Repo created

TMessagesProj/jni/voip/webrtc/api/crypto/BUILD.gn

@@ -0,0 +1,49 @@
+# Copyright (c) 2019 The WebRTC project authors. All Rights Reserved.
+#
+# Use of this source code is governed by a BSD-style license
+# that can be found in the LICENSE file in the root of the source
+# tree. An additional intellectual property rights grant can be found
+# in the file PATENTS.  All contributing project authors may
+# be found in the AUTHORS file in the root of the source tree.
+
+import("../../webrtc.gni")
+
+group("crypto") {
+  deps = [
+    ":frame_decryptor_interface",
+    ":frame_encryptor_interface",
+    ":options",
+  ]
+}
+
+rtc_library("options") {
+  visibility = [ "*" ]
+  sources = [
+    "crypto_options.cc",
+    "crypto_options.h",
+  ]
+  deps = [
+    "../../rtc_base:ssl",
+    "../../rtc_base/system:rtc_export",
+  ]
+}
+
+rtc_source_set("frame_decryptor_interface") {
+  visibility = [ "*" ]
+  sources = [ "frame_decryptor_interface.h" ]
+  deps = [
+    "..:array_view",
+    "..:rtp_parameters",
+    "../../rtc_base:refcount",
+  ]
+}
+
+rtc_source_set("frame_encryptor_interface") {
+  visibility = [ "*" ]
+  sources = [ "frame_encryptor_interface.h" ]
+  deps = [
+    "..:array_view",
+    "..:rtp_parameters",
+    "../../rtc_base:refcount",
+  ]
+}

TMessagesProj/jni/voip/webrtc/api/crypto/crypto_options.cc

@@ -0,0 +1,89 @@
+/*
+ *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#include "api/crypto/crypto_options.h"
+
+#include "rtc_base/ssl_stream_adapter.h"
+
+namespace webrtc {
+
+CryptoOptions::CryptoOptions() {}
+
+CryptoOptions::CryptoOptions(const CryptoOptions& other) {
+  srtp = other.srtp;
+  sframe = other.sframe;
+}
+
+CryptoOptions::~CryptoOptions() {}
+
+// static
+CryptoOptions CryptoOptions::NoGcm() {
+  CryptoOptions options;
+  options.srtp.enable_gcm_crypto_suites = false;
+  return options;
+}
+
+std::vector<int> CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const {
+  std::vector<int> crypto_suites;
+  // Note: kSrtpAes128CmSha1_80 is what is required to be supported (by
+  // draft-ietf-rtcweb-security-arch), but kSrtpAes128CmSha1_32 is allowed as
+  // well, and saves a few bytes per packet if it ends up selected.
+  // As the cipher suite is potentially insecure, it will only be used if
+  // enabled by both peers.
+  if (srtp.enable_aes128_sha1_32_crypto_cipher) {
+    crypto_suites.push_back(rtc::kSrtpAes128CmSha1_32);
+  }
+  if (srtp.enable_aes128_sha1_80_crypto_cipher) {
+    crypto_suites.push_back(rtc::kSrtpAes128CmSha1_80);
+  }
+
+  // Note: GCM cipher suites are not the top choice since they increase the
+  // packet size. In order to negotiate them the other side must not support
+  // kSrtpAes128CmSha1_80.
+  if (srtp.enable_gcm_crypto_suites) {
+    crypto_suites.push_back(rtc::kSrtpAeadAes256Gcm);
+    crypto_suites.push_back(rtc::kSrtpAeadAes128Gcm);
+  }
+  RTC_CHECK(!crypto_suites.empty());
+  return crypto_suites;
+}
+
+bool CryptoOptions::operator==(const CryptoOptions& other) const {
+  struct data_being_tested_for_equality {
+    struct Srtp {
+      bool enable_gcm_crypto_suites;
+      bool enable_aes128_sha1_32_crypto_cipher;
+      bool enable_aes128_sha1_80_crypto_cipher;
+      bool enable_encrypted_rtp_header_extensions;
+    } srtp;
+    struct SFrame {
+      bool require_frame_encryption;
+    } sframe;
+  };
+  static_assert(sizeof(data_being_tested_for_equality) == sizeof(*this),
+                "Did you add something to CryptoOptions and forget to "
+                "update operator==?");
+
+  return srtp.enable_gcm_crypto_suites == other.srtp.enable_gcm_crypto_suites &&
+         srtp.enable_aes128_sha1_32_crypto_cipher ==
+             other.srtp.enable_aes128_sha1_32_crypto_cipher &&
+         srtp.enable_aes128_sha1_80_crypto_cipher ==
+             other.srtp.enable_aes128_sha1_80_crypto_cipher &&
+         srtp.enable_encrypted_rtp_header_extensions ==
+             other.srtp.enable_encrypted_rtp_header_extensions &&
+         sframe.require_frame_encryption ==
+             other.sframe.require_frame_encryption;
+}
+
+bool CryptoOptions::operator!=(const CryptoOptions& other) const {
+  return !(*this == other);
+}
+
+}  // namespace webrtc

TMessagesProj/jni/voip/webrtc/api/crypto/crypto_options.h

@@ -0,0 +1,72 @@
+/*
+ *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef API_CRYPTO_CRYPTO_OPTIONS_H_
+#define API_CRYPTO_CRYPTO_OPTIONS_H_
+
+#include <vector>
+
+#include "rtc_base/system/rtc_export.h"
+
+namespace webrtc {
+
+// CryptoOptions defines advanced cryptographic settings for native WebRTC.
+// These settings must be passed into PeerConnectionFactoryInterface::Options
+// and are only applicable to native use cases of WebRTC.
+struct RTC_EXPORT CryptoOptions {
+  CryptoOptions();
+  CryptoOptions(const CryptoOptions& other);
+  ~CryptoOptions();
+
+  // Helper method to return an instance of the CryptoOptions with GCM crypto
+  // suites disabled. This method should be used instead of depending on current
+  // default values set by the constructor.
+  static CryptoOptions NoGcm();
+
+  // Returns a list of the supported DTLS-SRTP Crypto suites based on this set
+  // of crypto options.
+  std::vector<int> GetSupportedDtlsSrtpCryptoSuites() const;
+
+  bool operator==(const CryptoOptions& other) const;
+  bool operator!=(const CryptoOptions& other) const;
+
+  // SRTP Related Peer Connection options.
+  struct Srtp {
+    // Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
+    // if both sides enable it.
+    bool enable_gcm_crypto_suites = true;
+
+    // If set to true, the (potentially insecure) crypto cipher
+    // kSrtpAes128CmSha1_32 will be included in the list of supported ciphers
+    // during negotiation. It will only be used if both peers support it and no
+    // other ciphers get preferred.
+    bool enable_aes128_sha1_32_crypto_cipher = false;
+
+    // The most commonly used cipher. Can be disabled, mostly for testing
+    // purposes.
+    bool enable_aes128_sha1_80_crypto_cipher = true;
+
+    // If set to true, encrypted RTP header extensions as defined in RFC 6904
+    // will be negotiated. They will only be used if both peers support them.
+    bool enable_encrypted_rtp_header_extensions = false;
+  } srtp;
+
+  // Options to be used when the FrameEncryptor / FrameDecryptor APIs are used.
+  struct SFrame {
+    // If set all RtpSenders must have an FrameEncryptor attached to them before
+    // they are allowed to send packets. All RtpReceivers must have a
+    // FrameDecryptor attached to them before they are able to receive packets.
+    bool require_frame_encryption = false;
+  } sframe;
+};
+
+}  // namespace webrtc
+
+#endif  // API_CRYPTO_CRYPTO_OPTIONS_H_

TMessagesProj/jni/voip/webrtc/api/crypto/frame_decryptor_interface.h

@@ -0,0 +1,76 @@
+/*
+ *  Copyright 2018 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef API_CRYPTO_FRAME_DECRYPTOR_INTERFACE_H_
+#define API_CRYPTO_FRAME_DECRYPTOR_INTERFACE_H_
+
+#include <vector>
+
+#include "api/array_view.h"
+#include "api/media_types.h"
+#include "rtc_base/ref_count.h"
+
+namespace webrtc {
+
+// FrameDecryptorInterface allows users to provide a custom decryption
+// implementation for all incoming audio and video frames. The user must also
+// provide a FrameEncryptorInterface to be able to encrypt the frames being
+// sent out of the device. Note this is an additional layer of encyrption in
+// addition to the standard SRTP mechanism and is not intended to be used
+// without it. You may assume that this interface will have the same lifetime
+// as the RTPReceiver it is attached to. It must only be attached to one
+// RTPReceiver. Additional data may be null.
+class FrameDecryptorInterface : public rtc::RefCountInterface {
+ public:
+  // The Status enum represents all possible states that can be
+  // returned when attempting to decrypt a frame. kRecoverable indicates that
+  // there was an error with the given frame and so it should not be passed to
+  // the decoder, however it hints that the receive stream is still decryptable
+  // which is important for determining when to send key frame requests
+  // kUnknown should never be returned by the implementor.
+  enum class Status { kOk, kRecoverable, kFailedToDecrypt, kUnknown };
+
+  struct Result {
+    Result(Status status, size_t bytes_written)
+        : status(status), bytes_written(bytes_written) {}
+
+    bool IsOk() const { return status == Status::kOk; }
+
+    const Status status;
+    const size_t bytes_written;
+  };
+
+  ~FrameDecryptorInterface() override {}
+
+  // Attempts to decrypt the encrypted frame. You may assume the frame size will
+  // be allocated to the size returned from GetMaxPlaintextSize. You may assume
+  // that the frames are in order if SRTP is enabled. The stream is not provided
+  // here and it is up to the implementor to transport this information to the
+  // receiver if they care about it. You must set bytes_written to how many
+  // bytes you wrote to in the frame buffer. kOk must be returned if successful,
+  // kRecoverable should be returned if the failure was due to something other
+  // than a decryption failure. kFailedToDecrypt should be returned in all other
+  // cases.
+  virtual Result Decrypt(cricket::MediaType media_type,
+                         const std::vector<uint32_t>& csrcs,
+                         rtc::ArrayView<const uint8_t> additional_data,
+                         rtc::ArrayView<const uint8_t> encrypted_frame,
+                         rtc::ArrayView<uint8_t> frame) = 0;
+
+  // Returns the total required length in bytes for the output of the
+  // decryption. This can be larger than the actual number of bytes you need but
+  // must never be smaller as it informs the size of the frame buffer.
+  virtual size_t GetMaxPlaintextByteSize(cricket::MediaType media_type,
+                                         size_t encrypted_frame_size) = 0;
+};
+
+}  // namespace webrtc
+
+#endif  // API_CRYPTO_FRAME_DECRYPTOR_INTERFACE_H_

TMessagesProj/jni/voip/webrtc/api/crypto/frame_encryptor_interface.h

@@ -0,0 +1,54 @@
+/*
+ *  Copyright 2018 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef API_CRYPTO_FRAME_ENCRYPTOR_INTERFACE_H_
+#define API_CRYPTO_FRAME_ENCRYPTOR_INTERFACE_H_
+
+#include "api/array_view.h"
+#include "api/media_types.h"
+#include "rtc_base/ref_count.h"
+
+namespace webrtc {
+
+// FrameEncryptorInterface allows users to provide a custom encryption
+// implementation to encrypt all outgoing audio and video frames. The user must
+// also provide a FrameDecryptorInterface to be able to decrypt the frames on
+// the receiving device. Note this is an additional layer of encryption in
+// addition to the standard SRTP mechanism and is not intended to be used
+// without it. Implementations of this interface will have the same lifetime as
+// the RTPSenders it is attached to. Additional data may be null.
+class FrameEncryptorInterface : public rtc::RefCountInterface {
+ public:
+  ~FrameEncryptorInterface() override {}
+
+  // Attempts to encrypt the provided frame. You may assume the encrypted_frame
+  // will match the size returned by GetMaxCiphertextByteSize for a give frame.
+  // You may assume that the frames will arrive in order if SRTP is enabled.
+  // The ssrc will simply identify which stream the frame is travelling on. You
+  // must set bytes_written to the number of bytes you wrote in the
+  // encrypted_frame. 0 must be returned if successful all other numbers can be
+  // selected by the implementer to represent error codes.
+  virtual int Encrypt(cricket::MediaType media_type,
+                      uint32_t ssrc,
+                      rtc::ArrayView<const uint8_t> additional_data,
+                      rtc::ArrayView<const uint8_t> frame,
+                      rtc::ArrayView<uint8_t> encrypted_frame,
+                      size_t* bytes_written) = 0;
+
+  // Returns the total required length in bytes for the output of the
+  // encryption. This can be larger than the actual number of bytes you need but
+  // must never be smaller as it informs the size of the encrypted_frame buffer.
+  virtual size_t GetMaxCiphertextByteSize(cricket::MediaType media_type,
+                                          size_t frame_size) = 0;
+};
+
+}  // namespace webrtc
+
+#endif  // API_CRYPTO_FRAME_ENCRYPTOR_INTERFACE_H_