Add support for GCM cipher suites from RFC 7714.
GCM cipher suites are optional (disabled by default) and can be enabled
through "PeerConnectionFactoryInterface::Options".
If compiled with Chromium (i.e. "ENABLE_EXTERNAL_AUTH" is defined), no
GCM ciphers can be used yet (see https://crbug.com/628400).
BUG=webrtc:5222, 628400
Review-Url: https://codereview.webrtc.org/1528843005
Cr-Commit-Position: refs/heads/master@{#13635}
diff --git a/webrtc/base/sslstreamadapter.cc b/webrtc/base/sslstreamadapter.cc
index 44158d4..c34fc90 100644
--- a/webrtc/base/sslstreamadapter.cc
+++ b/webrtc/base/sslstreamadapter.cc
@@ -25,13 +25,22 @@
// webrtc:5043.
const char CS_AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
const char CS_AES_CM_128_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
+const char CS_AEAD_AES_128_GCM[] = "AEAD_AES_128_GCM";
+const char CS_AEAD_AES_256_GCM[] = "AEAD_AES_256_GCM";
std::string SrtpCryptoSuiteToName(int crypto_suite) {
- if (crypto_suite == SRTP_AES128_CM_SHA1_32)
+ switch (crypto_suite) {
+ case SRTP_AES128_CM_SHA1_32:
return CS_AES_CM_128_HMAC_SHA1_32;
- if (crypto_suite == SRTP_AES128_CM_SHA1_80)
+ case SRTP_AES128_CM_SHA1_80:
return CS_AES_CM_128_HMAC_SHA1_80;
- return std::string();
+ case SRTP_AEAD_AES_128_GCM:
+ return CS_AEAD_AES_128_GCM;
+ case SRTP_AEAD_AES_256_GCM:
+ return CS_AEAD_AES_256_GCM;
+ default:
+ return std::string();
+ }
}
int SrtpCryptoSuiteFromName(const std::string& crypto_suite) {
@@ -39,9 +48,58 @@
return SRTP_AES128_CM_SHA1_32;
if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_80)
return SRTP_AES128_CM_SHA1_80;
+ if (crypto_suite == CS_AEAD_AES_128_GCM)
+ return SRTP_AEAD_AES_128_GCM;
+ if (crypto_suite == CS_AEAD_AES_256_GCM)
+ return SRTP_AEAD_AES_256_GCM;
return SRTP_INVALID_CRYPTO_SUITE;
}
+bool GetSrtpKeyAndSaltLengths(int crypto_suite, int *key_length,
+ int *salt_length) {
+ switch (crypto_suite) {
+ case SRTP_AES128_CM_SHA1_32:
+ case SRTP_AES128_CM_SHA1_80:
+ // SRTP_AES128_CM_HMAC_SHA1_32 and SRTP_AES128_CM_HMAC_SHA1_80 are defined
+ // in RFC 5764 to use a 128 bits key and 112 bits salt for the cipher.
+ *key_length = 16;
+ *salt_length = 14;
+ break;
+ case SRTP_AEAD_AES_128_GCM:
+ // SRTP_AEAD_AES_128_GCM is defined in RFC 7714 to use a 128 bits key and
+ // a 96 bits salt for the cipher.
+ *key_length = 16;
+ *salt_length = 12;
+ break;
+ case SRTP_AEAD_AES_256_GCM:
+ // SRTP_AEAD_AES_256_GCM is defined in RFC 7714 to use a 256 bits key and
+ // a 96 bits salt for the cipher.
+ *key_length = 32;
+ *salt_length = 12;
+ break;
+ default:
+ return false;
+ }
+ return true;
+}
+
+bool IsGcmCryptoSuite(int crypto_suite) {
+ return (crypto_suite == SRTP_AEAD_AES_256_GCM ||
+ crypto_suite == SRTP_AEAD_AES_128_GCM);
+}
+
+bool IsGcmCryptoSuiteName(const std::string& crypto_suite) {
+ return (crypto_suite == CS_AEAD_AES_256_GCM ||
+ crypto_suite == CS_AEAD_AES_128_GCM);
+}
+
+// static
+CryptoOptions CryptoOptions::NoGcm() {
+ CryptoOptions options;
+ options.enable_gcm_crypto_suites = false;
+ return options;
+}
+
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
#if SSL_USE_OPENSSL
return new OpenSSLStreamAdapter(stream);
