = nullptr;
485 send_encrypted_header_extension_ids_.clear();
486 recv_encrypted_header_extension_ids_.clear();
436 LOG(LS_INFO) << "SRTP reset to init state"; 487 LOG(LS_INFO) << "SRTP reset to init state";
437 return true; 488 return true;
438 } 489 }
439 490
440 bool SrtpFilter::ParseKeyParams(const std::string& key_params, 491 bool SrtpFilter::ParseKeyParams(const std::string& key_params,
441 uint8_t* key, 492 uint8_t* key,
442 size_t len) { 493 size_t len) {
443 // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2" 494 // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2"
444 495
445 // Fail if key-method is wrong. 496 // Fail if key-method is wrong.
(...skipping 28 matching lines...) Expand all
474 if (session_) { 525 if (session_) {
475 srtp_set_user_data(session_, nullptr); 526 srtp_set_user_data(session_, nullptr);
476 srtp_dealloc(session_); 527 srtp_dealloc(session_);
477 } 528 }
478 } 529 }
479 530
480 bool SrtpSession::SetSend(int cs, const uint8_t* key, size_t len) { 531 bool SrtpSession::SetSend(int cs, const uint8_t* key, size_t len) {
481 return SetKey(ssrc_any_outbound, cs, key, len); 532 return SetKey(ssrc_any_outbound, cs, key, len);
482 } 533 }
483 534
535 bool SrtpSession::UpdateSend(int cs, const uint8_t* key, size_t len) {
536 return UpdateKey(ssrc_any_outbound, cs, key, len);
537 }
538
484 bool SrtpSession::SetRecv(int cs, const uint8_t* key, size_t len) { 539 bool SrtpSession::SetRecv(int cs, const uint8_t* key, size_t len) {
485 return SetKey(ssrc_any_inbound, cs, key, len); 540 return SetKey(ssrc_any_inbound, cs, key, len);
486 } 541 }
487 542
543 bool SrtpSession::UpdateRecv(int cs, const uint8_t* key, size_t len) {
544 return UpdateKey(ssrc_any_inbound, cs, key, len);
545 }
546
488 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { 547 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) {
489 RTC_DCHECK(thread_checker_.CalledOnValidThread()); 548 RTC_DCHECK(thread_checker_.CalledOnValidThread());
490 if (!session_) { 549 if (!session_) {
491 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; 550 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session";
492 return false; 551 return false;
493 } 552 }
494 553
495 int need_len = in_len + rtp_auth_tag_len_; // NOLINT 554 int need_len = in_len + rtp_auth_tag_len_; // NOLINT
496 if (max_len < need_len) { 555 if (max_len < need_len) {
497 LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length " 556 LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length "
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after
647 *index = static_cast<int64_t>( 706 *index = static_cast<int64_t>(
648 rtc::NetworkToHost64( 707 rtc::NetworkToHost64(
649 srtp_rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); 708 srtp_rdbx_get_packet_index(&stream->rtp_rdbx) << 16));
650 return true; 709 return true;
651 } 710 }
652 711
653 void SrtpSession::set_signal_silent_time(int signal_silent_time_in_ms) { 712 void SrtpSession::set_signal_silent_time(int signal_silent_time_in_ms) {
654 srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms); 713 srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms);
655 } 714 }
656 715
657 bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) { 716 bool SrtpSession::DoSetKey(int type, int cs, const uint8_t* key, size_t len) {
658 RTC_DCHECK(thread_checker_.CalledOnValidThread()); 717 RTC_DCHECK(thread_checker_.CalledOnValidThread());
659 if (session_) {
660 LOG(LS_ERROR) << "Failed to create SRTP session: "
661 << "SRTP session already created";
662 return false;
663 }
664
665 if (!Init()) {
666 return false;
667 }
668 718
669 srtp_policy_t policy; 719 srtp_policy_t policy;
670 memset(&policy, 0, sizeof(policy)); 720 memset(&policy, 0, sizeof(policy));
671 if (cs == rtc::SRTP_AES128_CM_SHA1_80) { 721 if (cs == rtc::SRTP_AES128_CM_SHA1_80) {
672 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); 722 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
673 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); 723 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
674 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { 724 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {
675 // RTP HMAC is shortened to 32 bits, but RTCP remains 80 bits. 725 // RTP HMAC is shortened to 32 bits, but RTCP remains 80 bits.
676 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); 726 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
677 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); 727 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
678 } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) { 728 } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) {
679 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); 729 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
680 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); 730 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
681 } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) { 731 } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) {
682 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp); 732 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
683 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp); 733 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
684 } else { 734 } else {
685 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" 735 LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create")
686 << " cipher_suite " << cs; 736 << " SRTP session: unsupported cipher_suite " << cs;
687 return false; 737 return false;
688 } 738 }
689 739
690 int expected_key_len; 740 int expected_key_len;
691 int expected_salt_len; 741 int expected_salt_len;
692 if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len, 742 if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len,
693 &expected_salt_len)) { 743 &expected_salt_len)) {
694 // This should never happen. 744 // This should never happen.
695 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" 745 LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create")
696 << " cipher_suite without length information" << cs; 746 << " SRTP session: unsupported cipher_suite without length information"
747 << cs;
697 return false; 748 return false;
698 } 749 }
699 750
700 if (!key || 751 if (!key ||
701 len != static_cast<size_t>(expected_key_len + expected_salt_len)) { 752 len != static_cast<size_t>(expected_key_len + expected_salt_len)) {
702 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key"; 753 LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create")
754 << " SRTP session: invalid key";
703 return false; 755 return false;
704 } 756 }
705 757
706 policy.ssrc.type = static_cast<srtp_ssrc_type_t>(type); 758 policy.ssrc.type = static_cast<srtp_ssrc_type_t>(type);
707 policy.ssrc.value = 0; 759 policy.ssrc.value = 0;
708 policy.key = const_cast<uint8_t*>(key); 760 policy.key = const_cast<uint8_t*>(key);
709 // TODO(astor) parse window size from WSH session-param 761 // TODO(astor) parse window size from WSH session-param
710 policy.window_size = 1024; 762 policy.window_size = 1024;
711 policy.allow_repeat_tx = 1; 763 policy.allow_repeat_tx = 1;
712 // If external authentication option is enabled, supply custom auth module 764 // If external authentication option is enabled, supply custom auth module
713 // id EXTERNAL_HMAC_SHA1 in the policy structure. 765 // id EXTERNAL_HMAC_SHA1 in the policy structure.
714 // We want to set this option only for rtp packets. 766 // We want to set this option only for rtp packets.
715 // By default policy structure is initialized to HMAC_SHA1. 767 // By default policy structure is initialized to HMAC_SHA1.
716 // Enable external HMAC authentication only for outgoing streams and only 768 // Enable external HMAC authentication only for outgoing streams and only
717 // for cipher suites that support it (i.e. only non-GCM cipher suites). 769 // for cipher suites that support it (i.e. only non-GCM cipher suites).
718 if (type == ssrc_any_outbound && IsExternalAuthEnabled() && 770 if (type == ssrc_any_outbound && IsExternalAuthEnabled() &&
719 !rtc::IsGcmCryptoSuite(cs)) { 771 !rtc::IsGcmCryptoSuite(cs)) {
720 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; 772 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1;
721 } 773 }
774 if (!encrypted_header_extension_ids_.empty()) {
775 policy.enc_xtn_hdr = const_cast<int*>(&encrypted_header_extension_ids_[0]);
776 policy.enc_xtn_hdr_count = encrypted_header_extension_ids_.size();
777 }
722 policy.next = nullptr; 778 policy.next = nullptr;
723 779
724 int err = srtp_create(&session_, &policy); 780 if (!session_) {
725 if (err != srtp_err_status_ok) { 781 int err = srtp_create(&session_, &policy);
726 session_ = nullptr; 782 if (err != srtp_err_status_ok) {
727 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err; 783 session_ = nullptr;
728 return false; 784 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err;
785 return false;
786 }
787 srtp_set_user_data(session_, this);
788 } else {
789 int err = srtp_update(session_, &policy);
790 if (err != srtp_err_status_ok) {
791 LOG(LS_ERROR) << "Failed to update SRTP session, err=" << err;
792 return false;
793 }
729 } 794 }
730 795
731 srtp_set_user_data(session_, this);
732 rtp_auth_tag_len_ = policy.rtp.auth_tag_len; 796 rtp_auth_tag_len_ = policy.rtp.auth_tag_len;
733 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; 797 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len;
734 external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1); 798 external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1);
735 return true; 799 return true;
736 } 800 }
737 801
802 bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) {
803 RTC_DCHECK(thread_checker_.CalledOnValidThread());
804 if (session_) {
805 LOG(LS_ERROR) << "Failed to create SRTP session: "
806 << "SRTP session already created";
807 return false;
808 }
809
810 if (!Init()) {
811 return false;
812 }
813
814 return DoSetKey(type, cs, key, len);
815 }
816
817 bool SrtpSession::UpdateKey(int type, int cs, const uint8_t* key, size_t len) {
818 RTC_DCHECK(thread_checker_.CalledOnValidThread());
819 if (!session_) {
820 LOG(LS_ERROR) << "Failed to update non-existing SRTP session";
821 return false;
822 }
823
824 return DoSetKey(type, cs, key, len);
825 }
826
827 void SrtpSession::SetEncryptedHeaderExtensionIds(
828 const std::vector<int>& encrypted_header_extension_ids) {
829 RTC_DCHECK(thread_checker_.CalledOnValidThread());
830 encrypted_header_extension_ids_ = encrypted_header_extension_ids;
831 }
832
738 bool SrtpSession::Init() { 833 bool SrtpSession::Init() {
739 rtc::GlobalLockScope ls(&lock_); 834 rtc::GlobalLockScope ls(&lock_);
740 835
741 if (!inited_) { 836 if (!inited_) {
742 int err; 837 int err;
743 err = srtp_init(); 838 err = srtp_init();
744 if (err != srtp_err_status_ok) { 839 if (err != srtp_err_status_ok) {
745 LOG(LS_ERROR) << "Failed to init SRTP, err=" << err; 840 LOG(LS_ERROR) << "Failed to init SRTP, err=" << err;
746 return false; 841 return false;
747 } 842 }
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after
871 if (stat->last_signal_time == 0 || 966 if (stat->last_signal_time == 0 ||
872 rtc::TimeDiff(current_time, stat->last_signal_time) > 967 rtc::TimeDiff(current_time, stat->last_signal_time) >
873 signal_silent_time_) { 968 signal_silent_time_) {
874 SignalSrtpError(key.ssrc, key.mode, key.error); 969 SignalSrtpError(key.ssrc, key.mode, key.error);
875 stat->last_signal_time = current_time; 970 stat->last_signal_time = current_time;
876 } 971 }
877 } 972 }
878 } 973 }
879 974
880 } // namespace cricket 975 } // namespace cricket
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698