admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
webrtc_m130/rtc_base/sslstreamadapter.cc
Oleh Prypin 8f4bc41c42 Revert "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h" 
This reverts commit ac2f3d14e45398930bc35ff05ed7a3b9b617d328.

Reason for revert: Breaks downstream project

Original change's description:
> Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h
> 
> Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class
> that only handles SRTP configuration to a more generic structure that can be
> used and extended for all per peer connection CryptoOptions that can be on a
> given PeerConnection.
> 
> Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be
> accessed as crypto_options.srtp.whatever_option_name. This is more inline with
> other structures we have in WebRTC such as VideoConfig. As additional features
> are added over time this will allow the structure to remain compartmentalized
> and concerned components can only request a subset of the overall configuration
> structure e.g:
> 
> void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config);
> 
> In addition to this it made little sense for sslstreamadapter.h to hold all
> Srtp related configuration options. The header has become loo large and takes on
> too many responsibilities and spilting this up will lead to more maintainable
> code going forward.
> 
> This will be used in a future CL to enable configuration options for the newly
> supported Frame Crypto.
> 
> Change-Id: I99d1be36740c59548c8e62db52d68d738649707f
> Bug: webrtc:9681
> Reviewed-on: https://webrtc-review.googlesource.com/c/105180
> Reviewed-by: Emad Omara <emadomara@webrtc.org>
> Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
> Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
> Reviewed-by: Steve Anton <steveanton@webrtc.org>
> Commit-Queue: Benjamin Wright <benwright@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#25130}

TBR=steveanton@webrtc.org,sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org

Bug: webrtc:9681
Change-Id: Ib0075c477c951b540d4deecb3b0cf8cf86ba0fff
Reviewed-on: https://webrtc-review.googlesource.com/c/105541
Reviewed-by: Oleh Prypin <oprypin@webrtc.org>
Commit-Queue: Oleh Prypin <oprypin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25133}
2018-10-11 21:59:05 +00:00

171 lines
5.7 KiB
C++
Raw Blame History

/*
* Copyright 2004 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#include "rtc_base/sslstreamadapter.h"
#include "rtc_base/opensslstreamadapter.h"
///////////////////////////////////////////////////////////////////////////////
namespace rtc {
// TODO(guoweis): Move this to SDP layer and use int form internally.
// webrtc:5043.
const char CS_AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
const char CS_AES_CM_128_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
const char CS_AEAD_AES_128_GCM[] = "AEAD_AES_128_GCM";
const char CS_AEAD_AES_256_GCM[] = "AEAD_AES_256_GCM";
std::string SrtpCryptoSuiteToName(int crypto_suite) {
switch (crypto_suite) {
case SRTP_AES128_CM_SHA1_32:
return CS_AES_CM_128_HMAC_SHA1_32;
case SRTP_AES128_CM_SHA1_80:
return CS_AES_CM_128_HMAC_SHA1_80;
case SRTP_AEAD_AES_128_GCM:
return CS_AEAD_AES_128_GCM;
case SRTP_AEAD_AES_256_GCM:
return CS_AEAD_AES_256_GCM;
default:
return std::string();
}
}
int SrtpCryptoSuiteFromName(const std::string& crypto_suite) {
if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_32)
return SRTP_AES128_CM_SHA1_32;
if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_80)
return SRTP_AES128_CM_SHA1_80;
if (crypto_suite == CS_AEAD_AES_128_GCM)
return SRTP_AEAD_AES_128_GCM;
if (crypto_suite == CS_AEAD_AES_256_GCM)
return SRTP_AEAD_AES_256_GCM;
return SRTP_INVALID_CRYPTO_SUITE;
}
bool GetSrtpKeyAndSaltLengths(int crypto_suite,
int* key_length,
int* salt_length) {
switch (crypto_suite) {
case SRTP_AES128_CM_SHA1_32:
case SRTP_AES128_CM_SHA1_80:
// SRTP_AES128_CM_HMAC_SHA1_32 and SRTP_AES128_CM_HMAC_SHA1_80 are defined
// in RFC 5764 to use a 128 bits key and 112 bits salt for the cipher.
*key_length = 16;
*salt_length = 14;
break;
case SRTP_AEAD_AES_128_GCM:
// SRTP_AEAD_AES_128_GCM is defined in RFC 7714 to use a 128 bits key and
// a 96 bits salt for the cipher.
*key_length = 16;
*salt_length = 12;
break;
case SRTP_AEAD_AES_256_GCM:
// SRTP_AEAD_AES_256_GCM is defined in RFC 7714 to use a 256 bits key and
// a 96 bits salt for the cipher.
*key_length = 32;
*salt_length = 12;
break;
default:
return false;
}
return true;
}
bool IsGcmCryptoSuite(int crypto_suite) {
return (crypto_suite == SRTP_AEAD_AES_256_GCM ||
crypto_suite == SRTP_AEAD_AES_128_GCM);
}
bool IsGcmCryptoSuiteName(const std::string& crypto_suite) {
return (crypto_suite == CS_AEAD_AES_256_GCM ||
crypto_suite == CS_AEAD_AES_128_GCM);
}
// static
CryptoOptions CryptoOptions::NoGcm() {
CryptoOptions options;
options.enable_gcm_crypto_suites = false;
return options;
}
std::vector<int> GetSupportedDtlsSrtpCryptoSuites(
const rtc::CryptoOptions& crypto_options) {
std::vector<int> crypto_suites;
if (crypto_options.enable_gcm_crypto_suites) {
crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);
crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);
}
// Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by
// draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as
// well, and saves a few bytes per packet if it ends up selected.
// As the cipher suite is potentially insecure, it will only be used if
// enabled by both peers.
if (crypto_options.enable_aes128_sha1_32_crypto_cipher) {
crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);
}
crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);
return crypto_suites;
}
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
return new OpenSSLStreamAdapter(stream);
}
SSLStreamAdapter::SSLStreamAdapter(StreamInterface* stream)
: StreamAdapterInterface(stream),
ignore_bad_cert_(false),
client_auth_enabled_(true) {}
SSLStreamAdapter::~SSLStreamAdapter() {}
bool SSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
return false;
}
bool SSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
const uint8_t* context,
size_t context_len,
bool use_context,
uint8_t* result,
size_t result_len) {
return false; // Default is unsupported
}
bool SSLStreamAdapter::SetDtlsSrtpCryptoSuites(
const std::vector<int>& crypto_suites) {
return false;
}
bool SSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
return false;
}
bool SSLStreamAdapter::IsBoringSsl() {
return OpenSSLStreamAdapter::IsBoringSsl();
}
bool SSLStreamAdapter::IsAcceptableCipher(int cipher, KeyType key_type) {
return OpenSSLStreamAdapter::IsAcceptableCipher(cipher, key_type);
}
bool SSLStreamAdapter::IsAcceptableCipher(const std::string& cipher,
KeyType key_type) {
return OpenSSLStreamAdapter::IsAcceptableCipher(cipher, key_type);
}
std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
return OpenSSLStreamAdapter::SslCipherSuiteToName(cipher_suite);
}
void SSLStreamAdapter::enable_time_callback_for_testing() {
OpenSSLStreamAdapter::enable_time_callback_for_testing();
}
///////////////////////////////////////////////////////////////////////////////
} // namespace rtc
Reference in New Issue View Git Blame Copy Permalink