tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

crypto_options.h (4314B)

      1 /*
      2 *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
      3 *
      4 *  Use of this source code is governed by a BSD-style license
      5 *  that can be found in the LICENSE file in the root of the source
      6 *  tree. An additional intellectual property rights grant can be found
      7 *  in the file PATENTS.  All contributing project authors may
      8 *  be found in the AUTHORS file in the root of the source tree.
      9 */
     10 
     11 #ifndef API_CRYPTO_CRYPTO_OPTIONS_H_
     12 #define API_CRYPTO_CRYPTO_OPTIONS_H_
     13 
     14 #include <cstdint>
     15 #include <optional>
     16 #include <set>
     17 #include <string>
     18 #include <vector>
     19 
     20 #include "api/field_trials_view.h"
     21 #include "rtc_base/system/rtc_export.h"
     22 
     23 namespace webrtc {
     24 
     25 // CryptoOptions defines advanced cryptographic settings for native WebRTC.
     26 // These settings must be passed into PeerConnectionFactoryInterface::Options
     27 // and are only applicable to native use cases of WebRTC.
     28 struct RTC_EXPORT CryptoOptions {
     29  CryptoOptions();
     30 
     31  // Helper method to return an instance of the CryptoOptions with GCM crypto
     32  // suites disabled. This method should be used instead of depending on current
     33  // default values set by the constructor.
     34  static CryptoOptions NoGcm();
     35 
     36  // Returns a list of the supported DTLS-SRTP Crypto suites based on this set
     37  // of crypto options.
     38  std::vector<int> GetSupportedDtlsSrtpCryptoSuites() const;
     39 
     40  bool operator==(const CryptoOptions& other) const;
     41  bool operator!=(const CryptoOptions& other) const;
     42 
     43  // SRTP Related Peer Connection options.
     44  struct Srtp {
     45    // Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
     46    // if both sides enable it.
     47    bool enable_gcm_crypto_suites = true;
     48 
     49    // If set to true, the (potentially insecure) crypto cipher
     50    // kSrtpAes128CmSha1_32 will be included in the list of supported ciphers
     51    // during negotiation. It will only be used if both peers support it and no
     52    // other ciphers get preferred.
     53    bool enable_aes128_sha1_32_crypto_cipher = false;
     54 
     55    // The most commonly used cipher. Can be disabled, mostly for testing
     56    // purposes.
     57    bool enable_aes128_sha1_80_crypto_cipher = true;
     58 
     59    // This feature enables encrypting RTP header extensions using RFC 6904, if
     60    // requested. For this to work the Chromium field trial
     61    // `kWebRtcEncryptedRtpHeaderExtensions` must be enabled.
     62    bool enable_encrypted_rtp_header_extensions = true;
     63  } srtp;
     64 
     65  // Options to be used when the FrameEncryptor / FrameDecryptor APIs are used.
     66  struct SFrame {
     67    // If set all RtpSenders must have an FrameEncryptor attached to them before
     68    // they are allowed to send packets. All RtpReceivers must have a
     69    // FrameDecryptor attached to them before they are able to receive packets.
     70    bool require_frame_encryption = false;
     71  } sframe;
     72 
     73  // Cipher groups used by DTLS when establishing an ephemeral key during
     74  // handshake.
     75  class RTC_EXPORT EphemeralKeyExchangeCipherGroups {
     76   public:
     77    // Which cipher groups are supported by this binary,
     78    // - ssl.h: SSL_GROUP_{}
     79    // - https://www.rfc-editor.org/rfc/rfc8422#section-5.1.1
     80    // - https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem
     81    static constexpr uint16_t kSECP224R1 = 21;
     82    static constexpr uint16_t kSECP256R1 = 23;
     83    static constexpr uint16_t kSECP384R1 = 24;
     84    static constexpr uint16_t kSECP521R1 = 25;
     85    static constexpr uint16_t kX25519 = 29;
     86    static constexpr uint16_t kX25519_MLKEM768 = 0x11ec;
     87 
     88    static std::set<uint16_t> GetSupported();
     89    static std::optional<std::string> GetName(uint16_t group_id);
     90 
     91    EphemeralKeyExchangeCipherGroups();
     92 
     93    // Which cipher groups are enabled in this crypto options.
     94    std::vector<uint16_t> GetEnabled() const { return enabled_; }
     95    void SetEnabled(const std::vector<uint16_t>& groups) { enabled_ = groups; }
     96    void AddFirst(uint16_t group);
     97 
     98    // Update list of enabled groups based on field_trials,
     99    // optionally providing list of groups that should NOT be added.
    100    void Update(const FieldTrialsView* field_trials,
    101                const std::vector<uint16_t>* disabled_groups = nullptr);
    102 
    103    bool operator==(const EphemeralKeyExchangeCipherGroups& other) const;
    104 
    105   private:
    106    std::vector<uint16_t> enabled_;
    107  } ephemeral_key_exchange_cipher_groups;
    108 };
    109 
    110 }  // namespace webrtc
    111 
    112 #endif  // API_CRYPTO_CRYPTO_OPTIONS_H_