Chromium Code Reviews Chromium Code Reviews
Issue 2720663003:
Support GCM ciphers even if ENABLE_EXTERNAL_AUTH is defined. (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. | 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 #include "webrtc/pc/srtpfilter.h" | 11 #include "webrtc/pc/srtpfilter.h" |
| 12 | 12 |
| 13 #include "third_party/libsrtp/include/srtp.h" | 13 #include "third_party/libsrtp/include/srtp.h" |
| 14 #include "webrtc/base/buffer.h" | |
| 14 #include "webrtc/base/byteorder.h" | 15 #include "webrtc/base/byteorder.h" |
| 15 #include "webrtc/base/constructormagic.h" | 16 #include "webrtc/base/constructormagic.h" |
| 16 #include "webrtc/base/gunit.h" | 17 #include "webrtc/base/gunit.h" |
| 17 #include "webrtc/base/thread.h" | 18 #include "webrtc/base/thread.h" |
| 18 #include "webrtc/media/base/cryptoparams.h" | 19 #include "webrtc/media/base/cryptoparams.h" |
| 19 #include "webrtc/media/base/fakertp.h" | 20 #include "webrtc/media/base/fakertp.h" |
| 20 #include "webrtc/p2p/base/sessiondescription.h" | 21 #include "webrtc/p2p/base/sessiondescription.h" |
| 21 | 22 |
| 22 using rtc::CS_AES_CM_128_HMAC_SHA1_80; | 23 using rtc::CS_AES_CM_128_HMAC_SHA1_80; |
| 23 using rtc::CS_AES_CM_128_HMAC_SHA1_32; | 24 using rtc::CS_AES_CM_128_HMAC_SHA1_32; |
| 24 using rtc::CS_AEAD_AES_128_GCM; | 25 using rtc::CS_AEAD_AES_128_GCM; |
| 25 using rtc::CS_AEAD_AES_256_GCM; | 26 using rtc::CS_AEAD_AES_256_GCM; |
| 26 using cricket::CryptoParams; | 27 using cricket::CryptoParams; |
| 27 using cricket::CS_LOCAL; | 28 using cricket::CS_LOCAL; |
| 28 using cricket::CS_REMOTE; | 29 using cricket::CS_REMOTE; |
| 29 | 30 |
| 30 static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; | 31 static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; |
| 31 static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; | 32 static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 32 static const int kTestKeyLen = 30; | 33 static const int kTestKeyLen = 30; |
| 34 static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12"; | |
| 35 static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA"; | |
| 36 static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt. | |
| 37 static const uint8_t kTestKeyGcm256_1[] = | |
| 38 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr"; | |
| 39 static const uint8_t kTestKeyGcm256_2[] = | |
| 40 "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"; | |
| 41 static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt. | |
| 33 static const std::string kTestKeyParams1 = | 42 static const std::string kTestKeyParams1 = |
| 34 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; | 43 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; |
| 35 static const std::string kTestKeyParams2 = | 44 static const std::string kTestKeyParams2 = |
| 36 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; | 45 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; |
| 37 static const std::string kTestKeyParams3 = | 46 static const std::string kTestKeyParams3 = |
| 38 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; | 47 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; |
| 39 static const std::string kTestKeyParams4 = | 48 static const std::string kTestKeyParams4 = |
| 40 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; | 49 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; |
| 41 static const std::string kTestKeyParamsGcm1 = | 50 static const std::string kTestKeyParamsGcm1 = |
| 42 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI="; | 51 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI="; |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 53 static const cricket::CryptoParams kTestCryptoParamsGcm1( | 62 static const cricket::CryptoParams kTestCryptoParamsGcm1( |
| 54 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); | 63 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); |
| 55 static const cricket::CryptoParams kTestCryptoParamsGcm2( | 64 static const cricket::CryptoParams kTestCryptoParamsGcm2( |
| 56 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); | 65 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); |
| 57 static const cricket::CryptoParams kTestCryptoParamsGcm3( | 66 static const cricket::CryptoParams kTestCryptoParamsGcm3( |
| 58 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); | 67 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); |
| 59 static const cricket::CryptoParams kTestCryptoParamsGcm4( | 68 static const cricket::CryptoParams kTestCryptoParamsGcm4( |
| 60 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); | 69 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); |
| 61 | 70 |
| 62 static int rtp_auth_tag_len(const std::string& cs) { | 71 static int rtp_auth_tag_len(const std::string& cs) { |
| 63 return (cs == CS_AES_CM_128_HMAC_SHA1_32) ? 4 : 10; | 72 if (cs == CS_AES_CM_128_HMAC_SHA1_32) { |
| 73 return 4; | |
| 74 } else if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { | |
| 75 return 16; | |
| 76 } else { | |
| 77 return 10; | |
| 78 } | |
| 64 } | 79 } |
| 65 static int rtcp_auth_tag_len(const std::string& cs) { | 80 static int rtcp_auth_tag_len(const std::string& cs) { |
| 66 return 10; | 81 if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { |
| 82 return 16; | |
| 83 } else { | |
| 84 return 10; | |
| 85 } | |
| 67 } | 86 } |
| 68 | 87 |
| 69 class SrtpFilterTest : public testing::Test { | 88 class SrtpFilterTest : public testing::Test { |
| 70 protected: | 89 protected: |
| 71 SrtpFilterTest() | 90 SrtpFilterTest() |
| 72 // Need to initialize |sequence_number_|, the value does not matter. | 91 // Need to initialize |sequence_number_|, the value does not matter. |
| 73 : sequence_number_(1) { | 92 : sequence_number_(1) { |
| 74 } | 93 } |
| 75 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { | 94 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { |
| 76 std::vector<CryptoParams> vec; | 95 std::vector<CryptoParams> vec; |
| 77 vec.push_back(params); | 96 vec.push_back(params); |
| 78 return vec; | 97 return vec; |
| 79 } | 98 } |
| 80 void TestSetParams(const std::vector<CryptoParams>& params1, | 99 void TestSetParams(const std::vector<CryptoParams>& params1, |
| 81 const std::vector<CryptoParams>& params2) { | 100 const std::vector<CryptoParams>& params2) { |
| 82 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); | 101 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); |
| 83 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); | 102 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); |
| 84 EXPECT_FALSE(f1_.IsActive()); | 103 EXPECT_FALSE(f1_.IsActive()); |
| 85 EXPECT_FALSE(f2_.IsActive()); | 104 EXPECT_FALSE(f2_.IsActive()); |
| 86 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); | 105 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); |
| 87 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); | 106 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); |
| 88 EXPECT_TRUE(f1_.IsActive()); | 107 EXPECT_TRUE(f1_.IsActive()); |
| 89 EXPECT_TRUE(f2_.IsActive()); | 108 EXPECT_TRUE(f2_.IsActive()); |
| 90 } | 109 } |
| 91 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { | 110 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { |
| 92 char rtp_packet[sizeof(kPcmuFrame) + 10]; | 111 rtc::Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1)); |
| 112 char* rtp_packet = rtp_buffer.data<char>(); | |
| 93 char original_rtp_packet[sizeof(kPcmuFrame)]; | 113 char original_rtp_packet[sizeof(kPcmuFrame)]; |
| 94 char rtcp_packet[sizeof(kRtcpReport) + 4 + 10]; | 114 rtc::Buffer rtcp_buffer(sizeof(kRtcpReport) + 4 + rtcp_auth_tag_len(cs2)); |
| 115 char* rtcp_packet = rtcp_buffer.data<char>(); | |
| 95 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; | 116 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; |
| 96 memcpy(rtp_packet, kPcmuFrame, rtp_len); | 117 memcpy(rtp_packet, kPcmuFrame, rtp_len); |
| 97 // In order to be able to run this test function multiple times we can not | 118 // In order to be able to run this test function multiple times we can not |
| 98 // use the same sequence number twice. Increase the sequence number by one. | 119 // use the same sequence number twice. Increase the sequence number by one. |
| 99 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, | 120 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, |
| 100 ++sequence_number_); | 121 ++sequence_number_); |
| 101 memcpy(original_rtp_packet, rtp_packet, rtp_len); | 122 memcpy(original_rtp_packet, rtp_packet, rtp_len); |
| 102 memcpy(rtcp_packet, kRtcpReport, rtcp_len); | 123 memcpy(rtcp_packet, kRtcpReport, rtcp_len); |
| 103 | 124 |
| 104 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, | 125 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, |
| 105 sizeof(rtp_packet), &out_len)); | 126 rtp_buffer.size(), &out_len)); |
| 106 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); | 127 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); |
| 107 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 128 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 108 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); | 129 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| 109 EXPECT_EQ(rtp_len, out_len); | 130 EXPECT_EQ(rtp_len, out_len); |
| 110 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 131 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 111 | 132 |
| 112 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, | 133 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, |
| 113 sizeof(rtp_packet), &out_len)); | 134 rtp_buffer.size(), &out_len)); |
| 114 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); | 135 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); |
| 115 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 136 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 116 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); | 137 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| 117 EXPECT_EQ(rtp_len, out_len); | 138 EXPECT_EQ(rtp_len, out_len); |
| 118 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 139 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 119 | 140 |
| 120 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, | 141 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, |
| 121 sizeof(rtcp_packet), &out_len)); | 142 rtcp_buffer.size(), &out_len)); |
| 122 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT | 143 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT |
| 123 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 144 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 124 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); | 145 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); |
| 125 EXPECT_EQ(rtcp_len, out_len); | 146 EXPECT_EQ(rtcp_len, out_len); |
| 126 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 147 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 127 | 148 |
| 128 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len, | 149 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len, |
| 129 sizeof(rtcp_packet), &out_len)); | 150 rtcp_buffer.size(), &out_len)); |
| 130 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT | 151 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT |
| 131 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 152 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 132 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); | 153 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); |
| 133 EXPECT_EQ(rtcp_len, out_len); | 154 EXPECT_EQ(rtcp_len, out_len); |
| 134 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 155 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 135 } | 156 } |
| 136 cricket::SrtpFilter f1_; | 157 cricket::SrtpFilter f1_; |
| 137 cricket::SrtpFilter f2_; | 158 cricket::SrtpFilter f2_; |
| 138 int sequence_number_; | 159 int sequence_number_; |
| 139 }; | 160 }; |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 515 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 536 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); |
| 516 | 537 |
| 517 // Complete the negotiation. | 538 // Complete the negotiation. |
| 518 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); | 539 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); |
| 519 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); | 540 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); |
| 520 | 541 |
| 521 EXPECT_FALSE(f1_.IsActive()); | 542 EXPECT_FALSE(f1_.IsActive()); |
| 522 EXPECT_FALSE(f2_.IsActive()); | 543 EXPECT_FALSE(f2_.IsActive()); |
| 523 } | 544 } |
| 524 | 545 |
| 525 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80 | 546 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80. |
| 526 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { | 547 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { |
| 527 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 548 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 528 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, | 549 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| 529 kTestKey2, kTestKeyLen)); | 550 kTestKey2, kTestKeyLen)); |
| 530 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, | 551 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, |
| 531 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, | 552 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| 532 kTestKey1, kTestKeyLen)); | 553 kTestKey1, kTestKeyLen)); |
| 533 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 554 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 534 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, | 555 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| 535 kTestKey2, kTestKeyLen)); | 556 kTestKey2, kTestKeyLen)); |
| 536 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, | 557 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, |
| 537 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, | 558 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| 538 kTestKey1, kTestKeyLen)); | 559 kTestKey1, kTestKeyLen)); |
| 539 EXPECT_TRUE(f1_.IsActive()); | 560 EXPECT_TRUE(f1_.IsActive()); |
| 540 EXPECT_TRUE(f2_.IsActive()); | 561 EXPECT_TRUE(f2_.IsActive()); |
| 541 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 562 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); |
| 542 } | 563 } |
| 543 | 564 |
| 544 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32 | 565 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32. |
| 545 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { | 566 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { |
| 546 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 567 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 547 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 568 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 548 kTestKey2, kTestKeyLen)); | 569 kTestKey2, kTestKeyLen)); |
| 549 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, | 570 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, |
| 550 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 571 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 551 kTestKey1, kTestKeyLen)); | 572 kTestKey1, kTestKeyLen)); |
| 552 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 573 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 553 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 574 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 554 kTestKey2, kTestKeyLen)); | 575 kTestKey2, kTestKeyLen)); |
| 555 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, | 576 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, |
| 556 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 577 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 557 kTestKey1, kTestKeyLen)); | 578 kTestKey1, kTestKeyLen)); |
| 558 EXPECT_TRUE(f1_.IsActive()); | 579 EXPECT_TRUE(f1_.IsActive()); |
| 559 EXPECT_TRUE(f2_.IsActive()); | 580 EXPECT_TRUE(f2_.IsActive()); |
| 560 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); | 581 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); |
| 561 } | 582 } |
| 562 | 583 |
| 563 // Test directly setting the params with bogus keys | 584 // Test directly setting the params with SRTP_AEAD_AES_128_GCM. |
| 585 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_128_GCM) { | |
| 586 // GCM should not allow external auth anyway. | |
|
Taylor Brandstetter
2017/03/01 01:45:32
Can remove this comment now.
joachim
2017/03/01 17:28:28
Done.
| |
| 587 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, | |
| 588 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, | |
| 589 kTestKeyGcm128_2, kTestKeyGcm128Len)); | |
| 590 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, | |
| 591 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, | |
| 592 kTestKeyGcm128_1, kTestKeyGcm128Len)); | |
| 593 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, | |
| 594 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, | |
| 595 kTestKeyGcm128_2, kTestKeyGcm128Len)); | |
| 596 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, | |
| 597 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, | |
| 598 kTestKeyGcm128_1, kTestKeyGcm128Len)); | |
|
Taylor Brandstetter
2017/03/01 01:45:32
Would it make sense to do "EXPECT_FALSE(f1_.IsExte
joachim
2017/03/01 17:28:27
Done here and in the other similar tests.
| |
| 599 EXPECT_TRUE(f1_.IsActive()); | |
| 600 EXPECT_TRUE(f2_.IsActive()); | |
| 601 TestProtectUnprotect(CS_AEAD_AES_128_GCM, CS_AEAD_AES_128_GCM); | |
| 602 } | |
| 603 | |
| 604 // Test directly setting the params with SRTP_AEAD_AES_256_GCM. | |
| 605 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_256_GCM) { | |
| 606 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, | |
| 607 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, | |
| 608 kTestKeyGcm256_2, kTestKeyGcm256Len)); | |
| 609 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, | |
| 610 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, | |
| 611 kTestKeyGcm256_1, kTestKeyGcm256Len)); | |
| 612 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, | |
| 613 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, | |
| 614 kTestKeyGcm256_2, kTestKeyGcm256Len)); | |
| 615 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, | |
| 616 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, | |
| 617 kTestKeyGcm256_1, kTestKeyGcm256Len)); | |
| 618 EXPECT_TRUE(f1_.IsActive()); | |
| 619 EXPECT_TRUE(f2_.IsActive()); | |
| 620 TestProtectUnprotect(CS_AEAD_AES_256_GCM, CS_AEAD_AES_256_GCM); | |
| 621 } | |
| 622 | |
| 623 // Test directly setting the params with bogus keys. | |
| 564 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { | 624 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { |
| 565 EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 625 EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 566 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, | 626 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, |
| 567 kTestKey1, kTestKeyLen - 1)); | 627 kTestKey1, kTestKeyLen - 1)); |
| 568 EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 628 EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 569 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, | 629 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, |
| 570 kTestKey1, kTestKeyLen - 1)); | 630 kTestKey1, kTestKeyLen - 1)); |
| 571 } | 631 } |
| 572 | 632 |
| 573 #if defined(ENABLE_EXTERNAL_AUTH) | 633 #if defined(ENABLE_EXTERNAL_AUTH) |
| 574 TEST_F(SrtpFilterTest, TestGetSendAuthParams) { | 634 TEST_F(SrtpFilterTest, TestGetSendAuthParams) { |
| 575 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 635 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 576 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 636 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 577 kTestKey2, kTestKeyLen)); | 637 kTestKey2, kTestKeyLen)); |
| 578 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 638 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 579 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 639 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 580 kTestKey2, kTestKeyLen)); | 640 kTestKey2, kTestKeyLen)); |
| 641 // Non-GCM ciphers support external auth. | |
| 642 EXPECT_TRUE(f1_.IsExternalAuthActive()); | |
| 581 uint8_t* auth_key = NULL; | 643 uint8_t* auth_key = NULL; |
| 582 int auth_key_len = 0, auth_tag_len = 0; | 644 int auth_key_len = 0, auth_tag_len = 0; |
| 583 EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len)); | 645 EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len)); |
| 584 EXPECT_TRUE(auth_key != NULL); | 646 EXPECT_TRUE(auth_key != NULL); |
| 585 EXPECT_EQ(20, auth_key_len); | 647 EXPECT_EQ(20, auth_key_len); |
| 586 EXPECT_EQ(4, auth_tag_len); | 648 EXPECT_EQ(4, auth_tag_len); |
| 587 } | 649 } |
| 588 #endif | 650 #endif |
| 589 | 651 |
| 590 class SrtpSessionTest : public testing::Test { | 652 class SrtpSessionTest : public testing::Test { |
| (...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 932 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); | 994 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); |
| 933 EXPECT_EQ(-1, mode_); | 995 EXPECT_EQ(-1, mode_); |
| 934 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); | 996 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); |
| 935 // Now the error will be triggered again. | 997 // Now the error will be triggered again. |
| 936 Reset(); | 998 Reset(); |
| 937 rtc::Thread::Current()->SleepMs(210); | 999 rtc::Thread::Current()->SleepMs(210); |
| 938 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); | 1000 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); |
| 939 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); | 1001 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); |
| 940 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); | 1002 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); |
| 941 } | 1003 } |
| OLD | NEW |
