mirror of
https://github.com/mollyim/webrtc.git
synced 2025-05-13 05:40:42 +01:00
c2bbe4b952
This reverts commit d8633868b3.
Reason for revert: Breaks downstream project.
Original change's description:
> Enable SRTP GCM ciphers by default
>
> Bug: webrtc:15178
> Change-Id: I0216ce8f194fffc820723d82b9c04a76573c2f4f
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/305381
> Reviewed-by: Harald Alvestrand <hta@webrtc.org>
> Commit-Queue: Philipp Hancke <phancke@microsoft.com>
> Reviewed-by: Victor Boivie <boivie@webrtc.org>
> Cr-Commit-Position: refs/heads/main@{#40828}
Bug: webrtc:15178
Change-Id: I88433e899cb4b705eafa3fceff3edc520629f603
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/321863
Owners-Override: Artem Titov <titovartem@webrtc.org>
Auto-Submit: Manashi Sarkar <manashi@google.com>
Commit-Queue: Artem Titov <titovartem@webrtc.org>
Bot-Commit: rubber-stamper@appspot.gserviceaccount.com <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Artem Titov <titovartem@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#40832}
89 lines
3 KiB
C++
89 lines
3 KiB
C++
/*
|
|
* Copyright 2018 The WebRTC Project Authors. All rights reserved.
|
|
*
|
|
* Use of this source code is governed by a BSD-style license
|
|
* that can be found in the LICENSE file in the root of the source
|
|
* tree. An additional intellectual property rights grant can be found
|
|
* in the file PATENTS. All contributing project authors may
|
|
* be found in the AUTHORS file in the root of the source tree.
|
|
*/
|
|
|
|
#include "api/crypto/crypto_options.h"
|
|
|
|
#include "rtc_base/ssl_stream_adapter.h"
|
|
|
|
namespace webrtc {
|
|
|
|
CryptoOptions::CryptoOptions() {}
|
|
|
|
CryptoOptions::CryptoOptions(const CryptoOptions& other) {
|
|
srtp = other.srtp;
|
|
sframe = other.sframe;
|
|
}
|
|
|
|
CryptoOptions::~CryptoOptions() {}
|
|
|
|
// static
|
|
CryptoOptions CryptoOptions::NoGcm() {
|
|
CryptoOptions options;
|
|
options.srtp.enable_gcm_crypto_suites = false;
|
|
return options;
|
|
}
|
|
|
|
std::vector<int> CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const {
|
|
std::vector<int> crypto_suites;
|
|
// Note: kSrtpAes128CmSha1_80 is what is required to be supported (by
|
|
// draft-ietf-rtcweb-security-arch), but kSrtpAes128CmSha1_32 is allowed as
|
|
// well, and saves a few bytes per packet if it ends up selected.
|
|
// As the cipher suite is potentially insecure, it will only be used if
|
|
// enabled by both peers.
|
|
if (srtp.enable_aes128_sha1_32_crypto_cipher) {
|
|
crypto_suites.push_back(rtc::kSrtpAes128CmSha1_32);
|
|
}
|
|
if (srtp.enable_aes128_sha1_80_crypto_cipher) {
|
|
crypto_suites.push_back(rtc::kSrtpAes128CmSha1_80);
|
|
}
|
|
|
|
// Note: GCM cipher suites are not the top choice since they increase the
|
|
// packet size. In order to negotiate them the other side must not support
|
|
// kSrtpAes128CmSha1_80.
|
|
if (srtp.enable_gcm_crypto_suites) {
|
|
crypto_suites.push_back(rtc::kSrtpAeadAes256Gcm);
|
|
crypto_suites.push_back(rtc::kSrtpAeadAes128Gcm);
|
|
}
|
|
RTC_CHECK(!crypto_suites.empty());
|
|
return crypto_suites;
|
|
}
|
|
|
|
bool CryptoOptions::operator==(const CryptoOptions& other) const {
|
|
struct data_being_tested_for_equality {
|
|
struct Srtp {
|
|
bool enable_gcm_crypto_suites;
|
|
bool enable_aes128_sha1_32_crypto_cipher;
|
|
bool enable_aes128_sha1_80_crypto_cipher;
|
|
bool enable_encrypted_rtp_header_extensions;
|
|
} srtp;
|
|
struct SFrame {
|
|
bool require_frame_encryption;
|
|
} sframe;
|
|
};
|
|
static_assert(sizeof(data_being_tested_for_equality) == sizeof(*this),
|
|
"Did you add something to CryptoOptions and forget to "
|
|
"update operator==?");
|
|
|
|
return srtp.enable_gcm_crypto_suites == other.srtp.enable_gcm_crypto_suites &&
|
|
srtp.enable_aes128_sha1_32_crypto_cipher ==
|
|
other.srtp.enable_aes128_sha1_32_crypto_cipher &&
|
|
srtp.enable_aes128_sha1_80_crypto_cipher ==
|
|
other.srtp.enable_aes128_sha1_80_crypto_cipher &&
|
|
srtp.enable_encrypted_rtp_header_extensions ==
|
|
other.srtp.enable_encrypted_rtp_header_extensions &&
|
|
sframe.require_frame_encryption ==
|
|
other.sframe.require_frame_encryption;
|
|
}
|
|
|
|
bool CryptoOptions::operator!=(const CryptoOptions& other) const {
|
|
return !(*this == other);
|
|
}
|
|
|
|
} // namespace webrtc
|