content/browser/renderer_host/p2p/socket_host.cc - Issue 159353002: This CL adds methods to manipulate RTP header extension, particularly

Side by Side Diff: content/browser/renderer_host/p2p/socket_host.cc

Issue 159353002: This CL adds methods to manipulate RTP header extension, particularly (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « content/browser/renderer_host/p2p/socket_host.h ('k') | content/browser/renderer_host/p2p/socket_host_tcp.cc » ('j') | content/browser/renderer_host/p2p/socket_host_test_utils.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/renderer_host/p2p/socket_host.h"	5 #include "content/browser/renderer_host/p2p/socket_host.h"

6	6

7 #include "base/sys_byteorder.h"	7 #include "base/sys_byteorder.h"

8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h"	8 #include "content/browser/renderer_host/p2p/socket_host_tcp.h"

9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h"	9 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h"

10 #include "content/browser/renderer_host/p2p/socket_host_udp.h"	10 #include "content/browser/renderer_host/p2p/socket_host_udp.h"

	11 #include "crypto/hmac.h"

	12 #include "third_party/libjingle/source/talk/base/asyncpacketsocket.h"

	13 #include "third_party/libjingle/source/talk/base/byteorder.h"

	14 #include "third_party/libjingle/source/talk/base/messagedigest.h"

	15 #include "third_party/libjingle/source/talk/p2p/base/stun.h"

11	16

12 namespace {	17 namespace {

	18

13 const uint32 kStunMagicCookie = 0x2112A442;	19 const uint32 kStunMagicCookie = 0x2112A442;

	20 const int kMinRtpHdrLen = 12;

	21 const int kRtpExtnHdrLen = 4;

	22 const int kDtlsRecordHeaderLen = 13;

	23 const int kTurnChannelHdrLen = 4;

	24 const int kAbsSendTimeExtnLen = 3;

	25 const int kOneByteHdrLen = 1;

	26

	27 // Fake auth tag written by the render process if external authentication is

	28 // enabled. HMAC in packet will be compared against this value before updating

	29 // packet with actual HMAC value.

	30 static const unsigned char kFakeAuthTag[10] = {

	31 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd

	32 };

	33

	34 bool IsTurnChannelData(const char* data) {

	35 return ((*data & 0xC0) == 0x40);

	36 }

	37

	38 bool IsDtlsPacket(const char* data, int len) {

	39 const uint8* u = reinterpret_cast<const uint8*>(data);

	40 return (len >= kDtlsRecordHeaderLen && (u[0] > 19 && u[0] < 64));

	41 }

	42

	43 bool IsRtcpPacket(const char* data) {

	44 int type = (static_cast<uint8>(data[1]) & 0x7F);

	45 return (type >= 64 && type < 96);

	46 }

	47

	48 bool IsStunPacket(const char* data) {

	49 return ((*data & 0xC0) == 0);

	50 }

	51

	52 bool IsTurnSendIndicationPacket(const char* data) {

	53 uint16 type = talk_base::GetBE16(data);

	54 return (type == cricket::TURN_SEND_INDICATION);

	55 }

	56

	57 bool IsRtpPacket(const char* data, int len) {

	58 return ((*data & 0xC0) == 0x80);

	59 }

	60

14 } // namespace	61 } // namespace

15	62

16 namespace content {	63 namespace content {

17	64

18 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender,	65 P2PSocketHost::P2PSocketHost(IPC::Sender* message_sender,

19 int id)	66 int id)

20 : message_sender_(message_sender),	67 : message_sender_(message_sender),

21 id_(id),	68 id_(id),

22 state_(STATE_UNINITIALIZED) {	69 state_(STATE_UNINITIALIZED) {

23 }	70 }

(...skipping 71 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
95 case P2P_SOCKET_STUN_TCP_CLIENT:	142 case P2P_SOCKET_STUN_TCP_CLIENT:

96 case P2P_SOCKET_STUN_SSLTCP_CLIENT:	143 case P2P_SOCKET_STUN_SSLTCP_CLIENT:

97 case P2P_SOCKET_STUN_TLS_CLIENT:	144 case P2P_SOCKET_STUN_TLS_CLIENT:

98 return new P2PSocketHostStunTcp(message_sender, id, type, url_context);	145 return new P2PSocketHostStunTcp(message_sender, id, type, url_context);

99 }	146 }

100	147

101 NOTREACHED();	148 NOTREACHED();

102 return NULL;	149 return NULL;

103 }	150 }

104	151

	152 void P2PSocketHost::MaybeUpdatePacketSendTimeExtn(
	juberti2 2014/02/25 00:48:24 Check for zero length packets (will cause IsDtlsPa Check for zero length packets (will cause IsDtlsPacket to read off end) Mallinath (Gone from Chromium) 2014/02/25 22:56:44 Done. Show quoted text On 2014/02/25 00:48:24, juberti2 wrote: > Check for zero length packets (will cause IsDtlsPacket to read off end) Done.
	153 char* data, int length, const talk_base::PacketOptions& options) {

	154 // if there is no valid \|rtp_sendtime_extension_id\| and \|srtp_auth_key\| in

	155 // PacketOptions, nothing to be updated in this packet.

	156 if (options.packet_time_params.rtp_sendtime_extension_id == -1 &&

	157 options.packet_time_params.srtp_auth_key.empty()) {

	158 return;

	159 }

	160

	161 DCHECK(!IsDtlsPacket(data, length));

	162 DCHECK(!IsRtcpPacket(data));

	163

	164 // If there is a srtp auth key present then packet must be a RTP packet.

	165 // RTP packet may have been wrapped in a TURN Channel Data or

	166 // TURN send indication.

	167 int rtp_start_pos;

	168 int rtp_length;

	169 if (!GetRtpPacketStartPositionAndLength(

	170 data, length, &rtp_start_pos, &rtp_length)) {

	171 // This method should never return false.

	172 NOTREACHED();

	173 return;

	174 }

	175

	176 // Skip to rtp packet.

	177 char* start = data + rtp_start_pos;

	178 int rtp_packet_length = length - rtp_start_pos;

	179 // If there a non negetive sendtime extension id present in packet options,

	180 // then we should parse the rtp packet to update the timestamp. Otherwise

	181 // just calculate HMAC and update packet with it.

	182 if (options.packet_time_params.rtp_sendtime_extension_id != -1) {

	183 if (!MaybeUpdateRtpSendTimeExtn(

	184 start, rtp_packet_length,

	185 options.packet_time_params.rtp_sendtime_extension_id)) {

	186 // We should find an extension id in the rtp packet.

	187 NOTREACHED();

	188 return;

	189 }

	190 }

	191

	192 MaybeUpdateRtpAuthTag(start, rtp_packet_length, options);

	193 }

	194

	195 bool P2PSocketHost::GetRtpPacketStartPositionAndLength(

	196 char* packet, int length, int* rtp_start_pos, int* rtp_packet_length) {

	197 if (IsTurnChannelData(packet)) {

	198 // Turn Channel Message header format.

	199 // 0 1 2 3

	200 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

	201 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	202 // \| Channel Number \| Length \|

	203 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	204 // \| \|

	205 // / Application Data /

	206 // / /

	207 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	208 *rtp_start_pos = kTurnChannelHdrLen;

	209 *rtp_packet_length = talk_base::GetBE16(&packet[2]);
	juberti2 2014/02/25 00:48:24 need to check len before reading this field, and a need to check len before reading this field, and also check that the returned length is compatible with \|length\| Mallinath (Gone from Chromium) 2014/02/25 22:56:44 Done. Show quoted text On 2014/02/25 00:48:24, juberti2 wrote: > need to check len before reading this field, and also check that the returned > length is compatible with \|length\| Done.
	210 } else if (IsTurnSendIndicationPacket(packet)) {

	211 // First skip mandatory stun header which is of 20 bytes.

	212 *rtp_start_pos = kStunHeaderSize;

	213 // Loop through STUN attributes until we find STUN DATA attribute.

	214 char* start = packet + *rtp_start_pos;

	215 while ((packet + *rtp_start_pos) - start < length) {

	216 // Keep reading STUN attributes until we hit DATA attribute.

	217 // Attribute will be a TLV structure.

	218 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	219 // \| Type \| Length \|

	220 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	221 // \| Value (variable) ....

	222 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	223 // The value in the length field MUST contain the length of the Value

	224 // part of the attribute, prior to padding, measured in bytes. Since

	225 // STUN aligns attributes on 32-bit boundaries, attributes whose content

	226 // is not a multiple of 4 bytes are padded with 1, 2, or 3 bytes of

	227 // padding so that its value contains a multiple of 4 bytes. The

	228 // padding bits are ignored, and may be any value.

	229 uint16 attr_type, attr_length;

	230 // Getting attribute type and length.

	231 attr_type = talk_base::GetBE16(&packet[*rtp_start_pos]);
	juberti2 2014/02/25 00:48:24 need to check len here need to check len here Mallinath (Gone from Chromium) 2014/02/25 22:56:44 Done. Also there is check in while condition. Show quoted text On 2014/02/25 00:48:24, juberti2 wrote: > need to check len here Done. Also there is check in while condition.
	232 attr_length = talk_base::GetBE16(

	233 &packet[*rtp_start_pos + sizeof(attr_type)]);

	234 if (attr_type != cricket::STUN_ATTR_DATA) {

	235 *rtp_start_pos += sizeof(attr_type) + sizeof(attr_length) + attr_length;

	236 if ((attr_length % 4) != 0) {

	237 *rtp_start_pos += (4- (attr_length % 4));
	juberti2 2014/02/25 00:48:24 4 - 4 - Mallinath (Gone from Chromium) 2014/02/25 22:56:44 Done. Show quoted text On 2014/02/25 00:48:24, juberti2 wrote: > 4 - Done.
	238 }

	239 continue;

	240 }

	241 *rtp_start_pos += 4; // Skip STUN_DATA_ATTR header.

	242 *rtp_packet_length = attr_length;
	juberti2 2014/02/25 00:48:24 need to verify length is legit need to verify length is legit Mallinath (Gone from Chromium) 2014/02/25 22:56:44 Done. Show quoted text On 2014/02/25 00:48:24, juberti2 wrote: > need to verify length is legit Done.
	243 }

	244 } else {

	245 // This is a raw RTP packet.

	246 *rtp_start_pos = 0;

	247 *rtp_packet_length = length;

	248 }

	249

	250 return IsRtpPacket(packet + rtp_start_pos, length - rtp_start_pos);

	251 }

	252

	253 bool P2PSocketHost::MaybeUpdateRtpSendTimeExtn(char* rtp, int length,

	254 int extension_id) {

	255 // 0 1 2 3

	256 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

	257 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	258 // \|V=2\|P\|X\| CC \|M\| PT \| sequence number \|

	259 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	260 // \| timestamp \|

	261 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	262 // \| synchronization source (SSRC) identifier \|

	263 // +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

	264 // \| contributing source (CSRC) identifiers \|

	265 // \| .... \|

	266 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	267

	268 int cc_count = rtp[0] & 0x0F;

	269 int rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count;

	270 if (rtp_hdr_len_without_extn > length) {

	271 NOTREACHED();

	272 return false;

	273 }

	274

	275 bool X = (rtp[0] & 0x10);

	276 if (!X) // Return if extension bit is not set.

	277 return true;

	278

	279 rtp += rtp_hdr_len_without_extn;

	280

	281 // Getting extension profile ID and length.

	282 uint16 profile_id = talk_base::GetBE16(rtp);
	juberti2 2014/02/25 00:48:24 need to validate this length need to validate this length Mallinath (Gone from Chromium) 2014/02/25 22:56:44 It's done @ line 287. Show quoted text On 2014/02/25 00:48:24, juberti2 wrote: > need to validate this length It's done @ line 287.
	283 // Length is in 32 bit words.

	284 uint16 extn_length = talk_base::GetBE16(rtp + 2) * 4;

	285

	286 // Verify input length against total header size.

	287 if (rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length > length) {

	288 NOTREACHED();

	289 return false;

	290 }

	291

	292 rtp += kRtpExtnHdrLen; // Moving past extn header.

	293

	294 bool found = false;
	juberti2 2014/02/25 00:48:24 not sure we need this - i think we can return true not sure we need this - i think we can return true even if not found (i.e. same as no X bit case) Mallinath (Gone from Chromium) 2014/02/25 22:56:44 Agree. I added for testing this method when we pas Agree. I added for testing this method when we pass different extension id then what set in the packet. On 2014/02/25 00:48:24, juberti2 wrote: Show quoted text > not sure we need this - i think we can return true even if not found (i.e. same > as no X bit case)
	295 // WebRTC is using one byte header extension.

	296 // TODO(mallinath) - Handle two byte header extension.

	297 if (profile_id == 0xBEDE) { // OneByte extension header

	298 // 0

	299 // 0 1 2 3 4 5 6 7

	300 // +-+-+-+-+-+-+-+-+

	301 // \| ID \| len \|

	302 // +-+-+-+-+-+-+-+-+

	303

	304 // 0 1 2 3

	305 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

	306 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	307 // \| 0xBE \| 0xDE \| length=3 \|

	308 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	309 // \| ID \| L=0 \| data \| ID \| L=1 \| data...

	310 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	311 // ...data \| 0 (pad) \| 0 (pad) \| ID \| L=3 \|

	312 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	313 // \| data \|

	314 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	315 char* extn_start = rtp;

	316 while (rtp - extn_start < extn_length) {

	317 const int id = (*rtp & 0xF0) >> 4;

	318 const int len = (*rtp & 0x0F) + 1;

	319 // The 4-bit length is the number minus one of data bytes of this header

	320 // extension element following the one-byte header.

	321 if (id == extension_id) {

	322 UpdateSendTimeExtnValue(rtp + kOneByteHdrLen, len);

	323 found = true;

	324 break;

	325 }

	326 rtp += kOneByteHdrLen + len;

	327 // Counting padding bytes

	328 while ((*rtp != 0) && (rtp - extn_start < extn_length)) {

	329 ++rtp;

	330 }

	331 }

	332 }

	333 return found;

	334 }

	335

	336 void P2PSocketHost::UpdateSendTimeExtnValue(char* extn_data, int len) {

	337 // Absolute send time in RTP streams.

	338 //

	339 // The absolute send time is signaled to the receiver in-band using the

	340 // general mechanism for RTP header extensions [RFC5285]. The payload

	341 // of this extension (the transmitted value) is a 24-bit unsigned integer

	342 // containing the sender's current time in seconds as a fixed point number

	343 // with 18 bits fractional part.

	344 //

	345 // The form of the absolute send time extension block:

	346 //

	347 // 0 1 2 3

	348 // 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

	349 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	350 // \| ID \| len=2 \| absolute send time \|

	351 // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

	352 DCHECK_EQ(len, kAbsSendTimeExtnLen);

	353 // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to

	354 // use it unless necessary, as it is expensive than Now().

	355 uint64 now_us =

	356 (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds();

	357 // Convert second to 24-bit unsigned with 18 bit fractional part

	358 uint32 now_second = ((now_us << 18) / base::Time::kMicrosecondsPerSecond) &

	359 0x00FFFFFF;

	360 // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle.

	361 extn_data[0] = static_cast<uint8>(now_second >> 16);

	362 extn_data[1] = static_cast<uint8>(now_second >> 8);

	363 extn_data[2] = static_cast<uint8>(now_second);

	364 }

	365

	366 // Assumes \|len\| is actual packet length + tag length.

	367 void P2PSocketHost::MaybeUpdateRtpAuthTag(

	368 char* rtp, int len, const talk_base::PacketOptions& options) {

	369 size_t tag_length = options.packet_time_params.srtp_auth_tag_len;

	370 char* auth_tag = rtp + (len - tag_length);

	371

	372 // We should have a fake HMAC value @ auth_tag.

	373 DCHECK_EQ(0, memcmp(auth_tag, kFakeAuthTag, tag_length));

	374

	375 crypto::HMAC hmac(crypto::HMAC::SHA1);

	376 if (!hmac.Init(reinterpret_cast<const unsigned char*>(

	377 &options.packet_time_params.srtp_auth_key[0]),

	378 options.packet_time_params.srtp_auth_key.size())) {

	379 NOTREACHED();

	380 return;

	381 }

	382

	383 if (hmac.DigestLength() < tag_length) {

	384 NOTREACHED();

	385 return;

	386 }

	387

	388 // Copy ROC after end of rtp packet.

	389 memcpy(auth_tag, &options.packet_time_params.srtp_packet_index, 4);

	390

	391 unsigned char output[64];

	392 size_t out_len = sizeof(output);

	393 DCHECK(!hmac.Sign(rtp, output, out_len));
	juberti2 2014/02/25 00:48:24 how does Sign know how many bytes to hash? how does Sign know how many bytes to hash? Mallinath (Gone from Chromium) 2014/02/25 22:56:44 It calculates on whole \|rtp\|. Yes, there will be a It calculates on whole \|rtp\|. Yes, there will be a problem if there are other attributes in stun indication after data_attributes. But TurnPort always puts it at the end. On 2014/02/25 00:48:24, juberti2 wrote: Show quoted text > how does Sign know how many bytes to hash?
	394

	395 // Copy HMAC from output to packet. This is required as auth tag length

	396 // may not be equal to the actual HMAC length.

	397 memcpy(auth_tag, output, tag_length);

	398 }

	399

105 } // namespace content	400 } // namespace content

OLD	NEW