Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(45)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webrtc/base/sslstreamadapter_unittest.cc

Issue 1528843005: Add support for GCM cipher suites from RFC 7714. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Fix failing SRTP-but-no-DTLS tests. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« webrtc/base/sslstreamadapter.h ('K') | « webrtc/base/sslstreamadapter.cc ('k') | webrtc/pc/channel.h » ('j') | webrtc/pc/channel.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/base/sslstreamadapter_unittest.cc
diff --git a/webrtc/base/sslstreamadapter_unittest.cc b/webrtc/base/sslstreamadapter_unittest.cc
index ac9fef9f248ad15ca09c83a68af58270a602daf2..1149845e9ccf84315ad8c4fa7acf63e7119bfa1f 100644
--- a/webrtc/base/sslstreamadapter_unittest.cc
+++ b/webrtc/base/sslstreamadapter_unittest.cc
@@ -947,7 +947,6 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
};
-
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
@@ -984,6 +983,112 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
};
+// Test DTLS-SRTP with all GCM-128 ciphers.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
+ std::vector<int> gcm128;
+ gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
+ SetDtlsSrtpCryptoSuites(gcm128, true);
+ SetDtlsSrtpCryptoSuites(gcm128, false);
+ TestHandshake();
+
+ int client_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
+
+ ASSERT_EQ(client_cipher, server_cipher);
+ ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM);
+};
+
+// Test DTLS-SRTP with all GCM-256 ciphers.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
+ std::vector<int> gcm256;
+ gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
+ SetDtlsSrtpCryptoSuites(gcm256, true);
+ SetDtlsSrtpCryptoSuites(gcm256, false);
+ TestHandshake();
+
+ int client_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
+
+ ASSERT_EQ(client_cipher, server_cipher);
+ ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
+};
+
+// Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
+ std::vector<int> gcm128;
+ gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
+ std::vector<int> gcm256;
+ gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
+ SetDtlsSrtpCryptoSuites(gcm128, true);
+ SetDtlsSrtpCryptoSuites(gcm256, false);
+ TestHandshake();
+
+ int client_cipher;
+ ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
+};
+
+// Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
+ std::vector<int> gcmBoth;
+ gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
+ gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
+ SetDtlsSrtpCryptoSuites(gcmBoth, true);
+ SetDtlsSrtpCryptoSuites(gcmBoth, false);
+ TestHandshake();
+
+ int client_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
+
+ ASSERT_EQ(client_cipher, server_cipher);
+ ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
+};
+
+// Test SRTP cipher suite lengths.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
+ int key_len;
+ int salt_len;
+
+ ASSERT_FALSE(
+ rtc::GetSrtpKeyAndSaltLengths(
mattdr 2016/05/06 22:34:13 belongs with previous line, I think, here and belo
joachim 2016/05/09 23:21:40 Done.
+ rtc::SRTP_INVALID_CRYPTO_SUITE, &key_len, &salt_len));
+
+ ASSERT_TRUE(
+ rtc::GetSrtpKeyAndSaltLengths(
+ rtc::SRTP_AES128_CM_SHA1_32, &key_len, &salt_len));
+ ASSERT_EQ(128/8, key_len);
+ ASSERT_EQ(112/8, salt_len);
+
+ ASSERT_TRUE(
+ rtc::GetSrtpKeyAndSaltLengths(
+ rtc::SRTP_AES128_CM_SHA1_80, &key_len, &salt_len));
+ ASSERT_EQ(128/8, key_len);
+ ASSERT_EQ(112/8, salt_len);
+
+ ASSERT_TRUE(
+ rtc::GetSrtpKeyAndSaltLengths(
+ rtc::SRTP_AEAD_AES_128_GCM, &key_len, &salt_len));
+ ASSERT_EQ(128/8, key_len);
+ ASSERT_EQ(96/8, salt_len);
+
+ ASSERT_TRUE(
+ rtc::GetSrtpKeyAndSaltLengths(
+ rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len));
+ ASSERT_EQ(256/8, key_len);
+ ASSERT_EQ(96/8, salt_len);
+};
+
// Test an exporter
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
MAYBE_SKIP_TEST(HaveExporter);
« webrtc/base/sslstreamadapter.h ('K') | « webrtc/base/sslstreamadapter.cc ('k') | webrtc/pc/channel.h » ('j') | webrtc/pc/channel.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698