a54daf162f
Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class
that only handles SRTP configuration to a more generic structure that can be
used and extended for all per peer connection CryptoOptions that can be on a
given PeerConnection.
Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be
accessed as crypto_options.srtp.whatever_option_name. This is more inline with
other structures we have in WebRTC such as VideoConfig. As additional features
are added over time this will allow the structure to remain compartmentalized
and concerned components can only request a subset of the overall configuration
structure e.g:
void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config);
In addition to this it made little sense for sslstreamadapter.h to hold all
Srtp related configuration options. The header has become loo large and takes on
too many responsibilities and spilting this up will lead to more maintainable
code going forward.
This will be used in a future CL to enable configuration options for the newly
supported Frame Crypto.
Reland Fix:
- cryptooptions.h - now has enable_aes128_sha1_32_crypto_cipher as an optional
root level configuration.
- peerconnectionfactory - If this optional is set will now overwrite the
underyling value.
This along with the other field will be deprecated once dependent projects
are updated.
TBR=sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org
Bug: webrtc:9681
Change-Id: Iaa6b741baafb85d352e42f54226119f19d97151d
Reviewed-on: https://webrtc-review.googlesource.com/c/105560
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Emad Omara <emadomara@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25135}
117 lines
3.9 KiB
C++
117 lines
3.9 KiB
C++
/*
|
|
* Copyright 2016 The WebRTC Project Authors. All rights reserved.
|
|
*
|
|
* Use of this source code is governed by a BSD-style license
|
|
* that can be found in the LICENSE file in the root of the source
|
|
* tree. An additional intellectual property rights grant can be found
|
|
* in the file PATENTS. All contributing project authors may
|
|
* be found in the AUTHORS file in the root of the source tree.
|
|
*/
|
|
|
|
#ifndef P2P_BASE_DTLSTRANSPORTINTERNAL_H_
|
|
#define P2P_BASE_DTLSTRANSPORTINTERNAL_H_
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include "api/crypto/cryptooptions.h"
|
|
#include "p2p/base/icetransportinternal.h"
|
|
#include "p2p/base/packettransportinternal.h"
|
|
#include "rtc_base/sslstreamadapter.h"
|
|
|
|
namespace cricket {
|
|
|
|
enum DtlsTransportState {
|
|
// Haven't started negotiating.
|
|
DTLS_TRANSPORT_NEW = 0,
|
|
// Have started negotiating.
|
|
DTLS_TRANSPORT_CONNECTING,
|
|
// Negotiated, and has a secure connection.
|
|
DTLS_TRANSPORT_CONNECTED,
|
|
// Transport is closed.
|
|
DTLS_TRANSPORT_CLOSED,
|
|
// Failed due to some error in the handshake process.
|
|
DTLS_TRANSPORT_FAILED,
|
|
};
|
|
|
|
enum PacketFlags {
|
|
PF_NORMAL = 0x00, // A normal packet.
|
|
PF_SRTP_BYPASS = 0x01, // An encrypted SRTP packet; bypass any additional
|
|
// crypto provided by the transport (e.g. DTLS)
|
|
};
|
|
|
|
// DtlsTransportInternal is an internal interface that does DTLS, also
|
|
// negotiating SRTP crypto suites so that it may be used for DTLS-SRTP.
|
|
//
|
|
// Once the public interface is supported,
|
|
// (https://www.w3.org/TR/webrtc/#rtcdtlstransport-interface)
|
|
// the DtlsTransportInterface will be split from this class.
|
|
class DtlsTransportInternal : public rtc::PacketTransportInternal {
|
|
public:
|
|
~DtlsTransportInternal() override;
|
|
|
|
virtual const webrtc::CryptoOptions& crypto_options() const = 0;
|
|
|
|
virtual DtlsTransportState dtls_state() const = 0;
|
|
|
|
virtual int component() const = 0;
|
|
|
|
virtual bool IsDtlsActive() const = 0;
|
|
|
|
virtual bool GetDtlsRole(rtc::SSLRole* role) const = 0;
|
|
|
|
virtual bool SetDtlsRole(rtc::SSLRole role) = 0;
|
|
|
|
// Finds out which DTLS-SRTP cipher was negotiated.
|
|
// TODO(zhihuang): Remove this once all dependencies implement this.
|
|
virtual bool GetSrtpCryptoSuite(int* cipher) = 0;
|
|
|
|
// Finds out which DTLS cipher was negotiated.
|
|
// TODO(zhihuang): Remove this once all dependencies implement this.
|
|
virtual bool GetSslCipherSuite(int* cipher) = 0;
|
|
|
|
// Gets the local RTCCertificate used for DTLS.
|
|
virtual rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate()
|
|
const = 0;
|
|
|
|
virtual bool SetLocalCertificate(
|
|
const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) = 0;
|
|
|
|
// Gets a copy of the remote side's SSL certificate chain.
|
|
virtual std::unique_ptr<rtc::SSLCertChain> GetRemoteSSLCertChain() const = 0;
|
|
|
|
// Allows key material to be extracted for external encryption.
|
|
virtual bool ExportKeyingMaterial(const std::string& label,
|
|
const uint8_t* context,
|
|
size_t context_len,
|
|
bool use_context,
|
|
uint8_t* result,
|
|
size_t result_len) = 0;
|
|
|
|
// Set DTLS remote fingerprint. Must be after local identity set.
|
|
virtual bool SetRemoteFingerprint(const std::string& digest_alg,
|
|
const uint8_t* digest,
|
|
size_t digest_len) = 0;
|
|
|
|
virtual bool SetSslMaxProtocolVersion(rtc::SSLProtocolVersion version) = 0;
|
|
|
|
// Expose the underneath IceTransport.
|
|
virtual IceTransportInternal* ice_transport() = 0;
|
|
|
|
sigslot::signal2<DtlsTransportInternal*, DtlsTransportState> SignalDtlsState;
|
|
|
|
// Emitted whenever the Dtls handshake failed on some transport channel.
|
|
sigslot::signal1<rtc::SSLHandshakeError> SignalDtlsHandshakeError;
|
|
|
|
protected:
|
|
DtlsTransportInternal();
|
|
|
|
private:
|
|
RTC_DISALLOW_COPY_AND_ASSIGN(DtlsTransportInternal);
|
|
};
|
|
|
|
} // namespace cricket
|
|
|
|
#endif // P2P_BASE_DTLSTRANSPORTINTERNAL_H_
|