Fork me on GitHub
Macros | Functions
dtls.c File Reference

DTLS/SRTP processing. More...

#include "janus.h"
#include "debug.h"
#include "dtls.h"
#include "rtcp.h"
#include "events.h"
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/asn1.h>
Include dependency graph for dtls.c:

Macros

#define DTLS_CIPHERS   "HIGH:!aNULL:!MD5:!RC4"
 
#define DTLS_AUTOCERT_DURATION   60*60*24*365
 

Functions

const gchar * janus_get_dtls_srtp_state (janus_dtls_state state)
 Helper method to get a string representation of a Janus DTLS state. More...
 
const gchar * janus_get_dtls_srtp_role (janus_dtls_role role)
 Helper method to get a string representation of a DTLS role. More...
 
const gchar * janus_get_dtls_srtp_profile (int profile)
 Helper method to get a string representation of an SRTP profile. More...
 
gchar * janus_dtls_get_local_fingerprint (void)
 Method to return a string representation (SHA-256) of the certificate fingerprint. More...
 
gint janus_dtls_srtp_init (const char *server_pem, const char *server_key, const char *password, guint timeout)
 DTLS stuff initialization. More...
 
void janus_dtls_srtp_cleanup (void)
 Method to cleanup DTLS stuff before exiting. More...
 
janus_dtls_srtpjanus_dtls_srtp_create (void *ice_component, janus_dtls_role role)
 Create a janus_dtls_srtp instance. More...
 
void janus_dtls_srtp_handshake (janus_dtls_srtp *dtls)
 Start a DTLS handshake. More...
 
int janus_dtls_srtp_create_sctp (janus_dtls_srtp *dtls)
 Create an SCTP association, for data channels. More...
 
void janus_dtls_srtp_incoming_msg (janus_dtls_srtp *dtls, char *buf, uint16_t len)
 Handle an incoming DTLS message. More...
 
void janus_dtls_srtp_send_alert (janus_dtls_srtp *dtls)
 Send an alert on a janus_dtls_srtp instance. More...
 
void janus_dtls_srtp_destroy (janus_dtls_srtp *dtls)
 Destroy a janus_dtls_srtp instance. More...
 
void janus_dtls_callback (const SSL *ssl, int where, int ret)
 DTLS alert callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html) More...
 
int janus_dtls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx)
 DTLS certificate verification callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html) More...
 
gboolean janus_dtls_retry (gpointer stack)
 DTLS retransmission timer. More...
 

Detailed Description

DTLS/SRTP processing.

Author
Lorenzo Miniero loren.nosp@m.zo@m.nosp@m.eetec.nosp@m.ho.c.nosp@m.om

Implementation (based on OpenSSL and libsrtp) of the DTLS/SRTP transport. The code takes care of the DTLS handshake between peers and the server, and sets the proper SRTP and SRTCP context up accordingly. A DTLS alert from a peer is notified to the plugin handling him/her by means of the hangup_media callback.

Protocols

Macro Definition Documentation

#define DTLS_AUTOCERT_DURATION   60*60*24*365
#define DTLS_CIPHERS   "HIGH:!aNULL:!MD5:!RC4"

Function Documentation

void janus_dtls_callback ( const SSL *  ssl,
int  where,
int  ret 
)

DTLS alert callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html)

Parameters
[in]sslSSL instance where the alert occurred
[in]whereThe context where the event occurred
[in]retThe error code
gchar* janus_dtls_get_local_fingerprint ( void  )

Method to return a string representation (SHA-256) of the certificate fingerprint.

gboolean janus_dtls_retry ( gpointer  stack)

DTLS retransmission timer.

As libnice is going to actually send and receive data, OpenSSL cannot handle retransmissions by itself: this timed callback (g_source_set_callback) deals with this.

Parameters
[in]stackOpaque pointer to the janus_dtls_srtp instance to use
Returns
true if a retransmission is still needed, false otherwise
void janus_dtls_srtp_cleanup ( void  )

Method to cleanup DTLS stuff before exiting.

janus_dtls_srtp* janus_dtls_srtp_create ( void *  component,
janus_dtls_role  role 
)

Create a janus_dtls_srtp instance.

Parameters
[in]componentOpaque pointer to the component owning that will use the stack
[in]roleThe role of the DTLS stack (client/server)
Returns
A new janus_dtls_srtp instance if successful, NULL otherwise
int janus_dtls_srtp_create_sctp ( janus_dtls_srtp dtls)

Create an SCTP association, for data channels.

Note
This is a separate method as, with renegotiations, it might happen that data channels are not created right away, right after the DTLS handshake has been completed, but only later, when DTLS is already up
Parameters
[in]dtlsThe janus_dtls_srtp instance to setup SCTP on
Returns
0 in case of success, a negative integer otherwise
void janus_dtls_srtp_destroy ( janus_dtls_srtp dtls)

Destroy a janus_dtls_srtp instance.

Parameters
[in]dtlsThe janus_dtls_srtp instance to destroy
void janus_dtls_srtp_handshake ( janus_dtls_srtp dtls)

Start a DTLS handshake.

Parameters
[in]dtlsThe janus_dtls_srtp instance to start the handshake on
void janus_dtls_srtp_incoming_msg ( janus_dtls_srtp dtls,
char *  buf,
uint16_t  len 
)

Handle an incoming DTLS message.

Parameters
[in]dtlsThe janus_dtls_srtp instance to start the handshake on
[in]bufThe DTLS message data
[in]lenThe DTLS message data lenght
gint janus_dtls_srtp_init ( const char *  server_pem,
const char *  server_key,
const char *  password,
guint  timeout 
)

DTLS stuff initialization.

Parameters
[in]server_pemPath to the certificate to use
[in]server_keyPath to the key to use
[in]passwordPassword needed to use the key, if any
[in]timeoutDTLS timeout base to use for retransmissions (ignored if not using BoringSSL)
Returns
0 in case of success, a negative integer on errors
void janus_dtls_srtp_send_alert ( janus_dtls_srtp dtls)

Send an alert on a janus_dtls_srtp instance.

Parameters
[in]dtlsThe janus_dtls_srtp instance to send the alert on
int janus_dtls_verify_callback ( int  preverify_ok,
X509_STORE_CTX *  ctx 
)

DTLS certificate verification callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)

This method always returns 1 (true), in order not to fail when a certificate verification is requested. This is especially needed because all certificates used for DTLS in WebRTC are self signed, and as such a formal verification would fail.

Parameters
[in]preverify_okWhether the verification of the certificate was passed
[in]ctxcontext used for the certificate verification
const gchar* janus_get_dtls_srtp_profile ( int  profile)

Helper method to get a string representation of an SRTP profile.

Parameters
[in]profileThe SRTP profile as exported by a DTLS-SRTP handshake
Returns
A string representation of the profile
const gchar* janus_get_dtls_srtp_role ( janus_dtls_role  role)

Helper method to get a string representation of a DTLS role.

Parameters
[in]roleThe DTLS role
Returns
A string representation of the role
const gchar* janus_get_dtls_srtp_state ( janus_dtls_state  state)

Helper method to get a string representation of a Janus DTLS state.

Parameters
[in]stateThe Janus DTLS state
Returns
A string representation of the state