Convert internal representation of Srtp cryptos from string to int.
Note that the coversion from int to string happens in 3 places
1) SDP layer from int to external names. mediasession.cc GetSupportedSuiteNames.
2) for SSL_CTX_set_tlsext_use_srtp(), converting from int to internal names.
3) stats collection also needs external names.
External names are like AES_CM_128_HMAC_SHA1_80, specified in sslstreamadapter.cc.
Internal names are like SRTP_AES128_CM_SHA1_80, specified in opensslstreamadapter.cc.
The conversion from string to int happens in one place only, SDP layer, SrtpFilter::ApplyParams().
BUG=webrtc:5043
Review URL: https://codereview.webrtc.org/1416673006
Cr-Commit-Position: refs/heads/master@{#10701}
diff --git a/talk/app/webrtc/peerconnection_unittest.cc b/talk/app/webrtc/peerconnection_unittest.cc
index 3193ffd..4faf599 100644
--- a/talk/app/webrtc/peerconnection_unittest.cc
+++ b/talk/app/webrtc/peerconnection_unittest.cc
@@ -113,7 +113,7 @@
#if !defined(THREAD_SANITIZER)
// SRTP cipher name negotiated by the tests. This must be updated if the
// default changes.
-static const char kDefaultSrtpCipher[] = "AES_CM_128_HMAC_SHA1_32";
+static const int kDefaultSrtpCryptoSuite = rtc::SRTP_AES128_CM_SHA1_32;
#endif
static void RemoveLinesFromSdp(const std::string& line_start,
@@ -1327,7 +1327,7 @@
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
- EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
+ EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@@ -1337,12 +1337,12 @@
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
- EXPECT_EQ_WAIT(kDefaultSrtpCipher,
+ EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
- EXPECT_EQ(1, init_observer->GetEnumCounter(
- webrtc::kEnumCounterAudioSrtpCipher,
- rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
+ EXPECT_EQ(1,
+ init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
+ kDefaultSrtpCryptoSuite));
}
// Test that DTLS 1.2 is used if both ends support it.
@@ -1358,7 +1358,7 @@
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
- EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
+ EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_12, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@@ -1368,12 +1368,12 @@
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_12, rtc::KT_DEFAULT)));
- EXPECT_EQ_WAIT(kDefaultSrtpCipher,
+ EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
- EXPECT_EQ(1, init_observer->GetEnumCounter(
- webrtc::kEnumCounterAudioSrtpCipher,
- rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
+ EXPECT_EQ(1,
+ init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
+ kDefaultSrtpCryptoSuite));
}
// Test that DTLS 1.0 is used if the initator supports DTLS 1.2 and the
@@ -1390,7 +1390,7 @@
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
- EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
+ EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@@ -1400,12 +1400,12 @@
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
- EXPECT_EQ_WAIT(kDefaultSrtpCipher,
+ EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
- EXPECT_EQ(1, init_observer->GetEnumCounter(
- webrtc::kEnumCounterAudioSrtpCipher,
- rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
+ EXPECT_EQ(1,
+ init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
+ kDefaultSrtpCryptoSuite));
}
// Test that DTLS 1.0 is used if the initator supports DTLS 1.0 and the
@@ -1422,7 +1422,7 @@
initializing_client()->pc()->RegisterUMAObserver(init_observer);
LocalP2PTest();
- EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
+ EXPECT_EQ_WAIT(rtc::SSLStreamAdapter::SslCipherSuiteToName(
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)),
initializing_client()->GetDtlsCipherStats(),
@@ -1432,12 +1432,12 @@
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
- EXPECT_EQ_WAIT(kDefaultSrtpCipher,
+ EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
initializing_client()->GetSrtpCipherStats(),
kMaxWaitForStatsMs);
- EXPECT_EQ(1, init_observer->GetEnumCounter(
- webrtc::kEnumCounterAudioSrtpCipher,
- rtc::GetSrtpCryptoSuiteFromName(kDefaultSrtpCipher)));
+ EXPECT_EQ(1,
+ init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
+ kDefaultSrtpCryptoSuite));
}
// This test sets up a call between two parties with audio, video and data.
diff --git a/talk/app/webrtc/statscollector.cc b/talk/app/webrtc/statscollector.cc
index 347a846..2868696 100644
--- a/talk/app/webrtc/statscollector.cc
+++ b/talk/app/webrtc/statscollector.cc
@@ -730,17 +730,20 @@
channel_report->AddId(StatsReport::kStatsValueNameRemoteCertificateId,
remote_cert_report_id);
}
- const std::string& srtp_cipher = channel_iter.srtp_cipher;
- if (!srtp_cipher.empty()) {
- channel_report->AddString(StatsReport::kStatsValueNameSrtpCipher,
- srtp_cipher);
+ int srtp_crypto_suite = channel_iter.srtp_crypto_suite;
+ if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE &&
+ rtc::SrtpCryptoSuiteToName(srtp_crypto_suite).length()) {
+ channel_report->AddString(
+ StatsReport::kStatsValueNameSrtpCipher,
+ rtc::SrtpCryptoSuiteToName(srtp_crypto_suite));
}
- int ssl_cipher = channel_iter.ssl_cipher;
- if (ssl_cipher &&
- rtc::SSLStreamAdapter::GetSslCipherSuiteName(ssl_cipher).length()) {
+ int ssl_cipher_suite = channel_iter.ssl_cipher_suite;
+ if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL &&
+ rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite)
+ .length()) {
channel_report->AddString(
StatsReport::kStatsValueNameDtlsCipher,
- rtc::SSLStreamAdapter::GetSslCipherSuiteName(ssl_cipher));
+ rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite));
}
int connection_id = 0;
diff --git a/talk/app/webrtc/statscollector_unittest.cc b/talk/app/webrtc/statscollector_unittest.cc
index 9121c69..eb2e3f3 100644
--- a/talk/app/webrtc/statscollector_unittest.cc
+++ b/talk/app/webrtc/statscollector_unittest.cc
@@ -683,8 +683,8 @@
// Fake stats to process.
cricket::TransportChannelStats channel_stats;
channel_stats.component = 1;
- channel_stats.srtp_cipher = "the-srtp-cipher";
- channel_stats.ssl_cipher = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
+ channel_stats.srtp_crypto_suite = rtc::SRTP_AES128_CM_SHA1_80;
+ channel_stats.ssl_cipher_suite = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
cricket::TransportStats transport_stats;
transport_stats.transport_name = "audio";
@@ -747,18 +747,17 @@
}
// Check negotiated ciphers.
- std::string dtls_cipher = ExtractStatsValue(
- StatsReport::kStatsReportTypeComponent,
- reports,
- StatsReport::kStatsValueNameDtlsCipher);
- EXPECT_EQ(rtc::SSLStreamAdapter::GetSslCipherSuiteName(
+ std::string dtls_cipher_suite =
+ ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
+ StatsReport::kStatsValueNameDtlsCipher);
+ EXPECT_EQ(rtc::SSLStreamAdapter::SslCipherSuiteToName(
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA),
- dtls_cipher);
- std::string srtp_cipher = ExtractStatsValue(
- StatsReport::kStatsReportTypeComponent,
- reports,
- StatsReport::kStatsValueNameSrtpCipher);
- EXPECT_EQ("the-srtp-cipher", srtp_cipher);
+ dtls_cipher_suite);
+ std::string srtp_crypto_suite =
+ ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
+ StatsReport::kStatsValueNameSrtpCipher);
+ EXPECT_EQ(rtc::SrtpCryptoSuiteToName(rtc::SRTP_AES128_CM_SHA1_80),
+ srtp_crypto_suite);
}
cricket::FakeMediaEngine* media_engine_;
@@ -1407,16 +1406,14 @@
ASSERT_EQ(kNotFound, remote_certificate_id);
// Check that the negotiated ciphers are absent.
- std::string dtls_cipher = ExtractStatsValue(
- StatsReport::kStatsReportTypeComponent,
- reports,
- StatsReport::kStatsValueNameDtlsCipher);
- ASSERT_EQ(kNotFound, dtls_cipher);
- std::string srtp_cipher = ExtractStatsValue(
- StatsReport::kStatsReportTypeComponent,
- reports,
- StatsReport::kStatsValueNameSrtpCipher);
- ASSERT_EQ(kNotFound, srtp_cipher);
+ std::string dtls_cipher_suite =
+ ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
+ StatsReport::kStatsValueNameDtlsCipher);
+ ASSERT_EQ(kNotFound, dtls_cipher_suite);
+ std::string srtp_crypto_suite =
+ ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
+ StatsReport::kStatsValueNameSrtpCipher);
+ ASSERT_EQ(kNotFound, srtp_crypto_suite);
}
// This test verifies that the stats are generated correctly when the transport
diff --git a/talk/app/webrtc/webrtcsession.cc b/talk/app/webrtc/webrtcsession.cc
index 1fc2a37..ada35c5 100644
--- a/talk/app/webrtc/webrtcsession.cc
+++ b/talk/app/webrtc/webrtcsession.cc
@@ -2157,9 +2157,10 @@
return;
}
- const std::string& srtp_cipher = stats.channel_stats[0].srtp_cipher;
- int ssl_cipher = stats.channel_stats[0].ssl_cipher;
- if (srtp_cipher.empty() && !ssl_cipher) {
+ int srtp_crypto_suite = stats.channel_stats[0].srtp_crypto_suite;
+ int ssl_cipher_suite = stats.channel_stats[0].ssl_cipher_suite;
+ if (srtp_crypto_suite == rtc::SRTP_INVALID_CRYPTO_SUITE &&
+ ssl_cipher_suite == rtc::TLS_NULL_WITH_NULL_NULL) {
return;
}
@@ -2179,12 +2180,13 @@
return;
}
- if (!srtp_cipher.empty()) {
- metrics_observer_->IncrementSparseEnumCounter(
- srtp_counter_type, rtc::GetSrtpCryptoSuiteFromName(srtp_cipher));
+ if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE) {
+ metrics_observer_->IncrementSparseEnumCounter(srtp_counter_type,
+ srtp_crypto_suite);
}
- if (ssl_cipher) {
- metrics_observer_->IncrementSparseEnumCounter(ssl_counter_type, ssl_cipher);
+ if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL) {
+ metrics_observer_->IncrementSparseEnumCounter(ssl_counter_type,
+ ssl_cipher_suite);
}
}
diff --git a/talk/media/base/cryptoparams.h b/talk/media/base/cryptoparams.h
index 9dd1db5..589953d 100644
--- a/talk/media/base/cryptoparams.h
+++ b/talk/media/base/cryptoparams.h
@@ -35,8 +35,10 @@
// Parameters for SRTP negotiation, as described in RFC 4568.
struct CryptoParams {
CryptoParams() : tag(0) {}
- CryptoParams(int t, const std::string& cs,
- const std::string& kp, const std::string& sp)
+ CryptoParams(int t,
+ const std::string& cs,
+ const std::string& kp,
+ const std::string& sp)
: tag(t), cipher_suite(cs), key_params(kp), session_params(sp) {}
bool Matches(const CryptoParams& params) const {
diff --git a/talk/session/media/channel.cc b/talk/session/media/channel.cc
index 8d3efec..ef26704 100644
--- a/talk/session/media/channel.cc
+++ b/talk/session/media/channel.cc
@@ -218,11 +218,11 @@
return false;
}
- if (!SetDtlsSrtpCiphers(transport_channel(), false)) {
+ if (!SetDtlsSrtpCryptoSuites(transport_channel(), false)) {
return false;
}
if (rtcp_transport_enabled() &&
- !SetDtlsSrtpCiphers(rtcp_transport_channel(), true)) {
+ !SetDtlsSrtpCryptoSuites(rtcp_transport_channel(), true)) {
return false;
}
@@ -809,16 +809,16 @@
SignalDtlsSetupFailure(this, rtcp);
}
-bool BaseChannel::SetDtlsSrtpCiphers(TransportChannel *tc, bool rtcp) {
- std::vector<std::string> ciphers;
- // We always use the default SRTP ciphers for RTCP, but we may use different
- // ciphers for RTP depending on the media type.
+bool BaseChannel::SetDtlsSrtpCryptoSuites(TransportChannel* tc, bool rtcp) {
+ std::vector<int> crypto_suites;
+ // We always use the default SRTP crypto suites for RTCP, but we may use
+ // different crypto suites for RTP depending on the media type.
if (!rtcp) {
- GetSrtpCryptoSuiteNames(&ciphers);
+ GetSrtpCryptoSuites(&crypto_suites);
} else {
- GetDefaultSrtpCryptoSuiteNames(&ciphers);
+ GetDefaultSrtpCryptoSuites(&crypto_suites);
}
- return tc->SetSrtpCiphers(ciphers);
+ return tc->SetSrtpCryptoSuites(crypto_suites);
}
bool BaseChannel::ShouldSetupDtlsSrtp() const {
@@ -837,10 +837,10 @@
if (!channel->IsDtlsActive())
return true;
- std::string selected_cipher;
+ int selected_crypto_suite;
- if (!channel->GetSrtpCryptoSuite(&selected_cipher)) {
- LOG(LS_ERROR) << "No DTLS-SRTP selected cipher";
+ if (!channel->GetSrtpCryptoSuite(&selected_crypto_suite)) {
+ LOG(LS_ERROR) << "No DTLS-SRTP selected crypto suite";
return false;
}
@@ -896,21 +896,15 @@
}
if (rtcp_channel) {
- ret = srtp_filter_.SetRtcpParams(
- selected_cipher,
- &(*send_key)[0],
- static_cast<int>(send_key->size()),
- selected_cipher,
- &(*recv_key)[0],
- static_cast<int>(recv_key->size()));
+ ret = srtp_filter_.SetRtcpParams(selected_crypto_suite, &(*send_key)[0],
+ static_cast<int>(send_key->size()),
+ selected_crypto_suite, &(*recv_key)[0],
+ static_cast<int>(recv_key->size()));
} else {
- ret = srtp_filter_.SetRtpParams(
- selected_cipher,
- &(*send_key)[0],
- static_cast<int>(send_key->size()),
- selected_cipher,
- &(*recv_key)[0],
- static_cast<int>(recv_key->size()));
+ ret = srtp_filter_.SetRtpParams(selected_crypto_suite, &(*send_key)[0],
+ static_cast<int>(send_key->size()),
+ selected_crypto_suite, &(*recv_key)[0],
+ static_cast<int>(recv_key->size()));
}
if (!ret)
@@ -1580,9 +1574,8 @@
SignalAudioMonitor(this, info);
}
-void VoiceChannel::GetSrtpCryptoSuiteNames(
- std::vector<std::string>* ciphers) const {
- GetSupportedAudioCryptoSuites(ciphers);
+void VoiceChannel::GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const {
+ GetSupportedAudioCryptoSuites(crypto_suites);
}
VideoChannel::VideoChannel(rtc::Thread* thread,
@@ -1970,9 +1963,8 @@
return false;
}
-void VideoChannel::GetSrtpCryptoSuiteNames(
- std::vector<std::string>* ciphers) const {
- GetSupportedVideoCryptoSuites(ciphers);
+void VideoChannel::GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const {
+ GetSupportedVideoCryptoSuites(crypto_suites);
}
DataChannel::DataChannel(rtc::Thread* thread,
@@ -2278,9 +2270,8 @@
new DataChannelReadyToSendMessageData(writable));
}
-void DataChannel::GetSrtpCryptoSuiteNames(
- std::vector<std::string>* ciphers) const {
- GetSupportedDataCryptoSuites(ciphers);
+void DataChannel::GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const {
+ GetSupportedDataCryptoSuites(crypto_suites);
}
bool DataChannel::ShouldSetupDtlsSrtp() const {
diff --git a/talk/session/media/channel.h b/talk/session/media/channel.h
index 603115c..9342d31 100644
--- a/talk/session/media/channel.h
+++ b/talk/session/media/channel.h
@@ -236,7 +236,7 @@
// |rtcp_channel| indicates whether to set up the RTP or RTCP filter.
bool SetupDtlsSrtp(bool rtcp_channel);
// Set the DTLS-SRTP cipher policy on this channel as appropriate.
- bool SetDtlsSrtpCiphers(TransportChannel *tc, bool rtcp);
+ bool SetDtlsSrtpCryptoSuites(TransportChannel* tc, bool rtcp);
virtual void ChangeState() = 0;
@@ -282,9 +282,8 @@
void OnMessage(rtc::Message* pmsg) override;
// Handled in derived classes
- // Get the SRTP ciphers to use for RTP media
- virtual void GetSrtpCryptoSuiteNames(
- std::vector<std::string>* ciphers) const = 0;
+ // Get the SRTP crypto suites to use for RTP media
+ virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const = 0;
virtual void OnConnectionMonitorUpdate(ConnectionMonitor* monitor,
const std::vector<ConnectionInfo>& infos) = 0;
@@ -407,7 +406,7 @@
bool GetStats_w(VoiceMediaInfo* stats);
virtual void OnMessage(rtc::Message* pmsg);
- virtual void GetSrtpCryptoSuiteNames(std::vector<std::string>* ciphers) const;
+ virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const;
virtual void OnConnectionMonitorUpdate(
ConnectionMonitor* monitor, const std::vector<ConnectionInfo>& infos);
virtual void OnMediaMonitorUpdate(
@@ -497,7 +496,7 @@
bool GetStats_w(VideoMediaInfo* stats);
virtual void OnMessage(rtc::Message* pmsg);
- virtual void GetSrtpCryptoSuiteNames(std::vector<std::string>* ciphers) const;
+ virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const;
virtual void OnConnectionMonitorUpdate(
ConnectionMonitor* monitor, const std::vector<ConnectionInfo>& infos);
virtual void OnMediaMonitorUpdate(
@@ -614,7 +613,7 @@
virtual bool WantsPacket(bool rtcp, rtc::Buffer* packet);
virtual void OnMessage(rtc::Message* pmsg);
- virtual void GetSrtpCryptoSuiteNames(std::vector<std::string>* ciphers) const;
+ virtual void GetSrtpCryptoSuites(std::vector<int>* crypto_suites) const;
virtual void OnConnectionMonitorUpdate(
ConnectionMonitor* monitor, const std::vector<ConnectionInfo>& infos);
virtual void OnMediaMonitorUpdate(
diff --git a/talk/session/media/mediasession.cc b/talk/session/media/mediasession.cc
index 7413026..ed626e2 100644
--- a/talk/session/media/mediasession.cc
+++ b/talk/session/media/mediasession.cc
@@ -50,6 +50,17 @@
namespace {
const char kInline[] = "inline:";
+
+void GetSupportedCryptoSuiteNames(void (*func)(std::vector<int>*),
+ std::vector<std::string>* names) {
+#ifdef HAVE_SRTP
+ std::vector<int> crypto_suites;
+ func(&crypto_suites);
+ for (const auto crypto : crypto_suites) {
+ names->push_back(rtc::SrtpCryptoSuiteToName(crypto));
+ }
+#endif
+}
}
namespace cricket {
@@ -152,30 +163,50 @@
}
// For audio, HMAC 32 is prefered because of the low overhead.
-void GetSupportedAudioCryptoSuites(
- std::vector<std::string>* crypto_suites) {
+void GetSupportedAudioCryptoSuites(std::vector<int>* crypto_suites) {
#ifdef HAVE_SRTP
- crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_32);
- crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_80);
+ crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32);
+ crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
#endif
}
-void GetSupportedVideoCryptoSuites(
- std::vector<std::string>* crypto_suites) {
- GetDefaultSrtpCryptoSuiteNames(crypto_suites);
+void GetSupportedAudioCryptoSuiteNames(
+ std::vector<std::string>* crypto_suite_names) {
+ GetSupportedCryptoSuiteNames(GetSupportedAudioCryptoSuites,
+ crypto_suite_names);
}
-void GetSupportedDataCryptoSuites(
- std::vector<std::string>* crypto_suites) {
- GetDefaultSrtpCryptoSuiteNames(crypto_suites);
+void GetSupportedVideoCryptoSuites(std::vector<int>* crypto_suites) {
+ GetDefaultSrtpCryptoSuites(crypto_suites);
}
-void GetDefaultSrtpCryptoSuiteNames(std::vector<std::string>* crypto_suites) {
+void GetSupportedVideoCryptoSuiteNames(
+ std::vector<std::string>* crypto_suite_names) {
+ GetSupportedCryptoSuiteNames(GetSupportedVideoCryptoSuites,
+ crypto_suite_names);
+}
+
+void GetSupportedDataCryptoSuites(std::vector<int>* crypto_suites) {
+ GetDefaultSrtpCryptoSuites(crypto_suites);
+}
+
+void GetSupportedDataCryptoSuiteNames(
+ std::vector<std::string>* crypto_suite_names) {
+ GetSupportedCryptoSuiteNames(GetSupportedDataCryptoSuites,
+ crypto_suite_names);
+}
+
+void GetDefaultSrtpCryptoSuites(std::vector<int>* crypto_suites) {
#ifdef HAVE_SRTP
- crypto_suites->push_back(rtc::CS_AES_CM_128_HMAC_SHA1_80);
+ crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
#endif
}
+void GetDefaultSrtpCryptoSuiteNames(
+ std::vector<std::string>* crypto_suite_names) {
+ GetSupportedCryptoSuiteNames(GetDefaultSrtpCryptoSuites, crypto_suite_names);
+}
+
// For video support only 80-bit SHA1 HMAC. For audio 32-bit HMAC is
// tolerated unless bundle is enabled because it is low overhead. Pick the
// crypto in the list that is supported.
@@ -1514,7 +1545,7 @@
scoped_ptr<AudioContentDescription> audio(new AudioContentDescription());
std::vector<std::string> crypto_suites;
- GetSupportedAudioCryptoSuites(&crypto_suites);
+ GetSupportedAudioCryptoSuiteNames(&crypto_suites);
if (!CreateMediaContentOffer(
options,
audio_codecs,
@@ -1568,7 +1599,7 @@
scoped_ptr<VideoContentDescription> video(new VideoContentDescription());
std::vector<std::string> crypto_suites;
- GetSupportedVideoCryptoSuites(&crypto_suites);
+ GetSupportedVideoCryptoSuiteNames(&crypto_suites);
if (!CreateMediaContentOffer(
options,
video_codecs,
@@ -1638,7 +1669,7 @@
data->set_protocol(
secure_transport ? kMediaProtocolDtlsSctp : kMediaProtocolSctp);
} else {
- GetSupportedDataCryptoSuites(&crypto_suites);
+ GetSupportedDataCryptoSuiteNames(&crypto_suites);
}
if (!CreateMediaContentOffer(
diff --git a/talk/session/media/mediasession.h b/talk/session/media/mediasession.h
index e92628e..25ea017 100644
--- a/talk/session/media/mediasession.h
+++ b/talk/session/media/mediasession.h
@@ -547,10 +547,19 @@
const DataContentDescription* GetFirstDataContentDescription(
const SessionDescription* sdesc);
-void GetSupportedAudioCryptoSuites(std::vector<std::string>* crypto_suites);
-void GetSupportedVideoCryptoSuites(std::vector<std::string>* crypto_suites);
-void GetSupportedDataCryptoSuites(std::vector<std::string>* crypto_suites);
-void GetDefaultSrtpCryptoSuiteNames(std::vector<std::string>* crypto_suites);
+void GetSupportedAudioCryptoSuites(std::vector<int>* crypto_suites);
+void GetSupportedVideoCryptoSuites(std::vector<int>* crypto_suites);
+void GetSupportedDataCryptoSuites(std::vector<int>* crypto_suites);
+void GetDefaultSrtpCryptoSuites(std::vector<int>* crypto_suites);
+void GetSupportedAudioCryptoSuiteNames(
+ std::vector<std::string>* crypto_suite_names);
+void GetSupportedVideoCryptoSuiteNames(
+ std::vector<std::string>* crypto_suite_names);
+void GetSupportedDataCryptoSuiteNames(
+ std::vector<std::string>* crypto_suite_names);
+void GetDefaultSrtpCryptoSuiteNames(
+ std::vector<std::string>* crypto_suite_names);
+
} // namespace cricket
#endif // TALK_SESSION_MEDIA_MEDIASESSION_H_
diff --git a/talk/session/media/srtpfilter.cc b/talk/session/media/srtpfilter.cc
index 079ddfb..4a54740 100644
--- a/talk/session/media/srtpfilter.cc
+++ b/talk/session/media/srtpfilter.cc
@@ -146,10 +146,10 @@
return DoSetAnswer(answer_params, source, false);
}
-bool SrtpFilter::SetRtpParams(const std::string& send_cs,
+bool SrtpFilter::SetRtpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
- const std::string& recv_cs,
+ int recv_cs,
const uint8_t* recv_key,
int recv_key_len) {
if (IsActive()) {
@@ -179,10 +179,10 @@
// SrtpSession.
// - In the muxed case, they are keyed with the same keys, so
// this function is not needed
-bool SrtpFilter::SetRtcpParams(const std::string& send_cs,
+bool SrtpFilter::SetRtcpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
- const std::string& recv_cs,
+ int recv_cs,
const uint8_t* recv_key,
int recv_key_len) {
// This can only be called once, but can be safely called after
@@ -428,10 +428,12 @@
ParseKeyParams(recv_params.key_params, recv_key, sizeof(recv_key)));
if (ret) {
CreateSrtpSessions();
- ret = (send_session_->SetSend(send_params.cipher_suite,
- send_key, sizeof(send_key)) &&
- recv_session_->SetRecv(recv_params.cipher_suite,
- recv_key, sizeof(recv_key)));
+ ret = (send_session_->SetSend(
+ rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite), send_key,
+ sizeof(send_key)) &&
+ recv_session_->SetRecv(
+ rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite), recv_key,
+ sizeof(recv_key)));
}
if (ret) {
LOG(LS_INFO) << "SRTP activated with negotiated parameters:"
@@ -507,11 +509,11 @@
}
}
-bool SrtpSession::SetSend(const std::string& cs, const uint8_t* key, int len) {
+bool SrtpSession::SetSend(int cs, const uint8_t* key, int len) {
return SetKey(ssrc_any_outbound, cs, key, len);
}
-bool SrtpSession::SetRecv(const std::string& cs, const uint8_t* key, int len) {
+bool SrtpSession::SetRecv(int cs, const uint8_t* key, int len) {
return SetKey(ssrc_any_inbound, cs, key, len);
}
@@ -658,10 +660,7 @@
srtp_stat_->set_signal_silent_time(signal_silent_time_in_ms);
}
-bool SrtpSession::SetKey(int type,
- const std::string& cs,
- const uint8_t* key,
- int len) {
+bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, int len) {
if (session_) {
LOG(LS_ERROR) << "Failed to create SRTP session: "
<< "SRTP session already created";
@@ -675,15 +674,15 @@
srtp_policy_t policy;
memset(&policy, 0, sizeof(policy));
- if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_80) {
+ if (cs == rtc::SRTP_AES128_CM_SHA1_80) {
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
- } else if (cs == rtc::CS_AES_CM_128_HMAC_SHA1_32) {
+ } else if (cs == rtc::SRTP_AES128_CM_SHA1_32) {
crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp); // rtp is 32,
crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // rtcp still 80
} else {
LOG(LS_WARNING) << "Failed to create SRTP session: unsupported"
- << " cipher_suite " << cs.c_str();
+ << " cipher_suite " << cs;
return false;
}
diff --git a/talk/session/media/srtpfilter.h b/talk/session/media/srtpfilter.h
index 3c3a8e8..d30cee6 100644
--- a/talk/session/media/srtpfilter.h
+++ b/talk/session/media/srtpfilter.h
@@ -104,16 +104,16 @@
// Just set up both sets of keys directly.
// Used with DTLS-SRTP.
- bool SetRtpParams(const std::string& send_cs,
+ bool SetRtpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
- const std::string& recv_cs,
+ int recv_cs,
const uint8_t* recv_key,
int recv_key_len);
- bool SetRtcpParams(const std::string& send_cs,
+ bool SetRtcpParams(int send_cs,
const uint8_t* send_key,
int send_key_len,
- const std::string& recv_cs,
+ int recv_cs,
const uint8_t* recv_key,
int recv_key_len);
@@ -199,10 +199,10 @@
// Configures the session for sending data using the specified
// cipher-suite and key. Receiving must be done by a separate session.
- bool SetSend(const std::string& cs, const uint8_t* key, int len);
+ bool SetSend(int cs, const uint8_t* key, int len);
// Configures the session for receiving data using the specified
// cipher-suite and key. Sending must be done by a separate session.
- bool SetRecv(const std::string& cs, const uint8_t* key, int len);
+ bool SetRecv(int cs, const uint8_t* key, int len);
// Encrypts/signs an individual RTP/RTCP packet, in-place.
// If an HMAC is used, this will increase the packet size.
@@ -232,7 +232,7 @@
SignalSrtpError;
private:
- bool SetKey(int type, const std::string& cs, const uint8_t* key, int len);
+ bool SetKey(int type, int cs, const uint8_t* key, int len);
// Returns send stream current packet index from srtp db.
bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index);
diff --git a/talk/session/media/srtpfilter_unittest.cc b/talk/session/media/srtpfilter_unittest.cc
index 8122455..1187438 100644
--- a/talk/session/media/srtpfilter_unittest.cc
+++ b/talk/session/media/srtpfilter_unittest.cc
@@ -508,21 +508,17 @@
// Test directly setting the params with AES_CM_128_HMAC_SHA1_80
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
- EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
- kTestKey1, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_80,
+ EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey2, kTestKeyLen));
- EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
- kTestKey2, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_80,
+ EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen));
- EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
- kTestKey1, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_80,
+ EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey2, kTestKeyLen));
- EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
- kTestKey2, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_80,
+ EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
@@ -531,21 +527,17 @@
// Test directly setting the params with AES_CM_128_HMAC_SHA1_32
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
- EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
- kTestKey1, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_32,
+ EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
- EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
- kTestKey2, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_32,
+ EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey1, kTestKeyLen));
- EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
- kTestKey1, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_32,
+ EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
- EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
- kTestKey2, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_32,
+ EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
@@ -554,25 +546,21 @@
// Test directly setting the params with bogus keys
TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
- EXPECT_FALSE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
- kTestKey1, kTestKeyLen - 1,
- CS_AES_CM_128_HMAC_SHA1_80,
+ EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
+ kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen - 1));
- EXPECT_FALSE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
- kTestKey1, kTestKeyLen - 1,
- CS_AES_CM_128_HMAC_SHA1_80,
+ EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
+ kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen - 1));
}
#if defined(ENABLE_EXTERNAL_AUTH)
TEST_F(SrtpFilterTest, TestGetSendAuthParams) {
- EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
- kTestKey1, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_32,
+ EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
- EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
- kTestKey1, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_32,
+ EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
+ kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
uint8_t* auth_key = NULL;
int auth_key_len = 0, auth_tag_len = 0;
@@ -629,28 +617,30 @@
// Test that we can set up the session and keys properly.
TEST_F(SrtpSessionTest, TestGoodSetup) {
- EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
- EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
}
// Test that we can't change the keys once set.
TEST_F(SrtpSessionTest, TestBadSetup) {
- EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
- EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
- EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
- EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
+ EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_FALSE(
+ s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen));
+ EXPECT_FALSE(
+ s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen));
}
// Test that we fail keys of the wrong length.
TEST_F(SrtpSessionTest, TestKeysTooShort) {
- EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
- EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
+ EXPECT_FALSE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1));
+ EXPECT_FALSE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1));
}
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80.
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
- EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
- EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80);
@@ -659,8 +649,8 @@
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
- EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
- EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32);
@@ -668,7 +658,7 @@
}
TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
- EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
int64_t index;
int out_len = 0;
EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
@@ -681,8 +671,8 @@
// Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods.
TEST_F(SrtpSessionTest, TestTamperReject) {
int out_len;
- EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
- EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
rtp_packet_[0] = 0x12;
@@ -694,8 +684,8 @@
// Test that we fail to unprotect if the payloads are not authenticated.
TEST_F(SrtpSessionTest, TestUnencryptReject) {
int out_len;
- EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
- EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
}
@@ -703,7 +693,7 @@
// Test that we fail when using buffers that are too small.
TEST_F(SrtpSessionTest, TestBuffersTooSmall) {
int out_len;
- EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
sizeof(rtp_packet_) - 10, &out_len));
EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
@@ -717,8 +707,8 @@
static const uint16_t replay_window = 1024;
int out_len;
- EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
- EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
+ EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
// Initial sequence number.
rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_big);
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 346b442..abbb715 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -43,17 +43,19 @@
#endif
#ifdef HAVE_DTLS_SRTP
-// SRTP cipher suite table
+// SRTP cipher suite table. |internal_name| is used to construct a
+// colon-separated profile strings which is needed by
+// SSL_CTX_set_tlsext_use_srtp().
struct SrtpCipherMapEntry {
- const char* external_name;
const char* internal_name;
+ const int id;
};
// This isn't elegant, but it's better than an external reference
static SrtpCipherMapEntry SrtpCipherMap[] = {
- {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"},
- {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"},
- {NULL, NULL}};
+ {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80},
+ {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32},
+ {nullptr, 0}};
#endif
#ifndef OPENSSL_IS_BORINGSSL
@@ -350,9 +352,9 @@
return true;
}
-std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) {
+std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
#ifdef OPENSSL_IS_BORINGSSL
- const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher);
+ const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite);
if (!ssl_cipher) {
return std::string();
}
@@ -363,7 +365,7 @@
#else
for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name;
++entry) {
- if (cipher == entry->openssl_id) {
+ if (cipher_suite == entry->openssl_id) {
return entry->rfc_name;
}
}
@@ -371,7 +373,7 @@
#endif
}
-bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) {
+bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
if (state_ != SSL_CONNECTED)
return false;
@@ -380,7 +382,7 @@
return false;
}
- *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
+ *cipher_suite = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
return true;
}
@@ -407,20 +409,20 @@
#endif
}
-bool OpenSSLStreamAdapter::SetDtlsSrtpCiphers(
- const std::vector<std::string>& ciphers) {
+bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
+ const std::vector<int>& ciphers) {
#ifdef HAVE_DTLS_SRTP
std::string internal_ciphers;
if (state_ != SSL_NONE)
return false;
- for (std::vector<std::string>::const_iterator cipher = ciphers.begin();
+ for (std::vector<int>::const_iterator cipher = ciphers.begin();
cipher != ciphers.end(); ++cipher) {
bool found = false;
- for (SrtpCipherMapEntry *entry = SrtpCipherMap; entry->internal_name;
+ for (SrtpCipherMapEntry* entry = SrtpCipherMap; entry->internal_name;
++entry) {
- if (*cipher == entry->external_name) {
+ if (*cipher == entry->id) {
found = true;
if (!internal_ciphers.empty())
internal_ciphers += ":";
@@ -445,7 +447,7 @@
#endif
}
-bool OpenSSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
+bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
#ifdef HAVE_DTLS_SRTP
ASSERT(state_ == SSL_CONNECTED);
if (state_ != SSL_CONNECTED)
@@ -457,17 +459,9 @@
if (!srtp_profile)
return false;
- for (SrtpCipherMapEntry *entry = SrtpCipherMap;
- entry->internal_name; ++entry) {
- if (!strcmp(entry->internal_name, srtp_profile->name)) {
- *cipher = entry->external_name;
- return true;
- }
- }
-
- ASSERT(false); // This should never happen
-
- return false;
+ *crypto_suite = srtp_profile->id;
+ ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty());
+ return true;
#else
return false;
#endif
diff --git a/webrtc/base/opensslstreamadapter.h b/webrtc/base/opensslstreamadapter.h
index 0f3ded9..e57b2a3 100644
--- a/webrtc/base/opensslstreamadapter.h
+++ b/webrtc/base/opensslstreamadapter.h
@@ -88,7 +88,7 @@
StreamState GetState() const override;
// TODO(guoweis): Move this away from a static class method.
- static std::string GetSslCipherSuiteName(int cipher);
+ static std::string SslCipherSuiteToName(int crypto_suite);
bool GetSslCipherSuite(int* cipher) override;
@@ -101,8 +101,8 @@
size_t result_len) override;
// DTLS-SRTP interface
- bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers) override;
- bool GetDtlsSrtpCipher(std::string* cipher) override;
+ bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites) override;
+ bool GetDtlsSrtpCryptoSuite(int* crypto_suite) override;
// Capabilities interfaces
static bool HaveDtls();
diff --git a/webrtc/base/sslstreamadapter.cc b/webrtc/base/sslstreamadapter.cc
index b9ba9d3..a2cff3e 100644
--- a/webrtc/base/sslstreamadapter.cc
+++ b/webrtc/base/sslstreamadapter.cc
@@ -30,12 +30,20 @@
const char CS_AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
const char CS_AES_CM_128_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
-int GetSrtpCryptoSuiteFromName(const std::string& cipher) {
- if (cipher == CS_AES_CM_128_HMAC_SHA1_32)
+std::string SrtpCryptoSuiteToName(int crypto_suite) {
+ if (crypto_suite == SRTP_AES128_CM_SHA1_32)
+ return CS_AES_CM_128_HMAC_SHA1_32;
+ if (crypto_suite == SRTP_AES128_CM_SHA1_80)
+ return CS_AES_CM_128_HMAC_SHA1_80;
+ return std::string();
+}
+
+int SrtpCryptoSuiteFromName(const std::string& crypto_suite) {
+ if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_32)
return SRTP_AES128_CM_SHA1_32;
- if (cipher == CS_AES_CM_128_HMAC_SHA1_80)
+ if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_80)
return SRTP_AES128_CM_SHA1_80;
- return 0;
+ return SRTP_INVALID_CRYPTO_SUITE;
}
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
@@ -46,7 +54,7 @@
#endif // SSL_USE_OPENSSL
}
-bool SSLStreamAdapter::GetSslCipherSuite(int* cipher) {
+bool SSLStreamAdapter::GetSslCipherSuite(int* cipher_suite) {
return false;
}
@@ -59,12 +67,12 @@
return false; // Default is unsupported
}
-bool SSLStreamAdapter::SetDtlsSrtpCiphers(
- const std::vector<std::string>& ciphers) {
+bool SSLStreamAdapter::SetDtlsSrtpCryptoSuites(
+ const std::vector<int>& crypto_suites) {
return false;
}
-bool SSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
+bool SSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
return false;
}
@@ -83,8 +91,8 @@
return OpenSSLStreamAdapter::GetDefaultSslCipherForTest(version, key_type);
}
-std::string SSLStreamAdapter::GetSslCipherSuiteName(int cipher) {
- return OpenSSLStreamAdapter::GetSslCipherSuiteName(cipher);
+std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
+ return OpenSSLStreamAdapter::SslCipherSuiteToName(cipher_suite);
}
#endif // SSL_USE_OPENSSL
diff --git a/webrtc/base/sslstreamadapter.h b/webrtc/base/sslstreamadapter.h
index 65a7729..c57056b 100644
--- a/webrtc/base/sslstreamadapter.h
+++ b/webrtc/base/sslstreamadapter.h
@@ -19,7 +19,11 @@
namespace rtc {
+// Constants for SSL profile.
+const int TLS_NULL_WITH_NULL_NULL = 0;
+
// Constants for SRTP profiles.
+const int SRTP_INVALID_CRYPTO_SUITE = 0;
const int SRTP_AES128_CM_SHA1_80 = 0x0001;
const int SRTP_AES128_CM_SHA1_32 = 0x0002;
@@ -31,10 +35,13 @@
// 128-bit AES with 32-bit SHA-1 HMAC.
extern const char CS_AES_CM_128_HMAC_SHA1_32[];
-// Returns the DTLS-SRTP protection profile ID, as defined in
-// https://tools.ietf.org/html/rfc5764#section-4.1.2, for the given SRTP
-// Crypto-suite, as defined in https://tools.ietf.org/html/rfc4568#section-6.2
-int GetSrtpCryptoSuiteFromName(const std::string& cipher_rfc_name);
+// Given the DTLS-SRTP protection profile ID, as defined in
+// https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile
+// name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2.
+std::string SrtpCryptoSuiteToName(int crypto_suite);
+
+// The reverse of above conversion.
+int SrtpCryptoSuiteFromName(const std::string& crypto_suite);
// SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS.
// After SSL has been started, the stream will only open on successful
@@ -152,7 +159,7 @@
// Retrieves the IANA registration id of the cipher suite used for the
// connection (e.g. 0x2F for "TLS_RSA_WITH_AES_128_CBC_SHA").
- virtual bool GetSslCipherSuite(int* cipher);
+ virtual bool GetSslCipherSuite(int* cipher_suite);
// Key Exporter interface from RFC 5705
// Arguments are:
@@ -174,8 +181,8 @@
size_t result_len);
// DTLS-SRTP interface
- virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers);
- virtual bool GetDtlsSrtpCipher(std::string* cipher);
+ virtual bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites);
+ virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite);
// Capabilities testing
static bool HaveDtls();
@@ -191,7 +198,7 @@
// TODO(guoweis): Move this away from a static class method. Currently this is
// introduced such that any caller could depend on sslstreamadapter.h without
// depending on specific SSL implementation.
- static std::string GetSslCipherSuiteName(int cipher);
+ static std::string SslCipherSuiteToName(int cipher_suite);
private:
// If true, the server certificate need not match the configured
diff --git a/webrtc/base/sslstreamadapter_unittest.cc b/webrtc/base/sslstreamadapter_unittest.cc
index a3e8d9c..0344bd0 100644
--- a/webrtc/base/sslstreamadapter_unittest.cc
+++ b/webrtc/base/sslstreamadapter_unittest.cc
@@ -29,8 +29,6 @@
using ::testing::tuple;
static const int kBlockSize = 4096;
-static const char kAES_CM_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
-static const char kAES_CM_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
static const char kExporterLabel[] = "label";
static const unsigned char kExporterContext[] = "context";
static int kExporterContextLen = sizeof(kExporterContext);
@@ -389,19 +387,18 @@
handshake_wait_ = wait;
}
- void SetDtlsSrtpCiphers(const std::vector<std::string> &ciphers,
- bool client) {
+ void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {
if (client)
- client_ssl_->SetDtlsSrtpCiphers(ciphers);
+ client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
else
- server_ssl_->SetDtlsSrtpCiphers(ciphers);
+ server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
}
- bool GetDtlsSrtpCipher(bool client, std::string *retval) {
+ bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {
if (client)
- return client_ssl_->GetDtlsSrtpCipher(retval);
+ return client_ssl_->GetDtlsSrtpCryptoSuite(retval);
else
- return server_ssl_->GetDtlsSrtpCipher(retval);
+ return server_ssl_->GetDtlsSrtpCryptoSuite(retval);
}
bool GetPeerCertificate(bool client, rtc::SSLCertificate** cert) {
@@ -809,74 +806,74 @@
// Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
- std::vector<std::string> high;
- high.push_back(kAES_CM_HMAC_SHA1_80);
- SetDtlsSrtpCiphers(high, true);
- SetDtlsSrtpCiphers(high, false);
+ std::vector<int> high;
+ high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
+ SetDtlsSrtpCryptoSuites(high, true);
+ SetDtlsSrtpCryptoSuites(high, false);
TestHandshake();
- std::string client_cipher;
- ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
- std::string server_cipher;
- ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
+ int client_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
- ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
+ ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
};
// Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
- std::vector<std::string> low;
- low.push_back(kAES_CM_HMAC_SHA1_32);
- SetDtlsSrtpCiphers(low, true);
- SetDtlsSrtpCiphers(low, false);
+ std::vector<int> low;
+ low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
+ SetDtlsSrtpCryptoSuites(low, true);
+ SetDtlsSrtpCryptoSuites(low, false);
TestHandshake();
- std::string client_cipher;
- ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
- std::string server_cipher;
- ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
+ int client_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
- ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_32);
+ ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
};
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
- std::vector<std::string> high;
- high.push_back(kAES_CM_HMAC_SHA1_80);
- std::vector<std::string> low;
- low.push_back(kAES_CM_HMAC_SHA1_32);
- SetDtlsSrtpCiphers(high, true);
- SetDtlsSrtpCiphers(low, false);
+ std::vector<int> high;
+ high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
+ std::vector<int> low;
+ low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
+ SetDtlsSrtpCryptoSuites(high, true);
+ SetDtlsSrtpCryptoSuites(low, false);
TestHandshake();
- std::string client_cipher;
- ASSERT_FALSE(GetDtlsSrtpCipher(true, &client_cipher));
- std::string server_cipher;
- ASSERT_FALSE(GetDtlsSrtpCipher(false, &server_cipher));
+ int client_cipher;
+ ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
};
// Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
- std::vector<std::string> mixed;
- mixed.push_back(kAES_CM_HMAC_SHA1_80);
- mixed.push_back(kAES_CM_HMAC_SHA1_32);
- SetDtlsSrtpCiphers(mixed, true);
- SetDtlsSrtpCiphers(mixed, false);
+ std::vector<int> mixed;
+ mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
+ mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
+ SetDtlsSrtpCryptoSuites(mixed, true);
+ SetDtlsSrtpCryptoSuites(mixed, false);
TestHandshake();
- std::string client_cipher;
- ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
- std::string server_cipher;
- ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
+ int client_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
- ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
+ ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
};
// Test an exporter
diff --git a/webrtc/p2p/base/dtlstransportchannel.cc b/webrtc/p2p/base/dtlstransportchannel.cc
index 0c063e0..fff24f3 100644
--- a/webrtc/p2p/base/dtlstransportchannel.cc
+++ b/webrtc/p2p/base/dtlstransportchannel.cc
@@ -267,7 +267,7 @@
// Set up DTLS-SRTP, if it's been enabled.
if (!srtp_ciphers_.empty()) {
- if (!dtls_->SetDtlsSrtpCiphers(srtp_ciphers_)) {
+ if (!dtls_->SetDtlsSrtpCryptoSuites(srtp_ciphers_)) {
LOG_J(LS_ERROR, this) << "Couldn't set DTLS-SRTP ciphers.";
return false;
}
@@ -279,11 +279,10 @@
return true;
}
-bool DtlsTransportChannelWrapper::SetSrtpCiphers(
- const std::vector<std::string>& ciphers) {
- if (srtp_ciphers_ == ciphers) {
+bool DtlsTransportChannelWrapper::SetSrtpCryptoSuites(
+ const std::vector<int>& ciphers) {
+ if (srtp_ciphers_ == ciphers)
return true;
- }
if (dtls_state() == DTLS_TRANSPORT_CONNECTING) {
LOG(LS_WARNING) << "Ignoring new SRTP ciphers while DTLS is negotiating";
@@ -294,18 +293,18 @@
// We don't support DTLS renegotiation currently. If new set of srtp ciphers
// are different than what's being used currently, we will not use it.
// So for now, let's be happy (or sad) with a warning message.
- std::string current_srtp_cipher;
- if (!dtls_->GetDtlsSrtpCipher(¤t_srtp_cipher)) {
+ int current_srtp_cipher;
+ if (!dtls_->GetDtlsSrtpCryptoSuite(¤t_srtp_cipher)) {
LOG(LS_ERROR) << "Failed to get the current SRTP cipher for DTLS channel";
return false;
}
- const std::vector<std::string>::const_iterator iter =
+ const std::vector<int>::const_iterator iter =
std::find(ciphers.begin(), ciphers.end(), current_srtp_cipher);
if (iter == ciphers.end()) {
std::string requested_str;
for (size_t i = 0; i < ciphers.size(); ++i) {
requested_str.append(" ");
- requested_str.append(ciphers[i]);
+ requested_str.append(rtc::SrtpCryptoSuiteToName(ciphers[i]));
requested_str.append(" ");
}
LOG(LS_WARNING) << "Ignoring new set of SRTP ciphers, as DTLS "
@@ -324,12 +323,12 @@
return true;
}
-bool DtlsTransportChannelWrapper::GetSrtpCryptoSuite(std::string* cipher) {
+bool DtlsTransportChannelWrapper::GetSrtpCryptoSuite(int* cipher) {
if (dtls_state() != DTLS_TRANSPORT_CONNECTED) {
return false;
}
- return dtls_->GetDtlsSrtpCipher(cipher);
+ return dtls_->GetDtlsSrtpCryptoSuite(cipher);
}
diff --git a/webrtc/p2p/base/dtlstransportchannel.h b/webrtc/p2p/base/dtlstransportchannel.h
index 41e081b..71f6887 100644
--- a/webrtc/p2p/base/dtlstransportchannel.h
+++ b/webrtc/p2p/base/dtlstransportchannel.h
@@ -126,10 +126,10 @@
// Set up the ciphers to use for DTLS-SRTP. If this method is not called
// before DTLS starts, or |ciphers| is empty, SRTP keys won't be negotiated.
// This method should be called before SetupDtls.
- bool SetSrtpCiphers(const std::vector<std::string>& ciphers) override;
+ bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override;
// Find out which DTLS-SRTP cipher was negotiated
- bool GetSrtpCryptoSuite(std::string* cipher) override;
+ bool GetSrtpCryptoSuite(int* cipher) override;
bool GetSslRole(rtc::SSLRole* role) const override;
bool SetSslRole(rtc::SSLRole role) override;
@@ -223,7 +223,7 @@
TransportChannelImpl* const channel_;
rtc::scoped_ptr<rtc::SSLStreamAdapter> dtls_; // The DTLS stream
StreamInterfaceChannel* downward_; // Wrapper for channel_, owned by dtls_.
- std::vector<std::string> srtp_ciphers_; // SRTP ciphers to use with DTLS.
+ std::vector<int> srtp_ciphers_; // SRTP ciphers to use with DTLS.
bool dtls_active_ = false;
rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_;
rtc::SSLRole ssl_role_;
diff --git a/webrtc/p2p/base/dtlstransportchannel_unittest.cc b/webrtc/p2p/base/dtlstransportchannel_unittest.cc
index 07e3b87..a967ae3 100644
--- a/webrtc/p2p/base/dtlstransportchannel_unittest.cc
+++ b/webrtc/p2p/base/dtlstransportchannel_unittest.cc
@@ -28,7 +28,6 @@
return; \
}
-static const char AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
static const char kIceUfrag1[] = "TESTICEUFRAG0001";
static const char kIcePwd1[] = "TESTICEPWD00000000000001";
static const size_t kPacketNumOffset = 8;
@@ -150,9 +149,9 @@
// SRTP ciphers will be set only in the beginning.
for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
channels_.begin(); it != channels_.end(); ++it) {
- std::vector<std::string> ciphers;
- ciphers.push_back(AES_CM_128_HMAC_SHA1_80);
- ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers));
+ std::vector<int> ciphers;
+ ciphers.push_back(rtc::SRTP_AES128_CM_SHA1_80);
+ ASSERT_TRUE((*it)->SetSrtpCryptoSuites(ciphers));
}
}
@@ -215,16 +214,16 @@
}
}
- void CheckSrtp(const std::string& expected_cipher) {
+ void CheckSrtp(int expected_crypto_suite) {
for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
channels_.begin(); it != channels_.end(); ++it) {
- std::string cipher;
+ int crypto_suite;
- bool rv = (*it)->GetSrtpCryptoSuite(&cipher);
- if (negotiated_dtls_ && !expected_cipher.empty()) {
+ bool rv = (*it)->GetSrtpCryptoSuite(&crypto_suite);
+ if (negotiated_dtls_ && expected_crypto_suite) {
ASSERT_TRUE(rv);
- ASSERT_EQ(cipher, expected_cipher);
+ ASSERT_EQ(crypto_suite, expected_crypto_suite);
} else {
ASSERT_FALSE(rv);
}
@@ -469,11 +468,11 @@
// Check that we negotiated the right ciphers.
if (use_dtls_srtp_) {
- client1_.CheckSrtp(AES_CM_128_HMAC_SHA1_80);
- client2_.CheckSrtp(AES_CM_128_HMAC_SHA1_80);
+ client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
+ client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
} else {
- client1_.CheckSrtp("");
- client2_.CheckSrtp("");
+ client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
+ client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
}
client1_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
ssl_expected_version_, rtc::KT_DEFAULT));
diff --git a/webrtc/p2p/base/faketransportcontroller.h b/webrtc/p2p/base/faketransportcontroller.h
index 3e656fa..251a0c6 100644
--- a/webrtc/p2p/base/faketransportcontroller.h
+++ b/webrtc/p2p/base/faketransportcontroller.h
@@ -242,20 +242,20 @@
bool IsDtlsActive() const override { return do_dtls_; }
- bool SetSrtpCiphers(const std::vector<std::string>& ciphers) override {
+ bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override {
srtp_ciphers_ = ciphers;
return true;
}
- bool GetSrtpCryptoSuite(std::string* cipher) override {
- if (!chosen_srtp_cipher_.empty()) {
- *cipher = chosen_srtp_cipher_;
+ bool GetSrtpCryptoSuite(int* crypto_suite) override {
+ if (chosen_crypto_suite_ != rtc::SRTP_INVALID_CRYPTO_SUITE) {
+ *crypto_suite = chosen_crypto_suite_;
return true;
}
return false;
}
- bool GetSslCipherSuite(int* cipher) override { return false; }
+ bool GetSslCipherSuite(int* cipher_suite) override { return false; }
rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const {
return local_cert_;
@@ -275,7 +275,7 @@
bool use_context,
uint8_t* result,
size_t result_len) override {
- if (!chosen_srtp_cipher_.empty()) {
+ if (chosen_crypto_suite_ != rtc::SRTP_INVALID_CRYPTO_SUITE) {
memset(result, 0xff, result_len);
return true;
}
@@ -284,14 +284,13 @@
}
void NegotiateSrtpCiphers() {
- for (std::vector<std::string>::const_iterator it1 = srtp_ciphers_.begin();
+ for (std::vector<int>::const_iterator it1 = srtp_ciphers_.begin();
it1 != srtp_ciphers_.end(); ++it1) {
- for (std::vector<std::string>::const_iterator it2 =
- dest_->srtp_ciphers_.begin();
+ for (std::vector<int>::const_iterator it2 = dest_->srtp_ciphers_.begin();
it2 != dest_->srtp_ciphers_.end(); ++it2) {
if (*it1 == *it2) {
- chosen_srtp_cipher_ = *it1;
- dest_->chosen_srtp_cipher_ = *it2;
+ chosen_crypto_suite_ = *it1;
+ dest_->chosen_crypto_suite_ = *it2;
return;
}
}
@@ -322,8 +321,8 @@
rtc::scoped_refptr<rtc::RTCCertificate> local_cert_;
rtc::FakeSSLCertificate* remote_cert_ = nullptr;
bool do_dtls_ = false;
- std::vector<std::string> srtp_ciphers_;
- std::string chosen_srtp_cipher_;
+ std::vector<int> srtp_ciphers_;
+ int chosen_crypto_suite_ = rtc::SRTP_INVALID_CRYPTO_SUITE;
int receiving_timeout_ = -1;
bool gather_continually_ = false;
IceRole role_ = ICEROLE_UNKNOWN;
diff --git a/webrtc/p2p/base/p2ptransportchannel.h b/webrtc/p2p/base/p2ptransportchannel.h
index 9f2f3a0..7d9b612 100644
--- a/webrtc/p2p/base/p2ptransportchannel.h
+++ b/webrtc/p2p/base/p2ptransportchannel.h
@@ -108,12 +108,12 @@
bool SetSslRole(rtc::SSLRole role) override { return false; }
// Set up the ciphers to use for DTLS-SRTP.
- bool SetSrtpCiphers(const std::vector<std::string>& ciphers) override {
+ bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override {
return false;
}
// Find out which DTLS-SRTP cipher was negotiated.
- bool GetSrtpCryptoSuite(std::string* cipher) override { return false; }
+ bool GetSrtpCryptoSuite(int* cipher) override { return false; }
// Find out which DTLS cipher was negotiated.
bool GetSslCipherSuite(int* cipher) override { return false; }
diff --git a/webrtc/p2p/base/transport.cc b/webrtc/p2p/base/transport.cc
index 2328e45..eff10aa 100644
--- a/webrtc/p2p/base/transport.cc
+++ b/webrtc/p2p/base/transport.cc
@@ -305,8 +305,8 @@
TransportChannelImpl* channel = kv.second;
TransportChannelStats substats;
substats.component = channel->component();
- channel->GetSrtpCryptoSuite(&substats.srtp_cipher);
- channel->GetSslCipherSuite(&substats.ssl_cipher);
+ channel->GetSrtpCryptoSuite(&substats.srtp_crypto_suite);
+ channel->GetSslCipherSuite(&substats.ssl_cipher_suite);
if (!channel->GetStats(&substats.connection_infos)) {
return false;
}
diff --git a/webrtc/p2p/base/transport.h b/webrtc/p2p/base/transport.h
index 955eb42..2e39812 100644
--- a/webrtc/p2p/base/transport.h
+++ b/webrtc/p2p/base/transport.h
@@ -123,8 +123,8 @@
struct TransportChannelStats {
int component = 0;
ConnectionInfos connection_infos;
- std::string srtp_cipher;
- int ssl_cipher = 0;
+ int srtp_crypto_suite = rtc::SRTP_INVALID_CRYPTO_SUITE;
+ int ssl_cipher_suite = rtc::TLS_NULL_WITH_NULL_NULL;
};
// Information about all the channels of a transport.
diff --git a/webrtc/p2p/base/transportchannel.cc b/webrtc/p2p/base/transportchannel.cc
index 63d8449..9662f0a 100644
--- a/webrtc/p2p/base/transportchannel.cc
+++ b/webrtc/p2p/base/transportchannel.cc
@@ -54,4 +54,13 @@
SignalDtlsState(this);
}
+// TODO(guoweis): Remove this function once everything is moved away.
+bool TransportChannel::SetSrtpCiphers(const std::vector<std::string>& ciphers) {
+ std::vector<int> crypto_suites;
+ for (const auto cipher : ciphers) {
+ crypto_suites.push_back(rtc::SrtpCryptoSuiteFromName(cipher));
+ }
+ return SetSrtpCryptoSuites(crypto_suites);
+}
+
} // namespace cricket
diff --git a/webrtc/p2p/base/transportchannel.h b/webrtc/p2p/base/transportchannel.h
index ea18957..89c7e6d 100644
--- a/webrtc/p2p/base/transportchannel.h
+++ b/webrtc/p2p/base/transportchannel.h
@@ -108,13 +108,14 @@
virtual bool GetSslRole(rtc::SSLRole* role) const = 0;
// Sets up the ciphers to use for DTLS-SRTP.
- virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers) = 0;
+ virtual bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) = 0;
+ // Keep the original one for backward compatibility until all dependencies
+ // move away. TODO(guoweis): Remove this function.
+ virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers);
// Finds out which DTLS-SRTP cipher was negotiated.
// TODO(guoweis): Remove this once all dependencies implement this.
- virtual bool GetSrtpCryptoSuite(std::string* cipher) {
- return false;
- }
+ virtual bool GetSrtpCryptoSuite(int* cipher) { return false; }
// Finds out which DTLS cipher was negotiated.
// TODO(guoweis): Remove this once all dependencies implement this.