Adds new CryptoOption crypto_options.frame.require_frame_encryption.
This change adds a new subcategory to the public native webrtc::CryptoOptions
structure: webrtc::CryptoOptions::Frame.
This new structure has a single off by default property:
crypto_options.frame.require_frame_encryption.
This new flag if set prevents RtpSenders from sending outgoing payloads unless
a frame_encryptor_ is attached and prevents RtpReceivers from receiving
incoming payloads unless a frame_decryptor_ is attached.
This option is important to enforce no unencrypted data can ever leave the
device or be received.
I have also attached bindings for Java and Objective-C.
I have implemented this functionality for E2EE audio but not E2EE video
since the changes are still in review.
Bug: webrtc:9681
Change-Id: Ie184711190e0cdf5ac781f69e9489ceec904736f
Reviewed-on: https://webrtc-review.googlesource.com/c/105540
Reviewed-by: Niels Moller <nisse@webrtc.org>
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Oskar Sundbom <ossu@webrtc.org>
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25238}
diff --git a/audio/channel_send.cc b/audio/channel_send.cc
index 8639fbd..bdabe8f 100644
--- a/audio/channel_send.cc
+++ b/audio/channel_send.cc
@@ -289,6 +289,10 @@
// Rewrite the payloadData and size to the new encrypted payload.
payloadData = encrypted_audio_payload.data();
payloadSize = encrypted_audio_payload.size();
+ } else if (crypto_options_.sframe.require_frame_encryption) {
+ RTC_DLOG(LS_ERROR) << "Channel::SendData() failed sending audio payload: "
+ << "A frame encryptor is required but one is not set.";
+ return -1;
}
// Push data from ACM to RTP/RTCP-module to deliver audio frame for
@@ -354,7 +358,8 @@
ProcessThread* module_process_thread,
RtcpRttStats* rtcp_rtt_stats,
RtcEventLog* rtc_event_log,
- FrameEncryptorInterface* frame_encryptor)
+ FrameEncryptorInterface* frame_encryptor,
+ const webrtc::CryptoOptions& crypto_options)
: event_log_(rtc_event_log),
_timeStamp(0), // This is just an offset, RTP module will add it's own
// random offset
@@ -375,7 +380,8 @@
use_twcc_plr_for_ana_(
webrtc::field_trial::FindFullName("UseTwccPlrForAna") == "Enabled"),
encoder_queue_(encoder_queue),
- frame_encryptor_(frame_encryptor) {
+ frame_encryptor_(frame_encryptor),
+ crypto_options_(crypto_options) {
RTC_DCHECK(module_process_thread);
RTC_DCHECK(encoder_queue);
audio_coding_.reset(AudioCodingModule::Create(AudioCodingModule::Config()));