Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / webrtc / 2db1778d38064855f79ff76420de211e4c283540 / . / pc / srtpfilter_unittest.cc
blob: 017df5baf1f710387789c22a146231c8cd1a29f8 [file] [log] [blame]
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]1/*
kjellander65c7f672016-02-12 00:05:01 -0800[diff] [blame]2 * Copyright 2004 The WebRTC project authors. All Rights Reserved.
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]3 *
kjellander65c7f672016-02-12 00:05:01 -0800[diff] [blame]4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]9 */
10
jbauch5869f502017-06-29 12:31:36 -0700[diff] [blame]11#include <algorithm>
12
Mirko Bonadei92ea95e2017-09-15 06:47:31 +0200[diff] [blame]13#include "pc/srtpfilter.h"
mattdr0d8ade52016-10-25 09:47:26 -0700[diff] [blame]14
Patrik Höglund7aee3d52017-11-15 13:15:17 +0100[diff] [blame]15#include "api/cryptoparams.h"
Mirko Bonadei92ea95e2017-09-15 06:47:31 +0200[diff] [blame]16#include "rtc_base/gunit.h"
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]17
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]18using cricket::CryptoParams;
19using cricket::CS_LOCAL;
20using cricket::CS_REMOTE;
21
zstein4dde3df2017-07-07 14:26:25 -0700[diff] [blame]22namespace rtc {
23
Steve Anton36b29d12017-10-30 09:57:42 -0700[diff] [blame]24static const char kTestKeyParams1[] =
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]25 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
Steve Anton36b29d12017-10-30 09:57:42 -0700[diff] [blame]26static const char kTestKeyParams2[] =
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]27 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
Steve Anton36b29d12017-10-30 09:57:42 -0700[diff] [blame]28static const char kTestKeyParams3[] =
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]29 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
Steve Anton36b29d12017-10-30 09:57:42 -0700[diff] [blame]30static const char kTestKeyParams4[] =
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]31 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
Steve Anton36b29d12017-10-30 09:57:42 -0700[diff] [blame]32static const char kTestKeyParamsGcm1[] =
jbauchcb560652016-08-04 05:20:32 -0700[diff] [blame]33 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI=";
Steve Anton36b29d12017-10-30 09:57:42 -0700[diff] [blame]34static const char kTestKeyParamsGcm2[] =
jbauchcb560652016-08-04 05:20:32 -0700[diff] [blame]35 "inline:6X0oCd55zfz4VgtOwsuqcFq61275PDYN5uwuu3p7ZUHbfUY2FMpdP4m2PEo=";
Steve Anton36b29d12017-10-30 09:57:42 -0700[diff] [blame]36static const char kTestKeyParamsGcm3[] =
jbauchcb560652016-08-04 05:20:32 -0700[diff] [blame]37 "inline:YKlABGZWMgX32xuMotrG0v0T7G83veegaVzubQ==";
Steve Anton36b29d12017-10-30 09:57:42 -0700[diff] [blame]38static const char kTestKeyParamsGcm4[] =
jbauchcb560652016-08-04 05:20:32 -0700[diff] [blame]39 "inline:gJ6tWoUym2v+/F6xjr7xaxiS3QbJJozl3ZD/0A==";
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]40static const cricket::CryptoParams kTestCryptoParams1(
41 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams1, "");
42static const cricket::CryptoParams kTestCryptoParams2(
43 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams2, "");
jbauchcb560652016-08-04 05:20:32 -0700[diff] [blame]44static const cricket::CryptoParams kTestCryptoParamsGcm1(
45 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm1, "");
46static const cricket::CryptoParams kTestCryptoParamsGcm2(
47 1, "AEAD_AES_256_GCM", kTestKeyParamsGcm2, "");
48static const cricket::CryptoParams kTestCryptoParamsGcm3(
49 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm3, "");
50static const cricket::CryptoParams kTestCryptoParamsGcm4(
51 1, "AEAD_AES_128_GCM", kTestKeyParamsGcm4, "");
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]52
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]53class SrtpFilterTest : public testing::Test {
54 protected:
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]55 SrtpFilterTest() {}
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]56 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) {
57 std::vector<CryptoParams> vec;
58 vec.push_back(params);
59 return vec;
60 }
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]61
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]62 void TestSetParams(const std::vector<CryptoParams>& params1,
63 const std::vector<CryptoParams>& params2) {
64 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL));
65 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]66 EXPECT_FALSE(f1_.IsActive());
67 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]68 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL));
69 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE));
70 EXPECT_TRUE(f1_.IsActive());
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]71 EXPECT_TRUE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]72 }
jbauchdfcab722017-03-06 00:14:10 -0800[diff] [blame]73
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]74 void VerifyCryptoParamsMatch(const std::string& cs1, const std::string& cs2) {
75 EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs1), f1_.send_cipher_suite());
76 EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs2), f2_.send_cipher_suite());
77 EXPECT_TRUE(f1_.send_key() == f2_.recv_key());
78 EXPECT_TRUE(f2_.send_key() == f1_.recv_key());
jbauchdfcab722017-03-06 00:14:10 -0800[diff] [blame]79 }
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]80
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]81 cricket::SrtpFilter f1_;
82 cricket::SrtpFilter f2_;
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]83};
84
85// Test that we can set up the session and keys properly.
86TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) {
87 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]88 EXPECT_FALSE(f1_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]89 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
90 EXPECT_TRUE(f1_.IsActive());
91}
92
jbauchcb560652016-08-04 05:20:32 -0700[diff] [blame]93TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuiteGcm) {
94 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParamsGcm1), CS_LOCAL));
95 EXPECT_FALSE(f1_.IsActive());
96 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParamsGcm2), CS_REMOTE));
97 EXPECT_TRUE(f1_.IsActive());
98}
99
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]100// Test that we can set up things with multiple params.
101TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) {
102 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
103 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
104 offer.push_back(kTestCryptoParams1);
105 offer[1].tag = 2;
106 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
107 answer[0].tag = 2;
108 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
109 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]110 EXPECT_FALSE(f1_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]111 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
112 EXPECT_TRUE(f1_.IsActive());
113}
114
jbauchcb560652016-08-04 05:20:32 -0700[diff] [blame]115TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuitesGcm) {
116 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParamsGcm1));
117 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParamsGcm3));
118 offer.push_back(kTestCryptoParamsGcm4);
119 offer[1].tag = 2;
120 answer[0].tag = 2;
121 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
122 EXPECT_FALSE(f1_.IsActive());
123 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
124 EXPECT_TRUE(f1_.IsActive());
125}
126
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]127// Test that we handle the cases where crypto is not desired.
128TEST_F(SrtpFilterTest, TestGoodSetupNoCipherSuites) {
129 std::vector<CryptoParams> offer, answer;
130 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
131 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
132 EXPECT_FALSE(f1_.IsActive());
133}
134
135// Test that we handle the cases where crypto is not desired by the remote side.
136TEST_F(SrtpFilterTest, TestGoodSetupNoAnswerCipherSuites) {
137 std::vector<CryptoParams> answer;
138 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
139 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
140 EXPECT_FALSE(f1_.IsActive());
141}
142
143// Test that we fail if we call the functions the wrong way.
144TEST_F(SrtpFilterTest, TestBadSetup) {
145 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
146 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
147 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
148 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
149 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
150 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
151 EXPECT_FALSE(f1_.IsActive());
152}
153
154// Test that we can set offer multiple times from the same source.
155TEST_F(SrtpFilterTest, TestGoodSetupMultipleOffers) {
156 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
157 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]158 EXPECT_FALSE(f1_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]159 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
160 EXPECT_TRUE(f1_.IsActive());
161 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
162 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
163 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
164
165 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
166 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]167 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]168 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
169 EXPECT_TRUE(f2_.IsActive());
170 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
171 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
172 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
173}
174// Test that we can't set offer multiple times from different sources.
175TEST_F(SrtpFilterTest, TestBadSetupMultipleOffers) {
176 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
177 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]178 EXPECT_FALSE(f1_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]179 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams1), CS_REMOTE));
180 EXPECT_TRUE(f1_.IsActive());
181 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
182 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
183 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
184
185 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
186 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]187 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]188 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
189 EXPECT_TRUE(f2_.IsActive());
190 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
191 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
192 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
193}
194
195// Test that we fail if we have params in the answer when none were offered.
196TEST_F(SrtpFilterTest, TestNoAnswerCipherSuites) {
197 std::vector<CryptoParams> offer;
198 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
199 EXPECT_FALSE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
200 EXPECT_FALSE(f1_.IsActive());
201}
202
203// Test that we fail if we have too many params in our answer.
204TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) {
205 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
206 answer.push_back(kTestCryptoParams2);
207 answer[1].tag = 2;
208 answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
209 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
210 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
211 EXPECT_FALSE(f1_.IsActive());
212}
213
214// Test that we fail if we don't support the cipher-suite.
215TEST_F(SrtpFilterTest, TestInvalidCipherSuite) {
216 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
217 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
218 offer[0].cipher_suite = answer[0].cipher_suite = "FOO";
219 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
220 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
221 EXPECT_FALSE(f1_.IsActive());
222}
223
224// Test that we fail if we can't agree on a tag.
225TEST_F(SrtpFilterTest, TestNoMatchingTag) {
226 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
227 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
228 answer[0].tag = 99;
229 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
230 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
231 EXPECT_FALSE(f1_.IsActive());
232}
233
234// Test that we fail if we can't agree on a cipher-suite.
235TEST_F(SrtpFilterTest, TestNoMatchingCipherSuite) {
236 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
237 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
238 answer[0].tag = 2;
239 answer[0].cipher_suite = "FOO";
240 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
241 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
242 EXPECT_FALSE(f1_.IsActive());
243}
244
245// Test that we fail keys with bad base64 content.
246TEST_F(SrtpFilterTest, TestInvalidKeyData) {
247 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
248 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
249 answer[0].key_params = "inline:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
250 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
251 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
252 EXPECT_FALSE(f1_.IsActive());
253}
254
255// Test that we fail keys with the wrong key-method.
256TEST_F(SrtpFilterTest, TestWrongKeyMethod) {
257 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
258 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
259 answer[0].key_params = "outline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
260 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
261 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
262 EXPECT_FALSE(f1_.IsActive());
263}
264
265// Test that we fail keys of the wrong length.
266TEST_F(SrtpFilterTest, TestKeyTooShort) {
267 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
268 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
269 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtx";
270 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
271 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
272 EXPECT_FALSE(f1_.IsActive());
273}
274
275// Test that we fail keys of the wrong length.
276TEST_F(SrtpFilterTest, TestKeyTooLong) {
277 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
278 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
279 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBRABCD";
280 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
281 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
282 EXPECT_FALSE(f1_.IsActive());
283}
284
285// Test that we fail keys with lifetime or MKI set (since we don't support)
286TEST_F(SrtpFilterTest, TestUnsupportedOptions) {
287 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
288 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
289 answer[0].key_params =
290 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4";
291 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
292 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
293 EXPECT_FALSE(f1_.IsActive());
294}
295
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]296// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80.
297TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
298 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
299 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
300 offer.push_back(kTestCryptoParams1);
301 offer[1].tag = 2;
302 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
303 TestSetParams(offer, answer);
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]304 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
305 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]306}
307
308// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
309TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
310 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
311 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
312 offer.push_back(kTestCryptoParams1);
313 offer[1].tag = 2;
314 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
315 answer[0].tag = 2;
316 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
317 TestSetParams(offer, answer);
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]318 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
319 CS_AES_CM_128_HMAC_SHA1_32);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]320}
321
322// Test that we can change encryption parameters.
323TEST_F(SrtpFilterTest, TestChangeParameters) {
324 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
325 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
326
327 TestSetParams(offer, answer);
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]328 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
329 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]330
331 // Change the key parameters and cipher_suite.
332 offer[0].key_params = kTestKeyParams3;
333 offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
334 answer[0].key_params = kTestKeyParams4;
335 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
336
337 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
338 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
339 EXPECT_TRUE(f1_.IsActive());
340 EXPECT_TRUE(f1_.IsActive());
341
342 // Test that the old keys are valid until the negotiation is complete.
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]343 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
344 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]345
346 // Complete the negotiation and test that we can still understand each other.
347 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
348 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
349
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]350 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
351 CS_AES_CM_128_HMAC_SHA1_32);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]352}
353
354// Test that we can send and receive provisional answers with crypto enabled.
355// Also test that we can change the crypto.
356TEST_F(SrtpFilterTest, TestProvisionalAnswer) {
357 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
358 offer.push_back(kTestCryptoParams1);
359 offer[1].tag = 2;
360 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
361 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
362
363 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
364 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]365 EXPECT_FALSE(f1_.IsActive());
366 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]367 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
368 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
369 EXPECT_TRUE(f1_.IsActive());
370 EXPECT_TRUE(f2_.IsActive());
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]371 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
372 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]373
374 answer[0].key_params = kTestKeyParams4;
375 answer[0].tag = 2;
376 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
377 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
378 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
379 EXPECT_TRUE(f1_.IsActive());
380 EXPECT_TRUE(f2_.IsActive());
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]381 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
382 CS_AES_CM_128_HMAC_SHA1_32);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]383}
384
385// Test that a provisional answer doesn't need to contain a crypto.
386TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) {
387 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
388 std::vector<CryptoParams> answer;
389
390 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
391 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]392 EXPECT_FALSE(f1_.IsActive());
393 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]394 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
395 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
396 EXPECT_FALSE(f1_.IsActive());
397 EXPECT_FALSE(f2_.IsActive());
398
399 answer.push_back(kTestCryptoParams2);
400 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
401 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
402 EXPECT_TRUE(f1_.IsActive());
403 EXPECT_TRUE(f2_.IsActive());
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]404 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
405 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]406}
407
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]408// Test that if we get a new local offer after a provisional answer
409// with no crypto, that we are in an inactive state.
410TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) {
411 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
412 std::vector<CryptoParams> answer;
413
414 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
415 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
416 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
417 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
418 EXPECT_FALSE(f1_.IsActive());
419 EXPECT_FALSE(f2_.IsActive());
420 // The calls to set an offer after a provisional answer fail, so the
421 // state doesn't change.
422 EXPECT_FALSE(f1_.SetOffer(offer, CS_LOCAL));
423 EXPECT_FALSE(f2_.SetOffer(offer, CS_REMOTE));
424 EXPECT_FALSE(f1_.IsActive());
425 EXPECT_FALSE(f2_.IsActive());
426
427 answer.push_back(kTestCryptoParams2);
428 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
429 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
430 EXPECT_TRUE(f1_.IsActive());
431 EXPECT_TRUE(f2_.IsActive());
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]432 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
433 CS_AES_CM_128_HMAC_SHA1_80);
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29 +0000[diff] [blame]434}
435
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]436// Test that we can disable encryption.
437TEST_F(SrtpFilterTest, TestDisableEncryption) {
438 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
439 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
440
441 TestSetParams(offer, answer);
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]442 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
443 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]444
445 offer.clear();
446 answer.clear();
447 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
448 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
449 EXPECT_TRUE(f1_.IsActive());
450 EXPECT_TRUE(f2_.IsActive());
451
452 // Test that the old keys are valid until the negotiation is complete.
Zhi Huangcf990f52017-09-22 12:12:30 -0700[diff] [blame]453 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
454 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]455
456 // Complete the negotiation.
457 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
458 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
459
460 EXPECT_FALSE(f1_.IsActive());
461 EXPECT_FALSE(f2_.IsActive());
462}
463
zstein4dde3df2017-07-07 14:26:25 -0700[diff] [blame]464} // namespace rtc