| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 #include "webrtc/base/stringutils.h" | 36 #include "webrtc/base/stringutils.h" |
| 37 #include "webrtc/base/thread.h" | 37 #include "webrtc/base/thread.h" |
| 38 | 38 |
| 39 namespace rtc { | 39 namespace rtc { |
| 40 | 40 |
| 41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) | 41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) |
| 42 #define HAVE_DTLS_SRTP | 42 #define HAVE_DTLS_SRTP |
| 43 #endif | 43 #endif |
| 44 | 44 |
| 45 #ifdef HAVE_DTLS_SRTP | 45 #ifdef HAVE_DTLS_SRTP |
| 46 // SRTP cipher suite table | 46 // SRTP cipher suite table. |internal_name| is used to construct a |
| 47 // colon-separated profile strings which is needed by |
| 48 // SSL_CTX_set_tlsext_use_srtp(). |
| 47 struct SrtpCipherMapEntry { | 49 struct SrtpCipherMapEntry { |
| 48 const char* external_name; | |
| 49 const char* internal_name; | 50 const char* internal_name; |
| 51 const int id; |
| 50 }; | 52 }; |
| 51 | 53 |
| 52 // This isn't elegant, but it's better than an external reference | 54 // This isn't elegant, but it's better than an external reference |
| 53 static SrtpCipherMapEntry SrtpCipherMap[] = { | 55 static SrtpCipherMapEntry SrtpCipherMap[] = { |
| 54 {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"}, | 56 {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80}, |
| 55 {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"}, | 57 {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32}, |
| 56 {NULL, NULL}}; | 58 {nullptr, 0}}; |
| 57 #endif | 59 #endif |
| 58 | 60 |
| 59 #ifndef OPENSSL_IS_BORINGSSL | 61 #ifndef OPENSSL_IS_BORINGSSL |
| 60 | 62 |
| 61 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. | 63 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. |
| 62 struct SslCipherMapEntry { | 64 struct SslCipherMapEntry { |
| 63 uint32_t openssl_id; | 65 uint32_t openssl_id; |
| 64 const char* rfc_name; | 66 const char* rfc_name; |
| 65 }; | 67 }; |
| 66 | 68 |
| (...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 343 } | 345 } |
| 344 if (expected_len != digest_len) | 346 if (expected_len != digest_len) |
| 345 return false; | 347 return false; |
| 346 | 348 |
| 347 peer_certificate_digest_value_.SetData(digest_val, digest_len); | 349 peer_certificate_digest_value_.SetData(digest_val, digest_len); |
| 348 peer_certificate_digest_algorithm_ = digest_alg; | 350 peer_certificate_digest_algorithm_ = digest_alg; |
| 349 | 351 |
| 350 return true; | 352 return true; |
| 351 } | 353 } |
| 352 | 354 |
| 353 std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) { | 355 std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) { |
| 354 #ifdef OPENSSL_IS_BORINGSSL | 356 #ifdef OPENSSL_IS_BORINGSSL |
| 355 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); | 357 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite); |
| 356 if (!ssl_cipher) { | 358 if (!ssl_cipher) { |
| 357 return std::string(); | 359 return std::string(); |
| 358 } | 360 } |
| 359 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); | 361 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); |
| 360 std::string rfc_name = std::string(cipher_name); | 362 std::string rfc_name = std::string(cipher_name); |
| 361 OPENSSL_free(cipher_name); | 363 OPENSSL_free(cipher_name); |
| 362 return rfc_name; | 364 return rfc_name; |
| 363 #else | 365 #else |
| 364 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; | 366 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; |
| 365 ++entry) { | 367 ++entry) { |
| 366 if (cipher == entry->openssl_id) { | 368 if (cipher_suite == entry->openssl_id) { |
| 367 return entry->rfc_name; | 369 return entry->rfc_name; |
| 368 } | 370 } |
| 369 } | 371 } |
| 370 return std::string(); | 372 return std::string(); |
| 371 #endif | 373 #endif |
| 372 } | 374 } |
| 373 | 375 |
| 374 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) { | 376 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) { |
| 375 if (state_ != SSL_CONNECTED) | 377 if (state_ != SSL_CONNECTED) |
| 376 return false; | 378 return false; |
| 377 | 379 |
| 378 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); | 380 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); |
| 379 if (current_cipher == NULL) { | 381 if (current_cipher == NULL) { |
| 380 return false; | 382 return false; |
| 381 } | 383 } |
| 382 | 384 |
| 383 *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); | 385 *cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); |
| 384 return true; | 386 return true; |
| 385 } | 387 } |
| 386 | 388 |
| 387 // Key Extractor interface | 389 // Key Extractor interface |
| 388 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, | 390 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, |
| 389 const uint8_t* context, | 391 const uint8_t* context, |
| 390 size_t context_len, | 392 size_t context_len, |
| 391 bool use_context, | 393 bool use_context, |
| 392 uint8_t* result, | 394 uint8_t* result, |
| 393 size_t result_len) { | 395 size_t result_len) { |
| 394 #ifdef HAVE_DTLS_SRTP | 396 #ifdef HAVE_DTLS_SRTP |
| 395 int i; | 397 int i; |
| 396 | 398 |
| 397 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), | 399 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), |
| 398 label.length(), const_cast<uint8_t*>(context), | 400 label.length(), const_cast<uint8_t*>(context), |
| 399 context_len, use_context); | 401 context_len, use_context); |
| 400 | 402 |
| 401 if (i != 1) | 403 if (i != 1) |
| 402 return false; | 404 return false; |
| 403 | 405 |
| 404 return true; | 406 return true; |
| 405 #else | 407 #else |
| 406 return false; | 408 return false; |
| 407 #endif | 409 #endif |
| 408 } | 410 } |
| 409 | 411 |
| 410 bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers( | 412 bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites( |
| 411 const std::vector<std::string>& ciphers) { | 413 const std::vector<int>& ciphers) { |
| 412 #ifdef HAVE_DTLS_SRTP | 414 #ifdef HAVE_DTLS_SRTP |
| 413 std::string internal_ciphers; | 415 std::string internal_ciphers; |
| 414 | 416 |
| 415 if (state_ != SSL_NONE) | 417 if (state_ != SSL_NONE) |
| 416 return false; | 418 return false; |
| 417 | 419 |
| 418 for (std::vector<std::string>::const_iterator cipher = ciphers.begin(); | 420 for (std::vector<int>::const_iterator cipher = ciphers.begin(); |
| 419 cipher != ciphers.end(); ++cipher) { | 421 cipher != ciphers.end(); ++cipher) { |
| 420 bool found = false; | 422 bool found = false; |
| 421 for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name; | 423 for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name; |
| 422 ++entry) { | 424 ++entry) { |
| 423 if (*cipher == entry->external_name) { | 425 if (*cipher == entry->id) { |
| 424 found = true; | 426 found = true; |
| 425 if (!internal_ciphers.empty()) | 427 if (!internal_ciphers.empty()) |
| 426 internal_ciphers += ":"; | 428 internal_ciphers += ":"; |
| 427 internal_ciphers += entry->internal_name; | 429 internal_ciphers += entry->internal_name; |
| 428 break; | 430 break; |
| 429 } | 431 } |
| 430 } | 432 } |
| 431 | 433 |
| 432 if (!found) { | 434 if (!found) { |
| 433 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; | 435 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; |
| 434 return false; | 436 return false; |
| 435 } | 437 } |
| 436 } | 438 } |
| 437 | 439 |
| 438 if (internal_ciphers.empty()) | 440 if (internal_ciphers.empty()) |
| 439 return false; | 441 return false; |
| 440 | 442 |
| 441 srtp_ciphers_ = internal_ciphers; | 443 srtp_ciphers_ = internal_ciphers; |
| 442 return true; | 444 return true; |
| 443 #else | 445 #else |
| 444 return false; | 446 return false; |
| 445 #endif | 447 #endif |
| 446 } | 448 } |
| 447 | 449 |
| 448 bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) { | 450 bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) { |
| 449 #ifdef HAVE_DTLS_SRTP | 451 #ifdef HAVE_DTLS_SRTP |
| 450 ASSERT(state_ == SSL_CONNECTED); | 452 ASSERT(state_ == SSL_CONNECTED); |
| 451 if (state_ != SSL_CONNECTED) | 453 if (state_ != SSL_CONNECTED) |
| 452 return false; | 454 return false; |
| 453 | 455 |
| 454 const SRTP_PROTECTION_PROFILE *srtp_profile = | 456 const SRTP_PROTECTION_PROFILE *srtp_profile = |
| 455 SSL_get_selected_srtp_profile(ssl_); | 457 SSL_get_selected_srtp_profile(ssl_); |
| 456 | 458 |
| 457 if (!srtp_profile) | 459 if (!srtp_profile) |
| 458 return false; | 460 return false; |
| 459 | 461 |
| 460 for (SrtpCipherMapEntry *entry = SrtpCipherMap; | 462 *crypto_suite = srtp_profile->id; |
| 461 entry->internal_name; ++entry) { | 463 ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty()); |
| 462 if (!strcmp(entry->internal_name, srtp_profile->name)) { | 464 return true; |
| 463 *cipher = entry->external_name; | |
| 464 return true; | |
| 465 } | |
| 466 } | |
| 467 | |
| 468 ASSERT(false); // This should never happen | |
| 469 | |
| 470 return false; | |
| 471 #else | 465 #else |
| 472 return false; | 466 return false; |
| 473 #endif | 467 #endif |
| 474 } | 468 } |
| 475 | 469 |
| 476 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { | 470 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { |
| 477 ASSERT(server_name != NULL && server_name[0] != '\0'); | 471 ASSERT(server_name != NULL && server_name[0] != '\0'); |
| 478 ssl_server_name_ = server_name; | 472 ssl_server_name_ = server_name; |
| 479 return StartSSL(); | 473 return StartSSL(); |
| 480 } | 474 } |
| (...skipping 688 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1169 } | 1163 } |
| 1170 } else { | 1164 } else { |
| 1171 RTC_NOTREACHED(); | 1165 RTC_NOTREACHED(); |
| 1172 return kDefaultSslEcCipher12; | 1166 return kDefaultSslEcCipher12; |
| 1173 } | 1167 } |
| 1174 } | 1168 } |
| 1175 | 1169 |
| 1176 } // namespace rtc | 1170 } // namespace rtc |
| 1177 | 1171 |
| 1178 #endif // HAVE_OPENSSL_SSL_H | 1172 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1458023002:
Reland Convert internal representation of Srtp cryptos from string to int (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc@master