1 /*
2  *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #ifndef API_CRYPTO_CRYPTO_OPTIONS_H_
12 #define API_CRYPTO_CRYPTO_OPTIONS_H_
13 
14 #include <vector>
15 
16 #include "rtc_base/system/rtc_export.h"
17 
18 namespace webrtc {
19 
20 // CryptoOptions defines advanced cryptographic settings for native WebRTC.
21 // These settings must be passed into PeerConnectionFactoryInterface::Options
22 // and are only applicable to native use cases of WebRTC.
23 struct RTC_EXPORT CryptoOptions {
24   CryptoOptions();
25   CryptoOptions(const CryptoOptions& other);
26   ~CryptoOptions();
27 
28   // Helper method to return an instance of the CryptoOptions with GCM crypto
29   // suites disabled. This method should be used instead of depending on current
30   // default values set by the constructor.
31   static CryptoOptions NoGcm();
32 
33   // Returns a list of the supported DTLS-SRTP Crypto suites based on this set
34   // of crypto options.
35   std::vector<int> GetSupportedDtlsSrtpCryptoSuites() const;
36 
37   bool operator==(const CryptoOptions& other) const;
38   bool operator!=(const CryptoOptions& other) const;
39 
40   // SRTP Related Peer Connection options.
41   struct Srtp {
42     // Enable GCM crypto suites from RFC 7714 for SRTP. GCM will only be used
43     // if both sides enable it.
44     bool enable_gcm_crypto_suites = false;
45 
46     // If set to true, the (potentially insecure) crypto cipher
47     // SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
48     // during negotiation. It will only be used if both peers support it and no
49     // other ciphers get preferred.
50     bool enable_aes128_sha1_32_crypto_cipher = false;
51 
52     // The most commonly used cipher. Can be disabled, mostly for testing
53     // purposes.
54     bool enable_aes128_sha1_80_crypto_cipher = true;
55 
56     // If set to true, encrypted RTP header extensions as defined in RFC 6904
57     // will be negotiated. They will only be used if both peers support them.
58     bool enable_encrypted_rtp_header_extensions = false;
59   } srtp;
60 
61   // Options to be used when the FrameEncryptor / FrameDecryptor APIs are used.
62   struct SFrame {
63     // If set all RtpSenders must have an FrameEncryptor attached to them before
64     // they are allowed to send packets. All RtpReceivers must have a
65     // FrameDecryptor attached to them before they are able to receive packets.
66     bool require_frame_encryption = false;
67   } sframe;
68 };
69 
70 }  // namespace webrtc
71 
72 #endif  // API_CRYPTO_CRYPTO_OPTIONS_H_
73