Commit 78838427 authored by Adrien Béraud's avatar Adrien Béraud Committed by Guillaume Roguez

srtp: use libavutil for encryption/decryption

Needs to be hooked in with a key-exchange mechanism.

This patchset imports sources from libavformat/srtpproto
made by Martin Storsjo and licensed under GNU-GPL 2.1.

Refs #62613
Signed-off-by: Guillaume Roguez's avatarGuillaume Roguez <guillaume.roguez@savoirfairelinux.com>
Change-Id: Ifa475f66fa00bcc994a22da51c0dc625f9bdbcd1
parent 4e45076e
......@@ -355,7 +355,7 @@ PKG_CHECK_MODULES(LIBSWSCALE, libswscale >= 1.1.0,, AC_MSG_ERROR([Missing libsws
PKG_CHECK_MODULES(LIBAVDEVICE, libavdevice >= 53.0.0,, AC_MSG_ERROR([Missing libavdevice development files]))
PKG_CHECK_MODULES(LIBAVUTIL, libavutil >= 51.0.0,, AC_MSG_ERROR([Missing libavutil development files]))
PKG_CHECK_MODULES(LIBAVUTIL, libavutil >= 52.5.0,, AC_MSG_ERROR([Missing libavutil development files]))
dnl Video is default-enabled
AC_ARG_ENABLE([video], AS_HELP_STRING([--disable-video], [Disable video]))
......
......@@ -16,7 +16,8 @@ libmedia_la_SOURCES = \
media_encoder.cpp \
media_io_handle.cpp \
media_codec.cpp \
system_codec_container.cpp
system_codec_container.cpp \
srtp.c
noinst_HEADERS = \
rtp_session.h \
......@@ -29,7 +30,8 @@ noinst_HEADERS = \
media_io_handle.h \
media_device.h \
media_codec.h \
system_codec_container.h
system_codec_container.h \
srtp.h
libmedia_la_LIBADD = \
./audio/libaudio.la
......
......@@ -36,6 +36,10 @@
#include "libav_utils.h"
#include "logger.h"
extern "C" {
#include "srtp.h"
}
#include <cstring>
#include <stdexcept>
#include <unistd.h>
......@@ -56,7 +60,43 @@
namespace ring {
static const int NET_POLL_TIMEOUT = 100; /* poll() timeout in ms */
static constexpr int NET_POLL_TIMEOUT = 100; /* poll() timeout in ms */
static constexpr int RTP_MAX_PACKET_LENGTH = 8192;
class SRTPProtoContext {
public:
SRTPProtoContext(const char* out_suite, const char* out_key,
const char* in_suite, const char* in_key) {
if (out_suite && out_key) {
// XXX: see srtp_open from libavformat/srtpproto.c
if (ff_srtp_set_crypto(&srtp_out, out_suite, out_key) < 0) {
srtp_close();
throw std::runtime_error("Could not set crypto on output");
}
}
if (in_suite && in_key) {
if (ff_srtp_set_crypto(&srtp_in, in_suite, in_key) < 0) {
srtp_close();
throw std::runtime_error("Could not set crypto on input");
}
}
}
~SRTPProtoContext() {
srtp_close();
}
SRTPContext srtp_out;
SRTPContext srtp_in;
uint8_t encryptbuf[RTP_MAX_PACKET_LENGTH];
private:
void srtp_close() noexcept {
ff_srtp_free(&srtp_out);
ff_srtp_free(&srtp_in);
}
};
static int
ff_network_wait_fd(int fd)
......@@ -173,6 +213,14 @@ SocketPair::~SocketPair()
closeSockets();
}
void SocketPair::createSRTP(const char *out_suite, const char *out_key,
const char *in_suite, const char *in_key)
{
srtpContext_.reset(new SRTPProtoContext(out_suite, out_key,
in_suite, in_key));
}
void SocketPair::interrupt()
{
interrupted_ = true;
......@@ -246,25 +294,37 @@ SocketPair::waitForData()
int
SocketPair::readRtpData(void *buf, int buf_size)
{
auto data = static_cast<uint8_t *>(buf);
if (rtpHandle_ >= 0) {
// work with system socket
struct sockaddr_storage from;
socklen_t from_len = sizeof(from);
auto result = recvfrom(rtpHandle_, buf, buf_size, 0,
(struct sockaddr *)&from, &from_len);
start:
int result = recvfrom(rtpHandle_, buf, buf_size, 0,
(struct sockaddr *)&from, &from_len);
if (result > 0 and srtpContext_ and srtpContext_->srtp_in.aes)
if (ff_srtp_decrypt(&srtpContext_->srtp_in, data, &result) < 0)
goto start; // XXX: see libavformat/srtpproto.c
return result;
}
// work with IceSocket
auto result = rtp_sock_->recv(static_cast<unsigned char*>(buf), buf_size);
if (result < 0) {
start_ice:
int result = rtp_sock_->recv(static_cast<unsigned char*>(buf), buf_size);
if (result > 0 and srtpContext_ and srtpContext_->srtp_in.aes) {
if (ff_srtp_decrypt(&srtpContext_->srtp_in, data, &result) < 0)
goto start_ice;
} else if (result < 0) {
errno = EIO;
return -1;
}
if (result == 0) {
} else if (result == 0) {
errno = EAGAIN;
return -1;
}
return result;
}
......@@ -293,17 +353,41 @@ SocketPair::readRtcpData(void *buf, int buf_size)
}
int
SocketPair::writeRtpData(void *buf, int buf_size)
SocketPair::writeRtpData(void* buf, int buf_size)
{
auto data = static_cast<const uint8_t *>(buf);
if (rtpHandle_ >= 0) {
auto ret = ff_network_wait_fd(rtpHandle_);
if (ret < 0)
return ret;
if (srtpContext_ and srtpContext_->srtp_out.aes) {
buf_size = ff_srtp_encrypt(&srtpContext_->srtp_out, data,
buf_size, srtpContext_->encryptbuf,
sizeof(srtpContext_->encryptbuf));
if (buf_size < 0)
return buf_size;
return sendto(rtpHandle_, srtpContext_->encryptbuf, buf_size, 0,
(sockaddr*) &rtpDestAddr_, rtpDestAddrLen_);
}
return sendto(rtpHandle_, buf, buf_size, 0,
(sockaddr*) &rtpDestAddr_, rtpDestAddrLen_);
}
// work with IceSocket
if (srtpContext_ and srtpContext_->srtp_out.aes) {
buf_size = ff_srtp_encrypt(&srtpContext_->srtp_out, data,
buf_size, srtpContext_->encryptbuf,
sizeof(srtpContext_->encryptbuf));
if (buf_size < 0)
return buf_size;
buf = srtpContext_->encryptbuf;
}
return rtp_sock_->send(static_cast<unsigned char*>(buf), buf_size);
}
......@@ -351,17 +435,6 @@ retry:
return len;
}
/* RTCP packet types */
enum RTCPType {
RTCP_FIR = 192,
RTCP_IJ = 195,
RTCP_SR = 200,
RTCP_TOKEN = 210
};
#define RTP_PT_IS_RTCP(x) (((x) >= RTCP_FIR && (x) <= RTCP_IJ) || \
((x) >= RTCP_SR && (x) <= RTCP_TOKEN))
int SocketPair::writeCallback(void *opaque, uint8_t *buf, int buf_size)
{
SocketPair *context = static_cast<SocketPair*>(opaque);
......
......@@ -42,6 +42,7 @@
namespace ring {
class IceSocket;
class SRTPProtoContext;
class SocketPair {
public:
......@@ -57,6 +58,24 @@ class SocketPair {
void openSockets(const char *uri, int localPort);
void closeSockets();
/*
Supported suites are:
AES_CM_128_HMAC_SHA1_80
SRTP_AES128_CM_HMAC_SHA1_80
AES_CM_128_HMAC_SHA1_32
SRTP_AES128_CM_HMAC_SHA1_3
Example (unsecure) usage:
createSRTP("AES_CM_128_HMAC_SHA1_80",
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn",
"AES_CM_128_HMAC_SHA1_80",
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn");
Will throw an std::runtime_error on failure, should be handled at a higher level
*/
void createSRTP(const char *out_suite, const char *out_params, const char *in_suite, const char *in_params);
private:
NON_COPYABLE(SocketPair);
......@@ -81,6 +100,7 @@ class SocketPair {
sockaddr_storage rtcpDestAddr_;
socklen_t rtcpDestAddrLen_;
bool interrupted_ {false};
std::unique_ptr<SRTPProtoContext> srtpContext_;
};
} // namespace ring
......
/*
* SRTP encryption/decryption
* Copyright (c) 2012 Martin Storsjo
*
* This file is part of Libav.
*
* Libav is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* Libav is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with Libav; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <stdlib.h>
#include <libavutil/common.h>
#include <libavutil/base64.h>
#include <libavutil/aes.h>
#include <libavutil/hmac.h>
#include <libavutil/intreadwrite.h>
#include <libavutil/log.h>
#include "srtp.h"
void ff_srtp_free(struct SRTPContext *s)
{
if (!s)
return;
av_freep(&s->aes);
if (s->hmac)
av_hmac_free(s->hmac);
s->hmac = NULL;
}
static void encrypt_counter(struct AVAES *aes, uint8_t *iv, uint8_t *outbuf,
int outlen)
{
int i, j, outpos;
for (i = 0, outpos = 0; outpos < outlen; i++) {
uint8_t keystream[16];
AV_WB16(&iv[14], i);
av_aes_crypt(aes, keystream, iv, 1, NULL, 0);
for (j = 0; j < 16 && outpos < outlen; j++, outpos++)
outbuf[outpos] ^= keystream[j];
}
}
static void derive_key(struct AVAES *aes, const uint8_t *salt, int label,
uint8_t *out, int outlen)
{
uint8_t input[16] = { 0 };
memcpy(input, salt, 14);
// Key derivation rate assumed to be zero
input[14 - 7] ^= label;
memset(out, 0, outlen);
encrypt_counter(aes, input, out, outlen);
}
int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite,
const char *params)
{
uint8_t buf[30];
ff_srtp_free(s);
// RFC 4568
if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_80") ||
!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_80")) {
s->rtp_hmac_size = s->rtcp_hmac_size = 10;
} else if (!strcmp(suite, "AES_CM_128_HMAC_SHA1_32")) {
s->rtp_hmac_size = s->rtcp_hmac_size = 4;
} else if (!strcmp(suite, "SRTP_AES128_CM_HMAC_SHA1_32")) {
// RFC 5764 section 4.1.2
s->rtp_hmac_size = 4;
s->rtcp_hmac_size = 10;
} else {
av_log(NULL, AV_LOG_WARNING, "SRTP Crypto suite %s not supported\n",
suite);
return AVERROR(EINVAL);
}
if (av_base64_decode(buf, params, sizeof(buf)) != sizeof(buf)) {
av_log(NULL, AV_LOG_WARNING, "Incorrect amount of SRTP params\n");
return AVERROR(EINVAL);
}
// MKI and lifetime not handled yet
s->aes = av_aes_alloc();
s->hmac = av_hmac_alloc(AV_HMAC_SHA1);
if (!s->aes || !s->hmac)
return AVERROR(ENOMEM);
memcpy(s->master_key, buf, 16);
memcpy(s->master_salt, buf + 16, 14);
// RFC 3711
av_aes_init(s->aes, s->master_key, 128, 0);
derive_key(s->aes, s->master_salt, 0x00, s->rtp_key, sizeof(s->rtp_key));
derive_key(s->aes, s->master_salt, 0x02, s->rtp_salt, sizeof(s->rtp_salt));
derive_key(s->aes, s->master_salt, 0x01, s->rtp_auth, sizeof(s->rtp_auth));
derive_key(s->aes, s->master_salt, 0x03, s->rtcp_key, sizeof(s->rtcp_key));
derive_key(s->aes, s->master_salt, 0x05, s->rtcp_salt, sizeof(s->rtcp_salt));
derive_key(s->aes, s->master_salt, 0x04, s->rtcp_auth, sizeof(s->rtcp_auth));
return 0;
}
static void create_iv(uint8_t *iv, const uint8_t *salt, uint64_t index,
uint32_t ssrc)
{
uint8_t indexbuf[8];
int i;
memset(iv, 0, 16);
AV_WB32(&iv[4], ssrc);
AV_WB64(indexbuf, index);
for (i = 0; i < 8; i++) // index << 16
iv[6 + i] ^= indexbuf[i];
for (i = 0; i < 14; i++)
iv[i] ^= salt[i];
}
int ff_srtp_decrypt(struct SRTPContext *s, uint8_t *buf, int *lenptr)
{
uint8_t iv[16] = { 0 }, hmac[20];
int len = *lenptr;
int av_uninit(seq_largest);
uint32_t ssrc, av_uninit(roc);
uint64_t index;
int rtcp, hmac_size;
// TODO: Missing replay protection
if (len < 2)
return AVERROR_INVALIDDATA;
rtcp = RTP_PT_IS_RTCP(buf[1]);
hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
if (len < hmac_size)
return AVERROR_INVALIDDATA;
// Authentication HMAC
av_hmac_init(s->hmac, rtcp ? s->rtcp_auth : s->rtp_auth, sizeof(s->rtp_auth));
// If MKI is used, this should exclude the MKI as well
av_hmac_update(s->hmac, buf, len - hmac_size);
if (!rtcp) {
int seq = AV_RB16(buf + 2);
uint32_t v;
uint8_t rocbuf[4];
// RFC 3711 section 3.3.1, appendix A
seq_largest = s->seq_initialized ? s->seq_largest : seq;
v = roc = s->roc;
if (seq_largest < 32768) {
if (seq - seq_largest > 32768)
v = roc - 1;
} else {
if (seq_largest - 32768 > seq)
v = roc + 1;
}
if (v == roc) {
seq_largest = FFMAX(seq_largest, seq);
} else if (v == roc + 1) {
seq_largest = seq;
roc = v;
}
index = seq + (((uint64_t)v) << 16);
AV_WB32(rocbuf, roc);
av_hmac_update(s->hmac, rocbuf, 4);
}
av_hmac_final(s->hmac, hmac, sizeof(hmac));
if (memcmp(hmac, buf + len - hmac_size, hmac_size)) {
av_log(NULL, AV_LOG_WARNING, "HMAC mismatch\n");
return AVERROR_INVALIDDATA;
}
len -= hmac_size;
*lenptr = len;
if (len < 12)
return AVERROR_INVALIDDATA;
if (rtcp) {
uint32_t srtcp_index = AV_RB32(buf + len - 4);
len -= 4;
*lenptr = len;
ssrc = AV_RB32(buf + 4);
index = srtcp_index & 0x7fffffff;
buf += 8;
len -= 8;
if (!(srtcp_index & 0x80000000))
return 0;
} else {
int ext, csrc;
s->seq_initialized = 1;
s->seq_largest = seq_largest;
s->roc = roc;
csrc = buf[0] & 0x0f;
ext = buf[0] & 0x10;
ssrc = AV_RB32(buf + 8);
buf += 12;
len -= 12;
buf += 4 * csrc;
len -= 4 * csrc;
if (len < 0)
return AVERROR_INVALIDDATA;
if (ext) {
if (len < 4)
return AVERROR_INVALIDDATA;
ext = (AV_RB16(buf + 2) + 1) * 4;
if (len < ext)
return AVERROR_INVALIDDATA;
len -= ext;
buf += ext;
}
}
create_iv(iv, rtcp ? s->rtcp_salt : s->rtp_salt, index, ssrc);
av_aes_init(s->aes, rtcp ? s->rtcp_key : s->rtp_key, 128, 0);
encrypt_counter(s->aes, iv, buf, len);
return 0;
}
int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
uint8_t *out, int outlen)
{
uint8_t iv[16] = { 0 }, hmac[20];
uint64_t index;
uint32_t ssrc;
int rtcp, hmac_size, padding;
uint8_t *buf;
if (len < 8)
return AVERROR_INVALIDDATA;
rtcp = RTP_PT_IS_RTCP(in[1]);
hmac_size = rtcp ? s->rtcp_hmac_size : s->rtp_hmac_size;
padding = hmac_size;
if (rtcp)
padding += 4; // For the RTCP index
if (len + padding > outlen)
return 0;
memcpy(out, in, len);
buf = out;
if (rtcp) {
ssrc = AV_RB32(buf + 4);
index = s->rtcp_index++;
buf += 8;
len -= 8;
} else {
int ext, csrc;
int seq = AV_RB16(buf + 2);
if (len < 12)
return AVERROR_INVALIDDATA;
ssrc = AV_RB32(buf + 8);
if (seq < s->seq_largest)
s->roc++;
s->seq_largest = seq;
index = seq + (((uint64_t)s->roc) << 16);
csrc = buf[0] & 0x0f;
ext = buf[0] & 0x10;
buf += 12;
len -= 12;
buf += 4 * csrc;
len -= 4 * csrc;
if (len < 0)
return AVERROR_INVALIDDATA;
if (ext) {
if (len < 4)
return AVERROR_INVALIDDATA;
ext = (AV_RB16(buf + 2) + 1) * 4;
if (len < ext)
return AVERROR_INVALIDDATA;
len -= ext;
buf += ext;
}
}
create_iv(iv, rtcp ? s->rtcp_salt : s->rtp_salt, index, ssrc);
av_aes_init(s->aes, rtcp ? s->rtcp_key : s->rtp_key, 128, 0);
encrypt_counter(s->aes, iv, buf, len);
if (rtcp) {
AV_WB32(buf + len, 0x80000000 | index);
len += 4;
}
av_hmac_init(s->hmac, rtcp ? s->rtcp_auth : s->rtp_auth, sizeof(s->rtp_auth));
av_hmac_update(s->hmac, out, buf + len - out);
if (!rtcp) {
uint8_t rocbuf[4];
AV_WB32(rocbuf, s->roc);
av_hmac_update(s->hmac, rocbuf, 4);
}
av_hmac_final(s->hmac, hmac, sizeof(hmac));
memcpy(buf + len, hmac, hmac_size);
len += hmac_size;
return buf + len - out;
}
/*
* SRTP encryption/decryption
* Copyright (c) 2012 Martin Storsjo
*
* This file is part of Libav.
*
* Libav is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* Libav is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with Libav; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef SRTP_H
#define SRTP_H
#include <stdint.h>
struct AVAES;
struct AVHMAC;
struct SRTPContext {
struct AVAES *aes;
struct AVHMAC *hmac;
int rtp_hmac_size, rtcp_hmac_size;
uint8_t master_key[16];
uint8_t master_salt[14];
uint8_t rtp_key[16], rtcp_key[16];
uint8_t rtp_salt[14], rtcp_salt[14];
uint8_t rtp_auth[20], rtcp_auth[20];
int seq_largest, seq_initialized;
uint32_t roc;
uint32_t rtcp_index;
};
int ff_srtp_set_crypto(struct SRTPContext *s, const char *suite,
const char *params);