blob: a4e99b5f3dc25a2ba38704dc0a71facd744196a3 [file] [log] [blame]
zstein398c3fd2017-07-19 20:38:021/*
2 * Copyright 2017 The WebRTC project authors. All Rights Reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
Mirko Bonadei92ea95e2017-09-15 04:47:3111#include "pc/srtptransport.h"
zstein398c3fd2017-07-19 20:38:0212
13#include <string>
14
Mirko Bonadei92ea95e2017-09-15 04:47:3115#include "media/base/rtputils.h"
16#include "pc/rtptransport.h"
17#include "pc/srtpsession.h"
18#include "rtc_base/asyncpacketsocket.h"
Zhi Huangcf990f52017-09-22 19:12:3019#include "rtc_base/base64.h"
Mirko Bonadei92ea95e2017-09-15 04:47:3120#include "rtc_base/copyonwritebuffer.h"
21#include "rtc_base/ptr_util.h"
22#include "rtc_base/trace_event.h"
zstein398c3fd2017-07-19 20:38:0223
24namespace webrtc {
25
26SrtpTransport::SrtpTransport(bool rtcp_mux_enabled,
27 const std::string& content_name)
28 : content_name_(content_name),
29 rtp_transport_(rtc::MakeUnique<RtpTransport>(rtcp_mux_enabled)) {
30 ConnectToRtpTransport();
31}
32
33SrtpTransport::SrtpTransport(std::unique_ptr<RtpTransportInternal> transport,
34 const std::string& content_name)
35 : content_name_(content_name), rtp_transport_(std::move(transport)) {
36 ConnectToRtpTransport();
37}
38
39void SrtpTransport::ConnectToRtpTransport() {
40 rtp_transport_->SignalPacketReceived.connect(
41 this, &SrtpTransport::OnPacketReceived);
42 rtp_transport_->SignalReadyToSend.connect(this,
43 &SrtpTransport::OnReadyToSend);
44}
45
Zhi Huangcf990f52017-09-22 19:12:3046bool SrtpTransport::SendRtpPacket(rtc::CopyOnWriteBuffer* packet,
47 const rtc::PacketOptions& options,
48 int flags) {
49 return SendPacket(false, packet, options, flags);
50}
51
52bool SrtpTransport::SendRtcpPacket(rtc::CopyOnWriteBuffer* packet,
53 const rtc::PacketOptions& options,
54 int flags) {
55 return SendPacket(true, packet, options, flags);
56}
57
zstein398c3fd2017-07-19 20:38:0258bool SrtpTransport::SendPacket(bool rtcp,
59 rtc::CopyOnWriteBuffer* packet,
60 const rtc::PacketOptions& options,
61 int flags) {
Zhi Huangcf990f52017-09-22 19:12:3062 if (!IsActive()) {
63 LOG(LS_ERROR)
64 << "Failed to send the packet because SRTP transport is inactive.";
65 return false;
66 }
zstein398c3fd2017-07-19 20:38:0267
Zhi Huangcf990f52017-09-22 19:12:3068 rtc::PacketOptions updated_options = options;
69 rtc::CopyOnWriteBuffer cp = *packet;
70 TRACE_EVENT0("webrtc", "SRTP Encode");
71 bool res;
72 uint8_t* data = packet->data();
73 int len = static_cast<int>(packet->size());
74 if (!rtcp) {
75// If ENABLE_EXTERNAL_AUTH flag is on then packet authentication is not done
76// inside libsrtp for a RTP packet. A external HMAC module will be writing
77// a fake HMAC value. This is ONLY done for a RTP packet.
78// Socket layer will update rtp sendtime extension header if present in
79// packet with current time before updating the HMAC.
80#if !defined(ENABLE_EXTERNAL_AUTH)
81 res = ProtectRtp(data, len, static_cast<int>(packet->capacity()), &len);
82#else
83 if (!IsExternalAuthActive()) {
84 res = ProtectRtp(data, len, static_cast<int>(packet->capacity()), &len);
85 } else {
86 updated_options.packet_time_params.rtp_sendtime_extension_id =
87 rtp_abs_sendtime_extn_id_;
88 res = ProtectRtp(data, len, static_cast<int>(packet->capacity()), &len,
89 &updated_options.packet_time_params.srtp_packet_index);
90 // If protection succeeds, let's get auth params from srtp.
91 if (res) {
92 uint8_t* auth_key = NULL;
93 int key_len;
94 res = GetRtpAuthParams(
95 &auth_key, &key_len,
96 &updated_options.packet_time_params.srtp_auth_tag_len);
97 if (res) {
98 updated_options.packet_time_params.srtp_auth_key.resize(key_len);
99 updated_options.packet_time_params.srtp_auth_key.assign(
100 auth_key, auth_key + key_len);
101 }
102 }
103 }
104#endif
105 if (!res) {
106 int seq_num = -1;
107 uint32_t ssrc = 0;
108 cricket::GetRtpSeqNum(data, len, &seq_num);
109 cricket::GetRtpSsrc(data, len, &ssrc);
110 LOG(LS_ERROR) << "Failed to protect " << content_name_
111 << " RTP packet: size=" << len << ", seqnum=" << seq_num
112 << ", SSRC=" << ssrc;
113 return false;
114 }
115 } else {
116 res = ProtectRtcp(data, len, static_cast<int>(packet->capacity()), &len);
117 if (!res) {
118 int type = -1;
119 cricket::GetRtcpType(data, len, &type);
120 LOG(LS_ERROR) << "Failed to protect " << content_name_
121 << " RTCP packet: size=" << len << ", type=" << type;
122 return false;
123 }
124 }
125
126 // Update the length of the packet now that we've added the auth tag.
127 packet->SetSize(len);
128 return rtcp ? rtp_transport_->SendRtcpPacket(packet, updated_options, flags)
129 : rtp_transport_->SendRtpPacket(packet, updated_options, flags);
zstein398c3fd2017-07-19 20:38:02130}
131
132void SrtpTransport::OnPacketReceived(bool rtcp,
133 rtc::CopyOnWriteBuffer* packet,
134 const rtc::PacketTime& packet_time) {
Zhi Huangcf990f52017-09-22 19:12:30135 if (!IsActive()) {
136 LOG(LS_WARNING) << "Inactive SRTP transport received a packet. Drop it.";
137 return;
138 }
zstein398c3fd2017-07-19 20:38:02139
Zhi Huangcf990f52017-09-22 19:12:30140 TRACE_EVENT0("webrtc", "SRTP Decode");
141 char* data = packet->data<char>();
142 int len = static_cast<int>(packet->size());
143 bool res;
144 if (!rtcp) {
145 res = UnprotectRtp(data, len, &len);
146 if (!res) {
147 int seq_num = -1;
148 uint32_t ssrc = 0;
149 cricket::GetRtpSeqNum(data, len, &seq_num);
150 cricket::GetRtpSsrc(data, len, &ssrc);
151 LOG(LS_ERROR) << "Failed to unprotect " << content_name_
152 << " RTP packet: size=" << len << ", seqnum=" << seq_num
153 << ", SSRC=" << ssrc;
154 return;
155 }
156 } else {
157 res = UnprotectRtcp(data, len, &len);
158 if (!res) {
159 int type = -1;
160 cricket::GetRtcpType(data, len, &type);
161 LOG(LS_ERROR) << "Failed to unprotect " << content_name_
162 << " RTCP packet: size=" << len << ", type=" << type;
163 return;
164 }
165 }
166
167 packet->SetSize(len);
zstein398c3fd2017-07-19 20:38:02168 SignalPacketReceived(rtcp, packet, packet_time);
169}
170
Zhi Huangcf990f52017-09-22 19:12:30171bool SrtpTransport::SetRtpParams(int send_cs,
172 const uint8_t* send_key,
173 int send_key_len,
174 int recv_cs,
175 const uint8_t* recv_key,
176 int recv_key_len) {
177 // If parameters are being set for the first time, we should create new SRTP
178 // sessions and call "SetSend/SetRecv". Otherwise we should call
179 // "UpdateSend"/"UpdateRecv" on the existing sessions, which will internally
180 // call "srtp_update".
181 bool new_sessions = false;
182 if (!send_session_) {
183 RTC_DCHECK(!recv_session_);
184 CreateSrtpSessions();
185 new_sessions = true;
186 }
187 send_session_->SetEncryptedHeaderExtensionIds(
188 send_encrypted_header_extension_ids_);
189 bool ret = new_sessions
190 ? send_session_->SetSend(send_cs, send_key, send_key_len)
191 : send_session_->UpdateSend(send_cs, send_key, send_key_len);
192 if (!ret) {
193 ResetParams();
194 return false;
195 }
196
197 recv_session_->SetEncryptedHeaderExtensionIds(
198 recv_encrypted_header_extension_ids_);
199 ret = new_sessions
200 ? recv_session_->SetRecv(recv_cs, recv_key, recv_key_len)
201 : recv_session_->UpdateRecv(recv_cs, recv_key, recv_key_len);
202 if (!ret) {
203 ResetParams();
204 return false;
205 }
206
207 LOG(LS_INFO) << "SRTP " << (new_sessions ? "updated" : "activated")
208 << " with negotiated parameters:"
209 << " send cipher_suite " << send_cs << " recv cipher_suite "
210 << recv_cs;
211 return true;
212}
213
214bool SrtpTransport::SetRtcpParams(int send_cs,
215 const uint8_t* send_key,
216 int send_key_len,
217 int recv_cs,
218 const uint8_t* recv_key,
219 int recv_key_len) {
220 // This can only be called once, but can be safely called after
221 // SetRtpParams
222 if (send_rtcp_session_ || recv_rtcp_session_) {
223 LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active";
224 return false;
225 }
226
227 send_rtcp_session_.reset(new cricket::SrtpSession());
228 if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len)) {
229 return false;
230 }
231
232 recv_rtcp_session_.reset(new cricket::SrtpSession());
233 if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len)) {
234 return false;
235 }
236
237 LOG(LS_INFO) << "SRTCP activated with negotiated parameters:"
238 << " send cipher_suite " << send_cs << " recv cipher_suite "
239 << recv_cs;
240
241 return true;
242}
243
244bool SrtpTransport::IsActive() const {
245 return send_session_ && recv_session_;
246}
247
248void SrtpTransport::ResetParams() {
249 send_session_ = nullptr;
250 recv_session_ = nullptr;
251 send_rtcp_session_ = nullptr;
252 recv_rtcp_session_ = nullptr;
253 LOG(LS_INFO) << "The params in SRTP transport are reset.";
254}
255
256void SrtpTransport::SetEncryptedHeaderExtensionIds(
257 cricket::ContentSource source,
258 const std::vector<int>& extension_ids) {
259 if (source == cricket::CS_LOCAL) {
260 recv_encrypted_header_extension_ids_ = extension_ids;
261 } else {
262 send_encrypted_header_extension_ids_ = extension_ids;
263 }
264}
265
266void SrtpTransport::CreateSrtpSessions() {
267 send_session_.reset(new cricket::SrtpSession());
268 recv_session_.reset(new cricket::SrtpSession());
269
270 if (external_auth_enabled_) {
271 send_session_->EnableExternalAuth();
272 }
273}
274
275bool SrtpTransport::ProtectRtp(void* p, int in_len, int max_len, int* out_len) {
276 if (!IsActive()) {
277 LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active";
278 return false;
279 }
280 RTC_CHECK(send_session_);
281 return send_session_->ProtectRtp(p, in_len, max_len, out_len);
282}
283
284bool SrtpTransport::ProtectRtp(void* p,
285 int in_len,
286 int max_len,
287 int* out_len,
288 int64_t* index) {
289 if (!IsActive()) {
290 LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active";
291 return false;
292 }
293 RTC_CHECK(send_session_);
294 return send_session_->ProtectRtp(p, in_len, max_len, out_len, index);
295}
296
297bool SrtpTransport::ProtectRtcp(void* p,
298 int in_len,
299 int max_len,
300 int* out_len) {
301 if (!IsActive()) {
302 LOG(LS_WARNING) << "Failed to ProtectRtcp: SRTP not active";
303 return false;
304 }
305 if (send_rtcp_session_) {
306 return send_rtcp_session_->ProtectRtcp(p, in_len, max_len, out_len);
307 } else {
308 RTC_CHECK(send_session_);
309 return send_session_->ProtectRtcp(p, in_len, max_len, out_len);
310 }
311}
312
313bool SrtpTransport::UnprotectRtp(void* p, int in_len, int* out_len) {
314 if (!IsActive()) {
315 LOG(LS_WARNING) << "Failed to UnprotectRtp: SRTP not active";
316 return false;
317 }
318 RTC_CHECK(recv_session_);
319 return recv_session_->UnprotectRtp(p, in_len, out_len);
320}
321
322bool SrtpTransport::UnprotectRtcp(void* p, int in_len, int* out_len) {
323 if (!IsActive()) {
324 LOG(LS_WARNING) << "Failed to UnprotectRtcp: SRTP not active";
325 return false;
326 }
327 if (recv_rtcp_session_) {
328 return recv_rtcp_session_->UnprotectRtcp(p, in_len, out_len);
329 } else {
330 RTC_CHECK(recv_session_);
331 return recv_session_->UnprotectRtcp(p, in_len, out_len);
332 }
333}
334
335bool SrtpTransport::GetRtpAuthParams(uint8_t** key,
336 int* key_len,
337 int* tag_len) {
338 if (!IsActive()) {
339 LOG(LS_WARNING) << "Failed to GetRtpAuthParams: SRTP not active";
340 return false;
341 }
342
343 RTC_CHECK(send_session_);
344 return send_session_->GetRtpAuthParams(key, key_len, tag_len);
345}
346
347bool SrtpTransport::GetSrtpOverhead(int* srtp_overhead) const {
348 if (!IsActive()) {
349 LOG(LS_WARNING) << "Failed to GetSrtpOverhead: SRTP not active";
350 return false;
351 }
352
353 RTC_CHECK(send_session_);
354 *srtp_overhead = send_session_->GetSrtpOverhead();
355 return true;
356}
357
358void SrtpTransport::EnableExternalAuth() {
359 RTC_DCHECK(!IsActive());
360 external_auth_enabled_ = true;
361}
362
363bool SrtpTransport::IsExternalAuthEnabled() const {
364 return external_auth_enabled_;
365}
366
367bool SrtpTransport::IsExternalAuthActive() const {
368 if (!IsActive()) {
369 LOG(LS_WARNING) << "Failed to check IsExternalAuthActive: SRTP not active";
370 return false;
371 }
372
373 RTC_CHECK(send_session_);
374 return send_session_->IsExternalAuthActive();
375}
376
zstein398c3fd2017-07-19 20:38:02377} // namespace webrtc