From 318166bed75dcbc00a7b79f715f9953aff9ffbc7 Mon Sep 17 00:00:00 2001 From: guoweis Date: Wed, 18 Nov 2015 19:03:38 -0800 Subject: [PATCH] Revert of Convert internal representation of Srtp cryptos from string to int. (patchset #10 id:180001 of https://codereview.webrtc.org/1416673006/ ) Reason for revert: Broke chromium fyi build. Original issue's description: > Convert internal representation of Srtp cryptos from string to int. > > Note that the coversion from int to string happens in 3 places > 1) SDP layer from int to external names. mediasession.cc GetSupportedSuiteNames. > 2) for SSL_CTX_set_tlsext_use_srtp(), converting from int to internal names. > 3) stats collection also needs external names. > > External names are like AES_CM_128_HMAC_SHA1_80, specified in sslstreamadapter.cc. > Internal names are like SRTP_AES128_CM_SHA1_80, specified in opensslstreamadapter.cc. > > The conversion from string to int happens in one place only, SDP layer, SrtpFilter::ApplyParams(). > > BUG=webrtc:5043 > > Committed: https://crrev.com/2764e1027a08a5543e04b854a27a520801faf6eb > Cr-Commit-Position: refs/heads/master@{#10701} TBR=juberti@webrtc.org,pthatcher@webrtc.org,juberti@google.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=webrtc:5043 Review URL: https://codereview.webrtc.org/1455233005 Cr-Commit-Position: refs/heads/master@{#10702} --- talk/app/webrtc/peerconnection_unittest.cc | 42 ++++---- talk/app/webrtc/statscollector.cc | 19 ++-- talk/app/webrtc/statscollector_unittest.cc | 43 ++++---- talk/app/webrtc/webrtcsession.cc | 18 ++-- talk/media/base/cryptoparams.h | 6 +- talk/session/media/channel.cc | 61 ++++++----- talk/session/media/channel.h | 13 +-- talk/session/media/mediasession.cc | 61 +++-------- talk/session/media/mediasession.h | 17 +-- talk/session/media/srtpfilter.cc | 33 +++--- talk/session/media/srtpfilter.h | 14 +-- talk/session/media/srtpfilter_unittest.cc | 102 ++++++++++-------- webrtc/base/opensslstreamadapter.cc | 48 +++++---- webrtc/base/opensslstreamadapter.h | 6 +- webrtc/base/sslstreamadapter.cc | 28 ++--- webrtc/base/sslstreamadapter.h | 23 ++-- webrtc/base/sslstreamadapter_unittest.cc | 91 ++++++++-------- webrtc/p2p/base/dtlstransportchannel.cc | 21 ++-- webrtc/p2p/base/dtlstransportchannel.h | 6 +- .../p2p/base/dtlstransportchannel_unittest.cc | 25 ++--- webrtc/p2p/base/faketransportcontroller.h | 25 ++--- webrtc/p2p/base/p2ptransportchannel.h | 4 +- webrtc/p2p/base/transport.cc | 4 +- webrtc/p2p/base/transport.h | 4 +- webrtc/p2p/base/transportchannel.cc | 9 -- webrtc/p2p/base/transportchannel.h | 9 +- 26 files changed, 348 insertions(+), 384 deletions(-) diff --git a/talk/app/webrtc/peerconnection_unittest.cc b/talk/app/webrtc/peerconnection_unittest.cc index 4faf599907..3193ffd898 100644 --- a/talk/app/webrtc/peerconnection_unittest.cc +++ b/talk/app/webrtc/peerconnection_unittest.cc @@ -113,7 +113,7 @@ static const char kDataChannelLabel[] = "data_channel"; #if !defined(THREAD_SANITIZER) // SRTP cipher name negotiated by the tests. This must be updated if the // default changes. -static const int kDefaultSrtpCryptoSuite = rtc::SRTP_AES128_CM_SHA1_32; +static const char kDefaultSrtpCipher[] = "AES_CM_128_HMAC_SHA1_32"; #endif static void RemoveLinesFromSdp(const std::string& line_start, @@ -1327,7 +1327,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12None) { initializing_client()->pc()->RegisterUMAObserver(init_observer); LocalP2PTest(); - EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName( + EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName( rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)), initializing_client()->GetDtlsCipherStats(), @@ -1337,12 +1337,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12None) { rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT))); - EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite), + EXPECT_EQ_WAIT(kDefaultSrtpCipher, initializing_client()->GetSrtpCipherStats(), kMaxWaitForStatsMs); - EXPECT_EQ(1, - init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher, - kDefaultSrtpCryptoSuite)); + EXPECT_EQ(1, init_observer->GetEnumCounter( + webrtc::kEnumCounterAudioSrtpCipher, + rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher))); } // Test that DTLS 1.2 is used if both ends support it. @@ -1358,7 +1358,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Both) { initializing_client()->pc()->RegisterUMAObserver(init_observer); LocalP2PTest(); - EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName( + EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName( rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( rtc::SSL_PROTOCOL_DTLS_12, rtc::KT_DEFAULT)), initializing_client()->GetDtlsCipherStats(), @@ -1368,12 +1368,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Both) { rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( rtc::SSL_PROTOCOL_DTLS_12, rtc::KT_DEFAULT))); - EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite), + EXPECT_EQ_WAIT(kDefaultSrtpCipher, initializing_client()->GetSrtpCipherStats(), kMaxWaitForStatsMs); - EXPECT_EQ(1, - init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher, - kDefaultSrtpCryptoSuite)); + EXPECT_EQ(1, init_observer->GetEnumCounter( + webrtc::kEnumCounterAudioSrtpCipher, + rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher))); } // Test that DTLS 1.0 is used if the initator supports DTLS 1.2 and the @@ -1390,7 +1390,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Init) { initializing_client()->pc()->RegisterUMAObserver(init_observer); LocalP2PTest(); - EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName( + EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName( rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)), initializing_client()->GetDtlsCipherStats(), @@ -1400,12 +1400,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Init) { rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT))); - EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite), + EXPECT_EQ_WAIT(kDefaultSrtpCipher, initializing_client()->GetSrtpCipherStats(), kMaxWaitForStatsMs); - EXPECT_EQ(1, - init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher, - kDefaultSrtpCryptoSuite)); + EXPECT_EQ(1, init_observer->GetEnumCounter( + webrtc::kEnumCounterAudioSrtpCipher, + rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher))); } // Test that DTLS 1.0 is used if the initator supports DTLS 1.0 and the @@ -1422,7 +1422,7 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Recv) { initializing_client()->pc()->RegisterUMAObserver(init_observer); LocalP2PTest(); - EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName( + EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName( rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)), initializing_client()->GetDtlsCipherStats(), @@ -1432,12 +1432,12 @@ TEST_F(JsepPeerConnectionP2PTestClient, GetDtls12Recv) { rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT))); - EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite), + EXPECT_EQ_WAIT(kDefaultSrtpCipher, initializing_client()->GetSrtpCipherStats(), kMaxWaitForStatsMs); - EXPECT_EQ(1, - init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher, - kDefaultSrtpCryptoSuite)); + EXPECT_EQ(1, init_observer->GetEnumCounter( + webrtc::kEnumCounterAudioSrtpCipher, + rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher))); } // This test sets up a call between two parties with audio, video and data. diff --git a/talk/app/webrtc/statscollector.cc b/talk/app/webrtc/statscollector.cc index 28686965e6..347a84640c 100644 --- a/talk/app/webrtc/statscollector.cc +++ b/talk/app/webrtc/statscollector.cc @@ -730,20 +730,17 @@ void StatsCollector::ExtractSessionInfo() { channel_report->AddId(StatsReport::kStatsValueNameRemoteCertificateId, remote_cert_report_id); } - int srtp_crypto_suite = channel_iter.srtp_crypto_suite; - if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE && - rtc::SrtpCryptoSuiteToName(srtp_crypto_suite).length()) { - channel_report->AddString( - StatsReport::kStatsValueNameSrtpCipher, - rtc::SrtpCryptoSuiteToName(srtp_crypto_suite)); + const std::string& srtp_cipher = channel_iter.srtp_cipher; + if (!srtp_cipher.empty()) { + channel_report->AddString(StatsReport::kStatsValueNameSrtpCipher, + srtp_cipher); } - int ssl_cipher_suite = channel_iter.ssl_cipher_suite; - if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL && - rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite) - .length()) { + int ssl_cipher = channel_iter.ssl_cipher; + if (ssl_cipher && + rtc::SSLStreamAdapter::GetSslCipherSuiteName(ssl_cipher).length()) { channel_report->AddString( StatsReport::kStatsValueNameDtlsCipher, - rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite)); + rtc::SSLStreamAdapter::GetSslCipherSuiteName(ssl_cipher)); } int connection_id = 0; diff --git a/talk/app/webrtc/statscollector_unittest.cc b/talk/app/webrtc/statscollector_unittest.cc index eb2e3f3c41..9121c691b1 100644 --- a/talk/app/webrtc/statscollector_unittest.cc +++ b/talk/app/webrtc/statscollector_unittest.cc @@ -683,8 +683,8 @@ class StatsCollectorTest : public testing::Test { // Fake stats to process. cricket::TransportChannelStats channel_stats; channel_stats.component = 1; - channel_stats.srtp_crypto_suite = rtc::SRTP_AES128_CM_SHA1_80; - channel_stats.ssl_cipher_suite = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; + channel_stats.srtp_cipher = "the-srtp-cipher"; + channel_stats.ssl_cipher = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; cricket::TransportStats transport_stats; transport_stats.transport_name = "audio"; @@ -747,17 +747,18 @@ class StatsCollectorTest : public testing::Test { } // Check negotiated ciphers. - std::string dtls_cipher_suite = - ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports, - StatsReport::kStatsValueNameDtlsCipher); - EXPECT_EQ(rtc::SSLStreamAdapter::SslCipherSuiteToName( + std::string dtls_cipher = ExtractStatsValue( + StatsReport::kStatsReportTypeComponent, + reports, + StatsReport::kStatsValueNameDtlsCipher); + EXPECT_EQ(rtc::SSLStreamAdapter::GetSslCipherSuiteName( TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), - dtls_cipher_suite); - std::string srtp_crypto_suite = - ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports, - StatsReport::kStatsValueNameSrtpCipher); - EXPECT_EQ(rtc::SrtpCryptoSuiteToName(rtc::SRTP_AES128_CM_SHA1_80), - srtp_crypto_suite); + dtls_cipher); + std::string srtp_cipher = ExtractStatsValue( + StatsReport::kStatsReportTypeComponent, + reports, + StatsReport::kStatsValueNameSrtpCipher); + EXPECT_EQ("the-srtp-cipher", srtp_cipher); } cricket::FakeMediaEngine* media_engine_; @@ -1406,14 +1407,16 @@ TEST_F(StatsCollectorTest, NoTransport) { ASSERT_EQ(kNotFound, remote_certificate_id); // Check that the negotiated ciphers are absent. - std::string dtls_cipher_suite = - ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports, - StatsReport::kStatsValueNameDtlsCipher); - ASSERT_EQ(kNotFound, dtls_cipher_suite); - std::string srtp_crypto_suite = - ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports, - StatsReport::kStatsValueNameSrtpCipher); - ASSERT_EQ(kNotFound, srtp_crypto_suite); + std::string dtls_cipher = ExtractStatsValue( + StatsReport::kStatsReportTypeComponent, + reports, + StatsReport::kStatsValueNameDtlsCipher); + ASSERT_EQ(kNotFound, dtls_cipher); + std::string srtp_cipher = ExtractStatsValue( + StatsReport::kStatsReportTypeComponent, + reports, + StatsReport::kStatsValueNameSrtpCipher); + ASSERT_EQ(kNotFound, srtp_cipher); } // This test verifies that the stats are generated correctly when the transport diff --git a/talk/app/webrtc/webrtcsession.cc b/talk/app/webrtc/webrtcsession.cc index ada35c5e4d..1fc2a37902 100644 --- a/talk/app/webrtc/webrtcsession.cc +++ b/talk/app/webrtc/webrtcsession.cc @@ -2157,10 +2157,9 @@ void WebRtcSession::ReportNegotiatedCiphers( return; } - int srtp_crypto_suite = stats.channel_stats[0].srtp_crypto_suite; - int ssl_cipher_suite = stats.channel_stats[0].ssl_cipher_suite; - if (srtp_crypto_suite == rtc::SRTP_INVALID_CRYPTO_SUITE && - ssl_cipher_suite == rtc::TLS_NULL_WITH_NULL_NULL) { + const std::string& srtp_cipher = stats.channel_stats[0].srtp_cipher; + int ssl_cipher = stats.channel_stats[0].ssl_cipher; + if (srtp_cipher.empty() && !ssl_cipher) { return; } @@ -2180,13 +2179,12 @@ void WebRtcSession::ReportNegotiatedCiphers( return; } - if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE) { - metrics_observer_->IncrementSparseEnumCounter(srtp_counter_type, - srtp_crypto_suite); + if (!srtp_cipher.empty()) { + metrics_observer_->IncrementSparseEnumCounter( + srtp_counter_type, rtc::GetSrtpCryptoSuiteFromName(srtp_cipher)); } - if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL) { - metrics_observer_->IncrementSparseEnumCounter(ssl_counter_type, - ssl_cipher_suite); + if (ssl_cipher) { + metrics_observer_->IncrementSparseEnumCounter(ssl_counter_type, ssl_cipher); } } diff --git a/talk/media/base/cryptoparams.h b/talk/media/base/cryptoparams.h index 589953db3e..9dd1db5166 100644 --- a/talk/media/base/cryptoparams.h +++ b/talk/media/base/cryptoparams.h @@ -35,10 +35,8 @@ namespace cricket { // Parameters for SRTP negotiation, as described in RFC 4568. struct CryptoParams { CryptoParams() : tag(0) {} - CryptoParams(int t, - const std::string& cs, - const std::string& kp, - const std::string& sp) + CryptoParams(int t, const std::string& cs, + const std::string& kp, const std::string& sp) : tag(t), cipher_suite(cs), key_params(kp), session_params(sp) {} bool Matches(const CryptoParams& params) const { diff --git a/talk/session/media/channel.cc b/talk/session/media/channel.cc index ef26704f1a..8d3efec4fa 100644 --- a/talk/session/media/channel.cc +++ b/talk/session/media/channel.cc @@ -218,11 +218,11 @@ bool BaseChannel::Init() { return false; } - if (!SetDtlsSrtpCryptoSuites(transport_channel(), false)) { + if (!SetDtlsSrtpCiphers(transport_channel(), false)) { return false; } if (rtcp_transport_enabled() && - !SetDtlsSrtpCryptoSuites(rtcp_transport_channel(), true)) { + !SetDtlsSrtpCiphers(rtcp_transport_channel(), true)) { return false; } @@ -809,16 +809,16 @@ void BaseChannel::SignalDtlsSetupFailure_s(bool rtcp) { SignalDtlsSetupFailure(this, rtcp); } -bool BaseChannel::SetDtlsSrtpCryptoSuites(TransportChannel* tc, bool rtcp) { - std::vector crypto_suites; - // We always use the default SRTP crypto suites for RTCP, but we may use - // different crypto suites for RTP depending on the media type. +bool BaseChannel::SetDtlsSrtpCiphers(TransportChannel *tc, bool rtcp) { + std::vector ciphers; + // We always use the default SRTP ciphers for RTCP, but we may use different + // ciphers for RTP depending on the media type. if (!rtcp) { - GetSrtpCryptoSuites(&crypto_suites); + GetSrtpCryptoSuiteNames(&ciphers); } else { - GetDefaultSrtpCryptoSuites(&crypto_suites); + GetDefaultSrtpCryptoSuiteNames(&ciphers); } - return tc->SetSrtpCryptoSuites(crypto_suites); + return tc->SetSrtpCiphers(ciphers); } bool BaseChannel::ShouldSetupDtlsSrtp() const { @@ -837,10 +837,10 @@ bool BaseChannel::SetupDtlsSrtp(bool rtcp_channel) { if (!channel->IsDtlsActive()) return true; - int selected_crypto_suite; + std::string selected_cipher; - if (!channel->GetSrtpCryptoSuite(&selected_crypto_suite)) { - LOG(LS_ERROR) << "No DTLS-SRTP selected crypto suite"; + if (!channel->GetSrtpCryptoSuite(&selected_cipher)) { + LOG(LS_ERROR) << "No DTLS-SRTP selected cipher"; return false; } @@ -896,15 +896,21 @@ bool BaseChannel::SetupDtlsSrtp(bool rtcp_channel) { } if (rtcp_channel) { - ret = srtp_filter_.SetRtcpParams(selected_crypto_suite, &(*send_key)[0], - static_cast(send_key->size()), - selected_crypto_suite, &(*recv_key)[0], - static_cast(recv_key->size())); + ret = srtp_filter_.SetRtcpParams( + selected_cipher, + &(*send_key)[0], + static_cast(send_key->size()), + selected_cipher, + &(*recv_key)[0], + static_cast(recv_key->size())); } else { - ret = srtp_filter_.SetRtpParams(selected_crypto_suite, &(*send_key)[0], - static_cast(send_key->size()), - selected_crypto_suite, &(*recv_key)[0], - static_cast(recv_key->size())); + ret = srtp_filter_.SetRtpParams( + selected_cipher, + &(*send_key)[0], + static_cast(send_key->size()), + selected_cipher, + &(*recv_key)[0], + static_cast(recv_key->size())); } if (!ret) @@ -1574,8 +1580,9 @@ void VoiceChannel::OnAudioMonitorUpdate(AudioMonitor* monitor, SignalAudioMonitor(this, info); } -void VoiceChannel::GetSrtpCryptoSuites(std::vector* crypto_suites) const { - GetSupportedAudioCryptoSuites(crypto_suites); +void VoiceChannel::GetSrtpCryptoSuiteNames( + std::vector* ciphers) const { + GetSupportedAudioCryptoSuites(ciphers); } VideoChannel::VideoChannel(rtc::Thread* thread, @@ -1963,8 +1970,9 @@ bool VideoChannel::GetLocalSsrc(const VideoCapturer* capturer, uint32_t* ssrc) { return false; } -void VideoChannel::GetSrtpCryptoSuites(std::vector* crypto_suites) const { - GetSupportedVideoCryptoSuites(crypto_suites); +void VideoChannel::GetSrtpCryptoSuiteNames( + std::vector* ciphers) const { + GetSupportedVideoCryptoSuites(ciphers); } DataChannel::DataChannel(rtc::Thread* thread, @@ -2270,8 +2278,9 @@ void DataChannel::OnDataChannelReadyToSend(bool writable) { new DataChannelReadyToSendMessageData(writable)); } -void DataChannel::GetSrtpCryptoSuites(std::vector* crypto_suites) const { - GetSupportedDataCryptoSuites(crypto_suites); +void DataChannel::GetSrtpCryptoSuiteNames( + std::vector* ciphers) const { + GetSupportedDataCryptoSuites(ciphers); } bool DataChannel::ShouldSetupDtlsSrtp() const { diff --git a/talk/session/media/channel.h b/talk/session/media/channel.h index 9342d31a25..603115cee7 100644 --- a/talk/session/media/channel.h +++ b/talk/session/media/channel.h @@ -236,7 +236,7 @@ class BaseChannel // |rtcp_channel| indicates whether to set up the RTP or RTCP filter. bool SetupDtlsSrtp(bool rtcp_channel); // Set the DTLS-SRTP cipher policy on this channel as appropriate. - bool SetDtlsSrtpCryptoSuites(TransportChannel* tc, bool rtcp); + bool SetDtlsSrtpCiphers(TransportChannel *tc, bool rtcp); virtual void ChangeState() = 0; @@ -282,8 +282,9 @@ class BaseChannel void OnMessage(rtc::Message* pmsg) override; // Handled in derived classes - // Get the SRTP crypto suites to use for RTP media - virtual void GetSrtpCryptoSuites(std::vector* crypto_suites) const = 0; + // Get the SRTP ciphers to use for RTP media + virtual void GetSrtpCryptoSuiteNames( + std::vector* ciphers) const = 0; virtual void OnConnectionMonitorUpdate(ConnectionMonitor* monitor, const std::vector& infos) = 0; @@ -406,7 +407,7 @@ class VoiceChannel : public BaseChannel { bool GetStats_w(VoiceMediaInfo* stats); virtual void OnMessage(rtc::Message* pmsg); - virtual void GetSrtpCryptoSuites(std::vector* crypto_suites) const; + virtual void GetSrtpCryptoSuiteNames(std::vector* ciphers) const; virtual void OnConnectionMonitorUpdate( ConnectionMonitor* monitor, const std::vector& infos); virtual void OnMediaMonitorUpdate( @@ -496,7 +497,7 @@ class VideoChannel : public BaseChannel { bool GetStats_w(VideoMediaInfo* stats); virtual void OnMessage(rtc::Message* pmsg); - virtual void GetSrtpCryptoSuites(std::vector* crypto_suites) const; + virtual void GetSrtpCryptoSuiteNames(std::vector* ciphers) const; virtual void OnConnectionMonitorUpdate( ConnectionMonitor* monitor, const std::vector& infos); virtual void OnMediaMonitorUpdate( @@ -613,7 +614,7 @@ class DataChannel : public BaseChannel { virtual bool WantsPacket(bool rtcp, rtc::Buffer* packet); virtual void OnMessage(rtc::Message* pmsg); - virtual void GetSrtpCryptoSuites(std::vector* crypto_suites) const; + virtual void GetSrtpCryptoSuiteNames(std::vector* ciphers) const; virtual void OnConnectionMonitorUpdate( ConnectionMonitor* monitor, const std::vector& infos); virtual void OnMediaMonitorUpdate( diff --git a/talk/session/media/mediasession.cc b/talk/session/media/mediasession.cc index ed626e2f34..7413026092 100644 --- a/talk/session/media/mediasession.cc +++ b/talk/session/media/mediasession.cc @@ -50,17 +50,6 @@ static const uint32_t kMaxSctpSid = 1023; namespace { const char kInline[] = "inline:"; - -void GetSupportedCryptoSuiteNames(void (*func)(std::vector*), - std::vector* names) { -#ifdef HAVE_SRTP - std::vector crypto_suites; - func(&crypto_suites); - for (const auto crypto : crypto_suites) { - names->push_back(rtc::SrtpCryptoSuiteToName(crypto)); - } -#endif -} } namespace cricket { @@ -163,50 +152,30 @@ bool FindMatchingCrypto(const CryptoParamsVec& cryptos, } // For audio, HMAC 32 is prefered because of the low overhead. -void GetSupportedAudioCryptoSuites(std::vector* crypto_suites) { +void GetSupportedAudioCryptoSuites( + std::vector* crypto_suites) { #ifdef HAVE_SRTP - crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32); - crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80); + crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_32); + crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_80); #endif } -void GetSupportedAudioCryptoSuiteNames( - std::vector* crypto_suite_names) { - GetSupportedCryptoSuiteNames(GetSupportedAudioCryptoSuites, - crypto_suite_names); +void GetSupportedVideoCryptoSuites( + std::vector* crypto_suites) { + GetDefaultSrtpCryptoSuiteNames(crypto_suites); } -void GetSupportedVideoCryptoSuites(std::vector* crypto_suites) { - GetDefaultSrtpCryptoSuites(crypto_suites); +void GetSupportedDataCryptoSuites( + std::vector* crypto_suites) { + GetDefaultSrtpCryptoSuiteNames(crypto_suites); } -void GetSupportedVideoCryptoSuiteNames( - std::vector* crypto_suite_names) { - GetSupportedCryptoSuiteNames(GetSupportedVideoCryptoSuites, - crypto_suite_names); -} - -void GetSupportedDataCryptoSuites(std::vector* crypto_suites) { - GetDefaultSrtpCryptoSuites(crypto_suites); -} - -void GetSupportedDataCryptoSuiteNames( - std::vector* crypto_suite_names) { - GetSupportedCryptoSuiteNames(GetSupportedDataCryptoSuites, - crypto_suite_names); -} - -void GetDefaultSrtpCryptoSuites(std::vector* crypto_suites) { +void GetDefaultSrtpCryptoSuiteNames(std::vector* crypto_suites) { #ifdef HAVE_SRTP - crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80); + crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_80); #endif } -void GetDefaultSrtpCryptoSuiteNames( - std::vector* crypto_suite_names) { - GetSupportedCryptoSuiteNames(GetDefaultSrtpCryptoSuites, crypto_suite_names); -} - // For video support only 80-bit SHA1 HMAC. For audio 32-bit HMAC is // tolerated unless bundle is enabled because it is low overhead. Pick the // crypto in the list that is supported. @@ -1545,7 +1514,7 @@ bool MediaSessionDescriptionFactory::AddAudioContentForOffer( scoped_ptr audio(new AudioContentDescription()); std::vector crypto_suites; - GetSupportedAudioCryptoSuiteNames(&crypto_suites); + GetSupportedAudioCryptoSuites(&crypto_suites); if (!CreateMediaContentOffer( options, audio_codecs, @@ -1599,7 +1568,7 @@ bool MediaSessionDescriptionFactory::AddVideoContentForOffer( scoped_ptr video(new VideoContentDescription()); std::vector crypto_suites; - GetSupportedVideoCryptoSuiteNames(&crypto_suites); + GetSupportedVideoCryptoSuites(&crypto_suites); if (!CreateMediaContentOffer( options, video_codecs, @@ -1669,7 +1638,7 @@ bool MediaSessionDescriptionFactory::AddDataContentForOffer( data->set_protocol( secure_transport ? kMediaProtocolDtlsSctp : kMediaProtocolSctp); } else { - GetSupportedDataCryptoSuiteNames(&crypto_suites); + GetSupportedDataCryptoSuites(&crypto_suites); } if (!CreateMediaContentOffer( diff --git a/talk/session/media/mediasession.h b/talk/session/media/mediasession.h index 25ea017c7c..e92628e711 100644 --- a/talk/session/media/mediasession.h +++ b/talk/session/media/mediasession.h @@ -547,19 +547,10 @@ const VideoContentDescription* GetFirstVideoContentDescription( const DataContentDescription* GetFirstDataContentDescription( const SessionDescription* sdesc); -void GetSupportedAudioCryptoSuites(std::vector* crypto_suites); -void GetSupportedVideoCryptoSuites(std::vector* crypto_suites); -void GetSupportedDataCryptoSuites(std::vector* crypto_suites); -void GetDefaultSrtpCryptoSuites(std::vector* crypto_suites); -void GetSupportedAudioCryptoSuiteNames( - std::vector* crypto_suite_names); -void GetSupportedVideoCryptoSuiteNames( - std::vector* crypto_suite_names); -void GetSupportedDataCryptoSuiteNames( - std::vector* crypto_suite_names); -void GetDefaultSrtpCryptoSuiteNames( - std::vector* crypto_suite_names); - +void GetSupportedAudioCryptoSuites(std::vector* crypto_suites); +void GetSupportedVideoCryptoSuites(std::vector* crypto_suites); +void GetSupportedDataCryptoSuites(std::vector* crypto_suites); +void GetDefaultSrtpCryptoSuiteNames(std::vector* crypto_suites); } // namespace cricket #endif // TALK_SESSION_MEDIA_MEDIASESSION_H_ diff --git a/talk/session/media/srtpfilter.cc b/talk/session/media/srtpfilter.cc index 4a54740cef..079ddfb57e 100644 --- a/talk/session/media/srtpfilter.cc +++ b/talk/session/media/srtpfilter.cc @@ -146,10 +146,10 @@ bool SrtpFilter::SetProvisionalAnswer( return DoSetAnswer(answer_params, source, false); } -bool SrtpFilter::SetRtpParams(int send_cs, +bool SrtpFilter::SetRtpParams(const std::string& send_cs, const uint8_t* send_key, int send_key_len, - int recv_cs, + const std::string& recv_cs, const uint8_t* recv_key, int recv_key_len) { if (IsActive()) { @@ -179,10 +179,10 @@ bool SrtpFilter::SetRtpParams(int send_cs, // SrtpSession. // - In the muxed case, they are keyed with the same keys, so // this function is not needed -bool SrtpFilter::SetRtcpParams(int send_cs, +bool SrtpFilter::SetRtcpParams(const std::string& send_cs, const uint8_t* send_key, int send_key_len, - int recv_cs, + const std::string& recv_cs, const uint8_t* recv_key, int recv_key_len) { // This can only be called once, but can be safely called after @@ -428,12 +428,10 @@ bool SrtpFilter::ApplyParams(const CryptoParams& send_params, ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key))); if (ret) { CreateSrtpSessions(); - ret = (send_session_->SetSend( - rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), send_key, - sizeof(send_key)) && - recv_session_->SetRecv( - rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), recv_key, - sizeof(recv_key))); + ret = (send_session_->SetSend(send_params.cipher_suite, + send_key, sizeof(send_key)) && + recv_session_->SetRecv(recv_params.cipher_suite, + recv_key, sizeof(recv_key))); } if (ret) { LOG(LS_INFO) << "SRTP activated with negotiated parameters:" @@ -509,11 +507,11 @@ SrtpSession::~SrtpSession() { } } -bool SrtpSession::SetSend(int cs, const uint8_t* key, int len) { +bool SrtpSession::SetSend(const std::string& cs, const uint8_t* key, int len) { return SetKey(ssrc_any_outbound, cs, key, len); } -bool SrtpSession::SetRecv(int cs, const uint8_t* key, int len) { +bool SrtpSession::SetRecv(const std::string& cs, const uint8_t* key, int len) { return SetKey(ssrc_any_inbound, cs, key, len); } @@ -660,7 +658,10 @@ void SrtpSession::set_signal_silent_time(uint32_t signal_silent_time_in_ms) { srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms); } -bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, int len) { +bool SrtpSession::SetKey(int type, + const std::string& cs, + const uint8_t* key, + int len) { if (session_) { LOG(LS_ERROR) << "Failed to create SRTP session: " << "SRTP session already created"; @@ -674,15 +675,15 @@ bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, int len) { srtp_policy_t policy; memset(&policy, 0, sizeof(policy)); - if (cs == rtc::SRTP_AES128_CM_SHA1_80) { + if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_80) { crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp); crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); - } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) { + } else if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_32) { crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32, crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80 } else { LOG(LS_WARNING) << "Failed to create SRTP session: unsupported" - << " cipher_suite " << cs; + << " cipher_suite " << cs.c_str(); return false; } diff --git a/talk/session/media/srtpfilter.h b/talk/session/media/srtpfilter.h index d30cee69c3..3c3a8e848b 100644 --- a/talk/session/media/srtpfilter.h +++ b/talk/session/media/srtpfilter.h @@ -104,16 +104,16 @@ class SrtpFilter { // Just set up both sets of keys directly. // Used with DTLS-SRTP. - bool SetRtpParams(int send_cs, + bool SetRtpParams(const std::string& send_cs, const uint8_t* send_key, int send_key_len, - int recv_cs, + const std::string& recv_cs, const uint8_t* recv_key, int recv_key_len); - bool SetRtcpParams(int send_cs, + bool SetRtcpParams(const std::string& send_cs, const uint8_t* send_key, int send_key_len, - int recv_cs, + const std::string& recv_cs, const uint8_t* recv_key, int recv_key_len); @@ -199,10 +199,10 @@ class SrtpSession { // Configures the session for sending data using the specified // cipher-suite and key. Receiving must be done by a separate session. - bool SetSend(int cs, const uint8_t* key, int len); + bool SetSend(const std::string& cs, const uint8_t* key, int len); // Configures the session for receiving data using the specified // cipher-suite and key. Sending must be done by a separate session. - bool SetRecv(int cs, const uint8_t* key, int len); + bool SetRecv(const std::string& cs, const uint8_t* key, int len); // Encrypts/signs an individual RTP/RTCP packet, in-place. // If an HMAC is used, this will increase the packet size. @@ -232,7 +232,7 @@ class SrtpSession { SignalSrtpError; private: - bool SetKey(int type, int cs, const uint8_t* key, int len); + bool SetKey(int type, const std::string& cs, const uint8_t* key, int len); // Returns send stream current packet index from srtp db. bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index); diff --git a/talk/session/media/srtpfilter_unittest.cc b/talk/session/media/srtpfilter_unittest.cc index 11874380e2..8122455205 100644 --- a/talk/session/media/srtpfilter_unittest.cc +++ b/talk/session/media/srtpfilter_unittest.cc @@ -508,17 +508,21 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) { // Test directly setting the params with AES_CM_128_HMAC_SHA1_80 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, + EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80, + kTestKey1, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen)); - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, + EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80, + kTestKey2, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, + EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80, + kTestKey1, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen)); - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, + EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80, + kTestKey2, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); EXPECT_TRUE(f1_.IsActive()); EXPECT_TRUE(f2_.IsActive()); @@ -527,17 +531,21 @@ TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { // Test directly setting the params with AES_CM_128_HMAC_SHA1_32 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32, + kTestKey1, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_32, kTestKey2, kTestKeyLen)); - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32, + kTestKey2, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen)); - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32, + kTestKey1, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_32, kTestKey2, kTestKeyLen)); - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32, + kTestKey2, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen)); EXPECT_TRUE(f1_.IsActive()); EXPECT_TRUE(f2_.IsActive()); @@ -546,21 +554,25 @@ TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { // Test directly setting the params with bogus keys TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { - EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, - kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, + EXPECT_FALSE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80, + kTestKey1, kTestKeyLen - 1, + CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen - 1)); - EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, - kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, + EXPECT_FALSE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80, + kTestKey1, kTestKeyLen - 1, + CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen - 1)); } #if defined(ENABLE_EXTERNAL_AUTH) TEST_F(SrtpFilterTest, TestGetSendAuthParams) { - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32, + kTestKey1, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_32, kTestKey2, kTestKeyLen)); - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32, + kTestKey1, kTestKeyLen, + CS_AES_CM_128_HMAC_SHA1_32, kTestKey2, kTestKeyLen)); uint8_t* auth_key = NULL; int auth_key_len = 0, auth_tag_len = 0; @@ -617,30 +629,28 @@ class SrtpSessionTest : public testing::Test { // Test that we can set up the session and keys properly. TEST_F(SrtpSessionTest, TestGoodSetup) { - EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); - EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); } // Test that we can't change the keys once set. TEST_F(SrtpSessionTest, TestBadSetup) { - EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); - EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); - EXPECT_FALSE( - s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen)); - EXPECT_FALSE( - s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen)); + EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen)); + EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen)); } // Test that we fail keys of the wrong length. TEST_F(SrtpSessionTest, TestKeysTooShort) { - EXPECT_FALSE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1)); - EXPECT_FALSE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1)); + EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1)); + EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1)); } // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80. TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { - EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); - EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80); @@ -649,8 +659,8 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32. TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { - EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); - EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen)); TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32); TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32); TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32); @@ -658,7 +668,7 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { } TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) { - EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen)); int64_t index; int out_len = 0; EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, @@ -671,8 +681,8 @@ TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) { // Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods. TEST_F(SrtpSessionTest, TestTamperReject) { int out_len; - EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); - EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); rtp_packet_[0] = 0x12; @@ -684,8 +694,8 @@ TEST_F(SrtpSessionTest, TestTamperReject) { // Test that we fail to unprotect if the payloads are not authenticated. TEST_F(SrtpSessionTest, TestUnencryptReject) { int out_len; - EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); - EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); } @@ -693,7 +703,7 @@ TEST_F(SrtpSessionTest, TestUnencryptReject) { // Test that we fail when using buffers that are too small. TEST_F(SrtpSessionTest, TestBuffersTooSmall) { int out_len; - EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_) - 10, &out_len)); EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, @@ -707,8 +717,8 @@ TEST_F(SrtpSessionTest, TestReplay) { static const uint16_t replay_window = 1024; int out_len; - EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); - EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); + EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); // Initial sequence number. rtc::SetBE16(reinterpret_cast(rtp_packet_) + 2, seqnum_big); diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc index abbb7158e1..346b44289d 100644 --- a/webrtc/base/opensslstreamadapter.cc +++ b/webrtc/base/opensslstreamadapter.cc @@ -43,19 +43,17 @@ namespace rtc { #endif #ifdef HAVE_DTLS_SRTP -// SRTP cipher suite table. |internal_name| is used to construct a -// colon-separated profile strings which is needed by -// SSL_CTX_set_tlsext_use_srtp(). +// SRTP cipher suite table struct SrtpCipherMapEntry { + const char* external_name; const char* internal_name; - const int id; }; // This isn't elegant, but it's better than an external reference static SrtpCipherMapEntry SrtpCipherMap[] = { - {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80}, - {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32}, - {nullptr, 0}}; + {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"}, + {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"}, + {NULL, NULL}}; #endif #ifndef OPENSSL_IS_BORINGSSL @@ -352,9 +350,9 @@ bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string return true; } -std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) { +std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) { #ifdef OPENSSL_IS_BORINGSSL - const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite); + const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); if (!ssl_cipher) { return std::string(); } @@ -365,7 +363,7 @@ std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) { #else for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; ++entry) { - if (cipher_suite == entry->openssl_id) { + if (cipher == entry->openssl_id) { return entry->rfc_name; } } @@ -373,7 +371,7 @@ std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) { #endif } -bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) { +bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) { if (state_ != SSL_CONNECTED) return false; @@ -382,7 +380,7 @@ bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) { return false; } - *cipher_suite = static_cast(SSL_CIPHER_get_id(current_cipher)); + *cipher = static_cast(SSL_CIPHER_get_id(current_cipher)); return true; } @@ -409,20 +407,20 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, #endif } -bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites( - const std::vector& ciphers) { +bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers( + const std::vector& ciphers) { #ifdef HAVE_DTLS_SRTP std::string internal_ciphers; if (state_ != SSL_NONE) return false; - for (std::vector::const_iterator cipher = ciphers.begin(); + for (std::vector::const_iterator cipher = ciphers.begin(); cipher != ciphers.end(); ++cipher) { bool found = false; - for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name; + for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name; ++entry) { - if (*cipher == entry->id) { + if (*cipher == entry->external_name) { found = true; if (!internal_ciphers.empty()) internal_ciphers += ":"; @@ -447,7 +445,7 @@ bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites( #endif } -bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) { +bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) { #ifdef HAVE_DTLS_SRTP ASSERT(state_ == SSL_CONNECTED); if (state_ != SSL_CONNECTED) @@ -459,9 +457,17 @@ bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) { if (!srtp_profile) return false; - *crypto_suite = srtp_profile->id; - ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty()); - return true; + for (SrtpCipherMapEntry *entry = SrtpCipherMap; + entry->internal_name; ++entry) { + if (!strcmp(entry->internal_name, srtp_profile->name)) { + *cipher = entry->external_name; + return true; + } + } + + ASSERT(false); // This should never happen + + return false; #else return false; #endif diff --git a/webrtc/base/opensslstreamadapter.h b/webrtc/base/opensslstreamadapter.h index e57b2a3293..0f3ded9cb4 100644 --- a/webrtc/base/opensslstreamadapter.h +++ b/webrtc/base/opensslstreamadapter.h @@ -88,7 +88,7 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter { StreamState GetState() const override; // TODO(guoweis): Move this away from a static class method. - static std::string SslCipherSuiteToName(int crypto_suite); + static std::string GetSslCipherSuiteName(int cipher); bool GetSslCipherSuite(int* cipher) override; @@ -101,8 +101,8 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter { size_t result_len) override; // DTLS-SRTP interface - bool SetDtlsSrtpCryptoSuites(const std::vector& crypto_suites) override; - bool GetDtlsSrtpCryptoSuite(int* crypto_suite) override; + bool SetDtlsSrtpCiphers(const std::vector& ciphers) override; + bool GetDtlsSrtpCipher(std::string* cipher) override; // Capabilities interfaces static bool HaveDtls(); diff --git a/webrtc/base/sslstreamadapter.cc b/webrtc/base/sslstreamadapter.cc index a2cff3e448..b9ba9d3f2a 100644 --- a/webrtc/base/sslstreamadapter.cc +++ b/webrtc/base/sslstreamadapter.cc @@ -30,20 +30,12 @@ namespace rtc { const char CS_AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80"; const char CS_AES_CM_128_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32"; -std::string SrtpCryptoSuiteToName(int crypto_suite) { - if (crypto_suite == SRTP_AES128_CM_SHA1_32) - return CS_AES_CM_128_HMAC_SHA1_32; - if (crypto_suite == SRTP_AES128_CM_SHA1_80) - return CS_AES_CM_128_HMAC_SHA1_80; - return std::string(); -} - -int SrtpCryptoSuiteFromName(const std::string& crypto_suite) { - if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_32) +int GetSrtpCryptoSuiteFromName(const std::string& cipher) { + if (cipher == CS_AES_CM_128_HMAC_SHA1_32) return SRTP_AES128_CM_SHA1_32; - if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_80) + if (cipher == CS_AES_CM_128_HMAC_SHA1_80) return SRTP_AES128_CM_SHA1_80; - return SRTP_INVALID_CRYPTO_SUITE; + return 0; } SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) { @@ -54,7 +46,7 @@ SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) { #endif // SSL_USE_OPENSSL } -bool SSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) { +bool SSLStreamAdapter::GetSslCipherSuite(int* cipher) { return false; } @@ -67,12 +59,12 @@ bool SSLStreamAdapter::ExportKeyingMaterial(const std::string& label, return false; // Default is unsupported } -bool SSLStreamAdapter::SetDtlsSrtpCryptoSuites( - const std::vector& crypto_suites) { +bool SSLStreamAdapter::SetDtlsSrtpCiphers( + const std::vector& ciphers) { return false; } -bool SSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) { +bool SSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) { return false; } @@ -91,8 +83,8 @@ int SSLStreamAdapter::GetDefaultSslCipherForTest(SSLProtocolVersion version, return OpenSSLStreamAdapter::GetDefaultSslCipherForTest(version, key_type); } -std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) { - return OpenSSLStreamAdapter::SslCipherSuiteToName(cipher_suite); +std::string SSLStreamAdapter::GetSslCipherSuiteName(int cipher) { + return OpenSSLStreamAdapter::GetSslCipherSuiteName(cipher); } #endif // SSL_USE_OPENSSL diff --git a/webrtc/base/sslstreamadapter.h b/webrtc/base/sslstreamadapter.h index c57056b14a..65a7729d16 100644 --- a/webrtc/base/sslstreamadapter.h +++ b/webrtc/base/sslstreamadapter.h @@ -19,11 +19,7 @@ namespace rtc { -// Constants for SSL profile. -const int TLS_NULL_WITH_NULL_NULL = 0; - // Constants for SRTP profiles. -const int SRTP_INVALID_CRYPTO_SUITE = 0; const int SRTP_AES128_CM_SHA1_80 = 0x0001; const int SRTP_AES128_CM_SHA1_32 = 0x0002; @@ -35,13 +31,10 @@ extern const char CS_AES_CM_128_HMAC_SHA1_80[]; // 128-bit AES with 32-bit SHA-1 HMAC. extern const char CS_AES_CM_128_HMAC_SHA1_32[]; -// Given the DTLS-SRTP protection profile ID, as defined in -// https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile -// name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2. -std::string SrtpCryptoSuiteToName(int crypto_suite); - -// The reverse of above conversion. -int SrtpCryptoSuiteFromName(const std::string& crypto_suite); +// Returns the DTLS-SRTP protection profile ID, as defined in +// https://tools.ietf.org/html/rfc5764#section-4.1.2, for the given SRTP +// Crypto-suite, as defined in https://tools.ietf.org/html/rfc4568#section-6.2 +int GetSrtpCryptoSuiteFromName(const std::string& cipher_rfc_name); // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. // After SSL has been started, the stream will only open on successful @@ -159,7 +152,7 @@ class SSLStreamAdapter : public StreamAdapterInterface { // Retrieves the IANA registration id of the cipher suite used for the // connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA"). - virtual bool GetSslCipherSuite(int* cipher_suite); + virtual bool GetSslCipherSuite(int* cipher); // Key Exporter interface from RFC 5705 // Arguments are: @@ -181,8 +174,8 @@ class SSLStreamAdapter : public StreamAdapterInterface { size_t result_len); // DTLS-SRTP interface - virtual bool SetDtlsSrtpCryptoSuites(const std::vector& crypto_suites); - virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite); + virtual bool SetDtlsSrtpCiphers(const std::vector& ciphers); + virtual bool GetDtlsSrtpCipher(std::string* cipher); // Capabilities testing static bool HaveDtls(); @@ -198,7 +191,7 @@ class SSLStreamAdapter : public StreamAdapterInterface { // TODO(guoweis): Move this away from a static class method. Currently this is // introduced such that any caller could depend on sslstreamadapter.h without // depending on specific SSL implementation. - static std::string SslCipherSuiteToName(int cipher_suite); + static std::string GetSslCipherSuiteName(int cipher); private: // If true, the server certificate need not match the configured diff --git a/webrtc/base/sslstreamadapter_unittest.cc b/webrtc/base/sslstreamadapter_unittest.cc index 0344bd057a..a3e8d9c637 100644 --- a/webrtc/base/sslstreamadapter_unittest.cc +++ b/webrtc/base/sslstreamadapter_unittest.cc @@ -29,6 +29,8 @@ using ::testing::Combine; using ::testing::tuple; static const int kBlockSize = 4096; +static const char kAES_CM_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80"; +static const char kAES_CM_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32"; static const char kExporterLabel[] = "label"; static const unsigned char kExporterContext[] = "context"; static int kExporterContextLen = sizeof(kExporterContext); @@ -387,18 +389,19 @@ class SSLStreamAdapterTestBase : public testing::Test, handshake_wait_ = wait; } - void SetDtlsSrtpCryptoSuites(const std::vector& ciphers, bool client) { + void SetDtlsSrtpCiphers(const std::vector &ciphers, + bool client) { if (client) - client_ssl_->SetDtlsSrtpCryptoSuites(ciphers); + client_ssl_->SetDtlsSrtpCiphers(ciphers); else - server_ssl_->SetDtlsSrtpCryptoSuites(ciphers); + server_ssl_->SetDtlsSrtpCiphers(ciphers); } - bool GetDtlsSrtpCryptoSuite(bool client, int* retval) { + bool GetDtlsSrtpCipher(bool client, std::string *retval) { if (client) - return client_ssl_->GetDtlsSrtpCryptoSuite(retval); + return client_ssl_->GetDtlsSrtpCipher(retval); else - return server_ssl_->GetDtlsSrtpCryptoSuite(retval); + return server_ssl_->GetDtlsSrtpCipher(retval); } bool GetPeerCertificate(bool client, rtc::SSLCertificate** cert) { @@ -806,74 +809,74 @@ TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSTransferWithDamage) { // Test DTLS-SRTP with all high ciphers TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { MAYBE_SKIP_TEST(HaveDtlsSrtp); - std::vector high; - high.push_back(rtc::SRTP_AES128_CM_SHA1_80); - SetDtlsSrtpCryptoSuites(high, true); - SetDtlsSrtpCryptoSuites(high, false); + std::vector high; + high.push_back(kAES_CM_HMAC_SHA1_80); + SetDtlsSrtpCiphers(high, true); + SetDtlsSrtpCiphers(high, false); TestHandshake(); - int client_cipher; - ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); - int server_cipher; - ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); + std::string client_cipher; + ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher)); + std::string server_cipher; + ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher)); ASSERT_EQ(client_cipher, server_cipher); - ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); + ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80); }; // Test DTLS-SRTP with all low ciphers TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { MAYBE_SKIP_TEST(HaveDtlsSrtp); - std::vector low; - low.push_back(rtc::SRTP_AES128_CM_SHA1_32); - SetDtlsSrtpCryptoSuites(low, true); - SetDtlsSrtpCryptoSuites(low, false); + std::vector low; + low.push_back(kAES_CM_HMAC_SHA1_32); + SetDtlsSrtpCiphers(low, true); + SetDtlsSrtpCiphers(low, false); TestHandshake(); - int client_cipher; - ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); - int server_cipher; - ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); + std::string client_cipher; + ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher)); + std::string server_cipher; + ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher)); ASSERT_EQ(client_cipher, server_cipher); - ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); + ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_32); }; // Test DTLS-SRTP with a mismatch -- should not converge TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { MAYBE_SKIP_TEST(HaveDtlsSrtp); - std::vector high; - high.push_back(rtc::SRTP_AES128_CM_SHA1_80); - std::vector low; - low.push_back(rtc::SRTP_AES128_CM_SHA1_32); - SetDtlsSrtpCryptoSuites(high, true); - SetDtlsSrtpCryptoSuites(low, false); + std::vector high; + high.push_back(kAES_CM_HMAC_SHA1_80); + std::vector low; + low.push_back(kAES_CM_HMAC_SHA1_32); + SetDtlsSrtpCiphers(high, true); + SetDtlsSrtpCiphers(low, false); TestHandshake(); - int client_cipher; - ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); - int server_cipher; - ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); + std::string client_cipher; + ASSERT_FALSE(GetDtlsSrtpCipher(true, &client_cipher)); + std::string server_cipher; + ASSERT_FALSE(GetDtlsSrtpCipher(false, &server_cipher)); }; // Test DTLS-SRTP with each side being mixed -- should select high TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { MAYBE_SKIP_TEST(HaveDtlsSrtp); - std::vector mixed; - mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); - mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); - SetDtlsSrtpCryptoSuites(mixed, true); - SetDtlsSrtpCryptoSuites(mixed, false); + std::vector mixed; + mixed.push_back(kAES_CM_HMAC_SHA1_80); + mixed.push_back(kAES_CM_HMAC_SHA1_32); + SetDtlsSrtpCiphers(mixed, true); + SetDtlsSrtpCiphers(mixed, false); TestHandshake(); - int client_cipher; - ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); - int server_cipher; - ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); + std::string client_cipher; + ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher)); + std::string server_cipher; + ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher)); ASSERT_EQ(client_cipher, server_cipher); - ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); + ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80); }; // Test an exporter diff --git a/webrtc/p2p/base/dtlstransportchannel.cc b/webrtc/p2p/base/dtlstransportchannel.cc index fff24f30b8..0c063e0323 100644 --- a/webrtc/p2p/base/dtlstransportchannel.cc +++ b/webrtc/p2p/base/dtlstransportchannel.cc @@ -267,7 +267,7 @@ bool DtlsTransportChannelWrapper::SetupDtls() { // Set up DTLS-SRTP, if it's been enabled. if (!srtp_ciphers_.empty()) { - if (!dtls_->SetDtlsSrtpCryptoSuites(srtp_ciphers_)) { + if (!dtls_->SetDtlsSrtpCiphers(srtp_ciphers_)) { LOG_J(LS_ERROR, this) << "Couldn't set DTLS-SRTP ciphers."; return false; } @@ -279,10 +279,11 @@ bool DtlsTransportChannelWrapper::SetupDtls() { return true; } -bool DtlsTransportChannelWrapper::SetSrtpCryptoSuites( - const std::vector& ciphers) { - if (srtp_ciphers_ == ciphers) +bool DtlsTransportChannelWrapper::SetSrtpCiphers( + const std::vector& ciphers) { + if (srtp_ciphers_ == ciphers) { return true; + } if (dtls_state() == DTLS_TRANSPORT_CONNECTING) { LOG(LS_WARNING) << "Ignoring new SRTP ciphers while DTLS is negotiating"; @@ -293,18 +294,18 @@ bool DtlsTransportChannelWrapper::SetSrtpCryptoSuites( // We don't support DTLS renegotiation currently. If new set of srtp ciphers // are different than what's being used currently, we will not use it. // So for now, let's be happy (or sad) with a warning message. - int current_srtp_cipher; - if (!dtls_->GetDtlsSrtpCryptoSuite(¤t_srtp_cipher)) { + std::string current_srtp_cipher; + if (!dtls_->GetDtlsSrtpCipher(¤t_srtp_cipher)) { LOG(LS_ERROR) << "Failed to get the current SRTP cipher for DTLS channel"; return false; } - const std::vector::const_iterator iter = + const std::vector::const_iterator iter = std::find(ciphers.begin(), ciphers.end(), current_srtp_cipher); if (iter == ciphers.end()) { std::string requested_str; for (size_t i = 0; i < ciphers.size(); ++i) { requested_str.append(" "); - requested_str.append(rtc::SrtpCryptoSuiteToName(ciphers[i])); + requested_str.append(ciphers[i]); requested_str.append(" "); } LOG(LS_WARNING) << "Ignoring new set of SRTP ciphers, as DTLS " @@ -323,12 +324,12 @@ bool DtlsTransportChannelWrapper::SetSrtpCryptoSuites( return true; } -bool DtlsTransportChannelWrapper::GetSrtpCryptoSuite(int* cipher) { +bool DtlsTransportChannelWrapper::GetSrtpCryptoSuite(std::string* cipher) { if (dtls_state() != DTLS_TRANSPORT_CONNECTED) { return false; } - return dtls_->GetDtlsSrtpCryptoSuite(cipher); + return dtls_->GetDtlsSrtpCipher(cipher); } diff --git a/webrtc/p2p/base/dtlstransportchannel.h b/webrtc/p2p/base/dtlstransportchannel.h index 71f68877d4..41e081b7fe 100644 --- a/webrtc/p2p/base/dtlstransportchannel.h +++ b/webrtc/p2p/base/dtlstransportchannel.h @@ -126,10 +126,10 @@ class DtlsTransportChannelWrapper : public TransportChannelImpl { // Set up the ciphers to use for DTLS-SRTP. If this method is not called // before DTLS starts, or |ciphers| is empty, SRTP keys won't be negotiated. // This method should be called before SetupDtls. - bool SetSrtpCryptoSuites(const std::vector& ciphers) override; + bool SetSrtpCiphers(const std::vector& ciphers) override; // Find out which DTLS-SRTP cipher was negotiated - bool GetSrtpCryptoSuite(int* cipher) override; + bool GetSrtpCryptoSuite(std::string* cipher) override; bool GetSslRole(rtc::SSLRole* role) const override; bool SetSslRole(rtc::SSLRole role) override; @@ -223,7 +223,7 @@ class DtlsTransportChannelWrapper : public TransportChannelImpl { TransportChannelImpl* const channel_; rtc::scoped_ptr dtls_; // The DTLS stream StreamInterfaceChannel* downward_; // Wrapper for channel_, owned by dtls_. - std::vector srtp_ciphers_; // SRTP ciphers to use with DTLS. + std::vector srtp_ciphers_; // SRTP ciphers to use with DTLS. bool dtls_active_ = false; rtc::scoped_refptr local_certificate_; rtc::SSLRole ssl_role_; diff --git a/webrtc/p2p/base/dtlstransportchannel_unittest.cc b/webrtc/p2p/base/dtlstransportchannel_unittest.cc index a967ae31f1..07e3b87847 100644 --- a/webrtc/p2p/base/dtlstransportchannel_unittest.cc +++ b/webrtc/p2p/base/dtlstransportchannel_unittest.cc @@ -28,6 +28,7 @@ return; \ } +static const char AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80"; static const char kIceUfrag1[] = "TESTICEUFRAG0001"; static const char kIcePwd1[] = "TESTICEPWD00000000000001"; static const size_t kPacketNumOffset = 8; @@ -149,9 +150,9 @@ class DtlsTestClient : public sigslot::has_slots<> { // SRTP ciphers will be set only in the beginning. for (std::vector::iterator it = channels_.begin(); it != channels_.end(); ++it) { - std::vector ciphers; - ciphers.push_back(rtc::SRTP_AES128_CM_SHA1_80); - ASSERT_TRUE((*it)->SetSrtpCryptoSuites(ciphers)); + std::vector ciphers; + ciphers.push_back(AES_CM_128_HMAC_SHA1_80); + ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers)); } } @@ -214,16 +215,16 @@ class DtlsTestClient : public sigslot::has_slots<> { } } - void CheckSrtp(int expected_crypto_suite) { + void CheckSrtp(const std::string& expected_cipher) { for (std::vector::iterator it = channels_.begin(); it != channels_.end(); ++it) { - int crypto_suite; + std::string cipher; - bool rv = (*it)->GetSrtpCryptoSuite(&crypto_suite); - if (negotiated_dtls_ && expected_crypto_suite) { + bool rv = (*it)->GetSrtpCryptoSuite(&cipher); + if (negotiated_dtls_ && !expected_cipher.empty()) { ASSERT_TRUE(rv); - ASSERT_EQ(crypto_suite, expected_crypto_suite); + ASSERT_EQ(cipher, expected_cipher); } else { ASSERT_FALSE(rv); } @@ -468,11 +469,11 @@ class DtlsTransportChannelTest : public testing::Test { // Check that we negotiated the right ciphers. if (use_dtls_srtp_) { - client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80); - client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80); + client1_.CheckSrtp(AES_CM_128_HMAC_SHA1_80); + client2_.CheckSrtp(AES_CM_128_HMAC_SHA1_80); } else { - client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE); - client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE); + client1_.CheckSrtp(""); + client2_.CheckSrtp(""); } client1_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( ssl_expected_version_, rtc::KT_DEFAULT)); diff --git a/webrtc/p2p/base/faketransportcontroller.h b/webrtc/p2p/base/faketransportcontroller.h index 251a0c681a..3e656fa4a3 100644 --- a/webrtc/p2p/base/faketransportcontroller.h +++ b/webrtc/p2p/base/faketransportcontroller.h @@ -242,20 +242,20 @@ class FakeTransportChannel : public TransportChannelImpl, bool IsDtlsActive() const override { return do_dtls_; } - bool SetSrtpCryptoSuites(const std::vector& ciphers) override { + bool SetSrtpCiphers(const std::vector& ciphers) override { srtp_ciphers_ = ciphers; return true; } - bool GetSrtpCryptoSuite(int* crypto_suite) override { - if (chosen_crypto_suite_ != rtc::SRTP_INVALID_CRYPTO_SUITE) { - *crypto_suite = chosen_crypto_suite_; + bool GetSrtpCryptoSuite(std::string* cipher) override { + if (!chosen_srtp_cipher_.empty()) { + *cipher = chosen_srtp_cipher_; return true; } return false; } - bool GetSslCipherSuite(int* cipher_suite) override { return false; } + bool GetSslCipherSuite(int* cipher) override { return false; } rtc::scoped_refptr GetLocalCertificate() const { return local_cert_; @@ -275,7 +275,7 @@ class FakeTransportChannel : public TransportChannelImpl, bool use_context, uint8_t* result, size_t result_len) override { - if (chosen_crypto_suite_ != rtc::SRTP_INVALID_CRYPTO_SUITE) { + if (!chosen_srtp_cipher_.empty()) { memset(result, 0xff, result_len); return true; } @@ -284,13 +284,14 @@ class FakeTransportChannel : public TransportChannelImpl, } void NegotiateSrtpCiphers() { - for (std::vector::const_iterator it1 = srtp_ciphers_.begin(); + for (std::vector::const_iterator it1 = srtp_ciphers_.begin(); it1 != srtp_ciphers_.end(); ++it1) { - for (std::vector::const_iterator it2 = dest_->srtp_ciphers_.begin(); + for (std::vector::const_iterator it2 = + dest_->srtp_ciphers_.begin(); it2 != dest_->srtp_ciphers_.end(); ++it2) { if (*it1 == *it2) { - chosen_crypto_suite_ = *it1; - dest_->chosen_crypto_suite_ = *it2; + chosen_srtp_cipher_ = *it1; + dest_->chosen_srtp_cipher_ = *it2; return; } } @@ -321,8 +322,8 @@ class FakeTransportChannel : public TransportChannelImpl, rtc::scoped_refptr local_cert_; rtc::FakeSSLCertificate* remote_cert_ = nullptr; bool do_dtls_ = false; - std::vector srtp_ciphers_; - int chosen_crypto_suite_ = rtc::SRTP_INVALID_CRYPTO_SUITE; + std::vector srtp_ciphers_; + std::string chosen_srtp_cipher_; int receiving_timeout_ = -1; bool gather_continually_ = false; IceRole role_ = ICEROLE_UNKNOWN; diff --git a/webrtc/p2p/base/p2ptransportchannel.h b/webrtc/p2p/base/p2ptransportchannel.h index 7d9b6121a2..9f2f3a0bb3 100644 --- a/webrtc/p2p/base/p2ptransportchannel.h +++ b/webrtc/p2p/base/p2ptransportchannel.h @@ -108,12 +108,12 @@ class P2PTransportChannel : public TransportChannelImpl, bool SetSslRole(rtc::SSLRole role) override { return false; } // Set up the ciphers to use for DTLS-SRTP. - bool SetSrtpCryptoSuites(const std::vector& ciphers) override { + bool SetSrtpCiphers(const std::vector& ciphers) override { return false; } // Find out which DTLS-SRTP cipher was negotiated. - bool GetSrtpCryptoSuite(int* cipher) override { return false; } + bool GetSrtpCryptoSuite(std::string* cipher) override { return false; } // Find out which DTLS cipher was negotiated. bool GetSslCipherSuite(int* cipher) override { return false; } diff --git a/webrtc/p2p/base/transport.cc b/webrtc/p2p/base/transport.cc index eff10aa0a9..2328e4587c 100644 --- a/webrtc/p2p/base/transport.cc +++ b/webrtc/p2p/base/transport.cc @@ -305,8 +305,8 @@ bool Transport::GetStats(TransportStats* stats) { TransportChannelImpl* channel = kv.second; TransportChannelStats substats; substats.component = channel->component(); - channel->GetSrtpCryptoSuite(&substats.srtp_crypto_suite); - channel->GetSslCipherSuite(&substats.ssl_cipher_suite); + channel->GetSrtpCryptoSuite(&substats.srtp_cipher); + channel->GetSslCipherSuite(&substats.ssl_cipher); if (!channel->GetStats(&substats.connection_infos)) { return false; } diff --git a/webrtc/p2p/base/transport.h b/webrtc/p2p/base/transport.h index 2e3981243e..955eb42098 100644 --- a/webrtc/p2p/base/transport.h +++ b/webrtc/p2p/base/transport.h @@ -123,8 +123,8 @@ typedef std::vector ConnectionInfos; struct TransportChannelStats { int component = 0; ConnectionInfos connection_infos; - int srtp_crypto_suite = rtc::SRTP_INVALID_CRYPTO_SUITE; - int ssl_cipher_suite = rtc::TLS_NULL_WITH_NULL_NULL; + std::string srtp_cipher; + int ssl_cipher = 0; }; // Information about all the channels of a transport. diff --git a/webrtc/p2p/base/transportchannel.cc b/webrtc/p2p/base/transportchannel.cc index 9662f0ae6c..63d84494e5 100644 --- a/webrtc/p2p/base/transportchannel.cc +++ b/webrtc/p2p/base/transportchannel.cc @@ -54,13 +54,4 @@ void TransportChannel::set_dtls_state(DtlsTransportState state) { SignalDtlsState(this); } -// TODO(guoweis): Remove this function once everything is moved away. -bool TransportChannel::SetSrtpCiphers(const std::vector& ciphers) { - std::vector crypto_suites; - for (const auto cipher : ciphers) { - crypto_suites.push_back(rtc::SrtpCryptoSuiteFromName(cipher)); - } - return SetSrtpCryptoSuites(crypto_suites); -} - } // namespace cricket diff --git a/webrtc/p2p/base/transportchannel.h b/webrtc/p2p/base/transportchannel.h index 89c7e6d422..ea18957ef3 100644 --- a/webrtc/p2p/base/transportchannel.h +++ b/webrtc/p2p/base/transportchannel.h @@ -108,14 +108,13 @@ class TransportChannel : public sigslot::has_slots<> { virtual bool GetSslRole(rtc::SSLRole* role) const = 0; // Sets up the ciphers to use for DTLS-SRTP. - virtual bool SetSrtpCryptoSuites(const std::vector& ciphers) = 0; - // Keep the original one for backward compatibility until all dependencies - // move away. TODO(guoweis): Remove this function. - virtual bool SetSrtpCiphers(const std::vector& ciphers); + virtual bool SetSrtpCiphers(const std::vector& ciphers) = 0; // Finds out which DTLS-SRTP cipher was negotiated. // TODO(guoweis): Remove this once all dependencies implement this. - virtual bool GetSrtpCryptoSuite(int* cipher) { return false; } + virtual bool GetSrtpCryptoSuite(std::string* cipher) { + return false; + } // Finds out which DTLS cipher was negotiated. // TODO(guoweis): Remove this once all dependencies implement this.