| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. | 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 #include <algorithm> | 11 #include <algorithm> |
| 12 | 12 |
| 13 #include "webrtc/pc/srtpfilter.h" | 13 #include "webrtc/pc/srtpfilter.h" |
| 14 | 14 |
| 15 #include "third_party/libsrtp/include/srtp.h" | |
| 16 #include "webrtc/media/base/cryptoparams.h" | 15 #include "webrtc/media/base/cryptoparams.h" |
| 17 #include "webrtc/media/base/fakertp.h" | 16 #include "webrtc/media/base/fakertp.h" |
| 18 #include "webrtc/p2p/base/sessiondescription.h" | 17 #include "webrtc/p2p/base/sessiondescription.h" |
| 18 #include "webrtc/pc/srtptestutil.h" |
| 19 #include "webrtc/rtc_base/buffer.h" | 19 #include "webrtc/rtc_base/buffer.h" |
| 20 #include "webrtc/rtc_base/byteorder.h" | 20 #include "webrtc/rtc_base/byteorder.h" |
| 21 #include "webrtc/rtc_base/constructormagic.h" | 21 #include "webrtc/rtc_base/constructormagic.h" |
| 22 #include "webrtc/rtc_base/gunit.h" | 22 #include "webrtc/rtc_base/gunit.h" |
| 23 #include "webrtc/rtc_base/thread.h" | 23 #include "webrtc/rtc_base/thread.h" |
| 24 | 24 |
| 25 using rtc::CS_AES_CM_128_HMAC_SHA1_80; | |
| 26 using rtc::CS_AES_CM_128_HMAC_SHA1_32; | |
| 27 using rtc::CS_AEAD_AES_128_GCM; | |
| 28 using rtc::CS_AEAD_AES_256_GCM; | |
| 29 using cricket::CryptoParams; | 25 using cricket::CryptoParams; |
| 30 using cricket::CS_LOCAL; | 26 using cricket::CS_LOCAL; |
| 31 using cricket::CS_REMOTE; | 27 using cricket::CS_REMOTE; |
| 32 | 28 |
| 33 static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; | 29 namespace rtc { |
| 34 static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; | 30 |
| 35 static const int kTestKeyLen = 30; | |
| 36 static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12"; | 31 static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12"; |
| 37 static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA"; | 32 static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 38 static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt. | 33 static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt. |
| 39 static const uint8_t kTestKeyGcm256_1[] = | 34 static const uint8_t kTestKeyGcm256_1[] = |
| 40 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr"; | 35 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr"; |
| 41 static const uint8_t kTestKeyGcm256_2[] = | 36 static const uint8_t kTestKeyGcm256_2[] = |
| 42 "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"; | 37 "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 43 static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt. | 38 static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt. |
| 44 static const std::string kTestKeyParams1 = | 39 static const std::string kTestKeyParams1 = |
| 45 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; | 40 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; |
| (...skipping 17 matching lines...) Expand all Loading... |
| 63 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams2, ""); | 58 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams2, ""); |
| 64 static const cricket::CryptoParams kTestCryptoParamsGcm1( | 59 static const cricket::CryptoParams kTestCryptoParamsGcm1( |
| 65 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); | 60 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); |
| 66 static const cricket::CryptoParams kTestCryptoParamsGcm2( | 61 static const cricket::CryptoParams kTestCryptoParamsGcm2( |
| 67 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); | 62 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); |
| 68 static const cricket::CryptoParams kTestCryptoParamsGcm3( | 63 static const cricket::CryptoParams kTestCryptoParamsGcm3( |
| 69 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); | 64 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); |
| 70 static const cricket::CryptoParams kTestCryptoParamsGcm4( | 65 static const cricket::CryptoParams kTestCryptoParamsGcm4( |
| 71 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); | 66 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); |
| 72 | 67 |
| 73 static int rtp_auth_tag_len(const std::string& cs) { | |
| 74 if (cs == CS_AES_CM_128_HMAC_SHA1_32) { | |
| 75 return 4; | |
| 76 } else if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { | |
| 77 return 16; | |
| 78 } else { | |
| 79 return 10; | |
| 80 } | |
| 81 } | |
| 82 static int rtcp_auth_tag_len(const std::string& cs) { | |
| 83 if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { | |
| 84 return 16; | |
| 85 } else { | |
| 86 return 10; | |
| 87 } | |
| 88 } | |
| 89 | |
| 90 class SrtpFilterTest : public testing::Test { | 68 class SrtpFilterTest : public testing::Test { |
| 91 protected: | 69 protected: |
| 92 SrtpFilterTest() | 70 SrtpFilterTest() |
| 93 // Need to initialize |sequence_number_|, the value does not matter. | 71 // Need to initialize |sequence_number_|, the value does not matter. |
| 94 : sequence_number_(1) { | 72 : sequence_number_(1) { |
| 95 } | 73 } |
| 96 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { | 74 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { |
| 97 std::vector<CryptoParams> vec; | 75 std::vector<CryptoParams> vec; |
| 98 vec.push_back(params); | 76 vec.push_back(params); |
| 99 return vec; | 77 return vec; |
| 100 } | 78 } |
| 101 void TestSetParams(const std::vector<CryptoParams>& params1, | 79 void TestSetParams(const std::vector<CryptoParams>& params1, |
| 102 const std::vector<CryptoParams>& params2) { | 80 const std::vector<CryptoParams>& params2) { |
| 103 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); | 81 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); |
| 104 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); | 82 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); |
| 105 EXPECT_FALSE(f1_.IsActive()); | 83 EXPECT_FALSE(f1_.IsActive()); |
| 106 EXPECT_FALSE(f2_.IsActive()); | 84 EXPECT_FALSE(f2_.IsActive()); |
| 107 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); | 85 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); |
| 108 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); | 86 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); |
| 109 EXPECT_TRUE(f1_.IsActive()); | 87 EXPECT_TRUE(f1_.IsActive()); |
| 110 EXPECT_TRUE(f2_.IsActive()); | 88 EXPECT_TRUE(f2_.IsActive()); |
| 111 } | 89 } |
| 112 void TestRtpAuthParams(cricket::SrtpFilter* filter, const std::string& cs) { | 90 void TestRtpAuthParams(cricket::SrtpFilter* filter, const std::string& cs) { |
| 113 int overhead; | 91 int overhead; |
| 114 EXPECT_TRUE(filter->GetSrtpOverhead(&overhead)); | 92 EXPECT_TRUE(filter->GetSrtpOverhead(&overhead)); |
| 115 switch (rtc::SrtpCryptoSuiteFromName(cs)) { | 93 switch (SrtpCryptoSuiteFromName(cs)) { |
| 116 case rtc::SRTP_AES128_CM_SHA1_32: | 94 case SRTP_AES128_CM_SHA1_32: |
| 117 EXPECT_EQ(32/8, overhead); // 32-bit tag. | 95 EXPECT_EQ(32/8, overhead); // 32-bit tag. |
| 118 break; | 96 break; |
| 119 case rtc::SRTP_AES128_CM_SHA1_80: | 97 case SRTP_AES128_CM_SHA1_80: |
| 120 EXPECT_EQ(80/8, overhead); // 80-bit tag. | 98 EXPECT_EQ(80/8, overhead); // 80-bit tag. |
| 121 break; | 99 break; |
| 122 default: | 100 default: |
| 123 RTC_NOTREACHED(); | 101 RTC_NOTREACHED(); |
| 124 break; | 102 break; |
| 125 } | 103 } |
| 126 | 104 |
| 127 uint8_t* auth_key = nullptr; | 105 uint8_t* auth_key = nullptr; |
| 128 int key_len = 0; | 106 int key_len = 0; |
| 129 int tag_len = 0; | 107 int tag_len = 0; |
| 130 EXPECT_TRUE(filter->GetRtpAuthParams(&auth_key, &key_len, &tag_len)); | 108 EXPECT_TRUE(filter->GetRtpAuthParams(&auth_key, &key_len, &tag_len)); |
| 131 EXPECT_NE(nullptr, auth_key); | 109 EXPECT_NE(nullptr, auth_key); |
| 132 EXPECT_EQ(160/8, key_len); // Length of SHA-1 is 160 bits. | 110 EXPECT_EQ(160/8, key_len); // Length of SHA-1 is 160 bits. |
| 133 EXPECT_EQ(overhead, tag_len); | 111 EXPECT_EQ(overhead, tag_len); |
| 134 } | 112 } |
| 135 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { | 113 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { |
| 136 rtc::Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1)); | 114 Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1)); |
| 137 char* rtp_packet = rtp_buffer.data<char>(); | 115 char* rtp_packet = rtp_buffer.data<char>(); |
| 138 char original_rtp_packet[sizeof(kPcmuFrame)]; | 116 char original_rtp_packet[sizeof(kPcmuFrame)]; |
| 139 rtc::Buffer rtcp_buffer(sizeof(kRtcpReport) + 4 + rtcp_auth_tag_len(cs2)); | 117 Buffer rtcp_buffer(sizeof(kRtcpReport) + 4 + rtcp_auth_tag_len(cs2)); |
| 140 char* rtcp_packet = rtcp_buffer.data<char>(); | 118 char* rtcp_packet = rtcp_buffer.data<char>(); |
| 141 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; | 119 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; |
| 142 memcpy(rtp_packet, kPcmuFrame, rtp_len); | 120 memcpy(rtp_packet, kPcmuFrame, rtp_len); |
| 143 // In order to be able to run this test function multiple times we can not | 121 // In order to be able to run this test function multiple times we can not |
| 144 // use the same sequence number twice. Increase the sequence number by one. | 122 // use the same sequence number twice. Increase the sequence number by one. |
| 145 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, | 123 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, ++sequence_number_); |
| 146 ++sequence_number_); | |
| 147 memcpy(original_rtp_packet, rtp_packet, rtp_len); | 124 memcpy(original_rtp_packet, rtp_packet, rtp_len); |
| 148 memcpy(rtcp_packet, kRtcpReport, rtcp_len); | 125 memcpy(rtcp_packet, kRtcpReport, rtcp_len); |
| 149 | 126 |
| 150 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, | 127 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, |
| 151 static_cast<int>(rtp_buffer.size()), | 128 static_cast<int>(rtp_buffer.size()), |
| 152 &out_len)); | 129 &out_len)); |
| 153 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); | 130 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); |
| 154 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 131 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 155 if (!f1_.IsExternalAuthActive()) { | 132 if (!f1_.IsExternalAuthActive()) { |
| 156 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); | 133 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 191 &out_len)); | 168 &out_len)); |
| 192 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT | 169 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT |
| 193 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 170 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 194 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); | 171 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); |
| 195 EXPECT_EQ(rtcp_len, out_len); | 172 EXPECT_EQ(rtcp_len, out_len); |
| 196 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | 173 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); |
| 197 } | 174 } |
| 198 void TestProtectUnprotectHeaderEncryption(const std::string& cs1, | 175 void TestProtectUnprotectHeaderEncryption(const std::string& cs1, |
| 199 const std::string& cs2, | 176 const std::string& cs2, |
| 200 const std::vector<int>& encrypted_header_ids) { | 177 const std::vector<int>& encrypted_header_ids) { |
| 201 rtc::Buffer rtp_buffer(sizeof(kPcmuFrameWithExtensions) + | 178 Buffer rtp_buffer(sizeof(kPcmuFrameWithExtensions) + rtp_auth_tag_len(cs1)); |
| 202 rtp_auth_tag_len(cs1)); | |
| 203 char* rtp_packet = rtp_buffer.data<char>(); | 179 char* rtp_packet = rtp_buffer.data<char>(); |
| 204 size_t rtp_packet_size = rtp_buffer.size(); | 180 size_t rtp_packet_size = rtp_buffer.size(); |
| 205 char original_rtp_packet[sizeof(kPcmuFrameWithExtensions)]; | 181 char original_rtp_packet[sizeof(kPcmuFrameWithExtensions)]; |
| 206 size_t original_rtp_packet_size = sizeof(original_rtp_packet); | 182 size_t original_rtp_packet_size = sizeof(original_rtp_packet); |
| 207 int rtp_len = sizeof(kPcmuFrameWithExtensions), out_len; | 183 int rtp_len = sizeof(kPcmuFrameWithExtensions), out_len; |
| 208 memcpy(rtp_packet, kPcmuFrameWithExtensions, rtp_len); | 184 memcpy(rtp_packet, kPcmuFrameWithExtensions, rtp_len); |
| 209 // In order to be able to run this test function multiple times we can not | 185 // In order to be able to run this test function multiple times we can not |
| 210 // use the same sequence number twice. Increase the sequence number by one. | 186 // use the same sequence number twice. Increase the sequence number by one. |
| 211 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, | 187 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, ++sequence_number_); |
| 212 ++sequence_number_); | |
| 213 memcpy(original_rtp_packet, rtp_packet, rtp_len); | 188 memcpy(original_rtp_packet, rtp_packet, rtp_len); |
| 214 | 189 |
| 215 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, | 190 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, |
| 216 static_cast<int>(rtp_buffer.size()), | 191 static_cast<int>(rtp_buffer.size()), |
| 217 &out_len)); | 192 &out_len)); |
| 218 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); | 193 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); |
| 219 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 194 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 220 CompareHeaderExtensions(rtp_packet, rtp_packet_size, | 195 CompareHeaderExtensions(rtp_packet, rtp_packet_size, |
| 221 original_rtp_packet, original_rtp_packet_size, | 196 original_rtp_packet, original_rtp_packet_size, |
| 222 encrypted_header_ids, false); | 197 encrypted_header_ids, false); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 239 EXPECT_EQ(rtp_len, out_len); | 214 EXPECT_EQ(rtp_len, out_len); |
| 240 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | 215 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); |
| 241 CompareHeaderExtensions(rtp_packet, rtp_packet_size, | 216 CompareHeaderExtensions(rtp_packet, rtp_packet_size, |
| 242 original_rtp_packet, original_rtp_packet_size, | 217 original_rtp_packet, original_rtp_packet_size, |
| 243 encrypted_header_ids, true); | 218 encrypted_header_ids, true); |
| 244 } | 219 } |
| 245 void TestProtectSetParamsDirect(bool enable_external_auth, int cs, | 220 void TestProtectSetParamsDirect(bool enable_external_auth, int cs, |
| 246 const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len, | 221 const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len, |
| 247 const std::string& cs_name) { | 222 const std::string& cs_name) { |
| 248 EXPECT_EQ(key1_len, key2_len); | 223 EXPECT_EQ(key1_len, key2_len); |
| 249 EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs)); | 224 EXPECT_EQ(cs_name, SrtpCryptoSuiteToName(cs)); |
| 250 if (enable_external_auth) { | 225 if (enable_external_auth) { |
| 251 f1_.EnableExternalAuth(); | 226 f1_.EnableExternalAuth(); |
| 252 f2_.EnableExternalAuth(); | 227 f2_.EnableExternalAuth(); |
| 253 } | 228 } |
| 254 EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len)); | 229 EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len)); |
| 255 EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len)); | 230 EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len)); |
| 256 EXPECT_TRUE(f1_.SetRtcpParams(cs, key1, key1_len, cs, key2, key2_len)); | 231 EXPECT_TRUE(f1_.SetRtcpParams(cs, key1, key1_len, cs, key2, key2_len)); |
| 257 EXPECT_TRUE(f2_.SetRtcpParams(cs, key2, key2_len, cs, key1, key1_len)); | 232 EXPECT_TRUE(f2_.SetRtcpParams(cs, key2, key2_len, cs, key1, key1_len)); |
| 258 EXPECT_TRUE(f1_.IsActive()); | 233 EXPECT_TRUE(f1_.IsActive()); |
| 259 EXPECT_TRUE(f2_.IsActive()); | 234 EXPECT_TRUE(f2_.IsActive()); |
| 260 if (rtc::IsGcmCryptoSuite(cs)) { | 235 if (IsGcmCryptoSuite(cs)) { |
| 261 EXPECT_FALSE(f1_.IsExternalAuthActive()); | 236 EXPECT_FALSE(f1_.IsExternalAuthActive()); |
| 262 EXPECT_FALSE(f2_.IsExternalAuthActive()); | 237 EXPECT_FALSE(f2_.IsExternalAuthActive()); |
| 263 } else if (enable_external_auth) { | 238 } else if (enable_external_auth) { |
| 264 EXPECT_TRUE(f1_.IsExternalAuthActive()); | 239 EXPECT_TRUE(f1_.IsExternalAuthActive()); |
| 265 EXPECT_TRUE(f2_.IsExternalAuthActive()); | 240 EXPECT_TRUE(f2_.IsExternalAuthActive()); |
| 266 } | 241 } |
| 267 TestProtectUnprotect(cs_name, cs_name); | 242 TestProtectUnprotect(cs_name, cs_name); |
| 268 } | 243 } |
| 269 void TestProtectSetParamsDirectHeaderEncryption(int cs, | 244 void TestProtectSetParamsDirectHeaderEncryption(int cs, |
| 270 const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len, | 245 const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len, |
| 271 const std::string& cs_name) { | 246 const std::string& cs_name) { |
| 272 std::vector<int> encrypted_headers; | 247 std::vector<int> encrypted_headers; |
| 273 encrypted_headers.push_back(1); | 248 encrypted_headers.push_back(1); |
| 274 // Don't encrypt header ids 2 and 3. | 249 // Don't encrypt header ids 2 and 3. |
| 275 encrypted_headers.push_back(4); | 250 encrypted_headers.push_back(4); |
| 276 EXPECT_EQ(key1_len, key2_len); | 251 EXPECT_EQ(key1_len, key2_len); |
| 277 EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs)); | 252 EXPECT_EQ(cs_name, SrtpCryptoSuiteToName(cs)); |
| 278 f1_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers); | 253 f1_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers); |
| 279 f1_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers); | 254 f1_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers); |
| 280 f2_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers); | 255 f2_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers); |
| 281 f2_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers); | 256 f2_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers); |
| 282 EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len)); | 257 EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len)); |
| 283 EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len)); | 258 EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len)); |
| 284 EXPECT_TRUE(f1_.IsActive()); | 259 EXPECT_TRUE(f1_.IsActive()); |
| 285 EXPECT_TRUE(f2_.IsActive()); | 260 EXPECT_TRUE(f2_.IsActive()); |
| 286 EXPECT_FALSE(f1_.IsExternalAuthActive()); | 261 EXPECT_FALSE(f1_.IsExternalAuthActive()); |
| 287 EXPECT_FALSE(f2_.IsExternalAuthActive()); | 262 EXPECT_FALSE(f2_.IsExternalAuthActive()); |
| (...skipping 389 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 677 } | 652 } |
| 678 | 653 |
| 679 class SrtpFilterProtectSetParamsDirectTest | 654 class SrtpFilterProtectSetParamsDirectTest |
| 680 : public SrtpFilterTest, | 655 : public SrtpFilterTest, |
| 681 public testing::WithParamInterface<bool> { | 656 public testing::WithParamInterface<bool> { |
| 682 }; | 657 }; |
| 683 | 658 |
| 684 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80. | 659 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80. |
| 685 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_80) { | 660 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_80) { |
| 686 bool enable_external_auth = GetParam(); | 661 bool enable_external_auth = GetParam(); |
| 687 TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_80, | 662 TestProtectSetParamsDirect(enable_external_auth, SRTP_AES128_CM_SHA1_80, |
| 688 kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, | 663 kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| 689 CS_AES_CM_128_HMAC_SHA1_80); | 664 CS_AES_CM_128_HMAC_SHA1_80); |
| 690 } | 665 } |
| 691 | 666 |
| 692 TEST_F(SrtpFilterTest, | 667 TEST_F(SrtpFilterTest, |
| 693 TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_80) { | 668 TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_80) { |
| 694 TestProtectSetParamsDirectHeaderEncryption(rtc::SRTP_AES128_CM_SHA1_80, | 669 TestProtectSetParamsDirectHeaderEncryption( |
| 695 kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, | 670 SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| 696 CS_AES_CM_128_HMAC_SHA1_80); | 671 CS_AES_CM_128_HMAC_SHA1_80); |
| 697 } | 672 } |
| 698 | 673 |
| 699 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32. | 674 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32. |
| 700 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_32) { | 675 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_32) { |
| 701 bool enable_external_auth = GetParam(); | 676 bool enable_external_auth = GetParam(); |
| 702 TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_32, | 677 TestProtectSetParamsDirect(enable_external_auth, SRTP_AES128_CM_SHA1_32, |
| 703 kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, | 678 kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| 704 CS_AES_CM_128_HMAC_SHA1_32); | 679 CS_AES_CM_128_HMAC_SHA1_32); |
| 705 } | 680 } |
| 706 | 681 |
| 707 TEST_F(SrtpFilterTest, | 682 TEST_F(SrtpFilterTest, |
| 708 TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_32) { | 683 TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_32) { |
| 709 TestProtectSetParamsDirectHeaderEncryption(rtc::SRTP_AES128_CM_SHA1_32, | 684 TestProtectSetParamsDirectHeaderEncryption( |
| 710 kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, | 685 SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| 711 CS_AES_CM_128_HMAC_SHA1_32); | 686 CS_AES_CM_128_HMAC_SHA1_32); |
| 712 } | 687 } |
| 713 | 688 |
| 714 // Test directly setting the params with SRTP_AEAD_AES_128_GCM. | 689 // Test directly setting the params with SRTP_AEAD_AES_128_GCM. |
| 715 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_128_GCM) { | 690 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_128_GCM) { |
| 716 bool enable_external_auth = GetParam(); | 691 bool enable_external_auth = GetParam(); |
| 717 TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AEAD_AES_128_GCM, | 692 TestProtectSetParamsDirect(enable_external_auth, SRTP_AEAD_AES_128_GCM, |
| 718 kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, kTestKeyGcm128Len, | 693 kTestKeyGcm128_1, kTestKeyGcm128Len, |
| 719 CS_AEAD_AES_128_GCM); | 694 kTestKeyGcm128_2, kTestKeyGcm128Len, |
| 695 CS_AEAD_AES_128_GCM); |
| 720 } | 696 } |
| 721 | 697 |
| 722 TEST_F(SrtpFilterTest, | 698 TEST_F(SrtpFilterTest, |
| 723 TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_128_GCM) { | 699 TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_128_GCM) { |
| 724 TestProtectSetParamsDirectHeaderEncryption(rtc::SRTP_AEAD_AES_128_GCM, | 700 TestProtectSetParamsDirectHeaderEncryption( |
| 725 kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, kTestKeyGcm128Len, | 701 SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, kTestKeyGcm128Len, |
| 726 CS_AEAD_AES_128_GCM); | 702 kTestKeyGcm128_2, kTestKeyGcm128Len, CS_AEAD_AES_128_GCM); |
| 727 } | 703 } |
| 728 | 704 |
| 729 // Test directly setting the params with SRTP_AEAD_AES_256_GCM. | 705 // Test directly setting the params with SRTP_AEAD_AES_256_GCM. |
| 730 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_256_GCM) { | 706 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_256_GCM) { |
| 731 bool enable_external_auth = GetParam(); | 707 bool enable_external_auth = GetParam(); |
| 732 TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AEAD_AES_256_GCM, | 708 TestProtectSetParamsDirect(enable_external_auth, SRTP_AEAD_AES_256_GCM, |
| 733 kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, kTestKeyGcm256Len, | 709 kTestKeyGcm256_1, kTestKeyGcm256Len, |
| 734 CS_AEAD_AES_256_GCM); | 710 kTestKeyGcm256_2, kTestKeyGcm256Len, |
| 711 CS_AEAD_AES_256_GCM); |
| 735 } | 712 } |
| 736 | 713 |
| 737 TEST_F(SrtpFilterTest, | 714 TEST_F(SrtpFilterTest, |
| 738 TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_256_GCM) { | 715 TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_256_GCM) { |
| 739 TestProtectSetParamsDirectHeaderEncryption(rtc::SRTP_AEAD_AES_256_GCM, | 716 TestProtectSetParamsDirectHeaderEncryption( |
| 740 kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, kTestKeyGcm256Len, | 717 SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, kTestKeyGcm256Len, |
| 741 CS_AEAD_AES_256_GCM); | 718 kTestKeyGcm256_2, kTestKeyGcm256Len, CS_AEAD_AES_256_GCM); |
| 742 } | 719 } |
| 743 | 720 |
| 744 // Run all tests both with and without external auth enabled. | 721 // Run all tests both with and without external auth enabled. |
| 745 INSTANTIATE_TEST_CASE_P(ExternalAuth, | 722 INSTANTIATE_TEST_CASE_P(ExternalAuth, |
| 746 SrtpFilterProtectSetParamsDirectTest, | 723 SrtpFilterProtectSetParamsDirectTest, |
| 747 ::testing::Values(true, false)); | 724 ::testing::Values(true, false)); |
| 748 | 725 |
| 749 // Test directly setting the params with bogus keys. | 726 // Test directly setting the params with bogus keys. |
| 750 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { | 727 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { |
| 751 EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 728 EXPECT_FALSE(f1_.SetRtpParams(SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 752 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, | 729 kTestKeyLen - 1, SRTP_AES128_CM_SHA1_80, |
| 753 kTestKey1, kTestKeyLen - 1)); | 730 kTestKey1, kTestKeyLen - 1)); |
| 754 EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, | 731 EXPECT_FALSE(f1_.SetRtcpParams(SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 755 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, | 732 kTestKeyLen - 1, SRTP_AES128_CM_SHA1_80, |
| 756 kTestKey1, kTestKeyLen - 1)); | 733 kTestKey1, kTestKeyLen - 1)); |
| 757 } | 734 } |
| 758 | 735 |
| 759 class SrtpSessionTest : public testing::Test { | 736 } // namespace rtc |
| 760 protected: | |
| 761 virtual void SetUp() { | |
| 762 rtp_len_ = sizeof(kPcmuFrame); | |
| 763 rtcp_len_ = sizeof(kRtcpReport); | |
| 764 memcpy(rtp_packet_, kPcmuFrame, rtp_len_); | |
| 765 memcpy(rtcp_packet_, kRtcpReport, rtcp_len_); | |
| 766 } | |
| 767 void TestProtectRtp(const std::string& cs) { | |
| 768 int out_len = 0; | |
| 769 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, | |
| 770 sizeof(rtp_packet_), &out_len)); | |
| 771 EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs)); | |
| 772 EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_)); | |
| 773 rtp_len_ = out_len; | |
| 774 } | |
| 775 void TestProtectRtcp(const std::string& cs) { | |
| 776 int out_len = 0; | |
| 777 EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, | |
| 778 sizeof(rtcp_packet_), &out_len)); | |
| 779 EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs)); // NOLINT | |
| 780 EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_)); | |
| 781 rtcp_len_ = out_len; | |
| 782 } | |
| 783 void TestUnprotectRtp(const std::string& cs) { | |
| 784 int out_len = 0, expected_len = sizeof(kPcmuFrame); | |
| 785 EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); | |
| 786 EXPECT_EQ(expected_len, out_len); | |
| 787 EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len)); | |
| 788 } | |
| 789 void TestUnprotectRtcp(const std::string& cs) { | |
| 790 int out_len = 0, expected_len = sizeof(kRtcpReport); | |
| 791 EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); | |
| 792 EXPECT_EQ(expected_len, out_len); | |
| 793 EXPECT_EQ(0, memcmp(rtcp_packet_, kRtcpReport, out_len)); | |
| 794 } | |
| 795 cricket::SrtpSession s1_; | |
| 796 cricket::SrtpSession s2_; | |
| 797 char rtp_packet_[sizeof(kPcmuFrame) + 10]; | |
| 798 char rtcp_packet_[sizeof(kRtcpReport) + 4 + 10]; | |
| 799 int rtp_len_; | |
| 800 int rtcp_len_; | |
| 801 }; | |
| 802 | |
| 803 // Test that we can set up the session and keys properly. | |
| 804 TEST_F(SrtpSessionTest, TestGoodSetup) { | |
| 805 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 806 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 807 } | |
| 808 | |
| 809 // Test that we can't change the keys once set. | |
| 810 TEST_F(SrtpSessionTest, TestBadSetup) { | |
| 811 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 812 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 813 EXPECT_FALSE( | |
| 814 s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen)); | |
| 815 EXPECT_FALSE( | |
| 816 s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen)); | |
| 817 } | |
| 818 | |
| 819 // Test that we fail keys of the wrong length. | |
| 820 TEST_F(SrtpSessionTest, TestKeysTooShort) { | |
| 821 EXPECT_FALSE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1)); | |
| 822 EXPECT_FALSE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1)); | |
| 823 } | |
| 824 | |
| 825 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80. | |
| 826 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { | |
| 827 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 828 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 829 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); | |
| 830 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); | |
| 831 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80); | |
| 832 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80); | |
| 833 } | |
| 834 | |
| 835 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32. | |
| 836 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { | |
| 837 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); | |
| 838 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); | |
| 839 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32); | |
| 840 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32); | |
| 841 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32); | |
| 842 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32); | |
| 843 } | |
| 844 | |
| 845 TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) { | |
| 846 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); | |
| 847 int64_t index; | |
| 848 int out_len = 0; | |
| 849 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, | |
| 850 sizeof(rtp_packet_), &out_len, &index)); | |
| 851 // |index| will be shifted by 16. | |
| 852 int64_t be64_index = static_cast<int64_t>(rtc::NetworkToHost64(1 << 16)); | |
| 853 EXPECT_EQ(be64_index, index); | |
| 854 } | |
| 855 | |
| 856 // Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods. | |
| 857 TEST_F(SrtpSessionTest, TestTamperReject) { | |
| 858 int out_len; | |
| 859 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 860 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 861 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); | |
| 862 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); | |
| 863 rtp_packet_[0] = 0x12; | |
| 864 rtcp_packet_[1] = 0x34; | |
| 865 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); | |
| 866 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); | |
| 867 } | |
| 868 | |
| 869 // Test that we fail to unprotect if the payloads are not authenticated. | |
| 870 TEST_F(SrtpSessionTest, TestUnencryptReject) { | |
| 871 int out_len; | |
| 872 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 873 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 874 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); | |
| 875 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); | |
| 876 } | |
| 877 | |
| 878 // Test that we fail when using buffers that are too small. | |
| 879 TEST_F(SrtpSessionTest, TestBuffersTooSmall) { | |
| 880 int out_len; | |
| 881 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 882 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, | |
| 883 sizeof(rtp_packet_) - 10, &out_len)); | |
| 884 EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, | |
| 885 sizeof(rtcp_packet_) - 14, &out_len)); | |
| 886 } | |
| 887 | |
| 888 TEST_F(SrtpSessionTest, TestReplay) { | |
| 889 static const uint16_t kMaxSeqnum = static_cast<uint16_t>(-1); | |
| 890 static const uint16_t seqnum_big = 62275; | |
| 891 static const uint16_t seqnum_small = 10; | |
| 892 static const uint16_t replay_window = 1024; | |
| 893 int out_len; | |
| 894 | |
| 895 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 896 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); | |
| 897 | |
| 898 // Initial sequence number. | |
| 899 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_big); | |
| 900 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), | |
| 901 &out_len)); | |
| 902 | |
| 903 // Replay within the 1024 window should succeed. | |
| 904 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, | |
| 905 seqnum_big - replay_window + 1); | |
| 906 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), | |
| 907 &out_len)); | |
| 908 | |
| 909 // Replay out side of the 1024 window should fail. | |
| 910 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, | |
| 911 seqnum_big - replay_window - 1); | |
| 912 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), | |
| 913 &out_len)); | |
| 914 | |
| 915 // Increment sequence number to a small number. | |
| 916 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_small); | |
| 917 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), | |
| 918 &out_len)); | |
| 919 | |
| 920 // Replay around 0 but out side of the 1024 window should fail. | |
| 921 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, | |
| 922 kMaxSeqnum + seqnum_small - replay_window - 1); | |
| 923 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), | |
| 924 &out_len)); | |
| 925 | |
| 926 // Replay around 0 but within the 1024 window should succeed. | |
| 927 for (uint16_t seqnum = 65000; seqnum < 65003; ++seqnum) { | |
| 928 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum); | |
| 929 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), | |
| 930 &out_len)); | |
| 931 } | |
| 932 | |
| 933 // Go back to normal sequence nubmer. | |
| 934 // NOTE: without the fix in libsrtp, this would fail. This is because | |
| 935 // without the fix, the loop above would keep incrementing local sequence | |
| 936 // number in libsrtp, eventually the new sequence number would go out side | |
| 937 // of the window. | |
| 938 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_small + 1); | |
| 939 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), | |
| 940 &out_len)); | |
| 941 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2976443002:
Move SrtpSession and tests to their own files. (Closed)
