From 1f87ec681346e9bc30faeb25fda9a86b66eeb22f Mon Sep 17 00:00:00 2001 From: Benjamin Wright Date: Wed, 12 Sep 2018 13:29:08 -0700 Subject: [PATCH] Add AEAD support to Frame Encryption API. Add Contribuitng Source To Decryptor. This change allows supporting additional data for authentication and adds a requirement for the contributing source to be provided during decryption. Change-Id: Ifc19cb2d8a7d6c3715c83c95cf12f64df0bca454 Bug: webrtc:9681 Reviewed-on: https://webrtc-review.googlesource.com/100001 Reviewed-by: Steve Anton Commit-Queue: Benjamin Wright Cr-Commit-Position: refs/heads/master@{#24712} --- api/crypto/framedecryptorinterface.h | 12 ++++++++---- api/crypto/frameencryptorinterface.h | 3 ++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/api/crypto/framedecryptorinterface.h b/api/crypto/framedecryptorinterface.h index 1c49b511f7..587df47c66 100644 --- a/api/crypto/framedecryptorinterface.h +++ b/api/crypto/framedecryptorinterface.h @@ -11,6 +11,8 @@ #ifndef API_CRYPTO_FRAMEDECRYPTORINTERFACE_H_ #define API_CRYPTO_FRAMEDECRYPTORINTERFACE_H_ +#include + #include "api/array_view.h" #include "api/mediatypes.h" #include "rtc_base/refcount.h" @@ -24,21 +26,23 @@ namespace webrtc { // addition to the standard SRTP mechanism and is not intended to be used // without it. You may assume that this interface will have the same lifetime // as the RTPReceiver it is attached to. It must only be attached to one -// RTPReceiver. +// RTPReceiver. Additional data may be null. // Note: This interface is not ready for production use. class FrameDecryptorInterface : public rtc::RefCountInterface { public: ~FrameDecryptorInterface() override {} // Attempts to decrypt the encrypted frame. You may assume the frame size will - // be allocated to the size returned from GetOutputSize. You may assume that - // the frames are in order if SRTP is enabled. The stream is not provided here - // and it is up to the implementor to transport this information to the + // be allocated to the size returned from GetMaxPlaintextSize. You may assume + // that the frames are in order if SRTP is enabled. The stream is not provided + // here and it is up to the implementor to transport this information to the // receiver if they care about it. You must set bytes_written to how many // bytes you wrote to in the frame buffer. 0 must be returned if successful // all other numbers can be selected by the implementer to represent error // codes. virtual int Decrypt(cricket::MediaType media_type, + const std::vector& csrcs, + rtc::ArrayView additional_data, rtc::ArrayView encrypted_frame, rtc::ArrayView frame, size_t* bytes_written) = 0; diff --git a/api/crypto/frameencryptorinterface.h b/api/crypto/frameencryptorinterface.h index a99549c572..72bc04beb0 100644 --- a/api/crypto/frameencryptorinterface.h +++ b/api/crypto/frameencryptorinterface.h @@ -23,7 +23,7 @@ namespace webrtc { // the receiving device. Note this is an additional layer of encryption in // addition to the standard SRTP mechanism and is not intended to be used // without it. Implementations of this interface will have the same lifetime as -// the RTPSenders it is attached to. +// the RTPSenders it is attached to. Additional data may be null. // Note: This interface is not ready for production use. class FrameEncryptorInterface : public rtc::RefCountInterface { public: @@ -38,6 +38,7 @@ class FrameEncryptorInterface : public rtc::RefCountInterface { // selected by the implementer to represent error codes. virtual int Encrypt(cricket::MediaType media_type, uint32_t ssrc, + rtc::ArrayView additional_data, rtc::ArrayView frame, rtc::ArrayView encrypted_frame, size_t* bytes_written) = 0;