henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 1 | /* |
kjellander | 65c7f67 | 2016-02-12 00:05:01 -0800 | [diff] [blame] | 2 | * Copyright 2009 The WebRTC project authors. All Rights Reserved. |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 3 | * |
kjellander | 65c7f67 | 2016-02-12 00:05:01 -0800 | [diff] [blame] | 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 9 | */ |
| 10 | |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 11 | #include "pc/srtpfilter.h" |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 12 | |
pbos@webrtc.org | 371243d | 2014-03-07 15:22:04 +0000 | [diff] [blame] | 13 | #include <string.h> |
| 14 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 15 | #include <algorithm> |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 16 | |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 17 | #include "media/base/rtputils.h" |
| 18 | #include "pc/srtpsession.h" |
| 19 | #include "rtc_base/base64.h" |
| 20 | #include "rtc_base/byteorder.h" |
| 21 | #include "rtc_base/checks.h" |
| 22 | #include "rtc_base/logging.h" |
| 23 | #include "rtc_base/stringencode.h" |
| 24 | #include "rtc_base/timeutils.h" |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 25 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 26 | namespace cricket { |
| 27 | |
jbauch | dfcab72 | 2017-03-06 00:14:10 -0800 | [diff] [blame] | 28 | SrtpFilter::SrtpFilter() { |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 29 | } |
| 30 | |
| 31 | SrtpFilter::~SrtpFilter() { |
| 32 | } |
| 33 | |
| 34 | bool SrtpFilter::IsActive() const { |
| 35 | return state_ >= ST_ACTIVE; |
| 36 | } |
| 37 | |
| 38 | bool SrtpFilter::SetOffer(const std::vector<CryptoParams>& offer_params, |
| 39 | ContentSource source) { |
| 40 | if (!ExpectOffer(source)) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 41 | RTC_LOG(LS_ERROR) << "Wrong state to update SRTP offer"; |
| 42 | return false; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 43 | } |
| 44 | return StoreParams(offer_params, source); |
| 45 | } |
| 46 | |
| 47 | bool SrtpFilter::SetAnswer(const std::vector<CryptoParams>& answer_params, |
| 48 | ContentSource source) { |
| 49 | return DoSetAnswer(answer_params, source, true); |
| 50 | } |
| 51 | |
| 52 | bool SrtpFilter::SetProvisionalAnswer( |
| 53 | const std::vector<CryptoParams>& answer_params, |
| 54 | ContentSource source) { |
| 55 | return DoSetAnswer(answer_params, source, false); |
| 56 | } |
| 57 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 58 | bool SrtpFilter::ExpectOffer(ContentSource source) { |
| 59 | return ((state_ == ST_INIT) || |
| 60 | (state_ == ST_ACTIVE) || |
| 61 | (state_ == ST_SENTOFFER && source == CS_LOCAL) || |
| 62 | (state_ == ST_SENTUPDATEDOFFER && source == CS_LOCAL) || |
| 63 | (state_ == ST_RECEIVEDOFFER && source == CS_REMOTE) || |
| 64 | (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_REMOTE)); |
| 65 | } |
| 66 | |
| 67 | bool SrtpFilter::StoreParams(const std::vector<CryptoParams>& params, |
| 68 | ContentSource source) { |
| 69 | offer_params_ = params; |
| 70 | if (state_ == ST_INIT) { |
| 71 | state_ = (source == CS_LOCAL) ? ST_SENTOFFER : ST_RECEIVEDOFFER; |
pthatcher@webrtc.org | 2e7ee4b | 2014-10-27 16:10:29 +0000 | [diff] [blame] | 72 | } else if (state_ == ST_ACTIVE) { |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 73 | state_ = |
| 74 | (source == CS_LOCAL) ? ST_SENTUPDATEDOFFER : ST_RECEIVEDUPDATEDOFFER; |
| 75 | } |
| 76 | return true; |
| 77 | } |
| 78 | |
| 79 | bool SrtpFilter::ExpectAnswer(ContentSource source) { |
| 80 | return ((state_ == ST_SENTOFFER && source == CS_REMOTE) || |
| 81 | (state_ == ST_RECEIVEDOFFER && source == CS_LOCAL) || |
| 82 | (state_ == ST_SENTUPDATEDOFFER && source == CS_REMOTE) || |
| 83 | (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_LOCAL) || |
| 84 | (state_ == ST_SENTPRANSWER_NO_CRYPTO && source == CS_LOCAL) || |
| 85 | (state_ == ST_SENTPRANSWER && source == CS_LOCAL) || |
| 86 | (state_ == ST_RECEIVEDPRANSWER_NO_CRYPTO && source == CS_REMOTE) || |
| 87 | (state_ == ST_RECEIVEDPRANSWER && source == CS_REMOTE)); |
| 88 | } |
| 89 | |
| 90 | bool SrtpFilter::DoSetAnswer(const std::vector<CryptoParams>& answer_params, |
| 91 | ContentSource source, |
| 92 | bool final) { |
| 93 | if (!ExpectAnswer(source)) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 94 | RTC_LOG(LS_ERROR) << "Invalid state for SRTP answer"; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 95 | return false; |
| 96 | } |
| 97 | |
| 98 | // If the answer doesn't requests crypto complete the negotiation of an |
| 99 | // unencrypted session. |
| 100 | // Otherwise, finalize the parameters and apply them. |
| 101 | if (answer_params.empty()) { |
| 102 | if (final) { |
| 103 | return ResetParams(); |
| 104 | } else { |
| 105 | // Need to wait for the final answer to decide if |
| 106 | // we should go to Active state. |
| 107 | state_ = (source == CS_LOCAL) ? ST_SENTPRANSWER_NO_CRYPTO : |
| 108 | ST_RECEIVEDPRANSWER_NO_CRYPTO; |
| 109 | return true; |
| 110 | } |
| 111 | } |
| 112 | CryptoParams selected_params; |
| 113 | if (!NegotiateParams(answer_params, &selected_params)) |
| 114 | return false; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 115 | |
| 116 | const CryptoParams& new_send_params = |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 117 | (source == CS_REMOTE) ? selected_params : answer_params[0]; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 118 | const CryptoParams& new_recv_params = |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 119 | (source == CS_REMOTE) ? answer_params[0] : selected_params; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 120 | if (!ApplySendParams(new_send_params) || !ApplyRecvParams(new_recv_params)) { |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 121 | return false; |
| 122 | } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 123 | applied_send_params_ = new_send_params; |
| 124 | applied_recv_params_ = new_recv_params; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 125 | |
| 126 | if (final) { |
| 127 | offer_params_.clear(); |
| 128 | state_ = ST_ACTIVE; |
| 129 | } else { |
| 130 | state_ = |
| 131 | (source == CS_LOCAL) ? ST_SENTPRANSWER : ST_RECEIVEDPRANSWER; |
| 132 | } |
| 133 | return true; |
| 134 | } |
| 135 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 136 | bool SrtpFilter::NegotiateParams(const std::vector<CryptoParams>& answer_params, |
| 137 | CryptoParams* selected_params) { |
| 138 | // We're processing an accept. We should have exactly one set of params, |
| 139 | // unless the offer didn't mention crypto, in which case we shouldn't be here. |
| 140 | bool ret = (answer_params.size() == 1U && !offer_params_.empty()); |
| 141 | if (ret) { |
| 142 | // We should find a match between the answer params and the offered params. |
| 143 | std::vector<CryptoParams>::const_iterator it; |
| 144 | for (it = offer_params_.begin(); it != offer_params_.end(); ++it) { |
| 145 | if (answer_params[0].Matches(*it)) { |
| 146 | break; |
| 147 | } |
| 148 | } |
| 149 | |
| 150 | if (it != offer_params_.end()) { |
| 151 | *selected_params = *it; |
| 152 | } else { |
| 153 | ret = false; |
| 154 | } |
| 155 | } |
| 156 | |
| 157 | if (!ret) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 158 | RTC_LOG(LS_WARNING) << "Invalid parameters in SRTP answer"; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 159 | } |
| 160 | return ret; |
| 161 | } |
| 162 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 163 | bool SrtpFilter::ResetParams() { |
| 164 | offer_params_.clear(); |
| 165 | applied_send_params_ = CryptoParams(); |
| 166 | applied_recv_params_ = CryptoParams(); |
Oskar Sundbom | 36f8f3e | 2017-11-16 10:54:27 +0100 | [diff] [blame] | 167 | send_cipher_suite_ = rtc::nullopt; |
| 168 | recv_cipher_suite_ = rtc::nullopt; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 169 | send_key_.Clear(); |
| 170 | recv_key_.Clear(); |
| 171 | state_ = ST_INIT; |
| 172 | return true; |
| 173 | } |
| 174 | |
| 175 | bool SrtpFilter::ApplySendParams(const CryptoParams& send_params) { |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 176 | if (applied_send_params_.cipher_suite == send_params.cipher_suite && |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 177 | applied_send_params_.key_params == send_params.key_params) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 178 | RTC_LOG(LS_INFO) << "Applying the same SRTP send parameters again. No-op."; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 179 | |
| 180 | // We do not want to reset the ROC if the keys are the same. So just return. |
| 181 | return true; |
| 182 | } |
jbauch | cb56065 | 2016-08-04 05:20:32 -0700 | [diff] [blame] | 183 | |
Oskar Sundbom | 36f8f3e | 2017-11-16 10:54:27 +0100 | [diff] [blame] | 184 | send_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 185 | if (send_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 186 | RTC_LOG(LS_WARNING) << "Unknown crypto suite(s) received:" |
| 187 | << " send cipher_suite " << send_params.cipher_suite; |
jbauch | cb56065 | 2016-08-04 05:20:32 -0700 | [diff] [blame] | 188 | return false; |
| 189 | } |
| 190 | |
| 191 | int send_key_len, send_salt_len; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 192 | if (!rtc::GetSrtpKeyAndSaltLengths(*send_cipher_suite_, &send_key_len, |
| 193 | &send_salt_len)) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 194 | RTC_LOG(LS_WARNING) << "Could not get lengths for crypto suite(s):" |
| 195 | << " send cipher_suite " << send_params.cipher_suite; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 196 | return false; |
| 197 | } |
| 198 | |
| 199 | send_key_ = rtc::Buffer(send_key_len + send_salt_len); |
| 200 | return ParseKeyParams(send_params.key_params, send_key_.data(), |
| 201 | send_key_.size()); |
| 202 | } |
| 203 | |
| 204 | bool SrtpFilter::ApplyRecvParams(const CryptoParams& recv_params) { |
| 205 | if (applied_recv_params_.cipher_suite == recv_params.cipher_suite && |
| 206 | applied_recv_params_.key_params == recv_params.key_params) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 207 | RTC_LOG(LS_INFO) << "Applying the same SRTP recv parameters again. No-op."; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 208 | |
| 209 | // We do not want to reset the ROC if the keys are the same. So just return. |
| 210 | return true; |
| 211 | } |
| 212 | |
Oskar Sundbom | 36f8f3e | 2017-11-16 10:54:27 +0100 | [diff] [blame] | 213 | recv_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 214 | if (recv_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 215 | RTC_LOG(LS_WARNING) << "Unknown crypto suite(s) received:" |
| 216 | << " recv cipher_suite " << recv_params.cipher_suite; |
zhihuang | e683c68 | 2017-08-31 16:00:07 -0700 | [diff] [blame] | 217 | return false; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 218 | } |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 219 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 220 | int recv_key_len, recv_salt_len; |
| 221 | if (!rtc::GetSrtpKeyAndSaltLengths(*recv_cipher_suite_, &recv_key_len, |
| 222 | &recv_salt_len)) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 223 | RTC_LOG(LS_WARNING) << "Could not get lengths for crypto suite(s):" |
| 224 | << " recv cipher_suite " << recv_params.cipher_suite; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 225 | return false; |
zhihuang | eb23e17 | 2017-09-19 01:12:52 -0700 | [diff] [blame] | 226 | } |
zhihuang | eb23e17 | 2017-09-19 01:12:52 -0700 | [diff] [blame] | 227 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 228 | recv_key_ = rtc::Buffer(recv_key_len + recv_salt_len); |
| 229 | return ParseKeyParams(recv_params.key_params, recv_key_.data(), |
| 230 | recv_key_.size()); |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 231 | } |
| 232 | |
| 233 | bool SrtpFilter::ParseKeyParams(const std::string& key_params, |
Peter Boström | 0c4e06b | 2015-10-07 12:23:21 +0200 | [diff] [blame] | 234 | uint8_t* key, |
jbauch | cb56065 | 2016-08-04 05:20:32 -0700 | [diff] [blame] | 235 | size_t len) { |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 236 | // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2" |
| 237 | |
| 238 | // Fail if key-method is wrong. |
| 239 | if (key_params.find("inline:") != 0) { |
| 240 | return false; |
| 241 | } |
| 242 | |
| 243 | // Fail if base64 decode fails, or the key is the wrong size. |
| 244 | std::string key_b64(key_params.substr(7)), key_str; |
zhihuang | e683c68 | 2017-08-31 16:00:07 -0700 | [diff] [blame] | 245 | if (!rtc::Base64::Decode(key_b64, rtc::Base64::DO_STRICT, &key_str, |
| 246 | nullptr) || |
| 247 | key_str.size() != len) { |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 248 | return false; |
| 249 | } |
| 250 | |
| 251 | memcpy(key, key_str.c_str(), len); |
| 252 | return true; |
| 253 | } |
| 254 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 255 | } // namespace cricket |