admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
webrtc_m130/pc/srtpfilter.h
zhihuang eb23e17798 Revert of Completed the functionalities of SrtpTransport. (patchset 7 id:320001 of https://codereview.webrtc.org/2997983002/ ) 
Reason for revert:
This seems to be causing some video freezes. See https://bugs.chromium.org/p/webrtc/issues/detail?id=8251

Original issue's description:
> Completed the functionalities of SrtpTransport.
>
> The SrtpTransport takes the SRTP responsibilities from the BaseChannel
> and SrtpFilter. SrtpTransport is now responsible for setting the crypto
> keys, protecting and unprotecting the packets. SrtpTransport doesn't know
> if the keys are from SDES or DTLS handshake.
>
> BaseChannel is now only responsible setting the offer/answer for SDES
> or extracting the key from DtlsTransport and configuring the
> SrtpTransport.
>
> SrtpFilter is used by BaseChannel as a helper for SDES negotiation.
>
> BUG=webrtc:7013
>
> Review-Url: https://codereview.webrtc.org/2997983002
> Cr-Commit-Position: refs/heads/master@{#19636}
> Committed: e683c6871f

TBR=deadbeef@webrtc.org,pthatcher@google.com,zhihuang@webrtc.org
Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=webrtc:7013

Review-Url: https://codereview.webrtc.org/3018513002
Cr-Commit-Position: refs/heads/master@{#19895}
2017-09-19 08:12:52 +00:00

202 lines
7.4 KiB
C++
Raw Blame History

/*
* Copyright 2009 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef PC_SRTPFILTER_H_
#define PC_SRTPFILTER_H_
#include <list>
#include <map>
#include <memory>
#include <string>
#include <vector>
#include "media/base/cryptoparams.h"
#include "p2p/base/sessiondescription.h"
#include "rtc_base/basictypes.h"
#include "rtc_base/constructormagic.h"
#include "rtc_base/criticalsection.h"
#include "rtc_base/sslstreamadapter.h"
#include "rtc_base/thread_checker.h"
// Forward declaration to avoid pulling in libsrtp headers here
struct srtp_event_data_t;
struct srtp_ctx_t_;
namespace cricket {
class SrtpSession;
void ShutdownSrtp();
// Class to transform SRTP to/from RTP.
// Initialize by calling SetSend with the local security params, then
// call
// SetRecv once the remote security params are received. At that point
// Protect/UnprotectRt(c)p can be called to encrypt/decrypt data.
// TODO: Figure out concurrency policy for SrtpFilter.
class SrtpFilter {
public:
enum Mode {
PROTECT,
UNPROTECT
};
enum Error {
ERROR_NONE,
ERROR_FAIL,
ERROR_AUTH,
ERROR_REPLAY,
};
SrtpFilter();
~SrtpFilter();
// Whether the filter is active (i.e. crypto has been properly negotiated).
bool IsActive() const;
// Indicates which crypto algorithms and keys were contained in the offer.
// offer_params should contain a list of available parameters to use, or none,
// if crypto is not desired. This must be called before SetAnswer.
bool SetOffer(const std::vector<CryptoParams>& offer_params,
ContentSource source);
// Same as SetAnwer. But multiple calls are allowed to SetProvisionalAnswer
// after a call to SetOffer.
bool SetProvisionalAnswer(const std::vector<CryptoParams>& answer_params,
ContentSource source);
// Indicates which crypto algorithms and keys were contained in the answer.
// answer_params should contain the negotiated parameters, which may be none,
// if crypto was not desired or could not be negotiated (and not required).
// This must be called after SetOffer. If crypto negotiation completes
// successfully, this will advance the filter to the active state.
bool SetAnswer(const std::vector<CryptoParams>& answer_params,
ContentSource source);
// Set the header extension ids that should be encrypted for the given
// source.
void SetEncryptedHeaderExtensionIds(ContentSource source,
const std::vector<int>& extension_ids);
// Just set up both sets of keys directly.
// Used with DTLS-SRTP.
bool SetRtpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
int recv_cs,
const uint8_t* recv_key,
int recv_key_len);
bool UpdateRtpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
int recv_cs,
const uint8_t* recv_key,
int recv_key_len);
bool SetRtcpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
int recv_cs,
const uint8_t* recv_key,
int recv_key_len);
// Encrypts/signs an individual RTP/RTCP packet, in-place.
// If an HMAC is used, this will increase the packet size.
bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
// Overloaded version, outputs packet index.
bool ProtectRtp(void* data,
int in_len,
int max_len,
int* out_len,
int64_t* index);
bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
// Decrypts/verifies an invidiual RTP/RTCP packet.
// If an HMAC is used, this will decrease the packet size.
bool UnprotectRtp(void* data, int in_len, int* out_len);
bool UnprotectRtcp(void* data, int in_len, int* out_len);
// Returns rtp auth params from srtp context.
bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
// Returns srtp overhead for rtp packets.
bool GetSrtpOverhead(int* srtp_overhead) const;
// If external auth is enabled, SRTP will write a dummy auth tag that
// then
// later must get replaced before the packet is sent out. Only
// supported for
// non-GCM cipher suites and can be checked through
// "IsExternalAuthActive"
// if it is actually used. This method is only valid before the RTP
// params
// have been set.
void EnableExternalAuth();
bool IsExternalAuthEnabled() const;
// A SRTP filter supports external creation of the auth tag if a non-GCM
// cipher is used. This method is only valid after the RTP params have
// been set.
bool IsExternalAuthActive() const;
bool ResetParams();
protected:
bool ExpectOffer(ContentSource source);
bool StoreParams(const std::vector<CryptoParams>& params,
ContentSource source);
bool ExpectAnswer(ContentSource source);
bool DoSetAnswer(const std::vector<CryptoParams>& answer_params,
ContentSource source,
bool final);
void CreateSrtpSessions();
bool NegotiateParams(const std::vector<CryptoParams>& answer_params,
CryptoParams* selected_params);
bool ApplyParams(const CryptoParams& send_params,
const CryptoParams& recv_params);
static bool ParseKeyParams(const std::string& params,
uint8_t* key,
size_t len);
private:
enum State {
ST_INIT, // SRTP filter unused.
ST_SENTOFFER, // Offer with SRTP parameters sent.
ST_RECEIVEDOFFER, // Offer with SRTP parameters received.
ST_SENTPRANSWER_NO_CRYPTO, // Sent provisional answer without crypto.
// Received provisional answer without crypto.
ST_RECEIVEDPRANSWER_NO_CRYPTO,
ST_ACTIVE, // Offer and answer set.
// SRTP filter is active but new parameters are offered.
// When the answer is set, the state transitions to ST_ACTIVE or ST_INIT.
ST_SENTUPDATEDOFFER,
// SRTP filter is active but new parameters are received.
// When the answer is set, the state transitions back to ST_ACTIVE.
ST_RECEIVEDUPDATEDOFFER,
// SRTP filter is active but the sent answer is only provisional.
// When the final answer is set, the state transitions to ST_ACTIVE or
// ST_INIT.
ST_SENTPRANSWER,
// SRTP filter is active but the received answer is only provisional.
// When the final answer is set, the state transitions to ST_ACTIVE or
// ST_INIT.
ST_RECEIVEDPRANSWER
};
State state_ = ST_INIT;
bool external_auth_enabled_ = false;
std::vector<CryptoParams> offer_params_;
std::unique_ptr<SrtpSession> send_session_;
std::unique_ptr<SrtpSession> recv_session_;
std::unique_ptr<SrtpSession> send_rtcp_session_;
std::unique_ptr<SrtpSession> recv_rtcp_session_;
CryptoParams applied_send_params_;
CryptoParams applied_recv_params_;
std::vector<int> send_encrypted_header_extension_ids_;
std::vector<int> recv_encrypted_header_extension_ids_;
};
} // namespace cricket
#endif // PC_SRTPFILTER_H_
Reference in New Issue View Git Blame Copy Permalink