Revert "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h"
This reverts commit ac2f3d14e45398930bc35ff05ed7a3b9b617d328. Reason for revert: Breaks downstream project Original change's description: > Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h > > Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class > that only handles SRTP configuration to a more generic structure that can be > used and extended for all per peer connection CryptoOptions that can be on a > given PeerConnection. > > Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be > accessed as crypto_options.srtp.whatever_option_name. This is more inline with > other structures we have in WebRTC such as VideoConfig. As additional features > are added over time this will allow the structure to remain compartmentalized > and concerned components can only request a subset of the overall configuration > structure e.g: > > void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config); > > In addition to this it made little sense for sslstreamadapter.h to hold all > Srtp related configuration options. The header has become loo large and takes on > too many responsibilities and spilting this up will lead to more maintainable > code going forward. > > This will be used in a future CL to enable configuration options for the newly > supported Frame Crypto. > > Change-Id: I99d1be36740c59548c8e62db52d68d738649707f > Bug: webrtc:9681 > Reviewed-on: https://webrtc-review.googlesource.com/c/105180 > Reviewed-by: Emad Omara <emadomara@webrtc.org> > Reviewed-by: Kári Helgason <kthelgason@webrtc.org> > Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> > Reviewed-by: Qingsi Wang <qingsi@webrtc.org> > Reviewed-by: Steve Anton <steveanton@webrtc.org> > Commit-Queue: Benjamin Wright <benwright@webrtc.org> > Cr-Commit-Position: refs/heads/master@{#25130} TBR=steveanton@webrtc.org,sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org Bug: webrtc:9681 Change-Id: Ib0075c477c951b540d4deecb3b0cf8cf86ba0fff Reviewed-on: https://webrtc-review.googlesource.com/c/105541 Reviewed-by: Oleh Prypin <oprypin@webrtc.org> Commit-Queue: Oleh Prypin <oprypin@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25133}
This commit is contained in:
Oleh Prypin
Commit Bot
parent
1cd39fa9ea
commit
8f4bc41c42
@ -52,8 +52,6 @@ rtc_static_library("libjingle_peerconnection_api") {
|
||||
"bitrate_constraints.h",
|
||||
"candidate.cc",
|
||||
"candidate.h",
|
||||
"crypto/cryptooptions.cc",
|
||||
"crypto/cryptooptions.h",
|
||||
"crypto/framedecryptorinterface.h",
|
||||
"crypto/frameencryptorinterface.h",
|
||||
"cryptoparams.h",
|
||||
|
||||
@ -1,52 +0,0 @@
|
||||
/*
|
||||
* Copyright 2018 The WebRTC Project Authors. All rights reserved.
|
||||
*
|
||||
* Use of this source code is governed by a BSD-style license
|
||||
* that can be found in the LICENSE file in the root of the source
|
||||
* tree. An additional intellectual property rights grant can be found
|
||||
* in the file PATENTS. All contributing project authors may
|
||||
* be found in the AUTHORS file in the root of the source tree.
|
||||
*/
|
||||
|
||||
#include "api/crypto/cryptooptions.h"
|
||||
#include "rtc_base/sslstreamadapter.h"
|
||||
|
||||
namespace webrtc {
|
||||
|
||||
CryptoOptions::CryptoOptions() {}
|
||||
|
||||
CryptoOptions::CryptoOptions(const CryptoOptions& other) {
|
||||
enable_gcm_crypto_suites = other.enable_gcm_crypto_suites;
|
||||
enable_encrypted_rtp_header_extensions =
|
||||
other.enable_encrypted_rtp_header_extensions;
|
||||
srtp = other.srtp;
|
||||
}
|
||||
|
||||
CryptoOptions::~CryptoOptions() {}
|
||||
|
||||
// static
|
||||
CryptoOptions CryptoOptions::NoGcm() {
|
||||
CryptoOptions options;
|
||||
options.srtp.enable_gcm_crypto_suites = false;
|
||||
return options;
|
||||
}
|
||||
|
||||
std::vector<int> CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const {
|
||||
std::vector<int> crypto_suites;
|
||||
if (srtp.enable_gcm_crypto_suites) {
|
||||
crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);
|
||||
crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);
|
||||
}
|
||||
// Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by
|
||||
// draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as
|
||||
// well, and saves a few bytes per packet if it ends up selected.
|
||||
// As the cipher suite is potentially insecure, it will only be used if
|
||||
// enabled by both peers.
|
||||
if (srtp.enable_aes128_sha1_32_crypto_cipher) {
|
||||
crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);
|
||||
}
|
||||
crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);
|
||||
return crypto_suites;
|
||||
}
|
||||
|
||||
} // namespace webrtc
|
||||
@ -1,64 +0,0 @@
|
||||
/*
|
||||
* Copyright 2018 The WebRTC Project Authors. All rights reserved.
|
||||
*
|
||||
* Use of this source code is governed by a BSD-style license
|
||||
* that can be found in the LICENSE file in the root of the source
|
||||
* tree. An additional intellectual property rights grant can be found
|
||||
* in the file PATENTS. All contributing project authors may
|
||||
* be found in the AUTHORS file in the root of the source tree.
|
||||
*/
|
||||
|
||||
#ifndef API_CRYPTO_CRYPTOOPTIONS_H_
|
||||
#define API_CRYPTO_CRYPTOOPTIONS_H_
|
||||
|
||||
#include <vector>
|
||||
#include "absl/types/optional.h"
|
||||
|
||||
namespace webrtc {
|
||||
|
||||
// CryptoOptions defines advanced cryptographic settings for native WebRTC.
|
||||
// These settings must be passed into PeerConnectionFactoryInterface::Options
|
||||
// and are only applicable to native use cases of WebRTC.
|
||||
struct CryptoOptions {
|
||||
CryptoOptions();
|
||||
CryptoOptions(const CryptoOptions& other);
|
||||
~CryptoOptions();
|
||||
|
||||
// Helper method to return an instance of the CryptoOptions with GCM crypto
|
||||
// suites disabled. This method should be used instead of depending on current
|
||||
// default values set by the constructor.
|
||||
static CryptoOptions NoGcm();
|
||||
|
||||
// Returns a list of the supported DTLS-SRTP Crypto suites based on this set
|
||||
// of crypto options.
|
||||
std::vector<int> GetSupportedDtlsSrtpCryptoSuites() const;
|
||||
|
||||
// TODO(webrtc:9859) - Remove duplicates once chromium is fixed.
|
||||
// Will be removed once srtp.enable_gcm_crypto_suites is updated in Chrome.
|
||||
absl::optional<bool> enable_gcm_crypto_suites;
|
||||
// TODO(webrtc:9859) - Remove duplicates once chromium is fixed.
|
||||
// Will be removed once srtp.enable_encrypted_rtp_header_extensions is
|
||||
// updated in Chrome.
|
||||
absl::optional<bool> enable_encrypted_rtp_header_extensions;
|
||||
|
||||
// SRTP Related Peer Connection options.
|
||||
struct Srtp {
|
||||
// Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
|
||||
// if both sides enable it.
|
||||
bool enable_gcm_crypto_suites = false;
|
||||
|
||||
// If set to true, the (potentially insecure) crypto cipher
|
||||
// SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
|
||||
// during negotiation. It will only be used if both peers support it and no
|
||||
// other ciphers get preferred.
|
||||
bool enable_aes128_sha1_32_crypto_cipher = false;
|
||||
|
||||
// If set to true, encrypted RTP header extensions as defined in RFC 6904
|
||||
// will be negotiated. They will only be used if both peers support them.
|
||||
bool enable_encrypted_rtp_header_extensions = false;
|
||||
} srtp;
|
||||
};
|
||||
|
||||
} // namespace webrtc
|
||||
|
||||
#endif // API_CRYPTO_CRYPTOOPTIONS_H_
|
||||
@ -16,8 +16,6 @@
|
||||
namespace cricket {
|
||||
|
||||
// Parameters for SRTP negotiation, as described in RFC 4568.
|
||||
// TODO(benwright) - Rename to SrtpCryptoParams as these only apply to SRTP and
|
||||
// not generic crypto parameters for WebRTC.
|
||||
struct CryptoParams {
|
||||
CryptoParams() : tag(0) {}
|
||||
CryptoParams(int t,
|
||||
|
||||
@ -77,7 +77,6 @@
|
||||
#include "api/audio_codecs/audio_encoder_factory.h"
|
||||
#include "api/audio_options.h"
|
||||
#include "api/call/callfactoryinterface.h"
|
||||
#include "api/crypto/cryptooptions.h"
|
||||
#include "api/datachannelinterface.h"
|
||||
#include "api/fec_controller.h"
|
||||
#include "api/jsep.h"
|
||||
@ -1181,7 +1180,7 @@ class PeerConnectionFactoryInterface : public rtc::RefCountInterface {
|
||||
public:
|
||||
class Options {
|
||||
public:
|
||||
Options() {}
|
||||
Options() : crypto_options(rtc::CryptoOptions::NoGcm()) {}
|
||||
|
||||
// If set to true, created PeerConnections won't enforce any SRTP
|
||||
// requirement, allowing unsecured media. Should only be used for
|
||||
@ -1210,7 +1209,7 @@ class PeerConnectionFactoryInterface : public rtc::RefCountInterface {
|
||||
rtc::SSLProtocolVersion ssl_max_version = rtc::SSL_PROTOCOL_DTLS_12;
|
||||
|
||||
// Sets crypto related options, e.g. enabled cipher suites.
|
||||
CryptoOptions crypto_options = CryptoOptions::NoGcm();
|
||||
rtc::CryptoOptions crypto_options;
|
||||
};
|
||||
|
||||
// Set the options to be used for subsequently created PeerConnections.
|
||||
|
||||
@ -114,12 +114,12 @@ void StreamInterfaceChannel::Close() {
|
||||
}
|
||||
|
||||
DtlsTransport::DtlsTransport(IceTransportInternal* ice_transport,
|
||||
const webrtc::CryptoOptions& crypto_options)
|
||||
const rtc::CryptoOptions& crypto_options)
|
||||
: transport_name_(ice_transport->transport_name()),
|
||||
component_(ice_transport->component()),
|
||||
ice_transport_(ice_transport),
|
||||
downward_(NULL),
|
||||
srtp_ciphers_(crypto_options.GetSupportedDtlsSrtpCryptoSuites()),
|
||||
srtp_ciphers_(GetSupportedDtlsSrtpCryptoSuites(crypto_options)),
|
||||
ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_12),
|
||||
crypto_options_(crypto_options) {
|
||||
RTC_DCHECK(ice_transport_);
|
||||
@ -128,13 +128,13 @@ DtlsTransport::DtlsTransport(IceTransportInternal* ice_transport,
|
||||
|
||||
DtlsTransport::DtlsTransport(
|
||||
std::unique_ptr<IceTransportInternal> ice_transport,
|
||||
const webrtc::CryptoOptions& crypto_options)
|
||||
const rtc::CryptoOptions& crypto_options)
|
||||
: transport_name_(ice_transport->transport_name()),
|
||||
component_(ice_transport->component()),
|
||||
ice_transport_(ice_transport.get()),
|
||||
owned_ice_transport_(std::move(ice_transport)),
|
||||
downward_(NULL),
|
||||
srtp_ciphers_(crypto_options.GetSupportedDtlsSrtpCryptoSuites()),
|
||||
srtp_ciphers_(GetSupportedDtlsSrtpCryptoSuites(crypto_options)),
|
||||
ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_12),
|
||||
crypto_options_(crypto_options) {
|
||||
RTC_DCHECK(owned_ice_transport_);
|
||||
@ -143,7 +143,7 @@ DtlsTransport::DtlsTransport(
|
||||
|
||||
DtlsTransport::~DtlsTransport() = default;
|
||||
|
||||
const webrtc::CryptoOptions& DtlsTransport::crypto_options() const {
|
||||
const rtc::CryptoOptions& DtlsTransport::crypto_options() const {
|
||||
return crypto_options_;
|
||||
}
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "api/crypto/cryptooptions.h"
|
||||
#include "p2p/base/dtlstransportinternal.h"
|
||||
#include "p2p/base/icetransportinternal.h"
|
||||
#include "rtc_base/buffer.h"
|
||||
@ -97,13 +96,13 @@ class DtlsTransport : public DtlsTransportInternal {
|
||||
// whether GCM crypto suites are negotiated.
|
||||
// TODO(zhihuang): Remove this once we switch to JsepTransportController.
|
||||
explicit DtlsTransport(IceTransportInternal* ice_transport,
|
||||
const webrtc::CryptoOptions& crypto_options);
|
||||
const rtc::CryptoOptions& crypto_options);
|
||||
explicit DtlsTransport(std::unique_ptr<IceTransportInternal> ice_transport,
|
||||
const webrtc::CryptoOptions& crypto_options);
|
||||
const rtc::CryptoOptions& crypto_options);
|
||||
|
||||
~DtlsTransport() override;
|
||||
|
||||
const webrtc::CryptoOptions& crypto_options() const override;
|
||||
const rtc::CryptoOptions& crypto_options() const override;
|
||||
DtlsTransportState dtls_state() const override;
|
||||
const std::string& transport_name() const override;
|
||||
int component() const override;
|
||||
@ -232,7 +231,7 @@ class DtlsTransport : public DtlsTransportInternal {
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_;
|
||||
absl::optional<rtc::SSLRole> dtls_role_;
|
||||
rtc::SSLProtocolVersion ssl_max_version_;
|
||||
webrtc::CryptoOptions crypto_options_;
|
||||
rtc::CryptoOptions crypto_options_;
|
||||
rtc::Buffer remote_fingerprint_value_;
|
||||
std::string remote_fingerprint_algorithm_;
|
||||
|
||||
|
||||
@ -86,8 +86,8 @@ class DtlsTestClient : public sigslot::has_slots<> {
|
||||
fake_ice_transport_->SignalReadPacket.connect(
|
||||
this, &DtlsTestClient::OnFakeIceTransportReadPacket);
|
||||
|
||||
dtls_transport_ = absl::make_unique<DtlsTransport>(
|
||||
fake_ice_transport_.get(), webrtc::CryptoOptions());
|
||||
dtls_transport_.reset(
|
||||
new DtlsTransport(fake_ice_transport_.get(), rtc::CryptoOptions()));
|
||||
dtls_transport_->SetSslMaxProtocolVersion(ssl_max_version_);
|
||||
// Note: Certificate may be null here if testing passthrough.
|
||||
dtls_transport_->SetLocalCertificate(certificate_);
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "api/crypto/cryptooptions.h"
|
||||
#include "p2p/base/icetransportinternal.h"
|
||||
#include "p2p/base/packettransportinternal.h"
|
||||
#include "rtc_base/sslstreamadapter.h"
|
||||
@ -51,7 +50,7 @@ class DtlsTransportInternal : public rtc::PacketTransportInternal {
|
||||
public:
|
||||
~DtlsTransportInternal() override;
|
||||
|
||||
virtual const webrtc::CryptoOptions& crypto_options() const = 0;
|
||||
virtual const rtc::CryptoOptions& crypto_options() const = 0;
|
||||
|
||||
virtual DtlsTransportState dtls_state() const = 0;
|
||||
|
||||
|
||||
@ -17,7 +17,6 @@
|
||||
#include <vector>
|
||||
|
||||
#include "absl/memory/memory.h"
|
||||
#include "api/crypto/cryptooptions.h"
|
||||
#include "p2p/base/dtlstransportinternal.h"
|
||||
#include "p2p/base/fakeicetransport.h"
|
||||
#include "rtc_base/fakesslidentity.h"
|
||||
@ -150,10 +149,10 @@ class FakeDtlsTransport : public DtlsTransportInternal {
|
||||
*role = *dtls_role_;
|
||||
return true;
|
||||
}
|
||||
const webrtc::CryptoOptions& crypto_options() const override {
|
||||
const rtc::CryptoOptions& crypto_options() const override {
|
||||
return crypto_options_;
|
||||
}
|
||||
void SetCryptoOptions(const webrtc::CryptoOptions& crypto_options) {
|
||||
void SetCryptoOptions(const rtc::CryptoOptions& crypto_options) {
|
||||
crypto_options_ = crypto_options;
|
||||
}
|
||||
bool SetLocalCertificate(
|
||||
@ -273,7 +272,7 @@ class FakeDtlsTransport : public DtlsTransportInternal {
|
||||
rtc::SSLFingerprint dtls_fingerprint_;
|
||||
absl::optional<rtc::SSLRole> dtls_role_;
|
||||
int crypto_suite_ = rtc::SRTP_AES128_CM_SHA1_80;
|
||||
webrtc::CryptoOptions crypto_options_;
|
||||
rtc::CryptoOptions crypto_options_;
|
||||
|
||||
DtlsTransportState dtls_state_ = DTLS_TRANSPORT_NEW;
|
||||
|
||||
|
||||
@ -34,7 +34,7 @@ class TransportFactoryInterface {
|
||||
|
||||
virtual std::unique_ptr<DtlsTransportInternal> CreateDtlsTransport(
|
||||
std::unique_ptr<IceTransportInternal> ice,
|
||||
const webrtc::CryptoOptions& crypto_options) = 0;
|
||||
const rtc::CryptoOptions& crypto_options) = 0;
|
||||
};
|
||||
|
||||
} // namespace cricket
|
||||
|
||||
@ -101,7 +101,7 @@ BaseChannel::BaseChannel(rtc::Thread* worker_thread,
|
||||
std::unique_ptr<MediaChannel> media_channel,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
webrtc::CryptoOptions crypto_options)
|
||||
rtc::CryptoOptions crypto_options)
|
||||
: worker_thread_(worker_thread),
|
||||
network_thread_(network_thread),
|
||||
signaling_thread_(signaling_thread),
|
||||
@ -673,7 +673,7 @@ bool BaseChannel::UpdateRemoteStreams_w(
|
||||
RtpHeaderExtensions BaseChannel::GetFilteredRtpHeaderExtensions(
|
||||
const RtpHeaderExtensions& extensions) {
|
||||
RTC_DCHECK(rtp_transport_);
|
||||
if (crypto_options_.srtp.enable_encrypted_rtp_header_extensions) {
|
||||
if (crypto_options_.enable_encrypted_rtp_header_extensions) {
|
||||
RtpHeaderExtensions filtered;
|
||||
auto pred = [](const webrtc::RtpExtension& extension) {
|
||||
return !extension.encrypt;
|
||||
@ -742,7 +742,7 @@ VoiceChannel::VoiceChannel(rtc::Thread* worker_thread,
|
||||
std::unique_ptr<VoiceMediaChannel> media_channel,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
webrtc::CryptoOptions crypto_options)
|
||||
rtc::CryptoOptions crypto_options)
|
||||
: BaseChannel(worker_thread,
|
||||
network_thread,
|
||||
signaling_thread,
|
||||
@ -881,7 +881,7 @@ VideoChannel::VideoChannel(rtc::Thread* worker_thread,
|
||||
std::unique_ptr<VideoMediaChannel> media_channel,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
webrtc::CryptoOptions crypto_options)
|
||||
rtc::CryptoOptions crypto_options)
|
||||
: BaseChannel(worker_thread,
|
||||
network_thread,
|
||||
signaling_thread,
|
||||
@ -1019,7 +1019,7 @@ RtpDataChannel::RtpDataChannel(rtc::Thread* worker_thread,
|
||||
std::unique_ptr<DataMediaChannel> media_channel,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
webrtc::CryptoOptions crypto_options)
|
||||
rtc::CryptoOptions crypto_options)
|
||||
: BaseChannel(worker_thread,
|
||||
network_thread,
|
||||
signaling_thread,
|
||||
|
||||
10
pc/channel.h
10
pc/channel.h
@ -82,7 +82,7 @@ class BaseChannel : public rtc::MessageHandler,
|
||||
std::unique_ptr<MediaChannel> media_channel,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
webrtc::CryptoOptions crypto_options);
|
||||
rtc::CryptoOptions crypto_options);
|
||||
virtual ~BaseChannel();
|
||||
void Init_w(webrtc::RtpTransportInternal* rtp_transport);
|
||||
|
||||
@ -313,7 +313,7 @@ class BaseChannel : public rtc::MessageHandler,
|
||||
bool was_ever_writable_ = false;
|
||||
bool has_received_packet_ = false;
|
||||
const bool srtp_required_ = true;
|
||||
webrtc::CryptoOptions crypto_options_;
|
||||
rtc::CryptoOptions crypto_options_;
|
||||
|
||||
// MediaChannel related members that should be accessed from the worker
|
||||
// thread.
|
||||
@ -343,7 +343,7 @@ class VoiceChannel : public BaseChannel {
|
||||
std::unique_ptr<VoiceMediaChannel> channel,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
webrtc::CryptoOptions crypto_options);
|
||||
rtc::CryptoOptions crypto_options);
|
||||
~VoiceChannel();
|
||||
|
||||
// downcasts a MediaChannel
|
||||
@ -383,7 +383,7 @@ class VideoChannel : public BaseChannel {
|
||||
std::unique_ptr<VideoMediaChannel> media_channel,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
webrtc::CryptoOptions crypto_options);
|
||||
rtc::CryptoOptions crypto_options);
|
||||
~VideoChannel();
|
||||
|
||||
// downcasts a MediaChannel
|
||||
@ -422,7 +422,7 @@ class RtpDataChannel : public BaseChannel {
|
||||
std::unique_ptr<DataMediaChannel> channel,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
webrtc::CryptoOptions crypto_options);
|
||||
rtc::CryptoOptions crypto_options);
|
||||
~RtpDataChannel();
|
||||
// TODO(zhihuang): Remove this once the RtpTransport can be shared between
|
||||
// BaseChannels.
|
||||
|
||||
@ -250,7 +250,7 @@ class ChannelTest : public testing::Test, public sigslot::has_slots<> {
|
||||
rtc::Thread* signaling_thread = rtc::Thread::Current();
|
||||
auto channel = absl::make_unique<typename T::Channel>(
|
||||
worker_thread, network_thread, signaling_thread, engine, std::move(ch),
|
||||
cricket::CN_AUDIO, (flags & DTLS) != 0, webrtc::CryptoOptions());
|
||||
cricket::CN_AUDIO, (flags & DTLS) != 0, rtc::CryptoOptions());
|
||||
channel->Init_w(rtp_transport);
|
||||
return channel;
|
||||
}
|
||||
@ -1545,7 +1545,7 @@ std::unique_ptr<cricket::VideoChannel> ChannelTest<VideoTraits>::CreateChannel(
|
||||
rtc::Thread* signaling_thread = rtc::Thread::Current();
|
||||
auto channel = absl::make_unique<cricket::VideoChannel>(
|
||||
worker_thread, network_thread, signaling_thread, std::move(ch),
|
||||
cricket::CN_VIDEO, (flags & DTLS) != 0, webrtc::CryptoOptions());
|
||||
cricket::CN_VIDEO, (flags & DTLS) != 0, rtc::CryptoOptions());
|
||||
channel->Init_w(rtp_transport);
|
||||
return channel;
|
||||
}
|
||||
@ -2164,7 +2164,7 @@ std::unique_ptr<cricket::RtpDataChannel> ChannelTest<DataTraits>::CreateChannel(
|
||||
rtc::Thread* signaling_thread = rtc::Thread::Current();
|
||||
auto channel = absl::make_unique<cricket::RtpDataChannel>(
|
||||
worker_thread, network_thread, signaling_thread, std::move(ch),
|
||||
cricket::CN_DATA, (flags & DTLS) != 0, webrtc::CryptoOptions());
|
||||
cricket::CN_DATA, (flags & DTLS) != 0, rtc::CryptoOptions());
|
||||
channel->Init_w(rtp_transport);
|
||||
return channel;
|
||||
}
|
||||
|
||||
@ -159,7 +159,7 @@ VoiceChannel* ChannelManager::CreateVoiceChannel(
|
||||
rtc::Thread* signaling_thread,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
const AudioOptions& options) {
|
||||
if (!worker_thread_->IsCurrent()) {
|
||||
return worker_thread_->Invoke<VoiceChannel*>(RTC_FROM_HERE, [&] {
|
||||
@ -226,7 +226,7 @@ VideoChannel* ChannelManager::CreateVideoChannel(
|
||||
rtc::Thread* signaling_thread,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
const VideoOptions& options) {
|
||||
if (!worker_thread_->IsCurrent()) {
|
||||
return worker_thread_->Invoke<VideoChannel*>(RTC_FROM_HERE, [&] {
|
||||
@ -291,7 +291,7 @@ RtpDataChannel* ChannelManager::CreateRtpDataChannel(
|
||||
rtc::Thread* signaling_thread,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
const webrtc::CryptoOptions& crypto_options) {
|
||||
const rtc::CryptoOptions& crypto_options) {
|
||||
if (!worker_thread_->IsCurrent()) {
|
||||
return worker_thread_->Invoke<RtpDataChannel*>(RTC_FROM_HERE, [&] {
|
||||
return CreateRtpDataChannel(media_config, rtp_transport, signaling_thread,
|
||||
|
||||
@ -86,7 +86,7 @@ class ChannelManager final {
|
||||
rtc::Thread* signaling_thread,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
const AudioOptions& options);
|
||||
// Destroys a voice channel created by CreateVoiceChannel.
|
||||
void DestroyVoiceChannel(VoiceChannel* voice_channel);
|
||||
@ -100,7 +100,7 @@ class ChannelManager final {
|
||||
rtc::Thread* signaling_thread,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
const VideoOptions& options);
|
||||
// Destroys a video channel created by CreateVideoChannel.
|
||||
void DestroyVideoChannel(VideoChannel* video_channel);
|
||||
@ -111,7 +111,7 @@ class ChannelManager final {
|
||||
rtc::Thread* signaling_thread,
|
||||
const std::string& content_name,
|
||||
bool srtp_required,
|
||||
const webrtc::CryptoOptions& crypto_options);
|
||||
const rtc::CryptoOptions& crypto_options);
|
||||
// Destroys a data channel created by CreateRtpDataChannel.
|
||||
void DestroyRtpDataChannel(RtpDataChannel* data_channel);
|
||||
|
||||
|
||||
@ -65,16 +65,16 @@ class ChannelManagerTest : public testing::Test {
|
||||
cricket::VoiceChannel* voice_channel = cm_->CreateVoiceChannel(
|
||||
&fake_call_, cricket::MediaConfig(), rtp_transport,
|
||||
rtc::Thread::Current(), cricket::CN_AUDIO, kDefaultSrtpRequired,
|
||||
webrtc::CryptoOptions(), AudioOptions());
|
||||
rtc::CryptoOptions(), AudioOptions());
|
||||
EXPECT_TRUE(voice_channel != nullptr);
|
||||
cricket::VideoChannel* video_channel = cm_->CreateVideoChannel(
|
||||
&fake_call_, cricket::MediaConfig(), rtp_transport,
|
||||
rtc::Thread::Current(), cricket::CN_VIDEO, kDefaultSrtpRequired,
|
||||
webrtc::CryptoOptions(), VideoOptions());
|
||||
rtc::CryptoOptions(), VideoOptions());
|
||||
EXPECT_TRUE(video_channel != nullptr);
|
||||
cricket::RtpDataChannel* rtp_data_channel = cm_->CreateRtpDataChannel(
|
||||
cricket::MediaConfig(), rtp_transport, rtc::Thread::Current(),
|
||||
cricket::CN_DATA, kDefaultSrtpRequired, webrtc::CryptoOptions());
|
||||
cricket::CN_DATA, kDefaultSrtpRequired, rtc::CryptoOptions());
|
||||
EXPECT_TRUE(rtp_data_channel != nullptr);
|
||||
cm_->DestroyVideoChannel(video_channel);
|
||||
cm_->DestroyVoiceChannel(voice_channel);
|
||||
|
||||
@ -814,7 +814,7 @@ std::vector<int> JsepTransportController::GetEncryptedHeaderExtensionIds(
|
||||
static_cast<const cricket::MediaContentDescription*>(
|
||||
content_info.description);
|
||||
|
||||
if (!config_.crypto_options.srtp.enable_encrypted_rtp_header_extensions) {
|
||||
if (!config_.crypto_options.enable_encrypted_rtp_header_extensions) {
|
||||
return std::vector<int>();
|
||||
}
|
||||
|
||||
|
||||
@ -18,7 +18,6 @@
|
||||
#include <vector>
|
||||
|
||||
#include "api/candidate.h"
|
||||
#include "api/crypto/cryptooptions.h"
|
||||
#include "api/media_transport_interface.h"
|
||||
#include "api/peerconnectioninterface.h"
|
||||
#include "logging/rtc_event_log/rtc_event_log.h"
|
||||
@ -34,6 +33,7 @@
|
||||
#include "rtc_base/asyncinvoker.h"
|
||||
#include "rtc_base/constructormagic.h"
|
||||
#include "rtc_base/refcountedobject.h"
|
||||
#include "rtc_base/sslstreamadapter.h"
|
||||
#include "rtc_base/third_party/sigslot/sigslot.h"
|
||||
|
||||
namespace rtc {
|
||||
@ -68,7 +68,7 @@ class JsepTransportController : public sigslot::has_slots<> {
|
||||
rtc::SSLProtocolVersion ssl_max_version = rtc::SSL_PROTOCOL_DTLS_12;
|
||||
// |crypto_options| is used to determine if created DTLS transports
|
||||
// negotiate GCM crypto suites or not.
|
||||
webrtc::CryptoOptions crypto_options;
|
||||
rtc::CryptoOptions crypto_options;
|
||||
PeerConnectionInterface::BundlePolicy bundle_policy =
|
||||
PeerConnectionInterface::kBundlePolicyBalanced;
|
||||
PeerConnectionInterface::RtcpMuxPolicy rtcp_mux_policy =
|
||||
|
||||
@ -52,7 +52,7 @@ class FakeTransportFactory : public cricket::TransportFactoryInterface {
|
||||
|
||||
std::unique_ptr<cricket::DtlsTransportInternal> CreateDtlsTransport(
|
||||
std::unique_ptr<cricket::IceTransportInternal> ice,
|
||||
const webrtc::CryptoOptions& crypto_options) override {
|
||||
const rtc::CryptoOptions& crypto_options) override {
|
||||
std::unique_ptr<cricket::FakeIceTransport> fake_ice(
|
||||
static_cast<cricket::FakeIceTransport*>(ice.release()));
|
||||
return absl::make_unique<FakeDtlsTransport>(std::move(fake_ice));
|
||||
|
||||
@ -39,10 +39,10 @@ using webrtc::RtpTransceiverDirection;
|
||||
|
||||
const char kInline[] = "inline:";
|
||||
|
||||
void GetSupportedSdesCryptoSuiteNames(
|
||||
void (*func)(const webrtc::CryptoOptions&, std::vector<int>*),
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
std::vector<std::string>* names) {
|
||||
void GetSupportedSdesCryptoSuiteNames(void (*func)(const rtc::CryptoOptions&,
|
||||
std::vector<int>*),
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<std::string>* names) {
|
||||
std::vector<int> crypto_suites;
|
||||
func(crypto_options, &crypto_suites);
|
||||
for (const auto crypto : crypto_suites) {
|
||||
@ -195,30 +195,28 @@ bool FindMatchingCrypto(const CryptoParamsVec& cryptos,
|
||||
|
||||
// For audio, HMAC 32 (if enabled) is prefered over HMAC 80 because of the
|
||||
// low overhead.
|
||||
void GetSupportedAudioSdesCryptoSuites(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites) {
|
||||
if (crypto_options.srtp.enable_gcm_crypto_suites) {
|
||||
void GetSupportedAudioSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites) {
|
||||
if (crypto_options.enable_gcm_crypto_suites) {
|
||||
crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
|
||||
crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
|
||||
}
|
||||
if (crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher) {
|
||||
if (crypto_options.enable_aes128_sha1_32_crypto_cipher) {
|
||||
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32);
|
||||
}
|
||||
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
|
||||
}
|
||||
|
||||
void GetSupportedAudioSdesCryptoSuiteNames(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<std::string>* crypto_suite_names) {
|
||||
GetSupportedSdesCryptoSuiteNames(GetSupportedAudioSdesCryptoSuites,
|
||||
crypto_options, crypto_suite_names);
|
||||
}
|
||||
|
||||
void GetSupportedVideoSdesCryptoSuites(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites) {
|
||||
if (crypto_options.srtp.enable_gcm_crypto_suites) {
|
||||
void GetSupportedVideoSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites) {
|
||||
if (crypto_options.enable_gcm_crypto_suites) {
|
||||
crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
|
||||
crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
|
||||
}
|
||||
@ -226,16 +224,15 @@ void GetSupportedVideoSdesCryptoSuites(
|
||||
}
|
||||
|
||||
void GetSupportedVideoSdesCryptoSuiteNames(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<std::string>* crypto_suite_names) {
|
||||
GetSupportedSdesCryptoSuiteNames(GetSupportedVideoSdesCryptoSuites,
|
||||
crypto_options, crypto_suite_names);
|
||||
}
|
||||
|
||||
void GetSupportedDataSdesCryptoSuites(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites) {
|
||||
if (crypto_options.srtp.enable_gcm_crypto_suites) {
|
||||
void GetSupportedDataSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites) {
|
||||
if (crypto_options.enable_gcm_crypto_suites) {
|
||||
crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
|
||||
crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
|
||||
}
|
||||
@ -243,7 +240,7 @@ void GetSupportedDataSdesCryptoSuites(
|
||||
}
|
||||
|
||||
void GetSupportedDataSdesCryptoSuiteNames(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<std::string>* crypto_suite_names) {
|
||||
GetSupportedSdesCryptoSuiteNames(GetSupportedDataSdesCryptoSuites,
|
||||
crypto_options, crypto_suite_names);
|
||||
@ -255,17 +252,17 @@ void GetSupportedDataSdesCryptoSuiteNames(
|
||||
// Pick the crypto in the list that is supported.
|
||||
static bool SelectCrypto(const MediaContentDescription* offer,
|
||||
bool bundle,
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
CryptoParams* crypto_out) {
|
||||
bool audio = offer->type() == MEDIA_TYPE_AUDIO;
|
||||
const CryptoParamsVec& cryptos = offer->cryptos();
|
||||
|
||||
for (const CryptoParams& crypto : cryptos) {
|
||||
if ((crypto_options.srtp.enable_gcm_crypto_suites &&
|
||||
if ((crypto_options.enable_gcm_crypto_suites &&
|
||||
rtc::IsGcmCryptoSuiteName(crypto.cipher_suite)) ||
|
||||
rtc::CS_AES_CM_128_HMAC_SHA1_80 == crypto.cipher_suite ||
|
||||
(rtc::CS_AES_CM_128_HMAC_SHA1_32 == crypto.cipher_suite && audio &&
|
||||
!bundle && crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher)) {
|
||||
!bundle && crypto_options.enable_aes128_sha1_32_crypto_cipher)) {
|
||||
return CreateCryptoParams(crypto.tag, crypto.cipher_suite, crypto_out);
|
||||
}
|
||||
}
|
||||
|
||||
@ -95,7 +95,7 @@ struct MediaSessionOptions {
|
||||
bool bundle_enabled = false;
|
||||
bool is_unified_plan = false;
|
||||
std::string rtcp_cname = kDefaultRtcpCname;
|
||||
webrtc::CryptoOptions crypto_options;
|
||||
rtc::CryptoOptions crypto_options;
|
||||
// List of media description options in the same order that the media
|
||||
// descriptions will be generated.
|
||||
std::vector<MediaDescriptionOptions> media_description_options;
|
||||
@ -337,23 +337,20 @@ DataContentDescription* GetFirstDataContentDescription(
|
||||
SessionDescription* sdesc);
|
||||
|
||||
// Helper functions to return crypto suites used for SDES.
|
||||
void GetSupportedAudioSdesCryptoSuites(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites);
|
||||
void GetSupportedVideoSdesCryptoSuites(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites);
|
||||
void GetSupportedDataSdesCryptoSuites(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites);
|
||||
void GetSupportedAudioSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites);
|
||||
void GetSupportedVideoSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites);
|
||||
void GetSupportedDataSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<int>* crypto_suites);
|
||||
void GetSupportedAudioSdesCryptoSuiteNames(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<std::string>* crypto_suite_names);
|
||||
void GetSupportedVideoSdesCryptoSuiteNames(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<std::string>* crypto_suite_names);
|
||||
void GetSupportedDataSdesCryptoSuiteNames(
|
||||
const webrtc::CryptoOptions& crypto_options,
|
||||
const rtc::CryptoOptions& crypto_options,
|
||||
std::vector<std::string>* crypto_suite_names);
|
||||
|
||||
// Returns true if the given media section protocol indicates use of RTP.
|
||||
|
||||
@ -609,11 +609,11 @@ class MediaSessionDescriptionFactoryTest : public testing::Test {
|
||||
void TestVideoGcmCipher(bool gcm_offer, bool gcm_answer) {
|
||||
MediaSessionOptions offer_opts;
|
||||
AddAudioVideoSections(RtpTransceiverDirection::kRecvOnly, &offer_opts);
|
||||
offer_opts.crypto_options.srtp.enable_gcm_crypto_suites = gcm_offer;
|
||||
offer_opts.crypto_options.enable_gcm_crypto_suites = gcm_offer;
|
||||
|
||||
MediaSessionOptions answer_opts;
|
||||
AddAudioVideoSections(RtpTransceiverDirection::kRecvOnly, &answer_opts);
|
||||
answer_opts.crypto_options.srtp.enable_gcm_crypto_suites = gcm_answer;
|
||||
answer_opts.crypto_options.enable_gcm_crypto_suites = gcm_answer;
|
||||
|
||||
f1_.set_secure(SEC_ENABLED);
|
||||
f2_.set_secure(SEC_ENABLED);
|
||||
@ -953,7 +953,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateAudioAnswerGcm) {
|
||||
f1_.set_secure(SEC_ENABLED);
|
||||
f2_.set_secure(SEC_ENABLED);
|
||||
MediaSessionOptions opts = CreatePlanBMediaSessionOptions();
|
||||
opts.crypto_options.srtp.enable_gcm_crypto_suites = true;
|
||||
opts.crypto_options.enable_gcm_crypto_suites = true;
|
||||
std::unique_ptr<SessionDescription> offer(f1_.CreateOffer(opts, NULL));
|
||||
ASSERT_TRUE(offer.get() != NULL);
|
||||
std::unique_ptr<SessionDescription> answer(
|
||||
@ -1057,7 +1057,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateDataAnswer) {
|
||||
TEST_F(MediaSessionDescriptionFactoryTest, TestCreateDataAnswerGcm) {
|
||||
MediaSessionOptions opts = CreatePlanBMediaSessionOptions();
|
||||
AddDataSection(cricket::DCT_RTP, RtpTransceiverDirection::kRecvOnly, &opts);
|
||||
opts.crypto_options.srtp.enable_gcm_crypto_suites = true;
|
||||
opts.crypto_options.enable_gcm_crypto_suites = true;
|
||||
f1_.set_secure(SEC_ENABLED);
|
||||
f2_.set_secure(SEC_ENABLED);
|
||||
std::unique_ptr<SessionDescription> offer(f1_.CreateOffer(opts, NULL));
|
||||
|
||||
@ -1027,7 +1027,7 @@ bool PeerConnection::Initialize(
|
||||
}
|
||||
|
||||
webrtc_session_desc_factory_->set_enable_encrypted_rtp_header_extensions(
|
||||
options.crypto_options.srtp.enable_encrypted_rtp_header_extensions);
|
||||
options.crypto_options.enable_encrypted_rtp_header_extensions);
|
||||
|
||||
// Add default audio/video transceivers for Plan B SDP.
|
||||
if (!IsUnifiedPlan()) {
|
||||
|
||||
@ -284,7 +284,7 @@ TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWhenEncryptionDisabled) {
|
||||
// in the answer.
|
||||
TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWithSdesAndGcm) {
|
||||
PeerConnectionFactoryInterface::Options options;
|
||||
options.crypto_options.srtp.enable_gcm_crypto_suites = true;
|
||||
options.crypto_options.enable_gcm_crypto_suites = true;
|
||||
pc_factory_->SetOptions(options);
|
||||
|
||||
RTCConfiguration config;
|
||||
@ -299,7 +299,7 @@ TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWithSdesAndGcm) {
|
||||
}
|
||||
TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWithSdesAndGcm) {
|
||||
PeerConnectionFactoryInterface::Options options;
|
||||
options.crypto_options.srtp.enable_gcm_crypto_suites = true;
|
||||
options.crypto_options.enable_gcm_crypto_suites = true;
|
||||
pc_factory_->SetOptions(options);
|
||||
|
||||
RTCConfiguration config;
|
||||
@ -317,7 +317,7 @@ TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWithSdesAndGcm) {
|
||||
|
||||
TEST_P(PeerConnectionCryptoTest, CanSetSdesGcmRemoteOfferAndLocalAnswer) {
|
||||
PeerConnectionFactoryInterface::Options options;
|
||||
options.crypto_options.srtp.enable_gcm_crypto_suites = true;
|
||||
options.crypto_options.enable_gcm_crypto_suites = true;
|
||||
pc_factory_->SetOptions(options);
|
||||
|
||||
RTCConfiguration config;
|
||||
|
||||
@ -1558,11 +1558,9 @@ class PeerConnectionIntegrationBaseTest : public testing::Test {
|
||||
bool remote_gcm_enabled,
|
||||
int expected_cipher_suite) {
|
||||
PeerConnectionFactory::Options caller_options;
|
||||
caller_options.crypto_options.srtp.enable_gcm_crypto_suites =
|
||||
local_gcm_enabled;
|
||||
caller_options.crypto_options.enable_gcm_crypto_suites = local_gcm_enabled;
|
||||
PeerConnectionFactory::Options callee_options;
|
||||
callee_options.crypto_options.srtp.enable_gcm_crypto_suites =
|
||||
remote_gcm_enabled;
|
||||
callee_options.crypto_options.enable_gcm_crypto_suites = remote_gcm_enabled;
|
||||
TestNegotiatedCipherSuite(caller_options, callee_options,
|
||||
expected_cipher_suite);
|
||||
}
|
||||
@ -2845,10 +2843,9 @@ TEST_P(PeerConnectionIntegrationTest, CallerDtls10ToCalleeDtls12) {
|
||||
TEST_P(PeerConnectionIntegrationTest,
|
||||
Aes128Sha1_32_CipherNotUsedWhenOnlyCallerSupported) {
|
||||
PeerConnectionFactory::Options caller_options;
|
||||
caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
|
||||
caller_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
|
||||
PeerConnectionFactory::Options callee_options;
|
||||
callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
|
||||
false;
|
||||
callee_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = false;
|
||||
int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80;
|
||||
TestNegotiatedCipherSuite(caller_options, callee_options,
|
||||
expected_cipher_suite);
|
||||
@ -2857,10 +2854,9 @@ TEST_P(PeerConnectionIntegrationTest,
|
||||
TEST_P(PeerConnectionIntegrationTest,
|
||||
Aes128Sha1_32_CipherNotUsedWhenOnlyCalleeSupported) {
|
||||
PeerConnectionFactory::Options caller_options;
|
||||
caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
|
||||
false;
|
||||
caller_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = false;
|
||||
PeerConnectionFactory::Options callee_options;
|
||||
callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
|
||||
callee_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
|
||||
int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80;
|
||||
TestNegotiatedCipherSuite(caller_options, callee_options,
|
||||
expected_cipher_suite);
|
||||
@ -2868,9 +2864,9 @@ TEST_P(PeerConnectionIntegrationTest,
|
||||
|
||||
TEST_P(PeerConnectionIntegrationTest, Aes128Sha1_32_CipherUsedWhenSupported) {
|
||||
PeerConnectionFactory::Options caller_options;
|
||||
caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
|
||||
caller_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
|
||||
PeerConnectionFactory::Options callee_options;
|
||||
callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
|
||||
callee_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
|
||||
int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_32;
|
||||
TestNegotiatedCipherSuite(caller_options, callee_options,
|
||||
expected_cipher_suite);
|
||||
@ -2920,7 +2916,7 @@ TEST_P(PeerConnectionIntegrationTest,
|
||||
// works with it.
|
||||
TEST_P(PeerConnectionIntegrationTest, EndToEndCallWithGcmCipher) {
|
||||
PeerConnectionFactory::Options gcm_options;
|
||||
gcm_options.crypto_options.srtp.enable_gcm_crypto_suites = true;
|
||||
gcm_options.crypto_options.enable_gcm_crypto_suites = true;
|
||||
ASSERT_TRUE(
|
||||
CreatePeerConnectionWrappersWithOptions(gcm_options, gcm_options));
|
||||
ConnectFakeSignaling();
|
||||
|
||||
@ -234,17 +234,6 @@ bool PeerConnectionFactory::Initialize() {
|
||||
|
||||
void PeerConnectionFactory::SetOptions(const Options& options) {
|
||||
options_ = options;
|
||||
// TODO(webrtc:9859) - Remove Chromium Compatibility once fix lands in
|
||||
// Chromium
|
||||
if (options.crypto_options.enable_gcm_crypto_suites.has_value()) {
|
||||
options_.crypto_options.srtp.enable_gcm_crypto_suites =
|
||||
*options.crypto_options.enable_gcm_crypto_suites;
|
||||
}
|
||||
if (options.crypto_options.enable_encrypted_rtp_header_extensions
|
||||
.has_value()) {
|
||||
options_.crypto_options.srtp.enable_encrypted_rtp_header_extensions =
|
||||
*options.crypto_options.enable_encrypted_rtp_header_extensions;
|
||||
}
|
||||
}
|
||||
|
||||
RtpCapabilities PeerConnectionFactory::GetRtpSenderCapabilities(
|
||||
|
||||
@ -81,11 +81,11 @@ class RtpSenderReceiverTest : public testing::Test,
|
||||
voice_channel_ = channel_manager_.CreateVoiceChannel(
|
||||
&fake_call_, cricket::MediaConfig(), rtp_transport_.get(),
|
||||
rtc::Thread::Current(), cricket::CN_AUDIO, srtp_required,
|
||||
webrtc::CryptoOptions(), cricket::AudioOptions());
|
||||
rtc::CryptoOptions(), cricket::AudioOptions());
|
||||
video_channel_ = channel_manager_.CreateVideoChannel(
|
||||
&fake_call_, cricket::MediaConfig(), rtp_transport_.get(),
|
||||
rtc::Thread::Current(), cricket::CN_VIDEO, srtp_required,
|
||||
webrtc::CryptoOptions(), cricket::VideoOptions());
|
||||
rtc::CryptoOptions(), cricket::VideoOptions());
|
||||
voice_channel_->Enable(true);
|
||||
video_channel_->Enable(true);
|
||||
voice_media_channel_ = media_engine_->GetVoiceChannel(0);
|
||||
|
||||
@ -126,7 +126,7 @@ class FakePeerConnectionForStats : public FakePeerConnectionBase {
|
||||
voice_channel_ = absl::make_unique<cricket::VoiceChannel>(
|
||||
worker_thread_, network_thread_, signaling_thread_, nullptr,
|
||||
std::move(voice_media_channel), mid, kDefaultSrtpRequired,
|
||||
webrtc::CryptoOptions());
|
||||
rtc::CryptoOptions());
|
||||
voice_channel_->set_transport_name_for_testing(transport_name);
|
||||
GetOrCreateFirstTransceiverOfType(cricket::MEDIA_TYPE_AUDIO)
|
||||
->internal()
|
||||
@ -144,7 +144,7 @@ class FakePeerConnectionForStats : public FakePeerConnectionBase {
|
||||
video_channel_ = absl::make_unique<cricket::VideoChannel>(
|
||||
worker_thread_, network_thread_, signaling_thread_,
|
||||
std::move(video_media_channel), mid, kDefaultSrtpRequired,
|
||||
webrtc::CryptoOptions());
|
||||
rtc::CryptoOptions());
|
||||
video_channel_->set_transport_name_for_testing(transport_name);
|
||||
GetOrCreateFirstTransceiverOfType(cricket::MEDIA_TYPE_VIDEO)
|
||||
->internal()
|
||||
|
||||
@ -89,6 +89,32 @@ bool IsGcmCryptoSuiteName(const std::string& crypto_suite) {
|
||||
crypto_suite == CS_AEAD_AES_128_GCM);
|
||||
}
|
||||
|
||||
// static
|
||||
CryptoOptions CryptoOptions::NoGcm() {
|
||||
CryptoOptions options;
|
||||
options.enable_gcm_crypto_suites = false;
|
||||
return options;
|
||||
}
|
||||
|
||||
std::vector<int> GetSupportedDtlsSrtpCryptoSuites(
|
||||
const rtc::CryptoOptions& crypto_options) {
|
||||
std::vector<int> crypto_suites;
|
||||
if (crypto_options.enable_gcm_crypto_suites) {
|
||||
crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);
|
||||
crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);
|
||||
}
|
||||
// Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by
|
||||
// draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as
|
||||
// well, and saves a few bytes per packet if it ends up selected.
|
||||
// As the cipher suite is potentially insecure, it will only be used if
|
||||
// enabled by both peers.
|
||||
if (crypto_options.enable_aes128_sha1_32_crypto_cipher) {
|
||||
crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);
|
||||
}
|
||||
crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);
|
||||
return crypto_suites;
|
||||
}
|
||||
|
||||
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
|
||||
return new OpenSSLStreamAdapter(stream);
|
||||
}
|
||||
|
||||
@ -70,6 +70,34 @@ bool IsGcmCryptoSuite(int crypto_suite);
|
||||
// Returns true if the given crypto suite name uses a GCM cipher.
|
||||
bool IsGcmCryptoSuiteName(const std::string& crypto_suite);
|
||||
|
||||
struct CryptoOptions {
|
||||
CryptoOptions() {}
|
||||
|
||||
// Helper method to return an instance of the CryptoOptions with GCM crypto
|
||||
// suites disabled. This method should be used instead of depending on current
|
||||
// default values set by the constructor.
|
||||
static CryptoOptions NoGcm();
|
||||
|
||||
// Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
|
||||
// if both sides enable it.
|
||||
bool enable_gcm_crypto_suites = false;
|
||||
|
||||
// If set to true, the (potentially insecure) crypto cipher
|
||||
// SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
|
||||
// during negotiation. It will only be used if both peers support it and no
|
||||
// other ciphers get preferred.
|
||||
bool enable_aes128_sha1_32_crypto_cipher = false;
|
||||
|
||||
// If set to true, encrypted RTP header extensions as defined in RFC 6904
|
||||
// will be negotiated. They will only be used if both peers support them.
|
||||
bool enable_encrypted_rtp_header_extensions = false;
|
||||
};
|
||||
|
||||
// Returns supported crypto suites, given |crypto_options|.
|
||||
// CS_AES_CM_128_HMAC_SHA1_32 will be preferred by default.
|
||||
std::vector<int> GetSupportedDtlsSrtpCryptoSuites(
|
||||
const rtc::CryptoOptions& crypto_options);
|
||||
|
||||
// SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS.
|
||||
// After SSL has been started, the stream will only open on successful
|
||||
// SSL verification of certificates, and the communication is
|
||||
|
||||
@ -63,9 +63,9 @@ JavaToNativePeerConnectionFactoryOptions(JNIEnv* jni,
|
||||
native_options.disable_encryption = disable_encryption;
|
||||
native_options.disable_network_monitor = disable_network_monitor;
|
||||
|
||||
native_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
|
||||
native_options.crypto_options.enable_aes128_sha1_32_crypto_cipher =
|
||||
enable_aes128_sha1_32_crypto_cipher;
|
||||
native_options.crypto_options.srtp.enable_gcm_crypto_suites =
|
||||
native_options.crypto_options.enable_gcm_crypto_suites =
|
||||
enable_gcm_crypto_suites;
|
||||
return native_options;
|
||||
}
|
||||
|
||||
@ -52,9 +52,8 @@ void setNetworkBit(webrtc::PeerConnectionFactoryInterface::Options* options,
|
||||
setNetworkBit(&options, rtc::ADAPTER_TYPE_WIFI, self.ignoreWiFiNetworkAdapter);
|
||||
setNetworkBit(&options, rtc::ADAPTER_TYPE_ETHERNET, self.ignoreEthernetNetworkAdapter);
|
||||
|
||||
options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
|
||||
self.enableAes128Sha1_32CryptoCipher;
|
||||
options.crypto_options.srtp.enable_gcm_crypto_suites = self.enableGcmCryptoSuites;
|
||||
options.crypto_options.enable_aes128_sha1_32_crypto_cipher = self.enableAes128Sha1_32CryptoCipher;
|
||||
options.crypto_options.enable_gcm_crypto_suites = self.enableGcmCryptoSuites;
|
||||
|
||||
return options;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user