File: crypto_options.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (112 lines) | stat: -rw-r--r-- 4,305 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
/*
 *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
 *
 *  Use of this source code is governed by a BSD-style license
 *  that can be found in the LICENSE file in the root of the source
 *  tree. An additional intellectual property rights grant can be found
 *  in the file PATENTS.  All contributing project authors may
 *  be found in the AUTHORS file in the root of the source tree.
 */

#ifndef API_CRYPTO_CRYPTO_OPTIONS_H_
#define API_CRYPTO_CRYPTO_OPTIONS_H_

#include <cstdint>
#include <optional>
#include <set>
#include <string>
#include <vector>

#include "api/field_trials_view.h"
#include "rtc_base/system/rtc_export.h"

namespace webrtc {

// CryptoOptions defines advanced cryptographic settings for native WebRTC.
// These settings must be passed into PeerConnectionFactoryInterface::Options
// and are only applicable to native use cases of WebRTC.
struct RTC_EXPORT CryptoOptions {
  CryptoOptions();

  // Helper method to return an instance of the CryptoOptions with GCM crypto
  // suites disabled. This method should be used instead of depending on current
  // default values set by the constructor.
  static CryptoOptions NoGcm();

  // Returns a list of the supported DTLS-SRTP Crypto suites based on this set
  // of crypto options.
  std::vector<int> GetSupportedDtlsSrtpCryptoSuites() const;

  bool operator==(const CryptoOptions& other) const;
  bool operator!=(const CryptoOptions& other) const;

  // SRTP Related Peer Connection options.
  struct Srtp {
    // Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
    // if both sides enable it.
    bool enable_gcm_crypto_suites = true;

    // If set to true, the (potentially insecure) crypto cipher
    // kSrtpAes128CmSha1_32 will be included in the list of supported ciphers
    // during negotiation. It will only be used if both peers support it and no
    // other ciphers get preferred.
    bool enable_aes128_sha1_32_crypto_cipher = false;

    // The most commonly used cipher. Can be disabled, mostly for testing
    // purposes.
    bool enable_aes128_sha1_80_crypto_cipher = true;

    // This feature enables encrypting RTP header extensions using RFC 6904, if
    // requested. For this to work the Chromium field trial
    // `kWebRtcEncryptedRtpHeaderExtensions` must be enabled.
    bool enable_encrypted_rtp_header_extensions = true;
  } srtp;

  // Options to be used when the FrameEncryptor / FrameDecryptor APIs are used.
  struct SFrame {
    // If set all RtpSenders must have an FrameEncryptor attached to them before
    // they are allowed to send packets. All RtpReceivers must have a
    // FrameDecryptor attached to them before they are able to receive packets.
    bool require_frame_encryption = false;
  } sframe;

  // Cipher groups used by DTLS when establishing an ephemeral key during
  // handshake.
  class RTC_EXPORT EphemeralKeyExchangeCipherGroups {
   public:
    // Which cipher groups are supported by this binary,
    // - ssl.h: SSL_GROUP_{}
    // - https://www.rfc-editor.org/rfc/rfc8422#section-5.1.1
    // - https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem
    static constexpr uint16_t kSECP224R1 = 21;
    static constexpr uint16_t kSECP256R1 = 23;
    static constexpr uint16_t kSECP384R1 = 24;
    static constexpr uint16_t kSECP521R1 = 25;
    static constexpr uint16_t kX25519 = 29;
    static constexpr uint16_t kX25519_MLKEM768 = 0x11ec;

    static std::set<uint16_t> GetSupported();
    static std::optional<std::string> GetName(uint16_t);

    EphemeralKeyExchangeCipherGroups();

    // Which cipher groups are enabled in this crypto options.
    std::vector<uint16_t> GetEnabled() const { return enabled_; }
    void SetEnabled(const std::vector<uint16_t>& groups) { enabled_ = groups; }
    void AddFirst(uint16_t group);

    // Update list of enabled groups based on field_trials,
    // optionally providing list of groups that should NOT be added.
    void Update(const FieldTrialsView* field_trials,
                const std::vector<uint16_t>* disabled_groups = nullptr);

    bool operator==(const EphemeralKeyExchangeCipherGroups& other) const;

   private:
    std::vector<uint16_t> enabled_;
  } ephemeral_key_exchange_cipher_groups;
};

}  // namespace webrtc

#endif  // API_CRYPTO_CRYPTO_OPTIONS_H_