From be66d95ab7f9428028806bbf66cb83800bda9241 Mon Sep 17 00:00:00 2001 From: Philipp Hancke Date: Mon, 1 Mar 2021 14:56:22 +0100 Subject: [PATCH] srtp: document rationale for srtp overhead calculation documents why it is safe to not follow libsrtp's advice to ensure additional SRTP_MAX_TRAILER_LEN bytes are available when calling srtp_protect (and similar srtcp functions). BUG=None Change-Id: I504645d21553160f06133fd8bb3ee79e178247da Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/209064 Reviewed-by: Harald Alvestrand Commit-Queue: Philipp Hancke Cr-Commit-Position: refs/heads/master@{#33396} --- pc/srtp_session.cc | 8 ++++++++ pc/srtp_session.h | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/pc/srtp_session.cc b/pc/srtp_session.cc index 78ec4e6ed9..dd3b7519af 100644 --- a/pc/srtp_session.cc +++ b/pc/srtp_session.cc @@ -80,6 +80,10 @@ bool SrtpSession::ProtectRtp(void* p, int in_len, int max_len, int* out_len) { return false; } + // Note: the need_len differs from the libsrtp recommendatіon to ensure + // SRTP_MAX_TRAILER_LEN bytes of free space after the data. WebRTC + // never includes a MKI, therefore the amount of bytes added by the + // srtp_protect call is known in advance and depends on the cipher suite. int need_len = in_len + rtp_auth_tag_len_; // NOLINT if (max_len < need_len) { RTC_LOG(LS_WARNING) << "Failed to protect SRTP packet: The buffer length " @@ -122,6 +126,10 @@ bool SrtpSession::ProtectRtcp(void* p, int in_len, int max_len, int* out_len) { return false; } + // Note: the need_len differs from the libsrtp recommendatіon to ensure + // SRTP_MAX_TRAILER_LEN bytes of free space after the data. WebRTC + // never includes a MKI, therefore the amount of bytes added by the + // srtp_protect_rtp call is known in advance and depends on the cipher suite. int need_len = in_len + sizeof(uint32_t) + rtcp_auth_tag_len_; // NOLINT if (max_len < need_len) { RTC_LOG(LS_WARNING) << "Failed to protect SRTCP packet: The buffer length " diff --git a/pc/srtp_session.h b/pc/srtp_session.h index 9eede09bc7..0396412481 100644 --- a/pc/srtp_session.h +++ b/pc/srtp_session.h @@ -126,8 +126,14 @@ class SrtpSession { webrtc::SequenceChecker thread_checker_; srtp_ctx_t_* session_ = nullptr; + + // Overhead of the SRTP auth tag for RTP and RTCP in bytes. + // Depends on the cipher suite used and is usually the same with the exception + // of the CS_AES_CM_128_HMAC_SHA1_32 cipher suite. The additional four bytes + // required for RTCP protection are not included. int rtp_auth_tag_len_ = 0; int rtcp_auth_tag_len_ = 0; + bool inited_ = false; static webrtc::GlobalMutex lock_; int last_send_seq_num_ = -1;