3 * Copyright 2011, Google Inc.
4 * Copyright 2011, RTFM, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * 1. Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
20 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
22 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
23 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
24 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
26 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 #ifndef WEBRTC_P2P_BASE_DTLSTRANSPORTCHANNEL_H_
30 #define WEBRTC_P2P_BASE_DTLSTRANSPORTCHANNEL_H_
35 #include "webrtc/p2p/base/transportchannelimpl.h"
36 #include "webrtc/base/buffer.h"
37 #include "webrtc/base/scoped_ptr.h"
38 #include "webrtc/base/sslstreamadapter.h"
39 #include "webrtc/base/stream.h"
43 // A bridge between a packet-oriented/channel-type interface on
44 // the bottom and a StreamInterface on the top.
45 class StreamInterfaceChannel : public rtc::StreamInterface,
46 public sigslot::has_slots<> {
48 StreamInterfaceChannel(rtc::Thread* owner, TransportChannel* channel)
51 fifo_(kFifoSize, owner) {
52 fifo_.SignalEvent.connect(this, &StreamInterfaceChannel::OnEvent);
55 // Push in a packet; this gets pulled out from Read().
56 bool OnPacketReceived(const char* data, size_t size);
58 // Implementations of StreamInterface
59 virtual rtc::StreamState GetState() const { return state_; }
60 virtual void Close() { state_ = rtc::SS_CLOSED; }
61 virtual rtc::StreamResult Read(void* buffer, size_t buffer_len,
62 size_t* read, int* error);
63 virtual rtc::StreamResult Write(const void* data, size_t data_len,
64 size_t* written, int* error);
67 static const size_t kFifoSize = 8192;
70 virtual void OnEvent(rtc::StreamInterface* stream, int sig, int err);
72 TransportChannel* channel_; // owned by DtlsTransportChannelWrapper
73 rtc::StreamState state_;
74 rtc::FifoBuffer fifo_;
76 DISALLOW_COPY_AND_ASSIGN(StreamInterfaceChannel);
80 // This class provides a DTLS SSLStreamAdapter inside a TransportChannel-style
81 // packet-based interface, wrapping an existing TransportChannel instance
82 // (e.g a P2PTransportChannel)
83 // Here's the way this works:
85 // DtlsTransportChannelWrapper {
86 // SSLStreamAdapter* dtls_ {
87 // StreamInterfaceChannel downward_ {
88 // TransportChannelImpl* channel_;
93 // - Data which comes into DtlsTransportChannelWrapper from the underlying
94 // channel_ via OnReadPacket() is checked for whether it is DTLS
95 // or not, and if it is, is passed to DtlsTransportChannelWrapper::
96 // HandleDtlsPacket, which pushes it into to downward_.
97 // dtls_ is listening for events on downward_, so it immediately calls
100 // - Data written to DtlsTransportChannelWrapper is passed either to
101 // downward_ or directly to channel_, depending on whether DTLS is
102 // negotiated and whether the flags include PF_SRTP_BYPASS
104 // - The SSLStreamAdapter writes to downward_->Write()
105 // which translates it into packet writes on channel_.
106 class DtlsTransportChannelWrapper : public TransportChannelImpl {
109 STATE_NONE, // No state or rejected.
110 STATE_OFFERED, // Our identity has been set.
111 STATE_ACCEPTED, // The other side sent a fingerprint.
112 STATE_STARTED, // We are negotiating.
113 STATE_OPEN, // Negotiation complete.
114 STATE_CLOSED // Connection closed.
117 // The parameters here are:
118 // transport -- the DtlsTransport that created us
119 // channel -- the TransportChannel we are wrapping
120 DtlsTransportChannelWrapper(Transport* transport,
121 TransportChannelImpl* channel);
122 virtual ~DtlsTransportChannelWrapper();
124 virtual void SetIceRole(IceRole role) {
125 channel_->SetIceRole(role);
127 virtual IceRole GetIceRole() const {
128 return channel_->GetIceRole();
130 virtual size_t GetConnectionCount() const {
131 return channel_->GetConnectionCount();
133 virtual bool SetLocalIdentity(rtc::SSLIdentity *identity);
134 virtual bool GetLocalIdentity(rtc::SSLIdentity** identity) const;
136 virtual bool SetRemoteFingerprint(const std::string& digest_alg,
139 virtual bool IsDtlsActive() const { return dtls_state_ != STATE_NONE; }
141 // Called to send a packet (via DTLS, if turned on).
142 virtual int SendPacket(const char* data, size_t size,
143 const rtc::PacketOptions& options,
146 // TransportChannel calls that we forward to the wrapped transport.
147 virtual int SetOption(rtc::Socket::Option opt, int value) {
148 return channel_->SetOption(opt, value);
150 virtual int GetError() {
151 return channel_->GetError();
153 virtual bool GetStats(ConnectionInfos* infos) {
154 return channel_->GetStats(infos);
156 virtual const std::string SessionId() const {
157 return channel_->SessionId();
160 // Set up the ciphers to use for DTLS-SRTP. If this method is not called
161 // before DTLS starts, or |ciphers| is empty, SRTP keys won't be negotiated.
162 // This method should be called before SetupDtls.
163 virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers);
165 // Find out which DTLS-SRTP cipher was negotiated
166 virtual bool GetSrtpCipher(std::string* cipher);
168 virtual bool GetSslRole(rtc::SSLRole* role) const;
169 virtual bool SetSslRole(rtc::SSLRole role);
171 // Once DTLS has been established, this method retrieves the certificate in
172 // use by the remote peer, for use in external identity verification.
173 virtual bool GetRemoteCertificate(rtc::SSLCertificate** cert) const;
175 // Once DTLS has established (i.e., this channel is writable), this method
176 // extracts the keys negotiated during the DTLS handshake, for use in external
177 // encryption. DTLS-SRTP uses this to extract the needed SRTP keys.
178 // See the SSLStreamAdapter documentation for info on the specific parameters.
179 virtual bool ExportKeyingMaterial(const std::string& label,
180 const uint8* context,
185 return (dtls_.get()) ? dtls_->ExportKeyingMaterial(label, context,
192 // TransportChannelImpl calls.
193 virtual Transport* GetTransport() {
196 virtual void SetIceTiebreaker(uint64 tiebreaker) {
197 channel_->SetIceTiebreaker(tiebreaker);
199 virtual bool GetIceProtocolType(IceProtocolType* type) const {
200 return channel_->GetIceProtocolType(type);
202 virtual void SetIceProtocolType(IceProtocolType type) {
203 channel_->SetIceProtocolType(type);
205 virtual void SetIceCredentials(const std::string& ice_ufrag,
206 const std::string& ice_pwd) {
207 channel_->SetIceCredentials(ice_ufrag, ice_pwd);
209 virtual void SetRemoteIceCredentials(const std::string& ice_ufrag,
210 const std::string& ice_pwd) {
211 channel_->SetRemoteIceCredentials(ice_ufrag, ice_pwd);
213 virtual void SetRemoteIceMode(IceMode mode) {
214 channel_->SetRemoteIceMode(mode);
217 virtual void Connect();
218 virtual void Reset();
220 virtual void OnSignalingReady() {
221 channel_->OnSignalingReady();
223 virtual void OnCandidate(const Candidate& candidate) {
224 channel_->OnCandidate(candidate);
227 // Needed by DtlsTransport.
228 TransportChannelImpl* channel() { return channel_; }
231 void OnReadableState(TransportChannel* channel);
232 void OnWritableState(TransportChannel* channel);
233 void OnReadPacket(TransportChannel* channel, const char* data, size_t size,
234 const rtc::PacketTime& packet_time, int flags);
235 void OnReadyToSend(TransportChannel* channel);
236 void OnDtlsEvent(rtc::StreamInterface* stream_, int sig, int err);
238 bool MaybeStartDtls();
239 bool HandleDtlsPacket(const char* data, size_t size);
240 void OnRequestSignaling(TransportChannelImpl* channel);
241 void OnCandidateReady(TransportChannelImpl* channel, const Candidate& c);
242 void OnCandidatesAllocationDone(TransportChannelImpl* channel);
243 void OnRoleConflict(TransportChannelImpl* channel);
244 void OnRouteChange(TransportChannel* channel, const Candidate& candidate);
245 void OnConnectionRemoved(TransportChannelImpl* channel);
247 Transport* transport_; // The transport_ that created us.
248 rtc::Thread* worker_thread_; // Everything should occur on this thread.
249 TransportChannelImpl* channel_; // Underlying channel, owned by transport_.
250 rtc::scoped_ptr<rtc::SSLStreamAdapter> dtls_; // The DTLS stream
251 StreamInterfaceChannel* downward_; // Wrapper for channel_, owned by dtls_.
252 std::vector<std::string> srtp_ciphers_; // SRTP ciphers to use with DTLS.
254 rtc::SSLIdentity* local_identity_;
255 rtc::SSLRole ssl_role_;
256 rtc::Buffer remote_fingerprint_value_;
257 std::string remote_fingerprint_algorithm_;
259 DISALLOW_COPY_AND_ASSIGN(DtlsTransportChannelWrapper);
262 } // namespace cricket
264 #endif // WEBRTC_P2P_BASE_DTLSTRANSPORTCHANNEL_H_