blob: 19823f8c346d9c922b1f77fce1e614464b2f34ee [file] [log] [blame]
/*
* Copyright 2011 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef WEBRTC_P2P_BASE_DTLSTRANSPORTCHANNEL_H_
#define WEBRTC_P2P_BASE_DTLSTRANSPORTCHANNEL_H_
#include <memory>
#include <string>
#include <vector>
#include "webrtc/p2p/base/transportchannelimpl.h"
#include "webrtc/base/buffer.h"
#include "webrtc/base/bufferqueue.h"
#include "webrtc/base/constructormagic.h"
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/stream.h"
namespace cricket {
// A bridge between a packet-oriented/channel-type interface on
// the bottom and a StreamInterface on the top.
class StreamInterfaceChannel : public rtc::StreamInterface {
public:
explicit StreamInterfaceChannel(TransportChannel* channel);
// Push in a packet; this gets pulled out from Read().
bool OnPacketReceived(const char* data, size_t size);
// Implementations of StreamInterface
rtc::StreamState GetState() const override { return state_; }
void Close() override;
rtc::StreamResult Read(void* buffer,
size_t buffer_len,
size_t* read,
int* error) override;
rtc::StreamResult Write(const void* data,
size_t data_len,
size_t* written,
int* error) override;
private:
TransportChannel* channel_; // owned by DtlsTransportChannelWrapper
rtc::StreamState state_;
rtc::BufferQueue packets_;
RTC_DISALLOW_COPY_AND_ASSIGN(StreamInterfaceChannel);
};
// This class provides a DTLS SSLStreamAdapter inside a TransportChannel-style
// packet-based interface, wrapping an existing TransportChannel instance
// (e.g a P2PTransportChannel)
// Here's the way this works:
//
// DtlsTransportChannelWrapper {
// SSLStreamAdapter* dtls_ {
// StreamInterfaceChannel downward_ {
// TransportChannelImpl* channel_;
// }
// }
// }
//
// - Data which comes into DtlsTransportChannelWrapper from the underlying
// channel_ via OnReadPacket() is checked for whether it is DTLS
// or not, and if it is, is passed to DtlsTransportChannelWrapper::
// HandleDtlsPacket, which pushes it into to downward_.
// dtls_ is listening for events on downward_, so it immediately calls
// downward_->Read().
//
// - Data written to DtlsTransportChannelWrapper is passed either to
// downward_ or directly to channel_, depending on whether DTLS is
// negotiated and whether the flags include PF_SRTP_BYPASS
//
// - The SSLStreamAdapter writes to downward_->Write()
// which translates it into packet writes on channel_.
class DtlsTransportChannelWrapper : public TransportChannelImpl {
public:
// The parameters here are:
// channel -- the TransportChannel we are wrapping
explicit DtlsTransportChannelWrapper(TransportChannelImpl* channel);
~DtlsTransportChannelWrapper() override;
void SetIceRole(IceRole role) override { channel_->SetIceRole(role); }
IceRole GetIceRole() const override { return channel_->GetIceRole(); }
bool SetLocalCertificate(
const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override;
rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const override;
bool SetRemoteFingerprint(const std::string& digest_alg,
const uint8_t* digest,
size_t digest_len) override;
// Returns false if no local certificate was set, or if the peer doesn't
// support DTLS.
bool IsDtlsActive() const override { return dtls_active_; }
// Called to send a packet (via DTLS, if turned on).
int SendPacket(const char* data,
size_t size,
const rtc::PacketOptions& options,
int flags) override;
// TransportChannel calls that we forward to the wrapped transport.
int SetOption(rtc::Socket::Option opt, int value) override {
return channel_->SetOption(opt, value);
}
bool GetOption(rtc::Socket::Option opt, int* value) override {
return channel_->GetOption(opt, value);
}
int GetError() override { return channel_->GetError(); }
bool GetStats(ConnectionInfos* infos) override {
return channel_->GetStats(infos);
}
virtual bool SetSslMaxProtocolVersion(rtc::SSLProtocolVersion version);
// Set up the ciphers to use for DTLS-SRTP. If this method is not called
// before DTLS starts, or |ciphers| is empty, SRTP keys won't be negotiated.
// This method should be called before SetupDtls.
bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override;
// Find out which DTLS-SRTP cipher was negotiated
bool GetSrtpCryptoSuite(int* cipher) override;
bool GetSslRole(rtc::SSLRole* role) const override;
bool SetSslRole(rtc::SSLRole role) override;
// Find out which DTLS cipher was negotiated
bool GetSslCipherSuite(int* cipher) override;
// Once DTLS has been established, this method retrieves the certificate in
// use by the remote peer, for use in external identity verification.
std::unique_ptr<rtc::SSLCertificate> GetRemoteSSLCertificate() const override;
// Once DTLS has established (i.e., this channel is writable), this method
// extracts the keys negotiated during the DTLS handshake, for use in external
// encryption. DTLS-SRTP uses this to extract the needed SRTP keys.
// See the SSLStreamAdapter documentation for info on the specific parameters.
bool ExportKeyingMaterial(const std::string& label,
const uint8_t* context,
size_t context_len,
bool use_context,
uint8_t* result,
size_t result_len) override {
return (dtls_.get()) ? dtls_->ExportKeyingMaterial(label, context,
context_len,
use_context,
result, result_len)
: false;
}
// TransportChannelImpl calls.
TransportChannelState GetState() const override {
return channel_->GetState();
}
void SetIceTiebreaker(uint64_t tiebreaker) override {
channel_->SetIceTiebreaker(tiebreaker);
}
void SetIceParameters(const IceParameters& ice_params) override {
channel_->SetIceParameters(ice_params);
}
void SetRemoteIceParameters(const IceParameters& ice_params) override {
channel_->SetRemoteIceParameters(ice_params);
}
void SetRemoteIceMode(IceMode mode) override {
channel_->SetRemoteIceMode(mode);
}
void MaybeStartGathering() override { channel_->MaybeStartGathering(); }
IceGatheringState gathering_state() const override {
return channel_->gathering_state();
}
void AddRemoteCandidate(const Candidate& candidate) override {
channel_->AddRemoteCandidate(candidate);
}
void RemoveRemoteCandidate(const Candidate& candidate) override {
channel_->RemoveRemoteCandidate(candidate);
}
void SetIceConfig(const IceConfig& config) override {
channel_->SetIceConfig(config);
}
// Needed by DtlsTransport.
TransportChannelImpl* channel() { return channel_; }
private:
void OnReadableState(TransportChannel* channel);
void OnWritableState(TransportChannel* channel);
void OnReadPacket(TransportChannel* channel, const char* data, size_t size,
const rtc::PacketTime& packet_time, int flags);
void OnSentPacket(TransportChannel* channel,
const rtc::SentPacket& sent_packet);
void OnReadyToSend(TransportChannel* channel);
void OnReceivingState(TransportChannel* channel);
void OnDtlsEvent(rtc::StreamInterface* stream_, int sig, int err);
bool SetupDtls();
void MaybeStartDtls();
bool HandleDtlsPacket(const char* data, size_t size);
void OnGatheringState(TransportChannelImpl* channel);
void OnCandidateGathered(TransportChannelImpl* channel, const Candidate& c);
void OnCandidatesRemoved(TransportChannelImpl* channel,
const Candidates& candidates);
void OnRoleConflict(TransportChannelImpl* channel);
void OnRouteChange(TransportChannel* channel, const Candidate& candidate);
void OnSelectedCandidatePairChanged(
TransportChannel* channel,
CandidatePairInterface* selected_candidate_pair,
int last_sent_packet_id,
bool ready_to_send);
void OnChannelStateChanged(TransportChannelImpl* channel);
void OnDtlsHandshakeError(rtc::SSLHandshakeError error);
rtc::Thread* worker_thread_; // Everything should occur on this thread.
// Underlying channel, not owned by this class.
TransportChannelImpl* const channel_;
std::unique_ptr<rtc::SSLStreamAdapter> dtls_; // The DTLS stream
StreamInterfaceChannel* downward_; // Wrapper for channel_, owned by dtls_.
std::vector<int> srtp_ciphers_; // SRTP ciphers to use with DTLS.
bool dtls_active_ = false;
rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_;
rtc::SSLRole ssl_role_;
rtc::SSLProtocolVersion ssl_max_version_;
rtc::Buffer remote_fingerprint_value_;
std::string remote_fingerprint_algorithm_;
// Cached DTLS ClientHello packet that was received before we started the
// DTLS handshake. This could happen if the hello was received before the
// transport channel became writable, or before a remote fingerprint was
// received.
rtc::Buffer cached_client_hello_;
RTC_DISALLOW_COPY_AND_ASSIGN(DtlsTransportChannelWrapper);
};
} // namespace cricket
#endif // WEBRTC_P2P_BASE_DTLSTRANSPORTCHANNEL_H_