From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id C74904B93E for ; Tue, 22 Jul 2025 12:37:59 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id E87D868D077; Tue, 22 Jul 2025 15:36:59 +0300 (EEST) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 4AC3B68CFD8 for ; Tue, 22 Jul 2025 15:36:58 +0300 (EEST) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-23694cec0feso50910135ad.2 for ; Tue, 22 Jul 2025 05:36:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1753187816; x=1753792616; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XmCIVbOh6Gx8bLyki+yFFMx4cq6rA+UVoaCqb0NCel4=; b=Ss7rgP5A0Sni65QitLJubZYtqv4yU0EIbWiEkbgW46hTlVB8VO62FnJa0F1Pqx8v2G MQoHuJcGOG9mCETshntmEfRbkMjRWy/mU/xKmVF766YTEoBGwMfSBLaKVJU3Z9HTt6RK u+0bsI7WBGWPXxxfWqY5YY0cGBdW0osPlW+oALPLrn9hUgud88NI5jqV6kPy/bzRxTo0 ijq4UTQEqefnsez1gHvfyfmchrNjTXEVEpKRA9Lz8TL8TQVakDUIFd0gGMSTz7wMQKdh WTnOEawZUFgGj0EZD05Tnqe77lABV4AV4TMTjZvcweluohx1iEjl7N4N3JHPtLCCl1Dc uMzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753187816; x=1753792616; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XmCIVbOh6Gx8bLyki+yFFMx4cq6rA+UVoaCqb0NCel4=; b=CxSkphi6deK44Q6V2FK17WP5MqOw2xT7GN09flTlYJugjvpyzjc6jMQkKXeMrsl4Oz gactnA1LyvbRo3UpzykNBCk85roGSoml85rUsJSbvjp127zSabIyxczoRnysJ3AoSL1D HxJcJmJOPJRGplMGz3UYQYPIQEn8xgJ1FZqoccB8S1p0erBCJndc16wWty6KZG5yKT5c 914T0CuUVSNWJ+fYuH7h+U9vKUjw/tyzrI1n2pUrKMMr2ObutNywtYg9FPZWEqXoven3 poCS/aKj31ATPRqt8sg9ccjEGkbasHPHBUFwPs66SD8Y8i2ZufKhnZ8un4T5R4q5yd7A dkuw== X-Gm-Message-State: AOJu0YyTps1gLRIK6zTxvNognLYQsAgaGI7MP6fneOtUXnNxDvktF8tp tnllJxWCrZJJzS34sGtL/uN5VcHBNr9nZ8Vjv0FquPMPwFJDiu7RgMjU+11oB09ZfeQ= X-Gm-Gg: ASbGncveoSdhyvbdaSRiSMaNJyF3v4n4kBK3If5iqb90nKTwB+jXE7YZJsegU4w01ag bdadL77OP/A6cFUL5qA+LQAfLNgWCXzUEXw0mFKQlBzwUVjfdNEfRkQWaAAIu8/8xD9vhnm3gPL uWJMFzIZL4y59Kg21eqQzxlAU0fT7tnMnWI7furYEKKeQpvLFaoVF06R33/YQwFk4j89FDTyRTO wj2dvo2QNb8Bh0XLWokGuRIM6uYrroPB3Xi7Nf+7qwudxlkam0fBZA8LjedZBbUHTlKB5K/5Pw4 kdFGHroAXieP28SgzkM5f0GIxxfMKmfxD9wUlrPMFNgVy1YAICwz2Jnhg6zoY5mNdSTGcYtHqrG +kgRFPKi76/dkgkpZYDhqS0zVG24Em60CFfXIiM7ODOMU+Q== X-Google-Smtp-Source: AGHT+IFqvy3CH7fR3z40Aqu9SF+4e/QHopzUcoFQqHDIB8oHtgUbwkq3QY+tHCdehxOubisAtZ6JYA== X-Received: by 2002:a17:902:fd45:b0:23f:6fc0:59b2 with SMTP id d9443c01a7336-23f6fc0665amr112951135ad.6.1753187816305; Tue, 22 Jul 2025 05:36:56 -0700 (PDT) Received: from localhost.localdomain ([182.126.128.169]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-23e3b60edbasm75740715ad.70.2025.07.22.05.36.54 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 22 Jul 2025 05:36:56 -0700 (PDT) From: Jack Lau X-Google-Original-From: Jack Lau To: ffmpeg-devel@ffmpeg.org Date: Tue, 22 Jul 2025 20:36:08 +0800 Message-ID: <20250722123616.53164-8-jacklau1222@qq.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250722123616.53164-1-jacklau1222@qq.com> References: <20250722123616.53164-1-jacklau1222@qq.com> MIME-Version: 1.0 X-Unsent: 1 Subject: [FFmpeg-devel] [PATCH v5 07/15] avformat/whip: add support for active dtls role X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Jack Lau Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: add dtls_active flag to specify the dtls role properly set the send key and recv key depends on DTLS role As DTLS server, the recv key is client master key plus salt, the send key is server master key plus salt. As DTLS client, the recv key is server master key plus salt, the send key is client master key plus salt. Signed-off-by: Jack Lau --- libavformat/whip.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/libavformat/whip.c b/libavformat/whip.c index 094d3a0a4c..e02ed7a8a4 100644 --- a/libavformat/whip.c +++ b/libavformat/whip.c @@ -201,7 +201,8 @@ enum WHIPState { typedef enum WHIPFlags { WHIP_FLAG_IGNORE_IPV6 = (1 << 0), // Ignore ipv6 candidate - WHIP_FLAG_DISABLE_RTX = (1 << 1) // Enable NACK and RTX + WHIP_FLAG_DISABLE_RTX = (1 << 1), // Enable NACK and RTX + WHIP_FLAG_DTLS_ACTIVE = (1 << 2), // DTLS active role } WHIPFlags; typedef struct RtpHistoryItem { @@ -611,6 +612,7 @@ static int generate_sdp_offer(AVFormatContext *s) const char *acodec_name = NULL, *vcodec_name = NULL; AVBPrint bp; WHIPContext *whip = s->priv_data; + int is_dtls_active = whip->flags & WHIP_FLAG_DTLS_ACTIVE; /* To prevent a crash during cleanup, always initialize it. */ av_bprint_init(&bp, 1, MAX_SDP_SIZE); @@ -664,7 +666,7 @@ static int generate_sdp_offer(AVFormatContext *s) "a=ice-ufrag:%s\r\n" "a=ice-pwd:%s\r\n" "a=fingerprint:sha-256 %s\r\n" - "a=setup:passive\r\n" + "a=setup:%s\r\n" "a=mid:0\r\n" "a=sendonly\r\n" "a=msid:FFmpeg audio\r\n" @@ -676,6 +678,7 @@ static int generate_sdp_offer(AVFormatContext *s) whip->ice_ufrag_local, whip->ice_pwd_local, whip->dtls_fingerprint, + is_dtls_active ? "active" : "passive", whip->audio_payload_type, acodec_name, whip->audio_par->sample_rate, @@ -698,7 +701,7 @@ static int generate_sdp_offer(AVFormatContext *s) "a=ice-ufrag:%s\r\n" "a=ice-pwd:%s\r\n" "a=fingerprint:sha-256 %s\r\n" - "a=setup:passive\r\n" + "a=setup:%s\r\n" "a=mid:1\r\n" "a=sendonly\r\n" "a=msid:FFmpeg video\r\n" @@ -719,6 +722,7 @@ static int generate_sdp_offer(AVFormatContext *s) whip->ice_ufrag_local, whip->ice_pwd_local, whip->dtls_fingerprint, + is_dtls_active ? "active" : "passive", whip->video_payload_type, vcodec_name, whip->video_payload_type, @@ -1270,6 +1274,7 @@ static int ice_dtls_handshake(AVFormatContext *s) int ret = 0, size, i; int64_t starttime = av_gettime(), now; WHIPContext *whip = s->priv_data; + int is_dtls_active = whip->flags & WHIP_FLAG_DTLS_ACTIVE; AVDictionary *opts = NULL; char buf[256], *cert_buf = NULL, *key_buf = NULL; @@ -1319,12 +1324,14 @@ next_packet: av_usleep(5 * 1000); continue; } + if (is_dtls_active) + break; av_log(whip, AV_LOG_ERROR, "Failed to read message\n"); goto end; } /* Got nothing, continue to process handshake. */ - if (ret <= 0 && whip->state < WHIP_STATE_DTLS_CONNECTING) + if (ret <= 0 && (is_dtls_active ? whip->state < WHIP_STATE_ICE_CONNECTED : whip->state < WHIP_STATE_DTLS_CONNECTING)) continue; /* Handle the ICE binding response. */ @@ -1348,7 +1355,7 @@ next_packet: } else av_dict_set(&opts, "key_pem", whip->key_buf, 0); av_dict_set_int(&opts, "external_sock", 1, 0); - av_dict_set_int(&opts, "listen", 1, 0); + av_dict_set_int(&opts, "listen", is_dtls_active ? 0 : 1, 0); /* If got the first binding response, start DTLS handshake. */ ret = ffurl_open_whitelist(&whip->dtls_uc, buf, AVIO_FLAG_READ_WRITE, &s->interrupt_callback, &opts, s->protocol_whitelist, s->protocol_blacklist, NULL); @@ -1368,7 +1375,7 @@ next_packet: } /* If got any DTLS messages, handle it. */ - if (is_dtls_packet(whip->buf, ret) && whip->state >= WHIP_STATE_ICE_CONNECTED || whip->state == WHIP_STATE_DTLS_CONNECTING) { + if ((is_dtls_packet(whip->buf, ret) || is_dtls_active) && whip->state >= WHIP_STATE_ICE_CONNECTED || whip->state == WHIP_STATE_DTLS_CONNECTING) { whip->state = WHIP_STATE_DTLS_CONNECTING; if ((ret = ffurl_handshake(whip->dtls_uc)) < 0) goto end; @@ -1406,6 +1413,8 @@ static int setup_srtp(AVFormatContext *s) */ const char* suite = "SRTP_AES128_CM_HMAC_SHA1_80"; WHIPContext *whip = s->priv_data; + int is_dtls_active = whip->flags & WHIP_FLAG_DTLS_ACTIVE; + ret = ff_dtls_export_materials(whip->dtls_uc, whip->dtls_srtp_materials, sizeof(whip->dtls_srtp_materials)); if (ret < 0) goto end; @@ -1420,13 +1429,11 @@ static int setup_srtp(AVFormatContext *s) char *client_salt = server_key + DTLS_SRTP_KEY_LEN; char *server_salt = client_salt + DTLS_SRTP_SALT_LEN; - /* As DTLS server, the recv key is client master key plus salt. */ - memcpy(recv_key, client_key, DTLS_SRTP_KEY_LEN); - memcpy(recv_key + DTLS_SRTP_KEY_LEN, client_salt, DTLS_SRTP_SALT_LEN); + memcpy(is_dtls_active ? send_key : recv_key, client_key, DTLS_SRTP_KEY_LEN); + memcpy(is_dtls_active ? send_key + DTLS_SRTP_KEY_LEN : recv_key + DTLS_SRTP_KEY_LEN, client_salt, DTLS_SRTP_SALT_LEN); - /* As DTLS server, the send key is server master key plus salt. */ - memcpy(send_key, server_key, DTLS_SRTP_KEY_LEN); - memcpy(send_key + DTLS_SRTP_KEY_LEN, server_salt, DTLS_SRTP_SALT_LEN); + memcpy(is_dtls_active ? recv_key : send_key, server_key, DTLS_SRTP_KEY_LEN); + memcpy(is_dtls_active ? recv_key + DTLS_SRTP_KEY_LEN : send_key + DTLS_SRTP_KEY_LEN, server_salt, DTLS_SRTP_SALT_LEN); /* Setup SRTP context for outgoing packets */ if (!av_base64_encode(buf, sizeof(buf), send_key, sizeof(send_key))) { @@ -2098,6 +2105,7 @@ static const AVOption options[] = { { "whip_flags", "Set flags affecting WHIP connection behavior", OFFSET(flags), AV_OPT_TYPE_FLAGS, { .i64 = 0 }, 0, 0, ENC, .unit = "flags" }, { "ignore_ipv6", "Ignore any IPv6 ICE candidate", 0, AV_OPT_TYPE_CONST, { .i64 = WHIP_FLAG_IGNORE_IPV6 }, 0, UINT_MAX, ENC, .unit = "flags" }, { "disable_rtx", "Disable RFC 4588 RTX", 0, AV_OPT_TYPE_CONST, { .i64 = WHIP_FLAG_DISABLE_RTX }, 0, UINT_MAX, ENC, .unit = "flags" }, + { "dtls_active", "Set dtls role as active", 0, AV_OPT_TYPE_CONST, { .i64 = WHIP_FLAG_DTLS_ACTIVE }, 0, UINT_MAX, ENC, .unit = "flags" }, { "rtx_history_size", "Packet history size", OFFSET(history_size), AV_OPT_TYPE_INT, { .i64 = HISTORY_SIZE_DEFAULT }, 64, 2048, ENC }, { NULL }, }; -- 2.49.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".