Completed the functionalities of SrtpTransport.

webrtc/pc/srtpfilter.h

Index: webrtc/pc/srtpfilter.h
diff --git a/webrtc/pc/srtpfilter.h b/webrtc/pc/srtpfilter.h
index 15fdae9582a4019e8fb52534d576516385eeba28..69409d0a9720c799da2de75b86e9fe77b00534f1 100644
--- a/webrtc/pc/srtpfilter.h
+++ b/webrtc/pc/srtpfilter.h
@@ -20,8 +20,10 @@
 #include "webrtc/media/base/cryptoparams.h"
 #include "webrtc/p2p/base/sessiondescription.h"
 #include "webrtc/rtc_base/basictypes.h"
+#include "webrtc/rtc_base/buffer.h"
 #include "webrtc/rtc_base/constructormagic.h"
 #include "webrtc/rtc_base/criticalsection.h"
+#include "webrtc/rtc_base/optional.h"
 #include "webrtc/rtc_base/sslstreamadapter.h"
 #include "webrtc/rtc_base/thread_checker.h"
 
@@ -29,17 +31,19 @@
 struct srtp_event_data_t;
 struct srtp_ctx_t_;
 
+// TODO(zstein): Remove once client interacts with SrtpTransport directly.
+namespace webrtc {
+class SrtpTransport;
+}
+
 namespace cricket {
 
 class SrtpSession;
 
 void ShutdownSrtp();
 
-// Class to transform SRTP to/from RTP.
-// Initialize by calling SetSend with the local security params, then call
-// SetRecv once the remote security params are received. At that point
-// Protect/UnprotectRt(c)p can be called to encrypt/decrypt data.
-// TODO: Figure out concurrency policy for SrtpFilter.
+// A helper class used to negotiate SDES crypto params.
+// TODO(zhihuang): Find a better name for this class, like "SdesNegotiator".

[Taylor Brandstetter, 2017/08/23 22:13:29]

That name sounds fine to me.

[Zhi Huang, 2017/08/24 23:38:07]

I think it would be better to do that in a separate CL since renaming the header
would affect some internal projects.

 class SrtpFilter {
  public:
   enum Mode {
@@ -76,85 +80,42 @@ class SrtpFilter {
   bool SetAnswer(const std::vector<CryptoParams>& answer_params,
                  ContentSource source);
 
-  // Set the header extension ids that should be encrypted for the given source.
-  void SetEncryptedHeaderExtensionIds(ContentSource source,
-      const std::vector<int>& extension_ids);
-
-  // Just set up both sets of keys directly.
-  // Used with DTLS-SRTP.
-  bool SetRtpParams(int send_cs,
-                    const uint8_t* send_key,
-                    int send_key_len,
-                    int recv_cs,
-                    const uint8_t* recv_key,
-                    int recv_key_len);
-  bool UpdateRtpParams(int send_cs,
-                       const uint8_t* send_key,
-                       int send_key_len,
-                       int recv_cs,
-                       const uint8_t* recv_key,
-                       int recv_key_len);
-  bool SetRtcpParams(int send_cs,
-                     const uint8_t* send_key,
-                     int send_key_len,
-                     int recv_cs,
-                     const uint8_t* recv_key,
-                     int recv_key_len);
-
-  // Encrypts/signs an individual RTP/RTCP packet, in-place.
-  // If an HMAC is used, this will increase the packet size.
-  bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
-  // Overloaded version, outputs packet index.
-  bool ProtectRtp(void* data,
-                  int in_len,
-                  int max_len,
-                  int* out_len,
-                  int64_t* index);
-  bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
-  // Decrypts/verifies an invidiual RTP/RTCP packet.
-  // If an HMAC is used, this will decrease the packet size.
-  bool UnprotectRtp(void* data, int in_len, int* out_len);
-  bool UnprotectRtcp(void* data, int in_len, int* out_len);
-
-  // Returns rtp auth params from srtp context.
-  bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
-
-  // Returns srtp overhead for rtp packets.
-  bool GetSrtpOverhead(int* srtp_overhead) const;
-
-  // If external auth is enabled, SRTP will write a dummy auth tag that then
-  // later must get replaced before the packet is sent out. Only supported for
-  // non-GCM cipher suites and can be checked through "IsExternalAuthActive"
-  // if it is actually used. This method is only valid before the RTP params
-  // have been set.
-  void EnableExternalAuth();
-  bool IsExternalAuthEnabled() const;
-
-  // A SRTP filter supports external creation of the auth tag if a non-GCM
-  // cipher is used. This method is only valid after the RTP params have
-  // been set.
-  bool IsExternalAuthActive() const;
+  // The SrtpFilter becomes active without offer answer negotiation if DTLS is
+  // enabled.
+  void EnableDtlsSrtp();

[Taylor Brandstetter, 2017/08/23 22:13:29]

Like I mentioned in another comment, I don't think this class should care if
DTLS-SRTP is used. The meaning of "IsActive" can be changed from "SRTP is
active" to "SDES is active".

[Zhi Huang, 2017/08/24 23:38:07]

Done. Removed.

 
   bool ResetParams();
 
+  rtc::Optional<int> send_cipher_suite() { return send_cipher_suite_; }
+  rtc::Optional<int> recv_cipher_suite() { return recv_cipher_suite_; }
+
+  const std::vector<unsigned char>* send_key() { return &send_key_; }
+  const std::vector<unsigned char>* recv_key() { return &recv_key_; }
+
  protected:
   bool ExpectOffer(ContentSource source);
+
   bool StoreParams(const std::vector<CryptoParams>& params,
                    ContentSource source);
+
   bool ExpectAnswer(ContentSource source);
+
   bool DoSetAnswer(const std::vector<CryptoParams>& answer_params,
-                     ContentSource source,
-                     bool final);
-  void CreateSrtpSessions();
+                   ContentSource source,
+                   bool final);
+
   bool NegotiateParams(const std::vector<CryptoParams>& answer_params,
                        CryptoParams* selected_params);
-  bool ApplyParams(const CryptoParams& send_params,
-                   const CryptoParams& recv_params);
+
+ private:
+  bool ParseSendParams(const CryptoParams& send_params);
+
+  bool ParseRecvParams(const CryptoParams& recv_params);
+
   static bool ParseKeyParams(const std::string& params,
-                             uint8_t* key,
+                             std::vector<unsigned char>* key,
                              size_t len);
 
- private:
   enum State {
     ST_INIT,           // SRTP filter unused.
     ST_SENTOFFER,      // Offer with SRTP parameters sent.
@@ -179,16 +140,15 @@ class SrtpFilter {
     ST_RECEIVEDPRANSWER
   };
   State state_ = ST_INIT;
-  bool external_auth_enabled_ = false;
   std::vector<CryptoParams> offer_params_;
-  std::unique_ptr<SrtpSession> send_session_;
-  std::unique_ptr<SrtpSession> recv_session_;
-  std::unique_ptr<SrtpSession> send_rtcp_session_;
-  std::unique_ptr<SrtpSession> recv_rtcp_session_;
-  CryptoParams applied_send_params_;
-  CryptoParams applied_recv_params_;
-  std::vector<int> send_encrypted_header_extension_ids_;
-  std::vector<int> recv_encrypted_header_extension_ids_;
+
+  CryptoParams send_params_;
+  CryptoParams recv_params_;
+  rtc::Optional<int> send_cipher_suite_;
+  rtc::Optional<int> recv_cipher_suite_;
+
+  std::vector<unsigned char> send_key_;
+  std::vector<unsigned char> recv_key_;
 };
 
 }  // namespace cricket