OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 25 matching lines...) Expand all Loading... |
36 #include "webrtc/base/stringutils.h" | 36 #include "webrtc/base/stringutils.h" |
37 #include "webrtc/base/thread.h" | 37 #include "webrtc/base/thread.h" |
38 | 38 |
39 namespace rtc { | 39 namespace rtc { |
40 | 40 |
41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) | 41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L) |
42 #define HAVE_DTLS_SRTP | 42 #define HAVE_DTLS_SRTP |
43 #endif | 43 #endif |
44 | 44 |
45 #ifdef HAVE_DTLS_SRTP | 45 #ifdef HAVE_DTLS_SRTP |
46 // SRTP cipher suite table | 46 // SRTP cipher suite table. |internal_name| is used to construct a |
| 47 // colon-separated profile strings which is needed by |
| 48 // SSL_CTX_set_tlsext_use_srtp(). |
47 struct SrtpCipherMapEntry { | 49 struct SrtpCipherMapEntry { |
48 const char* external_name; | |
49 const char* internal_name; | 50 const char* internal_name; |
| 51 const int id; |
50 }; | 52 }; |
51 | 53 |
52 // This isn't elegant, but it's better than an external reference | 54 // This isn't elegant, but it's better than an external reference |
53 static SrtpCipherMapEntry SrtpCipherMap[] = { | 55 static SrtpCipherMapEntry SrtpCipherMap[] = { |
54 {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"}, | 56 {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80}, |
55 {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"}, | 57 {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32}, |
56 {NULL, NULL}}; | 58 {nullptr, 0}}; |
57 #endif | 59 #endif |
58 | 60 |
59 #ifndef OPENSSL_IS_BORINGSSL | 61 #ifndef OPENSSL_IS_BORINGSSL |
60 | 62 |
61 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. | 63 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. |
62 struct SslCipherMapEntry { | 64 struct SslCipherMapEntry { |
63 uint32_t openssl_id; | 65 uint32_t openssl_id; |
64 const char* rfc_name; | 66 const char* rfc_name; |
65 }; | 67 }; |
66 | 68 |
(...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
343 } | 345 } |
344 if (expected_len != digest_len) | 346 if (expected_len != digest_len) |
345 return false; | 347 return false; |
346 | 348 |
347 peer_certificate_digest_value_.SetData(digest_val, digest_len); | 349 peer_certificate_digest_value_.SetData(digest_val, digest_len); |
348 peer_certificate_digest_algorithm_ = digest_alg; | 350 peer_certificate_digest_algorithm_ = digest_alg; |
349 | 351 |
350 return true; | 352 return true; |
351 } | 353 } |
352 | 354 |
353 std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) { | 355 std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) { |
354 #ifdef OPENSSL_IS_BORINGSSL | 356 #ifdef OPENSSL_IS_BORINGSSL |
355 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); | 357 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite); |
356 if (!ssl_cipher) { | 358 if (!ssl_cipher) { |
357 return std::string(); | 359 return std::string(); |
358 } | 360 } |
359 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); | 361 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); |
360 std::string rfc_name = std::string(cipher_name); | 362 std::string rfc_name = std::string(cipher_name); |
361 OPENSSL_free(cipher_name); | 363 OPENSSL_free(cipher_name); |
362 return rfc_name; | 364 return rfc_name; |
363 #else | 365 #else |
364 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; | 366 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; |
365 ++entry) { | 367 ++entry) { |
366 if (cipher == entry->openssl_id) { | 368 if (cipher_suite == entry->openssl_id) { |
367 return entry->rfc_name; | 369 return entry->rfc_name; |
368 } | 370 } |
369 } | 371 } |
370 return std::string(); | 372 return std::string(); |
371 #endif | 373 #endif |
372 } | 374 } |
373 | 375 |
374 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) { | 376 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) { |
375 if (state_ != SSL_CONNECTED) | 377 if (state_ != SSL_CONNECTED) |
376 return false; | 378 return false; |
377 | 379 |
378 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); | 380 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); |
379 if (current_cipher == NULL) { | 381 if (current_cipher == NULL) { |
380 return false; | 382 return false; |
381 } | 383 } |
382 | 384 |
383 *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); | 385 *cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); |
384 return true; | 386 return true; |
385 } | 387 } |
386 | 388 |
387 // Key Extractor interface | 389 // Key Extractor interface |
388 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, | 390 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, |
389 const uint8_t* context, | 391 const uint8_t* context, |
390 size_t context_len, | 392 size_t context_len, |
391 bool use_context, | 393 bool use_context, |
392 uint8_t* result, | 394 uint8_t* result, |
393 size_t result_len) { | 395 size_t result_len) { |
394 #ifdef HAVE_DTLS_SRTP | 396 #ifdef HAVE_DTLS_SRTP |
395 int i; | 397 int i; |
396 | 398 |
397 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), | 399 i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(), |
398 label.length(), const_cast<uint8_t*>(context), | 400 label.length(), const_cast<uint8_t*>(context), |
399 context_len, use_context); | 401 context_len, use_context); |
400 | 402 |
401 if (i != 1) | 403 if (i != 1) |
402 return false; | 404 return false; |
403 | 405 |
404 return true; | 406 return true; |
405 #else | 407 #else |
406 return false; | 408 return false; |
407 #endif | 409 #endif |
408 } | 410 } |
409 | 411 |
410 bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers( | 412 bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites( |
411 const std::vector<std::string>& ciphers) { | 413 const std::vector<int>& ciphers) { |
412 #ifdef HAVE_DTLS_SRTP | 414 #ifdef HAVE_DTLS_SRTP |
413 std::string internal_ciphers; | 415 std::string internal_ciphers; |
414 | 416 |
415 if (state_ != SSL_NONE) | 417 if (state_ != SSL_NONE) |
416 return false; | 418 return false; |
417 | 419 |
418 for (std::vector<std::string>::const_iterator cipher = ciphers.begin(); | 420 for (std::vector<int>::const_iterator cipher = ciphers.begin(); |
419 cipher != ciphers.end(); ++cipher) { | 421 cipher != ciphers.end(); ++cipher) { |
420 bool found = false; | 422 bool found = false; |
421 for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name; | 423 for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name; |
422 ++entry) { | 424 ++entry) { |
423 if (*cipher == entry->external_name) { | 425 if (*cipher == entry->id) { |
424 found = true; | 426 found = true; |
425 if (!internal_ciphers.empty()) | 427 if (!internal_ciphers.empty()) |
426 internal_ciphers += ":"; | 428 internal_ciphers += ":"; |
427 internal_ciphers += entry->internal_name; | 429 internal_ciphers += entry->internal_name; |
428 break; | 430 break; |
429 } | 431 } |
430 } | 432 } |
431 | 433 |
432 if (!found) { | 434 if (!found) { |
433 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; | 435 LOG(LS_ERROR) << "Could not find cipher: " << *cipher; |
434 return false; | 436 return false; |
435 } | 437 } |
436 } | 438 } |
437 | 439 |
438 if (internal_ciphers.empty()) | 440 if (internal_ciphers.empty()) |
439 return false; | 441 return false; |
440 | 442 |
441 srtp_ciphers_ = internal_ciphers; | 443 srtp_ciphers_ = internal_ciphers; |
442 return true; | 444 return true; |
443 #else | 445 #else |
444 return false; | 446 return false; |
445 #endif | 447 #endif |
446 } | 448 } |
447 | 449 |
448 bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) { | 450 bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) { |
449 #ifdef HAVE_DTLS_SRTP | 451 #ifdef HAVE_DTLS_SRTP |
450 ASSERT(state_ == SSL_CONNECTED); | 452 ASSERT(state_ == SSL_CONNECTED); |
451 if (state_ != SSL_CONNECTED) | 453 if (state_ != SSL_CONNECTED) |
452 return false; | 454 return false; |
453 | 455 |
454 const SRTP_PROTECTION_PROFILE *srtp_profile = | 456 const SRTP_PROTECTION_PROFILE *srtp_profile = |
455 SSL_get_selected_srtp_profile(ssl_); | 457 SSL_get_selected_srtp_profile(ssl_); |
456 | 458 |
457 if (!srtp_profile) | 459 if (!srtp_profile) |
458 return false; | 460 return false; |
459 | 461 |
460 for (SrtpCipherMapEntry *entry = SrtpCipherMap; | 462 *crypto_suite = srtp_profile->id; |
461 entry->internal_name; ++entry) { | 463 ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty()); |
462 if (!strcmp(entry->internal_name, srtp_profile->name)) { | 464 return true; |
463 *cipher = entry->external_name; | |
464 return true; | |
465 } | |
466 } | |
467 | |
468 ASSERT(false); // This should never happen | |
469 | |
470 return false; | |
471 #else | 465 #else |
472 return false; | 466 return false; |
473 #endif | 467 #endif |
474 } | 468 } |
475 | 469 |
476 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { | 470 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { |
477 ASSERT(server_name != NULL && server_name[0] != '\0'); | 471 ASSERT(server_name != NULL && server_name[0] != '\0'); |
478 ssl_server_name_ = server_name; | 472 ssl_server_name_ = server_name; |
479 return StartSSL(); | 473 return StartSSL(); |
480 } | 474 } |
(...skipping 688 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1169 } | 1163 } |
1170 } else { | 1164 } else { |
1171 RTC_NOTREACHED(); | 1165 RTC_NOTREACHED(); |
1172 return kDefaultSslEcCipher12; | 1166 return kDefaultSslEcCipher12; |
1173 } | 1167 } |
1174 } | 1168 } |
1175 | 1169 |
1176 } // namespace rtc | 1170 } // namespace rtc |
1177 | 1171 |
1178 #endif // HAVE_OPENSSL_SSL_H | 1172 #endif // HAVE_OPENSSL_SSL_H |
OLD | NEW |