henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 1 | /* |
kjellander | 65c7f67 | 2016-02-12 00:05:01 -0800 | [diff] [blame] | 2 | * Copyright 2009 The WebRTC project authors. All Rights Reserved. |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 3 | * |
kjellander | 65c7f67 | 2016-02-12 00:05:01 -0800 | [diff] [blame] | 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 9 | */ |
| 10 | |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 11 | #ifndef PC_SRTP_FILTER_H_ |
| 12 | #define PC_SRTP_FILTER_H_ |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 13 | |
| 14 | #include <list> |
| 15 | #include <map> |
kwiberg | 3102294 | 2016-03-11 14:18:21 -0800 | [diff] [blame] | 16 | #include <memory> |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 17 | #include <string> |
| 18 | #include <vector> |
| 19 | |
Danil Chapovalov | 66cadcc | 2018-06-19 16:47:43 +0200 | [diff] [blame] | 20 | #include "absl/types/optional.h" |
Joachim Bauch | 5b32f23 | 2018-03-07 20:02:26 +0100 | [diff] [blame] | 21 | #include "api/array_view.h" |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 22 | #include "api/crypto_params.h" |
Zhi Huang | e818b6e | 2018-02-22 15:26:27 -0800 | [diff] [blame] | 23 | #include "api/jsep.h" |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 24 | #include "pc/session_description.h" |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 25 | #include "rtc_base/buffer.h" |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 26 | #include "rtc_base/constructor_magic.h" |
| 27 | #include "rtc_base/critical_section.h" |
| 28 | #include "rtc_base/ssl_stream_adapter.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 29 | #include "rtc_base/thread_checker.h" |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 30 | |
| 31 | // Forward declaration to avoid pulling in libsrtp headers here |
| 32 | struct srtp_event_data_t; |
mattdr | 51f2919 | 2016-09-28 14:08:46 -0700 | [diff] [blame] | 33 | struct srtp_ctx_t_; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 34 | |
| 35 | namespace cricket { |
| 36 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 37 | // A helper class used to negotiate SDES crypto params. |
| 38 | // TODO(zhihuang): Find a better name for this class, like "SdesNegotiator". |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 39 | class SrtpFilter { |
| 40 | public: |
Yves Gerey | 665174f | 2018-06-19 15:03:05 +0200 | [diff] [blame] | 41 | enum Mode { PROTECT, UNPROTECT }; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 42 | enum Error { |
| 43 | ERROR_NONE, |
| 44 | ERROR_FAIL, |
| 45 | ERROR_AUTH, |
| 46 | ERROR_REPLAY, |
| 47 | }; |
| 48 | |
| 49 | SrtpFilter(); |
| 50 | ~SrtpFilter(); |
| 51 | |
| 52 | // Whether the filter is active (i.e. crypto has been properly negotiated). |
| 53 | bool IsActive() const; |
| 54 | |
Zhi Huang | e818b6e | 2018-02-22 15:26:27 -0800 | [diff] [blame] | 55 | // Handle the offer/answer negotiation of the crypto parameters internally. |
| 56 | // TODO(zhihuang): Make SetOffer/ProvisionalAnswer/Answer private as helper |
| 57 | // methods once start using Process. |
| 58 | bool Process(const std::vector<CryptoParams>& cryptos, |
| 59 | webrtc::SdpType type, |
| 60 | ContentSource source); |
| 61 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 62 | // Indicates which crypto algorithms and keys were contained in the offer. |
| 63 | // offer_params should contain a list of available parameters to use, or none, |
| 64 | // if crypto is not desired. This must be called before SetAnswer. |
| 65 | bool SetOffer(const std::vector<CryptoParams>& offer_params, |
| 66 | ContentSource source); |
| 67 | // Same as SetAnwer. But multiple calls are allowed to SetProvisionalAnswer |
| 68 | // after a call to SetOffer. |
| 69 | bool SetProvisionalAnswer(const std::vector<CryptoParams>& answer_params, |
| 70 | ContentSource source); |
| 71 | // Indicates which crypto algorithms and keys were contained in the answer. |
| 72 | // answer_params should contain the negotiated parameters, which may be none, |
| 73 | // if crypto was not desired or could not be negotiated (and not required). |
| 74 | // This must be called after SetOffer. If crypto negotiation completes |
| 75 | // successfully, this will advance the filter to the active state. |
| 76 | bool SetAnswer(const std::vector<CryptoParams>& answer_params, |
| 77 | ContentSource source); |
| 78 | |
Guo-wei Shieh | 1218d7a | 2015-12-05 09:59:56 -0800 | [diff] [blame] | 79 | bool ResetParams(); |
| 80 | |
Piotr (Peter) Slatala | 9f95625 | 2018-10-31 08:25:26 -0700 | [diff] [blame] | 81 | static bool ParseKeyParams(const std::string& params, |
| 82 | uint8_t* key, |
| 83 | size_t len); |
| 84 | |
Danil Chapovalov | 66cadcc | 2018-06-19 16:47:43 +0200 | [diff] [blame] | 85 | absl::optional<int> send_cipher_suite() { return send_cipher_suite_; } |
| 86 | absl::optional<int> recv_cipher_suite() { return recv_cipher_suite_; } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 87 | |
Joachim Bauch | 5b32f23 | 2018-03-07 20:02:26 +0100 | [diff] [blame] | 88 | rtc::ArrayView<const uint8_t> send_key() { return send_key_; } |
| 89 | rtc::ArrayView<const uint8_t> recv_key() { return recv_key_; } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 90 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 91 | protected: |
| 92 | bool ExpectOffer(ContentSource source); |
zhihuang | e683c68 | 2017-08-31 16:00:07 -0700 | [diff] [blame] | 93 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 94 | bool StoreParams(const std::vector<CryptoParams>& params, |
| 95 | ContentSource source); |
zhihuang | e683c68 | 2017-08-31 16:00:07 -0700 | [diff] [blame] | 96 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 97 | bool ExpectAnswer(ContentSource source); |
zhihuang | e683c68 | 2017-08-31 16:00:07 -0700 | [diff] [blame] | 98 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 99 | bool DoSetAnswer(const std::vector<CryptoParams>& answer_params, |
zhihuang | e683c68 | 2017-08-31 16:00:07 -0700 | [diff] [blame] | 100 | ContentSource source, |
| 101 | bool final); |
| 102 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 103 | bool NegotiateParams(const std::vector<CryptoParams>& answer_params, |
| 104 | CryptoParams* selected_params); |
zhihuang | e683c68 | 2017-08-31 16:00:07 -0700 | [diff] [blame] | 105 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 106 | private: |
| 107 | bool ApplySendParams(const CryptoParams& send_params); |
| 108 | |
| 109 | bool ApplyRecvParams(const CryptoParams& recv_params); |
| 110 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 111 | enum State { |
Yves Gerey | 665174f | 2018-06-19 15:03:05 +0200 | [diff] [blame] | 112 | ST_INIT, // SRTP filter unused. |
| 113 | ST_SENTOFFER, // Offer with SRTP parameters sent. |
| 114 | ST_RECEIVEDOFFER, // Offer with SRTP parameters received. |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 115 | ST_SENTPRANSWER_NO_CRYPTO, // Sent provisional answer without crypto. |
| 116 | // Received provisional answer without crypto. |
| 117 | ST_RECEIVEDPRANSWER_NO_CRYPTO, |
Yves Gerey | 665174f | 2018-06-19 15:03:05 +0200 | [diff] [blame] | 118 | ST_ACTIVE, // Offer and answer set. |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 119 | // SRTP filter is active but new parameters are offered. |
| 120 | // When the answer is set, the state transitions to ST_ACTIVE or ST_INIT. |
| 121 | ST_SENTUPDATEDOFFER, |
| 122 | // SRTP filter is active but new parameters are received. |
| 123 | // When the answer is set, the state transitions back to ST_ACTIVE. |
| 124 | ST_RECEIVEDUPDATEDOFFER, |
| 125 | // SRTP filter is active but the sent answer is only provisional. |
| 126 | // When the final answer is set, the state transitions to ST_ACTIVE or |
| 127 | // ST_INIT. |
| 128 | ST_SENTPRANSWER, |
| 129 | // SRTP filter is active but the received answer is only provisional. |
| 130 | // When the final answer is set, the state transitions to ST_ACTIVE or |
| 131 | // ST_INIT. |
| 132 | ST_RECEIVEDPRANSWER |
| 133 | }; |
jbauch | dfcab72 | 2017-03-06 00:14:10 -0800 | [diff] [blame] | 134 | State state_ = ST_INIT; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 135 | std::vector<CryptoParams> offer_params_; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 136 | CryptoParams applied_send_params_; |
| 137 | CryptoParams applied_recv_params_; |
Danil Chapovalov | 66cadcc | 2018-06-19 16:47:43 +0200 | [diff] [blame] | 138 | absl::optional<int> send_cipher_suite_; |
| 139 | absl::optional<int> recv_cipher_suite_; |
Joachim Bauch | 5b32f23 | 2018-03-07 20:02:26 +0100 | [diff] [blame] | 140 | rtc::ZeroOnFreeBuffer<uint8_t> send_key_; |
| 141 | rtc::ZeroOnFreeBuffer<uint8_t> recv_key_; |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 142 | }; |
| 143 | |
henrike@webrtc.org | 28e2075 | 2013-07-10 00:45:36 +0000 | [diff] [blame] | 144 | } // namespace cricket |
| 145 | |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 146 | #endif // PC_SRTP_FILTER_H_ |