1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/media/webrtc/signaling/src/mediapipeline/SrtpFlow.cpp Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,251 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this file,
1.6 + * You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +// Original author: ekr@rtfm.com
1.9 +
1.10 +#include "logging.h"
1.11 +#include "SrtpFlow.h"
1.12 +
1.13 +#include "srtp.h"
1.14 +#include "ssl.h"
1.15 +#include "sslproto.h"
1.16 +
1.17 +#include "mozilla/RefPtr.h"
1.18 +
1.19 +// Logging context
1.20 +using namespace mozilla;
1.21 +MOZ_MTLOG_MODULE("mediapipeline")
1.22 +
1.23 +namespace mozilla {
1.24 +
1.25 +bool SrtpFlow::initialized; // Static
1.26 +
1.27 +SrtpFlow::~SrtpFlow() {
1.28 + if (session_) {
1.29 + srtp_dealloc(session_);
1.30 + }
1.31 +}
1.32 +
1.33 +RefPtr<SrtpFlow> SrtpFlow::Create(int cipher_suite,
1.34 + bool inbound,
1.35 + const void *key,
1.36 + size_t key_len) {
1.37 + nsresult res = Init();
1.38 + if (!NS_SUCCEEDED(res))
1.39 + return nullptr;
1.40 +
1.41 + RefPtr<SrtpFlow> flow = new SrtpFlow();
1.42 +
1.43 + if (!key) {
1.44 + MOZ_MTLOG(ML_ERROR, "Null SRTP key specified");
1.45 + return nullptr;
1.46 + }
1.47 +
1.48 + if (key_len != SRTP_TOTAL_KEY_LENGTH) {
1.49 + MOZ_MTLOG(ML_ERROR, "Invalid SRTP key length");
1.50 + return nullptr;
1.51 + }
1.52 +
1.53 + srtp_policy_t policy;
1.54 + memset(&policy, 0, sizeof(srtp_policy_t));
1.55 +
1.56 + // Note that we set the same cipher suite for RTP and RTCP
1.57 + // since any flow can only have one cipher suite with DTLS-SRTP
1.58 + switch (cipher_suite) {
1.59 + case SRTP_AES128_CM_HMAC_SHA1_80:
1.60 + MOZ_MTLOG(ML_DEBUG,
1.61 + "Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_80");
1.62 + crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
1.63 + crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
1.64 + break;
1.65 + case SRTP_AES128_CM_HMAC_SHA1_32:
1.66 + MOZ_MTLOG(ML_DEBUG,
1.67 + "Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_32");
1.68 + crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
1.69 + crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // 80-bit per RFC 5764
1.70 + break; // S 4.1.2.
1.71 + default:
1.72 + MOZ_MTLOG(ML_ERROR, "Request to set unknown SRTP cipher suite");
1.73 + return nullptr;
1.74 + }
1.75 + // This key is copied into the srtp_t object, so we don't
1.76 + // need to keep it.
1.77 + policy.key = const_cast<unsigned char *>(
1.78 + static_cast<const unsigned char *>(key));
1.79 + policy.ssrc.type = inbound ? ssrc_any_inbound : ssrc_any_outbound;
1.80 + policy.ssrc.value = 0;
1.81 + policy.ekt = nullptr;
1.82 + policy.window_size = 1024; // Use the Chrome value. Needs to be revisited. Default is 128
1.83 + policy.allow_repeat_tx = 1; // Use Chrome value; needed for NACK mode to work
1.84 + policy.next = nullptr;
1.85 +
1.86 + // Now make the session
1.87 + err_status_t r = srtp_create(&flow->session_, &policy);
1.88 + if (r != err_status_ok) {
1.89 + MOZ_MTLOG(ML_ERROR, "Error creating srtp session");
1.90 + return nullptr;
1.91 + }
1.92 +
1.93 + return flow;
1.94 +}
1.95 +
1.96 +
1.97 +nsresult SrtpFlow::CheckInputs(bool protect, void *in, int in_len,
1.98 + int max_len, int *out_len) {
1.99 + MOZ_ASSERT(in);
1.100 + if (!in) {
1.101 + MOZ_MTLOG(ML_ERROR, "NULL input value");
1.102 + return NS_ERROR_NULL_POINTER;
1.103 + }
1.104 +
1.105 + if (in_len < 0) {
1.106 + MOZ_MTLOG(ML_ERROR, "Input length is negative");
1.107 + return NS_ERROR_ILLEGAL_VALUE;
1.108 + }
1.109 +
1.110 + if (max_len < 0) {
1.111 + MOZ_MTLOG(ML_ERROR, "Max output length is negative");
1.112 + return NS_ERROR_ILLEGAL_VALUE;
1.113 + }
1.114 +
1.115 + if (protect) {
1.116 + if ((max_len < SRTP_MAX_EXPANSION) ||
1.117 + ((max_len - SRTP_MAX_EXPANSION) < in_len)) {
1.118 + MOZ_MTLOG(ML_ERROR, "Output too short");
1.119 + return NS_ERROR_ILLEGAL_VALUE;
1.120 + }
1.121 + }
1.122 + else {
1.123 + if (in_len > max_len) {
1.124 + MOZ_MTLOG(ML_ERROR, "Output too short");
1.125 + return NS_ERROR_ILLEGAL_VALUE;
1.126 + }
1.127 + }
1.128 +
1.129 + return NS_OK;
1.130 +}
1.131 +
1.132 +nsresult SrtpFlow::ProtectRtp(void *in, int in_len,
1.133 + int max_len, int *out_len) {
1.134 + nsresult res = CheckInputs(true, in, in_len, max_len, out_len);
1.135 + if (NS_FAILED(res))
1.136 + return res;
1.137 +
1.138 + int len = in_len;
1.139 + err_status_t r = srtp_protect(session_, in, &len);
1.140 +
1.141 + if (r != err_status_ok) {
1.142 + MOZ_MTLOG(ML_ERROR, "Error protecting SRTP packet");
1.143 + return NS_ERROR_FAILURE;
1.144 + }
1.145 +
1.146 + MOZ_ASSERT(len <= max_len);
1.147 + *out_len = len;
1.148 +
1.149 +
1.150 + MOZ_MTLOG(ML_DEBUG, "Successfully protected an SRTP packet of len "
1.151 + << *out_len);
1.152 +
1.153 + return NS_OK;
1.154 +}
1.155 +
1.156 +nsresult SrtpFlow::UnprotectRtp(void *in, int in_len,
1.157 + int max_len, int *out_len) {
1.158 + nsresult res = CheckInputs(false, in, in_len, max_len, out_len);
1.159 + if (NS_FAILED(res))
1.160 + return res;
1.161 +
1.162 + int len = in_len;
1.163 + err_status_t r = srtp_unprotect(session_, in, &len);
1.164 +
1.165 + if (r != err_status_ok) {
1.166 + MOZ_MTLOG(ML_ERROR, "Error unprotecting SRTP packet error=" << (int)r);
1.167 + return NS_ERROR_FAILURE;
1.168 + }
1.169 +
1.170 + MOZ_ASSERT(len <= max_len);
1.171 + *out_len = len;
1.172 +
1.173 + MOZ_MTLOG(ML_DEBUG, "Successfully unprotected an SRTP packet of len "
1.174 + << *out_len);
1.175 +
1.176 + return NS_OK;
1.177 +}
1.178 +
1.179 +nsresult SrtpFlow::ProtectRtcp(void *in, int in_len,
1.180 + int max_len, int *out_len) {
1.181 + nsresult res = CheckInputs(true, in, in_len, max_len, out_len);
1.182 + if (NS_FAILED(res))
1.183 + return res;
1.184 +
1.185 + int len = in_len;
1.186 + err_status_t r = srtp_protect_rtcp(session_, in, &len);
1.187 +
1.188 + if (r != err_status_ok) {
1.189 + MOZ_MTLOG(ML_ERROR, "Error protecting SRTCP packet");
1.190 + return NS_ERROR_FAILURE;
1.191 + }
1.192 +
1.193 + MOZ_ASSERT(len <= max_len);
1.194 + *out_len = len;
1.195 +
1.196 + MOZ_MTLOG(ML_DEBUG, "Successfully protected an SRTCP packet of len "
1.197 + << *out_len);
1.198 +
1.199 + return NS_OK;
1.200 +}
1.201 +
1.202 +nsresult SrtpFlow::UnprotectRtcp(void *in, int in_len,
1.203 + int max_len, int *out_len) {
1.204 + nsresult res = CheckInputs(false, in, in_len, max_len, out_len);
1.205 + if (NS_FAILED(res))
1.206 + return res;
1.207 +
1.208 + int len = in_len;
1.209 + err_status_t r = srtp_unprotect_rtcp(session_, in, &len);
1.210 +
1.211 + if (r != err_status_ok) {
1.212 + MOZ_MTLOG(ML_ERROR, "Error unprotecting SRTCP packet error=" << (int)r);
1.213 + return NS_ERROR_FAILURE;
1.214 + }
1.215 +
1.216 + MOZ_ASSERT(len <= max_len);
1.217 + *out_len = len;
1.218 +
1.219 + MOZ_MTLOG(ML_DEBUG, "Successfully unprotected an SRTCP packet of len "
1.220 + << *out_len);
1.221 +
1.222 + return NS_OK;
1.223 +}
1.224 +
1.225 +// Statics
1.226 +void SrtpFlow::srtp_event_handler(srtp_event_data_t *data) {
1.227 + // TODO(ekr@rtfm.com): Implement this
1.228 + MOZ_CRASH();
1.229 +}
1.230 +
1.231 +nsresult SrtpFlow::Init() {
1.232 + if (!initialized) {
1.233 + err_status_t r = srtp_init();
1.234 + if (r != err_status_ok) {
1.235 + MOZ_MTLOG(ML_ERROR, "Could not initialize SRTP");
1.236 + MOZ_ASSERT(PR_FALSE);
1.237 + return NS_ERROR_FAILURE;
1.238 + }
1.239 +
1.240 + r = srtp_install_event_handler(&SrtpFlow::srtp_event_handler);
1.241 + if (r != err_status_ok) {
1.242 + MOZ_MTLOG(ML_ERROR, "Could not install SRTP event handler");
1.243 + MOZ_ASSERT(PR_FALSE);
1.244 + return NS_ERROR_FAILURE;
1.245 + }
1.246 +
1.247 + initialized = true;
1.248 + }
1.249 +
1.250 + return NS_OK;
1.251 +}
1.252 +
1.253 +} // end of namespace
1.254 +
