Bug 1480869: define SRTP ciphers suites inside mtransport r=mt
authorNils Ohlmeier [:drno] <drno@ohlmeier.org>
Tue, 11 Sep 2018 03:58:34 +0000
changeset 491332 cf2e01678e1f28b0df299da82a160969373e26ab
parent 491331 83022b462d0b617fb82c044a0612cb118509b829
child 491333 584b58e90de79ea9b18fc9c94c12d5884861c725
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmt
bugs1480869
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1480869: define SRTP ciphers suites inside mtransport r=mt define SRTP cipher suites inside mtransport Differential Revision: https://phabricator.services.mozilla.com/D5490
media/mtransport/SrtpFlow.cpp
media/mtransport/SrtpFlow.h
media/mtransport/test/buffered_stun_socket_unittest.cpp
media/mtransport/test/ice_unittest.cpp
media/mtransport/test/proxy_tunnel_socket_unittest.cpp
media/mtransport/test/test_nr_socket_ice_unittest.cpp
media/mtransport/test/transport_unittests.cpp
media/mtransport/test/turn_unittest.cpp
media/mtransport/transportlayerdtls.cpp
media/mtransport/transportlayerdtls.h
media/webrtc/signaling/gtest/mediapipeline_unittest.cpp
media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp
--- a/media/mtransport/SrtpFlow.cpp
+++ b/media/mtransport/SrtpFlow.cpp
@@ -3,18 +3,18 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // Original author: ekr@rtfm.com
 
 #include "logging.h"
 #include "SrtpFlow.h"
 
 #include "srtp.h"
-#include "ssl.h"
-#include "sslproto.h"
+
+#include "transportlayerdtls.h"
 
 #include "mozilla/RefPtr.h"
 
 using namespace mozilla;
 
 namespace mozilla {
 
 MOZ_MTLOG_MODULE("mtransport")
@@ -47,23 +47,23 @@ RefPtr<SrtpFlow> SrtpFlow::Create(int ci
   }
 
   srtp_policy_t policy;
   memset(&policy, 0, sizeof(srtp_policy_t));
 
   // Note that we set the same cipher suite for RTP and RTCP
   // since any flow can only have one cipher suite with DTLS-SRTP
   switch (cipher_suite) {
-    case SRTP_AES128_CM_HMAC_SHA1_80:
+    case kDtlsSrtpAes128CmHmacSha1_80:
       MOZ_MTLOG(ML_DEBUG,
                   "Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_80");
       srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtp);
       srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp);
       break;
-    case SRTP_AES128_CM_HMAC_SHA1_32:
+    case kDtlsSrtpAes128CmHmacSha1_32:
       MOZ_MTLOG(ML_DEBUG,
                   "Setting SRTP cipher suite SRTP_AES128_CM_HMAC_SHA1_32");
       srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy.rtp);
       srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy.rtcp); // 80-bit per RFC 5764
       break;                                                   // S 4.1.2.
     default:
       MOZ_MTLOG(ML_ERROR, "Request to set unknown SRTP cipher suite");
       return nullptr;
--- a/media/mtransport/SrtpFlow.h
+++ b/media/mtransport/SrtpFlow.h
@@ -2,18 +2,16 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // Original author: ekr@rtfm.com
 
 #ifndef srtpflow_h__
 #define srtpflow_h__
 
-#include "ssl.h"
-#include "sslproto.h"
 #include "mozilla/RefPtr.h"
 #include "nsISupportsImpl.h"
 #include "srtp.h"
 
 namespace mozilla {
 
 #define SRTP_MASTER_KEY_LENGTH 16
 #define SRTP_MASTER_SALT_LENGTH 14
--- a/media/mtransport/test/buffered_stun_socket_unittest.cpp
+++ b/media/mtransport/test/buffered_stun_socket_unittest.cpp
@@ -3,18 +3,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // Original author: ekr@rtfm.com
 
 #include <iostream>
 
-#include "nspr.h"
-#include "nss.h"
 #include "ssl.h"
 
 extern "C" {
 #include "nr_api.h"
 #include "nr_socket.h"
 #include "nr_socket_buffered_stun.h"
 #include "transport_addr.h"
 #include "stun.h"
--- a/media/mtransport/test/ice_unittest.cpp
+++ b/media/mtransport/test/ice_unittest.cpp
@@ -12,18 +12,16 @@
 #include <limits>
 #include <map>
 #include <string>
 #include <vector>
 
 #include "sigslot.h"
 
 #include "logging.h"
-#include "nspr.h"
-#include "nss.h"
 #include "ssl.h"
 
 #include "mozilla/Preferences.h"
 #include "nsThreadUtils.h"
 #include "nsXPCOM.h"
 
 #include "nricectxhandler.h"
 #include "nricemediastream.h"
--- a/media/mtransport/test/proxy_tunnel_socket_unittest.cpp
+++ b/media/mtransport/test/proxy_tunnel_socket_unittest.cpp
@@ -3,20 +3,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // Original authors: ekr@rtfm.com; ryan@tokbox.com
 
 #include <iostream>
 
-#include "nspr.h"
-#include "nss.h"
-#include "ssl.h"
-
 extern "C" {
 #include "nr_api.h"
 #include "nr_socket.h"
 #include "nr_proxy_tunnel.h"
 #include "transport_addr.h"
 #include "stun.h"
 }
 
--- a/media/mtransport/test/test_nr_socket_ice_unittest.cpp
+++ b/media/mtransport/test/test_nr_socket_ice_unittest.cpp
@@ -36,18 +36,16 @@ LIMITED TO, PROCUREMENT OF SUBSTITUTE GO
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
 #include "gtest/gtest.h"
 #include "gtest_utils.h"
-#include "nss.h"
-#include "ssl.h"
 
 extern "C" {
 #include "stun_msg.h"
 #include "ice_ctx.h"
 #include "ice_peer_ctx.h"
 #include "nICEr/src/net/transport_addr.h"
 }
 
--- a/media/mtransport/test/transport_unittests.cpp
+++ b/media/mtransport/test/transport_unittests.cpp
@@ -12,18 +12,16 @@
 #include <algorithm>
 #include <functional>
 
 #include "mozilla/UniquePtr.h"
 
 #include "sigslot.h"
 
 #include "logging.h"
-#include "nspr.h"
-#include "nss.h"
 #include "ssl.h"
 #include "sslexp.h"
 #include "sslproto.h"
 
 #include "nsThreadUtils.h"
 #include "nsXPCOM.h"
 
 #include "mediapacket.h"
@@ -534,18 +532,18 @@ class TransportTestPeer : public sigslot
 
       mask <<= 1;
     }
   }
 
   void SetupSrtp() {
     // this mimics the setup we do elsewhere
     std::vector<uint16_t> srtp_ciphers;
-    srtp_ciphers.push_back(SRTP_AES128_CM_HMAC_SHA1_80);
-    srtp_ciphers.push_back(SRTP_AES128_CM_HMAC_SHA1_32);
+    srtp_ciphers.push_back(kDtlsSrtpAes128CmHmacSha1_80);
+    srtp_ciphers.push_back(kDtlsSrtpAes128CmHmacSha1_32);
 
     SetSrtpCiphers(srtp_ciphers);
  }
 
   void SetSrtpCiphers(std::vector<uint16_t>& srtp_ciphers) {
     ASSERT_TRUE(NS_SUCCEEDED(dtls_->SetSrtpCiphers(srtp_ciphers)));
   }
 
@@ -1014,17 +1012,17 @@ TEST_F(TransportTest, TestConnectSrtp) {
   SetupSrtp();
   SetDtlsPeer();
   DisableChaCha(p2_);
   ConnectSocket();
 
   ASSERT_EQ(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, p1_->cipherSuite());
 
   // SRTP is on
-  ASSERT_EQ(SRTP_AES128_CM_HMAC_SHA1_80, p1_->srtpCipher());
+  ASSERT_EQ(kDtlsSrtpAes128CmHmacSha1_80, p1_->srtpCipher());
 }
 
 
 TEST_F(TransportTest, TestConnectDestroyFlowsMainThread) {
   SetDtlsPeer();
   ConnectSocket();
   DestroyPeerFlows();
 }
@@ -1293,19 +1291,19 @@ TEST_F(TransportTest, TestCipherMandator
   SetDtlsPeer();
   ConfigureOneCipher(p1_, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
   ConnectSocket();
   ASSERT_EQ(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, p1_->cipherSuite());
 }
 
 TEST_F(TransportTest, TestSrtpMismatch) {
   std::vector<uint16_t> setA;
-  setA.push_back(SRTP_AES128_CM_HMAC_SHA1_80);
+  setA.push_back(kDtlsSrtpAes128CmHmacSha1_80);
   std::vector<uint16_t> setB;
-  setB.push_back(SRTP_AES128_CM_HMAC_SHA1_32);
+  setB.push_back(kDtlsSrtpAes128CmHmacSha1_32);
 
   p1_->SetSrtpCiphers(setA);
   p2_->SetSrtpCiphers(setB);
   SetDtlsPeer();
   ConnectSocketExpectFail();
 
   ASSERT_EQ(0, p1_->srtpCipher());
   ASSERT_EQ(0, p2_->srtpCipher());
--- a/media/mtransport/test/turn_unittest.cpp
+++ b/media/mtransport/test/turn_unittest.cpp
@@ -40,19 +40,16 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 */
 
 #include <stdlib.h>
 #include <iostream>
 
 #include "sigslot.h"
 
 #include "logging.h"
-#include "nspr.h"
-#include "nss.h"
-#include "ssl.h"
 
 #include "nsThreadUtils.h"
 #include "nsXPCOM.h"
 
 #include "runnable_utils.h"
 
 #define GTEST_HAS_RTTI 0
 #include "gtest/gtest.h"
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@@ -19,17 +19,16 @@
 #include "mozilla/UniquePtr.h"
 #include "mozilla/Unused.h"
 #include "nsCOMPtr.h"
 #include "nsComponentManagerUtils.h"
 #include "nsComponentManagerUtils.h"
 #include "nsIEventTarget.h"
 #include "nsNetCID.h"
 #include "nsServiceManagerUtils.h"
-#include "sslerr.h"
 #include "sslexp.h"
 #include "sslproto.h"
 #include "transportflow.h"
 
 
 namespace mozilla {
 
 MOZ_MTLOG_MODULE("mtransport")
--- a/media/mtransport/transportlayerdtls.h
+++ b/media/mtransport/transportlayerdtls.h
@@ -23,16 +23,23 @@
 #include "ScopedNSSTypes.h"
 #include "m_cpp_utils.h"
 #include "dtlsidentity.h"
 #include "transportlayer.h"
 #include "ssl.h"
 
 namespace mozilla {
 
+// RFC 5764 (we don't support the NULL cipher)
+static const uint16_t kDtlsSrtpAes128CmHmacSha1_80 = 0x0001;
+static const uint16_t kDtlsSrtpAes128CmHmacSha1_32 = 0x0002;
+// RFC 7714
+static const uint16_t kDtlsSrtpAeadAes128Gcm =       0x0007;
+static const uint16_t kDtlsSrtpAeadAes256Gcm =       0x0008;
+
 struct Packet;
 
 class TransportLayerNSPRAdapter {
  public:
   explicit TransportLayerNSPRAdapter(TransportLayer *output) :
   output_(output),
   input_(),
   enabled_(true) {}
--- a/media/webrtc/signaling/gtest/mediapipeline_unittest.cpp
+++ b/media/webrtc/signaling/gtest/mediapipeline_unittest.cpp
@@ -3,18 +3,16 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // Original author: ekr@rtfm.com
 
 #include <iostream>
 
 #include "logging.h"
 #include "nss.h"
-#include "ssl.h"
-#include "sslproto.h"
 
 #include "AudioSegment.h"
 #include "AudioStreamTrack.h"
 #include "DOMMediaStream.h"
 #include "mozilla/Mutex.h"
 #include "mozilla/RefPtr.h"
 #include "MediaPipeline.h"
 #include "MediaPipelineFilter.h"
@@ -180,17 +178,17 @@ class TransportInfo {
   }
 
   void Init(bool client) {
     UniquePtr<TransportLayerLoopback> loopback(new TransportLayerLoopback);
     UniquePtr<TransportLayerDtls> dtls(new TransportLayerDtls);
     UniquePtr<TransportLayerSrtp> srtp(new TransportLayerSrtp(*dtls));
 
     std::vector<uint16_t> ciphers;
-    ciphers.push_back(SRTP_AES128_CM_HMAC_SHA1_80);
+    ciphers.push_back(kDtlsSrtpAes128CmHmacSha1_80);
     dtls->SetSrtpCiphers(ciphers);
     dtls->SetIdentity(DtlsIdentity::Generate());
     dtls->SetRole(client ? TransportLayerDtls::CLIENT :
       TransportLayerDtls::SERVER);
     dtls->SetVerificationAllowAll();
 
     ASSERT_EQ(NS_OK, loopback->Init());
     ASSERT_EQ(NS_OK, dtls->Init());
--- a/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp
+++ b/media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp
@@ -620,18 +620,18 @@ PeerConnectionMedia::UpdateTransportFlow
                                      fingerprint.fingerprint.size());
     if (NS_FAILED(rv)) {
       CSFLogError(LOGTAG, "Could not set fingerprint");
       return rv;
     }
   }
 
   std::vector<uint16_t> srtpCiphers;
-  srtpCiphers.push_back(SRTP_AES128_CM_HMAC_SHA1_80);
-  srtpCiphers.push_back(SRTP_AES128_CM_HMAC_SHA1_32);
+  srtpCiphers.push_back(kDtlsSrtpAes128CmHmacSha1_80);
+  srtpCiphers.push_back(kDtlsSrtpAes128CmHmacSha1_32);
 
   rv = dtls->SetSrtpCiphers(srtpCiphers);
   if (NS_FAILED(rv)) {
     CSFLogError(LOGTAG, "Couldn't set SRTP ciphers");
     return rv;
   }
 
   // Always permits negotiation of the confidential mode.