1 /* 2 * Copyright 2017 The WebRTC project authors. All Rights Reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef PC_SRTP_TRANSPORT_H_ 12 #define PC_SRTP_TRANSPORT_H_ 13 14 #include <stddef.h> 15 16 #include <cstdint> 17 #include <memory> 18 #include <string> 19 #include <vector> 20 21 #include "absl/types/optional.h" 22 #include "api/crypto_params.h" 23 #include "api/rtc_error.h" 24 #include "p2p/base/packet_transport_internal.h" 25 #include "pc/rtp_transport.h" 26 #include "pc/srtp_session.h" 27 #include "rtc_base/async_packet_socket.h" 28 #include "rtc_base/buffer.h" 29 #include "rtc_base/copy_on_write_buffer.h" 30 #include "rtc_base/network_route.h" 31 32 namespace webrtc { 33 34 // This subclass of the RtpTransport is used for SRTP which is reponsible for 35 // protecting/unprotecting the packets. It provides interfaces to set the crypto 36 // parameters for the SrtpSession underneath. 37 class SrtpTransport : public RtpTransport { 38 public: 39 explicit SrtpTransport(bool rtcp_mux_enabled); 40 41 virtual ~SrtpTransport() = default; 42 43 // SrtpTransportInterface specific implementation. 44 virtual RTCError SetSrtpSendKey(const cricket::CryptoParams& params); 45 virtual RTCError SetSrtpReceiveKey(const cricket::CryptoParams& params); 46 47 bool SendRtpPacket(rtc::CopyOnWriteBuffer* packet, 48 const rtc::PacketOptions& options, 49 int flags) override; 50 51 bool SendRtcpPacket(rtc::CopyOnWriteBuffer* packet, 52 const rtc::PacketOptions& options, 53 int flags) override; 54 55 // The transport becomes active if the send_session_ and recv_session_ are 56 // created. 57 bool IsSrtpActive() const override; 58 59 bool IsWritable(bool rtcp) const override; 60 61 // Create new send/recv sessions and set the negotiated crypto keys for RTP 62 // packet encryption. The keys can either come from SDES negotiation or DTLS 63 // handshake. 64 bool SetRtpParams(int send_cs, 65 const uint8_t* send_key, 66 int send_key_len, 67 const std::vector<int>& send_extension_ids, 68 int recv_cs, 69 const uint8_t* recv_key, 70 int recv_key_len, 71 const std::vector<int>& recv_extension_ids); 72 73 // Create new send/recv sessions and set the negotiated crypto keys for RTCP 74 // packet encryption. The keys can either come from SDES negotiation or DTLS 75 // handshake. 76 bool SetRtcpParams(int send_cs, 77 const uint8_t* send_key, 78 int send_key_len, 79 const std::vector<int>& send_extension_ids, 80 int recv_cs, 81 const uint8_t* recv_key, 82 int recv_key_len, 83 const std::vector<int>& recv_extension_ids); 84 85 void ResetParams(); 86 87 // If external auth is enabled, SRTP will write a dummy auth tag that then 88 // later must get replaced before the packet is sent out. Only supported for 89 // non-GCM cipher suites and can be checked through "IsExternalAuthActive" 90 // if it is actually used. This method is only valid before the RTP params 91 // have been set. 92 void EnableExternalAuth(); 93 bool IsExternalAuthEnabled() const; 94 95 // A SrtpTransport supports external creation of the auth tag if a non-GCM 96 // cipher is used. This method is only valid after the RTP params have 97 // been set. 98 bool IsExternalAuthActive() const; 99 100 // Returns srtp overhead for rtp packets. 101 bool GetSrtpOverhead(int* srtp_overhead) const; 102 103 // Returns rtp auth params from srtp context. 104 bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len); 105 106 // Cache RTP Absoulute SendTime extension header ID. This is only used when 107 // external authentication is enabled. CacheRtpAbsSendTimeHeaderExtension(int rtp_abs_sendtime_extn_id)108 void CacheRtpAbsSendTimeHeaderExtension(int rtp_abs_sendtime_extn_id) { 109 rtp_abs_sendtime_extn_id_ = rtp_abs_sendtime_extn_id; 110 } 111 112 protected: 113 // If the writable state changed, fire the SignalWritableState. 114 void MaybeUpdateWritableState(); 115 116 private: 117 void ConnectToRtpTransport(); 118 void CreateSrtpSessions(); 119 120 void OnRtpPacketReceived(rtc::CopyOnWriteBuffer packet, 121 int64_t packet_time_us) override; 122 void OnRtcpPacketReceived(rtc::CopyOnWriteBuffer packet, 123 int64_t packet_time_us) override; 124 void OnNetworkRouteChanged( 125 absl::optional<rtc::NetworkRoute> network_route) override; 126 127 // Override the RtpTransport::OnWritableState. 128 void OnWritableState(rtc::PacketTransportInternal* packet_transport) override; 129 130 bool ProtectRtp(void* data, int in_len, int max_len, int* out_len); 131 132 // Overloaded version, outputs packet index. 133 bool ProtectRtp(void* data, 134 int in_len, 135 int max_len, 136 int* out_len, 137 int64_t* index); 138 bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len); 139 140 // Decrypts/verifies an invidiual RTP/RTCP packet. 141 // If an HMAC is used, this will decrease the packet size. 142 bool UnprotectRtp(void* data, int in_len, int* out_len); 143 144 bool UnprotectRtcp(void* data, int in_len, int* out_len); 145 146 bool MaybeSetKeyParams(); 147 bool ParseKeyParams(const std::string& key_params, uint8_t* key, size_t len); 148 149 const std::string content_name_; 150 151 std::unique_ptr<cricket::SrtpSession> send_session_; 152 std::unique_ptr<cricket::SrtpSession> recv_session_; 153 std::unique_ptr<cricket::SrtpSession> send_rtcp_session_; 154 std::unique_ptr<cricket::SrtpSession> recv_rtcp_session_; 155 156 absl::optional<cricket::CryptoParams> send_params_; 157 absl::optional<cricket::CryptoParams> recv_params_; 158 absl::optional<int> send_cipher_suite_; 159 absl::optional<int> recv_cipher_suite_; 160 rtc::ZeroOnFreeBuffer<uint8_t> send_key_; 161 rtc::ZeroOnFreeBuffer<uint8_t> recv_key_; 162 163 bool writable_ = false; 164 165 bool external_auth_enabled_ = false; 166 167 int rtp_abs_sendtime_extn_id_ = -1; 168 169 int decryption_failure_count_ = 0; 170 }; 171 172 } // namespace webrtc 173 174 #endif // PC_SRTP_TRANSPORT_H_ 175