OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
13 | 13 |
14 #include <string> | 14 #include <string> |
15 #include <vector> | 15 #include <vector> |
16 | 16 |
17 #include "webrtc/base/stream.h" | 17 #include "webrtc/base/stream.h" |
18 #include "webrtc/base/sslidentity.h" | 18 #include "webrtc/base/sslidentity.h" |
19 | 19 |
20 namespace rtc { | 20 namespace rtc { |
21 | 21 |
22 // Constants for SRTP profiles. | 22 // Constants for SRTP profiles. |
23 const uint16_t SRTP_AES128_CM_SHA1_80 = 0x0001; | 23 const int SRTP_AES128_CM_SHA1_80 = 0x0001; |
24 const uint16_t SRTP_AES128_CM_SHA1_32 = 0x0002; | 24 const int SRTP_AES128_CM_SHA1_32 = 0x0002; |
25 | 25 |
26 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except | 26 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except |
27 // in applications (voice) where the additional bandwidth may be significant. | 27 // in applications (voice) where the additional bandwidth may be significant. |
28 // A 80-bit HMAC is always used for SRTCP. | 28 // A 80-bit HMAC is always used for SRTCP. |
29 // 128-bit AES with 80-bit SHA-1 HMAC. | 29 // 128-bit AES with 80-bit SHA-1 HMAC. |
30 extern const char CS_AES_CM_128_HMAC_SHA1_80[]; | 30 extern const char CS_AES_CM_128_HMAC_SHA1_80[]; |
31 // 128-bit AES with 32-bit SHA-1 HMAC. | 31 // 128-bit AES with 32-bit SHA-1 HMAC. |
32 extern const char CS_AES_CM_128_HMAC_SHA1_32[]; | 32 extern const char CS_AES_CM_128_HMAC_SHA1_32[]; |
33 | 33 |
34 // Returns the DTLS-SRTP protection profile ID, as defined in | 34 // Returns the DTLS-SRTP protection profile ID, as defined in |
35 // https://tools.ietf.org/html/rfc5764#section-4.1.2, for the given SRTP | 35 // https://tools.ietf.org/html/rfc5764#section-4.1.2, for the given SRTP |
36 // Crypto-suite, as defined in https://tools.ietf.org/html/rfc4568#section-6.2 | 36 // Crypto-suite, as defined in https://tools.ietf.org/html/rfc4568#section-6.2 |
37 uint16_t GetSrtpCryptoSuiteFromName(const std::string& cipher_rfc_name); | 37 int GetSrtpCryptoSuiteFromName(const std::string& cipher_rfc_name); |
38 | 38 |
39 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. | 39 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. |
40 // After SSL has been started, the stream will only open on successful | 40 // After SSL has been started, the stream will only open on successful |
41 // SSL verification of certificates, and the communication is | 41 // SSL verification of certificates, and the communication is |
42 // encrypted of course. | 42 // encrypted of course. |
43 // | 43 // |
44 // This class was written with SSLAdapter as a starting point. It | 44 // This class was written with SSLAdapter as a starting point. It |
45 // offers a similar interface, with two differences: there is no | 45 // offers a similar interface, with two differences: there is no |
46 // support for a restartable SSL connection, and this class has a | 46 // support for a restartable SSL connection, and this class has a |
47 // peer-to-peer mode. | 47 // peer-to-peer mode. |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
145 const unsigned char* digest_val, | 145 const unsigned char* digest_val, |
146 size_t digest_len) = 0; | 146 size_t digest_len) = 0; |
147 | 147 |
148 // Retrieves the peer's X.509 certificate, if a connection has been | 148 // Retrieves the peer's X.509 certificate, if a connection has been |
149 // established. It returns the transmitted over SSL, including the entire | 149 // established. It returns the transmitted over SSL, including the entire |
150 // chain. The returned certificate is owned by the caller. | 150 // chain. The returned certificate is owned by the caller. |
151 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; | 151 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; |
152 | 152 |
153 // Retrieves the IANA registration id of the cipher suite used for the | 153 // Retrieves the IANA registration id of the cipher suite used for the |
154 // connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA"). | 154 // connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA"). |
155 virtual bool GetSslCipherSuite(uint16_t* cipher); | 155 virtual bool GetSslCipherSuite(int* cipher); |
156 | 156 |
157 // Key Exporter interface from RFC 5705 | 157 // Key Exporter interface from RFC 5705 |
158 // Arguments are: | 158 // Arguments are: |
159 // label -- the exporter label. | 159 // label -- the exporter label. |
160 // part of the RFC defining each exporter | 160 // part of the RFC defining each exporter |
161 // usage (IN) | 161 // usage (IN) |
162 // context/context_len -- a context to bind to for this connection; | 162 // context/context_len -- a context to bind to for this connection; |
163 // optional, can be NULL, 0 (IN) | 163 // optional, can be NULL, 0 (IN) |
164 // use_context -- whether to use the context value | 164 // use_context -- whether to use the context value |
165 // (needed to distinguish no context from | 165 // (needed to distinguish no context from |
(...skipping 12 matching lines...) Expand all Loading... |
178 virtual bool GetDtlsSrtpCipher(std::string* cipher); | 178 virtual bool GetDtlsSrtpCipher(std::string* cipher); |
179 | 179 |
180 // Capabilities testing | 180 // Capabilities testing |
181 static bool HaveDtls(); | 181 static bool HaveDtls(); |
182 static bool HaveDtlsSrtp(); | 182 static bool HaveDtlsSrtp(); |
183 static bool HaveExporter(); | 183 static bool HaveExporter(); |
184 | 184 |
185 // Returns the default Ssl cipher used between streams of this class | 185 // Returns the default Ssl cipher used between streams of this class |
186 // for the given protocol version. This is used by the unit tests. | 186 // for the given protocol version. This is used by the unit tests. |
187 // TODO(guoweis): Move this away from a static class method. | 187 // TODO(guoweis): Move this away from a static class method. |
188 static uint16_t GetDefaultSslCipherForTest(SSLProtocolVersion version, | 188 static int GetDefaultSslCipherForTest(SSLProtocolVersion version, |
189 KeyType key_type); | 189 KeyType key_type); |
190 | 190 |
191 // TODO(guoweis): Move this away from a static class method. Currently this is | 191 // TODO(guoweis): Move this away from a static class method. Currently this is |
192 // introduced such that any caller could depend on sslstreamadapter.h without | 192 // introduced such that any caller could depend on sslstreamadapter.h without |
193 // depending on specific SSL implementation. | 193 // depending on specific SSL implementation. |
194 static std::string GetSslCipherSuiteName(uint16_t cipher); | 194 static std::string GetSslCipherSuiteName(int cipher); |
195 | 195 |
196 private: | 196 private: |
197 // If true, the server certificate need not match the configured | 197 // If true, the server certificate need not match the configured |
198 // server_name, and in fact missing certificate authority and other | 198 // server_name, and in fact missing certificate authority and other |
199 // verification errors are ignored. | 199 // verification errors are ignored. |
200 bool ignore_bad_cert_; | 200 bool ignore_bad_cert_; |
201 | 201 |
202 // If true (default), the client is required to provide a certificate during | 202 // If true (default), the client is required to provide a certificate during |
203 // handshake. If no certificate is given, handshake fails. This applies to | 203 // handshake. If no certificate is given, handshake fails. This applies to |
204 // server mode only. | 204 // server mode only. |
205 bool client_auth_enabled_; | 205 bool client_auth_enabled_; |
206 }; | 206 }; |
207 | 207 |
208 } // namespace rtc | 208 } // namespace rtc |
209 | 209 |
210 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 210 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
OLD | NEW |