Consider making some of the private headers public #721
Comments
|
One of the concerns with making private parts public is that there is no guarantee that the private parts will not change. That said, with the latest version of srtp (still under development), some of the public APIs have also changed, though those will be documented. IMO, it would be wiser to provide APIs to allow access to read-only information, as opposed to exposing more of the internals. |
|
Both of those are good points. I have requested that one of the Google developers comment here explaining exactly what they need. Perhaps it is already handled by your new public APIs. |
|
Given the code I saw in the links you shared, it doesn't appear that level of information is exposed in the new APIs. It might be undesirable to publish such APIs. I suggest we consider it once we understand exactly what information is needed. If you can collect the list of data that's needed, then everyone can evaluate the best approach to take. |
|
@sorenstoutner, if they are indeed updating parts of the authenticated packet and need to "re authenticate" then I would also suggest that they look at restructuring the code so it does not protect the packet until the last possible moment. How would this re auth even work with AEAD / GCM ciphers. |
|
I agree with you. I hope that someone from Google will engage in this conversation. I will politely remind them again in about a week. Otherwise, there isn't much we can do without their input. |
|
tagging @alvestrand (and I wonder whether the "external auth" stuff actually stamps abs-send-time in the network process) |
|
Will close this issue soon if there is no follow up. |
|
Oh this is basically the same as #738 -- I have a libWebRTC change to remove that usage but it might take a while to land. No libsrtp action needed I think |
|
Said fix landed in https://chromiumdash.appspot.com/commit/9ff254eaf2cd799a604178ada2a89500794e13a0 in Chromium 134. |
|
Thanks for the heads up. I will test it next week and verify if it resolves the issue completely in the Debian packaging. |
|
This looks like good progress, but it doesn't fully address the problem. This file still contains an import directive for the private header: In order to build against a system version of Some progress has been made. As of Chromium 133, For the sake of completeness, I should note that my original analysis show imports of |
|
IWYU should not matter but I can remove rdbx.h from there, thank you! The remaining reason for the include from webrtc/pc/srtp_session.cc is mostly the "external hmac" feature (I think but the compiler will tell). The origin of that is unclear (added here) but I could not find any public bugs. Would putting more of that under ENABLE_EXTERNAL_AUTH ifdef guards help? @alvestrand you are our only hope now! |
|
@havardk and @jonasoreland may have opinions. |
|
The critical call seems to be in GetSendStreamPacketIndex, which references a srtp_hdr_t* - this is called from ProtectRtp. The other one seems avoidable through code deletion - only called from tests as far as I can tell. |
instead use the standard API to get the rollover counter and determine the extended sequence number which is the basis for the packet index. See cisco/libsrtp#738 and cisco/libsrtp#721 BUG=webrtc:357776213 Change-Id: I90c5a4a538f56132158aa48db8700187fcdb47d2 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/371960 Commit-Queue: Philipp Hancke <[email protected]> Reviewed-by: Harald Alvestrand <[email protected]> Reviewed-by: Henrik Boström <[email protected]> Cr-Commit-Position: refs/heads/main@{#43802}
See cisco/libsrtp#721 Exercised by SrtpSessionTest.ProtectGetPacketIndex BUG=webrtc:361372443 Change-Id: I46c1eedc16728cbe5f39aef8760f6789bc1aad9b Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/377801 Reviewed-by: Harald Alvestrand <[email protected]> Reviewed-by: Henrik Boström <[email protected]> Commit-Queue: Philipp Hancke <[email protected]> Cr-Commit-Position: refs/heads/main@{#43957}
Upstream commit: https://webrtc.googlesource.com/src/+/9ff254eaf2cd799a604178ada2a89500794e13a0 srtp: stop using private libsrtp function to determine packet index instead use the standard API to get the rollover counter and determine the extended sequence number which is the basis for the packet index. See cisco/libsrtp#738 and cisco/libsrtp#721 BUG=webrtc:357776213 Change-Id: I90c5a4a538f56132158aa48db8700187fcdb47d2 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/371960 Commit-Queue: Philipp Hancke <[email protected]> Reviewed-by: Harald Alvestrand <[email protected]> Reviewed-by: Henrik Boström <[email protected]> Cr-Commit-Position: refs/heads/main@{#43802}
Upstream commit: https://webrtc.googlesource.com/src/+/9ff254eaf2cd799a604178ada2a89500794e13a0 srtp: stop using private libsrtp function to determine packet index instead use the standard API to get the rollover counter and determine the extended sequence number which is the basis for the packet index. See cisco/libsrtp#738 and cisco/libsrtp#721 BUG=webrtc:357776213 Change-Id: I90c5a4a538f56132158aa48db8700187fcdb47d2 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/371960 Commit-Queue: Philipp Hancke <[email protected]> Reviewed-by: Harald Alvestrand <[email protected]> Reviewed-by: Henrik Boström <[email protected]> Cr-Commit-Position: refs/heads/main@{#43802}
Upstream commit: https://webrtc.googlesource.com/src/+/9ff254eaf2cd799a604178ada2a89500794e13a0 srtp: stop using private libsrtp function to determine packet index instead use the standard API to get the rollover counter and determine the extended sequence number which is the basis for the packet index. See cisco/libsrtp#738 and cisco/libsrtp#721 BUG=webrtc:357776213 Change-Id: I90c5a4a538f56132158aa48db8700187fcdb47d2 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/371960 Commit-Queue: Philipp Hancke <[email protected]> Reviewed-by: Harald Alvestrand <[email protected]> Reviewed-by: Henrik Boström <[email protected]> Cr-Commit-Position: refs/heads/main@{#43802}
I work on packaging Chromium (and Qt WebEngine) in Debian. One of my projects is to get to the stage where Chromium can be built using a system copy of libsrtp instead of the version that is included in the Chromium codebase. Doing so has positive security implications because an update to the system copy of libsrtp can fix a security problem in all instances of the Chromium and derivitive packages in Debian.
The blocker for doing so is that Chromium utilizes some of the private headers in the libsrtp package. This is discussed in the following Chromium issue:
https://issues.chromium.org/issues/40272799
Unfortunately, this issue is currently marked private. I have made a request for the visibility to be opened up, but in the meantime I don't think anyone would mind me quoting this section:
The purpose of this feature request is to see how willing the libsrtp developers would be to make the necessary parts of this private header public. Additionally, to understand if there are any negative implications to doing so.
For a little bit of background, see the following bug reports:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866784
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038240
The text was updated successfully, but these errors were encountered: