Adds new CryptoOption crypto_options.frame.require_frame_encryption.
This change adds a new subcategory to the public native webrtc::CryptoOptions
structure: webrtc::CryptoOptions::Frame.
This new structure has a single off by default property:
crypto_options.frame.require_frame_encryption.
This new flag if set prevents RtpSenders from sending outgoing payloads unless
a frame_encryptor_ is attached and prevents RtpReceivers from receiving
incoming payloads unless a frame_decryptor_ is attached.
This option is important to enforce no unencrypted data can ever leave the
device or be received.
I have also attached bindings for Java and Objective-C.
I have implemented this functionality for E2EE audio but not E2EE video
since the changes are still in review.
Bug: webrtc:9681
Change-Id: Ie184711190e0cdf5ac781f69e9489ceec904736f
Reviewed-on: https://webrtc-review.googlesource.com/c/105540
Reviewed-by: Niels Moller <nisse@webrtc.org>
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Oskar Sundbom <ossu@webrtc.org>
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25238}diff --git a/api/crypto/cryptooptions.cc b/api/crypto/cryptooptions.cc
index 2c34822..7f34f19 100644
--- a/api/crypto/cryptooptions.cc
+++ b/api/crypto/cryptooptions.cc
@@ -17,6 +17,7 @@
CryptoOptions::CryptoOptions(const CryptoOptions& other) {
srtp = other.srtp;
+ sframe = other.sframe;
}
CryptoOptions::~CryptoOptions() {}
@@ -46,4 +47,32 @@
return crypto_suites;
}
+bool CryptoOptions::operator==(const CryptoOptions& other) const {
+ struct data_being_tested_for_equality {
+ struct Srtp {
+ bool enable_gcm_crypto_suites;
+ bool enable_aes128_sha1_32_crypto_cipher;
+ bool enable_encrypted_rtp_header_extensions;
+ } srtp;
+ struct SFrame {
+ bool require_frame_encryption;
+ } sframe;
+ };
+ static_assert(sizeof(data_being_tested_for_equality) == sizeof(*this),
+ "Did you add something to CryptoOptions and forget to "
+ "update operator==?");
+
+ return srtp.enable_gcm_crypto_suites == other.srtp.enable_gcm_crypto_suites &&
+ srtp.enable_aes128_sha1_32_crypto_cipher ==
+ other.srtp.enable_aes128_sha1_32_crypto_cipher &&
+ srtp.enable_encrypted_rtp_header_extensions ==
+ other.srtp.enable_encrypted_rtp_header_extensions &&
+ sframe.require_frame_encryption ==
+ other.sframe.require_frame_encryption;
+}
+
+bool CryptoOptions::operator!=(const CryptoOptions& other) const {
+ return !(*this == other);
+}
+
} // namespace webrtc
diff --git a/api/crypto/cryptooptions.h b/api/crypto/cryptooptions.h
index de674c2..bd4a1c4 100644
--- a/api/crypto/cryptooptions.h
+++ b/api/crypto/cryptooptions.h
@@ -33,6 +33,9 @@
// of crypto options.
std::vector<int> GetSupportedDtlsSrtpCryptoSuites() const;
+ bool operator==(const CryptoOptions& other) const;
+ bool operator!=(const CryptoOptions& other) const;
+
// SRTP Related Peer Connection options.
struct Srtp {
// Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
@@ -49,6 +52,14 @@
// will be negotiated. They will only be used if both peers support them.
bool enable_encrypted_rtp_header_extensions = false;
} srtp;
+
+ // Options to be used when the FrameEncryptor / FrameDecryptor APIs are used.
+ struct SFrame {
+ // If set all RtpSenders must have an FrameEncryptor attached to them before
+ // they are allowed to send packets. All RtpReceivers must have a
+ // FrameDecryptor attached to them before they are able to receive packets.
+ bool require_frame_encryption = false;
+ } sframe;
};
} // namespace webrtc
