Negotiate the same SRTP crypto suites for every DTLS association formed.

webrtc/base/sslstreamadapter.cc

Index: webrtc/base/sslstreamadapter.cc
diff --git a/webrtc/base/sslstreamadapter.cc b/webrtc/base/sslstreamadapter.cc
index 2f601c625791b4ee1f152bf7a39b33ab62bc7f2e..0927704cd4afa047c9a53187630aee6ffbceda84 100644
--- a/webrtc/base/sslstreamadapter.cc
+++ b/webrtc/base/sslstreamadapter.cc
@@ -95,6 +95,21 @@ CryptoOptions CryptoOptions::NoGcm() {
   return options;
 }
 
+std::vector<int> GetSupportedDtlsSrtpCryptoSuites(
+    const rtc::CryptoOptions& crypto_options) {
+  std::vector<int> crypto_suites;
+  if (crypto_options.enable_gcm_crypto_suites) {
+    crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);
+    crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);
+  }
+  // Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by
+  // draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as
+  // well, and saves a few bytes per packet if it ends up selected.
+  crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);
+  crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);

[pthatcher1, 2017/04/17 22:12:41]

I'm not so sure about this being the default.  I'd feel more comfortable if this
were another crypto_options, such as
crypto_options.enable_sha1_32bit_crypto_suites, or something like that.  

But I don't see a way web apps could get to this.  Maybe it will become a
mobile-app-only thing and web apps always get 80bit?  

[Taylor Brandstetter, 2017/04/20 07:20:40]

It's already the default though. If we want to change the default to 80, let's
do that in a separate CL, since that's a bigger change. The main point of this
CL is to fix the "data-only to audio upgrade" regression.

+  return crypto_suites;
+}
+
 SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
   return new OpenSSLStreamAdapter(stream);
 }