Google Git
Sign in
webrtc / src / / 5e55fe845ef6d839e17b6fd1fdf911bbbed84753^! / . / pc / mediasession.cc
commit5e55fe845ef6d839e17b6fd1fdf911bbbed84753[log] [tgz]
authorTaylor Brandstetter <deadbeef@webrtc.org>Fri Mar 23 18:50:16 2018
committerCommit Bot <commit-bot@chromium.org>Fri Mar 23 19:26:55 2018
tree384b741141e30f32ca2bddde428f48d9b5ccd63d
parent767a2ced73d4989bb7204b01d12189b940a0ff2f [diff] [blame]
Adding flag to enable/disable use of SRTP_AES128_CM_SHA1_32 crypto suite.

This flag (added to CryptoOptions) will allow applications to opt-in to
use of this suite, before it's disabled by default later. See bug for
more details.

TBR=magjed@webrtc.org

Bug: webrtc:7670
Change-Id: I800bedd4b26d807b6b7ac66b505d419c3323e454
Reviewed-on: https://webrtc-review.googlesource.com/64390
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22586}
diff --git a/pc/mediasession.cc b/pc/mediasession.cc
index 5bea2a3..8a9c1f8 100644
--- a/pc/mediasession.cc
+++ b/pc/mediasession.cc

@@ -194,14 +194,17 @@
   return false;
 }
 
-// For audio, HMAC 32 is prefered over HMAC 80 because of the low overhead.
+// For audio, HMAC 32 (if enabled) is prefered over HMAC 80 because of the
+// low overhead.
 void GetSupportedAudioSdesCryptoSuites(const rtc::CryptoOptions& crypto_options,
                                        std::vector<int>* crypto_suites) {
   if (crypto_options.enable_gcm_crypto_suites) {
     crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
     crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
   }
-  crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32);
+  if (crypto_options.enable_aes128_sha1_32_crypto_cipher) {
+    crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32);
+  }
   crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
 }
 
@@ -245,8 +248,8 @@
 }
 
 // Support any GCM cipher (if enabled through options). For video support only
-// 80-bit SHA1 HMAC. For audio 32-bit HMAC is tolerated unless bundle is enabled
-// because it is low overhead.
+// 80-bit SHA1 HMAC. For audio 32-bit HMAC is tolerated (if enabled) unless
+// bundle is enabled because it is low overhead.
 // Pick the crypto in the list that is supported.
 static bool SelectCrypto(const MediaContentDescription* offer,
                          bool bundle,
@@ -261,7 +264,7 @@
          rtc::IsGcmCryptoSuiteName(i->cipher_suite)) ||
         rtc::CS_AES_CM_128_HMAC_SHA1_80 == i->cipher_suite ||
         (rtc::CS_AES_CM_128_HMAC_SHA1_32 == i->cipher_suite && audio &&
-         !bundle)) {
+         !bundle && crypto_options.enable_aes128_sha1_32_crypto_cipher)) {
       return CreateCryptoParams(i->tag, i->cipher_suite, crypto);
     }
   }