OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
13 | 13 |
14 #include <string> | 14 #include <string> |
15 #include <vector> | 15 #include <vector> |
16 | 16 |
17 #include "webrtc/base/stream.h" | 17 #include "webrtc/base/stream.h" |
18 #include "webrtc/base/sslidentity.h" | 18 #include "webrtc/base/sslidentity.h" |
19 | 19 |
20 namespace rtc { | 20 namespace rtc { |
21 | 21 |
22 // Constants for SSL profile. | |
23 const int TLS_NULL_WITH_NULL_NULL = 0; | |
24 | |
25 // Constants for SRTP profiles. | 22 // Constants for SRTP profiles. |
26 const int SRTP_INVALID_CRYPTO_SUITE = 0; | |
27 const int SRTP_AES128_CM_SHA1_80 = 0x0001; | 23 const int SRTP_AES128_CM_SHA1_80 = 0x0001; |
28 const int SRTP_AES128_CM_SHA1_32 = 0x0002; | 24 const int SRTP_AES128_CM_SHA1_32 = 0x0002; |
29 | 25 |
30 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except | 26 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except |
31 // in applications (voice) where the additional bandwidth may be significant. | 27 // in applications (voice) where the additional bandwidth may be significant. |
32 // A 80-bit HMAC is always used for SRTCP. | 28 // A 80-bit HMAC is always used for SRTCP. |
33 // 128-bit AES with 80-bit SHA-1 HMAC. | 29 // 128-bit AES with 80-bit SHA-1 HMAC. |
34 extern const char CS_AES_CM_128_HMAC_SHA1_80[]; | 30 extern const char CS_AES_CM_128_HMAC_SHA1_80[]; |
35 // 128-bit AES with 32-bit SHA-1 HMAC. | 31 // 128-bit AES with 32-bit SHA-1 HMAC. |
36 extern const char CS_AES_CM_128_HMAC_SHA1_32[]; | 32 extern const char CS_AES_CM_128_HMAC_SHA1_32[]; |
37 | 33 |
38 // Given the DTLS-SRTP protection profile ID, as defined in | 34 // Returns the DTLS-SRTP protection profile ID, as defined in |
39 // https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile | 35 // https://tools.ietf.org/html/rfc5764#section-4.1.2, for the given SRTP |
40 // name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2. | 36 // Crypto-suite, as defined in https://tools.ietf.org/html/rfc4568#section-6.2 |
41 std::string SrtpCryptoSuiteToName(int crypto_suite); | 37 int GetSrtpCryptoSuiteFromName(const std::string& cipher_rfc_name); |
42 | |
43 // The reverse of above conversion. | |
44 int SrtpCryptoSuiteFromName(const std::string& crypto_suite); | |
45 | 38 |
46 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. | 39 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. |
47 // After SSL has been started, the stream will only open on successful | 40 // After SSL has been started, the stream will only open on successful |
48 // SSL verification of certificates, and the communication is | 41 // SSL verification of certificates, and the communication is |
49 // encrypted of course. | 42 // encrypted of course. |
50 // | 43 // |
51 // This class was written with SSLAdapter as a starting point. It | 44 // This class was written with SSLAdapter as a starting point. It |
52 // offers a similar interface, with two differences: there is no | 45 // offers a similar interface, with two differences: there is no |
53 // support for a restartable SSL connection, and this class has a | 46 // support for a restartable SSL connection, and this class has a |
54 // peer-to-peer mode. | 47 // peer-to-peer mode. |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
152 const unsigned char* digest_val, | 145 const unsigned char* digest_val, |
153 size_t digest_len) = 0; | 146 size_t digest_len) = 0; |
154 | 147 |
155 // Retrieves the peer's X.509 certificate, if a connection has been | 148 // Retrieves the peer's X.509 certificate, if a connection has been |
156 // established. It returns the transmitted over SSL, including the entire | 149 // established. It returns the transmitted over SSL, including the entire |
157 // chain. The returned certificate is owned by the caller. | 150 // chain. The returned certificate is owned by the caller. |
158 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; | 151 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; |
159 | 152 |
160 // Retrieves the IANA registration id of the cipher suite used for the | 153 // Retrieves the IANA registration id of the cipher suite used for the |
161 // connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA"). | 154 // connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA"). |
162 virtual bool GetSslCipherSuite(int* cipher_suite); | 155 virtual bool GetSslCipherSuite(int* cipher); |
163 | 156 |
164 // Key Exporter interface from RFC 5705 | 157 // Key Exporter interface from RFC 5705 |
165 // Arguments are: | 158 // Arguments are: |
166 // label -- the exporter label. | 159 // label -- the exporter label. |
167 // part of the RFC defining each exporter | 160 // part of the RFC defining each exporter |
168 // usage (IN) | 161 // usage (IN) |
169 // context/context_len -- a context to bind to for this connection; | 162 // context/context_len -- a context to bind to for this connection; |
170 // optional, can be NULL, 0 (IN) | 163 // optional, can be NULL, 0 (IN) |
171 // use_context -- whether to use the context value | 164 // use_context -- whether to use the context value |
172 // (needed to distinguish no context from | 165 // (needed to distinguish no context from |
173 // zero-length ones). | 166 // zero-length ones). |
174 // result -- where to put the computed value | 167 // result -- where to put the computed value |
175 // result_len -- the length of the computed value | 168 // result_len -- the length of the computed value |
176 virtual bool ExportKeyingMaterial(const std::string& label, | 169 virtual bool ExportKeyingMaterial(const std::string& label, |
177 const uint8_t* context, | 170 const uint8_t* context, |
178 size_t context_len, | 171 size_t context_len, |
179 bool use_context, | 172 bool use_context, |
180 uint8_t* result, | 173 uint8_t* result, |
181 size_t result_len); | 174 size_t result_len); |
182 | 175 |
183 // DTLS-SRTP interface | 176 // DTLS-SRTP interface |
184 virtual bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites); | 177 virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers); |
185 virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite); | 178 virtual bool GetDtlsSrtpCipher(std::string* cipher); |
186 | 179 |
187 // Capabilities testing | 180 // Capabilities testing |
188 static bool HaveDtls(); | 181 static bool HaveDtls(); |
189 static bool HaveDtlsSrtp(); | 182 static bool HaveDtlsSrtp(); |
190 static bool HaveExporter(); | 183 static bool HaveExporter(); |
191 | 184 |
192 // Returns the default Ssl cipher used between streams of this class | 185 // Returns the default Ssl cipher used between streams of this class |
193 // for the given protocol version. This is used by the unit tests. | 186 // for the given protocol version. This is used by the unit tests. |
194 // TODO(guoweis): Move this away from a static class method. | 187 // TODO(guoweis): Move this away from a static class method. |
195 static int GetDefaultSslCipherForTest(SSLProtocolVersion version, | 188 static int GetDefaultSslCipherForTest(SSLProtocolVersion version, |
196 KeyType key_type); | 189 KeyType key_type); |
197 | 190 |
198 // TODO(guoweis): Move this away from a static class method. Currently this is | 191 // TODO(guoweis): Move this away from a static class method. Currently this is |
199 // introduced such that any caller could depend on sslstreamadapter.h without | 192 // introduced such that any caller could depend on sslstreamadapter.h without |
200 // depending on specific SSL implementation. | 193 // depending on specific SSL implementation. |
201 static std::string SslCipherSuiteToName(int cipher_suite); | 194 static std::string GetSslCipherSuiteName(int cipher); |
202 | 195 |
203 private: | 196 private: |
204 // If true, the server certificate need not match the configured | 197 // If true, the server certificate need not match the configured |
205 // server_name, and in fact missing certificate authority and other | 198 // server_name, and in fact missing certificate authority and other |
206 // verification errors are ignored. | 199 // verification errors are ignored. |
207 bool ignore_bad_cert_; | 200 bool ignore_bad_cert_; |
208 | 201 |
209 // If true (default), the client is required to provide a certificate during | 202 // If true (default), the client is required to provide a certificate during |
210 // handshake. If no certificate is given, handshake fails. This applies to | 203 // handshake. If no certificate is given, handshake fails. This applies to |
211 // server mode only. | 204 // server mode only. |
212 bool client_auth_enabled_; | 205 bool client_auth_enabled_; |
213 }; | 206 }; |
214 | 207 |
215 } // namespace rtc | 208 } // namespace rtc |
216 | 209 |
217 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 210 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
OLD | NEW |