| Index: webrtc/pc/srtpfilter.h
|
| diff --git a/webrtc/pc/srtpfilter.h b/webrtc/pc/srtpfilter.h
|
| index 619aaa37d56a7465509600ba978e0451d99f279e..15fdae9582a4019e8fb52534d576516385eeba28 100644
|
| --- a/webrtc/pc/srtpfilter.h
|
| +++ b/webrtc/pc/srtpfilter.h
|
| @@ -20,10 +20,8 @@
|
| #include "webrtc/media/base/cryptoparams.h"
|
| #include "webrtc/p2p/base/sessiondescription.h"
|
| #include "webrtc/rtc_base/basictypes.h"
|
| -#include "webrtc/rtc_base/buffer.h"
|
| #include "webrtc/rtc_base/constructormagic.h"
|
| #include "webrtc/rtc_base/criticalsection.h"
|
| -#include "webrtc/rtc_base/optional.h"
|
| #include "webrtc/rtc_base/sslstreamadapter.h"
|
| #include "webrtc/rtc_base/thread_checker.h"
|
|
|
| @@ -33,10 +31,15 @@
|
|
|
| namespace cricket {
|
|
|
| +class SrtpSession;
|
| +
|
| void ShutdownSrtp();
|
|
|
| -// A helper class used to negotiate SDES crypto params.
|
| -// TODO(zhihuang): Find a better name for this class, like "SdesNegotiator".
|
| +// Class to transform SRTP to/from RTP.
|
| +// Initialize by calling SetSend with the local security params, then call
|
| +// SetRecv once the remote security params are received. At that point
|
| +// Protect/UnprotectRt(c)p can be called to encrypt/decrypt data.
|
| +// TODO: Figure out concurrency policy for SrtpFilter.
|
| class SrtpFilter {
|
| public:
|
| enum Mode {
|
| @@ -73,38 +76,85 @@
|
| bool SetAnswer(const std::vector<CryptoParams>& answer_params,
|
| ContentSource source);
|
|
|
| + // Set the header extension ids that should be encrypted for the given source.
|
| + void SetEncryptedHeaderExtensionIds(ContentSource source,
|
| + const std::vector<int>& extension_ids);
|
| +
|
| + // Just set up both sets of keys directly.
|
| + // Used with DTLS-SRTP.
|
| + bool SetRtpParams(int send_cs,
|
| + const uint8_t* send_key,
|
| + int send_key_len,
|
| + int recv_cs,
|
| + const uint8_t* recv_key,
|
| + int recv_key_len);
|
| + bool UpdateRtpParams(int send_cs,
|
| + const uint8_t* send_key,
|
| + int send_key_len,
|
| + int recv_cs,
|
| + const uint8_t* recv_key,
|
| + int recv_key_len);
|
| + bool SetRtcpParams(int send_cs,
|
| + const uint8_t* send_key,
|
| + int send_key_len,
|
| + int recv_cs,
|
| + const uint8_t* recv_key,
|
| + int recv_key_len);
|
| +
|
| + // Encrypts/signs an individual RTP/RTCP packet, in-place.
|
| + // If an HMAC is used, this will increase the packet size.
|
| + bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
|
| + // Overloaded version, outputs packet index.
|
| + bool ProtectRtp(void* data,
|
| + int in_len,
|
| + int max_len,
|
| + int* out_len,
|
| + int64_t* index);
|
| + bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
|
| + // Decrypts/verifies an invidiual RTP/RTCP packet.
|
| + // If an HMAC is used, this will decrease the packet size.
|
| + bool UnprotectRtp(void* data, int in_len, int* out_len);
|
| + bool UnprotectRtcp(void* data, int in_len, int* out_len);
|
| +
|
| + // Returns rtp auth params from srtp context.
|
| + bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
|
| +
|
| + // Returns srtp overhead for rtp packets.
|
| + bool GetSrtpOverhead(int* srtp_overhead) const;
|
| +
|
| + // If external auth is enabled, SRTP will write a dummy auth tag that then
|
| + // later must get replaced before the packet is sent out. Only supported for
|
| + // non-GCM cipher suites and can be checked through "IsExternalAuthActive"
|
| + // if it is actually used. This method is only valid before the RTP params
|
| + // have been set.
|
| + void EnableExternalAuth();
|
| + bool IsExternalAuthEnabled() const;
|
| +
|
| + // A SRTP filter supports external creation of the auth tag if a non-GCM
|
| + // cipher is used. This method is only valid after the RTP params have
|
| + // been set.
|
| + bool IsExternalAuthActive() const;
|
| +
|
| bool ResetParams();
|
| -
|
| - rtc::Optional<int> send_cipher_suite() { return send_cipher_suite_; }
|
| - rtc::Optional<int> recv_cipher_suite() { return recv_cipher_suite_; }
|
| -
|
| - const rtc::Buffer& send_key() { return send_key_; }
|
| - const rtc::Buffer& recv_key() { return recv_key_; }
|
|
|
| protected:
|
| bool ExpectOffer(ContentSource source);
|
| -
|
| bool StoreParams(const std::vector<CryptoParams>& params,
|
| ContentSource source);
|
| -
|
| bool ExpectAnswer(ContentSource source);
|
| -
|
| bool DoSetAnswer(const std::vector<CryptoParams>& answer_params,
|
| - ContentSource source,
|
| - bool final);
|
| -
|
| + ContentSource source,
|
| + bool final);
|
| + void CreateSrtpSessions();
|
| bool NegotiateParams(const std::vector<CryptoParams>& answer_params,
|
| CryptoParams* selected_params);
|
| -
|
| - private:
|
| - bool ApplySendParams(const CryptoParams& send_params);
|
| -
|
| - bool ApplyRecvParams(const CryptoParams& recv_params);
|
| -
|
| + bool ApplyParams(const CryptoParams& send_params,
|
| + const CryptoParams& recv_params);
|
| static bool ParseKeyParams(const std::string& params,
|
| uint8_t* key,
|
| size_t len);
|
|
|
| + private:
|
| enum State {
|
| ST_INIT, // SRTP filter unused.
|
| ST_SENTOFFER, // Offer with SRTP parameters sent.
|
| @@ -129,13 +179,16 @@
|
| ST_RECEIVEDPRANSWER
|
| };
|
| State state_ = ST_INIT;
|
| + bool external_auth_enabled_ = false;
|
| std::vector<CryptoParams> offer_params_;
|
| + std::unique_ptr<SrtpSession> send_session_;
|
| + std::unique_ptr<SrtpSession> recv_session_;
|
| + std::unique_ptr<SrtpSession> send_rtcp_session_;
|
| + std::unique_ptr<SrtpSession> recv_rtcp_session_;
|
| CryptoParams applied_send_params_;
|
| CryptoParams applied_recv_params_;
|
| - rtc::Optional<int> send_cipher_suite_;
|
| - rtc::Optional<int> recv_cipher_suite_;
|
| - rtc::Buffer send_key_;
|
| - rtc::Buffer recv_key_;
|
| + std::vector<int> send_encrypted_header_extension_ids_;
|
| + std::vector<int> recv_encrypted_header_extension_ids_;
|
| };
|
|
|
| } // namespace cricket
|
|
|
Chromium Code Reviews
Issue 3012333003:
Revert of Completed the functionalities of SrtpTransport. (Closed)
