Fork me on GitHub
Loading...
Searching...
No Matches
Macros | Functions
dtls.c File Reference

DTLS/SRTP processing. More...

#include "janus.h"
#include "debug.h"
#include "dtls.h"
#include "rtcp.h"
#include "events.h"
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/asn1.h>
Include dependency graph for dtls.c:

Macros

#define DTLS_DEFAULT_CIPHERS   "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK"
 
#define DTLS_AUTOCERT_DURATION   60*60*24*365
 
#define DTLS_ELLIPTIC_CURVE   NID_X9_62_prime256v1
 

Functions

const gchar * janus_get_dtls_srtp_state (janus_dtls_state state)
 Helper method to get a string representation of a Janus DTLS state.
 
const gchar * janus_get_dtls_srtp_role (janus_dtls_role role)
 Helper method to get a string representation of a DTLS role.
 
const gchar * janus_get_dtls_srtp_profile (int profile)
 Helper method to get a string representation of an SRTP profile.
 
gboolean janus_is_dtls (char *buf)
 Helper method to demultiplex DTLS from other protocols.
 
gboolean janus_dtls_are_selfsigned_certs_ok (void)
 Method to check whether DTLS self-signed certificates are ok (default) or not.
 
gchar * janus_dtls_get_local_fingerprint (void)
 Method to return a string representation (SHA-256) of the certificate fingerprint.
 
const char * janus_get_ssl_version (void)
 Helper method to return info on the crypto library and its version.
 
gint janus_dtls_srtp_init (const char *server_pem, const char *server_key, const char *password, const char *ciphers, guint16 timeout, gboolean rsa_private_key, gboolean accept_selfsigned)
 DTLS stuff initialization.
 
void janus_dtls_srtp_cleanup (void)
 Method to cleanup DTLS stuff before exiting.
 
janus_dtls_srtpjanus_dtls_srtp_create (void *ice_pc, janus_dtls_role role)
 Create a janus_dtls_srtp instance.
 
void janus_dtls_srtp_handshake (janus_dtls_srtp *dtls)
 Start a DTLS handshake.
 
int janus_dtls_srtp_create_sctp (janus_dtls_srtp *dtls)
 Create an SCTP association, for data channels.
 
void janus_dtls_srtp_incoming_msg (janus_dtls_srtp *dtls, char *buf, uint16_t len)
 Handle an incoming DTLS message.
 
void janus_dtls_srtp_send_alert (janus_dtls_srtp *dtls)
 Send an alert on a janus_dtls_srtp instance.
 
void janus_dtls_srtp_destroy (janus_dtls_srtp *dtls)
 Destroy a janus_dtls_srtp instance.
 
void janus_dtls_callback (const SSL *ssl, int where, int ret)
 DTLS alert callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html)
 
int janus_dtls_verify_callback (int preverify_ok, X509_STORE_CTX *ctx)
 DTLS certificate verification callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)
 
gboolean janus_dtls_retry (gpointer stack)
 DTLS retransmission timer.
 

Detailed Description

DTLS/SRTP processing.

Author
Lorenzo Miniero loren.nosp@m.zo@m.nosp@m.eetec.nosp@m.ho.c.nosp@m.om

Implementation (based on OpenSSL and libsrtp) of the DTLS/SRTP transport. The code takes care of the DTLS handshake between peers and the server, and sets the proper SRTP and SRTCP context up accordingly. A DTLS alert from a peer is notified to the plugin handling him/her by means of the hangup_media callback.

Protocols

Macro Definition Documentation

◆ DTLS_AUTOCERT_DURATION

#define DTLS_AUTOCERT_DURATION   60*60*24*365

◆ DTLS_DEFAULT_CIPHERS

#define DTLS_DEFAULT_CIPHERS   "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK"

◆ DTLS_ELLIPTIC_CURVE

#define DTLS_ELLIPTIC_CURVE   NID_X9_62_prime256v1

Function Documentation

◆ janus_dtls_are_selfsigned_certs_ok()

gboolean janus_dtls_are_selfsigned_certs_ok ( void )

Method to check whether DTLS self-signed certificates are ok (default) or not.

◆ janus_dtls_callback()

void janus_dtls_callback ( const SSL * ssl,
int where,
int ret )

DTLS alert callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html)

Parameters
[in]sslSSL instance where the alert occurred
[in]whereThe context where the event occurred
[in]retThe error code

◆ janus_dtls_get_local_fingerprint()

gchar * janus_dtls_get_local_fingerprint ( void )

Method to return a string representation (SHA-256) of the certificate fingerprint.

◆ janus_dtls_retry()

gboolean janus_dtls_retry ( gpointer stack)

DTLS retransmission timer.

As libnice is going to actually send and receive data, OpenSSL cannot handle retransmissions by itself: this timed callback (g_source_set_callback) deals with this.

Parameters
[in]stackOpaque pointer to the janus_dtls_srtp instance to use
Returns
true if a retransmission is still needed, false otherwise

◆ janus_dtls_srtp_cleanup()

void janus_dtls_srtp_cleanup ( void )

Method to cleanup DTLS stuff before exiting.

◆ janus_dtls_srtp_create()

janus_dtls_srtp * janus_dtls_srtp_create ( void * pc,
janus_dtls_role role )

Create a janus_dtls_srtp instance.

Parameters
[in]pcOpaque pointer to the WebRTC PeerConnection owning the stack
[in]roleThe role of the DTLS stack (client/server)
Returns
A new janus_dtls_srtp instance if successful, NULL otherwise

◆ janus_dtls_srtp_create_sctp()

int janus_dtls_srtp_create_sctp ( janus_dtls_srtp * dtls)

Create an SCTP association, for data channels.

Note
This is a separate method as, with renegotiations, it might happen that data channels are not created right away, right after the DTLS handshake has been completed, but only later, when DTLS is already up
Parameters
[in]dtlsThe janus_dtls_srtp instance to setup SCTP on
Returns
0 in case of success, a negative integer otherwise

◆ janus_dtls_srtp_destroy()

void janus_dtls_srtp_destroy ( janus_dtls_srtp * dtls)

Destroy a janus_dtls_srtp instance.

Parameters
[in]dtlsThe janus_dtls_srtp instance to destroy

◆ janus_dtls_srtp_handshake()

void janus_dtls_srtp_handshake ( janus_dtls_srtp * dtls)

Start a DTLS handshake.

Parameters
[in]dtlsThe janus_dtls_srtp instance to start the handshake on

◆ janus_dtls_srtp_incoming_msg()

void janus_dtls_srtp_incoming_msg ( janus_dtls_srtp * dtls,
char * buf,
uint16_t len )

Handle an incoming DTLS message.

Parameters
[in]dtlsThe janus_dtls_srtp instance to start the handshake on
[in]bufThe DTLS message data
[in]lenThe DTLS message data length

◆ janus_dtls_srtp_init()

gint janus_dtls_srtp_init ( const char * server_pem,
const char * server_key,
const char * password,
const char * ciphers,
guint16 timeout,
gboolean rsa_private_key,
gboolean accept_selfsigned )

DTLS stuff initialization.

Parameters
[in]server_pemPath to the certificate to use
[in]server_keyPath to the key to use
[in]passwordPassword needed to use the key, if any
[in]ciphersDTLS ciphers to use (will use hardcoded defaults, if NULL)
[in]timeoutDTLS timeout base, in ms, to use for retransmissions (ignored if not using BoringSSL)
[in]rsa_private_keyWhether RSA certificates should be generated, instead of NIST P-256
[in]accept_selfsignedWhether to accept self-signed certificates (default) or enforce validation
Returns
0 in case of success, a negative integer on errors

◆ janus_dtls_srtp_send_alert()

void janus_dtls_srtp_send_alert ( janus_dtls_srtp * dtls)

Send an alert on a janus_dtls_srtp instance.

Parameters
[in]dtlsThe janus_dtls_srtp instance to send the alert on

◆ janus_dtls_verify_callback()

int janus_dtls_verify_callback ( int preverify_ok,
X509_STORE_CTX * ctx )

DTLS certificate verification callback (http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html)

This method always returns 1 (true), in order not to fail when a certificate verification is requested. This is especially needed because all certificates used for DTLS in WebRTC are self signed, and as such a formal verification would fail.

Parameters
[in]preverify_okWhether the verification of the certificate was passed
[in]ctxcontext used for the certificate verification

◆ janus_get_dtls_srtp_profile()

const gchar * janus_get_dtls_srtp_profile ( int profile)

Helper method to get a string representation of an SRTP profile.

Parameters
[in]profileThe SRTP profile as exported by a DTLS-SRTP handshake
Returns
A string representation of the profile

◆ janus_get_dtls_srtp_role()

const gchar * janus_get_dtls_srtp_role ( janus_dtls_role role)

Helper method to get a string representation of a DTLS role.

Parameters
[in]roleThe DTLS role
Returns
A string representation of the role

◆ janus_get_dtls_srtp_state()

const gchar * janus_get_dtls_srtp_state ( janus_dtls_state state)

Helper method to get a string representation of a Janus DTLS state.

Parameters
[in]stateThe Janus DTLS state
Returns
A string representation of the state

◆ janus_get_ssl_version()

const char * janus_get_ssl_version ( void )

Helper method to return info on the crypto library and its version.

Returns
A pointer to a static string with the version

◆ janus_is_dtls()

gboolean janus_is_dtls ( char * buf)

Helper method to demultiplex DTLS from other protocols.

Parameters
[in]bufBuffer to inspect