b140b9fd69
This is the same thing we're doing for usrsctp. Before this CL, the first SrtpSession to call SetKey would initialize libsrtp, and ChannelManager's destructor would deinitialize it. This works for an application that only uses one instance of ChannelManager simultaneously (or one instance of PeerConnectionFactory), but not one that uses multiple. Now, libsrtp is effectively reference-counted, with the first SrtpSession to take a reference initializing it, and the last to remove its reference deinitializing it. This issue was discovered recently due to a change that resulted in using srtp_update. Without using that method, the issue went unnoticed; maybe srtp_protect/srtp_unprotect don't require initialization? Bug: webrtc:8388 Change-Id: If1329360f0b469e454810e62e9b5acfbd4cba100 Reviewed-on: https://webrtc-review.googlesource.com/9000 Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Cr-Commit-Position: refs/heads/master@{#20262}
114 lines
4.1 KiB
C++
114 lines
4.1 KiB
C++
/*
|
|
* Copyright 2017 The WebRTC project authors. All Rights Reserved.
|
|
*
|
|
* Use of this source code is governed by a BSD-style license
|
|
* that can be found in the LICENSE file in the root of the source
|
|
* tree. An additional intellectual property rights grant can be found
|
|
* in the file PATENTS. All contributing project authors may
|
|
* be found in the AUTHORS file in the root of the source tree.
|
|
*/
|
|
|
|
#ifndef PC_SRTPSESSION_H_
|
|
#define PC_SRTPSESSION_H_
|
|
|
|
#include <vector>
|
|
|
|
#include "rtc_base/basictypes.h"
|
|
#include "rtc_base/thread_checker.h"
|
|
|
|
// Forward declaration to avoid pulling in libsrtp headers here
|
|
struct srtp_event_data_t;
|
|
struct srtp_ctx_t_;
|
|
|
|
namespace cricket {
|
|
|
|
// Class that wraps a libSRTP session.
|
|
class SrtpSession {
|
|
public:
|
|
SrtpSession();
|
|
~SrtpSession();
|
|
|
|
// Configures the session for sending data using the specified
|
|
// cipher-suite and key. Receiving must be done by a separate session.
|
|
bool SetSend(int cs, const uint8_t* key, size_t len);
|
|
bool UpdateSend(int cs, const uint8_t* key, size_t len);
|
|
|
|
// Configures the session for receiving data using the specified
|
|
// cipher-suite and key. Sending must be done by a separate session.
|
|
bool SetRecv(int cs, const uint8_t* key, size_t len);
|
|
bool UpdateRecv(int cs, const uint8_t* key, size_t len);
|
|
|
|
void SetEncryptedHeaderExtensionIds(
|
|
const std::vector<int>& encrypted_header_extension_ids);
|
|
|
|
// Encrypts/signs an individual RTP/RTCP packet, in-place.
|
|
// If an HMAC is used, this will increase the packet size.
|
|
bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
|
|
// Overloaded version, outputs packet index.
|
|
bool ProtectRtp(void* data,
|
|
int in_len,
|
|
int max_len,
|
|
int* out_len,
|
|
int64_t* index);
|
|
bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
|
|
// Decrypts/verifies an invidiual RTP/RTCP packet.
|
|
// If an HMAC is used, this will decrease the packet size.
|
|
bool UnprotectRtp(void* data, int in_len, int* out_len);
|
|
bool UnprotectRtcp(void* data, int in_len, int* out_len);
|
|
|
|
// Helper method to get authentication params.
|
|
bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
|
|
|
|
int GetSrtpOverhead() const;
|
|
|
|
// If external auth is enabled, SRTP will write a dummy auth tag that then
|
|
// later must get replaced before the packet is sent out. Only supported for
|
|
// non-GCM cipher suites and can be checked through "IsExternalAuthActive"
|
|
// if it is actually used. This method is only valid before the RTP params
|
|
// have been set.
|
|
void EnableExternalAuth();
|
|
bool IsExternalAuthEnabled() const;
|
|
|
|
// A SRTP session supports external creation of the auth tag if a non-GCM
|
|
// cipher is used. This method is only valid after the RTP params have
|
|
// been set.
|
|
bool IsExternalAuthActive() const;
|
|
|
|
private:
|
|
bool DoSetKey(int type, int cs, const uint8_t* key, size_t len);
|
|
bool SetKey(int type, int cs, const uint8_t* key, size_t len);
|
|
bool UpdateKey(int type, int cs, const uint8_t* key, size_t len);
|
|
bool SetEncryptedHeaderExtensionIds(
|
|
int type,
|
|
const std::vector<int>& encrypted_header_extension_ids);
|
|
// Returns send stream current packet index from srtp db.
|
|
bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index);
|
|
|
|
// These methods are responsible for initializing libsrtp (if the usage count
|
|
// is incremented from 0 to 1) or deinitializing it (when decremented from 1
|
|
// to 0).
|
|
//
|
|
// Returns true if successful (will always be successful if already inited).
|
|
static bool IncrementLibsrtpUsageCountAndMaybeInit();
|
|
static void DecrementLibsrtpUsageCountAndMaybeDeinit();
|
|
|
|
void HandleEvent(const srtp_event_data_t* ev);
|
|
static void HandleEventThunk(srtp_event_data_t* ev);
|
|
|
|
rtc::ThreadChecker thread_checker_;
|
|
srtp_ctx_t_* session_ = nullptr;
|
|
int rtp_auth_tag_len_ = 0;
|
|
int rtcp_auth_tag_len_ = 0;
|
|
bool inited_ = false;
|
|
static rtc::GlobalLockPod lock_;
|
|
int last_send_seq_num_ = -1;
|
|
bool external_auth_active_ = false;
|
|
bool external_auth_enabled_ = false;
|
|
std::vector<int> encrypted_header_extension_ids_;
|
|
RTC_DISALLOW_COPY_AND_ASSIGN(SrtpSession);
|
|
};
|
|
|
|
} // namespace cricket
|
|
|
|
#endif // PC_SRTPSESSION_H_
|