• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #include "api/crypto/crypto_options.h"
12 
13 #include "rtc_base/ssl_stream_adapter.h"
14 
15 namespace webrtc {
16 
CryptoOptions()17 CryptoOptions::CryptoOptions() {}
18 
CryptoOptions(const CryptoOptions & other)19 CryptoOptions::CryptoOptions(const CryptoOptions& other) {
20   srtp = other.srtp;
21   sframe = other.sframe;
22 }
23 
~CryptoOptions()24 CryptoOptions::~CryptoOptions() {}
25 
26 // static
NoGcm()27 CryptoOptions CryptoOptions::NoGcm() {
28   CryptoOptions options;
29   options.srtp.enable_gcm_crypto_suites = false;
30   return options;
31 }
32 
GetSupportedDtlsSrtpCryptoSuites() const33 std::vector<int> CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const {
34   std::vector<int> crypto_suites;
35   // Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by
36   // draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as
37   // well, and saves a few bytes per packet if it ends up selected.
38   // As the cipher suite is potentially insecure, it will only be used if
39   // enabled by both peers.
40   if (srtp.enable_aes128_sha1_32_crypto_cipher) {
41     crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);
42   }
43   if (srtp.enable_aes128_sha1_80_crypto_cipher) {
44     crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);
45   }
46 
47   // Note: GCM cipher suites are not the top choice since they increase the
48   // packet size. In order to negotiate them the other side must not support
49   // SRTP_AES128_CM_SHA1_80.
50   if (srtp.enable_gcm_crypto_suites) {
51     crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);
52     crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);
53   }
54   RTC_CHECK(!crypto_suites.empty());
55   return crypto_suites;
56 }
57 
operator ==(const CryptoOptions & other) const58 bool CryptoOptions::operator==(const CryptoOptions& other) const {
59   struct data_being_tested_for_equality {
60     struct Srtp {
61       bool enable_gcm_crypto_suites;
62       bool enable_aes128_sha1_32_crypto_cipher;
63       bool enable_aes128_sha1_80_crypto_cipher;
64       bool enable_encrypted_rtp_header_extensions;
65     } srtp;
66     struct SFrame {
67       bool require_frame_encryption;
68     } sframe;
69   };
70   static_assert(sizeof(data_being_tested_for_equality) == sizeof(*this),
71                 "Did you add something to CryptoOptions and forget to "
72                 "update operator==?");
73 
74   return srtp.enable_gcm_crypto_suites == other.srtp.enable_gcm_crypto_suites &&
75          srtp.enable_aes128_sha1_32_crypto_cipher ==
76              other.srtp.enable_aes128_sha1_32_crypto_cipher &&
77          srtp.enable_aes128_sha1_80_crypto_cipher ==
78              other.srtp.enable_aes128_sha1_80_crypto_cipher &&
79          srtp.enable_encrypted_rtp_header_extensions ==
80              other.srtp.enable_encrypted_rtp_header_extensions &&
81          sframe.require_frame_encryption ==
82              other.sframe.require_frame_encryption;
83 }
84 
operator !=(const CryptoOptions & other) const85 bool CryptoOptions::operator!=(const CryptoOptions& other) const {
86   return !(*this == other);
87 }
88 
89 }  // namespace webrtc
90