OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 25 matching lines...) Expand all Loading... |
36 #include "webrtc/base/stringutils.h" | 36 #include "webrtc/base/stringutils.h" |
37 #include "webrtc/base/thread.h" | 37 #include "webrtc/base/thread.h" |
38 | 38 |
39 namespace rtc { | 39 namespace rtc { |
40 | 40 |
41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) | 41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) |
42 #define HAVE_DTLS_SRTP | 42 #define HAVE_DTLS_SRTP |
43 #endif | 43 #endif |
44 | 44 |
45 #ifdef HAVE_DTLS_SRTP | 45 #ifdef HAVE_DTLS_SRTP |
46 // SRTP cipher suite table. |internal_name| is used to construct a | 46 // SRTP cipher suite table |
47 // colon-separated profile strings which is needed by | |
48 // SSL_CTX_set_tlsext_use_srtp(). | |
49 struct SrtpCipherMapEntry { | 47 struct SrtpCipherMapEntry { |
| 48 const char* external_name; |
50 const char* internal_name; | 49 const char* internal_name; |
51 const int id; | |
52 }; | 50 }; |
53 | 51 |
54 // This isn't elegant, but it's better than an external reference | 52 // This isn't elegant, but it's better than an external reference |
55 static SrtpCipherMapEntry SrtpCipherMap[] = { | 53 static SrtpCipherMapEntry SrtpCipherMap[] = { |
56 {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80}, | 54 {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"}, |
57 {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32}, | 55 {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"}, |
58 {nullptr, 0}}; | 56 {NULL, NULL}}; |
59 #endif | 57 #endif |
60 | 58 |
61 #ifndef OPENSSL_IS_BORINGSSL | 59 #ifndef OPENSSL_IS_BORINGSSL |
62 | 60 |
63 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. | 61 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. |
64 struct SslCipherMapEntry { | 62 struct SslCipherMapEntry { |
65 uint32_t openssl_id; | 63 uint32_t openssl_id; |
66 const char* rfc_name; | 64 const char* rfc_name; |
67 }; | 65 }; |
68 | 66 |
(...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
343 } | 341 } |
344 if (expected_len != digest_len) | 342 if (expected_len != digest_len) |
345 return false; | 343 return false; |
346 | 344 |
347 peer_certificate_digest_value_.SetData(digest_val, digest_len); | 345 peer_certificate_digest_value_.SetData(digest_val, digest_len); |
348 peer_certificate_digest_algorithm_ = digest_alg; | 346 peer_certificate_digest_algorithm_ = digest_alg; |
349 | 347 |
350 return true; | 348 return true; |
351 } | 349 } |
352 | 350 |
353 std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) { | 351 std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) { |
354 #ifdef OPENSSL_IS_BORINGSSL | 352 #ifdef OPENSSL_IS_BORINGSSL |
355 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite); | 353 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); |
356 if (!ssl_cipher) { | 354 if (!ssl_cipher) { |
357 return std::string(); | 355 return std::string(); |
358 } | 356 } |
359 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); | 357 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); |
360 std::string rfc_name = std::string(cipher_name); | 358 std::string rfc_name = std::string(cipher_name); |
361 OPENSSL_free(cipher_name); | 359 OPENSSL_free(cipher_name); |
362 return rfc_name; | 360 return rfc_name; |
363 #else | 361 #else |
364 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; | 362 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; |
365 ++entry) { | 363 ++entry) { |
366 if (cipher_suite == entry->openssl_id) { | 364 if (cipher == entry->openssl_id) { |
367 return entry->rfc_name; | 365 return entry->rfc_name; |
368 } | 366 } |
369 } | 367 } |
370 return std::string(); | 368 return std::string(); |
371 #endif | 369 #endif |
372 } | 370 } |
373 | 371 |
374 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) { | 372 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) { |
375 if (state_ != SSL_CONNECTED) | 373 if (state_ != SSL_CONNECTED) |
376 return false; | 374 return false; |
377 | 375 |
378 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); | 376 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); |
379 if (current_cipher == NULL) { | 377 if (current_cipher == NULL) { |
380 return false; | 378 return false; |
381 } | 379 } |
382 | 380 |
383 *cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); | 381 *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); |
384 return true; | 382 return true; |
385 } | 383 } |
386 | 384 |
387 // Key Extractor interface | 385 // Key Extractor interface |
388 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, | 386 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, |
389 const uint8_t* context, | 387 const uint8_t* context, |
390 size_t context_len, | 388 size_t context_len, |
391 bool use_context, | 389 bool use_context, |
392 uint8_t* result, | 390 uint8_t* result, |
393 size_t result_len) { | 391 size_t result_len) { |
394 #ifdef HAVE_DTLS_SRTP | 392 #ifdef HAVE_DTLS_SRTP |
395 int i; | 393 int i; |
396 | 394 |
397 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), | 395 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), |
398 label.length(), const_cast<uint8_t*>(context), | 396 label.length(), const_cast<uint8_t*>(context), |
399 context_len, use_context); | 397 context_len, use_context); |
400 | 398 |
401 if (i != 1) | 399 if (i != 1) |
402 return false; | 400 return false; |
403 | 401 |
404 return true; | 402 return true; |
405 #else | 403 #else |
406 return false; | 404 return false; |
407 #endif | 405 #endif |
408 } | 406 } |
409 | 407 |
410 bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites( | 408 bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers( |
411 const std::vector<int>& ciphers) { | 409 const std::vector<std::string>& ciphers) { |
412 #ifdef HAVE_DTLS_SRTP | 410 #ifdef HAVE_DTLS_SRTP |
413 std::string internal_ciphers; | 411 std::string internal_ciphers; |
414 | 412 |
415 if (state_ != SSL_NONE) | 413 if (state_ != SSL_NONE) |
416 return false; | 414 return false; |
417 | 415 |
418 for (std::vector<int>::const_iterator cipher = ciphers.begin(); | 416 for (std::vector<std::string>::const_iterator cipher = ciphers.begin(); |
419 cipher != ciphers.end(); ++cipher) { | 417 cipher != ciphers.end(); ++cipher) { |
420 bool found = false; | 418 bool found = false; |
421 for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name; | 419 for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name; |
422 ++entry) { | 420 ++entry) { |
423 if (*cipher == entry->id) { | 421 if (*cipher == entry->external_name) { |
424 found = true; | 422 found = true; |
425 if (!internal_ciphers.empty()) | 423 if (!internal_ciphers.empty()) |
426 internal_ciphers += ":"; | 424 internal_ciphers += ":"; |
427 internal_ciphers += entry->internal_name; | 425 internal_ciphers += entry->internal_name; |
428 break; | 426 break; |
429 } | 427 } |
430 } | 428 } |
431 | 429 |
432 if (!found) { | 430 if (!found) { |
433 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; | 431 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; |
434 return false; | 432 return false; |
435 } | 433 } |
436 } | 434 } |
437 | 435 |
438 if (internal_ciphers.empty()) | 436 if (internal_ciphers.empty()) |
439 return false; | 437 return false; |
440 | 438 |
441 srtp_ciphers_ = internal_ciphers; | 439 srtp_ciphers_ = internal_ciphers; |
442 return true; | 440 return true; |
443 #else | 441 #else |
444 return false; | 442 return false; |
445 #endif | 443 #endif |
446 } | 444 } |
447 | 445 |
448 bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) { | 446 bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) { |
449 #ifdef HAVE_DTLS_SRTP | 447 #ifdef HAVE_DTLS_SRTP |
450 ASSERT(state_ == SSL_CONNECTED); | 448 ASSERT(state_ == SSL_CONNECTED); |
451 if (state_ != SSL_CONNECTED) | 449 if (state_ != SSL_CONNECTED) |
452 return false; | 450 return false; |
453 | 451 |
454 const SRTP_PROTECTION_PROFILE *srtp_profile = | 452 const SRTP_PROTECTION_PROFILE *srtp_profile = |
455 SSL_get_selected_srtp_profile(ssl_); | 453 SSL_get_selected_srtp_profile(ssl_); |
456 | 454 |
457 if (!srtp_profile) | 455 if (!srtp_profile) |
458 return false; | 456 return false; |
459 | 457 |
460 *crypto_suite = srtp_profile->id; | 458 for (SrtpCipherMapEntry *entry = SrtpCipherMap; |
461 ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty()); | 459 entry->internal_name; ++entry) { |
462 return true; | 460 if (!strcmp(entry->internal_name, srtp_profile->name)) { |
| 461 *cipher = entry->external_name; |
| 462 return true; |
| 463 } |
| 464 } |
| 465 |
| 466 ASSERT(false); // This should never happen |
| 467 |
| 468 return false; |
463 #else | 469 #else |
464 return false; | 470 return false; |
465 #endif | 471 #endif |
466 } | 472 } |
467 | 473 |
468 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { | 474 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { |
469 ASSERT(server_name != NULL && server_name[0] != '\0'); | 475 ASSERT(server_name != NULL && server_name[0] != '\0'); |
470 ssl_server_name_ = server_name; | 476 ssl_server_name_ = server_name; |
471 return StartSSL(); | 477 return StartSSL(); |
472 } | 478 } |
(...skipping 688 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1161 } | 1167 } |
1162 } else { | 1168 } else { |
1163 RTC_NOTREACHED(); | 1169 RTC_NOTREACHED(); |
1164 return kDefaultSslEcCipher12; | 1170 return kDefaultSslEcCipher12; |
1165 } | 1171 } |
1166 } | 1172 } |
1167 | 1173 |
1168 } // namespace rtc | 1174 } // namespace rtc |
1169 | 1175 |
1170 #endif // HAVE_OPENSSL_SSL_H | 1176 #endif // HAVE_OPENSSL_SSL_H |
OLD | NEW |