OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
44 | 44 |
45 #ifdef HAVE_DTLS_SRTP | 45 #ifdef HAVE_DTLS_SRTP |
46 // SRTP cipher suite table | 46 // SRTP cipher suite table |
47 struct SrtpCipherMapEntry { | 47 struct SrtpCipherMapEntry { |
48 const char* external_name; | 48 const char* external_name; |
49 const char* internal_name; | 49 const char* internal_name; |
50 }; | 50 }; |
51 | 51 |
52 // This isn't elegant, but it's better than an external reference | 52 // This isn't elegant, but it's better than an external reference |
53 static SrtpCipherMapEntry SrtpCipherMap[] = { | 53 static SrtpCipherMapEntry SrtpCipherMap[] = { |
54 {"AES_CM_128_HMAC_SHA1_80", "SRTP_AES128_CM_SHA1_80"}, | 54 {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"}, |
55 {"AES_CM_128_HMAC_SHA1_32", "SRTP_AES128_CM_SHA1_32"}, | 55 {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"}, |
56 {NULL, NULL} | 56 {NULL, NULL}}; |
57 }; | |
58 #endif | 57 #endif |
59 | 58 |
60 #ifndef OPENSSL_IS_BORINGSSL | 59 #ifndef OPENSSL_IS_BORINGSSL |
60 | |
61 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. | 61 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. |
62 struct SslCipherMapEntry { | 62 struct SslCipherMapEntry { |
63 uint32_t openssl_id; | 63 uint32_t openssl_id; |
64 const char* rfc_name; | 64 const char* rfc_name; |
65 }; | 65 }; |
66 | 66 |
67 #define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name} | 67 #define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name} |
68 #define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name} | 68 #define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name} |
69 | 69 |
70 // There currently is no method available to get a RFC-compliant name for a | 70 // There currently is no method available to get a RFC-compliant name for a |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
134 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), | 134 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), |
135 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256), | 135 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256), |
136 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384), | 136 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384), |
137 | 137 |
138 {0, NULL} | 138 {0, NULL} |
139 }; | 139 }; |
140 #endif // #ifndef OPENSSL_IS_BORINGSSL | 140 #endif // #ifndef OPENSSL_IS_BORINGSSL |
141 | 141 |
142 // Default cipher used between OpenSSL/BoringSSL stream adapters. | 142 // Default cipher used between OpenSSL/BoringSSL stream adapters. |
143 // This needs to be updated when the default of the SSL library changes. | 143 // This needs to be updated when the default of the SSL library changes. |
144 static const char kDefaultSslCipher10[] = | 144 static uint16_t kDefaultSslCipher10 = |
145 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; | 145 0xC014; // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
146 static const char kDefaultSslEcCipher10[] = | 146 static uint16_t kDefaultSslEcCipher10 = |
147 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; | 147 0xC00A; // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
pthatcher1
2015/09/29 22:25:16
Can we have a some named constants rather than mag
guoweis_webrtc
2015/09/30 04:09:46
Do you mean simply change "static unit16_t" to #de
pthatcher1
2015/09/30 05:46:22
I mean like
static uint16_t kDefaultSslCipher10 =
guoweis_webrtc
2015/09/30 17:41:55
Done.
| |
148 | 148 |
149 #ifdef OPENSSL_IS_BORINGSSL | 149 #ifdef OPENSSL_IS_BORINGSSL |
150 static const char kDefaultSslCipher12[] = | 150 static uint16_t kDefaultSslCipher12 = |
151 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; | 151 0xC02F; // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
152 static const char kDefaultSslEcCipher12[] = | 152 static uint16_t kDefaultSslEcCipher12 = |
153 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; | 153 0xC02B; // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
154 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. | 154 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. |
155 static const char kDefaultSslCipher12NoAesGcm[] = | 155 static uint16_t kDefaultSslCipher12NoAesGcm = |
156 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; | 156 0xCC13; // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
157 static const char kDefaultSslEcCipher12NoAesGcm[] = | 157 static uint16_t kDefaultSslEcCipher12NoAesGcm = |
158 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; | 158 0xCC14; // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
159 #else // !OPENSSL_IS_BORINGSSL | 159 #else // !OPENSSL_IS_BORINGSSL |
160 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't | 160 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't |
161 // change between TLS 1.0 and TLS 1.2 with the current setup. | 161 // change between TLS 1.0 and TLS 1.2 with the current setup. |
162 static const char kDefaultSslCipher12[] = | 162 static uint16_t kDefaultSslCipher12 = |
163 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; | 163 0xC014; // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
164 static const char kDefaultSslEcCipher12[] = | 164 static uint16_t kDefaultSslEcCipher12 = |
165 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; | 165 0xC00A; // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
166 #endif | 166 #endif |
167 | 167 |
168 ////////////////////////////////////////////////////////////////////// | 168 ////////////////////////////////////////////////////////////////////// |
169 // StreamBIO | 169 // StreamBIO |
170 ////////////////////////////////////////////////////////////////////// | 170 ////////////////////////////////////////////////////////////////////// |
171 | 171 |
172 static int stream_write(BIO* h, const char* buf, int num); | 172 static int stream_write(BIO* h, const char* buf, int num); |
173 static int stream_read(BIO* h, char* buf, int size); | 173 static int stream_read(BIO* h, char* buf, int size); |
174 static int stream_puts(BIO* h, const char* str); | 174 static int stream_puts(BIO* h, const char* str); |
175 static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2); | 175 static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2); |
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
331 } | 331 } |
332 if (expected_len != digest_len) | 332 if (expected_len != digest_len) |
333 return false; | 333 return false; |
334 | 334 |
335 peer_certificate_digest_value_.SetData(digest_val, digest_len); | 335 peer_certificate_digest_value_.SetData(digest_val, digest_len); |
336 peer_certificate_digest_algorithm_ = digest_alg; | 336 peer_certificate_digest_algorithm_ = digest_alg; |
337 | 337 |
338 return true; | 338 return true; |
339 } | 339 } |
340 | 340 |
341 #ifndef OPENSSL_IS_BORINGSSL | 341 std::string OpenSSLStreamAdapter::GetRfcSslCipherName(uint16_t cipher) { |
342 const char* OpenSSLStreamAdapter::GetRfcSslCipherName( | 342 #ifdef OPENSSL_IS_BORINGSSL |
343 const SSL_CIPHER* cipher) { | 343 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); |
344 if (!ssl_cipher) { | |
345 return std::string(); | |
346 } | |
347 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); | |
348 std::string rfc_name = std::string(cipher_name); | |
349 OPENSSL_free(cipher_name); | |
350 return rfc_name; | |
351 #else | |
344 ASSERT(cipher != NULL); | 352 ASSERT(cipher != NULL); |
345 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; | 353 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; |
346 ++entry) { | 354 ++entry) { |
347 if (cipher->id == entry->openssl_id) { | 355 if (cipher->id == entry->openssl_id) { |
348 return entry->rfc_name; | 356 return entry->rfc_name; |
349 } | 357 } |
350 } | 358 } |
351 return NULL; | 359 return std::string(); |
360 #endif | |
352 } | 361 } |
353 #endif | |
354 | 362 |
355 bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { | 363 bool OpenSSLStreamAdapter::GetSslCipher(uint16_t* cipher) { |
356 if (state_ != SSL_CONNECTED) | 364 if (state_ != SSL_CONNECTED) |
357 return false; | 365 return false; |
358 | 366 |
359 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); | 367 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); |
360 if (current_cipher == NULL) { | 368 if (current_cipher == NULL) { |
361 return false; | 369 return false; |
362 } | 370 } |
363 | 371 |
364 #ifdef OPENSSL_IS_BORINGSSL | 372 *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); |
365 char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher); | |
366 #else | |
367 const char* cipher_name = GetRfcSslCipherName(current_cipher); | |
368 #endif | |
369 if (cipher_name == NULL) { | |
370 return false; | |
371 } | |
372 | |
373 *cipher = cipher_name; | |
374 #ifdef OPENSSL_IS_BORINGSSL | |
375 OPENSSL_free(cipher_name); | |
376 #endif | |
377 return true; | 373 return true; |
378 } | 374 } |
379 | 375 |
380 // Key Extractor interface | 376 // Key Extractor interface |
381 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, | 377 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, |
382 const uint8* context, | 378 const uint8* context, |
383 size_t context_len, | 379 size_t context_len, |
384 bool use_context, | 380 bool use_context, |
385 uint8* result, | 381 uint8* result, |
386 size_t result_len) { | 382 size_t result_len) { |
(...skipping 731 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1118 } | 1114 } |
1119 | 1115 |
1120 bool OpenSSLStreamAdapter::HaveExporter() { | 1116 bool OpenSSLStreamAdapter::HaveExporter() { |
1121 #ifdef HAVE_DTLS_SRTP | 1117 #ifdef HAVE_DTLS_SRTP |
1122 return true; | 1118 return true; |
1123 #else | 1119 #else |
1124 return false; | 1120 return false; |
1125 #endif | 1121 #endif |
1126 } | 1122 } |
1127 | 1123 |
1128 std::string OpenSSLStreamAdapter::GetDefaultSslCipher( | 1124 uint16_t OpenSSLStreamAdapter::GetDefaultSslCipherForTest( |
1129 SSLProtocolVersion version, | 1125 SSLProtocolVersion version, |
1130 KeyType key_type) { | 1126 KeyType key_type) { |
1131 if (key_type == KT_RSA) { | 1127 if (key_type == KT_RSA) { |
1132 switch (version) { | 1128 switch (version) { |
1133 case SSL_PROTOCOL_TLS_10: | 1129 case SSL_PROTOCOL_TLS_10: |
1134 case SSL_PROTOCOL_TLS_11: | 1130 case SSL_PROTOCOL_TLS_11: |
1135 return kDefaultSslCipher10; | 1131 return kDefaultSslCipher10; |
1136 case SSL_PROTOCOL_TLS_12: | 1132 case SSL_PROTOCOL_TLS_12: |
1137 default: | 1133 default: |
1138 #ifdef OPENSSL_IS_BORINGSSL | 1134 #ifdef OPENSSL_IS_BORINGSSL |
(...skipping 17 matching lines...) Expand all Loading... | |
1156 if (EVP_has_aes_hardware()) { | 1152 if (EVP_has_aes_hardware()) { |
1157 return kDefaultSslEcCipher12; | 1153 return kDefaultSslEcCipher12; |
1158 } else { | 1154 } else { |
1159 return kDefaultSslEcCipher12NoAesGcm; | 1155 return kDefaultSslEcCipher12NoAesGcm; |
1160 } | 1156 } |
1161 #else // !OPENSSL_IS_BORINGSSL | 1157 #else // !OPENSSL_IS_BORINGSSL |
1162 return kDefaultSslEcCipher12; | 1158 return kDefaultSslEcCipher12; |
1163 #endif | 1159 #endif |
1164 } | 1160 } |
1165 } else { | 1161 } else { |
1166 return std::string(); | 1162 RTC_NOTREACHED(); |
1163 return kDefaultSslEcCipher12; | |
1167 } | 1164 } |
1168 } | 1165 } |
1169 | 1166 |
1170 } // namespace rtc | 1167 } // namespace rtc |
1171 | 1168 |
1172 #endif // HAVE_OPENSSL_SSL_H | 1169 #endif // HAVE_OPENSSL_SSL_H |
OLD | NEW |