| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 #include "webrtc/base/stringutils.h" | 36 #include "webrtc/base/stringutils.h" |
| 37 #include "webrtc/base/thread.h" | 37 #include "webrtc/base/thread.h" |
| 38 | 38 |
| 39 namespace rtc { | 39 namespace rtc { |
| 40 | 40 |
| 41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) | 41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) |
| 42 #define HAVE_DTLS_SRTP | 42 #define HAVE_DTLS_SRTP |
| 43 #endif | 43 #endif |
| 44 | 44 |
| 45 #ifdef HAVE_DTLS_SRTP | 45 #ifdef HAVE_DTLS_SRTP |
| 46 // SRTP cipher suite table | 46 // SRTP cipher suite table. |internal_name| is used to construct a |
| 47 // colon-separated profile strings which is needed by |
| 48 // SSL_CTX_set_tlsext_use_srtp(). |
| 47 struct SrtpCipherMapEntry { | 49 struct SrtpCipherMapEntry { |
| 48 const char* external_name; | |
| 49 const char* internal_name; | 50 const char* internal_name; |
| 51 const int id; |
| 50 }; | 52 }; |
| 51 | 53 |
| 52 // This isn't elegant, but it's better than an external reference | 54 // This isn't elegant, but it's better than an external reference |
| 53 static SrtpCipherMapEntry SrtpCipherMap[] = { | 55 static SrtpCipherMapEntry SrtpCipherMap[] = { |
| 54 {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"}, | 56 {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80}, |
| 55 {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"}, | 57 {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32}, |
| 56 {NULL, NULL}}; | 58 {nullptr, 0}}; |
| 57 #endif | 59 #endif |
| 58 | 60 |
| 59 #ifndef OPENSSL_IS_BORINGSSL | 61 #ifndef OPENSSL_IS_BORINGSSL |
| 60 | 62 |
| 61 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. | 63 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. |
| 62 struct SslCipherMapEntry { | 64 struct SslCipherMapEntry { |
| 63 uint32_t openssl_id; | 65 uint32_t openssl_id; |
| 64 const char* rfc_name; | 66 const char* rfc_name; |
| 65 }; | 67 }; |
| 66 | 68 |
| (...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 } | 343 } |
| 342 if (expected_len != digest_len) | 344 if (expected_len != digest_len) |
| 343 return false; | 345 return false; |
| 344 | 346 |
| 345 peer_certificate_digest_value_.SetData(digest_val, digest_len); | 347 peer_certificate_digest_value_.SetData(digest_val, digest_len); |
| 346 peer_certificate_digest_algorithm_ = digest_alg; | 348 peer_certificate_digest_algorithm_ = digest_alg; |
| 347 | 349 |
| 348 return true; | 350 return true; |
| 349 } | 351 } |
| 350 | 352 |
| 351 std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) { | 353 std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) { |
| 352 #ifdef OPENSSL_IS_BORINGSSL | 354 #ifdef OPENSSL_IS_BORINGSSL |
| 353 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); | 355 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite); |
| 354 if (!ssl_cipher) { | 356 if (!ssl_cipher) { |
| 355 return std::string(); | 357 return std::string(); |
| 356 } | 358 } |
| 357 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); | 359 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); |
| 358 std::string rfc_name = std::string(cipher_name); | 360 std::string rfc_name = std::string(cipher_name); |
| 359 OPENSSL_free(cipher_name); | 361 OPENSSL_free(cipher_name); |
| 360 return rfc_name; | 362 return rfc_name; |
| 361 #else | 363 #else |
| 362 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; | 364 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; |
| 363 ++entry) { | 365 ++entry) { |
| 364 if (cipher == entry->openssl_id) { | 366 if (cipher_suite == entry->openssl_id) { |
| 365 return entry->rfc_name; | 367 return entry->rfc_name; |
| 366 } | 368 } |
| 367 } | 369 } |
| 368 return std::string(); | 370 return std::string(); |
| 369 #endif | 371 #endif |
| 370 } | 372 } |
| 371 | 373 |
| 372 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) { | 374 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) { |
| 373 if (state_ != SSL_CONNECTED) | 375 if (state_ != SSL_CONNECTED) |
| 374 return false; | 376 return false; |
| 375 | 377 |
| 376 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); | 378 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); |
| 377 if (current_cipher == NULL) { | 379 if (current_cipher == NULL) { |
| 378 return false; | 380 return false; |
| 379 } | 381 } |
| 380 | 382 |
| 381 *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); | 383 *cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); |
| 382 return true; | 384 return true; |
| 383 } | 385 } |
| 384 | 386 |
| 385 // Key Extractor interface | 387 // Key Extractor interface |
| 386 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, | 388 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, |
| 387 const uint8_t* context, | 389 const uint8_t* context, |
| 388 size_t context_len, | 390 size_t context_len, |
| 389 bool use_context, | 391 bool use_context, |
| 390 uint8_t* result, | 392 uint8_t* result, |
| 391 size_t result_len) { | 393 size_t result_len) { |
| 392 #ifdef HAVE_DTLS_SRTP | 394 #ifdef HAVE_DTLS_SRTP |
| 393 int i; | 395 int i; |
| 394 | 396 |
| 395 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), | 397 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), |
| 396 label.length(), const_cast<uint8_t*>(context), | 398 label.length(), const_cast<uint8_t*>(context), |
| 397 context_len, use_context); | 399 context_len, use_context); |
| 398 | 400 |
| 399 if (i != 1) | 401 if (i != 1) |
| 400 return false; | 402 return false; |
| 401 | 403 |
| 402 return true; | 404 return true; |
| 403 #else | 405 #else |
| 404 return false; | 406 return false; |
| 405 #endif | 407 #endif |
| 406 } | 408 } |
| 407 | 409 |
| 408 bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers( | 410 bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites( |
| 409 const std::vector<std::string>& ciphers) { | 411 const std::vector<int>& ciphers) { |
| 410 #ifdef HAVE_DTLS_SRTP | 412 #ifdef HAVE_DTLS_SRTP |
| 411 std::string internal_ciphers; | 413 std::string internal_ciphers; |
| 412 | 414 |
| 413 if (state_ != SSL_NONE) | 415 if (state_ != SSL_NONE) |
| 414 return false; | 416 return false; |
| 415 | 417 |
| 416 for (std::vector<std::string>::const_iterator cipher = ciphers.begin(); | 418 for (std::vector<int>::const_iterator cipher = ciphers.begin(); |
| 417 cipher != ciphers.end(); ++cipher) { | 419 cipher != ciphers.end(); ++cipher) { |
| 418 bool found = false; | 420 bool found = false; |
| 419 for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name; | 421 for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name; |
| 420 ++entry) { | 422 ++entry) { |
| 421 if (*cipher == entry->external_name) { | 423 if (*cipher == entry->id) { |
| 422 found = true; | 424 found = true; |
| 423 if (!internal_ciphers.empty()) | 425 if (!internal_ciphers.empty()) |
| 424 internal_ciphers += ":"; | 426 internal_ciphers += ":"; |
| 425 internal_ciphers += entry->internal_name; | 427 internal_ciphers += entry->internal_name; |
| 426 break; | 428 break; |
| 427 } | 429 } |
| 428 } | 430 } |
| 429 | 431 |
| 430 if (!found) { | 432 if (!found) { |
| 431 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; | 433 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; |
| 432 return false; | 434 return false; |
| 433 } | 435 } |
| 434 } | 436 } |
| 435 | 437 |
| 436 if (internal_ciphers.empty()) | 438 if (internal_ciphers.empty()) |
| 437 return false; | 439 return false; |
| 438 | 440 |
| 439 srtp_ciphers_ = internal_ciphers; | 441 srtp_ciphers_ = internal_ciphers; |
| 440 return true; | 442 return true; |
| 441 #else | 443 #else |
| 442 return false; | 444 return false; |
| 443 #endif | 445 #endif |
| 444 } | 446 } |
| 445 | 447 |
| 446 bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) { | 448 bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) { |
| 447 #ifdef HAVE_DTLS_SRTP | 449 #ifdef HAVE_DTLS_SRTP |
| 448 ASSERT(state_ == SSL_CONNECTED); | 450 ASSERT(state_ == SSL_CONNECTED); |
| 449 if (state_ != SSL_CONNECTED) | 451 if (state_ != SSL_CONNECTED) |
| 450 return false; | 452 return false; |
| 451 | 453 |
| 452 const SRTP_PROTECTION_PROFILE *srtp_profile = | 454 const SRTP_PROTECTION_PROFILE *srtp_profile = |
| 453 SSL_get_selected_srtp_profile(ssl_); | 455 SSL_get_selected_srtp_profile(ssl_); |
| 454 | 456 |
| 455 if (!srtp_profile) | 457 if (!srtp_profile) |
| 456 return false; | 458 return false; |
| 457 | 459 |
| 458 for (SrtpCipherMapEntry *entry = SrtpCipherMap; | 460 *crypto_suite = srtp_profile->id; |
| 459 entry->internal_name; ++entry) { | 461 ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty()); |
| 460 if (!strcmp(entry->internal_name, srtp_profile->name)) { | 462 return true; |
| 461 *cipher = entry->external_name; | |
| 462 return true; | |
| 463 } | |
| 464 } | |
| 465 | |
| 466 ASSERT(false); // This should never happen | |
| 467 | |
| 468 return false; | |
| 469 #else | 463 #else |
| 470 return false; | 464 return false; |
| 471 #endif | 465 #endif |
| 472 } | 466 } |
| 473 | 467 |
| 474 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { | 468 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { |
| 475 ASSERT(server_name != NULL && server_name[0] != '\0'); | 469 ASSERT(server_name != NULL && server_name[0] != '\0'); |
| 476 ssl_server_name_ = server_name; | 470 ssl_server_name_ = server_name; |
| 477 return StartSSL(); | 471 return StartSSL(); |
| 478 } | 472 } |
| (...skipping 688 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1167 } | 1161 } |
| 1168 } else { | 1162 } else { |
| 1169 RTC_NOTREACHED(); | 1163 RTC_NOTREACHED(); |
| 1170 return kDefaultSslEcCipher12; | 1164 return kDefaultSslEcCipher12; |
| 1171 } | 1165 } |
| 1172 } | 1166 } |
| 1173 | 1167 |
| 1174 } // namespace rtc | 1168 } // namespace rtc |
| 1175 | 1169 |
| 1176 #endif // HAVE_OPENSSL_SSL_H | 1170 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1416673006:
Convert internal representation of Srtp cryptos from string to int. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc@master