Google Git
Sign in
webrtc / src / edbaf57bd47e2952d3e79999b6ee9beef6614825 / . / pc / g3doc / dtls_transport.md
blob: b5343c16d16aa467e979c8991bdbf1861f607018 [file] [log] [blame] [view]
Philipp Hanckeada00122021-05-11 06:51:29[diff] [blame]1<?% config.freshness.reviewed = '2021-05-07' %?>
2<?% config.freshness.owner = 'hta' %?>
3
4## Overview
5
6WebRTC uses DTLS in two ways:
Philipp Hanckeada00122021-05-11 06:51:29[diff] [blame]7
Artem Titov940108b2021-05-26 10:47:34[diff] [blame]8* to negotiate keys for SRTP encryption using
9 [DTLS-SRTP](https://www.rfc-editor.org/info/rfc5763)
10* as a transport for SCTP which is used by the Datachannel API
Philipp Hanckeada00122021-05-11 06:51:29[diff] [blame]11
Artem Titov940108b2021-05-26 10:47:34[diff] [blame]12The W3C WebRTC API represents this as the
13[DtlsTransport](https://w3c.github.io/webrtc-pc/#rtcdtlstransport-interface).
14
15The DTLS handshake happens after the ICE transport becomes writable and has
16found a valid pair. It results in a set of keys being derived for DTLS-SRTP as
17well as a fingerprint of the remote certificate which is compared to the one
18given in the SDP `a=fingerprint:` line.
Philipp Hanckeada00122021-05-11 06:51:29[diff] [blame]19
20This documentation provides an overview of how DTLS is implemented, i.e how the
21following classes interact.
22
23## webrtc::DtlsTransport
Philipp Hanckeada00122021-05-11 06:51:29[diff] [blame]24
Artem Titov940108b2021-05-26 10:47:34[diff] [blame]25The [`webrtc::DtlsTransport`][1] class is a wrapper around the
26`cricket::DtlsTransportInternal` and allows registering observers implementing
27the `webrtc::DtlsTransportObserverInterface`. The
28[`webrtc::DtlsTransportObserverInterface`][2] will provide updates to the
29observers, passing around a snapshot of the transports state such as the
30connection state, the remote certificate(s) and the SRTP ciphers as
31[`DtlsTransportInformation`][3].
32
33## cricket::DtlsTransportInternal
34
35The [`cricket::DtlsTransportInternal`][4] class is an interface. Its
36implementation is [`cricket::DtlsTransport`][5]. The `cricket::DtlsTransport`
37sends and receives network packets via an ICE transport. It also demultiplexes
38DTLS packets and SRTP packets according to the scheme described in
39[RFC 5764](https://tools.ietf.org/html/rfc5764#section-5.1.2).
Philipp Hanckeada00122021-05-11 06:51:29[diff] [blame]40
41## webrtc::DtlsSrtpTranport
Artem Titov940108b2021-05-26 10:47:34[diff] [blame]42
43The [`webrtc::DtlsSrtpTransport`][6] class is responsŃ–ble for extracting the
44SRTP keys after the DTLS handshake as well as protection and unprotection of
45SRTP packets via its [`cricket::SrtpSession`][7].
Philipp Hancke4a54be72021-05-17 08:20:14[diff] [blame]46
Tony Herreb0ed1202021-07-22 15:40:44[diff] [blame]47[1]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/dtls_transport.h;l=32;drc=6a55e7307b78edb50f94a1ff1ef8393d58218369
48[2]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/api/dtls_transport_interface.h;l=76;drc=34437d5660a80393d631657329ef74c6538be25a
49[3]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/api/dtls_transport_interface.h;l=41;drc=34437d5660a80393d631657329ef74c6538be25a
50[4]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/p2p/base/dtls_transport_internal.h;l=63;drc=34437d5660a80393d631657329ef74c6538be25a
51[5]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/p2p/base/dtls_transport.h;l=94;drc=653bab6790ac92c513b7cf4cd3ad59039c589a95
52[6]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/dtls_srtp_transport.h;l=31;drc=c32f00ea9ddf3267257fe6b45d4d79c6f6bcb829
Philipp Hancke4a54be72021-05-17 08:20:14[diff] [blame]53[7]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=33;drc=be66d95ab7f9428028806bbf66cb83800bda9241