1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249

//! Bindings to libsrtp2
//!
//! This crate provides a safe interface to the libsrtp2 library.
//!
//! # DTLS-SRTP using OpenSSL
//!
//! ```rust
//! # use std::net::{TcpListener, TcpStream};
//! # type AppResult = Result<(), Box<dyn std::error::Error + Send + Sync + 'static>>;
//! # fn main() -> AppResult {
//! #     let server_pkey = include_bytes!("../tests/keys/pkey1.pem");
//! #     let server_cert = include_bytes!("../tests/keys/cert1.pem");
//! #     let client_pkey = include_bytes!("../tests/keys/pkey2.pem");
//! #     let client_cert = include_bytes!("../tests/keys/cert2.pem");
//! #
//! #     let listener = TcpListener::bind("127.0.0.1:0")?;
//! #     let port = listener.local_addr()?.port();
//! #     let server_thread = std::thread::spawn(move || -> AppResult {
//! #         let (stream, _) = listener.accept()?;
//! #         dtls_srtp(server_pkey, server_cert, stream, true)?;
//! #         Ok(())
//! #     });
//! #     let client_thread = std::thread::spawn(move || -> AppResult {
//! #         let stream = TcpStream::connect(format!("127.0.0.1:{}", port))?;
//! #         dtls_srtp(client_pkey, client_cert, stream, false)?;
//! #         Ok(())
//! #     });
//! #
//! #     server_thread.join().unwrap()?;
//! #     client_thread.join().unwrap()?;
//! #     Ok(())
//! # }
//! # fn dtls_srtp(pkey: &[u8], cert: &[u8], stream: TcpStream, is_server: bool) -> AppResult {
//! use openssl::pkey::PKey;
//! use openssl::ssl::{Ssl, SslAcceptor, SslMethod};
//! use openssl::x509::X509;
//!
//! openssl::init();
//!
//! let mut ctx = SslAcceptor::mozilla_modern(SslMethod::dtls())?;
//! ctx.set_tlsext_use_srtp(srtp::openssl::SRTP_PROFILE_NAMES)?;
//! let pkey = PKey::private_key_from_pem(pkey)?;
//! let cert = X509::from_pem(cert)?;
//! ctx.set_private_key(&*pkey)?;
//! ctx.set_certificate(&*cert)?;
//! ctx.check_private_key()?;
//! let ctx = ctx.build().into_context();
//!
//! let mut ssl = Ssl::new(&ctx)?;
//! ssl.set_mtu(1200)?;
//! let stream = if is_server {
//!     ssl.accept(stream)?
//! } else {
//!     ssl.connect(stream)?
//! };
//!
//! let (mut inbound, mut outbound) =
//!     srtp::openssl::session_pair(stream.ssl(), Default::default())?;
//!
//! let mut pkt = b"not a valid SRTP packet".to_vec();
//! if let Err(err) = inbound.unprotect(&mut pkt) {
//!     println!("Failed to unprotect inbound SRTP packet: {}", err);
//! }
//!
//! let mut pkt = b"not a valid RTP packet".to_vec();
//! if let Err(err) = outbound.protect(&mut pkt) {
//!     println!("Failed to protect outbound RTP packet: {}", err);
//! }
//! # Ok(())
//! # }
//! ```
//!
//! # Standalone usage
//!
//! Create a [`Session`](self::session::Session) to decrypt every incoming SRTP packets.
//!
//! ```rust
//! let key = &[0u8; 30][..]; // DO NOT USE IT ON PRODUCTION
//! let mut packet = b"not a valid SRTP packet".to_vec();
//!
//! let mut session = srtp::Session::with_inbound_template(srtp::StreamPolicy {
//!     key,
//!     rtp: srtp::CryptoPolicy::aes_cm_128_hmac_sha1_80(),
//!     rtcp: srtp::CryptoPolicy::aes_cm_128_hmac_sha1_80(),
//!     ..Default::default()
//! }).unwrap();
//!
//! match session.unprotect(&mut packet) {
//!     Ok(()) => println!("SRTP packet unprotected"),
//!     Err(err) => println!("Error unprotecting SRTP packet: {}", err),
//! };
//! ```

#![deny(missing_docs)]
#![cfg_attr(feature = "skip-linking", feature(doc_cfg))]

#[cfg(feature = "log")]
#[macro_use]
extern crate log;

#[cfg(not(feature = "log"))]
#[macro_use]
mod log_macros {
    #[doc(hidden)]
    #[macro_export]
    macro_rules! error {
        ($format:literal, $($t:tt)*) => {
            eprintln!(concat!("SRTP ERR: ", $format), $($t)*)
        };
        ($format:literal) => {
            eprintln!(concat!("SRTP ERR: ", $format))
        };
    }

    #[doc(hidden)]
    #[macro_export]
    macro_rules! warn {
        ($format:literal, $($t:tt)*) => {
            eprintln!(concat!("SRTP WARN: ", $format), $($t)*)
        };
        ($format:literal) => {
            eprintln!(concat!("SRTP WARN: ", $format))
        };
    }
}

mod crypto_policy;
mod error;
#[cfg(feature = "openssl")]
pub mod openssl;
pub mod session;
pub mod vec_like;

pub use srtp2_sys as sys;

pub use crypto_policy::CryptoPolicy;
pub use error::Error;
pub use session::{Session, StreamPolicy};

/// Initialize the libsrtp eagerly.
///
/// If not called manually, the libsrtp library will be initialized
/// lazily just before the first operation.
pub fn ensure_init() {
    use std::sync::Once;

    static ONCE: Once = Once::new();

    ONCE.call_once(|| unsafe {
        Error::check(sys::srtp_init()).expect("Failed to initialize the libsrtp");

        Error::check(sys::srtp_install_event_handler(Some(handle_event)))
            .expect("Failed to install global event handler to the libsrtp");

        #[cfg(feature = "log")]
        Error::check(sys::srtp_install_log_handler(
            Some(handle_log),
            std::ptr::null_mut(),
        ))
        .expect("Failed to install log handler to the libsrtp")
    })
}

/// Returns the numeric representation of the libsrtp version.
///
/// Major and minor version number takes single byte,
/// and the micro takes remaining two.
///
/// For example, version 2.3.0 yields `0x02_03_0000`
pub fn get_version() -> u32 {
    ensure_init();
    unsafe { sys::srtp_get_version() }
}

/// Returns the version string of the libsrtp.
pub fn get_version_string() -> &'static str {
    ensure_init();
    unsafe {
        let version_ptr = sys::srtp_get_version_string();
        std::ffi::CStr::from_ptr(version_ptr)
            .to_str()
            .expect("libsrtp returns version string which is not a valid UTF-8 sequence")
    }
}

unsafe extern "C" fn handle_event(data: *mut sys::srtp_event_data_t) {
    use foreign_types::ForeignTypeRef;

    let sys::srtp_event_data_t {
        session,
        ssrc,
        event,
    } = *data;

    match event {
        sys::srtp_event_t_event_ssrc_collision => warn!(
            "SSRC collision event, session: {:p}, ssrc: {}",
            session, ssrc
        ),
        sys::srtp_event_t_event_key_hard_limit => warn!(
            "key hard limit event, session: {:p}, ssrc: {}",
            session, ssrc
        ),
        sys::srtp_event_t_event_key_soft_limit => warn!(
            "key soft limit event, session: {:p}, ssrc: {}",
            session, ssrc
        ),
        _ => {
            warn!(
                "Unknown event detected. \
                Please report this log line to this crate's repository. \
                event: {}, session: {:p}, ssrc: {}",
                event, session, ssrc
            );
            return;
        }
    }

    let session = session::SessionRef::from_ptr_mut((*data).session);
    let wrapper = session.user_data_wrapper();
    let mut user_data = wrapper.user_data.take();
    let mut handler = match wrapper.event_handler(event).take() {
        Some(handler) => handler,
        None => return,
    };

    handler(session, ssrc, user_data.as_deref_mut());

    let wrapper = session.user_data_wrapper();
    wrapper.user_data = user_data;
    *wrapper.event_handler(event) = Some(handler);
}

#[cfg(feature = "log")]
unsafe extern "C" fn handle_log(
    level: sys::srtp_log_level_t,
    msg: *const std::os::raw::c_char,
    _: *mut std::ffi::c_void,
) {
    let msg = std::ffi::CStr::from_ptr(msg).to_string_lossy();

    match level {
        sys::srtp_log_level_t_srtp_log_level_debug => log::debug!("LOG: {}", msg),
        sys::srtp_log_level_t_srtp_log_level_info => log::info!("LOG: {}", msg),
        sys::srtp_log_level_t_srtp_log_level_warning => log::warn!("LOG: {}", msg),
        sys::srtp_log_level_t_srtp_log_level_error => log::error!("LOG: {}", msg),
        other => log::error!("UNKNOWN LEVEL {}: {}", other, msg),
    };
}