| OLD | NEW |
|---|
| (Empty) | |
| 1 /* |
| 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. |
| 3 * |
| 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ |
| 10 |
| 11 #include "webrtc/pc/srtpsession.h" |
| 12 |
| 13 #include <string> |
| 14 |
| 15 #include "webrtc/media/base/fakertp.h" |
| 16 #include "webrtc/pc/srtptestutil.h" |
| 17 #include "webrtc/rtc_base/gunit.h" |
| 18 #include "webrtc/rtc_base/sslstreamadapter.h" // For rtc::SRTP_* |
| 19 |
| 20 namespace rtc { |
| 21 |
| 22 class SrtpSessionTest : public testing::Test { |
| 23 protected: |
| 24 virtual void SetUp() { |
| 25 rtp_len_ = sizeof(kPcmuFrame); |
| 26 rtcp_len_ = sizeof(kRtcpReport); |
| 27 memcpy(rtp_packet_, kPcmuFrame, rtp_len_); |
| 28 memcpy(rtcp_packet_, kRtcpReport, rtcp_len_); |
| 29 } |
| 30 void TestProtectRtp(const std::string& cs) { |
| 31 int out_len = 0; |
| 32 EXPECT_TRUE( |
| 33 s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len)); |
| 34 EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs)); |
| 35 EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_)); |
| 36 rtp_len_ = out_len; |
| 37 } |
| 38 void TestProtectRtcp(const std::string& cs) { |
| 39 int out_len = 0; |
| 40 EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, sizeof(rtcp_packet_), |
| 41 &out_len)); |
| 42 EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs)); // NOLINT |
| 43 EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_)); |
| 44 rtcp_len_ = out_len; |
| 45 } |
| 46 void TestUnprotectRtp(const std::string& cs) { |
| 47 int out_len = 0, expected_len = sizeof(kPcmuFrame); |
| 48 EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); |
| 49 EXPECT_EQ(expected_len, out_len); |
| 50 EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len)); |
| 51 } |
| 52 void TestUnprotectRtcp(const std::string& cs) { |
| 53 int out_len = 0, expected_len = sizeof(kRtcpReport); |
| 54 EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); |
| 55 EXPECT_EQ(expected_len, out_len); |
| 56 EXPECT_EQ(0, memcmp(rtcp_packet_, kRtcpReport, out_len)); |
| 57 } |
| 58 cricket::SrtpSession s1_; |
| 59 cricket::SrtpSession s2_; |
| 60 char rtp_packet_[sizeof(kPcmuFrame) + 10]; |
| 61 char rtcp_packet_[sizeof(kRtcpReport) + 4 + 10]; |
| 62 int rtp_len_; |
| 63 int rtcp_len_; |
| 64 }; |
| 65 |
| 66 // Test that we can set up the session and keys properly. |
| 67 TEST_F(SrtpSessionTest, TestGoodSetup) { |
| 68 EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 69 EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 70 } |
| 71 |
| 72 // Test that we can't change the keys once set. |
| 73 TEST_F(SrtpSessionTest, TestBadSetup) { |
| 74 EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 75 EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 76 EXPECT_FALSE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen)); |
| 77 EXPECT_FALSE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen)); |
| 78 } |
| 79 |
| 80 // Test that we fail keys of the wrong length. |
| 81 TEST_F(SrtpSessionTest, TestKeysTooShort) { |
| 82 EXPECT_FALSE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, 1)); |
| 83 EXPECT_FALSE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, 1)); |
| 84 } |
| 85 |
| 86 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80. |
| 87 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { |
| 88 EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 89 EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 90 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); |
| 91 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); |
| 92 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80); |
| 93 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80); |
| 94 } |
| 95 |
| 96 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32. |
| 97 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { |
| 98 EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); |
| 99 EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); |
| 100 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32); |
| 101 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32); |
| 102 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32); |
| 103 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32); |
| 104 } |
| 105 |
| 106 TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) { |
| 107 EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); |
| 108 int64_t index; |
| 109 int out_len = 0; |
| 110 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), |
| 111 &out_len, &index)); |
| 112 // |index| will be shifted by 16. |
| 113 int64_t be64_index = static_cast<int64_t>(NetworkToHost64(1 << 16)); |
| 114 EXPECT_EQ(be64_index, index); |
| 115 } |
| 116 |
| 117 // Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods. |
| 118 TEST_F(SrtpSessionTest, TestTamperReject) { |
| 119 int out_len; |
| 120 EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 121 EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 122 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); |
| 123 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); |
| 124 rtp_packet_[0] = 0x12; |
| 125 rtcp_packet_[1] = 0x34; |
| 126 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); |
| 127 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); |
| 128 } |
| 129 |
| 130 // Test that we fail to unprotect if the payloads are not authenticated. |
| 131 TEST_F(SrtpSessionTest, TestUnencryptReject) { |
| 132 int out_len; |
| 133 EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 134 EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 135 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); |
| 136 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); |
| 137 } |
| 138 |
| 139 // Test that we fail when using buffers that are too small. |
| 140 TEST_F(SrtpSessionTest, TestBuffersTooSmall) { |
| 141 int out_len; |
| 142 EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 143 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_) - 10, |
| 144 &out_len)); |
| 145 EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, |
| 146 sizeof(rtcp_packet_) - 14, &out_len)); |
| 147 } |
| 148 |
| 149 TEST_F(SrtpSessionTest, TestReplay) { |
| 150 static const uint16_t kMaxSeqnum = static_cast<uint16_t>(-1); |
| 151 static const uint16_t seqnum_big = 62275; |
| 152 static const uint16_t seqnum_small = 10; |
| 153 static const uint16_t replay_window = 1024; |
| 154 int out_len; |
| 155 |
| 156 EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 157 EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); |
| 158 |
| 159 // Initial sequence number. |
| 160 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_big); |
| 161 EXPECT_TRUE( |
| 162 s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len)); |
| 163 |
| 164 // Replay within the 1024 window should succeed. |
| 165 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, |
| 166 seqnum_big - replay_window + 1); |
| 167 EXPECT_TRUE( |
| 168 s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len)); |
| 169 |
| 170 // Replay out side of the 1024 window should fail. |
| 171 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, |
| 172 seqnum_big - replay_window - 1); |
| 173 EXPECT_FALSE( |
| 174 s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len)); |
| 175 |
| 176 // Increment sequence number to a small number. |
| 177 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_small); |
| 178 EXPECT_TRUE( |
| 179 s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len)); |
| 180 |
| 181 // Replay around 0 but out side of the 1024 window should fail. |
| 182 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, |
| 183 kMaxSeqnum + seqnum_small - replay_window - 1); |
| 184 EXPECT_FALSE( |
| 185 s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len)); |
| 186 |
| 187 // Replay around 0 but within the 1024 window should succeed. |
| 188 for (uint16_t seqnum = 65000; seqnum < 65003; ++seqnum) { |
| 189 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum); |
| 190 EXPECT_TRUE( |
| 191 s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len)); |
| 192 } |
| 193 |
| 194 // Go back to normal sequence nubmer. |
| 195 // NOTE: without the fix in libsrtp, this would fail. This is because |
| 196 // without the fix, the loop above would keep incrementing local sequence |
| 197 // number in libsrtp, eventually the new sequence number would go out side |
| 198 // of the window. |
| 199 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_small + 1); |
| 200 EXPECT_TRUE( |
| 201 s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len)); |
| 202 } |
| 203 |
| 204 } // namespace rtc |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2976443002:
Move SrtpSession and tests to their own files. (Closed)
