Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 1 | |
| 2 | class CryptoContext; |
| 3 | class CryptoContextCtrl; |
| 4 | |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 5 | /** |
| 6 | * Maximum length of a raw crypto string. |
| 7 | */ |
| 8 | #define MAX_CRYPT_STRING_LEN 200 |
| 9 | |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 10 | class ZrtpSdesStream { |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 11 | |
| 12 | public: |
| 13 | |
| 14 | /** |
| 15 | * Supported SDES crypto suites. |
| 16 | */ |
| 17 | typedef enum { |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 18 | AES_CM_128_HMAC_SHA1_32 = 1, |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 19 | AES_CM_128_HMAC_SHA1_80 |
| 20 | } sdesSuites; |
| 21 | |
| 22 | /** |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 23 | * SDES stream stated |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 24 | */ |
| 25 | typedef enum { |
| 26 | STREAM_INITALIZED = 1, |
| 27 | OUT_PROFILE_READY, |
| 28 | IN_PROFILE_READY, |
| 29 | SDES_SRTP_ACTIVE |
| 30 | } sdesZrtpStates; |
| 31 | |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 32 | /** |
| 33 | * @brief Create and SDES/ZRTP stream. |
| 34 | * |
| 35 | * This method creates an SDES stream with capabilities to handle RTP, |
| 36 | * RTCP, SRTP, and SRTCP packets. |
| 37 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 38 | * It is not necessary to explicitly start the SDES stream. The method initiates |
| 39 | * the SRTP after it created and parsed all necessary SDES crypto strings. |
| 40 | * |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 41 | * @param suite defines which crypto suite to use for this stream. The values are |
| 42 | * @c AES_CM_128_HMAC_SHA1_80 or @c AES_CM_128_HMAC_SHA1_32. |
| 43 | */ |
| 44 | ZrtpSdesStream(const sdesSuites suite =AES_CM_128_HMAC_SHA1_32); |
| 45 | |
| 46 | ~ZrtpSdesStream(); |
| 47 | |
| 48 | /** |
| 49 | * @brief Close an SDES/ZRTP stream. |
| 50 | * |
| 51 | * Close the stream and return allocated memory to the pool. |
| 52 | */ |
| 53 | void close(); |
| 54 | |
| 55 | /** |
| 56 | * @brief Creates an SDES crypto string for the SDES/ZRTP stream. |
| 57 | * |
| 58 | * Creates the crypto string that the application can use in the SDP fields of |
| 59 | * SIP INVITE or SIP 200 OK. |
| 60 | * |
| 61 | * An INVITE-ing application shall call this function at the same point when |
| 62 | * it calls the functions to get the @c zrtp-hash string and shall insert the |
| 63 | * created crypto string into the SDP. |
| 64 | * |
| 65 | * An answering application shall call this function directly @b after it called |
| 66 | * @c sdesZrtpStreamParseSdes. This usually at the same point when it gets the |
| 67 | * @c zrtp-hash from the SDP parameters and forwards it to @c libzrtp. The |
| 68 | * answering application's SRTP environment is now ready. |
| 69 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 70 | * @param cryptoString points to a char output buffer that receives the |
| 71 | * crypto string in the raw format, without the any |
| 72 | * signaling prefix, for example @c a=crypto: in case |
| 73 | * of SDP signaling. The function terminates the |
| 74 | * crypto string with a @c nul byte |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 75 | * |
| 76 | * @param maxLen length of the crypto string buffer. On return it contains the |
| 77 | * actual length of the crypto string. |
| 78 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 79 | * @param sipInvite if this is set to @c true (not zero) then the method |
| 80 | * takes the necessary actions to create the crypto eonvironment |
| 81 | * for the inviting SIP application. It it is zero then it handles |
| 82 | * the invited case (answerer). |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 83 | * |
| 84 | * @return @c true if data could be created, @c false otherwise. |
| 85 | */ |
| 86 | bool createSdes(char *cryptoString, size_t *maxLen, bool sipInvite); |
| 87 | |
| 88 | /** |
| 89 | * @brief Parses an SDES crypto string for the SDES/ZRTP stream. |
| 90 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 91 | * Parses a received crypto string that the application received in a SIP INVITE |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 92 | * or SIP 200 OK. |
| 93 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 94 | * An INVITE-ing application shall call this function right after it received |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 95 | * the 200 OK from the answering application and must call this function with the |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 96 | * @c sipInvite parameter set to @c true. This usually at the same point when |
| 97 | * it gets the @c zrtp-hash from the SDP parameters. |
| 98 | * This application's SRTP environment is now ready. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 99 | * |
| 100 | * The answering application calls this function after it received the INVITE and |
| 101 | * extracted the crypto string from the SDP and must call this function with the |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 102 | * @c sipInvite parameter set to @c false. This is usually the same point when |
| 103 | * it gets the @c zrtp-hash from the SDP parameters. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 104 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 105 | * @param cryptoString points to the crypto sting in raw format, |
| 106 | * without any signaling prefix, for example @c |
| 107 | * a=crypto: in case of SDP signaling. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 108 | * |
| 109 | * @param length length of the crypto string to parse. If the length is |
| 110 | * @c zero then the function uses @c strlen to compute |
| 111 | * the length. |
| 112 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 113 | * @param sipInvite if this is set to @c true then the method |
| 114 | * takes the necessary actions to create the crypto eonvironment |
| 115 | * for the inviting SIP application. It it is zero then it handles |
| 116 | * the invited case (answerer). |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 117 | * |
| 118 | * @return @c true if data could be created, @c false otherwise. |
| 119 | */ |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 120 | bool parseSdes(char *cryptoString, size_t length, bool sipInvite); |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 121 | |
| 122 | /* |
| 123 | * ******** Outgoing RTP/RTCP packet handling |
| 124 | */ |
| 125 | /** |
| 126 | * @brief Process an outgoing RTP packet |
| 127 | * |
| 128 | * This function processes an outgoing RTP packet. Depending on the state |
| 129 | * the packet is either: |
| 130 | * - not encrypted if neither SDES nor ZRTP are active or supported by the |
| 131 | * other client. This is the standard case if the stream was just initialized. |
| 132 | * - encrypted with SDES provided key data. This is the case if the application |
| 133 | * called both @c sdesZrtpStreamCreateSdes and @c sdesZrtpStreamParseSdes |
| 134 | * functions to properly setup the SDES key data. |
| 135 | * |
| 136 | * @param packet the buffer that contains the RTP packet. After processing, the |
| 137 | * encrypted packet is stored in the same buffer. The buffer must |
| 138 | * big enough to hold the additional SRTP data, depending on the |
| 139 | * SRTP profile these are usually 4 - 20 bytes. |
| 140 | * |
| 141 | * @param length length of the RTP packet |
| 142 | * |
| 143 | * @param newLength to an integer that get the new length of the packet including SRTP data. |
| 144 | * |
| 145 | * @return |
| 146 | * - @c true if encryption is successful, app shall send packet to the recipient. |
| 147 | * - @c false if there was an error during encryption, don't send the packet. |
| 148 | */ |
| 149 | bool outgoingRtp(uint8_t *packet, size_t length, size_t *newLength); |
| 150 | |
| 151 | /** |
| 152 | * @brief Process an outgoing RTCP packet |
| 153 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 154 | * This function works in the same way as @c sdesZrtpProcessRtp. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 155 | * |
| 156 | * @param packet the buffer that contains the RTCP packet. After processing, the |
| 157 | * encrypted packet is stored in the same buffer. The buffer must |
| 158 | * big enough to hold the additional SRTP data, depending on the |
| 159 | * SRTP profile these are usually 8 - 20 bytes. |
| 160 | * |
| 161 | * @param length length of the RTP packet |
| 162 | * |
| 163 | * @param newLength to an integer that get the new length of the packet including SRTP data. |
| 164 | * |
| 165 | * @return |
| 166 | * - @c true if encryption is successful, app shall send packet to the recipient. |
| 167 | * - @c false if there was an error during encryption, don't send the packet. |
| 168 | */ |
| 169 | bool outgoingRtcp(uint8_t *packet, size_t length, size_t *newLength); |
| 170 | |
| 171 | /* |
| 172 | * ******** Incoming SRTP/SRTCP packet handling |
| 173 | */ |
| 174 | /** |
| 175 | * @brief Process an incoming RTP or SRTP packet |
| 176 | * |
| 177 | * This function processes an incoming RTP/SRTP packet. Depending on the state |
| 178 | * the packet is either: |
| 179 | * - not decrypted if SDES is not active or supported by the |
| 180 | * other client. This is the standard case if the stream was just initialized. |
| 181 | * - decrypted with SDES provided key data. This is the case if the application |
| 182 | * called both @c sdesZrtpStreamCreateSdes and @c sdesZrtpStreamParseSdes |
| 183 | * functions to properly setup the SDES key data. |
| 184 | * |
| 185 | * @param packet the buffer that contains the RTP/SRTP packet. After processing, |
| 186 | * the decrypted packet is stored in the same buffer. |
| 187 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 188 | * @param length length of the RTCP packet |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 189 | * |
| 190 | * @param newLength to an integer that get the new length of the packet excluding SRTCP data. |
| 191 | * |
| 192 | * @return |
| 193 | * - 1: success, |
| 194 | * - -1: SRTP authentication failed, |
| 195 | * - -2: SRTP replay check failed |
| 196 | */ |
| 197 | int incomingRtp(uint8_t *packet, size_t length, size_t *newLength); |
| 198 | |
| 199 | /** |
| 200 | * @brief Process an incoming RTCP or SRTCP packet |
| 201 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 202 | * This function works in the same way as @c sdesZrtpProcessSrtp. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 203 | * |
| 204 | * @param packet the buffer that contains the RTCP/SRTCP packet. After processing, |
| 205 | * the decrypted packet is stored in the same buffer. |
| 206 | * |
| 207 | * @param length length of the RTCP packet |
| 208 | * |
| 209 | * @param newLength to an integer that get the new length of the packet excluding SRTCP data. |
| 210 | * |
| 211 | * @return |
| 212 | * - 1: success, |
| 213 | * - -1: SRTCP authentication failed, |
| 214 | * - -2: SRTCP replay check failed |
| 215 | */ |
| 216 | int incomingSrtcp(uint8_t *packet, size_t length, size_t *newLength); |
| 217 | |
| 218 | /** |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 219 | * Return state of SDES stream. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 220 | * |
| 221 | * @return state of stream. |
| 222 | */ |
| 223 | sdesZrtpStates getState() {return state;} |
| 224 | |
| 225 | /** |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 226 | * Return name of active cipher algorithm. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 227 | * |
| 228 | * @return point to name of cipher algorithm. |
| 229 | */ |
| 230 | const char* getCipher(); |
| 231 | |
| 232 | /** |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 233 | * Return name of active SRTP authentication algorithm. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 234 | * |
| 235 | * @return point to name of authentication algorithm. |
| 236 | */ |
| 237 | const char* getAuthAlgo(); |
| 238 | |
| 239 | |
| 240 | /* |
| 241 | * ******** Lower layer functions |
| 242 | */ |
| 243 | private: |
| 244 | /** |
| 245 | * @brief Create an SRTP crypto context and the according SDES crypto string. |
| 246 | * |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 247 | * This lower layer method creates an SRTP profile an the according SDES |
| 248 | * crypto string. It selects a valid crypto suite, generates the key and salt |
| 249 | * data, converts these into base 64 and returns the crypto string in raw format |
| 250 | * without any signaling prefixes. The method also creates the internal |
| 251 | * SRTP/SRTCP crypto contexts for outgoing data. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 252 | * |
| 253 | * The output string has the following format: |
| 254 | * @verbatim |
| 255 | * 1 AES_CM_128_HMAC_SHA1_32 inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj |
| 256 | * @endverbatim |
| 257 | * |
| 258 | * Applications usually don't use this method directly. Applications shall |
| 259 | * use the SDES stream functions. |
| 260 | * |
| 261 | * Depending on the crypto suite the overall length of the crypto string |
| 262 | * is variable. For a normal AES_128_CM suite the minumum lenth is 73 |
| 263 | * characters, a AES_256_CM suite results in 97 characters (not counting |
| 264 | * any signaling prefixes). |
| 265 | * |
| 266 | * @param cryptoString points to a char output buffer that receives the |
| 267 | * crypto string in the raw format, without the any |
| 268 | * signaling prefix, for example @c a=crypto: in case |
| 269 | * of SDP signaling. The function terminates the |
| 270 | * crypto string with a @c nul byte |
| 271 | * |
| 272 | * @param maxLen points to an integer. On input this integer specifies the |
| 273 | * length of the output buffer. If @c maxLen is smaller than |
| 274 | * the resulting crypto string the function returns an error |
| 275 | * conde. On return the functions sets @c maxLen to the |
| 276 | * actual length of the resultig crypto string. |
| 277 | * |
| 278 | * @param tag the value of the @c tag field in the crypto string. The |
| 279 | * answerer must use this input to make sure that the tag value |
| 280 | * in the answer matches the value in the offer. See RFC 4568, |
| 281 | * section 5.1.2. |
| 282 | * If the tag value is @c -1 the function sets the tag to @c 1. |
| 283 | * |
| 284 | * @return @c true if data could be created, @c false |
| 285 | * otherwise. |
| 286 | */ |
| 287 | bool createSdesProfile(char *cryptoString, size_t *maxLen); |
| 288 | |
| 289 | /** |
| 290 | * @brief Parse and check an offered SDES crypto string and create SRTP crypto context. |
| 291 | * |
| 292 | * The method parses an offered SDES crypto string and checks if it is |
| 293 | * valid. Next it checks if the string contains a supported crypto suite |
Alexandre Lision | ddd731e | 2014-01-31 11:50:08 -0500 | [diff] [blame] | 294 | * and if the key and salt lengths match the selected crypto suite. The method |
| 295 | * also creates the internal SRTP/SRTCP crypto contexts for incoming data. |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 296 | * |
| 297 | * Applications usually don't use this method directly. Applications shall |
| 298 | * use the SDES stream functions. |
| 299 | * |
| 300 | * @b NOTE: This function does not support the optional parameters lifetime, |
| 301 | * MKI, and session parameters. While it can parse liftime and MKI theiy are |
| 302 | * not evaluated and used. If these parameters are used in the input crypto |
| 303 | * string the function return @c false. |
| 304 | * |
| 305 | * @param cryptoString points to the crypto sting in raw format, |
| 306 | * without any signaling prefix, for example @c a=crypto: in case of |
| 307 | * SDP signaling. |
| 308 | * |
| 309 | * @param length length of the crypto string to parse. If the length is |
| 310 | * @c zero then the function uses @c strlen to compute the length. |
| 311 | * |
| 312 | * @param parsedSuite the function sets this to the @c sdesSuites enumerator of |
| 313 | * the parsed crypto suite. The answerer shall use this as input to |
| 314 | * @c createSdesProfile to make sure that it creates the same crypto suite. |
| 315 | * See RFC 4568, section 5.1.2 |
| 316 | * |
| 317 | * @param tag the function sets this to the @c tag value of the parsed crypto |
| 318 | * string. The answerer must use this as input to @c createSdesProfile |
| 319 | * to make sure that it creates the correct tag in the crypto string. |
| 320 | * See RFC 4568, section 5.1.2 |
| 321 | * |
| 322 | * @return @c true if checks were ok, @c false |
| 323 | * otherwise. |
| 324 | */ |
| 325 | bool parseCreateSdesProfile(const char *cryptoString, size_t length, sdesSuites *parsedSuite, int32_t *tag); |
| 326 | |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 327 | sdesZrtpStates state; |
| 328 | sdesSuites suite; |
| 329 | int32_t tag; |
| 330 | CryptoContext *recvSrtp; //!< The SRTP context for this stream |
| 331 | CryptoContextCtrl *recvSrtcp; //!< The SRTCP context for this stream |
| 332 | CryptoContext *sendSrtp; //!< The SRTP context for this stream |
| 333 | CryptoContextCtrl *sendSrtcp; //!< The SRTCP context for this stream |
| 334 | uint32_t srtcpIndex; //!< the local SRTCP index |
| 335 | |
Alexandre Lision | 7fd5d3d | 2013-12-04 13:06:40 -0500 | [diff] [blame] | 336 | }; |