Improve testing of SRTP external auth code paths.

webrtc/pc/srtpfilter.h

 /*
  *  Copyright 2009 The WebRTC project authors. All Rights Reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 96 matching lines @@
   // If an HMAC is used, this will decrease the packet size.
   bool UnprotectRtp(void* data, int in_len, int* out_len);
   bool UnprotectRtcp(void* data, int in_len, int* out_len);
 
   // Returns rtp auth params from srtp context.
   bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
 
   // Returns srtp overhead for rtp packets.
   bool GetSrtpOverhead(int* srtp_overhead) const;
 
-#if defined(ENABLE_EXTERNAL_AUTH)
+  void AllowExternalAuthForTest(bool allow);
+
+  // External auth is only allowed if ENABLE_EXTERNAL_AUTH is defined or
+  // it has been explicitly activated for tests.

[Taylor Brandstetter, 2017/03/03 02:20:34]

Is there any comment in general explaining what external auth is? If not it
would be nice, in case someone encounters this code without context.

[joachim, 2017/03/03 20:42:57]

There is a comment in channel.cc (BaseChannel::SendPacket) where the code is
different depending on whether external auth is active.

Added another comment here.

+  bool IsExternalAuthAllowed() const;
+
   // A SRTP filter supports external creation of the auth tag if a non-GCM
   // cipher is used. This method is only valid after the RTP params have
   // been set.
   bool IsExternalAuthActive() const;
-#endif
 
   // Update the silent threshold (in ms) for signaling errors.
   void set_signal_silent_time(int signal_silent_time_in_ms);
 
   bool ResetParams();
 
   sigslot::repeater3<uint32_t, Mode, Error> SignalSrtpError;
 
  protected:
   bool ExpectOffer(ContentSource source);
@@ skipping 29 matching lines @@
     ST_RECEIVEDUPDATEDOFFER,
     // SRTP filter is active but the sent answer is only provisional.
     // When the final answer is set, the state transitions to ST_ACTIVE or
     // ST_INIT.
     ST_SENTPRANSWER,
     // SRTP filter is active but the received answer is only provisional.
     // When the final answer is set, the state transitions to ST_ACTIVE or
     // ST_INIT.
     ST_RECEIVEDPRANSWER
   };
-  State state_;
-  int signal_silent_time_in_ms_;
+  State state_ = ST_INIT;
+  int signal_silent_time_in_ms_ = 0;
+  bool external_auth_allowed_ = false;
   std::vector<CryptoParams> offer_params_;
   std::unique_ptr<SrtpSession> send_session_;
   std::unique_ptr<SrtpSession> recv_session_;
   std::unique_ptr<SrtpSession> send_rtcp_session_;
   std::unique_ptr<SrtpSession> recv_rtcp_session_;
   CryptoParams applied_send_params_;
   CryptoParams applied_recv_params_;
 };
 
 // Class that wraps a libSRTP session.
@@ skipping 22 matching lines @@
   // Decrypts/verifies an invidiual RTP/RTCP packet.
   // If an HMAC is used, this will decrease the packet size.
   bool UnprotectRtp(void* data, int in_len, int* out_len);
   bool UnprotectRtcp(void* data, int in_len, int* out_len);
 
   // Helper method to get authentication params.
   bool GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len);
 
   int GetSrtpOverhead() const;
 
-#if defined(ENABLE_EXTERNAL_AUTH)
+  void AllowExternalAuthForTest(bool allow);
+
+  // External auth is only allowed if ENABLE_EXTERNAL_AUTH is defined or
+  // it has been explicitly activated for tests.
+  bool IsExternalAuthAllowed() const;
+
   // A SRTP session supports external creation of the auth tag if a non-GCM
   // cipher is used. This method is only valid after the RTP params have
   // been set.
   bool IsExternalAuthActive() const;
-#endif
 
   // Update the silent threshold (in ms) for signaling errors.
   void set_signal_silent_time(int signal_silent_time_in_ms);
 
   // Calls srtp_shutdown if it's initialized.
   static void Terminate();
 
   sigslot::repeater3<uint32_t, SrtpFilter::Mode, SrtpFilter::Error>
       SignalSrtpError;
 
  private:
   bool SetKey(int type, int cs, const uint8_t* key, size_t len);
     // Returns send stream current packet index from srtp db.
   bool GetSendStreamPacketIndex(void* data, int in_len, int64_t* index);
 
   static bool Init();
   void HandleEvent(const srtp_event_data_t* ev);
   static void HandleEventThunk(srtp_event_data_t* ev);
 
   rtc::ThreadChecker thread_checker_;
   srtp_ctx_t_* session_ = nullptr;
   int rtp_auth_tag_len_ = 0;
   int rtcp_auth_tag_len_ = 0;
   std::unique_ptr<SrtpStat> srtp_stat_;
   static bool inited_;
   static rtc::GlobalLockPod lock_;
   int last_send_seq_num_ = -1;
-#if defined(ENABLE_EXTERNAL_AUTH)
   bool external_auth_active_ = false;
-#endif
+  bool external_auth_allowed_ = false;
   RTC_DISALLOW_COPY_AND_ASSIGN(SrtpSession);
 };
 
 // Class that collects failures of SRTP.
 class SrtpStat {
  public:
   SrtpStat();
 
   // Report RTP protection results to the handler.
   void AddProtectRtpResult(uint32_t ssrc, int result);
@@ skipping 58 matching lines @@
   std::map<FailureKey, FailureStat> failures_;
   // Threshold in ms to silent the signaling errors.
   int signal_silent_time_;
 
   RTC_DISALLOW_COPY_AND_ASSIGN(SrtpStat);
 };
 
 }  // namespace cricket
 
 #endif  // WEBRTC_PC_SRTPFILTER_H_