Add support for GCM cipher suites from RFC 7714.

talk/session/media/channel.cc

Index: talk/session/media/channel.cc
diff --git a/talk/session/media/channel.cc b/talk/session/media/channel.cc
index 91808524e176be6ec0b46bd40042643048cfad59..4681a85520d780b54a8288a88aecf7ec2e4063a6 100644
--- a/talk/session/media/channel.cc
+++ b/talk/session/media/channel.cc
@@ -848,6 +848,9 @@ bool BaseChannel::SetDtlsSrtpCryptoSuites(TransportChannel* tc, bool rtcp) {
   } else {
     GetDefaultSrtpCryptoSuites(&crypto_suites);
   }
+  if (!tc->IsEnableGcmCiphers()) {
+    FilterGcmCiphers(&crypto_suites);
+  }

[pthatcher1, 2015/12/18 20:31:31]

Having the "enable gcm ciphers" passed down from the TransportController to the
Transport to the TransportChannel and then up to here seems much more complex
than necessary.  Can we not instead have WebRtcSession pass the necessary
information directly to the BaseChannel an bypass all of the complexity?

Also, I think it would be better if we had the right option pass from
WebRtcSession down to BaseChannel such that GetSrtpCryptoSuites gets the
information and selectively adds GCM rather than always adding GCM and then
removing it after the fact.

[joachim, 2015/12/19 15:26:23]

Agreed. I pass the flag from the PeerConnectionFactory through the
ChannelManager to the BaseChannel now. This looks a lot cleaner.
Done

   return tc->SetSrtpCryptoSuites(crypto_suites);
 }
 
@@ -877,9 +880,15 @@ bool BaseChannel::SetupDtlsSrtp(bool rtcp_channel) {
                << content_name() << " "
                << PacketType(rtcp_channel);
 
+  int key_len;
+  int salt_len;
+  if (!rtc::SrtpCryptoSuiteParams(selected_crypto_suite, &key_len, &salt_len)) {

[pthatcher1, 2015/12/18 20:31:31]

Can you call this GetSrtpKeyAndSaltLengths?

[joachim, 2015/12/19 15:26:23]

Done.

+    LOG(LS_ERROR) << "Unknown DTLS-SRTP crypto suite" << selected_crypto_suite;
+    return false;
+  }
+
   // OK, we're now doing DTLS (RFC 5764)
-  std::vector<unsigned char> dtls_buffer(SRTP_MASTER_KEY_KEY_LEN * 2 +
-                                         SRTP_MASTER_KEY_SALT_LEN * 2);
+  std::vector<unsigned char> dtls_buffer(key_len * 2 + salt_len * 2);
 
   // RFC 5705 exporter using the RFC 5764 parameters
   if (!channel->ExportKeyingMaterial(
@@ -892,22 +901,16 @@ bool BaseChannel::SetupDtlsSrtp(bool rtcp_channel) {
   }
 
   // Sync up the keys with the DTLS-SRTP interface
-  std::vector<unsigned char> client_write_key(SRTP_MASTER_KEY_KEY_LEN +
-    SRTP_MASTER_KEY_SALT_LEN);
-  std::vector<unsigned char> server_write_key(SRTP_MASTER_KEY_KEY_LEN +
-    SRTP_MASTER_KEY_SALT_LEN);
+  std::vector<unsigned char> client_write_key(key_len + salt_len);
+  std::vector<unsigned char> server_write_key(key_len + salt_len);
   size_t offset = 0;
-  memcpy(&client_write_key[0], &dtls_buffer[offset],
-    SRTP_MASTER_KEY_KEY_LEN);
-  offset += SRTP_MASTER_KEY_KEY_LEN;
-  memcpy(&server_write_key[0], &dtls_buffer[offset],
-    SRTP_MASTER_KEY_KEY_LEN);
-  offset += SRTP_MASTER_KEY_KEY_LEN;
-  memcpy(&client_write_key[SRTP_MASTER_KEY_KEY_LEN],
-    &dtls_buffer[offset], SRTP_MASTER_KEY_SALT_LEN);
-  offset += SRTP_MASTER_KEY_SALT_LEN;
-  memcpy(&server_write_key[SRTP_MASTER_KEY_KEY_LEN],
-    &dtls_buffer[offset], SRTP_MASTER_KEY_SALT_LEN);
+  memcpy(&client_write_key[0], &dtls_buffer[offset], key_len);
+  offset += key_len;
+  memcpy(&server_write_key[0], &dtls_buffer[offset], key_len);
+  offset += key_len;
+  memcpy(&client_write_key[key_len], &dtls_buffer[offset], salt_len);
+  offset += salt_len;
+  memcpy(&server_write_key[key_len], &dtls_buffer[offset], salt_len);
 
   std::vector<unsigned char> *send_key, *recv_key;
   rtc::SSLRole role;