admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
webrtc_m130/api/crypto/crypto_options.cc

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

93 lines
3.1 KiB
C++
Raw Permalink Normal View History

Reland "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h" Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class that only handles SRTP configuration to a more generic structure that can be used and extended for all per peer connection CryptoOptions that can be on a given PeerConnection. Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be accessed as crypto_options.srtp.whatever_option_name. This is more inline with other structures we have in WebRTC such as VideoConfig. As additional features are added over time this will allow the structure to remain compartmentalized and concerned components can only request a subset of the overall configuration structure e.g: void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config); In addition to this it made little sense for sslstreamadapter.h to hold all Srtp related configuration options. The header has become loo large and takes on too many responsibilities and spilting this up will lead to more maintainable code going forward. This will be used in a future CL to enable configuration options for the newly supported Frame Crypto. Reland Fix: - cryptooptions.h - now has enable_aes128_sha1_32_crypto_cipher as an optional root level configuration. - peerconnectionfactory - If this optional is set will now overwrite the underyling value. This along with the other field will be deprecated once dependent projects are updated. TBR=sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org Bug: webrtc:9681 Change-Id: Iaa6b741baafb85d352e42f54226119f19d97151d Reviewed-on: https://webrtc-review.googlesource.com/c/105560 Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Emad Omara <emadomara@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25135}
2018-10-11 15:33:17 -07:00
/*
* Copyright 2018 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
(4) Rename files to snake_case: update BUILD.gn, include paths, header guards, and DEPS entries Mechanically generated by running this command: tools_webrtc/do-renames.sh update all-renames.txt && git cl format Then manually updating: tools_webrtc/sanitizers/tsan_suppressions_webrtc.cc Bug: webrtc:10159 No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: I54824cd91dada8fc3ee3d098f971bc319d477833 Reviewed-on: https://webrtc-review.googlesource.com/c/115653 Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#26226}
2019-01-11 09:11:00 -08:00
#include "api/crypto/crypto_options.h"
Format almost everything. This CL was generated by running git ls-files | grep -P "(\.h|\.cc)$" | grep -v 'sdk/' | grep -v 'rtc_base/ssl_' | \ grep -v 'fake_rtc_certificate_generator.h' | grep -v 'modules/audio_device/win/' | \ grep -v 'system_wrappers/source/clock.cc' | grep -v 'rtc_base/trace_event.h' | \ grep -v 'modules/audio_coding/codecs/ilbc/' | grep -v 'screen_capturer_mac.h' | \ grep -v 'spl_inl_mips.h' | grep -v 'data_size_unittest.cc' | grep -v 'timestamp_unittest.cc' \ | xargs clang-format -i ; git cl format Most of these changes are clang-format grouping and reordering includes differently. Bug: webrtc:9340 Change-Id: Ic83ddbc169bfacd21883e381b5181c3dd4fe8a63 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/144051 Commit-Queue: Jonas Olsson <jonasolsson@webrtc.org> Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#28505}
2019-07-05 19:08:33 +02:00
[iwyu][1\n] Applying to api/[a-s]* First batch of applying iwyu to the repo. Done with: > ./tools_webrtc/iwyu/apply-iwyu api > git add api/[a-s]* > python3 gn_autodeps.py ~/local/webrtc/src out/Default Last step is a custom script I wrote to automatically apply new required dependencies for target in gn, which saved tons of time manually going over the files and fixing. If this is something that interest others, I can submit it as well. Bug: webrtc:42226242 Change-Id: Id109e77f50835827495bc4512880c4ec9ae175f6 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/343680 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Dor Hen <dorhen@meta.com> Cr-Commit-Position: refs/heads/main@{#42512}
2024-06-18 16:20:35 +03:00
#include <vector>
#include "rtc_base/checks.h"
(4) Rename files to snake_case: update BUILD.gn, include paths, header guards, and DEPS entries Mechanically generated by running this command: tools_webrtc/do-renames.sh update all-renames.txt && git cl format Then manually updating: tools_webrtc/sanitizers/tsan_suppressions_webrtc.cc Bug: webrtc:10159 No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: I54824cd91dada8fc3ee3d098f971bc319d477833 Reviewed-on: https://webrtc-review.googlesource.com/c/115653 Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#26226}
2019-01-11 09:11:00 -08:00
#include "rtc_base/ssl_stream_adapter.h"
Reland "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h" Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class that only handles SRTP configuration to a more generic structure that can be used and extended for all per peer connection CryptoOptions that can be on a given PeerConnection. Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be accessed as crypto_options.srtp.whatever_option_name. This is more inline with other structures we have in WebRTC such as VideoConfig. As additional features are added over time this will allow the structure to remain compartmentalized and concerned components can only request a subset of the overall configuration structure e.g: void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config); In addition to this it made little sense for sslstreamadapter.h to hold all Srtp related configuration options. The header has become loo large and takes on too many responsibilities and spilting this up will lead to more maintainable code going forward. This will be used in a future CL to enable configuration options for the newly supported Frame Crypto. Reland Fix: - cryptooptions.h - now has enable_aes128_sha1_32_crypto_cipher as an optional root level configuration. - peerconnectionfactory - If this optional is set will now overwrite the underyling value. This along with the other field will be deprecated once dependent projects are updated. TBR=sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org Bug: webrtc:9681 Change-Id: Iaa6b741baafb85d352e42f54226119f19d97151d Reviewed-on: https://webrtc-review.googlesource.com/c/105560 Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Emad Omara <emadomara@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25135}
2018-10-11 15:33:17 -07:00
namespace webrtc {
CryptoOptions::CryptoOptions() {}
CryptoOptions::CryptoOptions(const CryptoOptions& other) {
srtp = other.srtp;
Adds new CryptoOption crypto_options.frame.require_frame_encryption. This change adds a new subcategory to the public native webrtc::CryptoOptions structure: webrtc::CryptoOptions::Frame. This new structure has a single off by default property: crypto_options.frame.require_frame_encryption. This new flag if set prevents RtpSenders from sending outgoing payloads unless a frame_encryptor_ is attached and prevents RtpReceivers from receiving incoming payloads unless a frame_decryptor_ is attached. This option is important to enforce no unencrypted data can ever leave the device or be received. I have also attached bindings for Java and Objective-C. I have implemented this functionality for E2EE audio but not E2EE video since the changes are still in review. Bug: webrtc:9681 Change-Id: Ie184711190e0cdf5ac781f69e9489ceec904736f Reviewed-on: https://webrtc-review.googlesource.com/c/105540 Reviewed-by: Niels Moller <nisse@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Oskar Sundbom <ossu@webrtc.org> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> Reviewed-by: Kári Helgason <kthelgason@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25238}
2018-10-15 10:20:24 -07:00
sframe = other.sframe;
Reland "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h" Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class that only handles SRTP configuration to a more generic structure that can be used and extended for all per peer connection CryptoOptions that can be on a given PeerConnection. Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be accessed as crypto_options.srtp.whatever_option_name. This is more inline with other structures we have in WebRTC such as VideoConfig. As additional features are added over time this will allow the structure to remain compartmentalized and concerned components can only request a subset of the overall configuration structure e.g: void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config); In addition to this it made little sense for sslstreamadapter.h to hold all Srtp related configuration options. The header has become loo large and takes on too many responsibilities and spilting this up will lead to more maintainable code going forward. This will be used in a future CL to enable configuration options for the newly supported Frame Crypto. Reland Fix: - cryptooptions.h - now has enable_aes128_sha1_32_crypto_cipher as an optional root level configuration. - peerconnectionfactory - If this optional is set will now overwrite the underyling value. This along with the other field will be deprecated once dependent projects are updated. TBR=sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org Bug: webrtc:9681 Change-Id: Iaa6b741baafb85d352e42f54226119f19d97151d Reviewed-on: https://webrtc-review.googlesource.com/c/105560 Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Emad Omara <emadomara@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25135}
2018-10-11 15:33:17 -07:00
}
CryptoOptions::~CryptoOptions() {}
Revert "Enable SRTP GCM ciphers by default" This reverts commit d8633868b34dc1d841f0a9fd1afe2bc22aa8bde6. Reason for revert: Breaks downstream project. Original change's description: > Enable SRTP GCM ciphers by default > > Bug: webrtc:15178 > Change-Id: I0216ce8f194fffc820723d82b9c04a76573c2f4f > Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/305381 > Reviewed-by: Harald Alvestrand <hta@webrtc.org> > Commit-Queue: Philipp Hancke <phancke@microsoft.com> > Reviewed-by: Victor Boivie <boivie@webrtc.org> > Cr-Commit-Position: refs/heads/main@{#40828} Bug: webrtc:15178 Change-Id: I88433e899cb4b705eafa3fceff3edc520629f603 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/321863 Owners-Override: Artem Titov <titovartem@webrtc.org> Auto-Submit: Manashi Sarkar <manashi@google.com> Commit-Queue: Artem Titov <titovartem@webrtc.org> Bot-Commit: rubber-stamper@appspot.gserviceaccount.com <rubber-stamper@appspot.gserviceaccount.com> Reviewed-by: Artem Titov <titovartem@webrtc.org> Cr-Commit-Position: refs/heads/main@{#40832}
2023-09-28 14:37:22 +00:00
// static
CryptoOptions CryptoOptions::NoGcm() {
CryptoOptions options;
options.srtp.enable_gcm_crypto_suites = false;
return options;
}
Reland "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h" Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class that only handles SRTP configuration to a more generic structure that can be used and extended for all per peer connection CryptoOptions that can be on a given PeerConnection. Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be accessed as crypto_options.srtp.whatever_option_name. This is more inline with other structures we have in WebRTC such as VideoConfig. As additional features are added over time this will allow the structure to remain compartmentalized and concerned components can only request a subset of the overall configuration structure e.g: void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config); In addition to this it made little sense for sslstreamadapter.h to hold all Srtp related configuration options. The header has become loo large and takes on too many responsibilities and spilting this up will lead to more maintainable code going forward. This will be used in a future CL to enable configuration options for the newly supported Frame Crypto. Reland Fix: - cryptooptions.h - now has enable_aes128_sha1_32_crypto_cipher as an optional root level configuration. - peerconnectionfactory - If this optional is set will now overwrite the underyling value. This along with the other field will be deprecated once dependent projects are updated. TBR=sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org Bug: webrtc:9681 Change-Id: Iaa6b741baafb85d352e42f54226119f19d97151d Reviewed-on: https://webrtc-review.googlesource.com/c/105560 Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Emad Omara <emadomara@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25135}
2018-10-11 15:33:17 -07:00
std::vector<int> CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const {
std::vector<int> crypto_suites;
Rename rtc_base/ssl_stream_adapter.h constants. Uppercase constants are more likely to conflict with macros (for example rtc::SRTP_AES128_CM_SHA1_80 and OpenSSL SRTP_AES128_CM_SHA1_80). This CL renames some constants and follows the C++ style guide. Bug: webrtc:12997 Change-Id: I2398232568b352f88afed571a9b698040bb81c30 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/226564 Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Cr-Commit-Position: refs/heads/master@{#34553}
2021-07-26 17:27:42 +02:00
// Note: kSrtpAes128CmSha1_80 is what is required to be supported (by
// draft-ietf-rtcweb-security-arch), but kSrtpAes128CmSha1_32 is allowed as
Reland "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h" Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class that only handles SRTP configuration to a more generic structure that can be used and extended for all per peer connection CryptoOptions that can be on a given PeerConnection. Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be accessed as crypto_options.srtp.whatever_option_name. This is more inline with other structures we have in WebRTC such as VideoConfig. As additional features are added over time this will allow the structure to remain compartmentalized and concerned components can only request a subset of the overall configuration structure e.g: void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config); In addition to this it made little sense for sslstreamadapter.h to hold all Srtp related configuration options. The header has become loo large and takes on too many responsibilities and spilting this up will lead to more maintainable code going forward. This will be used in a future CL to enable configuration options for the newly supported Frame Crypto. Reland Fix: - cryptooptions.h - now has enable_aes128_sha1_32_crypto_cipher as an optional root level configuration. - peerconnectionfactory - If this optional is set will now overwrite the underyling value. This along with the other field will be deprecated once dependent projects are updated. TBR=sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org Bug: webrtc:9681 Change-Id: Iaa6b741baafb85d352e42f54226119f19d97151d Reviewed-on: https://webrtc-review.googlesource.com/c/105560 Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Emad Omara <emadomara@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25135}
2018-10-11 15:33:17 -07:00
// well, and saves a few bytes per packet if it ends up selected.
// As the cipher suite is potentially insecure, it will only be used if
// enabled by both peers.
if (srtp.enable_aes128_sha1_32_crypto_cipher) {
Rename rtc_base/ssl_stream_adapter.h constants. Uppercase constants are more likely to conflict with macros (for example rtc::SRTP_AES128_CM_SHA1_80 and OpenSSL SRTP_AES128_CM_SHA1_80). This CL renames some constants and follows the C++ style guide. Bug: webrtc:12997 Change-Id: I2398232568b352f88afed571a9b698040bb81c30 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/226564 Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Cr-Commit-Position: refs/heads/master@{#34553}
2021-07-26 17:27:42 +02:00
crypto_suites.push_back(rtc::kSrtpAes128CmSha1_32);
Reland "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h" Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class that only handles SRTP configuration to a more generic structure that can be used and extended for all per peer connection CryptoOptions that can be on a given PeerConnection. Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be accessed as crypto_options.srtp.whatever_option_name. This is more inline with other structures we have in WebRTC such as VideoConfig. As additional features are added over time this will allow the structure to remain compartmentalized and concerned components can only request a subset of the overall configuration structure e.g: void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config); In addition to this it made little sense for sslstreamadapter.h to hold all Srtp related configuration options. The header has become loo large and takes on too many responsibilities and spilting this up will lead to more maintainable code going forward. This will be used in a future CL to enable configuration options for the newly supported Frame Crypto. Reland Fix: - cryptooptions.h - now has enable_aes128_sha1_32_crypto_cipher as an optional root level configuration. - peerconnectionfactory - If this optional is set will now overwrite the underyling value. This along with the other field will be deprecated once dependent projects are updated. TBR=sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org Bug: webrtc:9681 Change-Id: Iaa6b741baafb85d352e42f54226119f19d97151d Reviewed-on: https://webrtc-review.googlesource.com/c/105560 Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Emad Omara <emadomara@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25135}
2018-10-11 15:33:17 -07:00
}
do not offer gcm as the preferred cipher suite Move the GCM srtp cipher suites below the default SRTP_AES128_CM_SHA1_80 one. This will not negotiate them by default since they have an impact on packet overhead for audio-only calls. GCM can still be negotiated if the peer offers it as preferred cipher suite or answers with just that cipher suite. BUG=chromium:713701 Change-Id: I79bd4ab827e5c7f55f5550d14db3f4217a7eff86 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/158404 Reviewed-by: Justin Uberti <juberti@google.com> Reviewed-by: Justin Uberti <juberti@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Justin Uberti <juberti@webrtc.org> Cr-Commit-Position: refs/heads/master@{#29672}
2019-10-26 06:12:55 +02:00
if (srtp.enable_aes128_sha1_80_crypto_cipher) {
Rename rtc_base/ssl_stream_adapter.h constants. Uppercase constants are more likely to conflict with macros (for example rtc::SRTP_AES128_CM_SHA1_80 and OpenSSL SRTP_AES128_CM_SHA1_80). This CL renames some constants and follows the C++ style guide. Bug: webrtc:12997 Change-Id: I2398232568b352f88afed571a9b698040bb81c30 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/226564 Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Cr-Commit-Position: refs/heads/master@{#34553}
2021-07-26 17:27:42 +02:00
crypto_suites.push_back(rtc::kSrtpAes128CmSha1_80);
do not offer gcm as the preferred cipher suite Move the GCM srtp cipher suites below the default SRTP_AES128_CM_SHA1_80 one. This will not negotiate them by default since they have an impact on packet overhead for audio-only calls. GCM can still be negotiated if the peer offers it as preferred cipher suite or answers with just that cipher suite. BUG=chromium:713701 Change-Id: I79bd4ab827e5c7f55f5550d14db3f4217a7eff86 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/158404 Reviewed-by: Justin Uberti <juberti@google.com> Reviewed-by: Justin Uberti <juberti@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Justin Uberti <juberti@webrtc.org> Cr-Commit-Position: refs/heads/master@{#29672}
2019-10-26 06:12:55 +02:00
}
// Note: GCM cipher suites are not the top choice since they increase the
// packet size. In order to negotiate them the other side must not support
Rename rtc_base/ssl_stream_adapter.h constants. Uppercase constants are more likely to conflict with macros (for example rtc::SRTP_AES128_CM_SHA1_80 and OpenSSL SRTP_AES128_CM_SHA1_80). This CL renames some constants and follows the C++ style guide. Bug: webrtc:12997 Change-Id: I2398232568b352f88afed571a9b698040bb81c30 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/226564 Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Cr-Commit-Position: refs/heads/master@{#34553}
2021-07-26 17:27:42 +02:00
// kSrtpAes128CmSha1_80.
do not offer gcm as the preferred cipher suite Move the GCM srtp cipher suites below the default SRTP_AES128_CM_SHA1_80 one. This will not negotiate them by default since they have an impact on packet overhead for audio-only calls. GCM can still be negotiated if the peer offers it as preferred cipher suite or answers with just that cipher suite. BUG=chromium:713701 Change-Id: I79bd4ab827e5c7f55f5550d14db3f4217a7eff86 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/158404 Reviewed-by: Justin Uberti <juberti@google.com> Reviewed-by: Justin Uberti <juberti@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Justin Uberti <juberti@webrtc.org> Cr-Commit-Position: refs/heads/master@{#29672}
2019-10-26 06:12:55 +02:00
if (srtp.enable_gcm_crypto_suites) {
Rename rtc_base/ssl_stream_adapter.h constants. Uppercase constants are more likely to conflict with macros (for example rtc::SRTP_AES128_CM_SHA1_80 and OpenSSL SRTP_AES128_CM_SHA1_80). This CL renames some constants and follows the C++ style guide. Bug: webrtc:12997 Change-Id: I2398232568b352f88afed571a9b698040bb81c30 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/226564 Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Cr-Commit-Position: refs/heads/master@{#34553}
2021-07-26 17:27:42 +02:00
crypto_suites.push_back(rtc::kSrtpAeadAes256Gcm);
crypto_suites.push_back(rtc::kSrtpAeadAes128Gcm);
do not offer gcm as the preferred cipher suite Move the GCM srtp cipher suites below the default SRTP_AES128_CM_SHA1_80 one. This will not negotiate them by default since they have an impact on packet overhead for audio-only calls. GCM can still be negotiated if the peer offers it as preferred cipher suite or answers with just that cipher suite. BUG=chromium:713701 Change-Id: I79bd4ab827e5c7f55f5550d14db3f4217a7eff86 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/158404 Reviewed-by: Justin Uberti <juberti@google.com> Reviewed-by: Justin Uberti <juberti@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Justin Uberti <juberti@webrtc.org> Cr-Commit-Position: refs/heads/master@{#29672}
2019-10-26 06:12:55 +02:00
}
RTC_CHECK(!crypto_suites.empty());
Reland "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h" Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class that only handles SRTP configuration to a more generic structure that can be used and extended for all per peer connection CryptoOptions that can be on a given PeerConnection. Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be accessed as crypto_options.srtp.whatever_option_name. This is more inline with other structures we have in WebRTC such as VideoConfig. As additional features are added over time this will allow the structure to remain compartmentalized and concerned components can only request a subset of the overall configuration structure e.g: void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config); In addition to this it made little sense for sslstreamadapter.h to hold all Srtp related configuration options. The header has become loo large and takes on too many responsibilities and spilting this up will lead to more maintainable code going forward. This will be used in a future CL to enable configuration options for the newly supported Frame Crypto. Reland Fix: - cryptooptions.h - now has enable_aes128_sha1_32_crypto_cipher as an optional root level configuration. - peerconnectionfactory - If this optional is set will now overwrite the underyling value. This along with the other field will be deprecated once dependent projects are updated. TBR=sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org Bug: webrtc:9681 Change-Id: Iaa6b741baafb85d352e42f54226119f19d97151d Reviewed-on: https://webrtc-review.googlesource.com/c/105560 Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Emad Omara <emadomara@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25135}
2018-10-11 15:33:17 -07:00
return crypto_suites;
}
Adds new CryptoOption crypto_options.frame.require_frame_encryption. This change adds a new subcategory to the public native webrtc::CryptoOptions structure: webrtc::CryptoOptions::Frame. This new structure has a single off by default property: crypto_options.frame.require_frame_encryption. This new flag if set prevents RtpSenders from sending outgoing payloads unless a frame_encryptor_ is attached and prevents RtpReceivers from receiving incoming payloads unless a frame_decryptor_ is attached. This option is important to enforce no unencrypted data can ever leave the device or be received. I have also attached bindings for Java and Objective-C. I have implemented this functionality for E2EE audio but not E2EE video since the changes are still in review. Bug: webrtc:9681 Change-Id: Ie184711190e0cdf5ac781f69e9489ceec904736f Reviewed-on: https://webrtc-review.googlesource.com/c/105540 Reviewed-by: Niels Moller <nisse@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Oskar Sundbom <ossu@webrtc.org> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> Reviewed-by: Kári Helgason <kthelgason@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25238}
2018-10-15 10:20:24 -07:00
bool CryptoOptions::operator==(const CryptoOptions& other) const {
struct data_being_tested_for_equality {
struct Srtp {
bool enable_gcm_crypto_suites;
bool enable_aes128_sha1_32_crypto_cipher;
do not offer gcm as the preferred cipher suite Move the GCM srtp cipher suites below the default SRTP_AES128_CM_SHA1_80 one. This will not negotiate them by default since they have an impact on packet overhead for audio-only calls. GCM can still be negotiated if the peer offers it as preferred cipher suite or answers with just that cipher suite. BUG=chromium:713701 Change-Id: I79bd4ab827e5c7f55f5550d14db3f4217a7eff86 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/158404 Reviewed-by: Justin Uberti <juberti@google.com> Reviewed-by: Justin Uberti <juberti@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Justin Uberti <juberti@webrtc.org> Cr-Commit-Position: refs/heads/master@{#29672}
2019-10-26 06:12:55 +02:00
bool enable_aes128_sha1_80_crypto_cipher;
Adds new CryptoOption crypto_options.frame.require_frame_encryption. This change adds a new subcategory to the public native webrtc::CryptoOptions structure: webrtc::CryptoOptions::Frame. This new structure has a single off by default property: crypto_options.frame.require_frame_encryption. This new flag if set prevents RtpSenders from sending outgoing payloads unless a frame_encryptor_ is attached and prevents RtpReceivers from receiving incoming payloads unless a frame_decryptor_ is attached. This option is important to enforce no unencrypted data can ever leave the device or be received. I have also attached bindings for Java and Objective-C. I have implemented this functionality for E2EE audio but not E2EE video since the changes are still in review. Bug: webrtc:9681 Change-Id: Ie184711190e0cdf5ac781f69e9489ceec904736f Reviewed-on: https://webrtc-review.googlesource.com/c/105540 Reviewed-by: Niels Moller <nisse@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Oskar Sundbom <ossu@webrtc.org> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> Reviewed-by: Kári Helgason <kthelgason@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25238}
2018-10-15 10:20:24 -07:00
bool enable_encrypted_rtp_header_extensions;
} srtp;
struct SFrame {
bool require_frame_encryption;
} sframe;
};
static_assert(sizeof(data_being_tested_for_equality) == sizeof(*this),
"Did you add something to CryptoOptions and forget to "
"update operator==?");
return srtp.enable_gcm_crypto_suites == other.srtp.enable_gcm_crypto_suites &&
srtp.enable_aes128_sha1_32_crypto_cipher ==
other.srtp.enable_aes128_sha1_32_crypto_cipher &&
do not offer gcm as the preferred cipher suite Move the GCM srtp cipher suites below the default SRTP_AES128_CM_SHA1_80 one. This will not negotiate them by default since they have an impact on packet overhead for audio-only calls. GCM can still be negotiated if the peer offers it as preferred cipher suite or answers with just that cipher suite. BUG=chromium:713701 Change-Id: I79bd4ab827e5c7f55f5550d14db3f4217a7eff86 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/158404 Reviewed-by: Justin Uberti <juberti@google.com> Reviewed-by: Justin Uberti <juberti@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Justin Uberti <juberti@webrtc.org> Cr-Commit-Position: refs/heads/master@{#29672}
2019-10-26 06:12:55 +02:00
srtp.enable_aes128_sha1_80_crypto_cipher ==
other.srtp.enable_aes128_sha1_80_crypto_cipher &&
Adds new CryptoOption crypto_options.frame.require_frame_encryption. This change adds a new subcategory to the public native webrtc::CryptoOptions structure: webrtc::CryptoOptions::Frame. This new structure has a single off by default property: crypto_options.frame.require_frame_encryption. This new flag if set prevents RtpSenders from sending outgoing payloads unless a frame_encryptor_ is attached and prevents RtpReceivers from receiving incoming payloads unless a frame_decryptor_ is attached. This option is important to enforce no unencrypted data can ever leave the device or be received. I have also attached bindings for Java and Objective-C. I have implemented this functionality for E2EE audio but not E2EE video since the changes are still in review. Bug: webrtc:9681 Change-Id: Ie184711190e0cdf5ac781f69e9489ceec904736f Reviewed-on: https://webrtc-review.googlesource.com/c/105540 Reviewed-by: Niels Moller <nisse@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Oskar Sundbom <ossu@webrtc.org> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> Reviewed-by: Kári Helgason <kthelgason@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25238}
2018-10-15 10:20:24 -07:00
srtp.enable_encrypted_rtp_header_extensions ==
other.srtp.enable_encrypted_rtp_header_extensions &&
sframe.require_frame_encryption ==
other.sframe.require_frame_encryption;
}
bool CryptoOptions::operator!=(const CryptoOptions& other) const {
return !(*this == other);
}
Reland "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h" Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class that only handles SRTP configuration to a more generic structure that can be used and extended for all per peer connection CryptoOptions that can be on a given PeerConnection. Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be accessed as crypto_options.srtp.whatever_option_name. This is more inline with other structures we have in WebRTC such as VideoConfig. As additional features are added over time this will allow the structure to remain compartmentalized and concerned components can only request a subset of the overall configuration structure e.g: void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config); In addition to this it made little sense for sslstreamadapter.h to hold all Srtp related configuration options. The header has become loo large and takes on too many responsibilities and spilting this up will lead to more maintainable code going forward. This will be used in a future CL to enable configuration options for the newly supported Frame Crypto. Reland Fix: - cryptooptions.h - now has enable_aes128_sha1_32_crypto_cipher as an optional root level configuration. - peerconnectionfactory - If this optional is set will now overwrite the underyling value. This along with the other field will be deprecated once dependent projects are updated. TBR=sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org Bug: webrtc:9681 Change-Id: Iaa6b741baafb85d352e42f54226119f19d97151d Reviewed-on: https://webrtc-review.googlesource.com/c/105560 Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Emad Omara <emadomara@webrtc.org> Commit-Queue: Benjamin Wright <benwright@webrtc.org> Cr-Commit-Position: refs/heads/master@{#25135}
2018-10-11 15:33:17 -07:00
} // namespace webrtc
Reference in New Issue Copy Permalink