/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. */ // Original author: ekr@rtfm.com #include "transportlayersrtp.h" #include "transportlayerdtls.h" #include "logging.h" #include "nsError.h" #include "mozilla/Assertions.h" namespace mozilla { MOZ_MTLOG_MODULE("mtransport") static char kDTLSExporterLabel[] = "EXTRACTOR-dtls_srtp"; TransportLayerSrtp::TransportLayerSrtp(TransportLayerDtls& dtls) { // We need to connect to the dtls layer, not the ice layer, because even // though the packets that DTLS decrypts don't flow through us, we do base our // keying information on the keying information established by the DTLS layer. dtls.SignalStateChange.connect(this, &TransportLayerSrtp::StateChange); TL_SET_STATE(dtls.state()); } void TransportLayerSrtp::WasInserted() { // Connect to the lower layers if (!Setup()) { TL_SET_STATE(TS_ERROR); } } bool TransportLayerSrtp::Setup() { CheckThread(); if (!downward_) { MOZ_MTLOG(ML_ERROR, "SRTP layer with nothing below. This is useless"); return false; } // downward_ is the TransportLayerIce downward_->SignalPacketReceived.connect(this, &TransportLayerSrtp::PacketReceived); return true; } TransportResult TransportLayerSrtp::SendPacket(MediaPacket& packet) { if (state() != TS_OPEN) { return TE_ERROR; } if (packet.len() < 4) { MOZ_ASSERT(false); return TE_ERROR; } MOZ_ASSERT(packet.capacity() - packet.len() >= SRTP_MAX_EXPANSION); int out_len; nsresult res; switch (packet.type()) { case MediaPacket::RTP: res = mSendSrtp->ProtectRtp(packet.data(), packet.len(), packet.capacity(), &out_len); packet.SetType(MediaPacket::SRTP); break; case MediaPacket::RTCP: res = mSendSrtp->ProtectRtcp(packet.data(), packet.len(), packet.capacity(), &out_len); packet.SetType(MediaPacket::SRTCP); break; default: MOZ_CRASH("SRTP layer asked to send packet that is neither RTP or RTCP"); } if (NS_FAILED(res)) { MOZ_MTLOG(ML_ERROR, "Error protecting " << (packet.type() == MediaPacket::RTP ? "RTP" : "RTCP") << " len=" << packet.len() << "[" << std::hex << packet.data()[0] << " " << packet.data()[1] << " " << packet.data()[2] << " " << packet.data()[3] << "]"); return TE_ERROR; } size_t unencrypted_len = packet.len(); packet.SetLength(out_len); TransportResult bytes = downward_->SendPacket(packet); if (bytes == out_len) { // Whole packet was written, but the encrypted length might be different. // Don't confuse the caller. return unencrypted_len; } if (bytes == TE_WOULDBLOCK) { return TE_WOULDBLOCK; } return TE_ERROR; } void TransportLayerSrtp::StateChange(TransportLayer* layer, State state) { if (state == TS_OPEN && !mSendSrtp) { TransportLayerDtls* dtls = static_cast(layer); MOZ_ASSERT(dtls); // DTLS is mandatory uint16_t cipher_suite; nsresult res = dtls->GetSrtpCipher(&cipher_suite); if (NS_FAILED(res)) { MOZ_MTLOG(ML_DEBUG, "DTLS-SRTP disabled"); TL_SET_STATE(TS_ERROR); return; } unsigned int key_size = SrtpFlow::KeySize(cipher_suite); unsigned int salt_size = SrtpFlow::SaltSize(cipher_suite); unsigned int master_key_size = key_size + salt_size; MOZ_ASSERT(master_key_size <= SRTP_MAX_KEY_LENGTH); // SRTP Key Exporter as per RFC 5764 S 4.2 unsigned char srtp_block[SRTP_MAX_KEY_LENGTH * 2]; res = dtls->ExportKeyingMaterial(kDTLSExporterLabel, false, "", srtp_block, sizeof(srtp_block)); if (NS_FAILED(res)) { MOZ_MTLOG(ML_ERROR, "Failed to compute DTLS-SRTP keys. This is an error"); TL_SET_STATE(TS_ERROR); return; } // Slice and dice as per RFC 5764 S 4.2 unsigned char client_write_key[SRTP_MAX_KEY_LENGTH]; unsigned char server_write_key[SRTP_MAX_KEY_LENGTH]; unsigned int offset = 0; memcpy(client_write_key, srtp_block + offset, key_size); offset += key_size; memcpy(server_write_key, srtp_block + offset, key_size); offset += key_size; memcpy(client_write_key + key_size, srtp_block + offset, salt_size); offset += salt_size; memcpy(server_write_key + key_size, srtp_block + offset, salt_size); MOZ_ASSERT((offset + salt_size) == (2 * master_key_size)); unsigned char* write_key; unsigned char* read_key; if (dtls->role() == TransportLayerDtls::CLIENT) { write_key = client_write_key; read_key = server_write_key; } else { write_key = server_write_key; read_key = client_write_key; } MOZ_ASSERT(!mSendSrtp && !mRecvSrtp); mSendSrtp = SrtpFlow::Create(cipher_suite, false, write_key, master_key_size); mRecvSrtp = SrtpFlow::Create(cipher_suite, true, read_key, master_key_size); if (!mSendSrtp || !mRecvSrtp) { MOZ_MTLOG(ML_ERROR, "Couldn't create SRTP flow."); TL_SET_STATE(TS_ERROR); return; } MOZ_MTLOG(ML_INFO, "Created SRTP flow!"); } TL_SET_STATE(state); } void TransportLayerSrtp::PacketReceived(TransportLayer* layer, MediaPacket& packet) { if (state() != TS_OPEN) { return; } if (!packet.data()) { // Something ate this, probably the DTLS layer return; } if (packet.type() != MediaPacket::SRTP && packet.type() != MediaPacket::SRTCP) { return; } // We want to keep the encrypted packet around for packet dumping packet.CopyDataToEncrypted(); int outLen; nsresult res; if (packet.type() == MediaPacket::SRTP) { packet.SetType(MediaPacket::RTP); res = mRecvSrtp->UnprotectRtp(packet.data(), packet.len(), packet.len(), &outLen); } else { packet.SetType(MediaPacket::RTCP); res = mRecvSrtp->UnprotectRtcp(packet.data(), packet.len(), packet.len(), &outLen); } if (NS_SUCCEEDED(res)) { packet.SetLength(outLen); SignalPacketReceived(this, packet); } else { // TODO: What do we do wrt packet dumping here? Maybe signal an empty // packet? Signal the still-encrypted packet? MOZ_MTLOG(ML_ERROR, "Error unprotecting " << (packet.type() == MediaPacket::RTP ? "RTP" : "RTCP") << " len=" << packet.len() << "[" << std::hex << packet.data()[0] << " " << packet.data()[1] << " " << packet.data()[2] << " " << packet.data()[3] << "]"); } } } // namespace mozilla