michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this file, michael@0: * You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: // Original author: ekr@rtfm.com michael@0: michael@0: #include "logging.h" michael@0: #include "SrtpFlow.h" michael@0: michael@0: #include "srtp.h" michael@0: #include "ssl.h" michael@0: #include "sslproto.h" michael@0: michael@0: #include "mozilla/RefPtr.h" michael@0: michael@0: // Logging context michael@0: using namespace mozilla; michael@0: MOZ_MTLOG_MODULE("mediapipeline") michael@0: michael@0: namespace mozilla { michael@0: michael@0: bool SrtpFlow::initialized; // Static michael@0: michael@0: SrtpFlow::~SrtpFlow() { michael@0: if (session_) { michael@0: srtp_dealloc(session_); michael@0: } michael@0: } michael@0: michael@0: RefPtr SrtpFlow::Create(int cipher_suite, michael@0: bool inbound, michael@0: const void *key, michael@0: size_t key_len) { michael@0: nsresult res = Init(); michael@0: if (!NS_SUCCEEDED(res)) michael@0: return nullptr; michael@0: michael@0: RefPtr flow = new SrtpFlow(); michael@0: michael@0: if (!key) { michael@0: MOZ_MTLOG(ML_ERROR, "Null SRTP key specified"); michael@0: return nullptr; michael@0: } michael@0: michael@0: if (key_len != SRTP_TOTAL_KEY_LENGTH) { michael@0: MOZ_MTLOG(ML_ERROR, "Invalid SRTP key length"); michael@0: return nullptr; michael@0: } michael@0: michael@0: srtp_policy_t policy; michael@0: memset(&policy, 0, sizeof(srtp_policy_t)); michael@0: michael@0: // Note that we set the same cipher suite for RTP and RTCP michael@0: // since any flow can only have one cipher suite with DTLS-SRTP michael@0: switch (cipher_suite) { michael@0: case SRTP_AES128_CM_HMAC_SHA1_80: michael@0: MOZ_MTLOG(ML_DEBUG, michael@0: "Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_80"); michael@0: crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); michael@0: crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); michael@0: break; michael@0: case SRTP_AES128_CM_HMAC_SHA1_32: michael@0: MOZ_MTLOG(ML_DEBUG, michael@0: "Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_32"); michael@0: crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); michael@0: crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // 80-bit per RFC 5764 michael@0: break; // S 4.1.2. michael@0: default: michael@0: MOZ_MTLOG(ML_ERROR, "Request to set unknown SRTP cipher suite"); michael@0: return nullptr; michael@0: } michael@0: // This key is copied into the srtp_t object, so we don't michael@0: // need to keep it. michael@0: policy.key = const_cast( michael@0: static_cast(key)); michael@0: policy.ssrc.type = inbound ? ssrc_any_inbound : ssrc_any_outbound; michael@0: policy.ssrc.value = 0; michael@0: policy.ekt = nullptr; michael@0: policy.window_size = 1024; // Use the Chrome value. Needs to be revisited. Default is 128 michael@0: policy.allow_repeat_tx = 1; // Use Chrome value; needed for NACK mode to work michael@0: policy.next = nullptr; michael@0: michael@0: // Now make the session michael@0: err_status_t r = srtp_create(&flow->session_, &policy); michael@0: if (r != err_status_ok) { michael@0: MOZ_MTLOG(ML_ERROR, "Error creating srtp session"); michael@0: return nullptr; michael@0: } michael@0: michael@0: return flow; michael@0: } michael@0: michael@0: michael@0: nsresult SrtpFlow::CheckInputs(bool protect, void *in, int in_len, michael@0: int max_len, int *out_len) { michael@0: MOZ_ASSERT(in); michael@0: if (!in) { michael@0: MOZ_MTLOG(ML_ERROR, "NULL input value"); michael@0: return NS_ERROR_NULL_POINTER; michael@0: } michael@0: michael@0: if (in_len < 0) { michael@0: MOZ_MTLOG(ML_ERROR, "Input length is negative"); michael@0: return NS_ERROR_ILLEGAL_VALUE; michael@0: } michael@0: michael@0: if (max_len < 0) { michael@0: MOZ_MTLOG(ML_ERROR, "Max output length is negative"); michael@0: return NS_ERROR_ILLEGAL_VALUE; michael@0: } michael@0: michael@0: if (protect) { michael@0: if ((max_len < SRTP_MAX_EXPANSION) || michael@0: ((max_len - SRTP_MAX_EXPANSION) < in_len)) { michael@0: MOZ_MTLOG(ML_ERROR, "Output too short"); michael@0: return NS_ERROR_ILLEGAL_VALUE; michael@0: } michael@0: } michael@0: else { michael@0: if (in_len > max_len) { michael@0: MOZ_MTLOG(ML_ERROR, "Output too short"); michael@0: return NS_ERROR_ILLEGAL_VALUE; michael@0: } michael@0: } michael@0: michael@0: return NS_OK; michael@0: } michael@0: michael@0: nsresult SrtpFlow::ProtectRtp(void *in, int in_len, michael@0: int max_len, int *out_len) { michael@0: nsresult res = CheckInputs(true, in, in_len, max_len, out_len); michael@0: if (NS_FAILED(res)) michael@0: return res; michael@0: michael@0: int len = in_len; michael@0: err_status_t r = srtp_protect(session_, in, &len); michael@0: michael@0: if (r != err_status_ok) { michael@0: MOZ_MTLOG(ML_ERROR, "Error protecting SRTP packet"); michael@0: return NS_ERROR_FAILURE; michael@0: } michael@0: michael@0: MOZ_ASSERT(len <= max_len); michael@0: *out_len = len; michael@0: michael@0: michael@0: MOZ_MTLOG(ML_DEBUG, "Successfully protected an SRTP packet of len " michael@0: << *out_len); michael@0: michael@0: return NS_OK; michael@0: } michael@0: michael@0: nsresult SrtpFlow::UnprotectRtp(void *in, int in_len, michael@0: int max_len, int *out_len) { michael@0: nsresult res = CheckInputs(false, in, in_len, max_len, out_len); michael@0: if (NS_FAILED(res)) michael@0: return res; michael@0: michael@0: int len = in_len; michael@0: err_status_t r = srtp_unprotect(session_, in, &len); michael@0: michael@0: if (r != err_status_ok) { michael@0: MOZ_MTLOG(ML_ERROR, "Error unprotecting SRTP packet error=" << (int)r); michael@0: return NS_ERROR_FAILURE; michael@0: } michael@0: michael@0: MOZ_ASSERT(len <= max_len); michael@0: *out_len = len; michael@0: michael@0: MOZ_MTLOG(ML_DEBUG, "Successfully unprotected an SRTP packet of len " michael@0: << *out_len); michael@0: michael@0: return NS_OK; michael@0: } michael@0: michael@0: nsresult SrtpFlow::ProtectRtcp(void *in, int in_len, michael@0: int max_len, int *out_len) { michael@0: nsresult res = CheckInputs(true, in, in_len, max_len, out_len); michael@0: if (NS_FAILED(res)) michael@0: return res; michael@0: michael@0: int len = in_len; michael@0: err_status_t r = srtp_protect_rtcp(session_, in, &len); michael@0: michael@0: if (r != err_status_ok) { michael@0: MOZ_MTLOG(ML_ERROR, "Error protecting SRTCP packet"); michael@0: return NS_ERROR_FAILURE; michael@0: } michael@0: michael@0: MOZ_ASSERT(len <= max_len); michael@0: *out_len = len; michael@0: michael@0: MOZ_MTLOG(ML_DEBUG, "Successfully protected an SRTCP packet of len " michael@0: << *out_len); michael@0: michael@0: return NS_OK; michael@0: } michael@0: michael@0: nsresult SrtpFlow::UnprotectRtcp(void *in, int in_len, michael@0: int max_len, int *out_len) { michael@0: nsresult res = CheckInputs(false, in, in_len, max_len, out_len); michael@0: if (NS_FAILED(res)) michael@0: return res; michael@0: michael@0: int len = in_len; michael@0: err_status_t r = srtp_unprotect_rtcp(session_, in, &len); michael@0: michael@0: if (r != err_status_ok) { michael@0: MOZ_MTLOG(ML_ERROR, "Error unprotecting SRTCP packet error=" << (int)r); michael@0: return NS_ERROR_FAILURE; michael@0: } michael@0: michael@0: MOZ_ASSERT(len <= max_len); michael@0: *out_len = len; michael@0: michael@0: MOZ_MTLOG(ML_DEBUG, "Successfully unprotected an SRTCP packet of len " michael@0: << *out_len); michael@0: michael@0: return NS_OK; michael@0: } michael@0: michael@0: // Statics michael@0: void SrtpFlow::srtp_event_handler(srtp_event_data_t *data) { michael@0: // TODO(ekr@rtfm.com): Implement this michael@0: MOZ_CRASH(); michael@0: } michael@0: michael@0: nsresult SrtpFlow::Init() { michael@0: if (!initialized) { michael@0: err_status_t r = srtp_init(); michael@0: if (r != err_status_ok) { michael@0: MOZ_MTLOG(ML_ERROR, "Could not initialize SRTP"); michael@0: MOZ_ASSERT(PR_FALSE); michael@0: return NS_ERROR_FAILURE; michael@0: } michael@0: michael@0: r = srtp_install_event_handler(&SrtpFlow::srtp_event_handler); michael@0: if (r != err_status_ok) { michael@0: MOZ_MTLOG(ML_ERROR, "Could not install SRTP event handler"); michael@0: MOZ_ASSERT(PR_FALSE); michael@0: return NS_ERROR_FAILURE; michael@0: } michael@0: michael@0: initialized = true; michael@0: } michael@0: michael@0: return NS_OK; michael@0: } michael@0: michael@0: } // end of namespace michael@0: