Chromium Code Reviews Chromium Code Reviews
Issue 2720663003:
Support GCM ciphers even if ENABLE_EXTERNAL_AUTH is defined. (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. | 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 #include "webrtc/pc/srtpfilter.h" | 11 #include "webrtc/pc/srtpfilter.h" |
| 12 | 12 |
| 13 #include "third_party/libsrtp/include/srtp.h" | 13 #include "third_party/libsrtp/include/srtp.h" |
| 14 #include "webrtc/base/buffer.h" | |
| 14 #include "webrtc/base/byteorder.h" | 15 #include "webrtc/base/byteorder.h" |
| 15 #include "webrtc/base/constructormagic.h" | 16 #include "webrtc/base/constructormagic.h" |
| 16 #include "webrtc/base/gunit.h" | 17 #include "webrtc/base/gunit.h" |
| 17 #include "webrtc/base/thread.h" | 18 #include "webrtc/base/thread.h" |
| 18 #include "webrtc/media/base/cryptoparams.h" | 19 #include "webrtc/media/base/cryptoparams.h" |
| 19 #include "webrtc/media/base/fakertp.h" | 20 #include "webrtc/media/base/fakertp.h" |
| 20 #include "webrtc/p2p/base/sessiondescription.h" | 21 #include "webrtc/p2p/base/sessiondescription.h" |
| 21 | 22 |
| 22 using rtc::CS_AES_CM_128_HMAC_SHA1_80; | 23 using rtc::CS_AES_CM_128_HMAC_SHA1_80; |
| 23 using rtc::CS_AES_CM_128_HMAC_SHA1_32; | 24 using rtc::CS_AES_CM_128_HMAC_SHA1_32; |
| 24 using rtc::CS_AEAD_AES_128_GCM; | 25 using rtc::CS_AEAD_AES_128_GCM; |
| 25 using rtc::CS_AEAD_AES_256_GCM; | 26 using rtc::CS_AEAD_AES_256_GCM; |
| 26 using cricket::CryptoParams; | 27 using cricket::CryptoParams; |
| 27 using cricket::CS_LOCAL; | 28 using cricket::CS_LOCAL; |
| 28 using cricket::CS_REMOTE; | 29 using cricket::CS_REMOTE; |
| 29 | 30 |
| 30 static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; | 31 static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; |
| 31 static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; | 32 static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 32 static const int kTestKeyLen = 30; | 33 static const int kTestKeyLen = 30; |
| 34 static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12"; | |
| 35 static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA"; | |
| 36 static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt. | |
| 37 static const uint8_t kTestKeyGcm256_1[] = | |
| 38 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr"; | |
| 39 static const uint8_t kTestKeyGcm256_2[] = | |
| 40 "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"; | |
| 41 static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt. | |
| 33 static const std::string kTestKeyParams1 = | 42 static const std::string kTestKeyParams1 = |
| 34 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; | 43 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; |
| 35 static const std::string kTestKeyParams2 = | 44 static const std::string kTestKeyParams2 = |
| 36 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; | 45 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; |
| 37 static const std::string kTestKeyParams3 = | 46 static const std::string kTestKeyParams3 = |
| 38 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; | 47 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; |
| 39 static const std::string kTestKeyParams4 = | 48 static const std::string kTestKeyParams4 = |
| 40 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; | 49 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; |
| 41 static const std::string kTestKeyParamsGcm1 = | 50 static const std::string kTestKeyParamsGcm1 = |
| 42 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI="; | 51 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI="; |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 53 static const cricket::CryptoParams kTestCryptoParamsGcm1( | 62 static const cricket::CryptoParams kTestCryptoParamsGcm1( |
| 54 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); | 63 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); |
| 55 static const cricket::CryptoParams kTestCryptoParamsGcm2( | 64 static const cricket::CryptoParams kTestCryptoParamsGcm2( |
| 56 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); | 65 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); |
| 57 static const cricket::CryptoParams kTestCryptoParamsGcm3( | 66 static const cricket::CryptoParams kTestCryptoParamsGcm3( |
| 58 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); | 67 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); |
| 59 static const cricket::CryptoParams kTestCryptoParamsGcm4( | 68 static const cricket::CryptoParams kTestCryptoParamsGcm4( |
| 60 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); | 69 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); |
| 61 | 70 |
| 62 static int rtp_auth_tag_len(const std::string& cs) { | 71 static int rtp_auth_tag_len(const std::string& cs) { |
| 63 return (cs == CS_AES_CM_128_HMAC_SHA1_32) ? 4 : 10; | 72 if (cs == CS_AES_CM_128_HMAC_SHA1_32) { |
| 73 return 4; | |
| 74 } else if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { | |
| 75 return 16; | |
| 76 } else { | |
| 77 return 10; | |
| 78 } | |
| 64 } | 79 } |
| 65 static int rtcp_auth_tag_len(const std::string& cs) { | 80 static int rtcp_auth_tag_len(const std::string& cs) { |
| 66 return 10; | 81 if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { |
| 82 return 16; | |
| 83 } else { | |
| 84 return 10; | |
| 85 } | |
| 67 } | 86 } |
| 68 | 87 |
| 69 class SrtpFilterTest : public testing::Test { | 88 class SrtpFilterTest : public testing::Test { |
| 70 protected: | 89 protected: |
| 71 SrtpFilterTest() | 90 SrtpFilterTest() |
| 72 // Need to initialize |sequence_number_|, the value does not matter. | 91 // Need to initialize |sequence_number_|, the value does not matter. |
| 73 : sequence_number_(1) { | 92 : sequence_number_(1) { |
| 93 f1_.DisableAllowExternalAuthForTests(true); | |
|
Taylor Brandstetter
2017/02/28 22:53:40
Can you explain why this is needed in a comment?
| |
| 94 f2_.DisableAllowExternalAuthForTests(true); | |
| 74 } | 95 } |
| 75 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { | 96 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { |
| 76 std::vector<CryptoParams> vec; | 97 std::vector<CryptoParams> vec; |
| 77 vec.push_back(params); | 98 vec.push_back(params); |
| 78 return vec; | 99 return vec; |
| 79 } | 100 } |
| 80 void TestSetParams(const std::vector<CryptoParams>& params1, | 101 void TestSetParams(const std::vector<CryptoParams>& params1, |
| 81 const std::vector<CryptoParams>& params2) { | 102 const std::vector<CryptoParams>& params2) { |
| 82 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); | 103 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); |
| 83 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); | 104 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); |
| 84 EXPECT_FALSE(f1_.IsActive()); | 105 EXPECT_FALSE(f1_.IsActive()); |
| 85 EXPECT_FALSE(f2_.IsActive()); | 106 EXPECT_FALSE(f2_.IsActive()); |
| 86 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); | 107 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); |
| 87 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); | 108 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); |
| 88 EXPECT_TRUE(f1_.IsActive()); | 109 EXPECT_TRUE(f1_.IsActive()); |
| 89 EXPECT_TRUE(f2_.IsActive()); | 110 EXPECT_TRUE(f2_.IsActive()); |
| 90 } | 111 } |
| 91 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { | 112 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { |
| 92 char rtp_packet[sizeof(kPcmuFrame) + 10]; | 113 rtc::Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1)); |
| 114 char* rtp_packet = rtp_buffer.data<char>(); | |
| 93 char original_rtp_packet[sizeof(kPcmuFrame)]; | 115 char original_rtp_packet[sizeof(kPcmuFrame)]; |
| 94 char rtcp_packet[sizeof(kRtcpReport) + 4 + 10]; | 116 rtc::Buffer rtcp_buffer(sizeof(kRtcpReport) + 4 + rtcp_auth_tag_len(cs2)); |
| 117 char* rtcp_packet = rtcp_buffer.data<char>(); | |
| 95 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; | 118 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; |
| 96 memcpy(rtp_packet, kPcmuFrame, rtp_len); | 119 memcpy(rtp_packet, kPcmuFrame, rtp_len); |
| 97 // In order to be able to run this test function multiple times we can not | 120 // In order to be able to run this test function multiple times we can not |
| 98 // use the same sequence number twice. Increase the sequence number by one. | 121 // use the same sequence number twice. Increase the sequence number by one. |
| 99 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, | 122 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, |
| 100 ++sequence_number_); | 123 ++sequence_number_); |
| 101 memcpy(original_rtp_packet, rtp_packet, rtp_len); | 124 memcpy(original_rtp_packet, rtp_packet, rtp_len); |
| 102 memcpy(rtcp_packet, kRtcpReport, rtcp_len); | 125 memcpy(rtcp_packet, kRtcpReport, rtcp_len); |
| 103 | 126 |
| 104 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, | 127 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, |
| 105 sizeof(rtp_packet), &out_len)); | 128 rtp_buffer.size(), &out_len)); |
| 106 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); | 129 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); |
| 107 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 130 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 108 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); | 131 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| 109 EXPECT_EQ(rtp_len, out_len); | 132 EXPECT_EQ(rtp_len, out_len); |
| 110 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 133 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 111 | 134 |
| 112 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, | 135 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, |
| 113 sizeof(rtp_packet), &out_len)); | 136 rtp_buffer.size(), &out_len)); |
| 114 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); | 137 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); |
| 115 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 138 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 116 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); | 139 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| 117 EXPECT_EQ(rtp_len, out_len); | 140 EXPECT_EQ(rtp_len, out_len); |
| 118 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 141 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 119 | 142 |
| 120 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, | 143 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, |
| 121 sizeof(rtcp_packet), &out_len)); | 144 rtcp_buffer.size(), &out_len)); |
| 122 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT | 145 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT |
| 123 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 146 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 124 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); | 147 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); |
| 125 EXPECT_EQ(rtcp_len, out_len); | 148 EXPECT_EQ(rtcp_len, out_len); |
| 126 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 149 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 127 | 150 |
| 128 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len, | 151 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len, |
| 129 sizeof(rtcp_packet), &out_len)); | 152 rtcp_buffer.size(), &out_len)); |
| 130 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT | 153 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT |
| 131 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 154 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 132 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); | 155 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); |
| 133 EXPECT_EQ(rtcp_len, out_len); | 156 EXPECT_EQ(rtcp_len, out_len); |
| 134 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 157 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 135 } | 158 } |
| 136 cricket::SrtpFilter f1_; | 159 cricket::SrtpFilter f1_; |
| 137 cricket::SrtpFilter f2_; | 160 cricket::SrtpFilter f2_; |
| 138 int sequence_number_; | 161 int sequence_number_; |
| 139 }; | 162 }; |
| (...skipping 413 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 553 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 576 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 554 kTestKey2, kTestKeyLen)); | 577 kTestKey2, kTestKeyLen)); |
| 555 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, | 578 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, |
| 556 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 579 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 557 kTestKey1, kTestKeyLen)); | 580 kTestKey1, kTestKeyLen)); |
| 558 EXPECT_TRUE(f1_.IsActive()); | 581 EXPECT_TRUE(f1_.IsActive()); |
| 559 EXPECT_TRUE(f2_.IsActive()); | 582 EXPECT_TRUE(f2_.IsActive()); |
| 560 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); | 583 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); |
| 561 } | 584 } |
| 562 | 585 |
| 586 // Test directly setting the params with SRTP_AEAD_AES_128_GCM | |
|
Taylor Brandstetter
2017/02/28 22:53:40
nit: Period at end of comment.
joachim
2017/03/01 00:43:46
Done.
| |
| 587 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_128_GCM) { | |
| 588 // GCM should not allow external auth anyway. | |
| 589 f1_.DisableAllowExternalAuthForTests(false); | |
| 590 f2_.DisableAllowExternalAuthForTests(false); | |
| 591 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, | |
| 592 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, | |
| 593 kTestKeyGcm128_2, kTestKeyGcm128Len)); | |
| 594 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, | |
| 595 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, | |
| 596 kTestKeyGcm128_1, kTestKeyGcm128Len)); | |
| 597 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, | |
| 598 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, | |
| 599 kTestKeyGcm128_2, kTestKeyGcm128Len)); | |
| 600 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, | |
| 601 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, | |
| 602 kTestKeyGcm128_1, kTestKeyGcm128Len)); | |
| 603 EXPECT_TRUE(f1_.IsActive()); | |
| 604 EXPECT_TRUE(f2_.IsActive()); | |
| 605 TestProtectUnprotect(CS_AEAD_AES_128_GCM, CS_AEAD_AES_128_GCM); | |
| 606 } | |
| 607 | |
| 608 // Test directly setting the params with SRTP_AEAD_AES_256_GCM | |
| 609 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_256_GCM) { | |
| 610 // GCM should not allow external auth anyway. | |
| 611 f1_.DisableAllowExternalAuthForTests(false); | |
| 612 f2_.DisableAllowExternalAuthForTests(false); | |
| 613 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, | |
| 614 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, | |
| 615 kTestKeyGcm256_2, kTestKeyGcm256Len)); | |
| 616 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, | |
| 617 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, | |
| 618 kTestKeyGcm256_1, kTestKeyGcm256Len)); | |
| 619 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, | |
| 620 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, | |
| 621 kTestKeyGcm256_2, kTestKeyGcm256Len)); | |
| 622 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, | |
| 623 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, | |
| 624 kTestKeyGcm256_1, kTestKeyGcm256Len)); | |
| 625 EXPECT_TRUE(f1_.IsActive()); | |
| 626 EXPECT_TRUE(f2_.IsActive()); | |
| 627 TestProtectUnprotect(CS_AEAD_AES_256_GCM, CS_AEAD_AES_256_GCM); | |
| 628 } | |
| 629 | |
| 563 // Test directly setting the params with bogus keys | 630 // Test directly setting the params with bogus keys |
| 564 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { | 631 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { |
| 565 EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 632 EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 566 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, | 633 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, |
| 567 kTestKey1, kTestKeyLen - 1)); | 634 kTestKey1, kTestKeyLen - 1)); |
| 568 EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 635 EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 569 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, | 636 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, |
| 570 kTestKey1, kTestKeyLen - 1)); | 637 kTestKey1, kTestKeyLen - 1)); |
| 571 } | 638 } |
| 572 | 639 |
| 573 #if defined(ENABLE_EXTERNAL_AUTH) | |
| 574 TEST_F(SrtpFilterTest, TestGetSendAuthParams) { | 640 TEST_F(SrtpFilterTest, TestGetSendAuthParams) { |
| 641 // We're testing support for external auth, so don't disbale. | |
| 642 f1_.DisableAllowExternalAuthForTests(false); | |
|
Taylor Brandstetter
2017/02/28 22:53:40
Let's see, this is "don't disable allowing externa
| |
| 643 f2_.DisableAllowExternalAuthForTests(false); | |
| 575 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 644 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 576 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 645 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 577 kTestKey2, kTestKeyLen)); | 646 kTestKey2, kTestKeyLen)); |
| 578 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 647 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 579 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 648 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 580 kTestKey2, kTestKeyLen)); | 649 kTestKey2, kTestKeyLen)); |
| 650 // Non-GCM ciphers support external auth. | |
| 651 EXPECT_TRUE(f1_.AllowExternalAuth()); | |
| 581 uint8_t* auth_key = NULL; | 652 uint8_t* auth_key = NULL; |
| 582 int auth_key_len = 0, auth_tag_len = 0; | 653 int auth_key_len = 0, auth_tag_len = 0; |
| 583 EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len)); | 654 EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len)); |
| 584 EXPECT_TRUE(auth_key != NULL); | 655 EXPECT_TRUE(auth_key != NULL); |
| 585 EXPECT_EQ(20, auth_key_len); | 656 EXPECT_EQ(20, auth_key_len); |
| 586 EXPECT_EQ(4, auth_tag_len); | 657 EXPECT_EQ(4, auth_tag_len); |
| 587 } | 658 } |
| 588 #endif | |
| 589 | 659 |
| 590 class SrtpSessionTest : public testing::Test { | 660 class SrtpSessionTest : public testing::Test { |
| 591 protected: | 661 protected: |
| 592 virtual void SetUp() { | 662 virtual void SetUp() { |
| 663 s1_.DisableAllowExternalAuthForTests(true); | |
| 664 s2_.DisableAllowExternalAuthForTests(true); | |
| 593 rtp_len_ = sizeof(kPcmuFrame); | 665 rtp_len_ = sizeof(kPcmuFrame); |
| 594 rtcp_len_ = sizeof(kRtcpReport); | 666 rtcp_len_ = sizeof(kRtcpReport); |
| 595 memcpy(rtp_packet_, kPcmuFrame, rtp_len_); | 667 memcpy(rtp_packet_, kPcmuFrame, rtp_len_); |
| 596 memcpy(rtcp_packet_, kRtcpReport, rtcp_len_); | 668 memcpy(rtcp_packet_, kRtcpReport, rtcp_len_); |
| 597 } | 669 } |
| 598 void TestProtectRtp(const std::string& cs) { | 670 void TestProtectRtp(const std::string& cs) { |
| 599 int out_len = 0; | 671 int out_len = 0; |
| 600 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, | 672 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, |
| 601 sizeof(rtp_packet_), &out_len)); | 673 sizeof(rtp_packet_), &out_len)); |
| 602 EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs)); | 674 EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs)); |
| (...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 932 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); | 1004 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); |
| 933 EXPECT_EQ(-1, mode_); | 1005 EXPECT_EQ(-1, mode_); |
| 934 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); | 1006 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); |
| 935 // Now the error will be triggered again. | 1007 // Now the error will be triggered again. |
| 936 Reset(); | 1008 Reset(); |
| 937 rtc::Thread::Current()->SleepMs(210); | 1009 rtc::Thread::Current()->SleepMs(210); |
| 938 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); | 1010 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); |
| 939 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); | 1011 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); |
| 940 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); | 1012 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); |
| 941 } | 1013 } |
| OLD | NEW |
