| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2009 The WebRTC project authors. All Rights Reserved. | 2 * Copyright 2009 The WebRTC project authors. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 70 const uint8_t* send_key, | 70 const uint8_t* send_key, |
| 71 int send_key_len, | 71 int send_key_len, |
| 72 int recv_cs, | 72 int recv_cs, |
| 73 const uint8_t* recv_key, | 73 const uint8_t* recv_key, |
| 74 int recv_key_len) { | 74 int recv_key_len) { |
| 75 if (IsActive()) { | 75 if (IsActive()) { |
| 76 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active"; | 76 LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active"; |
| 77 return false; | 77 return false; |
| 78 } | 78 } |
| 79 CreateSrtpSessions(); | 79 CreateSrtpSessions(); |
| 80 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) | 80 send_session_->SetEncryptedHeaderExtensionIds( |
| 81 send_encrypted_header_extension_ids_); |
| 82 if (!send_session_->SetSend(send_cs, send_key, send_key_len)) { |
| 81 return false; | 83 return false; |
| 84 } |
| 82 | 85 |
| 83 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) | 86 recv_session_->SetEncryptedHeaderExtensionIds( |
| 87 recv_encrypted_header_extension_ids_); |
| 88 if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) { |
| 84 return false; | 89 return false; |
| 90 } |
| 85 | 91 |
| 86 state_ = ST_ACTIVE; | 92 state_ = ST_ACTIVE; |
| 87 | 93 |
| 88 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" | 94 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" |
| 89 << " send cipher_suite " << send_cs | 95 << " send cipher_suite " << send_cs |
| 90 << " recv cipher_suite " << recv_cs; | 96 << " recv cipher_suite " << recv_cs; |
| 91 return true; | 97 return true; |
| 92 } | 98 } |
| 93 | 99 |
| 100 bool SrtpFilter::UpdateRtpParams(int send_cs, |
| 101 const uint8_t* send_key, |
| 102 int send_key_len, |
| 103 int recv_cs, |
| 104 const uint8_t* recv_key, |
| 105 int recv_key_len) { |
| 106 if (!IsActive()) { |
| 107 LOG(LS_ERROR) << "Tried to update SRTP Params when filter is not active"; |
| 108 return false; |
| 109 } |
| 110 send_session_->SetEncryptedHeaderExtensionIds( |
| 111 send_encrypted_header_extension_ids_); |
| 112 if (!send_session_->UpdateSend(send_cs, send_key, send_key_len)) { |
| 113 return false; |
| 114 } |
| 115 |
| 116 recv_session_->SetEncryptedHeaderExtensionIds( |
| 117 recv_encrypted_header_extension_ids_); |
| 118 if (!recv_session_->UpdateRecv(recv_cs, recv_key, recv_key_len)) { |
| 119 return false; |
| 120 } |
| 121 |
| 122 LOG(LS_INFO) << "SRTP updated with negotiated parameters:" |
| 123 << " send cipher_suite " << send_cs |
| 124 << " recv cipher_suite " << recv_cs; |
| 125 return true; |
| 126 } |
| 127 |
| 94 // This function is provided separately because DTLS-SRTP behaves | 128 // This function is provided separately because DTLS-SRTP behaves |
| 95 // differently in RTP/RTCP mux and non-mux modes. | 129 // differently in RTP/RTCP mux and non-mux modes. |
| 96 // | 130 // |
| 97 // - In the non-muxed case, RTP and RTCP are keyed with different | 131 // - In the non-muxed case, RTP and RTCP are keyed with different |
| 98 // keys (from different DTLS handshakes), and so we need a new | 132 // keys (from different DTLS handshakes), and so we need a new |
| 99 // SrtpSession. | 133 // SrtpSession. |
| 100 // - In the muxed case, they are keyed with the same keys, so | 134 // - In the muxed case, they are keyed with the same keys, so |
| 101 // this function is not needed | 135 // this function is not needed |
| 102 bool SrtpFilter::SetRtcpParams(int send_cs, | 136 bool SrtpFilter::SetRtcpParams(int send_cs, |
| 103 const uint8_t* send_key, | 137 const uint8_t* send_key, |
| 104 int send_key_len, | 138 int send_key_len, |
| 105 int recv_cs, | 139 int recv_cs, |
| 106 const uint8_t* recv_key, | 140 const uint8_t* recv_key, |
| 107 int recv_key_len) { | 141 int recv_key_len) { |
| 108 // This can only be called once, but can be safely called after | 142 // This can only be called once, but can be safely called after |
| 109 // SetRtpParams | 143 // SetRtpParams |
| 110 if (send_rtcp_session_ || recv_rtcp_session_) { | 144 if (send_rtcp_session_ || recv_rtcp_session_) { |
| 111 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; | 145 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; |
| 112 return false; | 146 return false; |
| 113 } | 147 } |
| 114 | 148 |
| 115 send_rtcp_session_.reset(new SrtpSession()); | 149 send_rtcp_session_.reset(new SrtpSession()); |
| 116 SignalSrtpError.repeat(send_rtcp_session_->SignalSrtpError); | 150 SignalSrtpError.repeat(send_rtcp_session_->SignalSrtpError); |
| 117 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_); | 151 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_); |
| 118 if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len)) | 152 if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len)) { |
| 119 return false; | 153 return false; |
| 154 } |
| 120 | 155 |
| 121 recv_rtcp_session_.reset(new SrtpSession()); | 156 recv_rtcp_session_.reset(new SrtpSession()); |
| 122 SignalSrtpError.repeat(recv_rtcp_session_->SignalSrtpError); | 157 SignalSrtpError.repeat(recv_rtcp_session_->SignalSrtpError); |
| 123 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_); | 158 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_); |
| 124 if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len)) | 159 if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len)) { |
| 125 return false; | 160 return false; |
| 161 } |
| 126 | 162 |
| 127 LOG(LS_INFO) << "SRTCP activated with negotiated parameters:" | 163 LOG(LS_INFO) << "SRTCP activated with negotiated parameters:" |
| 128 << " send cipher_suite " << send_cs | 164 << " send cipher_suite " << send_cs |
| 129 << " recv cipher_suite " << recv_cs; | 165 << " recv cipher_suite " << recv_cs; |
| 130 | 166 |
| 131 return true; | 167 return true; |
| 132 } | 168 } |
| 133 | 169 |
| 134 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { | 170 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { |
| 135 if (!IsActive()) { | 171 if (!IsActive()) { |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 235 send_session_->set_signal_silent_time(signal_silent_time_in_ms); | 271 send_session_->set_signal_silent_time(signal_silent_time_in_ms); |
| 236 RTC_CHECK(recv_session_); | 272 RTC_CHECK(recv_session_); |
| 237 recv_session_->set_signal_silent_time(signal_silent_time_in_ms); | 273 recv_session_->set_signal_silent_time(signal_silent_time_in_ms); |
| 238 if (send_rtcp_session_) | 274 if (send_rtcp_session_) |
| 239 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); | 275 send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); |
| 240 if (recv_rtcp_session_) | 276 if (recv_rtcp_session_) |
| 241 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); | 277 recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms); |
| 242 } | 278 } |
| 243 } | 279 } |
| 244 | 280 |
| 281 void SrtpFilter::SetEncryptedHeaderExtensionIds(ContentSource source, |
| 282 const std::vector<int>& extension_ids) { |
| 283 if (source == CS_LOCAL) { |
| 284 send_encrypted_header_extension_ids_ = extension_ids; |
| 285 } else { |
| 286 recv_encrypted_header_extension_ids_ = extension_ids; |
| 287 } |
| 288 } |
| 289 |
| 245 bool SrtpFilter::ExpectOffer(ContentSource source) { | 290 bool SrtpFilter::ExpectOffer(ContentSource source) { |
| 246 return ((state_ == ST_INIT) || | 291 return ((state_ == ST_INIT) || |
| 247 (state_ == ST_ACTIVE) || | 292 (state_ == ST_ACTIVE) || |
| 248 (state_ == ST_SENTOFFER && source == CS_LOCAL) || | 293 (state_ == ST_SENTOFFER && source == CS_LOCAL) || |
| 249 (state_ == ST_SENTUPDATEDOFFER && source == CS_LOCAL) || | 294 (state_ == ST_SENTUPDATEDOFFER && source == CS_LOCAL) || |
| 250 (state_ == ST_RECEIVEDOFFER && source == CS_REMOTE) || | 295 (state_ == ST_RECEIVEDOFFER && source == CS_REMOTE) || |
| 251 (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_REMOTE)); | 296 (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_REMOTE)); |
| 252 } | 297 } |
| 253 | 298 |
| 254 bool SrtpFilter::StoreParams(const std::vector<CryptoParams>& params, | 299 bool SrtpFilter::StoreParams(const std::vector<CryptoParams>& params, |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 400 // TODO(juberti): Zero these buffers after use. | 445 // TODO(juberti): Zero these buffers after use. |
| 401 bool ret; | 446 bool ret; |
| 402 rtc::Buffer send_key(send_key_len + send_salt_len); | 447 rtc::Buffer send_key(send_key_len + send_salt_len); |
| 403 rtc::Buffer recv_key(recv_key_len + recv_salt_len); | 448 rtc::Buffer recv_key(recv_key_len + recv_salt_len); |
| 404 ret = (ParseKeyParams(send_params.key_params, send_key.data(), | 449 ret = (ParseKeyParams(send_params.key_params, send_key.data(), |
| 405 send_key.size()) && | 450 send_key.size()) && |
| 406 ParseKeyParams(recv_params.key_params, recv_key.data(), | 451 ParseKeyParams(recv_params.key_params, recv_key.data(), |
| 407 recv_key.size())); | 452 recv_key.size())); |
| 408 if (ret) { | 453 if (ret) { |
| 409 CreateSrtpSessions(); | 454 CreateSrtpSessions(); |
| 455 send_session_->SetEncryptedHeaderExtensionIds( |
| 456 send_encrypted_header_extension_ids_); |
| 457 recv_session_->SetEncryptedHeaderExtensionIds( |
| 458 recv_encrypted_header_extension_ids_); |
| 410 ret = (send_session_->SetSend( | 459 ret = (send_session_->SetSend( |
| 411 rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), | 460 rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), |
| 412 send_key.data(), send_key.size()) && | 461 send_key.data(), send_key.size()) && |
| 413 recv_session_->SetRecv( | 462 recv_session_->SetRecv( |
| 414 rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), | 463 rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), |
| 415 recv_key.data(), recv_key.size())); | 464 recv_key.data(), recv_key.size())); |
| 416 } | 465 } |
| 417 if (ret) { | 466 if (ret) { |
| 418 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" | 467 LOG(LS_INFO) << "SRTP activated with negotiated parameters:" |
| 419 << " send cipher_suite " << send_params.cipher_suite | 468 << " send cipher_suite " << send_params.cipher_suite |
| 420 << " recv cipher_suite " << recv_params.cipher_suite; | 469 << " recv cipher_suite " << recv_params.cipher_suite; |
| 421 applied_send_params_ = send_params; | 470 applied_send_params_ = send_params; |
| 422 applied_recv_params_ = recv_params; | 471 applied_recv_params_ = recv_params; |
| 423 } else { | 472 } else { |
| 424 LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters"; | 473 LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters"; |
| 425 } | 474 } |
| 426 return ret; | 475 return ret; |
| 427 } | 476 } |
| 428 | 477 |
| 429 bool SrtpFilter::ResetParams() { | 478 bool SrtpFilter::ResetParams() { |
| 430 offer_params_.clear(); | 479 offer_params_.clear(); |
| 431 state_ = ST_INIT; | 480 state_ = ST_INIT; |
| 432 send_session_ = nullptr; | 481 send_session_ = nullptr; |
| 433 recv_session_ = nullptr; | 482 recv_session_ = nullptr; |
| 434 send_rtcp_session_ = nullptr; | 483 send_rtcp_session_ = nullptr; |
| 435 recv_rtcp_session_ = nullptr; | 484 recv_rtcp_session_ = nullptr; |
| 485 send_encrypted_header_extension_ids_.clear(); |
| 486 recv_encrypted_header_extension_ids_.clear(); |
| 436 LOG(LS_INFO) << "SRTP reset to init state"; | 487 LOG(LS_INFO) << "SRTP reset to init state"; |
| 437 return true; | 488 return true; |
| 438 } | 489 } |
| 439 | 490 |
| 440 bool SrtpFilter::ParseKeyParams(const std::string& key_params, | 491 bool SrtpFilter::ParseKeyParams(const std::string& key_params, |
| 441 uint8_t* key, | 492 uint8_t* key, |
| 442 size_t len) { | 493 size_t len) { |
| 443 // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2" | 494 // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2" |
| 444 | 495 |
| 445 // Fail if key-method is wrong. | 496 // Fail if key-method is wrong. |
| (...skipping 28 matching lines...) Expand all Loading... |
| 474 if (session_) { | 525 if (session_) { |
| 475 srtp_set_user_data(session_, nullptr); | 526 srtp_set_user_data(session_, nullptr); |
| 476 srtp_dealloc(session_); | 527 srtp_dealloc(session_); |
| 477 } | 528 } |
| 478 } | 529 } |
| 479 | 530 |
| 480 bool SrtpSession::SetSend(int cs, const uint8_t* key, size_t len) { | 531 bool SrtpSession::SetSend(int cs, const uint8_t* key, size_t len) { |
| 481 return SetKey(ssrc_any_outbound, cs, key, len); | 532 return SetKey(ssrc_any_outbound, cs, key, len); |
| 482 } | 533 } |
| 483 | 534 |
| 535 bool SrtpSession::UpdateSend(int cs, const uint8_t* key, size_t len) { |
| 536 return UpdateKey(ssrc_any_outbound, cs, key, len); |
| 537 } |
| 538 |
| 484 bool SrtpSession::SetRecv(int cs, const uint8_t* key, size_t len) { | 539 bool SrtpSession::SetRecv(int cs, const uint8_t* key, size_t len) { |
| 485 return SetKey(ssrc_any_inbound, cs, key, len); | 540 return SetKey(ssrc_any_inbound, cs, key, len); |
| 486 } | 541 } |
| 487 | 542 |
| 543 bool SrtpSession::UpdateRecv(int cs, const uint8_t* key, size_t len) { |
| 544 return UpdateKey(ssrc_any_inbound, cs, key, len); |
| 545 } |
| 546 |
| 488 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { | 547 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { |
| 489 RTC_DCHECK(thread_checker_.CalledOnValidThread()); | 548 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 490 if (!session_) { | 549 if (!session_) { |
| 491 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; | 550 LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; |
| 492 return false; | 551 return false; |
| 493 } | 552 } |
| 494 | 553 |
| 495 int need_len = in_len + rtp_auth_tag_len_; // NOLINT | 554 int need_len = in_len + rtp_auth_tag_len_; // NOLINT |
| 496 if (max_len < need_len) { | 555 if (max_len < need_len) { |
| 497 LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length " | 556 LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length " |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 647 *index = static_cast<int64_t>( | 706 *index = static_cast<int64_t>( |
| 648 rtc::NetworkToHost64( | 707 rtc::NetworkToHost64( |
| 649 srtp_rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); | 708 srtp_rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); |
| 650 return true; | 709 return true; |
| 651 } | 710 } |
| 652 | 711 |
| 653 void SrtpSession::set_signal_silent_time(int signal_silent_time_in_ms) { | 712 void SrtpSession::set_signal_silent_time(int signal_silent_time_in_ms) { |
| 654 srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms); | 713 srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms); |
| 655 } | 714 } |
| 656 | 715 |
| 657 bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) { | 716 bool SrtpSession::DoSetKey(int type, int cs, const uint8_t* key, size_t len) { |
| 658 RTC_DCHECK(thread_checker_.CalledOnValidThread()); | 717 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 659 if (session_) { | |
| 660 LOG(LS_ERROR) << "Failed to create SRTP session: " | |
| 661 << "SRTP session already created"; | |
| 662 return false; | |
| 663 } | |
| 664 | |
| 665 if (!Init()) { | |
| 666 return false; | |
| 667 } | |
| 668 | 718 |
| 669 srtp_policy_t policy; | 719 srtp_policy_t policy; |
| 670 memset(&policy, 0, sizeof(policy)); | 720 memset(&policy, 0, sizeof(policy)); |
| 671 if (cs == rtc::SRTP_AES128_CM_SHA1_80) { | 721 if (cs == rtc::SRTP_AES128_CM_SHA1_80) { |
| 672 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); | 722 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); |
| 673 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); | 723 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); |
| 674 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { | 724 } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { |
| 675 // RTP HMAC is shortened to 32 bits, but RTCP remains 80 bits. | 725 // RTP HMAC is shortened to 32 bits, but RTCP remains 80 bits. |
| 676 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); | 726 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); |
| 677 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); | 727 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); |
| 678 } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) { | 728 } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) { |
| 679 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); | 729 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); |
| 680 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); | 730 srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); |
| 681 } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) { | 731 } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) { |
| 682 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp); | 732 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp); |
| 683 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp); | 733 srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp); |
| 684 } else { | 734 } else { |
| 685 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" | 735 LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create") |
| 686 << " cipher_suite " << cs; | 736 << " SRTP session: unsupported cipher_suite " << cs; |
| 687 return false; | 737 return false; |
| 688 } | 738 } |
| 689 | 739 |
| 690 int expected_key_len; | 740 int expected_key_len; |
| 691 int expected_salt_len; | 741 int expected_salt_len; |
| 692 if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len, | 742 if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len, |
| 693 &expected_salt_len)) { | 743 &expected_salt_len)) { |
| 694 // This should never happen. | 744 // This should never happen. |
| 695 LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" | 745 LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create") |
| 696 << " cipher_suite without length information" << cs; | 746 << " SRTP session: unsupported cipher_suite without length information" |
| 747 << cs; |
| 697 return false; | 748 return false; |
| 698 } | 749 } |
| 699 | 750 |
| 700 if (!key || | 751 if (!key || |
| 701 len != static_cast<size_t>(expected_key_len + expected_salt_len)) { | 752 len != static_cast<size_t>(expected_key_len + expected_salt_len)) { |
| 702 LOG(LS_WARNING) << "Failed to create SRTP session: invalid key"; | 753 LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create") |
| 754 << " SRTP session: invalid key"; |
| 703 return false; | 755 return false; |
| 704 } | 756 } |
| 705 | 757 |
| 706 policy.ssrc.type = static_cast<srtp_ssrc_type_t>(type); | 758 policy.ssrc.type = static_cast<srtp_ssrc_type_t>(type); |
| 707 policy.ssrc.value = 0; | 759 policy.ssrc.value = 0; |
| 708 policy.key = const_cast<uint8_t*>(key); | 760 policy.key = const_cast<uint8_t*>(key); |
| 709 // TODO(astor) parse window size from WSH session-param | 761 // TODO(astor) parse window size from WSH session-param |
| 710 policy.window_size = 1024; | 762 policy.window_size = 1024; |
| 711 policy.allow_repeat_tx = 1; | 763 policy.allow_repeat_tx = 1; |
| 712 // If external authentication option is enabled, supply custom auth module | 764 // If external authentication option is enabled, supply custom auth module |
| 713 // id EXTERNAL_HMAC_SHA1 in the policy structure. | 765 // id EXTERNAL_HMAC_SHA1 in the policy structure. |
| 714 // We want to set this option only for rtp packets. | 766 // We want to set this option only for rtp packets. |
| 715 // By default policy structure is initialized to HMAC_SHA1. | 767 // By default policy structure is initialized to HMAC_SHA1. |
| 716 // Enable external HMAC authentication only for outgoing streams and only | 768 // Enable external HMAC authentication only for outgoing streams and only |
| 717 // for cipher suites that support it (i.e. only non-GCM cipher suites). | 769 // for cipher suites that support it (i.e. only non-GCM cipher suites). |
| 718 if (type == ssrc_any_outbound && IsExternalAuthEnabled() && | 770 if (type == ssrc_any_outbound && IsExternalAuthEnabled() && |
| 719 !rtc::IsGcmCryptoSuite(cs)) { | 771 !rtc::IsGcmCryptoSuite(cs)) { |
| 720 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; | 772 policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; |
| 721 } | 773 } |
| 774 if (!encrypted_header_extension_ids_.empty()) { |
| 775 policy.enc_xtn_hdr = const_cast<int*>(&encrypted_header_extension_ids_[0]); |
| 776 policy.enc_xtn_hdr_count = encrypted_header_extension_ids_.size(); |
| 777 } |
| 722 policy.next = nullptr; | 778 policy.next = nullptr; |
| 723 | 779 |
| 724 int err = srtp_create(&session_, &policy); | 780 if (!session_) { |
| 725 if (err != srtp_err_status_ok) { | 781 int err = srtp_create(&session_, &policy); |
| 726 session_ = nullptr; | 782 if (err != srtp_err_status_ok) { |
| 727 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err; | 783 session_ = nullptr; |
| 728 return false; | 784 LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err; |
| 785 return false; |
| 786 } |
| 787 srtp_set_user_data(session_, this); |
| 788 } else { |
| 789 int err = srtp_update(session_, &policy); |
| 790 if (err != srtp_err_status_ok) { |
| 791 LOG(LS_ERROR) << "Failed to update SRTP session, err=" << err; |
| 792 return false; |
| 793 } |
| 729 } | 794 } |
| 730 | 795 |
| 731 srtp_set_user_data(session_, this); | |
| 732 rtp_auth_tag_len_ = policy.rtp.auth_tag_len; | 796 rtp_auth_tag_len_ = policy.rtp.auth_tag_len; |
| 733 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; | 797 rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; |
| 734 external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1); | 798 external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1); |
| 735 return true; | 799 return true; |
| 736 } | 800 } |
| 737 | 801 |
| 802 bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) { |
| 803 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 804 if (session_) { |
| 805 LOG(LS_ERROR) << "Failed to create SRTP session: " |
| 806 << "SRTP session already created"; |
| 807 return false; |
| 808 } |
| 809 |
| 810 if (!Init()) { |
| 811 return false; |
| 812 } |
| 813 |
| 814 return DoSetKey(type, cs, key, len); |
| 815 } |
| 816 |
| 817 bool SrtpSession::UpdateKey(int type, int cs, const uint8_t* key, size_t len) { |
| 818 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 819 if (!session_) { |
| 820 LOG(LS_ERROR) << "Failed to update non-existing SRTP session"; |
| 821 return false; |
| 822 } |
| 823 |
| 824 return DoSetKey(type, cs, key, len); |
| 825 } |
| 826 |
| 827 void SrtpSession::SetEncryptedHeaderExtensionIds( |
| 828 const std::vector<int>& encrypted_header_extension_ids) { |
| 829 RTC_DCHECK(thread_checker_.CalledOnValidThread()); |
| 830 encrypted_header_extension_ids_ = encrypted_header_extension_ids; |
| 831 } |
| 832 |
| 738 bool SrtpSession::Init() { | 833 bool SrtpSession::Init() { |
| 739 rtc::GlobalLockScope ls(&lock_); | 834 rtc::GlobalLockScope ls(&lock_); |
| 740 | 835 |
| 741 if (!inited_) { | 836 if (!inited_) { |
| 742 int err; | 837 int err; |
| 743 err = srtp_init(); | 838 err = srtp_init(); |
| 744 if (err != srtp_err_status_ok) { | 839 if (err != srtp_err_status_ok) { |
| 745 LOG(LS_ERROR) << "Failed to init SRTP, err=" << err; | 840 LOG(LS_ERROR) << "Failed to init SRTP, err=" << err; |
| 746 return false; | 841 return false; |
| 747 } | 842 } |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 871 if (stat->last_signal_time == 0 || | 966 if (stat->last_signal_time == 0 || |
| 872 rtc::TimeDiff(current_time, stat->last_signal_time) > | 967 rtc::TimeDiff(current_time, stat->last_signal_time) > |
| 873 signal_silent_time_) { | 968 signal_silent_time_) { |
| 874 SignalSrtpError(key.ssrc, key.mode, key.error); | 969 SignalSrtpError(key.ssrc, key.mode, key.error); |
| 875 stat->last_signal_time = current_time; | 970 stat->last_signal_time = current_time; |
| 876 } | 971 } |
| 877 } | 972 } |
| 878 } | 973 } |
| 879 | 974 |
| 880 } // namespace cricket | 975 } // namespace cricket |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2761143002:
Support encrypted RTP extensions (RFC 6904) (Closed)
