Bug 1912989 - Vendor libwebrtc from db519e75b7

Upstream commit: https://webrtc.googlesource.com/src/+/db519e75b7e14f7f090e7cb11c966997f6ae5704
    Reland "Clean up SRTP helper functions"

    This is a reland of commit c47f649e67cdcd27842aa370c693154b67e66116

    Original change's description:
    > Clean up SRTP helper functions
    >
    > BUG=None
    >
    > Change-Id: If1df1828a09aef2e335c028cf4425c9507906aac
    > Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/354649
    > Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
    > Reviewed-by: Harald Alvestrand <hta@webrtc.org>
    > Commit-Queue: Philipp Hancke <phancke@meta.com>
    > Cr-Commit-Position: refs/heads/main@{#42525}

    Bug: None
    Change-Id: Ib98842407b1c15b4e4b72a3ce2f0833f07f60da6
    Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/355540
    Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
    Commit-Queue: Philipp Hancke <phancke@meta.com>
    Reviewed-by: Harald Alvestrand <hta@webrtc.org>
    Reviewed-by: Björn Terelius <terelius@webrtc.org>
    Cr-Commit-Position: refs/heads/main@{#42603}
This commit is contained in:
Dan Baker 2024-08-27 17:13:07 -06:00
parent d5d73b02a3
commit 279dbca5f4
9 changed files with 105 additions and 128 deletions

View File

@ -31584,3 +31584,6 @@ b43cd86e64
# MOZ_LIBWEBRTC_SRC=/Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc MOZ_LIBWEBRTC_BRANCH=mozpatches bash dom/media/webrtc/third_party_build/fast-forward-libwebrtc.sh
# base of lastest vendoring
0849764539
# MOZ_LIBWEBRTC_SRC=/Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc MOZ_LIBWEBRTC_BRANCH=mozpatches bash dom/media/webrtc/third_party_build/fast-forward-libwebrtc.sh
# base of lastest vendoring
db519e75b7

View File

@ -21080,3 +21080,5 @@ libwebrtc updated from /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc co
libwebrtc updated from /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2024-08-27T23:07:35.164937.
# ./mach python dom/media/webrtc/third_party_build/vendor-libwebrtc.py --from-local /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc --commit mozpatches libwebrtc
libwebrtc updated from /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2024-08-27T23:09:31.255563.
# ./mach python dom/media/webrtc/third_party_build/vendor-libwebrtc.py --from-local /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc --commit mozpatches libwebrtc
libwebrtc updated from /Users/danielbaker/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2024-08-27T23:12:56.766964.

View File

@ -52,10 +52,6 @@
namespace cricket {
namespace {
using ::rtc::kCsAeadAes128Gcm;
using ::rtc::kCsAeadAes256Gcm;
using ::rtc::kCsAesCm128HmacSha1_32;
using ::rtc::kCsAesCm128HmacSha1_80;
using ::rtc::UniqueRandomIdGenerator;
using ::testing::Bool;
using ::testing::Combine;

View File

@ -44,29 +44,30 @@ class SrtpSessionTest : public ::testing::Test {
memcpy(rtp_packet_, kPcmuFrame, rtp_len_);
memcpy(rtcp_packet_, kRtcpReport, rtcp_len_);
}
void TestProtectRtp(const std::string& cs) {
void TestProtectRtp(int crypto_suite) {
int out_len = 0;
EXPECT_TRUE(
s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len));
EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs));
EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(crypto_suite));
EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_));
rtp_len_ = out_len;
}
void TestProtectRtcp(const std::string& cs) {
void TestProtectRtcp(int crypto_suite) {
int out_len = 0;
EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, sizeof(rtcp_packet_),
&out_len));
EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs)); // NOLINT
EXPECT_EQ(out_len,
rtcp_len_ + 4 + rtcp_auth_tag_len(crypto_suite)); // NOLINT
EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_));
rtcp_len_ = out_len;
}
void TestUnprotectRtp(const std::string& cs) {
void TestUnprotectRtp(int crypto_suite) {
int out_len = 0, expected_len = sizeof(kPcmuFrame);
EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
EXPECT_EQ(expected_len, out_len);
EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len));
}
void TestUnprotectRtcp(const std::string& cs) {
void TestUnprotectRtcp(int crypto_suite) {
int out_len = 0, expected_len = sizeof(kRtcpReport);
EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
EXPECT_EQ(expected_len, out_len);
@ -115,10 +116,10 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
TestProtectRtp(kCsAesCm128HmacSha1_80);
TestProtectRtcp(kCsAesCm128HmacSha1_80);
TestUnprotectRtp(kCsAesCm128HmacSha1_80);
TestUnprotectRtcp(kCsAesCm128HmacSha1_80);
TestProtectRtp(kSrtpAes128CmSha1_80);
TestProtectRtcp(kSrtpAes128CmSha1_80);
TestUnprotectRtp(kSrtpAes128CmSha1_80);
TestUnprotectRtcp(kSrtpAes128CmSha1_80);
}
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
@ -127,10 +128,10 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
TestProtectRtp(kCsAesCm128HmacSha1_32);
TestProtectRtcp(kCsAesCm128HmacSha1_32);
TestUnprotectRtp(kCsAesCm128HmacSha1_32);
TestUnprotectRtcp(kCsAesCm128HmacSha1_32);
TestProtectRtp(kSrtpAes128CmSha1_32);
TestProtectRtcp(kSrtpAes128CmSha1_32);
TestUnprotectRtp(kSrtpAes128CmSha1_32);
TestUnprotectRtcp(kSrtpAes128CmSha1_32);
}
TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
@ -152,8 +153,8 @@ TEST_F(SrtpSessionTest, TestTamperReject) {
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
TestProtectRtp(kCsAesCm128HmacSha1_80);
TestProtectRtcp(kCsAesCm128HmacSha1_80);
TestProtectRtp(kSrtpAes128CmSha1_80);
TestProtectRtcp(kSrtpAes128CmSha1_80);
rtp_packet_[0] = 0x12;
rtcp_packet_[1] = 0x34;
EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));

View File

@ -98,10 +98,10 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
// unprotect would fail. Check accessing the information about the
// tag instead, similar to what the actual code would do that relies
// on external auth.
void TestRtpAuthParams(SrtpTransport* transport, const std::string& cs) {
void TestRtpAuthParams(SrtpTransport* transport, int crypto_suite) {
int overhead;
EXPECT_TRUE(transport->GetSrtpOverhead(&overhead));
switch (rtc::SrtpCryptoSuiteFromName(cs)) {
switch (crypto_suite) {
case rtc::kSrtpAes128CmSha1_32:
EXPECT_EQ(32 / 8, overhead); // 32-bit tag.
break;
@ -122,9 +122,9 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
EXPECT_EQ(overhead, tag_len);
}
void TestSendRecvRtpPacket(const std::string& cipher_suite_name) {
void TestSendRecvRtpPacket(int crypto_suite) {
size_t rtp_len = sizeof(kPcmuFrame);
size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(cipher_suite_name);
size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(crypto_suite);
rtc::Buffer rtp_packet_buffer(packet_size);
char* rtp_packet_data = rtp_packet_buffer.data<char>();
memcpy(rtp_packet_data, kPcmuFrame, rtp_len);
@ -146,7 +146,7 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
ASSERT_TRUE(srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options,
cricket::PF_SRTP_BYPASS));
if (srtp_transport1_->IsExternalAuthActive()) {
TestRtpAuthParams(srtp_transport1_.get(), cipher_suite_name);
TestRtpAuthParams(srtp_transport1_.get(), crypto_suite);
} else {
ASSERT_TRUE(rtp_sink2_.last_recv_rtp_packet().data());
EXPECT_EQ(0, memcmp(rtp_sink2_.last_recv_rtp_packet().data(),
@ -163,7 +163,7 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
ASSERT_TRUE(srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options,
cricket::PF_SRTP_BYPASS));
if (srtp_transport2_->IsExternalAuthActive()) {
TestRtpAuthParams(srtp_transport2_.get(), cipher_suite_name);
TestRtpAuthParams(srtp_transport2_.get(), crypto_suite);
} else {
ASSERT_TRUE(rtp_sink1_.last_recv_rtp_packet().data());
EXPECT_EQ(0, memcmp(rtp_sink1_.last_recv_rtp_packet().data(),
@ -175,10 +175,9 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
}
}
void TestSendRecvRtcpPacket(const std::string& cipher_suite_name) {
void TestSendRecvRtcpPacket(int crypto_suite) {
size_t rtcp_len = sizeof(::kRtcpReport);
size_t packet_size =
rtcp_len + 4 + rtc::rtcp_auth_tag_len(cipher_suite_name);
size_t packet_size = rtcp_len + 4 + rtc::rtcp_auth_tag_len(crypto_suite);
rtc::Buffer rtcp_packet_buffer(packet_size);
char* rtcp_packet_data = rtcp_packet_buffer.data<char>();
memcpy(rtcp_packet_data, ::kRtcpReport, rtcp_len);
@ -216,45 +215,47 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
}
void TestSendRecvPacket(bool enable_external_auth,
int cs,
int crypto_suite,
const uint8_t* key1,
int key1_len,
const uint8_t* key2,
int key2_len,
const std::string& cipher_suite_name) {
int key2_len) {
EXPECT_EQ(key1_len, key2_len);
EXPECT_EQ(cipher_suite_name, rtc::SrtpCryptoSuiteToName(cs));
if (enable_external_auth) {
srtp_transport1_->EnableExternalAuth();
srtp_transport2_->EnableExternalAuth();
}
std::vector<int> extension_ids;
EXPECT_TRUE(srtp_transport1_->SetRtpParams(
cs, key1, key1_len, extension_ids, cs, key2, key2_len, extension_ids));
EXPECT_TRUE(srtp_transport2_->SetRtpParams(
cs, key2, key2_len, extension_ids, cs, key1, key1_len, extension_ids));
EXPECT_TRUE(srtp_transport1_->SetRtcpParams(
cs, key1, key1_len, extension_ids, cs, key2, key2_len, extension_ids));
EXPECT_TRUE(srtp_transport2_->SetRtcpParams(
cs, key2, key2_len, extension_ids, cs, key1, key1_len, extension_ids));
EXPECT_TRUE(srtp_transport1_->SetRtpParams(crypto_suite, key1, key1_len,
extension_ids, crypto_suite,
key2, key2_len, extension_ids));
EXPECT_TRUE(srtp_transport2_->SetRtpParams(crypto_suite, key2, key2_len,
extension_ids, crypto_suite,
key1, key1_len, extension_ids));
EXPECT_TRUE(srtp_transport1_->SetRtcpParams(crypto_suite, key1, key1_len,
extension_ids, crypto_suite,
key2, key2_len, extension_ids));
EXPECT_TRUE(srtp_transport2_->SetRtcpParams(crypto_suite, key2, key2_len,
extension_ids, crypto_suite,
key1, key1_len, extension_ids));
EXPECT_TRUE(srtp_transport1_->IsSrtpActive());
EXPECT_TRUE(srtp_transport2_->IsSrtpActive());
if (rtc::IsGcmCryptoSuite(cs)) {
if (rtc::IsGcmCryptoSuite(crypto_suite)) {
EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive());
EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive());
} else if (enable_external_auth) {
EXPECT_TRUE(srtp_transport1_->IsExternalAuthActive());
EXPECT_TRUE(srtp_transport2_->IsExternalAuthActive());
}
TestSendRecvRtpPacket(cipher_suite_name);
TestSendRecvRtcpPacket(cipher_suite_name);
TestSendRecvRtpPacket(crypto_suite);
TestSendRecvRtcpPacket(crypto_suite);
}
void TestSendRecvPacketWithEncryptedHeaderExtension(
const std::string& cs,
int crypto_suite,
const std::vector<int>& encrypted_header_ids) {
size_t rtp_len = sizeof(kPcmuFrameWithExtensions);
size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(cs);
size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(crypto_suite);
rtc::Buffer rtp_packet_buffer(packet_size);
char* rtp_packet_data = rtp_packet_buffer.data<char>();
memcpy(rtp_packet_data, kPcmuFrameWithExtensions, rtp_len);
@ -307,29 +308,28 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
original_rtp_data, rtp_len, encrypted_header_ids, false);
}
void TestSendRecvEncryptedHeaderExtension(int cs,
void TestSendRecvEncryptedHeaderExtension(int crypto_suite,
const uint8_t* key1,
int key1_len,
const uint8_t* key2,
int key2_len,
const std::string& cs_name) {
int key2_len) {
std::vector<int> encrypted_headers;
encrypted_headers.push_back(kHeaderExtensionIDs[0]);
// Don't encrypt header ids 2 and 3.
encrypted_headers.push_back(kHeaderExtensionIDs[1]);
EXPECT_EQ(key1_len, key2_len);
EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs));
EXPECT_TRUE(srtp_transport1_->SetRtpParams(cs, key1, key1_len,
encrypted_headers, cs, key2,
key2_len, encrypted_headers));
EXPECT_TRUE(srtp_transport2_->SetRtpParams(cs, key2, key2_len,
encrypted_headers, cs, key1,
key1_len, encrypted_headers));
EXPECT_TRUE(srtp_transport1_->SetRtpParams(
crypto_suite, key1, key1_len, encrypted_headers, crypto_suite, key2,
key2_len, encrypted_headers));
EXPECT_TRUE(srtp_transport2_->SetRtpParams(
crypto_suite, key2, key2_len, encrypted_headers, crypto_suite, key1,
key1_len, encrypted_headers));
EXPECT_TRUE(srtp_transport1_->IsSrtpActive());
EXPECT_TRUE(srtp_transport2_->IsSrtpActive());
EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive());
EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive());
TestSendRecvPacketWithEncryptedHeaderExtension(cs_name, encrypted_headers);
TestSendRecvPacketWithEncryptedHeaderExtension(crypto_suite,
encrypted_headers);
}
std::unique_ptr<SrtpTransport> srtp_transport1_;
@ -353,30 +353,26 @@ TEST_P(SrtpTransportTestWithExternalAuth,
SendAndRecvPacket_AES_CM_128_HMAC_SHA1_80) {
bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_80, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::kCsAesCm128HmacSha1_80);
kTestKeyLen, kTestKey2, kTestKeyLen);
}
TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_80) {
TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_80, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::kCsAesCm128HmacSha1_80);
kTestKeyLen, kTestKey2, kTestKeyLen);
}
TEST_P(SrtpTransportTestWithExternalAuth,
SendAndRecvPacket_AES_CM_128_HMAC_SHA1_32) {
bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_32, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::kCsAesCm128HmacSha1_32);
kTestKeyLen, kTestKey2, kTestKeyLen);
}
TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_32) {
TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_32, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::kCsAesCm128HmacSha1_32);
kTestKeyLen, kTestKey2, kTestKeyLen);
}
TEST_P(SrtpTransportTestWithExternalAuth,
@ -384,14 +380,14 @@ TEST_P(SrtpTransportTestWithExternalAuth,
bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes128Gcm,
kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2,
kTestKeyGcm128Len, rtc::kCsAeadAes128Gcm);
kTestKeyGcm128Len);
}
TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes128Gcm) {
TestSendRecvEncryptedHeaderExtension(
rtc::kSrtpAeadAes128Gcm, kTestKeyGcm128_1, kTestKeyGcm128Len,
kTestKeyGcm128_2, kTestKeyGcm128Len, rtc::kCsAeadAes128Gcm);
TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAeadAes128Gcm,
kTestKeyGcm128_1, kTestKeyGcm128Len,
kTestKeyGcm128_2, kTestKeyGcm128Len);
}
TEST_P(SrtpTransportTestWithExternalAuth,
@ -399,14 +395,14 @@ TEST_P(SrtpTransportTestWithExternalAuth,
bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes256Gcm,
kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2,
kTestKeyGcm256Len, rtc::kCsAeadAes256Gcm);
kTestKeyGcm256Len);
}
TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes256Gcm) {
TestSendRecvEncryptedHeaderExtension(
rtc::kSrtpAeadAes256Gcm, kTestKeyGcm256_1, kTestKeyGcm256Len,
kTestKeyGcm256_2, kTestKeyGcm256Len, rtc::kCsAeadAes256Gcm);
TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAeadAes256Gcm,
kTestKeyGcm256_1, kTestKeyGcm256Len,
kTestKeyGcm256_2, kTestKeyGcm256Len);
}
// Run all tests both with and without external auth enabled.
@ -453,7 +449,7 @@ TEST_F(SrtpTransportTest, RemoveSrtpReceiveStream) {
// Create a packet and try to send it three times.
size_t rtp_len = sizeof(kPcmuFrame);
size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(rtc::kCsAeadAes128Gcm);
size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(rtc::kSrtpAeadAes128Gcm);
rtc::Buffer rtp_packet_buffer(packet_size);
char* rtp_packet_data = rtp_packet_buffer.data<char>();
memcpy(rtp_packet_data, kPcmuFrame, rtp_len);

View File

@ -11,32 +11,38 @@
#ifndef PC_TEST_SRTP_TEST_UTIL_H_
#define PC_TEST_SRTP_TEST_UTIL_H_
#include <string>
#include "rtc_base/ssl_stream_adapter.h"
namespace rtc {
extern const char kCsAesCm128HmacSha1_32[];
extern const char kCsAeadAes128Gcm[];
extern const char kCsAeadAes256Gcm[];
static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA";
static const int kTestKeyLen = 30;
static int rtp_auth_tag_len(const std::string& cs) {
if (cs == kCsAesCm128HmacSha1_32) {
return 4;
} else if (cs == kCsAeadAes128Gcm || cs == kCsAeadAes256Gcm) {
return 16;
} else {
return 10;
static int rtp_auth_tag_len(int crypto_suite) {
switch (crypto_suite) {
case kSrtpAes128CmSha1_32:
return 4;
case kSrtpAes128CmSha1_80:
return 10;
case kSrtpAeadAes128Gcm:
case kSrtpAeadAes256Gcm:
return 16;
default:
RTC_CHECK_NOTREACHED();
}
}
static int rtcp_auth_tag_len(const std::string& cs) {
if (cs == kCsAeadAes128Gcm || cs == kCsAeadAes256Gcm) {
return 16;
} else {
return 10;
static int rtcp_auth_tag_len(int crypto_suite) {
switch (crypto_suite) {
case kSrtpAes128CmSha1_32:
case kSrtpAes128CmSha1_80:
return 10;
case kSrtpAeadAes128Gcm:
case kSrtpAeadAes256Gcm:
return 16;
default:
RTC_CHECK_NOTREACHED();
}
}

View File

@ -17,17 +17,12 @@
#include <openssl/tls1.h>
#include <openssl/x509v3.h>
#include "absl/strings/string_view.h"
#ifndef OPENSSL_IS_BORINGSSL
#include <openssl/dtls1.h>
#include <openssl/ssl.h>
#endif
#include <atomic>
#include <memory>
#include <utility>
#include <vector>
#include "absl/strings/string_view.h"
#include "api/array_view.h"
#include "rtc_base/checks.h"
#include "rtc_base/logging.h"
@ -36,6 +31,9 @@
#include "rtc_base/openssl_adapter.h"
#include "rtc_base/openssl_digest.h"
#ifdef OPENSSL_IS_BORINGSSL
#include <openssl/dtls1.h>
#include <openssl/ssl.h>
#include "rtc_base/boringssl_identity.h"
#else
#include "rtc_base/openssl_identity.h"

View File

@ -14,12 +14,9 @@
#include "absl/strings/string_view.h"
#include "rtc_base/openssl_stream_adapter.h"
///////////////////////////////////////////////////////////////////////////////
namespace rtc {
// TODO(guoweis): Move this to SDP layer and use int form internally.
// webrtc:5043.
// Deprecated, prefer SrtpCryptoSuiteToName.
const char kCsAesCm128HmacSha1_80[] = "AES_CM_128_HMAC_SHA1_80";
const char kCsAesCm128HmacSha1_32[] = "AES_CM_128_HMAC_SHA1_32";
const char kCsAeadAes128Gcm[] = "AEAD_AES_128_GCM";
@ -27,31 +24,19 @@ const char kCsAeadAes256Gcm[] = "AEAD_AES_256_GCM";
std::string SrtpCryptoSuiteToName(int crypto_suite) {
switch (crypto_suite) {
case kSrtpAes128CmSha1_32:
return kCsAesCm128HmacSha1_32;
case kSrtpAes128CmSha1_80:
return kCsAesCm128HmacSha1_80;
return "AES_CM_128_HMAC_SHA1_80";
case kSrtpAes128CmSha1_32:
return "AES_CM_128_HMAC_SHA1_32";
case kSrtpAeadAes128Gcm:
return kCsAeadAes128Gcm;
return "AEAD_AES_128_GCM";
case kSrtpAeadAes256Gcm:
return kCsAeadAes256Gcm;
return "AEAD_AES_256_GCM";
default:
return std::string();
}
}
int SrtpCryptoSuiteFromName(absl::string_view crypto_suite) {
if (crypto_suite == kCsAesCm128HmacSha1_32)
return kSrtpAes128CmSha1_32;
if (crypto_suite == kCsAesCm128HmacSha1_80)
return kSrtpAes128CmSha1_80;
if (crypto_suite == kCsAeadAes128Gcm)
return kSrtpAeadAes128Gcm;
if (crypto_suite == kCsAeadAes256Gcm)
return kSrtpAeadAes256Gcm;
return kSrtpInvalidCryptoSuite;
}
bool GetSrtpKeyAndSaltLengths(int crypto_suite,
int* key_length,
int* salt_length) {
@ -86,10 +71,6 @@ bool IsGcmCryptoSuite(int crypto_suite) {
crypto_suite == kSrtpAeadAes128Gcm);
}
bool IsGcmCryptoSuiteName(absl::string_view crypto_suite) {
return (crypto_suite == kCsAeadAes256Gcm || crypto_suite == kCsAeadAes128Gcm);
}
std::unique_ptr<SSLStreamAdapter> SSLStreamAdapter::Create(
std::unique_ptr<StreamInterface> stream,
absl::AnyInvocable<void(SSLHandshakeError)> handshake_error) {

View File

@ -58,9 +58,6 @@ extern const char kCsAeadAes256Gcm[];
// name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2.
std::string SrtpCryptoSuiteToName(int crypto_suite);
// The reverse of above conversion.
int SrtpCryptoSuiteFromName(absl::string_view crypto_suite);
// Get key length and salt length for given crypto suite. Returns true for
// valid suites, otherwise false.
bool GetSrtpKeyAndSaltLengths(int crypto_suite,
@ -70,9 +67,6 @@ bool GetSrtpKeyAndSaltLengths(int crypto_suite,
// Returns true if the given crypto suite id uses a GCM cipher.
bool IsGcmCryptoSuite(int crypto_suite);
// Returns true if the given crypto suite name uses a GCM cipher.
bool IsGcmCryptoSuiteName(absl::string_view crypto_suite);
// SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS.
// After SSL has been started, the stream will only open on successful
// SSL verification of certificates, and the communication is