Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
// Original author: ekr@rtfm.com
#include "logging.h"
#include "SrtpFlow.h"
#include "srtp.h"
#include "transportlayerdtls.h"
#include "mozilla/RefPtr.h"
using namespace mozilla;
namespace mozilla {
MOZ_MTLOG_MODULE("mtransport")
bool SrtpFlow::initialized; // Static
SrtpFlow::~SrtpFlow() {
if (session_) {
srtp_dealloc(session_);
}
}
unsigned int SrtpFlow::KeySize(int cipher_suite) {
srtp_profile_t profile = static_cast<srtp_profile_t>(cipher_suite);
return srtp_profile_get_master_key_length(profile);
}
unsigned int SrtpFlow::SaltSize(int cipher_suite) {
srtp_profile_t profile = static_cast<srtp_profile_t>(cipher_suite);
return srtp_profile_get_master_salt_length(profile);
}
RefPtr<SrtpFlow> SrtpFlow::Create(int cipher_suite, bool inbound,
const void* key, size_t key_len) {
nsresult res = Init();
if (!NS_SUCCEEDED(res)) return nullptr;
RefPtr<SrtpFlow> flow = new SrtpFlow();
if (!key) {
MOZ_MTLOG(ML_ERROR, "Null SRTP key specified");
return nullptr;
}
if ((key_len > SRTP_MAX_KEY_LENGTH) || (key_len < SRTP_MIN_KEY_LENGTH)) {
MOZ_ASSERT(false, "Invalid SRTP key length");
return nullptr;
}
srtp_policy_t policy;
memset(&policy, 0, sizeof(srtp_policy_t));
// Note that we set the same cipher suite for RTP and RTCP
// since any flow can only have one cipher suite with DTLS-SRTP
switch (cipher_suite) {
case kDtlsSrtpAeadAes256Gcm:
MOZ_MTLOG(ML_DEBUG, "Setting SRTP cipher suite SRTP_AEAD_AES_256_GCM");
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
break;
case kDtlsSrtpAeadAes128Gcm:
MOZ_MTLOG(ML_DEBUG, "Setting SRTP cipher suite SRTP_AEAD_AES_128_GCM");
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
break;
case kDtlsSrtpAes128CmHmacSha1_80:
MOZ_MTLOG(ML_DEBUG,
"Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_80");
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
break;
case kDtlsSrtpAes128CmHmacSha1_32:
MOZ_MTLOG(ML_DEBUG,
"Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_32");
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(
&policy.rtcp); // 80-bit per RFC 5764
break; // S 4.1.2.
default:
MOZ_MTLOG(ML_ERROR, "Request to set unknown SRTP cipher suite");
return nullptr;
}
// This key is copied into the srtp_t object, so we don't
// need to keep it.
policy.key =
const_cast<unsigned char*>(static_cast<const unsigned char*>(key));
policy.ssrc.type = inbound ? ssrc_any_inbound : ssrc_any_outbound;
policy.ssrc.value = 0;
policy.window_size =
1024; // Use the Chrome value. Needs to be revisited. Default is 128
policy.allow_repeat_tx = 1; // Use Chrome value; needed for NACK mode to work
policy.next = nullptr;
// Now make the session
srtp_err_status_t r = srtp_create(&flow->session_, &policy);
if (r != srtp_err_status_ok) {
MOZ_MTLOG(ML_ERROR, "Error creating srtp session");
return nullptr;
}
return flow;
}
nsresult SrtpFlow::CheckInputs(bool protect, void* in, int in_len, int max_len,
int* out_len) {
MOZ_ASSERT(in);
if (!in) {
MOZ_MTLOG(ML_ERROR, "NULL input value");
return NS_ERROR_NULL_POINTER;
}
if (in_len < 0) {
MOZ_MTLOG(ML_ERROR, "Input length is negative");
return NS_ERROR_ILLEGAL_VALUE;
}
if (max_len < 0) {
MOZ_MTLOG(ML_ERROR, "Max output length is negative");
return NS_ERROR_ILLEGAL_VALUE;
}
if (protect) {
if ((max_len < SRTP_MAX_EXPANSION) ||
((max_len - SRTP_MAX_EXPANSION) < in_len)) {
MOZ_MTLOG(ML_ERROR, "Output too short");
return NS_ERROR_ILLEGAL_VALUE;
}
} else {
if (in_len > max_len) {
MOZ_MTLOG(ML_ERROR, "Output too short");
return NS_ERROR_ILLEGAL_VALUE;
}
}
return NS_OK;
}
nsresult SrtpFlow::ProtectRtp(void* in, int in_len, int max_len, int* out_len) {
nsresult res = CheckInputs(true, in, in_len, max_len, out_len);
if (NS_FAILED(res)) return res;
int len = in_len;
srtp_err_status_t r = srtp_protect(session_, in, &len);
if (r != srtp_err_status_ok) {
MOZ_MTLOG(ML_ERROR, "Error protecting SRTP packet");
return NS_ERROR_FAILURE;
}
MOZ_ASSERT(len <= max_len);
*out_len = len;
MOZ_MTLOG(ML_DEBUG,
"Successfully protected an SRTP packet of len " << *out_len);
return NS_OK;
}
nsresult SrtpFlow::UnprotectRtp(void* in, int in_len, int max_len,
int* out_len) {
nsresult res = CheckInputs(false, in, in_len, max_len, out_len);
if (NS_FAILED(res)) return res;
int len = in_len;
srtp_err_status_t r = srtp_unprotect(session_, in, &len);
if (r != srtp_err_status_ok) {
MOZ_MTLOG(ML_ERROR, "Error unprotecting SRTP packet error=" << (int)r);
return NS_ERROR_FAILURE;
}
MOZ_ASSERT(len <= max_len);
*out_len = len;
MOZ_MTLOG(ML_DEBUG,
"Successfully unprotected an SRTP packet of len " << *out_len);
return NS_OK;
}
nsresult SrtpFlow::ProtectRtcp(void* in, int in_len, int max_len,
int* out_len) {
nsresult res = CheckInputs(true, in, in_len, max_len, out_len);
if (NS_FAILED(res)) return res;
int len = in_len;
srtp_err_status_t r = srtp_protect_rtcp(session_, in, &len);
if (r != srtp_err_status_ok) {
MOZ_MTLOG(ML_ERROR, "Error protecting SRTCP packet");
return NS_ERROR_FAILURE;
}
MOZ_ASSERT(len <= max_len);
*out_len = len;
MOZ_MTLOG(ML_DEBUG,
"Successfully protected an SRTCP packet of len " << *out_len);
return NS_OK;
}
nsresult SrtpFlow::UnprotectRtcp(void* in, int in_len, int max_len,
int* out_len) {
nsresult res = CheckInputs(false, in, in_len, max_len, out_len);
if (NS_FAILED(res)) return res;
int len = in_len;
srtp_err_status_t r = srtp_unprotect_rtcp(session_, in, &len);
if (r != srtp_err_status_ok) {
MOZ_MTLOG(ML_ERROR, "Error unprotecting SRTCP packet error=" << (int)r);
return NS_ERROR_FAILURE;
}
MOZ_ASSERT(len <= max_len);
*out_len = len;
MOZ_MTLOG(ML_DEBUG,
"Successfully unprotected an SRTCP packet of len " << *out_len);
return NS_OK;
}
// Statics
void SrtpFlow::srtp_event_handler(srtp_event_data_t* data) {
// TODO(ekr@rtfm.com): Implement this
MOZ_CRASH();
}
nsresult SrtpFlow::Init() {
if (!initialized) {
srtp_err_status_t r = srtp_init();
if (r != srtp_err_status_ok) {
MOZ_MTLOG(ML_ERROR, "Could not initialize SRTP");
MOZ_ASSERT(PR_FALSE);
return NS_ERROR_FAILURE;
}
r = srtp_install_event_handler(&SrtpFlow::srtp_event_handler);
if (r != srtp_err_status_ok) {
MOZ_MTLOG(ML_ERROR, "Could not install SRTP event handler");
MOZ_ASSERT(PR_FALSE);
return NS_ERROR_FAILURE;
}
initialized = true;
}
return NS_OK;
}
} // namespace mozilla