xref: /aosp_15_r20/external/webrtc/api/crypto/crypto_options.cc (revision d9f758449e529ab9291ac668be2861e7a55c2422) 
1*d9f75844SAndroid Build Coastguard Worker /*
2*d9f75844SAndroid Build Coastguard Worker  *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
3*d9f75844SAndroid Build Coastguard Worker  *
4*d9f75844SAndroid Build Coastguard Worker  *  Use of this source code is governed by a BSD-style license
5*d9f75844SAndroid Build Coastguard Worker  *  that can be found in the LICENSE file in the root of the source
6*d9f75844SAndroid Build Coastguard Worker  *  tree. An additional intellectual property rights grant can be found
7*d9f75844SAndroid Build Coastguard Worker  *  in the file PATENTS.  All contributing project authors may
8*d9f75844SAndroid Build Coastguard Worker  *  be found in the AUTHORS file in the root of the source tree.
9*d9f75844SAndroid Build Coastguard Worker  */
10*d9f75844SAndroid Build Coastguard Worker 
11*d9f75844SAndroid Build Coastguard Worker #include "api/crypto/crypto_options.h"
12*d9f75844SAndroid Build Coastguard Worker 
13*d9f75844SAndroid Build Coastguard Worker #include "rtc_base/ssl_stream_adapter.h"
14*d9f75844SAndroid Build Coastguard Worker 
15*d9f75844SAndroid Build Coastguard Worker namespace webrtc {
16*d9f75844SAndroid Build Coastguard Worker 
CryptoOptions()17*d9f75844SAndroid Build Coastguard Worker CryptoOptions::CryptoOptions() {}
18*d9f75844SAndroid Build Coastguard Worker 
CryptoOptions(const CryptoOptions & other)19*d9f75844SAndroid Build Coastguard Worker CryptoOptions::CryptoOptions(const CryptoOptions& other) {
20*d9f75844SAndroid Build Coastguard Worker   srtp = other.srtp;
21*d9f75844SAndroid Build Coastguard Worker   sframe = other.sframe;
22*d9f75844SAndroid Build Coastguard Worker }
23*d9f75844SAndroid Build Coastguard Worker 
~CryptoOptions()24*d9f75844SAndroid Build Coastguard Worker CryptoOptions::~CryptoOptions() {}
25*d9f75844SAndroid Build Coastguard Worker 
26*d9f75844SAndroid Build Coastguard Worker // static
NoGcm()27*d9f75844SAndroid Build Coastguard Worker CryptoOptions CryptoOptions::NoGcm() {
28*d9f75844SAndroid Build Coastguard Worker   CryptoOptions options;
29*d9f75844SAndroid Build Coastguard Worker   options.srtp.enable_gcm_crypto_suites = false;
30*d9f75844SAndroid Build Coastguard Worker   return options;
31*d9f75844SAndroid Build Coastguard Worker }
32*d9f75844SAndroid Build Coastguard Worker 
GetSupportedDtlsSrtpCryptoSuites() const33*d9f75844SAndroid Build Coastguard Worker std::vector<int> CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const {
34*d9f75844SAndroid Build Coastguard Worker   std::vector<int> crypto_suites;
35*d9f75844SAndroid Build Coastguard Worker   // Note: kSrtpAes128CmSha1_80 is what is required to be supported (by
36*d9f75844SAndroid Build Coastguard Worker   // draft-ietf-rtcweb-security-arch), but kSrtpAes128CmSha1_32 is allowed as
37*d9f75844SAndroid Build Coastguard Worker   // well, and saves a few bytes per packet if it ends up selected.
38*d9f75844SAndroid Build Coastguard Worker   // As the cipher suite is potentially insecure, it will only be used if
39*d9f75844SAndroid Build Coastguard Worker   // enabled by both peers.
40*d9f75844SAndroid Build Coastguard Worker   if (srtp.enable_aes128_sha1_32_crypto_cipher) {
41*d9f75844SAndroid Build Coastguard Worker     crypto_suites.push_back(rtc::kSrtpAes128CmSha1_32);
42*d9f75844SAndroid Build Coastguard Worker   }
43*d9f75844SAndroid Build Coastguard Worker   if (srtp.enable_aes128_sha1_80_crypto_cipher) {
44*d9f75844SAndroid Build Coastguard Worker     crypto_suites.push_back(rtc::kSrtpAes128CmSha1_80);
45*d9f75844SAndroid Build Coastguard Worker   }
46*d9f75844SAndroid Build Coastguard Worker 
47*d9f75844SAndroid Build Coastguard Worker   // Note: GCM cipher suites are not the top choice since they increase the
48*d9f75844SAndroid Build Coastguard Worker   // packet size. In order to negotiate them the other side must not support
49*d9f75844SAndroid Build Coastguard Worker   // kSrtpAes128CmSha1_80.
50*d9f75844SAndroid Build Coastguard Worker   if (srtp.enable_gcm_crypto_suites) {
51*d9f75844SAndroid Build Coastguard Worker     crypto_suites.push_back(rtc::kSrtpAeadAes256Gcm);
52*d9f75844SAndroid Build Coastguard Worker     crypto_suites.push_back(rtc::kSrtpAeadAes128Gcm);
53*d9f75844SAndroid Build Coastguard Worker   }
54*d9f75844SAndroid Build Coastguard Worker   RTC_CHECK(!crypto_suites.empty());
55*d9f75844SAndroid Build Coastguard Worker   return crypto_suites;
56*d9f75844SAndroid Build Coastguard Worker }
57*d9f75844SAndroid Build Coastguard Worker 
operator ==(const CryptoOptions & other) const58*d9f75844SAndroid Build Coastguard Worker bool CryptoOptions::operator==(const CryptoOptions& other) const {
59*d9f75844SAndroid Build Coastguard Worker   struct data_being_tested_for_equality {
60*d9f75844SAndroid Build Coastguard Worker     struct Srtp {
61*d9f75844SAndroid Build Coastguard Worker       bool enable_gcm_crypto_suites;
62*d9f75844SAndroid Build Coastguard Worker       bool enable_aes128_sha1_32_crypto_cipher;
63*d9f75844SAndroid Build Coastguard Worker       bool enable_aes128_sha1_80_crypto_cipher;
64*d9f75844SAndroid Build Coastguard Worker       bool enable_encrypted_rtp_header_extensions;
65*d9f75844SAndroid Build Coastguard Worker     } srtp;
66*d9f75844SAndroid Build Coastguard Worker     struct SFrame {
67*d9f75844SAndroid Build Coastguard Worker       bool require_frame_encryption;
68*d9f75844SAndroid Build Coastguard Worker     } sframe;
69*d9f75844SAndroid Build Coastguard Worker   };
70*d9f75844SAndroid Build Coastguard Worker   static_assert(sizeof(data_being_tested_for_equality) == sizeof(*this),
71*d9f75844SAndroid Build Coastguard Worker                 "Did you add something to CryptoOptions and forget to "
72*d9f75844SAndroid Build Coastguard Worker                 "update operator==?");
73*d9f75844SAndroid Build Coastguard Worker 
74*d9f75844SAndroid Build Coastguard Worker   return srtp.enable_gcm_crypto_suites == other.srtp.enable_gcm_crypto_suites &&
75*d9f75844SAndroid Build Coastguard Worker          srtp.enable_aes128_sha1_32_crypto_cipher ==
76*d9f75844SAndroid Build Coastguard Worker              other.srtp.enable_aes128_sha1_32_crypto_cipher &&
77*d9f75844SAndroid Build Coastguard Worker          srtp.enable_aes128_sha1_80_crypto_cipher ==
78*d9f75844SAndroid Build Coastguard Worker              other.srtp.enable_aes128_sha1_80_crypto_cipher &&
79*d9f75844SAndroid Build Coastguard Worker          srtp.enable_encrypted_rtp_header_extensions ==
80*d9f75844SAndroid Build Coastguard Worker              other.srtp.enable_encrypted_rtp_header_extensions &&
81*d9f75844SAndroid Build Coastguard Worker          sframe.require_frame_encryption ==
82*d9f75844SAndroid Build Coastguard Worker              other.sframe.require_frame_encryption;
83*d9f75844SAndroid Build Coastguard Worker }
84*d9f75844SAndroid Build Coastguard Worker 
operator !=(const CryptoOptions & other) const85*d9f75844SAndroid Build Coastguard Worker bool CryptoOptions::operator!=(const CryptoOptions& other) const {
86*d9f75844SAndroid Build Coastguard Worker   return !(*this == other);
87*d9f75844SAndroid Build Coastguard Worker }
88*d9f75844SAndroid Build Coastguard Worker 
89*d9f75844SAndroid Build Coastguard Worker }  // namespace webrtc
90