Add support for GCM cipher suites from RFC 7714.

talk/app/webrtc/peerconnection_unittest.cc

 /*
  * libjingle
  * Copyright 2012 Google Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *  1. Redistributions of source code must retain the above copyright notice,
  *     this list of conditions and the following disclaimer.
  *  2. Redistributions in binary form must reproduce the above copyright notice,
@@ skipping 97 matching lines @@
 static const char kAudioTrackLabelBase[] = "audio_track";
 static const char kDataChannelLabel[] = "data_channel";
 
 // Disable for TSan v2, see
 // https://code.google.com/p/webrtc/issues/detail?id=1205 for details.
 // This declaration is also #ifdef'd as it causes unused-variable errors.
 #if !defined(THREAD_SANITIZER)
 // SRTP cipher name negotiated by the tests. This must be updated if the
 // default changes.
 static const int kDefaultSrtpCryptoSuite = rtc::SRTP_AES128_CM_SHA1_32;
+static const int kDefaultSrtpCryptoSuiteGcm = rtc::SRTP_AEAD_AES_256_GCM;
 #endif
 
 static void RemoveLinesFromSdp(const std::string& line_start,
                                std::string* sdp) {
   const char kSdpLineEnd[] = "\r\n";
   size_t ssrc_pos = 0;
   while ((ssrc_pos = sdp->find(line_start, ssrc_pos)) !=
       std::string::npos) {
     size_t end_ssrc = sdp->find(kSdpLineEnd, ssrc_pos);
     sdp->erase(ssrc_pos, end_ssrc - ssrc_pos + strlen(kSdpLineEnd));
@@ skipping 1395 matching lines @@
                        rtc::SSL_PROTOCOL_DTLS_10, rtc::KT_DEFAULT)));
 
   EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
                  initializing_client()->GetSrtpCipherStats(),
                  kMaxWaitForStatsMs);
   EXPECT_EQ(1,
             init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
                                           kDefaultSrtpCryptoSuite));
 }
 
+// Test that a non-GCM cipher is used if both sides only support non-GCM.
+TEST_F(P2PTestConductor, GetGcmNone) {
+  PeerConnectionFactory::Options init_options;
+  init_options.enable_gcm_ciphers = false;
+  PeerConnectionFactory::Options recv_options;
+  recv_options.enable_gcm_ciphers = false;
+  ASSERT_TRUE(
+      CreateTestClients(nullptr, &init_options, nullptr, &recv_options));
+  rtc::scoped_refptr<webrtc::FakeMetricsObserver>
+      init_observer = new rtc::RefCountedObject<webrtc::FakeMetricsObserver>();
+  initializing_client()->pc()->RegisterUMAObserver(init_observer);
+  LocalP2PTest();
+
+  EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
+                 initializing_client()->GetSrtpCipherStats(),
+                 kMaxWaitForStatsMs);
+  EXPECT_EQ(1,
+            init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
+                                          kDefaultSrtpCryptoSuite));

[pthatcher1, 2015/12/18 20:31:31]

Can you move this common logic into a separate method that's something like:

TestGcmNegotiation(bool local_gcm_enabled, bool remote_gcm_enabled, int
expected_cipher_suite);

TestGcmNegotiation(true, true, kDefaultSrtpCryptoSuiteGcm);
TestGcmNegotiation(true, false, kDefaultSrtpCryptoSuite);
TestGcmNegotiation(false, true, kDefaultSrtpCryptoSuite);
TestGcmNegotiation(false, false, kDefaultSrtpCryptoSuite);

[joachim, 2015/12/19 15:26:23]

Done.

+}
+
+// Test that a GCM cipher is used if both ends support it.
+TEST_F(P2PTestConductor, GetGcmBoth) {
+  PeerConnectionFactory::Options init_options;
+  init_options.enable_gcm_ciphers = true;
+  PeerConnectionFactory::Options recv_options;
+  recv_options.enable_gcm_ciphers = true;
+  ASSERT_TRUE(
+      CreateTestClients(nullptr, &init_options, nullptr, &recv_options));
+  rtc::scoped_refptr<webrtc::FakeMetricsObserver>
+      init_observer = new rtc::RefCountedObject<webrtc::FakeMetricsObserver>();
+  initializing_client()->pc()->RegisterUMAObserver(init_observer);
+  LocalP2PTest();
+
+  EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuiteGcm),
+                 initializing_client()->GetSrtpCipherStats(),
+                 kMaxWaitForStatsMs);
+  EXPECT_EQ(1,
+            init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
+                                          kDefaultSrtpCryptoSuiteGcm));
+}
+
+// Test that a non-GCM cipher is used if the initator supports GCM and the
+// received supports non-GCM.
+TEST_F(P2PTestConductor, GetGcmInit) {
+  PeerConnectionFactory::Options init_options;
+  init_options.enable_gcm_ciphers = true;
+  PeerConnectionFactory::Options recv_options;
+  recv_options.enable_gcm_ciphers = false;
+  ASSERT_TRUE(
+      CreateTestClients(nullptr, &init_options, nullptr, &recv_options));
+  rtc::scoped_refptr<webrtc::FakeMetricsObserver>
+      init_observer = new rtc::RefCountedObject<webrtc::FakeMetricsObserver>();
+  initializing_client()->pc()->RegisterUMAObserver(init_observer);
+  LocalP2PTest();
+
+  EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
+                 initializing_client()->GetSrtpCipherStats(),
+                 kMaxWaitForStatsMs);
+  EXPECT_EQ(1,
+            init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
+                                          kDefaultSrtpCryptoSuite));
+}
+
+// Test that a non-GCM cipher is used if the initator supports non-GCM and the
+// received supports GCM.
+TEST_F(P2PTestConductor, GetGcmRecv) {
+  PeerConnectionFactory::Options init_options;
+  init_options.enable_gcm_ciphers = false;
+  PeerConnectionFactory::Options recv_options;
+  recv_options.enable_gcm_ciphers = true;
+  ASSERT_TRUE(
+      CreateTestClients(nullptr, &init_options, nullptr, &recv_options));
+  rtc::scoped_refptr<webrtc::FakeMetricsObserver>
+      init_observer = new rtc::RefCountedObject<webrtc::FakeMetricsObserver>();
+  initializing_client()->pc()->RegisterUMAObserver(init_observer);
+  LocalP2PTest();
+
+  EXPECT_EQ_WAIT(rtc::SrtpCryptoSuiteToName(kDefaultSrtpCryptoSuite),
+                 initializing_client()->GetSrtpCipherStats(),
+                 kMaxWaitForStatsMs);
+  EXPECT_EQ(1,
+            init_observer->GetEnumCounter(webrtc::kEnumCounterAudioSrtpCipher,
+                                          kDefaultSrtpCryptoSuite));
+}
+
 // This test sets up a call between two parties with audio, video and an RTP
 // data channel.
 TEST_F(P2PTestConductor, LocalP2PTestRtpDataChannel) {
   FakeConstraints setup_constraints;
   setup_constraints.SetAllowRtpDataChannels();
   ASSERT_TRUE(CreateTestClients(&setup_constraints, &setup_constraints));
   initializing_client()->CreateDataChannel();
   LocalP2PTest();
   ASSERT_TRUE(initializing_client()->data_channel() != nullptr);
   ASSERT_TRUE(receiving_client()->data_channel() != nullptr);
@@ skipping 415 matching lines @@
   server.urls.push_back("stun:hostname");
   server.urls.push_back("turn:hostname");
   servers.push_back(server);
   EXPECT_TRUE(webrtc::ParseIceServers(servers, &stun_configurations_,
                                       &turn_configurations_));
   EXPECT_EQ(1U, stun_configurations_.size());
   EXPECT_EQ(1U, turn_configurations_.size());
 }
 
 #endif // if !defined(THREAD_SANITIZER)