Skip to content

Commit

Permalink
[core] CCryptoControl: Partially removed dependency on CUDT. (#2424)
Browse files Browse the repository at this point in the history
  • Loading branch information
@maxsharabayko
maxsharabayko committed Aug 12, 2022
1 parent 5ae3b00 commit fe98265
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 35 deletions.
6 changes: 3 additions & 3 deletions srtcore/core.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5889,7 +5889,7 @@ bool srt::CUDT::createCrypter(HandshakeSide side, bool bidirectional)
// Write back this value, when it was just determined.
m_SrtHsSide = side;

m_pCryptoControl.reset(new CCryptoControl(this, m_SocketID));
m_pCryptoControl.reset(new CCryptoControl(m_SocketID));

// XXX These below are a little bit controversial.
// These data should probably be filled only upon
Expand All @@ -5903,7 +5903,7 @@ bool srt::CUDT::createCrypter(HandshakeSide side, bool bidirectional)
m_pCryptoControl->setCryptoKeylen(m_config.iSndCryptoKeyLen);
}

return m_pCryptoControl->init(side, bidirectional);
return m_pCryptoControl->init(side, m_config, bidirectional);
}

SRT_REJECT_REASON srt::CUDT::setupCC()
Expand Down Expand Up @@ -6063,7 +6063,7 @@ void srt::CUDT::checkSndTimers(Whether2RegenKm regen)
// if this side is RESPONDER. This shall be called only with
// regeneration request, which is required by the sender.
if (m_pCryptoControl)
m_pCryptoControl->sendKeysToPeer(regen);
m_pCryptoControl->sendKeysToPeer(this, SRTT(), regen);
}
}

Expand Down
37 changes: 18 additions & 19 deletions srtcore/crypto.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -427,9 +427,9 @@ int srt::CCryptoControl::processSrtMsg_KMRSP(const uint32_t* srtdata, size_t len
return retstatus;
}

void srt::CCryptoControl::sendKeysToPeer(Whether2RegenKm regen SRT_ATR_UNUSED)
void srt::CCryptoControl::sendKeysToPeer(CUDT* sock SRT_ATR_UNUSED, int iSRTT SRT_ATR_UNUSED, Whether2RegenKm regen SRT_ATR_UNUSED)
{
if ( !m_hSndCrypto || m_SndKmState == SRT_KM_S_UNSECURED)
if (!m_hSndCrypto || m_SndKmState == SRT_KM_S_UNSECURED)
{
HLOGC(cnlog.Debug, log << "sendKeysToPeer: NOT sending/regenerating keys: "
<< (m_hSndCrypto ? "CONNECTION UNSECURED" : "NO TX CRYPTO CTX created"));
Expand All @@ -447,7 +447,7 @@ void srt::CCryptoControl::sendKeysToPeer(Whether2RegenKm regen SRT_ATR_UNUSED)
* then (re-)send handshake request.
*/
if (((m_SndKmMsg[0].iPeerRetry > 0) || (m_SndKmMsg[1].iPeerRetry > 0))
&& ((m_SndKmLastTime + srt::sync::microseconds_from((m_parent->SRTT() * 3)/2)) <= now))
&& ((m_SndKmLastTime + srt::sync::microseconds_from((iSRTT * 3)/2)) <= now))
{
for (int ki = 0; ki < 2; ki++)
{
Expand All @@ -457,7 +457,7 @@ void srt::CCryptoControl::sendKeysToPeer(Whether2RegenKm regen SRT_ATR_UNUSED)
HLOGC(cnlog.Debug, log << "sendKeysToPeer: SENDING ki=" << ki << " len=" << m_SndKmMsg[ki].MsgLen
<< " retry(updated)=" << m_SndKmMsg[ki].iPeerRetry);
m_SndKmLastTime = now;
m_parent->sendSrtMsg(SRT_CMD_KMREQ, (uint32_t *)m_SndKmMsg[ki].Msg, m_SndKmMsg[ki].MsgLen / sizeof(uint32_t));
sock->sendSrtMsg(SRT_CMD_KMREQ, (uint32_t *)m_SndKmMsg[ki].Msg, m_SndKmMsg[ki].MsgLen / sizeof(uint32_t));
}
}
}
Expand All @@ -466,15 +466,15 @@ void srt::CCryptoControl::sendKeysToPeer(Whether2RegenKm regen SRT_ATR_UNUSED)
if (regen)
{
regenCryptoKm(
true, // send UMSG_EXT + SRT_CMD_KMREQ to the peer, if regenerated the key
sock, // send UMSG_EXT + SRT_CMD_KMREQ to the peer using this socket
false // Do not apply the regenerated key to the to the receiver context
); // regenerate and send
}
#endif
}

#ifdef SRT_ENABLE_ENCRYPTION
void srt::CCryptoControl::regenCryptoKm(bool sendit, bool bidirectional)
void srt::CCryptoControl::regenCryptoKm(CUDT* sock, bool bidirectional)
{
if (!m_hSndCrypto)
return;
Expand All @@ -485,7 +485,7 @@ void srt::CCryptoControl::regenCryptoKm(bool sendit, bool bidirectional)
int sent = 0;

HLOGC(cnlog.Debug, log << "regenCryptoKm: regenerating crypto keys nbo=" << nbo <<
" THEN=" << (sendit ? "SEND" : "KEEP") << " DIR=" << (bidirectional ? "BOTH" : "SENDER"));
" THEN=" << (sock ? "SEND" : "KEEP") << " DIR=" << (bidirectional ? "BOTH" : "SENDER"));

for (int i = 0; i < nbo && i < 2; i++)
{
Expand Down Expand Up @@ -513,7 +513,7 @@ void srt::CCryptoControl::regenCryptoKm(bool sendit, bool bidirectional)
m_SndKmMsg[ki].MsgLen = out_len_p[i];
m_SndKmMsg[ki].iPeerRetry = SRT_MAX_KMRETRY;

if (bidirectional && !sendit)
if (bidirectional && !sock)
{
// "Send" this key also to myself, just to be applied to the receiver crypto,
// exactly the same way how this key is interpreted on the peer side into its receiver crypto
Expand All @@ -526,11 +526,11 @@ void srt::CCryptoControl::regenCryptoKm(bool sendit, bool bidirectional)
}
}

if (sendit)
if (sock)
{
HLOGC(cnlog.Debug, log << "regenCryptoKm: SENDING ki=" << ki << " len=" << m_SndKmMsg[ki].MsgLen
<< " retry(updated)=" << m_SndKmMsg[ki].iPeerRetry);
m_parent->sendSrtMsg(SRT_CMD_KMREQ, (uint32_t *)m_SndKmMsg[ki].Msg, m_SndKmMsg[ki].MsgLen / sizeof(uint32_t));
sock->sendSrtMsg(SRT_CMD_KMREQ, (uint32_t *)m_SndKmMsg[ki].Msg, m_SndKmMsg[ki].MsgLen / sizeof(uint32_t));
sent++;
}
}
Expand All @@ -552,9 +552,8 @@ void srt::CCryptoControl::regenCryptoKm(bool sendit, bool bidirectional)
}
#endif

srt::CCryptoControl::CCryptoControl(CUDT* parent, SRTSOCKET id)
: m_parent(parent) // should be initialized in createCC()
, m_SocketID(id)
srt::CCryptoControl::CCryptoControl(SRTSOCKET id)
: m_SocketID(id)
, m_iSndKmKeyLen(0)
, m_iRcvKmKeyLen(0)
, m_SndKmState(SRT_KM_S_UNSECURED)
Expand All @@ -575,7 +574,7 @@ srt::CCryptoControl::CCryptoControl(CUDT* parent, SRTSOCKET id)
m_hRcvCrypto = NULL;
}

bool srt::CCryptoControl::init(HandshakeSide side, bool bidirectional SRT_ATR_UNUSED)
bool srt::CCryptoControl::init(HandshakeSide side, const CSrtConfig& cfg, bool bidirectional SRT_ATR_UNUSED)
{
// NOTE: initiator creates m_hSndCrypto. When bidirectional,
// it creates also m_hRcvCrypto with the same key length.
Expand All @@ -592,8 +591,8 @@ bool srt::CCryptoControl::init(HandshakeSide side, bool bidirectional SRT_ATR_UN
// Set security-pending state, if a password was set.
m_SndKmState = hasPassphrase() ? SRT_KM_S_SECURING : SRT_KM_S_UNSECURED;

m_KmPreAnnouncePkt = m_parent->m_config.uKmPreAnnouncePkt;
m_KmRefreshRatePkt = m_parent->m_config.uKmRefreshRatePkt;
m_KmPreAnnouncePkt = cfg.uKmPreAnnouncePkt;
m_KmRefreshRatePkt = cfg.uKmRefreshRatePkt;

if ( side == HSD_INITIATOR )
{
Expand Down Expand Up @@ -628,9 +627,9 @@ bool srt::CCryptoControl::init(HandshakeSide side, bool bidirectional SRT_ATR_UN
}

regenCryptoKm(
false, // Do not send the key (will be attached it to the HSv5 handshake)
bidirectional // replicate the key to the receiver context, if bidirectional
);
NULL, // Do not send the key (the KM msg will be attached to the HSv5 handshake)
bidirectional // replicate the key to the receiver context, if bidirectional
);
#else
// This error would be a consequence of setting the passphrase, while encryption
// is turned off at compile time. Setting the password itself should be not allowed
Expand Down
24 changes: 12 additions & 12 deletions srtcore/crypto.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ extern Logger cnlog;
namespace srt
{
class CUDT;
struct CSrtConfig;


// For KMREQ/KMRSP. Only one field is used.
Expand All @@ -53,7 +54,6 @@ enum Whether2RegenKm {DONT_REGEN_KM = 0, REGEN_KM = 1};

class CCryptoControl
{
CUDT* m_parent;
SRTSOCKET m_SocketID;

size_t m_iSndKmKeyLen; //Key length
Expand Down Expand Up @@ -85,7 +85,6 @@ class CCryptoControl
bool m_bErrorReported;

public:

static void globalInit();

bool sendingAllowed()
Expand All @@ -111,9 +110,11 @@ class CCryptoControl
}

private:

#ifdef SRT_ENABLE_ENCRYPTION
void regenCryptoKm(bool sendit, bool bidirectional);
/// Regenerate cryptographic key material.
/// @param[in] sock If not null, the socket will be used to send the KM message to the peer (e.g. KM refresh).
/// @param[in] bidirectional If true, the key material will be regenerated for both directions (receiver and sender).
void regenCryptoKm(CUDT* sock, bool bidirectional);
#endif

public:
Expand Down Expand Up @@ -197,25 +198,24 @@ class CCryptoControl
return false;
}

CCryptoControl(CUDT* parent, SRTSOCKET id);
CCryptoControl(SRTSOCKET id);

// DEBUG PURPOSES:
std::string CONID() const;
std::string FormatKmMessage(std::string hdr, int cmd, size_t srtlen);

bool init(HandshakeSide, bool);
bool init(HandshakeSide, const CSrtConfig&, bool);
void close();

// This function is used in:
// - HSv4 (initial key material exchange - in HSv5 it's attached to handshake)
// - case of key regeneration, which should be then exchanged again
void sendKeysToPeer(Whether2RegenKm regen);

/// @return True if the handshake is in progress.
/// This function is used in:
/// - HSv4 (initial key material exchange - in HSv5 it's attached to handshake)
/// - case of key regeneration, which should be then exchanged again.
void sendKeysToPeer(CUDT* sock, int iSRTT, Whether2RegenKm regen);

void setCryptoSecret(const HaiCrypt_Secret& secret)
{
m_KmSecret = secret;
//memcpy(&m_KmSecret, &secret, sizeof(m_KmSecret));
}

void setCryptoKeylen(size_t keylen)
Expand Down
2 changes: 1 addition & 1 deletion srtcore/sync.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@ static unsigned int* getRandSeed()
int srt::sync::genRandomInt(int minVal, int maxVal)
{
// This Meyers singleton initialization is thread-safe since C++11, but is not thread-safe in C++03.
// A mutex to protect simulteneout access to the random device.
// A mutex to protect simultaneous access to the random device.
// Thread-local storage could be used here instead to store the seed / random device.
// However the generator is not used often (Initial Socket ID, Initial sequence number, FileCC),
// so sharing a single seed among threads should not impact the performance.
Expand Down

0 comments on commit fe98265

Please sign in to comment.