admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
webrtc_m130/webrtc/base/nssstreamadapter.h
Joachim Bauch 831c5585c7 Allow setting maximum protocol version for SSL stream adapters. 
This CL adds an API to SSL stream adapters to set the maximum allowed
protocol version and with that implements support for DTLS 1.2.
With DTLS 1.2 the default cipher changes in the unittests as follows.

BoringSSL
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

NSS
TLS_RSA_WITH_AES_128_CBC_SHA -> TLS_RSA_WITH_AES_128_GCM_SHA256

BUG=chromium:428343
R=juberti@google.com

Review URL: https://webrtc-codereview.appspot.com/50989004

Cr-Commit-Position: refs/heads/master@{#9232}
2015-05-20 10:48:24 +00:00

118 lines
3.7 KiB
C++
Raw Blame History

/*
* Copyright 2004 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef WEBRTC_BASE_NSSSTREAMADAPTER_H_
#define WEBRTC_BASE_NSSSTREAMADAPTER_H_
#include <string>
#include <vector>
#include "nspr.h"
#include "nss.h"
#include "secmodt.h"
#include "webrtc/base/buffer.h"
#include "webrtc/base/criticalsection.h"
#include "webrtc/base/nssidentity.h"
#include "webrtc/base/ssladapter.h"
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/sslstreamadapterhelper.h"
namespace rtc {
// Singleton
class NSSContext {
public:
explicit NSSContext(PK11SlotInfo* slot) : slot_(slot) {}
~NSSContext() {
}
static PK11SlotInfo *GetSlot() {
return Instance() ? Instance()->slot_: NULL;
}
static NSSContext *Instance();
static bool InitializeSSL(VerificationCallback callback);
static bool InitializeSSLThread();
static bool CleanupSSL();
private:
PK11SlotInfo *slot_; // The PKCS-11 slot
static GlobalLockPod lock; // To protect the global context
static NSSContext *global_nss_context; // The global context
};
class NSSStreamAdapter : public SSLStreamAdapterHelper {
public:
explicit NSSStreamAdapter(StreamInterface* stream);
~NSSStreamAdapter() override;
bool Init();
StreamResult Read(void* data,
size_t data_len,
size_t* read,
int* error) override;
StreamResult Write(const void* data,
size_t data_len,
size_t* written,
int* error) override;
void OnMessage(Message* msg) override;
bool GetSslCipher(std::string* cipher) override;
// Key Extractor interface
bool ExportKeyingMaterial(const std::string& label,
const uint8* context,
size_t context_len,
bool use_context,
uint8* result,
size_t result_len) override;
// DTLS-SRTP interface
bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers) override;
bool GetDtlsSrtpCipher(std::string* cipher) override;
// Capabilities interfaces
static bool HaveDtls();
static bool HaveDtlsSrtp();
static bool HaveExporter();
static std::string GetDefaultSslCipher(SSLProtocolVersion version);
protected:
// Override SSLStreamAdapter
void OnEvent(StreamInterface* stream, int events, int err) override;
// Override SSLStreamAdapterHelper
int BeginSSL() override;
void Cleanup() override;
bool GetDigestLength(const std::string& algorithm, size_t* length) override;
private:
int ContinueSSL();
static SECStatus AuthCertificateHook(void *arg, PRFileDesc *fd,
PRBool checksig, PRBool isServer);
static SECStatus GetClientAuthDataHook(void *arg, PRFileDesc *fd,
CERTDistNames *caNames,
CERTCertificate **pRetCert,
SECKEYPrivateKey **pRetKey);
PRFileDesc *ssl_fd_; // NSS's SSL file descriptor
static bool initialized; // Was InitializeSSL() called?
bool cert_ok_; // Did we get and check a cert
std::vector<PRUint16> srtp_ciphers_; // SRTP cipher list
static PRDescIdentity nspr_layer_identity; // The NSPR layer identity
};
} // namespace rtc
#endif // WEBRTC_BASE_NSSSTREAMADAPTER_H_
Reference in New Issue View Git Blame Copy Permalink