1 /*
2  *  Copyright 2016 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #ifndef P2P_BASE_DTLS_TRANSPORT_INTERNAL_H_
12 #define P2P_BASE_DTLS_TRANSPORT_INTERNAL_H_
13 
14 #include <stddef.h>
15 #include <stdint.h>
16 
17 #include <memory>
18 #include <string>
19 
20 #include "api/crypto/crypto_options.h"
21 #include "api/dtls_transport_interface.h"
22 #include "api/scoped_refptr.h"
23 #include "p2p/base/ice_transport_internal.h"
24 #include "p2p/base/packet_transport_internal.h"
25 #include "rtc_base/constructor_magic.h"
26 #include "rtc_base/ssl_certificate.h"
27 #include "rtc_base/ssl_fingerprint.h"
28 #include "rtc_base/ssl_stream_adapter.h"
29 #include "rtc_base/third_party/sigslot/sigslot.h"
30 
31 namespace cricket {
32 
33 enum DtlsTransportState {
34   // Haven't started negotiating.
35   DTLS_TRANSPORT_NEW = 0,
36   // Have started negotiating.
37   DTLS_TRANSPORT_CONNECTING,
38   // Negotiated, and has a secure connection.
39   DTLS_TRANSPORT_CONNECTED,
40   // Transport is closed.
41   DTLS_TRANSPORT_CLOSED,
42   // Failed due to some error in the handshake process.
43   DTLS_TRANSPORT_FAILED,
44 };
45 
46 webrtc::DtlsTransportState ConvertDtlsTransportState(
47     cricket::DtlsTransportState cricket_state);
48 
49 enum PacketFlags {
50   PF_NORMAL = 0x00,       // A normal packet.
51   PF_SRTP_BYPASS = 0x01,  // An encrypted SRTP packet; bypass any additional
52                           // crypto provided by the transport (e.g. DTLS)
53 };
54 
55 // DtlsTransportInternal is an internal interface that does DTLS, also
56 // negotiating SRTP crypto suites so that it may be used for DTLS-SRTP.
57 //
58 // Once the public interface is supported,
59 // (https://www.w3.org/TR/webrtc/#rtcdtlstransport-interface)
60 // the DtlsTransportInterface will be split from this class.
61 class DtlsTransportInternal : public rtc::PacketTransportInternal {
62  public:
63   ~DtlsTransportInternal() override;
64 
65   virtual const webrtc::CryptoOptions& crypto_options() const = 0;
66 
67   virtual DtlsTransportState dtls_state() const = 0;
68 
69   virtual int component() const = 0;
70 
71   virtual bool IsDtlsActive() const = 0;
72 
73   virtual bool GetDtlsRole(rtc::SSLRole* role) const = 0;
74 
75   virtual bool SetDtlsRole(rtc::SSLRole role) = 0;
76 
77   // Finds out which TLS/DTLS version is running.
78   virtual bool GetSslVersionBytes(int* version) const = 0;
79   // Finds out which DTLS-SRTP cipher was negotiated.
80   // TODO(zhihuang): Remove this once all dependencies implement this.
81   virtual bool GetSrtpCryptoSuite(int* cipher) = 0;
82 
83   // Finds out which DTLS cipher was negotiated.
84   // TODO(zhihuang): Remove this once all dependencies implement this.
85   virtual bool GetSslCipherSuite(int* cipher) = 0;
86 
87   // Gets the local RTCCertificate used for DTLS.
88   virtual rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate()
89       const = 0;
90 
91   virtual bool SetLocalCertificate(
92       const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) = 0;
93 
94   // Gets a copy of the remote side's SSL certificate chain.
95   virtual std::unique_ptr<rtc::SSLCertChain> GetRemoteSSLCertChain() const = 0;
96 
97   // Allows key material to be extracted for external encryption.
98   virtual bool ExportKeyingMaterial(const std::string& label,
99                                     const uint8_t* context,
100                                     size_t context_len,
101                                     bool use_context,
102                                     uint8_t* result,
103                                     size_t result_len) = 0;
104 
105   // Set DTLS remote fingerprint. Must be after local identity set.
106   virtual bool SetRemoteFingerprint(const std::string& digest_alg,
107                                     const uint8_t* digest,
108                                     size_t digest_len) = 0;
109 
110   virtual bool SetSslMaxProtocolVersion(rtc::SSLProtocolVersion version) = 0;
111 
112   // Expose the underneath IceTransport.
113   virtual IceTransportInternal* ice_transport() = 0;
114 
115   sigslot::signal2<DtlsTransportInternal*, DtlsTransportState> SignalDtlsState;
116 
117   // Emitted whenever the Dtls handshake failed on some transport channel.
118   sigslot::signal1<rtc::SSLHandshakeError> SignalDtlsHandshakeError;
119 
120  protected:
121   DtlsTransportInternal();
122 
123  private:
124   RTC_DISALLOW_COPY_AND_ASSIGN(DtlsTransportInternal);
125 };
126 
127 }  // namespace cricket
128 
129 #endif  // P2P_BASE_DTLS_TRANSPORT_INTERNAL_H_
130