2012-10-07 05:34:29 +00:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
// Original author: ekr@rtfm.com
|
|
|
|
|
2013-05-21 02:11:01 +00:00
|
|
|
#include "logging.h"
|
2012-10-07 05:34:29 +00:00
|
|
|
#include "SrtpFlow.h"
|
|
|
|
|
|
|
|
#include "srtp.h"
|
|
|
|
#include "ssl.h"
|
|
|
|
#include "sslproto.h"
|
|
|
|
|
|
|
|
#include "mozilla/RefPtr.h"
|
2012-10-12 15:15:24 +00:00
|
|
|
|
2012-10-07 05:34:29 +00:00
|
|
|
// Logging context
|
|
|
|
using namespace mozilla;
|
2013-01-30 21:13:36 +00:00
|
|
|
MOZ_MTLOG_MODULE("mediapipeline")
|
2012-10-07 05:34:29 +00:00
|
|
|
|
|
|
|
namespace mozilla {
|
|
|
|
|
|
|
|
bool SrtpFlow::initialized; // Static
|
|
|
|
|
|
|
|
SrtpFlow::~SrtpFlow() {
|
|
|
|
if (session_) {
|
|
|
|
srtp_dealloc(session_);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
RefPtr<SrtpFlow> SrtpFlow::Create(int cipher_suite,
|
|
|
|
bool inbound,
|
|
|
|
const void *key,
|
|
|
|
size_t key_len) {
|
|
|
|
nsresult res = Init();
|
|
|
|
if (!NS_SUCCEEDED(res))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
RefPtr<SrtpFlow> flow = new SrtpFlow();
|
|
|
|
|
|
|
|
if (!key) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Null SRTP key specified");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (key_len != SRTP_TOTAL_KEY_LENGTH) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Invalid SRTP key length");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2012-10-07 05:34:29 +00:00
|
|
|
srtp_policy_t policy;
|
|
|
|
memset(&policy, 0, sizeof(srtp_policy_t));
|
2012-10-07 05:34:29 +00:00
|
|
|
|
|
|
|
// Note that we set the same cipher suite for RTP and RTCP
|
|
|
|
// since any flow can only have one cipher suite with DTLS-SRTP
|
|
|
|
switch (cipher_suite) {
|
|
|
|
case SRTP_AES128_CM_HMAC_SHA1_80:
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_DEBUG,
|
|
|
|
"Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_80");
|
2012-10-07 05:34:29 +00:00
|
|
|
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
|
|
|
|
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
|
2012-10-07 05:34:29 +00:00
|
|
|
break;
|
|
|
|
case SRTP_AES128_CM_HMAC_SHA1_32:
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_DEBUG,
|
|
|
|
"Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_32");
|
2012-10-07 05:34:29 +00:00
|
|
|
crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
|
2013-01-18 21:03:17 +00:00
|
|
|
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // 80-bit per RFC 5764
|
|
|
|
break; // S 4.1.2.
|
2012-10-07 05:34:29 +00:00
|
|
|
default:
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Request to set unknown SRTP cipher suite");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
2012-10-07 05:34:29 +00:00
|
|
|
// This key is copied into the srtp_t object, so we don't
|
|
|
|
// need to keep it.
|
|
|
|
policy.key = const_cast<unsigned char *>(
|
2012-10-07 05:34:29 +00:00
|
|
|
static_cast<const unsigned char *>(key));
|
2012-10-07 05:34:29 +00:00
|
|
|
policy.ssrc.type = inbound ? ssrc_any_inbound : ssrc_any_outbound;
|
|
|
|
policy.ssrc.value = 0;
|
|
|
|
policy.ekt = NULL;
|
2013-01-23 21:41:35 +00:00
|
|
|
policy.window_size = 1024; // Use the Chrome value. Needs to be revisited. Default is 128
|
|
|
|
policy.allow_repeat_tx = 1; // Use Chrome value; needed for NACK mode to work
|
2012-10-07 05:34:29 +00:00
|
|
|
policy.next = NULL;
|
2012-10-07 05:34:29 +00:00
|
|
|
|
|
|
|
// Now make the session
|
2012-10-07 05:34:29 +00:00
|
|
|
err_status_t r = srtp_create(&flow->session_, &policy);
|
2012-10-07 05:34:29 +00:00
|
|
|
if (r != err_status_ok) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Error creating srtp session");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return flow;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
nsresult SrtpFlow::CheckInputs(bool protect, void *in, int in_len,
|
|
|
|
int max_len, int *out_len) {
|
2012-10-07 05:34:29 +00:00
|
|
|
MOZ_ASSERT(in);
|
2012-10-07 05:34:29 +00:00
|
|
|
if (!in) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "NULL input value");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_NULL_POINTER;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (in_len < 0) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Input length is negative");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_ILLEGAL_VALUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (max_len < 0) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Max output length is negative");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_ILLEGAL_VALUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (protect) {
|
|
|
|
if ((max_len < SRTP_MAX_EXPANSION) ||
|
|
|
|
((max_len - SRTP_MAX_EXPANSION) < in_len)) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Output too short");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_ILLEGAL_VALUE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
if (in_len > max_len) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Output too short");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_ILLEGAL_VALUE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult SrtpFlow::ProtectRtp(void *in, int in_len,
|
|
|
|
int max_len, int *out_len) {
|
|
|
|
nsresult res = CheckInputs(true, in, in_len, max_len, out_len);
|
|
|
|
if (NS_FAILED(res))
|
|
|
|
return res;
|
|
|
|
|
|
|
|
int len = in_len;
|
|
|
|
err_status_t r = srtp_protect(session_, in, &len);
|
|
|
|
|
|
|
|
if (r != err_status_ok) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Error protecting SRTP packet");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2012-10-07 05:34:29 +00:00
|
|
|
MOZ_ASSERT(len <= max_len);
|
2012-10-07 05:34:29 +00:00
|
|
|
*out_len = len;
|
|
|
|
|
|
|
|
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_DEBUG, "Successfully protected an SRTP packet of len "
|
|
|
|
<< *out_len);
|
2012-10-07 05:34:29 +00:00
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult SrtpFlow::UnprotectRtp(void *in, int in_len,
|
|
|
|
int max_len, int *out_len) {
|
|
|
|
nsresult res = CheckInputs(false, in, in_len, max_len, out_len);
|
|
|
|
if (NS_FAILED(res))
|
|
|
|
return res;
|
|
|
|
|
|
|
|
int len = in_len;
|
|
|
|
err_status_t r = srtp_unprotect(session_, in, &len);
|
|
|
|
|
|
|
|
if (r != err_status_ok) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Error unprotecting SRTP packet");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2012-10-07 05:34:29 +00:00
|
|
|
MOZ_ASSERT(len <= max_len);
|
2012-10-07 05:34:29 +00:00
|
|
|
*out_len = len;
|
|
|
|
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_DEBUG, "Successfully unprotected an SRTP packet of len "
|
|
|
|
<< *out_len);
|
2012-10-07 05:34:29 +00:00
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult SrtpFlow::ProtectRtcp(void *in, int in_len,
|
|
|
|
int max_len, int *out_len) {
|
|
|
|
nsresult res = CheckInputs(true, in, in_len, max_len, out_len);
|
|
|
|
if (NS_FAILED(res))
|
|
|
|
return res;
|
|
|
|
|
|
|
|
int len = in_len;
|
|
|
|
err_status_t r = srtp_protect_rtcp(session_, in, &len);
|
|
|
|
|
|
|
|
if (r != err_status_ok) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Error protecting SRTCP packet");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2012-10-07 05:34:29 +00:00
|
|
|
MOZ_ASSERT(len <= max_len);
|
2012-10-07 05:34:29 +00:00
|
|
|
*out_len = len;
|
|
|
|
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_DEBUG, "Successfully protected an SRTCP packet of len "
|
|
|
|
<< *out_len);
|
2012-10-07 05:34:29 +00:00
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
nsresult SrtpFlow::UnprotectRtcp(void *in, int in_len,
|
|
|
|
int max_len, int *out_len) {
|
|
|
|
nsresult res = CheckInputs(false, in, in_len, max_len, out_len);
|
|
|
|
if (NS_FAILED(res))
|
|
|
|
return res;
|
|
|
|
|
|
|
|
int len = in_len;
|
|
|
|
err_status_t r = srtp_unprotect_rtcp(session_, in, &len);
|
|
|
|
|
|
|
|
if (r != err_status_ok) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Error unprotecting SRTCP packet");
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
2012-10-07 05:34:29 +00:00
|
|
|
MOZ_ASSERT(len <= max_len);
|
2012-10-07 05:34:29 +00:00
|
|
|
*out_len = len;
|
|
|
|
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_DEBUG, "Successfully unprotected an SRTCP packet of len "
|
|
|
|
<< *out_len);
|
2012-10-07 05:34:29 +00:00
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Statics
|
|
|
|
void SrtpFlow::srtp_event_handler(srtp_event_data_t *data) {
|
|
|
|
// TODO(ekr@rtfm.com): Implement this
|
2012-10-07 05:34:29 +00:00
|
|
|
MOZ_CRASH();
|
2012-10-07 05:34:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
nsresult SrtpFlow::Init() {
|
|
|
|
if (!initialized) {
|
|
|
|
err_status_t r = srtp_init();
|
|
|
|
if (r != err_status_ok) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Could not initialize SRTP");
|
2012-10-25 16:32:24 +00:00
|
|
|
MOZ_ASSERT(PR_FALSE);
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = srtp_install_event_handler(&SrtpFlow::srtp_event_handler);
|
|
|
|
if (r != err_status_ok) {
|
2013-07-03 18:40:36 +00:00
|
|
|
MOZ_MTLOG(ML_ERROR, "Could not install SRTP event handler");
|
2012-10-25 16:32:24 +00:00
|
|
|
MOZ_ASSERT(PR_FALSE);
|
2012-10-07 05:34:29 +00:00
|
|
|
return NS_ERROR_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
initialized = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
} // end of namespace
|
|
|
|
|