webrtc/base/sslstreamadapter.cc - Issue 2815513012: Negotiate the same SRTP crypto suites for every DTLS association formed.

Side by Side Diff: webrtc/base/sslstreamadapter.cc

Issue 2815513012: Negotiate the same SRTP crypto suites for every DTLS association formed. (Closed)

Patch Set: Prefer 32-bit HMAC by default. Also cleaning up some things. Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 /*	1 /*

2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.	2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.

3 *	3 *

4 * Use of this source code is governed by a BSD-style license	4 * Use of this source code is governed by a BSD-style license

5 * that can be found in the LICENSE file in the root of the source	5 * that can be found in the LICENSE file in the root of the source

6 * tree. An additional intellectual property rights grant can be found	6 * tree. An additional intellectual property rights grant can be found

7 * in the file PATENTS. All contributing project authors may	7 * in the file PATENTS. All contributing project authors may

8 * be found in the AUTHORS file in the root of the source tree.	8 * be found in the AUTHORS file in the root of the source tree.

9 */	9 */

10	10

(...skipping 77 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
88 crypto_suite == CS_AEAD_AES_128_GCM);	88 crypto_suite == CS_AEAD_AES_128_GCM);

89 }	89 }

90	90

91 // static	91 // static

92 CryptoOptions CryptoOptions::NoGcm() {	92 CryptoOptions CryptoOptions::NoGcm() {

93 CryptoOptions options;	93 CryptoOptions options;

94 options.enable_gcm_crypto_suites = false;	94 options.enable_gcm_crypto_suites = false;

95 return options;	95 return options;

96 }	96 }

97	97

	98 std::vector<int> GetSupportedDtlsSrtpCryptoSuites(

	99 const rtc::CryptoOptions& crypto_options) {

	100 std::vector<int> crypto_suites;

	101 if (crypto_options.enable_gcm_crypto_suites) {

	102 crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);

	103 crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);

	104 }

	105 // Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by

	106 // draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as

	107 // well, and saves a few bytes per packet if it ends up selected.

	108 crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);

	109 crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);
	pthatcher1 2017/04/17 22:12:41 I'm not so sure about this being the default. I'd I'm not so sure about this being the default. I'd feel more comfortable if this were another crypto_options, such as crypto_options.enable_sha1_32bit_crypto_suites, or something like that. But I don't see a way web apps could get to this. Maybe it will become a mobile-app-only thing and web apps always get 80bit? Taylor Brandstetter 2017/04/20 07:20:40 It's already the default though. If we want to cha Show quoted text On 2017/04/17 22:12:41, pthatcher1 wrote: > I'm not so sure about this being the default. I'd feel more comfortable if this > were another crypto_options, such as > crypto_options.enable_sha1_32bit_crypto_suites, or something like that. > > But I don't see a way web apps could get to this. Maybe it will become a > mobile-app-only thing and web apps always get 80bit? It's already the default though. If we want to change the default to 80, let's do that in a separate CL, since that's a bigger change. The main point of this CL is to fix the "data-only to audio upgrade" regression.
	110 return crypto_suites;

	111 }

	112

98 SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {	113 SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {

99 return new OpenSSLStreamAdapter(stream);	114 return new OpenSSLStreamAdapter(stream);

100 }	115 }

101	116

102 SSLStreamAdapter::SSLStreamAdapter(StreamInterface* stream)	117 SSLStreamAdapter::SSLStreamAdapter(StreamInterface* stream)

103 : StreamAdapterInterface(stream),	118 : StreamAdapterInterface(stream),

104 ignore_bad_cert_(false),	119 ignore_bad_cert_(false),

105 client_auth_enabled_(true) {}	120 client_auth_enabled_(true) {}

106	121

107 SSLStreamAdapter::~SSLStreamAdapter() {}	122 SSLStreamAdapter::~SSLStreamAdapter() {}

(...skipping 33 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
141 std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {	156 std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {

142 return OpenSSLStreamAdapter::SslCipherSuiteToName(cipher_suite);	157 return OpenSSLStreamAdapter::SslCipherSuiteToName(cipher_suite);

143 }	158 }

144 void SSLStreamAdapter::enable_time_callback_for_testing() {	159 void SSLStreamAdapter::enable_time_callback_for_testing() {

145 OpenSSLStreamAdapter::enable_time_callback_for_testing();	160 OpenSSLStreamAdapter::enable_time_callback_for_testing();

146 }	161 }

147	162

148 ///////////////////////////////////////////////////////////////////////////////	163 ///////////////////////////////////////////////////////////////////////////////

149	164

150 } // namespace rtc	165 } // namespace rtc

OLD	NEW

« no previous file with comments | « webrtc/base/sslstreamadapter.h ('k') | webrtc/p2p/base/dtlstransportchannel.h » ('j') | webrtc/p2p/base/faketransportcontroller.h » ('J')