mirror of
https://github.com/mollyim/webrtc.git
synced 2025-05-13 05:40:42 +01:00
Add histogram for DTLS peer signature algorithm
in order to estimate the impact of deprecating SHA1. Chromium UMA CL: https://chromium-review.googlesource.com/c/chromium/src/+/4894345 BUG=webrtc:15517 Change-Id: I5216ba2a8cbba2f276af20d31aa5e111e7c3a141 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/321620 Reviewed-by: David Benjamin <davidben@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Philipp Hancke <phancke@microsoft.com> Cr-Commit-Position: refs/heads/main@{#40882}
This commit is contained in:
Philipp Hancke
WebRTC LUCI CQ
parent
9cf825ded9
commit
36e4dd2f42
10 changed files with 73 additions and 0 deletions
|
|
@ -416,6 +416,13 @@ bool DtlsTransport::GetSslVersionBytes(int* version) const {
|
||||||
return dtls_->GetSslVersionBytes(version);
|
return dtls_->GetSslVersionBytes(version);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
uint16_t DtlsTransport::GetSslPeerSignatureAlgorithm() const {
|
||||||
|
if (dtls_state() != webrtc::DtlsTransportState::kConnected) {
|
||||||
|
return rtc::kSslSignatureAlgorithmUnknown; // "not applicable"
|
||||||
|
}
|
||||||
|
return dtls_->GetPeerSignatureAlgorithm();
|
||||||
|
}
|
||||||
|
|
||||||
// Called from upper layers to send a media packet.
|
// Called from upper layers to send a media packet.
|
||||||
int DtlsTransport::SendPacket(const char* data,
|
int DtlsTransport::SendPacket(const char* data,
|
||||||
size_t size,
|
size_t size,
|
||||||
|
|
|
||||||
|
|
@ -158,6 +158,12 @@ class DtlsTransport : public DtlsTransportInternal {
|
||||||
// Find out which DTLS-SRTP cipher was negotiated
|
// Find out which DTLS-SRTP cipher was negotiated
|
||||||
bool GetSrtpCryptoSuite(int* cipher) override;
|
bool GetSrtpCryptoSuite(int* cipher) override;
|
||||||
|
|
||||||
|
// Find out which signature algorithm was used by the peer. Returns values
|
||||||
|
// from
|
||||||
|
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
|
||||||
|
// If not applicable, it returns zero.
|
||||||
|
uint16_t GetSslPeerSignatureAlgorithm() const override;
|
||||||
|
|
||||||
bool GetDtlsRole(rtc::SSLRole* role) const override;
|
bool GetDtlsRole(rtc::SSLRole* role) const override;
|
||||||
bool SetDtlsRole(rtc::SSLRole role) override;
|
bool SetDtlsRole(rtc::SSLRole role) override;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -71,6 +71,12 @@ class DtlsTransportInternal : public rtc::PacketTransportInternal {
|
||||||
// TODO(zhihuang): Remove this once all dependencies implement this.
|
// TODO(zhihuang): Remove this once all dependencies implement this.
|
||||||
virtual bool GetSslCipherSuite(int* cipher) = 0;
|
virtual bool GetSslCipherSuite(int* cipher) = 0;
|
||||||
|
|
||||||
|
// Find out which signature algorithm was used by the peer. Returns values
|
||||||
|
// from
|
||||||
|
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
|
||||||
|
// If not applicable, it returns zero.
|
||||||
|
virtual uint16_t GetSslPeerSignatureAlgorithm() const = 0;
|
||||||
|
|
||||||
// Gets the local RTCCertificate used for DTLS.
|
// Gets the local RTCCertificate used for DTLS.
|
||||||
virtual rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate()
|
virtual rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate()
|
||||||
const = 0;
|
const = 0;
|
||||||
|
|
|
||||||
|
|
@ -205,6 +205,7 @@ class FakeDtlsTransport : public DtlsTransportInternal {
|
||||||
void SetSslCipherSuite(absl::optional<int> cipher_suite) {
|
void SetSslCipherSuite(absl::optional<int> cipher_suite) {
|
||||||
ssl_cipher_suite_ = cipher_suite;
|
ssl_cipher_suite_ = cipher_suite;
|
||||||
}
|
}
|
||||||
|
uint16_t GetSslPeerSignatureAlgorithm() const override { return 0; }
|
||||||
rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const override {
|
rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const override {
|
||||||
return local_cert_;
|
return local_cert_;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -704,6 +704,8 @@ bool JsepTransport::GetTransportStats(DtlsTransportInternal* dtls_transport,
|
||||||
&substats.ice_transport_stats)) {
|
&substats.ice_transport_stats)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
substats.ssl_peer_signature_algorithm =
|
||||||
|
dtls_transport->GetSslPeerSignatureAlgorithm();
|
||||||
stats->channel_stats.push_back(substats);
|
stats->channel_stats.push_back(substats);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2885,6 +2885,36 @@ void PeerConnection::ReportNegotiatedCiphers(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
uint16_t ssl_peer_signature_algorithm =
|
||||||
|
stats.channel_stats[0].ssl_peer_signature_algorithm;
|
||||||
|
if (ssl_peer_signature_algorithm != rtc::kSslSignatureAlgorithmUnknown) {
|
||||||
|
for (cricket::MediaType media_type : media_types) {
|
||||||
|
switch (media_type) {
|
||||||
|
case cricket::MEDIA_TYPE_AUDIO:
|
||||||
|
RTC_HISTOGRAM_ENUMERATION_SPARSE(
|
||||||
|
"WebRTC.PeerConnection.SslPeerSignatureAlgorithm.Audio",
|
||||||
|
ssl_peer_signature_algorithm,
|
||||||
|
rtc::kSslSignatureAlgorithmMaxValue);
|
||||||
|
break;
|
||||||
|
case cricket::MEDIA_TYPE_VIDEO:
|
||||||
|
RTC_HISTOGRAM_ENUMERATION_SPARSE(
|
||||||
|
"WebRTC.PeerConnection.SslPeerSignatureAlgorithm.Video",
|
||||||
|
ssl_peer_signature_algorithm,
|
||||||
|
rtc::kSslSignatureAlgorithmMaxValue);
|
||||||
|
break;
|
||||||
|
case cricket::MEDIA_TYPE_DATA:
|
||||||
|
RTC_HISTOGRAM_ENUMERATION_SPARSE(
|
||||||
|
"WebRTC.PeerConnection.SslPeerSignatureAlgorithm.Data",
|
||||||
|
ssl_peer_signature_algorithm,
|
||||||
|
rtc::kSslSignatureAlgorithmMaxValue);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
RTC_DCHECK_NOTREACHED();
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bool PeerConnection::OnTransportChanged(
|
bool PeerConnection::OnTransportChanged(
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@ struct TransportChannelStats {
|
||||||
absl::optional<rtc::SSLRole> dtls_role;
|
absl::optional<rtc::SSLRole> dtls_role;
|
||||||
webrtc::DtlsTransportState dtls_state = webrtc::DtlsTransportState::kNew;
|
webrtc::DtlsTransportState dtls_state = webrtc::DtlsTransportState::kNew;
|
||||||
IceTransportStats ice_transport_stats;
|
IceTransportStats ice_transport_stats;
|
||||||
|
uint16_t ssl_peer_signature_algorithm = rtc::kSslSignatureAlgorithmUnknown;
|
||||||
};
|
};
|
||||||
|
|
||||||
// Information about all the channels of a transport.
|
// Information about all the channels of a transport.
|
||||||
|
|
|
||||||
|
|
@ -469,6 +469,17 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(absl::string_view label,
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
uint16_t OpenSSLStreamAdapter::GetPeerSignatureAlgorithm() const {
|
||||||
|
if (state_ != SSL_CONNECTED) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#ifdef OPENSSL_IS_BORINGSSL
|
||||||
|
return SSL_get_peer_signature_algorithm(ssl_);
|
||||||
|
#else
|
||||||
|
return kSslSignatureAlgorithmUnknown;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
|
bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
|
||||||
const std::vector<int>& ciphers) {
|
const std::vector<int>& ciphers) {
|
||||||
if (state_ != SSL_NONE) {
|
if (state_ != SSL_NONE) {
|
||||||
|
|
|
||||||
|
|
@ -124,6 +124,8 @@ class OpenSSLStreamAdapter final : public SSLStreamAdapter,
|
||||||
uint8_t* result,
|
uint8_t* result,
|
||||||
size_t result_len) override;
|
size_t result_len) override;
|
||||||
|
|
||||||
|
uint16_t GetPeerSignatureAlgorithm() const override;
|
||||||
|
|
||||||
// DTLS-SRTP interface
|
// DTLS-SRTP interface
|
||||||
bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites) override;
|
bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites) override;
|
||||||
bool GetDtlsSrtpCryptoSuite(int* crypto_suite) override;
|
bool GetDtlsSrtpCryptoSuite(int* crypto_suite) override;
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,10 @@ constexpr int kSrtpAeadAes128Gcm = 0x0007;
|
||||||
constexpr int kSrtpAeadAes256Gcm = 0x0008;
|
constexpr int kSrtpAeadAes256Gcm = 0x0008;
|
||||||
constexpr int kSrtpCryptoSuiteMaxValue = 0xFFFF;
|
constexpr int kSrtpCryptoSuiteMaxValue = 0xFFFF;
|
||||||
|
|
||||||
|
// Constants for SSL signature algorithms.
|
||||||
|
constexpr int kSslSignatureAlgorithmUnknown = 0;
|
||||||
|
constexpr int kSslSignatureAlgorithmMaxValue = 0xFFFF;
|
||||||
|
|
||||||
// Names of SRTP profiles listed above.
|
// Names of SRTP profiles listed above.
|
||||||
// 128-bit AES with 80-bit SHA-1 HMAC.
|
// 128-bit AES with 80-bit SHA-1 HMAC.
|
||||||
extern const char kCsAesCm128HmacSha1_80[];
|
extern const char kCsAesCm128HmacSha1_80[];
|
||||||
|
|
@ -218,6 +222,9 @@ class SSLStreamAdapter : public StreamInterface {
|
||||||
uint8_t* result,
|
uint8_t* result,
|
||||||
size_t result_len);
|
size_t result_len);
|
||||||
|
|
||||||
|
// Returns the signature algorithm or 0 if not applicable.
|
||||||
|
virtual uint16_t GetPeerSignatureAlgorithm() const = 0;
|
||||||
|
|
||||||
// DTLS-SRTP interface
|
// DTLS-SRTP interface
|
||||||
virtual bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites);
|
virtual bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites);
|
||||||
virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite);
|
virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue