admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reland Convert internal representation of Srtp cryptos from string to int

Browse Source 
TBR=pthatcher@webrtc.org
BUG=webrtc:5043

Review URL: https://codereview.webrtc.org/1458023002 .

Cr-Commit-Position: refs/heads/master@{#10703}
This commit is contained in:
Guo-wei Shieh 2015-11-18 19:41:53 -08:00
parent 318166bed7
commit 521ed7bf02
26 changed files with 391 additions and 349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
talk/app/webrtc/peerconnection_unittest.cc
View File

@ -113,7 +113,7 @@ static const char kDataChannelLabel[] = "data_channel";
#if !defined(THREAD_SANITIZER)
// SRTP cipher name negotiated by the tests. This must be updated if the
// default changes.
static const char kDefaultSrtpCipher[] = "AES_CM_128_HMAC_SHA1_32";
static const int kDefaultSrtpCryptoSuite = rtc::SRTP_AES128_CM_SHA1_32;
#endif
static void RemoveLinesFromSdp(const std::string& line_start,
@ -1327,7 +1327,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12None) {
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@ -1337,12 +1337,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12None) {
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
EXPECT_EQ_WAIT(kDefaultSrtpCipher,
EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
EXPECT_EQ(1, init_observer->GetEnumCounter(
webrtc::kEnumCounterAudioSrtpCipher,
rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
EXPECT_EQ(1,
init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
kDefaultSrtpCryptoSuite));
}
// Test that DTLS 1.2 is used if both ends support it.
@ -1358,7 +1358,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Both) {
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_12, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@ -1368,12 +1368,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Both) {
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_12, rtc::KT_DEFAULT)));
EXPECT_EQ_WAIT(kDefaultSrtpCipher,
EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
EXPECT_EQ(1, init_observer->GetEnumCounter(
webrtc::kEnumCounterAudioSrtpCipher,
rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
EXPECT_EQ(1,
init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
kDefaultSrtpCryptoSuite));
}
// Test that DTLS 1.0 is used if the initator supports DTLS 1.2 and the
@ -1390,7 +1390,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Init) {
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@ -1400,12 +1400,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Init) {
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
EXPECT_EQ_WAIT(kDefaultSrtpCipher,
EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
EXPECT_EQ(1, init_observer->GetEnumCounter(
webrtc::kEnumCounterAudioSrtpCipher,
rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
EXPECT_EQ(1,
init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
kDefaultSrtpCryptoSuite));
}
// Test that DTLS 1.0 is used if the initator supports DTLS 1.0 and the
@ -1422,7 +1422,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Recv) {
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@ -1432,12 +1432,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Recv) {
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
EXPECT_EQ_WAIT(kDefaultSrtpCipher,
EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
EXPECT_EQ(1, init_observer->GetEnumCounter(
webrtc::kEnumCounterAudioSrtpCipher,
rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
EXPECT_EQ(1,
init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
kDefaultSrtpCryptoSuite));
}
// This test sets up a call between two parties with audio, video and data.

19
talk/app/webrtc/statscollector.cc
View File

@ -730,17 +730,20 @@ void StatsCollector::ExtractSessionInfo() {
channel_report->AddId(StatsReport::kStatsValueNameRemoteCertificateId,
remote_cert_report_id);
}
const std::string& srtp_cipher = channel_iter.srtp_cipher;
if (!srtp_cipher.empty()) {
channel_report->AddString(StatsReport::kStatsValueNameSrtpCipher,
srtp_cipher);
int srtp_crypto_suite = channel_iter.srtp_crypto_suite;
if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE &&
rtc::SrtpCryptoSuiteToName(srtp_crypto_suite).length()) {
channel_report->AddString(
StatsReport::kStatsValueNameSrtpCipher,
rtc::SrtpCryptoSuiteToName(srtp_crypto_suite));
}
int ssl_cipher = channel_iter.ssl_cipher;
if (ssl_cipher &&
rtc::SSLStreamAdapter::GetSslCipherSuiteName(ssl_cipher).length()) {
int ssl_cipher_suite = channel_iter.ssl_cipher_suite;
if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL &&
rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite)
.length()) {
channel_report->AddString(
StatsReport::kStatsValueNameDtlsCipher,
rtc::SSLStreamAdapter::GetSslCipherSuiteName(ssl_cipher));
rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite));
}
int connection_id = 0;

43
talk/app/webrtc/statscollector_unittest.cc
View File

@ -683,8 +683,8 @@ class StatsCollectorTest : public testing::Test {
// Fake stats to process.
cricket::TransportChannelStats channel_stats;
channel_stats.component = 1;
channel_stats.srtp_cipher = "the-srtp-cipher";
channel_stats.ssl_cipher = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
channel_stats.srtp_crypto_suite = rtc::SRTP_AES128_CM_SHA1_80;
channel_stats.ssl_cipher_suite = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
cricket::TransportStats transport_stats;
transport_stats.transport_name = "audio";
@ -747,18 +747,17 @@ class StatsCollectorTest : public testing::Test {
}
// Check negotiated ciphers.
std::string dtls_cipher = ExtractStatsValue(
StatsReport::kStatsReportTypeComponent,
reports,
StatsReport::kStatsValueNameDtlsCipher);
EXPECT_EQ(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
std::string dtls_cipher_suite =
ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
StatsReport::kStatsValueNameDtlsCipher);
EXPECT_EQ(rtc::SSLStreamAdapter::SslCipherSuiteToName(
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA),
dtls_cipher);
std::string srtp_cipher = ExtractStatsValue(
StatsReport::kStatsReportTypeComponent,
reports,
StatsReport::kStatsValueNameSrtpCipher);
EXPECT_EQ("the-srtp-cipher", srtp_cipher);
dtls_cipher_suite);
std::string srtp_crypto_suite =
ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
StatsReport::kStatsValueNameSrtpCipher);
EXPECT_EQ(rtc::SrtpCryptoSuiteToName(rtc::SRTP_AES128_CM_SHA1_80),
srtp_crypto_suite);
}
cricket::FakeMediaEngine* media_engine_;
@ -1407,16 +1406,14 @@ TEST_F(StatsCollectorTest, NoTransport) {
ASSERT_EQ(kNotFound, remote_certificate_id);
// Check that the negotiated ciphers are absent.
std::string dtls_cipher = ExtractStatsValue(
StatsReport::kStatsReportTypeComponent,
reports,
StatsReport::kStatsValueNameDtlsCipher);
ASSERT_EQ(kNotFound, dtls_cipher);
std::string srtp_cipher = ExtractStatsValue(
StatsReport::kStatsReportTypeComponent,
reports,
StatsReport::kStatsValueNameSrtpCipher);
ASSERT_EQ(kNotFound, srtp_cipher);
std::string dtls_cipher_suite =
ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
StatsReport::kStatsValueNameDtlsCipher);
ASSERT_EQ(kNotFound, dtls_cipher_suite);
std::string srtp_crypto_suite =
ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
StatsReport::kStatsValueNameSrtpCipher);
ASSERT_EQ(kNotFound, srtp_crypto_suite);
}
// This test verifies that the stats are generated correctly when the transport

18
talk/app/webrtc/webrtcsession.cc
View File

@ -2157,9 +2157,10 @@ void WebRtcSession::ReportNegotiatedCiphers(
return;
}
const std::string& srtp_cipher = stats.channel_stats[0].srtp_cipher;
int ssl_cipher = stats.channel_stats[0].ssl_cipher;
if (srtp_cipher.empty() && !ssl_cipher) {
int srtp_crypto_suite = stats.channel_stats[0].srtp_crypto_suite;
int ssl_cipher_suite = stats.channel_stats[0].ssl_cipher_suite;
if (srtp_crypto_suite == rtc::SRTP_INVALID_CRYPTO_SUITE &&
ssl_cipher_suite == rtc::TLS_NULL_WITH_NULL_NULL) {
return;
}
@ -2179,12 +2180,13 @@ void WebRtcSession::ReportNegotiatedCiphers(
return;
}
if (!srtp_cipher.empty()) {
metrics_observer_->IncrementSparseEnumCounter(
srtp_counter_type, rtc::GetSrtpCryptoSuiteFromName(srtp_cipher));
if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE) {
metrics_observer_->IncrementSparseEnumCounter(srtp_counter_type,
srtp_crypto_suite);
}
if (ssl_cipher) {
metrics_observer_->IncrementSparseEnumCounter(ssl_counter_type, ssl_cipher);
if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL) {
metrics_observer_->IncrementSparseEnumCounter(ssl_counter_type,
ssl_cipher_suite);
}
}

6
talk/media/base/cryptoparams.h
View File

@ -35,8 +35,10 @@ namespace cricket {
// Parameters for SRTP negotiation, as described in RFC 4568.
struct CryptoParams {
CryptoParams() : tag(0) {}
CryptoParams(int t, const std::string& cs,
const std::string& kp, const std::string& sp)
CryptoParams(int t,
const std::string& cs,
const std::string& kp,
const std::string& sp)
: tag(t), cipher_suite(cs), key_params(kp), session_params(sp) {}
bool Matches(const CryptoParams& params) const {

61
talk/session/media/channel.cc
View File

@ -218,11 +218,11 @@ bool BaseChannel::Init() {
return false;
}
if (!SetDtlsSrtpCiphers(transport_channel(), false)) {
if (!SetDtlsSrtpCryptoSuites(transport_channel(), false)) {
return false;
}
if (rtcp_transport_enabled() &&
!SetDtlsSrtpCiphers(rtcp_transport_channel(), true)) {
!SetDtlsSrtpCryptoSuites(rtcp_transport_channel(), true)) {
return false;
}
@ -809,16 +809,16 @@ void BaseChannel::SignalDtlsSetupFailure_s(bool rtcp) {
SignalDtlsSetupFailure(this, rtcp);
}
bool BaseChannel::SetDtlsSrtpCiphers(TransportChannel *tc, bool rtcp) {
std::vector<std::string> ciphers;
// We always use the default SRTP ciphers for RTCP, but we may use different
// ciphers for RTP depending on the media type.
bool BaseChannel::SetDtlsSrtpCryptoSuites(TransportChannel* tc, bool rtcp) {
std::vector<int> crypto_suites;
// We always use the default SRTP crypto suites for RTCP, but we may use
// different crypto suites for RTP depending on the media type.
if (!rtcp) {
GetSrtpCryptoSuiteNames(&ciphers);
GetSrtpCryptoSuites(&crypto_suites);
} else {
GetDefaultSrtpCryptoSuiteNames(&ciphers);
GetDefaultSrtpCryptoSuites(&crypto_suites);
}
return tc->SetSrtpCiphers(ciphers);
return tc->SetSrtpCryptoSuites(crypto_suites);
}
bool BaseChannel::ShouldSetupDtlsSrtp() const {
@ -837,10 +837,10 @@ bool BaseChannel::SetupDtlsSrtp(bool rtcp_channel) {
if (!channel->IsDtlsActive())
return true;
std::string selected_cipher;
int selected_crypto_suite;
if (!channel->GetSrtpCryptoSuite(&selected_cipher)) {
LOG(LS_ERROR) << "No DTLS-SRTP selected cipher";
if (!channel->GetSrtpCryptoSuite(&selected_crypto_suite)) {
LOG(LS_ERROR) << "No DTLS-SRTP selected crypto suite";
return false;
}
@ -896,21 +896,15 @@ bool BaseChannel::SetupDtlsSrtp(bool rtcp_channel) {
}
if (rtcp_channel) {
ret = srtp_filter_.SetRtcpParams(
selected_cipher,
&(*send_key)[0],
static_cast<int>(send_key->size()),
selected_cipher,
&(*recv_key)[0],
static_cast<int>(recv_key->size()));
ret = srtp_filter_.SetRtcpParams(selected_crypto_suite, &(*send_key)[0],
static_cast<int>(send_key->size()),
selected_crypto_suite, &(*recv_key)[0],
static_cast<int>(recv_key->size()));
} else {
ret = srtp_filter_.SetRtpParams(
selected_cipher,
&(*send_key)[0],
static_cast<int>(send_key->size()),
selected_cipher,
&(*recv_key)[0],
static_cast<int>(recv_key->size()));
ret = srtp_filter_.SetRtpParams(selected_crypto_suite, &(*send_key)[0],
static_cast<int>(send_key->size()),
selected_crypto_suite, &(*recv_key)[0],
static_cast<int>(recv_key->size()));
}
if (!ret)
@ -1580,9 +1574,8 @@ void VoiceChannel::OnAudioMonitorUpdate(AudioMonitor* monitor,
SignalAudioMonitor(this, info);
}
void VoiceChannel::GetSrtpCryptoSuiteNames(
std::vector<std::string>* ciphers) const {
GetSupportedAudioCryptoSuites(ciphers);
void VoiceChannel::GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const {
GetSupportedAudioCryptoSuites(crypto_suites);
}
VideoChannel::VideoChannel(rtc::Thread* thread,
@ -1970,9 +1963,8 @@ bool VideoChannel::GetLocalSsrc(const VideoCapturer* capturer, uint32_t* ssrc) {
return false;
}
void VideoChannel::GetSrtpCryptoSuiteNames(
std::vector<std::string>* ciphers) const {
GetSupportedVideoCryptoSuites(ciphers);
void VideoChannel::GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const {
GetSupportedVideoCryptoSuites(crypto_suites);
}
DataChannel::DataChannel(rtc::Thread* thread,
@ -2278,9 +2270,8 @@ void DataChannel::OnDataChannelReadyToSend(bool writable) {
new DataChannelReadyToSendMessageData(writable));
}
void DataChannel::GetSrtpCryptoSuiteNames(
std::vector<std::string>* ciphers) const {
GetSupportedDataCryptoSuites(ciphers);
void DataChannel::GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const {
GetSupportedDataCryptoSuites(crypto_suites);
}
bool DataChannel::ShouldSetupDtlsSrtp() const {

13
talk/session/media/channel.h
View File

@ -236,7 +236,7 @@ class BaseChannel
// |rtcp_channel| indicates whether to set up the RTP or RTCP filter.
bool SetupDtlsSrtp(bool rtcp_channel);
// Set the DTLS-SRTP cipher policy on this channel as appropriate.
bool SetDtlsSrtpCiphers(TransportChannel *tc, bool rtcp);
bool SetDtlsSrtpCryptoSuites(TransportChannel* tc, bool rtcp);
virtual void ChangeState() = 0;
@ -282,9 +282,8 @@ class BaseChannel
void OnMessage(rtc::Message* pmsg) override;
// Handled in derived classes
// Get the SRTP ciphers to use for RTP media
virtual void GetSrtpCryptoSuiteNames(
std::vector<std::string>* ciphers) const = 0;
// Get the SRTP crypto suites to use for RTP media
virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const = 0;
virtual void OnConnectionMonitorUpdate(ConnectionMonitor* monitor,
const std::vector<ConnectionInfo>& infos) = 0;
@ -407,7 +406,7 @@ class VoiceChannel : public BaseChannel {
bool GetStats_w(VoiceMediaInfo* stats);
virtual void OnMessage(rtc::Message* pmsg);
virtual void GetSrtpCryptoSuiteNames(std::vector<std::string>* ciphers) const;
virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const;
virtual void OnConnectionMonitorUpdate(
ConnectionMonitor* monitor, const std::vector<ConnectionInfo>& infos);
virtual void OnMediaMonitorUpdate(
@ -497,7 +496,7 @@ class VideoChannel : public BaseChannel {
bool GetStats_w(VideoMediaInfo* stats);
virtual void OnMessage(rtc::Message* pmsg);
virtual void GetSrtpCryptoSuiteNames(std::vector<std::string>* ciphers) const;
virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const;
virtual void OnConnectionMonitorUpdate(
ConnectionMonitor* monitor, const std::vector<ConnectionInfo>& infos);
virtual void OnMediaMonitorUpdate(
@ -614,7 +613,7 @@ class DataChannel : public BaseChannel {
virtual bool WantsPacket(bool rtcp, rtc::Buffer* packet);
virtual void OnMessage(rtc::Message* pmsg);
virtual void GetSrtpCryptoSuiteNames(std::vector<std::string>* ciphers) const;
virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const;
virtual void OnConnectionMonitorUpdate(
ConnectionMonitor* monitor, const std::vector<ConnectionInfo>& infos);
virtual void OnMediaMonitorUpdate(

61
talk/session/media/mediasession.cc
View File

@ -50,6 +50,17 @@ static const uint32_t kMaxSctpSid = 1023;
namespace {
const char kInline[] = "inline:";
void GetSupportedCryptoSuiteNames(void (*func)(std::vector<int>*),
std::vector<std::string>* names) {
#ifdef HAVE_SRTP
std::vector<int> crypto_suites;
func(&crypto_suites);
for (const auto crypto : crypto_suites) {
names->push_back(rtc::SrtpCryptoSuiteToName(crypto));
}
#endif
}
}
namespace cricket {
@ -152,30 +163,50 @@ bool FindMatchingCrypto(const CryptoParamsVec& cryptos,
}
// For audio, HMAC 32 is prefered because of the low overhead.
void GetSupportedAudioCryptoSuites(
std::vector<std::string>* crypto_suites) {
void GetSupportedAudioCryptoSuites(std::vector<int>* crypto_suites) {
#ifdef HAVE_SRTP
crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_32);
crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_80);
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32);
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
#endif
}
void GetSupportedVideoCryptoSuites(
std::vector<std::string>* crypto_suites) {
GetDefaultSrtpCryptoSuiteNames(crypto_suites);
void GetSupportedAudioCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names) {
GetSupportedCryptoSuiteNames(GetSupportedAudioCryptoSuites,
crypto_suite_names);
}
void GetSupportedDataCryptoSuites(
std::vector<std::string>* crypto_suites) {
GetDefaultSrtpCryptoSuiteNames(crypto_suites);
void GetSupportedVideoCryptoSuites(std::vector<int>* crypto_suites) {
GetDefaultSrtpCryptoSuites(crypto_suites);
}
void GetDefaultSrtpCryptoSuiteNames(std::vector<std::string>* crypto_suites) {
void GetSupportedVideoCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names) {
GetSupportedCryptoSuiteNames(GetSupportedVideoCryptoSuites,
crypto_suite_names);
}
void GetSupportedDataCryptoSuites(std::vector<int>* crypto_suites) {
GetDefaultSrtpCryptoSuites(crypto_suites);
}
void GetSupportedDataCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names) {
GetSupportedCryptoSuiteNames(GetSupportedDataCryptoSuites,
crypto_suite_names);
}
void GetDefaultSrtpCryptoSuites(std::vector<int>* crypto_suites) {
#ifdef HAVE_SRTP
crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_80);
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
#endif
}
void GetDefaultSrtpCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names) {
GetSupportedCryptoSuiteNames(GetDefaultSrtpCryptoSuites, crypto_suite_names);
}
// For video support only 80-bit SHA1 HMAC. For audio 32-bit HMAC is
// tolerated unless bundle is enabled because it is low overhead. Pick the
// crypto in the list that is supported.
@ -1514,7 +1545,7 @@ bool MediaSessionDescriptionFactory::AddAudioContentForOffer(
scoped_ptr<AudioContentDescription> audio(new AudioContentDescription());
std::vector<std::string> crypto_suites;
GetSupportedAudioCryptoSuites(&crypto_suites);
GetSupportedAudioCryptoSuiteNames(&crypto_suites);
if (!CreateMediaContentOffer(
options,
audio_codecs,
@ -1568,7 +1599,7 @@ bool MediaSessionDescriptionFactory::AddVideoContentForOffer(
scoped_ptr<VideoContentDescription> video(new VideoContentDescription());
std::vector<std::string> crypto_suites;
GetSupportedVideoCryptoSuites(&crypto_suites);
GetSupportedVideoCryptoSuiteNames(&crypto_suites);
if (!CreateMediaContentOffer(
options,
video_codecs,
@ -1638,7 +1669,7 @@ bool MediaSessionDescriptionFactory::AddDataContentForOffer(
data->set_protocol(
secure_transport ? kMediaProtocolDtlsSctp : kMediaProtocolSctp);
} else {
GetSupportedDataCryptoSuites(&crypto_suites);
GetSupportedDataCryptoSuiteNames(&crypto_suites);
}
if (!CreateMediaContentOffer(

17
talk/session/media/mediasession.h
View File

@ -547,10 +547,19 @@ const VideoContentDescription* GetFirstVideoContentDescription(
const DataContentDescription* GetFirstDataContentDescription(
const SessionDescription* sdesc);
void GetSupportedAudioCryptoSuites(std::vector<std::string>* crypto_suites);
void GetSupportedVideoCryptoSuites(std::vector<std::string>* crypto_suites);
void GetSupportedDataCryptoSuites(std::vector<std::string>* crypto_suites);
void GetDefaultSrtpCryptoSuiteNames(std::vector<std::string>* crypto_suites);
void GetSupportedAudioCryptoSuites(std::vector<int>* crypto_suites);
void GetSupportedVideoCryptoSuites(std::vector<int>* crypto_suites);
void GetSupportedDataCryptoSuites(std::vector<int>* crypto_suites);
void GetDefaultSrtpCryptoSuites(std::vector<int>* crypto_suites);
void GetSupportedAudioCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names);
void GetSupportedVideoCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names);
void GetSupportedDataCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names);
void GetDefaultSrtpCryptoSuiteNames(
std::vector<std::string>* crypto_suite_names);
} // namespace cricket
#endif // TALK_SESSION_MEDIA_MEDIASESSION_H_

33
talk/session/media/srtpfilter.cc
View File

@ -146,10 +146,10 @@ bool SrtpFilter::SetProvisionalAnswer(
return DoSetAnswer(answer_params, source, false);
}
bool SrtpFilter::SetRtpParams(const std::string& send_cs,
bool SrtpFilter::SetRtpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
const std::string& recv_cs,
int recv_cs,
const uint8_t* recv_key,
int recv_key_len) {
if (IsActive()) {
@ -179,10 +179,10 @@ bool SrtpFilter::SetRtpParams(const std::string& send_cs,
// SrtpSession.
// - In the muxed case, they are keyed with the same keys, so
// this function is not needed
bool SrtpFilter::SetRtcpParams(const std::string& send_cs,
bool SrtpFilter::SetRtcpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
const std::string& recv_cs,
int recv_cs,
const uint8_t* recv_key,
int recv_key_len) {
// This can only be called once, but can be safely called after
@ -428,10 +428,12 @@ bool SrtpFilter::ApplyParams(const CryptoParams& send_params,
ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key)));
if (ret) {
CreateSrtpSessions();
ret = (send_session_->SetSend(send_params.cipher_suite,
send_key, sizeof(send_key)) &&
recv_session_->SetRecv(recv_params.cipher_suite,
recv_key, sizeof(recv_key)));
ret = (send_session_->SetSend(
rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), send_key,
sizeof(send_key)) &&
recv_session_->SetRecv(
rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), recv_key,
sizeof(recv_key)));
}
if (ret) {
LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
@ -507,11 +509,11 @@ SrtpSession::~SrtpSession() {
}
}
bool SrtpSession::SetSend(const std::string& cs, const uint8_t* key, int len) {
bool SrtpSession::SetSend(int cs, const uint8_t* key, int len) {
return SetKey(ssrc_any_outbound, cs, key, len);
}
bool SrtpSession::SetRecv(const std::string& cs, const uint8_t* key, int len) {
bool SrtpSession::SetRecv(int cs, const uint8_t* key, int len) {
return SetKey(ssrc_any_inbound, cs, key, len);
}
@ -658,10 +660,7 @@ void SrtpSession::set_signal_silent_time(uint32_t signal_silent_time_in_ms) {
srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms);
}
bool SrtpSession::SetKey(int type,
const std::string& cs,
const uint8_t* key,
int len) {
bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, int len) {
if (session_) {
LOG(LS_ERROR) << "Failed to create SRTP session: "
<< "SRTP session already created";
@ -675,15 +674,15 @@ bool SrtpSession::SetKey(int type,
srtp_policy_t policy;
memset(&policy, 0, sizeof(policy));
if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_80) {
if (cs == rtc::SRTP_AES128_CM_SHA1_80) {
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
} else if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_32) {
} else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {
crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32,
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80
} else {
LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
<< " cipher_suite " << cs.c_str();
<< " cipher_suite " << cs;
return false;
}

14
talk/session/media/srtpfilter.h
View File

@ -104,16 +104,16 @@ class SrtpFilter {
// Just set up both sets of keys directly.
// Used with DTLS-SRTP.
bool SetRtpParams(const std::string& send_cs,
bool SetRtpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
const std::string& recv_cs,
int recv_cs,
const uint8_t* recv_key,
int recv_key_len);
bool SetRtcpParams(const std::string& send_cs,
bool SetRtcpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
const std::string& recv_cs,
int recv_cs,
const uint8_t* recv_key,
int recv_key_len);
@ -199,10 +199,10 @@ class SrtpSession {
// Configures the session for sending data using the specified
// cipher-suite and key. Receiving must be done by a separate session.
bool SetSend(const std::string& cs, const uint8_t* key, int len);
bool SetSend(int cs, const uint8_t* key, int len);
// Configures the session for receiving data using the specified
// cipher-suite and key. Sending must be done by a separate session.
bool SetRecv(const std::string& cs, const uint8_t* key, int len);
bool SetRecv(int cs, const uint8_t* key, int len);
// Encrypts/signs an individual RTP/RTCP packet, in-place.
// If an HMAC is used, this will increase the packet size.
@ -232,7 +232,7 @@ class SrtpSession {
SignalSrtpError;
private:
bool SetKey(int type, const std::string& cs, const uint8_t* key, int len);
bool SetKey(int type, int cs, const uint8_t* key, int len);
// Returns send stream current packet index from srtp db.
bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index);

102
talk/session/media/srtpfilter_unittest.cc
View File

@ -508,21 +508,17 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) {
// Test directly setting the params with AES_CM_128_HMAC_SHA1_80
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_80,
EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey2, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_80,
EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_80,
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey2, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_80,
EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
@ -531,21 +527,17 @@ TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
// Test directly setting the params with AES_CM_128_HMAC_SHA1_32
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey2, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey2, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
@ -554,25 +546,21 @@ TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
// Test directly setting the params with bogus keys
TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
EXPECT_FALSE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen - 1,
CS_AES_CM_128_HMAC_SHA1_80,
EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen - 1));
EXPECT_FALSE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
kTestKey1, kTestKeyLen - 1,
CS_AES_CM_128_HMAC_SHA1_80,
EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen - 1));
}
#if defined(ENABLE_EXTERNAL_AUTH)
TEST_F(SrtpFilterTest, TestGetSendAuthParams) {
EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
kTestKey1, kTestKeyLen,
CS_AES_CM_128_HMAC_SHA1_32,
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
uint8_t* auth_key = NULL;
int auth_key_len = 0, auth_tag_len = 0;
@ -629,28 +617,30 @@ class SrtpSessionTest : public testing::Test {
// Test that we can set up the session and keys properly.
TEST_F(SrtpSessionTest, TestGoodSetup) {
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
}
// Test that we can't change the keys once set.
TEST_F(SrtpSessionTest, TestBadSetup) {
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(
s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen));
EXPECT_FALSE(
s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen));
}
// Test that we fail keys of the wrong length.
TEST_F(SrtpSessionTest, TestKeysTooShort) {
EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
EXPECT_FALSE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1));
EXPECT_FALSE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1));
}
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80.
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80);
@ -659,8 +649,8 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32);
@ -668,7 +658,7 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
}
TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
int64_t index;
int out_len = 0;
EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
@ -681,8 +671,8 @@ TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
// Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods.
TEST_F(SrtpSessionTest, TestTamperReject) {
int out_len;
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
rtp_packet_[0] = 0x12;
@ -694,8 +684,8 @@ TEST_F(SrtpSessionTest, TestTamperReject) {
// Test that we fail to unprotect if the payloads are not authenticated.
TEST_F(SrtpSessionTest, TestUnencryptReject) {
int out_len;
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
}
@ -703,7 +693,7 @@ TEST_F(SrtpSessionTest, TestUnencryptReject) {
// Test that we fail when using buffers that are too small.
TEST_F(SrtpSessionTest, TestBuffersTooSmall) {
int out_len;
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
sizeof(rtp_packet_) - 10, &out_len));
EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
@ -717,8 +707,8 @@ TEST_F(SrtpSessionTest, TestReplay) {
static const uint16_t replay_window = 1024;
int out_len;
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
// Initial sequence number.
rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_big);

48
webrtc/base/opensslstreamadapter.cc
View File

@ -43,17 +43,19 @@ namespace rtc {
#endif
#ifdef HAVE_DTLS_SRTP
// SRTP cipher suite table
// SRTP cipher suite table. |internal_name| is used to construct a
// colon-separated profile strings which is needed by
// SSL_CTX_set_tlsext_use_srtp().
struct SrtpCipherMapEntry {
const char* external_name;
const char* internal_name;
const int id;
};
// This isn't elegant, but it's better than an external reference
static SrtpCipherMapEntry SrtpCipherMap[] = {
{CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"},
{CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"},
{NULL, NULL}};
{"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80},
{"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32},
{nullptr, 0}};
#endif
#ifndef OPENSSL_IS_BORINGSSL
@ -350,9 +352,9 @@ bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string
return true;
}
std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) {
std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
#ifdef OPENSSL_IS_BORINGSSL
const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher);
const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite);
if (!ssl_cipher) {
return std::string();
}
@ -363,7 +365,7 @@ std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) {
#else
for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name;
++entry) {
if (cipher == entry->openssl_id) {
if (cipher_suite == entry->openssl_id) {
return entry->rfc_name;
}
}
@ -371,7 +373,7 @@ std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) {
#endif
}
bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) {
bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
if (state_ != SSL_CONNECTED)
return false;
@ -380,7 +382,7 @@ bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) {
return false;
}
*cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
*cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
return true;
}
@ -407,20 +409,20 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
#endif
}
bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers(
const std::vector<std::string>& ciphers) {
bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
const std::vector<int>& ciphers) {
#ifdef HAVE_DTLS_SRTP
std::string internal_ciphers;
if (state_ != SSL_NONE)
return false;
for (std::vector<std::string>::const_iterator cipher = ciphers.begin();
for (std::vector<int>::const_iterator cipher = ciphers.begin();
cipher != ciphers.end(); ++cipher) {
bool found = false;
for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name;
for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name;
++entry) {
if (*cipher == entry->external_name) {
if (*cipher == entry->id) {
found = true;
if (!internal_ciphers.empty())
internal_ciphers += ":";
@ -445,7 +447,7 @@ bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers(
#endif
}
bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
#ifdef HAVE_DTLS_SRTP
ASSERT(state_ == SSL_CONNECTED);
if (state_ != SSL_CONNECTED)
@ -457,17 +459,9 @@ bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
if (!srtp_profile)
return false;
for (SrtpCipherMapEntry *entry = SrtpCipherMap;
entry->internal_name; ++entry) {
if (!strcmp(entry->internal_name, srtp_profile->name)) {
*cipher = entry->external_name;
return true;
}
}
ASSERT(false); // This should never happen
return false;
*crypto_suite = srtp_profile->id;
ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty());
return true;
#else
return false;
#endif

6
webrtc/base/opensslstreamadapter.h
View File

@ -88,7 +88,7 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter {
StreamState GetState() const override;
// TODO(guoweis): Move this away from a static class method.
static std::string GetSslCipherSuiteName(int cipher);
static std::string SslCipherSuiteToName(int crypto_suite);
bool GetSslCipherSuite(int* cipher) override;
@ -101,8 +101,8 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter {
size_t result_len) override;
// DTLS-SRTP interface
bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers) override;
bool GetDtlsSrtpCipher(std::string* cipher) override;
bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites) override;
bool GetDtlsSrtpCryptoSuite(int* crypto_suite) override;
// Capabilities interfaces
static bool HaveDtls();

28
webrtc/base/sslstreamadapter.cc
View File

@ -30,12 +30,20 @@ namespace rtc {
const char CS_AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
const char CS_AES_CM_128_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
int GetSrtpCryptoSuiteFromName(const std::string& cipher) {
if (cipher == CS_AES_CM_128_HMAC_SHA1_32)
std::string SrtpCryptoSuiteToName(int crypto_suite) {
if (crypto_suite == SRTP_AES128_CM_SHA1_32)
return CS_AES_CM_128_HMAC_SHA1_32;
if (crypto_suite == SRTP_AES128_CM_SHA1_80)
return CS_AES_CM_128_HMAC_SHA1_80;
return std::string();
}
int SrtpCryptoSuiteFromName(const std::string& crypto_suite) {
if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_32)
return SRTP_AES128_CM_SHA1_32;
if (cipher == CS_AES_CM_128_HMAC_SHA1_80)
if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_80)
return SRTP_AES128_CM_SHA1_80;
return 0;
return SRTP_INVALID_CRYPTO_SUITE;
}
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
@ -46,7 +54,7 @@ SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
#endif // SSL_USE_OPENSSL
}
bool SSLStreamAdapter::GetSslCipherSuite(int* cipher) {
bool SSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
return false;
}
@ -59,12 +67,12 @@ bool SSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
return false; // Default is unsupported
}
bool SSLStreamAdapter::SetDtlsSrtpCiphers(
const std::vector<std::string>& ciphers) {
bool SSLStreamAdapter::SetDtlsSrtpCryptoSuites(
const std::vector<int>& crypto_suites) {
return false;
}
bool SSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
bool SSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
return false;
}
@ -83,8 +91,8 @@ int SSLStreamAdapter::GetDefaultSslCipherForTest(SSLProtocolVersion version,
return OpenSSLStreamAdapter::GetDefaultSslCipherForTest(version, key_type);
}
std::string SSLStreamAdapter::GetSslCipherSuiteName(int cipher) {
return OpenSSLStreamAdapter::GetSslCipherSuiteName(cipher);
std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
return OpenSSLStreamAdapter::SslCipherSuiteToName(cipher_suite);
}
#endif // SSL_USE_OPENSSL

23
webrtc/base/sslstreamadapter.h
View File

@ -19,7 +19,11 @@
namespace rtc {
// Constants for SSL profile.
const int TLS_NULL_WITH_NULL_NULL = 0;
// Constants for SRTP profiles.
const int SRTP_INVALID_CRYPTO_SUITE = 0;
const int SRTP_AES128_CM_SHA1_80 = 0x0001;
const int SRTP_AES128_CM_SHA1_32 = 0x0002;
@ -31,10 +35,13 @@ extern const char CS_AES_CM_128_HMAC_SHA1_80[];
// 128-bit AES with 32-bit SHA-1 HMAC.
extern const char CS_AES_CM_128_HMAC_SHA1_32[];
// Returns the DTLS-SRTP protection profile ID, as defined in
// https://tools.ietf.org/html/rfc5764#section-4.1.2, for the given SRTP
// Crypto-suite, as defined in https://tools.ietf.org/html/rfc4568#section-6.2
int GetSrtpCryptoSuiteFromName(const std::string& cipher_rfc_name);
// Given the DTLS-SRTP protection profile ID, as defined in
// https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile
// name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2.
std::string SrtpCryptoSuiteToName(int crypto_suite);
// The reverse of above conversion.
int SrtpCryptoSuiteFromName(const std::string& crypto_suite);
// SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS.
// After SSL has been started, the stream will only open on successful
@ -152,7 +159,7 @@ class SSLStreamAdapter : public StreamAdapterInterface {
// Retrieves the IANA registration id of the cipher suite used for the
// connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA").
virtual bool GetSslCipherSuite(int* cipher);
virtual bool GetSslCipherSuite(int* cipher_suite);
// Key Exporter interface from RFC 5705
// Arguments are:
@ -174,8 +181,8 @@ class SSLStreamAdapter : public StreamAdapterInterface {
size_t result_len);
// DTLS-SRTP interface
virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers);
virtual bool GetDtlsSrtpCipher(std::string* cipher);
virtual bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites);
virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite);
// Capabilities testing
static bool HaveDtls();
@ -191,7 +198,7 @@ class SSLStreamAdapter : public StreamAdapterInterface {
// TODO(guoweis): Move this away from a static class method. Currently this is
// introduced such that any caller could depend on sslstreamadapter.h without
// depending on specific SSL implementation.
static std::string GetSslCipherSuiteName(int cipher);
static std::string SslCipherSuiteToName(int cipher_suite);
private:
// If true, the server certificate need not match the configured

91
webrtc/base/sslstreamadapter_unittest.cc
View File

@ -29,8 +29,6 @@ using ::testing::Combine;
using ::testing::tuple;
static const int kBlockSize = 4096;
static const char kAES_CM_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
static const char kAES_CM_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
static const char kExporterLabel[] = "label";
static const unsigned char kExporterContext[] = "context";
static int kExporterContextLen = sizeof(kExporterContext);
@ -389,19 +387,18 @@ class SSLStreamAdapterTestBase : public testing::Test,
handshake_wait_ = wait;
}
void SetDtlsSrtpCiphers(const std::vector<std::string> &ciphers,
bool client) {
void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {
if (client)
client_ssl_->SetDtlsSrtpCiphers(ciphers);
client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
else
server_ssl_->SetDtlsSrtpCiphers(ciphers);
server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
}
bool GetDtlsSrtpCipher(bool client, std::string *retval) {
bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {
if (client)
return client_ssl_->GetDtlsSrtpCipher(retval);
return client_ssl_->GetDtlsSrtpCryptoSuite(retval);
else
return server_ssl_->GetDtlsSrtpCipher(retval);
return server_ssl_->GetDtlsSrtpCryptoSuite(retval);
}
bool GetPeerCertificate(bool client, rtc::SSLCertificate** cert) {
@ -809,74 +806,74 @@ TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSTransferWithDamage) {
// Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<std::string> high;
high.push_back(kAES_CM_HMAC_SHA1_80);
SetDtlsSrtpCiphers(high, true);
SetDtlsSrtpCiphers(high, false);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
SetDtlsSrtpCryptoSuites(high, true);
SetDtlsSrtpCryptoSuites(high, false);
TestHandshake();
std::string client_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
std::string server_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
};
// Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<std::string> low;
low.push_back(kAES_CM_HMAC_SHA1_32);
SetDtlsSrtpCiphers(low, true);
SetDtlsSrtpCiphers(low, false);
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(low, true);
SetDtlsSrtpCryptoSuites(low, false);
TestHandshake();
std::string client_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
std::string server_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_32);
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
};
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<std::string> high;
high.push_back(kAES_CM_HMAC_SHA1_80);
std::vector<std::string> low;
low.push_back(kAES_CM_HMAC_SHA1_32);
SetDtlsSrtpCiphers(high, true);
SetDtlsSrtpCiphers(low, false);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(high, true);
SetDtlsSrtpCryptoSuites(low, false);
TestHandshake();
std::string client_cipher;
ASSERT_FALSE(GetDtlsSrtpCipher(true, &client_cipher));
std::string server_cipher;
ASSERT_FALSE(GetDtlsSrtpCipher(false, &server_cipher));
int client_cipher;
ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
};
// Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<std::string> mixed;
mixed.push_back(kAES_CM_HMAC_SHA1_80);
mixed.push_back(kAES_CM_HMAC_SHA1_32);
SetDtlsSrtpCiphers(mixed, true);
SetDtlsSrtpCiphers(mixed, false);
std::vector<int> mixed;
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(mixed, true);
SetDtlsSrtpCryptoSuites(mixed, false);
TestHandshake();
std::string client_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
std::string server_cipher;
ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
};
// Test an exporter

21
webrtc/p2p/base/dtlstransportchannel.cc
View File

@ -267,7 +267,7 @@ bool DtlsTransportChannelWrapper::SetupDtls() {
// Set up DTLS-SRTP, if it's been enabled.
if (!srtp_ciphers_.empty()) {
if (!dtls_->SetDtlsSrtpCiphers(srtp_ciphers_)) {
if (!dtls_->SetDtlsSrtpCryptoSuites(srtp_ciphers_)) {
LOG_J(LS_ERROR, this) << "Couldn't set DTLS-SRTP ciphers.";
return false;
}
@ -279,11 +279,10 @@ bool DtlsTransportChannelWrapper::SetupDtls() {
return true;
}
bool DtlsTransportChannelWrapper::SetSrtpCiphers(
const std::vector<std::string>& ciphers) {
if (srtp_ciphers_ == ciphers) {
bool DtlsTransportChannelWrapper::SetSrtpCryptoSuites(
const std::vector<int>& ciphers) {
if (srtp_ciphers_ == ciphers)
return true;
}
if (dtls_state() == DTLS_TRANSPORT_CONNECTING) {
LOG(LS_WARNING) << "Ignoring new SRTP ciphers while DTLS is negotiating";
@ -294,18 +293,18 @@ bool DtlsTransportChannelWrapper::SetSrtpCiphers(
// We don't support DTLS renegotiation currently. If new set of srtp ciphers
// are different than what's being used currently, we will not use it.
// So for now, let's be happy (or sad) with a warning message.
std::string current_srtp_cipher;
if (!dtls_->GetDtlsSrtpCipher(&current_srtp_cipher)) {
int current_srtp_cipher;
if (!dtls_->GetDtlsSrtpCryptoSuite(&current_srtp_cipher)) {
LOG(LS_ERROR) << "Failed to get the current SRTP cipher for DTLS channel";
return false;
}
const std::vector<std::string>::const_iterator iter =
const std::vector<int>::const_iterator iter =
std::find(ciphers.begin(), ciphers.end(), current_srtp_cipher);
if (iter == ciphers.end()) {
std::string requested_str;
for (size_t i = 0; i < ciphers.size(); ++i) {
requested_str.append(" ");
requested_str.append(ciphers[i]);
requested_str.append(rtc::SrtpCryptoSuiteToName(ciphers[i]));
requested_str.append(" ");
}
LOG(LS_WARNING) << "Ignoring new set of SRTP ciphers, as DTLS "
@ -324,12 +323,12 @@ bool DtlsTransportChannelWrapper::SetSrtpCiphers(
return true;
}
bool DtlsTransportChannelWrapper::GetSrtpCryptoSuite(std::string* cipher) {
bool DtlsTransportChannelWrapper::GetSrtpCryptoSuite(int* cipher) {
if (dtls_state() != DTLS_TRANSPORT_CONNECTED) {
return false;
}
return dtls_->GetDtlsSrtpCipher(cipher);
return dtls_->GetDtlsSrtpCryptoSuite(cipher);
}

6
webrtc/p2p/base/dtlstransportchannel.h
View File

@ -126,10 +126,10 @@ class DtlsTransportChannelWrapper : public TransportChannelImpl {
// Set up the ciphers to use for DTLS-SRTP. If this method is not called
// before DTLS starts, or |ciphers| is empty, SRTP keys won't be negotiated.
// This method should be called before SetupDtls.
bool SetSrtpCiphers(const std::vector<std::string>& ciphers) override;
bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override;
// Find out which DTLS-SRTP cipher was negotiated
bool GetSrtpCryptoSuite(std::string* cipher) override;
bool GetSrtpCryptoSuite(int* cipher) override;
bool GetSslRole(rtc::SSLRole* role) const override;
bool SetSslRole(rtc::SSLRole role) override;
@ -223,7 +223,7 @@ class DtlsTransportChannelWrapper : public TransportChannelImpl {
TransportChannelImpl* const channel_;
rtc::scoped_ptr<rtc::SSLStreamAdapter> dtls_; // The DTLS stream
StreamInterfaceChannel* downward_; // Wrapper for channel_, owned by dtls_.
std::vector<std::string> srtp_ciphers_; // SRTP ciphers to use with DTLS.
std::vector<int> srtp_ciphers_; // SRTP ciphers to use with DTLS.
bool dtls_active_ = false;
rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_;
rtc::SSLRole ssl_role_;

25
webrtc/p2p/base/dtlstransportchannel_unittest.cc
View File

@ -28,7 +28,6 @@
return; \
}
static const char AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
static const char kIceUfrag1[] = "TESTICEUFRAG0001";
static const char kIcePwd1[] = "TESTICEPWD00000000000001";
static const size_t kPacketNumOffset = 8;
@ -150,9 +149,9 @@ class DtlsTestClient : public sigslot::has_slots<> {
// SRTP ciphers will be set only in the beginning.
for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
channels_.begin(); it != channels_.end(); ++it) {
std::vector<std::string> ciphers;
ciphers.push_back(AES_CM_128_HMAC_SHA1_80);
ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers));
std::vector<int> ciphers;
ciphers.push_back(rtc::SRTP_AES128_CM_SHA1_80);
ASSERT_TRUE((*it)->SetSrtpCryptoSuites(ciphers));
}
}
@ -215,16 +214,16 @@ class DtlsTestClient : public sigslot::has_slots<> {
}
}
void CheckSrtp(const std::string& expected_cipher) {
void CheckSrtp(int expected_crypto_suite) {
for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
channels_.begin(); it != channels_.end(); ++it) {
std::string cipher;
int crypto_suite;
bool rv = (*it)->GetSrtpCryptoSuite(&cipher);
if (negotiated_dtls_ && !expected_cipher.empty()) {
bool rv = (*it)->GetSrtpCryptoSuite(&crypto_suite);
if (negotiated_dtls_ && expected_crypto_suite) {
ASSERT_TRUE(rv);
ASSERT_EQ(cipher, expected_cipher);
ASSERT_EQ(crypto_suite, expected_crypto_suite);
} else {
ASSERT_FALSE(rv);
}
@ -469,11 +468,11 @@ class DtlsTransportChannelTest : public testing::Test {
// Check that we negotiated the right ciphers.
if (use_dtls_srtp_) {
client1_.CheckSrtp(AES_CM_128_HMAC_SHA1_80);
client2_.CheckSrtp(AES_CM_128_HMAC_SHA1_80);
client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
} else {
client1_.CheckSrtp("");
client2_.CheckSrtp("");
client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
}
client1_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
ssl_expected_version_, rtc::KT_DEFAULT));

25
webrtc/p2p/base/faketransportcontroller.h
View File

@ -242,20 +242,20 @@ class FakeTransportChannel : public TransportChannelImpl,
bool IsDtlsActive() const override { return do_dtls_; }
bool SetSrtpCiphers(const std::vector<std::string>& ciphers) override {
bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override {
srtp_ciphers_ = ciphers;
return true;
}
bool GetSrtpCryptoSuite(std::string* cipher) override {
if (!chosen_srtp_cipher_.empty()) {
*cipher = chosen_srtp_cipher_;
bool GetSrtpCryptoSuite(int* crypto_suite) override {
if (chosen_crypto_suite_ != rtc::SRTP_INVALID_CRYPTO_SUITE) {
*crypto_suite = chosen_crypto_suite_;
return true;
}
return false;
}
bool GetSslCipherSuite(int* cipher) override { return false; }
bool GetSslCipherSuite(int* cipher_suite) override { return false; }
rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const {
return local_cert_;
@ -275,7 +275,7 @@ class FakeTransportChannel : public TransportChannelImpl,
bool use_context,
uint8_t* result,
size_t result_len) override {
if (!chosen_srtp_cipher_.empty()) {
if (chosen_crypto_suite_ != rtc::SRTP_INVALID_CRYPTO_SUITE) {
memset(result, 0xff, result_len);
return true;
}
@ -284,14 +284,13 @@ class FakeTransportChannel : public TransportChannelImpl,
}
void NegotiateSrtpCiphers() {
for (std::vector<std::string>::const_iterator it1 = srtp_ciphers_.begin();
for (std::vector<int>::const_iterator it1 = srtp_ciphers_.begin();
it1 != srtp_ciphers_.end(); ++it1) {
for (std::vector<std::string>::const_iterator it2 =
dest_->srtp_ciphers_.begin();
for (std::vector<int>::const_iterator it2 = dest_->srtp_ciphers_.begin();
it2 != dest_->srtp_ciphers_.end(); ++it2) {
if (*it1 == *it2) {
chosen_srtp_cipher_ = *it1;
dest_->chosen_srtp_cipher_ = *it2;
chosen_crypto_suite_ = *it1;
dest_->chosen_crypto_suite_ = *it2;
return;
}
}
@ -322,8 +321,8 @@ class FakeTransportChannel : public TransportChannelImpl,
rtc::scoped_refptr<rtc::RTCCertificate> local_cert_;
rtc::FakeSSLCertificate* remote_cert_ = nullptr;
bool do_dtls_ = false;
std::vector<std::string> srtp_ciphers_;
std::string chosen_srtp_cipher_;
std::vector<int> srtp_ciphers_;
int chosen_crypto_suite_ = rtc::SRTP_INVALID_CRYPTO_SUITE;
int receiving_timeout_ = -1;
bool gather_continually_ = false;
IceRole role_ = ICEROLE_UNKNOWN;

4
webrtc/p2p/base/p2ptransportchannel.h
View File

@ -108,12 +108,12 @@ class P2PTransportChannel : public TransportChannelImpl,
bool SetSslRole(rtc::SSLRole role) override { return false; }
// Set up the ciphers to use for DTLS-SRTP.
bool SetSrtpCiphers(const std::vector<std::string>& ciphers) override {
bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override {
return false;
}
// Find out which DTLS-SRTP cipher was negotiated.
bool GetSrtpCryptoSuite(std::string* cipher) override { return false; }
bool GetSrtpCryptoSuite(int* cipher) override { return false; }
// Find out which DTLS cipher was negotiated.
bool GetSslCipherSuite(int* cipher) override { return false; }

4
webrtc/p2p/base/transport.cc
View File

@ -305,8 +305,8 @@ bool Transport::GetStats(TransportStats* stats) {
TransportChannelImpl* channel = kv.second;
TransportChannelStats substats;
substats.component = channel->component();
channel->GetSrtpCryptoSuite(&substats.srtp_cipher);
channel->GetSslCipherSuite(&substats.ssl_cipher);
channel->GetSrtpCryptoSuite(&substats.srtp_crypto_suite);
channel->GetSslCipherSuite(&substats.ssl_cipher_suite);
if (!channel->GetStats(&substats.connection_infos)) {
return false;
}

4
webrtc/p2p/base/transport.h
View File

@ -123,8 +123,8 @@ typedef std::vector<ConnectionInfo> ConnectionInfos;
struct TransportChannelStats {
int component = 0;
ConnectionInfos connection_infos;
std::string srtp_cipher;
int ssl_cipher = 0;
int srtp_crypto_suite = rtc::SRTP_INVALID_CRYPTO_SUITE;
int ssl_cipher_suite = rtc::TLS_NULL_WITH_NULL_NULL;
};
// Information about all the channels of a transport.

13
webrtc/p2p/base/transportchannel.cc
View File

@ -54,4 +54,17 @@ void TransportChannel::set_dtls_state(DtlsTransportState state) {
SignalDtlsState(this);
}
bool TransportChannel::SetSrtpCryptoSuites(const std::vector<int>& ciphers) {
return false;
}
// TODO(guoweis): Remove this function once everything is moved away.
bool TransportChannel::SetSrtpCiphers(const std::vector<std::string>& ciphers) {
std::vector<int> crypto_suites;
for (const auto cipher : ciphers) {
crypto_suites.push_back(rtc::SrtpCryptoSuiteFromName(cipher));
}
return SetSrtpCryptoSuites(crypto_suites);
}
} // namespace cricket

13
webrtc/p2p/base/transportchannel.h
View File

@ -107,14 +107,17 @@ class TransportChannel : public sigslot::has_slots<> {
// Default implementation.
virtual bool GetSslRole(rtc::SSLRole* role) const = 0;
// Sets up the ciphers to use for DTLS-SRTP.
virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers) = 0;
// Sets up the ciphers to use for DTLS-SRTP. TODO(guoweis): Make this pure
// virtual once all dependencies have implementation.
virtual bool SetSrtpCryptoSuites(const std::vector<int>& ciphers);
// Keep the original one for backward compatibility until all dependencies
// move away. TODO(guoweis): Remove this function.
virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers);
// Finds out which DTLS-SRTP cipher was negotiated.
// TODO(guoweis): Remove this once all dependencies implement this.
virtual bool GetSrtpCryptoSuite(std::string* cipher) {
return false;
}
virtual bool GetSrtpCryptoSuite(int* cipher) { return false; }
// Finds out which DTLS cipher was negotiated.
// TODO(guoweis): Remove this once all dependencies implement this.