srtp: require libsrtp2, drop support for libsrtp1

Even old old debian stable from 2019 ships with a recent-enough libsrtp2 version. Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8205>
2024-12-23 15:37:17 +01:00 · 2024-12-23 15:37:17 +01:00 · 5751a33997
commit 5751a33997
parent f6cc65a6bc
6 changed files with 8 additions and 187 deletions
--- a/subprojects/gst-plugins-bad/ext/srtp/gstsrtp.c
+++ b/subprojects/gst-plugins-bad/ext/srtp/gstsrtp.c
@ -31,36 +31,6 @@
 #include "gstsrtpenc.h"
 #include "gstsrtpdec.h"

-#ifndef HAVE_SRTP2
-srtp_err_status_t
-srtp_set_stream_roc (srtp_t session, guint32 ssrc, guint32 roc)
-{
-  srtp_stream_t stream;
-
-  stream = srtp_get_stream (session, htonl (ssrc));
-  if (stream == NULL) {
-    return srtp_err_status_bad_param;
-  }
-
-  rdbx_set_roc (&stream->rtp_rdbx, roc);
-  return srtp_err_status_ok;
-}
-
-srtp_err_status_t
-srtp_get_stream_roc (srtp_t session, guint32 ssrc, guint32 * roc)
-{
-  srtp_stream_t stream;
-
-  stream = srtp_get_stream (session, htonl (ssrc));
-  if (stream == NULL) {
-    return srtp_err_status_bad_param;
-  }
-
-  *roc = stream->rtp_rdbx.index >> 16;
-  return srtp_err_status_ok;
-}
-#endif
-
 static void free_reporter_data (gpointer data);

 GPrivate current_callback = G_PRIVATE_INIT (free_reporter_data);
--- a/subprojects/gst-plugins-bad/ext/srtp/gstsrtp.h
+++ b/subprojects/gst-plugins-bad/ext/srtp/gstsrtp.h
@ -54,41 +54,8 @@

 #include <gst/gst.h>

-#ifdef HAVE_SRTP2
-#  include <srtp2/srtp.h>
-#  include <srtp2/crypto_types.h>
-#else
-#  include <srtp/srtp.h>
-#  include <srtp/srtp_priv.h>
-#  include <srtp/crypto_types.h>
-
-#  define srtp_crypto_policy_t crypto_policy_t
-#  define SRTP_AES_ICM_128 AES_ICM
-#  define SRTP_AES_ICM_256 AES_ICM
-#  define SRTP_AES_GCM_128 AES_128_GCM
-#  define SRTP_AES_GCM_256 AES_256_GCM
-#  define SRTP_NULL_CIPHER NULL_CIPHER
-#  define SRTP_AES_ICM_128_KEY_LEN_WSALT 30
-#  define SRTP_AES_ICM_256_KEY_LEN_WSALT 46
-#  define SRTP_AES_GCM_128_KEY_LEN_WSALT AES_128_GCM_KEYSIZE_WSALT
-#  define SRTP_AES_GCM_256_KEY_LEN_WSALT AES_256_GCM_KEYSIZE_WSALT
-#  define SRTP_HMAC_SHA1 HMAC_SHA1
-#  define SRTP_NULL_AUTH NULL_AUTH
-#  define srtp_err_status_t err_status_t
-#  define srtp_err_status_ok err_status_ok
-#  define srtp_err_status_bad_param err_status_bad_param
-#  define srtp_err_status_replay_fail err_status_replay_fail
-#  define srtp_err_status_replay_old err_status_replay_old
-#  define srtp_err_status_key_expired err_status_key_expired
-#  define srtp_err_status_auth_fail err_status_auth_fail
-#  define srtp_err_status_cipher_fail err_status_cipher_fail
-#  define srtp_err_status_fail err_status_fail
-
-srtp_err_status_t srtp_set_stream_roc (srtp_t session, guint32 ssrc,
-    guint32 roc);
-srtp_err_status_t srtp_get_stream_roc (srtp_t session, guint32 ssrc,
-    guint32 * roc);
-#endif
+#include <srtp2/srtp.h>
+#include <srtp2/crypto_types.h>

 void     gst_srtp_init_event_reporter    (void);
 gboolean gst_srtp_get_soft_limit_reached (void);
--- a/subprojects/gst-plugins-bad/ext/srtp/gstsrtpdec.c
+++ b/subprojects/gst-plugins-bad/ext/srtp/gstsrtpdec.c
@ -233,13 +233,11 @@ struct _GstSrtpDecSsrcStream
  guint recv_drop_count;
 };

-#ifdef HAVE_SRTP2
 struct GstSrtpDecKey
 {
  GstBuffer *mki;
  GstBuffer *key;
 };
-#endif

 #define STREAM_HAS_CRYPTO(stream)                       \
  (stream->rtp_cipher != GST_SRTP_CIPHER_NULL ||        \
@ -538,7 +536,6 @@ find_stream_by_ssrc (GstSrtpDec * filter, guint32 ssrc)
  return g_hash_table_lookup (filter->streams, GUINT_TO_POINTER (ssrc));
 }

-#ifdef HAVE_SRTP2
 static void
 clear_key (gpointer data)
 {
@ -547,8 +544,6 @@ clear_key (gpointer data)
  gst_clear_buffer (&key->mki);
  gst_clear_buffer (&key->key);
 }
-#endif
-

 /* get info from buffer caps
 */
@ -607,15 +602,12 @@ get_stream_from_caps (GstSrtpDec * filter, GstCaps * caps, guint32 ssrc)
  }

  if (gst_structure_get (s, "srtp-key", GST_TYPE_BUFFER, &buf, NULL) && buf) {
-#ifdef HAVE_SRTP2
    GstBuffer *mki = NULL;
    guint i;
    gsize mki_size = 0;
-#endif

    GST_DEBUG_OBJECT (filter, "Got key [%p] for SSRC %u", buf, ssrc);

-#ifdef HAVE_SRTP2
    if (gst_structure_get (s, "mki", GST_TYPE_BUFFER, &mki, NULL) && mki) {
      struct GstSrtpDecKey key = {.mki = mki,.key = buf };

@ -659,9 +651,7 @@ get_stream_from_caps (GstSrtpDec * filter, GstCaps * caps, guint32 ssrc)
          break;
        }
      }
-    } else
-#endif
-    {
+    } else {
      stream->key = buf;
    }
  } else if (STREAM_HAS_CRYPTO (stream)) {
@ -700,10 +690,8 @@ init_session_stream (GstSrtpDec * filter, guint32 ssrc,
  srtp_policy_t policy;
  GstMapInfo map;
  guchar tmp[1];
-#ifdef HAVE_SRTP2
  GstMapInfo *key_maps = NULL;
  GstMapInfo *mki_maps = NULL;
-#endif

  memset (&policy, 0, sizeof (srtp_policy_t));

@ -717,7 +705,6 @@ init_session_stream (GstSrtpDec * filter, guint32 ssrc,
  set_crypto_policy_cipher_auth (stream->rtcp_cipher, stream->rtcp_auth,
      &policy.rtcp);

-#ifdef HAVE_SRTP2
  if (stream->keys) {
    guint i;
    srtp_master_key_t *keys;
@ -740,9 +727,7 @@ init_session_stream (GstSrtpDec * filter, guint32 ssrc,
      policy.keys[i]->mki_size = mki_maps[i].size;
    }
    policy.num_master_keys = stream->keys->len;
-  } else
-#endif
-  if (stream->key) {
+  } else if (stream->key) {
    gst_buffer_map (stream->key, &map, GST_MAP_READ);
    policy.key = (guchar *) map.data;
  } else {
@ -765,7 +750,6 @@ init_session_stream (GstSrtpDec * filter, guint32 ssrc,
  if (stream->key)
    gst_buffer_unmap (stream->key, &map);

-#ifdef HAVE_SRTP2
  if (key_maps) {
    guint i;

@ -777,22 +761,12 @@ init_session_stream (GstSrtpDec * filter, guint32 ssrc,
    }

  }
-#endif

  if (ret == srtp_err_status_ok) {
    srtp_err_status_t status;

    status = srtp_set_stream_roc (filter->session, ssrc, stream->roc);
-#ifdef HAVE_SRTP2
    (void) status;              /* Ignore unused variable */
-#else
-    if (status == srtp_err_status_ok) {
-      /* Here, we just set the ROC, but we also need to set the initial
-       * RTP sequence number later, otherwise libsrtp will not be able
-       * to get the right packet index. */
-      g_hash_table_add (filter->streams_roc_changed, GUINT_TO_POINTER (ssrc));
-    }
-#endif

    filter->first_session = FALSE;
    g_hash_table_insert (filter->streams, GUINT_TO_POINTER (stream->ssrc),
@ -880,7 +854,6 @@ buffers_are_equal (GstBuffer * a, GstBuffer * b)
 static gboolean
 keys_are_equal (GArray * a, GArray * b)
 {
-#ifdef HAVE_SRTP2
  guint i;

  if (a == b)
@ -906,9 +879,6 @@ keys_are_equal (GArray * a, GArray * b)
  }

  return TRUE;
-#else
-  return FALSE;
-#endif
 }

 /* Create new stream from params in caps
@ -1368,54 +1338,15 @@ unprotect:
  gst_srtp_init_event_reporter ();

  if (is_rtcp) {
-#ifdef HAVE_SRTP2
    stream = find_stream_by_ssrc (filter, ssrc);

    err = srtp_unprotect_rtcp_mki (filter->session, map.data, &size,
        stream && stream->keys);
-#else
-    err = srtp_unprotect_rtcp (filter->session, map.data, &size);
-#endif
  } else {
-#ifndef HAVE_SRTP2
-    /* If ROC has changed, we know we need to set the initial RTP
-     * sequence number too. */
-    if (g_hash_table_contains (filter->streams_roc_changed,
-            GUINT_TO_POINTER (ssrc))) {
-      srtp_stream_t stream;
+    stream = find_stream_by_ssrc (filter, ssrc);

-      stream = srtp_get_stream (filter->session, htonl (ssrc));
-
-      if (stream) {
-        guint16 seqnum = 0;
-        GstRTPBuffer rtpbuf = GST_RTP_BUFFER_INIT;
-
-        gst_rtp_buffer_map (*buf,
-            GST_MAP_READ | GST_RTP_BUFFER_MAP_FLAG_SKIP_PADDING, &rtpbuf);
-        seqnum = gst_rtp_buffer_get_seq (&rtpbuf);
-        gst_rtp_buffer_unmap (&rtpbuf);
-
-        /* We finally add the RTP sequence number to the current
-         * rollover counter. */
-        stream->rtp_rdbx.index &= ~0xFFFF;
-        stream->rtp_rdbx.index |= seqnum;
-      }
-
-      g_hash_table_remove (filter->streams_roc_changed,
-          GUINT_TO_POINTER (ssrc));
-    }
-#endif
-
-#ifdef HAVE_SRTP2
-    {
-      stream = find_stream_by_ssrc (filter, ssrc);
-
-      err = srtp_unprotect_mki (filter->session, map.data, &size,
-          stream && stream->keys);
-    }
-#else
-    err = srtp_unprotect (filter->session, map.data, &size);
-#endif
+    err = srtp_unprotect_mki (filter->session, map.data, &size,
+        stream && stream->keys);
  }
  stream = find_stream_by_ssrc (filter, ssrc);
  if (stream == NULL) {
@ -1571,12 +1502,6 @@ gst_srtp_dec_change_state (GstElement * element, GstStateChange transition)
    case GST_STATE_CHANGE_READY_TO_PAUSED:
      filter->streams = g_hash_table_new_full (g_direct_hash, g_direct_equal,
          NULL, (GDestroyNotify) free_stream);
-
-#ifndef HAVE_SRTP2
-      filter->streams_roc_changed =
-          g_hash_table_new (g_direct_hash, g_direct_equal);
-#endif
-
      filter->rtp_has_segment = FALSE;
      filter->rtcp_has_segment = FALSE;
      filter->recv_count = 0;
@ -1600,11 +1525,6 @@ gst_srtp_dec_change_state (GstElement * element, GstStateChange transition)
      gst_srtp_dec_clear_streams (filter);
      g_hash_table_unref (filter->streams);
      filter->streams = NULL;
-#ifndef HAVE_SRTP2
-      g_hash_table_unref (filter->streams_roc_changed);
-      filter->streams_roc_changed = NULL;
-#endif
-
      break;
    case GST_STATE_CHANGE_READY_TO_NULL:
      break;
--- a/subprojects/gst-plugins-bad/ext/srtp/gstsrtpdec.h
+++ b/subprojects/gst-plugins-bad/ext/srtp/gstsrtpdec.h
@ -84,10 +84,6 @@ struct _GstSrtpDec
  gboolean rtcp_has_segment;
  guint recv_count;
  guint recv_drop_count;
-
-#ifndef HAVE_SRTP2
-  GHashTable *streams_roc_changed;
-#endif
 };

 struct _GstSrtpDecClass
--- a/subprojects/gst-plugins-bad/ext/srtp/gstsrtpenc.c
+++ b/subprojects/gst-plugins-bad/ext/srtp/gstsrtpenc.c
@ -327,13 +327,11 @@ gst_srtp_enc_class_init (GstSrtpEncClass * klass)
  g_object_class_install_property (gobject_class, PROP_STATS,
      g_param_spec_boxed ("stats", "Statistics", "Various statistics",
          GST_TYPE_STRUCTURE, G_PARAM_READABLE | G_PARAM_STATIC_STRINGS));
-#ifdef HAVE_SRTP2
  g_object_class_install_property (gobject_class, PROP_MKI,
      g_param_spec_boxed ("mki", "MKI",
          "Master key Identifier (NULL means no MKI)", GST_TYPE_BUFFER,
          G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS |
          GST_PARAM_MUTABLE_PLAYING));
-#endif

  /**
   * GstSrtpEnc::soft-limit:
@ -388,12 +386,10 @@ gst_srtp_enc_create_session (GstSrtpEnc * filter)
  srtp_policy_t policy;
  GstMapInfo map;
  guchar tmp[1];
-#ifdef HAVE_SRTP2
  srtp_master_key_t mkey;
  srtp_master_key_t *mkey_ptr = &mkey;
  gboolean has_mki = FALSE;
  GstMapInfo mki_map;
-#endif

  memset (&policy, 0, sizeof (srtp_policy_t));

@ -438,7 +434,6 @@ gst_srtp_enc_create_session (GstSrtpEnc * filter)
    policy.key = tmp;
  }

-#ifdef HAVE_SRTP2
  if (filter->mki) {
    if (!gst_buffer_map (filter->mki, &mki_map, GST_MAP_READ)) {
      GST_OBJECT_UNLOCK (filter);
@ -459,7 +454,6 @@ gst_srtp_enc_create_session (GstSrtpEnc * filter)
    mkey.mki_id = (guchar *) mki_map.data;
    mkey.mki_size = mki_map.size;
  }
-#endif

  policy.ssrc.value = 0;
  policy.ssrc.type = ssrc_any_outbound;
@ -474,12 +468,10 @@ gst_srtp_enc_create_session (GstSrtpEnc * filter)
  ret = srtp_create (&filter->session, &policy);
  filter->first_session = FALSE;

-#ifdef HAVE_SRTP2
 done:

  if (has_mki)
    gst_buffer_unmap (filter->mki, &mki_map);
-#endif

  if (HAS_CRYPTO (filter))
    gst_buffer_unmap (filter->key, &map);
@ -750,14 +742,12 @@ gst_srtp_enc_set_property (GObject * object, guint prop_id,
    case PROP_ALLOW_REPEAT_TX:
      filter->allow_repeat_tx = g_value_get_boolean (value);
      break;
-#ifdef HAVE_SRTP2
    case PROP_MKI:
      gst_clear_buffer (&filter->mki);
      filter->mki = g_value_dup_boxed (value);
      filter->key_changed = TRUE;
      GST_INFO_OBJECT (object, "Set property: mki=[%p]", filter->mki);
      break;
-#endif
    default:
      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
      break;
@ -802,12 +792,10 @@ gst_srtp_enc_get_property (GObject * object, guint prop_id,
    case PROP_STATS:
      g_value_take_boxed (value, gst_srtp_enc_create_stats (filter));
      break;
-#ifdef HAVE_SRTP2
    case PROP_MKI:
      if (filter->mki)
        g_value_set_boxed (value, filter->mki);
      break;
-#endif
    default:
      G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
      break;
@ -892,10 +880,8 @@ gst_srtp_enc_sink_setcaps (GstPad * pad, GstSrtpEnc * filter,
  if (HAS_CRYPTO (filter))
    gst_structure_set (ps, "srtp-key", GST_TYPE_BUFFER, filter->key, NULL);

-#ifdef HAVE_SRTP2
  if (filter->mki)
    gst_structure_set (ps, "mki", GST_TYPE_BUFFER, filter->mki, NULL);
-#endif

  /* Add srtp-specific params to source caps */
  gst_structure_set (ps,
@ -1156,19 +1142,12 @@ gst_srtp_enc_process_buffer (GstSrtpEnc * filter, GstPad * pad,

  gst_srtp_enc_ensure_ssrc (filter, buf);

-#ifdef HAVE_SRTP2
  if (is_rtcp)
    err = srtp_protect_rtcp_mki (filter->session, mapout.data, &size,
        (filter->mki != NULL), 0);
  else
    err = srtp_protect_mki (filter->session, mapout.data, &size,
        (filter->mki != NULL), 0);
-#else
-  if (is_rtcp)
-    err = srtp_protect_rtcp (filter->session, mapout.data, &size);
-  else
-    err = srtp_protect (filter->session, mapout.data, &size);
-#endif

  GST_OBJECT_UNLOCK (filter);

--- a/subprojects/gst-plugins-bad/ext/srtp/meson.build
+++ b/subprojects/gst-plugins-bad/ext/srtp/meson.build
@ -30,18 +30,7 @@ if srtp_option.disabled()
  subdir_done()
 endif

-srtp_dep = dependency('libsrtp2', version : '>= 2.1.0', required : false, allow_fallback: true)
-if srtp_dep.found()
-  srtp_cargs += ['-DHAVE_SRTP2']
-else
-  srtp_dep = dependency('libsrtp', version: '>= 1.6.0', required : false)
-  if not srtp_dep.found() and cc.has_header_symbol('srtp/srtp.h', 'crypto_policy_set_aes_gcm_128_16_auth')
-    srtp_dep = cc.find_library('srtp', required : false)
-  endif
-endif
-if not srtp_dep.found() and srtp_option.enabled()
-  error('srtp plugin enabled but libsrtp not found')
-endif
+srtp_dep = dependency('libsrtp2', version : '>= 2.1.0', required : srtp_option, allow_fallback: true)

 if srtp_dep.found()
  gstsrtp_enums = gnome.mkenums_simple('gstsrtp-enumtypes',