| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 #include "webrtc/base/stringutils.h" | 36 #include "webrtc/base/stringutils.h" |
| 37 #include "webrtc/base/thread.h" | 37 #include "webrtc/base/thread.h" |
| 38 | 38 |
| 39 namespace rtc { | 39 namespace rtc { |
| 40 | 40 |
| 41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) | 41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) |
| 42 #define HAVE_DTLS_SRTP | 42 #define HAVE_DTLS_SRTP |
| 43 #endif | 43 #endif |
| 44 | 44 |
| 45 #ifdef HAVE_DTLS_SRTP | 45 #ifdef HAVE_DTLS_SRTP |
| 46 // SRTP cipher suite table. |internal_name| is used to construct a | 46 // SRTP cipher suite table |
| 47 // colon-separated profile strings which is needed by | |
| 48 // SSL_CTX_set_tlsext_use_srtp(). | |
| 49 struct SrtpCipherMapEntry { | 47 struct SrtpCipherMapEntry { |
| 48 const char* external_name; |
| 50 const char* internal_name; | 49 const char* internal_name; |
| 51 const int id; | |
| 52 }; | 50 }; |
| 53 | 51 |
| 54 // This isn't elegant, but it's better than an external reference | 52 // This isn't elegant, but it's better than an external reference |
| 55 static SrtpCipherMapEntry SrtpCipherMap[] = { | 53 static SrtpCipherMapEntry SrtpCipherMap[] = { |
| 56 {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80}, | 54 {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"}, |
| 57 {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32}, | 55 {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"}, |
| 58 {nullptr, 0}}; | 56 {NULL, NULL}}; |
| 59 #endif | 57 #endif |
| 60 | 58 |
| 61 #ifndef OPENSSL_IS_BORINGSSL | 59 #ifndef OPENSSL_IS_BORINGSSL |
| 62 | 60 |
| 63 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. | 61 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. |
| 64 struct SslCipherMapEntry { | 62 struct SslCipherMapEntry { |
| 65 uint32_t openssl_id; | 63 uint32_t openssl_id; |
| 66 const char* rfc_name; | 64 const char* rfc_name; |
| 67 }; | 65 }; |
| 68 | 66 |
| (...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 343 } | 341 } |
| 344 if (expected_len != digest_len) | 342 if (expected_len != digest_len) |
| 345 return false; | 343 return false; |
| 346 | 344 |
| 347 peer_certificate_digest_value_.SetData(digest_val, digest_len); | 345 peer_certificate_digest_value_.SetData(digest_val, digest_len); |
| 348 peer_certificate_digest_algorithm_ = digest_alg; | 346 peer_certificate_digest_algorithm_ = digest_alg; |
| 349 | 347 |
| 350 return true; | 348 return true; |
| 351 } | 349 } |
| 352 | 350 |
| 353 std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) { | 351 std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) { |
| 354 #ifdef OPENSSL_IS_BORINGSSL | 352 #ifdef OPENSSL_IS_BORINGSSL |
| 355 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite); | 353 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); |
| 356 if (!ssl_cipher) { | 354 if (!ssl_cipher) { |
| 357 return std::string(); | 355 return std::string(); |
| 358 } | 356 } |
| 359 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); | 357 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); |
| 360 std::string rfc_name = std::string(cipher_name); | 358 std::string rfc_name = std::string(cipher_name); |
| 361 OPENSSL_free(cipher_name); | 359 OPENSSL_free(cipher_name); |
| 362 return rfc_name; | 360 return rfc_name; |
| 363 #else | 361 #else |
| 364 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; | 362 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; |
| 365 ++entry) { | 363 ++entry) { |
| 366 if (cipher_suite == entry->openssl_id) { | 364 if (cipher == entry->openssl_id) { |
| 367 return entry->rfc_name; | 365 return entry->rfc_name; |
| 368 } | 366 } |
| 369 } | 367 } |
| 370 return std::string(); | 368 return std::string(); |
| 371 #endif | 369 #endif |
| 372 } | 370 } |
| 373 | 371 |
| 374 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) { | 372 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) { |
| 375 if (state_ != SSL_CONNECTED) | 373 if (state_ != SSL_CONNECTED) |
| 376 return false; | 374 return false; |
| 377 | 375 |
| 378 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); | 376 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); |
| 379 if (current_cipher == NULL) { | 377 if (current_cipher == NULL) { |
| 380 return false; | 378 return false; |
| 381 } | 379 } |
| 382 | 380 |
| 383 *cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); | 381 *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); |
| 384 return true; | 382 return true; |
| 385 } | 383 } |
| 386 | 384 |
| 387 // Key Extractor interface | 385 // Key Extractor interface |
| 388 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, | 386 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, |
| 389 const uint8_t* context, | 387 const uint8_t* context, |
| 390 size_t context_len, | 388 size_t context_len, |
| 391 bool use_context, | 389 bool use_context, |
| 392 uint8_t* result, | 390 uint8_t* result, |
| 393 size_t result_len) { | 391 size_t result_len) { |
| 394 #ifdef HAVE_DTLS_SRTP | 392 #ifdef HAVE_DTLS_SRTP |
| 395 int i; | 393 int i; |
| 396 | 394 |
| 397 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), | 395 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), |
| 398 label.length(), const_cast<uint8_t*>(context), | 396 label.length(), const_cast<uint8_t*>(context), |
| 399 context_len, use_context); | 397 context_len, use_context); |
| 400 | 398 |
| 401 if (i != 1) | 399 if (i != 1) |
| 402 return false; | 400 return false; |
| 403 | 401 |
| 404 return true; | 402 return true; |
| 405 #else | 403 #else |
| 406 return false; | 404 return false; |
| 407 #endif | 405 #endif |
| 408 } | 406 } |
| 409 | 407 |
| 410 bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites( | 408 bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers( |
| 411 const std::vector<int>& ciphers) { | 409 const std::vector<std::string>& ciphers) { |
| 412 #ifdef HAVE_DTLS_SRTP | 410 #ifdef HAVE_DTLS_SRTP |
| 413 std::string internal_ciphers; | 411 std::string internal_ciphers; |
| 414 | 412 |
| 415 if (state_ != SSL_NONE) | 413 if (state_ != SSL_NONE) |
| 416 return false; | 414 return false; |
| 417 | 415 |
| 418 for (std::vector<int>::const_iterator cipher = ciphers.begin(); | 416 for (std::vector<std::string>::const_iterator cipher = ciphers.begin(); |
| 419 cipher != ciphers.end(); ++cipher) { | 417 cipher != ciphers.end(); ++cipher) { |
| 420 bool found = false; | 418 bool found = false; |
| 421 for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name; | 419 for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name; |
| 422 ++entry) { | 420 ++entry) { |
| 423 if (*cipher == entry->id) { | 421 if (*cipher == entry->external_name) { |
| 424 found = true; | 422 found = true; |
| 425 if (!internal_ciphers.empty()) | 423 if (!internal_ciphers.empty()) |
| 426 internal_ciphers += ":"; | 424 internal_ciphers += ":"; |
| 427 internal_ciphers += entry->internal_name; | 425 internal_ciphers += entry->internal_name; |
| 428 break; | 426 break; |
| 429 } | 427 } |
| 430 } | 428 } |
| 431 | 429 |
| 432 if (!found) { | 430 if (!found) { |
| 433 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; | 431 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; |
| 434 return false; | 432 return false; |
| 435 } | 433 } |
| 436 } | 434 } |
| 437 | 435 |
| 438 if (internal_ciphers.empty()) | 436 if (internal_ciphers.empty()) |
| 439 return false; | 437 return false; |
| 440 | 438 |
| 441 srtp_ciphers_ = internal_ciphers; | 439 srtp_ciphers_ = internal_ciphers; |
| 442 return true; | 440 return true; |
| 443 #else | 441 #else |
| 444 return false; | 442 return false; |
| 445 #endif | 443 #endif |
| 446 } | 444 } |
| 447 | 445 |
| 448 bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) { | 446 bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) { |
| 449 #ifdef HAVE_DTLS_SRTP | 447 #ifdef HAVE_DTLS_SRTP |
| 450 ASSERT(state_ == SSL_CONNECTED); | 448 ASSERT(state_ == SSL_CONNECTED); |
| 451 if (state_ != SSL_CONNECTED) | 449 if (state_ != SSL_CONNECTED) |
| 452 return false; | 450 return false; |
| 453 | 451 |
| 454 const SRTP_PROTECTION_PROFILE *srtp_profile = | 452 const SRTP_PROTECTION_PROFILE *srtp_profile = |
| 455 SSL_get_selected_srtp_profile(ssl_); | 453 SSL_get_selected_srtp_profile(ssl_); |
| 456 | 454 |
| 457 if (!srtp_profile) | 455 if (!srtp_profile) |
| 458 return false; | 456 return false; |
| 459 | 457 |
| 460 *crypto_suite = srtp_profile->id; | 458 for (SrtpCipherMapEntry *entry = SrtpCipherMap; |
| 461 ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty()); | 459 entry->internal_name; ++entry) { |
| 462 return true; | 460 if (!strcmp(entry->internal_name, srtp_profile->name)) { |
| 461 *cipher = entry->external_name; |
| 462 return true; |
| 463 } |
| 464 } |
| 465 |
| 466 ASSERT(false); // This should never happen |
| 467 |
| 468 return false; |
| 463 #else | 469 #else |
| 464 return false; | 470 return false; |
| 465 #endif | 471 #endif |
| 466 } | 472 } |
| 467 | 473 |
| 468 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { | 474 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { |
| 469 ASSERT(server_name != NULL && server_name[0] != '\0'); | 475 ASSERT(server_name != NULL && server_name[0] != '\0'); |
| 470 ssl_server_name_ = server_name; | 476 ssl_server_name_ = server_name; |
| 471 return StartSSL(); | 477 return StartSSL(); |
| 472 } | 478 } |
| (...skipping 688 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1161 } | 1167 } |
| 1162 } else { | 1168 } else { |
| 1163 RTC_NOTREACHED(); | 1169 RTC_NOTREACHED(); |
| 1164 return kDefaultSslEcCipher12; | 1170 return kDefaultSslEcCipher12; |
| 1165 } | 1171 } |
| 1166 } | 1172 } |
| 1167 | 1173 |
| 1168 } // namespace rtc | 1174 } // namespace rtc |
| 1169 | 1175 |
| 1170 #endif // HAVE_OPENSSL_SSL_H | 1176 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1455233005:
Revert of Convert internal representation of Srtp cryptos from string to int. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc@master