zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2017 The WebRTC project authors. All Rights Reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 11 | #include <vector> |
| 12 | |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 13 | #include "pc/srtptransport.h" |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 14 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 15 | #include "media/base/fakertp.h" |
| 16 | #include "p2p/base/dtlstransportinternal.h" |
| 17 | #include "p2p/base/fakepackettransport.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 18 | #include "pc/rtptransport.h" |
| 19 | #include "pc/rtptransporttestutil.h" |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 20 | #include "pc/srtptestutil.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 21 | #include "rtc_base/asyncpacketsocket.h" |
| 22 | #include "rtc_base/gunit.h" |
| 23 | #include "rtc_base/ptr_util.h" |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 24 | #include "rtc_base/sslstreamadapter.h" |
| 25 | |
| 26 | using rtc::kTestKey1; |
| 27 | using rtc::kTestKey2; |
| 28 | using rtc::kTestKeyLen; |
| 29 | using rtc::SRTP_AEAD_AES_128_GCM; |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 30 | |
| 31 | namespace webrtc { |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 32 | static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12"; |
| 33 | static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 34 | static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt. |
| 35 | static const uint8_t kTestKeyGcm256_1[] = |
| 36 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr"; |
| 37 | static const uint8_t kTestKeyGcm256_2[] = |
| 38 | "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 39 | static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt. |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 40 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 41 | class SrtpTransportTest : public testing::Test, public sigslot::has_slots<> { |
| 42 | protected: |
| 43 | SrtpTransportTest() { |
| 44 | bool rtcp_mux_enabled = true; |
| 45 | auto rtp_transport1 = rtc::MakeUnique<RtpTransport>(rtcp_mux_enabled); |
| 46 | auto rtp_transport2 = rtc::MakeUnique<RtpTransport>(rtcp_mux_enabled); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 47 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 48 | rtp_packet_transport1_ = |
| 49 | rtc::MakeUnique<rtc::FakePacketTransport>("fake_packet_transport1"); |
| 50 | rtp_packet_transport2_ = |
| 51 | rtc::MakeUnique<rtc::FakePacketTransport>("fake_packet_transport2"); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 52 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 53 | bool asymmetric = false; |
| 54 | rtp_packet_transport1_->SetDestination(rtp_packet_transport2_.get(), |
| 55 | asymmetric); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 56 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 57 | rtp_transport1->SetRtpPacketTransport(rtp_packet_transport1_.get()); |
| 58 | rtp_transport2->SetRtpPacketTransport(rtp_packet_transport2_.get()); |
| 59 | |
| 60 | // Add payload type for RTP packet and RTCP packet. |
| 61 | rtp_transport1->AddHandledPayloadType(0x00); |
| 62 | rtp_transport2->AddHandledPayloadType(0x00); |
| 63 | rtp_transport1->AddHandledPayloadType(0xc9); |
| 64 | rtp_transport2->AddHandledPayloadType(0xc9); |
| 65 | |
| 66 | srtp_transport1_ = |
| 67 | rtc::MakeUnique<SrtpTransport>(std::move(rtp_transport1), "content"); |
| 68 | srtp_transport2_ = |
| 69 | rtc::MakeUnique<SrtpTransport>(std::move(rtp_transport2), "content"); |
| 70 | |
| 71 | srtp_transport1_->SignalPacketReceived.connect( |
| 72 | this, &SrtpTransportTest::OnPacketReceived1); |
| 73 | srtp_transport2_->SignalPacketReceived.connect( |
| 74 | this, &SrtpTransportTest::OnPacketReceived2); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 75 | } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 76 | |
| 77 | void OnPacketReceived1(bool rtcp, |
| 78 | rtc::CopyOnWriteBuffer* packet, |
| 79 | const rtc::PacketTime& packet_time) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 80 | RTC_LOG(LS_INFO) << "SrtpTransport1 Received a packet."; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 81 | last_recv_packet1_ = *packet; |
| 82 | } |
| 83 | |
| 84 | void OnPacketReceived2(bool rtcp, |
| 85 | rtc::CopyOnWriteBuffer* packet, |
| 86 | const rtc::PacketTime& packet_time) { |
Mirko Bonadei | 675513b | 2017-11-09 11:09:25 +0100 | [diff] [blame] | 87 | RTC_LOG(LS_INFO) << "SrtpTransport2 Received a packet."; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 88 | last_recv_packet2_ = *packet; |
| 89 | } |
| 90 | |
| 91 | // With external auth enabled, SRTP doesn't write the auth tag and |
| 92 | // unprotect would fail. Check accessing the information about the |
| 93 | // tag instead, similar to what the actual code would do that relies |
| 94 | // on external auth. |
| 95 | void TestRtpAuthParams(SrtpTransport* transport, const std::string& cs) { |
| 96 | int overhead; |
| 97 | EXPECT_TRUE(transport->GetSrtpOverhead(&overhead)); |
| 98 | switch (rtc::SrtpCryptoSuiteFromName(cs)) { |
| 99 | case rtc::SRTP_AES128_CM_SHA1_32: |
| 100 | EXPECT_EQ(32 / 8, overhead); // 32-bit tag. |
| 101 | break; |
| 102 | case rtc::SRTP_AES128_CM_SHA1_80: |
| 103 | EXPECT_EQ(80 / 8, overhead); // 80-bit tag. |
| 104 | break; |
| 105 | default: |
| 106 | RTC_NOTREACHED(); |
| 107 | break; |
| 108 | } |
| 109 | |
| 110 | uint8_t* auth_key = nullptr; |
| 111 | int key_len = 0; |
| 112 | int tag_len = 0; |
| 113 | EXPECT_TRUE(transport->GetRtpAuthParams(&auth_key, &key_len, &tag_len)); |
| 114 | EXPECT_NE(nullptr, auth_key); |
| 115 | EXPECT_EQ(160 / 8, key_len); // Length of SHA-1 is 160 bits. |
| 116 | EXPECT_EQ(overhead, tag_len); |
| 117 | } |
| 118 | |
| 119 | void TestSendRecvRtpPacket(const std::string& cipher_suite_name) { |
| 120 | size_t rtp_len = sizeof(kPcmuFrame); |
| 121 | size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(cipher_suite_name); |
| 122 | rtc::Buffer rtp_packet_buffer(packet_size); |
| 123 | char* rtp_packet_data = rtp_packet_buffer.data<char>(); |
| 124 | memcpy(rtp_packet_data, kPcmuFrame, rtp_len); |
| 125 | // In order to be able to run this test function multiple times we can not |
| 126 | // use the same sequence number twice. Increase the sequence number by one. |
| 127 | rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_data) + 2, |
| 128 | ++sequence_number_); |
| 129 | rtc::CopyOnWriteBuffer rtp_packet1to2(rtp_packet_data, rtp_len, |
| 130 | packet_size); |
| 131 | rtc::CopyOnWriteBuffer rtp_packet2to1(rtp_packet_data, rtp_len, |
| 132 | packet_size); |
| 133 | |
| 134 | char original_rtp_data[sizeof(kPcmuFrame)]; |
| 135 | memcpy(original_rtp_data, rtp_packet_data, rtp_len); |
| 136 | |
| 137 | rtc::PacketOptions options; |
| 138 | // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify |
| 139 | // that the packet can be successfully received and decrypted. |
| 140 | ASSERT_TRUE(srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options, |
| 141 | cricket::PF_SRTP_BYPASS)); |
| 142 | if (srtp_transport1_->IsExternalAuthActive()) { |
| 143 | TestRtpAuthParams(srtp_transport1_.get(), cipher_suite_name); |
| 144 | } else { |
| 145 | ASSERT_TRUE(last_recv_packet2_.data()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 146 | EXPECT_EQ(0, |
| 147 | memcmp(last_recv_packet2_.data(), original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 148 | // Get the encrypted packet from underneath packet transport and verify |
| 149 | // the data is actually encrypted. |
| 150 | auto fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 151 | srtp_transport1_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 152 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 153 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 154 | } |
| 155 | |
| 156 | // Do the same thing in the opposite direction; |
| 157 | ASSERT_TRUE(srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options, |
| 158 | cricket::PF_SRTP_BYPASS)); |
| 159 | if (srtp_transport2_->IsExternalAuthActive()) { |
| 160 | TestRtpAuthParams(srtp_transport2_.get(), cipher_suite_name); |
| 161 | } else { |
| 162 | ASSERT_TRUE(last_recv_packet1_.data()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 163 | EXPECT_EQ(0, |
| 164 | memcmp(last_recv_packet1_.data(), original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 165 | auto fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 166 | srtp_transport2_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 167 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 168 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 169 | } |
| 170 | } |
| 171 | |
| 172 | void TestSendRecvRtcpPacket(const std::string& cipher_suite_name) { |
| 173 | size_t rtcp_len = sizeof(kRtcpReport); |
| 174 | size_t packet_size = |
| 175 | rtcp_len + 4 + rtc::rtcp_auth_tag_len(cipher_suite_name); |
| 176 | rtc::Buffer rtcp_packet_buffer(packet_size); |
| 177 | char* rtcp_packet_data = rtcp_packet_buffer.data<char>(); |
| 178 | memcpy(rtcp_packet_data, kRtcpReport, rtcp_len); |
| 179 | |
| 180 | rtc::CopyOnWriteBuffer rtcp_packet1to2(rtcp_packet_data, rtcp_len, |
| 181 | packet_size); |
| 182 | rtc::CopyOnWriteBuffer rtcp_packet2to1(rtcp_packet_data, rtcp_len, |
| 183 | packet_size); |
| 184 | |
| 185 | rtc::PacketOptions options; |
| 186 | // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify |
| 187 | // that the packet can be successfully received and decrypted. |
| 188 | ASSERT_TRUE(srtp_transport1_->SendRtcpPacket(&rtcp_packet1to2, options, |
| 189 | cricket::PF_SRTP_BYPASS)); |
| 190 | ASSERT_TRUE(last_recv_packet2_.data()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 191 | EXPECT_EQ(0, memcmp(last_recv_packet2_.data(), rtcp_packet_data, rtcp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 192 | // Get the encrypted packet from underneath packet transport and verify the |
| 193 | // data is actually encrypted. |
| 194 | auto fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 195 | srtp_transport1_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 196 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 197 | rtcp_packet_data, rtcp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 198 | |
| 199 | // Do the same thing in the opposite direction; |
| 200 | ASSERT_TRUE(srtp_transport2_->SendRtcpPacket(&rtcp_packet2to1, options, |
| 201 | cricket::PF_SRTP_BYPASS)); |
| 202 | ASSERT_TRUE(last_recv_packet1_.data()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 203 | EXPECT_EQ(0, memcmp(last_recv_packet1_.data(), rtcp_packet_data, rtcp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 204 | fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 205 | srtp_transport2_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 206 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 207 | rtcp_packet_data, rtcp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 208 | } |
| 209 | |
| 210 | void TestSendRecvPacket(bool enable_external_auth, |
| 211 | int cs, |
| 212 | const uint8_t* key1, |
| 213 | int key1_len, |
| 214 | const uint8_t* key2, |
| 215 | int key2_len, |
| 216 | const std::string& cipher_suite_name) { |
| 217 | EXPECT_EQ(key1_len, key2_len); |
| 218 | EXPECT_EQ(cipher_suite_name, rtc::SrtpCryptoSuiteToName(cs)); |
| 219 | if (enable_external_auth) { |
| 220 | srtp_transport1_->EnableExternalAuth(); |
| 221 | srtp_transport2_->EnableExternalAuth(); |
| 222 | } |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 223 | std::vector<int> extension_ids; |
| 224 | EXPECT_TRUE(srtp_transport1_->SetRtpParams( |
| 225 | cs, key1, key1_len, extension_ids, cs, key2, key2_len, extension_ids)); |
| 226 | EXPECT_TRUE(srtp_transport2_->SetRtpParams( |
| 227 | cs, key2, key2_len, extension_ids, cs, key1, key1_len, extension_ids)); |
| 228 | EXPECT_TRUE(srtp_transport1_->SetRtcpParams( |
| 229 | cs, key1, key1_len, extension_ids, cs, key2, key2_len, extension_ids)); |
| 230 | EXPECT_TRUE(srtp_transport2_->SetRtcpParams( |
| 231 | cs, key2, key2_len, extension_ids, cs, key1, key1_len, extension_ids)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 232 | EXPECT_TRUE(srtp_transport1_->IsActive()); |
| 233 | EXPECT_TRUE(srtp_transport2_->IsActive()); |
| 234 | if (rtc::IsGcmCryptoSuite(cs)) { |
| 235 | EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive()); |
| 236 | EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive()); |
| 237 | } else if (enable_external_auth) { |
| 238 | EXPECT_TRUE(srtp_transport1_->IsExternalAuthActive()); |
| 239 | EXPECT_TRUE(srtp_transport2_->IsExternalAuthActive()); |
| 240 | } |
| 241 | TestSendRecvRtpPacket(cipher_suite_name); |
| 242 | TestSendRecvRtcpPacket(cipher_suite_name); |
| 243 | } |
| 244 | |
| 245 | void TestSendRecvPacketWithEncryptedHeaderExtension( |
| 246 | const std::string& cs, |
| 247 | const std::vector<int>& encrypted_header_ids) { |
| 248 | size_t rtp_len = sizeof(kPcmuFrameWithExtensions); |
| 249 | size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(cs); |
| 250 | rtc::Buffer rtp_packet_buffer(packet_size); |
| 251 | char* rtp_packet_data = rtp_packet_buffer.data<char>(); |
| 252 | memcpy(rtp_packet_data, kPcmuFrameWithExtensions, rtp_len); |
| 253 | // In order to be able to run this test function multiple times we can not |
| 254 | // use the same sequence number twice. Increase the sequence number by one. |
| 255 | rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_data) + 2, |
| 256 | ++sequence_number_); |
| 257 | rtc::CopyOnWriteBuffer rtp_packet1to2(rtp_packet_data, rtp_len, |
| 258 | packet_size); |
| 259 | rtc::CopyOnWriteBuffer rtp_packet2to1(rtp_packet_data, rtp_len, |
| 260 | packet_size); |
| 261 | |
| 262 | char original_rtp_data[sizeof(kPcmuFrameWithExtensions)]; |
| 263 | memcpy(original_rtp_data, rtp_packet_data, rtp_len); |
| 264 | |
| 265 | rtc::PacketOptions options; |
| 266 | // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify |
| 267 | // that the packet can be successfully received and decrypted. |
| 268 | ASSERT_TRUE(srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options, |
| 269 | cricket::PF_SRTP_BYPASS)); |
| 270 | ASSERT_TRUE(last_recv_packet2_.data()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 271 | EXPECT_EQ(0, memcmp(last_recv_packet2_.data(), original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 272 | // Get the encrypted packet from underneath packet transport and verify the |
| 273 | // data and header extension are actually encrypted. |
| 274 | auto fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 275 | srtp_transport1_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 276 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 277 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 278 | CompareHeaderExtensions( |
| 279 | reinterpret_cast<const char*>( |
| 280 | fake_rtp_packet_transport->last_sent_packet()->data()), |
| 281 | fake_rtp_packet_transport->last_sent_packet()->size(), |
| 282 | original_rtp_data, rtp_len, encrypted_header_ids, false); |
| 283 | |
| 284 | // Do the same thing in the opposite direction; |
| 285 | ASSERT_TRUE(srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options, |
| 286 | cricket::PF_SRTP_BYPASS)); |
| 287 | ASSERT_TRUE(last_recv_packet1_.data()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 288 | EXPECT_EQ(0, memcmp(last_recv_packet1_.data(), original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 289 | fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 290 | srtp_transport2_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 291 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 292 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 293 | CompareHeaderExtensions( |
| 294 | reinterpret_cast<const char*>( |
| 295 | fake_rtp_packet_transport->last_sent_packet()->data()), |
| 296 | fake_rtp_packet_transport->last_sent_packet()->size(), |
| 297 | original_rtp_data, rtp_len, encrypted_header_ids, false); |
| 298 | } |
| 299 | |
| 300 | void TestSendRecvEncryptedHeaderExtension(int cs, |
| 301 | const uint8_t* key1, |
| 302 | int key1_len, |
| 303 | const uint8_t* key2, |
| 304 | int key2_len, |
| 305 | const std::string& cs_name) { |
| 306 | std::vector<int> encrypted_headers; |
Zhi Huang | f2d7beb | 2017-11-20 14:35:11 -0800 | [diff] [blame] | 307 | encrypted_headers.push_back(kHeaderExtensionIDs[0]); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 308 | // Don't encrypt header ids 2 and 3. |
Zhi Huang | f2d7beb | 2017-11-20 14:35:11 -0800 | [diff] [blame] | 309 | encrypted_headers.push_back(kHeaderExtensionIDs[1]); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 310 | EXPECT_EQ(key1_len, key2_len); |
| 311 | EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs)); |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 312 | EXPECT_TRUE(srtp_transport1_->SetRtpParams(cs, key1, key1_len, |
| 313 | encrypted_headers, cs, key2, |
| 314 | key2_len, encrypted_headers)); |
| 315 | EXPECT_TRUE(srtp_transport2_->SetRtpParams(cs, key2, key2_len, |
| 316 | encrypted_headers, cs, key1, |
| 317 | key1_len, encrypted_headers)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 318 | EXPECT_TRUE(srtp_transport1_->IsActive()); |
| 319 | EXPECT_TRUE(srtp_transport2_->IsActive()); |
| 320 | EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive()); |
| 321 | EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive()); |
| 322 | TestSendRecvPacketWithEncryptedHeaderExtension(cs_name, encrypted_headers); |
| 323 | } |
| 324 | |
| 325 | std::unique_ptr<SrtpTransport> srtp_transport1_; |
| 326 | std::unique_ptr<SrtpTransport> srtp_transport2_; |
| 327 | |
| 328 | std::unique_ptr<rtc::FakePacketTransport> rtp_packet_transport1_; |
| 329 | std::unique_ptr<rtc::FakePacketTransport> rtp_packet_transport2_; |
| 330 | |
| 331 | rtc::CopyOnWriteBuffer last_recv_packet1_; |
| 332 | rtc::CopyOnWriteBuffer last_recv_packet2_; |
| 333 | int sequence_number_ = 0; |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 334 | }; |
| 335 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 336 | class SrtpTransportTestWithExternalAuth |
| 337 | : public SrtpTransportTest, |
| 338 | public testing::WithParamInterface<bool> {}; |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 339 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 340 | TEST_P(SrtpTransportTestWithExternalAuth, |
| 341 | SendAndRecvPacket_AES_CM_128_HMAC_SHA1_80) { |
| 342 | bool enable_external_auth = GetParam(); |
| 343 | TestSendRecvPacket(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_80, |
| 344 | kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| 345 | rtc::CS_AES_CM_128_HMAC_SHA1_80); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 346 | } |
| 347 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 348 | TEST_F(SrtpTransportTest, |
| 349 | SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_80) { |
| 350 | TestSendRecvEncryptedHeaderExtension(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 351 | kTestKeyLen, kTestKey2, kTestKeyLen, |
| 352 | rtc::CS_AES_CM_128_HMAC_SHA1_80); |
| 353 | } |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 354 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 355 | TEST_P(SrtpTransportTestWithExternalAuth, |
| 356 | SendAndRecvPacket_AES_CM_128_HMAC_SHA1_32) { |
| 357 | bool enable_external_auth = GetParam(); |
| 358 | TestSendRecvPacket(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_32, |
| 359 | kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| 360 | rtc::CS_AES_CM_128_HMAC_SHA1_32); |
| 361 | } |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 362 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 363 | TEST_F(SrtpTransportTest, |
| 364 | SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_32) { |
| 365 | TestSendRecvEncryptedHeaderExtension(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 366 | kTestKeyLen, kTestKey2, kTestKeyLen, |
| 367 | rtc::CS_AES_CM_128_HMAC_SHA1_32); |
| 368 | } |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 369 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 370 | TEST_P(SrtpTransportTestWithExternalAuth, |
| 371 | SendAndRecvPacket_SRTP_AEAD_AES_128_GCM) { |
| 372 | bool enable_external_auth = GetParam(); |
| 373 | TestSendRecvPacket(enable_external_auth, rtc::SRTP_AEAD_AES_128_GCM, |
| 374 | kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, |
| 375 | kTestKeyGcm128Len, rtc::CS_AEAD_AES_128_GCM); |
| 376 | } |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 377 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 378 | TEST_F(SrtpTransportTest, |
| 379 | SendAndRecvPacketWithHeaderExtension_SRTP_AEAD_AES_128_GCM) { |
| 380 | TestSendRecvEncryptedHeaderExtension( |
| 381 | rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, kTestKeyGcm128Len, |
| 382 | kTestKeyGcm128_2, kTestKeyGcm128Len, rtc::CS_AEAD_AES_128_GCM); |
| 383 | } |
| 384 | |
| 385 | TEST_P(SrtpTransportTestWithExternalAuth, |
| 386 | SendAndRecvPacket_SRTP_AEAD_AES_256_GCM) { |
| 387 | bool enable_external_auth = GetParam(); |
| 388 | TestSendRecvPacket(enable_external_auth, rtc::SRTP_AEAD_AES_256_GCM, |
| 389 | kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, |
| 390 | kTestKeyGcm256Len, rtc::CS_AEAD_AES_256_GCM); |
| 391 | } |
| 392 | |
| 393 | TEST_F(SrtpTransportTest, |
| 394 | SendAndRecvPacketWithHeaderExtension_SRTP_AEAD_AES_256_GCM) { |
| 395 | TestSendRecvEncryptedHeaderExtension( |
| 396 | rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, kTestKeyGcm256Len, |
| 397 | kTestKeyGcm256_2, kTestKeyGcm256Len, rtc::CS_AEAD_AES_256_GCM); |
| 398 | } |
| 399 | |
| 400 | // Run all tests both with and without external auth enabled. |
| 401 | INSTANTIATE_TEST_CASE_P(ExternalAuth, |
| 402 | SrtpTransportTestWithExternalAuth, |
| 403 | ::testing::Values(true, false)); |
| 404 | |
| 405 | // Test directly setting the params with bogus keys. |
| 406 | TEST_F(SrtpTransportTest, TestSetParamsKeyTooShort) { |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 407 | std::vector<int> extension_ids; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 408 | EXPECT_FALSE(srtp_transport1_->SetRtpParams( |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 409 | rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids, |
| 410 | rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 411 | EXPECT_FALSE(srtp_transport1_->SetRtcpParams( |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 412 | rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids, |
| 413 | rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids)); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 414 | } |
| 415 | |
| 416 | } // namespace webrtc |