gstreamer/ext/dtls/gstdtlsagent.c

/*
 * Copyright (c) 2014, Ericsson AB. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without modification,
 * are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice, this
 * list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice, this
 * list of conditions and the following disclaimer in the documentation and/or other
 * materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 * OF SUCH DAMAGE.
 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include "gstdtlsagent.h"

#include "gstdtlscommon.h"

#ifdef __APPLE__
# define __AVAILABILITYMACROS__
# define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
#endif

#include <openssl/err.h>
#include <openssl/ssl.h>

#if ER_DTLS_USE_GST_LOG
    GST_DEBUG_CATEGORY_STATIC(er_dtls_agent_debug);
#   define GST_CAT_DEFAULT er_dtls_agent_debug
    G_DEFINE_TYPE_WITH_CODE(ErDtlsAgent, er_dtls_agent, G_TYPE_OBJECT,
        GST_DEBUG_CATEGORY_INIT(er_dtls_agent_debug, "gstdtlsagent", 0, "Ericsson DTLS Agent"));
#else
    G_DEFINE_TYPE(ErDtlsAgent, er_dtls_agent, G_TYPE_OBJECT);
#endif

#define ER_DTLS_AGENT_GET_PRIVATE(obj) (G_TYPE_INSTANCE_GET_PRIVATE((obj), ER_TYPE_DTLS_AGENT, ErDtlsAgentPrivate))

enum {
    PROP_0,
    PROP_CERTIFICATE,
    NUM_PROPERTIES
};

static GParamSpec *properties[NUM_PROPERTIES];

struct _ErDtlsAgentPrivate {
    SSL_CTX *ssl_context;

    ErDtlsCertificate *certificate;
};

static void er_dtls_agent_finalize(GObject *gobject);
static void er_dtls_agent_set_property(GObject *, guint prop_id, const GValue *, GParamSpec *);
const gchar *er_dtls_agent_peek_id(ErDtlsAgent *);

static GRWLock *ssl_locks;

static void ssl_locking_function(gint mode, gint lock_num, const gchar *file, gint line)
{
    gboolean locking;
    gboolean reading;
    GRWLock *lock;

    locking = mode & CRYPTO_LOCK;
    reading = mode & CRYPTO_READ;
    lock = &ssl_locks[lock_num];

    LOG_LOG(NULL, "%s SSL lock for %s, thread=%p location=%s:%d",
        locking ? "locking" : "unlocking", reading ? "reading" : "writing",
        g_thread_self(), file, line);

    if (locking) {
        if (reading) {
            g_rw_lock_reader_lock(lock);
        } else {
            g_rw_lock_writer_lock(lock);
        }
    } else {
        if (reading) {
            g_rw_lock_reader_unlock(lock);
        } else {
            g_rw_lock_writer_unlock(lock);
        }
    }
}

static gulong ssl_thread_id_function(void)
{
    return (gulong) g_thread_self();
}

void _er_dtls_init_openssl()
{
    static gsize is_init = 0;
    gint i;
    gint num_locks;

    if (g_once_init_enter(&is_init)) {
        if (OPENSSL_VERSION_NUMBER < 0x1000100fL) {
            LOG_WARNING(NULL, "Incorrect OpenSSL version, should be >= 1.0.1, is %s", OPENSSL_VERSION_TEXT);
            g_assert_not_reached();
        }

        LOG_INFO(NULL, "initializing openssl %lx", OPENSSL_VERSION_NUMBER);
        SSL_library_init();
        SSL_load_error_strings();
        ERR_load_BIO_strings();

        num_locks = CRYPTO_num_locks();
        ssl_locks = g_new(GRWLock, num_locks);
        for (i = 0; i < num_locks; ++i) {
            g_rw_lock_init(&ssl_locks[i]);
        }
        CRYPTO_set_locking_callback(ssl_locking_function);
        CRYPTO_set_id_callback(ssl_thread_id_function);

        g_once_init_leave(&is_init, 1);
    }
}

static void er_dtls_agent_class_init(ErDtlsAgentClass *klass)
{
    GObjectClass *gobject_class = G_OBJECT_CLASS(klass);

    g_type_class_add_private(klass, sizeof(ErDtlsAgentPrivate));

    gobject_class->set_property = er_dtls_agent_set_property;
    gobject_class->finalize = er_dtls_agent_finalize;

    properties[PROP_CERTIFICATE] =
        g_param_spec_object("certificate",
            "ErDtlsCertificate",
            "Sets the certificate of the agent",
            ER_TYPE_DTLS_CERTIFICATE,
            G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS);

    g_object_class_install_properties(gobject_class, NUM_PROPERTIES, properties);

    _er_dtls_init_openssl();
}

static void er_dtls_agent_init(ErDtlsAgent *self)
{
    ErDtlsAgentPrivate *priv = ER_DTLS_AGENT_GET_PRIVATE(self);
    self->priv = priv;

    ERR_clear_error();

    priv->ssl_context = SSL_CTX_new(DTLSv1_method());
    if (ERR_peek_error() || !priv->ssl_context) {
        char buf[512];

        priv->ssl_context = NULL;

        LOG_WARNING(self, "Error creating SSL Context: %s", ERR_error_string(ERR_get_error(), buf));

        g_return_if_reached();
    }

    SSL_CTX_set_verify_depth(priv->ssl_context, 2);
    SSL_CTX_set_tlsext_use_srtp(priv->ssl_context, "SRTP_AES128_CM_SHA1_80");
    SSL_CTX_set_cipher_list(priv->ssl_context, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
    SSL_CTX_set_read_ahead(priv->ssl_context, 1);
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
    SSL_CTX_set_ecdh_auto(priv->ssl_context, 1);
#endif
}

static void er_dtls_agent_finalize(GObject *gobject)
{
    ErDtlsAgentPrivate *priv = ER_DTLS_AGENT(gobject)->priv;

    SSL_CTX_free(priv->ssl_context);
    priv->ssl_context = NULL;

    LOG_DEBUG(gobject, "finalized");

    G_OBJECT_CLASS(er_dtls_agent_parent_class)->finalize(gobject);
}

static void er_dtls_agent_set_property(GObject *object, guint prop_id, const GValue *value, GParamSpec *pspec)
{
    ErDtlsAgent *self = ER_DTLS_AGENT(object);
    ErDtlsCertificate *certificate;

    switch (prop_id) {
    case PROP_CERTIFICATE:
        certificate = ER_DTLS_CERTIFICATE(g_value_get_object(value));
        g_return_if_fail(ER_IS_DTLS_CERTIFICATE(certificate));
        g_return_if_fail(self->priv->ssl_context);

        self->priv->certificate = certificate;
        g_object_ref(certificate);

        if (!SSL_CTX_use_certificate(self->priv->ssl_context, _er_dtls_certificate_get_internal_certificate(certificate))) {
            LOG_WARNING(self, "could not use certificate");
            g_return_if_reached();
        }

        if (!SSL_CTX_use_PrivateKey(self->priv->ssl_context, _er_dtls_certificate_get_internal_key(certificate))) {
            LOG_WARNING(self, "could not use private key");
            g_return_if_reached();
        }

        if (!SSL_CTX_check_private_key(self->priv->ssl_context)) {
            LOG_WARNING(self, "invalid private key");
            g_return_if_reached();
        }
        break;
    default:
        G_OBJECT_WARN_INVALID_PROPERTY_ID(self, prop_id, pspec);
    }
}

ErDtlsCertificate *er_dtls_agent_get_certificate(ErDtlsAgent *self)
{
    g_return_val_if_fail(ER_IS_DTLS_AGENT(self), NULL);
    if (self->priv->certificate) {
        g_object_ref(self->priv->certificate);
    }
    return self->priv->certificate;
}

gchar *er_dtls_agent_get_certificate_pem(ErDtlsAgent *self)
{
    gchar *pem;
    g_return_val_if_fail(ER_IS_DTLS_AGENT(self), NULL);
    g_return_val_if_fail(ER_IS_DTLS_CERTIFICATE(self->priv->certificate), NULL);

    g_object_get(self->priv->certificate, "pem", &pem, NULL);

    return pem;
}

const ErDtlsAgentContext _er_dtls_agent_peek_context(ErDtlsAgent *self)
{
    g_return_val_if_fail(ER_IS_DTLS_AGENT(self), NULL);
    return self->priv->ssl_context;
}
dtls: Add new DTLS plugin This is a copy of the Ericsson DTLS plugin from https://github.com/EricssonResearch/openwebrtc-gst-plugins/tree/master/ext/erdtls/src https://bugzilla.gnome.org/show_bug.cgi?id=744582 2015-03-16 16:33:03 +00:00			`/*`
			`* Copyright (c) 2014, Ericsson AB. All rights reserved.`
			`*`
			`* Redistribution and use in source and binary forms, with or without modification,`
			`* are permitted provided that the following conditions are met:`
			`*`
			`* 1. Redistributions of source code must retain the above copyright notice, this`
			`* list of conditions and the following disclaimer.`
			`*`
			`* 2. Redistributions in binary form must reproduce the above copyright notice, this`
			`* list of conditions and the following disclaimer in the documentation and/or other`
			`* materials provided with the distribution.`
			`*`
			`* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND`
			`* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED`
			`* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.`
			`* IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,`
			`* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT`
			`* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR`
			`* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,`
			`* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)`
			`* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY`
			`* OF SUCH DAMAGE.`
			`*/`

			`#ifdef HAVE_CONFIG_H`
			`#include "config.h"`
			`#endif`

			`#include "gstdtlsagent.h"`

			`#include "gstdtlscommon.h"`

			`#ifdef __APPLE__`
			`# define __AVAILABILITYMACROS__`
			`# define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER`
			`#endif`

			`#include <openssl/err.h>`
			`#include <openssl/ssl.h>`

			`#if ER_DTLS_USE_GST_LOG`
			`GST_DEBUG_CATEGORY_STATIC(er_dtls_agent_debug);`
			`# define GST_CAT_DEFAULT er_dtls_agent_debug`
			`G_DEFINE_TYPE_WITH_CODE(ErDtlsAgent, er_dtls_agent, G_TYPE_OBJECT,`
			`GST_DEBUG_CATEGORY_INIT(er_dtls_agent_debug, "gstdtlsagent", 0, "Ericsson DTLS Agent"));`
			`#else`
			`G_DEFINE_TYPE(ErDtlsAgent, er_dtls_agent, G_TYPE_OBJECT);`
			`#endif`

			`#define ER_DTLS_AGENT_GET_PRIVATE(obj) (G_TYPE_INSTANCE_GET_PRIVATE((obj), ER_TYPE_DTLS_AGENT, ErDtlsAgentPrivate))`

			`enum {`
			`PROP_0,`
			`PROP_CERTIFICATE,`
			`NUM_PROPERTIES`
			`};`

			`static GParamSpec *properties[NUM_PROPERTIES];`

			`struct _ErDtlsAgentPrivate {`
			`SSL_CTX *ssl_context;`

			`ErDtlsCertificate *certificate;`
			`};`

			`static void er_dtls_agent_finalize(GObject *gobject);`
			`static void er_dtls_agent_set_property(GObject , guint prop_id, const GValue , GParamSpec *);`
			`const gchar er_dtls_agent_peek_id(ErDtlsAgent );`

			`static GRWLock *ssl_locks;`

			`static void ssl_locking_function(gint mode, gint lock_num, const gchar *file, gint line)`
			`{`
			`gboolean locking;`
			`gboolean reading;`
			`GRWLock *lock;`

			`locking = mode & CRYPTO_LOCK;`
			`reading = mode & CRYPTO_READ;`
			`lock = &ssl_locks[lock_num];`

			`LOG_LOG(NULL, "%s SSL lock for %s, thread=%p location=%s:%d",`
			`locking ? "locking" : "unlocking", reading ? "reading" : "writing",`
			`g_thread_self(), file, line);`

			`if (locking) {`
			`if (reading) {`
			`g_rw_lock_reader_lock(lock);`
			`} else {`
			`g_rw_lock_writer_lock(lock);`
			`}`
			`} else {`
			`if (reading) {`
			`g_rw_lock_reader_unlock(lock);`
			`} else {`
			`g_rw_lock_writer_unlock(lock);`
			`}`
			`}`
			`}`

			`static gulong ssl_thread_id_function(void)`
			`{`
			`return (gulong) g_thread_self();`
			`}`

			`void _er_dtls_init_openssl()`
			`{`
			`static gsize is_init = 0;`
			`gint i;`
			`gint num_locks;`

			`if (g_once_init_enter(&is_init)) {`
			`if (OPENSSL_VERSION_NUMBER < 0x1000100fL) {`
			`LOG_WARNING(NULL, "Incorrect OpenSSL version, should be >= 1.0.1, is %s", OPENSSL_VERSION_TEXT);`
			`g_assert_not_reached();`
			`}`

			`LOG_INFO(NULL, "initializing openssl %lx", OPENSSL_VERSION_NUMBER);`
			`SSL_library_init();`
			`SSL_load_error_strings();`
			`ERR_load_BIO_strings();`

			`num_locks = CRYPTO_num_locks();`
			`ssl_locks = g_new(GRWLock, num_locks);`
			`for (i = 0; i < num_locks; ++i) {`
			`g_rw_lock_init(&ssl_locks[i]);`
			`}`
			`CRYPTO_set_locking_callback(ssl_locking_function);`
			`CRYPTO_set_id_callback(ssl_thread_id_function);`

			`g_once_init_leave(&is_init, 1);`
			`}`
			`}`

			`static void er_dtls_agent_class_init(ErDtlsAgentClass *klass)`
			`{`
			`GObjectClass *gobject_class = G_OBJECT_CLASS(klass);`

			`g_type_class_add_private(klass, sizeof(ErDtlsAgentPrivate));`

			`gobject_class->set_property = er_dtls_agent_set_property;`
			`gobject_class->finalize = er_dtls_agent_finalize;`

			`properties[PROP_CERTIFICATE] =`
			`g_param_spec_object("certificate",`
			`"ErDtlsCertificate",`
			`"Sets the certificate of the agent",`
			`ER_TYPE_DTLS_CERTIFICATE,`
			`G_PARAM_WRITABLE \| G_PARAM_CONSTRUCT_ONLY \| G_PARAM_STATIC_STRINGS);`

			`g_object_class_install_properties(gobject_class, NUM_PROPERTIES, properties);`

			`_er_dtls_init_openssl();`
			`}`

			`static void er_dtls_agent_init(ErDtlsAgent *self)`
			`{`
			`ErDtlsAgentPrivate *priv = ER_DTLS_AGENT_GET_PRIVATE(self);`
			`self->priv = priv;`

			`ERR_clear_error();`

			`priv->ssl_context = SSL_CTX_new(DTLSv1_method());`
			`if (ERR_peek_error() \|\| !priv->ssl_context) {`
			`char buf[512];`

			`priv->ssl_context = NULL;`

			`LOG_WARNING(self, "Error creating SSL Context: %s", ERR_error_string(ERR_get_error(), buf));`

			`g_return_if_reached();`
			`}`

			`SSL_CTX_set_verify_depth(priv->ssl_context, 2);`
			`SSL_CTX_set_tlsext_use_srtp(priv->ssl_context, "SRTP_AES128_CM_SHA1_80");`
			`SSL_CTX_set_cipher_list(priv->ssl_context, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");`
			`SSL_CTX_set_read_ahead(priv->ssl_context, 1);`
			`#if OPENSSL_VERSION_NUMBER >= 0x1000200fL`
			`SSL_CTX_set_ecdh_auto(priv->ssl_context, 1);`
			`#endif`
			`}`

			`static void er_dtls_agent_finalize(GObject *gobject)`
			`{`
			`ErDtlsAgentPrivate *priv = ER_DTLS_AGENT(gobject)->priv;`

			`SSL_CTX_free(priv->ssl_context);`
			`priv->ssl_context = NULL;`

			`LOG_DEBUG(gobject, "finalized");`

			`G_OBJECT_CLASS(er_dtls_agent_parent_class)->finalize(gobject);`
			`}`

			`static void er_dtls_agent_set_property(GObject object, guint prop_id, const GValue value, GParamSpec *pspec)`
			`{`
			`ErDtlsAgent *self = ER_DTLS_AGENT(object);`
			`ErDtlsCertificate *certificate;`

			`switch (prop_id) {`
			`case PROP_CERTIFICATE:`
			`certificate = ER_DTLS_CERTIFICATE(g_value_get_object(value));`
			`g_return_if_fail(ER_IS_DTLS_CERTIFICATE(certificate));`
			`g_return_if_fail(self->priv->ssl_context);`

			`self->priv->certificate = certificate;`
			`g_object_ref(certificate);`

			`if (!SSL_CTX_use_certificate(self->priv->ssl_context, _er_dtls_certificate_get_internal_certificate(certificate))) {`
			`LOG_WARNING(self, "could not use certificate");`
			`g_return_if_reached();`
			`}`

			`if (!SSL_CTX_use_PrivateKey(self->priv->ssl_context, _er_dtls_certificate_get_internal_key(certificate))) {`
			`LOG_WARNING(self, "could not use private key");`
			`g_return_if_reached();`
			`}`

			`if (!SSL_CTX_check_private_key(self->priv->ssl_context)) {`
			`LOG_WARNING(self, "invalid private key");`
			`g_return_if_reached();`
			`}`
			`break;`
			`default:`
			`G_OBJECT_WARN_INVALID_PROPERTY_ID(self, prop_id, pspec);`
			`}`
			`}`

			`ErDtlsCertificate er_dtls_agent_get_certificate(ErDtlsAgent self)`
			`{`
			`g_return_val_if_fail(ER_IS_DTLS_AGENT(self), NULL);`
			`if (self->priv->certificate) {`
			`g_object_ref(self->priv->certificate);`
			`}`
			`return self->priv->certificate;`
			`}`

			`gchar er_dtls_agent_get_certificate_pem(ErDtlsAgent self)`
			`{`
			`gchar *pem;`
			`g_return_val_if_fail(ER_IS_DTLS_AGENT(self), NULL);`
			`g_return_val_if_fail(ER_IS_DTLS_CERTIFICATE(self->priv->certificate), NULL);`

			`g_object_get(self->priv->certificate, "pem", &pem, NULL);`

			`return pem;`
			`}`

			`const ErDtlsAgentContext _er_dtls_agent_peek_context(ErDtlsAgent *self)`
			`{`
			`g_return_val_if_fail(ER_IS_DTLS_AGENT(self), NULL);`
			`return self->priv->ssl_context;`
			`}`