Skip to content

Z
ZLMediaKit
Commit 0fc38bba by Xiaofeng Wang
Options

避免对外传递 srtp 依赖

parent 388bf718
正在显示 包含 268 行增加287 行删除
webrtc/SrtpSession.cpp
......@@ -20,65 +20,83 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
// #define MS_LOG_DEV_LEVEL 3
#include "SrtpSession.hpp"
#include <cstring> // std::memset(), std::memcpy()
#include "logger.h"
#include "Util/util.h"
#include "Util/logger.h"
#include "Util/util.h"
#include "logger.h"
#include <srtp2/srtp.h>
#include <cstring> // std::memset(), std::memcpy()
#include <vector>
using namespace toolkit;
namespace RTC
{
/* Static. */
static std::vector<const char *> errors = {
// From 0 (srtp_err_status_ok) to 24 (srtp_err_status_pfkey_err).
"success (srtp_err_status_ok)",
"unspecified failure (srtp_err_status_fail)",
"unsupported parameter (srtp_err_status_bad_param)",
"couldn't allocate memory (srtp_err_status_alloc_fail)",
"couldn't deallocate memory (srtp_err_status_dealloc_fail)",
"couldn't initialize (srtp_err_status_init_fail)",
"can’t process as much data as requested (srtp_err_status_terminus)",
"authentication failure (srtp_err_status_auth_fail)",
"cipher failure (srtp_err_status_cipher_fail)",
"replay check failed (bad index) (srtp_err_status_replay_fail)",
"replay check failed (index too old) (srtp_err_status_replay_old)",
"algorithm failed test routine (srtp_err_status_algo_fail)",
"unsupported operation (srtp_err_status_no_such_op)",
"no appropriate context found (srtp_err_status_no_ctx)",
"unable to perform desired validation (srtp_err_status_cant_check)",
"can’t use key any more (srtp_err_status_key_expired)",
"error in use of socket (srtp_err_status_socket_err)",
"error in use POSIX signals (srtp_err_status_signal_err)",
"nonce check failed (srtp_err_status_nonce_bad)",
"couldn’t read data (srtp_err_status_read_fail)",
"couldn’t write data (srtp_err_status_write_fail)",
"error parsing data (srtp_err_status_parse_err)",
"error encoding data (srtp_err_status_encode_err)",
"error while using semaphores (srtp_err_status_semaphore_err)",
"error while using pfkey (srtp_err_status_pfkey_err)"};
// clang-format on
namespace RTC {
/* Static. */
static std::vector<const char *> errors = {
// From 0 (srtp_err_status_ok) to 24 (srtp_err_status_pfkey_err).
"success (srtp_err_status_ok)",
"unspecified failure (srtp_err_status_fail)",
"unsupported parameter (srtp_err_status_bad_param)",
"couldn't allocate memory (srtp_err_status_alloc_fail)",
"couldn't deallocate memory (srtp_err_status_dealloc_fail)",
"couldn't initialize (srtp_err_status_init_fail)",
"can’t process as much data as requested (srtp_err_status_terminus)",
"authentication failure (srtp_err_status_auth_fail)",
"cipher failure (srtp_err_status_cipher_fail)",
"replay check failed (bad index) (srtp_err_status_replay_fail)",
"replay check failed (index too old) (srtp_err_status_replay_old)",
"algorithm failed test routine (srtp_err_status_algo_fail)",
"unsupported operation (srtp_err_status_no_such_op)",
"no appropriate context found (srtp_err_status_no_ctx)",
"unable to perform desired validation (srtp_err_status_cant_check)",
"can’t use key any more (srtp_err_status_key_expired)",
"error in use of socket (srtp_err_status_socket_err)",
"error in use POSIX signals (srtp_err_status_signal_err)",
"nonce check failed (srtp_err_status_nonce_bad)",
"couldn’t read data (srtp_err_status_read_fail)",
"couldn’t write data (srtp_err_status_write_fail)",
"error parsing data (srtp_err_status_parse_err)",
"error encoding data (srtp_err_status_encode_err)",
"error while using semaphores (srtp_err_status_semaphore_err)",
"error while using pfkey (srtp_err_status_pfkey_err)"
};
/* Static methods. */
const char *DepLibSRTP::GetErrorString(srtp_err_status_t code) {
// This throws out_of_range if the given index is not in the vector.
return errors.at(code);
}
class DepLibSRTP : public std::enable_shared_from_this<DepLibSRTP> {
public:
using Ptr = std::shared_ptr<DepLibSRTP>;
~DepLibSRTP();
bool DepLibSRTP::IsError(srtp_err_status_t code) {
return (code != srtp_err_status_ok);
}
static bool IsError(srtp_err_status_t code);
static const char *GetErrorString(srtp_err_status_t code);
static DepLibSRTP &Instance();
INSTANCE_IMP(DepLibSRTP);
private:
DepLibSRTP();
};
DepLibSRTP::DepLibSRTP(){
MS_TRACE();
const char *DepLibSRTP::GetErrorString(srtp_err_status_t code) {
// This throws out_of_range if the given index is not in the vector.
return errors.at(code);
}
bool DepLibSRTP::IsError(srtp_err_status_t code) {
return (code != srtp_err_status_ok);
}
MS_DEBUG_TAG(info, "libsrtp version: \"%s\"", srtp_get_version_string());
INSTANCE_IMP(DepLibSRTP);
srtp_err_status_t err = srtp_init();
DepLibSRTP::DepLibSRTP() {
MS_TRACE();
MS_DEBUG_TAG(info, "libsrtp version: \"%s\"", srtp_get_version_string());
srtp_err_status_t err = srtp_init();
#if 0
srtp_install_log_handler([](srtp_log_level_t level,
......@@ -97,200 +115,179 @@ namespace RTC
srtp_list_debug_modules();
#endif
if (DepLibSRTP::IsError(err)) {
MS_THROW_ERROR("srtp_init() failed: %s", DepLibSRTP::GetErrorString(err));
if (DepLibSRTP::IsError(err)) {
MS_THROW_ERROR("srtp_init() failed: %s", DepLibSRTP::GetErrorString(err));
}
// Set libsrtp event handler.
err = srtp_install_event_handler([](srtp_event_data_t *data) {
MS_TRACE();
switch (data->event) {
case event_ssrc_collision:
MS_WARN_TAG(srtp, "SSRC collision occurred");
break;
case event_key_soft_limit:
MS_WARN_TAG(srtp, "stream reached the soft key usage limit and will expire soon");
break;
case event_key_hard_limit:
MS_WARN_TAG(srtp, "stream reached the hard key usage limit and has expired");
break;
case event_packet_index_limit:
MS_WARN_TAG(srtp, "stream reached the hard packet limit (2^48 packets)");
break;
}
});
if (DepLibSRTP::IsError(err)) {
MS_THROW_ERROR("srtp_install_event_handler() failed: %s", DepLibSRTP::GetErrorString(err));
}
}
DepLibSRTP::~DepLibSRTP() {
MS_TRACE();
srtp_shutdown();
}
/////////////////////////////////////////////////////////////////////////////////////
/* Instance methods. */
SrtpSession::SrtpSession(Type type, CryptoSuite cryptoSuite, uint8_t *key, size_t keyLen) {
_env = DepLibSRTP::Instance().shared_from_this();
MS_TRACE();
srtp_policy_t policy; // NOLINT(cppcoreguidelines-pro-type-member-init)
// Set all policy fields to 0.
std::memset(&policy, 0, sizeof(srtp_policy_t));
switch (cryptoSuite) {
case CryptoSuite::AES_CM_128_HMAC_SHA1_80: {
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
break;
}
case CryptoSuite::AES_CM_128_HMAC_SHA1_32: {
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
// NOTE: Must be 80 for RTCP.
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
break;
}
case CryptoSuite::AEAD_AES_256_GCM: {
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
break;
}
case CryptoSuite::AEAD_AES_128_GCM: {
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
// Set libsrtp event handler.
err = srtp_install_event_handler([](srtp_event_data_t *data){
MS_TRACE();
switch (data->event)
{
case event_ssrc_collision:
MS_WARN_TAG(srtp, "SSRC collision occurred");
break;
case event_key_soft_limit:
MS_WARN_TAG(srtp, "stream reached the soft key usage limit and will expire soon");
break;
case event_key_hard_limit:
MS_WARN_TAG(srtp, "stream reached the hard key usage limit and has expired");
break;
case event_packet_index_limit:
MS_WARN_TAG(srtp, "stream reached the hard packet limit (2^48 packets)");
break;
}
});
break;
}
default: {
MS_ABORT("unknown SRTP crypto suite");
}
}
MS_ASSERT((int)keyLen == policy.rtp.cipher_key_len, "given keyLen does not match policy.rtp.cipher_keyLen");
switch (type) {
case Type::INBOUND:
policy.ssrc.type = ssrc_any_inbound;
break;
case Type::OUTBOUND:
policy.ssrc.type = ssrc_any_outbound;
break;
}
policy.ssrc.value = 0;
policy.key = key;
// Required for sending RTP retransmission without RTX.
policy.allow_repeat_tx = 1;
policy.window_size = 1024;
policy.next = nullptr;
// Set the SRTP session.
srtp_err_status_t err = srtp_create(&this->session, &policy);
if (DepLibSRTP::IsError(err))
MS_THROW_ERROR("srtp_create() failed: %s", DepLibSRTP::GetErrorString(err));
}
SrtpSession::~SrtpSession() {
MS_TRACE();
if (this->session != nullptr) {
srtp_err_status_t err = srtp_dealloc(this->session);
if (DepLibSRTP::IsError(err))
{
MS_THROW_ERROR("srtp_install_event_handler() failed: %s", DepLibSRTP::GetErrorString(err));
}
MS_ABORT("srtp_dealloc() failed: %s", DepLibSRTP::GetErrorString(err));
}
}
DepLibSRTP::~DepLibSRTP(){
MS_TRACE();
srtp_shutdown();
bool SrtpSession::EncryptRtp(uint8_t *data, int *len) {
MS_TRACE();
srtp_err_status_t err = srtp_protect(this->session, static_cast<void *>(data), reinterpret_cast<int *>(len));
if (DepLibSRTP::IsError(err)) {
WarnL << "srtp_protect() failed:" << DepLibSRTP::GetErrorString(err);
return false;
}
/////////////////////////////////////////////////////////////////////////////////////
/* Instance methods. */
SrtpSession::SrtpSession(Type type, CryptoSuite cryptoSuite, uint8_t* key, size_t keyLen)
{
_env = DepLibSRTP::Instance().shared_from_this();
MS_TRACE();
srtp_policy_t policy; // NOLINT(cppcoreguidelines-pro-type-member-init)
// Set all policy fields to 0.
std::memset(&policy, 0, sizeof(srtp_policy_t));
switch (cryptoSuite)
{
case CryptoSuite::AES_CM_128_HMAC_SHA1_80:
{
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
break;
}
case CryptoSuite::AES_CM_128_HMAC_SHA1_32:
{
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
// NOTE: Must be 80 for RTCP.
srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
break;
}
case CryptoSuite::AEAD_AES_256_GCM:
{
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
break;
}
case CryptoSuite::AEAD_AES_128_GCM:
{
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
break;
}
default:
{
MS_ABORT("unknown SRTP crypto suite");
}
}
MS_ASSERT(
(int)keyLen == policy.rtp.cipher_key_len,
"given keyLen does not match policy.rtp.cipher_keyLen");
switch (type)
{
case Type::INBOUND:
policy.ssrc.type = ssrc_any_inbound;
break;
case Type::OUTBOUND:
policy.ssrc.type = ssrc_any_outbound;
break;
}
policy.ssrc.value = 0;
policy.key = key;
// Required for sending RTP retransmission without RTX.
policy.allow_repeat_tx = 1;
policy.window_size = 1024;
policy.next = nullptr;
// Set the SRTP session.
srtp_err_status_t err = srtp_create(&this->session, &policy);
if (DepLibSRTP::IsError(err))
MS_THROW_ERROR("srtp_create() failed: %s", DepLibSRTP::GetErrorString(err));
}
SrtpSession::~SrtpSession()
{
MS_TRACE();
if (this->session != nullptr)
{
srtp_err_status_t err = srtp_dealloc(this->session);
if (DepLibSRTP::IsError(err))
MS_ABORT("srtp_dealloc() failed: %s", DepLibSRTP::GetErrorString(err));
}
}
bool SrtpSession::EncryptRtp(uint8_t* data, int* len)
{
MS_TRACE();
srtp_err_status_t err =
srtp_protect(this->session, static_cast<void*>(data), reinterpret_cast<int*>(len));
if (DepLibSRTP::IsError(err))
{
WarnL << "srtp_protect() failed:" << DepLibSRTP::GetErrorString(err);
return false;
}
return true;
}
bool SrtpSession::DecryptSrtp(uint8_t* data, int* len)
{
MS_TRACE();
srtp_err_status_t err =
srtp_unprotect(this->session, static_cast<void*>(data), reinterpret_cast<int*>(len));
if (DepLibSRTP::IsError(err))
{
WarnL << "srtp_unprotect() failed:" << DepLibSRTP::GetErrorString(err);
return false;
}
return true;
}
bool SrtpSession::EncryptRtcp(uint8_t* data, int* len)
{
MS_TRACE();
srtp_err_status_t err = srtp_protect_rtcp(
this->session, static_cast<void*>(data), reinterpret_cast<int*>(len));
if (DepLibSRTP::IsError(err))
{
WarnL << "srtp_protect_rtcp() failed:" << DepLibSRTP::GetErrorString(err);
return false;
}
return true;
}
bool SrtpSession::DecryptSrtcp(uint8_t* data, int* len)
{
MS_TRACE();
srtp_err_status_t err =
srtp_unprotect_rtcp(this->session, static_cast<void*>(data), reinterpret_cast<int*>(len));
if (DepLibSRTP::IsError(err))
{
WarnL << "srtp_unprotect_rtcp() failed:" << DepLibSRTP::GetErrorString(err);
return false;
}
return true;
}
return true;
}
bool SrtpSession::DecryptSrtp(uint8_t *data, int *len) {
MS_TRACE();
srtp_err_status_t err = srtp_unprotect(this->session, static_cast<void *>(data), reinterpret_cast<int *>(len));
if (DepLibSRTP::IsError(err)) {
WarnL << "srtp_unprotect() failed:" << DepLibSRTP::GetErrorString(err);
return false;
}
return true;
}
bool SrtpSession::EncryptRtcp(uint8_t *data, int *len) {
MS_TRACE();
srtp_err_status_t err = srtp_protect_rtcp(this->session, static_cast<void *>(data), reinterpret_cast<int *>(len));
if (DepLibSRTP::IsError(err)) {
WarnL << "srtp_protect_rtcp() failed:" << DepLibSRTP::GetErrorString(err);
return false;
}
return true;
}
bool SrtpSession::DecryptSrtcp(uint8_t *data, int *len) {
MS_TRACE();
srtp_err_status_t err = srtp_unprotect_rtcp(this->session, static_cast<void *>(data), reinterpret_cast<int *>(len));
if (DepLibSRTP::IsError(err)) {
WarnL << "srtp_unprotect_rtcp() failed:" << DepLibSRTP::GetErrorString(err);
return false;
}
return true;
}
void SrtpSession::RemoveStream(uint32_t ssrc) {
srtp_remove_stream(this->session, uint32_t { htonl(ssrc) });
}
} // namespace RTC
webrtc/SrtpSession.hpp
......@@ -20,64 +20,45 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#define MS_RTC_SRTP_SESSION_HPP
#include "Utils.hpp"
#include <srtp2/srtp.h>
#include <vector>
#include <memory>
namespace RTC
{
class DepLibSRTP : public std::enable_shared_from_this<DepLibSRTP>
{
public:
using Ptr = std::shared_ptr<DepLibSRTP>;
~DepLibSRTP();
typedef struct srtp_ctx_t_ *srtp_t;
namespace RTC {
static bool IsError(srtp_err_status_t code);
static const char *GetErrorString(srtp_err_status_t code);
static DepLibSRTP &Instance();
class DepLibSRTP;
private:
DepLibSRTP();
class SrtpSession {
public:
enum class CryptoSuite {
NONE = 0,
AES_CM_128_HMAC_SHA1_80 = 1,
AES_CM_128_HMAC_SHA1_32,
AEAD_AES_256_GCM,
AEAD_AES_128_GCM
};
class SrtpSession
{
public:
enum class CryptoSuite
{
NONE = 0,
AES_CM_128_HMAC_SHA1_80 = 1,
AES_CM_128_HMAC_SHA1_32,
AEAD_AES_256_GCM,
AEAD_AES_128_GCM
};
public:
enum class Type
{
INBOUND = 1,
OUTBOUND
};
public:
SrtpSession(Type type, CryptoSuite cryptoSuite, uint8_t* key, size_t keyLen);
~SrtpSession();
public:
bool EncryptRtp(uint8_t* data, int* len);
bool DecryptSrtp(uint8_t* data, int* len);
bool EncryptRtcp(uint8_t* data, int* len);
bool DecryptSrtcp(uint8_t* data, int* len);
void RemoveStream(uint32_t ssrc)
{
srtp_remove_stream(this->session, uint32_t{ htonl(ssrc) });
}
private:
// Allocated by this.
srtp_t session{ nullptr };
DepLibSRTP::Ptr _env;
};
public:
enum class Type { INBOUND = 1, OUTBOUND };
public:
SrtpSession(Type type, CryptoSuite cryptoSuite, uint8_t *key, size_t keyLen);
~SrtpSession();
public:
bool EncryptRtp(uint8_t *data, int *len);
bool DecryptSrtp(uint8_t *data, int *len);
bool EncryptRtcp(uint8_t *data, int *len);
bool DecryptSrtcp(uint8_t *data, int *len);
void RemoveStream(uint32_t ssrc);
private:
// Allocated by this.
srtp_t session { nullptr };
std::shared_ptr<DepLibSRTP> _env;
};
} // namespace RTC
#endif
webrtc/WebRtcTransport.cpp
......@@ -13,6 +13,9 @@
#include "Rtcp/RtcpFCI.h"
#include "RtpExt.h"
#include "Rtsp/RtpReceiver.h"
#include <srtp2/srtp.h>
#include <iostream>
#define RTP_SSRC_OFFSET 1
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论