This CL adds methods to manipulate RTP header extension, particularly

content/browser/renderer_host/p2p/socket_host.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/renderer_host/p2p/socket_host.h"
 
 #include "base/sys_byteorder.h"
 #include "content/browser/renderer_host/p2p/socket_host_tcp.h"
 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h"
 #include "content/browser/renderer_host/p2p/socket_host_udp.h"
+#include "third_party/libjingle/source/talk/base/asyncpacketsocket.h"
+#include "third_party/libjingle/source/talk/base/byteorder.h"
+#include "third_party/libjingle/source/talk/base/messagedigest.h"
+#include "third_party/libjingle/source/talk/p2p/base/stun.h"
 
 namespace {
+
 const uint32 kStunMagicCookie = 0x2112A442;
+const int kMinRtpHdrLen = 12;
+const int kDtlsRecordHeaderLen = 13;
+const int kTurnChannelHdrLen = 4;
+const int kRtpExtnHdrLen = 4;
+const int kAbsSendTimeExtnLen = 3;
+const int kOneByteHdrLen = 1;
+
+bool IsTurnChannelData(const char* data) {
+  uint16 type = talk_base::GetBE16(data);
+  return ((type & 0xC000) == 0x4000);  // MSB are 0b01
+}
+
+bool IsDtlsPacket(const char* data, int len) {
+  const uint8* u = reinterpret_cast<const uint8*>(data);
+  return (len >= kDtlsRecordHeaderLen && (u[0] > 19 && u[0] < 64));
+}
+
+bool IsRtcpPacket(const char* data) {
+  int type = (static_cast<uint8>(data[1]) & 0x7F);
+  return (type >= 64 && type < 96);
+}
+
+bool IsStunPacket(const char* data) {
+  uint16 type = talk_base::GetBE16(data);
+  return !(type & 0xC000);
+}
+
+bool IsStunDataIndicationPacket(const char* data) {
+  uint16 type = talk_base::GetBE16(data);
+  return (type == cricket::TURN_SEND_INDICATION);
+}
+
+const size_t kBlockSize = 64;  // valid for SHA-256 and down
+
+class HMAC {
+ public:
+  HMAC();
+  ~HMAC() {}
+
+  bool Init(const void* key, size_t key_len);
+  void Update(const void* input, size_t in_len);
+  void Compute(void* output, size_t out_len);
+
+ private:
+  size_t block_len;
+  scoped_ptr<uint8[]> o_pad_;
+  scoped_ptr<uint8[]> i_pad_;
+  scoped_ptr<uint8[]> inner_;
+  scoped_ptr<talk_base::MessageDigest> digest_;
+};
+
+HMAC::HMAC()
+    : digest_(talk_base::MessageDigestFactory::Create(
+          talk_base::DIGEST_SHA_1)) {
+}
+
+bool HMAC::Init(const void* key, size_t key_len) {
+  if (!digest_) {
+    return false;
+  }
+  block_len = kBlockSize;
+  if (digest_->Size() > 32) {
+    return false;
+  }
+
+  // Copy the key to a block-sized buffer to simplify padding.
+  // If the key is longer than a block, hash it and use the result instead.
+  talk_base::scoped_ptr<uint8[]> new_key(new uint8[block_len]);
+  if (key_len > block_len) {
+    talk_base::ComputeDigest(digest_.get(), key, key_len,
+                             new_key.get(), block_len);
+    memset(new_key.get() + digest_->Size(), 0, block_len - digest_->Size());
+  } else {
+    memcpy(new_key.get(), key, key_len);
+    memset(new_key.get() + key_len, 0, block_len - key_len);
+  }
+
+  // Set up the padding from the key, salting appropriately for each padding.
+  o_pad_.reset(new uint8[block_len]);
+  i_pad_.reset(new uint8[block_len]);
+  for (size_t i = 0; i < block_len; ++i) {
+    o_pad_[i] = 0x5c ^ new_key[i];
+    i_pad_[i] = 0x36 ^ new_key[i];
+  }
+  // Inner hash; hash the inner padding, and then the input buffer.
+  inner_.reset(new uint8[digest_->Size()]);
+  digest_->Update(i_pad_.get(), block_len);
+  return true;
+}
+
+void HMAC::Update(const void* input, size_t in_len) {
+  digest_->Update(input, in_len);
+}
+
+void HMAC::Compute(void* output, size_t out_len) {
+  // Outer hash; hash the outer padding, and then the result of the inner hash.
+  digest_->Update(o_pad_.get(), block_len);
+  digest_->Update(inner_.get(), digest_->Size());
+  digest_->Finish(output, out_len);
+}
+
 }  // namespace
 
 namespace content {
 
 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender,
                              int id)
     : message_sender_(message_sender),
       id_(id),
       state_(STATE_UNINITIALIZED) {
 }
@@ skipping 71 matching lines @@
     case P2P_SOCKET_STUN_TCP_CLIENT:
     case P2P_SOCKET_STUN_SSLTCP_CLIENT:
     case P2P_SOCKET_STUN_TLS_CLIENT:
       return new P2PSocketHostStunTcp(message_sender, id, type, url_context);
   }
 
   NOTREACHED();
   return NULL;
 }
 
+void P2PSocketHost::MaybeUpdateRtpSendTimeExtn(
+    char* data, int len, const talk_base::PacketOptions& options) {

[Stefan, 2014/02/19 08:17:32]

len -> length

[Mallinath (Gone from Chromium), 2014/02/19 18:52:24]

Done.

+  // if there is no valid |rtp_sendtime_extension_id| or |srtp_auth_key| in
+  // PacketOptions, nothing to be updated in this packet.
+  if (options.packet_time_params.rtp_sendtime_extension_id == -1 &&
+      options.packet_time_params.srtp_auth_key.empty()) {
+    return;
+  }
+
+  char* start = data;
+  int raw_packet_len = options.packet_time_params.payload_len;
+  // If the packet is wrapped in any protocol like TURN/GTURN/ICE-TCP, |len|
+  // will be larger than actuan payload len. Skipping wrapper to point to the

[Stefan, 2014/02/19 08:17:32]

actual payload length

[Mallinath (Gone from Chromium), 2014/02/19 18:52:24]

Done.

+  // actual payload.
+  int wrapper_len = len - raw_packet_len;
+  start += wrapper_len;
+
+  // If there is no valid Absolute sendtime extension id present in options,
+  // we should just update the HMAC and return, if srtp auth key is present.
+  if (options.packet_time_params.rtp_sendtime_extension_id == -1) {
+    // If the packet is a regular STUN packet or a DTLS packet or a RTCP
+    // packet |srtp_auth_key| will be empty.
+    // We may have written a fake HMAC, if it's rtp packet.
+    if (!options.packet_time_params.srtp_auth_key.empty()) {
+      // Should we check if there is fake hmac written and if so, then update
+      // HMAC?
+      UpdateHmac(start, raw_packet_len, options);
+    }
+    return;
+  }
+
+  // Skip if the wrapped packet is RTCP packet.
+  if (IsRtcpPacket(start)) {
+    // Update the HMAC and return
+    // RTCP packet must have rtp_sendtime_extension_id == -1 and empty
+    // srtp_auth_key.
+    DCHECK(false);
+    return;
+  }
+
+  if (!FindAndUpdateRtpAbsSendTimeExtension(start, raw_packet_len, options)) {
+    // We should find extension id in rtp packet.

[Stefan, 2014/02/19 08:17:32]

We should find an extension id in the rtp packet.

[Mallinath (Gone from Chromium), 2014/02/19 18:52:24]

Done.

+    DCHECK(false);
+  }
+  UpdateHmac(start, raw_packet_len, options);
+}
+
+bool P2PSocketHost::FindAndUpdateRtpAbsSendTimeExtension(
+    char* data, int in_len, const talk_base::PacketOptions& options) {
+   //  0                   1                   2                   3
+   //  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+   // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   // |V=2|P|X|  CC   |M|     PT      |       sequence number         |
+   // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   // |                           timestamp                           |
+   // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   // |           synchronization source (SSRC) identifier            |
+   // +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+   // |            contributing source (CSRC) identifiers             |
+   // |                             ....                              |
+   // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+  int cc_count = data[0] & 0x0F;
+  int rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count;
+  if (rtp_hdr_len_without_extn > in_len) {
+    DCHECK(false);
+    return false;
+  }
+
+  bool X = (data[0] & 0x10);
+  if (!X)   // Return if extension bit is not set.
+    return true;
+
+  data += rtp_hdr_len_without_extn;
+
+  // Getting extension profile ID and length.
+  uint16 profile_id = talk_base::GetBE16(data);
+  // Length is in 32 bit words.
+  uint16 extn_length = talk_base::GetBE16(data + 2) * 4;
+
+  // Verify input length against total header size.
+  if (rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length > in_len) {
+    DCHECK(false);
+    return false;
+  }
+
+  data += kRtpExtnHdrLen;  // Moving past extn header.
+
+  // WebRTC is using one byte header extension.
+  // TODO(mallinath) - Handle two byte header extension.
+  if (profile_id == 0xBEDE) {  // OneByte extension header
+    //  0
+    //  0 1 2 3 4 5 6 7
+    // +-+-+-+-+-+-+-+-+
+    // |  ID   |  len  |
+    // +-+-+-+-+-+-+-+-+
+
+    //  0                   1                   2                   3
+    //  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    // |       0xBE    |    0xDE       |           length=3            |
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    // |  ID   | L=0   |     data      |  ID   |  L=1  |   data...
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    //       ...data   |    0 (pad)    |    0 (pad)    |  ID   | L=3   |
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    // |                          data                                 |
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    uint16 consumed = 0;
+    while(extn_length - consumed > 0) {
+      const int id = (*data & 0xF0) >> 4;
+      const int len = (*data & 0x0F) + 1;
+      // The 4-bit length is the number minus one of data bytes of this header
+      // extension element following the one-byte header.
+      if (id == options.packet_time_params.rtp_sendtime_extension_id) {
+        UpdateRtpAbsSendTimeExtension(data + kOneByteHdrLen, len);
+        return true;
+      }
+      consumed += kOneByteHdrLen + len;
+      data += consumed;
+      // Count padding bytes
+      while(*data != 0) {
+        ++data;
+        ++consumed;
+      }
+    }
+  }
+  return true;
+}
+
+void P2PSocketHost::UpdateRtpAbsSendTimeExtension(char* data, int len) {
+  // Absolute send time in RTP streams.
+  //
+  // The absolute send time is signaled to the receiver in-band using the
+  // general mechanism for RTP header extensions [RFC5285]. The payload
+  // of this extension (the transmitted value) is a 24-bit unsigned integer
+  // containing the sender's current time in seconds as a fixed point number
+  // with 18 bits fractional part.
+  //
+  // The form of the absolute send time extension block:
+  //
+  //    0                   1                   2                   3
+  //    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+  //   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  //   |  ID   | len=2 |              absolute send time               |
+  //   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  DCHECK_EQ(len, kAbsSendTimeExtnLen);
+  uint64 now_ms = base::Time::Now().ToInternalValue();
+  // Convert second to 24-bit unsigned with 18 bit fractional part
+  uint32 now_second = ((now_ms << 18) / base::Time::kMicrosecondsPerSecond) &
+                       0x00FFFFFF;
+  // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle.
+  data[0] = static_cast<uint8>(now_second >> 16);
+  data[1] = static_cast<uint8>(now_second >> 8);
+  data[2] = static_cast<uint8>(now_second);
+}
+
+// Assumes |len| is actual packet length + tag length.
+void P2PSocketHost::UpdateHmac(char* packet, int len,
+                               const talk_base::PacketOptions& options) {
+  char* auth_tag = packet +
+                    (len - options.packet_time_params.srtp_auth_tag_len);
+  HMAC hmac;
+  if (!hmac.Init(&options.packet_time_params.srtp_auth_key[0],
+                 options.packet_time_params.srtp_auth_key.size())) {
+    DCHECK(false);
+    return;
+  }
+
+  char output[20];
+  size_t out_len = sizeof(output);
+
+  // First we should compute on the message and then packet index.
+  hmac.Update(packet, len - options.packet_time_params.srtp_auth_tag_len);
+  hmac.Update(reinterpret_cast<void*>(
+      options.packet_time_params.srtp_packet_index), 4);  // Use only ROC.
+
+  hmac.Compute(output, out_len);
+  // Copy HMAC from output to packet. This is required as auth tag lenth
+  // may not be equal to the actual HMAC length.
+  memcpy(auth_tag, output, options.packet_time_params.srtp_auth_tag_len);
+}
+
 }  // namespace content