Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(429)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/base/sslstreamadapter_unittest.cc

Issue 1528843005: Add support for GCM cipher suites from RFC 7714. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Added PeerConnection tests using GCM ciphers, fixed passing of flag through DtlsTransportChannel. Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« talk/session/media/srtpfilter.cc ('K') | « webrtc/base/sslstreamadapter.cc ('k') | webrtc/p2p/base/dtlstransport.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 923 matching lines...) Expand 10 before | Expand all | Expand 10 after
934 934
935 int client_cipher; 935 int client_cipher;
936 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); 936 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
937 int server_cipher; 937 int server_cipher;
938 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); 938 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
939 939
940 ASSERT_EQ(client_cipher, server_cipher); 940 ASSERT_EQ(client_cipher, server_cipher);
941 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); 941 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
942 }; 942 };
943 943
944
945 // Test DTLS-SRTP with a mismatch -- should not converge 944 // Test DTLS-SRTP with a mismatch -- should not converge
946 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { 945 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
947 MAYBE_SKIP_TEST(HaveDtlsSrtp); 946 MAYBE_SKIP_TEST(HaveDtlsSrtp);
948 std::vector<int> high; 947 std::vector<int> high;
949 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); 948 high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
950 std::vector<int> low; 949 std::vector<int> low;
951 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); 950 low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
952 SetDtlsSrtpCryptoSuites(high, true); 951 SetDtlsSrtpCryptoSuites(high, true);
953 SetDtlsSrtpCryptoSuites(low, false); 952 SetDtlsSrtpCryptoSuites(low, false);
954 TestHandshake(); 953 TestHandshake();
(...skipping 16 matching lines...) Expand all
971 970
972 int client_cipher; 971 int client_cipher;
973 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); 972 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
974 int server_cipher; 973 int server_cipher;
975 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); 974 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
976 975
977 ASSERT_EQ(client_cipher, server_cipher); 976 ASSERT_EQ(client_cipher, server_cipher);
978 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); 977 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
979 }; 978 };
980 979
980 // Test DTLS-SRTP with all GCM-128 ciphers.
981 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
982 MAYBE_SKIP_TEST(HaveDtlsSrtp);
983 std::vector<int> gcm128;
984 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
985 SetDtlsSrtpCryptoSuites(gcm128, true);
986 SetDtlsSrtpCryptoSuites(gcm128, false);
987 TestHandshake();
988
989 int client_cipher;
990 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
991 int server_cipher;
992 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
993
994 ASSERT_EQ(client_cipher, server_cipher);
995 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM);
996 };
997
998 // Test DTLS-SRTP with all GCM-256 ciphers.
999 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
1000 MAYBE_SKIP_TEST(HaveDtlsSrtp);
1001 std::vector<int> gcm256;
1002 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
1003 SetDtlsSrtpCryptoSuites(gcm256, true);
1004 SetDtlsSrtpCryptoSuites(gcm256, false);
1005 TestHandshake();
1006
1007 int client_cipher;
1008 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1009 int server_cipher;
1010 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1011
1012 ASSERT_EQ(client_cipher, server_cipher);
1013 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
1014 };
1015
1016 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
1017 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
1018 MAYBE_SKIP_TEST(HaveDtlsSrtp);
1019 std::vector<int> gcm128;
1020 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
1021 std::vector<int> gcm256;
1022 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
1023 SetDtlsSrtpCryptoSuites(gcm128, true);
1024 SetDtlsSrtpCryptoSuites(gcm256, false);
1025 TestHandshake();
1026
1027 int client_cipher;
1028 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1029 int server_cipher;
1030 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1031 };
1032
1033 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
1034 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
1035 MAYBE_SKIP_TEST(HaveDtlsSrtp);
1036 std::vector<int> gcmBoth;
1037 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
1038 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
1039 SetDtlsSrtpCryptoSuites(gcmBoth, true);
1040 SetDtlsSrtpCryptoSuites(gcmBoth, false);
1041 TestHandshake();
1042
1043 int client_cipher;
1044 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1045 int server_cipher;
1046 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1047
1048 ASSERT_EQ(client_cipher, server_cipher);
1049 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
1050 };
1051
1052 // Test SRTP cipher suite parameters.
1053 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpCipherSuiteParams) {
1054 int key_len;
1055 int salt_len;
1056
1057 ASSERT_FALSE(
1058 rtc::SrtpCryptoSuiteParams(
1059 rtc::SRTP_INVALID_CRYPTO_SUITE, &key_len, &salt_len));
1060
1061 ASSERT_TRUE(
1062 rtc::SrtpCryptoSuiteParams(
1063 rtc::SRTP_AES128_CM_SHA1_32, &key_len, &salt_len));
1064 ASSERT_EQ(128/8, key_len);
1065 ASSERT_EQ(112/8, salt_len);
1066
1067 ASSERT_TRUE(
1068 rtc::SrtpCryptoSuiteParams(
1069 rtc::SRTP_AES128_CM_SHA1_80, &key_len, &salt_len));
1070 ASSERT_EQ(128/8, key_len);
1071 ASSERT_EQ(112/8, salt_len);
1072
1073 ASSERT_TRUE(
1074 rtc::SrtpCryptoSuiteParams(
1075 rtc::SRTP_AEAD_AES_128_GCM, &key_len, &salt_len));
1076 ASSERT_EQ(128/8, key_len);
1077 ASSERT_EQ(96/8, salt_len);
1078
1079 ASSERT_TRUE(
1080 rtc::SrtpCryptoSuiteParams(
1081 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len));
1082 ASSERT_EQ(256/8, key_len);
1083 ASSERT_EQ(96/8, salt_len);
1084 };
1085
981 // Test an exporter 1086 // Test an exporter
982 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { 1087 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
983 MAYBE_SKIP_TEST(HaveExporter); 1088 MAYBE_SKIP_TEST(HaveExporter);
984 TestHandshake(); 1089 TestHandshake();
985 unsigned char client_out[20]; 1090 unsigned char client_out[20];
986 unsigned char server_out[20]; 1091 unsigned char server_out[20];
987 1092
988 bool result; 1093 bool result;
989 result = ExportKeyingMaterial(kExporterLabel, 1094 result = ExportKeyingMaterial(kExporterLabel,
990 kExporterContext, kExporterContextLen, 1095 kExporterContext, kExporterContextLen,
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after
1153 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); 1258 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
1154 INSTANTIATE_TEST_CASE_P( 1259 INSTANTIATE_TEST_CASE_P(
1155 SSLStreamAdapterTestsDTLS, 1260 SSLStreamAdapterTestsDTLS,
1156 SSLStreamAdapterTestDTLS, 1261 SSLStreamAdapterTestDTLS,
1157 Combine(Values(rtc::KeyParams::RSA(1024, 65537), 1262 Combine(Values(rtc::KeyParams::RSA(1024, 65537),
1158 rtc::KeyParams::RSA(1152, 65537), 1263 rtc::KeyParams::RSA(1152, 65537),
1159 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), 1264 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
1160 Values(rtc::KeyParams::RSA(1024, 65537), 1265 Values(rtc::KeyParams::RSA(1024, 65537),
1161 rtc::KeyParams::RSA(1152, 65537), 1266 rtc::KeyParams::RSA(1152, 65537),
1162 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); 1267 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
OLDNEW
« talk/session/media/srtpfilter.cc ('K') | « webrtc/base/sslstreamadapter.cc ('k') | webrtc/p2p/base/dtlstransport.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698