zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2017 The WebRTC project authors. All Rights Reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 11 | #include "pc/srtp_transport.h" |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 12 | |
Yves Gerey | 3e70781 | 2018-11-28 16:47:49 +0100 | [diff] [blame] | 13 | #include <stdint.h> |
| 14 | #include <string.h> |
Jonas Olsson | a4d8737 | 2019-07-05 19:08:33 +0200 | [diff] [blame] | 15 | |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 16 | #include <string> |
Amit Hilbuch | edd2054 | 2019-03-18 12:33:43 -0700 | [diff] [blame] | 17 | #include <utility> |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 18 | #include <vector> |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 19 | |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 20 | #include "media/base/rtp_utils.h" |
| 21 | #include "pc/rtp_transport.h" |
| 22 | #include "pc/srtp_session.h" |
| 23 | #include "rtc_base/async_packet_socket.h" |
Yves Gerey | 3e70781 | 2018-11-28 16:47:49 +0100 | [diff] [blame] | 24 | #include "rtc_base/checks.h" |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 25 | #include "rtc_base/copy_on_write_buffer.h" |
Yves Gerey | 3e70781 | 2018-11-28 16:47:49 +0100 | [diff] [blame] | 26 | #include "rtc_base/logging.h" |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 27 | #include "rtc_base/numerics/safe_conversions.h" |
Steve Anton | 10542f2 | 2019-01-11 09:11:00 -0800 | [diff] [blame] | 28 | #include "rtc_base/ssl_stream_adapter.h" |
Artem Titov | a76af0c | 2018-07-23 17:38:12 +0200 | [diff] [blame] | 29 | #include "rtc_base/third_party/base64/base64.h" |
Yves Gerey | 3e70781 | 2018-11-28 16:47:49 +0100 | [diff] [blame] | 30 | #include "rtc_base/third_party/sigslot/sigslot.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 31 | #include "rtc_base/trace_event.h" |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 32 | #include "rtc_base/zero_memory.h" |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 33 | |
| 34 | namespace webrtc { |
| 35 | |
Zhi Huang | 2dfc42d | 2017-12-04 13:38:48 -0800 | [diff] [blame] | 36 | SrtpTransport::SrtpTransport(bool rtcp_mux_enabled) |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 37 | : RtpTransport(rtcp_mux_enabled) {} |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 38 | |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 39 | RTCError SrtpTransport::SetSrtpSendKey(const cricket::CryptoParams& params) { |
| 40 | if (send_params_) { |
| 41 | LOG_AND_RETURN_ERROR( |
| 42 | webrtc::RTCErrorType::UNSUPPORTED_OPERATION, |
| 43 | "Setting the SRTP send key twice is currently unsupported."); |
| 44 | } |
| 45 | if (recv_params_ && recv_params_->cipher_suite != params.cipher_suite) { |
| 46 | LOG_AND_RETURN_ERROR( |
| 47 | webrtc::RTCErrorType::UNSUPPORTED_OPERATION, |
| 48 | "The send key and receive key must have the same cipher suite."); |
| 49 | } |
| 50 | |
| 51 | send_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(params.cipher_suite); |
| 52 | if (*send_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) { |
| 53 | return RTCError(RTCErrorType::INVALID_PARAMETER, |
| 54 | "Invalid SRTP crypto suite"); |
| 55 | } |
| 56 | |
| 57 | int send_key_len, send_salt_len; |
| 58 | if (!rtc::GetSrtpKeyAndSaltLengths(*send_cipher_suite_, &send_key_len, |
| 59 | &send_salt_len)) { |
| 60 | return RTCError(RTCErrorType::INVALID_PARAMETER, |
| 61 | "Could not get lengths for crypto suite(s):" |
| 62 | " send cipher_suite "); |
| 63 | } |
| 64 | |
| 65 | send_key_ = rtc::ZeroOnFreeBuffer<uint8_t>(send_key_len + send_salt_len); |
| 66 | if (!ParseKeyParams(params.key_params, send_key_.data(), send_key_.size())) { |
| 67 | return RTCError(RTCErrorType::INVALID_PARAMETER, |
| 68 | "Failed to parse the crypto key params"); |
| 69 | } |
| 70 | |
| 71 | if (!MaybeSetKeyParams()) { |
| 72 | return RTCError(RTCErrorType::INVALID_PARAMETER, |
| 73 | "Failed to set the crypto key params"); |
| 74 | } |
| 75 | send_params_ = params; |
| 76 | return RTCError::OK(); |
| 77 | } |
| 78 | |
| 79 | RTCError SrtpTransport::SetSrtpReceiveKey(const cricket::CryptoParams& params) { |
| 80 | if (recv_params_) { |
| 81 | LOG_AND_RETURN_ERROR( |
| 82 | webrtc::RTCErrorType::UNSUPPORTED_OPERATION, |
| 83 | "Setting the SRTP send key twice is currently unsupported."); |
| 84 | } |
| 85 | if (send_params_ && send_params_->cipher_suite != params.cipher_suite) { |
| 86 | LOG_AND_RETURN_ERROR( |
| 87 | webrtc::RTCErrorType::UNSUPPORTED_OPERATION, |
| 88 | "The send key and receive key must have the same cipher suite."); |
| 89 | } |
| 90 | |
| 91 | recv_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(params.cipher_suite); |
| 92 | if (*recv_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) { |
| 93 | return RTCError(RTCErrorType::INVALID_PARAMETER, |
| 94 | "Invalid SRTP crypto suite"); |
| 95 | } |
| 96 | |
| 97 | int recv_key_len, recv_salt_len; |
| 98 | if (!rtc::GetSrtpKeyAndSaltLengths(*recv_cipher_suite_, &recv_key_len, |
| 99 | &recv_salt_len)) { |
| 100 | return RTCError(RTCErrorType::INVALID_PARAMETER, |
| 101 | "Could not get lengths for crypto suite(s):" |
| 102 | " recv cipher_suite "); |
| 103 | } |
| 104 | |
| 105 | recv_key_ = rtc::ZeroOnFreeBuffer<uint8_t>(recv_key_len + recv_salt_len); |
| 106 | if (!ParseKeyParams(params.key_params, recv_key_.data(), recv_key_.size())) { |
| 107 | return RTCError(RTCErrorType::INVALID_PARAMETER, |
| 108 | "Failed to parse the crypto key params"); |
| 109 | } |
| 110 | |
| 111 | if (!MaybeSetKeyParams()) { |
| 112 | return RTCError(RTCErrorType::INVALID_PARAMETER, |
| 113 | "Failed to set the crypto key params"); |
| 114 | } |
| 115 | recv_params_ = params; |
| 116 | return RTCError::OK(); |
| 117 | } |
| 118 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 119 | bool SrtpTransport::SendRtpPacket(rtc::CopyOnWriteBuffer* packet, |
| 120 | const rtc::PacketOptions& options, |
| 121 | int flags) { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 122 | if (!IsSrtpActive()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 123 | RTC_LOG(LS_ERROR) |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 124 | << "Failed to send the packet because SRTP transport is inactive."; |
| 125 | return false; |
| 126 | } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 127 | rtc::PacketOptions updated_options = options; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 128 | TRACE_EVENT0("webrtc", "SRTP Encode"); |
| 129 | bool res; |
| 130 | uint8_t* data = packet->data(); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 131 | int len = rtc::checked_cast<int>(packet->size()); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 132 | // If ENABLE_EXTERNAL_AUTH flag is on then packet authentication is not done |
| 133 | // inside libsrtp for a RTP packet. A external HMAC module will be writing |
| 134 | // a fake HMAC value. This is ONLY done for a RTP packet. |
| 135 | // Socket layer will update rtp sendtime extension header if present in |
| 136 | // packet with current time before updating the HMAC. |
| 137 | #if !defined(ENABLE_EXTERNAL_AUTH) |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 138 | res = ProtectRtp(data, len, static_cast<int>(packet->capacity()), &len); |
Zhi Huang | 95e7dbb | 2018-03-29 00:08:03 +0000 | [diff] [blame] | 139 | #else |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 140 | if (!IsExternalAuthActive()) { |
| 141 | res = ProtectRtp(data, len, static_cast<int>(packet->capacity()), &len); |
| 142 | } else { |
| 143 | updated_options.packet_time_params.rtp_sendtime_extension_id = |
| 144 | rtp_abs_sendtime_extn_id_; |
| 145 | res = ProtectRtp(data, len, static_cast<int>(packet->capacity()), &len, |
| 146 | &updated_options.packet_time_params.srtp_packet_index); |
| 147 | // If protection succeeds, let's get auth params from srtp. |
| 148 | if (res) { |
| 149 | uint8_t* auth_key = nullptr; |
| 150 | int key_len = 0; |
| 151 | res = GetRtpAuthParams( |
| 152 | &auth_key, &key_len, |
| 153 | &updated_options.packet_time_params.srtp_auth_tag_len); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 154 | if (res) { |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 155 | updated_options.packet_time_params.srtp_auth_key.resize(key_len); |
| 156 | updated_options.packet_time_params.srtp_auth_key.assign( |
| 157 | auth_key, auth_key + key_len); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 158 | } |
| 159 | } |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 160 | } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 161 | #endif |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 162 | if (!res) { |
| 163 | int seq_num = -1; |
| 164 | uint32_t ssrc = 0; |
| 165 | cricket::GetRtpSeqNum(data, len, &seq_num); |
| 166 | cricket::GetRtpSsrc(data, len, &ssrc); |
| 167 | RTC_LOG(LS_ERROR) << "Failed to protect RTP packet: size=" << len |
| 168 | << ", seqnum=" << seq_num << ", SSRC=" << ssrc; |
| 169 | return false; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 170 | } |
| 171 | |
| 172 | // Update the length of the packet now that we've added the auth tag. |
| 173 | packet->SetSize(len); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 174 | return SendPacket(/*rtcp=*/false, packet, updated_options, flags); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 175 | } |
| 176 | |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 177 | bool SrtpTransport::SendRtcpPacket(rtc::CopyOnWriteBuffer* packet, |
| 178 | const rtc::PacketOptions& options, |
| 179 | int flags) { |
| 180 | if (!IsSrtpActive()) { |
| 181 | RTC_LOG(LS_ERROR) |
| 182 | << "Failed to send the packet because SRTP transport is inactive."; |
| 183 | return false; |
| 184 | } |
| 185 | |
| 186 | TRACE_EVENT0("webrtc", "SRTP Encode"); |
| 187 | uint8_t* data = packet->data(); |
| 188 | int len = rtc::checked_cast<int>(packet->size()); |
| 189 | if (!ProtectRtcp(data, len, static_cast<int>(packet->capacity()), &len)) { |
| 190 | int type = -1; |
| 191 | cricket::GetRtcpType(data, len, &type); |
| 192 | RTC_LOG(LS_ERROR) << "Failed to protect RTCP packet: size=" << len |
| 193 | << ", type=" << type; |
| 194 | return false; |
| 195 | } |
| 196 | // Update the length of the packet now that we've added the auth tag. |
| 197 | packet->SetSize(len); |
| 198 | |
| 199 | return SendPacket(/*rtcp=*/true, packet, options, flags); |
| 200 | } |
| 201 | |
Amit Hilbuch | edd2054 | 2019-03-18 12:33:43 -0700 | [diff] [blame] | 202 | void SrtpTransport::OnRtpPacketReceived(rtc::CopyOnWriteBuffer packet, |
Niels Möller | e693381 | 2018-11-05 13:01:41 +0100 | [diff] [blame] | 203 | int64_t packet_time_us) { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 204 | if (!IsSrtpActive()) { |
Zhi Huang | 27f3bf5 | 2018-03-26 21:37:23 -0700 | [diff] [blame] | 205 | RTC_LOG(LS_WARNING) |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 206 | << "Inactive SRTP transport received an RTP packet. Drop it."; |
Zhi Huang | 27f3bf5 | 2018-03-26 21:37:23 -0700 | [diff] [blame] | 207 | return; |
| 208 | } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 209 | TRACE_EVENT0("webrtc", "SRTP Decode"); |
Amit Hilbuch | edd2054 | 2019-03-18 12:33:43 -0700 | [diff] [blame] | 210 | char* data = packet.data<char>(); |
| 211 | int len = rtc::checked_cast<int>(packet.size()); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 212 | if (!UnprotectRtp(data, len, &len)) { |
| 213 | int seq_num = -1; |
| 214 | uint32_t ssrc = 0; |
| 215 | cricket::GetRtpSeqNum(data, len, &seq_num); |
| 216 | cricket::GetRtpSsrc(data, len, &ssrc); |
erikvarga@webrtc.org | d76a0fc | 2018-10-09 12:31:28 +0200 | [diff] [blame] | 217 | |
| 218 | // Limit the error logging to avoid excessive logs when there are lots of |
| 219 | // bad packets. |
| 220 | const int kFailureLogThrottleCount = 100; |
| 221 | if (decryption_failure_count_ % kFailureLogThrottleCount == 0) { |
| 222 | RTC_LOG(LS_ERROR) << "Failed to unprotect RTP packet: size=" << len |
| 223 | << ", seqnum=" << seq_num << ", SSRC=" << ssrc |
| 224 | << ", previous failure count: " |
| 225 | << decryption_failure_count_; |
| 226 | } |
| 227 | ++decryption_failure_count_; |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 228 | return; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 229 | } |
Amit Hilbuch | edd2054 | 2019-03-18 12:33:43 -0700 | [diff] [blame] | 230 | packet.SetSize(len); |
| 231 | DemuxPacket(std::move(packet), packet_time_us); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 232 | } |
| 233 | |
Amit Hilbuch | edd2054 | 2019-03-18 12:33:43 -0700 | [diff] [blame] | 234 | void SrtpTransport::OnRtcpPacketReceived(rtc::CopyOnWriteBuffer packet, |
Niels Möller | e693381 | 2018-11-05 13:01:41 +0100 | [diff] [blame] | 235 | int64_t packet_time_us) { |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 236 | if (!IsSrtpActive()) { |
| 237 | RTC_LOG(LS_WARNING) |
| 238 | << "Inactive SRTP transport received an RTCP packet. Drop it."; |
| 239 | return; |
| 240 | } |
| 241 | TRACE_EVENT0("webrtc", "SRTP Decode"); |
Amit Hilbuch | edd2054 | 2019-03-18 12:33:43 -0700 | [diff] [blame] | 242 | char* data = packet.data<char>(); |
| 243 | int len = rtc::checked_cast<int>(packet.size()); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 244 | if (!UnprotectRtcp(data, len, &len)) { |
| 245 | int type = -1; |
| 246 | cricket::GetRtcpType(data, len, &type); |
| 247 | RTC_LOG(LS_ERROR) << "Failed to unprotect RTCP packet: size=" << len |
| 248 | << ", type=" << type; |
| 249 | return; |
| 250 | } |
Amit Hilbuch | edd2054 | 2019-03-18 12:33:43 -0700 | [diff] [blame] | 251 | packet.SetSize(len); |
| 252 | SignalRtcpPacketReceived(&packet, packet_time_us); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 253 | } |
| 254 | |
Zhi Huang | 942bc2e | 2017-11-13 13:26:07 -0800 | [diff] [blame] | 255 | void SrtpTransport::OnNetworkRouteChanged( |
Danil Chapovalov | 66cadcc | 2018-06-19 16:47:43 +0200 | [diff] [blame] | 256 | absl::optional<rtc::NetworkRoute> network_route) { |
Zhi Huang | 942bc2e | 2017-11-13 13:26:07 -0800 | [diff] [blame] | 257 | // Only append the SRTP overhead when there is a selected network route. |
| 258 | if (network_route) { |
| 259 | int srtp_overhead = 0; |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 260 | if (IsSrtpActive()) { |
Zhi Huang | 942bc2e | 2017-11-13 13:26:07 -0800 | [diff] [blame] | 261 | GetSrtpOverhead(&srtp_overhead); |
| 262 | } |
| 263 | network_route->packet_overhead += srtp_overhead; |
| 264 | } |
| 265 | SignalNetworkRouteChanged(network_route); |
| 266 | } |
| 267 | |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 268 | void SrtpTransport::OnWritableState( |
| 269 | rtc::PacketTransportInternal* packet_transport) { |
| 270 | SignalWritableState(IsWritable(/*rtcp=*/true) && IsWritable(/*rtcp=*/true)); |
| 271 | } |
| 272 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 273 | bool SrtpTransport::SetRtpParams(int send_cs, |
| 274 | const uint8_t* send_key, |
| 275 | int send_key_len, |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 276 | const std::vector<int>& send_extension_ids, |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 277 | int recv_cs, |
| 278 | const uint8_t* recv_key, |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 279 | int recv_key_len, |
| 280 | const std::vector<int>& recv_extension_ids) { |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 281 | // If parameters are being set for the first time, we should create new SRTP |
| 282 | // sessions and call "SetSend/SetRecv". Otherwise we should call |
| 283 | // "UpdateSend"/"UpdateRecv" on the existing sessions, which will internally |
| 284 | // call "srtp_update". |
| 285 | bool new_sessions = false; |
| 286 | if (!send_session_) { |
| 287 | RTC_DCHECK(!recv_session_); |
| 288 | CreateSrtpSessions(); |
| 289 | new_sessions = true; |
| 290 | } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 291 | bool ret = new_sessions |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 292 | ? send_session_->SetSend(send_cs, send_key, send_key_len, |
| 293 | send_extension_ids) |
| 294 | : send_session_->UpdateSend(send_cs, send_key, send_key_len, |
| 295 | send_extension_ids); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 296 | if (!ret) { |
| 297 | ResetParams(); |
| 298 | return false; |
| 299 | } |
| 300 | |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 301 | ret = new_sessions ? recv_session_->SetRecv(recv_cs, recv_key, recv_key_len, |
| 302 | recv_extension_ids) |
| 303 | : recv_session_->UpdateRecv( |
| 304 | recv_cs, recv_key, recv_key_len, recv_extension_ids); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 305 | if (!ret) { |
| 306 | ResetParams(); |
| 307 | return false; |
| 308 | } |
| 309 | |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 310 | RTC_LOG(LS_INFO) << "SRTP " << (new_sessions ? "activated" : "updated") |
Jonas Olsson | 45cc890 | 2018-02-13 10:37:07 +0100 | [diff] [blame] | 311 | << " with negotiated parameters: send cipher_suite " |
| 312 | << send_cs << " recv cipher_suite " << recv_cs; |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 313 | MaybeUpdateWritableState(); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 314 | return true; |
| 315 | } |
| 316 | |
| 317 | bool SrtpTransport::SetRtcpParams(int send_cs, |
| 318 | const uint8_t* send_key, |
| 319 | int send_key_len, |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 320 | const std::vector<int>& send_extension_ids, |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 321 | int recv_cs, |
| 322 | const uint8_t* recv_key, |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 323 | int recv_key_len, |
| 324 | const std::vector<int>& recv_extension_ids) { |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 325 | // This can only be called once, but can be safely called after |
| 326 | // SetRtpParams |
| 327 | if (send_rtcp_session_ || recv_rtcp_session_) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 328 | RTC_LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active"; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 329 | return false; |
| 330 | } |
| 331 | |
| 332 | send_rtcp_session_.reset(new cricket::SrtpSession()); |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 333 | if (!send_rtcp_session_->SetSend(send_cs, send_key, send_key_len, |
| 334 | send_extension_ids)) { |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 335 | return false; |
| 336 | } |
| 337 | |
| 338 | recv_rtcp_session_.reset(new cricket::SrtpSession()); |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 339 | if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len, |
| 340 | recv_extension_ids)) { |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 341 | return false; |
| 342 | } |
| 343 | |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 344 | RTC_LOG(LS_INFO) << "SRTCP activated with negotiated parameters:" |
Jonas Olsson | 45cc890 | 2018-02-13 10:37:07 +0100 | [diff] [blame] | 345 | " send cipher_suite " |
| 346 | << send_cs << " recv cipher_suite " << recv_cs; |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 347 | MaybeUpdateWritableState(); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 348 | return true; |
| 349 | } |
| 350 | |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 351 | bool SrtpTransport::IsSrtpActive() const { |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 352 | return send_session_ && recv_session_; |
| 353 | } |
| 354 | |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 355 | bool SrtpTransport::IsWritable(bool rtcp) const { |
| 356 | return IsSrtpActive() && RtpTransport::IsWritable(rtcp); |
| 357 | } |
| 358 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 359 | void SrtpTransport::ResetParams() { |
| 360 | send_session_ = nullptr; |
| 361 | recv_session_ = nullptr; |
| 362 | send_rtcp_session_ = nullptr; |
| 363 | recv_rtcp_session_ = nullptr; |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 364 | MaybeUpdateWritableState(); |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 365 | RTC_LOG(LS_INFO) << "The params in SRTP transport are reset."; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 366 | } |
| 367 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 368 | void SrtpTransport::CreateSrtpSessions() { |
| 369 | send_session_.reset(new cricket::SrtpSession()); |
| 370 | recv_session_.reset(new cricket::SrtpSession()); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 371 | if (external_auth_enabled_) { |
| 372 | send_session_->EnableExternalAuth(); |
| 373 | } |
| 374 | } |
| 375 | |
| 376 | bool SrtpTransport::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 377 | if (!IsSrtpActive()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 378 | RTC_LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active"; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 379 | return false; |
| 380 | } |
| 381 | RTC_CHECK(send_session_); |
| 382 | return send_session_->ProtectRtp(p, in_len, max_len, out_len); |
| 383 | } |
| 384 | |
| 385 | bool SrtpTransport::ProtectRtp(void* p, |
| 386 | int in_len, |
| 387 | int max_len, |
| 388 | int* out_len, |
| 389 | int64_t* index) { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 390 | if (!IsSrtpActive()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 391 | RTC_LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active"; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 392 | return false; |
| 393 | } |
| 394 | RTC_CHECK(send_session_); |
| 395 | return send_session_->ProtectRtp(p, in_len, max_len, out_len, index); |
| 396 | } |
| 397 | |
| 398 | bool SrtpTransport::ProtectRtcp(void* p, |
| 399 | int in_len, |
| 400 | int max_len, |
| 401 | int* out_len) { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 402 | if (!IsSrtpActive()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 403 | RTC_LOG(LS_WARNING) << "Failed to ProtectRtcp: SRTP not active"; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 404 | return false; |
| 405 | } |
| 406 | if (send_rtcp_session_) { |
| 407 | return send_rtcp_session_->ProtectRtcp(p, in_len, max_len, out_len); |
| 408 | } else { |
| 409 | RTC_CHECK(send_session_); |
| 410 | return send_session_->ProtectRtcp(p, in_len, max_len, out_len); |
| 411 | } |
| 412 | } |
| 413 | |
| 414 | bool SrtpTransport::UnprotectRtp(void* p, int in_len, int* out_len) { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 415 | if (!IsSrtpActive()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 416 | RTC_LOG(LS_WARNING) << "Failed to UnprotectRtp: SRTP not active"; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 417 | return false; |
| 418 | } |
| 419 | RTC_CHECK(recv_session_); |
| 420 | return recv_session_->UnprotectRtp(p, in_len, out_len); |
| 421 | } |
| 422 | |
| 423 | bool SrtpTransport::UnprotectRtcp(void* p, int in_len, int* out_len) { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 424 | if (!IsSrtpActive()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 425 | RTC_LOG(LS_WARNING) << "Failed to UnprotectRtcp: SRTP not active"; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 426 | return false; |
| 427 | } |
| 428 | if (recv_rtcp_session_) { |
| 429 | return recv_rtcp_session_->UnprotectRtcp(p, in_len, out_len); |
| 430 | } else { |
| 431 | RTC_CHECK(recv_session_); |
| 432 | return recv_session_->UnprotectRtcp(p, in_len, out_len); |
| 433 | } |
| 434 | } |
| 435 | |
| 436 | bool SrtpTransport::GetRtpAuthParams(uint8_t** key, |
| 437 | int* key_len, |
| 438 | int* tag_len) { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 439 | if (!IsSrtpActive()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 440 | RTC_LOG(LS_WARNING) << "Failed to GetRtpAuthParams: SRTP not active"; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 441 | return false; |
| 442 | } |
| 443 | |
| 444 | RTC_CHECK(send_session_); |
| 445 | return send_session_->GetRtpAuthParams(key, key_len, tag_len); |
| 446 | } |
| 447 | |
| 448 | bool SrtpTransport::GetSrtpOverhead(int* srtp_overhead) const { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 449 | if (!IsSrtpActive()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 450 | RTC_LOG(LS_WARNING) << "Failed to GetSrtpOverhead: SRTP not active"; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 451 | return false; |
| 452 | } |
| 453 | |
| 454 | RTC_CHECK(send_session_); |
| 455 | *srtp_overhead = send_session_->GetSrtpOverhead(); |
| 456 | return true; |
| 457 | } |
| 458 | |
| 459 | void SrtpTransport::EnableExternalAuth() { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 460 | RTC_DCHECK(!IsSrtpActive()); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 461 | external_auth_enabled_ = true; |
| 462 | } |
| 463 | |
| 464 | bool SrtpTransport::IsExternalAuthEnabled() const { |
| 465 | return external_auth_enabled_; |
| 466 | } |
| 467 | |
| 468 | bool SrtpTransport::IsExternalAuthActive() const { |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 469 | if (!IsSrtpActive()) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 470 | RTC_LOG(LS_WARNING) |
| 471 | << "Failed to check IsExternalAuthActive: SRTP not active"; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 472 | return false; |
| 473 | } |
| 474 | |
| 475 | RTC_CHECK(send_session_); |
| 476 | return send_session_->IsExternalAuthActive(); |
| 477 | } |
| 478 | |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 479 | bool SrtpTransport::MaybeSetKeyParams() { |
| 480 | if (!send_cipher_suite_ || !recv_cipher_suite_) { |
| 481 | return true; |
| 482 | } |
| 483 | |
| 484 | return SetRtpParams(*send_cipher_suite_, send_key_.data(), |
| 485 | static_cast<int>(send_key_.size()), std::vector<int>(), |
| 486 | *recv_cipher_suite_, recv_key_.data(), |
| 487 | static_cast<int>(recv_key_.size()), std::vector<int>()); |
| 488 | } |
| 489 | |
| 490 | bool SrtpTransport::ParseKeyParams(const std::string& key_params, |
| 491 | uint8_t* key, |
| 492 | size_t len) { |
| 493 | // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2" |
| 494 | |
| 495 | // Fail if key-method is wrong. |
| 496 | if (key_params.find("inline:") != 0) { |
| 497 | return false; |
| 498 | } |
| 499 | |
| 500 | // Fail if base64 decode fails, or the key is the wrong size. |
| 501 | std::string key_b64(key_params.substr(7)), key_str; |
| 502 | if (!rtc::Base64::Decode(key_b64, rtc::Base64::DO_STRICT, &key_str, |
| 503 | nullptr) || |
| 504 | key_str.size() != len) { |
| 505 | return false; |
| 506 | } |
| 507 | |
| 508 | memcpy(key, key_str.c_str(), len); |
| 509 | // TODO(bugs.webrtc.org/8905): Switch to ZeroOnFreeBuffer for storing |
| 510 | // sensitive data. |
| 511 | rtc::ExplicitZeroMemory(&key_str[0], key_str.size()); |
| 512 | return true; |
| 513 | } |
| 514 | |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 515 | void SrtpTransport::MaybeUpdateWritableState() { |
| 516 | bool writable = IsWritable(/*rtcp=*/true) && IsWritable(/*rtcp=*/false); |
| 517 | // Only fire the signal if the writable state changes. |
| 518 | if (writable_ != writable) { |
| 519 | writable_ = writable; |
| 520 | SignalWritableState(writable_); |
| 521 | } |
Steve Anton | db67ba1 | 2018-03-19 17:41:42 -0700 | [diff] [blame] | 522 | } |
| 523 | |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 524 | } // namespace webrtc |