Enable authentication of the header as an optional WebRTC trial.

TBR=asapersson@webrtc.org Bug: webrtc:10103 Change-Id: I3dce3cd06afab62cc30761395299dbb1c02ae444 Reviewed-on: https://webrtc-review.googlesource.com/c/113464 Commit-Queue: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Philip Eliasson <philipel@webrtc.org> Reviewed-by: Danil Chapovalov <danilchap@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25938}
2018-12-07 11:31:25 -08:00
parent a956d498a7
commit 168456c128
4 changed files with 30 additions and 8 deletions
--- a/modules/rtp_rtcp/source/rtp_sender_video.cc
+++ b/modules/rtp_rtcp/source/rtp_sender_video.cc
@ -32,6 +32,7 @@
 #include "rtc_base/checks.h"
 #include "rtc_base/logging.h"
 #include "rtc_base/trace_event.h"
+#include "system_wrappers/include/field_trial.h"

 namespace webrtc {

@ -170,7 +171,9 @@ RTPSenderVideo::RTPSenderVideo(Clock* clock,
      fec_bitrate_(1000, RateStatistics::kBpsScale),
      video_bitrate_(1000, RateStatistics::kBpsScale),
      frame_encryptor_(frame_encryptor),
-      require_frame_encryption_(require_frame_encryption) {}
+      require_frame_encryption_(require_frame_encryption),
+      generic_descriptor_auth_experiment_(
+          field_trial::IsEnabled("WebRTC-GenericDescriptorAuth")) {}

 RTPSenderVideo::~RTPSenderVideo() {}

@ -511,9 +514,15 @@ bool RTPSenderVideo::SendVideo(enum VideoCodecType video_type,
    encrypted_video_payload.SetSize(max_ciphertext_size);

    size_t bytes_written = 0;
+
+    // Only enable header authentication if the field trial is enabled.
+    rtc::ArrayView<const uint8_t> additional_data;
+    if (generic_descriptor_auth_experiment_) {
+      additional_data = generic_descriptor_raw;
+    }
+
    if (frame_encryptor_->Encrypt(
-            cricket::MEDIA_TYPE_VIDEO, first_packet->Ssrc(),
-            generic_descriptor_raw,
+            cricket::MEDIA_TYPE_VIDEO, first_packet->Ssrc(), additional_data,
            rtc::MakeArrayView(payload_data, payload_size),
            encrypted_video_payload, &bytes_written) != 0) {
      return false;
--- a/modules/rtp_rtcp/source/rtp_sender_video.h
+++ b/modules/rtp_rtcp/source/rtp_sender_video.h
@ -171,6 +171,8 @@ class RTPSenderVideo {
  // initialized frame_encryptor_ before being sent out of the network.
  // Otherwise these payloads will be dropped.
  bool require_frame_encryption_;
+  // Set to true if the generic descriptor should be authenticated.
+  const bool generic_descriptor_auth_experiment_;
 };

 }  // namespace webrtc
--- a/video/buffered_frame_decryptor.cc
+++ b/video/buffered_frame_decryptor.cc
@ -14,13 +14,16 @@

 #include "rtc_base/logging.h"
 #include "rtc_base/system/fallthrough.h"
+#include "system_wrappers/include/field_trial.h"

 namespace webrtc {

 BufferedFrameDecryptor::BufferedFrameDecryptor(
    OnDecryptedFrameCallback* decrypted_frame_callback,
    rtc::scoped_refptr<FrameDecryptorInterface> frame_decryptor)
-    : frame_decryptor_(std::move(frame_decryptor)),
+    : generic_descriptor_auth_experiment_(
+          field_trial::IsEnabled("WebRTC-GenericDescriptorAuth")),
+      frame_decryptor_(std::move(frame_decryptor)),
      decrypted_frame_callback_(decrypted_frame_callback) {}

 BufferedFrameDecryptor::~BufferedFrameDecryptor() {}
@ -69,12 +72,19 @@ BufferedFrameDecryptor::FrameDecision BufferedFrameDecryptor::DecryptFrame(
  // Place the decrypted frame inline into the existing frame.
  rtc::ArrayView<uint8_t> inline_decrypted_bitstream(frame->MutableBuffer(),
                                                     max_plaintext_byte_size);
+
+  // Only enable authenticating the header if the field trial is enabled.
+  rtc::ArrayView<const uint8_t> additional_data;
+  if (generic_descriptor_auth_experiment_) {
+    additional_data = descriptor->GetByteRepresentation();
+  }
+
  // Attempt to decrypt the video frame.
  size_t bytes_written = 0;
-  if (frame_decryptor_->Decrypt(
-          cricket::MEDIA_TYPE_VIDEO, /*csrcs=*/{},
-          descriptor->GetByteRepresentation(), encrypted_frame_bitstream,
-          inline_decrypted_bitstream, &bytes_written) != 0) {
+  if (frame_decryptor_->Decrypt(cricket::MEDIA_TYPE_VIDEO, /*csrcs=*/{},
+                                additional_data, encrypted_frame_bitstream,
+                                inline_decrypted_bitstream,
+                                &bytes_written) != 0) {
    // Only stash frames if we have never decrypted a frame before.
    return first_frame_decrypted_ ? FrameDecision::kDrop
                                  : FrameDecision::kStash;
--- a/video/buffered_frame_decryptor.h
+++ b/video/buffered_frame_decryptor.h
@ -69,6 +69,7 @@ class BufferedFrameDecryptor final {

  static const size_t kMaxStashedFrames = 24;

+  const bool generic_descriptor_auth_experiment_;
  bool first_frame_decrypted_ = false;
  const rtc::scoped_refptr<FrameDecryptorInterface> frame_decryptor_;
  OnDecryptedFrameCallback* const decrypted_frame_callback_;