Revert "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h"
This reverts commit ac2f3d14e45398930bc35ff05ed7a3b9b617d328.
Reason for revert: Breaks downstream project
Original change's description:
> Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h
>
> Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class
> that only handles SRTP configuration to a more generic structure that can be
> used and extended for all per peer connection CryptoOptions that can be on a
> given PeerConnection.
>
> Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be
> accessed as crypto_options.srtp.whatever_option_name. This is more inline with
> other structures we have in WebRTC such as VideoConfig. As additional features
> are added over time this will allow the structure to remain compartmentalized
> and concerned components can only request a subset of the overall configuration
> structure e.g:
>
> void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config);
>
> In addition to this it made little sense for sslstreamadapter.h to hold all
> Srtp related configuration options. The header has become loo large and takes on
> too many responsibilities and spilting this up will lead to more maintainable
> code going forward.
>
> This will be used in a future CL to enable configuration options for the newly
> supported Frame Crypto.
>
> Change-Id: I99d1be36740c59548c8e62db52d68d738649707f
> Bug: webrtc:9681
> Reviewed-on: https://webrtc-review.googlesource.com/c/105180
> Reviewed-by: Emad Omara <emadomara@webrtc.org>
> Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
> Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
> Reviewed-by: Steve Anton <steveanton@webrtc.org>
> Commit-Queue: Benjamin Wright <benwright@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#25130}
TBR=steveanton@webrtc.org,sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org
Bug: webrtc:9681
Change-Id: Ib0075c477c951b540d4deecb3b0cf8cf86ba0fff
Reviewed-on: https://webrtc-review.googlesource.com/c/105541
Reviewed-by: Oleh Prypin <oprypin@webrtc.org>
Commit-Queue: Oleh Prypin <oprypin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25133}
diff --git a/api/BUILD.gn b/api/BUILD.gn
index c420b10..60eb751 100644
--- a/api/BUILD.gn
+++ b/api/BUILD.gn
@@ -52,8 +52,6 @@
"bitrate_constraints.h",
"candidate.cc",
"candidate.h",
- "crypto/cryptooptions.cc",
- "crypto/cryptooptions.h",
"crypto/framedecryptorinterface.h",
"crypto/frameencryptorinterface.h",
"cryptoparams.h",
diff --git a/api/crypto/cryptooptions.cc b/api/crypto/cryptooptions.cc
deleted file mode 100644
index ed6db47..0000000
--- a/api/crypto/cryptooptions.cc
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2018 The WebRTC Project Authors. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style license
- * that can be found in the LICENSE file in the root of the source
- * tree. An additional intellectual property rights grant can be found
- * in the file PATENTS. All contributing project authors may
- * be found in the AUTHORS file in the root of the source tree.
- */
-
-#include "api/crypto/cryptooptions.h"
-#include "rtc_base/sslstreamadapter.h"
-
-namespace webrtc {
-
-CryptoOptions::CryptoOptions() {}
-
-CryptoOptions::CryptoOptions(const CryptoOptions& other) {
- enable_gcm_crypto_suites = other.enable_gcm_crypto_suites;
- enable_encrypted_rtp_header_extensions =
- other.enable_encrypted_rtp_header_extensions;
- srtp = other.srtp;
-}
-
-CryptoOptions::~CryptoOptions() {}
-
-// static
-CryptoOptions CryptoOptions::NoGcm() {
- CryptoOptions options;
- options.srtp.enable_gcm_crypto_suites = false;
- return options;
-}
-
-std::vector<int> CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const {
- std::vector<int> crypto_suites;
- if (srtp.enable_gcm_crypto_suites) {
- crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);
- crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);
- }
- // Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by
- // draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as
- // well, and saves a few bytes per packet if it ends up selected.
- // As the cipher suite is potentially insecure, it will only be used if
- // enabled by both peers.
- if (srtp.enable_aes128_sha1_32_crypto_cipher) {
- crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);
- }
- crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);
- return crypto_suites;
-}
-
-} // namespace webrtc
diff --git a/api/crypto/cryptooptions.h b/api/crypto/cryptooptions.h
deleted file mode 100644
index d2e6224..0000000
--- a/api/crypto/cryptooptions.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright 2018 The WebRTC Project Authors. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style license
- * that can be found in the LICENSE file in the root of the source
- * tree. An additional intellectual property rights grant can be found
- * in the file PATENTS. All contributing project authors may
- * be found in the AUTHORS file in the root of the source tree.
- */
-
-#ifndef API_CRYPTO_CRYPTOOPTIONS_H_
-#define API_CRYPTO_CRYPTOOPTIONS_H_
-
-#include <vector>
-#include "absl/types/optional.h"
-
-namespace webrtc {
-
-// CryptoOptions defines advanced cryptographic settings for native WebRTC.
-// These settings must be passed into PeerConnectionFactoryInterface::Options
-// and are only applicable to native use cases of WebRTC.
-struct CryptoOptions {
- CryptoOptions();
- CryptoOptions(const CryptoOptions& other);
- ~CryptoOptions();
-
- // Helper method to return an instance of the CryptoOptions with GCM crypto
- // suites disabled. This method should be used instead of depending on current
- // default values set by the constructor.
- static CryptoOptions NoGcm();
-
- // Returns a list of the supported DTLS-SRTP Crypto suites based on this set
- // of crypto options.
- std::vector<int> GetSupportedDtlsSrtpCryptoSuites() const;
-
- // TODO(webrtc:9859) - Remove duplicates once chromium is fixed.
- // Will be removed once srtp.enable_gcm_crypto_suites is updated in Chrome.
- absl::optional<bool> enable_gcm_crypto_suites;
- // TODO(webrtc:9859) - Remove duplicates once chromium is fixed.
- // Will be removed once srtp.enable_encrypted_rtp_header_extensions is
- // updated in Chrome.
- absl::optional<bool> enable_encrypted_rtp_header_extensions;
-
- // SRTP Related Peer Connection options.
- struct Srtp {
- // Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
- // if both sides enable it.
- bool enable_gcm_crypto_suites = false;
-
- // If set to true, the (potentially insecure) crypto cipher
- // SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
- // during negotiation. It will only be used if both peers support it and no
- // other ciphers get preferred.
- bool enable_aes128_sha1_32_crypto_cipher = false;
-
- // If set to true, encrypted RTP header extensions as defined in RFC 6904
- // will be negotiated. They will only be used if both peers support them.
- bool enable_encrypted_rtp_header_extensions = false;
- } srtp;
-};
-
-} // namespace webrtc
-
-#endif // API_CRYPTO_CRYPTOOPTIONS_H_
diff --git a/api/cryptoparams.h b/api/cryptoparams.h
index abe9055..2350528 100644
--- a/api/cryptoparams.h
+++ b/api/cryptoparams.h
@@ -16,8 +16,6 @@
namespace cricket {
// Parameters for SRTP negotiation, as described in RFC 4568.
-// TODO(benwright) - Rename to SrtpCryptoParams as these only apply to SRTP and
-// not generic crypto parameters for WebRTC.
struct CryptoParams {
CryptoParams() : tag(0) {}
CryptoParams(int t,
diff --git a/api/peerconnectioninterface.h b/api/peerconnectioninterface.h
index 141b2c9..3d8a9c1 100644
--- a/api/peerconnectioninterface.h
+++ b/api/peerconnectioninterface.h
@@ -77,7 +77,6 @@
#include "api/audio_codecs/audio_encoder_factory.h"
#include "api/audio_options.h"
#include "api/call/callfactoryinterface.h"
-#include "api/crypto/cryptooptions.h"
#include "api/datachannelinterface.h"
#include "api/fec_controller.h"
#include "api/jsep.h"
@@ -1181,7 +1180,7 @@
public:
class Options {
public:
- Options() {}
+ Options() : crypto_options(rtc::CryptoOptions::NoGcm()) {}
// If set to true, created PeerConnections won't enforce any SRTP
// requirement, allowing unsecured media. Should only be used for
@@ -1210,7 +1209,7 @@
rtc::SSLProtocolVersion ssl_max_version = rtc::SSL_PROTOCOL_DTLS_12;
// Sets crypto related options, e.g. enabled cipher suites.
- CryptoOptions crypto_options = CryptoOptions::NoGcm();
+ rtc::CryptoOptions crypto_options;
};
// Set the options to be used for subsequently created PeerConnections.
diff --git a/p2p/base/dtlstransport.cc b/p2p/base/dtlstransport.cc
index f498253..314f63c 100644
--- a/p2p/base/dtlstransport.cc
+++ b/p2p/base/dtlstransport.cc
@@ -114,12 +114,12 @@
}
DtlsTransport::DtlsTransport(IceTransportInternal* ice_transport,
- const webrtc::CryptoOptions& crypto_options)
+ const rtc::CryptoOptions& crypto_options)
: transport_name_(ice_transport->transport_name()),
component_(ice_transport->component()),
ice_transport_(ice_transport),
downward_(NULL),
- srtp_ciphers_(crypto_options.GetSupportedDtlsSrtpCryptoSuites()),
+ srtp_ciphers_(GetSupportedDtlsSrtpCryptoSuites(crypto_options)),
ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_12),
crypto_options_(crypto_options) {
RTC_DCHECK(ice_transport_);
@@ -128,13 +128,13 @@
DtlsTransport::DtlsTransport(
std::unique_ptr<IceTransportInternal> ice_transport,
- const webrtc::CryptoOptions& crypto_options)
+ const rtc::CryptoOptions& crypto_options)
: transport_name_(ice_transport->transport_name()),
component_(ice_transport->component()),
ice_transport_(ice_transport.get()),
owned_ice_transport_(std::move(ice_transport)),
downward_(NULL),
- srtp_ciphers_(crypto_options.GetSupportedDtlsSrtpCryptoSuites()),
+ srtp_ciphers_(GetSupportedDtlsSrtpCryptoSuites(crypto_options)),
ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_12),
crypto_options_(crypto_options) {
RTC_DCHECK(owned_ice_transport_);
@@ -143,7 +143,7 @@
DtlsTransport::~DtlsTransport() = default;
-const webrtc::CryptoOptions& DtlsTransport::crypto_options() const {
+const rtc::CryptoOptions& DtlsTransport::crypto_options() const {
return crypto_options_;
}
diff --git a/p2p/base/dtlstransport.h b/p2p/base/dtlstransport.h
index 2eafc9e..456f375 100644
--- a/p2p/base/dtlstransport.h
+++ b/p2p/base/dtlstransport.h
@@ -15,7 +15,6 @@
#include <string>
#include <vector>
-#include "api/crypto/cryptooptions.h"
#include "p2p/base/dtlstransportinternal.h"
#include "p2p/base/icetransportinternal.h"
#include "rtc_base/buffer.h"
@@ -97,13 +96,13 @@
// whether GCM crypto suites are negotiated.
// TODO(zhihuang): Remove this once we switch to JsepTransportController.
explicit DtlsTransport(IceTransportInternal* ice_transport,
- const webrtc::CryptoOptions& crypto_options);
+ const rtc::CryptoOptions& crypto_options);
explicit DtlsTransport(std::unique_ptr<IceTransportInternal> ice_transport,
- const webrtc::CryptoOptions& crypto_options);
+ const rtc::CryptoOptions& crypto_options);
~DtlsTransport() override;
- const webrtc::CryptoOptions& crypto_options() const override;
+ const rtc::CryptoOptions& crypto_options() const override;
DtlsTransportState dtls_state() const override;
const std::string& transport_name() const override;
int component() const override;
@@ -232,7 +231,7 @@
rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_;
absl::optional<rtc::SSLRole> dtls_role_;
rtc::SSLProtocolVersion ssl_max_version_;
- webrtc::CryptoOptions crypto_options_;
+ rtc::CryptoOptions crypto_options_;
rtc::Buffer remote_fingerprint_value_;
std::string remote_fingerprint_algorithm_;
diff --git a/p2p/base/dtlstransport_unittest.cc b/p2p/base/dtlstransport_unittest.cc
index 8dfbf61..3cf423e 100644
--- a/p2p/base/dtlstransport_unittest.cc
+++ b/p2p/base/dtlstransport_unittest.cc
@@ -86,8 +86,8 @@
fake_ice_transport_->SignalReadPacket.connect(
this, &DtlsTestClient::OnFakeIceTransportReadPacket);
- dtls_transport_ = absl::make_unique<DtlsTransport>(
- fake_ice_transport_.get(), webrtc::CryptoOptions());
+ dtls_transport_.reset(
+ new DtlsTransport(fake_ice_transport_.get(), rtc::CryptoOptions()));
dtls_transport_->SetSslMaxProtocolVersion(ssl_max_version_);
// Note: Certificate may be null here if testing passthrough.
dtls_transport_->SetLocalCertificate(certificate_);
diff --git a/p2p/base/dtlstransportinternal.h b/p2p/base/dtlstransportinternal.h
index a713744..238057e 100644
--- a/p2p/base/dtlstransportinternal.h
+++ b/p2p/base/dtlstransportinternal.h
@@ -15,7 +15,6 @@
#include <string>
#include <vector>
-#include "api/crypto/cryptooptions.h"
#include "p2p/base/icetransportinternal.h"
#include "p2p/base/packettransportinternal.h"
#include "rtc_base/sslstreamadapter.h"
@@ -51,7 +50,7 @@
public:
~DtlsTransportInternal() override;
- virtual const webrtc::CryptoOptions& crypto_options() const = 0;
+ virtual const rtc::CryptoOptions& crypto_options() const = 0;
virtual DtlsTransportState dtls_state() const = 0;
diff --git a/p2p/base/fakedtlstransport.h b/p2p/base/fakedtlstransport.h
index c4f9d2c..cb944d3 100644
--- a/p2p/base/fakedtlstransport.h
+++ b/p2p/base/fakedtlstransport.h
@@ -17,7 +17,6 @@
#include <vector>
#include "absl/memory/memory.h"
-#include "api/crypto/cryptooptions.h"
#include "p2p/base/dtlstransportinternal.h"
#include "p2p/base/fakeicetransport.h"
#include "rtc_base/fakesslidentity.h"
@@ -150,10 +149,10 @@
*role = *dtls_role_;
return true;
}
- const webrtc::CryptoOptions& crypto_options() const override {
+ const rtc::CryptoOptions& crypto_options() const override {
return crypto_options_;
}
- void SetCryptoOptions(const webrtc::CryptoOptions& crypto_options) {
+ void SetCryptoOptions(const rtc::CryptoOptions& crypto_options) {
crypto_options_ = crypto_options;
}
bool SetLocalCertificate(
@@ -273,7 +272,7 @@
rtc::SSLFingerprint dtls_fingerprint_;
absl::optional<rtc::SSLRole> dtls_role_;
int crypto_suite_ = rtc::SRTP_AES128_CM_SHA1_80;
- webrtc::CryptoOptions crypto_options_;
+ rtc::CryptoOptions crypto_options_;
DtlsTransportState dtls_state_ = DTLS_TRANSPORT_NEW;
diff --git a/p2p/base/transportfactoryinterface.h b/p2p/base/transportfactoryinterface.h
index 9805db0..ce32ee8 100644
--- a/p2p/base/transportfactoryinterface.h
+++ b/p2p/base/transportfactoryinterface.h
@@ -34,7 +34,7 @@
virtual std::unique_ptr<DtlsTransportInternal> CreateDtlsTransport(
std::unique_ptr<IceTransportInternal> ice,
- const webrtc::CryptoOptions& crypto_options) = 0;
+ const rtc::CryptoOptions& crypto_options) = 0;
};
} // namespace cricket
diff --git a/pc/channel.cc b/pc/channel.cc
index cd1534f..b63cea7 100644
--- a/pc/channel.cc
+++ b/pc/channel.cc
@@ -101,7 +101,7 @@
std::unique_ptr<MediaChannel> media_channel,
const std::string& content_name,
bool srtp_required,
- webrtc::CryptoOptions crypto_options)
+ rtc::CryptoOptions crypto_options)
: worker_thread_(worker_thread),
network_thread_(network_thread),
signaling_thread_(signaling_thread),
@@ -673,7 +673,7 @@
RtpHeaderExtensions BaseChannel::GetFilteredRtpHeaderExtensions(
const RtpHeaderExtensions& extensions) {
RTC_DCHECK(rtp_transport_);
- if (crypto_options_.srtp.enable_encrypted_rtp_header_extensions) {
+ if (crypto_options_.enable_encrypted_rtp_header_extensions) {
RtpHeaderExtensions filtered;
auto pred = [](const webrtc::RtpExtension& extension) {
return !extension.encrypt;
@@ -742,7 +742,7 @@
std::unique_ptr<VoiceMediaChannel> media_channel,
const std::string& content_name,
bool srtp_required,
- webrtc::CryptoOptions crypto_options)
+ rtc::CryptoOptions crypto_options)
: BaseChannel(worker_thread,
network_thread,
signaling_thread,
@@ -881,7 +881,7 @@
std::unique_ptr<VideoMediaChannel> media_channel,
const std::string& content_name,
bool srtp_required,
- webrtc::CryptoOptions crypto_options)
+ rtc::CryptoOptions crypto_options)
: BaseChannel(worker_thread,
network_thread,
signaling_thread,
@@ -1019,7 +1019,7 @@
std::unique_ptr<DataMediaChannel> media_channel,
const std::string& content_name,
bool srtp_required,
- webrtc::CryptoOptions crypto_options)
+ rtc::CryptoOptions crypto_options)
: BaseChannel(worker_thread,
network_thread,
signaling_thread,
diff --git a/pc/channel.h b/pc/channel.h
index 535f64e..ba58469 100644
--- a/pc/channel.h
+++ b/pc/channel.h
@@ -82,7 +82,7 @@
std::unique_ptr<MediaChannel> media_channel,
const std::string& content_name,
bool srtp_required,
- webrtc::CryptoOptions crypto_options);
+ rtc::CryptoOptions crypto_options);
virtual ~BaseChannel();
void Init_w(webrtc::RtpTransportInternal* rtp_transport);
@@ -313,7 +313,7 @@
bool was_ever_writable_ = false;
bool has_received_packet_ = false;
const bool srtp_required_ = true;
- webrtc::CryptoOptions crypto_options_;
+ rtc::CryptoOptions crypto_options_;
// MediaChannel related members that should be accessed from the worker
// thread.
@@ -343,7 +343,7 @@
std::unique_ptr<VoiceMediaChannel> channel,
const std::string& content_name,
bool srtp_required,
- webrtc::CryptoOptions crypto_options);
+ rtc::CryptoOptions crypto_options);
~VoiceChannel();
// downcasts a MediaChannel
@@ -383,7 +383,7 @@
std::unique_ptr<VideoMediaChannel> media_channel,
const std::string& content_name,
bool srtp_required,
- webrtc::CryptoOptions crypto_options);
+ rtc::CryptoOptions crypto_options);
~VideoChannel();
// downcasts a MediaChannel
@@ -422,7 +422,7 @@
std::unique_ptr<DataMediaChannel> channel,
const std::string& content_name,
bool srtp_required,
- webrtc::CryptoOptions crypto_options);
+ rtc::CryptoOptions crypto_options);
~RtpDataChannel();
// TODO(zhihuang): Remove this once the RtpTransport can be shared between
// BaseChannels.
diff --git a/pc/channel_unittest.cc b/pc/channel_unittest.cc
index 94f38c9..58cb17b 100644
--- a/pc/channel_unittest.cc
+++ b/pc/channel_unittest.cc
@@ -250,7 +250,7 @@
rtc::Thread* signaling_thread = rtc::Thread::Current();
auto channel = absl::make_unique<typename T::Channel>(
worker_thread, network_thread, signaling_thread, engine, std::move(ch),
- cricket::CN_AUDIO, (flags & DTLS) != 0, webrtc::CryptoOptions());
+ cricket::CN_AUDIO, (flags & DTLS) != 0, rtc::CryptoOptions());
channel->Init_w(rtp_transport);
return channel;
}
@@ -1545,7 +1545,7 @@
rtc::Thread* signaling_thread = rtc::Thread::Current();
auto channel = absl::make_unique<cricket::VideoChannel>(
worker_thread, network_thread, signaling_thread, std::move(ch),
- cricket::CN_VIDEO, (flags & DTLS) != 0, webrtc::CryptoOptions());
+ cricket::CN_VIDEO, (flags & DTLS) != 0, rtc::CryptoOptions());
channel->Init_w(rtp_transport);
return channel;
}
@@ -2164,7 +2164,7 @@
rtc::Thread* signaling_thread = rtc::Thread::Current();
auto channel = absl::make_unique<cricket::RtpDataChannel>(
worker_thread, network_thread, signaling_thread, std::move(ch),
- cricket::CN_DATA, (flags & DTLS) != 0, webrtc::CryptoOptions());
+ cricket::CN_DATA, (flags & DTLS) != 0, rtc::CryptoOptions());
channel->Init_w(rtp_transport);
return channel;
}
diff --git a/pc/channelmanager.cc b/pc/channelmanager.cc
index 1c80719..dab622a 100644
--- a/pc/channelmanager.cc
+++ b/pc/channelmanager.cc
@@ -159,7 +159,7 @@
rtc::Thread* signaling_thread,
const std::string& content_name,
bool srtp_required,
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
const AudioOptions& options) {
if (!worker_thread_->IsCurrent()) {
return worker_thread_->Invoke<VoiceChannel*>(RTC_FROM_HERE, [&] {
@@ -226,7 +226,7 @@
rtc::Thread* signaling_thread,
const std::string& content_name,
bool srtp_required,
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
const VideoOptions& options) {
if (!worker_thread_->IsCurrent()) {
return worker_thread_->Invoke<VideoChannel*>(RTC_FROM_HERE, [&] {
@@ -291,7 +291,7 @@
rtc::Thread* signaling_thread,
const std::string& content_name,
bool srtp_required,
- const webrtc::CryptoOptions& crypto_options) {
+ const rtc::CryptoOptions& crypto_options) {
if (!worker_thread_->IsCurrent()) {
return worker_thread_->Invoke<RtpDataChannel*>(RTC_FROM_HERE, [&] {
return CreateRtpDataChannel(media_config, rtp_transport, signaling_thread,
diff --git a/pc/channelmanager.h b/pc/channelmanager.h
index 6430f8e..c6b601e 100644
--- a/pc/channelmanager.h
+++ b/pc/channelmanager.h
@@ -86,7 +86,7 @@
rtc::Thread* signaling_thread,
const std::string& content_name,
bool srtp_required,
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
const AudioOptions& options);
// Destroys a voice channel created by CreateVoiceChannel.
void DestroyVoiceChannel(VoiceChannel* voice_channel);
@@ -100,7 +100,7 @@
rtc::Thread* signaling_thread,
const std::string& content_name,
bool srtp_required,
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
const VideoOptions& options);
// Destroys a video channel created by CreateVideoChannel.
void DestroyVideoChannel(VideoChannel* video_channel);
@@ -111,7 +111,7 @@
rtc::Thread* signaling_thread,
const std::string& content_name,
bool srtp_required,
- const webrtc::CryptoOptions& crypto_options);
+ const rtc::CryptoOptions& crypto_options);
// Destroys a data channel created by CreateRtpDataChannel.
void DestroyRtpDataChannel(RtpDataChannel* data_channel);
diff --git a/pc/channelmanager_unittest.cc b/pc/channelmanager_unittest.cc
index 053166b..47c9530 100644
--- a/pc/channelmanager_unittest.cc
+++ b/pc/channelmanager_unittest.cc
@@ -65,16 +65,16 @@
cricket::VoiceChannel* voice_channel = cm_->CreateVoiceChannel(
&fake_call_, cricket::MediaConfig(), rtp_transport,
rtc::Thread::Current(), cricket::CN_AUDIO, kDefaultSrtpRequired,
- webrtc::CryptoOptions(), AudioOptions());
+ rtc::CryptoOptions(), AudioOptions());
EXPECT_TRUE(voice_channel != nullptr);
cricket::VideoChannel* video_channel = cm_->CreateVideoChannel(
&fake_call_, cricket::MediaConfig(), rtp_transport,
rtc::Thread::Current(), cricket::CN_VIDEO, kDefaultSrtpRequired,
- webrtc::CryptoOptions(), VideoOptions());
+ rtc::CryptoOptions(), VideoOptions());
EXPECT_TRUE(video_channel != nullptr);
cricket::RtpDataChannel* rtp_data_channel = cm_->CreateRtpDataChannel(
cricket::MediaConfig(), rtp_transport, rtc::Thread::Current(),
- cricket::CN_DATA, kDefaultSrtpRequired, webrtc::CryptoOptions());
+ cricket::CN_DATA, kDefaultSrtpRequired, rtc::CryptoOptions());
EXPECT_TRUE(rtp_data_channel != nullptr);
cm_->DestroyVideoChannel(video_channel);
cm_->DestroyVoiceChannel(voice_channel);
diff --git a/pc/jseptransportcontroller.cc b/pc/jseptransportcontroller.cc
index 19a2d40..1847d95 100644
--- a/pc/jseptransportcontroller.cc
+++ b/pc/jseptransportcontroller.cc
@@ -814,7 +814,7 @@
static_cast<const cricket::MediaContentDescription*>(
content_info.description);
- if (!config_.crypto_options.srtp.enable_encrypted_rtp_header_extensions) {
+ if (!config_.crypto_options.enable_encrypted_rtp_header_extensions) {
return std::vector<int>();
}
diff --git a/pc/jseptransportcontroller.h b/pc/jseptransportcontroller.h
index 518d310..bca4481 100644
--- a/pc/jseptransportcontroller.h
+++ b/pc/jseptransportcontroller.h
@@ -18,7 +18,6 @@
#include <vector>
#include "api/candidate.h"
-#include "api/crypto/cryptooptions.h"
#include "api/media_transport_interface.h"
#include "api/peerconnectioninterface.h"
#include "logging/rtc_event_log/rtc_event_log.h"
@@ -34,6 +33,7 @@
#include "rtc_base/asyncinvoker.h"
#include "rtc_base/constructormagic.h"
#include "rtc_base/refcountedobject.h"
+#include "rtc_base/sslstreamadapter.h"
#include "rtc_base/third_party/sigslot/sigslot.h"
namespace rtc {
@@ -68,7 +68,7 @@
rtc::SSLProtocolVersion ssl_max_version = rtc::SSL_PROTOCOL_DTLS_12;
// |crypto_options| is used to determine if created DTLS transports
// negotiate GCM crypto suites or not.
- webrtc::CryptoOptions crypto_options;
+ rtc::CryptoOptions crypto_options;
PeerConnectionInterface::BundlePolicy bundle_policy =
PeerConnectionInterface::kBundlePolicyBalanced;
PeerConnectionInterface::RtcpMuxPolicy rtcp_mux_policy =
diff --git a/pc/jseptransportcontroller_unittest.cc b/pc/jseptransportcontroller_unittest.cc
index 26813e1..ce431c3 100644
--- a/pc/jseptransportcontroller_unittest.cc
+++ b/pc/jseptransportcontroller_unittest.cc
@@ -52,7 +52,7 @@
std::unique_ptr<cricket::DtlsTransportInternal> CreateDtlsTransport(
std::unique_ptr<cricket::IceTransportInternal> ice,
- const webrtc::CryptoOptions& crypto_options) override {
+ const rtc::CryptoOptions& crypto_options) override {
std::unique_ptr<cricket::FakeIceTransport> fake_ice(
static_cast<cricket::FakeIceTransport*>(ice.release()));
return absl::make_unique<FakeDtlsTransport>(std::move(fake_ice));
diff --git a/pc/mediasession.cc b/pc/mediasession.cc
index 889576c..d186513 100644
--- a/pc/mediasession.cc
+++ b/pc/mediasession.cc
@@ -39,10 +39,10 @@
const char kInline[] = "inline:";
-void GetSupportedSdesCryptoSuiteNames(
- void (*func)(const webrtc::CryptoOptions&, std::vector<int>*),
- const webrtc::CryptoOptions& crypto_options,
- std::vector<std::string>* names) {
+void GetSupportedSdesCryptoSuiteNames(void (*func)(const rtc::CryptoOptions&,
+ std::vector<int>*),
+ const rtc::CryptoOptions& crypto_options,
+ std::vector<std::string>* names) {
std::vector<int> crypto_suites;
func(crypto_options, &crypto_suites);
for (const auto crypto : crypto_suites) {
@@ -195,30 +195,28 @@
// For audio, HMAC 32 (if enabled) is prefered over HMAC 80 because of the
// low overhead.
-void GetSupportedAudioSdesCryptoSuites(
- const webrtc::CryptoOptions& crypto_options,
- std::vector<int>* crypto_suites) {
- if (crypto_options.srtp.enable_gcm_crypto_suites) {
+void GetSupportedAudioSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
+ std::vector<int>* crypto_suites) {
+ if (crypto_options.enable_gcm_crypto_suites) {
crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
}
- if (crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher) {
+ if (crypto_options.enable_aes128_sha1_32_crypto_cipher) {
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32);
}
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
}
void GetSupportedAudioSdesCryptoSuiteNames(
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
std::vector<std::string>* crypto_suite_names) {
GetSupportedSdesCryptoSuiteNames(GetSupportedAudioSdesCryptoSuites,
crypto_options, crypto_suite_names);
}
-void GetSupportedVideoSdesCryptoSuites(
- const webrtc::CryptoOptions& crypto_options,
- std::vector<int>* crypto_suites) {
- if (crypto_options.srtp.enable_gcm_crypto_suites) {
+void GetSupportedVideoSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
+ std::vector<int>* crypto_suites) {
+ if (crypto_options.enable_gcm_crypto_suites) {
crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
}
@@ -226,16 +224,15 @@
}
void GetSupportedVideoSdesCryptoSuiteNames(
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
std::vector<std::string>* crypto_suite_names) {
GetSupportedSdesCryptoSuiteNames(GetSupportedVideoSdesCryptoSuites,
crypto_options, crypto_suite_names);
}
-void GetSupportedDataSdesCryptoSuites(
- const webrtc::CryptoOptions& crypto_options,
- std::vector<int>* crypto_suites) {
- if (crypto_options.srtp.enable_gcm_crypto_suites) {
+void GetSupportedDataSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
+ std::vector<int>* crypto_suites) {
+ if (crypto_options.enable_gcm_crypto_suites) {
crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
}
@@ -243,7 +240,7 @@
}
void GetSupportedDataSdesCryptoSuiteNames(
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
std::vector<std::string>* crypto_suite_names) {
GetSupportedSdesCryptoSuiteNames(GetSupportedDataSdesCryptoSuites,
crypto_options, crypto_suite_names);
@@ -255,17 +252,17 @@
// Pick the crypto in the list that is supported.
static bool SelectCrypto(const MediaContentDescription* offer,
bool bundle,
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
CryptoParams* crypto_out) {
bool audio = offer->type() == MEDIA_TYPE_AUDIO;
const CryptoParamsVec& cryptos = offer->cryptos();
for (const CryptoParams& crypto : cryptos) {
- if ((crypto_options.srtp.enable_gcm_crypto_suites &&
+ if ((crypto_options.enable_gcm_crypto_suites &&
rtc::IsGcmCryptoSuiteName(crypto.cipher_suite)) ||
rtc::CS_AES_CM_128_HMAC_SHA1_80 == crypto.cipher_suite ||
(rtc::CS_AES_CM_128_HMAC_SHA1_32 == crypto.cipher_suite && audio &&
- !bundle && crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher)) {
+ !bundle && crypto_options.enable_aes128_sha1_32_crypto_cipher)) {
return CreateCryptoParams(crypto.tag, crypto.cipher_suite, crypto_out);
}
}
diff --git a/pc/mediasession.h b/pc/mediasession.h
index b1df1db..81b88e1 100644
--- a/pc/mediasession.h
+++ b/pc/mediasession.h
@@ -95,7 +95,7 @@
bool bundle_enabled = false;
bool is_unified_plan = false;
std::string rtcp_cname = kDefaultRtcpCname;
- webrtc::CryptoOptions crypto_options;
+ rtc::CryptoOptions crypto_options;
// List of media description options in the same order that the media
// descriptions will be generated.
std::vector<MediaDescriptionOptions> media_description_options;
@@ -337,23 +337,20 @@
SessionDescription* sdesc);
// Helper functions to return crypto suites used for SDES.
-void GetSupportedAudioSdesCryptoSuites(
- const webrtc::CryptoOptions& crypto_options,
- std::vector<int>* crypto_suites);
-void GetSupportedVideoSdesCryptoSuites(
- const webrtc::CryptoOptions& crypto_options,
- std::vector<int>* crypto_suites);
-void GetSupportedDataSdesCryptoSuites(
- const webrtc::CryptoOptions& crypto_options,
- std::vector<int>* crypto_suites);
+void GetSupportedAudioSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
+ std::vector<int>* crypto_suites);
+void GetSupportedVideoSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
+ std::vector<int>* crypto_suites);
+void GetSupportedDataSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
+ std::vector<int>* crypto_suites);
void GetSupportedAudioSdesCryptoSuiteNames(
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
std::vector<std::string>* crypto_suite_names);
void GetSupportedVideoSdesCryptoSuiteNames(
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
std::vector<std::string>* crypto_suite_names);
void GetSupportedDataSdesCryptoSuiteNames(
- const webrtc::CryptoOptions& crypto_options,
+ const rtc::CryptoOptions& crypto_options,
std::vector<std::string>* crypto_suite_names);
// Returns true if the given media section protocol indicates use of RTP.
diff --git a/pc/mediasession_unittest.cc b/pc/mediasession_unittest.cc
index 3bc2766..7162a37 100644
--- a/pc/mediasession_unittest.cc
+++ b/pc/mediasession_unittest.cc
@@ -609,11 +609,11 @@
void TestVideoGcmCipher(bool gcm_offer, bool gcm_answer) {
MediaSessionOptions offer_opts;
AddAudioVideoSections(RtpTransceiverDirection::kRecvOnly, &offer_opts);
- offer_opts.crypto_options.srtp.enable_gcm_crypto_suites = gcm_offer;
+ offer_opts.crypto_options.enable_gcm_crypto_suites = gcm_offer;
MediaSessionOptions answer_opts;
AddAudioVideoSections(RtpTransceiverDirection::kRecvOnly, &answer_opts);
- answer_opts.crypto_options.srtp.enable_gcm_crypto_suites = gcm_answer;
+ answer_opts.crypto_options.enable_gcm_crypto_suites = gcm_answer;
f1_.set_secure(SEC_ENABLED);
f2_.set_secure(SEC_ENABLED);
@@ -953,7 +953,7 @@
f1_.set_secure(SEC_ENABLED);
f2_.set_secure(SEC_ENABLED);
MediaSessionOptions opts = CreatePlanBMediaSessionOptions();
- opts.crypto_options.srtp.enable_gcm_crypto_suites = true;
+ opts.crypto_options.enable_gcm_crypto_suites = true;
std::unique_ptr<SessionDescription> offer(f1_.CreateOffer(opts, NULL));
ASSERT_TRUE(offer.get() != NULL);
std::unique_ptr<SessionDescription> answer(
@@ -1057,7 +1057,7 @@
TEST_F(MediaSessionDescriptionFactoryTest, TestCreateDataAnswerGcm) {
MediaSessionOptions opts = CreatePlanBMediaSessionOptions();
AddDataSection(cricket::DCT_RTP, RtpTransceiverDirection::kRecvOnly, &opts);
- opts.crypto_options.srtp.enable_gcm_crypto_suites = true;
+ opts.crypto_options.enable_gcm_crypto_suites = true;
f1_.set_secure(SEC_ENABLED);
f2_.set_secure(SEC_ENABLED);
std::unique_ptr<SessionDescription> offer(f1_.CreateOffer(opts, NULL));
diff --git a/pc/peerconnection.cc b/pc/peerconnection.cc
index 0861246..5cca4a8 100644
--- a/pc/peerconnection.cc
+++ b/pc/peerconnection.cc
@@ -1027,7 +1027,7 @@
}
webrtc_session_desc_factory_->set_enable_encrypted_rtp_header_extensions(
- options.crypto_options.srtp.enable_encrypted_rtp_header_extensions);
+ options.crypto_options.enable_encrypted_rtp_header_extensions);
// Add default audio/video transceivers for Plan B SDP.
if (!IsUnifiedPlan()) {
diff --git a/pc/peerconnection_crypto_unittest.cc b/pc/peerconnection_crypto_unittest.cc
index 71e8763..1ccfe55 100644
--- a/pc/peerconnection_crypto_unittest.cc
+++ b/pc/peerconnection_crypto_unittest.cc
@@ -284,7 +284,7 @@
// in the answer.
TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWithSdesAndGcm) {
PeerConnectionFactoryInterface::Options options;
- options.crypto_options.srtp.enable_gcm_crypto_suites = true;
+ options.crypto_options.enable_gcm_crypto_suites = true;
pc_factory_->SetOptions(options);
RTCConfiguration config;
@@ -299,7 +299,7 @@
}
TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWithSdesAndGcm) {
PeerConnectionFactoryInterface::Options options;
- options.crypto_options.srtp.enable_gcm_crypto_suites = true;
+ options.crypto_options.enable_gcm_crypto_suites = true;
pc_factory_->SetOptions(options);
RTCConfiguration config;
@@ -317,7 +317,7 @@
TEST_P(PeerConnectionCryptoTest, CanSetSdesGcmRemoteOfferAndLocalAnswer) {
PeerConnectionFactoryInterface::Options options;
- options.crypto_options.srtp.enable_gcm_crypto_suites = true;
+ options.crypto_options.enable_gcm_crypto_suites = true;
pc_factory_->SetOptions(options);
RTCConfiguration config;
diff --git a/pc/peerconnection_integrationtest.cc b/pc/peerconnection_integrationtest.cc
index 36a832c..5825898 100644
--- a/pc/peerconnection_integrationtest.cc
+++ b/pc/peerconnection_integrationtest.cc
@@ -1558,11 +1558,9 @@
bool remote_gcm_enabled,
int expected_cipher_suite) {
PeerConnectionFactory::Options caller_options;
- caller_options.crypto_options.srtp.enable_gcm_crypto_suites =
- local_gcm_enabled;
+ caller_options.crypto_options.enable_gcm_crypto_suites = local_gcm_enabled;
PeerConnectionFactory::Options callee_options;
- callee_options.crypto_options.srtp.enable_gcm_crypto_suites =
- remote_gcm_enabled;
+ callee_options.crypto_options.enable_gcm_crypto_suites = remote_gcm_enabled;
TestNegotiatedCipherSuite(caller_options, callee_options,
expected_cipher_suite);
}
@@ -2845,10 +2843,9 @@
TEST_P(PeerConnectionIntegrationTest,
Aes128Sha1_32_CipherNotUsedWhenOnlyCallerSupported) {
PeerConnectionFactory::Options caller_options;
- caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ caller_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
PeerConnectionFactory::Options callee_options;
- callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
- false;
+ callee_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = false;
int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80;
TestNegotiatedCipherSuite(caller_options, callee_options,
expected_cipher_suite);
@@ -2857,10 +2854,9 @@
TEST_P(PeerConnectionIntegrationTest,
Aes128Sha1_32_CipherNotUsedWhenOnlyCalleeSupported) {
PeerConnectionFactory::Options caller_options;
- caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
- false;
+ caller_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = false;
PeerConnectionFactory::Options callee_options;
- callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ callee_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80;
TestNegotiatedCipherSuite(caller_options, callee_options,
expected_cipher_suite);
@@ -2868,9 +2864,9 @@
TEST_P(PeerConnectionIntegrationTest, Aes128Sha1_32_CipherUsedWhenSupported) {
PeerConnectionFactory::Options caller_options;
- caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ caller_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
PeerConnectionFactory::Options callee_options;
- callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ callee_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_32;
TestNegotiatedCipherSuite(caller_options, callee_options,
expected_cipher_suite);
@@ -2920,7 +2916,7 @@
// works with it.
TEST_P(PeerConnectionIntegrationTest, EndToEndCallWithGcmCipher) {
PeerConnectionFactory::Options gcm_options;
- gcm_options.crypto_options.srtp.enable_gcm_crypto_suites = true;
+ gcm_options.crypto_options.enable_gcm_crypto_suites = true;
ASSERT_TRUE(
CreatePeerConnectionWrappersWithOptions(gcm_options, gcm_options));
ConnectFakeSignaling();
diff --git a/pc/peerconnectionfactory.cc b/pc/peerconnectionfactory.cc
index c3db9cf..edc13034 100644
--- a/pc/peerconnectionfactory.cc
+++ b/pc/peerconnectionfactory.cc
@@ -234,17 +234,6 @@
void PeerConnectionFactory::SetOptions(const Options& options) {
options_ = options;
- // TODO(webrtc:9859) - Remove Chromium Compatibility once fix lands in
- // Chromium
- if (options.crypto_options.enable_gcm_crypto_suites.has_value()) {
- options_.crypto_options.srtp.enable_gcm_crypto_suites =
- *options.crypto_options.enable_gcm_crypto_suites;
- }
- if (options.crypto_options.enable_encrypted_rtp_header_extensions
- .has_value()) {
- options_.crypto_options.srtp.enable_encrypted_rtp_header_extensions =
- *options.crypto_options.enable_encrypted_rtp_header_extensions;
- }
}
RtpCapabilities PeerConnectionFactory::GetRtpSenderCapabilities(
diff --git a/pc/rtpsenderreceiver_unittest.cc b/pc/rtpsenderreceiver_unittest.cc
index fad839c..07ff6a3 100644
--- a/pc/rtpsenderreceiver_unittest.cc
+++ b/pc/rtpsenderreceiver_unittest.cc
@@ -81,11 +81,11 @@
voice_channel_ = channel_manager_.CreateVoiceChannel(
&fake_call_, cricket::MediaConfig(), rtp_transport_.get(),
rtc::Thread::Current(), cricket::CN_AUDIO, srtp_required,
- webrtc::CryptoOptions(), cricket::AudioOptions());
+ rtc::CryptoOptions(), cricket::AudioOptions());
video_channel_ = channel_manager_.CreateVideoChannel(
&fake_call_, cricket::MediaConfig(), rtp_transport_.get(),
rtc::Thread::Current(), cricket::CN_VIDEO, srtp_required,
- webrtc::CryptoOptions(), cricket::VideoOptions());
+ rtc::CryptoOptions(), cricket::VideoOptions());
voice_channel_->Enable(true);
video_channel_->Enable(true);
voice_media_channel_ = media_engine_->GetVoiceChannel(0);
diff --git a/pc/test/fakepeerconnectionforstats.h b/pc/test/fakepeerconnectionforstats.h
index ae329e4..642fa01 100644
--- a/pc/test/fakepeerconnectionforstats.h
+++ b/pc/test/fakepeerconnectionforstats.h
@@ -126,7 +126,7 @@
voice_channel_ = absl::make_unique<cricket::VoiceChannel>(
worker_thread_, network_thread_, signaling_thread_, nullptr,
std::move(voice_media_channel), mid, kDefaultSrtpRequired,
- webrtc::CryptoOptions());
+ rtc::CryptoOptions());
voice_channel_->set_transport_name_for_testing(transport_name);
GetOrCreateFirstTransceiverOfType(cricket::MEDIA_TYPE_AUDIO)
->internal()
@@ -144,7 +144,7 @@
video_channel_ = absl::make_unique<cricket::VideoChannel>(
worker_thread_, network_thread_, signaling_thread_,
std::move(video_media_channel), mid, kDefaultSrtpRequired,
- webrtc::CryptoOptions());
+ rtc::CryptoOptions());
video_channel_->set_transport_name_for_testing(transport_name);
GetOrCreateFirstTransceiverOfType(cricket::MEDIA_TYPE_VIDEO)
->internal()
diff --git a/rtc_base/sslstreamadapter.cc b/rtc_base/sslstreamadapter.cc
index fe42bf4..746ebd5 100644
--- a/rtc_base/sslstreamadapter.cc
+++ b/rtc_base/sslstreamadapter.cc
@@ -89,6 +89,32 @@
crypto_suite == CS_AEAD_AES_128_GCM);
}
+// static
+CryptoOptions CryptoOptions::NoGcm() {
+ CryptoOptions options;
+ options.enable_gcm_crypto_suites = false;
+ return options;
+}
+
+std::vector<int> GetSupportedDtlsSrtpCryptoSuites(
+ const rtc::CryptoOptions& crypto_options) {
+ std::vector<int> crypto_suites;
+ if (crypto_options.enable_gcm_crypto_suites) {
+ crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);
+ crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);
+ }
+ // Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by
+ // draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as
+ // well, and saves a few bytes per packet if it ends up selected.
+ // As the cipher suite is potentially insecure, it will only be used if
+ // enabled by both peers.
+ if (crypto_options.enable_aes128_sha1_32_crypto_cipher) {
+ crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);
+ }
+ crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);
+ return crypto_suites;
+}
+
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
return new OpenSSLStreamAdapter(stream);
}
diff --git a/rtc_base/sslstreamadapter.h b/rtc_base/sslstreamadapter.h
index dad8a4e..2d4e19f 100644
--- a/rtc_base/sslstreamadapter.h
+++ b/rtc_base/sslstreamadapter.h
@@ -70,6 +70,34 @@
// Returns true if the given crypto suite name uses a GCM cipher.
bool IsGcmCryptoSuiteName(const std::string& crypto_suite);
+struct CryptoOptions {
+ CryptoOptions() {}
+
+ // Helper method to return an instance of the CryptoOptions with GCM crypto
+ // suites disabled. This method should be used instead of depending on current
+ // default values set by the constructor.
+ static CryptoOptions NoGcm();
+
+ // Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
+ // if both sides enable it.
+ bool enable_gcm_crypto_suites = false;
+
+ // If set to true, the (potentially insecure) crypto cipher
+ // SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
+ // during negotiation. It will only be used if both peers support it and no
+ // other ciphers get preferred.
+ bool enable_aes128_sha1_32_crypto_cipher = false;
+
+ // If set to true, encrypted RTP header extensions as defined in RFC 6904
+ // will be negotiated. They will only be used if both peers support them.
+ bool enable_encrypted_rtp_header_extensions = false;
+};
+
+// Returns supported crypto suites, given |crypto_options|.
+// CS_AES_CM_128_HMAC_SHA1_32 will be preferred by default.
+std::vector<int> GetSupportedDtlsSrtpCryptoSuites(
+ const rtc::CryptoOptions& crypto_options);
+
// SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS.
// After SSL has been started, the stream will only open on successful
// SSL verification of certificates, and the communication is
diff --git a/sdk/android/src/jni/pc/peerconnectionfactory.cc b/sdk/android/src/jni/pc/peerconnectionfactory.cc
index 049858a..01c1acc 100644
--- a/sdk/android/src/jni/pc/peerconnectionfactory.cc
+++ b/sdk/android/src/jni/pc/peerconnectionfactory.cc
@@ -63,9 +63,9 @@
native_options.disable_encryption = disable_encryption;
native_options.disable_network_monitor = disable_network_monitor;
- native_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
+ native_options.crypto_options.enable_aes128_sha1_32_crypto_cipher =
enable_aes128_sha1_32_crypto_cipher;
- native_options.crypto_options.srtp.enable_gcm_crypto_suites =
+ native_options.crypto_options.enable_gcm_crypto_suites =
enable_gcm_crypto_suites;
return native_options;
}
diff --git a/sdk/objc/api/peerconnection/RTCPeerConnectionFactoryOptions.mm b/sdk/objc/api/peerconnection/RTCPeerConnectionFactoryOptions.mm
index 1690385..103a130 100644
--- a/sdk/objc/api/peerconnection/RTCPeerConnectionFactoryOptions.mm
+++ b/sdk/objc/api/peerconnection/RTCPeerConnectionFactoryOptions.mm
@@ -52,9 +52,8 @@
setNetworkBit(&options, rtc::ADAPTER_TYPE_WIFI, self.ignoreWiFiNetworkAdapter);
setNetworkBit(&options, rtc::ADAPTER_TYPE_ETHERNET, self.ignoreEthernetNetworkAdapter);
- options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
- self.enableAes128Sha1_32CryptoCipher;
- options.crypto_options.srtp.enable_gcm_crypto_suites = self.enableGcmCryptoSuites;
+ options.crypto_options.enable_aes128_sha1_32_crypto_cipher = self.enableAes128Sha1_32CryptoCipher;
+ options.crypto_options.enable_gcm_crypto_suites = self.enableGcmCryptoSuites;
return options;
}