| Index: pc/srtpfilter_unittest.cc
|
| diff --git a/pc/srtpfilter_unittest.cc b/pc/srtpfilter_unittest.cc
|
| index a71762c54e8d74b5a0502ab455de134ac90e44f3..75a4e39f267b2f002427f14b0758c898a0e8a29f 100644
|
| --- a/pc/srtpfilter_unittest.cc
|
| +++ b/pc/srtpfilter_unittest.cc
|
| @@ -13,7 +13,14 @@
|
| #include "pc/srtpfilter.h"
|
|
|
| #include "media/base/cryptoparams.h"
|
| +#include "media/base/fakertp.h"
|
| +#include "p2p/base/sessiondescription.h"
|
| +#include "pc/srtptestutil.h"
|
| +#include "rtc_base/buffer.h"
|
| +#include "rtc_base/byteorder.h"
|
| +#include "rtc_base/constructormagic.h"
|
| #include "rtc_base/gunit.h"
|
| +#include "rtc_base/thread.h"
|
|
|
| using cricket::CryptoParams;
|
| using cricket::CS_LOCAL;
|
| @@ -21,6 +28,14 @@ using cricket::CS_REMOTE;
|
|
|
| namespace rtc {
|
|
|
| +static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12";
|
| +static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA";
|
| +static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt.
|
| +static const uint8_t kTestKeyGcm256_1[] =
|
| + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr";
|
| +static const uint8_t kTestKeyGcm256_2[] =
|
| + "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA";
|
| +static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt.
|
| static const std::string kTestKeyParams1 =
|
| "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
|
| static const std::string kTestKeyParams2 =
|
| @@ -52,13 +67,14 @@ static const cricket::CryptoParams kTestCryptoParamsGcm4(
|
|
|
| class SrtpFilterTest : public testing::Test {
|
| protected:
|
| - SrtpFilterTest() {}
|
| + SrtpFilterTest()
|
| + // Need to initialize |sequence_number_|, the value does not matter.
|
| + : sequence_number_(1) {}
|
| static std::vector<CryptoParams> MakeVector(const CryptoParams& params) {
|
| std::vector<CryptoParams> vec;
|
| vec.push_back(params);
|
| return vec;
|
| }
|
| -
|
| void TestSetParams(const std::vector<CryptoParams>& params1,
|
| const std::vector<CryptoParams>& params2) {
|
| EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL));
|
| @@ -70,16 +86,186 @@ class SrtpFilterTest : public testing::Test {
|
| EXPECT_TRUE(f1_.IsActive());
|
| EXPECT_TRUE(f2_.IsActive());
|
| }
|
| -
|
| - void VerifyCryptoParamsMatch(const std::string& cs1, const std::string& cs2) {
|
| - EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs1), f1_.send_cipher_suite());
|
| - EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs2), f2_.send_cipher_suite());
|
| - EXPECT_TRUE(f1_.send_key() == f2_.recv_key());
|
| - EXPECT_TRUE(f2_.send_key() == f1_.recv_key());
|
| + void TestRtpAuthParams(cricket::SrtpFilter* filter, const std::string& cs) {
|
| + int overhead;
|
| + EXPECT_TRUE(filter->GetSrtpOverhead(&overhead));
|
| + switch (SrtpCryptoSuiteFromName(cs)) {
|
| + case SRTP_AES128_CM_SHA1_32:
|
| + EXPECT_EQ(32 / 8, overhead); // 32-bit tag.
|
| + break;
|
| + case SRTP_AES128_CM_SHA1_80:
|
| + EXPECT_EQ(80 / 8, overhead); // 80-bit tag.
|
| + break;
|
| + default:
|
| + RTC_NOTREACHED();
|
| + break;
|
| + }
|
| +
|
| + uint8_t* auth_key = nullptr;
|
| + int key_len = 0;
|
| + int tag_len = 0;
|
| + EXPECT_TRUE(filter->GetRtpAuthParams(&auth_key, &key_len, &tag_len));
|
| + EXPECT_NE(nullptr, auth_key);
|
| + EXPECT_EQ(160 / 8, key_len); // Length of SHA-1 is 160 bits.
|
| + EXPECT_EQ(overhead, tag_len);
|
| + }
|
| + void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) {
|
| + Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1));
|
| + char* rtp_packet = rtp_buffer.data<char>();
|
| + char original_rtp_packet[sizeof(kPcmuFrame)];
|
| + Buffer rtcp_buffer(sizeof(kRtcpReport) + 4 + rtcp_auth_tag_len(cs2));
|
| + char* rtcp_packet = rtcp_buffer.data<char>();
|
| + int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len;
|
| + memcpy(rtp_packet, kPcmuFrame, rtp_len);
|
| + // In order to be able to run this test function multiple times we can not
|
| + // use the same sequence number twice. Increase the sequence number by one.
|
| + SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, ++sequence_number_);
|
| + memcpy(original_rtp_packet, rtp_packet, rtp_len);
|
| + memcpy(rtcp_packet, kRtcpReport, rtcp_len);
|
| +
|
| + EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len,
|
| + static_cast<int>(rtp_buffer.size()), &out_len));
|
| + EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
|
| + EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + if (!f1_.IsExternalAuthActive()) {
|
| + EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
|
| + EXPECT_EQ(rtp_len, out_len);
|
| + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + } else {
|
| + // With external auth enabled, SRTP doesn't write the auth tag and
|
| + // unprotect would fail. Check accessing the information about the
|
| + // tag instead, similar to what the actual code would do that relies
|
| + // on external auth.
|
| + TestRtpAuthParams(&f1_, cs1);
|
| + }
|
| +
|
| + EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
|
| + static_cast<int>(rtp_buffer.size()), &out_len));
|
| + EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
|
| + EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + if (!f2_.IsExternalAuthActive()) {
|
| + EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
|
| + EXPECT_EQ(rtp_len, out_len);
|
| + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + } else {
|
| + TestRtpAuthParams(&f2_, cs2);
|
| + }
|
| +
|
| + EXPECT_TRUE(f1_.ProtectRtcp(
|
| + rtcp_packet, rtcp_len, static_cast<int>(rtcp_buffer.size()), &out_len));
|
| + EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT
|
| + EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
|
| + EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
|
| + EXPECT_EQ(rtcp_len, out_len);
|
| + EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
|
| +
|
| + EXPECT_TRUE(f2_.ProtectRtcp(
|
| + rtcp_packet, rtcp_len, static_cast<int>(rtcp_buffer.size()), &out_len));
|
| + EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT
|
| + EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
|
| + EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
|
| + EXPECT_EQ(rtcp_len, out_len);
|
| + EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
|
| + }
|
| + void TestProtectUnprotectHeaderEncryption(
|
| + const std::string& cs1,
|
| + const std::string& cs2,
|
| + const std::vector<int>& encrypted_header_ids) {
|
| + Buffer rtp_buffer(sizeof(kPcmuFrameWithExtensions) + rtp_auth_tag_len(cs1));
|
| + char* rtp_packet = rtp_buffer.data<char>();
|
| + size_t rtp_packet_size = rtp_buffer.size();
|
| + char original_rtp_packet[sizeof(kPcmuFrameWithExtensions)];
|
| + size_t original_rtp_packet_size = sizeof(original_rtp_packet);
|
| + int rtp_len = sizeof(kPcmuFrameWithExtensions), out_len;
|
| + memcpy(rtp_packet, kPcmuFrameWithExtensions, rtp_len);
|
| + // In order to be able to run this test function multiple times we can not
|
| + // use the same sequence number twice. Increase the sequence number by one.
|
| + SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, ++sequence_number_);
|
| + memcpy(original_rtp_packet, rtp_packet, rtp_len);
|
| +
|
| + EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len,
|
| + static_cast<int>(rtp_buffer.size()), &out_len));
|
| + EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
|
| + EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + CompareHeaderExtensions(rtp_packet, rtp_packet_size, original_rtp_packet,
|
| + original_rtp_packet_size, encrypted_header_ids,
|
| + false);
|
| + EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
|
| + EXPECT_EQ(rtp_len, out_len);
|
| + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + CompareHeaderExtensions(rtp_packet, rtp_packet_size, original_rtp_packet,
|
| + original_rtp_packet_size, encrypted_header_ids,
|
| + true);
|
| +
|
| + EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
|
| + static_cast<int>(rtp_buffer.size()), &out_len));
|
| + EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
|
| + EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + CompareHeaderExtensions(rtp_packet, rtp_packet_size, original_rtp_packet,
|
| + original_rtp_packet_size, encrypted_header_ids,
|
| + false);
|
| + EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
|
| + EXPECT_EQ(rtp_len, out_len);
|
| + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
|
| + CompareHeaderExtensions(rtp_packet, rtp_packet_size, original_rtp_packet,
|
| + original_rtp_packet_size, encrypted_header_ids,
|
| + true);
|
| + }
|
| + void TestProtectSetParamsDirect(bool enable_external_auth,
|
| + int cs,
|
| + const uint8_t* key1,
|
| + int key1_len,
|
| + const uint8_t* key2,
|
| + int key2_len,
|
| + const std::string& cs_name) {
|
| + EXPECT_EQ(key1_len, key2_len);
|
| + EXPECT_EQ(cs_name, SrtpCryptoSuiteToName(cs));
|
| + if (enable_external_auth) {
|
| + f1_.EnableExternalAuth();
|
| + f2_.EnableExternalAuth();
|
| + }
|
| + EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len));
|
| + EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len));
|
| + EXPECT_TRUE(f1_.SetRtcpParams(cs, key1, key1_len, cs, key2, key2_len));
|
| + EXPECT_TRUE(f2_.SetRtcpParams(cs, key2, key2_len, cs, key1, key1_len));
|
| + EXPECT_TRUE(f1_.IsActive());
|
| + EXPECT_TRUE(f2_.IsActive());
|
| + if (IsGcmCryptoSuite(cs)) {
|
| + EXPECT_FALSE(f1_.IsExternalAuthActive());
|
| + EXPECT_FALSE(f2_.IsExternalAuthActive());
|
| + } else if (enable_external_auth) {
|
| + EXPECT_TRUE(f1_.IsExternalAuthActive());
|
| + EXPECT_TRUE(f2_.IsExternalAuthActive());
|
| + }
|
| + TestProtectUnprotect(cs_name, cs_name);
|
| + }
|
| + void TestProtectSetParamsDirectHeaderEncryption(int cs,
|
| + const uint8_t* key1,
|
| + int key1_len,
|
| + const uint8_t* key2,
|
| + int key2_len,
|
| + const std::string& cs_name) {
|
| + std::vector<int> encrypted_headers;
|
| + encrypted_headers.push_back(1);
|
| + // Don't encrypt header ids 2 and 3.
|
| + encrypted_headers.push_back(4);
|
| + EXPECT_EQ(key1_len, key2_len);
|
| + EXPECT_EQ(cs_name, SrtpCryptoSuiteToName(cs));
|
| + f1_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers);
|
| + f1_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers);
|
| + f2_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers);
|
| + f2_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers);
|
| + EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len));
|
| + EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len));
|
| + EXPECT_TRUE(f1_.IsActive());
|
| + EXPECT_TRUE(f2_.IsActive());
|
| + EXPECT_FALSE(f1_.IsExternalAuthActive());
|
| + EXPECT_FALSE(f2_.IsExternalAuthActive());
|
| + TestProtectUnprotectHeaderEncryption(cs_name, cs_name, encrypted_headers);
|
| }
|
| -
|
| cricket::SrtpFilter f1_;
|
| cricket::SrtpFilter f2_;
|
| + int sequence_number_;
|
| };
|
|
|
| // Test that we can set up the session and keys properly.
|
| @@ -293,6 +479,21 @@ TEST_F(SrtpFilterTest, TestUnsupportedOptions) {
|
| EXPECT_FALSE(f1_.IsActive());
|
| }
|
|
|
| +// Test that we can encrypt/decrypt after setting the same CryptoParams again on
|
| +// one side.
|
| +TEST_F(SrtpFilterTest, TestSettingSameKeyOnOneSide) {
|
| + std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
|
| + std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
|
| + TestSetParams(offer, answer);
|
| +
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
| +
|
| + // Re-applying the same keys on one end and it should not reset the ROC.
|
| + EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
|
| + EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
| +}
|
| +
|
| // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80.
|
| TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
|
| std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
|
| @@ -301,8 +502,7 @@ TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
|
| offer[1].tag = 2;
|
| offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
|
| TestSetParams(offer, answer);
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
|
| - CS_AES_CM_128_HMAC_SHA1_80);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
| }
|
|
|
| // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
|
| @@ -315,8 +515,7 @@ TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
|
| answer[0].tag = 2;
|
| answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
|
| TestSetParams(offer, answer);
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
|
| - CS_AES_CM_128_HMAC_SHA1_32);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
|
| }
|
|
|
| // Test that we can change encryption parameters.
|
| @@ -325,8 +524,7 @@ TEST_F(SrtpFilterTest, TestChangeParameters) {
|
| std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
|
|
|
| TestSetParams(offer, answer);
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
|
| - CS_AES_CM_128_HMAC_SHA1_80);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
|
|
| // Change the key parameters and cipher_suite.
|
| offer[0].key_params = kTestKeyParams3;
|
| @@ -340,15 +538,13 @@ TEST_F(SrtpFilterTest, TestChangeParameters) {
|
| EXPECT_TRUE(f1_.IsActive());
|
|
|
| // Test that the old keys are valid until the negotiation is complete.
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
|
| - CS_AES_CM_128_HMAC_SHA1_80);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
|
|
| // Complete the negotiation and test that we can still understand each other.
|
| EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
|
| EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
|
|
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
|
| - CS_AES_CM_128_HMAC_SHA1_32);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
|
| }
|
|
|
| // Test that we can send and receive provisional answers with crypto enabled.
|
| @@ -368,8 +564,7 @@ TEST_F(SrtpFilterTest, TestProvisionalAnswer) {
|
| EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
|
| EXPECT_TRUE(f1_.IsActive());
|
| EXPECT_TRUE(f2_.IsActive());
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
|
| - CS_AES_CM_128_HMAC_SHA1_80);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
|
|
| answer[0].key_params = kTestKeyParams4;
|
| answer[0].tag = 2;
|
| @@ -378,8 +573,7 @@ TEST_F(SrtpFilterTest, TestProvisionalAnswer) {
|
| EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
|
| EXPECT_TRUE(f1_.IsActive());
|
| EXPECT_TRUE(f2_.IsActive());
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
|
| - CS_AES_CM_128_HMAC_SHA1_32);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
|
| }
|
|
|
| // Test that a provisional answer doesn't need to contain a crypto.
|
| @@ -401,8 +595,7 @@ TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) {
|
| EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
|
| EXPECT_TRUE(f1_.IsActive());
|
| EXPECT_TRUE(f2_.IsActive());
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
|
| - CS_AES_CM_128_HMAC_SHA1_80);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
| }
|
|
|
| // Test that if we get a new local offer after a provisional answer
|
| @@ -429,8 +622,7 @@ TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) {
|
| EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
|
| EXPECT_TRUE(f1_.IsActive());
|
| EXPECT_TRUE(f2_.IsActive());
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
|
| - CS_AES_CM_128_HMAC_SHA1_80);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
| }
|
|
|
| // Test that we can disable encryption.
|
| @@ -439,8 +631,7 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) {
|
| std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
|
|
|
| TestSetParams(offer, answer);
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
|
| - CS_AES_CM_128_HMAC_SHA1_80);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
|
|
| offer.clear();
|
| answer.clear();
|
| @@ -450,8 +641,7 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) {
|
| EXPECT_TRUE(f2_.IsActive());
|
|
|
| // Test that the old keys are valid until the negotiation is complete.
|
| - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
|
| - CS_AES_CM_128_HMAC_SHA1_80);
|
| + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
|
|
|
| // Complete the negotiation.
|
| EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
|
| @@ -461,4 +651,85 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) {
|
| EXPECT_FALSE(f2_.IsActive());
|
| }
|
|
|
| +class SrtpFilterProtectSetParamsDirectTest
|
| + : public SrtpFilterTest,
|
| + public testing::WithParamInterface<bool> {};
|
| +
|
| +// Test directly setting the params with AES_CM_128_HMAC_SHA1_80.
|
| +TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_80) {
|
| + bool enable_external_auth = GetParam();
|
| + TestProtectSetParamsDirect(enable_external_auth, SRTP_AES128_CM_SHA1_80,
|
| + kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
|
| + CS_AES_CM_128_HMAC_SHA1_80);
|
| +}
|
| +
|
| +TEST_F(SrtpFilterTest,
|
| + TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_80) {
|
| + TestProtectSetParamsDirectHeaderEncryption(
|
| + SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
|
| + CS_AES_CM_128_HMAC_SHA1_80);
|
| +}
|
| +
|
| +// Test directly setting the params with AES_CM_128_HMAC_SHA1_32.
|
| +TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_32) {
|
| + bool enable_external_auth = GetParam();
|
| + TestProtectSetParamsDirect(enable_external_auth, SRTP_AES128_CM_SHA1_32,
|
| + kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
|
| + CS_AES_CM_128_HMAC_SHA1_32);
|
| +}
|
| +
|
| +TEST_F(SrtpFilterTest,
|
| + TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_32) {
|
| + TestProtectSetParamsDirectHeaderEncryption(
|
| + SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
|
| + CS_AES_CM_128_HMAC_SHA1_32);
|
| +}
|
| +
|
| +// Test directly setting the params with SRTP_AEAD_AES_128_GCM.
|
| +TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_128_GCM) {
|
| + bool enable_external_auth = GetParam();
|
| + TestProtectSetParamsDirect(enable_external_auth, SRTP_AEAD_AES_128_GCM,
|
| + kTestKeyGcm128_1, kTestKeyGcm128Len,
|
| + kTestKeyGcm128_2, kTestKeyGcm128Len,
|
| + CS_AEAD_AES_128_GCM);
|
| +}
|
| +
|
| +TEST_F(SrtpFilterTest,
|
| + TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_128_GCM) {
|
| + TestProtectSetParamsDirectHeaderEncryption(
|
| + SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, kTestKeyGcm128Len,
|
| + kTestKeyGcm128_2, kTestKeyGcm128Len, CS_AEAD_AES_128_GCM);
|
| +}
|
| +
|
| +// Test directly setting the params with SRTP_AEAD_AES_256_GCM.
|
| +TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_256_GCM) {
|
| + bool enable_external_auth = GetParam();
|
| + TestProtectSetParamsDirect(enable_external_auth, SRTP_AEAD_AES_256_GCM,
|
| + kTestKeyGcm256_1, kTestKeyGcm256Len,
|
| + kTestKeyGcm256_2, kTestKeyGcm256Len,
|
| + CS_AEAD_AES_256_GCM);
|
| +}
|
| +
|
| +TEST_F(SrtpFilterTest,
|
| + TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_256_GCM) {
|
| + TestProtectSetParamsDirectHeaderEncryption(
|
| + SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, kTestKeyGcm256Len,
|
| + kTestKeyGcm256_2, kTestKeyGcm256Len, CS_AEAD_AES_256_GCM);
|
| +}
|
| +
|
| +// Run all tests both with and without external auth enabled.
|
| +INSTANTIATE_TEST_CASE_P(ExternalAuth,
|
| + SrtpFilterProtectSetParamsDirectTest,
|
| + ::testing::Values(true, false));
|
| +
|
| +// Test directly setting the params with bogus keys.
|
| +TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
|
| + EXPECT_FALSE(f1_.SetRtpParams(SRTP_AES128_CM_SHA1_80, kTestKey1,
|
| + kTestKeyLen - 1, SRTP_AES128_CM_SHA1_80,
|
| + kTestKey1, kTestKeyLen - 1));
|
| + EXPECT_FALSE(f1_.SetRtcpParams(SRTP_AES128_CM_SHA1_80, kTestKey1,
|
| + kTestKeyLen - 1, SRTP_AES128_CM_SHA1_80,
|
| + kTestKey1, kTestKeyLen - 1));
|
| +}
|
| +
|
| } // namespace rtc
|
|
|
Chromium Code Reviews
Issue 3018513002:
Revert of Completed the functionalities of SrtpTransport. (Closed)
