Revert "Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h"
This reverts commit ac2f3d14e45398930bc35ff05ed7a3b9b617d328.
Reason for revert: Breaks downstream project
Original change's description:
> Move CryptoOptions to api/crypto from rtc_base/sslstreamadapter.h
>
> Promotes rtc::CryptoOptions to webrtc::CryptoOptions converting it from class
> that only handles SRTP configuration to a more generic structure that can be
> used and extended for all per peer connection CryptoOptions that can be on a
> given PeerConnection.
>
> Now all SRTP related options are under webrtc::CryptoOptions::Srtp and can be
> accessed as crypto_options.srtp.whatever_option_name. This is more inline with
> other structures we have in WebRTC such as VideoConfig. As additional features
> are added over time this will allow the structure to remain compartmentalized
> and concerned components can only request a subset of the overall configuration
> structure e.g:
>
> void MySrtpFunction(const webrtc::CryptoOptions::Srtp& srtp_config);
>
> In addition to this it made little sense for sslstreamadapter.h to hold all
> Srtp related configuration options. The header has become loo large and takes on
> too many responsibilities and spilting this up will lead to more maintainable
> code going forward.
>
> This will be used in a future CL to enable configuration options for the newly
> supported Frame Crypto.
>
> Change-Id: I99d1be36740c59548c8e62db52d68d738649707f
> Bug: webrtc:9681
> Reviewed-on: https://webrtc-review.googlesource.com/c/105180
> Reviewed-by: Emad Omara <emadomara@webrtc.org>
> Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
> Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
> Reviewed-by: Steve Anton <steveanton@webrtc.org>
> Commit-Queue: Benjamin Wright <benwright@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#25130}
TBR=steveanton@webrtc.org,sakal@webrtc.org,kthelgason@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org
Bug: webrtc:9681
Change-Id: Ib0075c477c951b540d4deecb3b0cf8cf86ba0fff
Reviewed-on: https://webrtc-review.googlesource.com/c/105541
Reviewed-by: Oleh Prypin <oprypin@webrtc.org>
Commit-Queue: Oleh Prypin <oprypin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25133}diff --git a/api/BUILD.gn b/api/BUILD.gn
index c420b10..60eb751 100644
--- a/api/BUILD.gn
+++ b/api/BUILD.gn
@@ -52,8 +52,6 @@
"bitrate_constraints.h",
"candidate.cc",
"candidate.h",
- "crypto/cryptooptions.cc",
- "crypto/cryptooptions.h",
"crypto/framedecryptorinterface.h",
"crypto/frameencryptorinterface.h",
"cryptoparams.h",
diff --git a/api/crypto/cryptooptions.cc b/api/crypto/cryptooptions.cc
deleted file mode 100644
index ed6db47..0000000
--- a/api/crypto/cryptooptions.cc
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2018 The WebRTC Project Authors. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style license
- * that can be found in the LICENSE file in the root of the source
- * tree. An additional intellectual property rights grant can be found
- * in the file PATENTS. All contributing project authors may
- * be found in the AUTHORS file in the root of the source tree.
- */
-
-#include "api/crypto/cryptooptions.h"
-#include "rtc_base/sslstreamadapter.h"
-
-namespace webrtc {
-
-CryptoOptions::CryptoOptions() {}
-
-CryptoOptions::CryptoOptions(const CryptoOptions& other) {
- enable_gcm_crypto_suites = other.enable_gcm_crypto_suites;
- enable_encrypted_rtp_header_extensions =
- other.enable_encrypted_rtp_header_extensions;
- srtp = other.srtp;
-}
-
-CryptoOptions::~CryptoOptions() {}
-
-// static
-CryptoOptions CryptoOptions::NoGcm() {
- CryptoOptions options;
- options.srtp.enable_gcm_crypto_suites = false;
- return options;
-}
-
-std::vector<int> CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const {
- std::vector<int> crypto_suites;
- if (srtp.enable_gcm_crypto_suites) {
- crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);
- crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);
- }
- // Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by
- // draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as
- // well, and saves a few bytes per packet if it ends up selected.
- // As the cipher suite is potentially insecure, it will only be used if
- // enabled by both peers.
- if (srtp.enable_aes128_sha1_32_crypto_cipher) {
- crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);
- }
- crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);
- return crypto_suites;
-}
-
-} // namespace webrtc
diff --git a/api/crypto/cryptooptions.h b/api/crypto/cryptooptions.h
deleted file mode 100644
index d2e6224..0000000
--- a/api/crypto/cryptooptions.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright 2018 The WebRTC Project Authors. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style license
- * that can be found in the LICENSE file in the root of the source
- * tree. An additional intellectual property rights grant can be found
- * in the file PATENTS. All contributing project authors may
- * be found in the AUTHORS file in the root of the source tree.
- */
-
-#ifndef API_CRYPTO_CRYPTOOPTIONS_H_
-#define API_CRYPTO_CRYPTOOPTIONS_H_
-
-#include <vector>
-#include "absl/types/optional.h"
-
-namespace webrtc {
-
-// CryptoOptions defines advanced cryptographic settings for native WebRTC.
-// These settings must be passed into PeerConnectionFactoryInterface::Options
-// and are only applicable to native use cases of WebRTC.
-struct CryptoOptions {
- CryptoOptions();
- CryptoOptions(const CryptoOptions& other);
- ~CryptoOptions();
-
- // Helper method to return an instance of the CryptoOptions with GCM crypto
- // suites disabled. This method should be used instead of depending on current
- // default values set by the constructor.
- static CryptoOptions NoGcm();
-
- // Returns a list of the supported DTLS-SRTP Crypto suites based on this set
- // of crypto options.
- std::vector<int> GetSupportedDtlsSrtpCryptoSuites() const;
-
- // TODO(webrtc:9859) - Remove duplicates once chromium is fixed.
- // Will be removed once srtp.enable_gcm_crypto_suites is updated in Chrome.
- absl::optional<bool> enable_gcm_crypto_suites;
- // TODO(webrtc:9859) - Remove duplicates once chromium is fixed.
- // Will be removed once srtp.enable_encrypted_rtp_header_extensions is
- // updated in Chrome.
- absl::optional<bool> enable_encrypted_rtp_header_extensions;
-
- // SRTP Related Peer Connection options.
- struct Srtp {
- // Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
- // if both sides enable it.
- bool enable_gcm_crypto_suites = false;
-
- // If set to true, the (potentially insecure) crypto cipher
- // SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
- // during negotiation. It will only be used if both peers support it and no
- // other ciphers get preferred.
- bool enable_aes128_sha1_32_crypto_cipher = false;
-
- // If set to true, encrypted RTP header extensions as defined in RFC 6904
- // will be negotiated. They will only be used if both peers support them.
- bool enable_encrypted_rtp_header_extensions = false;
- } srtp;
-};
-
-} // namespace webrtc
-
-#endif // API_CRYPTO_CRYPTOOPTIONS_H_
diff --git a/api/cryptoparams.h b/api/cryptoparams.h
index abe9055..2350528 100644
--- a/api/cryptoparams.h
+++ b/api/cryptoparams.h
@@ -16,8 +16,6 @@
namespace cricket {
// Parameters for SRTP negotiation, as described in RFC 4568.
-// TODO(benwright) - Rename to SrtpCryptoParams as these only apply to SRTP and
-// not generic crypto parameters for WebRTC.
struct CryptoParams {
CryptoParams() : tag(0) {}
CryptoParams(int t,
diff --git a/api/peerconnectioninterface.h b/api/peerconnectioninterface.h
index 141b2c9..3d8a9c1 100644
--- a/api/peerconnectioninterface.h
+++ b/api/peerconnectioninterface.h
@@ -77,7 +77,6 @@
#include "api/audio_codecs/audio_encoder_factory.h"
#include "api/audio_options.h"
#include "api/call/callfactoryinterface.h"
-#include "api/crypto/cryptooptions.h"
#include "api/datachannelinterface.h"
#include "api/fec_controller.h"
#include "api/jsep.h"
@@ -1181,7 +1180,7 @@
public:
class Options {
public:
- Options() {}
+ Options() : crypto_options(rtc::CryptoOptions::NoGcm()) {}
// If set to true, created PeerConnections won't enforce any SRTP
// requirement, allowing unsecured media. Should only be used for
@@ -1210,7 +1209,7 @@
rtc::SSLProtocolVersion ssl_max_version = rtc::SSL_PROTOCOL_DTLS_12;
// Sets crypto related options, e.g. enabled cipher suites.
- CryptoOptions crypto_options = CryptoOptions::NoGcm();
+ rtc::CryptoOptions crypto_options;
};
// Set the options to be used for subsequently created PeerConnections.