xref: /aosp_15_r20/external/webrtc/pc/srtp_session.h (revision d9f758449e529ab9291ac668be2861e7a55c2422) 
1 /*
2  *  Copyright 2017 The WebRTC project authors. All Rights Reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #ifndef PC_SRTP_SESSION_H_
12 #define PC_SRTP_SESSION_H_
13 
14 #include <stddef.h>
15 #include <stdint.h>
16 
17 #include <vector>
18 
19 #include "api/field_trials_view.h"
20 #include "api/scoped_refptr.h"
21 #include "api/sequence_checker.h"
22 #include "rtc_base/synchronization/mutex.h"
23 
24 // Forward declaration to avoid pulling in libsrtp headers here
25 struct srtp_event_data_t;
26 struct srtp_ctx_t_;
27 
28 namespace cricket {
29 
30 // Prohibits webrtc from initializing libsrtp. This can be used if libsrtp is
31 // initialized by another library or explicitly. Note that this must be called
32 // before creating an SRTP session with WebRTC.
33 void ProhibitLibsrtpInitialization();
34 
35 // Class that wraps a libSRTP session.
36 class SrtpSession {
37  public:
38   SrtpSession();
39   explicit SrtpSession(const webrtc::FieldTrialsView& field_trials);
40   ~SrtpSession();
41 
42   SrtpSession(const SrtpSession&) = delete;
43   SrtpSession& operator=(const SrtpSession&) = delete;
44 
45   // Configures the session for sending data using the specified
46   // cipher-suite and key. Receiving must be done by a separate session.
47   bool SetSend(int cs,
48                const uint8_t* key,
49                size_t len,
50                const std::vector<int>& extension_ids);
51   bool UpdateSend(int cs,
52                   const uint8_t* key,
53                   size_t len,
54                   const std::vector<int>& extension_ids);
55 
56   // Configures the session for receiving data using the specified
57   // cipher-suite and key. Sending must be done by a separate session.
58   bool SetRecv(int cs,
59                const uint8_t* key,
60                size_t len,
61                const std::vector<int>& extension_ids);
62   bool UpdateRecv(int cs,
63                   const uint8_t* key,
64                   size_t len,
65                   const std::vector<int>& extension_ids);
66 
67   // Encrypts/signs an individual RTP/RTCP packet, in-place.
68   // If an HMAC is used, this will increase the packet size.
69   bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
70   // Overloaded version, outputs packet index.
71   bool ProtectRtp(void* data,
72                   int in_len,
73                   int max_len,
74                   int* out_len,
75                   int64_t* index);
76   bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
77   // Decrypts/verifies an invidiual RTP/RTCP packet.
78   // If an HMAC is used, this will decrease the packet size.
79   bool UnprotectRtp(void* data, int in_len, int* out_len);
80   bool UnprotectRtcp(void* data, int in_len, int* out_len);
81 
82   // Helper method to get authentication params.
83   bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
84 
85   int GetSrtpOverhead() const;
86 
87   // If external auth is enabled, SRTP will write a dummy auth tag that then
88   // later must get replaced before the packet is sent out. Only supported for
89   // non-GCM cipher suites and can be checked through "IsExternalAuthActive"
90   // if it is actually used. This method is only valid before the RTP params
91   // have been set.
92   void EnableExternalAuth();
93   bool IsExternalAuthEnabled() const;
94 
95   // A SRTP session supports external creation of the auth tag if a non-GCM
96   // cipher is used. This method is only valid after the RTP params have
97   // been set.
98   bool IsExternalAuthActive() const;
99 
100  private:
101   bool DoSetKey(int type,
102                 int cs,
103                 const uint8_t* key,
104                 size_t len,
105                 const std::vector<int>& extension_ids);
106   bool SetKey(int type,
107               int cs,
108               const uint8_t* key,
109               size_t len,
110               const std::vector<int>& extension_ids);
111   bool UpdateKey(int type,
112                  int cs,
113                  const uint8_t* key,
114                  size_t len,
115                  const std::vector<int>& extension_ids);
116   // Returns send stream current packet index from srtp db.
117   bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index);
118 
119   // Writes unencrypted packets in text2pcap format to the log file
120   // for debugging.
121   void DumpPacket(const void* buf, int len, bool outbound);
122 
123   void HandleEvent(const srtp_event_data_t* ev);
124   static void HandleEventThunk(srtp_event_data_t* ev);
125 
126   webrtc::SequenceChecker thread_checker_;
127   srtp_ctx_t_* session_ = nullptr;
128 
129   // Overhead of the SRTP auth tag for RTP and RTCP in bytes.
130   // Depends on the cipher suite used and is usually the same with the exception
131   // of the kCsAesCm128HmacSha1_32 cipher suite. The additional four bytes
132   // required for RTCP protection are not included.
133   int rtp_auth_tag_len_ = 0;
134   int rtcp_auth_tag_len_ = 0;
135 
136   bool inited_ = false;
137   int last_send_seq_num_ = -1;
138   bool external_auth_active_ = false;
139   bool external_auth_enabled_ = false;
140   int decryption_failure_count_ = 0;
141   bool dump_plain_rtp_ = false;
142 };
143 
144 }  // namespace cricket
145 
146 #endif  // PC_SRTP_SESSION_H_
147