10e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org/* 20e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * libjingle 30e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * Copyright 2009 Google Inc. 40e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * 50e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * Redistribution and use in source and binary forms, with or without 60e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * modification, are permitted provided that the following conditions are met: 70e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * 80e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * 1. Redistributions of source code must retain the above copyright notice, 90e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * this list of conditions and the following disclaimer. 100e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * 2. Redistributions in binary form must reproduce the above copyright notice, 110e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * this list of conditions and the following disclaimer in the documentation 120e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * and/or other materials provided with the distribution. 130e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * 3. The name of the author may not be used to endorse or promote products 140e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * derived from this software without specific prior written permission. 150e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * 160e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 170e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 180e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 190e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 200e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 210e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 220e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 230e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 240e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 250e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 260e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org */ 270e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 280e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#ifndef TALK_SESSION_MEDIA_SRTPFILTER_H_ 290e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#define TALK_SESSION_MEDIA_SRTPFILTER_H_ 300e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 310e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#include <list> 320e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#include <map> 330e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#include <string> 340e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#include <vector> 350e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 360e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#include "talk/base/basictypes.h" 370e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#include "talk/base/scoped_ptr.h" 380e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#include "talk/base/sigslotrepeater.h" 390e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#include "talk/media/base/cryptoparams.h" 400e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#include "talk/p2p/base/sessiondescription.h" 410e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 420e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// Forward declaration to avoid pulling in libsrtp headers here 430e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgstruct srtp_event_data_t; 440e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgstruct srtp_ctx_t; 450e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgtypedef srtp_ctx_t* srtp_t; 460e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgstruct srtp_policy_t; 470e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 480e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgnamespace cricket { 490e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 500e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except 510e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// in applications (voice) where the additional bandwidth may be significant. 520e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// A 80-bit HMAC is always used for SRTCP. 530e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// 128-bit AES with 80-bit SHA-1 HMAC. 540e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgextern const char CS_AES_CM_128_HMAC_SHA1_80[]; 550e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// 128-bit AES with 32-bit SHA-1 HMAC. 560e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgextern const char CS_AES_CM_128_HMAC_SHA1_32[]; 570e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// Key is 128 bits and salt is 112 bits == 30 bytes. B64 bloat => 40 bytes. 580e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgextern const int SRTP_MASTER_KEY_BASE64_LEN; 590e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 600e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// Needed for DTLS-SRTP 610e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgextern const int SRTP_MASTER_KEY_KEY_LEN; 620e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgextern const int SRTP_MASTER_KEY_SALT_LEN; 630e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 640e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgclass SrtpSession; 650e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgclass SrtpStat; 660e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 670e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgvoid EnableSrtpDebugging(); 68f99f1011aa4cd22bd86ba2e4f7d239ea1b766ec8wu@webrtc.orgvoid ShutdownSrtp(); 690e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 700e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// Class to transform SRTP to/from RTP. 710e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// Initialize by calling SetSend with the local security params, then call 720e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// SetRecv once the remote security params are received. At that point 730e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// Protect/UnprotectRt(c)p can be called to encrypt/decrypt data. 740e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// TODO: Figure out concurrency policy for SrtpFilter. 750e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgclass SrtpFilter { 760e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org public: 770e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org enum Mode { 780e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org PROTECT, 790e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org UNPROTECT 800e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org }; 810e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org enum Error { 820e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ERROR_NONE, 830e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ERROR_FAIL, 840e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ERROR_AUTH, 850e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ERROR_REPLAY, 860e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org }; 870e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 880e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org SrtpFilter(); 890e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ~SrtpFilter(); 900e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 910e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Whether the filter is active (i.e. crypto has been properly negotiated). 920e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool IsActive() const; 930e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 940e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Indicates which crypto algorithms and keys were contained in the offer. 950e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // offer_params should contain a list of available parameters to use, or none, 960e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // if crypto is not desired. This must be called before SetAnswer. 970e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool SetOffer(const std::vector<CryptoParams>& offer_params, 980e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ContentSource source); 990e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Same as SetAnwer. But multiple calls are allowed to SetProvisionalAnswer 1000e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // after a call to SetOffer. 1010e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool SetProvisionalAnswer(const std::vector<CryptoParams>& answer_params, 1020e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ContentSource source); 1030e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Indicates which crypto algorithms and keys were contained in the answer. 1040e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // answer_params should contain the negotiated parameters, which may be none, 1050e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // if crypto was not desired or could not be negotiated (and not required). 1060e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // This must be called after SetOffer. If crypto negotiation completes 1070e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // successfully, this will advance the filter to the active state. 1080e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool SetAnswer(const std::vector<CryptoParams>& answer_params, 1090e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ContentSource source); 1100e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 1110e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Just set up both sets of keys directly. 1120e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Used with DTLS-SRTP. 1130e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool SetRtpParams(const std::string& send_cs, 1140e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org const uint8* send_key, int send_key_len, 1150e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org const std::string& recv_cs, 1160e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org const uint8* recv_key, int recv_key_len); 1170e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool SetRtcpParams(const std::string& send_cs, 1180e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org const uint8* send_key, int send_key_len, 1190e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org const std::string& recv_cs, 1200e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org const uint8* recv_key, int recv_key_len); 1210e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 1220e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Encrypts/signs an individual RTP/RTCP packet, in-place. 1230e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // If an HMAC is used, this will increase the packet size. 1240e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool ProtectRtp(void* data, int in_len, int max_len, int* out_len); 125e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org // Overloaded version, outputs packet index. 126e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org bool ProtectRtp(void* data, int in_len, int max_len, int* out_len, 127e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org int64* index); 1280e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len); 1290e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Decrypts/verifies an invidiual RTP/RTCP packet. 1300e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // If an HMAC is used, this will decrease the packet size. 1310e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool UnprotectRtp(void* data, int in_len, int* out_len); 1320e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool UnprotectRtcp(void* data, int in_len, int* out_len); 1330e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 134e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org // Returns rtp auth params from srtp context. 135e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org bool GetRtpAuthParams(uint8** key, int* key_len, int* tag_len); 136e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org 1370e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Update the silent threshold (in ms) for signaling errors. 1380e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void set_signal_silent_time(uint32 signal_silent_time_in_ms); 1390e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 1400e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org sigslot::repeater3<uint32, Mode, Error> SignalSrtpError; 1410e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 1420e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org protected: 1430e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool ExpectOffer(ContentSource source); 1440e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool StoreParams(const std::vector<CryptoParams>& params, 1450e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ContentSource source); 1460e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool ExpectAnswer(ContentSource source); 1470e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool DoSetAnswer(const std::vector<CryptoParams>& answer_params, 1480e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ContentSource source, 1490e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool final); 1500e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void CreateSrtpSessions(); 1510e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool NegotiateParams(const std::vector<CryptoParams>& answer_params, 1520e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org CryptoParams* selected_params); 1530e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool ApplyParams(const CryptoParams& send_params, 1540e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org const CryptoParams& recv_params); 1550e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool ResetParams(); 1560e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org static bool ParseKeyParams(const std::string& params, uint8* key, int len); 1570e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 1580e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org private: 1590e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org enum State { 1600e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_INIT, // SRTP filter unused. 1610e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_SENTOFFER, // Offer with SRTP parameters sent. 1620e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_RECEIVEDOFFER, // Offer with SRTP parameters received. 1630e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_SENTPRANSWER_NO_CRYPTO, // Sent provisional answer without crypto. 1640e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Received provisional answer without crypto. 1650e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_RECEIVEDPRANSWER_NO_CRYPTO, 1660e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_ACTIVE, // Offer and answer set. 1670e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // SRTP filter is active but new parameters are offered. 1680e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // When the answer is set, the state transitions to ST_ACTIVE or ST_INIT. 1690e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_SENTUPDATEDOFFER, 1700e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // SRTP filter is active but new parameters are received. 1710e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // When the answer is set, the state transitions back to ST_ACTIVE. 1720e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_RECEIVEDUPDATEDOFFER, 1730e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // SRTP filter is active but the sent answer is only provisional. 1740e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // When the final answer is set, the state transitions to ST_ACTIVE or 1750e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // ST_INIT. 1760e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_SENTPRANSWER, 1770e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // SRTP filter is active but the received answer is only provisional. 1780e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // When the final answer is set, the state transitions to ST_ACTIVE or 1790e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // ST_INIT. 1800e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ST_RECEIVEDPRANSWER 1810e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org }; 1820e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org State state_; 1830e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org uint32 signal_silent_time_in_ms_; 1840e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org std::vector<CryptoParams> offer_params_; 1850e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org talk_base::scoped_ptr<SrtpSession> send_session_; 1860e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org talk_base::scoped_ptr<SrtpSession> recv_session_; 1870e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org talk_base::scoped_ptr<SrtpSession> send_rtcp_session_; 1880e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org talk_base::scoped_ptr<SrtpSession> recv_rtcp_session_; 1890e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org CryptoParams applied_send_params_; 1900e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org CryptoParams applied_recv_params_; 1910e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org}; 1920e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 1930e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// Class that wraps a libSRTP session. 1940e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgclass SrtpSession { 1950e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org public: 1960e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org SrtpSession(); 1970e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org ~SrtpSession(); 1980e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 1990e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Configures the session for sending data using the specified 2000e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // cipher-suite and key. Receiving must be done by a separate session. 2010e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool SetSend(const std::string& cs, const uint8* key, int len); 2020e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Configures the session for receiving data using the specified 2030e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // cipher-suite and key. Sending must be done by a separate session. 2040e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool SetRecv(const std::string& cs, const uint8* key, int len); 2050e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 2060e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Encrypts/signs an individual RTP/RTCP packet, in-place. 2070e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // If an HMAC is used, this will increase the packet size. 2080e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool ProtectRtp(void* data, int in_len, int max_len, int* out_len); 209e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org // Overloaded version, outputs packet index. 210e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org bool ProtectRtp(void* data, int in_len, int max_len, int* out_len, 211e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org int64* index); 2120e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len); 2130e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Decrypts/verifies an invidiual RTP/RTCP packet. 2140e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // If an HMAC is used, this will decrease the packet size. 2150e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool UnprotectRtp(void* data, int in_len, int* out_len); 2160e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool UnprotectRtcp(void* data, int in_len, int* out_len); 2170e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 218e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org // Helper method to get authentication params. 219e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org bool GetRtpAuthParams(uint8** key, int* key_len, int* tag_len); 220e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org 2210e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Update the silent threshold (in ms) for signaling errors. 2220e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void set_signal_silent_time(uint32 signal_silent_time_in_ms); 2230e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 224f99f1011aa4cd22bd86ba2e4f7d239ea1b766ec8wu@webrtc.org // Calls srtp_shutdown if it's initialized. 225f99f1011aa4cd22bd86ba2e4f7d239ea1b766ec8wu@webrtc.org static void Terminate(); 226f99f1011aa4cd22bd86ba2e4f7d239ea1b766ec8wu@webrtc.org 2270e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org sigslot::repeater3<uint32, SrtpFilter::Mode, SrtpFilter::Error> 2280e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org SignalSrtpError; 2290e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 2300e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org private: 2310e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool SetKey(int type, const std::string& cs, const uint8* key, int len); 232e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org // Returns send stream current packet index from srtp db. 233e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org bool GetSendStreamPacketIndex(void* data, int in_len, int64* index); 234e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org 2350e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org static bool Init(); 2360e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void HandleEvent(const srtp_event_data_t* ev); 2370e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org static void HandleEventThunk(srtp_event_data_t* ev); 238e8b0cc3bf706964d657fdb25f0c5791c5a7aa3d7henrike@webrtc.org 2390e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org static std::list<SrtpSession*>* sessions(); 2400e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 2410e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org srtp_t session_; 2420e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org int rtp_auth_tag_len_; 2430e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org int rtcp_auth_tag_len_; 2440e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org talk_base::scoped_ptr<SrtpStat> srtp_stat_; 2450e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org static bool inited_; 2460e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org int last_send_seq_num_; 2470e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org DISALLOW_COPY_AND_ASSIGN(SrtpSession); 2480e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org}; 2490e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 2500e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org// Class that collects failures of SRTP. 2510e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.orgclass SrtpStat { 2520e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org public: 2530e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org SrtpStat(); 2540e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 2550e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Report RTP protection results to the handler. 2560e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void AddProtectRtpResult(uint32 ssrc, int result); 2570e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Report RTP unprotection results to the handler. 2580e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void AddUnprotectRtpResult(uint32 ssrc, int result); 2590e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Report RTCP protection results to the handler. 2600e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void AddProtectRtcpResult(int result); 2610e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Report RTCP unprotection results to the handler. 2620e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void AddUnprotectRtcpResult(int result); 2630e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 2640e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Get silent time (in ms) for SRTP statistics handler. 2650e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org uint32 signal_silent_time() const { return signal_silent_time_; } 2660e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Set silent time (in ms) for SRTP statistics handler. 2670e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void set_signal_silent_time(uint32 signal_silent_time) { 2680e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org signal_silent_time_ = signal_silent_time; 2690e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org } 2700e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 2710e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Sigslot for reporting errors. 2720e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org sigslot::signal3<uint32, SrtpFilter::Mode, SrtpFilter::Error> 2730e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org SignalSrtpError; 2740e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 2750e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org private: 2760e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // For each different ssrc and error, we collect statistics separately. 2770e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org struct FailureKey { 2780e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org FailureKey() 2790e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org : ssrc(0), 2800e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org mode(SrtpFilter::PROTECT), 2810e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org error(SrtpFilter::ERROR_NONE) { 2820e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org } 2830e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org FailureKey(uint32 in_ssrc, SrtpFilter::Mode in_mode, 2840e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org SrtpFilter::Error in_error) 2850e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org : ssrc(in_ssrc), 2860e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org mode(in_mode), 2870e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org error(in_error) { 2880e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org } 2890e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org bool operator <(const FailureKey& key) const { 290dea699b743692898e7c5a75435fb5e9a822d3bd1fischman@webrtc.org return 291dea699b743692898e7c5a75435fb5e9a822d3bd1fischman@webrtc.org (ssrc < key.ssrc) || 292dea699b743692898e7c5a75435fb5e9a822d3bd1fischman@webrtc.org (ssrc == key.ssrc && mode < key.mode) || 293dea699b743692898e7c5a75435fb5e9a822d3bd1fischman@webrtc.org (ssrc == key.ssrc && mode == key.mode && error < key.error); 2940e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org } 2950e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org uint32 ssrc; 2960e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org SrtpFilter::Mode mode; 2970e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org SrtpFilter::Error error; 2980e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org }; 2990e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // For tracing conditions for signaling, currently we only use 3000e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // last_signal_time. Wrap this as a struct so that later on, if we need any 3010e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // other improvements, it will be easier. 3020e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org struct FailureStat { 3030e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org FailureStat() 3040e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org : last_signal_time(0) { 3050e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org } 3060e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org explicit FailureStat(uint32 in_last_signal_time) 3070e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org : last_signal_time(in_last_signal_time) { 3080e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org } 3090e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void Reset() { 3100e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org last_signal_time = 0; 3110e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org } 3120e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org uint32 last_signal_time; 3130e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org }; 3140e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 3150e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Inspect SRTP result and signal error if needed. 3160e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org void HandleSrtpResult(const FailureKey& key); 3170e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 3180e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org std::map<FailureKey, FailureStat> failures_; 3190e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org // Threshold in ms to silent the signaling errors. 3200e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org uint32 signal_silent_time_; 3210e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 3220e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org DISALLOW_COPY_AND_ASSIGN(SrtpStat); 3230e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org}; 3240e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 3250e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org} // namespace cricket 3260e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org 3270e118e7129884fbea117e78d6f2068139a414dbhenrike@webrtc.org#endif // TALK_SESSION_MEDIA_SRTPFILTER_H_ 328