OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 12 #define WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
13 | 13 |
14 #include <string> | 14 #include <string> |
15 #include <vector> | 15 #include <vector> |
16 | 16 |
17 #include "webrtc/base/stream.h" | 17 #include "webrtc/base/stream.h" |
18 #include "webrtc/base/sslidentity.h" | 18 #include "webrtc/base/sslidentity.h" |
19 | 19 |
20 namespace rtc { | 20 namespace rtc { |
21 | 21 |
| 22 // Constants for SSL profile. |
| 23 const int TLS_NULL_WITH_NULL_NULL = 0; |
| 24 |
22 // Constants for SRTP profiles. | 25 // Constants for SRTP profiles. |
| 26 const int SRTP_INVALID_CRYPTO_SUITE = 0; |
23 const int SRTP_AES128_CM_SHA1_80 = 0x0001; | 27 const int SRTP_AES128_CM_SHA1_80 = 0x0001; |
24 const int SRTP_AES128_CM_SHA1_32 = 0x0002; | 28 const int SRTP_AES128_CM_SHA1_32 = 0x0002; |
25 | 29 |
26 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except | 30 // Cipher suite to use for SRTP. Typically a 80-bit HMAC will be used, except |
27 // in applications (voice) where the additional bandwidth may be significant. | 31 // in applications (voice) where the additional bandwidth may be significant. |
28 // A 80-bit HMAC is always used for SRTCP. | 32 // A 80-bit HMAC is always used for SRTCP. |
29 // 128-bit AES with 80-bit SHA-1 HMAC. | 33 // 128-bit AES with 80-bit SHA-1 HMAC. |
30 extern const char CS_AES_CM_128_HMAC_SHA1_80[]; | 34 extern const char CS_AES_CM_128_HMAC_SHA1_80[]; |
31 // 128-bit AES with 32-bit SHA-1 HMAC. | 35 // 128-bit AES with 32-bit SHA-1 HMAC. |
32 extern const char CS_AES_CM_128_HMAC_SHA1_32[]; | 36 extern const char CS_AES_CM_128_HMAC_SHA1_32[]; |
33 | 37 |
34 // Returns the DTLS-SRTP protection profile ID, as defined in | 38 // Given the DTLS-SRTP protection profile ID, as defined in |
35 // https://tools.ietf.org/html/rfc5764#section-4.1.2, for the given SRTP | 39 // https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile |
36 // Crypto-suite, as defined in https://tools.ietf.org/html/rfc4568#section-6.2 | 40 // name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2. |
37 int GetSrtpCryptoSuiteFromName(const std::string& cipher_rfc_name); | 41 std::string SrtpCryptoSuiteToName(int crypto_suite); |
| 42 |
| 43 // The reverse of above conversion. |
| 44 int SrtpCryptoSuiteFromName(const std::string& crypto_suite); |
38 | 45 |
39 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. | 46 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. |
40 // After SSL has been started, the stream will only open on successful | 47 // After SSL has been started, the stream will only open on successful |
41 // SSL verification of certificates, and the communication is | 48 // SSL verification of certificates, and the communication is |
42 // encrypted of course. | 49 // encrypted of course. |
43 // | 50 // |
44 // This class was written with SSLAdapter as a starting point. It | 51 // This class was written with SSLAdapter as a starting point. It |
45 // offers a similar interface, with two differences: there is no | 52 // offers a similar interface, with two differences: there is no |
46 // support for a restartable SSL connection, and this class has a | 53 // support for a restartable SSL connection, and this class has a |
47 // peer-to-peer mode. | 54 // peer-to-peer mode. |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
145 const unsigned char* digest_val, | 152 const unsigned char* digest_val, |
146 size_t digest_len) = 0; | 153 size_t digest_len) = 0; |
147 | 154 |
148 // Retrieves the peer's X.509 certificate, if a connection has been | 155 // Retrieves the peer's X.509 certificate, if a connection has been |
149 // established. It returns the transmitted over SSL, including the entire | 156 // established. It returns the transmitted over SSL, including the entire |
150 // chain. The returned certificate is owned by the caller. | 157 // chain. The returned certificate is owned by the caller. |
151 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; | 158 virtual bool GetPeerCertificate(SSLCertificate** cert) const = 0; |
152 | 159 |
153 // Retrieves the IANA registration id of the cipher suite used for the | 160 // Retrieves the IANA registration id of the cipher suite used for the |
154 // connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA"). | 161 // connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA"). |
155 virtual bool GetSslCipherSuite(int* cipher); | 162 virtual bool GetSslCipherSuite(int* cipher_suite); |
156 | 163 |
157 // Key Exporter interface from RFC 5705 | 164 // Key Exporter interface from RFC 5705 |
158 // Arguments are: | 165 // Arguments are: |
159 // label -- the exporter label. | 166 // label -- the exporter label. |
160 // part of the RFC defining each exporter | 167 // part of the RFC defining each exporter |
161 // usage (IN) | 168 // usage (IN) |
162 // context/context_len -- a context to bind to for this connection; | 169 // context/context_len -- a context to bind to for this connection; |
163 // optional, can be NULL, 0 (IN) | 170 // optional, can be NULL, 0 (IN) |
164 // use_context -- whether to use the context value | 171 // use_context -- whether to use the context value |
165 // (needed to distinguish no context from | 172 // (needed to distinguish no context from |
166 // zero-length ones). | 173 // zero-length ones). |
167 // result -- where to put the computed value | 174 // result -- where to put the computed value |
168 // result_len -- the length of the computed value | 175 // result_len -- the length of the computed value |
169 virtual bool ExportKeyingMaterial(const std::string& label, | 176 virtual bool ExportKeyingMaterial(const std::string& label, |
170 const uint8_t* context, | 177 const uint8_t* context, |
171 size_t context_len, | 178 size_t context_len, |
172 bool use_context, | 179 bool use_context, |
173 uint8_t* result, | 180 uint8_t* result, |
174 size_t result_len); | 181 size_t result_len); |
175 | 182 |
176 // DTLS-SRTP interface | 183 // DTLS-SRTP interface |
177 virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers); | 184 virtual bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites); |
178 virtual bool GetDtlsSrtpCipher(std::string* cipher); | 185 virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite); |
179 | 186 |
180 // Capabilities testing | 187 // Capabilities testing |
181 static bool HaveDtls(); | 188 static bool HaveDtls(); |
182 static bool HaveDtlsSrtp(); | 189 static bool HaveDtlsSrtp(); |
183 static bool HaveExporter(); | 190 static bool HaveExporter(); |
184 | 191 |
185 // Returns the default Ssl cipher used between streams of this class | 192 // Returns the default Ssl cipher used between streams of this class |
186 // for the given protocol version. This is used by the unit tests. | 193 // for the given protocol version. This is used by the unit tests. |
187 // TODO(guoweis): Move this away from a static class method. | 194 // TODO(guoweis): Move this away from a static class method. |
188 static int GetDefaultSslCipherForTest(SSLProtocolVersion version, | 195 static int GetDefaultSslCipherForTest(SSLProtocolVersion version, |
189 KeyType key_type); | 196 KeyType key_type); |
190 | 197 |
191 // TODO(guoweis): Move this away from a static class method. Currently this is | 198 // TODO(guoweis): Move this away from a static class method. Currently this is |
192 // introduced such that any caller could depend on sslstreamadapter.h without | 199 // introduced such that any caller could depend on sslstreamadapter.h without |
193 // depending on specific SSL implementation. | 200 // depending on specific SSL implementation. |
194 static std::string GetSslCipherSuiteName(int cipher); | 201 static std::string SslCipherSuiteToName(int cipher_suite); |
195 | 202 |
196 private: | 203 private: |
197 // If true, the server certificate need not match the configured | 204 // If true, the server certificate need not match the configured |
198 // server_name, and in fact missing certificate authority and other | 205 // server_name, and in fact missing certificate authority and other |
199 // verification errors are ignored. | 206 // verification errors are ignored. |
200 bool ignore_bad_cert_; | 207 bool ignore_bad_cert_; |
201 | 208 |
202 // If true (default), the client is required to provide a certificate during | 209 // If true (default), the client is required to provide a certificate during |
203 // handshake. If no certificate is given, handshake fails. This applies to | 210 // handshake. If no certificate is given, handshake fails. This applies to |
204 // server mode only. | 211 // server mode only. |
205 bool client_auth_enabled_; | 212 bool client_auth_enabled_; |
206 }; | 213 }; |
207 | 214 |
208 } // namespace rtc | 215 } // namespace rtc |
209 | 216 |
210 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 217 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
OLD | NEW |