1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
/*
* Copyright 2017 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef PC_SRTP_SESSION_H_
#define PC_SRTP_SESSION_H_
#include <stddef.h>
#include <stdint.h>
#include <vector>
#include "api/field_trials_view.h"
#include "api/sequence_checker.h"
#include "rtc_base/buffer.h"
#include "rtc_base/copy_on_write_buffer.h"
// Forward declaration to avoid pulling in libsrtp headers here
struct srtp_event_data_t;
struct srtp_ctx_t_; // Trailing _ is required.
namespace webrtc {
// Prohibits webrtc from initializing libsrtp. This can be used if libsrtp is
// initialized by another library or explicitly. Note that this must be called
// before creating an SRTP session with WebRTC.
void ProhibitLibsrtpInitialization();
// Class that wraps a libSRTP session.
class SrtpSession {
public:
SrtpSession();
explicit SrtpSession(const FieldTrialsView& field_trials);
~SrtpSession();
SrtpSession(const SrtpSession&) = delete;
SrtpSession& operator=(const SrtpSession&) = delete;
// Configures the session for sending data using the specified
// crypto suite and key. Receiving must be done by a separate session.
bool SetSend(int crypto_suite,
const ZeroOnFreeBuffer<uint8_t>& key,
const std::vector<int>& extension_ids);
bool UpdateSend(int crypto_suite,
const ZeroOnFreeBuffer<uint8_t>& key,
const std::vector<int>& extension_ids);
// Configures the session for receiving data using the specified
// crypto suite and key. Sending must be done by a separate session.
bool SetReceive(int crypto_suite,
const ZeroOnFreeBuffer<uint8_t>& key,
const std::vector<int>& extension_ids);
bool UpdateReceive(int crypto_suite,
const ZeroOnFreeBuffer<uint8_t>& key,
const std::vector<int>& extension_ids);
// Encrypts/signs an individual RTP/RTCP packet, in-place.
// If an HMAC is used, this will increase the packet size.
[[deprecated("Pass CopyOnWriteBuffer")]] bool ProtectRtp(void* data,
int in_len,
int max_len,
int* out_len);
bool ProtectRtp(CopyOnWriteBuffer& buffer);
// Overloaded version, outputs packet index.
[[deprecated("Pass CopyOnWriteBuffer")]] bool ProtectRtp(void* data,
int in_len,
int max_len,
int* out_len,
int64_t* index);
bool ProtectRtp(CopyOnWriteBuffer& buffer, int64_t* index);
[[deprecated("Pass CopyOnWriteBuffer")]] bool ProtectRtcp(void* data,
int in_len,
int max_len,
int* out_len);
bool ProtectRtcp(CopyOnWriteBuffer& buffer);
// Decrypts/verifies an invidiual RTP/RTCP packet.
// If an HMAC is used, this will decrease the packet size.
[[deprecated("Pass CopyOnWriteBuffer")]] bool UnprotectRtp(void* data,
int in_len,
int* out_len);
bool UnprotectRtp(CopyOnWriteBuffer& buffer);
[[deprecated("Pass CopyOnWriteBuffer")]] bool UnprotectRtcp(void* data,
int in_len,
int* out_len);
bool UnprotectRtcp(CopyOnWriteBuffer& buffer);
// Helper method to get authentication params.
bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
int GetSrtpOverhead() const;
// If external auth is enabled, SRTP will write a dummy auth tag that then
// later must get replaced before the packet is sent out. Only supported for
// non-GCM cipher suites and can be checked through "IsExternalAuthActive"
// if it is actually used. This method is only valid before the RTP params
// have been set.
void EnableExternalAuth();
bool IsExternalAuthEnabled() const;
// A SRTP session supports external creation of the auth tag if a non-GCM
// cipher is used. This method is only valid after the RTP params have
// been set.
bool IsExternalAuthActive() const;
// Removes a SSRC from the underlying libSRTP session.
// Note: this should only be done for SSRCs that are received.
// Removing SSRCs that were sent and then reusing them leads to
// cryptographic weaknesses described in
// https://www.rfc-editor.org/rfc/rfc3711#section-8
// https://www.rfc-editor.org/rfc/rfc7714#section-8.4
bool RemoveSsrcFromSession(uint32_t ssrc);
private:
bool DoSetKey(int type,
int crypto_suite,
const ZeroOnFreeBuffer<uint8_t>& key,
const std::vector<int>& extension_ids);
bool SetKey(int type,
int crypto_suite,
const ZeroOnFreeBuffer<uint8_t>& key,
const std::vector<int>& extension_ids);
bool UpdateKey(int type,
int crypto_suite,
const ZeroOnFreeBuffer<uint8_t>& key,
const std::vector<int>& extension_ids);
// Returns send stream current packet index from srtp db.
bool GetSendStreamPacketIndex(CopyOnWriteBuffer& buffer, int64_t* index);
// Writes unencrypted packets in text2pcap format to the log file
// for debugging.
void DumpPacket(const CopyOnWriteBuffer& buffer, bool outbound);
[[deprecated("Pass CopyOnWriteBuffer")]] void DumpPacket(const void* buf,
int len,
bool outbound);
void HandleEvent(const srtp_event_data_t* ev);
static void HandleEventThunk(srtp_event_data_t* ev);
SequenceChecker thread_checker_;
srtp_ctx_t_* session_ = nullptr;
// Overhead of the SRTP auth tag for RTP and RTCP in bytes.
// Depends on the cipher suite used and is usually the same with the exception
// of the kCsAesCm128HmacSha1_32 cipher suite. The additional four bytes
// required for RTCP protection are not included.
int rtp_auth_tag_len_ = 0;
int rtcp_auth_tag_len_ = 0;
bool inited_ = false;
int last_send_seq_num_ = -1;
bool external_auth_active_ = false;
bool external_auth_enabled_ = false;
int decryption_failure_count_ = 0;
bool dump_plain_rtp_ = false;
};
} // namespace webrtc
// Re-export symbols from the webrtc namespace for backwards compatibility.
// TODO(bugs.webrtc.org/4222596): Remove once all references are updated.
#ifdef WEBRTC_ALLOW_DEPRECATED_NAMESPACES
namespace cricket {
using ::webrtc::ProhibitLibsrtpInitialization;
using ::webrtc::SrtpSession;
} // namespace cricket
#endif // WEBRTC_ALLOW_DEPRECATED_NAMESPACES
#endif // PC_SRTP_SESSION_H_
|
