| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. | 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 #include "webrtc/pc/srtpfilter.h" | 11 #include "webrtc/pc/srtpfilter.h" |
| 12 | 12 |
| 13 #include "third_party/libsrtp/include/srtp.h" | 13 #include "third_party/libsrtp/include/srtp.h" |
| 14 #include "webrtc/base/buffer.h" |
| 14 #include "webrtc/base/byteorder.h" | 15 #include "webrtc/base/byteorder.h" |
| 15 #include "webrtc/base/constructormagic.h" | 16 #include "webrtc/base/constructormagic.h" |
| 16 #include "webrtc/base/gunit.h" | 17 #include "webrtc/base/gunit.h" |
| 17 #include "webrtc/base/thread.h" | 18 #include "webrtc/base/thread.h" |
| 18 #include "webrtc/media/base/cryptoparams.h" | 19 #include "webrtc/media/base/cryptoparams.h" |
| 19 #include "webrtc/media/base/fakertp.h" | 20 #include "webrtc/media/base/fakertp.h" |
| 20 #include "webrtc/p2p/base/sessiondescription.h" | 21 #include "webrtc/p2p/base/sessiondescription.h" |
| 21 | 22 |
| 22 using rtc::CS_AES_CM_128_HMAC_SHA1_80; | 23 using rtc::CS_AES_CM_128_HMAC_SHA1_80; |
| 23 using rtc::CS_AES_CM_128_HMAC_SHA1_32; | 24 using rtc::CS_AES_CM_128_HMAC_SHA1_32; |
| 24 using rtc::CS_AEAD_AES_128_GCM; | 25 using rtc::CS_AEAD_AES_128_GCM; |
| 25 using rtc::CS_AEAD_AES_256_GCM; | 26 using rtc::CS_AEAD_AES_256_GCM; |
| 26 using cricket::CryptoParams; | 27 using cricket::CryptoParams; |
| 27 using cricket::CS_LOCAL; | 28 using cricket::CS_LOCAL; |
| 28 using cricket::CS_REMOTE; | 29 using cricket::CS_REMOTE; |
| 29 | 30 |
| 30 static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; | 31 static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; |
| 31 static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; | 32 static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 32 static const int kTestKeyLen = 30; | 33 static const int kTestKeyLen = 30; |
| 34 static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12"; |
| 35 static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 36 static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt. |
| 37 static const uint8_t kTestKeyGcm256_1[] = |
| 38 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr"; |
| 39 static const uint8_t kTestKeyGcm256_2[] = |
| 40 "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 41 static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt. |
| 33 static const std::string kTestKeyParams1 = | 42 static const std::string kTestKeyParams1 = |
| 34 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; | 43 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; |
| 35 static const std::string kTestKeyParams2 = | 44 static const std::string kTestKeyParams2 = |
| 36 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; | 45 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; |
| 37 static const std::string kTestKeyParams3 = | 46 static const std::string kTestKeyParams3 = |
| 38 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; | 47 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; |
| 39 static const std::string kTestKeyParams4 = | 48 static const std::string kTestKeyParams4 = |
| 40 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; | 49 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; |
| 41 static const std::string kTestKeyParamsGcm1 = | 50 static const std::string kTestKeyParamsGcm1 = |
| 42 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI="; | 51 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI="; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 53 static const cricket::CryptoParams kTestCryptoParamsGcm1( | 62 static const cricket::CryptoParams kTestCryptoParamsGcm1( |
| 54 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); | 63 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); |
| 55 static const cricket::CryptoParams kTestCryptoParamsGcm2( | 64 static const cricket::CryptoParams kTestCryptoParamsGcm2( |
| 56 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); | 65 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); |
| 57 static const cricket::CryptoParams kTestCryptoParamsGcm3( | 66 static const cricket::CryptoParams kTestCryptoParamsGcm3( |
| 58 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); | 67 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); |
| 59 static const cricket::CryptoParams kTestCryptoParamsGcm4( | 68 static const cricket::CryptoParams kTestCryptoParamsGcm4( |
| 60 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); | 69 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); |
| 61 | 70 |
| 62 static int rtp_auth_tag_len(const std::string& cs) { | 71 static int rtp_auth_tag_len(const std::string& cs) { |
| 63 return (cs == CS_AES_CM_128_HMAC_SHA1_32) ? 4 : 10; | 72 if (cs == CS_AES_CM_128_HMAC_SHA1_32) { |
| 73 return 4; |
| 74 } else if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { |
| 75 return 16; |
| 76 } else { |
| 77 return 10; |
| 78 } |
| 64 } | 79 } |
| 65 static int rtcp_auth_tag_len(const std::string& cs) { | 80 static int rtcp_auth_tag_len(const std::string& cs) { |
| 66 return 10; | 81 if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { |
| 82 return 16; |
| 83 } else { |
| 84 return 10; |
| 85 } |
| 67 } | 86 } |
| 68 | 87 |
| 69 class SrtpFilterTest : public testing::Test { | 88 class SrtpFilterTest : public testing::Test { |
| 70 protected: | 89 protected: |
| 71 SrtpFilterTest() | 90 SrtpFilterTest() |
| 72 // Need to initialize |sequence_number_|, the value does not matter. | 91 // Need to initialize |sequence_number_|, the value does not matter. |
| 73 : sequence_number_(1) { | 92 : sequence_number_(1) { |
| 74 } | 93 } |
| 75 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { | 94 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { |
| 76 std::vector<CryptoParams> vec; | 95 std::vector<CryptoParams> vec; |
| 77 vec.push_back(params); | 96 vec.push_back(params); |
| 78 return vec; | 97 return vec; |
| 79 } | 98 } |
| 80 void TestSetParams(const std::vector<CryptoParams>& params1, | 99 void TestSetParams(const std::vector<CryptoParams>& params1, |
| 81 const std::vector<CryptoParams>& params2) { | 100 const std::vector<CryptoParams>& params2) { |
| 82 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); | 101 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); |
| 83 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); | 102 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); |
| 84 EXPECT_FALSE(f1_.IsActive()); | 103 EXPECT_FALSE(f1_.IsActive()); |
| 85 EXPECT_FALSE(f2_.IsActive()); | 104 EXPECT_FALSE(f2_.IsActive()); |
| 86 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); | 105 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); |
| 87 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); | 106 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); |
| 88 EXPECT_TRUE(f1_.IsActive()); | 107 EXPECT_TRUE(f1_.IsActive()); |
| 89 EXPECT_TRUE(f2_.IsActive()); | 108 EXPECT_TRUE(f2_.IsActive()); |
| 90 } | 109 } |
| 91 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { | 110 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { |
| 92 char rtp_packet[sizeof(kPcmuFrame) + 10]; | 111 rtc::Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1)); |
| 112 char* rtp_packet = rtp_buffer.data<char>(); |
| 93 char original_rtp_packet[sizeof(kPcmuFrame)]; | 113 char original_rtp_packet[sizeof(kPcmuFrame)]; |
| 94 char rtcp_packet[sizeof(kRtcpReport) + 4 + 10]; | 114 rtc::Buffer rtcp_buffer(sizeof(kRtcpReport) + 4 + rtcp_auth_tag_len(cs2)); |
| 115 char* rtcp_packet = rtcp_buffer.data<char>(); |
| 95 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; | 116 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; |
| 96 memcpy(rtp_packet, kPcmuFrame, rtp_len); | 117 memcpy(rtp_packet, kPcmuFrame, rtp_len); |
| 97 // In order to be able to run this test function multiple times we can not | 118 // In order to be able to run this test function multiple times we can not |
| 98 // use the same sequence number twice. Increase the sequence number by one. | 119 // use the same sequence number twice. Increase the sequence number by one. |
| 99 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, | 120 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, |
| 100 ++sequence_number_); | 121 ++sequence_number_); |
| 101 memcpy(original_rtp_packet, rtp_packet, rtp_len); | 122 memcpy(original_rtp_packet, rtp_packet, rtp_len); |
| 102 memcpy(rtcp_packet, kRtcpReport, rtcp_len); | 123 memcpy(rtcp_packet, kRtcpReport, rtcp_len); |
| 103 | 124 |
| 104 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, | 125 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, |
| 105 sizeof(rtp_packet), &out_len)); | 126 static_cast<int>(rtp_buffer.size()), |
| 127 &out_len)); |
| 106 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); | 128 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); |
| 107 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 129 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 108 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); | 130 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| 109 EXPECT_EQ(rtp_len, out_len); | 131 EXPECT_EQ(rtp_len, out_len); |
| 110 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 132 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 111 | 133 |
| 112 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, | 134 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, |
| 113 sizeof(rtp_packet), &out_len)); | 135 static_cast<int>(rtp_buffer.size()), |
| 136 &out_len)); |
| 114 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); | 137 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); |
| 115 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 138 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 116 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); | 139 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| 117 EXPECT_EQ(rtp_len, out_len); | 140 EXPECT_EQ(rtp_len, out_len); |
| 118 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 141 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 119 | 142 |
| 120 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, | 143 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, |
| 121 sizeof(rtcp_packet), &out_len)); | 144 static_cast<int>(rtcp_buffer.size()), |
| 145 &out_len)); |
| 122 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT | 146 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT |
| 123 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 147 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 124 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); | 148 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); |
| 125 EXPECT_EQ(rtcp_len, out_len); | 149 EXPECT_EQ(rtcp_len, out_len); |
| 126 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 150 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 127 | 151 |
| 128 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len, | 152 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len, |
| 129 sizeof(rtcp_packet), &out_len)); | 153 static_cast<int>(rtcp_buffer.size()), |
| 154 &out_len)); |
| 130 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT | 155 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT |
| 131 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 156 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 132 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); | 157 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); |
| 133 EXPECT_EQ(rtcp_len, out_len); | 158 EXPECT_EQ(rtcp_len, out_len); |
| 134 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 159 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 135 } | 160 } |
| 136 cricket::SrtpFilter f1_; | 161 cricket::SrtpFilter f1_; |
| 137 cricket::SrtpFilter f2_; | 162 cricket::SrtpFilter f2_; |
| 138 int sequence_number_; | 163 int sequence_number_; |
| 139 }; | 164 }; |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 515 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 540 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); |
| 516 | 541 |
| 517 // Complete the negotiation. | 542 // Complete the negotiation. |
| 518 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); | 543 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); |
| 519 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); | 544 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); |
| 520 | 545 |
| 521 EXPECT_FALSE(f1_.IsActive()); | 546 EXPECT_FALSE(f1_.IsActive()); |
| 522 EXPECT_FALSE(f2_.IsActive()); | 547 EXPECT_FALSE(f2_.IsActive()); |
| 523 } | 548 } |
| 524 | 549 |
| 525 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80 | 550 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80. |
| 526 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { | 551 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { |
| 527 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 552 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 528 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, | 553 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| 529 kTestKey2, kTestKeyLen)); | 554 kTestKey2, kTestKeyLen)); |
| 530 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, | 555 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, |
| 531 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, | 556 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| 532 kTestKey1, kTestKeyLen)); | 557 kTestKey1, kTestKeyLen)); |
| 533 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 558 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 534 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, | 559 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| 535 kTestKey2, kTestKeyLen)); | 560 kTestKey2, kTestKeyLen)); |
| 536 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, | 561 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, |
| 537 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, | 562 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| 538 kTestKey1, kTestKeyLen)); | 563 kTestKey1, kTestKeyLen)); |
| 539 EXPECT_TRUE(f1_.IsActive()); | 564 EXPECT_TRUE(f1_.IsActive()); |
| 540 EXPECT_TRUE(f2_.IsActive()); | 565 EXPECT_TRUE(f2_.IsActive()); |
| 566 #if defined(ENABLE_EXTERNAL_AUTH) |
| 567 EXPECT_TRUE(f1_.IsExternalAuthActive()); |
| 568 EXPECT_TRUE(f2_.IsExternalAuthActive()); |
| 569 #endif |
| 541 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 570 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); |
| 542 } | 571 } |
| 543 | 572 |
| 544 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32 | 573 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32. |
| 545 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { | 574 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { |
| 546 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 575 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 547 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 576 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 548 kTestKey2, kTestKeyLen)); | 577 kTestKey2, kTestKeyLen)); |
| 549 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, | 578 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, |
| 550 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 579 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 551 kTestKey1, kTestKeyLen)); | 580 kTestKey1, kTestKeyLen)); |
| 552 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 581 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 553 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 582 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 554 kTestKey2, kTestKeyLen)); | 583 kTestKey2, kTestKeyLen)); |
| 555 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, | 584 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, |
| 556 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 585 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 557 kTestKey1, kTestKeyLen)); | 586 kTestKey1, kTestKeyLen)); |
| 558 EXPECT_TRUE(f1_.IsActive()); | 587 EXPECT_TRUE(f1_.IsActive()); |
| 559 EXPECT_TRUE(f2_.IsActive()); | 588 EXPECT_TRUE(f2_.IsActive()); |
| 589 #if defined(ENABLE_EXTERNAL_AUTH) |
| 590 EXPECT_TRUE(f1_.IsExternalAuthActive()); |
| 591 EXPECT_TRUE(f2_.IsExternalAuthActive()); |
| 592 #endif |
| 560 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); | 593 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); |
| 561 } | 594 } |
| 562 | 595 |
| 563 // Test directly setting the params with bogus keys | 596 // Test directly setting the params with SRTP_AEAD_AES_128_GCM. |
| 597 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_128_GCM) { |
| 598 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, |
| 599 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, |
| 600 kTestKeyGcm128_2, kTestKeyGcm128Len)); |
| 601 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, |
| 602 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, |
| 603 kTestKeyGcm128_1, kTestKeyGcm128Len)); |
| 604 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, |
| 605 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, |
| 606 kTestKeyGcm128_2, kTestKeyGcm128Len)); |
| 607 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, |
| 608 kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, |
| 609 kTestKeyGcm128_1, kTestKeyGcm128Len)); |
| 610 EXPECT_TRUE(f1_.IsActive()); |
| 611 EXPECT_TRUE(f2_.IsActive()); |
| 612 #if defined(ENABLE_EXTERNAL_AUTH) |
| 613 EXPECT_FALSE(f1_.IsExternalAuthActive()); |
| 614 EXPECT_FALSE(f2_.IsExternalAuthActive()); |
| 615 #endif |
| 616 TestProtectUnprotect(CS_AEAD_AES_128_GCM, CS_AEAD_AES_128_GCM); |
| 617 } |
| 618 |
| 619 // Test directly setting the params with SRTP_AEAD_AES_256_GCM. |
| 620 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_256_GCM) { |
| 621 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, |
| 622 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, |
| 623 kTestKeyGcm256_2, kTestKeyGcm256Len)); |
| 624 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, |
| 625 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, |
| 626 kTestKeyGcm256_1, kTestKeyGcm256Len)); |
| 627 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, |
| 628 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, |
| 629 kTestKeyGcm256_2, kTestKeyGcm256Len)); |
| 630 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, |
| 631 kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, |
| 632 kTestKeyGcm256_1, kTestKeyGcm256Len)); |
| 633 EXPECT_TRUE(f1_.IsActive()); |
| 634 EXPECT_TRUE(f2_.IsActive()); |
| 635 #if defined(ENABLE_EXTERNAL_AUTH) |
| 636 EXPECT_FALSE(f1_.IsExternalAuthActive()); |
| 637 EXPECT_FALSE(f2_.IsExternalAuthActive()); |
| 638 #endif |
| 639 TestProtectUnprotect(CS_AEAD_AES_256_GCM, CS_AEAD_AES_256_GCM); |
| 640 } |
| 641 |
| 642 // Test directly setting the params with bogus keys. |
| 564 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { | 643 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { |
| 565 EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 644 EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 566 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, | 645 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, |
| 567 kTestKey1, kTestKeyLen - 1)); | 646 kTestKey1, kTestKeyLen - 1)); |
| 568 EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 647 EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 569 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, | 648 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, |
| 570 kTestKey1, kTestKeyLen - 1)); | 649 kTestKey1, kTestKeyLen - 1)); |
| 571 } | 650 } |
| 572 | 651 |
| 573 #if defined(ENABLE_EXTERNAL_AUTH) | 652 #if defined(ENABLE_EXTERNAL_AUTH) |
| 574 TEST_F(SrtpFilterTest, TestGetSendAuthParams) { | 653 TEST_F(SrtpFilterTest, TestGetSendAuthParams) { |
| 575 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 654 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 576 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 655 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 577 kTestKey2, kTestKeyLen)); | 656 kTestKey2, kTestKeyLen)); |
| 578 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, | 657 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 579 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, | 658 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| 580 kTestKey2, kTestKeyLen)); | 659 kTestKey2, kTestKeyLen)); |
| 660 // Non-GCM ciphers support external auth. |
| 661 EXPECT_TRUE(f1_.IsExternalAuthActive()); |
| 581 uint8_t* auth_key = NULL; | 662 uint8_t* auth_key = NULL; |
| 582 int auth_key_len = 0, auth_tag_len = 0; | 663 int auth_key_len = 0, auth_tag_len = 0; |
| 583 EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len)); | 664 EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len)); |
| 584 EXPECT_TRUE(auth_key != NULL); | 665 EXPECT_TRUE(auth_key != NULL); |
| 585 EXPECT_EQ(20, auth_key_len); | 666 EXPECT_EQ(20, auth_key_len); |
| 586 EXPECT_EQ(4, auth_tag_len); | 667 EXPECT_EQ(4, auth_tag_len); |
| 587 } | 668 } |
| 588 #endif | 669 #endif |
| 589 | 670 |
| 590 class SrtpSessionTest : public testing::Test { | 671 class SrtpSessionTest : public testing::Test { |
| (...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 932 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); | 1013 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); |
| 933 EXPECT_EQ(-1, mode_); | 1014 EXPECT_EQ(-1, mode_); |
| 934 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); | 1015 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); |
| 935 // Now the error will be triggered again. | 1016 // Now the error will be triggered again. |
| 936 Reset(); | 1017 Reset(); |
| 937 rtc::Thread::Current()->SleepMs(210); | 1018 rtc::Thread::Current()->SleepMs(210); |
| 938 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); | 1019 srtp_stat_.AddUnprotectRtcpResult(srtp_err_status_fail); |
| 939 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); | 1020 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); |
| 940 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); | 1021 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); |
| 941 } | 1022 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2720663003:
Support GCM ciphers even if ENABLE_EXTERNAL_AUTH is defined. (Closed)
