Google Git
Sign in
webrtc / src / / 13b327b05fa3788b4daa9c3463e13282824cb320
commit13b327b05fa3788b4daa9c3463e13282824cb320[log] [tgz]
authorPhilipp Hancke <phancke@meta.com>Sat Aug 17 14:42:21 2024
committerWebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Aug 19 05:17:18 2024
tree80c49adeff6f12bdd841b46397c629bb369d8653
parentadb224b3e9e0df3dbd5c5a49a413cfe66e3ea7d4 [diff]
srtp: demonstrate wraparound with loss decryption failure

by encryption a packet with sequence number 65535 followed
by a packet with sequence number 1. The second packet is encrypted
with a SRTP ROC of 1 as described in
  https://datatracker.ietf.org/doc/html/rfc3711#section-3.3.1

The packets are (received and) decrypted in a different order,
the packet with sequence number 1 (and ROC=1) is decrypted first.
Since the ROC is maintained locally the decrypting session assumes
it to be 0.

Why is that a problem? The RFC recommends estimating the ROC with +-1 which, as demonstrated by the test, libSRTP does not.
But this is a rare problem that requires a random in a high range combined with packet loss/reordering which turns into no-a-problem if you choose carefully as done by packet_sequencer.cc which restricts the initial sequence number in the range 0..32767 which means you do not run into this issue in production.

See also Q6 in libsrtp's historical documentation at
  https://srtp.sourceforge.net/historical/faq.html

BUG=webrtc:353565743

Change-Id: I9bd72b198c946937aeb25c229005a0c682447f53
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/358360
Reviewed-by: Erik Språng <sprang@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Cr-Commit-Position: refs/heads/main@{#42798}
2 files changed
tree: 80c49adeff6f12bdd841b46397c629bb369d8653
  1. api/
  2. audio/
  3. build_overrides/
  4. call/
  5. common_audio/
  6. common_video/
  7. data/
  8. docs/
  9. examples/
  10. experiments/
  11. g3doc/
  12. infra/
  13. logging/
  14. media/
  15. modules/
  16. net/
  17. p2p/
  18. pc/
  19. resources/
  20. rtc_base/
  21. rtc_tools/
  22. sdk/
  23. stats/
  24. system_wrappers/
  25. test/
  26. tools_webrtc/
  27. video/
  28. .clang-format
  29. .git-blame-ignore-revs
  30. .gitignore
  31. .gn
  32. .mailmap
  33. .style.yapf
  34. .vpython3
  35. AUTHORS
  36. BUILD.gn
  37. CODE_OF_CONDUCT.md
  38. codereview.settings
  39. DEPS
  40. DIR_METADATA
  41. ENG_REVIEW_OWNERS
  42. LICENSE
  43. license_template.txt
  44. native-api.md
  45. OWNERS
  46. OWNERS_INFRA
  47. PATENTS
  48. PRESUBMIT.py
  49. presubmit_test.py
  50. presubmit_test_mocks.py
  51. pylintrc
  52. pylintrc_old_style
  53. README.chromium
  54. README.md
  55. WATCHLISTS
  56. webrtc.gni
  57. webrtc_lib_link_test.cc
  58. whitespace.txt
README.md

WebRTC is a free, open software project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities via simple APIs. The WebRTC components have been optimized to best serve this purpose.

Our mission: To enable rich, high-quality RTC applications to be developed for the browser, mobile platforms, and IoT devices, and allow them all to communicate via a common set of protocols.

The WebRTC initiative is a project supported by Google, Mozilla and Opera, amongst others.

Development

See here for instructions on how to get started developing with the native code.

Authoritative list of directories that contain the native API header files.

More info