This CL adds methods to manipulate RTP header extension, particularly

content/browser/renderer_host/p2p/socket_host.cc

Index: content/browser/renderer_host/p2p/socket_host.cc
diff --git a/content/browser/renderer_host/p2p/socket_host.cc b/content/browser/renderer_host/p2p/socket_host.cc
index 4b45e99adad087881aa5f9bff69a1004e727a39f..6707e6bf5c916890031e9f7c4068726442b67556 100644
--- a/content/browser/renderer_host/p2p/socket_host.cc
+++ b/content/browser/renderer_host/p2p/socket_host.cc
@@ -8,9 +8,58 @@
 #include "content/browser/renderer_host/p2p/socket_host_tcp.h"
 #include "content/browser/renderer_host/p2p/socket_host_tcp_server.h"
 #include "content/browser/renderer_host/p2p/socket_host_udp.h"
+#include "crypto/hmac.h"
+#include "third_party/libjingle/source/talk/base/asyncpacketsocket.h"
+#include "third_party/libjingle/source/talk/base/byteorder.h"
+#include "third_party/libjingle/source/talk/base/messagedigest.h"
+#include "third_party/libjingle/source/talk/p2p/base/stun.h"
 
 namespace {
+
 const uint32 kStunMagicCookie = 0x2112A442;
+const int kMinRtpHdrLen = 12;
+const int kRtpExtnHdrLen = 4;
+const int kDtlsRecordHeaderLen = 13;
+const int kTurnChannelHdrLen = 4;
+const int kAbsSendTimeExtnLen = 3;
+const int kOneByteHdrLen = 1;
+
+static const unsigned char kFakeHmac[10] = {

[juberti2, 2014/02/22 01:16:05]

kFakeAuthTag. Add a comment describing this

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+    0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd, 0xba, 0xdd
+};
+
+bool IsTurnChannelData(const char* data) {

[juberti2, 2014/02/22 01:16:05]

can just look at first byte, like below: (*data & 0xC0) == 0x40

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+  uint16 type = talk_base::GetBE16(data);
+  return ((type & 0xC000) == 0x4000);  // MSB are 0b01
+}
+
+bool IsDtlsPacket(const char* data, int len) {
+  const uint8* u = reinterpret_cast<const uint8*>(data);
+  return (len >= kDtlsRecordHeaderLen && (u[0] > 19 && u[0] < 64));
+}
+
+bool IsRtcpPacket(const char* data) {
+  int type = (static_cast<uint8>(data[1]) & 0x7F);
+  return (type >= 64 && type < 96);
+}
+
+bool IsStunPacket(const char* data) {
+  uint16 type = talk_base::GetBE16(data);

[juberti2, 2014/02/22 01:16:05]

can just look at first byte and do ((*data & 0xC0) == 0)

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+  return !(type & 0xC000);
+}
+
+bool IsTurnDataIndicationPacket(const char* data) {

[juberti2, 2014/02/22 01:16:05]

SendIndication

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+  uint16 type = talk_base::GetBE16(data);
+  return (type == cricket::TURN_SEND_INDICATION);
+}
+
+bool IsRtpPacket(const char* data, int len) {
+  if (len < kMinRtpHdrLen)

[juberti2, 2014/02/22 01:16:05]

probably not necessary to check this here, since you will check it later

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+    return false;
+  // Version number must be 2.
+  return ((static_cast<int>((*data >> 6) & 0x3)) == 2) ? true : false;

[juberti2, 2014/02/22 01:16:05]

To be consistent with STUN check, do (*data & 0xC0) == 0x80

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+}
+
 }  // namespace
 
 namespace content {
@@ -102,4 +151,222 @@ P2PSocketHost* P2PSocketHost::Create(
   return NULL;
 }
 
+void P2PSocketHost::MaybeUpdateRtpSendTimeExtn(
+    char* data, int length, const talk_base::PacketOptions& options) {
+  // if there is no valid |rtp_sendtime_extension_id| and |srtp_auth_key| in
+  // PacketOptions, nothing to be updated in this packet.
+  if (options.packet_time_params.rtp_sendtime_extension_id == -1 &&
+      options.packet_time_params.srtp_auth_key.empty()) {
+    return;
+  }
+
+  DCHECK(!IsDtlsPacket(data, length));
+  DCHECK(!IsRtcpPacket(data));
+
+  // If there is a srtp auth key present then packet must be a RTP packet.
+  // RTP packet may have been wrapped in a TURN Channel Data or
+  // TURN send indication.
+  int rtp_start_pos = -1;
+  if (!GetRtpPacketStartPosition(data, length, &rtp_start_pos)) {
+    // This method should never return false.

[juberti2, 2014/02/22 01:16:05]

Use NOTREACHED then?

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+    return;
+  }
+
+  // Skip to rtp packet.
+  char* start = data + rtp_start_pos;
+  int rtp_packet_length = length - rtp_start_pos;
+  // If there a non negetive sendtime extension id present in packet options,
+  // then we should parse the rtp packet to update the timestamp. Otherwise
+  // just calculate HMAC and update packet with it.
+  if (options.packet_time_params.rtp_sendtime_extension_id != -1) {
+    if (!UpdateRtpAbsSendTimeExtension(
+        start, rtp_packet_length,
+        options.packet_time_params.rtp_sendtime_extension_id)) {
+      // We should find an extension id in the rtp packet.
+      DCHECK(false);

[juberti2, 2014/02/22 01:16:05]

NOTREACHED; return;

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+    }
+  }
+
+  UpdateHmac(start, rtp_packet_length, options);
+}
+
+bool P2PSocketHost::GetRtpPacketStartPosition(char* packet, int length,
+                                              int* rtp_start_pos) {
+
+  if (IsTurnChannelData(packet)) {
+    *rtp_start_pos = kTurnChannelHdrLen;
+  } else if (IsTurnDataIndicationPacket(packet)) {
+    // Parsing a TURN SEND INDICATION message is bit tricky as it can have

[juberti2, 2014/02/22 01:16:05]

I think it would be better to iterate the STUN attributes manually, since that
will let you find the DATA start more directly. The iteration is pretty easy,
just skip the header, then read the type/length and skip forward as needed,
adjusting for padding.

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+    // variable length peer address attribute. So we can not directly skip to
+    // STUN_ATTR_DATA attribute structure and get payload length. We have to
+    // to run through cricket::TurnMessage. This can be bit expensive, but
+    // good news is that libjingle will send data using Data indication only
+    // for the first few packets, until it completes TURN channel binding.
+    talk_base::ByteBuffer buf(packet, length);
+    cricket::TurnMessage msg;
+    if (!msg.Read(&buf)) {
+      return false;
+    }
+    const cricket::StunByteStringAttribute* data_attr =
+        msg.GetByteString(cricket::STUN_ATTR_DATA);
+    if (!data_attr) {
+      return false;
+    }
+    int payload_len = data_attr->length();
+    // Now we have actual payload length and also total packet length.
+    // PACKET = TURN_DATA_INDICATION + Pay load. We can get header length by
+    // substracting payload length from packet length.
+    *rtp_start_pos = length - payload_len;

[juberti2, 2014/02/22 01:16:05]

This is fragile since there is no guarantee that the DATA attrib will be the
last attribute. I think you want to output the start and the length of the data.

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+  } else {
+    // This is a raw RTP packet.
+    *rtp_start_pos = 0;
+  }
+  DCHECK(!IsRtpPacket(packet + *rtp_start_pos, length - *rtp_start_pos));

[juberti2, 2014/02/22 01:16:05]

shouldn't there be no !

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+  return true;
+}
+
+bool P2PSocketHost::UpdateRtpAbsSendTimeExtension(char* data, int length,

[juberti2, 2014/02/22 01:16:05]

instead of |data|, perhaps call this |rtp| to make it clear it is a RTP packet
we are operating on

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+                                                  const int extension_id) {
+   //  0                   1                   2                   3
+   //  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+   // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   // |V=2|P|X|  CC   |M|     PT      |       sequence number         |
+   // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   // |                           timestamp                           |
+   // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+   // |           synchronization source (SSRC) identifier            |
+   // +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+   // |            contributing source (CSRC) identifiers             |
+   // |                             ....                              |
+   // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+  int cc_count = data[0] & 0x0F;
+  int rtp_hdr_len_without_extn = kMinRtpHdrLen + 4 * cc_count;
+  if (rtp_hdr_len_without_extn > length) {
+    DCHECK(false);

[juberti2, 2014/02/22 01:16:05]

NOTREACHED

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+    return false;
+  }
+
+  bool X = (data[0] & 0x10);
+  if (!X)   // Return if extension bit is not set.
+    return true;
+
+  data += rtp_hdr_len_without_extn;
+
+  // Getting extension profile ID and length.
+  uint16 profile_id = talk_base::GetBE16(data);
+  // Length is in 32 bit words.
+  uint16 extn_length = talk_base::GetBE16(data + 2) * 4;
+
+  // Verify input length against total header size.
+  if (rtp_hdr_len_without_extn + kRtpExtnHdrLen + extn_length > length) {
+    DCHECK(false);

[juberti2, 2014/02/22 01:16:05]

NOTREACHED

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+    return false;
+  }
+
+  data += kRtpExtnHdrLen;  // Moving past extn header.
+
+  // WebRTC is using one byte header extension.
+  // TODO(mallinath) - Handle two byte header extension.
+  if (profile_id == 0xBEDE) {  // OneByte extension header
+    //  0
+    //  0 1 2 3 4 5 6 7
+    // +-+-+-+-+-+-+-+-+
+    // |  ID   |  len  |
+    // +-+-+-+-+-+-+-+-+
+
+    //  0                   1                   2                   3
+    //  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    // |       0xBE    |    0xDE       |           length=3            |
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    // |  ID   | L=0   |     data      |  ID   |  L=1  |   data...
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    //       ...data   |    0 (pad)    |    0 (pad)    |  ID   | L=3   |
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    // |                          data                                 |
+    // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    char* extn_start = data;
+    while(data - extn_start < extn_length) {

[juberti2, 2014/02/22 01:16:05]

while (

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+      const int id = (*data & 0xF0) >> 4;
+      const int len = (*data & 0x0F) + 1;
+      // The 4-bit length is the number minus one of data bytes of this header
+      // extension element following the one-byte header.
+      if (id == extension_id) {
+        UpdateAbsSendtime(data + kOneByteHdrLen, len);
+        break;
+      }
+      data += kOneByteHdrLen + len;
+      // Counting padding bytes
+      while (*data != 0) {

[juberti2, 2014/02/22 01:16:05]

need to check that we don't go off the end here - might be better to compute
padding explicitly, e.g. data += ((kOneByteHdrLen + len + 3) % 4)

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

I am not sure we can calculate padding explicitly as you suggested. From RFC
5285, it's not clear that one byte header extension will rounded to a 32-bit
boundary. It  says 

"A sequence of extension elements, possibly with padding, forms the
   header extension defined in the RTP specification.  There are as many
   extension elements as fit into the length as indicated in the RTP
   header extension length.  Since this length is signaled in full 32-
   bit words, padding bytes are used to pad to a 32-bit boundary.  The
   entire extension is parsed byte-by-byte to find each extension
   element (no alignment is required), and parsing stops at the earlier
   of the end of the entire header extension, or, in one-byte headers,
   on encountering an identifier with the reserved value of 15."

Also example in the RFC doesn't clearly shows how padding bytes are calculated
for individual extensions.


On 2014/02/22 01:16:05, juberti2 wrote:

[juberti2, 2014/02/25 00:48:24]

I see. Should this while be checking *rtp == 0?

+        ++data;
+      }
+    }
+  }
+  return true;
+}
+
+void P2PSocketHost::UpdateAbsSendtime(char* data, int len) {

[juberti2, 2014/02/22 01:16:05]

instead of |data|, call this |extn_data| or something to make it clear it is
just updating the extension payload

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+  // Absolute send time in RTP streams.
+  //
+  // The absolute send time is signaled to the receiver in-band using the
+  // general mechanism for RTP header extensions [RFC5285]. The payload
+  // of this extension (the transmitted value) is a 24-bit unsigned integer
+  // containing the sender's current time in seconds as a fixed point number
+  // with 18 bits fractional part.
+  //
+  // The form of the absolute send time extension block:
+  //
+  //    0                   1                   2                   3
+  //    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+  //   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  //   |  ID   | len=2 |              absolute send time               |
+  //   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+  DCHECK_EQ(len, kAbsSendTimeExtnLen);
+  // Now() has resolution ~1-15ms, using HighResNow(). But it is warned not to
+  // use it unless necessary, as it is expensive than Now().
+  uint64 now_us =
+      (base::TimeTicks::HighResNow() - base::TimeTicks()).InMicroseconds();
+  // Convert second to 24-bit unsigned with 18 bit fractional part
+  uint32 now_second = ((now_us << 18) / base::Time::kMicrosecondsPerSecond) &
+                       0x00FFFFFF;
+  // TODO(mallinath) - Add SetBE24 to byteorder.h in libjingle.
+  data[0] = static_cast<uint8>(now_second >> 16);
+  data[1] = static_cast<uint8>(now_second >> 8);
+  data[2] = static_cast<uint8>(now_second);
+}
+
+// Assumes |len| is actual packet length + tag length.
+void P2PSocketHost::UpdateHmac(char* packet, int len,

[juberti2, 2014/02/22 01:16:05]

packet -> rtp

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+                               const talk_base::PacketOptions& options) {
+  int tag_length = options.packet_time_params.srtp_auth_tag_len;
+  char* auth_tag = packet + (len - tag_length);
+
+  // Some checking before calculating HMAC.
+  DCHECK_LT(tag_length, len);
+  DCHECK_LT(tag_length, 64);  // HMAC output.

[juberti2, 2014/02/22 01:16:05]

make sure it is less than hmac.Size

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+  // We should have a fake HMAC value @ auth_tag.
+  DCHECK_EQ(0, memcmp(auth_tag, kFakeHmac, tag_length));
+
+  crypto::HMAC hmac(crypto::HMAC::SHA1);
+  if (!hmac.Init(reinterpret_cast<const unsigned char*>(
+                    &options.packet_time_params.srtp_auth_key[0]),
+                 options.packet_time_params.srtp_auth_key.size())) {
+    DCHECK(false);

[juberti2, 2014/02/22 01:16:05]

NOTREACHED

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+    return;
+  }
+
+  // Copy ROC after end of rtp packet.
+  memcpy(auth_tag, reinterpret_cast<const void*>(

[juberti2, 2014/02/22 01:16:05]

don't need to cast

[Mallinath (Gone from Chromium), 2014/02/25 00:20:02]

Done.

+            &options.packet_time_params.srtp_packet_index), 4);
+
+  unsigned char output[64];
+  size_t out_len = sizeof(output);
+  DCHECK(!hmac.Sign(packet, output, out_len));
+
+  // Copy HMAC from output to packet. This is required as auth tag length
+  // may not be equal to the actual HMAC length.
+  memcpy(auth_tag, output, options.packet_time_params.srtp_auth_tag_len);
+}
+
 }  // namespace content