1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
/**
* @file dtls_srtp/srtp.c Secure RTP
*
* Copyright (C) 2010 Creytiv.com
*/
#include <re.h>
#include <baresip.h>
#include "dtls_srtp.h"
struct srtp_stream {
struct srtp *srtp;
};
/*
* See RFC 5764 figure 3:
*
* +----------------+
* | 127 < B < 192 -+--> forward to RTP
* | |
* packet --> | 19 < B < 64 -+--> forward to DTLS
* | |
* | B < 2 -+--> forward to STUN
* +----------------+
*
*/
static inline bool is_rtp_or_rtcp(const struct mbuf *mb)
{
uint8_t b;
if (mbuf_get_left(mb) < 1)
return false;
b = mbuf_buf(mb)[0];
return 127 < b && b < 192;
}
static inline bool is_rtcp_packet(const struct mbuf *mb)
{
uint8_t pt;
if (mbuf_get_left(mb) < 2)
return false;
pt = mbuf_buf(mb)[1] & 0x7f;
return 64 <= pt && pt <= 95;
}
static void destructor(void *arg)
{
struct srtp_stream *s = arg;
mem_deref(s->srtp);
}
static bool send_handler(int *err, struct sa *dst, struct mbuf *mb, void *arg)
{
struct comp *comp = arg;
(void)dst;
if (!is_rtp_or_rtcp(mb))
return false;
if (is_rtcp_packet(mb)) {
*err = srtcp_encrypt(comp->tx->srtp, mb);
if (*err) {
warning("srtp: srtcp_encrypt failed (%m)\n", *err);
}
}
else {
*err = srtp_encrypt(comp->tx->srtp, mb);
if (*err) {
warning("srtp: srtp_encrypt failed (%m)\n", *err);
}
}
return *err ? true : false; /* continue processing */
}
static bool recv_handler(struct sa *src, struct mbuf *mb, void *arg)
{
struct comp *comp = arg;
int err;
(void)src;
if (!is_rtp_or_rtcp(mb))
return false;
if (is_rtcp_packet(mb)) {
err = srtcp_decrypt(comp->rx->srtp, mb);
}
else {
err = srtp_decrypt(comp->rx->srtp, mb);
}
if (err) {
warning("srtp: recv: failed to decrypt %s-packet (%m)\n",
is_rtcp_packet(mb) ? "RTCP" : "RTP", err);
return true; /* error - drop packet */
}
return false; /* continue processing */
}
int srtp_stream_add(struct srtp_stream **sp, enum srtp_suite suite,
const uint8_t *key, size_t key_size, bool tx)
{
struct srtp_stream *s;
int err = 0;
(void)tx;
if (!sp || !key)
return EINVAL;
s = mem_zalloc(sizeof(*s), destructor);
if (!s)
return ENOMEM;
err = srtp_alloc(&s->srtp, suite, key, key_size, 0);
if (err) {
warning("srtp: srtp_alloc() failed (%m)\n", err);
goto out;
}
out:
if (err)
mem_deref(s);
else
*sp = s;
return err;
}
int srtp_install(struct comp *comp)
{
return udp_register_helper(&comp->uh_srtp, comp->app_sock,
LAYER_SRTP,
send_handler, recv_handler, comp);
}
|
