Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webrtc/base/sslstreamadapter_unittest.cc

Issue 1528843005: Add support for GCM cipher suites from RFC 7714. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Added PeerConnection tests using GCM ciphers, fixed passing of flag through DtlsTransportChannel. Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« talk/session/media/srtpfilter.cc ('K') | « webrtc/base/sslstreamadapter.cc ('k') | webrtc/p2p/base/dtlstransport.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/base/sslstreamadapter_unittest.cc
diff --git a/webrtc/base/sslstreamadapter_unittest.cc b/webrtc/base/sslstreamadapter_unittest.cc
index fedfa392dbc1aee06cc2c35c246db65e214b26e3..f006d9baba5e7d62efc9f4358a5afe2a0df6b502 100644
--- a/webrtc/base/sslstreamadapter_unittest.cc
+++ b/webrtc/base/sslstreamadapter_unittest.cc
@@ -941,7 +941,6 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
};
-
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
@@ -978,6 +977,112 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
};
+// Test DTLS-SRTP with all GCM-128 ciphers.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
+ std::vector<int> gcm128;
+ gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
+ SetDtlsSrtpCryptoSuites(gcm128, true);
+ SetDtlsSrtpCryptoSuites(gcm128, false);
+ TestHandshake();
+
+ int client_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
+
+ ASSERT_EQ(client_cipher, server_cipher);
+ ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM);
+};
+
+// Test DTLS-SRTP with all GCM-256 ciphers.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
+ std::vector<int> gcm256;
+ gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
+ SetDtlsSrtpCryptoSuites(gcm256, true);
+ SetDtlsSrtpCryptoSuites(gcm256, false);
+ TestHandshake();
+
+ int client_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
+
+ ASSERT_EQ(client_cipher, server_cipher);
+ ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
+};
+
+// Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
+ std::vector<int> gcm128;
+ gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
+ std::vector<int> gcm256;
+ gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
+ SetDtlsSrtpCryptoSuites(gcm128, true);
+ SetDtlsSrtpCryptoSuites(gcm256, false);
+ TestHandshake();
+
+ int client_cipher;
+ ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
+};
+
+// Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
+ std::vector<int> gcmBoth;
+ gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
+ gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
+ SetDtlsSrtpCryptoSuites(gcmBoth, true);
+ SetDtlsSrtpCryptoSuites(gcmBoth, false);
+ TestHandshake();
+
+ int client_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
+ int server_cipher;
+ ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
+
+ ASSERT_EQ(client_cipher, server_cipher);
+ ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
+};
+
+// Test SRTP cipher suite parameters.
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpCipherSuiteParams) {
+ int key_len;
+ int salt_len;
+
+ ASSERT_FALSE(
+ rtc::SrtpCryptoSuiteParams(
+ rtc::SRTP_INVALID_CRYPTO_SUITE, &key_len, &salt_len));
+
+ ASSERT_TRUE(
+ rtc::SrtpCryptoSuiteParams(
+ rtc::SRTP_AES128_CM_SHA1_32, &key_len, &salt_len));
+ ASSERT_EQ(128/8, key_len);
+ ASSERT_EQ(112/8, salt_len);
+
+ ASSERT_TRUE(
+ rtc::SrtpCryptoSuiteParams(
+ rtc::SRTP_AES128_CM_SHA1_80, &key_len, &salt_len));
+ ASSERT_EQ(128/8, key_len);
+ ASSERT_EQ(112/8, salt_len);
+
+ ASSERT_TRUE(
+ rtc::SrtpCryptoSuiteParams(
+ rtc::SRTP_AEAD_AES_128_GCM, &key_len, &salt_len));
+ ASSERT_EQ(128/8, key_len);
+ ASSERT_EQ(96/8, salt_len);
+
+ ASSERT_TRUE(
+ rtc::SrtpCryptoSuiteParams(
+ rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len));
+ ASSERT_EQ(256/8, key_len);
+ ASSERT_EQ(96/8, salt_len);
+};
+
// Test an exporter
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
MAYBE_SKIP_TEST(HaveExporter);
« talk/session/media/srtpfilter.cc ('K') | « webrtc/base/sslstreamadapter.cc ('k') | webrtc/p2p/base/dtlstransport.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698