[giow] (0) Fix some minor mistakes and change the way the data UDP me…

…dia stream is encrypted to be less predictable. git-svn-id: http://svn.whatwg.org/webapps@5946 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Mar 14, 2011 · 88f5954 · 88f5954
1 parent 76d736e
commit 88f5954
Show file tree

Hide file tree

Showing 3 changed files with 176 additions and 116 deletions.
diff --git a/complete.html b/complete.html
@@ -71094,7 +71094,7 @@ <h4 id=obtaining-local-multimedia-content><span class=secno>9.1.1 </span>Obtaini
    exception here, or for /options/ below, without changing the
    algorithm) -->
 
-   <li><p><a href=#split-a-string-on-spaces title="split a string on spaces">Split <var title="">options</var> on spaces</a> to obtain <var title="">list of options</var>.</li>
+   <li><p><a href=#split-a-string-on-commas title="split a string on commas">Split <var title="">options</var> on commas</a> to obtain <var title="">list of options</var>.</li>
 
    <li><p>If one of the tokens in <var title="">list of options</var>
    is a <a href=#case-sensitive>case-sensitive</a> match for the string "<code title="">audio</code>", let <var title="">audio</var> be true.
@@ -72126,10 +72126,10 @@ <h4 id=peer-to-peer-connections><span class=secno>9.1.3 </span>Peer-to-peer conn
    <li><p>Let <var title="">data</var> be <var title="">message</var>
    encoded as UTF-8. <a href=#refsRFC3629>[RFC3629]</a></li>
 
-   <li><p>If <var title="">data</var> is longer than 65470 bytes,
+   <li><p>If <var title="">data</var> is longer than 65467 bytes,
    throw an <code><a href=#invalid_access_err>INVALID_ACCESS_ERR</a></code> exception and abort these
    steps.</li>
-   <!-- 65470 = 65535 (64K, max IP size) - 40 (IP header) - 8 (UDP header) - 16 (nonce) - 1 (payload type byte) -->
+   <!-- 65470 = 65535 (64K, max IP size) - 40 (IP header) - 8 (UDP header) - 16 (nonce) - 4 (payload type bytes) -->
 
    <li><p>If the <code><a href=#peerconnection>PeerConnection</a></code>'s
    <a href=#peerconnection-data-udp-media-stream><code>PeerConnection</code> data UDP media stream</a> is
@@ -72290,37 +72290,45 @@ <h4 id=the-data-stream><span class=secno>9.1.4 </span>The data stream</h4>
   protocols). For the purposes of masking, the <dfn id=data-udp-media-stream-salt>data UDP media
   stream salt</dfn> is defined to be the following 16 bytes, described
   here as hexadecimal numbers: DB 68 B5 FD 17 0E 15 77 56 AF 7A 3A 1A
-  57 75 02</p> <!-- obtained thusly: head -c 16 /dev/urandom |
-  hexdump -C -->
+  57 75 02</p>
+  <!-- obtained thusly: head -c 16 /dev/urandom | hexdump -C -->
 
   <p>When the user agent is to <dfn id=transmit-a-data-packet-to-a-peer>transmit a data packet to a
   peer</dfn> using a <a href=#data-udp-media-stream>data UDP media stream</a> and with a
-  byte string payload <var title="">data</var>, the user agent must
+  byte string payload <var title="">raw message</var>, the user agent must
   run the following steps:</p>
 
   <ol><li><p>Let <var title="">nonce</var> be 16 cryptographically random
    bytes.</li>
 
+   <li><p>Let <var title="">mask-key</var> be the first 16 bytes of
+   the HMAC-SHA1 of the 16 <var title="">nonce</var> bytes
+   concatenated with the 16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a>
+   bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
+   <li><p>Let <var title="">typed raw message</var> be the
+   concatenation of three 0x00 bytes, a 0x01 byte, and <var title="">raw message</var>.</li>
+
+   <li><p>Let <var title="">masked message</var> be the result of
+   encrypting <var title="">typed raw message</var> using AES-128-CTR
+   keyed with <var title="">mask-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+
+   <li><p>Let <var title="">masked message with nonce</var> be the
+   concatenation of <var title="">nonce</var> and <var title="">masked
+   message</var>.</li>
+
    <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
    encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in its
    media description, as defined above.</li>
 
-   <li><p>Let <var title="">key</var> be the first 16 bytes of the
-   HMAC-SHA1 of the 16 <var title="">nonce</var> bytes concatenated
-   with the 16 <var title="">ice-key</var> bytes concatenated with the
-   16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
-
-   <li><p>Let <var title="">message</var> be a 0x01 byte followed by
-   <var title="">data</var>.</li>
+   <li><p>Let <var title="">encrypted message</var> be the result of
+   encrypting <var title="">masked message with nonce</var> using
+   AES-128-CTR keyed with <var title="">ice-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
 
-   <li><p>Let <var title="">masked message</var> be the result of
-   encrypting <var title="">message</var> using AES-128-CTR keyed with
-   <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
-
-   <li><p>Send the concatenation of <var title="">nonce</var> and <var title="">masked message</var> in a UDP packet to the destination
-   that the relevant <a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE
-   Agent</a> has selected a destination for the <a href=#data-udp-media-stream>data UDP
-   media stream</a>.</li>
+   <li><p>Send <var title="">encrypted message</var> in a UDP packet
+   to the destination that the relevant
+   <a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE Agent</a> has selected a
+   destination for the <a href=#data-udp-media-stream>data UDP media stream</a>.</li>
 
   </ol><p>A <dfn id=remote-data-udp-media-stream>remote data UDP media stream</dfn> is the first UDP media
   stream whose sender is the remote peer, whose label attribute
@@ -72336,33 +72344,40 @@ <h4 id=the-data-stream><span class=secno>9.1.4 </span>The data stream</h4>
   <p>When a packet from a <a href=#remote-data-udp-media-stream>remote data UDP media stream</a> is
   received, the user agent must run the following steps:</p>
 
-  <ol><li><p>Let <var title="">data</var> be the UDP packet's data.</li>
-
-   <li><p>If <var title="">data</var> is shorter than 17 bytes, then
-   abort these steps.</li>
+  <ol><li><p>Let <var title="">encrypted message</var> be the UDP
+   packet's data.</li>
 
-   <li><p>Let <var title="">nonce</var> be the first 16 bytes of the
-   <var title="">data</var>.</li>
+   <li><p>If <var title="">encrypted message</var> is shorter than 20
+   bytes, then abort these steps.</li>
 
    <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
    encryption key for the <a href=#remote-data-udp-media-stream>remote data UDP media stream</a> in
    the media description for this media stream. <a href=#refsSDP>[SDP]</a></li>
 
+   <li><p>Let <var title="">masked message with nonce</var> be the
+   result of decrypting <var title="">message</var> using AES-128-CTR
+   keyed with <var title="">ice-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+
+   <li><p>Let <var title="">nonce</var> be the first 16 bytes of the
+   <var title="">masked message with nonce</var>.</li>
+
+   <li><p>Let <var title="">masked message</var> be all but the first
+   16 bytes of <var title="">masked message with nonce</var>.</li>
+
    <li><p>Let <var title="">key</var> be the first 16 bytes of the
    HMAC-SHA1 of the 16 <var title="">nonce</var> bytes concatenated
-   with the 16 <var title="">ice-key</var> bytes concatenated with the
-   16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+   with the 16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
 
-   <li><p>Let <var title="">unmasked data</var> be the result of
-   decrypting <var title="">message</var> using AES-128-CTR keyed with
-   <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+   <li><p>Let <var title="">typed raw message</var> be the result of
+   decrypting <var title="">masked message</var> using AES-128-CTR
+   keyed with <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
 
-   <li><p>If the first byte of <var title="">unmasked data</var> is
-   not 0x01, then abort these steps.</li>
+   <li><p>If the four bytes of <var title="">typed raw message</var>
+   are not 0x00, 0x00, 0x00, and 0x01 respectively, then abort these
+   steps.</li>
 
-   <li><p>Let <var title="">raw message</var> be the string consisting
-   of all but the first character of <var title="">unmasked
-   message</var>.</li>
+   <li><p>Let <var title="">raw message</var> be the byte string
+   consisting of all but the first four characters of <var title="">typed raw message</var>.</li>
 
    <li><p>Let <var title="">message</var> be <var title="">raw
    message</var> <a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error
@@ -72377,7 +72392,11 @@ <h4 id=the-data-stream><span class=secno>9.1.4 </span>The data stream</h4>
    <code><a href=#peerconnection>PeerConnection</a></code> object that the <a href=#remote-data-udp-media-stream>remote data UDP
    media stream</a> is associated with.</li>
 
-  </ol><h4 id=event-definitions-0><span class=secno>9.1.5 </span>Event definitions</h4>
+  </ol><p>The <a href=#task-source>task source</a> for this <a href=#concept-task title=concept-task>task</a> is the <a href=#networking-task-source>networking task
+  source</a>.</p>
+
+
+  <h4 id=event-definitions-0><span class=secno>9.1.5 </span>Event definitions</h4>
 
   <p>The <code title=event-stream-addstream>addstream</code> and
   <code title=event-stream-removestream>removestream</code> events

diff --git a/index b/index
@@ -71103,7 +71103,7 @@ interface <dfn id=navigatorusermediaerrorcallback>NavigatorUserMediaErrorCallbac
    exception here, or for /options/ below, without changing the
    algorithm) -->
 
-   <li><p><a href=#split-a-string-on-spaces title="split a string on spaces">Split <var title="">options</var> on spaces</a> to obtain <var title="">list of options</var>.</li>
+   <li><p><a href=#split-a-string-on-commas title="split a string on commas">Split <var title="">options</var> on commas</a> to obtain <var title="">list of options</var>.</li>
 
    <li><p>If one of the tokens in <var title="">list of options</var>
    is a <a href=#case-sensitive>case-sensitive</a> match for the string "<code title="">audio</code>", let <var title="">audio</var> be true.
@@ -72135,10 +72135,10 @@ interface <dfn id=signalingcallback>SignalingCallback</dfn> {
    <li><p>Let <var title="">data</var> be <var title="">message</var>
    encoded as UTF-8. <a href=#refsRFC3629>[RFC3629]</a></li>
 
-   <li><p>If <var title="">data</var> is longer than 65470 bytes,
+   <li><p>If <var title="">data</var> is longer than 65467 bytes,
    throw an <code><a href=#invalid_access_err>INVALID_ACCESS_ERR</a></code> exception and abort these
    steps.</li>
-   <!-- 65470 = 65535 (64K, max IP size) - 40 (IP header) - 8 (UDP header) - 16 (nonce) - 1 (payload type byte) -->
+   <!-- 65470 = 65535 (64K, max IP size) - 40 (IP header) - 8 (UDP header) - 16 (nonce) - 4 (payload type bytes) -->
 
    <li><p>If the <code><a href=#peerconnection>PeerConnection</a></code>'s
    <a href=#peerconnection-data-udp-media-stream><code>PeerConnection</code> data UDP media stream</a> is
@@ -72299,37 +72299,45 @@ local.onaddstream = function (event) {
   protocols). For the purposes of masking, the <dfn id=data-udp-media-stream-salt>data UDP media
   stream salt</dfn> is defined to be the following 16 bytes, described
   here as hexadecimal numbers: DB 68 B5 FD 17 0E 15 77 56 AF 7A 3A 1A
-  57 75 02</p> <!-- obtained thusly: head -c 16 /dev/urandom |
-  hexdump -C -->
+  57 75 02</p>
+  <!-- obtained thusly: head -c 16 /dev/urandom | hexdump -C -->
 
   <p>When the user agent is to <dfn id=transmit-a-data-packet-to-a-peer>transmit a data packet to a
   peer</dfn> using a <a href=#data-udp-media-stream>data UDP media stream</a> and with a
-  byte string payload <var title="">data</var>, the user agent must
+  byte string payload <var title="">raw message</var>, the user agent must
   run the following steps:</p>
 
   <ol><li><p>Let <var title="">nonce</var> be 16 cryptographically random
    bytes.</li>
 
+   <li><p>Let <var title="">mask-key</var> be the first 16 bytes of
+   the HMAC-SHA1 of the 16 <var title="">nonce</var> bytes
+   concatenated with the 16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a>
+   bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+
+   <li><p>Let <var title="">typed raw message</var> be the
+   concatenation of three 0x00 bytes, a 0x01 byte, and <var title="">raw message</var>.</li>
+
+   <li><p>Let <var title="">masked message</var> be the result of
+   encrypting <var title="">typed raw message</var> using AES-128-CTR
+   keyed with <var title="">mask-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+
+   <li><p>Let <var title="">masked message with nonce</var> be the
+   concatenation of <var title="">nonce</var> and <var title="">masked
+   message</var>.</li>
+
    <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
    encryption key for the <a href=#data-udp-media-stream>data UDP media stream</a> in its
    media description, as defined above.</li>
 
-   <li><p>Let <var title="">key</var> be the first 16 bytes of the
-   HMAC-SHA1 of the 16 <var title="">nonce</var> bytes concatenated
-   with the 16 <var title="">ice-key</var> bytes concatenated with the
-   16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
-
-   <li><p>Let <var title="">message</var> be a 0x01 byte followed by
-   <var title="">data</var>.</li>
+   <li><p>Let <var title="">encrypted message</var> be the result of
+   encrypting <var title="">masked message with nonce</var> using
+   AES-128-CTR keyed with <var title="">ice-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
 
-   <li><p>Let <var title="">masked message</var> be the result of
-   encrypting <var title="">message</var> using AES-128-CTR keyed with
-   <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
-
-   <li><p>Send the concatenation of <var title="">nonce</var> and <var title="">masked message</var> in a UDP packet to the destination
-   that the relevant <a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE
-   Agent</a> has selected a destination for the <a href=#data-udp-media-stream>data UDP
-   media stream</a>.</li>
+   <li><p>Send <var title="">encrypted message</var> in a UDP packet
+   to the destination that the relevant
+   <a href=#peerconnection-ice-agent><code>PeerConnection</code> ICE Agent</a> has selected a
+   destination for the <a href=#data-udp-media-stream>data UDP media stream</a>.</li>
 
   </ol><p>A <dfn id=remote-data-udp-media-stream>remote data UDP media stream</dfn> is the first UDP media
   stream whose sender is the remote peer, whose label attribute
@@ -72345,33 +72353,40 @@ local.onaddstream = function (event) {
   <p>When a packet from a <a href=#remote-data-udp-media-stream>remote data UDP media stream</a> is
   received, the user agent must run the following steps:</p>
 
-  <ol><li><p>Let <var title="">data</var> be the UDP packet's data.</li>
-
-   <li><p>If <var title="">data</var> is shorter than 17 bytes, then
-   abort these steps.</li>
+  <ol><li><p>Let <var title="">encrypted message</var> be the UDP
+   packet's data.</li>
 
-   <li><p>Let <var title="">nonce</var> be the first 16 bytes of the
-   <var title="">data</var>.</li>
+   <li><p>If <var title="">encrypted message</var> is shorter than 20
+   bytes, then abort these steps.</li>
 
    <li><p>Let <var title="">ice-key</var> be the 16 bytes given as the
    encryption key for the <a href=#remote-data-udp-media-stream>remote data UDP media stream</a> in
    the media description for this media stream. <a href=#refsSDP>[SDP]</a></li>
 
+   <li><p>Let <var title="">masked message with nonce</var> be the
+   result of decrypting <var title="">message</var> using AES-128-CTR
+   keyed with <var title="">ice-key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+
+   <li><p>Let <var title="">nonce</var> be the first 16 bytes of the
+   <var title="">masked message with nonce</var>.</li>
+
+   <li><p>Let <var title="">masked message</var> be all but the first
+   16 bytes of <var title="">masked message with nonce</var>.</li>
+
    <li><p>Let <var title="">key</var> be the first 16 bytes of the
    HMAC-SHA1 of the 16 <var title="">nonce</var> bytes concatenated
-   with the 16 <var title="">ice-key</var> bytes concatenated with the
-   16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
+   with the 16 <a href=#data-udp-media-stream-salt>data UDP media stream salt</a> bytes. <a href=#refsHMAC>[HMAC]</a> <a href=#refsSHA1>[SHA1]</a></li>
 
-   <li><p>Let <var title="">unmasked data</var> be the result of
-   decrypting <var title="">message</var> using AES-128-CTR keyed with
-   <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
+   <li><p>Let <var title="">typed raw message</var> be the result of
+   decrypting <var title="">masked message</var> using AES-128-CTR
+   keyed with <var title="">key</var>. <a href=#refsAES128CTR>[AES128CTR]</a></li>
 
-   <li><p>If the first byte of <var title="">unmasked data</var> is
-   not 0x01, then abort these steps.</li>
+   <li><p>If the four bytes of <var title="">typed raw message</var>
+   are not 0x00, 0x00, 0x00, and 0x01 respectively, then abort these
+   steps.</li>
 
-   <li><p>Let <var title="">raw message</var> be the string consisting
-   of all but the first character of <var title="">unmasked
-   message</var>.</li>
+   <li><p>Let <var title="">raw message</var> be the byte string
+   consisting of all but the first four characters of <var title="">typed raw message</var>.</li>
 
    <li><p>Let <var title="">message</var> be <var title="">raw
    message</var> <a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error
@@ -72386,7 +72401,11 @@ local.onaddstream = function (event) {
    <code><a href=#peerconnection>PeerConnection</a></code> object that the <a href=#remote-data-udp-media-stream>remote data UDP
    media stream</a> is associated with.</li>
 
-  </ol><h4 id=event-definitions-0><span class=secno>9.1.5 </span>Event definitions</h4>
+  </ol><p>The <a href=#task-source>task source</a> for this <a href=#concept-task title=concept-task>task</a> is the <a href=#networking-task-source>networking task
+  source</a>.</p>
+
+
+  <h4 id=event-definitions-0><span class=secno>9.1.5 </span>Event definitions</h4>
 
   <p>The <code title=event-stream-addstream>addstream</code> and
   <code title=event-stream-removestream>removestream</code> events