1 /*
2  * libjingle
3  * Copyright 2009 Google Inc.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are met:
7  *
8  *  1. Redistributions of source code must retain the above copyright notice,
9  *     this list of conditions and the following disclaimer.
10  *  2. Redistributions in binary form must reproduce the above copyright notice,
11  *     this list of conditions and the following disclaimer in the documentation
12  *     and/or other materials provided with the distribution.
13  *  3. The name of the author may not be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #undef HAVE_CONFIG_H
29 
30 #include "talk/session/media/srtpfilter.h"
31 
32 #include <string.h>
33 
34 #include <algorithm>
35 
36 #include "talk/media/base/rtputils.h"
37 #include "webrtc/base/base64.h"
38 #include "webrtc/base/byteorder.h"
39 #include "webrtc/base/common.h"
40 #include "webrtc/base/logging.h"
41 #include "webrtc/base/stringencode.h"
42 #include "webrtc/base/timeutils.h"
43 
44 // Enable this line to turn on SRTP debugging
45 // #define SRTP_DEBUG
46 
47 #ifdef HAVE_SRTP
48 extern "C" {
49 #ifdef SRTP_RELATIVE_PATH
50 #include "srtp.h"  // NOLINT
51 #include "srtp_priv.h"  // NOLINT
52 #else
53 #include "third_party/libsrtp/srtp/include/srtp.h"
54 #include "third_party/libsrtp/srtp/include/srtp_priv.h"
55 #endif  // SRTP_RELATIVE_PATH
56 }
57 #ifdef  ENABLE_EXTERNAL_AUTH
58 #include "talk/session/media/externalhmac.h"
59 #endif  // ENABLE_EXTERNAL_AUTH
60 #if !defined(NDEBUG)
61 extern "C" debug_module_t mod_srtp;
62 extern "C" debug_module_t mod_auth;
63 extern "C" debug_module_t mod_cipher;
64 extern "C" debug_module_t mod_stat;
65 extern "C" debug_module_t mod_alloc;
66 extern "C" debug_module_t mod_aes_icm;
67 extern "C" debug_module_t mod_aes_hmac;
68 #endif
69 #else
70 // SrtpFilter needs that constant.
71 #define SRTP_MASTER_KEY_LEN 30
72 #endif  // HAVE_SRTP
73 
74 namespace cricket {
75 
76 const int SRTP_MASTER_KEY_BASE64_LEN = SRTP_MASTER_KEY_LEN * 4 / 3;
77 const int SRTP_MASTER_KEY_KEY_LEN = 16;
78 const int SRTP_MASTER_KEY_SALT_LEN = 14;
79 
80 #ifndef HAVE_SRTP
81 
82 // This helper function is used on systems that don't (yet) have SRTP,
83 // to log that the functions that require it won't do anything.
84 namespace {
SrtpNotAvailable(const char * func)85 bool SrtpNotAvailable(const char *func) {
86   LOG(LS_ERROR) << func << ": SRTP is not available on your system.";
87   return false;
88 }
89 }  // anonymous namespace
90 
91 #endif  // !HAVE_SRTP
92 
EnableSrtpDebugging()93 void EnableSrtpDebugging() {
94 #ifdef HAVE_SRTP
95 #if !defined(NDEBUG)
96   debug_on(mod_srtp);
97   debug_on(mod_auth);
98   debug_on(mod_cipher);
99   debug_on(mod_stat);
100   debug_on(mod_alloc);
101   debug_on(mod_aes_icm);
102   // debug_on(mod_aes_cbc);
103   // debug_on(mod_hmac);
104 #endif
105 #endif  // HAVE_SRTP
106 }
107 
108 // NOTE: This is called from ChannelManager D'tor.
ShutdownSrtp()109 void ShutdownSrtp() {
110 #ifdef HAVE_SRTP
111   // If srtp_dealloc is not executed then this will clear all existing sessions.
112   // This should be called when application is shutting down.
113   SrtpSession::Terminate();
114 #endif
115 }
116 
SrtpFilter()117 SrtpFilter::SrtpFilter()
118     : state_(ST_INIT),
119       signal_silent_time_in_ms_(0) {
120 }
121 
~SrtpFilter()122 SrtpFilter::~SrtpFilter() {
123 }
124 
IsActive() const125 bool SrtpFilter::IsActive() const {
126   return state_ >= ST_ACTIVE;
127 }
128 
SetOffer(const std::vector<CryptoParams> & offer_params,ContentSource source)129 bool SrtpFilter::SetOffer(const std::vector<CryptoParams>& offer_params,
130                           ContentSource source) {
131   if (!ExpectOffer(source)) {
132      LOG(LS_ERROR) << "Wrong state to update SRTP offer";
133      return false;
134   }
135   return StoreParams(offer_params, source);
136 }
137 
SetAnswer(const std::vector<CryptoParams> & answer_params,ContentSource source)138 bool SrtpFilter::SetAnswer(const std::vector<CryptoParams>& answer_params,
139                            ContentSource source) {
140   return DoSetAnswer(answer_params, source, true);
141 }
142 
SetProvisionalAnswer(const std::vector<CryptoParams> & answer_params,ContentSource source)143 bool SrtpFilter::SetProvisionalAnswer(
144     const std::vector<CryptoParams>& answer_params,
145     ContentSource source) {
146   return DoSetAnswer(answer_params, source, false);
147 }
148 
SetRtpParams(int send_cs,const uint8_t * send_key,int send_key_len,int recv_cs,const uint8_t * recv_key,int recv_key_len)149 bool SrtpFilter::SetRtpParams(int send_cs,
150                               const uint8_t* send_key,
151                               int send_key_len,
152                               int recv_cs,
153                               const uint8_t* recv_key,
154                               int recv_key_len) {
155   if (IsActive()) {
156     LOG(LS_ERROR) << "Tried to set SRTP Params when filter already active";
157     return false;
158   }
159   CreateSrtpSessions();
160   if (!send_session_->SetSend(send_cs, send_key, send_key_len))
161     return false;
162 
163   if (!recv_session_->SetRecv(recv_cs, recv_key, recv_key_len))
164     return false;
165 
166   state_ = ST_ACTIVE;
167 
168   LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
169                << " send cipher_suite " << send_cs
170                << " recv cipher_suite " << recv_cs;
171   return true;
172 }
173 
174 // This function is provided separately because DTLS-SRTP behaves
175 // differently in RTP/RTCP mux and non-mux modes.
176 //
177 // - In the non-muxed case, RTP and RTCP are keyed with different
178 //   keys (from different DTLS handshakes), and so we need a new
179 //   SrtpSession.
180 // - In the muxed case, they are keyed with the same keys, so
181 //   this function is not needed
SetRtcpParams(int send_cs,const uint8_t * send_key,int send_key_len,int recv_cs,const uint8_t * recv_key,int recv_key_len)182 bool SrtpFilter::SetRtcpParams(int send_cs,
183                                const uint8_t* send_key,
184                                int send_key_len,
185                                int recv_cs,
186                                const uint8_t* recv_key,
187                                int recv_key_len) {
188   // This can only be called once, but can be safely called after
189   // SetRtpParams
190   if (send_rtcp_session_ || recv_rtcp_session_) {
191     LOG(LS_ERROR) << "Tried to set SRTCP Params when filter already active";
192     return false;
193   }
194 
195   send_rtcp_session_.reset(new SrtpSession());
196   SignalSrtpError.repeat(send_rtcp_session_->SignalSrtpError);
197   send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_);
198   if (!send_rtcp_session_->SetRecv(send_cs, send_key, send_key_len))
199     return false;
200 
201   recv_rtcp_session_.reset(new SrtpSession());
202   SignalSrtpError.repeat(recv_rtcp_session_->SignalSrtpError);
203   recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms_);
204   if (!recv_rtcp_session_->SetRecv(recv_cs, recv_key, recv_key_len))
205     return false;
206 
207   LOG(LS_INFO) << "SRTCP activated with negotiated parameters:"
208                << " send cipher_suite " << send_cs
209                << " recv cipher_suite " << recv_cs;
210 
211   return true;
212 }
213 
ProtectRtp(void * p,int in_len,int max_len,int * out_len)214 bool SrtpFilter::ProtectRtp(void* p, int in_len, int max_len, int* out_len) {
215   if (!IsActive()) {
216     LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active";
217     return false;
218   }
219   ASSERT(send_session_ != NULL);
220   return send_session_->ProtectRtp(p, in_len, max_len, out_len);
221 }
222 
ProtectRtp(void * p,int in_len,int max_len,int * out_len,int64_t * index)223 bool SrtpFilter::ProtectRtp(void* p,
224                             int in_len,
225                             int max_len,
226                             int* out_len,
227                             int64_t* index) {
228   if (!IsActive()) {
229     LOG(LS_WARNING) << "Failed to ProtectRtp: SRTP not active";
230     return false;
231   }
232   ASSERT(send_session_ != NULL);
233   return send_session_->ProtectRtp(p, in_len, max_len, out_len, index);
234 }
235 
ProtectRtcp(void * p,int in_len,int max_len,int * out_len)236 bool SrtpFilter::ProtectRtcp(void* p, int in_len, int max_len, int* out_len) {
237   if (!IsActive()) {
238     LOG(LS_WARNING) << "Failed to ProtectRtcp: SRTP not active";
239     return false;
240   }
241   if (send_rtcp_session_) {
242     return send_rtcp_session_->ProtectRtcp(p, in_len, max_len, out_len);
243   } else {
244     ASSERT(send_session_ != NULL);
245     return send_session_->ProtectRtcp(p, in_len, max_len, out_len);
246   }
247 }
248 
UnprotectRtp(void * p,int in_len,int * out_len)249 bool SrtpFilter::UnprotectRtp(void* p, int in_len, int* out_len) {
250   if (!IsActive()) {
251     LOG(LS_WARNING) << "Failed to UnprotectRtp: SRTP not active";
252     return false;
253   }
254   ASSERT(recv_session_ != NULL);
255   return recv_session_->UnprotectRtp(p, in_len, out_len);
256 }
257 
UnprotectRtcp(void * p,int in_len,int * out_len)258 bool SrtpFilter::UnprotectRtcp(void* p, int in_len, int* out_len) {
259   if (!IsActive()) {
260     LOG(LS_WARNING) << "Failed to UnprotectRtcp: SRTP not active";
261     return false;
262   }
263   if (recv_rtcp_session_) {
264     return recv_rtcp_session_->UnprotectRtcp(p, in_len, out_len);
265   } else {
266     ASSERT(recv_session_ != NULL);
267     return recv_session_->UnprotectRtcp(p, in_len, out_len);
268   }
269 }
270 
GetRtpAuthParams(uint8_t ** key,int * key_len,int * tag_len)271 bool SrtpFilter::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) {
272   if (!IsActive()) {
273     LOG(LS_WARNING) << "Failed to GetRtpAuthParams: SRTP not active";
274     return false;
275   }
276 
277   ASSERT(send_session_ != NULL);
278   return send_session_->GetRtpAuthParams(key, key_len, tag_len);
279 }
280 
set_signal_silent_time(uint32_t signal_silent_time_in_ms)281 void SrtpFilter::set_signal_silent_time(uint32_t signal_silent_time_in_ms) {
282   signal_silent_time_in_ms_ = signal_silent_time_in_ms;
283   if (IsActive()) {
284     ASSERT(send_session_ != NULL);
285     send_session_->set_signal_silent_time(signal_silent_time_in_ms);
286     ASSERT(recv_session_ != NULL);
287     recv_session_->set_signal_silent_time(signal_silent_time_in_ms);
288     if (send_rtcp_session_)
289       send_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms);
290     if (recv_rtcp_session_)
291       recv_rtcp_session_->set_signal_silent_time(signal_silent_time_in_ms);
292   }
293 }
294 
ExpectOffer(ContentSource source)295 bool SrtpFilter::ExpectOffer(ContentSource source) {
296   return ((state_ == ST_INIT) ||
297           (state_ == ST_ACTIVE) ||
298           (state_  == ST_SENTOFFER && source == CS_LOCAL) ||
299           (state_  == ST_SENTUPDATEDOFFER && source == CS_LOCAL) ||
300           (state_ == ST_RECEIVEDOFFER && source == CS_REMOTE) ||
301           (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_REMOTE));
302 }
303 
StoreParams(const std::vector<CryptoParams> & params,ContentSource source)304 bool SrtpFilter::StoreParams(const std::vector<CryptoParams>& params,
305                              ContentSource source) {
306   offer_params_ = params;
307   if (state_ == ST_INIT) {
308     state_ = (source == CS_LOCAL) ? ST_SENTOFFER : ST_RECEIVEDOFFER;
309   } else if (state_ == ST_ACTIVE) {
310     state_ =
311         (source == CS_LOCAL) ? ST_SENTUPDATEDOFFER : ST_RECEIVEDUPDATEDOFFER;
312   }
313   return true;
314 }
315 
ExpectAnswer(ContentSource source)316 bool SrtpFilter::ExpectAnswer(ContentSource source) {
317   return ((state_ == ST_SENTOFFER && source == CS_REMOTE) ||
318           (state_ == ST_RECEIVEDOFFER && source == CS_LOCAL) ||
319           (state_ == ST_SENTUPDATEDOFFER && source == CS_REMOTE) ||
320           (state_ == ST_RECEIVEDUPDATEDOFFER && source == CS_LOCAL) ||
321           (state_ == ST_SENTPRANSWER_NO_CRYPTO && source == CS_LOCAL) ||
322           (state_ == ST_SENTPRANSWER && source == CS_LOCAL) ||
323           (state_ == ST_RECEIVEDPRANSWER_NO_CRYPTO && source == CS_REMOTE) ||
324           (state_ == ST_RECEIVEDPRANSWER && source == CS_REMOTE));
325 }
326 
DoSetAnswer(const std::vector<CryptoParams> & answer_params,ContentSource source,bool final)327 bool SrtpFilter::DoSetAnswer(const std::vector<CryptoParams>& answer_params,
328                              ContentSource source,
329                              bool final) {
330   if (!ExpectAnswer(source)) {
331     LOG(LS_ERROR) << "Invalid state for SRTP answer";
332     return false;
333   }
334 
335   // If the answer doesn't requests crypto complete the negotiation of an
336   // unencrypted session.
337   // Otherwise, finalize the parameters and apply them.
338   if (answer_params.empty()) {
339     if (final) {
340       return ResetParams();
341     } else {
342       // Need to wait for the final answer to decide if
343       // we should go to Active state.
344       state_ = (source == CS_LOCAL) ? ST_SENTPRANSWER_NO_CRYPTO :
345                                       ST_RECEIVEDPRANSWER_NO_CRYPTO;
346       return true;
347     }
348   }
349   CryptoParams selected_params;
350   if (!NegotiateParams(answer_params, &selected_params))
351     return false;
352   const CryptoParams& send_params =
353       (source == CS_REMOTE) ? selected_params : answer_params[0];
354   const CryptoParams& recv_params =
355       (source == CS_REMOTE) ? answer_params[0] : selected_params;
356   if (!ApplyParams(send_params, recv_params)) {
357     return false;
358   }
359 
360   if (final) {
361     offer_params_.clear();
362     state_ = ST_ACTIVE;
363   } else {
364     state_ =
365         (source == CS_LOCAL) ? ST_SENTPRANSWER : ST_RECEIVEDPRANSWER;
366   }
367   return true;
368 }
369 
CreateSrtpSessions()370 void SrtpFilter::CreateSrtpSessions() {
371   send_session_.reset(new SrtpSession());
372   applied_send_params_ = CryptoParams();
373   recv_session_.reset(new SrtpSession());
374   applied_recv_params_ = CryptoParams();
375 
376   SignalSrtpError.repeat(send_session_->SignalSrtpError);
377   SignalSrtpError.repeat(recv_session_->SignalSrtpError);
378 
379   send_session_->set_signal_silent_time(signal_silent_time_in_ms_);
380   recv_session_->set_signal_silent_time(signal_silent_time_in_ms_);
381 }
382 
NegotiateParams(const std::vector<CryptoParams> & answer_params,CryptoParams * selected_params)383 bool SrtpFilter::NegotiateParams(const std::vector<CryptoParams>& answer_params,
384                                  CryptoParams* selected_params) {
385   // We're processing an accept. We should have exactly one set of params,
386   // unless the offer didn't mention crypto, in which case we shouldn't be here.
387   bool ret = (answer_params.size() == 1U && !offer_params_.empty());
388   if (ret) {
389     // We should find a match between the answer params and the offered params.
390     std::vector<CryptoParams>::const_iterator it;
391     for (it = offer_params_.begin(); it != offer_params_.end(); ++it) {
392       if (answer_params[0].Matches(*it)) {
393         break;
394       }
395     }
396 
397     if (it != offer_params_.end()) {
398       *selected_params = *it;
399     } else {
400       ret = false;
401     }
402   }
403 
404   if (!ret) {
405     LOG(LS_WARNING) << "Invalid parameters in SRTP answer";
406   }
407   return ret;
408 }
409 
ApplyParams(const CryptoParams & send_params,const CryptoParams & recv_params)410 bool SrtpFilter::ApplyParams(const CryptoParams& send_params,
411                              const CryptoParams& recv_params) {
412   // TODO(jiayl): Split this method to apply send and receive CryptoParams
413   // independently, so that we can skip one method when either send or receive
414   // CryptoParams is unchanged.
415   if (applied_send_params_.cipher_suite == send_params.cipher_suite &&
416       applied_send_params_.key_params == send_params.key_params &&
417       applied_recv_params_.cipher_suite == recv_params.cipher_suite &&
418       applied_recv_params_.key_params == recv_params.key_params) {
419     LOG(LS_INFO) << "Applying the same SRTP parameters again. No-op.";
420 
421     // We do not want to reset the ROC if the keys are the same. So just return.
422     return true;
423   }
424   // TODO(juberti): Zero these buffers after use.
425   bool ret;
426   uint8_t send_key[SRTP_MASTER_KEY_LEN], recv_key[SRTP_MASTER_KEY_LEN];
427   ret = (ParseKeyParams(send_params.key_params, send_key, sizeof(send_key)) &&
428          ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key)));
429   if (ret) {
430     CreateSrtpSessions();
431     ret = (send_session_->SetSend(
432                rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), send_key,
433                sizeof(send_key)) &&
434            recv_session_->SetRecv(
435                rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), recv_key,
436                sizeof(recv_key)));
437   }
438   if (ret) {
439     LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
440                  << " send cipher_suite " << send_params.cipher_suite
441                  << " recv cipher_suite " << recv_params.cipher_suite;
442     applied_send_params_ = send_params;
443     applied_recv_params_ = recv_params;
444   } else {
445     LOG(LS_WARNING) << "Failed to apply negotiated SRTP parameters";
446   }
447   return ret;
448 }
449 
ResetParams()450 bool SrtpFilter::ResetParams() {
451   offer_params_.clear();
452   state_ = ST_INIT;
453   send_session_ = nullptr;
454   recv_session_ = nullptr;
455   send_rtcp_session_ = nullptr;
456   recv_rtcp_session_ = nullptr;
457   LOG(LS_INFO) << "SRTP reset to init state";
458   return true;
459 }
460 
ParseKeyParams(const std::string & key_params,uint8_t * key,int len)461 bool SrtpFilter::ParseKeyParams(const std::string& key_params,
462                                 uint8_t* key,
463                                 int len) {
464   // example key_params: "inline:YUJDZGVmZ2hpSktMbW9QUXJzVHVWd3l6MTIzNDU2"
465 
466   // Fail if key-method is wrong.
467   if (key_params.find("inline:") != 0) {
468     return false;
469   }
470 
471   // Fail if base64 decode fails, or the key is the wrong size.
472   std::string key_b64(key_params.substr(7)), key_str;
473   if (!rtc::Base64::Decode(key_b64, rtc::Base64::DO_STRICT,
474                                  &key_str, NULL) ||
475       static_cast<int>(key_str.size()) != len) {
476     return false;
477   }
478 
479   memcpy(key, key_str.c_str(), len);
480   return true;
481 }
482 
483 ///////////////////////////////////////////////////////////////////////////////
484 // SrtpSession
485 
486 #ifdef HAVE_SRTP
487 
488 bool SrtpSession::inited_ = false;
489 
490 // This lock protects SrtpSession::inited_ and SrtpSession::sessions_.
491 rtc::GlobalLockPod SrtpSession::lock_;
492 
SrtpSession()493 SrtpSession::SrtpSession()
494     : session_(NULL),
495       rtp_auth_tag_len_(0),
496       rtcp_auth_tag_len_(0),
497       srtp_stat_(new SrtpStat()),
498       last_send_seq_num_(-1) {
499   {
500     rtc::GlobalLockScope ls(&lock_);
501     sessions()->push_back(this);
502   }
503   SignalSrtpError.repeat(srtp_stat_->SignalSrtpError);
504 }
505 
~SrtpSession()506 SrtpSession::~SrtpSession() {
507   {
508     rtc::GlobalLockScope ls(&lock_);
509     sessions()->erase(std::find(sessions()->begin(), sessions()->end(), this));
510   }
511   if (session_) {
512     srtp_dealloc(session_);
513   }
514 }
515 
SetSend(int cs,const uint8_t * key,int len)516 bool SrtpSession::SetSend(int cs, const uint8_t* key, int len) {
517   return SetKey(ssrc_any_outbound, cs, key, len);
518 }
519 
SetRecv(int cs,const uint8_t * key,int len)520 bool SrtpSession::SetRecv(int cs, const uint8_t* key, int len) {
521   return SetKey(ssrc_any_inbound, cs, key, len);
522 }
523 
ProtectRtp(void * p,int in_len,int max_len,int * out_len)524 bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) {
525   if (!session_) {
526     LOG(LS_WARNING) << "Failed to protect SRTP packet: no SRTP Session";
527     return false;
528   }
529 
530   int need_len = in_len + rtp_auth_tag_len_;  // NOLINT
531   if (max_len < need_len) {
532     LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length "
533                     << max_len << " is less than the needed " << need_len;
534     return false;
535   }
536 
537   *out_len = in_len;
538   int err = srtp_protect(session_, p, out_len);
539   uint32_t ssrc;
540   if (GetRtpSsrc(p, in_len, &ssrc)) {
541     srtp_stat_->AddProtectRtpResult(ssrc, err);
542   }
543   int seq_num;
544   GetRtpSeqNum(p, in_len, &seq_num);
545   if (err != err_status_ok) {
546     LOG(LS_WARNING) << "Failed to protect SRTP packet, seqnum="
547                     << seq_num << ", err=" << err << ", last seqnum="
548                     << last_send_seq_num_;
549     return false;
550   }
551   last_send_seq_num_ = seq_num;
552   return true;
553 }
554 
ProtectRtp(void * p,int in_len,int max_len,int * out_len,int64_t * index)555 bool SrtpSession::ProtectRtp(void* p,
556                              int in_len,
557                              int max_len,
558                              int* out_len,
559                              int64_t* index) {
560   if (!ProtectRtp(p, in_len, max_len, out_len)) {
561     return false;
562   }
563   return (index) ? GetSendStreamPacketIndex(p, in_len, index) : true;
564 }
565 
ProtectRtcp(void * p,int in_len,int max_len,int * out_len)566 bool SrtpSession::ProtectRtcp(void* p, int in_len, int max_len, int* out_len) {
567   if (!session_) {
568     LOG(LS_WARNING) << "Failed to protect SRTCP packet: no SRTP Session";
569     return false;
570   }
571 
572   int need_len = in_len + sizeof(uint32_t) + rtcp_auth_tag_len_;  // NOLINT
573   if (max_len < need_len) {
574     LOG(LS_WARNING) << "Failed to protect SRTCP packet: The buffer length "
575                     << max_len << " is less than the needed " << need_len;
576     return false;
577   }
578 
579   *out_len = in_len;
580   int err = srtp_protect_rtcp(session_, p, out_len);
581   srtp_stat_->AddProtectRtcpResult(err);
582   if (err != err_status_ok) {
583     LOG(LS_WARNING) << "Failed to protect SRTCP packet, err=" << err;
584     return false;
585   }
586   return true;
587 }
588 
UnprotectRtp(void * p,int in_len,int * out_len)589 bool SrtpSession::UnprotectRtp(void* p, int in_len, int* out_len) {
590   if (!session_) {
591     LOG(LS_WARNING) << "Failed to unprotect SRTP packet: no SRTP Session";
592     return false;
593   }
594 
595   *out_len = in_len;
596   int err = srtp_unprotect(session_, p, out_len);
597   uint32_t ssrc;
598   if (GetRtpSsrc(p, in_len, &ssrc)) {
599     srtp_stat_->AddUnprotectRtpResult(ssrc, err);
600   }
601   if (err != err_status_ok) {
602     LOG(LS_WARNING) << "Failed to unprotect SRTP packet, err=" << err;
603     return false;
604   }
605   return true;
606 }
607 
UnprotectRtcp(void * p,int in_len,int * out_len)608 bool SrtpSession::UnprotectRtcp(void* p, int in_len, int* out_len) {
609   if (!session_) {
610     LOG(LS_WARNING) << "Failed to unprotect SRTCP packet: no SRTP Session";
611     return false;
612   }
613 
614   *out_len = in_len;
615   int err = srtp_unprotect_rtcp(session_, p, out_len);
616   srtp_stat_->AddUnprotectRtcpResult(err);
617   if (err != err_status_ok) {
618     LOG(LS_WARNING) << "Failed to unprotect SRTCP packet, err=" << err;
619     return false;
620   }
621   return true;
622 }
623 
GetRtpAuthParams(uint8_t ** key,int * key_len,int * tag_len)624 bool SrtpSession::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) {
625 #if defined(ENABLE_EXTERNAL_AUTH)
626   ExternalHmacContext* external_hmac = NULL;
627   // stream_template will be the reference context for other streams.
628   // Let's use it for getting the keys.
629   srtp_stream_ctx_t* srtp_context = session_->stream_template;
630   if (srtp_context && srtp_context->rtp_auth) {
631     external_hmac = reinterpret_cast<ExternalHmacContext*>(
632         srtp_context->rtp_auth->state);
633   }
634 
635   if (!external_hmac) {
636     LOG(LS_ERROR) << "Failed to get auth keys from libsrtp!.";
637     return false;
638   }
639 
640   *key = external_hmac->key;
641   *key_len = external_hmac->key_length;
642   *tag_len = rtp_auth_tag_len_;
643   return true;
644 #else
645   return false;
646 #endif
647 }
648 
GetSendStreamPacketIndex(void * p,int in_len,int64_t * index)649 bool SrtpSession::GetSendStreamPacketIndex(void* p,
650                                            int in_len,
651                                            int64_t* index) {
652   srtp_hdr_t* hdr = reinterpret_cast<srtp_hdr_t*>(p);
653   srtp_stream_ctx_t* stream = srtp_get_stream(session_, hdr->ssrc);
654   if (stream == NULL)
655     return false;
656 
657   // Shift packet index, put into network byte order
658   *index = static_cast<int64_t>(
659       rtc::NetworkToHost64(rdbx_get_packet_index(&stream->rtp_rdbx) << 16));
660   return true;
661 }
662 
set_signal_silent_time(uint32_t signal_silent_time_in_ms)663 void SrtpSession::set_signal_silent_time(uint32_t signal_silent_time_in_ms) {
664   srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms);
665 }
666 
SetKey(int type,int cs,const uint8_t * key,int len)667 bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, int len) {
668   if (session_) {
669     LOG(LS_ERROR) << "Failed to create SRTP session: "
670                   << "SRTP session already created";
671     return false;
672   }
673 
674   if (!Init()) {
675     return false;
676   }
677 
678   srtp_policy_t policy;
679   memset(&policy, 0, sizeof(policy));
680 
681   if (cs == rtc::SRTP_AES128_CM_SHA1_80) {
682     crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
683     crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
684   } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {
685     crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);   // rtp is 32,
686     crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);  // rtcp still 80
687   } else {
688     LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
689                     << " cipher_suite " << cs;
690     return false;
691   }
692 
693   if (!key || len != SRTP_MASTER_KEY_LEN) {
694     LOG(LS_WARNING) << "Failed to create SRTP session: invalid key";
695     return false;
696   }
697 
698   policy.ssrc.type = static_cast<ssrc_type_t>(type);
699   policy.ssrc.value = 0;
700   policy.key = const_cast<uint8_t*>(key);
701   // TODO(astor) parse window size from WSH session-param
702   policy.window_size = 1024;
703   policy.allow_repeat_tx = 1;
704   // If external authentication option is enabled, supply custom auth module
705   // id EXTERNAL_HMAC_SHA1 in the policy structure.
706   // We want to set this option only for rtp packets.
707   // By default policy structure is initialized to HMAC_SHA1.
708 #if defined(ENABLE_EXTERNAL_AUTH)
709   // Enable external HMAC authentication only for outgoing streams.
710   if (type == ssrc_any_outbound) {
711     policy.rtp.auth_type = EXTERNAL_HMAC_SHA1;
712   }
713 #endif
714   policy.next = NULL;
715 
716   int err = srtp_create(&session_, &policy);
717   if (err != err_status_ok) {
718     session_ = NULL;
719     LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err;
720     return false;
721   }
722 
723 
724   rtp_auth_tag_len_ = policy.rtp.auth_tag_len;
725   rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len;
726   return true;
727 }
728 
Init()729 bool SrtpSession::Init() {
730   rtc::GlobalLockScope ls(&lock_);
731 
732   if (!inited_) {
733     int err;
734     err = srtp_init();
735     if (err != err_status_ok) {
736       LOG(LS_ERROR) << "Failed to init SRTP, err=" << err;
737       return false;
738     }
739 
740     err = srtp_install_event_handler(&SrtpSession::HandleEventThunk);
741     if (err != err_status_ok) {
742       LOG(LS_ERROR) << "Failed to install SRTP event handler, err=" << err;
743       return false;
744     }
745 #if defined(ENABLE_EXTERNAL_AUTH)
746     err = external_crypto_init();
747     if (err != err_status_ok) {
748       LOG(LS_ERROR) << "Failed to initialize fake auth, err=" << err;
749       return false;
750     }
751 #endif
752     inited_ = true;
753   }
754 
755   return true;
756 }
757 
Terminate()758 void SrtpSession::Terminate() {
759   rtc::GlobalLockScope ls(&lock_);
760 
761   if (inited_) {
762     int err = srtp_shutdown();
763     if (err) {
764       LOG(LS_ERROR) << "srtp_shutdown failed. err=" << err;
765       return;
766     }
767     inited_ = false;
768   }
769 }
770 
HandleEvent(const srtp_event_data_t * ev)771 void SrtpSession::HandleEvent(const srtp_event_data_t* ev) {
772   switch (ev->event) {
773     case event_ssrc_collision:
774       LOG(LS_INFO) << "SRTP event: SSRC collision";
775       break;
776     case event_key_soft_limit:
777       LOG(LS_INFO) << "SRTP event: reached soft key usage limit";
778       break;
779     case event_key_hard_limit:
780       LOG(LS_INFO) << "SRTP event: reached hard key usage limit";
781       break;
782     case event_packet_index_limit:
783       LOG(LS_INFO) << "SRTP event: reached hard packet limit (2^48 packets)";
784       break;
785     default:
786       LOG(LS_INFO) << "SRTP event: unknown " << ev->event;
787       break;
788   }
789 }
790 
HandleEventThunk(srtp_event_data_t * ev)791 void SrtpSession::HandleEventThunk(srtp_event_data_t* ev) {
792   rtc::GlobalLockScope ls(&lock_);
793 
794   for (std::list<SrtpSession*>::iterator it = sessions()->begin();
795        it != sessions()->end(); ++it) {
796     if ((*it)->session_ == ev->session) {
797       (*it)->HandleEvent(ev);
798       break;
799     }
800   }
801 }
802 
sessions()803 std::list<SrtpSession*>* SrtpSession::sessions() {
804   RTC_DEFINE_STATIC_LOCAL(std::list<SrtpSession*>, sessions, ());
805   return &sessions;
806 }
807 
808 #else   // !HAVE_SRTP
809 
810 // On some systems, SRTP is not (yet) available.
811 
SrtpSession()812 SrtpSession::SrtpSession() {
813   LOG(WARNING) << "SRTP implementation is missing.";
814 }
815 
~SrtpSession()816 SrtpSession::~SrtpSession() {
817 }
818 
SetSend(const std::string & cs,const uint8_t * key,int len)819 bool SrtpSession::SetSend(const std::string& cs, const uint8_t* key, int len) {
820   return SrtpNotAvailable(__FUNCTION__);
821 }
822 
SetRecv(const std::string & cs,const uint8_t * key,int len)823 bool SrtpSession::SetRecv(const std::string& cs, const uint8_t* key, int len) {
824   return SrtpNotAvailable(__FUNCTION__);
825 }
826 
ProtectRtp(void * data,int in_len,int max_len,int * out_len)827 bool SrtpSession::ProtectRtp(void* data, int in_len, int max_len,
828                              int* out_len) {
829   return SrtpNotAvailable(__FUNCTION__);
830 }
831 
ProtectRtcp(void * data,int in_len,int max_len,int * out_len)832 bool SrtpSession::ProtectRtcp(void* data, int in_len, int max_len,
833                               int* out_len) {
834   return SrtpNotAvailable(__FUNCTION__);
835 }
836 
UnprotectRtp(void * data,int in_len,int * out_len)837 bool SrtpSession::UnprotectRtp(void* data, int in_len, int* out_len) {
838   return SrtpNotAvailable(__FUNCTION__);
839 }
840 
UnprotectRtcp(void * data,int in_len,int * out_len)841 bool SrtpSession::UnprotectRtcp(void* data, int in_len, int* out_len) {
842   return SrtpNotAvailable(__FUNCTION__);
843 }
844 
set_signal_silent_time(uint32_t signal_silent_time)845 void SrtpSession::set_signal_silent_time(uint32_t signal_silent_time) {
846   // Do nothing.
847 }
848 
849 #endif  // HAVE_SRTP
850 
851 ///////////////////////////////////////////////////////////////////////////////
852 // SrtpStat
853 
854 #ifdef HAVE_SRTP
855 
SrtpStat()856 SrtpStat::SrtpStat()
857     : signal_silent_time_(1000) {
858 }
859 
AddProtectRtpResult(uint32_t ssrc,int result)860 void SrtpStat::AddProtectRtpResult(uint32_t ssrc, int result) {
861   FailureKey key;
862   key.ssrc = ssrc;
863   key.mode = SrtpFilter::PROTECT;
864   switch (result) {
865     case err_status_ok:
866       key.error = SrtpFilter::ERROR_NONE;
867       break;
868     case err_status_auth_fail:
869       key.error = SrtpFilter::ERROR_AUTH;
870       break;
871     default:
872       key.error = SrtpFilter::ERROR_FAIL;
873   }
874   HandleSrtpResult(key);
875 }
876 
AddUnprotectRtpResult(uint32_t ssrc,int result)877 void SrtpStat::AddUnprotectRtpResult(uint32_t ssrc, int result) {
878   FailureKey key;
879   key.ssrc = ssrc;
880   key.mode = SrtpFilter::UNPROTECT;
881   switch (result) {
882     case err_status_ok:
883       key.error = SrtpFilter::ERROR_NONE;
884       break;
885     case err_status_auth_fail:
886       key.error = SrtpFilter::ERROR_AUTH;
887       break;
888     case err_status_replay_fail:
889     case err_status_replay_old:
890       key.error = SrtpFilter::ERROR_REPLAY;
891       break;
892     default:
893       key.error = SrtpFilter::ERROR_FAIL;
894   }
895   HandleSrtpResult(key);
896 }
897 
AddProtectRtcpResult(int result)898 void SrtpStat::AddProtectRtcpResult(int result) {
899   AddProtectRtpResult(0U, result);
900 }
901 
AddUnprotectRtcpResult(int result)902 void SrtpStat::AddUnprotectRtcpResult(int result) {
903   AddUnprotectRtpResult(0U, result);
904 }
905 
HandleSrtpResult(const SrtpStat::FailureKey & key)906 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) {
907   // Handle some cases where error should be signalled right away. For other
908   // errors, trigger error for the first time seeing it.  After that, silent
909   // the same error for a certain amount of time (default 1 sec).
910   if (key.error != SrtpFilter::ERROR_NONE) {
911     // For errors, signal first time and wait for 1 sec.
912     FailureStat* stat = &(failures_[key]);
913     uint32_t current_time = rtc::Time();
914     if (stat->last_signal_time == 0 ||
915         rtc::TimeDiff(current_time, stat->last_signal_time) >
916         static_cast<int>(signal_silent_time_)) {
917       SignalSrtpError(key.ssrc, key.mode, key.error);
918       stat->last_signal_time = current_time;
919     }
920   }
921 }
922 
923 #else   // !HAVE_SRTP
924 
925 // On some systems, SRTP is not (yet) available.
926 
SrtpStat()927 SrtpStat::SrtpStat()
928     : signal_silent_time_(1000) {
929   LOG(WARNING) << "SRTP implementation is missing.";
930 }
931 
AddProtectRtpResult(uint32_t ssrc,int result)932 void SrtpStat::AddProtectRtpResult(uint32_t ssrc, int result) {
933   SrtpNotAvailable(__FUNCTION__);
934 }
935 
AddUnprotectRtpResult(uint32_t ssrc,int result)936 void SrtpStat::AddUnprotectRtpResult(uint32_t ssrc, int result) {
937   SrtpNotAvailable(__FUNCTION__);
938 }
939 
AddProtectRtcpResult(int result)940 void SrtpStat::AddProtectRtcpResult(int result) {
941   SrtpNotAvailable(__FUNCTION__);
942 }
943 
AddUnprotectRtcpResult(int result)944 void SrtpStat::AddUnprotectRtcpResult(int result) {
945   SrtpNotAvailable(__FUNCTION__);
946 }
947 
HandleSrtpResult(const SrtpStat::FailureKey & key)948 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) {
949   SrtpNotAvailable(__FUNCTION__);
950 }
951 
952 #endif  // HAVE_SRTP
953 
954 }  // namespace cricket
955