Fix RTP header extension encryption
Previously, RTP header extensions with encryption had been filtered if the encryption had been activated (not the other way around) which was likely an unintended logic inversion. In addition, it ensures that encrypted RTP header extensions are only negotiated if RTP header extension encryption is turned on. Formerly, which extensions had been negotiated depended on the order in which they were inserted, regardless of whether or not header encryption was actually enabled, leading to no extensions being sent on the wire. Further changes: - If RTP header encryption enabled, prefer encrypted extensions over non-encrypted extensions - Add most extensions to list of extensions supported for encryption - Discard encrypted extensions in a session description in case encryption is not supported for that extension Note that this depends on https://github.com/cisco/libsrtp/pull/491 to get into libwebrtc (cherry-pick or bump libsrtp version). Otherwise, two-byte header extensions will prevent any RTP packets being sent/received. Bug: webrtc:11713 Change-Id: Ia0779453d342fa11e06996d9bc2d3c826f3466d3 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/177980 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Reviewed-by: Taylor <deadbeef@webrtc.org> Commit-Queue: Harald Alvestrand <hta@webrtc.org> Cr-Commit-Position: refs/heads/master@{#33723}
This commit is contained in:
Lennart Grahl
committed by
Commit Bot
Commit Bot
parent
84ba1643c2
commit
a743303211
@ -170,63 +170,115 @@ bool RtpExtension::IsSupportedForVideo(absl::string_view uri) {
|
||||
}
|
||||
|
||||
bool RtpExtension::IsEncryptionSupported(absl::string_view uri) {
|
||||
return uri == webrtc::RtpExtension::kAudioLevelUri ||
|
||||
uri == webrtc::RtpExtension::kTimestampOffsetUri ||
|
||||
#if !defined(ENABLE_EXTERNAL_AUTH)
|
||||
// TODO(jbauch): Figure out a way to always allow "kAbsSendTimeUri"
|
||||
// here and filter out later if external auth is really used in
|
||||
// srtpfilter. External auth is used by Chromium and replaces the
|
||||
// extension header value of "kAbsSendTimeUri", so it must not be
|
||||
// encrypted (which can't be done by Chromium).
|
||||
uri == webrtc::RtpExtension::kAbsSendTimeUri ||
|
||||
return
|
||||
#if defined(ENABLE_EXTERNAL_AUTH)
|
||||
// TODO(jbauch): Figure out a way to always allow "kAbsSendTimeUri"
|
||||
// here and filter out later if external auth is really used in
|
||||
// srtpfilter. External auth is used by Chromium and replaces the
|
||||
// extension header value of "kAbsSendTimeUri", so it must not be
|
||||
// encrypted (which can't be done by Chromium).
|
||||
uri != webrtc::RtpExtension::kAbsSendTimeUri &&
|
||||
#endif
|
||||
uri == webrtc::RtpExtension::kAbsoluteCaptureTimeUri ||
|
||||
uri == webrtc::RtpExtension::kVideoRotationUri ||
|
||||
uri == webrtc::RtpExtension::kTransportSequenceNumberUri ||
|
||||
uri == webrtc::RtpExtension::kTransportSequenceNumberV2Uri ||
|
||||
uri == webrtc::RtpExtension::kPlayoutDelayUri ||
|
||||
uri == webrtc::RtpExtension::kVideoContentTypeUri ||
|
||||
uri == webrtc::RtpExtension::kMidUri ||
|
||||
uri == webrtc::RtpExtension::kRidUri ||
|
||||
uri == webrtc::RtpExtension::kRepairedRidUri ||
|
||||
uri == webrtc::RtpExtension::kVideoLayersAllocationUri;
|
||||
uri != webrtc::RtpExtension::kEncryptHeaderExtensionsUri;
|
||||
}
|
||||
|
||||
const RtpExtension* RtpExtension::FindHeaderExtensionByUri(
|
||||
// Returns whether a header extension with the given URI exists.
|
||||
// Note: This does not differentiate between encrypted and non-encrypted
|
||||
// extensions, so use with care!
|
||||
static bool HeaderExtensionWithUriExists(
|
||||
const std::vector<RtpExtension>& extensions,
|
||||
absl::string_view uri) {
|
||||
for (const auto& extension : extensions) {
|
||||
if (extension.uri == uri) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
const RtpExtension* RtpExtension::FindHeaderExtensionByUri(
|
||||
const std::vector<RtpExtension>& extensions,
|
||||
absl::string_view uri,
|
||||
Filter filter) {
|
||||
const webrtc::RtpExtension* fallback_extension = nullptr;
|
||||
for (const auto& extension : extensions) {
|
||||
if (extension.uri != uri) {
|
||||
continue;
|
||||
}
|
||||
|
||||
switch (filter) {
|
||||
case kDiscardEncryptedExtension:
|
||||
// We only accept an unencrypted extension.
|
||||
if (!extension.encrypt) {
|
||||
return &extension;
|
||||
}
|
||||
break;
|
||||
|
||||
case kPreferEncryptedExtension:
|
||||
// We prefer an encrypted extension but we can fall back to an
|
||||
// unencrypted extension.
|
||||
if (extension.encrypt) {
|
||||
return &extension;
|
||||
} else {
|
||||
fallback_extension = &extension;
|
||||
}
|
||||
break;
|
||||
|
||||
case kRequireEncryptedExtension:
|
||||
// We only accept an encrypted extension.
|
||||
if (extension.encrypt) {
|
||||
return &extension;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Returning fallback extension (if any)
|
||||
return fallback_extension;
|
||||
}
|
||||
|
||||
const RtpExtension* RtpExtension::FindHeaderExtensionByUriAndEncryption(
|
||||
const std::vector<RtpExtension>& extensions,
|
||||
absl::string_view uri,
|
||||
bool encrypt) {
|
||||
for (const auto& extension : extensions) {
|
||||
if (extension.uri == uri && extension.encrypt == encrypt) {
|
||||
return &extension;
|
||||
}
|
||||
}
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
std::vector<RtpExtension> RtpExtension::FilterDuplicateNonEncrypted(
|
||||
const std::vector<RtpExtension>& extensions) {
|
||||
const std::vector<RtpExtension> RtpExtension::DeduplicateHeaderExtensions(
|
||||
const std::vector<RtpExtension>& extensions,
|
||||
Filter filter) {
|
||||
std::vector<RtpExtension> filtered;
|
||||
for (auto extension = extensions.begin(); extension != extensions.end();
|
||||
++extension) {
|
||||
if (extension->encrypt) {
|
||||
filtered.push_back(*extension);
|
||||
continue;
|
||||
}
|
||||
|
||||
// Only add non-encrypted extension if no encrypted with the same URI
|
||||
// is also present...
|
||||
if (std::any_of(extension + 1, extensions.end(),
|
||||
[&](const RtpExtension& check) {
|
||||
return extension->uri == check.uri;
|
||||
})) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// ...and has not been added before.
|
||||
if (!FindHeaderExtensionByUri(filtered, extension->uri)) {
|
||||
filtered.push_back(*extension);
|
||||
// If we do not discard encrypted extensions, add them first
|
||||
if (filter != kDiscardEncryptedExtension) {
|
||||
for (const auto& extension : extensions) {
|
||||
if (!extension.encrypt) {
|
||||
continue;
|
||||
}
|
||||
if (!HeaderExtensionWithUriExists(filtered, extension.uri)) {
|
||||
filtered.push_back(extension);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If we do not require encrypted extensions, add missing, non-encrypted
|
||||
// extensions.
|
||||
if (filter != kRequireEncryptedExtension) {
|
||||
for (const auto& extension : extensions) {
|
||||
if (extension.encrypt) {
|
||||
continue;
|
||||
}
|
||||
if (!HeaderExtensionWithUriExists(filtered, extension.uri)) {
|
||||
filtered.push_back(extension);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return filtered;
|
||||
}
|
||||
} // namespace webrtc
|
||||
|
||||
Reference in New Issue
Block a user