| Index: webrtc/pc/srtpfilter_unittest.cc
|
| diff --git a/webrtc/pc/srtpfilter_unittest.cc b/webrtc/pc/srtpfilter_unittest.cc
|
| index 9486dd6ac9283a899fbbd4c34525a65383cfbd51..af8b69f73e334496ef4e2bc80224a66ecd85d6f8 100644
|
| --- a/webrtc/pc/srtpfilter_unittest.cc
|
| +++ b/webrtc/pc/srtpfilter_unittest.cc
|
| @@ -107,6 +107,29 @@ class SrtpFilterTest : public testing::Test {
|
| EXPECT_TRUE(f1_.IsActive());
|
| EXPECT_TRUE(f2_.IsActive());
|
| }
|
| + void TestRtpAuthParams(cricket::SrtpFilter* filter, const std::string& cs) {
|
| + int overhead;
|
| + EXPECT_TRUE(filter->GetSrtpOverhead(&overhead));
|
| + switch (rtc::SrtpCryptoSuiteFromName(cs)) {
|
| + case rtc::SRTP_AES128_CM_SHA1_32:
|
| + EXPECT_EQ(32/8, overhead); // 32-bit tag.
|
| + break;
|
| + case rtc::SRTP_AES128_CM_SHA1_80:
|
| + EXPECT_EQ(80/8, overhead); // 80-bit tag.
|
| + break;
|
| + default:
|
| + RTC_NOTREACHED();
|
| + break;
|
| + }
|
| +
|
| + uint8_t* auth_key = nullptr;
|
| + int key_len = 0;
|
| + int tag_len = 0;
|
| + EXPECT_TRUE(filter->GetRtpAuthParams(&auth_key, &key_len, &tag_len));
|
| + EXPECT_NE(nullptr, auth_key);
|
| + EXPECT_EQ(160/8, key_len); // Length of SHA-1 is 160 bits.
|
| + EXPECT_EQ(overhead, tag_len);
|
| + }
|
| void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) {
|
| rtc::Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1));
|
| char* rtp_packet = rtp_buffer.data<char>();
|
| @@ -127,18 +150,30 @@ class SrtpFilterTest : public testing::Test {
|
| &out_len));
|
| EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
|
| EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| - EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
|
| - EXPECT_EQ(rtp_len, out_len);
|
| - EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + if (!f1_.IsExternalAuthActive()) {
|
| + EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
|
| + EXPECT_EQ(rtp_len, out_len);
|
| + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + } else {
|
| + // With external auth enabled, SRTP doesn't write the auth tag and
|
| + // unprotect would fail. Check accessing the information about the
|
| + // tag instead, similar to what the actual code would do that relies
|
| + // on external auth.
|
| + TestRtpAuthParams(&f1_, cs1);
|
| + }
|
|
|
| EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
|
| static_cast<int>(rtp_buffer.size()),
|
| &out_len));
|
| EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
|
| EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| - EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
|
| - EXPECT_EQ(rtp_len, out_len);
|
| - EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + if (!f2_.IsExternalAuthActive()) {
|
| + EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
|
| + EXPECT_EQ(rtp_len, out_len);
|
| + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + } else {
|
| + TestRtpAuthParams(&f2_, cs2);
|
| + }
|
|
|
| EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len,
|
| static_cast<int>(rtcp_buffer.size()),
|
| @@ -158,6 +193,30 @@ class SrtpFilterTest : public testing::Test {
|
| EXPECT_EQ(rtcp_len, out_len);
|
| EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
|
| }
|
| + void TestProtectSetParamsDirect(bool enable_external_auth, int cs,
|
| + const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len,
|
| + const std::string& cs_name) {
|
| + EXPECT_EQ(key1_len, key2_len);
|
| + EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs));
|
| + if (enable_external_auth) {
|
| + f1_.EnableExternalAuth();
|
| + f2_.EnableExternalAuth();
|
| + }
|
| + EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len));
|
| + EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len));
|
| + EXPECT_TRUE(f1_.SetRtcpParams(cs, key1, key1_len, cs, key2, key2_len));
|
| + EXPECT_TRUE(f2_.SetRtcpParams(cs, key2, key2_len, cs, key1, key1_len));
|
| + EXPECT_TRUE(f1_.IsActive());
|
| + EXPECT_TRUE(f2_.IsActive());
|
| + if (rtc::IsGcmCryptoSuite(cs)) {
|
| + EXPECT_FALSE(f1_.IsExternalAuthActive());
|
| + EXPECT_FALSE(f2_.IsExternalAuthActive());
|
| + } else if (enable_external_auth) {
|
| + EXPECT_TRUE(f1_.IsExternalAuthActive());
|
| + EXPECT_TRUE(f2_.IsExternalAuthActive());
|
| + }
|
| + TestProtectUnprotect(cs_name, cs_name);
|
| + }
|
| cricket::SrtpFilter f1_;
|
| cricket::SrtpFilter f2_;
|
| int sequence_number_;
|
| @@ -547,98 +606,48 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) {
|
| EXPECT_FALSE(f2_.IsActive());
|
| }
|
|
|
| +class SrtpFilterProtectSetParamsDirectTest
|
| + : public SrtpFilterTest,
|
| + public testing::WithParamInterface<bool> {
|
| +};
|
| +
|
| // Test directly setting the params with AES_CM_128_HMAC_SHA1_80.
|
| -TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
|
| - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
|
| - kTestKey2, kTestKeyLen));
|
| - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
|
| - kTestKey1, kTestKeyLen));
|
| - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
|
| - kTestKey2, kTestKeyLen));
|
| - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
|
| - kTestKey1, kTestKeyLen));
|
| - EXPECT_TRUE(f1_.IsActive());
|
| - EXPECT_TRUE(f2_.IsActive());
|
| -#if defined(ENABLE_EXTERNAL_AUTH)
|
| - EXPECT_TRUE(f1_.IsExternalAuthActive());
|
| - EXPECT_TRUE(f2_.IsExternalAuthActive());
|
| -#endif
|
| - TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
| +TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_80) {
|
| + bool enable_external_auth = GetParam();
|
| + TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_80,
|
| + kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
|
| + CS_AES_CM_128_HMAC_SHA1_80);
|
| }
|
|
|
| // Test directly setting the params with AES_CM_128_HMAC_SHA1_32.
|
| -TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
|
| - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
|
| - kTestKey2, kTestKeyLen));
|
| - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
|
| - kTestKey1, kTestKeyLen));
|
| - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
|
| - kTestKey2, kTestKeyLen));
|
| - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
|
| - kTestKey1, kTestKeyLen));
|
| - EXPECT_TRUE(f1_.IsActive());
|
| - EXPECT_TRUE(f2_.IsActive());
|
| -#if defined(ENABLE_EXTERNAL_AUTH)
|
| - EXPECT_TRUE(f1_.IsExternalAuthActive());
|
| - EXPECT_TRUE(f2_.IsExternalAuthActive());
|
| -#endif
|
| - TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
|
| +TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_32) {
|
| + bool enable_external_auth = GetParam();
|
| + TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_32,
|
| + kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
|
| + CS_AES_CM_128_HMAC_SHA1_32);
|
| }
|
|
|
| // Test directly setting the params with SRTP_AEAD_AES_128_GCM.
|
| -TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_128_GCM) {
|
| - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1,
|
| - kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM,
|
| - kTestKeyGcm128_2, kTestKeyGcm128Len));
|
| - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2,
|
| - kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM,
|
| - kTestKeyGcm128_1, kTestKeyGcm128Len));
|
| - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1,
|
| - kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM,
|
| - kTestKeyGcm128_2, kTestKeyGcm128Len));
|
| - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2,
|
| - kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM,
|
| - kTestKeyGcm128_1, kTestKeyGcm128Len));
|
| - EXPECT_TRUE(f1_.IsActive());
|
| - EXPECT_TRUE(f2_.IsActive());
|
| -#if defined(ENABLE_EXTERNAL_AUTH)
|
| - EXPECT_FALSE(f1_.IsExternalAuthActive());
|
| - EXPECT_FALSE(f2_.IsExternalAuthActive());
|
| -#endif
|
| - TestProtectUnprotect(CS_AEAD_AES_128_GCM, CS_AEAD_AES_128_GCM);
|
| +TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_128_GCM) {
|
| + bool enable_external_auth = GetParam();
|
| + TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AEAD_AES_128_GCM,
|
| + kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, kTestKeyGcm128Len,
|
| + CS_AEAD_AES_128_GCM);
|
| }
|
|
|
| // Test directly setting the params with SRTP_AEAD_AES_256_GCM.
|
| -TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_256_GCM) {
|
| - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1,
|
| - kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM,
|
| - kTestKeyGcm256_2, kTestKeyGcm256Len));
|
| - EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2,
|
| - kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM,
|
| - kTestKeyGcm256_1, kTestKeyGcm256Len));
|
| - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1,
|
| - kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM,
|
| - kTestKeyGcm256_2, kTestKeyGcm256Len));
|
| - EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2,
|
| - kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM,
|
| - kTestKeyGcm256_1, kTestKeyGcm256Len));
|
| - EXPECT_TRUE(f1_.IsActive());
|
| - EXPECT_TRUE(f2_.IsActive());
|
| -#if defined(ENABLE_EXTERNAL_AUTH)
|
| - EXPECT_FALSE(f1_.IsExternalAuthActive());
|
| - EXPECT_FALSE(f2_.IsExternalAuthActive());
|
| -#endif
|
| - TestProtectUnprotect(CS_AEAD_AES_256_GCM, CS_AEAD_AES_256_GCM);
|
| +TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_256_GCM) {
|
| + bool enable_external_auth = GetParam();
|
| + TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AEAD_AES_256_GCM,
|
| + kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, kTestKeyGcm256Len,
|
| + CS_AEAD_AES_256_GCM);
|
| }
|
|
|
| +// Run all tests both with and without external auth enabled.
|
| +INSTANTIATE_TEST_CASE_P(ExternalAuth,
|
| + SrtpFilterProtectSetParamsDirectTest,
|
| + ::testing::Values(true, false));
|
| +
|
| // Test directly setting the params with bogus keys.
|
| TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
|
| EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
|
| @@ -649,25 +658,6 @@ TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
|
| kTestKey1, kTestKeyLen - 1));
|
| }
|
|
|
| -#if defined(ENABLE_EXTERNAL_AUTH)
|
| -TEST_F(SrtpFilterTest, TestGetSendAuthParams) {
|
| - EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
|
| - kTestKey2, kTestKeyLen));
|
| - EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
|
| - kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
|
| - kTestKey2, kTestKeyLen));
|
| - // Non-GCM ciphers support external auth.
|
| - EXPECT_TRUE(f1_.IsExternalAuthActive());
|
| - uint8_t* auth_key = NULL;
|
| - int auth_key_len = 0, auth_tag_len = 0;
|
| - EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len));
|
| - EXPECT_TRUE(auth_key != NULL);
|
| - EXPECT_EQ(20, auth_key_len);
|
| - EXPECT_EQ(4, auth_tag_len);
|
| -}
|
| -#endif
|
| -
|
| class SrtpSessionTest : public testing::Test {
|
| protected:
|
| virtual void SetUp() {
|
|
|
Chromium Code Reviews
Issue 2722423003:
Improve testing of SRTP external auth code paths. (Closed)
