/* * Copyright 2017 The WebRTC project authors. All Rights Reserved. * * Use of this source code is governed by a BSD-style license * that can be found in the LICENSE file in the root of the source * tree. An additional intellectual property rights grant can be found * in the file PATENTS. All contributing project authors may * be found in the AUTHORS file in the root of the source tree. */ #ifndef WEBRTC_PC_SRTPSESSION_H_ #define WEBRTC_PC_SRTPSESSION_H_ #include #include "webrtc/rtc_base/basictypes.h" #include "webrtc/rtc_base/thread_checker.h" // Forward declaration to avoid pulling in libsrtp headers here struct srtp_event_data_t; struct srtp_ctx_t_; namespace cricket { // Class that wraps a libSRTP session. class SrtpSession { public: SrtpSession(); ~SrtpSession(); // Configures the session for sending data using the specified // cipher-suite and key. Receiving must be done by a separate session. bool SetSend(int cs, const uint8_t* key, size_t len); bool UpdateSend(int cs, const uint8_t* key, size_t len); // Configures the session for receiving data using the specified // cipher-suite and key. Sending must be done by a separate session. bool SetRecv(int cs, const uint8_t* key, size_t len); bool UpdateRecv(int cs, const uint8_t* key, size_t len); void SetEncryptedHeaderExtensionIds( const std::vector& encrypted_header_extension_ids); // Encrypts/signs an individual RTP/RTCP packet, in-place. // If an HMAC is used, this will increase the packet size. bool ProtectRtp(void* data, int in_len, int max_len, int* out_len); // Overloaded version, outputs packet index. bool ProtectRtp(void* data, int in_len, int max_len, int* out_len, int64_t* index); bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len); // Decrypts/verifies an invidiual RTP/RTCP packet. // If an HMAC is used, this will decrease the packet size. bool UnprotectRtp(void* data, int in_len, int* out_len); bool UnprotectRtcp(void* data, int in_len, int* out_len); // Helper method to get authentication params. bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len); int GetSrtpOverhead() const; // If external auth is enabled, SRTP will write a dummy auth tag that then // later must get replaced before the packet is sent out. Only supported for // non-GCM cipher suites and can be checked through "IsExternalAuthActive" // if it is actually used. This method is only valid before the RTP params // have been set. void EnableExternalAuth(); bool IsExternalAuthEnabled() const; // A SRTP session supports external creation of the auth tag if a non-GCM // cipher is used. This method is only valid after the RTP params have // been set. bool IsExternalAuthActive() const; // Calls srtp_shutdown if it's initialized. static void Terminate(); private: bool DoSetKey(int type, int cs, const uint8_t* key, size_t len); bool SetKey(int type, int cs, const uint8_t* key, size_t len); bool UpdateKey(int type, int cs, const uint8_t* key, size_t len); bool SetEncryptedHeaderExtensionIds( int type, const std::vector& encrypted_header_extension_ids); // Returns send stream current packet index from srtp db. bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index); static bool Init(); void HandleEvent(const srtp_event_data_t* ev); static void HandleEventThunk(srtp_event_data_t* ev); rtc::ThreadChecker thread_checker_; srtp_ctx_t_* session_ = nullptr; int rtp_auth_tag_len_ = 0; int rtcp_auth_tag_len_ = 0; static bool inited_; static rtc::GlobalLockPod lock_; int last_send_seq_num_ = -1; bool external_auth_active_ = false; bool external_auth_enabled_ = false; std::vector encrypted_header_extension_ids_; RTC_DISALLOW_COPY_AND_ASSIGN(SrtpSession); }; } // namespace cricket #endif // WEBRTC_PC_SRTPSESSION_H_