3 * Copyright 2009 Google Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #ifndef TALK_SESSION_MEDIA_SRTPFILTER_H_
29 #define TALK_SESSION_MEDIA_SRTPFILTER_H_
36 #include "talk/media/base/cryptoparams.h"
37 #include "webrtc/p2p/base/sessiondescription.h"
38 #include "webrtc/base/basictypes.h"
39 #include "webrtc/base/scoped_ptr.h"
40 #include "webrtc/base/sigslotrepeater.h"
42 // Forward declaration to avoid pulling in libsrtp headers here
43 struct srtp_event_data_t;
45 typedef srtp_ctx_t* srtp_t;
50 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except
51 // in applications (voice) where the additional bandwidth may be significant.
52 // A 80-bit HMAC is always used for SRTCP.
53 // 128-bit AES with 80-bit SHA-1 HMAC.
54 extern const char CS_AES_CM_128_HMAC_SHA1_80[];
55 // 128-bit AES with 32-bit SHA-1 HMAC.
56 extern const char CS_AES_CM_128_HMAC_SHA1_32[];
57 // Key is 128 bits and salt is 112 bits == 30 bytes. B64 bloat => 40 bytes.
58 extern const int SRTP_MASTER_KEY_BASE64_LEN;
60 // Needed for DTLS-SRTP
61 extern const int SRTP_MASTER_KEY_KEY_LEN;
62 extern const int SRTP_MASTER_KEY_SALT_LEN;
67 void EnableSrtpDebugging();
70 // Class to transform SRTP to/from RTP.
71 // Initialize by calling SetSend with the local security params, then call
72 // SetRecv once the remote security params are received. At that point
73 // Protect/UnprotectRt(c)p can be called to encrypt/decrypt data.
74 // TODO: Figure out concurrency policy for SrtpFilter.
91 // Whether the filter is active (i.e. crypto has been properly negotiated).
92 bool IsActive() const;
94 // Indicates which crypto algorithms and keys were contained in the offer.
95 // offer_params should contain a list of available parameters to use, or none,
96 // if crypto is not desired. This must be called before SetAnswer.
97 bool SetOffer(const std::vector<CryptoParams>& offer_params,
98 ContentSource source);
99 // Same as SetAnwer. But multiple calls are allowed to SetProvisionalAnswer
100 // after a call to SetOffer.
101 bool SetProvisionalAnswer(const std::vector<CryptoParams>& answer_params,
102 ContentSource source);
103 // Indicates which crypto algorithms and keys were contained in the answer.
104 // answer_params should contain the negotiated parameters, which may be none,
105 // if crypto was not desired or could not be negotiated (and not required).
106 // This must be called after SetOffer. If crypto negotiation completes
107 // successfully, this will advance the filter to the active state.
108 bool SetAnswer(const std::vector<CryptoParams>& answer_params,
109 ContentSource source);
111 // Just set up both sets of keys directly.
112 // Used with DTLS-SRTP.
113 bool SetRtpParams(const std::string& send_cs,
114 const uint8* send_key, int send_key_len,
115 const std::string& recv_cs,
116 const uint8* recv_key, int recv_key_len);
117 bool SetRtcpParams(const std::string& send_cs,
118 const uint8* send_key, int send_key_len,
119 const std::string& recv_cs,
120 const uint8* recv_key, int recv_key_len);
122 // Encrypts/signs an individual RTP/RTCP packet, in-place.
123 // If an HMAC is used, this will increase the packet size.
124 bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
125 // Overloaded version, outputs packet index.
126 bool ProtectRtp(void* data, int in_len, int max_len, int* out_len,
128 bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
129 // Decrypts/verifies an invidiual RTP/RTCP packet.
130 // If an HMAC is used, this will decrease the packet size.
131 bool UnprotectRtp(void* data, int in_len, int* out_len);
132 bool UnprotectRtcp(void* data, int in_len, int* out_len);
134 // Returns rtp auth params from srtp context.
135 bool GetRtpAuthParams(uint8** key, int* key_len, int* tag_len);
137 // Update the silent threshold (in ms) for signaling errors.
138 void set_signal_silent_time(uint32 signal_silent_time_in_ms);
140 sigslot::repeater3<uint32, Mode, Error> SignalSrtpError;
143 bool ExpectOffer(ContentSource source);
144 bool StoreParams(const std::vector<CryptoParams>& params,
145 ContentSource source);
146 bool ExpectAnswer(ContentSource source);
147 bool DoSetAnswer(const std::vector<CryptoParams>& answer_params,
148 ContentSource source,
150 void CreateSrtpSessions();
151 bool NegotiateParams(const std::vector<CryptoParams>& answer_params,
152 CryptoParams* selected_params);
153 bool ApplyParams(const CryptoParams& send_params,
154 const CryptoParams& recv_params);
156 static bool ParseKeyParams(const std::string& params, uint8* key, int len);
160 ST_INIT, // SRTP filter unused.
161 ST_SENTOFFER, // Offer with SRTP parameters sent.
162 ST_RECEIVEDOFFER, // Offer with SRTP parameters received.
163 ST_SENTPRANSWER_NO_CRYPTO, // Sent provisional answer without crypto.
164 // Received provisional answer without crypto.
165 ST_RECEIVEDPRANSWER_NO_CRYPTO,
166 ST_ACTIVE, // Offer and answer set.
167 // SRTP filter is active but new parameters are offered.
168 // When the answer is set, the state transitions to ST_ACTIVE or ST_INIT.
170 // SRTP filter is active but new parameters are received.
171 // When the answer is set, the state transitions back to ST_ACTIVE.
172 ST_RECEIVEDUPDATEDOFFER,
173 // SRTP filter is active but the sent answer is only provisional.
174 // When the final answer is set, the state transitions to ST_ACTIVE or
177 // SRTP filter is active but the received answer is only provisional.
178 // When the final answer is set, the state transitions to ST_ACTIVE or
183 uint32 signal_silent_time_in_ms_;
184 std::vector<CryptoParams> offer_params_;
185 rtc::scoped_ptr<SrtpSession> send_session_;
186 rtc::scoped_ptr<SrtpSession> recv_session_;
187 rtc::scoped_ptr<SrtpSession> send_rtcp_session_;
188 rtc::scoped_ptr<SrtpSession> recv_rtcp_session_;
189 CryptoParams applied_send_params_;
190 CryptoParams applied_recv_params_;
193 // Class that wraps a libSRTP session.
199 // Configures the session for sending data using the specified
200 // cipher-suite and key. Receiving must be done by a separate session.
201 bool SetSend(const std::string& cs, const uint8* key, int len);
202 // Configures the session for receiving data using the specified
203 // cipher-suite and key. Sending must be done by a separate session.
204 bool SetRecv(const std::string& cs, const uint8* key, int len);
206 // Encrypts/signs an individual RTP/RTCP packet, in-place.
207 // If an HMAC is used, this will increase the packet size.
208 bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
209 // Overloaded version, outputs packet index.
210 bool ProtectRtp(void* data, int in_len, int max_len, int* out_len,
212 bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
213 // Decrypts/verifies an invidiual RTP/RTCP packet.
214 // If an HMAC is used, this will decrease the packet size.
215 bool UnprotectRtp(void* data, int in_len, int* out_len);
216 bool UnprotectRtcp(void* data, int in_len, int* out_len);
218 // Helper method to get authentication params.
219 bool GetRtpAuthParams(uint8** key, int* key_len, int* tag_len);
221 // Update the silent threshold (in ms) for signaling errors.
222 void set_signal_silent_time(uint32 signal_silent_time_in_ms);
224 // Calls srtp_shutdown if it's initialized.
225 static void Terminate();
227 sigslot::repeater3<uint32, SrtpFilter::Mode, SrtpFilter::Error>
231 bool SetKey(int type, const std::string& cs, const uint8* key, int len);
232 // Returns send stream current packet index from srtp db.
233 bool GetSendStreamPacketIndex(void* data, int in_len, int64* index);
236 void HandleEvent(const srtp_event_data_t* ev);
237 static void HandleEventThunk(srtp_event_data_t* ev);
239 static std::list<SrtpSession*>* sessions();
242 int rtp_auth_tag_len_;
243 int rtcp_auth_tag_len_;
244 rtc::scoped_ptr<SrtpStat> srtp_stat_;
246 int last_send_seq_num_;
247 DISALLOW_COPY_AND_ASSIGN(SrtpSession);
250 // Class that collects failures of SRTP.
255 // Report RTP protection results to the handler.
256 void AddProtectRtpResult(uint32 ssrc, int result);
257 // Report RTP unprotection results to the handler.
258 void AddUnprotectRtpResult(uint32 ssrc, int result);
259 // Report RTCP protection results to the handler.
260 void AddProtectRtcpResult(int result);
261 // Report RTCP unprotection results to the handler.
262 void AddUnprotectRtcpResult(int result);
264 // Get silent time (in ms) for SRTP statistics handler.
265 uint32 signal_silent_time() const { return signal_silent_time_; }
266 // Set silent time (in ms) for SRTP statistics handler.
267 void set_signal_silent_time(uint32 signal_silent_time) {
268 signal_silent_time_ = signal_silent_time;
271 // Sigslot for reporting errors.
272 sigslot::signal3<uint32, SrtpFilter::Mode, SrtpFilter::Error>
276 // For each different ssrc and error, we collect statistics separately.
280 mode(SrtpFilter::PROTECT),
281 error(SrtpFilter::ERROR_NONE) {
283 FailureKey(uint32 in_ssrc, SrtpFilter::Mode in_mode,
284 SrtpFilter::Error in_error)
289 bool operator <(const FailureKey& key) const {
292 (ssrc == key.ssrc && mode < key.mode) ||
293 (ssrc == key.ssrc && mode == key.mode && error < key.error);
296 SrtpFilter::Mode mode;
297 SrtpFilter::Error error;
299 // For tracing conditions for signaling, currently we only use
300 // last_signal_time. Wrap this as a struct so that later on, if we need any
301 // other improvements, it will be easier.
304 : last_signal_time(0) {
306 explicit FailureStat(uint32 in_last_signal_time)
307 : last_signal_time(in_last_signal_time) {
310 last_signal_time = 0;
312 uint32 last_signal_time;
315 // Inspect SRTP result and signal error if needed.
316 void HandleSrtpResult(const FailureKey& key);
318 std::map<FailureKey, FailureStat> failures_;
319 // Threshold in ms to silent the signaling errors.
320 uint32 signal_silent_time_;
322 DISALLOW_COPY_AND_ASSIGN(SrtpStat);
325 } // namespace cricket
327 #endif // TALK_SESSION_MEDIA_SRTPFILTER_H_