OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. | 2 * Copyright 2004 The WebRTC project authors. All Rights Reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 #include <algorithm> | 11 #include <algorithm> |
12 | 12 |
13 #include "webrtc/pc/srtpfilter.h" | 13 #include "webrtc/pc/srtpfilter.h" |
14 | 14 |
15 #include "webrtc/media/base/cryptoparams.h" | 15 #include "webrtc/media/base/cryptoparams.h" |
16 #include "webrtc/media/base/fakertp.h" | |
17 #include "webrtc/p2p/base/sessiondescription.h" | |
18 #include "webrtc/pc/srtptestutil.h" | |
19 #include "webrtc/rtc_base/buffer.h" | |
20 #include "webrtc/rtc_base/byteorder.h" | |
21 #include "webrtc/rtc_base/constructormagic.h" | |
22 #include "webrtc/rtc_base/gunit.h" | 16 #include "webrtc/rtc_base/gunit.h" |
23 #include "webrtc/rtc_base/thread.h" | |
24 | 17 |
25 using cricket::CryptoParams; | 18 using cricket::CryptoParams; |
26 using cricket::CS_LOCAL; | 19 using cricket::CS_LOCAL; |
27 using cricket::CS_REMOTE; | 20 using cricket::CS_REMOTE; |
28 | 21 |
29 namespace rtc { | 22 namespace rtc { |
30 | 23 |
31 static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12"; | |
32 static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA"; | |
33 static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt. | |
34 static const uint8_t kTestKeyGcm256_1[] = | |
35 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr"; | |
36 static const uint8_t kTestKeyGcm256_2[] = | |
37 "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"; | |
38 static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt. | |
39 static const std::string kTestKeyParams1 = | 24 static const std::string kTestKeyParams1 = |
40 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; | 25 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; |
41 static const std::string kTestKeyParams2 = | 26 static const std::string kTestKeyParams2 = |
42 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; | 27 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; |
43 static const std::string kTestKeyParams3 = | 28 static const std::string kTestKeyParams3 = |
44 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; | 29 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; |
45 static const std::string kTestKeyParams4 = | 30 static const std::string kTestKeyParams4 = |
46 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; | 31 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; |
47 static const std::string kTestKeyParamsGcm1 = | 32 static const std::string kTestKeyParamsGcm1 = |
48 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI="; | 33 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI="; |
(...skipping 11 matching lines...) Expand all Loading... |
60 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); | 45 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, ""); |
61 static const cricket::CryptoParams kTestCryptoParamsGcm2( | 46 static const cricket::CryptoParams kTestCryptoParamsGcm2( |
62 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); | 47 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, ""); |
63 static const cricket::CryptoParams kTestCryptoParamsGcm3( | 48 static const cricket::CryptoParams kTestCryptoParamsGcm3( |
64 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); | 49 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, ""); |
65 static const cricket::CryptoParams kTestCryptoParamsGcm4( | 50 static const cricket::CryptoParams kTestCryptoParamsGcm4( |
66 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); | 51 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, ""); |
67 | 52 |
68 class SrtpFilterTest : public testing::Test { | 53 class SrtpFilterTest : public testing::Test { |
69 protected: | 54 protected: |
70 SrtpFilterTest() | 55 SrtpFilterTest() {} |
71 // Need to initialize |sequence_number_|, the value does not matter. | |
72 : sequence_number_(1) { | |
73 } | |
74 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { | 56 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { |
75 std::vector<CryptoParams> vec; | 57 std::vector<CryptoParams> vec; |
76 vec.push_back(params); | 58 vec.push_back(params); |
77 return vec; | 59 return vec; |
78 } | 60 } |
| 61 |
79 void TestSetParams(const std::vector<CryptoParams>& params1, | 62 void TestSetParams(const std::vector<CryptoParams>& params1, |
80 const std::vector<CryptoParams>& params2) { | 63 const std::vector<CryptoParams>& params2) { |
81 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); | 64 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); |
82 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); | 65 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); |
83 EXPECT_FALSE(f1_.IsActive()); | 66 EXPECT_FALSE(f1_.IsActive()); |
84 EXPECT_FALSE(f2_.IsActive()); | 67 EXPECT_FALSE(f2_.IsActive()); |
85 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); | 68 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); |
86 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); | 69 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); |
87 EXPECT_TRUE(f1_.IsActive()); | 70 EXPECT_TRUE(f1_.IsActive()); |
88 EXPECT_TRUE(f2_.IsActive()); | 71 EXPECT_TRUE(f2_.IsActive()); |
89 } | 72 } |
90 void TestRtpAuthParams(cricket::SrtpFilter* filter, const std::string& cs) { | |
91 int overhead; | |
92 EXPECT_TRUE(filter->GetSrtpOverhead(&overhead)); | |
93 switch (SrtpCryptoSuiteFromName(cs)) { | |
94 case SRTP_AES128_CM_SHA1_32: | |
95 EXPECT_EQ(32/8, overhead); // 32-bit tag. | |
96 break; | |
97 case SRTP_AES128_CM_SHA1_80: | |
98 EXPECT_EQ(80/8, overhead); // 80-bit tag. | |
99 break; | |
100 default: | |
101 RTC_NOTREACHED(); | |
102 break; | |
103 } | |
104 | 73 |
105 uint8_t* auth_key = nullptr; | 74 void VerifyCryptoParamsMatch(const std::string& cs1, const std::string& cs2) { |
106 int key_len = 0; | 75 EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs1), f1_.send_cipher_suite()); |
107 int tag_len = 0; | 76 EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs2), f2_.send_cipher_suite()); |
108 EXPECT_TRUE(filter->GetRtpAuthParams(&auth_key, &key_len, &tag_len)); | 77 EXPECT_TRUE(f1_.send_key() == f2_.recv_key()); |
109 EXPECT_NE(nullptr, auth_key); | 78 EXPECT_TRUE(f2_.send_key() == f1_.recv_key()); |
110 EXPECT_EQ(160/8, key_len); // Length of SHA-1 is 160 bits. | |
111 EXPECT_EQ(overhead, tag_len); | |
112 } | 79 } |
113 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { | |
114 Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1)); | |
115 char* rtp_packet = rtp_buffer.data<char>(); | |
116 char original_rtp_packet[sizeof(kPcmuFrame)]; | |
117 Buffer rtcp_buffer(sizeof(kRtcpReport) + 4 + rtcp_auth_tag_len(cs2)); | |
118 char* rtcp_packet = rtcp_buffer.data<char>(); | |
119 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; | |
120 memcpy(rtp_packet, kPcmuFrame, rtp_len); | |
121 // In order to be able to run this test function multiple times we can not | |
122 // use the same sequence number twice. Increase the sequence number by one. | |
123 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, ++sequence_number_); | |
124 memcpy(original_rtp_packet, rtp_packet, rtp_len); | |
125 memcpy(rtcp_packet, kRtcpReport, rtcp_len); | |
126 | 80 |
127 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, | |
128 static_cast<int>(rtp_buffer.size()), | |
129 &out_len)); | |
130 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); | |
131 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | |
132 if (!f1_.IsExternalAuthActive()) { | |
133 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); | |
134 EXPECT_EQ(rtp_len, out_len); | |
135 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | |
136 } else { | |
137 // With external auth enabled, SRTP doesn't write the auth tag and | |
138 // unprotect would fail. Check accessing the information about the | |
139 // tag instead, similar to what the actual code would do that relies | |
140 // on external auth. | |
141 TestRtpAuthParams(&f1_, cs1); | |
142 } | |
143 | |
144 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, | |
145 static_cast<int>(rtp_buffer.size()), | |
146 &out_len)); | |
147 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); | |
148 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | |
149 if (!f2_.IsExternalAuthActive()) { | |
150 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); | |
151 EXPECT_EQ(rtp_len, out_len); | |
152 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | |
153 } else { | |
154 TestRtpAuthParams(&f2_, cs2); | |
155 } | |
156 | |
157 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, | |
158 static_cast<int>(rtcp_buffer.size()), | |
159 &out_len)); | |
160 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT | |
161 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | |
162 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); | |
163 EXPECT_EQ(rtcp_len, out_len); | |
164 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | |
165 | |
166 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len, | |
167 static_cast<int>(rtcp_buffer.size()), | |
168 &out_len)); | |
169 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT | |
170 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | |
171 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); | |
172 EXPECT_EQ(rtcp_len, out_len); | |
173 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); | |
174 } | |
175 void TestProtectUnprotectHeaderEncryption(const std::string& cs1, | |
176 const std::string& cs2, | |
177 const std::vector<int>& encrypted_header_ids) { | |
178 Buffer rtp_buffer(sizeof(kPcmuFrameWithExtensions) + rtp_auth_tag_len(cs1)); | |
179 char* rtp_packet = rtp_buffer.data<char>(); | |
180 size_t rtp_packet_size = rtp_buffer.size(); | |
181 char original_rtp_packet[sizeof(kPcmuFrameWithExtensions)]; | |
182 size_t original_rtp_packet_size = sizeof(original_rtp_packet); | |
183 int rtp_len = sizeof(kPcmuFrameWithExtensions), out_len; | |
184 memcpy(rtp_packet, kPcmuFrameWithExtensions, rtp_len); | |
185 // In order to be able to run this test function multiple times we can not | |
186 // use the same sequence number twice. Increase the sequence number by one. | |
187 SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, ++sequence_number_); | |
188 memcpy(original_rtp_packet, rtp_packet, rtp_len); | |
189 | |
190 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, | |
191 static_cast<int>(rtp_buffer.size()), | |
192 &out_len)); | |
193 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); | |
194 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | |
195 CompareHeaderExtensions(rtp_packet, rtp_packet_size, | |
196 original_rtp_packet, original_rtp_packet_size, | |
197 encrypted_header_ids, false); | |
198 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); | |
199 EXPECT_EQ(rtp_len, out_len); | |
200 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | |
201 CompareHeaderExtensions(rtp_packet, rtp_packet_size, | |
202 original_rtp_packet, original_rtp_packet_size, | |
203 encrypted_header_ids, true); | |
204 | |
205 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, | |
206 static_cast<int>(rtp_buffer.size()), | |
207 &out_len)); | |
208 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); | |
209 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | |
210 CompareHeaderExtensions(rtp_packet, rtp_packet_size, | |
211 original_rtp_packet, original_rtp_packet_size, | |
212 encrypted_header_ids, false); | |
213 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); | |
214 EXPECT_EQ(rtp_len, out_len); | |
215 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); | |
216 CompareHeaderExtensions(rtp_packet, rtp_packet_size, | |
217 original_rtp_packet, original_rtp_packet_size, | |
218 encrypted_header_ids, true); | |
219 } | |
220 void TestProtectSetParamsDirect(bool enable_external_auth, int cs, | |
221 const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len, | |
222 const std::string& cs_name) { | |
223 EXPECT_EQ(key1_len, key2_len); | |
224 EXPECT_EQ(cs_name, SrtpCryptoSuiteToName(cs)); | |
225 if (enable_external_auth) { | |
226 f1_.EnableExternalAuth(); | |
227 f2_.EnableExternalAuth(); | |
228 } | |
229 EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len)); | |
230 EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len)); | |
231 EXPECT_TRUE(f1_.SetRtcpParams(cs, key1, key1_len, cs, key2, key2_len)); | |
232 EXPECT_TRUE(f2_.SetRtcpParams(cs, key2, key2_len, cs, key1, key1_len)); | |
233 EXPECT_TRUE(f1_.IsActive()); | |
234 EXPECT_TRUE(f2_.IsActive()); | |
235 if (IsGcmCryptoSuite(cs)) { | |
236 EXPECT_FALSE(f1_.IsExternalAuthActive()); | |
237 EXPECT_FALSE(f2_.IsExternalAuthActive()); | |
238 } else if (enable_external_auth) { | |
239 EXPECT_TRUE(f1_.IsExternalAuthActive()); | |
240 EXPECT_TRUE(f2_.IsExternalAuthActive()); | |
241 } | |
242 TestProtectUnprotect(cs_name, cs_name); | |
243 } | |
244 void TestProtectSetParamsDirectHeaderEncryption(int cs, | |
245 const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len, | |
246 const std::string& cs_name) { | |
247 std::vector<int> encrypted_headers; | |
248 encrypted_headers.push_back(1); | |
249 // Don't encrypt header ids 2 and 3. | |
250 encrypted_headers.push_back(4); | |
251 EXPECT_EQ(key1_len, key2_len); | |
252 EXPECT_EQ(cs_name, SrtpCryptoSuiteToName(cs)); | |
253 f1_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers); | |
254 f1_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers); | |
255 f2_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers); | |
256 f2_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers); | |
257 EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len)); | |
258 EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len)); | |
259 EXPECT_TRUE(f1_.IsActive()); | |
260 EXPECT_TRUE(f2_.IsActive()); | |
261 EXPECT_FALSE(f1_.IsExternalAuthActive()); | |
262 EXPECT_FALSE(f2_.IsExternalAuthActive()); | |
263 TestProtectUnprotectHeaderEncryption(cs_name, cs_name, encrypted_headers); | |
264 } | |
265 cricket::SrtpFilter f1_; | 81 cricket::SrtpFilter f1_; |
266 cricket::SrtpFilter f2_; | 82 cricket::SrtpFilter f2_; |
267 int sequence_number_; | |
268 }; | 83 }; |
269 | 84 |
270 // Test that we can set up the session and keys properly. | 85 // Test that we can set up the session and keys properly. |
271 TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) { | 86 TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) { |
272 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); | 87 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); |
273 EXPECT_FALSE(f1_.IsActive()); | 88 EXPECT_FALSE(f1_.IsActive()); |
274 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); | 89 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); |
275 EXPECT_TRUE(f1_.IsActive()); | 90 EXPECT_TRUE(f1_.IsActive()); |
276 } | 91 } |
277 | 92 |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
471 TEST_F(SrtpFilterTest, TestUnsupportedOptions) { | 286 TEST_F(SrtpFilterTest, TestUnsupportedOptions) { |
472 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); | 287 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); |
473 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); | 288 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); |
474 answer[0].key_params = | 289 answer[0].key_params = |
475 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4"; | 290 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4"; |
476 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); | 291 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); |
477 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); | 292 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); |
478 EXPECT_FALSE(f1_.IsActive()); | 293 EXPECT_FALSE(f1_.IsActive()); |
479 } | 294 } |
480 | 295 |
481 // Test that we can encrypt/decrypt after setting the same CryptoParams again on | |
482 // one side. | |
483 TEST_F(SrtpFilterTest, TestSettingSameKeyOnOneSide) { | |
484 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); | |
485 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); | |
486 TestSetParams(offer, answer); | |
487 | |
488 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, | |
489 CS_AES_CM_128_HMAC_SHA1_80); | |
490 | |
491 // Re-applying the same keys on one end and it should not reset the ROC. | |
492 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); | |
493 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); | |
494 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | |
495 } | |
496 | |
497 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80. | 296 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80. |
498 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { | 297 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { |
499 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); | 298 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); |
500 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); | 299 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); |
501 offer.push_back(kTestCryptoParams1); | 300 offer.push_back(kTestCryptoParams1); |
502 offer[1].tag = 2; | 301 offer[1].tag = 2; |
503 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; | 302 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; |
504 TestSetParams(offer, answer); | 303 TestSetParams(offer, answer); |
505 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 304 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, |
| 305 CS_AES_CM_128_HMAC_SHA1_80); |
506 } | 306 } |
507 | 307 |
508 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32. | 308 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32. |
509 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { | 309 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { |
510 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); | 310 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); |
511 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); | 311 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); |
512 offer.push_back(kTestCryptoParams1); | 312 offer.push_back(kTestCryptoParams1); |
513 offer[1].tag = 2; | 313 offer[1].tag = 2; |
514 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; | 314 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; |
515 answer[0].tag = 2; | 315 answer[0].tag = 2; |
516 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; | 316 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; |
517 TestSetParams(offer, answer); | 317 TestSetParams(offer, answer); |
518 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); | 318 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32, |
| 319 CS_AES_CM_128_HMAC_SHA1_32); |
519 } | 320 } |
520 | 321 |
521 // Test that we can change encryption parameters. | 322 // Test that we can change encryption parameters. |
522 TEST_F(SrtpFilterTest, TestChangeParameters) { | 323 TEST_F(SrtpFilterTest, TestChangeParameters) { |
523 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); | 324 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); |
524 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); | 325 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); |
525 | 326 |
526 TestSetParams(offer, answer); | 327 TestSetParams(offer, answer); |
527 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 328 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, |
| 329 CS_AES_CM_128_HMAC_SHA1_80); |
528 | 330 |
529 // Change the key parameters and cipher_suite. | 331 // Change the key parameters and cipher_suite. |
530 offer[0].key_params = kTestKeyParams3; | 332 offer[0].key_params = kTestKeyParams3; |
531 offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; | 333 offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; |
532 answer[0].key_params = kTestKeyParams4; | 334 answer[0].key_params = kTestKeyParams4; |
533 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; | 335 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; |
534 | 336 |
535 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); | 337 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); |
536 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); | 338 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); |
537 EXPECT_TRUE(f1_.IsActive()); | 339 EXPECT_TRUE(f1_.IsActive()); |
538 EXPECT_TRUE(f1_.IsActive()); | 340 EXPECT_TRUE(f1_.IsActive()); |
539 | 341 |
540 // Test that the old keys are valid until the negotiation is complete. | 342 // Test that the old keys are valid until the negotiation is complete. |
541 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 343 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, |
| 344 CS_AES_CM_128_HMAC_SHA1_80); |
542 | 345 |
543 // Complete the negotiation and test that we can still understand each other. | 346 // Complete the negotiation and test that we can still understand each other. |
544 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); | 347 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); |
545 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); | 348 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); |
546 | 349 |
547 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); | 350 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32, |
| 351 CS_AES_CM_128_HMAC_SHA1_32); |
548 } | 352 } |
549 | 353 |
550 // Test that we can send and receive provisional answers with crypto enabled. | 354 // Test that we can send and receive provisional answers with crypto enabled. |
551 // Also test that we can change the crypto. | 355 // Also test that we can change the crypto. |
552 TEST_F(SrtpFilterTest, TestProvisionalAnswer) { | 356 TEST_F(SrtpFilterTest, TestProvisionalAnswer) { |
553 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); | 357 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); |
554 offer.push_back(kTestCryptoParams1); | 358 offer.push_back(kTestCryptoParams1); |
555 offer[1].tag = 2; | 359 offer[1].tag = 2; |
556 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; | 360 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; |
557 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); | 361 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); |
558 | 362 |
559 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); | 363 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); |
560 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); | 364 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); |
561 EXPECT_FALSE(f1_.IsActive()); | 365 EXPECT_FALSE(f1_.IsActive()); |
562 EXPECT_FALSE(f2_.IsActive()); | 366 EXPECT_FALSE(f2_.IsActive()); |
563 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); | 367 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); |
564 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); | 368 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); |
565 EXPECT_TRUE(f1_.IsActive()); | 369 EXPECT_TRUE(f1_.IsActive()); |
566 EXPECT_TRUE(f2_.IsActive()); | 370 EXPECT_TRUE(f2_.IsActive()); |
567 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 371 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, |
| 372 CS_AES_CM_128_HMAC_SHA1_80); |
568 | 373 |
569 answer[0].key_params = kTestKeyParams4; | 374 answer[0].key_params = kTestKeyParams4; |
570 answer[0].tag = 2; | 375 answer[0].tag = 2; |
571 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; | 376 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; |
572 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); | 377 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); |
573 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); | 378 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); |
574 EXPECT_TRUE(f1_.IsActive()); | 379 EXPECT_TRUE(f1_.IsActive()); |
575 EXPECT_TRUE(f2_.IsActive()); | 380 EXPECT_TRUE(f2_.IsActive()); |
576 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); | 381 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32, |
| 382 CS_AES_CM_128_HMAC_SHA1_32); |
577 } | 383 } |
578 | 384 |
579 // Test that a provisional answer doesn't need to contain a crypto. | 385 // Test that a provisional answer doesn't need to contain a crypto. |
580 TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) { | 386 TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) { |
581 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); | 387 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); |
582 std::vector<CryptoParams> answer; | 388 std::vector<CryptoParams> answer; |
583 | 389 |
584 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); | 390 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); |
585 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); | 391 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); |
586 EXPECT_FALSE(f1_.IsActive()); | 392 EXPECT_FALSE(f1_.IsActive()); |
587 EXPECT_FALSE(f2_.IsActive()); | 393 EXPECT_FALSE(f2_.IsActive()); |
588 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); | 394 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); |
589 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); | 395 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); |
590 EXPECT_FALSE(f1_.IsActive()); | 396 EXPECT_FALSE(f1_.IsActive()); |
591 EXPECT_FALSE(f2_.IsActive()); | 397 EXPECT_FALSE(f2_.IsActive()); |
592 | 398 |
593 answer.push_back(kTestCryptoParams2); | 399 answer.push_back(kTestCryptoParams2); |
594 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); | 400 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); |
595 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); | 401 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); |
596 EXPECT_TRUE(f1_.IsActive()); | 402 EXPECT_TRUE(f1_.IsActive()); |
597 EXPECT_TRUE(f2_.IsActive()); | 403 EXPECT_TRUE(f2_.IsActive()); |
598 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 404 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, |
| 405 CS_AES_CM_128_HMAC_SHA1_80); |
599 } | 406 } |
600 | 407 |
601 // Test that if we get a new local offer after a provisional answer | 408 // Test that if we get a new local offer after a provisional answer |
602 // with no crypto, that we are in an inactive state. | 409 // with no crypto, that we are in an inactive state. |
603 TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) { | 410 TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) { |
604 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); | 411 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); |
605 std::vector<CryptoParams> answer; | 412 std::vector<CryptoParams> answer; |
606 | 413 |
607 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); | 414 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); |
608 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); | 415 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); |
609 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); | 416 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); |
610 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); | 417 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); |
611 EXPECT_FALSE(f1_.IsActive()); | 418 EXPECT_FALSE(f1_.IsActive()); |
612 EXPECT_FALSE(f2_.IsActive()); | 419 EXPECT_FALSE(f2_.IsActive()); |
613 // The calls to set an offer after a provisional answer fail, so the | 420 // The calls to set an offer after a provisional answer fail, so the |
614 // state doesn't change. | 421 // state doesn't change. |
615 EXPECT_FALSE(f1_.SetOffer(offer, CS_LOCAL)); | 422 EXPECT_FALSE(f1_.SetOffer(offer, CS_LOCAL)); |
616 EXPECT_FALSE(f2_.SetOffer(offer, CS_REMOTE)); | 423 EXPECT_FALSE(f2_.SetOffer(offer, CS_REMOTE)); |
617 EXPECT_FALSE(f1_.IsActive()); | 424 EXPECT_FALSE(f1_.IsActive()); |
618 EXPECT_FALSE(f2_.IsActive()); | 425 EXPECT_FALSE(f2_.IsActive()); |
619 | 426 |
620 answer.push_back(kTestCryptoParams2); | 427 answer.push_back(kTestCryptoParams2); |
621 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); | 428 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); |
622 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); | 429 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); |
623 EXPECT_TRUE(f1_.IsActive()); | 430 EXPECT_TRUE(f1_.IsActive()); |
624 EXPECT_TRUE(f2_.IsActive()); | 431 EXPECT_TRUE(f2_.IsActive()); |
625 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 432 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, |
| 433 CS_AES_CM_128_HMAC_SHA1_80); |
626 } | 434 } |
627 | 435 |
628 // Test that we can disable encryption. | 436 // Test that we can disable encryption. |
629 TEST_F(SrtpFilterTest, TestDisableEncryption) { | 437 TEST_F(SrtpFilterTest, TestDisableEncryption) { |
630 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); | 438 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); |
631 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); | 439 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); |
632 | 440 |
633 TestSetParams(offer, answer); | 441 TestSetParams(offer, answer); |
634 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 442 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, |
| 443 CS_AES_CM_128_HMAC_SHA1_80); |
635 | 444 |
636 offer.clear(); | 445 offer.clear(); |
637 answer.clear(); | 446 answer.clear(); |
638 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); | 447 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); |
639 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); | 448 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); |
640 EXPECT_TRUE(f1_.IsActive()); | 449 EXPECT_TRUE(f1_.IsActive()); |
641 EXPECT_TRUE(f2_.IsActive()); | 450 EXPECT_TRUE(f2_.IsActive()); |
642 | 451 |
643 // Test that the old keys are valid until the negotiation is complete. | 452 // Test that the old keys are valid until the negotiation is complete. |
644 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); | 453 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, |
| 454 CS_AES_CM_128_HMAC_SHA1_80); |
645 | 455 |
646 // Complete the negotiation. | 456 // Complete the negotiation. |
647 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); | 457 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); |
648 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); | 458 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); |
649 | 459 |
650 EXPECT_FALSE(f1_.IsActive()); | 460 EXPECT_FALSE(f1_.IsActive()); |
651 EXPECT_FALSE(f2_.IsActive()); | 461 EXPECT_FALSE(f2_.IsActive()); |
652 } | 462 } |
653 | 463 |
654 class SrtpFilterProtectSetParamsDirectTest | |
655 : public SrtpFilterTest, | |
656 public testing::WithParamInterface<bool> { | |
657 }; | |
658 | |
659 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80. | |
660 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_80) { | |
661 bool enable_external_auth = GetParam(); | |
662 TestProtectSetParamsDirect(enable_external_auth, SRTP_AES128_CM_SHA1_80, | |
663 kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, | |
664 CS_AES_CM_128_HMAC_SHA1_80); | |
665 } | |
666 | |
667 TEST_F(SrtpFilterTest, | |
668 TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_80) { | |
669 TestProtectSetParamsDirectHeaderEncryption( | |
670 SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, | |
671 CS_AES_CM_128_HMAC_SHA1_80); | |
672 } | |
673 | |
674 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32. | |
675 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_32) { | |
676 bool enable_external_auth = GetParam(); | |
677 TestProtectSetParamsDirect(enable_external_auth, SRTP_AES128_CM_SHA1_32, | |
678 kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, | |
679 CS_AES_CM_128_HMAC_SHA1_32); | |
680 } | |
681 | |
682 TEST_F(SrtpFilterTest, | |
683 TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_32) { | |
684 TestProtectSetParamsDirectHeaderEncryption( | |
685 SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, | |
686 CS_AES_CM_128_HMAC_SHA1_32); | |
687 } | |
688 | |
689 // Test directly setting the params with SRTP_AEAD_AES_128_GCM. | |
690 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_128_GCM) { | |
691 bool enable_external_auth = GetParam(); | |
692 TestProtectSetParamsDirect(enable_external_auth, SRTP_AEAD_AES_128_GCM, | |
693 kTestKeyGcm128_1, kTestKeyGcm128Len, | |
694 kTestKeyGcm128_2, kTestKeyGcm128Len, | |
695 CS_AEAD_AES_128_GCM); | |
696 } | |
697 | |
698 TEST_F(SrtpFilterTest, | |
699 TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_128_GCM) { | |
700 TestProtectSetParamsDirectHeaderEncryption( | |
701 SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, kTestKeyGcm128Len, | |
702 kTestKeyGcm128_2, kTestKeyGcm128Len, CS_AEAD_AES_128_GCM); | |
703 } | |
704 | |
705 // Test directly setting the params with SRTP_AEAD_AES_256_GCM. | |
706 TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_256_GCM) { | |
707 bool enable_external_auth = GetParam(); | |
708 TestProtectSetParamsDirect(enable_external_auth, SRTP_AEAD_AES_256_GCM, | |
709 kTestKeyGcm256_1, kTestKeyGcm256Len, | |
710 kTestKeyGcm256_2, kTestKeyGcm256Len, | |
711 CS_AEAD_AES_256_GCM); | |
712 } | |
713 | |
714 TEST_F(SrtpFilterTest, | |
715 TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_256_GCM) { | |
716 TestProtectSetParamsDirectHeaderEncryption( | |
717 SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, kTestKeyGcm256Len, | |
718 kTestKeyGcm256_2, kTestKeyGcm256Len, CS_AEAD_AES_256_GCM); | |
719 } | |
720 | |
721 // Run all tests both with and without external auth enabled. | |
722 INSTANTIATE_TEST_CASE_P(ExternalAuth, | |
723 SrtpFilterProtectSetParamsDirectTest, | |
724 ::testing::Values(true, false)); | |
725 | |
726 // Test directly setting the params with bogus keys. | |
727 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { | |
728 EXPECT_FALSE(f1_.SetRtpParams(SRTP_AES128_CM_SHA1_80, kTestKey1, | |
729 kTestKeyLen - 1, SRTP_AES128_CM_SHA1_80, | |
730 kTestKey1, kTestKeyLen - 1)); | |
731 EXPECT_FALSE(f1_.SetRtcpParams(SRTP_AES128_CM_SHA1_80, kTestKey1, | |
732 kTestKeyLen - 1, SRTP_AES128_CM_SHA1_80, | |
733 kTestKey1, kTestKeyLen - 1)); | |
734 } | |
735 | |
736 } // namespace rtc | 464 } // namespace rtc |
OLD | NEW |