OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
13 | 13 |
14 #include <string> | 14 #include <string> |
15 #include <vector> | 15 #include <vector> |
16 | 16 |
17 #include "webrtc/base/stream.h" | 17 #include "webrtc/base/stream.h" |
18 #include "webrtc/base/sslidentity.h" | 18 #include "webrtc/base/sslidentity.h" |
19 | 19 |
20 namespace rtc { | 20 namespace rtc { |
21 | 21 |
22 // This follows https://tools.ietf.org/html/rfc5764#section-4.1.2. | |
Ryan Sleevi
2015/09/28 17:24:17
// DTLS-SRTP protection profiles, as described in
guoweis_webrtc
2015/09/30 04:09:47
Done.
| |
23 enum SrtpCipherType { | |
Ryan Sleevi
2015/09/28 17:24:17
Is this really a Cipher type? According to the RFC
pthatcher1
2015/09/29 22:25:17
In https://tools.ietf.org/html/rfc4568#section-6.2
guoweis_webrtc
2015/09/30 04:09:47
Yes, it should be named cryptos. However, it's con
pthatcher1
2015/09/30 05:46:22
Can you at least name the new enum type you are ad
| |
24 SrtpCipher_Unknown = 0, | |
25 SrtpCipher_AES_CM_128_HMAC_SHA1_80 = 1, | |
26 SrtpCipher_AES_CM_128_HMAC_SHA1_32 = 2, | |
27 SrtpCipher_NULL_HMAC_SHA1_80 = 5, | |
28 SrtpCipher_NULL_HMAC_SHA1_32 = 6, | |
pthatcher1
2015/09/29 22:25:16
Do we actually use these anywhere? If not, can we
guoweis_webrtc
2015/09/30 04:09:47
Done.
| |
29 }; | |
30 | |
31 // Convert SRTP Cipher's RFC names to its ID. TODO(guoweis): Investigate whether | |
32 // there is existing definition already. | |
Ryan Sleevi
2015/09/28 17:24:17
This comment is quite confusing. There's lots of R
pthatcher1
2015/09/29 22:25:16
I agree we should mention both RFCs in the comment
guoweis_webrtc
2015/09/30 04:09:47
Done.
| |
33 SrtpCipherType GetSrtpCipherType(const std::string& cipher_rfc_name); | |
34 | |
35 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except | |
36 // in applications (voice) where the additional bandwidth may be significant. | |
Ryan Sleevi
2015/09/28 17:24:17
The comment starting with "typically" seems to be
pthatcher1
2015/09/29 22:25:16
I think it's more saying how these are typically u
| |
37 // A 80-bit HMAC is always used for SRTCP. | |
38 // 128-bit AES with 80-bit SHA-1 HMAC. | |
39 extern const char CS_AES_CM_128_HMAC_SHA1_80[]; | |
40 // 128-bit AES with 32-bit SHA-1 HMAC. | |
41 extern const char CS_AES_CM_128_HMAC_SHA1_32[]; | |
42 | |
22 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. | 43 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. |
23 // After SSL has been started, the stream will only open on successful | 44 // After SSL has been started, the stream will only open on successful |
24 // SSL verification of certificates, and the communication is | 45 // SSL verification of certificates, and the communication is |
25 // encrypted of course. | 46 // encrypted of course. |
26 // | 47 // |
27 // This class was written with SSLAdapter as a starting point. It | 48 // This class was written with SSLAdapter as a starting point. It |
28 // offers a similar interface, with two differences: there is no | 49 // offers a similar interface, with two differences: there is no |
29 // support for a restartable SSL connection, and this class has a | 50 // support for a restartable SSL connection, and this class has a |
30 // peer-to-peer mode. | 51 // peer-to-peer mode. |
31 // | 52 // |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
128 const unsigned char* digest_val, | 149 const unsigned char* digest_val, |
129 size_t digest_len) = 0; | 150 size_t digest_len) = 0; |
130 | 151 |
131 // Retrieves the peer's X.509 certificate, if a connection has been | 152 // Retrieves the peer's X.509 certificate, if a connection has been |
132 // established. It returns the transmitted over SSL, including the entire | 153 // established. It returns the transmitted over SSL, including the entire |
133 // chain. The returned certificate is owned by the caller. | 154 // chain. The returned certificate is owned by the caller. |
134 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; | 155 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; |
135 | 156 |
136 // Retrieves the name of the cipher suite used for the connection | 157 // Retrieves the name of the cipher suite used for the connection |
137 // (e.g. "TLS_RSA_WITH_AES_128_CBC_SHA"). | 158 // (e.g. "TLS_RSA_WITH_AES_128_CBC_SHA"). |
138 virtual bool GetSslCipher(std::string* cipher); | 159 virtual bool GetSslCipher(uint16_t* cipher); |
139 | 160 |
140 // Key Exporter interface from RFC 5705 | 161 // Key Exporter interface from RFC 5705 |
141 // Arguments are: | 162 // Arguments are: |
142 // label -- the exporter label. | 163 // label -- the exporter label. |
143 // part of the RFC defining each exporter | 164 // part of the RFC defining each exporter |
144 // usage (IN) | 165 // usage (IN) |
145 // context/context_len -- a context to bind to for this connection; | 166 // context/context_len -- a context to bind to for this connection; |
146 // optional, can be NULL, 0 (IN) | 167 // optional, can be NULL, 0 (IN) |
147 // use_context -- whether to use the context value | 168 // use_context -- whether to use the context value |
148 // (needed to distinguish no context from | 169 // (needed to distinguish no context from |
(...skipping 11 matching lines...) Expand all Loading... | |
160 virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers); | 181 virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers); |
161 virtual bool GetDtlsSrtpCipher(std::string* cipher); | 182 virtual bool GetDtlsSrtpCipher(std::string* cipher); |
162 | 183 |
163 // Capabilities testing | 184 // Capabilities testing |
164 static bool HaveDtls(); | 185 static bool HaveDtls(); |
165 static bool HaveDtlsSrtp(); | 186 static bool HaveDtlsSrtp(); |
166 static bool HaveExporter(); | 187 static bool HaveExporter(); |
167 | 188 |
168 // Returns the default Ssl cipher used between streams of this class | 189 // Returns the default Ssl cipher used between streams of this class |
169 // for the given protocol version. This is used by the unit tests. | 190 // for the given protocol version. This is used by the unit tests. |
170 // TODO(torbjorng@webrtc.org): Fix callers to avoid default parameter. | 191 static uint16_t GetDefaultSslCipherForTest(SSLProtocolVersion version, |
171 static std::string GetDefaultSslCipher(SSLProtocolVersion version, | 192 KeyType key_type); |
172 KeyType key_type = KT_DEFAULT); | 193 |
194 static std::string GetRfcSslCipherName(uint16_t cipher); | |
Ryan Sleevi
2015/09/28 17:24:17
DESIGN nit: This is not really for this CL, but th
guoweis_webrtc
2015/09/30 04:09:47
added a TODO.
| |
173 | 195 |
174 private: | 196 private: |
175 // If true, the server certificate need not match the configured | 197 // If true, the server certificate need not match the configured |
176 // server_name, and in fact missing certificate authority and other | 198 // server_name, and in fact missing certificate authority and other |
177 // verification errors are ignored. | 199 // verification errors are ignored. |
178 bool ignore_bad_cert_; | 200 bool ignore_bad_cert_; |
179 | 201 |
180 // If true (default), the client is required to provide a certificate during | 202 // If true (default), the client is required to provide a certificate during |
181 // handshake. If no certificate is given, handshake fails. This applies to | 203 // handshake. If no certificate is given, handshake fails. This applies to |
182 // server mode only. | 204 // server mode only. |
183 bool client_auth_enabled_; | 205 bool client_auth_enabled_; |
184 }; | 206 }; |
185 | 207 |
186 } // namespace rtc | 208 } // namespace rtc |
187 | 209 |
188 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 210 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
OLD | NEW |