Chromium Code Reviews Chromium Code Reviews
Issue 2722423003:
Improve testing of SRTP external auth code paths. (Closed)
| Index: webrtc/pc/srtpfilter_unittest.cc |
| diff --git a/webrtc/pc/srtpfilter_unittest.cc b/webrtc/pc/srtpfilter_unittest.cc |
| index 9486dd6ac9283a899fbbd4c34525a65383cfbd51..057450f87df6219087655324ab61d9753c6caa31 100644 |
| --- a/webrtc/pc/srtpfilter_unittest.cc |
| +++ b/webrtc/pc/srtpfilter_unittest.cc |
| @@ -107,6 +107,29 @@ class SrtpFilterTest : public testing::Test { |
| EXPECT_TRUE(f1_.IsActive()); |
| EXPECT_TRUE(f2_.IsActive()); |
| } |
| + void TestRtpAuthParams(cricket::SrtpFilter* filter, const std::string cs) { |
|
Taylor Brandstetter
2017/03/03 02:20:35
nit: Think you meant to use const ref.
joachim
2017/03/03 20:42:57
Done.
|
| + int overhead; |
| + EXPECT_TRUE(filter->GetSrtpOverhead(&overhead)); |
| + switch (rtc::SrtpCryptoSuiteFromName(cs)) { |
| + case rtc::SRTP_AES128_CM_SHA1_32: |
| + EXPECT_EQ(32/8, overhead); // 32-bit tag. |
| + break; |
| + case rtc::SRTP_AES128_CM_SHA1_80: |
| + EXPECT_EQ(80/8, overhead); // 80-bit tag. |
| + break; |
| + default: |
| + RTC_NOTREACHED(); |
| + break; |
| + } |
| + |
| + uint8_t* auth_key = nullptr; |
| + int key_len = 0; |
| + int tag_len = 0; |
| + EXPECT_TRUE(filter->GetRtpAuthParams(&auth_key, &key_len, &tag_len)); |
| + EXPECT_NE(nullptr, auth_key); |
| + EXPECT_EQ(160/8, key_len); // Length of SHA-1 is 160 bits. |
| + EXPECT_EQ(overhead, tag_len); |
| + } |
| void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { |
| rtc::Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1)); |
| char* rtp_packet = rtp_buffer.data<char>(); |
| @@ -127,18 +150,26 @@ class SrtpFilterTest : public testing::Test { |
| &out_len)); |
| EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); |
| EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| - EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| - EXPECT_EQ(rtp_len, out_len); |
| - EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| + if (!f1_.IsExternalAuthActive()) { |
| + EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| + EXPECT_EQ(rtp_len, out_len); |
| + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| + } else { |
| + TestRtpAuthParams(&f1_, cs1); |
| + } |
| EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, |
| static_cast<int>(rtp_buffer.size()), |
| &out_len)); |
| EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); |
| EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| - EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| - EXPECT_EQ(rtp_len, out_len); |
| - EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| + if (!f2_.IsExternalAuthActive()) { |
| + EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| + EXPECT_EQ(rtp_len, out_len); |
| + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| + } else { |
| + TestRtpAuthParams(&f2_, cs2); |
|
Taylor Brandstetter
2017/03/03 02:20:35
Can you leave a comment explaining why this method
joachim
2017/03/03 20:42:57
Done.
|
| + } |
| EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, |
| static_cast<int>(rtcp_buffer.size()), |
| @@ -158,6 +189,28 @@ class SrtpFilterTest : public testing::Test { |
| EXPECT_EQ(rtcp_len, out_len); |
| EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| } |
| + void TestProtectSetParamsDirect(bool allow_external_auth, int cs, |
| + const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len, |
| + const std::string& cs_name) { |
| + EXPECT_EQ(key1_len, key2_len); |
| + EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs)); |
| + f1_.AllowExternalAuthForTest(allow_external_auth); |
| + f2_.AllowExternalAuthForTest(allow_external_auth); |
| + EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len)); |
| + EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len)); |
| + EXPECT_TRUE(f1_.SetRtcpParams(cs, key1, key1_len, cs, key2, key2_len)); |
| + EXPECT_TRUE(f2_.SetRtcpParams(cs, key2, key2_len, cs, key1, key1_len)); |
| + EXPECT_TRUE(f1_.IsActive()); |
| + EXPECT_TRUE(f2_.IsActive()); |
| + if (rtc::IsGcmCryptoSuite(cs)) { |
| + EXPECT_FALSE(f1_.IsExternalAuthActive()); |
| + EXPECT_FALSE(f2_.IsExternalAuthActive()); |
| + } else if (allow_external_auth) { |
| + EXPECT_TRUE(f1_.IsExternalAuthActive()); |
| + EXPECT_TRUE(f2_.IsExternalAuthActive()); |
| + } |
| + TestProtectUnprotect(cs_name, cs_name); |
| + } |
| cricket::SrtpFilter f1_; |
| cricket::SrtpFilter f2_; |
| int sequence_number_; |
| @@ -549,94 +602,58 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) { |
| // Test directly setting the params with AES_CM_128_HMAC_SHA1_80. |
| TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { |
| - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| - kTestKey2, kTestKeyLen)); |
| - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, |
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| - kTestKey1, kTestKeyLen)); |
| - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| - kTestKey2, kTestKeyLen)); |
| - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, |
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, |
| - kTestKey1, kTestKeyLen)); |
| - EXPECT_TRUE(f1_.IsActive()); |
| - EXPECT_TRUE(f2_.IsActive()); |
| -#if defined(ENABLE_EXTERNAL_AUTH) |
| - EXPECT_TRUE(f1_.IsExternalAuthActive()); |
| - EXPECT_TRUE(f2_.IsExternalAuthActive()); |
| -#endif |
| - TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); |
| + TestProtectSetParamsDirect(false, rtc::SRTP_AES128_CM_SHA1_80, |
|
Taylor Brandstetter
2017/03/03 02:20:35
nit: We often do this:
bool external_auth = false
joachim
2017/03/03 20:42:57
Done.
|
| + kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| + CS_AES_CM_128_HMAC_SHA1_80); |
| +} |
| + |
| +TEST_F(SrtpFilterTest, |
| + TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80_ExternalAuth) { |
| + TestProtectSetParamsDirect(true, rtc::SRTP_AES128_CM_SHA1_80, |
| + kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| + CS_AES_CM_128_HMAC_SHA1_80); |
| } |
| // Test directly setting the params with AES_CM_128_HMAC_SHA1_32. |
| TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { |
| - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| - kTestKey2, kTestKeyLen)); |
| - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, |
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| - kTestKey1, kTestKeyLen)); |
| - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| - kTestKey2, kTestKeyLen)); |
| - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, |
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| - kTestKey1, kTestKeyLen)); |
| - EXPECT_TRUE(f1_.IsActive()); |
| - EXPECT_TRUE(f2_.IsActive()); |
| -#if defined(ENABLE_EXTERNAL_AUTH) |
| - EXPECT_TRUE(f1_.IsExternalAuthActive()); |
| - EXPECT_TRUE(f2_.IsExternalAuthActive()); |
| -#endif |
| - TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); |
| + TestProtectSetParamsDirect(false, rtc::SRTP_AES128_CM_SHA1_32, |
| + kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| + CS_AES_CM_128_HMAC_SHA1_32); |
| +} |
| + |
| +TEST_F(SrtpFilterTest, |
| + TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32_ExternalAuth) { |
| + TestProtectSetParamsDirect(true, rtc::SRTP_AES128_CM_SHA1_32, |
| + kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| + CS_AES_CM_128_HMAC_SHA1_32); |
| } |
| // Test directly setting the params with SRTP_AEAD_AES_128_GCM. |
| TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_128_GCM) { |
| - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, |
| - kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, |
| - kTestKeyGcm128_2, kTestKeyGcm128Len)); |
| - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, |
| - kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, |
| - kTestKeyGcm128_1, kTestKeyGcm128Len)); |
| - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, |
| - kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, |
| - kTestKeyGcm128_2, kTestKeyGcm128Len)); |
| - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, |
| - kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, |
| - kTestKeyGcm128_1, kTestKeyGcm128Len)); |
| - EXPECT_TRUE(f1_.IsActive()); |
| - EXPECT_TRUE(f2_.IsActive()); |
| -#if defined(ENABLE_EXTERNAL_AUTH) |
| - EXPECT_FALSE(f1_.IsExternalAuthActive()); |
| - EXPECT_FALSE(f2_.IsExternalAuthActive()); |
| -#endif |
| - TestProtectUnprotect(CS_AEAD_AES_128_GCM, CS_AEAD_AES_128_GCM); |
| + TestProtectSetParamsDirect(false, rtc::SRTP_AEAD_AES_128_GCM, |
| + kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, kTestKeyGcm128Len, |
| + CS_AEAD_AES_128_GCM); |
| +} |
| + |
| +TEST_F(SrtpFilterTest, |
| + TestProtect_SetParamsDirect_SRTP_AEAD_AES_128_GCM_ExternalAuth) { |
| + TestProtectSetParamsDirect(true, rtc::SRTP_AEAD_AES_128_GCM, |
| + kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, kTestKeyGcm128Len, |
| + CS_AEAD_AES_128_GCM); |
| } |
| // Test directly setting the params with SRTP_AEAD_AES_256_GCM. |
| TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_256_GCM) { |
| - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, |
| - kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, |
| - kTestKeyGcm256_2, kTestKeyGcm256Len)); |
| - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, |
| - kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, |
| - kTestKeyGcm256_1, kTestKeyGcm256Len)); |
| - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, |
| - kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, |
| - kTestKeyGcm256_2, kTestKeyGcm256Len)); |
| - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, |
| - kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, |
| - kTestKeyGcm256_1, kTestKeyGcm256Len)); |
| - EXPECT_TRUE(f1_.IsActive()); |
| - EXPECT_TRUE(f2_.IsActive()); |
| -#if defined(ENABLE_EXTERNAL_AUTH) |
| - EXPECT_FALSE(f1_.IsExternalAuthActive()); |
| - EXPECT_FALSE(f2_.IsExternalAuthActive()); |
| -#endif |
| - TestProtectUnprotect(CS_AEAD_AES_256_GCM, CS_AEAD_AES_256_GCM); |
| + TestProtectSetParamsDirect(false, rtc::SRTP_AEAD_AES_256_GCM, |
| + kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, kTestKeyGcm256Len, |
| + CS_AEAD_AES_256_GCM); |
| +} |
| + |
| +TEST_F(SrtpFilterTest, |
| + TestProtect_SetParamsDirect_SRTP_AEAD_AES_256_GCM_ExternalAuth) { |
| + TestProtectSetParamsDirect(true, rtc::SRTP_AEAD_AES_256_GCM, |
| + kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, kTestKeyGcm256Len, |
| + CS_AEAD_AES_256_GCM); |
| } |
| // Test directly setting the params with bogus keys. |
| @@ -649,8 +666,8 @@ TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { |
| kTestKey1, kTestKeyLen - 1)); |
| } |
| -#if defined(ENABLE_EXTERNAL_AUTH) |
| TEST_F(SrtpFilterTest, TestGetSendAuthParams) { |
|
Taylor Brandstetter
2017/03/03 02:20:35
Is this test still necessary, now that the above t
joachim
2017/03/03 20:42:57
True, the same is already tested above.
|
| + f1_.AllowExternalAuthForTest(true); |
| EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, |
| kTestKey2, kTestKeyLen)); |
| @@ -666,7 +683,6 @@ TEST_F(SrtpFilterTest, TestGetSendAuthParams) { |
| EXPECT_EQ(20, auth_key_len); |
| EXPECT_EQ(4, auth_tag_len); |
| } |
| -#endif |
| class SrtpSessionTest : public testing::Test { |
| protected: |
