-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor crypto feature flags #594
base: main
Are you sure you want to change the base?
Conversation
This might be an alternative route to #592 |
@efer-ms @xnorpx I think this is more the way I'd like to go (open to challenges). Only the DTLS part is implemented. The next would be to "package up" the SRTP crypto functions under something mirroring the DTLS side.
|
I'm happy to keep working on this, or hand it over. |
Harder than I thought to pull this refactor off 😰 |
I'm happy to hand it off to you. |
So I'll defer to you Martin, but I really thing the whole crypto thing can be isolated. There shouldn't be a need to update anything in str0m in order to provide a new crypto implementation. This would allow for a single compliance test to exist for any provider, and ensure that str0m doesn't get polluted with knowledge over the various crypto providers that may or may not exist. I used the traits for Dtls/DtlsCert to avoid having to sprinkle #cfg everywhere. It makes it more difficult to implement providers, and to keep them isolated. I only kept Anyways, I'm okay for you to proceed down your path if it's your preferred approach, otherwise I could make the changes I'm talking about in my branch if you want to see what that looks like. Basically, I think you can end up with #cfg only cause we have a default provider (openssl and/or sha1). |
FWIW, another approach could be to use global state. That is what I haven't researched their decision process on how they ended up with that design so blindly following it may be an act of cargo cult. Nevertheless, I think it is a good data point for how this is handled in the ecosystem. What we could do is:
If we wanted, this could also be split up into multiple crates although I am not sure it is necessary right away. We'd need:
|
That level of modularity is not something we necessarily need to strive for. It's nice, but I think might come at the cost of more abstraction and code complexity.
As a fundamental principle, str0m is built trying to avoid dynamic dispatch, especially in expensive places. Now, we have failed on that because the decryption/encryption of SRTP is doing it. I also concede I might be overly worrying about it, because the time to encrypt/decrypt probably overshadows the dispatch with orders of magnitude. Maybe a point of pride rather than a point of reason.
Interesting idea. I have considered that approach for ureq, but maybe it's applicable here too. At the very least I should probably unify DTLS and SRTP under one CryptoProvider trait. |
As a datapoint, in our application, even str0m's crypto code is only a low, single-digit percentage of CPU usage under high-load. The |
Yeah, the ICE sha1 are neither here nor there. The SRTP encryption/decryption is in comparison what takes most CPU for the rest of the WebRTC stack. |
I haven't looked to carefully at the code, but if you can do the decision at compile time and pick one provider for dtls/srtp and one provider for sha-1 at compile time with features and then use static dispatch. I don't think there is ever a case when I want to switch between Wincrypto and OpenSSL runtime. Or pure rust implementation vs openssl in the future. |
I got nerd-sniped into having a crack at this myself: #597 |
This also moves the DtlsCert and FingerPrint to the new config module.
331c578
to
b659048
Compare
6880bf5
to
7f5924f
Compare
This is a refactor to make less use of the feature flags openssl and wincrypto for conditional compilation. It plugs in "dummy" impls that panics if the corresponding feature is not turned on. The goal is:
--all-features
(no mutually exclusive feature flags)