Support encrypted RTP extensions (RFC 6904)

webrtc/pc/srtpfilter.cc

 /*
  *  Copyright 2009 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 59 matching lines @@
                               const uint8_t* send_key,
                               int send_key_len,
                               int recv_cs,
                               const uint8_t* recv_key,
                               int recv_key_len) {
   if (IsActive()) {
     LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active";
     return false;
   }
   CreateSrtpSessions();
-  if (!send_session_->SetSend(send_cs, send_key, send_key_len))
+  send_session_->SetEncryptedHeaderExtensionIds(
+      send_encrypted_header_extension_ids_);
+  if (!send_session_->SetSend(send_cs, send_key, send_key_len)) {
     return false;
+  }
 
-  if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len))
+  recv_session_->SetEncryptedHeaderExtensionIds(
+      recv_encrypted_header_extension_ids_);
+  if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) {
     return false;
+  }
 
   state_ = ST_ACTIVE;
 
   LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
                << " send cipher_suite " << send_cs
                << " recv cipher_suite " << recv_cs;
   return true;
 }
 
+bool SrtpFilter::UpdateRtpParams(int send_cs,
+                                 const uint8_t* send_key,
+                                 int send_key_len,
+                                 int recv_cs,
+                                 const uint8_t* recv_key,
+                                 int recv_key_len) {
+  if (!IsActive()) {
+    LOG(LS_ERROR) << "Tried to update SRTP Params when filter is not active";
+    return false;
+  }
+  send_session_->SetEncryptedHeaderExtensionIds(
+      send_encrypted_header_extension_ids_);
+  if (!send_session_->UpdateSend(send_cs, send_key, send_key_len)) {
+    return false;
+  }
+
+  recv_session_->SetEncryptedHeaderExtensionIds(
+      recv_encrypted_header_extension_ids_);
+  if (!recv_session_->UpdateRecv(recv_cs, recv_key, recv_key_len)) {
+    return false;
+  }
+
+  LOG(LS_INFO) << "SRTP updated with negotiated parameters:"
+               << " send cipher_suite " << send_cs
+               << " recv cipher_suite " << recv_cs;
+  return true;
+}
+
 // This function is provided separately because DTLS-SRTP behaves
 // differently in RTP/RTCP mux and non-mux modes.
 //
 // - In the non-muxed case, RTP and RTCP are keyed with different
 //   keys (from different DTLS handshakes), and so we need a new
 //   SrtpSession.
 // - In the muxed case, they are keyed with the same keys, so
 //   this function is not needed
 bool SrtpFilter::SetRtcpParams(int send_cs,
                                const uint8_t* send_key,
                                int send_key_len,
                                int recv_cs,
                                const uint8_t* recv_key,
                                int recv_key_len) {
   // This can only be called once, but can be safely called after
   // SetRtpParams
   if (send_rtcp_session_ || recv_rtcp_session_) {
     LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active";
     return false;
   }
 
   send_rtcp_session_.reset(new SrtpSession());
   SignalSrtpError.repeat(send_rtcp_session_->SignalSrtpError);
   send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_);
-  if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len))
+  if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len)) {
     return false;
+  }
 
   recv_rtcp_session_.reset(new SrtpSession());
   SignalSrtpError.repeat(recv_rtcp_session_->SignalSrtpError);
   recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_);
-  if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len))
+  if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len)) {
     return false;
+  }
 
   LOG(LS_INFO) << "SRTCP activated with negotiated parameters:"
                << " send cipher_suite " << send_cs
                << " recv cipher_suite " << recv_cs;
 
   return true;
 }
 
 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) {
   if (!IsActive()) {
@@ skipping 99 matching lines @@
     send_session_->set_signal_silent_time(signal_silent_time_in_ms);
     RTC_CHECK(recv_session_);
     recv_session_->set_signal_silent_time(signal_silent_time_in_ms);
     if (send_rtcp_session_)
       send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms);
     if (recv_rtcp_session_)
       recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms);
   }
 }
 
+void SrtpFilter::SetEncryptedHeaderExtensionIds(ContentSource source,
+    const std::vector<int>& extension_ids) {
+  if (source == CS_LOCAL) {
+    send_encrypted_header_extension_ids_ = extension_ids;
+  } else {
+    recv_encrypted_header_extension_ids_ = extension_ids;
+  }
+}
+
 bool SrtpFilter::ExpectOffer(ContentSource source) {
   return ((state_ == ST_INIT) ||
           (state_ == ST_ACTIVE) ||
           (state_  == ST_SENTOFFER && source == CS_LOCAL) ||
           (state_  == ST_SENTUPDATEDOFFER && source == CS_LOCAL) ||
           (state_ == ST_RECEIVEDOFFER && source == CS_REMOTE) ||
           (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_REMOTE));
 }
 
 bool SrtpFilter::StoreParams(const std::vector<CryptoParams>& params,
@@ skipping 145 matching lines @@
   // TODO(juberti): Zero these buffers after use.
   bool ret;
   rtc::Buffer send_key(send_key_len + send_salt_len);
   rtc::Buffer recv_key(recv_key_len + recv_salt_len);
   ret = (ParseKeyParams(send_params.key_params, send_key.data(),
                         send_key.size()) &&
          ParseKeyParams(recv_params.key_params, recv_key.data(),
                         recv_key.size()));
   if (ret) {
     CreateSrtpSessions();
+    send_session_->SetEncryptedHeaderExtensionIds(
+        send_encrypted_header_extension_ids_);
+    recv_session_->SetEncryptedHeaderExtensionIds(
+        recv_encrypted_header_extension_ids_);
     ret = (send_session_->SetSend(
                rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite),
                send_key.data(), send_key.size()) &&
            recv_session_->SetRecv(
                rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite),
                recv_key.data(), recv_key.size()));
   }
   if (ret) {
     LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
                  << " send cipher_suite " << send_params.cipher_suite
@@ skipping 54 matching lines @@
   if (session_) {
     srtp_set_user_data(session_, nullptr);
     srtp_dealloc(session_);
   }
 }
 
 bool SrtpSession::SetSend(int cs, const uint8_t* key, size_t len) {
   return SetKey(ssrc_any_outbound, cs, key, len);
 }
 
+bool SrtpSession::UpdateSend(int cs, const uint8_t* key, size_t len) {
+  return UpdateKey(ssrc_any_outbound, cs, key, len);
+}
+
 bool SrtpSession::SetRecv(int cs, const uint8_t* key, size_t len) {
   return SetKey(ssrc_any_inbound, cs, key, len);
 }
 
+bool SrtpSession::UpdateRecv(int cs, const uint8_t* key, size_t len) {
+  return UpdateKey(ssrc_any_inbound, cs, key, len);
+}
+
 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) {
   RTC_DCHECK(thread_checker_.CalledOnValidThread());
   if (!session_) {
     LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session";
     return false;
   }
 
   int need_len = in_len + rtp_auth_tag_len_;  // NOLINT
   if (max_len < need_len) {
     LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length "
@@ skipping 149 matching lines @@
   *index = static_cast<int64_t>(
       rtc::NetworkToHost64(
           srtp_rdbx_get_packet_index(&stream->rtp_rdbx) << 16));
   return true;
 }
 
 void SrtpSession::set_signal_silent_time(int signal_silent_time_in_ms) {
   srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms);
 }
 
-bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) {
+bool SrtpSession::DoSetKey(int type, int cs, const uint8_t* key, size_t len) {
   RTC_DCHECK(thread_checker_.CalledOnValidThread());
-  if (session_) {
-    LOG(LS_ERROR) << "Failed to create SRTP session: "
-                  << "SRTP session already created";
-    return false;
-  }
-
-  if (!Init()) {
-    return false;
-  }
 
   srtp_policy_t policy;
   memset(&policy, 0, sizeof(policy));
   if (cs == rtc::SRTP_AES128_CM_SHA1_80) {
     srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
     srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
   } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {
     // RTP HMAC is shortened to 32 bits, but RTCP remains 80 bits.
     srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
     srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
   } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) {
     srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
     srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
   } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) {
     srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
     srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
   } else {
-    LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
-                    << " cipher_suite " << cs;
+    LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create")
+        << " SRTP session: unsupported cipher_suite " << cs;
     return false;
   }
 
   int expected_key_len;
   int expected_salt_len;
   if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len,
       &expected_salt_len)) {
     // This should never happen.
-    LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
-                    << " cipher_suite without length information" << cs;
+    LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create")
+        << " SRTP session: unsupported cipher_suite without length information"
+        << cs;
     return false;
   }
 
   if (!key ||
       len != static_cast<size_t>(expected_key_len + expected_salt_len)) {
-    LOG(LS_WARNING) << "Failed to create SRTP session: invalid key";
+    LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create")
+        << " SRTP session: invalid key";
     return false;
   }
 
   policy.ssrc.type = static_cast<srtp_ssrc_type_t>(type);
   policy.ssrc.value = 0;
   policy.key = const_cast<uint8_t*>(key);
   // TODO(astor) parse window size from WSH session-param
   policy.window_size = 1024;
   policy.allow_repeat_tx = 1;
   // If external authentication option is enabled, supply custom auth module
   // id EXTERNAL_HMAC_SHA1 in the policy structure.
   // We want to set this option only for rtp packets.
   // By default policy structure is initialized to HMAC_SHA1.
   // Enable external HMAC authentication only for outgoing streams and only
   // for cipher suites that support it (i.e. only non-GCM cipher suites).
   if (type == ssrc_any_outbound && IsExternalAuthEnabled() &&
       !rtc::IsGcmCryptoSuite(cs)) {
     policy.rtp.auth_type = EXTERNAL_HMAC_SHA1;
   }
+  if (!encrypted_header_extension_ids_.empty()) {
+    policy.enc_xtn_hdr = const_cast<int*>(&encrypted_header_extension_ids_[0]);
+    policy.enc_xtn_hdr_count = encrypted_header_extension_ids_.size();
+  }
   policy.next = nullptr;
 
-  int err = srtp_create(&session_, &policy);
-  if (err != srtp_err_status_ok) {
-    session_ = nullptr;
-    LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err;
-    return false;
+  if (!session_) {
+    int err = srtp_create(&session_, &policy);
+    if (err != srtp_err_status_ok) {
+      session_ = nullptr;
+      LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err;
+      return false;
+    }
+    srtp_set_user_data(session_, this);
+  } else {
+    int err = srtp_update(session_, &policy);
+    if (err != srtp_err_status_ok) {
+      LOG(LS_ERROR) << "Failed to update SRTP session, err=" << err;
+      return false;
+    }
   }
 
-  srtp_set_user_data(session_, this);
   rtp_auth_tag_len_ = policy.rtp.auth_tag_len;
   rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len;
   external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1);
   return true;
 }
 
+bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) {
+  RTC_DCHECK(thread_checker_.CalledOnValidThread());
+  if (session_) {
+    LOG(LS_ERROR) << "Failed to create SRTP session: "
+                  << "SRTP session already created";
+    return false;
+  }
+
+  if (!Init()) {
+    return false;
+  }
+
+  return DoSetKey(type, cs, key, len);
+}
+
+bool SrtpSession::UpdateKey(int type, int cs, const uint8_t* key, size_t len) {
+  RTC_DCHECK(thread_checker_.CalledOnValidThread());
+  if (!session_) {
+    LOG(LS_ERROR) << "Failed to update non-existing SRTP session";
+    return false;
+  }
+
+  return DoSetKey(type, cs, key, len);
+}
+
+void SrtpSession::SetEncryptedHeaderExtensionIds(
+    const std::vector<int>& encrypted_header_extension_ids) {
+  RTC_DCHECK(thread_checker_.CalledOnValidThread());
+  encrypted_header_extension_ids_ = encrypted_header_extension_ids;
+}
+
 bool SrtpSession::Init() {
   rtc::GlobalLockScope ls(&lock_);
 
   if (!inited_) {
     int err;
     err = srtp_init();
     if (err != srtp_err_status_ok) {
       LOG(LS_ERROR) << "Failed to init SRTP, err=" << err;
       return false;
     }
@@ skipping 123 matching lines @@
     if (stat->last_signal_time == 0 ||
         rtc::TimeDiff(current_time, stat->last_signal_time) >
             signal_silent_time_) {
       SignalSrtpError(key.ssrc, key.mode, key.error);
       stat->last_signal_time = current_time;
     }
   }
 }
 
 }  // namespace cricket