Change WebRTC SslCipher to be exposed as number only.

webrtc/base/opensslstreamadapter.cc

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 15 matching lines @@
 #include <vector>
 
 #include "webrtc/base/common.h"
 #include "webrtc/base/logging.h"
 #include "webrtc/base/safe_conversions.h"
 #include "webrtc/base/stream.h"
 #include "webrtc/base/openssl.h"
 #include "webrtc/base/openssladapter.h"
 #include "webrtc/base/openssldigest.h"
 #include "webrtc/base/opensslidentity.h"
+#include "webrtc/base/sslstrings.h"
 #include "webrtc/base/stringutils.h"
 #include "webrtc/base/thread.h"
 
 namespace rtc {
 
 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
 #define HAVE_DTLS_SRTP
 #endif
 
 #ifdef HAVE_DTLS_SRTP
 // SRTP cipher suite table
 struct SrtpCipherMapEntry {
   const char* external_name;
   const char* internal_name;
 };
 
 // This isn't elegant, but it's better than an external reference
 static SrtpCipherMapEntry SrtpCipherMap[] = {
-  {"AES_CM_128_HMAC_SHA1_80", "SRTP_AES128_CM_SHA1_80"},
-  {"AES_CM_128_HMAC_SHA1_32", "SRTP_AES128_CM_SHA1_32"},
-  {NULL, NULL}
-};
+    {AES_CM_128_HMAC_SHA1_80_NAME, "SRTP_AES128_CM_SHA1_80"},
+    {AES_CM_128_HMAC_SHA1_32_NAME, "SRTP_AES128_CM_SHA1_32"},
+    {NULL, NULL}};
 #endif
 
 #ifndef OPENSSL_IS_BORINGSSL
+
 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.
 struct SslCipherMapEntry {
   uint32_t openssl_id;
   const char* rfc_name;
 };
 
 #define DEFINE_CIPHER_ENTRY_SSL3(name)  {SSL3_CK_##name, "TLS_"#name}
 #define DEFINE_CIPHER_ENTRY_TLS1(name)  {TLS1_CK_##name, "TLS_"#name}
 
 // There currently is no method available to get a RFC-compliant name for a
@@ skipping 61 matching lines @@
   // ECDH GCM based ciphersuites from RFC5289.
   DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
   DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),
   DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
   DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384),
 
   {0, NULL}
 };
 #endif  // #ifndef OPENSSL_IS_BORINGSSL
 
+#if SSL_USE_SCHANNEL
+// This is only added to allow GetDefaultSslCipherForTest compile on Windows
+// platform. Should never be used.
+static const SslCipher kNullSslCipher = {0, ""};

[juberti, 2015/09/24 21:37:32]

Null cipher is a thing, and so this is confusing. You want something like
kInvalidSslCipher.

[guoweis_webrtc, 2015/09/25 18:30:32]

Done.

+#endif
+
 // Default cipher used between OpenSSL/BoringSSL stream adapters.
 // This needs to be updated when the default of the SSL library changes.
-static const char kDefaultSslCipher10[] =
-    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
-static const char kDefaultSslEcCipher10[] =
-    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
+static const SslCipher kDefaultSslCipher10 = {

[Ryan Sleevi, 2015/09/24 21:09:58]

Each of these is a static initializer, which is forbidden

http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#Static_and_Gl...

[guoweis_webrtc, 2015/09/25 18:30:32]

Done.

+    0xC014,
+    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"};
+static const SslCipher kDefaultSslEcCipher10 = {
+    0xC00A,
+    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"};
 
 #ifdef OPENSSL_IS_BORINGSSL
-static const char kDefaultSslCipher12[] =
-    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
-static const char kDefaultSslEcCipher12[] =
-    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+static const SslCipher kDefaultSslCipher12 = {
+    0xC02F,
+    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"};
+static const SslCipher kDefaultSslEcCipher12 = {
+    0xC02B,
+    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"};
 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable.
-static const char kDefaultSslCipher12NoAesGcm[] =
-    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
-static const char kDefaultSslEcCipher12NoAesGcm[] =
-    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
+static const SslCipher kDefaultSslCipher12NoAesGcm = {
+    0xCC13,
+    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"};
+static const SslCipher kDefaultSslEcCipher12NoAesGcm = {
+    0xCC14,
+    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"};
 #else  // !OPENSSL_IS_BORINGSSL
 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't
 // change between TLS 1.0 and TLS 1.2 with the current setup.
-static const char kDefaultSslCipher12[] =
-    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
-static const char kDefaultSslEcCipher12[] =
-    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
+static const SslCipher kDefaultSslCipher12 = {
+    0xC014,
+    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"};
+static const SslCipher kDefaultSslEcCipher12 = {
+    0xC00A,
+    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"};
 #endif
 
 //////////////////////////////////////////////////////////////////////
 // StreamBIO
 //////////////////////////////////////////////////////////////////////
 
 static int stream_write(BIO* h, const char* buf, int num);
 static int stream_read(BIO* h, char* buf, int size);
 static int stream_puts(BIO* h, const char* str);
 static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2);
@@ skipping 169 matching lines @@
   for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name;
        ++entry) {
     if (cipher->id == entry->openssl_id) {
       return entry->rfc_name;
     }
   }
   return NULL;
 }
 #endif
 
-bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
+bool OpenSSLStreamAdapter::GetSslCipher(SslCipher* cipher) {
   if (state_ != SSL_CONNECTED)
     return false;
 
   const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_);
   if (current_cipher == NULL) {
     return false;
   }
 
+  cipher->ssl_id = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
+
 #ifdef OPENSSL_IS_BORINGSSL
   char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher);
 #else
   const char* cipher_name = GetRfcSslCipherName(current_cipher);
 #endif
   if (cipher_name == NULL) {
     return false;
   }
 
-  *cipher = cipher_name;
+  cipher->name = cipher_name;
 #ifdef OPENSSL_IS_BORINGSSL
   OPENSSL_free(cipher_name);
 #endif
   return true;
 }
 
 // Key Extractor interface
 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
                                                 const uint8* context,
                                                 size_t context_len,
@@ skipping 734 matching lines @@
 }
 
 bool OpenSSLStreamAdapter::HaveExporter() {
 #ifdef HAVE_DTLS_SRTP
   return true;
 #else
   return false;
 #endif
 }
 
-std::string OpenSSLStreamAdapter::GetDefaultSslCipher(
+const SslCipher& OpenSSLStreamAdapter::GetDefaultSslCipherForTest(
     SSLProtocolVersion version,
     KeyType key_type) {
   if (key_type == KT_RSA) {
     switch (version) {
       case SSL_PROTOCOL_TLS_10:
       case SSL_PROTOCOL_TLS_11:
         return kDefaultSslCipher10;
       case SSL_PROTOCOL_TLS_12:
       default:
 #ifdef OPENSSL_IS_BORINGSSL
@@ skipping 17 matching lines @@
         if (EVP_has_aes_hardware()) {
           return kDefaultSslEcCipher12;
         } else {
           return kDefaultSslEcCipher12NoAesGcm;
         }
 #else  // !OPENSSL_IS_BORINGSSL
         return kDefaultSslEcCipher12;
 #endif
     }
   } else {
-    return std::string();
+    RTC_NOTREACHED();
+    return kDefaultSslEcCipher12;
   }
 }
 
 }  // namespace rtc
 
 #endif  // HAVE_OPENSSL_SSL_H