zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2017 The WebRTC project authors. All Rights Reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 11 | #include "pc/srtp_session.h" |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 12 | |
Danil Chapovalov | 5740f3e | 2019-10-10 11:12:15 +0200 | [diff] [blame] | 13 | #include "absl/base/attributes.h" |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 14 | #include "media/base/rtp_utils.h" |
| 15 | #include "pc/external_hmac.h" |
| 16 | #include "rtc_base/critical_section.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 17 | #include "rtc_base/logging.h" |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 18 | #include "rtc_base/ssl_stream_adapter.h" |
Zhi Huang | 0a5fdbb | 2018-06-14 10:40:19 -0700 | [diff] [blame] | 19 | #include "system_wrappers/include/metrics.h" |
Taylor Brandstetter | b140b9f | 2017-10-12 17:24:16 -0700 | [diff] [blame] | 20 | #include "third_party/libsrtp/include/srtp.h" |
| 21 | #include "third_party/libsrtp/include/srtp_priv.h" |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 22 | |
| 23 | namespace cricket { |
| 24 | |
Zhi Huang | 0a5fdbb | 2018-06-14 10:40:19 -0700 | [diff] [blame] | 25 | // One more than the maximum libsrtp error code. Required by |
| 26 | // RTC_HISTOGRAM_ENUMERATION. Keep this in sync with srtp_error_status_t defined |
| 27 | // in srtp.h. |
| 28 | constexpr int kSrtpErrorCodeBoundary = 28; |
| 29 | |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 30 | SrtpSession::SrtpSession() {} |
| 31 | |
| 32 | SrtpSession::~SrtpSession() { |
| 33 | if (session_) { |
| 34 | srtp_set_user_data(session_, nullptr); |
| 35 | srtp_dealloc(session_); |
| 36 | } |
Taylor Brandstetter | b140b9f | 2017-10-12 17:24:16 -0700 | [diff] [blame] | 37 | if (inited_) { |
| 38 | DecrementLibsrtpUsageCountAndMaybeDeinit(); |
| 39 | } |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 40 | } |
| 41 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 42 | bool SrtpSession::SetSend(int cs, |
| 43 | const uint8_t* key, |
| 44 | size_t len, |
| 45 | const std::vector<int>& extension_ids) { |
| 46 | return SetKey(ssrc_any_outbound, cs, key, len, extension_ids); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 47 | } |
| 48 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 49 | bool SrtpSession::UpdateSend(int cs, |
| 50 | const uint8_t* key, |
| 51 | size_t len, |
| 52 | const std::vector<int>& extension_ids) { |
| 53 | return UpdateKey(ssrc_any_outbound, cs, key, len, extension_ids); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 54 | } |
| 55 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 56 | bool SrtpSession::SetRecv(int cs, |
| 57 | const uint8_t* key, |
| 58 | size_t len, |
| 59 | const std::vector<int>& extension_ids) { |
| 60 | return SetKey(ssrc_any_inbound, cs, key, len, extension_ids); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 61 | } |
| 62 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 63 | bool SrtpSession::UpdateRecv(int cs, |
| 64 | const uint8_t* key, |
| 65 | size_t len, |
| 66 | const std::vector<int>& extension_ids) { |
| 67 | return UpdateKey(ssrc_any_inbound, cs, key, len, extension_ids); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 68 | } |
| 69 | |
| 70 | bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 71 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 72 | if (!session_) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 73 | RTC_LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 74 | return false; |
| 75 | } |
| 76 | |
| 77 | int need_len = in_len + rtp_auth_tag_len_; // NOLINT |
| 78 | if (max_len < need_len) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 79 | RTC_LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length " |
| 80 | << max_len << " is less than the needed " << need_len; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 81 | return false; |
| 82 | } |
| 83 | |
| 84 | *out_len = in_len; |
| 85 | int err = srtp_protect(session_, p, out_len); |
| 86 | int seq_num; |
| 87 | GetRtpSeqNum(p, in_len, &seq_num); |
| 88 | if (err != srtp_err_status_ok) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 89 | RTC_LOG(LS_WARNING) << "Failed to protect SRTP packet, seqnum=" << seq_num |
| 90 | << ", err=" << err |
| 91 | << ", last seqnum=" << last_send_seq_num_; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 92 | return false; |
| 93 | } |
| 94 | last_send_seq_num_ = seq_num; |
| 95 | return true; |
| 96 | } |
| 97 | |
| 98 | bool SrtpSession::ProtectRtp(void* p, |
| 99 | int in_len, |
| 100 | int max_len, |
| 101 | int* out_len, |
| 102 | int64_t* index) { |
| 103 | if (!ProtectRtp(p, in_len, max_len, out_len)) { |
| 104 | return false; |
| 105 | } |
| 106 | return (index) ? GetSendStreamPacketIndex(p, in_len, index) : true; |
| 107 | } |
| 108 | |
| 109 | bool SrtpSession::ProtectRtcp(void* p, int in_len, int max_len, int* out_len) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 110 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 111 | if (!session_) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 112 | RTC_LOG(LS_WARNING) << "Failed to protect SRTCP packet: no SRTP Session"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 113 | return false; |
| 114 | } |
| 115 | |
| 116 | int need_len = in_len + sizeof(uint32_t) + rtcp_auth_tag_len_; // NOLINT |
| 117 | if (max_len < need_len) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 118 | RTC_LOG(LS_WARNING) << "Failed to protect SRTCP packet: The buffer length " |
| 119 | << max_len << " is less than the needed " << need_len; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 120 | return false; |
| 121 | } |
| 122 | |
| 123 | *out_len = in_len; |
| 124 | int err = srtp_protect_rtcp(session_, p, out_len); |
| 125 | if (err != srtp_err_status_ok) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 126 | RTC_LOG(LS_WARNING) << "Failed to protect SRTCP packet, err=" << err; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 127 | return false; |
| 128 | } |
| 129 | return true; |
| 130 | } |
| 131 | |
| 132 | bool SrtpSession::UnprotectRtp(void* p, int in_len, int* out_len) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 133 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 134 | if (!session_) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 135 | RTC_LOG(LS_WARNING) << "Failed to unprotect SRTP packet: no SRTP Session"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 136 | return false; |
| 137 | } |
| 138 | |
| 139 | *out_len = in_len; |
| 140 | int err = srtp_unprotect(session_, p, out_len); |
| 141 | if (err != srtp_err_status_ok) { |
erikvarga@webrtc.org | d76a0fc | 2018-10-09 12:31:28 +0200 | [diff] [blame] | 142 | // Limit the error logging to avoid excessive logs when there are lots of |
| 143 | // bad packets. |
| 144 | const int kFailureLogThrottleCount = 100; |
| 145 | if (decryption_failure_count_ % kFailureLogThrottleCount == 0) { |
| 146 | RTC_LOG(LS_WARNING) << "Failed to unprotect SRTP packet, err=" << err |
| 147 | << ", previous failure count: " |
| 148 | << decryption_failure_count_; |
| 149 | } |
| 150 | ++decryption_failure_count_; |
Qingsi Wang | 7fc821d | 2018-07-12 12:54:53 -0700 | [diff] [blame] | 151 | RTC_HISTOGRAM_ENUMERATION("WebRTC.PeerConnection.SrtpUnprotectError", |
Zhi Huang | 0a5fdbb | 2018-06-14 10:40:19 -0700 | [diff] [blame] | 152 | static_cast<int>(err), kSrtpErrorCodeBoundary); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 153 | return false; |
| 154 | } |
| 155 | return true; |
| 156 | } |
| 157 | |
| 158 | bool SrtpSession::UnprotectRtcp(void* p, int in_len, int* out_len) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 159 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 160 | if (!session_) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 161 | RTC_LOG(LS_WARNING) << "Failed to unprotect SRTCP packet: no SRTP Session"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 162 | return false; |
| 163 | } |
| 164 | |
| 165 | *out_len = in_len; |
| 166 | int err = srtp_unprotect_rtcp(session_, p, out_len); |
| 167 | if (err != srtp_err_status_ok) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 168 | RTC_LOG(LS_WARNING) << "Failed to unprotect SRTCP packet, err=" << err; |
Qingsi Wang | 7fc821d | 2018-07-12 12:54:53 -0700 | [diff] [blame] | 169 | RTC_HISTOGRAM_ENUMERATION("WebRTC.PeerConnection.SrtcpUnprotectError", |
Zhi Huang | 0a5fdbb | 2018-06-14 10:40:19 -0700 | [diff] [blame] | 170 | static_cast<int>(err), kSrtpErrorCodeBoundary); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 171 | return false; |
| 172 | } |
| 173 | return true; |
| 174 | } |
| 175 | |
| 176 | bool SrtpSession::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 177 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 178 | RTC_DCHECK(IsExternalAuthActive()); |
| 179 | if (!IsExternalAuthActive()) { |
| 180 | return false; |
| 181 | } |
| 182 | |
| 183 | ExternalHmacContext* external_hmac = nullptr; |
| 184 | // stream_template will be the reference context for other streams. |
| 185 | // Let's use it for getting the keys. |
| 186 | srtp_stream_ctx_t* srtp_context = session_->stream_template; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 187 | if (srtp_context && srtp_context->session_keys && |
| 188 | srtp_context->session_keys->rtp_auth) { |
| 189 | external_hmac = reinterpret_cast<ExternalHmacContext*>( |
| 190 | srtp_context->session_keys->rtp_auth->state); |
| 191 | } |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 192 | |
| 193 | if (!external_hmac) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 194 | RTC_LOG(LS_ERROR) << "Failed to get auth keys from libsrtp!."; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 195 | return false; |
| 196 | } |
| 197 | |
| 198 | *key = external_hmac->key; |
| 199 | *key_len = external_hmac->key_length; |
| 200 | *tag_len = rtp_auth_tag_len_; |
| 201 | return true; |
| 202 | } |
| 203 | |
| 204 | int SrtpSession::GetSrtpOverhead() const { |
| 205 | return rtp_auth_tag_len_; |
| 206 | } |
| 207 | |
| 208 | void SrtpSession::EnableExternalAuth() { |
| 209 | RTC_DCHECK(!session_); |
| 210 | external_auth_enabled_ = true; |
| 211 | } |
| 212 | |
| 213 | bool SrtpSession::IsExternalAuthEnabled() const { |
| 214 | return external_auth_enabled_; |
| 215 | } |
| 216 | |
| 217 | bool SrtpSession::IsExternalAuthActive() const { |
| 218 | return external_auth_active_; |
| 219 | } |
| 220 | |
| 221 | bool SrtpSession::GetSendStreamPacketIndex(void* p, |
| 222 | int in_len, |
| 223 | int64_t* index) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 224 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 225 | srtp_hdr_t* hdr = reinterpret_cast<srtp_hdr_t*>(p); |
| 226 | srtp_stream_ctx_t* stream = srtp_get_stream(session_, hdr->ssrc); |
| 227 | if (!stream) { |
| 228 | return false; |
| 229 | } |
| 230 | |
| 231 | // Shift packet index, put into network byte order |
| 232 | *index = static_cast<int64_t>(rtc::NetworkToHost64( |
| 233 | srtp_rdbx_get_packet_index(&stream->rtp_rdbx) << 16)); |
| 234 | return true; |
| 235 | } |
| 236 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 237 | bool SrtpSession::DoSetKey(int type, |
| 238 | int cs, |
| 239 | const uint8_t* key, |
| 240 | size_t len, |
| 241 | const std::vector<int>& extension_ids) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 242 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 243 | |
| 244 | srtp_policy_t policy; |
| 245 | memset(&policy, 0, sizeof(policy)); |
| 246 | if (cs == rtc::SRTP_AES128_CM_SHA1_80) { |
| 247 | srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); |
| 248 | srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); |
| 249 | } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { |
| 250 | // RTP HMAC is shortened to 32 bits, but RTCP remains 80 bits. |
| 251 | srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); |
| 252 | srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); |
| 253 | } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) { |
| 254 | srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); |
| 255 | srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); |
| 256 | } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) { |
| 257 | srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp); |
| 258 | srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp); |
| 259 | } else { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 260 | RTC_LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create") |
| 261 | << " SRTP session: unsupported cipher_suite " << cs; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 262 | return false; |
| 263 | } |
| 264 | |
| 265 | int expected_key_len; |
| 266 | int expected_salt_len; |
| 267 | if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len, |
| 268 | &expected_salt_len)) { |
| 269 | // This should never happen. |
Jonas Olsson | 45cc890 | 2018-02-13 10:37:07 +0100 | [diff] [blame] | 270 | RTC_NOTREACHED(); |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 271 | RTC_LOG(LS_WARNING) |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 272 | << "Failed to " << (session_ ? "update" : "create") |
| 273 | << " SRTP session: unsupported cipher_suite without length information" |
| 274 | << cs; |
| 275 | return false; |
| 276 | } |
| 277 | |
| 278 | if (!key || |
| 279 | len != static_cast<size_t>(expected_key_len + expected_salt_len)) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 280 | RTC_LOG(LS_WARNING) << "Failed to " << (session_ ? "update" : "create") |
| 281 | << " SRTP session: invalid key"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 282 | return false; |
| 283 | } |
| 284 | |
| 285 | policy.ssrc.type = static_cast<srtp_ssrc_type_t>(type); |
| 286 | policy.ssrc.value = 0; |
| 287 | policy.key = const_cast<uint8_t*>(key); |
| 288 | // TODO(astor) parse window size from WSH session-param |
| 289 | policy.window_size = 1024; |
| 290 | policy.allow_repeat_tx = 1; |
| 291 | // If external authentication option is enabled, supply custom auth module |
| 292 | // id EXTERNAL_HMAC_SHA1 in the policy structure. |
| 293 | // We want to set this option only for rtp packets. |
| 294 | // By default policy structure is initialized to HMAC_SHA1. |
| 295 | // Enable external HMAC authentication only for outgoing streams and only |
| 296 | // for cipher suites that support it (i.e. only non-GCM cipher suites). |
| 297 | if (type == ssrc_any_outbound && IsExternalAuthEnabled() && |
| 298 | !rtc::IsGcmCryptoSuite(cs)) { |
| 299 | policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; |
| 300 | } |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 301 | if (!extension_ids.empty()) { |
| 302 | policy.enc_xtn_hdr = const_cast<int*>(&extension_ids[0]); |
| 303 | policy.enc_xtn_hdr_count = static_cast<int>(extension_ids.size()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 304 | } |
| 305 | policy.next = nullptr; |
| 306 | |
| 307 | if (!session_) { |
| 308 | int err = srtp_create(&session_, &policy); |
| 309 | if (err != srtp_err_status_ok) { |
| 310 | session_ = nullptr; |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 311 | RTC_LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 312 | return false; |
| 313 | } |
| 314 | srtp_set_user_data(session_, this); |
| 315 | } else { |
| 316 | int err = srtp_update(session_, &policy); |
| 317 | if (err != srtp_err_status_ok) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 318 | RTC_LOG(LS_ERROR) << "Failed to update SRTP session, err=" << err; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 319 | return false; |
| 320 | } |
| 321 | } |
| 322 | |
| 323 | rtp_auth_tag_len_ = policy.rtp.auth_tag_len; |
| 324 | rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; |
| 325 | external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1); |
| 326 | return true; |
| 327 | } |
| 328 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 329 | bool SrtpSession::SetKey(int type, |
| 330 | int cs, |
| 331 | const uint8_t* key, |
| 332 | size_t len, |
| 333 | const std::vector<int>& extension_ids) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 334 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 335 | if (session_) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 336 | RTC_LOG(LS_ERROR) << "Failed to create SRTP session: " |
Jonas Olsson | 45cc890 | 2018-02-13 10:37:07 +0100 | [diff] [blame] | 337 | "SRTP session already created"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 338 | return false; |
| 339 | } |
| 340 | |
Taylor Brandstetter | b140b9f | 2017-10-12 17:24:16 -0700 | [diff] [blame] | 341 | // This is the first time we need to actually interact with libsrtp, so |
| 342 | // initialize it if needed. |
| 343 | if (IncrementLibsrtpUsageCountAndMaybeInit()) { |
| 344 | inited_ = true; |
| 345 | } else { |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 346 | return false; |
| 347 | } |
| 348 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 349 | return DoSetKey(type, cs, key, len, extension_ids); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 350 | } |
| 351 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 352 | bool SrtpSession::UpdateKey(int type, |
| 353 | int cs, |
| 354 | const uint8_t* key, |
| 355 | size_t len, |
| 356 | const std::vector<int>& extension_ids) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 357 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 358 | if (!session_) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 359 | RTC_LOG(LS_ERROR) << "Failed to update non-existing SRTP session"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 360 | return false; |
| 361 | } |
| 362 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 363 | return DoSetKey(type, cs, key, len, extension_ids); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 364 | } |
| 365 | |
Danil Chapovalov | 5740f3e | 2019-10-10 11:12:15 +0200 | [diff] [blame] | 366 | ABSL_CONST_INIT int g_libsrtp_usage_count = 0; |
| 367 | ABSL_CONST_INIT rtc::GlobalLock g_libsrtp_lock; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 368 | |
Sebastian Jansson | 22619b3 | 2019-12-12 13:15:54 +0100 | [diff] [blame] | 369 | void ProhibitLibsrtpInitialization() { |
| 370 | rtc::GlobalLockScope ls(&g_libsrtp_lock); |
| 371 | ++g_libsrtp_usage_count; |
| 372 | } |
| 373 | |
Taylor Brandstetter | b140b9f | 2017-10-12 17:24:16 -0700 | [diff] [blame] | 374 | // static |
| 375 | bool SrtpSession::IncrementLibsrtpUsageCountAndMaybeInit() { |
| 376 | rtc::GlobalLockScope ls(&g_libsrtp_lock); |
| 377 | |
| 378 | RTC_DCHECK_GE(g_libsrtp_usage_count, 0); |
| 379 | if (g_libsrtp_usage_count == 0) { |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 380 | int err; |
| 381 | err = srtp_init(); |
| 382 | if (err != srtp_err_status_ok) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 383 | RTC_LOG(LS_ERROR) << "Failed to init SRTP, err=" << err; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 384 | return false; |
| 385 | } |
| 386 | |
| 387 | err = srtp_install_event_handler(&SrtpSession::HandleEventThunk); |
| 388 | if (err != srtp_err_status_ok) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 389 | RTC_LOG(LS_ERROR) << "Failed to install SRTP event handler, err=" << err; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 390 | return false; |
| 391 | } |
| 392 | |
| 393 | err = external_crypto_init(); |
| 394 | if (err != srtp_err_status_ok) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 395 | RTC_LOG(LS_ERROR) << "Failed to initialize fake auth, err=" << err; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 396 | return false; |
| 397 | } |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 398 | } |
Taylor Brandstetter | b140b9f | 2017-10-12 17:24:16 -0700 | [diff] [blame] | 399 | ++g_libsrtp_usage_count; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 400 | return true; |
| 401 | } |
| 402 | |
Taylor Brandstetter | b140b9f | 2017-10-12 17:24:16 -0700 | [diff] [blame] | 403 | // static |
| 404 | void SrtpSession::DecrementLibsrtpUsageCountAndMaybeDeinit() { |
| 405 | rtc::GlobalLockScope ls(&g_libsrtp_lock); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 406 | |
Taylor Brandstetter | b140b9f | 2017-10-12 17:24:16 -0700 | [diff] [blame] | 407 | RTC_DCHECK_GE(g_libsrtp_usage_count, 1); |
| 408 | if (--g_libsrtp_usage_count == 0) { |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 409 | int err = srtp_shutdown(); |
| 410 | if (err) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 411 | RTC_LOG(LS_ERROR) << "srtp_shutdown failed. err=" << err; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 412 | } |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 413 | } |
| 414 | } |
| 415 | |
| 416 | void SrtpSession::HandleEvent(const srtp_event_data_t* ev) { |
Sebastian Jansson | c01367d | 2019-04-08 15:20:44 +0200 | [diff] [blame] | 417 | RTC_DCHECK(thread_checker_.IsCurrent()); |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 418 | switch (ev->event) { |
| 419 | case event_ssrc_collision: |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 420 | RTC_LOG(LS_INFO) << "SRTP event: SSRC collision"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 421 | break; |
| 422 | case event_key_soft_limit: |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 423 | RTC_LOG(LS_INFO) << "SRTP event: reached soft key usage limit"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 424 | break; |
| 425 | case event_key_hard_limit: |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 426 | RTC_LOG(LS_INFO) << "SRTP event: reached hard key usage limit"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 427 | break; |
| 428 | case event_packet_index_limit: |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 429 | RTC_LOG(LS_INFO) |
| 430 | << "SRTP event: reached hard packet limit (2^48 packets)"; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 431 | break; |
| 432 | default: |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 433 | RTC_LOG(LS_INFO) << "SRTP event: unknown " << ev->event; |
zstein | 4dde3df | 2017-07-07 14:26:25 -0700 | [diff] [blame] | 434 | break; |
| 435 | } |
| 436 | } |
| 437 | |
| 438 | void SrtpSession::HandleEventThunk(srtp_event_data_t* ev) { |
| 439 | // Callback will be executed from same thread that calls the "srtp_protect" |
| 440 | // and "srtp_unprotect" functions. |
| 441 | SrtpSession* session = |
| 442 | static_cast<SrtpSession*>(srtp_get_user_data(ev->session)); |
| 443 | if (session) { |
| 444 | session->HandleEvent(ev); |
| 445 | } |
| 446 | } |
| 447 | |
| 448 | } // namespace cricket |