Add support for GCM cipher suites from RFC 7714.

talk/session/media/mediasession.cc

 /*
  * libjingle
  * Copyright 2004 Google Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *  1. Redistributions of source code must retain the above copyright notice,
  *     this list of conditions and the following disclaimer.
  *  2. Redistributions in binary form must reproduce the above copyright notice,
@@ skipping 80 matching lines @@
     return false;
   }
 
   const MediaContentDescription* mdesc =
       static_cast<const MediaContentDescription*>(content->description);
   return mdesc && mdesc->type() == media_type;
 }
 
 static bool CreateCryptoParams(int tag, const std::string& cipher,
                                CryptoParams *out) {
+  int key_len;
+  int salt_len;
+  if (!rtc::SrtpCryptoSuiteParams(
+      rtc::SrtpCryptoSuiteFromName(cipher), &key_len, &salt_len)) {
+    return false;
+  }
+
+  int master_key_base64_len = (key_len + salt_len) * 4 / 3;
+
   std::string key;
-  key.reserve(SRTP_MASTER_KEY_BASE64_LEN);
+  key.reserve(master_key_base64_len);
 
-  if (!rtc::CreateRandomString(SRTP_MASTER_KEY_BASE64_LEN, &key)) {
+  if (!rtc::CreateRandomString(master_key_base64_len, &key)) {
     return false;
   }
   out->tag = tag;
   out->cipher_suite = cipher;
   out->key_params = kInline;
   out->key_params += key;
   return true;
 }
 
 #ifdef HAVE_SRTP
@@ skipping 40 matching lines @@
   for (CryptoParamsVec::const_iterator it = cryptos.begin();
        it != cryptos.end(); ++it) {
     if (crypto.Matches(*it)) {
       *out = *it;
       return true;
     }
   }
   return false;
 }
 
-// For audio, HMAC 32 is prefered because of the low overhead.
+void FilterGcmCiphers(std::vector<int>* crypto_suites) {

[pthatcher1, 2015/12/18 20:31:31]

Can you break this up to be a bit more generic and match our naming scheme?

bool IsGcmCryptoSuite(int crypto_suite) {
  return (crypto_suite == rtc::SRTP_AEAD_AES_256_GCM ||
          crypto_suite == rtc::SRTP_AEAD_AES_128_GCM);
} 

bool IsGcmCipherName(const std::string& cipher_name) {
  return (cipher_name == rtc::CS_AEAD_AES_256_GCM ||
          cipher_name == rtc::CS_AEAD_AES_128_GCM);
}

[joachim, 2015/12/19 15:26:23]

Done. Implemented functions in sslstreamadapter (where the constants are
defined) and renamed second function to "IsGcmCryptoSuiteName".

+  for (std::vector<int>::iterator it = crypto_suites->begin();
+       it != crypto_suites->end(); ) {
+    if (*it == rtc::SRTP_AEAD_AES_256_GCM ||
+        *it == rtc::SRTP_AEAD_AES_128_GCM) {
+      it = crypto_suites->erase(it);
+    } else {
+      ++it;
+    }
+  }
+}

[pthatcher1, 2015/12/18 20:31:31]

Then you can just remove this function and replace the existing calls with this
line:

crypto_suites.erase(std::remove_if(crypto_suites.begin(), crypto_suites.end(), 
   IsGcmCryptoSuite), crypto_suites.end());

[joachim, 2015/12/19 15:26:23]

Done.

+
+void FilterGcmCipherNames(std::vector<std::string>* crypto_suites) {
+  for (std::vector<std::string>::iterator it = crypto_suites->begin();
+       it != crypto_suites->end(); ) {
+    if (*it == rtc::CS_AEAD_AES_256_GCM ||
+        *it == rtc::CS_AEAD_AES_128_GCM) {
+      it = crypto_suites->erase(it);
+    } else {
+      ++it;
+    }
+  }
+}

[pthatcher1, 2015/12/18 20:31:32]

Similarly here:

cipher_names.erase(std::remove_if(cipher_names.begin(), cipher_names.end(), 
   IsGcmCipherName), cipher_names.end());

[joachim, 2015/12/19 15:26:23]

Done.

+
+// For audio, HMAC 32 is prefered over HMAC 80 because of the low overhead.
 void GetSupportedAudioCryptoSuites(std::vector<int>* crypto_suites) {
 #ifdef HAVE_SRTP
+  crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
+  crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
   crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32);
   crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
 #endif
 }
 
 void GetSupportedAudioCryptoSuiteNames(
     std::vector<std::string>* crypto_suite_names) {
   GetSupportedCryptoSuiteNames(GetSupportedAudioCryptoSuites,
                                crypto_suite_names);
 }
@@ skipping 13 matching lines @@
 }
 
 void GetSupportedDataCryptoSuiteNames(
     std::vector<std::string>* crypto_suite_names) {
   GetSupportedCryptoSuiteNames(GetSupportedDataCryptoSuites,
                                crypto_suite_names);
 }
 
 void GetDefaultSrtpCryptoSuites(std::vector<int>* crypto_suites) {
 #ifdef HAVE_SRTP
+  crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
+  crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
   crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
 #endif
 }
 
 void GetDefaultSrtpCryptoSuiteNames(
     std::vector<std::string>* crypto_suite_names) {
   GetSupportedCryptoSuiteNames(GetDefaultSrtpCryptoSuites, crypto_suite_names);
 }
 
-// For video support only 80-bit SHA1 HMAC. For audio 32-bit HMAC is
-// tolerated unless bundle is enabled because it is low overhead. Pick the
-// crypto in the list that is supported.
+// Support any GCM cipher (if enabled through options). For video support only
+// 80-bit SHA1 HMAC. For audio 32-bit HMAC is tolerated unless bundle is enabled
+// because it is low overhead.
+// Pick the crypto in the list that is supported.
 static bool SelectCrypto(const MediaContentDescription* offer,
                          bool bundle,
+                         const MediaSessionOptions& options,
                          CryptoParams *crypto) {
   bool audio = offer->type() == MEDIA_TYPE_AUDIO;
   const CryptoParamsVec& cryptos = offer->cryptos();
 
   for (CryptoParamsVec::const_iterator i = cryptos.begin();
        i != cryptos.end(); ++i) {
-    if (rtc::CS_AES_CM_128_HMAC_SHA1_80 == i->cipher_suite ||
+    if ((options.enable_gcm_ciphers &&
+        (rtc::CS_AEAD_AES_256_GCM == i->cipher_suite ||
+            rtc::CS_AEAD_AES_128_GCM == i->cipher_suite)) ||

[pthatcher1, 2015/12/18 20:31:31]

IsGcmCipherName or IsGcmCryptoSuite would be useful here.

[joachim, 2015/12/19 15:26:23]

Done.

+        rtc::CS_AES_CM_128_HMAC_SHA1_80 == i->cipher_suite ||
         (rtc::CS_AES_CM_128_HMAC_SHA1_32 == i->cipher_suite && audio &&
          !bundle)) {

[pthatcher1, 2015/12/18 20:31:32]

Actually this, method seems to duplicate a lot with GetSupportXCryptoSuites. 
Could we instead of SelectCrypto pass in the supported crypto suites?  Then it's
a matter of checking if it's in the supported list rather than being hard coded.
 It will make it easier next time we add another crypto suite.

[joachim, 2015/12/19 15:26:23]

Done.

       return CreateCryptoParams(i->tag, i->cipher_suite, crypto);
     }
   }
   return false;
 }
 
 static const StreamParams* FindFirstStreamParamsByCname(
     const StreamParamsVec& params_vec,
     const std::string& cname) {
   for (StreamParamsVec::const_iterator it = params_vec.begin();
@@ skipping 810 matching lines @@
 
   answer->set_rtcp_mux(options.rtcp_mux_enabled && offer->rtcp_mux());
   // TODO(deadbeef): Once we're sure this works correctly, enable it in
   // CreateAnswer.
   // if (answer->type() == cricket::MEDIA_TYPE_VIDEO) {
   //   answer->set_rtcp_reduced_size(offer->rtcp_reduced_size());
   // }
 
   if (sdes_policy != SEC_DISABLED) {
     CryptoParams crypto;
-    if (SelectCrypto(offer, bundle_enabled, &crypto)) {
+    if (SelectCrypto(offer, bundle_enabled, options, &crypto)) {
       if (current_cryptos) {
         FindMatchingCrypto(*current_cryptos, crypto, &crypto);
       }
       answer->AddCrypto(crypto);
     }
   }
 
   if (answer->cryptos().empty() &&
       (offer->crypto_required() == CT_SDES || sdes_policy == SEC_REQUIRED)) {
     return false;
@@ skipping 491 matching lines @@
     const AudioCodecs& audio_codecs,
     StreamParamsVec* current_streams,
     SessionDescription* desc) const {
   cricket::SecurePolicy sdes_policy =
       IsDtlsActive(CN_AUDIO, current_description) ?
           cricket::SEC_DISABLED : secure();
 
   scoped_ptr<AudioContentDescription> audio(new AudioContentDescription());
   std::vector<std::string> crypto_suites;
   GetSupportedAudioCryptoSuiteNames(&crypto_suites);
+  if (!options.enable_gcm_ciphers) {

[pthatcher1, 2015/12/18 20:31:32]

Instead of filtering, can we pass options into
GetSupportedAudioCryptoSuitesNames and selectively add?

[joachim, 2015/12/19 15:26:23]

Done.

+    FilterGcmCipherNames(&crypto_suites);
+  }
   if (!CreateMediaContentOffer(
           options,
           audio_codecs,
           sdes_policy,
           GetCryptos(GetFirstAudioContentDescription(current_description)),
           crypto_suites,
           audio_rtp_extensions,
           add_legacy_,
           current_streams,
           audio.get())) {
@@ skipping 34 matching lines @@
     const VideoCodecs& video_codecs,
     StreamParamsVec* current_streams,
     SessionDescription* desc) const {
   cricket::SecurePolicy sdes_policy =
       IsDtlsActive(CN_VIDEO, current_description) ?
           cricket::SEC_DISABLED : secure();
 
   scoped_ptr<VideoContentDescription> video(new VideoContentDescription());
   std::vector<std::string> crypto_suites;
   GetSupportedVideoCryptoSuiteNames(&crypto_suites);
+  if (!options.enable_gcm_ciphers) {
+    FilterGcmCipherNames(&crypto_suites);
+  }

[pthatcher1, 2015/12/18 20:31:32]

Instead of filtering, can we pass options into
GetSupportedAudioCryptoSuitesNames and selectively add?

[joachim, 2015/12/19 15:26:23]

Done.

   if (!CreateMediaContentOffer(
           options,
           video_codecs,
           sdes_policy,
           GetCryptos(GetFirstVideoContentDescription(current_description)),
           crypto_suites,
           video_rtp_extensions,
           add_legacy_,
           current_streams,
           video.get())) {
@@ skipping 50 matching lines @@
     // get SDES crypto suites for RTP-based data channels.
     sdes_policy = cricket::SEC_DISABLED;
     // Unlike SetMediaProtocol below, we need to set the protocol
     // before we call CreateMediaContentOffer.  Otherwise,
     // CreateMediaContentOffer won't know this is SCTP and will
     // generate SSRCs rather than SIDs.
     data->set_protocol(
         secure_transport ? kMediaProtocolDtlsSctp : kMediaProtocolSctp);
   } else {
     GetSupportedDataCryptoSuiteNames(&crypto_suites);
+    if (!options.enable_gcm_ciphers) {
+      FilterGcmCipherNames(&crypto_suites);
+    }
   }
 
   if (!CreateMediaContentOffer(
           options,
           *data_codecs,
           sdes_policy,
           GetCryptos(GetFirstDataContentDescription(current_description)),
           crypto_suites,
           RtpHeaderExtensions(),
           add_legacy_,
@@ skipping 272 matching lines @@
       GetFirstMediaContentDescription(sdesc, MEDIA_TYPE_VIDEO));
 }
 
 const DataContentDescription* GetFirstDataContentDescription(
     const SessionDescription* sdesc) {
   return static_cast<const DataContentDescription*>(
       GetFirstMediaContentDescription(sdesc, MEDIA_TYPE_DATA));
 }
 
 }  // namespace cricket