| Index: webrtc/pc/srtpfilter.h
|
| diff --git a/webrtc/pc/srtpfilter.h b/webrtc/pc/srtpfilter.h
|
| index 15fdae9582a4019e8fb52534d576516385eeba28..619aaa37d56a7465509600ba978e0451d99f279e 100644
|
| --- a/webrtc/pc/srtpfilter.h
|
| +++ b/webrtc/pc/srtpfilter.h
|
| @@ -20,8 +20,10 @@
|
| #include "webrtc/media/base/cryptoparams.h"
|
| #include "webrtc/p2p/base/sessiondescription.h"
|
| #include "webrtc/rtc_base/basictypes.h"
|
| +#include "webrtc/rtc_base/buffer.h"
|
| #include "webrtc/rtc_base/constructormagic.h"
|
| #include "webrtc/rtc_base/criticalsection.h"
|
| +#include "webrtc/rtc_base/optional.h"
|
| #include "webrtc/rtc_base/sslstreamadapter.h"
|
| #include "webrtc/rtc_base/thread_checker.h"
|
|
|
| @@ -31,15 +33,10 @@ struct srtp_ctx_t_;
|
|
|
| namespace cricket {
|
|
|
| -class SrtpSession;
|
| -
|
| void ShutdownSrtp();
|
|
|
| -// Class to transform SRTP to/from RTP.
|
| -// Initialize by calling SetSend with the local security params, then call
|
| -// SetRecv once the remote security params are received. At that point
|
| -// Protect/UnprotectRt(c)p can be called to encrypt/decrypt data.
|
| -// TODO: Figure out concurrency policy for SrtpFilter.
|
| +// A helper class used to negotiate SDES crypto params.
|
| +// TODO(zhihuang): Find a better name for this class, like "SdesNegotiator".
|
| class SrtpFilter {
|
| public:
|
| enum Mode {
|
| @@ -76,85 +73,38 @@ class SrtpFilter {
|
| bool SetAnswer(const std::vector<CryptoParams>& answer_params,
|
| ContentSource source);
|
|
|
| - // Set the header extension ids that should be encrypted for the given source.
|
| - void SetEncryptedHeaderExtensionIds(ContentSource source,
|
| - const std::vector<int>& extension_ids);
|
| -
|
| - // Just set up both sets of keys directly.
|
| - // Used with DTLS-SRTP.
|
| - bool SetRtpParams(int send_cs,
|
| - const uint8_t* send_key,
|
| - int send_key_len,
|
| - int recv_cs,
|
| - const uint8_t* recv_key,
|
| - int recv_key_len);
|
| - bool UpdateRtpParams(int send_cs,
|
| - const uint8_t* send_key,
|
| - int send_key_len,
|
| - int recv_cs,
|
| - const uint8_t* recv_key,
|
| - int recv_key_len);
|
| - bool SetRtcpParams(int send_cs,
|
| - const uint8_t* send_key,
|
| - int send_key_len,
|
| - int recv_cs,
|
| - const uint8_t* recv_key,
|
| - int recv_key_len);
|
| -
|
| - // Encrypts/signs an individual RTP/RTCP packet, in-place.
|
| - // If an HMAC is used, this will increase the packet size.
|
| - bool ProtectRtp(void* data, int in_len, int max_len, int* out_len);
|
| - // Overloaded version, outputs packet index.
|
| - bool ProtectRtp(void* data,
|
| - int in_len,
|
| - int max_len,
|
| - int* out_len,
|
| - int64_t* index);
|
| - bool ProtectRtcp(void* data, int in_len, int max_len, int* out_len);
|
| - // Decrypts/verifies an invidiual RTP/RTCP packet.
|
| - // If an HMAC is used, this will decrease the packet size.
|
| - bool UnprotectRtp(void* data, int in_len, int* out_len);
|
| - bool UnprotectRtcp(void* data, int in_len, int* out_len);
|
| -
|
| - // Returns rtp auth params from srtp context.
|
| - bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
|
| -
|
| - // Returns srtp overhead for rtp packets.
|
| - bool GetSrtpOverhead(int* srtp_overhead) const;
|
| -
|
| - // If external auth is enabled, SRTP will write a dummy auth tag that then
|
| - // later must get replaced before the packet is sent out. Only supported for
|
| - // non-GCM cipher suites and can be checked through "IsExternalAuthActive"
|
| - // if it is actually used. This method is only valid before the RTP params
|
| - // have been set.
|
| - void EnableExternalAuth();
|
| - bool IsExternalAuthEnabled() const;
|
| -
|
| - // A SRTP filter supports external creation of the auth tag if a non-GCM
|
| - // cipher is used. This method is only valid after the RTP params have
|
| - // been set.
|
| - bool IsExternalAuthActive() const;
|
| -
|
| bool ResetParams();
|
|
|
| + rtc::Optional<int> send_cipher_suite() { return send_cipher_suite_; }
|
| + rtc::Optional<int> recv_cipher_suite() { return recv_cipher_suite_; }
|
| +
|
| + const rtc::Buffer& send_key() { return send_key_; }
|
| + const rtc::Buffer& recv_key() { return recv_key_; }
|
| +
|
| protected:
|
| bool ExpectOffer(ContentSource source);
|
| +
|
| bool StoreParams(const std::vector<CryptoParams>& params,
|
| ContentSource source);
|
| +
|
| bool ExpectAnswer(ContentSource source);
|
| +
|
| bool DoSetAnswer(const std::vector<CryptoParams>& answer_params,
|
| - ContentSource source,
|
| - bool final);
|
| - void CreateSrtpSessions();
|
| + ContentSource source,
|
| + bool final);
|
| +
|
| bool NegotiateParams(const std::vector<CryptoParams>& answer_params,
|
| CryptoParams* selected_params);
|
| - bool ApplyParams(const CryptoParams& send_params,
|
| - const CryptoParams& recv_params);
|
| +
|
| + private:
|
| + bool ApplySendParams(const CryptoParams& send_params);
|
| +
|
| + bool ApplyRecvParams(const CryptoParams& recv_params);
|
| +
|
| static bool ParseKeyParams(const std::string& params,
|
| uint8_t* key,
|
| size_t len);
|
|
|
| - private:
|
| enum State {
|
| ST_INIT, // SRTP filter unused.
|
| ST_SENTOFFER, // Offer with SRTP parameters sent.
|
| @@ -179,16 +129,13 @@ class SrtpFilter {
|
| ST_RECEIVEDPRANSWER
|
| };
|
| State state_ = ST_INIT;
|
| - bool external_auth_enabled_ = false;
|
| std::vector<CryptoParams> offer_params_;
|
| - std::unique_ptr<SrtpSession> send_session_;
|
| - std::unique_ptr<SrtpSession> recv_session_;
|
| - std::unique_ptr<SrtpSession> send_rtcp_session_;
|
| - std::unique_ptr<SrtpSession> recv_rtcp_session_;
|
| CryptoParams applied_send_params_;
|
| CryptoParams applied_recv_params_;
|
| - std::vector<int> send_encrypted_header_extension_ids_;
|
| - std::vector<int> recv_encrypted_header_extension_ids_;
|
| + rtc::Optional<int> send_cipher_suite_;
|
| + rtc::Optional<int> recv_cipher_suite_;
|
| + rtc::Buffer send_key_;
|
| + rtc::Buffer recv_key_;
|
| };
|
|
|
| } // namespace cricket
|
|
|
Chromium Code Reviews
Issue 2997983002:
Completed the functionalities of SrtpTransport. (Closed)
