Google Git
Sign in
webrtc / src / / bfb444ce2c18b5a1d1dd2bd6fae55c520dff4f16^! / . / api / crypto / cryptooptions.h
commitbfb444ce2c18b5a1d1dd2bd6fae55c520dff4f16[log] [tgz]
authorBenjamin Wright <benwright@webrtc.org>Mon Oct 15 17:20:24 2018
committerCommit Bot <commit-bot@chromium.org>Wed Oct 17 17:44:19 2018
tree212ea4420a5a26acc9db2eabb4834d2a9dc2dd5f
parentd932fba3bceb5e53d2499b2b92ea8e52b41e9fce [diff] [blame]
Adds new CryptoOption crypto_options.frame.require_frame_encryption.

This change adds a new subcategory to the public native webrtc::CryptoOptions
structure: webrtc::CryptoOptions::Frame.

This new structure has a single off by default property:
crypto_options.frame.require_frame_encryption.

This new flag if set prevents RtpSenders from sending outgoing payloads unless
a frame_encryptor_ is attached and prevents RtpReceivers from receiving
incoming payloads unless a frame_decryptor_ is attached.

This option is important to enforce no unencrypted data can ever leave the
device or be received.

I have also attached bindings for Java and Objective-C.

I have implemented this functionality for E2EE audio but not E2EE video
since the changes are still in review.

Bug: webrtc:9681
Change-Id: Ie184711190e0cdf5ac781f69e9489ceec904736f
Reviewed-on: https://webrtc-review.googlesource.com/c/105540
Reviewed-by: Niels Moller <nisse@webrtc.org>
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Oskar Sundbom <ossu@webrtc.org>
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25238}
diff --git a/api/crypto/cryptooptions.h b/api/crypto/cryptooptions.h
index de674c2..bd4a1c4 100644
--- a/api/crypto/cryptooptions.h
+++ b/api/crypto/cryptooptions.h

@@ -33,6 +33,9 @@
   // of crypto options.
   std::vector<int> GetSupportedDtlsSrtpCryptoSuites() const;
 
+  bool operator==(const CryptoOptions& other) const;
+  bool operator!=(const CryptoOptions& other) const;
+
   // SRTP Related Peer Connection options.
   struct Srtp {
     // Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
@@ -49,6 +52,14 @@
     // will be negotiated. They will only be used if both peers support them.
     bool enable_encrypted_rtp_header_extensions = false;
   } srtp;
+
+  // Options to be used when the FrameEncryptor / FrameDecryptor APIs are used.
+  struct SFrame {
+    // If set all RtpSenders must have an FrameEncryptor attached to them before
+    // they are allowed to send packets. All RtpReceivers must have a
+    // FrameDecryptor attached to them before they are able to receive packets.
+    bool require_frame_encryption = false;
+  } sframe;
 };
 
 }  // namespace webrtc