[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ccrtp-devel] SRTP proposal for ccRTP
|
From: |
Werner Dittmann |
|
Subject: |
Re: [Ccrtp-devel] SRTP proposal for ccRTP |
|
Date: |
Tue, 18 Jul 2006 23:31:30 +0200 |
|
User-agent: |
Thunderbird 1.5 (X11/20060317) |
David,
thanks for the info. With respect to the questionnaire I'll proceed as
proposed.
Regarding the "onRTPPacketRecv" currently I do SRTP processing before
call of onRTPPacketReceive - but this could be changed fairly easy.
Regarding the timeout - I'll tackle that as soon as I start with the
ZRTP class and testing it. This will be once I've overcome the problems
with the demo applications, ccrtptest in particular. I just copied
it as a new ccsrtptest and add some SRTP specific stuff to have a test
program for SRTP. Once these tests are up and running I'm going for
ZRTP.
The attachement contains a very first diff of the changes I made
to the current, existing code (no new code included because this
needs to be tested). As you can see it's not that much.
Please don't apply these diffs for production as they are for info
only at this stage. Also a small fix with respect to extension headers,
have a look in rtppkt.cpp, line 117, computation of hdrSize.
The ZRTP is a protocol designed to minimize the chance for MitM
attacks, practically they are nearly impossible.
Regards,
Werner
David Sugar wrote:
<--- SNIP
SNAP ----->
>> _______________________________________________
>> Ccrtp-devel mailing list
>> address@hidden
>> http://lists.gnu.org/mailman/listinfo/ccrtp-devel
? Doxyfile
? ccrtp.kdevelop
? ccrtp.kdevelop.pcs
? ccrtp.kdevses
? debug
? private.h
? test
? doc/ccrtp.info
? phone/Makefile.in
? src/CryptoContext.cxx
? src/SRtpPacket.cxx
? src/crypto
? src/ccrtp/CryptoContext.h
? src/ccrtp/SRtpPacket.h
Index: Makefile.am
===================================================================
RCS file: /sources/ccrtp/ccrtp/Makefile.am,v
retrieving revision 1.11
diff -b -w -U3 -r1.11 Makefile.am
--- Makefile.am 20 Jan 2005 21:04:58 -0000 1.11
+++ Makefile.am 18 Jul 2006 21:21:47 -0000
@@ -13,7 +13,7 @@
EXTRA_DIST = reconfig ccrtp.spec ccrtp.spec.in COPYING.addendum \
ccrtp.list ccrtp.list.in libccrtp1.pc libccrtp1.pc.in autoconf/*
-SUBDIRS = src doc
+SUBDIRS = src doc demo
DIST_SUBDIRS = m4 src phone doc demo w32
pkgconfigdir = $(libdir)/pkgconfig
Index: configure.ac
===================================================================
RCS file: /sources/ccrtp/ccrtp/configure.ac,v
retrieving revision 1.18
diff -b -w -U3 -r1.18 configure.ac
--- configure.ac 17 May 2006 18:05:49 -0000 1.18
+++ configure.ac 18 Jul 2006 21:21:47 -0000
@@ -50,7 +50,7 @@
OST_PROG_LIBRARY(CCXX,[$LT_VERSION])
OST_AUTOMAKE_MODE
OST_MAINTAINER_MODE
-OST_CCXX2_VERSION([$REQUIRES])
+# OST_CCXX2_VERSION([$REQUIRES])
# OST_CC_ENDIAN - now in Common C++
# Are we using the GNU compiler?
if test $GCC = yes ; then
@@ -74,6 +74,15 @@
AC_SUBST(LT_RELEASE)
AC_SUBST(KDOC_DIR)
+AC_CHECK_HEADERS([cc++/config.h],
+ [],
+ [AC_CHECK_HEADERS([cc++2/cc++/config.h],
+ [CCPLUSPLUSFLAGS="-I/usr/include/cc++2"],
+ [AC_MSG_ERROR([libcommoncpp headers not
found.])]
+ )
+ ])
+
+AC_SUBST(CCPLUSPLUSFLAGS)
AC_PATH_PROG(DOXYGEN, doxygen, no)
AC_SUBST(DOXYGEN)
AM_CONDITIONAL(DOXY, test "$DOXYGEN" != "no")
Index: demo/Makefile.am
===================================================================
RCS file: /sources/ccrtp/ccrtp/demo/Makefile.am,v
retrieving revision 1.8
diff -b -w -U3 -r1.8 Makefile.am
--- demo/Makefile.am 17 Jan 2004 15:26:42 -0000 1.8
+++ demo/Makefile.am 18 Jul 2006 21:21:47 -0000
@@ -12,7 +12,7 @@
address@hidden@
#ignored for programs
#$(LT_VERSION) -release $(LT_RELEASE)
-AM_CXXFLAGS = @WARN_FLAGS@ -I$(top_srcdir)/src
+AM_CXXFLAGS = @WARN_FLAGS@ -I$(top_srcdir)/src -I$(includedir)/cc++2
ccxxincludedir=$(includedir)/cc++
noinst_PROGRAMS = rtpsend rtplisten rtphello rtpduphello audiorx audiotx \
Index: demo/ccrtptest.cpp
===================================================================
RCS file: /sources/ccrtp/ccrtp/demo/ccrtptest.cpp,v
retrieving revision 1.3
diff -b -w -U3 -r1.3 ccrtptest.cpp
--- demo/ccrtptest.cpp 24 Jan 2004 20:42:50 -0000 1.3
+++ demo/ccrtptest.cpp 18 Jul 2006 21:21:48 -0000
@@ -248,6 +248,11 @@
bool send = false;
bool recv = false;
+ if (argc > 1) {
+ send = (strcmp(argv[1], "-send") == 0) ? true : false;
+ recv = (strcmp(argv[1], "-recv") == 0) ? true : false;
+ }
+
RecvPacketTransmissionTest *rx;
SendPacketTransmissionTest *tx;
Index: src/Makefile.am
===================================================================
RCS file: /sources/ccrtp/ccrtp/src/Makefile.am,v
retrieving revision 1.9
diff -b -w -U3 -r1.9 Makefile.am
--- src/Makefile.am 20 Mar 2005 13:25:39 -0000 1.9
+++ src/Makefile.am 18 Jul 2006 21:21:48 -0000
@@ -11,8 +11,10 @@
AUTOMAKE_OPTIONS = no-dependencies dist-shar
address@hidden@
AM_CXXFLAGS= @WARN_FLAGS@
-RELEASE = $(LT_VERSION) -release $(LT_RELEASE) @GNULIBS@
-LIBS = @GNULIBS@
+AM_CXXFLAGS+= @CCPLUSPLUSFLAGS@
+RELEASE = $(LT_VERSION) -release $(LT_RELEASE)
+# RELEASE = $(LT_VERSION) -release $(LT_RELEASE) @GNULIBS@
+# LIBS = @GNULIBS@
SUBDIRS = ccrtp
lib_LTLIBRARIES = libccrtp1.la
@@ -21,7 +23,9 @@
source.cpp data.cpp \
incqueue.cpp outqueue.cpp queue.cpp \
control.cpp members.cpp \
- socket.cpp duplex.cpp pool.cpp
+ socket.cpp duplex.cpp pool.cpp \
+ CryptoContext.cxx crypto/openssl/aes.cxx crypto/openssl/hmac256.cxx \
+ crypto/openssl/hmac.cxx crypto/openssl/sha256.cxx
libccrtp1_la_LDFLAGS = $(RELEASE)
Index: src/incqueue.cpp
===================================================================
RCS file: /sources/ccrtp/ccrtp/src/incqueue.cpp,v
retrieving revision 1.15
diff -b -w -U3 -r1.15 incqueue.cpp
--- src/incqueue.cpp 20 Sep 2005 10:13:41 -0000 1.15
+++ src/incqueue.cpp 18 Jul 2006 21:21:48 -0000
@@ -209,6 +209,10 @@
return 0;
}
+ CryptoContext* pcc = getInQueueCryptoContext( packet->getSSRC());
+ if (pcc != NULL) {
+ packet->unprotect(pcc);
+ }
// virtual for profile-specific validation and processing.
if ( !onRTPPacketRecv(*packet) )
{
@@ -701,6 +705,37 @@
{
}
+void
+IncomingDataQueue::setInQueueCryptoContext(CryptoContext* cc)
+{
+ // TODO - check if we need a mutex here to support multithreading
+ std::list<CryptoContext *>::iterator i;
+
+ // check if a CryptoContext for a SSRC already exists. If yes
+ // remove it from list before inserting the new one.
+ for( i = cryptoContexts.begin(); i!= cryptoContexts.end(); i++ ){
+ if( (*i)->getSsrc() == cc->getSsrc() ) {
+ cryptoContexts.erase(i);
+ break;
+ }
+ }
+ cryptoContexts.push_back(cc);
+}
+
+CryptoContext*
+IncomingDataQueue::getInQueueCryptoContext(uint32 ssrc)
+{
+ // TODO - check if we need a mutex here to support multithreading
+ std::list<CryptoContext *>::iterator i;
+
+ for( i = cryptoContexts.begin(); i!= cryptoContexts.end(); i++ ){
+ if( (*i)->getSsrc() == ssrc) {
+ return (*i);
+ }
+ }
+ return NULL;
+}
+
#ifdef CCXX_NAMESPACES
}
#endif
Index: src/outqueue.cpp
===================================================================
RCS file: /sources/ccrtp/ccrtp/src/outqueue.cpp,v
retrieving revision 1.18
diff -b -w -U3 -r1.18 outqueue.cpp
--- src/outqueue.cpp 17 May 2006 18:05:49 -0000 1.18
+++ src/outqueue.cpp 18 Jul 2006 21:21:48 -0000
@@ -117,7 +117,7 @@
OutgoingDataQueueBase(),
DestinationListHandler(),
sendLock(),
- sendFirst(NULL), sendLast(NULL)
+ sendFirst(NULL), sendLast(NULL), cContext(NULL)
{
setInitialTimestamp(random32());
setSchedulingTimeout(getDefaultSchedulingTimeout());
@@ -334,9 +334,9 @@
OutgoingRTPPkt* packet;
if ( sendInfo.sendCC )
- packet = new
OutgoingRTPPkt(sendInfo.sendSources,15,data + offset,step,sendInfo.paddinglen);
+ packet = new
OutgoingRTPPkt(sendInfo.sendSources,15,data + offset,step,sendInfo.paddinglen,
cContext);
else
- packet = new OutgoingRTPPkt(data +
offset,step,sendInfo.paddinglen);
+ packet = new OutgoingRTPPkt(data +
offset,step,sendInfo.paddinglen, cContext);
packet->setPayloadType(getCurrentPayloadType());
packet->setSeqNum(sendInfo.sendSeq++);
@@ -348,7 +348,9 @@
} else {
packet->setMarker(false);
}
-
+ if (cContext != NULL) {
+ packet->protect(getLocalSSRC());
+ }
// insert the packet into the "tail" of the sending queue
sendLock.writeLock();
OutgoingRTPPktLink *link =
@@ -381,9 +383,9 @@
OutgoingRTPPkt* packet;
if ( sendInfo.sendCC )
- packet = new
OutgoingRTPPkt(sendInfo.sendSources,15,data + offset,step,sendInfo.paddinglen);
+ packet = new
OutgoingRTPPkt(sendInfo.sendSources,15,data +
offset,step,sendInfo.paddinglen,cContext);
else
- packet = new OutgoingRTPPkt(data +
offset,step,sendInfo.paddinglen);
+ packet = new OutgoingRTPPkt(data +
offset,step,sendInfo.paddinglen,cContext);
packet->setPayloadType(getCurrentPayloadType());
@@ -396,6 +398,9 @@
} else {
packet->setMarker(false);
}
+ if (cContext != NULL) {
+ packet->protect(getLocalSSRC());
+ }
dispatchImmediate(packet);
delete packet;
offset += step;
Index: src/private.h
===================================================================
RCS file: /sources/ccrtp/ccrtp/src/private.h,v
retrieving revision 1.14
diff -b -w -U3 -r1.14 private.h
Index: src/queue.cpp
===================================================================
RCS file: /sources/ccrtp/ccrtp/src/queue.cpp,v
retrieving revision 1.24
diff -b -w -U3 -r1.24 queue.cpp
--- src/queue.cpp 27 Mar 2006 14:59:16 -0000 1.24
+++ src/queue.cpp 18 Jul 2006 21:21:49 -0000
@@ -571,6 +571,10 @@
#ifdef CCXX_EXCEPTIONS
} catch (...) { }
#endif
+ // remove the outgoing crypto context
+ CryptoContext* pcc = getOutQueueCryptoContext();
+ setOutQueueCryptoContext(NULL);
+ delete pcc;
}
uint32
Index: src/rtppkt.cpp
===================================================================
RCS file: /sources/ccrtp/ccrtp/src/rtppkt.cpp,v
retrieving revision 1.11
diff -b -w -U3 -r1.11 rtppkt.cpp
--- src/rtppkt.cpp 23 Mar 2005 08:43:16 -0000 1.11
+++ src/rtppkt.cpp 18 Jul 2006 21:21:49 -0000
@@ -43,6 +43,7 @@
#include "private.h"
#include <ccrtp/rtppkt.h>
+#include <ccrtp/CryptoContext.h>
#ifdef CCXX_NAMESPACES
namespace ost {
@@ -116,7 +117,7 @@
hdrSize = sizeof(RTPFixedHeader) + (header->cc << 2);
if ( header->extension ){
RTPHeaderExt *ext = (RTPHeaderExt *)(block + hdrSize);
- hdrSize += sizeof(uint32) + ntohl(ext->length);
+ hdrSize += sizeof(uint32) + (ntohl(ext->length) * 4);
}
if ( header->padding )
len -= block[len - 1];
@@ -131,10 +132,10 @@
}
// constructor commonly used for outgoing packets
-RTPPacket::RTPPacket(size_t hdrlen, size_t plen, uint8 paddinglen) :
+RTPPacket::RTPPacket(size_t hdrlen, size_t plen, uint8 paddinglen,
CryptoContext* pcc ) :
+ payloadSize((uint32)plen),
buffer(NULL),
hdrSize((uint32)hdrlen),
- payloadSize((uint32)plen),
duplicated(false)
{
total = (uint32)(hdrlen + payloadSize);
@@ -144,8 +145,19 @@
padding = paddinglen - (total % paddinglen);
total += padding;
}
- // now we know the actual total length of the packet
- buffer = new unsigned char[total];
+ uint32 srtpLength = 0;
+ srtpDataOffset = 0;
+ if (pcc != NULL) {
+ // compute additional memory for SRTP data
+ srtpLength = pcc->getTagLength() + pcc->getMkiLength();
+ srtpDataOffset = total; // SRTP data go behind payload plus
padding
+ }
+
+ // now we know the actual total length of the packet, get some memory
+ // but take SRTP data into account. Don't change total because some RTP
+ // functions rely on th fact that total is the overall size (without
+ // the SRTP data)
+ buffer = new unsigned char[total + srtpLength];
*(reinterpret_cast<uint32*>(getHeader())) = 0;
getHeader()->version = CCRTP_VERSION;
if ( 0 != padding ) {
@@ -172,9 +184,10 @@
OutgoingRTPPkt::OutgoingRTPPkt(
const uint32* const csrcs, uint16 numcsrc,
const unsigned char* const hdrext, uint32 hdrextlen,
- const unsigned char* const data, size_t datalen, uint8 paddinglen= 0) :
+ const unsigned char* const data, size_t datalen,
+ uint8 paddinglen, CryptoContext* pcc) :
RTPPacket((getSizeOfFixedHeader() + sizeof(uint32) * numcsrc
- + hdrextlen),datalen,paddinglen)
+ + hdrextlen),datalen,paddinglen, pcc)
{
uint32 pointer = (uint32)getSizeOfFixedHeader();
// add CSCR identifiers (putting them in network order).
@@ -187,14 +200,16 @@
pointer += hdrextlen;
// add data.
+ cContext = pcc;
setbuffer(data,datalen,pointer);
}
OutgoingRTPPkt::OutgoingRTPPkt(
const uint32* const csrcs, uint16 numcsrc,
- const unsigned char* data, size_t datalen, uint8 paddinglen = 0) :
+ const unsigned char* data, size_t datalen,
+ uint8 paddinglen, CryptoContext* pcc) :
RTPPacket((getSizeOfFixedHeader() + sizeof(uint32) *numcsrc),datalen,
- paddinglen)
+ paddinglen, pcc)
{
uint32 pointer = (uint32)getSizeOfFixedHeader();
// add CSCR identifiers (putting them in network order).
@@ -206,18 +221,20 @@
// getHeader()->extension = 0;
// add data.
+ cContext = pcc;
setbuffer(data,datalen,pointer);
}
OutgoingRTPPkt::OutgoingRTPPkt(const unsigned char* data, size_t datalen,
- uint8 paddinglen = 0) :
- RTPPacket(getSizeOfFixedHeader(),datalen,paddinglen)
+ uint8 paddinglen, CryptoContext* pcc) :
+ RTPPacket(getSizeOfFixedHeader(),datalen,paddinglen, pcc)
{
// not needed, as the RTPPacket constructor sets by default
// the whole fixed header to 0.
//getHeader()->cc = 0;
//getHeader()->extension = 0;
+ cContext = pcc;
setbuffer(data,datalen,getSizeOfFixedHeader());
}
@@ -231,6 +248,25 @@
getHeader()->cc = numcsrc;
}
+void
+OutgoingRTPPkt::protect(uint32 ssrc)
+{
+ /* Encrypt the packet */
+ uint64 index = ((uint64)cContext->getRoc() << 16) |
(uint64)(getSeqNum());
+ cContext->srtpEncrypt(this, index, ssrc);
+
+ // NO MKI support yet - here we assume MKI is zero. To build in MKI
+ // take MKI length into account when storing the authentication tag.
+
+ /* Compute MAC */
+ cContext->srtpAuthenticate(this, cContext->getRoc(),
+
const_cast<uint8*>(getRawPacket()+srtpDataOffset) );
+ /* Update the ROC if necessary */
+ if (getSeqNum() == 0xFFFF ) {
+ cContext->setRoc(cContext->getRoc() + 1);
+ }
+}
+
// These masks are valid regardless of endianness.
const uint16 IncomingRTPPkt::RTP_INVALID_PT_MASK = (0x7e);
const uint16 IncomingRTPPkt::RTP_INVALID_PT_VALUE = (0x48);
@@ -257,6 +293,68 @@
cachedSSRC = ntohl(getHeader()->sources[0]);
}
+bool
+IncomingRTPPkt::unprotect(CryptoContext* pcc)
+{
+ if (pcc == NULL) {
+ return true;
+ }
+
+ /*
+ * This is the setting of the packet data when we come to this
+ * point:
+ *
+ * total: complete length of received data
+ * buffer: points to data as received from network
+ * hdrSize: length of header including header extension
+ * payloadSize: length of data excluding hdrSize and padding
+ *
+ * Because this is an SRTP packet we need to adjust some values here.
+ * The SRTP data is always at the end of a packet. Thus compute the
+ * position of the data:
+ */
+
+ uint32 srtpDataIndex = total - (pcc->getTagLength() +
pcc->getMkiLength());
+
+ // now adjust total because some RTP functions rely on the fact that
+ // total is the full length of data without SRTP data.
+ total -= pcc->getTagLength() + pcc->getMkiLength();
+
+ // recompute payloadSize by subtracting SRTP data
+ payloadSize -= pcc->getTagLength() + pcc->getMkiLength();
+
+ const unsigned char* mki = getRawPacket() + srtpDataIndex;
+ const unsigned char* tag = getRawPacket() + srtpDataIndex +
pcc->getMkiLength();
+
+ /* Guess the index */
+ uint64 guessed_index = pcc->guessIndex(cachedSeqNum);
+
+ /* Replay control */
+ if (!pcc->checkReplay(cachedSeqNum)) {
+ tag = NULL;
+ mki = NULL;
+ return false;
+ }
+ unsigned char* mac = new unsigned char[pcc->getTagLength()];
+
+ pcc->srtpAuthenticate(this, (uint32_t)( guessed_index >> 16 ), mac);
+ for( int i = 0; i < pcc->getTagLength(); i++ ) {
+ if( tag[i] != mac[i] ) {
+ tag = NULL;
+ mki = NULL;
+ return 1;
+ }
+ }
+ delete [] mac;
+
+ /* Decrypt the content */
+ pcc->srtpEncrypt( this, guessed_index, cachedSSRC );
+
+ /* Update the Crypto-context */
+ pcc->update(cachedSeqNum);
+ return true;
+}
+
#ifdef CCXX_NAMESPACES
}
#endif
Index: src/ccrtp/iqueue.h
===================================================================
RCS file: /sources/ccrtp/ccrtp/src/ccrtp/iqueue.h,v
retrieving revision 1.13
diff -b -w -U3 -r1.13 iqueue.h
--- src/ccrtp/iqueue.h 8 Dec 2005 18:19:14 -0000 1.13
+++ src/ccrtp/iqueue.h 18 Jul 2006 21:21:50 -0000
@@ -45,6 +45,9 @@
#define CCXX_RTP_IQUEUE_H_
#include <ccrtp/queuebase.h>
+#include <ccrtp/CryptoContext.h>
+
+#include <list>
#ifdef CCXX_NAMESPACES
namespace ost {
@@ -1041,6 +1044,27 @@
getDefaultMembersSize()
{ return defaultMembersSize; }
+ /**
+ * Set input queue CryptoContext.
+ *
+ * The endQueue method (provided by RTPQueue) also deletes all
+ * registered CryptoContexts.
+ *
+ * @param cc Pointer to initialized CryptoContext to set.
+ */
+ void
+ setInQueueCryptoContext(CryptoContext* cc);
+
+ /**
+ * Get a input queue CryptoContext identified by SSRC
+ *
+ * @param ssrc Request CryptoContext for this incoming SSRC
+ * @return Pointer to CryptoContext of the SSRC of NULL if no context
+ * available for this SSRC.
+ */
+ CryptoContext*
+ getInQueueCryptoContext(uint32 ssrc);
+
protected:
/**
* @param size initial size of the membership table.
@@ -1090,7 +1114,7 @@
*
* @return number of payload bytes received. <0 if error.
*/
- size_t
+ virtual size_t
takeInDataPacket();
void renewLocalSSRC();
@@ -1231,6 +1255,7 @@
uint16 maxPacketDropout;
static const size_t defaultMembersSize;
uint8 sourceExpirationPeriod;
+ std::list<CryptoContext *> cryptoContexts;
};
/** @}*/ // iqueue
Index: src/ccrtp/oqueue.h
===================================================================
RCS file: /sources/ccrtp/ccrtp/src/ccrtp/oqueue.h,v
retrieving revision 1.12
diff -b -w -U3 -r1.12 oqueue.h
--- src/ccrtp/oqueue.h 17 May 2006 18:05:49 -0000 1.12
+++ src/ccrtp/oqueue.h 18 Jul 2006 21:21:50 -0000
@@ -45,6 +45,7 @@
#define CCXX_RTP_OQUEUE_H_
#include <ccrtp/queuebase.h>
+#include <ccrtp/CryptoContext.h>
#include <list> // TODO: minimal std::list template
#ifdef CCXX_NAMESPACES
@@ -307,6 +308,29 @@
getSendOctetCount() const
{ return sendInfo.octetCount; }
+ /**
+ * Set the CryptoContext for this outgoing queue.
+ *
+ * The endQueue method (provided by RTPQueue) also deletes the
+ * CryptoContext.
+ *
+ * @param cc Pointer to initialized CryptoContext to set.
+ */
+ inline void
+ setOutQueueCryptoContext(CryptoContext *cc)
+ {cContext = cc;}
+
+ /**
+ * Get the CryptoContext of the outgoing queue
+ *
+ * @return pointer to CryptoContext.
+ */
+ inline CryptoContext*
+ getOutQueueCryptoContext() const
+ { return cContext;}
+
+
+
protected:
OutgoingDataQueue();
@@ -423,6 +447,10 @@
// how old a packet can reach in the sending queue before deletetion
microtimeout_t expireTimeout;
+ // The crypto context for outgoing SRTP sessions. Only one
CryptoContext
+ // for an outgoing queue.
+ CryptoContext* cContext;
+
struct {
// number of packets sent from the beginning
uint32 packetCount;
Index: src/ccrtp/rtppkt.h
===================================================================
RCS file: /sources/ccrtp/ccrtp/src/ccrtp/rtppkt.h,v
retrieving revision 1.11
diff -b -w -U3 -r1.11 rtppkt.h
--- src/ccrtp/rtppkt.h 8 Dec 2005 18:19:14 -0000 1.11
+++ src/ccrtp/rtppkt.h 18 Jul 2006 21:21:51 -0000
@@ -40,6 +40,7 @@
#include <ccrtp/base.h>
#include <ccrtp/formats.h>
+#include <ccrtp/CryptoContext.h>
#ifdef CCXX_NAMESPACES
namespace ost {
@@ -68,6 +69,9 @@
*
* @author David Sugar <address@hidden>
**/
+
+class CryptoContext;
+
class __EXPORT RTPPacket
{
private:
@@ -101,7 +105,7 @@
* @param paddinglen pad packet to a multiple of paddinglen
* @note used in OutgoingRTPPkt.
*/
- RTPPacket(size_t hdrlen, size_t plen, uint8 paddinglen);
+ RTPPacket(size_t hdrlen, size_t plen, uint8 paddinglen, CryptoContext*
pcc= NULL);
/**
* Get the length of the header, including contributing
@@ -339,15 +343,25 @@
/// Packet timestamp in host order (includes initial shift).
uint32 cachedTimestamp;
+ /**
+ * Offset into packet memory pointing to area for SRTP data.
+ *
+ * This offset points to the memory where the SRTP protect will
+ * store the authentication and MKI data.
+ */
+ uint32 srtpDataOffset;
+
+ /// total length, including header, payload and padding
+ uint32 total;
+
+ /// note: payload (not full packet) size.
+ uint32 payloadSize;
+
private:
/// packet in memory
unsigned char* buffer;
/// size of the header, including contributing sources and extensions
uint32 hdrSize;
- /// note: payload (not full packet) size.
- uint32 payloadSize;
- /// total length, including header, payload and padding
- uint32 total;
/// whether the object was contructed with duplicated = true
bool duplicated;
@@ -475,8 +489,13 @@
/**
* Construct a new packet to be sent, containing several
* contributing source identifiers, header extensions and
- * payload. A new copy in memory (holding all this components
- * along with the fixed header) is created.
+ * payload.
+ *
+ * A new copy in memory (holding all this components
+ * along with the fixed header) is created. If the pointer
+ * to the SRTP CryptoContext is not NULL and holds a CryptoContext
+ * for the SSRC take the SSRC data into account when computing
+ * the required memory buffer.
*
* @param csrcs array of countributing source 32-bit
* identifiers, in host order.
@@ -486,6 +505,8 @@
* @param data payload.
* @param datalen payload length, in octets.
* @param paddinglen pad packet to a multiple of paddinglen.
+ * @param pcc Pointer to the SRTP CryptoContext, defaults to NULL
+ * if not specified.
*
* @note For efficiency purposes, since this constructor is
* valid for all packets but is too complex for the common
@@ -494,13 +515,18 @@
OutgoingRTPPkt(const uint32* const csrcs, uint16 numcsrc,
const unsigned char* const hdrext, uint32 hdrextlen,
const unsigned char* const data, size_t datalen,
- uint8 paddinglen);
+ uint8 paddinglen= 0, CryptoContext* pcc= NULL);
/**
* Construct a new packet to be sent, containing several
- * contributing source identifiers and payload. A new copy in
+ * contributing source identifiers and payload.
+ *
+ * A new copy in
* memory (holding all this components along with the fixed
- * header) is created.
+ * header) is created. If the pointer
+ * to the SRTP CryptoContext is not NULL and holds a CryptoContext
+ * for the SSRC take the SSRC data into account when computing
+ * the required memory buffer.
*
* @param csrcs array of countributing source 32-bit
* identifiers, in host order.
@@ -508,22 +534,31 @@
* @param data payload.
* @param datalen payload length, in octets.
* @param paddinglen pad packet to a multiple of paddinglen.
+ * @param pcc Pointer to the SRTP CryptoContext, defaults to NULL
+ * if not specified.
**/
OutgoingRTPPkt(const uint32* const csrcs, uint16 numcsrc,
const unsigned char* const data, size_t datalen,
- uint8 paddinglen);
+ uint8 paddinglen= 0, CryptoContext* pcc= NULL);
/**
* Construct a new packet (fast variant, with no contributing
- * sources and no header extension) to be sent. A new copy in
- * memory (holding the whole packet) is created.
+ * sources and no header extension) to be sent.
+ *
+ * A new copy in
+ * memory (holding the whole packet) is created. If the pointer
+ * to the SRTP CryptoContext is not NULL and holds a CryptoContext
+ * for the SSRC take the SSRC data into account when computing
+ * the required memory buffer.
*
* @param data payload.
* @param datalen payload length, in octets.
* @param paddinglen pad packet to a multiple of paddinglen.
+ * @param pcc Pointer to the SRTP CryptoContext, defaults to NULL
+ * if not specified.
**/
OutgoingRTPPkt(const unsigned char* const data, size_t datalen,
- uint8 paddinglen);
+ uint8 paddinglen= 0, CryptoContext* pcc= NULL);
~OutgoingRTPPkt()
{ }
@@ -536,6 +571,11 @@
{ getHeader()->payload = pt; };
/**
+ * Sets the sequence number in the header.
+ *
+ * After the sequence number is set call the protect method to
+ * perform SRTP protection of the data if required.
+ *
* @param seq Packet sequence number, in host order.
**/
inline void
@@ -588,6 +628,14 @@
{ getHeader()->marker = mark; }
/**
+ * Called packet is setup and cContext is not NULL.
+ *
+ * This private method computes the SRTP data and stores it in the
+ * packet. Then encrypt the payload data (ex padding).
+ */
+ void protect(uint32 ssrc);
+
+ /**
* Outgoing packets are equal if their sequence numbers match.
**/
inline bool
@@ -618,8 +666,11 @@
/**
* Set the list of CSRC identifiers in an RTP packet,
* switching host to network order.
- **/
+ */
void setCSRCArray(const uint32* const csrcs, uint16 numcsrc);
+
+ CryptoContext* cContext;
+
};
/**
@@ -674,6 +725,16 @@
{ return cachedSSRC; }
/**
+ * Unprotect a received packet.
+ *
+ * Perform SRTP processing on this packet.
+ *
+ * @param pcc Pointer to SRTP CryptoContext.
+ */
+ bool
+ unprotect(CryptoContext* pcc);
+
+ /**
* Two incoming packets are equal if they come from sources
* with the same SSRC and have the same sequence number.
**/