Add initial support for DTLS-SRTP

2 files changed, 291 insertions, 4 deletions

diff --git a/plugins/ice/src/dtls_srtp.vala b/plugins/ice/src/dtls_srtp.vala
new file mode 100644
index 00000000..a21c242b
--- /dev/null
+++ b/plugins/ice/src/dtls_srtp.vala
@@ -0,0 +1,247 @@
+using GnuTLS;
+
+public class DtlsSrtp {
+
+    public signal void send_data(uint8[] data);
+
+    private X509.Certificate[] own_cert;
+    private X509.PrivateKey private_key;
+    private Cond buffer_cond = new Cond();
+    private Mutex buffer_mutex = new Mutex();
+    private Gee.LinkedList<Bytes> buffer_queue = new Gee.LinkedList<Bytes>();
+    private uint pull_timeout = uint.MAX;
+    private string peer_fingerprint;
+
+    private Crypto.Srtp.Session encrypt_session;
+    private Crypto.Srtp.Session decrypt_session;
+
+    public static DtlsSrtp setup() throws GLib.Error {
+        var obj = new DtlsSrtp();
+        obj.generate_credentials();
+        return obj;
+    }
+
+    internal string get_own_fingerprint(DigestAlgorithm digest_algo) {
+        return format_certificate(own_cert[0], digest_algo);
+    }
+
+    public void set_peer_fingerprint(string fingerprint) {
+        this.peer_fingerprint = fingerprint;
+    }
+
+    public uint8[] process_incoming_data(uint component_id, uint8[] data) {
+        if (decrypt_session != null) {
+            if (component_id == 1) return decrypt_session.decrypt_rtp(data);
+            if (component_id == 2) return decrypt_session.decrypt_rtcp(data);
+        } else if (component_id == 1) {
+            on_data_rec(data);
+        }
+        return null;
+    }
+
+    public uint8[] process_outgoing_data(uint component_id, uint8[] data) {
+        if (encrypt_session != null) {
+            if (component_id == 1) return encrypt_session.encrypt_rtp(data);
+            if (component_id == 2) return encrypt_session.encrypt_rtcp(data);
+        }
+        return null;
+    }
+
+    public void on_data_rec(owned uint8[] data) {
+        buffer_mutex.lock();
+        buffer_queue.add(new Bytes.take(data));
+        buffer_cond.signal();
+        buffer_mutex.unlock();
+    }
+
+    private void generate_credentials() throws GLib.Error {
+        int err = 0;
+
+        private_key = X509.PrivateKey.create();
+        err = private_key.generate(PKAlgorithm.RSA, 2048);
+        throw_if_error(err);
+
+        var start_time = new DateTime.now_local().add_days(1);
+        var end_time = start_time.add_days(2);
+
+        X509.Certificate cert = X509.Certificate.create();
+        cert.set_key(private_key);
+        cert.set_version(1);
+        cert.set_activation_time ((time_t) start_time.to_unix ());
+        cert.set_expiration_time ((time_t) end_time.to_unix ());
+
+        uint32 serial = 1;
+        cert.set_serial(&serial, sizeof(uint32));
+
+        cert.sign(cert, private_key);
+
+        own_cert = new X509.Certificate[] { (owned)cert };
+    }
+
+    public async void setup_dtls_connection(bool server) {
+        InitFlags server_or_client = server ? InitFlags.SERVER : InitFlags.CLIENT;
+        debug("Setting up DTLS connection. We're %s", server_or_client.to_string());
+
+        CertificateCredentials cert_cred = CertificateCredentials.create();
+        int err = cert_cred.set_x509_key(own_cert, private_key);
+        throw_if_error(err);
+
+        Session? session = Session.create(server_or_client | InitFlags.DATAGRAM);
+        session.enable_heartbeat(1);
+        session.set_srtp_profile_direct("SRTP_AES128_CM_HMAC_SHA1_80");
+        session.set_credentials(GnuTLS.CredentialsType.CERTIFICATE, cert_cred);
+        session.server_set_request(CertificateRequest.REQUEST);
+        session.set_priority_from_string("NORMAL:!VERS-TLS-ALL:+VERS-DTLS-ALL:+CTYPE-CLI-X509");
+
+        session.set_transport_pointer(this);
+        session.set_pull_function(pull_function);
+        session.set_pull_timeout_function(pull_timeout_function);
+        session.set_push_function(push_function);
+        session.set_verify_function(verify_function);
+
+        Thread<int> thread = new Thread<int> (null, () => {
+            DateTime maximum_time = new DateTime.now_utc().add_seconds(20);
+            do {
+                err = session.handshake();
+
+                DateTime current_time = new DateTime.now_utc();
+                if (maximum_time.compare(current_time) < 0) {
+                    warning("DTLS handshake timeouted");
+                    return -1;
+                }
+            } while (err < 0 && !((ErrorCode)err).is_fatal());
+            Idle.add(setup_dtls_connection.callback);
+            return err;
+        });
+        yield;
+        err = thread.join();
+
+        uint8[] km = new uint8[150];
+        Datum? client_key, client_salt, server_key, server_salt;
+        session.get_srtp_keys(km, km.length, out client_key, out client_salt, out server_key, out server_salt);
+        if (client_key == null || client_salt == null || server_key == null || server_salt == null) {
+            warning("SRTP client/server key/salt null");
+        }
+
+        Crypto.Srtp.Session encrypt_session = new Crypto.Srtp.Session(Crypto.Srtp.Encryption.AES_CM, Crypto.Srtp.Authentication.HMAC_SHA1, 10, Crypto.Srtp.Prf.AES_CM, 0);
+        Crypto.Srtp.Session decrypt_session = new Crypto.Srtp.Session(Crypto.Srtp.Encryption.AES_CM, Crypto.Srtp.Authentication.HMAC_SHA1, 10, Crypto.Srtp.Prf.AES_CM, 0);
+
+        if (server) {
+            encrypt_session.setkey(server_key.extract(), server_salt.extract());
+            decrypt_session.setkey(client_key.extract(), client_salt.extract());
+        } else {
+            encrypt_session.setkey(client_key.extract(), client_salt.extract());
+            decrypt_session.setkey(server_key.extract(), server_salt.extract());
+        }
+
+        this.encrypt_session = (owned)encrypt_session;
+        this.decrypt_session = (owned)decrypt_session;
+    }
+
+    private static ssize_t pull_function(void* transport_ptr, uint8[] buffer) {
+        DtlsSrtp self = transport_ptr as DtlsSrtp;
+
+        self.buffer_mutex.lock();
+        while (self.buffer_queue.size == 0) {
+            self.buffer_cond.wait(self.buffer_mutex);
+        }
+        owned Bytes data = self.buffer_queue.remove_at(0);
+        self.buffer_mutex.unlock();
+
+        uint8[] data_uint8 = Bytes.unref_to_data(data);
+        Memory.copy(buffer, data_uint8, data_uint8.length);
+
+        // The callback should return 0 on connection termination, a positive number indicating the number of bytes received, and -1 on error.
+        return (ssize_t)data.length;
+    }
+
+    private static int pull_timeout_function(void* transport_ptr, uint ms) {
+        DtlsSrtp self = transport_ptr as DtlsSrtp;
+
+        DateTime current_time = new DateTime.now_utc();
+        current_time.add_seconds(ms/1000);
+        int64 end_time = current_time.to_unix();
+
+        self.buffer_mutex.lock();
+        while (self.buffer_queue.size == 0) {
+            self.buffer_cond.wait_until(self.buffer_mutex, end_time);
+
+            DateTime new_current_time = new DateTime.now_utc();
+            if (new_current_time.compare(current_time) > 0) {
+                break;
+            }
+        }
+        self.buffer_mutex.unlock();
+
+        // The callback should return 0 on timeout, a positive number if data can be received, and -1 on error.
+        return 1;
+    }
+
+    private static ssize_t push_function(void* transport_ptr, uint8[] buffer) {
+        DtlsSrtp self = transport_ptr as DtlsSrtp;
+        self.send_data(buffer);
+
+        // The callback should return a positive number indicating the bytes sent, and -1 on error.
+        return (ssize_t)buffer.length;
+    }
+
+    private static int verify_function(Session session) {
+        DtlsSrtp self = session.get_transport_pointer() as DtlsSrtp;
+        try {
+            bool valid = self.verify_peer_cert(session);
+            if (!valid) {
+                warning("DTLS certificate invalid. Aborting handshake.");
+                return 1;
+            }
+        } catch (Error e) {
+            warning("Error during DTLS certificate validation: %s. Aborting handshake.", e.message);
+            return 1;
+        }
+
+        // The callback function should return 0 for the handshake to continue or non-zero to terminate.
+        return 0;
+    }
+
+    private bool verify_peer_cert(Session session) throws GLib.Error {
+        unowned Datum[] cert_datums = session.get_peer_certificates();
+        if (cert_datums.length == 0) {
+            warning("No peer certs");
+            return false;
+        }
+        if (cert_datums.length > 1) warning("More than one peer cert");
+
+        X509.Certificate peer_cert = X509.Certificate.create();
+        peer_cert.import(ref cert_datums[0], CertificateFormat.DER);
+
+        string peer_fp_str = format_certificate(peer_cert, DigestAlgorithm.SHA256);
+        if (peer_fp_str.down() != this.peer_fingerprint.down()) {
+            warning("First cert in peer cert list doesn't equal advertised one %s vs %s", peer_fp_str, this.peer_fingerprint);
+            return false;
+        }
+
+        return true;
+    }
+
+    private string format_certificate(X509.Certificate certificate, DigestAlgorithm digest_algo) {
+        uint8[] buf = new uint8[512];
+        size_t buf_out_size = 512;
+        certificate.get_fingerprint(digest_algo, buf, ref buf_out_size);
+
+        var sb = new StringBuilder();
+        for (int i = 0; i < buf_out_size; i++) {
+            sb.append("%02x".printf(buf[i]));
+            if (i < buf_out_size - 1) {
+                sb.append(":");
+            }
+        }
+        return sb.str;
+    }
+
+    private uint8[] uint8_pt_to_a(uint8* data, uint size) {
+        uint8[size] ret = new uint8[size];
+        for (int i = 0; i < size; i++) {
+            ret[i] = data[i];
+        }
+        return ret;
+    }
+}
\ No newline at end of file
diff --git a/plugins/ice/src/transport_parameters.vala b/plugins/ice/src/transport_parameters.vala
index a8172678..5b6431c2 100644
--- a/plugins/ice/src/transport_parameters.vala
+++ b/plugins/ice/src/transport_parameters.vala
@@ -9,9 +9,11 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
     private bool we_want_connection;
     private bool remote_credentials_set;
     private Map<uint8, DatagramConnection> connections = new HashMap<uint8, DatagramConnection>();
+    private DtlsSrtp? dtls_srtp;
 
     private class DatagramConnection : Jingle.DatagramConnection {
         private Nice.Agent agent;
+        private DtlsSrtp? dtls_srtp;
         private uint stream_id;
         private string? error;
         private ulong sent;
@@ -20,8 +22,9 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
         private ulong recv_reported;
         private ulong datagram_received_id;
 
-        public DatagramConnection(Nice.Agent agent, uint stream_id, uint8 component_id) {
+        public DatagramConnection(Nice.Agent agent, DtlsSrtp? dtls_srtp, uint stream_id, uint8 component_id) {
             this.agent = agent;
+            this.dtls_srtp = dtls_srtp;
             this.stream_id = stream_id;
             this.component_id = component_id;
             this.datagram_received_id = this.datagram_received.connect((datagram) => {
@@ -41,7 +44,12 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
 
         public override void send_datagram(Bytes datagram) {
             if (this.agent != null && is_component_ready(agent, stream_id, component_id)) {
-                agent.send(stream_id, component_id, datagram.get_data());
+                uint8[] encrypted_data = null;
+                if (dtls_srtp != null) {
+                    encrypted_data = dtls_srtp.process_outgoing_data(component_id, datagram.get_data());
+                    if (encrypted_data == null) return;
+                }
+                agent.send(stream_id, component_id, encrypted_data ?? datagram.get_data());
                 sent += datagram.length;
                 if (sent > sent_reported + 100000) {
                     debug("Sent %lu bytes via stream %u component %u", sent, stream_id, component_id);
@@ -55,6 +63,20 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
         base(components, local_full_jid, peer_full_jid, node);
         this.we_want_connection = (node == null);
         this.agent = agent;
+
+        if (this.peer_fingerprint != null || !incoming) {
+            dtls_srtp = DtlsSrtp.setup();
+            dtls_srtp.send_data.connect((data) => {
+                agent.send(stream_id, 1, data);
+            });
+            this.own_fingerprint = dtls_srtp.get_own_fingerprint(GnuTLS.DigestAlgorithm.SHA256);
+            if (incoming) {
+                dtls_srtp.set_peer_fingerprint(this.peer_fingerprint);
+            } else {
+                dtls_srtp.setup_dtls_connection(true);
+            }
+        }
+
         agent.candidate_gathering_done.connect(on_candidate_gathering_done);
         agent.initial_binding_request_received.connect(on_initial_binding_request_received);
         agent.component_state_changed.connect(on_component_state_changed);
@@ -112,6 +134,12 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
     public override void handle_transport_accept(StanzaNode transport) throws Jingle.IqError {
         debug("on_transport_accept from %s", peer_full_jid.to_string());
         base.handle_transport_accept(transport);
+
+        if (dtls_srtp != null && peer_fingerprint != null) {
+            dtls_srtp.set_peer_fingerprint(this.peer_fingerprint);
+        } else {
+            dtls_srtp = null;
+        }
     }
 
     public override void handle_transport_info(StanzaNode transport) throws Jingle.IqError {
@@ -163,9 +191,16 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
             int new_candidates = agent.set_remote_candidates(stream_id, i, candidates);
             debug("Initiated component %u with %i remote candidates", i, new_candidates);
 
-            connections[i] = new DatagramConnection(agent, stream_id, i);
+            connections[i] = new DatagramConnection(agent, dtls_srtp, stream_id, i);
             content.set_transport_connection(connections[i], i);
         }
+
+        if (incoming && dtls_srtp != null) {
+            Jingle.DatagramConnection rtp_datagram = (Jingle.DatagramConnection) content.get_transport_connection(1);
+            rtp_datagram.notify["ready"].connect(() => {
+                dtls_srtp.setup_dtls_connection(false);
+            });
+        }
         base.create_transport_connection(stream, content);
     }
 
@@ -194,12 +229,17 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
 
     private void on_recv(Nice.Agent agent, uint stream_id, uint component_id, uint8[] data) {
         if (stream_id != this.stream_id) return;
+        uint8[] decrypt_data = null;
+        if (dtls_srtp != null) {
+            decrypt_data = dtls_srtp.process_incoming_data(component_id, data);
+            if (decrypt_data == null) return;
+        }
         may_consider_ready(stream_id, component_id);
         if (connections.has_key((uint8) component_id)) {
             if (!connections[(uint8) component_id].ready) {
                 debug("on_recv stream %u component %u when state %s", stream_id, component_id, agent.get_component_state(stream_id, component_id).to_string());
             }
-            connections[(uint8) component_id].datagram_received(new Bytes(data));
+            connections[(uint8) component_id].datagram_received(new Bytes(decrypt_data ?? data));
         } else {
             debug("on_recv stream %u component %u length %u", stream_id, component_id, data.length);
         }