2018-04-23 21:14:30 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=2 et sw=2 tw=80: */
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
// Original author: ekr@rtfm.com
|
|
|
|
|
|
|
|
#include "transportlayersrtp.h"
|
|
|
|
#include "transportlayerdtls.h"
|
|
|
|
|
|
|
|
#include "logging.h"
|
|
|
|
#include "nsError.h"
|
|
|
|
#include "mozilla/Assertions.h"
|
|
|
|
#include "transportlayerdtls.h"
|
|
|
|
#include "srtp.h"
|
2020-01-23 20:50:51 +03:00
|
|
|
#include "nsAutoPtr.h"
|
2018-04-23 21:14:30 +03:00
|
|
|
|
|
|
|
namespace mozilla {
|
|
|
|
|
|
|
|
MOZ_MTLOG_MODULE("mtransport")
|
|
|
|
|
|
|
|
static char kDTLSExporterLabel[] = "EXTRACTOR-dtls_srtp";
|
|
|
|
|
|
|
|
TransportLayerSrtp::TransportLayerSrtp(TransportLayerDtls& dtls) {
|
|
|
|
// We need to connect to the dtls layer, not the ice layer, because even
|
|
|
|
// though the packets that DTLS decrypts don't flow through us, we do base our
|
|
|
|
// keying information on the keying information established by the DTLS layer.
|
|
|
|
dtls.SignalStateChange.connect(this, &TransportLayerSrtp::StateChange);
|
|
|
|
|
|
|
|
TL_SET_STATE(dtls.state());
|
|
|
|
}
|
|
|
|
|
|
|
|
void TransportLayerSrtp::WasInserted() {
|
|
|
|
// Connect to the lower layers
|
|
|
|
if (!Setup()) {
|
|
|
|
TL_SET_STATE(TS_ERROR);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
bool TransportLayerSrtp::Setup() {
|
|
|
|
CheckThread();
|
|
|
|
if (!downward_) {
|
|
|
|
MOZ_MTLOG(ML_ERROR, "SRTP layer with nothing below. This is useless");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// downward_ is the TransportLayerIce
|
|
|
|
downward_->SignalPacketReceived.connect(this,
|
|
|
|
&TransportLayerSrtp::PacketReceived);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2018-05-10 01:13:35 +03:00
|
|
|
TransportResult TransportLayerSrtp::SendPacket(MediaPacket& packet) {
|
2019-03-23 02:31:44 +03:00
|
|
|
if (state() != TS_OPEN) {
|
|
|
|
return TE_ERROR;
|
|
|
|
}
|
|
|
|
|
2018-05-10 01:13:35 +03:00
|
|
|
if (packet.len() < 4) {
|
2018-04-23 21:14:30 +03:00
|
|
|
MOZ_ASSERT(false);
|
|
|
|
return TE_ERROR;
|
|
|
|
}
|
|
|
|
|
2018-05-10 01:13:35 +03:00
|
|
|
MOZ_ASSERT(packet.capacity() - packet.len() >= SRTP_MAX_EXPANSION);
|
2018-04-23 21:14:30 +03:00
|
|
|
|
|
|
|
int out_len;
|
|
|
|
nsresult res;
|
2018-05-10 01:13:35 +03:00
|
|
|
switch (packet.type()) {
|
|
|
|
case MediaPacket::RTP:
|
|
|
|
res = mSendSrtp->ProtectRtp(packet.data(), packet.len(),
|
|
|
|
packet.capacity(), &out_len);
|
2018-10-26 03:39:07 +03:00
|
|
|
packet.SetType(MediaPacket::SRTP);
|
2018-05-10 01:13:35 +03:00
|
|
|
break;
|
|
|
|
case MediaPacket::RTCP:
|
|
|
|
res = mSendSrtp->ProtectRtcp(packet.data(), packet.len(),
|
|
|
|
packet.capacity(), &out_len);
|
2018-10-26 03:39:07 +03:00
|
|
|
packet.SetType(MediaPacket::SRTCP);
|
2018-05-10 01:13:35 +03:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
MOZ_CRASH("SRTP layer asked to send packet that is neither RTP or RTCP");
|
2018-04-23 21:14:30 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (NS_FAILED(res)) {
|
|
|
|
MOZ_MTLOG(ML_ERROR,
|
2018-09-20 17:11:44 +03:00
|
|
|
"Error protecting "
|
|
|
|
<< (packet.type() == MediaPacket::RTP ? "RTP" : "RTCP")
|
|
|
|
<< " len=" << packet.len() << "[" << std::hex
|
2018-05-10 01:13:35 +03:00
|
|
|
<< packet.data()[0] << " " << packet.data()[1] << " "
|
|
|
|
<< packet.data()[2] << " " << packet.data()[3] << "]");
|
2018-04-23 21:14:30 +03:00
|
|
|
return TE_ERROR;
|
|
|
|
}
|
|
|
|
|
2018-05-10 01:13:35 +03:00
|
|
|
size_t unencrypted_len = packet.len();
|
|
|
|
packet.SetLength(out_len);
|
2018-04-23 21:14:30 +03:00
|
|
|
|
2018-05-10 01:13:35 +03:00
|
|
|
TransportResult bytes = downward_->SendPacket(packet);
|
|
|
|
if (bytes == out_len) {
|
2018-04-23 21:14:30 +03:00
|
|
|
// Whole packet was written, but the encrypted length might be different.
|
|
|
|
// Don't confuse the caller.
|
2018-05-10 01:13:35 +03:00
|
|
|
return unencrypted_len;
|
2018-04-23 21:14:30 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (bytes == TE_WOULDBLOCK) {
|
|
|
|
return TE_WOULDBLOCK;
|
|
|
|
}
|
|
|
|
|
|
|
|
return TE_ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
void TransportLayerSrtp::StateChange(TransportLayer* layer, State state) {
|
2019-04-26 17:49:12 +03:00
|
|
|
if (state == TS_OPEN && !mSendSrtp) {
|
2018-04-23 21:14:30 +03:00
|
|
|
TransportLayerDtls* dtls = static_cast<TransportLayerDtls*>(layer);
|
|
|
|
MOZ_ASSERT(dtls); // DTLS is mandatory
|
|
|
|
|
|
|
|
uint16_t cipher_suite;
|
|
|
|
nsresult res = dtls->GetSrtpCipher(&cipher_suite);
|
|
|
|
if (NS_FAILED(res)) {
|
2019-01-17 17:16:01 +03:00
|
|
|
MOZ_MTLOG(ML_DEBUG, "DTLS-SRTP disabled");
|
2018-04-23 21:14:30 +03:00
|
|
|
TL_SET_STATE(TS_ERROR);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-09-14 06:12:05 +03:00
|
|
|
unsigned int key_size = SrtpFlow::KeySize(cipher_suite);
|
|
|
|
unsigned int salt_size = SrtpFlow::SaltSize(cipher_suite);
|
|
|
|
unsigned int master_key_size = key_size + salt_size;
|
|
|
|
MOZ_ASSERT(master_key_size <= SRTP_MAX_KEY_LENGTH);
|
|
|
|
|
2018-04-23 21:14:30 +03:00
|
|
|
// SRTP Key Exporter as per RFC 5764 S 4.2
|
2018-09-14 06:12:05 +03:00
|
|
|
unsigned char srtp_block[SRTP_MAX_KEY_LENGTH * 2];
|
2018-04-23 21:14:30 +03:00
|
|
|
res = dtls->ExportKeyingMaterial(kDTLSExporterLabel, false, "", srtp_block,
|
|
|
|
sizeof(srtp_block));
|
|
|
|
if (NS_FAILED(res)) {
|
|
|
|
MOZ_MTLOG(ML_ERROR, "Failed to compute DTLS-SRTP keys. This is an error");
|
|
|
|
TL_SET_STATE(TS_ERROR);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Slice and dice as per RFC 5764 S 4.2
|
2018-09-14 06:12:05 +03:00
|
|
|
unsigned char client_write_key[SRTP_MAX_KEY_LENGTH];
|
|
|
|
unsigned char server_write_key[SRTP_MAX_KEY_LENGTH];
|
|
|
|
unsigned int offset = 0;
|
|
|
|
memcpy(client_write_key, srtp_block + offset, key_size);
|
|
|
|
offset += key_size;
|
|
|
|
memcpy(server_write_key, srtp_block + offset, key_size);
|
|
|
|
offset += key_size;
|
|
|
|
memcpy(client_write_key + key_size, srtp_block + offset, salt_size);
|
|
|
|
offset += salt_size;
|
|
|
|
memcpy(server_write_key + key_size, srtp_block + offset, salt_size);
|
|
|
|
MOZ_ASSERT((offset + salt_size) == (2 * master_key_size));
|
2018-04-23 21:14:30 +03:00
|
|
|
|
|
|
|
unsigned char* write_key;
|
|
|
|
unsigned char* read_key;
|
|
|
|
|
|
|
|
if (dtls->role() == TransportLayerDtls::CLIENT) {
|
|
|
|
write_key = client_write_key;
|
|
|
|
read_key = server_write_key;
|
|
|
|
} else {
|
|
|
|
write_key = server_write_key;
|
|
|
|
read_key = client_write_key;
|
|
|
|
}
|
|
|
|
|
|
|
|
MOZ_ASSERT(!mSendSrtp && !mRecvSrtp);
|
|
|
|
mSendSrtp =
|
2018-09-14 06:12:05 +03:00
|
|
|
SrtpFlow::Create(cipher_suite, false, write_key, master_key_size);
|
|
|
|
mRecvSrtp = SrtpFlow::Create(cipher_suite, true, read_key, master_key_size);
|
2018-04-23 21:14:30 +03:00
|
|
|
if (!mSendSrtp || !mRecvSrtp) {
|
|
|
|
MOZ_MTLOG(ML_ERROR, "Couldn't create SRTP flow.");
|
|
|
|
TL_SET_STATE(TS_ERROR);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
MOZ_MTLOG(ML_INFO, "Created SRTP flow!");
|
|
|
|
}
|
|
|
|
|
|
|
|
TL_SET_STATE(state);
|
|
|
|
}
|
|
|
|
|
2018-05-10 01:13:35 +03:00
|
|
|
void TransportLayerSrtp::PacketReceived(TransportLayer* layer,
|
|
|
|
MediaPacket& packet) {
|
2018-04-23 21:14:30 +03:00
|
|
|
if (state() != TS_OPEN) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-05-10 01:13:35 +03:00
|
|
|
if (!packet.data()) {
|
|
|
|
// Something ate this, probably the DTLS layer
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-10-26 03:39:07 +03:00
|
|
|
if (packet.type() != MediaPacket::SRTP &&
|
|
|
|
packet.type() != MediaPacket::SRTCP) {
|
2018-04-23 21:14:30 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-05-10 01:13:35 +03:00
|
|
|
// We want to keep the encrypted packet around for packet dumping
|
|
|
|
packet.CopyDataToEncrypted();
|
2018-04-23 21:14:30 +03:00
|
|
|
int outLen;
|
|
|
|
nsresult res;
|
|
|
|
|
2018-10-26 03:39:07 +03:00
|
|
|
if (packet.type() == MediaPacket::SRTP) {
|
2018-05-10 01:13:35 +03:00
|
|
|
packet.SetType(MediaPacket::RTP);
|
|
|
|
res = mRecvSrtp->UnprotectRtp(packet.data(), packet.len(), packet.len(),
|
|
|
|
&outLen);
|
2018-04-23 21:14:30 +03:00
|
|
|
} else {
|
2018-05-10 01:13:35 +03:00
|
|
|
packet.SetType(MediaPacket::RTCP);
|
|
|
|
res = mRecvSrtp->UnprotectRtcp(packet.data(), packet.len(), packet.len(),
|
|
|
|
&outLen);
|
2018-04-23 21:14:30 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (NS_SUCCEEDED(res)) {
|
2018-05-10 01:13:35 +03:00
|
|
|
packet.SetLength(outLen);
|
|
|
|
SignalPacketReceived(this, packet);
|
2018-04-23 21:14:30 +03:00
|
|
|
} else {
|
2018-05-10 01:13:35 +03:00
|
|
|
// TODO: What do we do wrt packet dumping here? Maybe signal an empty
|
|
|
|
// packet? Signal the still-encrypted packet?
|
2018-04-23 21:14:30 +03:00
|
|
|
MOZ_MTLOG(ML_ERROR,
|
2018-09-20 17:11:44 +03:00
|
|
|
"Error unprotecting "
|
|
|
|
<< (packet.type() == MediaPacket::RTP ? "RTP" : "RTCP")
|
|
|
|
<< " len=" << packet.len() << "[" << std::hex
|
2018-05-10 01:13:35 +03:00
|
|
|
<< packet.data()[0] << " " << packet.data()[1] << " "
|
|
|
|
<< packet.data()[2] << " " << packet.data()[3] << "]");
|
2018-04-23 21:14:30 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace mozilla
|