1 /*
2  *  Copyright 2017 The WebRTC project authors. All Rights Reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #ifndef PC_SRTP_SESSION_H_
12 #define PC_SRTP_SESSION_H_
13 
14 #include <vector>
15 
16 #include "api/scoped_refptr.h"
17 #include "rtc_base/constructor_magic.h"
18 #include "rtc_base/synchronization/mutex.h"
19 #include "rtc_base/thread_checker.h"
20 
21 // Forward declaration to avoid pulling in libsrtp headers here
22 struct srtp_event_data_t;
23 struct srtp_ctx_t_;
24 
25 namespace cricket {
26 
27 // Prohibits webrtc from initializing libsrtp. This can be used if libsrtp is
28 // initialized by another library or explicitly. Note that this must be called
29 // before creating an SRTP session with WebRTC.
30 void ProhibitLibsrtpInitialization();
31 
32 // Class that wraps a libSRTP session.
33 class SrtpSession {
34  public:
35   SrtpSession();
36   ~SrtpSession();
37 
38   // Configures the session for sending data using the specified
39   // cipher-suite and key. Receiving must be done by a separate session.
40   bool SetSend(int cs,
41                const uint8_t* key,
42                size_t len,
43                const std::vector<int>& extension_ids);
44   bool UpdateSend(int cs,
45                   const uint8_t* key,
46                   size_t len,
47                   const std::vector<int>& extension_ids);
48 
49   // Configures the session for receiving data using the specified
50   // cipher-suite and key. Sending must be done by a separate session.
51   bool SetRecv(int cs,
52                const uint8_t* key,
53                size_t len,
54                const std::vector<int>& extension_ids);
55   bool UpdateRecv(int cs,
56                   const uint8_t* key,
57                   size_t len,
58                   const std::vector<int>& extension_ids);
59 
60   // Encrypts/signs an individual RTP/RTCP packet, in-place.
61   // If an HMAC is used, this will increase the packet size.
62   bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
63   // Overloaded version, outputs packet index.
64   bool ProtectRtp(void* data,
65                   int in_len,
66                   int max_len,
67                   int* out_len,
68                   int64_t* index);
69   bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
70   // Decrypts/verifies an invidiual RTP/RTCP packet.
71   // If an HMAC is used, this will decrease the packet size.
72   bool UnprotectRtp(void* data, int in_len, int* out_len);
73   bool UnprotectRtcp(void* data, int in_len, int* out_len);
74 
75   // Helper method to get authentication params.
76   bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
77 
78   int GetSrtpOverhead() const;
79 
80   // If external auth is enabled, SRTP will write a dummy auth tag that then
81   // later must get replaced before the packet is sent out. Only supported for
82   // non-GCM cipher suites and can be checked through "IsExternalAuthActive"
83   // if it is actually used. This method is only valid before the RTP params
84   // have been set.
85   void EnableExternalAuth();
86   bool IsExternalAuthEnabled() const;
87 
88   // A SRTP session supports external creation of the auth tag if a non-GCM
89   // cipher is used. This method is only valid after the RTP params have
90   // been set.
91   bool IsExternalAuthActive() const;
92 
93  private:
94   bool DoSetKey(int type,
95                 int cs,
96                 const uint8_t* key,
97                 size_t len,
98                 const std::vector<int>& extension_ids);
99   bool SetKey(int type,
100               int cs,
101               const uint8_t* key,
102               size_t len,
103               const std::vector<int>& extension_ids);
104   bool UpdateKey(int type,
105                  int cs,
106                  const uint8_t* key,
107                  size_t len,
108                  const std::vector<int>& extension_ids);
109   // Returns send stream current packet index from srtp db.
110   bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index);
111 
112   // These methods are responsible for initializing libsrtp (if the usage count
113   // is incremented from 0 to 1) or deinitializing it (when decremented from 1
114   // to 0).
115   //
116   // Returns true if successful (will always be successful if already inited).
117   static bool IncrementLibsrtpUsageCountAndMaybeInit();
118   static void DecrementLibsrtpUsageCountAndMaybeDeinit();
119 
120   void HandleEvent(const srtp_event_data_t* ev);
121   static void HandleEventThunk(srtp_event_data_t* ev);
122 
123   rtc::ThreadChecker thread_checker_;
124   srtp_ctx_t_* session_ = nullptr;
125   int rtp_auth_tag_len_ = 0;
126   int rtcp_auth_tag_len_ = 0;
127   bool inited_ = false;
128   static webrtc::GlobalMutex lock_;
129   int last_send_seq_num_ = -1;
130   bool external_auth_active_ = false;
131   bool external_auth_enabled_ = false;
132   int decryption_failure_count_ = 0;
133   RTC_DISALLOW_COPY_AND_ASSIGN(SrtpSession);
134 };
135 
136 }  // namespace cricket
137 
138 #endif  // PC_SRTP_SESSION_H_
139