Completed the functionalities of SrtpTransport.

webrtc/pc/srtptransport.h

Index: webrtc/pc/srtptransport.h
diff --git a/webrtc/pc/srtptransport.h b/webrtc/pc/srtptransport.h
index be746d50c81aa4dbc4fcf322d2eacc0092d6b559..7dfc7e83af8e8547eafff46c3d76d85a93fcea6e 100644
--- a/webrtc/pc/srtptransport.h
+++ b/webrtc/pc/srtptransport.h
@@ -17,6 +17,7 @@
 
 #include "webrtc/pc/rtptransportinternal.h"
 #include "webrtc/pc/srtpfilter.h"
+#include "webrtc/pc/srtpsession.h"
 #include "webrtc/rtc_base/checks.h"
 
 namespace webrtc {
@@ -65,6 +66,10 @@ class SrtpTransport : public RtpTransportInternal {
     return rtp_transport_->IsWritable(rtcp);
   }
 
+  // The transport becomes active if the send_session_ and recv_session_ are
+  // created.
+  bool IsActive() const;
+
   bool SendPacket(bool rtcp,
                   rtc::CopyOnWriteBuffer* packet,
                   const rtc::PacketOptions& options,
@@ -89,7 +94,69 @@ class SrtpTransport : public RtpTransportInternal {
   // TODO(zstein): Remove this when we remove RtpTransportAdapter.
   RtpTransportAdapter* GetInternal() override { return nullptr; }
 
+  // Create new send/recv sessions and set the negotiated crypto keys for RTP
+  // packet encryption. The keys can either come from SDES negotiation or DTLS
+  // handshake.
+  bool SetRtpParams(int send_cs,
+                    const uint8_t* send_key,
+                    int send_key_len,
+                    int recv_cs,
+                    const uint8_t* recv_key,
+                    int recv_key_len);
+
+  // Create new send/recv sessions and set the negotiated crypto keys for RTCP
+  // packet encryption. The keys can either come from SDES negotiation or DTLS
+  // handshake.
+  bool SetRtcpParams(int send_cs,
+                     const uint8_t* send_key,
+                     int send_key_len,
+                     int recv_cs,
+                     const uint8_t* recv_key,
+                     int recv_key_len);
+
+  // When the send/recv sessions have been created, just updated the crypto
+  // keys.

[pthatcher, 2017/08/28 21:42:56]

Why do we have this split between SetRtpParams and UpdateRtpParams?  Why not
just have one?

[Zhi Huang, 2017/08/29 18:40:35]

SetRtpParams calls SrtpSession::SetSend/Recv; 
UpdateRtpParams calls: SrtpSession::UpdateSend/Recv.

We can use the same method but it would require some extra refactoring in
SrtpSession.

+  bool UpdateRtpParams(int send_cs,
+                       const uint8_t* send_key,
+                       int send_key_len,
+                       int recv_cs,
+                       const uint8_t* recv_key,
+                       int recv_key_len);
+
+  void ResetParams();
+
+  // Set the header extension ids that should be encrypted for the given source.
+  void SetEncryptedHeaderExtensionIds(cricket::ContentSource source,
+                                      const std::vector<int>& extension_ids);
+
+  // If external auth is enabled, SRTP will write a dummy auth tag that then
+  // later must get replaced before the packet is sent out. Only supported for
+  // non-GCM cipher suites and can be checked through "IsExternalAuthActive"
+  // if it is actually used. This method is only valid before the RTP params
+  // have been set.
+  void EnableExternalAuth();
+  bool IsExternalAuthEnabled() const;
+
+  // A SrtpTransport supports external creation of the auth tag if a non-GCM
+  // cipher is used. This method is only valid after the RTP params have
+  // been set.
+  bool IsExternalAuthActive() const;
+
+  // Returns srtp overhead for rtp packets.
+  bool GetSrtpOverhead(int* srtp_overhead) const;
+
+  // Returns rtp auth params from srtp context.
+  bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
+
+  // Helper method to get RTP Absoulute SendTime extension header id if
+  // present in remote supported extensions list.
+  void CacheRtpAbsSendTimeHeaderExtension(int rtp_abs_sendtime_extn_id) {
+    rtp_abs_sendtime_extn_id_ = rtp_abs_sendtime_extn_id;
+  }
+
  private:
+  void CreateSrtpSessions();
+
   void ConnectToRtpTransport();
 
   void OnPacketReceived(bool rtcp,
@@ -98,9 +165,35 @@ class SrtpTransport : public RtpTransportInternal {
 
   void OnReadyToSend(bool ready) { SignalReadyToSend(ready); }
 
-  const std::string content_name_;
+  bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
+
+  // Overloaded version, outputs packet index.
+  bool ProtectRtp(void* data,
+                  int in_len,
+                  int max_len,
+                  int* out_len,
+                  int64_t* index);
+  bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
 
+  // Decrypts/verifies an invidiual RTP/RTCP packet.
+  // If an HMAC is used, this will decrease the packet size.
+  bool UnprotectRtp(void* data, int in_len, int* out_len);
+
+  bool UnprotectRtcp(void* data, int in_len, int* out_len);
+
+  const std::string content_name_;
   std::unique_ptr<RtpTransportInternal> rtp_transport_;
+
+  std::unique_ptr<cricket::SrtpSession> send_session_;
+  std::unique_ptr<cricket::SrtpSession> recv_session_;
+  std::unique_ptr<cricket::SrtpSession> send_rtcp_session_;
+  std::unique_ptr<cricket::SrtpSession> recv_rtcp_session_;
+
+  std::vector<int> send_encrypted_header_extension_ids_;
+  std::vector<int> recv_encrypted_header_extension_ids_;
+  bool external_auth_enabled_ = false;
+
+  int rtp_abs_sendtime_extn_id_ = -1;
 };
 
 }  // namespace webrtc