Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/base/nssstreamadapter.cc

Issue 1189583002: Support generation of EC keys using P256 curve and support ECDSA certs. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: generalize ssl testing code, misc fixes Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « webrtc/base/nssstreamadapter.h ('k') | webrtc/base/opensslidentity.h » ('j') | webrtc/base/opensslstreamadapter.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
61 // This isn't elegant, but it's better than an external reference 61 // This isn't elegant, but it's better than an external reference
62 static const SrtpCipherMapEntry kSrtpCipherMap[] = { 62 static const SrtpCipherMapEntry kSrtpCipherMap[] = {
63 {"AES_CM_128_HMAC_SHA1_80", SRTP_AES128_CM_HMAC_SHA1_80 }, 63 {"AES_CM_128_HMAC_SHA1_80", SRTP_AES128_CM_HMAC_SHA1_80 },
64 {"AES_CM_128_HMAC_SHA1_32", SRTP_AES128_CM_HMAC_SHA1_32 }, 64 {"AES_CM_128_HMAC_SHA1_32", SRTP_AES128_CM_HMAC_SHA1_32 },
65 {NULL, 0} 65 {NULL, 0}
66 }; 66 };
67 #endif 67 #endif
68 68
69 // Ciphers to enable to get ECDHE encryption with endpoints that support it. 69 // Ciphers to enable to get ECDHE encryption with endpoints that support it.
70 static const uint32_t kEnabledCiphers[] = { 70 static const uint32_t kEnabledCiphers[] = {
71 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 71 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
72 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 72 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
73 }; 73 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
74 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256};
74 75
75 // Default cipher used between NSS stream adapters. 76 // Default cipher used between NSS stream adapters.
76 // This needs to be updated when the default of the SSL library changes. 77 // This needs to be updated when the default of the SSL library changes.
77 static const char kDefaultSslCipher10[] = 78 static const char kDefaultSslCipher10[] =
78 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; 79 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
79 static const char kDefaultSslCipher12[] = 80 static const char kDefaultSslCipher12[] =
80 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; 81 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
81 82 static const char kDefaultSslEcCipher10[] =
83 "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
84 static const char kDefaultSslEcCipher12[] =
85 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
82 86
83 // Implementation of NSPR methods 87 // Implementation of NSPR methods
84 static PRStatus StreamClose(PRFileDesc *socket) { 88 static PRStatus StreamClose(PRFileDesc *socket) {
85 ASSERT(!socket->lower); 89 ASSERT(!socket->lower);
86 socket->dtor(socket); 90 socket->dtor(socket);
87 return PR_SUCCESS; 91 return PR_SUCCESS;
88 } 92 }
89 93
90 static PRInt32 StreamRead(PRFileDesc *socket, void *buf, PRInt32 length) { 94 static PRInt32 StreamRead(PRFileDesc *socket, void *buf, PRInt32 length) {
91 StreamInterface *stream = reinterpret_cast<StreamInterface *>(socket->secret); 95 StreamInterface *stream = reinterpret_cast<StreamInterface *>(socket->secret);
(...skipping 396 matching lines...) Expand 10 before | Expand all | Expand 10 after
488 492
489 if (identity_.get()) { 493 if (identity_.get()) {
490 identity = static_cast<NSSIdentity *>(identity_.get()); 494 identity = static_cast<NSSIdentity *>(identity_.get());
491 } else { 495 } else {
492 LOG(LS_ERROR) << "Can't be an SSL server without an identity"; 496 LOG(LS_ERROR) << "Can't be an SSL server without an identity";
493 Error("BeginSSL", -1, false); 497 Error("BeginSSL", -1, false);
494 return -1; 498 return -1;
495 } 499 }
496 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(), 500 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(),
497 identity->keypair()->privkey(), 501 identity->keypair()->privkey(),
498 kt_rsa); 502 identity->keypair()->ssl_kea_type());
499 if (rv != SECSuccess) { 503 if (rv != SECSuccess) {
500 Error("BeginSSL", -1, false); 504 Error("BeginSSL", -1, false);
501 return -1; 505 return -1;
502 } 506 }
503 507
504 // Insist on a certificate from the client 508 // Insist on a certificate from the client
505 rv = SSL_OptionSet(ssl_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE); 509 rv = SSL_OptionSet(ssl_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE);
506 if (rv != SECSuccess) { 510 if (rv != SECSuccess) {
507 Error("BeginSSL", -1, false); 511 Error("BeginSSL", -1, false);
508 return -1; 512 return -1;
(...skipping 577 matching lines...) Expand 10 before | Expand all | Expand 10 after
1086 return true; 1090 return true;
1087 #else 1091 #else
1088 return false; 1092 return false;
1089 #endif 1093 #endif
1090 } 1094 }
1091 1095
1092 bool NSSStreamAdapter::HaveExporter() { 1096 bool NSSStreamAdapter::HaveExporter() {
1093 return true; 1097 return true;
1094 } 1098 }
1095 1099
1096 std::string NSSStreamAdapter::GetDefaultSslCipher(SSLProtocolVersion version) { 1100 std::string NSSStreamAdapter::GetDefaultSslCipher(SSLProtocolVersion version,
1097 switch (version) { 1101 KeyType key_type) {
1098 case SSL_PROTOCOL_TLS_10: 1102 if (key_type == KT_RSA) {
1099 case SSL_PROTOCOL_TLS_11: 1103 switch (version) {
1100 return kDefaultSslCipher10; 1104 case SSL_PROTOCOL_TLS_10:
1101 case SSL_PROTOCOL_TLS_12: 1105 case SSL_PROTOCOL_TLS_11:
1102 default: 1106 return kDefaultSslCipher10;
1103 return kDefaultSslCipher12; 1107 case SSL_PROTOCOL_TLS_12:
1108 default:
1109 return kDefaultSslCipher12;
1110 }
1111 } else if (key_type == KT_ECDSA) {
1112 switch (version) {
1113 case SSL_PROTOCOL_TLS_10:
1114 case SSL_PROTOCOL_TLS_11:
1115 return kDefaultSslEcCipher10;
1116 case SSL_PROTOCOL_TLS_12:
1117 default:
1118 return kDefaultSslEcCipher12;
1119 }
1120 } else {
1121 return nullptr;
juberti1 2015/07/03 03:15:18 nullptr is not a valid string. You can return std:
torbjorng (webrtc) 2015/07/06 10:11:54 Done.
1104 } 1122 }
1105 } 1123 }
1106 1124
1107 } // namespace rtc 1125 } // namespace rtc
1108 1126
1109 #endif // HAVE_NSS_SSL_H 1127 #endif // HAVE_NSS_SSL_H
OLDNEW
« no previous file with comments | « webrtc/base/nssstreamadapter.h ('k') | webrtc/base/opensslidentity.h » ('j') | webrtc/base/opensslstreamadapter.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698