123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282 |
- #ifndef RTC_BASE_SSL_STREAM_ADAPTER_H_
- #define RTC_BASE_SSL_STREAM_ADAPTER_H_
- #include <stddef.h>
- #include <stdint.h>
- #include <memory>
- #include <string>
- #include <vector>
- #include "absl/memory/memory.h"
- #include "rtc_base/deprecation.h"
- #include "rtc_base/ssl_certificate.h"
- #include "rtc_base/ssl_identity.h"
- #include "rtc_base/stream.h"
- #include "rtc_base/third_party/sigslot/sigslot.h"
- namespace rtc {
- const int TLS_NULL_WITH_NULL_NULL = 0;
- const int SSL_CIPHER_SUITE_MAX_VALUE = 0xFFFF;
- const int SRTP_INVALID_CRYPTO_SUITE = 0;
- #ifndef SRTP_AES128_CM_SHA1_80
- const int SRTP_AES128_CM_SHA1_80 = 0x0001;
- #endif
- #ifndef SRTP_AES128_CM_SHA1_32
- const int SRTP_AES128_CM_SHA1_32 = 0x0002;
- #endif
- #ifndef SRTP_AEAD_AES_128_GCM
- const int SRTP_AEAD_AES_128_GCM = 0x0007;
- #endif
- #ifndef SRTP_AEAD_AES_256_GCM
- const int SRTP_AEAD_AES_256_GCM = 0x0008;
- #endif
- const int SRTP_CRYPTO_SUITE_MAX_VALUE = 0xFFFF;
- extern const char CS_AES_CM_128_HMAC_SHA1_80[];
- extern const char CS_AES_CM_128_HMAC_SHA1_32[];
- extern const char CS_AEAD_AES_128_GCM[];
- extern const char CS_AEAD_AES_256_GCM[];
- std::string SrtpCryptoSuiteToName(int crypto_suite);
- int SrtpCryptoSuiteFromName(const std::string& crypto_suite);
- bool GetSrtpKeyAndSaltLengths(int crypto_suite,
- int* key_length,
- int* salt_length);
- bool IsGcmCryptoSuite(int crypto_suite);
- bool IsGcmCryptoSuiteName(const std::string& crypto_suite);
- enum SSLRole { SSL_CLIENT, SSL_SERVER };
- enum SSLMode { SSL_MODE_TLS, SSL_MODE_DTLS };
- enum SSLProtocolVersion {
- SSL_PROTOCOL_NOT_GIVEN = -1,
- SSL_PROTOCOL_TLS_10 = 0,
- SSL_PROTOCOL_TLS_11,
- SSL_PROTOCOL_TLS_12,
- SSL_PROTOCOL_DTLS_10 = SSL_PROTOCOL_TLS_11,
- SSL_PROTOCOL_DTLS_12 = SSL_PROTOCOL_TLS_12,
- };
- enum class SSLPeerCertificateDigestError {
- NONE,
- UNKNOWN_ALGORITHM,
- INVALID_LENGTH,
- VERIFICATION_FAILED,
- };
- enum { SSE_MSG_TRUNC = 0xff0001 };
- enum class SSLHandshakeError { UNKNOWN, INCOMPATIBLE_CIPHERSUITE, MAX_VALUE };
- class SSLStreamAdapter : public StreamAdapterInterface {
- public:
-
-
-
- static std::unique_ptr<SSLStreamAdapter> Create(
- std::unique_ptr<StreamInterface> stream);
- explicit SSLStreamAdapter(std::unique_ptr<StreamInterface> stream);
- ~SSLStreamAdapter() override;
-
-
-
- virtual void SetIdentity(std::unique_ptr<SSLIdentity> identity) = 0;
- virtual SSLIdentity* GetIdentityForTesting() const = 0;
-
-
-
-
- virtual void SetServerRole(SSLRole role = SSL_SERVER) = 0;
-
- virtual void SetMode(SSLMode mode) = 0;
-
-
-
-
-
- virtual void SetMaxProtocolVersion(SSLProtocolVersion version) = 0;
-
-
-
-
- virtual void SetInitialRetransmissionTimeout(int timeout_ms) = 0;
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- virtual int StartSSL() = 0;
-
-
-
-
-
-
-
-
- virtual bool SetPeerCertificateDigest(
- const std::string& digest_alg,
- const unsigned char* digest_val,
- size_t digest_len,
- SSLPeerCertificateDigestError* error = nullptr) = 0;
-
-
- virtual std::unique_ptr<SSLCertChain> GetPeerSSLCertChain() const = 0;
-
-
- virtual bool GetSslCipherSuite(int* cipher_suite);
-
-
- virtual SSLProtocolVersion GetSslVersion() const = 0;
-
-
- virtual bool GetSslVersionBytes(int* version) const = 0;
-
-
-
-
-
-
-
-
-
-
-
-
- virtual bool ExportKeyingMaterial(const std::string& label,
- const uint8_t* context,
- size_t context_len,
- bool use_context,
- uint8_t* result,
- size_t result_len);
-
- virtual bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites);
- virtual bool GetDtlsSrtpCryptoSuite(int* crypto_suite);
-
-
-
-
- virtual bool IsTlsConnected() = 0;
-
-
-
- static bool IsBoringSsl();
-
-
- static bool IsAcceptableCipher(int cipher, KeyType key_type);
- static bool IsAcceptableCipher(const std::string& cipher, KeyType key_type);
-
-
-
- static std::string SslCipherSuiteToName(int cipher_suite);
-
-
-
-
-
- static void EnableTimeCallbackForTesting();
-
-
- void SetClientAuthEnabledForTesting(bool enabled) {
- client_auth_enabled_ = enabled;
- }
-
-
-
- bool GetClientAuthEnabled() const { return client_auth_enabled_; }
- sigslot::signal1<SSLHandshakeError> SignalSSLHandshakeError;
- private:
-
-
-
- bool client_auth_enabled_ = true;
- };
- }
- #endif
|