Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1598)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webrtc/pc/srtptransport.cc

Issue 2997983002: Completed the functionalities of SrtpTransport. (Closed)
Patch Set: Create the SrtpTransport by default and reset it to nullptr if the insecure RTP protocol is used. Created 3 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« webrtc/pc/srtptransport.h ('K') | « webrtc/pc/srtptransport.h ('k') | webrtc/pc/srtptransport_unittest.cc » ('j') | webrtc/pc/srtptransport_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/pc/srtptransport.cc
diff --git a/webrtc/pc/srtptransport.cc b/webrtc/pc/srtptransport.cc
index 6e6ff062749ba8f6d8cac18ef9484b27ac0df4c1..0e7bfcca8a96bc1ea7256973552f73703e6e2d20 100644
--- a/webrtc/pc/srtptransport.cc
+++ b/webrtc/pc/srtptransport.cc
@@ -16,8 +16,10 @@
#include "webrtc/pc/rtptransport.h"
#include "webrtc/pc/srtpsession.h"
#include "webrtc/rtc_base/asyncpacketsocket.h"
+#include "webrtc/rtc_base/base64.h"
#include "webrtc/rtc_base/copyonwritebuffer.h"
#include "webrtc/rtc_base/ptr_util.h"
+#include "webrtc/rtc_base/thread.h"
#include "webrtc/rtc_base/trace_event.h"
namespace webrtc {
@@ -46,17 +48,324 @@ bool SrtpTransport::SendPacket(bool rtcp,
rtc::CopyOnWriteBuffer* packet,
const rtc::PacketOptions& options,
int flags) {
- // TODO(zstein): Protect packet.
+ rtc::CopyOnWriteBuffer cp = *packet;
+ if (IsActive()) {
+ TRACE_EVENT0("webrtc", "SRTP Encode");
+ bool res;
+ uint8_t* data = packet->data();
+ int len = static_cast<int>(packet->size());
+ if (!rtcp) {
+// If ENABLE_EXTERNAL_AUTH flag is on then packet authentication is not done
+// inside libsrtp for a RTP packet. A external HMAC module will be writing
+// a fake HMAC value. This is ONLY done for a RTP packet.
+// Socket layer will update rtp sendtime extension header if present in
+// packet with current time before updating the HMAC.
+#if !defined(ENABLE_EXTERNAL_AUTH)
+ res = ProtectRtp(data, len, static_cast<int>(packet->capacity()), &len);
+#else
+ rtc::PacketOptions updated_options = options;
+ if (!IsExternalAuthActive()) {
+ res = ProtectRtp(data, len, static_cast<int>(packet->capacity()), &len);
+ } else {
+ updated_options.packet_time_params.rtp_sendtime_extension_id =
+ rtp_abs_sendtime_extn_id_;
+ res = ProtectRtp(data, len, static_cast<int>(packet->capacity()), &len,
+ &updated_options.packet_time_params.srtp_packet_index);
+ // If protection succeeds, let's get auth params from srtp.
+ if (res) {
+ uint8_t* auth_key = NULL;
+ int key_len;
+ res = GetRtpAuthParams(
+ &auth_key, &key_len,
+ &updated_options.packet_time_params.srtp_auth_tag_len);
+ if (res) {
+ updated_options.packet_time_params.srtp_auth_key.resize(key_len);
+ updated_options.packet_time_params.srtp_auth_key.assign(
+ auth_key, auth_key + key_len);
+ }
+ }
+ }
+#endif
+ if (!res) {
+ int seq_num = -1;
+ uint32_t ssrc = 0;
+ cricket::GetRtpSeqNum(data, len, &seq_num);
+ cricket::GetRtpSsrc(data, len, &ssrc);
+ LOG(LS_ERROR) << "Failed to protect " << content_name_
+ << " RTP packet: size=" << len << ", seqnum=" << seq_num
+ << ", SSRC=" << ssrc;
+ return false;
+ }
+ } else {
+ res = ProtectRtcp(data, len, static_cast<int>(packet->capacity()), &len);
+ if (!res) {
+ int type = -1;
+ cricket::GetRtcpType(data, len, &type);
+ LOG(LS_ERROR) << "Failed to protect " << content_name_
+ << " RTCP packet: size=" << len << ", type=" << type;
+ return false;
+ }
+ }
+ // Update the length of the packet now that we've added the auth tag.
+ packet->SetSize(len);
+ }
return rtp_transport_->SendPacket(rtcp, packet, options, flags);
Taylor Brandstetter 2017/08/26 02:40:39 Oh, I see how this works now. If plain RTP is used
pthatcher 2017/08/28 21:42:56 Yeah, I would prefer that the SrtpTransport doesn'
Zhi Huang 2017/08/29 18:40:35 Done.
}
void SrtpTransport::OnPacketReceived(bool rtcp,
rtc::CopyOnWriteBuffer* packet,
const rtc::PacketTime& packet_time) {
- // TODO(zstein): Unprotect packet.
+ if (IsActive()) {
+ TRACE_EVENT0("webrtc", "SRTP Decode");
+ char* data = packet->data<char>();
+ int len = static_cast<int>(packet->size());
+ bool res;
+ if (!rtcp) {
+ res = UnprotectRtp(data, len, &len);
+ if (!res) {
+ int seq_num = -1;
+ uint32_t ssrc = 0;
+ cricket::GetRtpSeqNum(data, len, &seq_num);
+ cricket::GetRtpSsrc(data, len, &ssrc);
+ LOG(LS_ERROR) << "Failed to unprotect " << content_name_
+ << " RTP packet: size=" << len << ", seqnum=" << seq_num
+ << ", SSRC=" << ssrc;
+ return;
+ }
+ } else {
+ res = UnprotectRtcp(data, len, &len);
+ if (!res) {
+ int type = -1;
+ cricket::GetRtcpType(data, len, &type);
+ LOG(LS_ERROR) << "Failed to unprotect " << content_name_
+ << " RTCP packet: size=" << len << ", type=" << type;
+ return;
+ }
+ }
+ packet->SetSize(len);
+ }
SignalPacketReceived(rtcp, packet, packet_time);
pthatcher 2017/08/28 21:42:56 Same here: if it's not active, drop the packet.
Zhi Huang 2017/08/29 18:40:35 Done.
}
+bool SrtpTransport::SetRtpParams(int send_cs,
+ const uint8_t* send_key,
+ int send_key_len,
+ int recv_cs,
+ const uint8_t* recv_key,
+ int recv_key_len) {
+ CreateSrtpSessions();
+ send_session_->SetEncryptedHeaderExtensionIds(
+ send_encrypted_header_extension_ids_);
+ if (external_auth_enabled_) {
+ send_session_->EnableExternalAuth();
+ }
+ if (!send_session_->SetSend(send_cs, send_key, send_key_len)) {
+ send_session_ = nullptr;
Taylor Brandstetter 2017/08/26 02:40:39 Any reason to reset the send session but not the r
Zhi Huang 2017/08/29 18:40:35 They are used to determine the status of the srtpt
+ return false;
+ }
+
+ recv_session_->SetEncryptedHeaderExtensionIds(
+ recv_encrypted_header_extension_ids_);
+ if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)) {
+ recv_session_ = nullptr;
+ return false;
+ }
+
+ LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
+ << " send cipher_suite " << send_cs << " recv cipher_suite "
+ << recv_cs;
+ return true;
+}
+
+bool SrtpTransport::SetRtcpParams(int send_cs,
+ const uint8_t* send_key,
+ int send_key_len,
+ int recv_cs,
+ const uint8_t* recv_key,
+ int recv_key_len) {
+ // This can only be called once, but can be safely called after
+ // SetRtpParams
+ if (send_rtcp_session_ || recv_rtcp_session_) {
+ LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active";
+ return false;
+ }
+
+ send_rtcp_session_.reset(new cricket::SrtpSession());
+ if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len)) {
+ return false;
+ }
+
+ recv_rtcp_session_.reset(new cricket::SrtpSession());
+ if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len)) {
+ return false;
+ }
+
+ LOG(LS_INFO) << "SRTCP activated with negotiated parameters:"
+ << " send cipher_suite " << send_cs << " recv cipher_suite "
+ << recv_cs;
+
+ return true;
+}
+
+bool SrtpTransport::UpdateRtpParams(int send_cs,
+ const uint8_t* send_key,
+ int send_key_len,
+ int recv_cs,
+ const uint8_t* recv_key,
+ int recv_key_len) {
+ RTC_DCHECK(send_session_);
+ RTC_DCHECK(recv_session_);
+ send_session_->SetEncryptedHeaderExtensionIds(
+ send_encrypted_header_extension_ids_);
+ if (!send_session_->UpdateSend(send_cs, send_key, send_key_len)) {
+ return false;
+ }
+
+ recv_session_->SetEncryptedHeaderExtensionIds(
+ recv_encrypted_header_extension_ids_);
+ if (!recv_session_->UpdateRecv(recv_cs, recv_key, recv_key_len)) {
+ return false;
+ }
+
+ LOG(LS_INFO) << "SRTP updated with negotiated parameters:"
+ << " send cipher_suite " << send_cs << " recv cipher_suite "
+ << recv_cs;
+ return true;
+}
+
+bool SrtpTransport::IsActive() const {
+ return send_session_ && recv_session_;
+}
+
+void SrtpTransport::ResetParams() {
+ send_session_ = nullptr;
+ recv_session_ = nullptr;
+ send_rtcp_session_ = nullptr;
+ recv_rtcp_session_ = nullptr;
+ LOG(LS_INFO) << "The params in SRTP transport are reset.";
+}
+
+void SrtpTransport::SetEncryptedHeaderExtensionIds(
+ cricket::ContentSource source,
+ const std::vector<int>& extension_ids) {
+ if (source == cricket::CS_LOCAL) {
+ recv_encrypted_header_extension_ids_ = extension_ids;
+ } else {
+ send_encrypted_header_extension_ids_ = extension_ids;
+ }
+}
+
+void SrtpTransport::CreateSrtpSessions() {
+ send_session_.reset(new cricket::SrtpSession());
+ recv_session_.reset(new cricket::SrtpSession());
+
+ if (external_auth_enabled_) {
+ send_session_->EnableExternalAuth();
+ }
+}
+
+bool SrtpTransport::ProtectRtp(void* p, int in_len, int max_len, int* out_len) {
+ if (!IsActive()) {
+ LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active";
+ return false;
+ }
+ RTC_CHECK(send_session_);
+ return send_session_->ProtectRtp(p, in_len, max_len, out_len);
+}
+
+bool SrtpTransport::ProtectRtp(void* p,
+ int in_len,
+ int max_len,
+ int* out_len,
+ int64_t* index) {
+ if (!IsActive()) {
+ LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active";
+ return false;
+ }
+ RTC_CHECK(send_session_);
+ return send_session_->ProtectRtp(p, in_len, max_len, out_len, index);
+}
+
+bool SrtpTransport::ProtectRtcp(void* p,
+ int in_len,
+ int max_len,
+ int* out_len) {
+ if (!IsActive()) {
+ LOG(LS_WARNING) << "Failed to ProtectRtcp: SRTP not active";
+ return false;
+ }
+ if (send_rtcp_session_) {
+ return send_rtcp_session_->ProtectRtcp(p, in_len, max_len, out_len);
+ } else {
+ RTC_CHECK(send_session_);
+ return send_session_->ProtectRtcp(p, in_len, max_len, out_len);
+ }
+}
+
+bool SrtpTransport::UnprotectRtp(void* p, int in_len, int* out_len) {
+ if (!IsActive()) {
+ LOG(LS_WARNING) << "Failed to UnprotectRtp: SRTP not active";
+ return false;
+ }
+ RTC_CHECK(recv_session_);
+ return recv_session_->UnprotectRtp(p, in_len, out_len);
+}
+
+bool SrtpTransport::UnprotectRtcp(void* p, int in_len, int* out_len) {
+ if (!IsActive()) {
+ LOG(LS_WARNING) << "Failed to UnprotectRtcp: SRTP not active";
+ return false;
+ }
+ if (recv_rtcp_session_) {
+ return recv_rtcp_session_->UnprotectRtcp(p, in_len, out_len);
+ } else {
+ RTC_CHECK(recv_session_);
+ return recv_session_->UnprotectRtcp(p, in_len, out_len);
+ }
+}
+
+bool SrtpTransport::GetRtpAuthParams(uint8_t** key,
+ int* key_len,
+ int* tag_len) {
+ if (!IsActive()) {
+ LOG(LS_WARNING) << "Failed to GetRtpAuthParams: SRTP not active";
+ return false;
+ }
+
+ RTC_CHECK(send_session_);
+ return send_session_->GetRtpAuthParams(key, key_len, tag_len);
+}
+
+bool SrtpTransport::GetSrtpOverhead(int* srtp_overhead) const {
+ if (!IsActive()) {
+ LOG(LS_WARNING) << "Failed to GetSrtpOverhead: SRTP not active";
+ return false;
+ }
+
+ RTC_CHECK(send_session_);
+ *srtp_overhead = send_session_->GetSrtpOverhead();
+ return true;
+}
+
+void SrtpTransport::EnableExternalAuth() {
+ RTC_DCHECK(!IsActive());
+ external_auth_enabled_ = true;
+}
+
+bool SrtpTransport::IsExternalAuthEnabled() const {
+ return external_auth_enabled_;
+}
+
+bool SrtpTransport::IsExternalAuthActive() const {
+ if (!IsActive()) {
+ LOG(LS_WARNING) << "Failed to check IsExternalAuthActive: SRTP not active";
+ return false;
+ }
+
+ RTC_CHECK(send_session_);
+ return send_session_->IsExternalAuthActive();
+}
+
} // namespace webrtc
« webrtc/pc/srtptransport.h ('K') | « webrtc/pc/srtptransport.h ('k') | webrtc/pc/srtptransport_unittest.cc » ('j') | webrtc/pc/srtptransport_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698