1*d9f75844SAndroid Build Coastguard Worker<?% config.freshness.reviewed = '2021-05-07' %?> 2*d9f75844SAndroid Build Coastguard Worker<?% config.freshness.owner = 'hta' %?> 3*d9f75844SAndroid Build Coastguard Worker 4*d9f75844SAndroid Build Coastguard Worker## Overview 5*d9f75844SAndroid Build Coastguard Worker 6*d9f75844SAndroid Build Coastguard WorkerWebRTC uses DTLS in two ways: 7*d9f75844SAndroid Build Coastguard Worker 8*d9f75844SAndroid Build Coastguard Worker* to negotiate keys for SRTP encryption using 9*d9f75844SAndroid Build Coastguard Worker [DTLS-SRTP](https://www.rfc-editor.org/info/rfc5763) 10*d9f75844SAndroid Build Coastguard Worker* as a transport for SCTP which is used by the Datachannel API 11*d9f75844SAndroid Build Coastguard Worker 12*d9f75844SAndroid Build Coastguard WorkerThe W3C WebRTC API represents this as the 13*d9f75844SAndroid Build Coastguard Worker[DtlsTransport](https://w3c.github.io/webrtc-pc/#rtcdtlstransport-interface). 14*d9f75844SAndroid Build Coastguard Worker 15*d9f75844SAndroid Build Coastguard WorkerThe DTLS handshake happens after the ICE transport becomes writable and has 16*d9f75844SAndroid Build Coastguard Workerfound a valid pair. It results in a set of keys being derived for DTLS-SRTP as 17*d9f75844SAndroid Build Coastguard Workerwell as a fingerprint of the remote certificate which is compared to the one 18*d9f75844SAndroid Build Coastguard Workergiven in the SDP `a=fingerprint:` line. 19*d9f75844SAndroid Build Coastguard Worker 20*d9f75844SAndroid Build Coastguard WorkerThis documentation provides an overview of how DTLS is implemented, i.e how the 21*d9f75844SAndroid Build Coastguard Workerfollowing classes interact. 22*d9f75844SAndroid Build Coastguard Worker 23*d9f75844SAndroid Build Coastguard Worker## webrtc::DtlsTransport 24*d9f75844SAndroid Build Coastguard Worker 25*d9f75844SAndroid Build Coastguard WorkerThe [`webrtc::DtlsTransport`][1] class is a wrapper around the 26*d9f75844SAndroid Build Coastguard Worker`cricket::DtlsTransportInternal` and allows registering observers implementing 27*d9f75844SAndroid Build Coastguard Workerthe `webrtc::DtlsTransportObserverInterface`. The 28*d9f75844SAndroid Build Coastguard Worker[`webrtc::DtlsTransportObserverInterface`][2] will provide updates to the 29*d9f75844SAndroid Build Coastguard Workerobservers, passing around a snapshot of the transports state such as the 30*d9f75844SAndroid Build Coastguard Workerconnection state, the remote certificate(s) and the SRTP ciphers as 31*d9f75844SAndroid Build Coastguard Worker[`DtlsTransportInformation`][3]. 32*d9f75844SAndroid Build Coastguard Worker 33*d9f75844SAndroid Build Coastguard Worker## cricket::DtlsTransportInternal 34*d9f75844SAndroid Build Coastguard Worker 35*d9f75844SAndroid Build Coastguard WorkerThe [`cricket::DtlsTransportInternal`][4] class is an interface. Its 36*d9f75844SAndroid Build Coastguard Workerimplementation is [`cricket::DtlsTransport`][5]. The `cricket::DtlsTransport` 37*d9f75844SAndroid Build Coastguard Workersends and receives network packets via an ICE transport. It also demultiplexes 38*d9f75844SAndroid Build Coastguard WorkerDTLS packets and SRTP packets according to the scheme described in 39*d9f75844SAndroid Build Coastguard Worker[RFC 5764](https://tools.ietf.org/html/rfc5764#section-5.1.2). 40*d9f75844SAndroid Build Coastguard Worker 41*d9f75844SAndroid Build Coastguard Worker## webrtc::DtlsSrtpTranport 42*d9f75844SAndroid Build Coastguard Worker 43*d9f75844SAndroid Build Coastguard WorkerThe [`webrtc::DtlsSrtpTransport`][6] class is responsіble for extracting the 44*d9f75844SAndroid Build Coastguard WorkerSRTP keys after the DTLS handshake as well as protection and unprotection of 45*d9f75844SAndroid Build Coastguard WorkerSRTP packets via its [`cricket::SrtpSession`][7]. 46*d9f75844SAndroid Build Coastguard Worker 47*d9f75844SAndroid Build Coastguard Worker[1]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/dtls_transport.h;l=32;drc=6a55e7307b78edb50f94a1ff1ef8393d58218369 48*d9f75844SAndroid Build Coastguard Worker[2]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/api/dtls_transport_interface.h;l=76;drc=34437d5660a80393d631657329ef74c6538be25a 49*d9f75844SAndroid Build Coastguard Worker[3]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/api/dtls_transport_interface.h;l=41;drc=34437d5660a80393d631657329ef74c6538be25a 50*d9f75844SAndroid Build Coastguard Worker[4]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/p2p/base/dtls_transport_internal.h;l=63;drc=34437d5660a80393d631657329ef74c6538be25a 51*d9f75844SAndroid Build Coastguard Worker[5]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/p2p/base/dtls_transport.h;l=94;drc=653bab6790ac92c513b7cf4cd3ad59039c589a95 52*d9f75844SAndroid Build Coastguard Worker[6]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/dtls_srtp_transport.h;l=31;drc=c32f00ea9ddf3267257fe6b45d4d79c6f6bcb829 53*d9f75844SAndroid Build Coastguard Worker[7]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/pc/srtp_session.h;l=33;drc=be66d95ab7f9428028806bbf66cb83800bda9241 54