OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. | 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
151 rtc::Thread* signaling_thread, | 151 rtc::Thread* signaling_thread, |
152 MediaChannel* media_channel, | 152 MediaChannel* media_channel, |
153 const std::string& content_name, | 153 const std::string& content_name, |
154 bool rtcp_mux_required, | 154 bool rtcp_mux_required, |
155 bool srtp_required) | 155 bool srtp_required) |
156 : worker_thread_(worker_thread), | 156 : worker_thread_(worker_thread), |
157 network_thread_(network_thread), | 157 network_thread_(network_thread), |
158 signaling_thread_(signaling_thread), | 158 signaling_thread_(signaling_thread), |
159 content_name_(content_name), | 159 content_name_(content_name), |
160 rtcp_mux_required_(rtcp_mux_required), | 160 rtcp_mux_required_(rtcp_mux_required), |
161 rtp_transport_( | |
162 srtp_required | |
163 ? rtc::WrapUnique<webrtc::RtpTransportInternal>( | |
164 new webrtc::SrtpTransport(rtcp_mux_required, content_name)) | |
165 : rtc::MakeUnique<webrtc::RtpTransport>(rtcp_mux_required)), | |
166 srtp_required_(srtp_required), | 161 srtp_required_(srtp_required), |
167 media_channel_(media_channel), | 162 media_channel_(media_channel), |
168 selected_candidate_pair_(nullptr) { | 163 selected_candidate_pair_(nullptr) { |
169 RTC_DCHECK(worker_thread_ == rtc::Thread::Current()); | 164 RTC_DCHECK(worker_thread_ == rtc::Thread::Current()); |
| 165 if (srtp_required) { |
| 166 auto transport = |
| 167 rtc::MakeUnique<webrtc::SrtpTransport>(rtcp_mux_required, content_name); |
| 168 srtp_transport_ = transport.get(); |
| 169 rtp_transport_ = std::move(transport); |
170 #if defined(ENABLE_EXTERNAL_AUTH) | 170 #if defined(ENABLE_EXTERNAL_AUTH) |
171 srtp_filter_.EnableExternalAuth(); | 171 srtp_transport_->EnableExternalAuth(); |
172 #endif | 172 #endif |
| 173 } else { |
| 174 rtp_transport_ = rtc::MakeUnique<webrtc::RtpTransport>(rtcp_mux_required); |
| 175 srtp_transport_ = nullptr; |
| 176 } |
173 rtp_transport_->SignalReadyToSend.connect( | 177 rtp_transport_->SignalReadyToSend.connect( |
174 this, &BaseChannel::OnTransportReadyToSend); | 178 this, &BaseChannel::OnTransportReadyToSend); |
175 // TODO(zstein): RtpTransport::SignalPacketReceived will probably be replaced | 179 // TODO(zstein): RtpTransport::SignalPacketReceived will probably be replaced |
176 // with a callback interface later so that the demuxer can select which | 180 // with a callback interface later so that the demuxer can select which |
177 // channel to signal. | 181 // channel to signal. |
178 rtp_transport_->SignalPacketReceived.connect(this, | 182 rtp_transport_->SignalPacketReceived.connect(this, |
179 &BaseChannel::OnPacketReceived); | 183 &BaseChannel::OnPacketReceived); |
180 LOG(LS_INFO) << "Created channel for " << content_name; | 184 LOG(LS_INFO) << "Created channel for " << content_name; |
181 } | 185 } |
182 | 186 |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
307 transport_name_ = rtp_dtls_transport->transport_name(); | 311 transport_name_ = rtp_dtls_transport->transport_name(); |
308 debug_name = transport_name_; | 312 debug_name = transport_name_; |
309 } else { | 313 } else { |
310 debug_name = rtp_packet_transport->debug_name(); | 314 debug_name = rtp_packet_transport->debug_name(); |
311 } | 315 } |
312 if (rtp_packet_transport == rtp_transport_->rtp_packet_transport()) { | 316 if (rtp_packet_transport == rtp_transport_->rtp_packet_transport()) { |
313 // Nothing to do if transport isn't changing. | 317 // Nothing to do if transport isn't changing. |
314 return; | 318 return; |
315 } | 319 } |
316 | 320 |
317 // When using DTLS-SRTP, we must reset the SrtpFilter every time the transport | 321 // When using DTLS-SRTP, we must reset the SrtpTransport every time the |
318 // changes and wait until the DTLS handshake is complete to set the newly | 322 // DtlsTransport changes and wait until the DTLS handshake is complete to set |
319 // negotiated parameters. | 323 // the newly negotiated parameters. |
320 if (ShouldSetupDtlsSrtp_n()) { | 324 if (ShouldSetupDtlsSrtp_n()) { |
321 // Set |writable_| to false such that UpdateWritableState_w can set up | 325 // Set |writable_| to false such that UpdateWritableState_w can set up |
322 // DTLS-SRTP when |writable_| becomes true again. | 326 // DTLS-SRTP when |writable_| becomes true again. |
323 writable_ = false; | 327 writable_ = false; |
324 srtp_filter_.ResetParams(); | 328 dtls_active_ = false; |
| 329 if (srtp_transport_) { |
| 330 srtp_transport_->ResetParams(); |
| 331 } |
325 } | 332 } |
326 | 333 |
327 // If this BaseChannel doesn't require RTCP mux and we haven't fully | 334 // If this BaseChannel doesn't require RTCP mux and we haven't fully |
328 // negotiated RTCP mux, we need an RTCP transport. | 335 // negotiated RTCP mux, we need an RTCP transport. |
329 if (rtcp_packet_transport) { | 336 if (rtcp_packet_transport) { |
330 LOG(LS_INFO) << "Setting RTCP Transport for " << content_name() << " on " | 337 LOG(LS_INFO) << "Setting RTCP Transport for " << content_name() << " on " |
331 << debug_name << " transport " << rtcp_packet_transport; | 338 << debug_name << " transport " << rtcp_packet_transport; |
332 SetTransport_n(true, rtcp_dtls_transport, rtcp_packet_transport); | 339 SetTransport_n(true, rtcp_dtls_transport, rtcp_packet_transport); |
333 } | 340 } |
334 | 341 |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
370 rtp_transport_->SetRtpPacketTransport(new_packet_transport); | 377 rtp_transport_->SetRtpPacketTransport(new_packet_transport); |
371 } | 378 } |
372 old_dtls_transport = new_dtls_transport; | 379 old_dtls_transport = new_dtls_transport; |
373 | 380 |
374 // If there's no new transport, we're done after disconnecting from old one. | 381 // If there's no new transport, we're done after disconnecting from old one. |
375 if (!new_packet_transport) { | 382 if (!new_packet_transport) { |
376 return; | 383 return; |
377 } | 384 } |
378 | 385 |
379 if (rtcp && new_dtls_transport) { | 386 if (rtcp && new_dtls_transport) { |
380 RTC_CHECK(!(ShouldSetupDtlsSrtp_n() && srtp_filter_.IsActive())) | 387 RTC_CHECK(!(ShouldSetupDtlsSrtp_n() && srtp_active())) |
381 << "Setting RTCP for DTLS/SRTP after SrtpFilter is active " | 388 << "Setting RTCP for DTLS/SRTP after the DTLS is active " |
382 << "should never happen."; | 389 << "should never happen."; |
383 } | 390 } |
384 | 391 |
385 if (new_dtls_transport) { | 392 if (new_dtls_transport) { |
386 ConnectToDtlsTransport(new_dtls_transport); | 393 ConnectToDtlsTransport(new_dtls_transport); |
387 } else { | 394 } else { |
388 ConnectToPacketTransport(new_packet_transport); | 395 ConnectToPacketTransport(new_packet_transport); |
389 } | 396 } |
390 auto& socket_options = rtcp ? rtcp_socket_options_ : socket_options_; | 397 auto& socket_options = rtcp ? rtcp_socket_options_ : socket_options_; |
391 for (const auto& pair : socket_options) { | 398 for (const auto& pair : socket_options) { |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
522 // Need to access some state updated on the network thread. | 529 // Need to access some state updated on the network thread. |
523 return network_thread_->Invoke<bool>( | 530 return network_thread_->Invoke<bool>( |
524 RTC_FROM_HERE, Bind(&BaseChannel::IsReadyToSendMedia_n, this)); | 531 RTC_FROM_HERE, Bind(&BaseChannel::IsReadyToSendMedia_n, this)); |
525 } | 532 } |
526 | 533 |
527 bool BaseChannel::IsReadyToSendMedia_n() const { | 534 bool BaseChannel::IsReadyToSendMedia_n() const { |
528 // Send outgoing data if we are enabled, have local and remote content, | 535 // Send outgoing data if we are enabled, have local and remote content, |
529 // and we have had some form of connectivity. | 536 // and we have had some form of connectivity. |
530 return enabled() && IsReceiveContentDirection(remote_content_direction_) && | 537 return enabled() && IsReceiveContentDirection(remote_content_direction_) && |
531 IsSendContentDirection(local_content_direction_) && | 538 IsSendContentDirection(local_content_direction_) && |
532 was_ever_writable() && | 539 was_ever_writable() && (srtp_active() || !ShouldSetupDtlsSrtp_n()); |
533 (srtp_filter_.IsActive() || !ShouldSetupDtlsSrtp_n()); | |
534 } | 540 } |
535 | 541 |
536 bool BaseChannel::SendPacket(rtc::CopyOnWriteBuffer* packet, | 542 bool BaseChannel::SendPacket(rtc::CopyOnWriteBuffer* packet, |
537 const rtc::PacketOptions& options) { | 543 const rtc::PacketOptions& options) { |
538 return SendPacket(false, packet, options); | 544 return SendPacket(false, packet, options); |
539 } | 545 } |
540 | 546 |
541 bool BaseChannel::SendRtcp(rtc::CopyOnWriteBuffer* packet, | 547 bool BaseChannel::SendRtcp(rtc::CopyOnWriteBuffer* packet, |
542 const rtc::PacketOptions& options) { | 548 const rtc::PacketOptions& options) { |
543 return SendPacket(true, packet, options); | 549 return SendPacket(true, packet, options); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
575 RTC_DCHECK(network_thread_->IsCurrent()); | 581 RTC_DCHECK(network_thread_->IsCurrent()); |
576 UpdateWritableState_n(); | 582 UpdateWritableState_n(); |
577 } | 583 } |
578 | 584 |
579 void BaseChannel::OnDtlsState(DtlsTransportInternal* transport, | 585 void BaseChannel::OnDtlsState(DtlsTransportInternal* transport, |
580 DtlsTransportState state) { | 586 DtlsTransportState state) { |
581 if (!ShouldSetupDtlsSrtp_n()) { | 587 if (!ShouldSetupDtlsSrtp_n()) { |
582 return; | 588 return; |
583 } | 589 } |
584 | 590 |
585 // Reset the srtp filter if it's not the CONNECTED state. For the CONNECTED | 591 // Reset the SrtpTransport if it's not the CONNECTED state. For the CONNECTED |
586 // state, setting up DTLS-SRTP context is deferred to ChannelWritable_w to | 592 // state, setting up DTLS-SRTP context is deferred to ChannelWritable_w to |
587 // cover other scenarios like the whole transport is writable (not just this | 593 // cover other scenarios like the whole transport is writable (not just this |
588 // TransportChannel) or when TransportChannel is attached after DTLS is | 594 // TransportChannel) or when TransportChannel is attached after DTLS is |
589 // negotiated. | 595 // negotiated. |
590 if (state != DTLS_TRANSPORT_CONNECTED) { | 596 if (state != DTLS_TRANSPORT_CONNECTED) { |
591 srtp_filter_.ResetParams(); | 597 dtls_active_ = false; |
| 598 if (srtp_transport_) { |
| 599 srtp_transport_->ResetParams(); |
| 600 } |
592 } | 601 } |
593 } | 602 } |
594 | 603 |
595 void BaseChannel::OnSelectedCandidatePairChanged( | 604 void BaseChannel::OnSelectedCandidatePairChanged( |
596 IceTransportInternal* ice_transport, | 605 IceTransportInternal* ice_transport, |
597 CandidatePairInterface* selected_candidate_pair, | 606 CandidatePairInterface* selected_candidate_pair, |
598 int last_sent_packet_id, | 607 int last_sent_packet_id, |
599 bool ready_to_send) { | 608 bool ready_to_send) { |
600 RTC_DCHECK((rtp_dtls_transport_ && | 609 RTC_DCHECK((rtp_dtls_transport_ && |
601 ice_transport == rtp_dtls_transport_->ice_transport()) || | 610 ice_transport == rtp_dtls_transport_->ice_transport()) || |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
655 } | 664 } |
656 | 665 |
657 // Protect ourselves against crazy data. | 666 // Protect ourselves against crazy data. |
658 if (!ValidPacket(rtcp, packet)) { | 667 if (!ValidPacket(rtcp, packet)) { |
659 LOG(LS_ERROR) << "Dropping outgoing " << content_name_ << " " | 668 LOG(LS_ERROR) << "Dropping outgoing " << content_name_ << " " |
660 << RtpRtcpStringLiteral(rtcp) | 669 << RtpRtcpStringLiteral(rtcp) |
661 << " packet: wrong size=" << packet->size(); | 670 << " packet: wrong size=" << packet->size(); |
662 return false; | 671 return false; |
663 } | 672 } |
664 | 673 |
665 rtc::PacketOptions updated_options; | 674 if (!srtp_active()) { |
666 updated_options = options; | 675 if (srtp_required_) { |
667 // Protect if needed. | 676 // The audio/video engines may attempt to send RTCP packets as soon as the |
668 if (srtp_filter_.IsActive()) { | 677 // streams are created, so don't treat this as an error for RTCP. |
669 TRACE_EVENT0("webrtc", "SRTP Encode"); | 678 // See: https://bugs.chromium.org/p/webrtc/issues/detail?id=6809 |
670 bool res; | 679 if (rtcp) { |
671 uint8_t* data = packet->data(); | |
672 int len = static_cast<int>(packet->size()); | |
673 if (!rtcp) { | |
674 // If ENABLE_EXTERNAL_AUTH flag is on then packet authentication is not done | |
675 // inside libsrtp for a RTP packet. A external HMAC module will be writing | |
676 // a fake HMAC value. This is ONLY done for a RTP packet. | |
677 // Socket layer will update rtp sendtime extension header if present in | |
678 // packet with current time before updating the HMAC. | |
679 #if !defined(ENABLE_EXTERNAL_AUTH) | |
680 res = srtp_filter_.ProtectRtp( | |
681 data, len, static_cast<int>(packet->capacity()), &len); | |
682 #else | |
683 if (!srtp_filter_.IsExternalAuthActive()) { | |
684 res = srtp_filter_.ProtectRtp( | |
685 data, len, static_cast<int>(packet->capacity()), &len); | |
686 } else { | |
687 updated_options.packet_time_params.rtp_sendtime_extension_id = | |
688 rtp_abs_sendtime_extn_id_; | |
689 res = srtp_filter_.ProtectRtp( | |
690 data, len, static_cast<int>(packet->capacity()), &len, | |
691 &updated_options.packet_time_params.srtp_packet_index); | |
692 // If protection succeeds, let's get auth params from srtp. | |
693 if (res) { | |
694 uint8_t* auth_key = NULL; | |
695 int key_len; | |
696 res = srtp_filter_.GetRtpAuthParams( | |
697 &auth_key, &key_len, | |
698 &updated_options.packet_time_params.srtp_auth_tag_len); | |
699 if (res) { | |
700 updated_options.packet_time_params.srtp_auth_key.resize(key_len); | |
701 updated_options.packet_time_params.srtp_auth_key.assign( | |
702 auth_key, auth_key + key_len); | |
703 } | |
704 } | |
705 } | |
706 #endif | |
707 if (!res) { | |
708 int seq_num = -1; | |
709 uint32_t ssrc = 0; | |
710 GetRtpSeqNum(data, len, &seq_num); | |
711 GetRtpSsrc(data, len, &ssrc); | |
712 LOG(LS_ERROR) << "Failed to protect " << content_name_ | |
713 << " RTP packet: size=" << len | |
714 << ", seqnum=" << seq_num << ", SSRC=" << ssrc; | |
715 return false; | 680 return false; |
716 } | 681 } |
717 } else { | 682 // However, there shouldn't be any RTP packets sent before SRTP is set up |
718 res = srtp_filter_.ProtectRtcp(data, len, | 683 // (and SetSend(true) is called). |
719 static_cast<int>(packet->capacity()), | 684 LOG(LS_ERROR) << "Can't send outgoing RTP packet when SRTP is inactive" |
720 &len); | 685 << " and crypto is required"; |
721 if (!res) { | 686 RTC_NOTREACHED(); |
722 int type = -1; | |
723 GetRtcpType(data, len, &type); | |
724 LOG(LS_ERROR) << "Failed to protect " << content_name_ | |
725 << " RTCP packet: size=" << len << ", type=" << type; | |
726 return false; | |
727 } | |
728 } | |
729 | |
730 // Update the length of the packet now that we've added the auth tag. | |
731 packet->SetSize(len); | |
732 } else if (srtp_required_) { | |
733 // The audio/video engines may attempt to send RTCP packets as soon as the | |
734 // streams are created, so don't treat this as an error for RTCP. | |
735 // See: https://bugs.chromium.org/p/webrtc/issues/detail?id=6809 | |
736 if (rtcp) { | |
737 return false; | 687 return false; |
738 } | 688 } |
739 // However, there shouldn't be any RTP packets sent before SRTP is set up | 689 // Bon voyage. |
740 // (and SetSend(true) is called). | 690 return rtcp ? rtp_transport_->SendRtcpPacket(packet, options, PF_NORMAL) |
741 LOG(LS_ERROR) << "Can't send outgoing RTP packet when SRTP is inactive" | 691 : rtp_transport_->SendRtpPacket(packet, options, PF_NORMAL); |
742 << " and crypto is required"; | |
743 RTC_NOTREACHED(); | |
744 return false; | |
745 } | 692 } |
746 | 693 RTC_DCHECK(srtp_transport_); |
| 694 RTC_DCHECK(srtp_transport_->IsActive()); |
747 // Bon voyage. | 695 // Bon voyage. |
748 int flags = (secure() && secure_dtls()) ? PF_SRTP_BYPASS : PF_NORMAL; | 696 return rtcp ? srtp_transport_->SendRtcpPacket(packet, options, PF_SRTP_BYPASS) |
749 return rtp_transport_->SendPacket(rtcp, packet, updated_options, flags); | 697 : srtp_transport_->SendRtpPacket(packet, options, PF_SRTP_BYPASS); |
750 } | 698 } |
751 | 699 |
752 bool BaseChannel::HandlesPayloadType(int packet_type) const { | 700 bool BaseChannel::HandlesPayloadType(int packet_type) const { |
753 return rtp_transport_->HandlesPayloadType(packet_type); | 701 return rtp_transport_->HandlesPayloadType(packet_type); |
754 } | 702 } |
755 | 703 |
756 void BaseChannel::OnPacketReceived(bool rtcp, | 704 void BaseChannel::OnPacketReceived(bool rtcp, |
757 rtc::CopyOnWriteBuffer* packet, | 705 rtc::CopyOnWriteBuffer* packet, |
758 const rtc::PacketTime& packet_time) { | 706 const rtc::PacketTime& packet_time) { |
759 if (!has_received_packet_ && !rtcp) { | 707 if (!has_received_packet_ && !rtcp) { |
760 has_received_packet_ = true; | 708 has_received_packet_ = true; |
761 signaling_thread()->Post(RTC_FROM_HERE, this, MSG_FIRSTPACKETRECEIVED); | 709 signaling_thread()->Post(RTC_FROM_HERE, this, MSG_FIRSTPACKETRECEIVED); |
762 } | 710 } |
763 | 711 |
764 // Unprotect the packet, if needed. | 712 if (!srtp_active() && srtp_required_) { |
765 if (srtp_filter_.IsActive()) { | |
766 TRACE_EVENT0("webrtc", "SRTP Decode"); | |
767 char* data = packet->data<char>(); | |
768 int len = static_cast<int>(packet->size()); | |
769 bool res; | |
770 if (!rtcp) { | |
771 res = srtp_filter_.UnprotectRtp(data, len, &len); | |
772 if (!res) { | |
773 int seq_num = -1; | |
774 uint32_t ssrc = 0; | |
775 GetRtpSeqNum(data, len, &seq_num); | |
776 GetRtpSsrc(data, len, &ssrc); | |
777 LOG(LS_ERROR) << "Failed to unprotect " << content_name_ | |
778 << " RTP packet: size=" << len << ", seqnum=" << seq_num | |
779 << ", SSRC=" << ssrc; | |
780 return; | |
781 } | |
782 } else { | |
783 res = srtp_filter_.UnprotectRtcp(data, len, &len); | |
784 if (!res) { | |
785 int type = -1; | |
786 GetRtcpType(data, len, &type); | |
787 LOG(LS_ERROR) << "Failed to unprotect " << content_name_ | |
788 << " RTCP packet: size=" << len << ", type=" << type; | |
789 return; | |
790 } | |
791 } | |
792 | |
793 packet->SetSize(len); | |
794 } else if (srtp_required_) { | |
795 // Our session description indicates that SRTP is required, but we got a | 713 // Our session description indicates that SRTP is required, but we got a |
796 // packet before our SRTP filter is active. This means either that | 714 // packet before our SRTP filter is active. This means either that |
797 // a) we got SRTP packets before we received the SDES keys, in which case | 715 // a) we got SRTP packets before we received the SDES keys, in which case |
798 // we can't decrypt it anyway, or | 716 // we can't decrypt it anyway, or |
799 // b) we got SRTP packets before DTLS completed on both the RTP and RTCP | 717 // b) we got SRTP packets before DTLS completed on both the RTP and RTCP |
800 // transports, so we haven't yet extracted keys, even if DTLS did | 718 // transports, so we haven't yet extracted keys, even if DTLS did |
801 // complete on the transport that the packets are being sent on. It's | 719 // complete on the transport that the packets are being sent on. It's |
802 // really good practice to wait for both RTP and RTCP to be good to go | 720 // really good practice to wait for both RTP and RTCP to be good to go |
803 // before sending media, to prevent weird failure modes, so it's fine | 721 // before sending media, to prevent weird failure modes, so it's fine |
804 // for us to just eat packets here. This is all sidestepped if RTCP mux | 722 // for us to just eat packets here. This is all sidestepped if RTCP mux |
(...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
988 } | 906 } |
989 | 907 |
990 if (role == rtc::SSL_SERVER) { | 908 if (role == rtc::SSL_SERVER) { |
991 send_key = &server_write_key; | 909 send_key = &server_write_key; |
992 recv_key = &client_write_key; | 910 recv_key = &client_write_key; |
993 } else { | 911 } else { |
994 send_key = &client_write_key; | 912 send_key = &client_write_key; |
995 recv_key = &server_write_key; | 913 recv_key = &server_write_key; |
996 } | 914 } |
997 | 915 |
998 if (!srtp_filter_.IsActive()) { | 916 if (rtcp) { |
999 if (rtcp) { | 917 if (!dtls_active()) { |
1000 ret = srtp_filter_.SetRtcpParams(selected_crypto_suite, &(*send_key)[0], | 918 RTC_DCHECK(srtp_transport_); |
1001 static_cast<int>(send_key->size()), | 919 ret = srtp_transport_->SetRtcpParams( |
1002 selected_crypto_suite, &(*recv_key)[0], | 920 selected_crypto_suite, &(*send_key)[0], |
1003 static_cast<int>(recv_key->size())); | 921 static_cast<int>(send_key->size()), selected_crypto_suite, |
| 922 &(*recv_key)[0], static_cast<int>(recv_key->size())); |
1004 } else { | 923 } else { |
1005 ret = srtp_filter_.SetRtpParams(selected_crypto_suite, &(*send_key)[0], | 924 // RTCP doesn't need to call SetRtpParam because it is only used |
1006 static_cast<int>(send_key->size()), | 925 // to make the updated encrypted RTP header extension IDs take effect. |
1007 selected_crypto_suite, &(*recv_key)[0], | 926 ret = true; |
1008 static_cast<int>(recv_key->size())); | |
1009 } | 927 } |
1010 } else { | 928 } else { |
1011 if (rtcp) { | 929 RTC_DCHECK(srtp_transport_); |
1012 // RTCP doesn't need to be updated because UpdateRtpParams is only used | 930 ret = srtp_transport_->SetRtpParams(selected_crypto_suite, &(*send_key)[0], |
1013 // to update the set of encrypted RTP header extension IDs. | 931 static_cast<int>(send_key->size()), |
1014 ret = true; | 932 selected_crypto_suite, &(*recv_key)[0], |
1015 } else { | 933 static_cast<int>(recv_key->size())); |
1016 ret = srtp_filter_.UpdateRtpParams( | 934 dtls_active_ = ret; |
1017 selected_crypto_suite, | |
1018 &(*send_key)[0], static_cast<int>(send_key->size()), | |
1019 selected_crypto_suite, | |
1020 &(*recv_key)[0], static_cast<int>(recv_key->size())); | |
1021 } | |
1022 } | 935 } |
1023 | 936 |
1024 if (!ret) { | 937 if (!ret) { |
1025 LOG(LS_WARNING) << "DTLS-SRTP key installation failed"; | 938 LOG(LS_WARNING) << "DTLS-SRTP key installation failed"; |
1026 } else { | 939 } else { |
1027 dtls_keyed_ = true; | |
1028 UpdateTransportOverhead(); | 940 UpdateTransportOverhead(); |
1029 } | 941 } |
1030 return ret; | 942 return ret; |
1031 } | 943 } |
1032 | 944 |
1033 void BaseChannel::MaybeSetupDtlsSrtp_n() { | 945 void BaseChannel::MaybeSetupDtlsSrtp_n() { |
1034 if (srtp_filter_.IsActive()) { | 946 if (dtls_active()) { |
1035 return; | 947 return; |
1036 } | 948 } |
1037 | 949 |
1038 if (!ShouldSetupDtlsSrtp_n()) { | 950 if (!ShouldSetupDtlsSrtp_n()) { |
1039 return; | 951 return; |
1040 } | 952 } |
1041 | 953 |
| 954 if (!srtp_transport_) { |
| 955 EnableSrtpTransport_n(); |
| 956 } |
| 957 |
1042 if (!SetupDtlsSrtp_n(false)) { | 958 if (!SetupDtlsSrtp_n(false)) { |
1043 SignalDtlsSrtpSetupFailure_n(false); | 959 SignalDtlsSrtpSetupFailure_n(false); |
1044 return; | 960 return; |
1045 } | 961 } |
1046 | 962 |
1047 if (rtcp_dtls_transport_) { | 963 if (rtcp_dtls_transport_) { |
1048 if (!SetupDtlsSrtp_n(true)) { | 964 if (!SetupDtlsSrtp_n(true)) { |
1049 SignalDtlsSrtpSetupFailure_n(true); | 965 SignalDtlsSrtpSetupFailure_n(true); |
1050 return; | 966 return; |
1051 } | 967 } |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1115 bool* dtls, | 1031 bool* dtls, |
1116 std::string* error_desc) { | 1032 std::string* error_desc) { |
1117 *dtls = rtp_dtls_transport_ && rtp_dtls_transport_->IsDtlsActive(); | 1033 *dtls = rtp_dtls_transport_ && rtp_dtls_transport_->IsDtlsActive(); |
1118 if (*dtls && !cryptos.empty()) { | 1034 if (*dtls && !cryptos.empty()) { |
1119 SafeSetError("Cryptos must be empty when DTLS is active.", error_desc); | 1035 SafeSetError("Cryptos must be empty when DTLS is active.", error_desc); |
1120 return false; | 1036 return false; |
1121 } | 1037 } |
1122 return true; | 1038 return true; |
1123 } | 1039 } |
1124 | 1040 |
| 1041 void BaseChannel::EnableSrtpTransport_n() { |
| 1042 if (srtp_transport_ == nullptr) { |
| 1043 rtp_transport_->SignalReadyToSend.disconnect(this); |
| 1044 rtp_transport_->SignalPacketReceived.disconnect(this); |
| 1045 |
| 1046 auto transport = rtc::MakeUnique<webrtc::SrtpTransport>( |
| 1047 std::move(rtp_transport_), content_name_); |
| 1048 srtp_transport_ = transport.get(); |
| 1049 rtp_transport_ = std::move(transport); |
| 1050 |
| 1051 rtp_transport_->SignalReadyToSend.connect( |
| 1052 this, &BaseChannel::OnTransportReadyToSend); |
| 1053 rtp_transport_->SignalPacketReceived.connect( |
| 1054 this, &BaseChannel::OnPacketReceived); |
| 1055 LOG(LS_INFO) << "Wrapping RtpTransport in SrtpTransport."; |
| 1056 } |
| 1057 } |
| 1058 |
1125 bool BaseChannel::SetSrtp_n(const std::vector<CryptoParams>& cryptos, | 1059 bool BaseChannel::SetSrtp_n(const std::vector<CryptoParams>& cryptos, |
1126 ContentAction action, | 1060 ContentAction action, |
1127 ContentSource src, | 1061 ContentSource src, |
1128 const std::vector<int>& encrypted_extension_ids, | 1062 const std::vector<int>& encrypted_extension_ids, |
1129 std::string* error_desc) { | 1063 std::string* error_desc) { |
1130 TRACE_EVENT0("webrtc", "BaseChannel::SetSrtp_w"); | 1064 TRACE_EVENT0("webrtc", "BaseChannel::SetSrtp_w"); |
1131 if (action == CA_UPDATE) { | 1065 if (action == CA_UPDATE) { |
1132 // no crypto params. | 1066 // no crypto params. |
1133 return true; | 1067 return true; |
1134 } | 1068 } |
1135 bool ret = false; | 1069 bool ret = false; |
1136 bool dtls = false; | 1070 bool dtls = false; |
1137 ret = CheckSrtpConfig_n(cryptos, &dtls, error_desc); | 1071 ret = CheckSrtpConfig_n(cryptos, &dtls, error_desc); |
1138 if (!ret) { | 1072 if (!ret) { |
1139 return false; | 1073 return false; |
1140 } | 1074 } |
1141 srtp_filter_.SetEncryptedHeaderExtensionIds(src, encrypted_extension_ids); | 1075 |
| 1076 // If SRTP was not required, but we're setting a description that uses SDES, |
| 1077 // we need to upgrade to an SrtpTransport. |
| 1078 if (!srtp_transport_ && !dtls && !cryptos.empty()) { |
| 1079 EnableSrtpTransport_n(); |
| 1080 } |
| 1081 if (srtp_transport_) { |
| 1082 srtp_transport_->SetEncryptedHeaderExtensionIds(src, |
| 1083 encrypted_extension_ids); |
| 1084 } |
1142 switch (action) { | 1085 switch (action) { |
1143 case CA_OFFER: | 1086 case CA_OFFER: |
1144 // If DTLS is already active on the channel, we could be renegotiating | 1087 // If DTLS is already active on the channel, we could be renegotiating |
1145 // here. We don't update the srtp filter. | 1088 // here. We don't update the srtp filter. |
1146 if (!dtls) { | 1089 if (!dtls) { |
1147 ret = srtp_filter_.SetOffer(cryptos, src); | 1090 ret = sdes_negotiator_.SetOffer(cryptos, src); |
1148 } | 1091 } |
1149 break; | 1092 break; |
1150 case CA_PRANSWER: | 1093 case CA_PRANSWER: |
1151 // If we're doing DTLS-SRTP, we don't want to update the filter | 1094 // If we're doing DTLS-SRTP, we don't want to update the filter |
1152 // with an answer, because we already have SRTP parameters. | 1095 // with an answer, because we already have SRTP parameters. |
1153 if (!dtls) { | 1096 if (!dtls) { |
1154 ret = srtp_filter_.SetProvisionalAnswer(cryptos, src); | 1097 ret = sdes_negotiator_.SetProvisionalAnswer(cryptos, src); |
1155 } | 1098 } |
1156 break; | 1099 break; |
1157 case CA_ANSWER: | 1100 case CA_ANSWER: |
1158 // If we're doing DTLS-SRTP, we don't want to update the filter | 1101 // If we're doing DTLS-SRTP, we don't want to update the filter |
1159 // with an answer, because we already have SRTP parameters. | 1102 // with an answer, because we already have SRTP parameters. |
1160 if (!dtls) { | 1103 if (!dtls) { |
1161 ret = srtp_filter_.SetAnswer(cryptos, src); | 1104 ret = sdes_negotiator_.SetAnswer(cryptos, src); |
1162 } | 1105 } |
1163 break; | 1106 break; |
1164 default: | 1107 default: |
1165 break; | 1108 break; |
1166 } | 1109 } |
| 1110 |
| 1111 // If setting an SDES answer succeeded, apply the negotiated parameters |
| 1112 // to the SRTP transport. |
| 1113 if ((action == CA_PRANSWER || action == CA_ANSWER) && !dtls && ret) { |
| 1114 if (sdes_negotiator_.send_cipher_suite() && |
| 1115 sdes_negotiator_.recv_cipher_suite()) { |
| 1116 ret = srtp_transport_->SetRtpParams( |
| 1117 *(sdes_negotiator_.send_cipher_suite()), |
| 1118 sdes_negotiator_.send_key().data(), |
| 1119 static_cast<int>(sdes_negotiator_.send_key().size()), |
| 1120 *(sdes_negotiator_.recv_cipher_suite()), |
| 1121 sdes_negotiator_.recv_key().data(), |
| 1122 static_cast<int>(sdes_negotiator_.recv_key().size())); |
| 1123 } else { |
| 1124 LOG(LS_INFO) << "No crypto keys are provided for SDES."; |
| 1125 if (action == CA_ANSWER && srtp_transport_) { |
| 1126 // Explicitly reset the |srtp_transport_| if no crypto param is |
| 1127 // provided in the answer. No need to call |ResetParams()| for |
| 1128 // |sdes_negotiator_| because it resets the params inside |SetAnswer|. |
| 1129 srtp_transport_->ResetParams(); |
| 1130 } |
| 1131 } |
| 1132 } |
| 1133 |
1167 // Only update SRTP filter if using DTLS. SDES is handled internally | 1134 // Only update SRTP filter if using DTLS. SDES is handled internally |
1168 // by the SRTP filter. | 1135 // by the SRTP filter. |
1169 // TODO(jbauch): Only update if encrypted extension ids have changed. | 1136 // TODO(jbauch): Only update if encrypted extension ids have changed. |
1170 if (ret && dtls_keyed_ && rtp_dtls_transport_ && | 1137 if (ret && dtls_active() && rtp_dtls_transport_ && |
1171 rtp_dtls_transport_->dtls_state() == DTLS_TRANSPORT_CONNECTED) { | 1138 rtp_dtls_transport_->dtls_state() == DTLS_TRANSPORT_CONNECTED) { |
1172 bool rtcp = false; | 1139 bool rtcp = false; |
1173 ret = SetupDtlsSrtp_n(rtcp); | 1140 ret = SetupDtlsSrtp_n(rtcp); |
1174 } | 1141 } |
1175 if (!ret) { | 1142 if (!ret) { |
1176 SafeSetError("Failed to setup SRTP filter.", error_desc); | 1143 SafeSetError("Failed to setup SRTP filter.", error_desc); |
1177 return false; | 1144 return false; |
1178 } | 1145 } |
1179 return true; | 1146 return true; |
1180 } | 1147 } |
(...skipping 23 matching lines...) Expand all Loading... |
1204 break; | 1171 break; |
1205 case CA_ANSWER: | 1172 case CA_ANSWER: |
1206 ret = rtcp_mux_filter_.SetAnswer(enable, src); | 1173 ret = rtcp_mux_filter_.SetAnswer(enable, src); |
1207 if (ret && rtcp_mux_filter_.IsActive()) { | 1174 if (ret && rtcp_mux_filter_.IsActive()) { |
1208 // We permanently activated RTCP muxing; signal that we no longer need | 1175 // We permanently activated RTCP muxing; signal that we no longer need |
1209 // the RTCP transport. | 1176 // the RTCP transport. |
1210 std::string debug_name = | 1177 std::string debug_name = |
1211 transport_name_.empty() | 1178 transport_name_.empty() |
1212 ? rtp_transport_->rtp_packet_transport()->debug_name() | 1179 ? rtp_transport_->rtp_packet_transport()->debug_name() |
1213 : transport_name_; | 1180 : transport_name_; |
1214 ; | |
1215 LOG(LS_INFO) << "Enabling rtcp-mux for " << content_name() | 1181 LOG(LS_INFO) << "Enabling rtcp-mux for " << content_name() |
1216 << "; no longer need RTCP transport for " << debug_name; | 1182 << "; no longer need RTCP transport for " << debug_name; |
1217 if (rtp_transport_->rtcp_packet_transport()) { | 1183 if (rtp_transport_->rtcp_packet_transport()) { |
1218 SetTransport_n(true, nullptr, nullptr); | 1184 SetTransport_n(true, nullptr, nullptr); |
1219 SignalRtcpMuxFullyActive(transport_name_); | 1185 SignalRtcpMuxFullyActive(transport_name_); |
1220 } | 1186 } |
1221 UpdateWritableState_n(); | 1187 UpdateWritableState_n(); |
1222 } | 1188 } |
1223 break; | 1189 break; |
1224 case CA_UPDATE: | 1190 case CA_UPDATE: |
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1433 send_time_extension ? send_time_extension->id : -1; | 1399 send_time_extension ? send_time_extension->id : -1; |
1434 invoker_.AsyncInvoke<void>( | 1400 invoker_.AsyncInvoke<void>( |
1435 RTC_FROM_HERE, network_thread_, | 1401 RTC_FROM_HERE, network_thread_, |
1436 Bind(&BaseChannel::CacheRtpAbsSendTimeHeaderExtension_n, this, | 1402 Bind(&BaseChannel::CacheRtpAbsSendTimeHeaderExtension_n, this, |
1437 rtp_abs_sendtime_extn_id)); | 1403 rtp_abs_sendtime_extn_id)); |
1438 #endif | 1404 #endif |
1439 } | 1405 } |
1440 | 1406 |
1441 void BaseChannel::CacheRtpAbsSendTimeHeaderExtension_n( | 1407 void BaseChannel::CacheRtpAbsSendTimeHeaderExtension_n( |
1442 int rtp_abs_sendtime_extn_id) { | 1408 int rtp_abs_sendtime_extn_id) { |
1443 rtp_abs_sendtime_extn_id_ = rtp_abs_sendtime_extn_id; | 1409 if (srtp_transport_) { |
| 1410 srtp_transport_->CacheRtpAbsSendTimeHeaderExtension( |
| 1411 rtp_abs_sendtime_extn_id); |
| 1412 } else { |
| 1413 LOG(LS_WARNING) << "Trying to cache the Absolute Send Time extension id " |
| 1414 "but the SRTP is not active."; |
| 1415 } |
1444 } | 1416 } |
1445 | 1417 |
1446 void BaseChannel::OnMessage(rtc::Message *pmsg) { | 1418 void BaseChannel::OnMessage(rtc::Message *pmsg) { |
1447 TRACE_EVENT0("webrtc", "BaseChannel::OnMessage"); | 1419 TRACE_EVENT0("webrtc", "BaseChannel::OnMessage"); |
1448 switch (pmsg->message_id) { | 1420 switch (pmsg->message_id) { |
1449 case MSG_SEND_RTP_PACKET: | 1421 case MSG_SEND_RTP_PACKET: |
1450 case MSG_SEND_RTCP_PACKET: { | 1422 case MSG_SEND_RTCP_PACKET: { |
1451 RTC_DCHECK(network_thread_->IsCurrent()); | 1423 RTC_DCHECK(network_thread_->IsCurrent()); |
1452 SendPacketMessageData* data = | 1424 SendPacketMessageData* data = |
1453 static_cast<SendPacketMessageData*>(pmsg->pdata); | 1425 static_cast<SendPacketMessageData*>(pmsg->pdata); |
(...skipping 263 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1717 : kIpv6Overhaed; | 1689 : kIpv6Overhaed; |
1718 | 1690 |
1719 constexpr int kUdpOverhaed = 8; | 1691 constexpr int kUdpOverhaed = 8; |
1720 constexpr int kTcpOverhaed = 20; | 1692 constexpr int kTcpOverhaed = 20; |
1721 transport_overhead_per_packet += | 1693 transport_overhead_per_packet += |
1722 selected_candidate_pair_->local_candidate().protocol() == | 1694 selected_candidate_pair_->local_candidate().protocol() == |
1723 TCP_PROTOCOL_NAME | 1695 TCP_PROTOCOL_NAME |
1724 ? kTcpOverhaed | 1696 ? kTcpOverhaed |
1725 : kUdpOverhaed; | 1697 : kUdpOverhaed; |
1726 | 1698 |
1727 if (secure()) { | 1699 if (sdes_active()) { |
1728 int srtp_overhead = 0; | 1700 int srtp_overhead = 0; |
1729 if (srtp_filter_.GetSrtpOverhead(&srtp_overhead)) | 1701 if (srtp_transport_->GetSrtpOverhead(&srtp_overhead)) |
1730 transport_overhead_per_packet += srtp_overhead; | 1702 transport_overhead_per_packet += srtp_overhead; |
1731 } | 1703 } |
1732 | 1704 |
1733 return transport_overhead_per_packet; | 1705 return transport_overhead_per_packet; |
1734 } | 1706 } |
1735 | 1707 |
1736 void BaseChannel::UpdateTransportOverhead() { | 1708 void BaseChannel::UpdateTransportOverhead() { |
1737 int transport_overhead_per_packet = GetTransportOverheadPerPacket(); | 1709 int transport_overhead_per_packet = GetTransportOverheadPerPacket(); |
1738 if (transport_overhead_per_packet) | 1710 if (transport_overhead_per_packet) |
1739 invoker_.AsyncInvoke<void>( | 1711 invoker_.AsyncInvoke<void>( |
(...skipping 714 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2454 | 2426 |
2455 void RtpDataChannel::OnDataChannelReadyToSend(bool writable) { | 2427 void RtpDataChannel::OnDataChannelReadyToSend(bool writable) { |
2456 // This is usded for congestion control to indicate that the stream is ready | 2428 // This is usded for congestion control to indicate that the stream is ready |
2457 // to send by the MediaChannel, as opposed to OnReadyToSend, which indicates | 2429 // to send by the MediaChannel, as opposed to OnReadyToSend, which indicates |
2458 // that the transport channel is ready. | 2430 // that the transport channel is ready. |
2459 signaling_thread()->Post(RTC_FROM_HERE, this, MSG_READYTOSENDDATA, | 2431 signaling_thread()->Post(RTC_FROM_HERE, this, MSG_READYTOSENDDATA, |
2460 new DataChannelReadyToSendMessageData(writable)); | 2432 new DataChannelReadyToSendMessageData(writable)); |
2461 } | 2433 } |
2462 | 2434 |
2463 } // namespace cricket | 2435 } // namespace cricket |
OLD | NEW |