blob: d02318bc684132aee77b5d62821d4bb5f6df3030 [file] [log] [blame]
henrike@webrtc.orgf0488722014-05-13 18:00:261/*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
Steve Anton10542f22019-01-11 17:11:0011#include "rtc_base/ssl_stream_adapter.h"
henrike@webrtc.orgf0488722014-05-13 18:00:2612
Harald Alvestrand53c424e2024-08-01 06:31:0213#include <cstddef>
14#include <cstdint>
15#include <memory>
Jonas Oreland50544d82025-05-07 08:44:5916#include <optional>
17#include <set>
Harald Alvestrand53c424e2024-08-01 06:31:0218#include <string>
19#include <utility>
Jonas Oreland50544d82025-05-07 08:44:5920#include <vector>
Harald Alvestrand53c424e2024-08-01 06:31:0221
22#include "absl/functional/any_invocable.h"
Ali Tofigh7fa90572022-03-17 14:47:4923#include "absl/strings/string_view.h"
Philipp Hancke40607452024-11-26 18:50:2624#include "api/array_view.h"
Evan Shrubsoledaf96cf2025-03-31 12:34:0225#include "api/field_trials_view.h"
Steve Anton10542f22019-01-11 17:11:0026#include "rtc_base/openssl_stream_adapter.h"
Harald Alvestrand53c424e2024-08-01 06:31:0227#include "rtc_base/ssl_identity.h"
28#include "rtc_base/stream.h"
henrike@webrtc.orgf0488722014-05-13 18:00:2629
Evan Shrubsoleeb835d02025-03-12 09:41:0630namespace webrtc {
henrike@webrtc.orgf0488722014-05-13 18:00:2631
Philipp Hanckedb519e72024-06-25 16:26:4532// Deprecated, prefer SrtpCryptoSuiteToName.
Björn Tereliuse71fa4e2024-06-25 09:55:1233const char kCsAesCm128HmacSha1_80[] = "AES_CM_128_HMAC_SHA1_80";
34const char kCsAesCm128HmacSha1_32[] = "AES_CM_128_HMAC_SHA1_32";
35const char kCsAeadAes128Gcm[] = "AEAD_AES_128_GCM";
36const char kCsAeadAes256Gcm[] = "AEAD_AES_256_GCM";
37
Guo-wei Shieh521ed7b2015-11-19 03:41:5338std::string SrtpCryptoSuiteToName(int crypto_suite) {
jbauchcb560652016-08-04 12:20:3239 switch (crypto_suite) {
Björn Tereliuse71fa4e2024-06-25 09:55:1240 case kSrtpAes128CmSha1_80:
Philipp Hanckedb519e72024-06-25 16:26:4541 return "AES_CM_128_HMAC_SHA1_80";
42 case kSrtpAes128CmSha1_32:
43 return "AES_CM_128_HMAC_SHA1_32";
Mirko Bonadei7750d802021-07-26 15:27:4244 case kSrtpAeadAes128Gcm:
Philipp Hanckedb519e72024-06-25 16:26:4545 return "AEAD_AES_128_GCM";
Mirko Bonadei7750d802021-07-26 15:27:4246 case kSrtpAeadAes256Gcm:
Philipp Hanckedb519e72024-06-25 16:26:4547 return "AEAD_AES_256_GCM";
Yves Gerey665174f2018-06-19 13:03:0548 default:
49 return std::string();
jbauchcb560652016-08-04 12:20:3250 }
Guo-wei Shieh521ed7b2015-11-19 03:41:5351}
52
Yves Gerey665174f2018-06-19 13:03:0553bool GetSrtpKeyAndSaltLengths(int crypto_suite,
54 int* key_length,
55 int* salt_length) {
jbauchcb560652016-08-04 12:20:3256 switch (crypto_suite) {
Mirko Bonadei7750d802021-07-26 15:27:4257 case kSrtpAes128CmSha1_32:
58 case kSrtpAes128CmSha1_80:
Yves Gerey665174f2018-06-19 13:03:0559 // SRTP_AES128_CM_HMAC_SHA1_32 and SRTP_AES128_CM_HMAC_SHA1_80 are defined
60 // in RFC 5764 to use a 128 bits key and 112 bits salt for the cipher.
61 *key_length = 16;
62 *salt_length = 14;
63 break;
Mirko Bonadei7750d802021-07-26 15:27:4264 case kSrtpAeadAes128Gcm:
65 // kSrtpAeadAes128Gcm is defined in RFC 7714 to use a 128 bits key and
Yves Gerey665174f2018-06-19 13:03:0566 // a 96 bits salt for the cipher.
67 *key_length = 16;
68 *salt_length = 12;
69 break;
Mirko Bonadei7750d802021-07-26 15:27:4270 case kSrtpAeadAes256Gcm:
71 // kSrtpAeadAes256Gcm is defined in RFC 7714 to use a 256 bits key and
Yves Gerey665174f2018-06-19 13:03:0572 // a 96 bits salt for the cipher.
73 *key_length = 32;
74 *salt_length = 12;
75 break;
76 default:
77 return false;
jbauchcb560652016-08-04 12:20:3278 }
79 return true;
80}
81
82bool IsGcmCryptoSuite(int crypto_suite) {
Mirko Bonadei7750d802021-07-26 15:27:4283 return (crypto_suite == kSrtpAeadAes256Gcm ||
84 crypto_suite == kSrtpAeadAes128Gcm);
jbauchcb560652016-08-04 12:20:3285}
86
Harald Alvestrand8515d5a2020-03-20 21:51:3287std::unique_ptr<SSLStreamAdapter> SSLStreamAdapter::Create(
Evan Shrubsoleeb835d02025-03-12 09:41:0688 std::unique_ptr<StreamInterface> stream,
Evan Shrubsole318cc332025-05-09 10:38:3389 absl::AnyInvocable<void(SSLHandshakeError)> handshake_error,
Evan Shrubsoleeb835d02025-03-12 09:41:0690 const FieldTrialsView* field_trials) {
Evan Shrubsoledaf96cf2025-03-31 12:34:0291 return std::make_unique<OpenSSLStreamAdapter>(
Jonas Oreland12574a32024-12-19 14:15:5092 std::move(stream), std::move(handshake_error), field_trials);
henrike@webrtc.orgf0488722014-05-13 18:00:2693}
94
Taylor Brandstetter4f0dfbd2016-06-16 00:15:2395bool SSLStreamAdapter::IsBoringSsl() {
Evan Shrubsoledaf96cf2025-03-31 12:34:0296 return OpenSSLStreamAdapter::IsBoringSsl();
Taylor Brandstetter4f0dfbd2016-06-16 00:15:2397}
Evan Shrubsole8f7678f2025-04-01 14:23:5598bool SSLStreamAdapter::IsAcceptableCipher(int cipher, KeyType key_type) {
Evan Shrubsoledaf96cf2025-03-31 12:34:0299 return OpenSSLStreamAdapter::IsAcceptableCipher(cipher, key_type);
Guo-wei Shieh456696a2015-10-01 04:48:54100}
Ali Tofigh7fa90572022-03-17 14:47:49101bool SSLStreamAdapter::IsAcceptableCipher(absl::string_view cipher,
Evan Shrubsole8f7678f2025-04-01 14:23:55102 KeyType key_type) {
Evan Shrubsoledaf96cf2025-03-31 12:34:02103 return OpenSSLStreamAdapter::IsAcceptableCipher(cipher, key_type);
torbjorng43166b82016-03-11 08:06:47104}
Benjamin Wrightb19b4972018-10-25 17:46:49105
Jonas Oreland50544d82025-05-07 08:44:59106std::optional<std::string>
107SSLStreamAdapter::GetEphemeralKeyExchangeCipherGroupName(uint16_t group_id) {
108#if defined(OPENSSL_IS_BORINGSSL)
109 auto val = SSL_get_group_name(group_id);
110 if (val != nullptr) {
111 return std::string(val);
112 }
113#endif
114 return std::nullopt;
115}
116
117std::set<uint16_t>
118SSLStreamAdapter::GetSupportedEphemeralKeyExchangeCipherGroups() {
119 return {
120 // It would be nice if BoringSSL had a function like this!
121#ifdef SSL_GROUP_SECP224R1
122 SSL_GROUP_SECP224R1,
123#endif
124#ifdef SSL_GROUP_SECP256R1
125 SSL_GROUP_SECP256R1,
126#endif
127#ifdef SSL_GROUP_SECP384R1
128 SSL_GROUP_SECP384R1,
129#endif
130#ifdef SSL_GROUP_SECP521R1
131 SSL_GROUP_SECP521R1,
132#endif
133#ifdef SSL_GROUP_X25519
134 SSL_GROUP_X25519,
135#endif
136#ifdef SSL_GROUP_X25519_MLKEM768
137 SSL_GROUP_X25519_MLKEM768,
138#endif
139 };
140}
141
142std::vector<uint16_t>
143SSLStreamAdapter::GetDefaultEphemeralKeyExchangeCipherGroups(
144 const FieldTrialsView* field_trials) {
145 // It would be nice if BoringSSL had a function like this!
146 // from boringssl/src/ssl/extensions.cc kDefaultGroups.
147 if (field_trials && field_trials->IsEnabled("WebRTC-EnableDtlsPqc")) {
148 return {
149#ifdef SSL_GROUP_X25519_MLKEM768
150 SSL_GROUP_X25519_MLKEM768,
151#endif
152#ifdef SSL_GROUP_X25519
153 SSL_GROUP_X25519,
154#endif
155#ifdef SSL_GROUP_SECP256R1
156 SSL_GROUP_SECP256R1,
157#endif
158#ifdef SSL_GROUP_SECP384R1
159 SSL_GROUP_SECP384R1,
160#endif
161 };
162 }
163 return {
164#ifdef SSL_GROUP_X25519
165 SSL_GROUP_X25519,
166#endif
167#ifdef SSL_GROUP_SECP256R1
168 SSL_GROUP_SECP256R1,
169#endif
170#ifdef SSL_GROUP_SECP384R1
171 SSL_GROUP_SECP384R1,
172#endif
173 };
174}
175
Philipp Hancke40607452024-11-26 18:50:26176// Default shim for backward compat.
177bool SSLStreamAdapter::SetPeerCertificateDigest(
178 absl::string_view digest_alg,
179 const unsigned char* digest_val,
180 size_t digest_len,
181 SSLPeerCertificateDigestError* error) {
182 unsigned char* nonconst_val = const_cast<unsigned char*>(digest_val);
183 SSLPeerCertificateDigestError ret = SetPeerCertificateDigest(
Evan Shrubsolef0a46472025-04-17 07:33:36184 digest_alg, ArrayView<uint8_t>(nonconst_val, digest_len));
Philipp Hancke40607452024-11-26 18:50:26185 if (error)
186 *error = ret;
187 return ret == SSLPeerCertificateDigestError::NONE;
188}
189
Benjamin Wrightb19b4972018-10-25 17:46:49190///////////////////////////////////////////////////////////////////////////////
191// Test only settings
192///////////////////////////////////////////////////////////////////////////////
193
194void SSLStreamAdapter::EnableTimeCallbackForTesting() {
Evan Shrubsoledaf96cf2025-03-31 12:34:02195 OpenSSLStreamAdapter::EnableTimeCallbackForTesting();
deadbeef6cf94a02016-11-29 01:38:34196}
henrike@webrtc.orgf0488722014-05-13 18:00:26197
Jonas Orelandac401852024-12-18 08:18:21198SSLProtocolVersion SSLStreamAdapter::GetMaxSupportedDTLSProtocolVersion() {
Evan Shrubsoledaf96cf2025-03-31 12:34:02199 return OpenSSLStreamAdapter::GetMaxSupportedDTLSProtocolVersion();
Jonas Orelandac401852024-12-18 08:18:21200}
201
henrike@webrtc.orgf0488722014-05-13 18:00:26202///////////////////////////////////////////////////////////////////////////////
203
Evan Shrubsoleeb835d02025-03-12 09:41:06204} // namespace webrtc