b0ed12099f
As part of go/coil update code search links to not point to the "master" branch. Bug: chromium:1226942 Change-Id: I0ae9e84ecc660f789a69fe0b226f93bbc39a8a66 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/226081 Commit-Queue: Tony Herre <toprice@chromium.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Cr-Commit-Position: refs/heads/master@{#34531}
2.9 KiB
Overview
WebRTC uses DTLS in two ways:
- to negotiate keys for SRTP encryption using DTLS-SRTP
- as a transport for SCTP which is used by the Datachannel API
The W3C WebRTC API represents this as the DtlsTransport.
The DTLS handshake happens after the ICE transport becomes writable and has
found a valid pair. It results in a set of keys being derived for DTLS-SRTP as
well as a fingerprint of the remote certificate which is compared to the one
given in the SDP a=fingerprint: line.
This documentation provides an overview of how DTLS is implemented, i.e how the following classes interact.
webrtc::DtlsTransport
The webrtc::DtlsTransport class is a wrapper around the
cricket::DtlsTransportInternal and allows registering observers implementing
the webrtc::DtlsTransportObserverInterface. The
webrtc::DtlsTransportObserverInterface will provide updates to the
observers, passing around a snapshot of the transports state such as the
connection state, the remote certificate(s) and the SRTP ciphers as
DtlsTransportInformation.
cricket::DtlsTransportInternal
The cricket::DtlsTransportInternal class is an interface. Its
implementation is cricket::DtlsTransport. The cricket::DtlsTransport
sends and receives network packets via an ICE transport. It also demultiplexes
DTLS packets and SRTP packets according to the scheme described in
RFC 5764.
webrtc::DtlsSrtpTranport
The webrtc::DtlsSrtpTransport class is responsіble for extracting the
SRTP keys after the DTLS handshake as well as protection and unprotection of
SRTP packets via its cricket::SrtpSession.