Update WebRTC to build against libsrtp 2.0

webrtc/pc/srtpfilter.cc

 /*
  *  Copyright 2009 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
 #include "webrtc/pc/srtpfilter.h"
 
 #include <string.h>
 
 #include <algorithm>
 
 #include "webrtc/base/base64.h"
 #include "webrtc/base/buffer.h"
 #include "webrtc/base/byteorder.h"
 #include "webrtc/base/checks.h"
 #include "webrtc/base/common.h"
 #include "webrtc/base/logging.h"
 #include "webrtc/base/stringencode.h"
 #include "webrtc/base/timeutils.h"
 #include "webrtc/media/base/rtputils.h"
+#include "webrtc/pc/externalhmac.h"
 
 // Enable this line to turn on SRTP debugging
 // #define SRTP_DEBUG
 
 #ifdef HAVE_SRTP
 extern "C" {
 #ifdef SRTP_RELATIVE_PATH
 #include "srtp.h"  // NOLINT
 #include "srtp_priv.h"  // NOLINT
 #else
-#include "third_party/libsrtp/srtp/include/srtp.h"
-#include "third_party/libsrtp/srtp/include/srtp_priv.h"
+#include "third_party/libsrtp/include/srtp.h"
+#include "third_party/libsrtp/include/srtp_priv.h"
 #endif  // SRTP_RELATIVE_PATH
 }
-#ifdef  ENABLE_EXTERNAL_AUTH
-#include "webrtc/pc/externalhmac.h"
-#endif  // ENABLE_EXTERNAL_AUTH
+
 #if !defined(NDEBUG)
-extern "C" debug_module_t mod_srtp;
-extern "C" debug_module_t mod_auth;
-extern "C" debug_module_t mod_cipher;
-extern "C" debug_module_t mod_stat;
-extern "C" debug_module_t mod_alloc;
-extern "C" debug_module_t mod_aes_icm;
-extern "C" debug_module_t mod_aes_hmac;
+extern "C" srtp_debug_module_t mod_srtp;
+extern "C" srtp_debug_module_t mod_auth;
+extern "C" srtp_debug_module_t mod_cipher;
+extern "C" srtp_debug_module_t mod_stat;
+extern "C" srtp_debug_module_t mod_alloc;
+extern "C" srtp_debug_module_t mod_aes_icm;
+extern "C" srtp_debug_module_t mod_aes_hmac;
 #endif
 #endif  // HAVE_SRTP
 
 namespace cricket {
 
 #ifndef HAVE_SRTP
 
 // This helper function is used on systems that don't (yet) have SRTP,
 // to log that the functions that require it won't do anything.
 namespace {
@@ skipping 469 matching lines @@
   }
 
   *out_len = in_len;
   int err = srtp_protect(session_, p, out_len);
   uint32_t ssrc;
   if (GetRtpSsrc(p, in_len, &ssrc)) {
     srtp_stat_->AddProtectRtpResult(ssrc, err);
   }
   int seq_num;
   GetRtpSeqNum(p, in_len, &seq_num);
-  if (err != err_status_ok) {
+  if (err != srtp_err_status_ok) {
     LOG(LS_WARNING) << "Failed to protect SRTP packet, seqnum="
                     << seq_num << ", err=" << err << ", last seqnum="
                     << last_send_seq_num_;
     return false;
   }
   last_send_seq_num_ = seq_num;
   return true;
 }
 
 bool SrtpSession::ProtectRtp(void* p,
@@ skipping 17 matching lines @@
   int need_len = in_len + sizeof(uint32_t) + rtcp_auth_tag_len_;  // NOLINT
   if (max_len < need_len) {
     LOG(LS_WARNING) << "Failed to protect SRTCP packet: The buffer length "
                     << max_len << " is less than the needed " << need_len;
     return false;
   }
 
   *out_len = in_len;
   int err = srtp_protect_rtcp(session_, p, out_len);
   srtp_stat_->AddProtectRtcpResult(err);
-  if (err != err_status_ok) {
+  if (err != srtp_err_status_ok) {
     LOG(LS_WARNING) << "Failed to protect SRTCP packet, err=" << err;
     return false;
   }
   return true;
 }
 
 bool SrtpSession::UnprotectRtp(void* p, int in_len, int* out_len) {
   RTC_DCHECK(thread_checker_.CalledOnValidThread());
   if (!session_) {
     LOG(LS_WARNING) << "Failed to unprotect SRTP packet: no SRTP Session";
     return false;
   }
 
   *out_len = in_len;
   int err = srtp_unprotect(session_, p, out_len);
   uint32_t ssrc;
   if (GetRtpSsrc(p, in_len, &ssrc)) {
     srtp_stat_->AddUnprotectRtpResult(ssrc, err);
   }
-  if (err != err_status_ok) {
+  if (err != srtp_err_status_ok) {
     LOG(LS_WARNING) << "Failed to unprotect SRTP packet, err=" << err;
     return false;
   }
   return true;
 }
 
 bool SrtpSession::UnprotectRtcp(void* p, int in_len, int* out_len) {
   RTC_DCHECK(thread_checker_.CalledOnValidThread());
   if (!session_) {
     LOG(LS_WARNING) << "Failed to unprotect SRTCP packet: no SRTP Session";
     return false;
   }
 
   *out_len = in_len;
   int err = srtp_unprotect_rtcp(session_, p, out_len);
   srtp_stat_->AddUnprotectRtcpResult(err);
-  if (err != err_status_ok) {
+  if (err != srtp_err_status_ok) {
     LOG(LS_WARNING) << "Failed to unprotect SRTCP packet, err=" << err;
     return false;
   }
   return true;
 }
 
 bool SrtpSession::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) {
 #if defined(ENABLE_EXTERNAL_AUTH)
   RTC_DCHECK(thread_checker_.CalledOnValidThread());
   ExternalHmacContext* external_hmac = nullptr;
@@ skipping 24 matching lines @@
                                            int64_t* index) {
   RTC_DCHECK(thread_checker_.CalledOnValidThread());
   srtp_hdr_t* hdr = reinterpret_cast<srtp_hdr_t*>(p);
   srtp_stream_ctx_t* stream = srtp_get_stream(session_, hdr->ssrc);
   if (!stream) {
     return false;
   }
 
   // Shift packet index, put into network byte order
   *index = static_cast<int64_t>(
-      rtc::NetworkToHost64(rdbx_get_packet_index(&stream->rtp_rdbx) << 16));
+      rtc::NetworkToHost64(
+          srtp_rdbx_get_packet_index(&stream->rtp_rdbx) << 16));
   return true;
 }
 
 void SrtpSession::set_signal_silent_time(int signal_silent_time_in_ms) {
   srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms);
 }
 
 bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) {
   RTC_DCHECK(thread_checker_.CalledOnValidThread());
   if (session_) {
     LOG(LS_ERROR) << "Failed to create SRTP session: "
                   << "SRTP session already created";
     return false;
   }
 
   if (!Init()) {
     return false;
   }
 
   srtp_policy_t policy;
   memset(&policy, 0, sizeof(policy));
   if (cs == rtc::SRTP_AES128_CM_SHA1_80) {
-    crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
-    crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
+    srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
+    srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
   } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {
-    crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);   // rtp is 32,
-    crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);  // rtcp still 80
+    // RTP HMAC is shortened to 32 bits, but RTCP remains 80 bits.
+    srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
+    srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
 #if !defined(ENABLE_EXTERNAL_AUTH)
     // TODO(jbauch): Re-enable once https://crbug.com/628400 is resolved.
   } else if (cs == rtc::SRTP_AEAD_AES_128_GCM) {
-    crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
-    crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+    srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
   } else if (cs == rtc::SRTP_AEAD_AES_256_GCM) {
-    crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
-    crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
+    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtp);
+    srtp_crypto_policy_set_aes_gcm_256_16_auth(&policy.rtcp);
 #endif  // ENABLE_EXTERNAL_AUTH
   } else {
     LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
                     << " cipher_suite " << cs;
     return false;
   }
 
   int expected_key_len;
   int expected_salt_len;
   if (!rtc::GetSrtpKeyAndSaltLengths(cs, &expected_key_len,
       &expected_salt_len)) {
     // This should never happen.
     LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
                     << " cipher_suite without length information" << cs;
     return false;
   }
 
   if (!key ||
       len != static_cast<size_t>(expected_key_len + expected_salt_len)) {
     LOG(LS_WARNING) << "Failed to create SRTP session: invalid key";
     return false;
   }
 
-  policy.ssrc.type = static_cast<ssrc_type_t>(type);
+  policy.ssrc.type = static_cast<srtp_ssrc_type_t>(type);
   policy.ssrc.value = 0;
   policy.key = const_cast<uint8_t*>(key);
   // TODO(astor) parse window size from WSH session-param
   policy.window_size = 1024;
   policy.allow_repeat_tx = 1;
   // If external authentication option is enabled, supply custom auth module
   // id EXTERNAL_HMAC_SHA1 in the policy structure.
   // We want to set this option only for rtp packets.
   // By default policy structure is initialized to HMAC_SHA1.
 #if defined(ENABLE_EXTERNAL_AUTH)
   // Enable external HMAC authentication only for outgoing streams.
   if (type == ssrc_any_outbound) {
     policy.rtp.auth_type = EXTERNAL_HMAC_SHA1;
   }
 #endif
   policy.next = nullptr;
 
   int err = srtp_create(&session_, &policy);
-  if (err != err_status_ok) {
+  if (err != srtp_err_status_ok) {
     session_ = nullptr;
     LOG(LS_ERROR) << "Failed to create SRTP session, err=" << err;
     return false;
   }
 
   srtp_set_user_data(session_, this);
   rtp_auth_tag_len_ = policy.rtp.auth_tag_len;
   rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len;
   return true;
 }
 
 bool SrtpSession::Init() {
   rtc::GlobalLockScope ls(&lock_);
 
   if (!inited_) {
     int err;
     err = srtp_init();
-    if (err != err_status_ok) {
+    if (err != srtp_err_status_ok) {
       LOG(LS_ERROR) << "Failed to init SRTP, err=" << err;
       return false;
     }
 
     err = srtp_install_event_handler(&SrtpSession::HandleEventThunk);
-    if (err != err_status_ok) {
+    if (err != srtp_err_status_ok) {
       LOG(LS_ERROR) << "Failed to install SRTP event handler, err=" << err;
       return false;
     }
 #if defined(ENABLE_EXTERNAL_AUTH)
     err = external_crypto_init();
-    if (err != err_status_ok) {
+    if (err != srtp_err_status_ok) {
       LOG(LS_ERROR) << "Failed to initialize fake auth, err=" << err;
       return false;
     }
 #endif
     inited_ = true;
   }
 
   return true;
 }
 
@@ skipping 91 matching lines @@
 
 SrtpStat::SrtpStat()
     : signal_silent_time_(1000) {
 }
 
 void SrtpStat::AddProtectRtpResult(uint32_t ssrc, int result) {
   FailureKey key;
   key.ssrc = ssrc;
   key.mode = SrtpFilter::PROTECT;
   switch (result) {
-    case err_status_ok:
+    case srtp_err_status_ok:
       key.error = SrtpFilter::ERROR_NONE;
       break;
-    case err_status_auth_fail:
+    case srtp_err_status_auth_fail:
       key.error = SrtpFilter::ERROR_AUTH;
       break;
     default:
       key.error = SrtpFilter::ERROR_FAIL;
   }
   HandleSrtpResult(key);
 }
 
 void SrtpStat::AddUnprotectRtpResult(uint32_t ssrc, int result) {
   FailureKey key;
   key.ssrc = ssrc;
   key.mode = SrtpFilter::UNPROTECT;
   switch (result) {
-    case err_status_ok:
+    case srtp_err_status_ok:
       key.error = SrtpFilter::ERROR_NONE;
       break;
-    case err_status_auth_fail:
+    case srtp_err_status_auth_fail:
       key.error = SrtpFilter::ERROR_AUTH;
       break;
-    case err_status_replay_fail:
-    case err_status_replay_old:
+    case srtp_err_status_replay_fail:
+    case srtp_err_status_replay_old:
       key.error = SrtpFilter::ERROR_REPLAY;
       break;
     default:
       key.error = SrtpFilter::ERROR_FAIL;
   }
   HandleSrtpResult(key);
 }
 
 void SrtpStat::AddProtectRtcpResult(int result) {
   AddProtectRtpResult(0U, result);
@@ skipping 45 matching lines @@
   SrtpNotAvailable(__FUNCTION__);
 }
 
 void SrtpStat::HandleSrtpResult(const SrtpStat::FailureKey& key) {
   SrtpNotAvailable(__FUNCTION__);
 }
 
 #endif  // HAVE_SRTP
 
 }  // namespace cricket