admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert of Convert internal representation of Srtp cryptos from string to int. (patchset #10 id:180001 of https://codereview.webrtc.org/1416673006/ )

Browse Source 
Reason for revert:
Broke chromium fyi build.

Original issue's description:
> Convert internal representation of Srtp cryptos from string to int.
>
> Note that the coversion from int to string happens in 3 places
> 1) SDP layer from int to external names. mediasession.cc GetSupportedSuiteNames.
> 2) for SSL_CTX_set_tlsext_use_srtp(), converting from int to internal names.
> 3) stats collection also needs external names.
>
> External names are like AES_CM_128_HMAC_SHA1_80, specified in sslstreamadapter.cc.
> Internal names are like SRTP_AES128_CM_SHA1_80, specified in opensslstreamadapter.cc.
>
> The conversion from string to int happens in one place only, SDP layer, SrtpFilter::ApplyParams().
>
> BUG=webrtc:5043
>
> Committed: https://crrev.com/2764e1027a08a5543e04b854a27a520801faf6eb
> Cr-Commit-Position: refs/heads/master@{#10701}

TBR=juberti@webrtc.org,pthatcher@webrtc.org,juberti@google.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:5043

Review URL: https://codereview.webrtc.org/1455233005

Cr-Commit-Position: refs/heads/master@{#10702}
This commit is contained in:
guoweis 2015-11-18 19:03:38 -08:00 committed by Commit bot
parent 2764e1027a
commit 318166bed7
26 changed files with 348 additions and 384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
talk/app/webrtc/peerconnection_unittest.cc
View File

@ -113,7 +113,7 @@ static const char kDataChannelLabel[] = "data_channel";
#if !defined(THREAD_SANITIZER)
// SRTP cipher name negotiated by the tests. This must be updated if the
// default changes.
static const int kDefaultSrtpCryptoSuite = rtc::SRTP_AES128_CM_SHA1_32;
static const char kDefaultSrtpCipher[] = "AES_CM_128_HMAC_SHA1_32";
#endif
static void RemoveLinesFromSdp(const std::string& line_start,
@ -1327,7 +1327,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12None) {
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@ -1337,12 +1337,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12None) {
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
EXPECT_EQ_WAIT(kDefaultSrtpCipher,
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
EXPECT_EQ(1,
init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
kDefaultSrtpCryptoSuite));
EXPECT_EQ(1, init_observer->GetEnumCounter(
webrtc::kEnumCounterAudioSrtpCipher,
rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
}
// Test that DTLS 1.2 is used if both ends support it.
@ -1358,7 +1358,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Both) {
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_12, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@ -1368,12 +1368,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Both) {
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_12, rtc::KT_DEFAULT)));
EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
EXPECT_EQ_WAIT(kDefaultSrtpCipher,
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
EXPECT_EQ(1,
init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
kDefaultSrtpCryptoSuite));
EXPECT_EQ(1, init_observer->GetEnumCounter(
webrtc::kEnumCounterAudioSrtpCipher,
rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
}
// Test that DTLS 1.0 is used if the initator supports DTLS 1.2 and the
@ -1390,7 +1390,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Init) {
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@ -1400,12 +1400,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Init) {
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
EXPECT_EQ_WAIT(kDefaultSrtpCipher,
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
EXPECT_EQ(1,
init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
kDefaultSrtpCryptoSuite));
EXPECT_EQ(1, init_observer->GetEnumCounter(
webrtc::kEnumCounterAudioSrtpCipher,
rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
}
// Test that DTLS 1.0 is used if the initator supports DTLS 1.0 and the
@ -1422,7 +1422,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Recv) {
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@ -1432,12 +1432,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Recv) {
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
EXPECT_EQ_WAIT(kDefaultSrtpCipher,
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
EXPECT_EQ(1,
init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
kDefaultSrtpCryptoSuite));
EXPECT_EQ(1, init_observer->GetEnumCounter(
webrtc::kEnumCounterAudioSrtpCipher,
rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
}
// This test sets up a call between two parties with audio, video and data.

19
talk/app/webrtc/statscollector.cc
View File

@ -730,20 +730,17 @@ void StatsCollector::ExtractSessionInfo() {
channel_report->AddId(StatsReport::kStatsValueNameRemoteCertificateId,
remote_cert_report_id);
}
int srtp_crypto_suite = channel_iter.srtp_crypto_suite;
if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE &&
rtc::SrtpCryptoSuiteToName(srtp_crypto_suite).length()) {
channel_report->AddString(
StatsReport::kStatsValueNameSrtpCipher,
rtc::SrtpCryptoSuiteToName(srtp_crypto_suite));
const std::string& srtp_cipher = channel_iter.srtp_cipher;
if (!srtp_cipher.empty()) {
channel_report->AddString(StatsReport::kStatsValueNameSrtpCipher,
srtp_cipher);
}
int ssl_cipher_suite = channel_iter.ssl_cipher_suite;
if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL &&
rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite)
.length()) {
int ssl_cipher = channel_iter.ssl_cipher;
if (ssl_cipher &&
rtc::SSLStreamAdapter::GetSslCipherSuiteName(ssl_cipher).length()) {
channel_report->AddString(
StatsReport::kStatsValueNameDtlsCipher,
rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite));
rtc::SSLStreamAdapter::GetSslCipherSuiteName(ssl_cipher));
}
int connection_id = 0;

43
talk/app/webrtc/statscollector_unittest.cc
View File

@ -683,8 +683,8 @@ class StatsCollectorTest : public testing::Test {
// Fake stats to process.
cricket::TransportChannelStats channel_stats;
channel_stats.component = 1;
channel_stats.srtp_crypto_suite = rtc::SRTP_AES128_CM_SHA1_80;
channel_stats.ssl_cipher_suite = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
channel_stats.srtp_cipher = "the-srtp-cipher";
channel_stats.ssl_cipher = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
cricket::TransportStats transport_stats;
transport_stats.transport_name = "audio";
@ -747,17 +747,18 @@ class StatsCollectorTest : public testing::Test {
}
// Check negotiated ciphers.
std::string dtls_cipher_suite =
ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
StatsReport::kStatsValueNameDtlsCipher);
EXPECT_EQ(rtc::SSLStreamAdapter::SslCipherSuiteToName(
std::string dtls_cipher = ExtractStatsValue(
StatsReport::kStatsReportTypeComponent,
reports,
StatsReport::kStatsValueNameDtlsCipher);
EXPECT_EQ(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA),
dtls_cipher_suite);
std::string srtp_crypto_suite =
ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
StatsReport::kStatsValueNameSrtpCipher);
EXPECT_EQ(rtc::SrtpCryptoSuiteToName(rtc::SRTP_AES128_CM_SHA1_80),
srtp_crypto_suite);
dtls_cipher);
std::string srtp_cipher = ExtractStatsValue(
StatsReport::kStatsReportTypeComponent,
reports,
StatsReport::kStatsValueNameSrtpCipher);
EXPECT_EQ("the-srtp-cipher", srtp_cipher);
}
cricket::FakeMediaEngine* media_engine_;
@ -1406,14 +1407,16 @@ TEST_F(StatsCollectorTest, NoTransport) {
ASSERT_EQ(kNotFound, remote_certificate_id);
// Check that the negotiated ciphers are absent.
std::string dtls_cipher_suite =
ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
StatsReport::kStatsValueNameDtlsCipher);
ASSERT_EQ(kNotFound, dtls_cipher_suite);
std::string srtp_crypto_suite =
ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
StatsReport::kStatsValueNameSrtpCipher);
ASSERT_EQ(kNotFound, srtp_crypto_suite);
std::string dtls_cipher = ExtractStatsValue(
StatsReport::kStatsReportTypeComponent,
reports,
StatsReport::kStatsValueNameDtlsCipher);
ASSERT_EQ(kNotFound, dtls_cipher);
std::string srtp_cipher = ExtractStatsValue(
StatsReport::kStatsReportTypeComponent,
reports,
StatsReport::kStatsValueNameSrtpCipher);
ASSERT_EQ(kNotFound, srtp_cipher);
}
// This test verifies that the stats are generated correctly when the transport

18
talk/app/webrtc/webrtcsession.cc
View File

@ -2157,10 +2157,9 @@ void WebRtcSession::ReportNegotiatedCiphers(
return;
}
int srtp_crypto_suite = stats.channel_stats[0].srtp_crypto_suite;
int ssl_cipher_suite = stats.channel_stats[0].ssl_cipher_suite;
if (srtp_crypto_suite == rtc::SRTP_INVALID_CRYPTO_SUITE &&
ssl_cipher_suite == rtc::TLS_NULL_WITH_NULL_NULL) {
const std::string& srtp_cipher = stats.channel_stats[0].srtp_cipher;
int ssl_cipher = stats.channel_stats[0].ssl_cipher;
if (srtp_cipher.empty() && !ssl_cipher) {
return;
}
@ -2180,13 +2179,12 @@ void WebRtcSession::ReportNegotiatedCiphers(
return;
}
if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE) {
metrics_observer_->IncrementSparseEnumCounter(srtp_counter_type,
srtp_crypto_suite);
if (!srtp_cipher.empty()) {
metrics_observer_->IncrementSparseEnumCounter(
srtp_counter_type, rtc::GetSrtpCryptoSuiteFromName(srtp_cipher));
}
if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL) {
metrics_observer_->IncrementSparseEnumCounter(ssl_counter_type,
ssl_cipher_suite);
if (ssl_cipher) {
metrics_observer_->IncrementSparseEnumCounter(ssl_counter_type, ssl_cipher);
}
}

6
talk/media/base/cryptoparams.h
View File

@ -35,10 +35,8 @@ namespace cricket {
// Parameters for SRTP negotiation, as described in RFC 4568.
struct CryptoParams {
CryptoParams() : tag(0) {}
CryptoParams(int t,
const std::string& cs,
const std::string& kp,
const std::string& sp)
CryptoParams(int t, const std::string& cs,
const std::string& kp, const std::string& sp)
: tag(t), cipher_suite(cs), key_params(kp), session_params(sp) {}
bool Matches(const CryptoParams& params) const {

61
talk/session/media/channel.cc
View File

@ -218,11 +218,11 @@ bool BaseChannel::Init() {
return false;
}
if (!SetDtlsSrtpCryptoSuites(transport_channel(), false)) {
if (!SetDtlsSrtpCiphers(transport_channel(), false)) {
return false;
}
if (rtcp_transport_enabled() &&
!SetDtlsSrtpCryptoSuites(rtcp_transport_channel(), true)) {
!SetDtlsSrtpCiphers(rtcp_transport_channel(), true)) {
return false;
}
@ -809,16 +809,16 @@ void BaseChannel::SignalDtlsSetupFailure_s(bool rtcp) {
SignalDtlsSetupFailure(this, rtcp);
}
bool BaseChannel::SetDtlsSrtpCryptoSuites(TransportChannel* tc, bool rtcp) {
std::vector<int> crypto_suites;
// We always use the default SRTP crypto suites for RTCP, but we may use
// different crypto suites for RTP depending on the media type.
bool BaseChannel::SetDtlsSrtpCiphers(TransportChannel *tc, bool rtcp) {
std::vector<std::string> ciphers;
// We always use the default SRTP ciphers for RTCP, but we may use different
// ciphers for RTP depending on the media type.
if (!rtcp) {
GetSrtpCryptoSuites(&crypto_suites);
GetSrtpCryptoSuiteNames(&ciphers);
} else {
GetDefaultSrtpCryptoSuites(&crypto_suites);
GetDefaultSrtpCryptoSuiteNames(&ciphers);
}
return tc->SetSrtpCryptoSuites(crypto_suites);
return tc->SetSrtpCiphers(ciphers);
}
bool BaseChannel::ShouldSetupDtlsSrtp() const {
@ -837,10 +837,10 @@ bool BaseChannel::SetupDtlsSrtp(bool rtcp_channel) {
if (!channel->IsDtlsActive())
return true;
int selected_crypto_suite;
std::string selected_cipher;
if (!channel->GetSrtpCryptoSuite(&selected_crypto_suite)) {
LOG(LS_ERROR) << "No DTLS-SRTP selected crypto suite";
if (!channel->GetSrtpCryptoSuite(&selected_cipher)) {
LOG(LS_ERROR) << "No DTLS-SRTP selected cipher";
return false;
}
@ -896,15 +896,21 @@ bool BaseChannel::SetupDtlsSrtp(bool rtcp_channel) {
}
if (rtcp_channel) {
ret = srtp_filter_.SetRtcpParams(selected_crypto_suite, &(*send_key)[0],
static_cast<int>(send_key->size()),
selected_crypto_suite, &(*recv_key)[0],
static_cast<int>(recv_key->size()));
ret = srtp_filter_.SetRtcpParams(
selected_cipher,
&(*send_key)[0],
static_cast<int>(send_key->size()),
selected_cipher,
&(*recv_key)[0],
static_cast<int>(recv_key->size()));
} else {
ret = srtp_filter_.SetRtpParams(selected_crypto_suite, &(*send_key)[0],
static_cast<int>(send_key->size()),
selected_crypto_suite, &(*recv_key)[0],
static_cast<int>(recv_key->size()));
ret = srtp_filter_.SetRtpParams(
selected_cipher,
&(*send_key)[0],
static_cast<int>(send_key->size()),
selected_cipher,
&(*recv_key)[0],
static_cast<int>(recv_key->size()));
}
if (!ret)
@ -1574,8 +1580,9 @@ void VoiceChannel::OnAudioMonitorUpdate(AudioMonitor* monitor,
SignalAudioMonitor(this, info);
}
void VoiceChannel::GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const {
GetSupportedAudioCryptoSuites(crypto_suites);
void VoiceChannel::GetSrtpCryptoSuiteNames(
std::vector<std::string>* ciphers) const {
GetSupportedAudioCryptoSuites(ciphers);
}
VideoChannel::VideoChannel(rtc::Thread* thread,
@ -1963,8 +1970,9 @@ bool VideoChannel::GetLocalSsrc(const VideoCapturer* capturer, uint32_t* ssrc) {
return false;
}
void VideoChannel::GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const {
GetSupportedVideoCryptoSuites(crypto_suites);
void VideoChannel::GetSrtpCryptoSuiteNames(
std::vector<std::string>* ciphers) const {
GetSupportedVideoCryptoSuites(ciphers);
}
DataChannel::DataChannel(rtc::Thread* thread,
@ -2270,8 +2278,9 @@ void DataChannel::OnDataChannelReadyToSend(bool writable) {
new DataChannelReadyToSendMessageData(writable));
}
void DataChannel::GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const {
GetSupportedDataCryptoSuites(crypto_suites);
void DataChannel::GetSrtpCryptoSuiteNames(
std::vector<std::string>* ciphers) const {
GetSupportedDataCryptoSuites(ciphers);
}
bool DataChannel::ShouldSetupDtlsSrtp() const {

13
talk/session/media/channel.h
View File

@ -236,7 +236,7 @@ class BaseChannel
// |rtcp_channel| indicates whether to set up the RTP or RTCP filter.
bool SetupDtlsSrtp(bool rtcp_channel);
// Set the DTLS-SRTP cipher policy on this channel as appropriate.
bool SetDtlsSrtpCryptoSuites(TransportChannel* tc, bool rtcp);
bool SetDtlsSrtpCiphers(TransportChannel *tc, bool rtcp);
virtual void ChangeState() = 0;
@ -282,8 +282,9 @@ class BaseChannel
void OnMessage(rtc::Message* pmsg) override;
// Handled in derived classes
// Get the SRTP crypto suites to use for RTP media
virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const = 0;
// Get the SRTP ciphers to use for RTP media
virtual void GetSrtpCryptoSuiteNames(
std::vector<std::string>* ciphers) const = 0;
virtual void OnConnectionMonitorUpdate(ConnectionMonitor* monitor,
const std::vector<ConnectionInfo>& infos) = 0;
@ -406,7 +407,7 @@ class VoiceChannel : public BaseChannel {
bool GetStats_w(VoiceMediaInfo* stats);
virtual void OnMessage(rtc::Message* pmsg);
virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const;
virtual void GetSrtpCryptoSuiteNames(std::vector<std::string>* ciphers) const;
virtual void OnConnectionMonitorUpdate(
ConnectionMonitor* monitor, const std::vector<ConnectionInfo>& infos);
virtual void OnMediaMonitorUpdate(
@ -496,7 +497,7 @@ class VideoChannel : public BaseChannel {
bool GetStats_w(VideoMediaInfo* stats);
virtual void OnMessage(rtc::Message* pmsg);
virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const;
virtual void GetSrtpCryptoSuiteNames(std::vector<std::string>* ciphers) const;
virtual void OnConnectionMonitorUpdate(
ConnectionMonitor* monitor, const std::vector<ConnectionInfo>& infos);
virtual void OnMediaMonitorUpdate(
@ -613,7 +614,7 @@ class DataChannel : public BaseChannel {
virtual bool WantsPacket(bool rtcp, rtc::Buffer* packet);
virtual void OnMessage(rtc::Message* pmsg);
virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const;
virtual void GetSrtpCryptoSuiteNames(std::vector<std::string>* ciphers) const;
virtual void OnConnectionMonitorUpdate(
ConnectionMonitor* monitor, const std::vector<ConnectionInfo>& infos);
virtual void OnMediaMonitorUpdate(

61
talk/session/media/mediasession.cc
View File

@ -50,17 +50,6 @@ static const uint32_t kMaxSctpSid = 1023;
namespace {
const char kInline[] = "inline:";
void GetSupportedCryptoSuiteNames(void (*func)(std::vector<int>*),
std::vector<std::string>* names) {
#ifdef HAVE_SRTP
std::vector<int> crypto_suites;
func(&crypto_suites);
for (const auto crypto : crypto_suites) {
names->push_back(rtc::SrtpCryptoSuiteToName(crypto));
}
#endif
}
}
namespace cricket {
@ -163,50 +152,30 @@ bool FindMatchingCrypto(const CryptoParamsVec& cryptos,
}
// For audio, HMAC 32 is prefered because of the low overhead.
void GetSupportedAudioCryptoSuites(std::vector<int>* crypto_suites) {
void GetSupportedAudioCryptoSuites(
std::vector<std::string>* crypto_suites) {
#ifdef HAVE_SRTP
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32);
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_32);
crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_80);
#endif
}
void GetSupportedAudioCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names) {
GetSupportedCryptoSuiteNames(GetSupportedAudioCryptoSuites,
crypto_suite_names);
void GetSupportedVideoCryptoSuites(
std::vector<std::string>* crypto_suites) {
GetDefaultSrtpCryptoSuiteNames(crypto_suites);
}
void GetSupportedVideoCryptoSuites(std::vector<int>* crypto_suites) {
GetDefaultSrtpCryptoSuites(crypto_suites);
void GetSupportedDataCryptoSuites(
std::vector<std::string>* crypto_suites) {
GetDefaultSrtpCryptoSuiteNames(crypto_suites);
}
void GetSupportedVideoCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names) {
GetSupportedCryptoSuiteNames(GetSupportedVideoCryptoSuites,
crypto_suite_names);
}
void GetSupportedDataCryptoSuites(std::vector<int>* crypto_suites) {
GetDefaultSrtpCryptoSuites(crypto_suites);
}
void GetSupportedDataCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names) {
GetSupportedCryptoSuiteNames(GetSupportedDataCryptoSuites,
crypto_suite_names);
}
void GetDefaultSrtpCryptoSuites(std::vector<int>* crypto_suites) {
void GetDefaultSrtpCryptoSuiteNames(std::vector<std::string>* crypto_suites) {
#ifdef HAVE_SRTP
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_80);
#endif
}
void GetDefaultSrtpCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names) {
GetSupportedCryptoSuiteNames(GetDefaultSrtpCryptoSuites, crypto_suite_names);
}
// For video support only 80-bit SHA1 HMAC. For audio 32-bit HMAC is
// tolerated unless bundle is enabled because it is low overhead. Pick the
// crypto in the list that is supported.
@ -1545,7 +1514,7 @@ bool MediaSessionDescriptionFactory::AddAudioContentForOffer(
scoped_ptr<AudioContentDescription> audio(new AudioContentDescription());
std::vector<std::string> crypto_suites;
GetSupportedAudioCryptoSuiteNames(&crypto_suites);
GetSupportedAudioCryptoSuites(&crypto_suites);
if (!CreateMediaContentOffer(
options,
audio_codecs,
@ -1599,7 +1568,7 @@ bool MediaSessionDescriptionFactory::AddVideoContentForOffer(
scoped_ptr<VideoContentDescription> video(new VideoContentDescription());
std::vector<std::string> crypto_suites;
GetSupportedVideoCryptoSuiteNames(&crypto_suites);
GetSupportedVideoCryptoSuites(&crypto_suites);
if (!CreateMediaContentOffer(
options,
video_codecs,
@ -1669,7 +1638,7 @@ bool MediaSessionDescriptionFactory::AddDataContentForOffer(
data->set_protocol(
secure_transport ? kMediaProtocolDtlsSctp : kMediaProtocolSctp);
} else {
GetSupportedDataCryptoSuiteNames(&crypto_suites);
GetSupportedDataCryptoSuites(&crypto_suites);
}
if (!CreateMediaContentOffer(

17
talk/session/media/mediasession.h
View File

@ -547,19 +547,10 @@ const VideoContentDescription* GetFirstVideoContentDescription(
const DataContentDescription* GetFirstDataContentDescription(
const SessionDescription* sdesc);
void GetSupportedAudioCryptoSuites(std::vector<int>* crypto_suites);
void GetSupportedVideoCryptoSuites(std::vector<int>* crypto_suites);
void GetSupportedDataCryptoSuites(std::vector<int>* crypto_suites);
void GetDefaultSrtpCryptoSuites(std::vector<int>* crypto_suites);
void GetSupportedAudioCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names);
void GetSupportedVideoCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names);
void GetSupportedDataCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names);
void GetDefaultSrtpCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names);
void GetSupportedAudioCryptoSuites(std::vector<std::string>* crypto_suites);
void GetSupportedVideoCryptoSuites(std::vector<std::string>* crypto_suites);
void GetSupportedDataCryptoSuites(std::vector<std::string>* crypto_suites);
void GetDefaultSrtpCryptoSuiteNames(std::vector<std::string>* crypto_suites);
} // namespace cricket
#endif // TALK_SESSION_MEDIA_MEDIASESSION_H_

33
talk/session/media/srtpfilter.cc
View File

@ -146,10 +146,10 @@ bool SrtpFilter::SetProvisionalAnswer(
return DoSetAnswer(answer_params, source, false);
}
bool SrtpFilter::SetRtpParams(int send_cs,
bool SrtpFilter::SetRtpParams(const std::string& send_cs,
const uint8_t* send_key,
int send_key_len,
int recv_cs,
const std::string& recv_cs,
const uint8_t* recv_key,
int recv_key_len) {
if (IsActive()) {
@ -179,10 +179,10 @@ bool SrtpFilter::SetRtpParams(int send_cs,
// SrtpSession.
// - In the muxed case, they are keyed with the same keys, so
// this function is not needed
bool SrtpFilter::SetRtcpParams(int send_cs,
bool SrtpFilter::SetRtcpParams(const std::string& send_cs,
const uint8_t* send_key,
int send_key_len,
int recv_cs,
const std::string& recv_cs,
const uint8_t* recv_key,
int recv_key_len) {
// This can only be called once, but can be safely called after
@ -428,12 +428,10 @@ bool SrtpFilter::ApplyParams(const CryptoParams& send_params,
ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key)));
if (ret) {
CreateSrtpSessions();
ret = (send_session_->SetSend(
rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), send_key,
sizeof(send_key)) &&
recv_session_->SetRecv(
rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), recv_key,
sizeof(recv_key)));
ret = (send_session_->SetSend(send_params.cipher_suite,
send_key, sizeof(send_key)) &&
recv_session_->SetRecv(recv_params.cipher_suite,
recv_key, sizeof(recv_key)));
}
if (ret) {
LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
@ -509,11 +507,11 @@ SrtpSession::~SrtpSession() {
}
}
bool SrtpSession::SetSend(int cs, const uint8_t* key, int len) {
bool SrtpSession::SetSend(const std::string& cs, const uint8_t* key, int len) {
return SetKey(ssrc_any_outbound, cs, key, len);
}
bool SrtpSession::SetRecv(int cs, const uint8_t* key, int len) {
bool SrtpSession::SetRecv(const std::string& cs, const uint8_t* key, int len) {
return SetKey(ssrc_any_inbound, cs, key, len);
}
@ -660,7 +658,10 @@ void SrtpSession::set_signal_silent_time(uint32_t signal_silent_time_in_ms) {
srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms);
}
bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, int len) {
bool SrtpSession::SetKey(int type,
const std::string& cs,
const uint8_t* key,
int len) {
if (session_) {
LOG(LS_ERROR) << "Failed to create SRTP session: "
<< "SRTP session already created";
@ -674,15 +675,15 @@ bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, int len) {
srtp_policy_t policy;
memset(&policy, 0, sizeof(policy));
if (cs == rtc::SRTP_AES128_CM_SHA1_80) {
if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_80) {
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
} else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {
} else if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_32) {
crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32,
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80
} else {
LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
<< " cipher_suite " << cs;
<< " cipher_suite " << cs.c_str();
return false;
}

14
talk/session/media/srtpfilter.h
View File

@ -104,16 +104,16 @@ class SrtpFilter {
// Just set up both sets of keys directly.
// Used with DTLS-SRTP.
bool SetRtpParams(int send_cs,
bool SetRtpParams(const std::string& send_cs,
const uint8_t* send_key,
int send_key_len,
int recv_cs,
const std::string& recv_cs,
const uint8_t* recv_key,
int recv_key_len);
bool SetRtcpParams(int send_cs,
bool SetRtcpParams(const std::string& send_cs,
const uint8_t* send_key,
int send_key_len,
int recv_cs,
const std::string& recv_cs,
const uint8_t* recv_key,
int recv_key_len);
@ -199,10 +199,10 @@ class SrtpSession {
// Configures the session for sending data using the specified
// cipher-suite and key. Receiving must be done by a separate session.
bool SetSend(int cs, const uint8_t* key, int len);
bool SetSend(const std::string& cs, const uint8_t* key, int len);
// Configures the session for receiving data using the specified
// cipher-suite and key. Sending must be done by a separate session.
bool SetRecv(int cs, const uint8_t* key, int len);
bool SetRecv(const std::string& cs, const uint8_t* key, int len);
// Encrypts/signs an individual RTP/RTCP packet, in-place.
// If an HMAC is used, this will increase the packet size.
@ -232,7 +232,7 @@ class SrtpSession {
SignalSrtpError;
private:
bool SetKey(int type, int cs, const uint8_t* key, int len);
bool SetKey(int type, const std::string& cs, const uint8_t* key, int len);
// Returns send stream current packet index from srtp db.
bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index);

102
talk/session/media/srtpfilter_unittest.cc
View File

@ -508,17 +508,21 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) {
// Test directly setting the params with AES_CM_128_HMAC_SHA1_80
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_80,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey2, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_80,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey2, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
@ -527,17 +531,21 @@ TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
// Test directly setting the params with AES_CM_128_HMAC_SHA1_32
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey2, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey2, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
@ -546,21 +554,25 @@ TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
// Test directly setting the params with bogus keys
TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80,
EXPECT_FALSE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen - 1,
CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen - 1));
EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80,
EXPECT_FALSE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen - 1,
CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen - 1));
}
#if defined(ENABLE_EXTERNAL_AUTH)
TEST_F(SrtpFilterTest, TestGetSendAuthParams) {
EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
kTestKey2, kTestKeyLen));
uint8_t* auth_key = NULL;
int auth_key_len = 0, auth_tag_len = 0;
@ -617,30 +629,28 @@ class SrtpSessionTest : public testing::Test {
// Test that we can set up the session and keys properly.
TEST_F(SrtpSessionTest, TestGoodSetup) {
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
}
// Test that we can't change the keys once set.
TEST_F(SrtpSessionTest, TestBadSetup) {
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(
s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen));
EXPECT_FALSE(
s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
}
// Test that we fail keys of the wrong length.
TEST_F(SrtpSessionTest, TestKeysTooShort) {
EXPECT_FALSE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1));
EXPECT_FALSE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1));
EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
}
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80.
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80);
@ -649,8 +659,8 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32);
@ -658,7 +668,7 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
}
TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
int64_t index;
int out_len = 0;
EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
@ -671,8 +681,8 @@ TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
// Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods.
TEST_F(SrtpSessionTest, TestTamperReject) {
int out_len;
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
rtp_packet_[0] = 0x12;
@ -684,8 +694,8 @@ TEST_F(SrtpSessionTest, TestTamperReject) {
// Test that we fail to unprotect if the payloads are not authenticated.
TEST_F(SrtpSessionTest, TestUnencryptReject) {
int out_len;
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
}
@ -693,7 +703,7 @@ TEST_F(SrtpSessionTest, TestUnencryptReject) {
// Test that we fail when using buffers that are too small.
TEST_F(SrtpSessionTest, TestBuffersTooSmall) {
int out_len;
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
sizeof(rtp_packet_) - 10, &out_len));
EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
@ -707,8 +717,8 @@ TEST_F(SrtpSessionTest, TestReplay) {
static const uint16_t replay_window = 1024;
int out_len;
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
// Initial sequence number.
rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_big);

48
webrtc/base/opensslstreamadapter.cc
View File

@ -43,19 +43,17 @@ namespace rtc {
#endif
#ifdef HAVE_DTLS_SRTP
// SRTP cipher suite table. |internal_name| is used to construct a
// colon-separated profile strings which is needed by
// SSL_CTX_set_tlsext_use_srtp().
// SRTP cipher suite table
struct SrtpCipherMapEntry {
const char* external_name;
const char* internal_name;
const int id;
};
// This isn't elegant, but it's better than an external reference
static SrtpCipherMapEntry SrtpCipherMap[] = {
{"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80},
{"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32},
{nullptr, 0}};
{CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"},
{CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"},
{NULL, NULL}};
#endif
#ifndef OPENSSL_IS_BORINGSSL
@ -352,9 +350,9 @@ bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string
return true;
}
std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) {
#ifdef OPENSSL_IS_BORINGSSL
const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite);
const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher);
if (!ssl_cipher) {
return std::string();
}
@ -365,7 +363,7 @@ std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
#else
for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name;
++entry) {
if (cipher_suite == entry->openssl_id) {
if (cipher == entry->openssl_id) {
return entry->rfc_name;
}
}
@ -373,7 +371,7 @@ std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
#endif
}
bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) {
if (state_ != SSL_CONNECTED)
return false;
@ -382,7 +380,7 @@ bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
return false;
}
*cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
*cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
return true;
}
@ -409,20 +407,20 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
#endif
}
bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
const std::vector<int>& ciphers) {
bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers(
const std::vector<std::string>& ciphers) {
#ifdef HAVE_DTLS_SRTP
std::string internal_ciphers;
if (state_ != SSL_NONE)
return false;
for (std::vector<int>::const_iterator cipher = ciphers.begin();
for (std::vector<std::string>::const_iterator cipher = ciphers.begin();
cipher != ciphers.end(); ++cipher) {
bool found = false;
for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name;
for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name;
++entry) {
if (*cipher == entry->id) {
if (*cipher == entry->external_name) {
found = true;
if (!internal_ciphers.empty())
internal_ciphers += ":";
@ -447,7 +445,7 @@ bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
#endif
}
bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
#ifdef HAVE_DTLS_SRTP
ASSERT(state_ == SSL_CONNECTED);
if (state_ != SSL_CONNECTED)
@ -459,9 +457,17 @@ bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
if (!srtp_profile)
return false;
*crypto_suite = srtp_profile->id;
ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty());
return true;
for (SrtpCipherMapEntry *entry = SrtpCipherMap;
entry->internal_name; ++entry) {
if (!strcmp(entry->internal_name, srtp_profile->name)) {
*cipher = entry->external_name;
return true;
}
}
ASSERT(false); // This should never happen
return false;
#else
return false;
#endif

6
webrtc/base/opensslstreamadapter.h
View File

@ -88,7 +88,7 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter {
StreamState GetState() const override;
// TODO(guoweis): Move this away from a static class method.
static std::string SslCipherSuiteToName(int crypto_suite);
static std::string GetSslCipherSuiteName(int cipher);
bool GetSslCipherSuite(int* cipher) override;
@ -101,8 +101,8 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter {
size_t result_len) override;
// DTLS-SRTP interface
bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites) override;
bool GetDtlsSrtpCryptoSuite(int* crypto_suite) override;
bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers) override;
bool GetDtlsSrtpCipher(std::string* cipher) override;
// Capabilities interfaces
static bool HaveDtls();

28
webrtc/base/sslstreamadapter.cc
View File

@ -30,20 +30,12 @@ namespace rtc {
const char CS_AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
const char CS_AES_CM_128_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
std::string SrtpCryptoSuiteToName(int crypto_suite) {
if (crypto_suite == SRTP_AES128_CM_SHA1_32)
return CS_AES_CM_128_HMAC_SHA1_32;
if (crypto_suite == SRTP_AES128_CM_SHA1_80)
return CS_AES_CM_128_HMAC_SHA1_80;
return std::string();
}
int SrtpCryptoSuiteFromName(const std::string& crypto_suite) {
if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_32)
int GetSrtpCryptoSuiteFromName(const std::string& cipher) {
if (cipher == CS_AES_CM_128_HMAC_SHA1_32)
return SRTP_AES128_CM_SHA1_32;
if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_80)
if (cipher == CS_AES_CM_128_HMAC_SHA1_80)
return SRTP_AES128_CM_SHA1_80;
return SRTP_INVALID_CRYPTO_SUITE;
return 0;
}
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
@ -54,7 +46,7 @@ SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
#endif // SSL_USE_OPENSSL
}
bool SSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
bool SSLStreamAdapter::GetSslCipherSuite(int* cipher) {
return false;
}
@ -67,12 +59,12 @@ bool SSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
return false; // Default is unsupported
}
bool SSLStreamAdapter::SetDtlsSrtpCryptoSuites(
const std::vector<int>& crypto_suites) {
bool SSLStreamAdapter::SetDtlsSrtpCiphers(
const std::vector<std::string>& ciphers) {
return false;
}
bool SSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
bool SSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
return false;
}
@ -91,8 +83,8 @@ int SSLStreamAdapter::GetDefaultSslCipherForTest(SSLProtocolVersion version,
return OpenSSLStreamAdapter::GetDefaultSslCipherForTest(version, key_type);
}
std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
return OpenSSLStreamAdapter::SslCipherSuiteToName(cipher_suite);
std::string SSLStreamAdapter::GetSslCipherSuiteName(int cipher) {
return OpenSSLStreamAdapter::GetSslCipherSuiteName(cipher);
}
#endif // SSL_USE_OPENSSL

23
webrtc/base/sslstreamadapter.h
View File

@ -19,11 +19,7 @@
namespace rtc {
// Constants for SSL profile.
const int TLS_NULL_WITH_NULL_NULL = 0;
// Constants for SRTP profiles.
const int SRTP_INVALID_CRYPTO_SUITE = 0;
const int SRTP_AES128_CM_SHA1_80 = 0x0001;
const int SRTP_AES128_CM_SHA1_32 = 0x0002;
@ -35,13 +31,10 @@ extern const char CS_AES_CM_128_HMAC_SHA1_80[];
// 128-bit AES with 32-bit SHA-1 HMAC.
extern const char CS_AES_CM_128_HMAC_SHA1_32[];
// Given the DTLS-SRTP protection profile ID, as defined in
// https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile
// name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2.
std::string SrtpCryptoSuiteToName(int crypto_suite);
// The reverse of above conversion.
int SrtpCryptoSuiteFromName(const std::string& crypto_suite);
// Returns the DTLS-SRTP protection profile ID, as defined in
// https://tools.ietf.org/html/rfc5764#section-4.1.2, for the given SRTP
// Crypto-suite, as defined in https://tools.ietf.org/html/rfc4568#section-6.2
int GetSrtpCryptoSuiteFromName(const std::string& cipher_rfc_name);
// SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS.
// After SSL has been started, the stream will only open on successful
@ -159,7 +152,7 @@ class SSLStreamAdapter : public StreamAdapterInterface {
// Retrieves the IANA registration id of the cipher suite used for the
// connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA").
virtual bool GetSslCipherSuite(int* cipher_suite);
virtual bool GetSslCipherSuite(int* cipher);
// Key Exporter interface from RFC 5705
// Arguments are:
@ -181,8 +174,8 @@ class SSLStreamAdapter : public StreamAdapterInterface {
size_t result_len);
// DTLS-SRTP interface
virtual bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites);
virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite);
virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers);
virtual bool GetDtlsSrtpCipher(std::string* cipher);
// Capabilities testing
static bool HaveDtls();
@ -198,7 +191,7 @@ class SSLStreamAdapter : public StreamAdapterInterface {
// TODO(guoweis): Move this away from a static class method. Currently this is
// introduced such that any caller could depend on sslstreamadapter.h without
// depending on specific SSL implementation.
static std::string SslCipherSuiteToName(int cipher_suite);
static std::string GetSslCipherSuiteName(int cipher);
private:
// If true, the server certificate need not match the configured

91
webrtc/base/sslstreamadapter_unittest.cc
View File

@ -29,6 +29,8 @@ using ::testing::Combine;
using ::testing::tuple;
static const int kBlockSize = 4096;
static const char kAES_CM_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
static const char kAES_CM_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
static const char kExporterLabel[] = "label";
static const unsigned char kExporterContext[] = "context";
static int kExporterContextLen = sizeof(kExporterContext);
@ -387,18 +389,19 @@ class SSLStreamAdapterTestBase : public testing::Test,
handshake_wait_ = wait;
}
void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {
void SetDtlsSrtpCiphers(const std::vector<std::string> &ciphers,
bool client) {
if (client)
client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
client_ssl_->SetDtlsSrtpCiphers(ciphers);
else
server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
server_ssl_->SetDtlsSrtpCiphers(ciphers);
}
bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {
bool GetDtlsSrtpCipher(bool client, std::string *retval) {
if (client)
return client_ssl_->GetDtlsSrtpCryptoSuite(retval);
return client_ssl_->GetDtlsSrtpCipher(retval);
else
return server_ssl_->GetDtlsSrtpCryptoSuite(retval);
return server_ssl_->GetDtlsSrtpCipher(retval);
}
bool GetPeerCertificate(bool client, rtc::SSLCertificate** cert) {
@ -806,74 +809,74 @@ TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSTransferWithDamage) {
// Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
SetDtlsSrtpCryptoSuites(high, true);
SetDtlsSrtpCryptoSuites(high, false);
std::vector<std::string> high;
high.push_back(kAES_CM_HMAC_SHA1_80);
SetDtlsSrtpCiphers(high, true);
SetDtlsSrtpCiphers(high, false);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
std::string client_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
std::string server_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
};
// Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(low, true);
SetDtlsSrtpCryptoSuites(low, false);
std::vector<std::string> low;
low.push_back(kAES_CM_HMAC_SHA1_32);
SetDtlsSrtpCiphers(low, true);
SetDtlsSrtpCiphers(low, false);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
std::string client_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
std::string server_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_32);
};
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(high, true);
SetDtlsSrtpCryptoSuites(low, false);
std::vector<std::string> high;
high.push_back(kAES_CM_HMAC_SHA1_80);
std::vector<std::string> low;
low.push_back(kAES_CM_HMAC_SHA1_32);
SetDtlsSrtpCiphers(high, true);
SetDtlsSrtpCiphers(low, false);
TestHandshake();
int client_cipher;
ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
std::string client_cipher;
ASSERT_FALSE(GetDtlsSrtpCipher(true, &client_cipher));
std::string server_cipher;
ASSERT_FALSE(GetDtlsSrtpCipher(false, &server_cipher));
};
// Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> mixed;
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(mixed, true);
SetDtlsSrtpCryptoSuites(mixed, false);
std::vector<std::string> mixed;
mixed.push_back(kAES_CM_HMAC_SHA1_80);
mixed.push_back(kAES_CM_HMAC_SHA1_32);
SetDtlsSrtpCiphers(mixed, true);
SetDtlsSrtpCiphers(mixed, false);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
std::string client_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
std::string server_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
};
// Test an exporter

21
webrtc/p2p/base/dtlstransportchannel.cc
View File

@ -267,7 +267,7 @@ bool DtlsTransportChannelWrapper::SetupDtls() {
// Set up DTLS-SRTP, if it's been enabled.
if (!srtp_ciphers_.empty()) {
if (!dtls_->SetDtlsSrtpCryptoSuites(srtp_ciphers_)) {
if (!dtls_->SetDtlsSrtpCiphers(srtp_ciphers_)) {
LOG_J(LS_ERROR, this) << "Couldn't set DTLS-SRTP ciphers.";
return false;
}
@ -279,10 +279,11 @@ bool DtlsTransportChannelWrapper::SetupDtls() {
return true;
}
bool DtlsTransportChannelWrapper::SetSrtpCryptoSuites(
const std::vector<int>& ciphers) {
if (srtp_ciphers_ == ciphers)
bool DtlsTransportChannelWrapper::SetSrtpCiphers(
const std::vector<std::string>& ciphers) {
if (srtp_ciphers_ == ciphers) {
return true;
}
if (dtls_state() == DTLS_TRANSPORT_CONNECTING) {
LOG(LS_WARNING) << "Ignoring new SRTP ciphers while DTLS is negotiating";
@ -293,18 +294,18 @@ bool DtlsTransportChannelWrapper::SetSrtpCryptoSuites(
// We don't support DTLS renegotiation currently. If new set of srtp ciphers
// are different than what's being used currently, we will not use it.
// So for now, let's be happy (or sad) with a warning message.
int current_srtp_cipher;
if (!dtls_->GetDtlsSrtpCryptoSuite(&current_srtp_cipher)) {
std::string current_srtp_cipher;
if (!dtls_->GetDtlsSrtpCipher(&current_srtp_cipher)) {
LOG(LS_ERROR) << "Failed to get the current SRTP cipher for DTLS channel";
return false;
}
const std::vector<int>::const_iterator iter =
const std::vector<std::string>::const_iterator iter =
std::find(ciphers.begin(), ciphers.end(), current_srtp_cipher);
if (iter == ciphers.end()) {
std::string requested_str;
for (size_t i = 0; i < ciphers.size(); ++i) {
requested_str.append(" ");
requested_str.append(rtc::SrtpCryptoSuiteToName(ciphers[i]));
requested_str.append(ciphers[i]);
requested_str.append(" ");
}
LOG(LS_WARNING) << "Ignoring new set of SRTP ciphers, as DTLS "
@ -323,12 +324,12 @@ bool DtlsTransportChannelWrapper::SetSrtpCryptoSuites(
return true;
}
bool DtlsTransportChannelWrapper::GetSrtpCryptoSuite(int* cipher) {
bool DtlsTransportChannelWrapper::GetSrtpCryptoSuite(std::string* cipher) {
if (dtls_state() != DTLS_TRANSPORT_CONNECTED) {
return false;
}
return dtls_->GetDtlsSrtpCryptoSuite(cipher);
return dtls_->GetDtlsSrtpCipher(cipher);
}

6
webrtc/p2p/base/dtlstransportchannel.h
View File

@ -126,10 +126,10 @@ class DtlsTransportChannelWrapper : public TransportChannelImpl {
// Set up the ciphers to use for DTLS-SRTP. If this method is not called
// before DTLS starts, or |ciphers| is empty, SRTP keys won't be negotiated.
// This method should be called before SetupDtls.
bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override;
bool SetSrtpCiphers(const std::vector<std::string>& ciphers) override;
// Find out which DTLS-SRTP cipher was negotiated
bool GetSrtpCryptoSuite(int* cipher) override;
bool GetSrtpCryptoSuite(std::string* cipher) override;
bool GetSslRole(rtc::SSLRole* role) const override;
bool SetSslRole(rtc::SSLRole role) override;
@ -223,7 +223,7 @@ class DtlsTransportChannelWrapper : public TransportChannelImpl {
TransportChannelImpl* const channel_;
rtc::scoped_ptr<rtc::SSLStreamAdapter> dtls_; // The DTLS stream
StreamInterfaceChannel* downward_; // Wrapper for channel_, owned by dtls_.
std::vector<int> srtp_ciphers_; // SRTP ciphers to use with DTLS.
std::vector<std::string> srtp_ciphers_; // SRTP ciphers to use with DTLS.
bool dtls_active_ = false;
rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_;
rtc::SSLRole ssl_role_;

25
webrtc/p2p/base/dtlstransportchannel_unittest.cc
View File

@ -28,6 +28,7 @@
return; \
}
static const char AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
static const char kIceUfrag1[] = "TESTICEUFRAG0001";
static const char kIcePwd1[] = "TESTICEPWD00000000000001";
static const size_t kPacketNumOffset = 8;
@ -149,9 +150,9 @@ class DtlsTestClient : public sigslot::has_slots<> {
// SRTP ciphers will be set only in the beginning.
for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
channels_.begin(); it != channels_.end(); ++it) {
std::vector<int> ciphers;
ciphers.push_back(rtc::SRTP_AES128_CM_SHA1_80);
ASSERT_TRUE((*it)->SetSrtpCryptoSuites(ciphers));
std::vector<std::string> ciphers;
ciphers.push_back(AES_CM_128_HMAC_SHA1_80);
ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers));
}
}
@ -214,16 +215,16 @@ class DtlsTestClient : public sigslot::has_slots<> {
}
}
void CheckSrtp(int expected_crypto_suite) {
void CheckSrtp(const std::string& expected_cipher) {
for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
channels_.begin(); it != channels_.end(); ++it) {
int crypto_suite;
std::string cipher;
bool rv = (*it)->GetSrtpCryptoSuite(&crypto_suite);
if (negotiated_dtls_ && expected_crypto_suite) {
bool rv = (*it)->GetSrtpCryptoSuite(&cipher);
if (negotiated_dtls_ && !expected_cipher.empty()) {
ASSERT_TRUE(rv);
ASSERT_EQ(crypto_suite, expected_crypto_suite);
ASSERT_EQ(cipher, expected_cipher);
} else {
ASSERT_FALSE(rv);
}
@ -468,11 +469,11 @@ class DtlsTransportChannelTest : public testing::Test {
// Check that we negotiated the right ciphers.
if (use_dtls_srtp_) {
client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
client1_.CheckSrtp(AES_CM_128_HMAC_SHA1_80);
client2_.CheckSrtp(AES_CM_128_HMAC_SHA1_80);
} else {
client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
client1_.CheckSrtp("");
client2_.CheckSrtp("");
}
client1_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
ssl_expected_version_, rtc::KT_DEFAULT));

25
webrtc/p2p/base/faketransportcontroller.h
View File

@ -242,20 +242,20 @@ class FakeTransportChannel : public TransportChannelImpl,
bool IsDtlsActive() const override { return do_dtls_; }
bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override {
bool SetSrtpCiphers(const std::vector<std::string>& ciphers) override {
srtp_ciphers_ = ciphers;
return true;
}
bool GetSrtpCryptoSuite(int* crypto_suite) override {
if (chosen_crypto_suite_ != rtc::SRTP_INVALID_CRYPTO_SUITE) {
*crypto_suite = chosen_crypto_suite_;
bool GetSrtpCryptoSuite(std::string* cipher) override {
if (!chosen_srtp_cipher_.empty()) {
*cipher = chosen_srtp_cipher_;
return true;
}
return false;
}
bool GetSslCipherSuite(int* cipher_suite) override { return false; }
bool GetSslCipherSuite(int* cipher) override { return false; }
rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const {
return local_cert_;
@ -275,7 +275,7 @@ class FakeTransportChannel : public TransportChannelImpl,
bool use_context,
uint8_t* result,
size_t result_len) override {
if (chosen_crypto_suite_ != rtc::SRTP_INVALID_CRYPTO_SUITE) {
if (!chosen_srtp_cipher_.empty()) {
memset(result, 0xff, result_len);
return true;
}
@ -284,13 +284,14 @@ class FakeTransportChannel : public TransportChannelImpl,
}
void NegotiateSrtpCiphers() {
for (std::vector<int>::const_iterator it1 = srtp_ciphers_.begin();
for (std::vector<std::string>::const_iterator it1 = srtp_ciphers_.begin();
it1 != srtp_ciphers_.end(); ++it1) {
for (std::vector<int>::const_iterator it2 = dest_->srtp_ciphers_.begin();
for (std::vector<std::string>::const_iterator it2 =
dest_->srtp_ciphers_.begin();
it2 != dest_->srtp_ciphers_.end(); ++it2) {
if (*it1 == *it2) {
chosen_crypto_suite_ = *it1;
dest_->chosen_crypto_suite_ = *it2;
chosen_srtp_cipher_ = *it1;
dest_->chosen_srtp_cipher_ = *it2;
return;
}
}
@ -321,8 +322,8 @@ class FakeTransportChannel : public TransportChannelImpl,
rtc::scoped_refptr<rtc::RTCCertificate> local_cert_;
rtc::FakeSSLCertificate* remote_cert_ = nullptr;
bool do_dtls_ = false;
std::vector<int> srtp_ciphers_;
int chosen_crypto_suite_ = rtc::SRTP_INVALID_CRYPTO_SUITE;
std::vector<std::string> srtp_ciphers_;
std::string chosen_srtp_cipher_;
int receiving_timeout_ = -1;
bool gather_continually_ = false;
IceRole role_ = ICEROLE_UNKNOWN;

4
webrtc/p2p/base/p2ptransportchannel.h
View File

@ -108,12 +108,12 @@ class P2PTransportChannel : public TransportChannelImpl,
bool SetSslRole(rtc::SSLRole role) override { return false; }
// Set up the ciphers to use for DTLS-SRTP.
bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override {
bool SetSrtpCiphers(const std::vector<std::string>& ciphers) override {
return false;
}
// Find out which DTLS-SRTP cipher was negotiated.
bool GetSrtpCryptoSuite(int* cipher) override { return false; }
bool GetSrtpCryptoSuite(std::string* cipher) override { return false; }
// Find out which DTLS cipher was negotiated.
bool GetSslCipherSuite(int* cipher) override { return false; }

4
webrtc/p2p/base/transport.cc
View File

@ -305,8 +305,8 @@ bool Transport::GetStats(TransportStats* stats) {
TransportChannelImpl* channel = kv.second;
TransportChannelStats substats;
substats.component = channel->component();
channel->GetSrtpCryptoSuite(&substats.srtp_crypto_suite);
channel->GetSslCipherSuite(&substats.ssl_cipher_suite);
channel->GetSrtpCryptoSuite(&substats.srtp_cipher);
channel->GetSslCipherSuite(&substats.ssl_cipher);
if (!channel->GetStats(&substats.connection_infos)) {
return false;
}

4
webrtc/p2p/base/transport.h
View File

@ -123,8 +123,8 @@ typedef std::vector<ConnectionInfo> ConnectionInfos;
struct TransportChannelStats {
int component = 0;
ConnectionInfos connection_infos;
int srtp_crypto_suite = rtc::SRTP_INVALID_CRYPTO_SUITE;
int ssl_cipher_suite = rtc::TLS_NULL_WITH_NULL_NULL;
std::string srtp_cipher;
int ssl_cipher = 0;
};
// Information about all the channels of a transport.

9
webrtc/p2p/base/transportchannel.cc
View File

@ -54,13 +54,4 @@ void TransportChannel::set_dtls_state(DtlsTransportState state) {
SignalDtlsState(this);
}
// TODO(guoweis): Remove this function once everything is moved away.
bool TransportChannel::SetSrtpCiphers(const std::vector<std::string>& ciphers) {
std::vector<int> crypto_suites;
for (const auto cipher : ciphers) {
crypto_suites.push_back(rtc::SrtpCryptoSuiteFromName(cipher));
}
return SetSrtpCryptoSuites(crypto_suites);
}
} // namespace cricket

9
webrtc/p2p/base/transportchannel.h
View File

@ -108,14 +108,13 @@ class TransportChannel : public sigslot::has_slots<> {
virtual bool GetSslRole(rtc::SSLRole* role) const = 0;
// Sets up the ciphers to use for DTLS-SRTP.
virtual bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) = 0;
// Keep the original one for backward compatibility until all dependencies
// move away. TODO(guoweis): Remove this function.
virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers);
virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers) = 0;
// Finds out which DTLS-SRTP cipher was negotiated.
// TODO(guoweis): Remove this once all dependencies implement this.
virtual bool GetSrtpCryptoSuite(int* cipher) { return false; }
virtual bool GetSrtpCryptoSuite(std::string* cipher) {
return false;
}
// Finds out which DTLS cipher was negotiated.
// TODO(guoweis): Remove this once all dependencies implement this.