OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
13 | 13 |
14 #include <string> | 14 #include <string> |
15 #include <vector> | 15 #include <vector> |
16 | 16 |
17 #include "webrtc/base/stream.h" | 17 #include "webrtc/base/stream.h" |
18 #include "webrtc/base/sslidentity.h" | 18 #include "webrtc/base/sslidentity.h" |
19 | 19 |
20 namespace rtc { | 20 namespace rtc { |
21 | 21 |
22 // Constants for SRTP profiles. | 22 // Constants for SRTP profiles. |
23 const int SRTP_CRYPTO_SUITE_UNSET = 0; | |
juberti
2015/11/17 21:19:08
Would SRTP_INVALID_CRYPTO_SUITE make more sense?
guoweis_webrtc
2015/11/18 19:17:17
Done.
| |
23 const int SRTP_AES128_CM_SHA1_80 = 0x0001; | 24 const int SRTP_AES128_CM_SHA1_80 = 0x0001; |
24 const int SRTP_AES128_CM_SHA1_32 = 0x0002; | 25 const int SRTP_AES128_CM_SHA1_32 = 0x0002; |
25 | 26 |
26 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except | 27 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except |
27 // in applications (voice) where the additional bandwidth may be significant. | 28 // in applications (voice) where the additional bandwidth may be significant. |
28 // A 80-bit HMAC is always used for SRTCP. | 29 // A 80-bit HMAC is always used for SRTCP. |
29 // 128-bit AES with 80-bit SHA-1 HMAC. | 30 // 128-bit AES with 80-bit SHA-1 HMAC. |
30 extern const char CS_AES_CM_128_HMAC_SHA1_80[]; | 31 extern const char CS_AES_CM_128_HMAC_SHA1_80[]; |
31 // 128-bit AES with 32-bit SHA-1 HMAC. | 32 // 128-bit AES with 32-bit SHA-1 HMAC. |
32 extern const char CS_AES_CM_128_HMAC_SHA1_32[]; | 33 extern const char CS_AES_CM_128_HMAC_SHA1_32[]; |
33 | 34 |
34 // Returns the DTLS-SRTP protection profile ID, as defined in | 35 // Given the DTLS-SRTP protection profile ID, as defined in |
35 // https://tools.ietf.org/html/rfc5764#section-4.1.2, for the given SRTP | 36 // https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile |
36 // Crypto-suite, as defined in https://tools.ietf.org/html/rfc4568#section-6.2 | 37 // name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2. |
37 int GetSrtpCryptoSuiteFromName(const std::string& cipher_rfc_name); | 38 std::string SrtpCryptoSuiteToName(int srtp_crypto); |
39 | |
40 // The reverse of above conversion. | |
41 int SrtpCryptoSuiteFromName(const std::string& crypto); | |
38 | 42 |
39 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. | 43 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. |
40 // After SSL has been started, the stream will only open on successful | 44 // After SSL has been started, the stream will only open on successful |
41 // SSL verification of certificates, and the communication is | 45 // SSL verification of certificates, and the communication is |
42 // encrypted of course. | 46 // encrypted of course. |
43 // | 47 // |
44 // This class was written with SSLAdapter as a starting point. It | 48 // This class was written with SSLAdapter as a starting point. It |
45 // offers a similar interface, with two differences: there is no | 49 // offers a similar interface, with two differences: there is no |
46 // support for a restartable SSL connection, and this class has a | 50 // support for a restartable SSL connection, and this class has a |
47 // peer-to-peer mode. | 51 // peer-to-peer mode. |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
145 const unsigned char* digest_val, | 149 const unsigned char* digest_val, |
146 size_t digest_len) = 0; | 150 size_t digest_len) = 0; |
147 | 151 |
148 // Retrieves the peer's X.509 certificate, if a connection has been | 152 // Retrieves the peer's X.509 certificate, if a connection has been |
149 // established. It returns the transmitted over SSL, including the entire | 153 // established. It returns the transmitted over SSL, including the entire |
150 // chain. The returned certificate is owned by the caller. | 154 // chain. The returned certificate is owned by the caller. |
151 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; | 155 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; |
152 | 156 |
153 // Retrieves the IANA registration id of the cipher suite used for the | 157 // Retrieves the IANA registration id of the cipher suite used for the |
154 // connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA"). | 158 // connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA"). |
155 virtual bool GetSslCipherSuite(int* cipher); | 159 virtual bool GetSslCipherSuite(int* cipher_suite); |
156 | 160 |
157 // Key Exporter interface from RFC 5705 | 161 // Key Exporter interface from RFC 5705 |
158 // Arguments are: | 162 // Arguments are: |
159 // label -- the exporter label. | 163 // label -- the exporter label. |
160 // part of the RFC defining each exporter | 164 // part of the RFC defining each exporter |
161 // usage (IN) | 165 // usage (IN) |
162 // context/context_len -- a context to bind to for this connection; | 166 // context/context_len -- a context to bind to for this connection; |
163 // optional, can be NULL, 0 (IN) | 167 // optional, can be NULL, 0 (IN) |
164 // use_context -- whether to use the context value | 168 // use_context -- whether to use the context value |
165 // (needed to distinguish no context from | 169 // (needed to distinguish no context from |
166 // zero-length ones). | 170 // zero-length ones). |
167 // result -- where to put the computed value | 171 // result -- where to put the computed value |
168 // result_len -- the length of the computed value | 172 // result_len -- the length of the computed value |
169 virtual bool ExportKeyingMaterial(const std::string& label, | 173 virtual bool ExportKeyingMaterial(const std::string& label, |
170 const uint8_t* context, | 174 const uint8_t* context, |
171 size_t context_len, | 175 size_t context_len, |
172 bool use_context, | 176 bool use_context, |
173 uint8_t* result, | 177 uint8_t* result, |
174 size_t result_len); | 178 size_t result_len); |
175 | 179 |
176 // DTLS-SRTP interface | 180 // DTLS-SRTP interface |
177 virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers); | 181 virtual bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites); |
178 virtual bool GetDtlsSrtpCipher(std::string* cipher); | 182 virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite); |
179 | 183 |
180 // Capabilities testing | 184 // Capabilities testing |
181 static bool HaveDtls(); | 185 static bool HaveDtls(); |
182 static bool HaveDtlsSrtp(); | 186 static bool HaveDtlsSrtp(); |
183 static bool HaveExporter(); | 187 static bool HaveExporter(); |
184 | 188 |
185 // Returns the default Ssl cipher used between streams of this class | 189 // Returns the default Ssl cipher used between streams of this class |
186 // for the given protocol version. This is used by the unit tests. | 190 // for the given protocol version. This is used by the unit tests. |
187 // TODO(guoweis): Move this away from a static class method. | 191 // TODO(guoweis): Move this away from a static class method. |
188 static int GetDefaultSslCipherForTest(SSLProtocolVersion version, | 192 static int GetDefaultSslCipherForTest(SSLProtocolVersion version, |
189 KeyType key_type); | 193 KeyType key_type); |
190 | 194 |
191 // TODO(guoweis): Move this away from a static class method. Currently this is | 195 // TODO(guoweis): Move this away from a static class method. Currently this is |
192 // introduced such that any caller could depend on sslstreamadapter.h without | 196 // introduced such that any caller could depend on sslstreamadapter.h without |
193 // depending on specific SSL implementation. | 197 // depending on specific SSL implementation. |
194 static std::string GetSslCipherSuiteName(int cipher); | 198 static std::string SslCipherSuiteToName(int cipher_suite); |
195 | 199 |
196 private: | 200 private: |
197 // If true, the server certificate need not match the configured | 201 // If true, the server certificate need not match the configured |
198 // server_name, and in fact missing certificate authority and other | 202 // server_name, and in fact missing certificate authority and other |
199 // verification errors are ignored. | 203 // verification errors are ignored. |
200 bool ignore_bad_cert_; | 204 bool ignore_bad_cert_; |
201 | 205 |
202 // If true (default), the client is required to provide a certificate during | 206 // If true (default), the client is required to provide a certificate during |
203 // handshake. If no certificate is given, handshake fails. This applies to | 207 // handshake. If no certificate is given, handshake fails. This applies to |
204 // server mode only. | 208 // server mode only. |
205 bool client_auth_enabled_; | 209 bool client_auth_enabled_; |
206 }; | 210 }; |
207 | 211 |
208 } // namespace rtc | 212 } // namespace rtc |
209 | 213 |
210 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 214 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
OLD | NEW |