admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename rtc_base/ssl_stream_adapter.h constants.

Browse Source 
Uppercase constants are more likely to conflict with macros (for
example rtc::SRTP_AES128_CM_SHA1_80 and OpenSSL SRTP_AES128_CM_SHA1_80).

This CL renames some constants and follows the C++ style guide.

Bug: webrtc:12997
Change-Id: I2398232568b352f88afed571a9b698040bb81c30
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/226564
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#34553}
This commit is contained in:
Mirko Bonadei 2021-07-26 17:27:42 +02:00 committed by WebRTC LUCI CQ
parent f7448fb882
commit 7750d802a5
28 changed files with 254 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
api/crypto/crypto_options.cc
View File

@ -32,24 +32,24 @@ CryptoOptions CryptoOptions::NoGcm() {
std::vector<int> CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const {
std::vector<int> crypto_suites;
// Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by
// draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as
// Note: kSrtpAes128CmSha1_80 is what is required to be supported (by
// draft-ietf-rtcweb-security-arch), but kSrtpAes128CmSha1_32 is allowed as
// well, and saves a few bytes per packet if it ends up selected.
// As the cipher suite is potentially insecure, it will only be used if
// enabled by both peers.
if (srtp.enable_aes128_sha1_32_crypto_cipher) {
crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32);
crypto_suites.push_back(rtc::kSrtpAes128CmSha1_32);
}
if (srtp.enable_aes128_sha1_80_crypto_cipher) {
crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80);
crypto_suites.push_back(rtc::kSrtpAes128CmSha1_80);
}
// Note: GCM cipher suites are not the top choice since they increase the
// packet size. In order to negotiate them the other side must not support
// SRTP_AES128_CM_SHA1_80.
// kSrtpAes128CmSha1_80.
if (srtp.enable_gcm_crypto_suites) {
crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM);
crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM);
crypto_suites.push_back(rtc::kSrtpAeadAes256Gcm);
crypto_suites.push_back(rtc::kSrtpAeadAes128Gcm);
}
RTC_CHECK(!crypto_suites.empty());
return crypto_suites;

2
api/crypto/crypto_options.h
View File

@ -44,7 +44,7 @@ struct RTC_EXPORT CryptoOptions {
bool enable_gcm_crypto_suites = false;
// If set to true, the (potentially insecure) crypto cipher
// SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
// kSrtpAes128CmSha1_32 will be included in the list of supported ciphers
// during negotiation. It will only be used if both peers support it and no
// other ciphers get preferred.
bool enable_aes128_sha1_32_crypto_cipher = false;

10
p2p/base/dtls_transport_unittest.cc
View File

@ -338,14 +338,14 @@ class DtlsTransportTestBase {
if (use_dtls_) {
// Check that we negotiated the right ciphers. Since GCM ciphers are not
// negotiated by default, we should end up with SRTP_AES128_CM_SHA1_80.
client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
// negotiated by default, we should end up with kSrtpAes128CmSha1_80.
client1_.CheckSrtp(rtc::kSrtpAes128CmSha1_80);
client2_.CheckSrtp(rtc::kSrtpAes128CmSha1_80);
} else {
// If DTLS isn't actually being used, GetSrtpCryptoSuite should return
// false.
client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
client1_.CheckSrtp(rtc::kSrtpInvalidCryptoSuite);
client2_.CheckSrtp(rtc::kSrtpInvalidCryptoSuite);
}
client1_.CheckSsl();

2
p2p/base/fake_dtls_transport.h
View File

@ -293,7 +293,7 @@ class FakeDtlsTransport : public DtlsTransportInternal {
rtc::SSLProtocolVersion ssl_max_version_ = rtc::SSL_PROTOCOL_DTLS_12;
rtc::SSLFingerprint dtls_fingerprint_;
absl::optional<rtc::SSLRole> dtls_role_;
int crypto_suite_ = rtc::SRTP_AES128_CM_SHA1_80;
int crypto_suite_ = rtc::kSrtpAes128CmSha1_80;
absl::optional<int> ssl_cipher_suite_;
webrtc::DtlsTransportState dtls_state_ = webrtc::DtlsTransportState::kNew;

26
pc/jsep_transport_unittest.cc
View File

@ -924,8 +924,8 @@ TEST_F(JsepTransport2Test, SdesNegotiation) {
JsepTransportDescription offer_desc;
offer_desc.cryptos.push_back(cricket::CryptoParams(
1, rtc::CS_AES_CM_128_HMAC_SHA1_32,
"inline:" + rtc::CreateRandomString(40), std::string()));
1, rtc::kCsAesCm128HmacSha1_32, "inline:" + rtc::CreateRandomString(40),
std::string()));
ASSERT_TRUE(
jsep_transport_
->SetLocalJsepTransportDescription(offer_desc, SdpType::kOffer)
@ -933,8 +933,8 @@ TEST_F(JsepTransport2Test, SdesNegotiation) {
JsepTransportDescription answer_desc;
answer_desc.cryptos.push_back(cricket::CryptoParams(
1, rtc::CS_AES_CM_128_HMAC_SHA1_32,
"inline:" + rtc::CreateRandomString(40), std::string()));
1, rtc::kCsAesCm128HmacSha1_32, "inline:" + rtc::CreateRandomString(40),
std::string()));
ASSERT_TRUE(
jsep_transport_
->SetRemoteJsepTransportDescription(answer_desc, SdpType::kAnswer)
@ -950,8 +950,8 @@ TEST_F(JsepTransport2Test, SdesNegotiationWithEmptyCryptosInAnswer) {
JsepTransportDescription offer_desc;
offer_desc.cryptos.push_back(cricket::CryptoParams(
1, rtc::CS_AES_CM_128_HMAC_SHA1_32,
"inline:" + rtc::CreateRandomString(40), std::string()));
1, rtc::kCsAesCm128HmacSha1_32, "inline:" + rtc::CreateRandomString(40),
std::string()));
ASSERT_TRUE(
jsep_transport_
->SetLocalJsepTransportDescription(offer_desc, SdpType::kOffer)
@ -974,8 +974,8 @@ TEST_F(JsepTransport2Test, SdesNegotiationWithMismatchedCryptos) {
JsepTransportDescription offer_desc;
offer_desc.cryptos.push_back(cricket::CryptoParams(
1, rtc::CS_AES_CM_128_HMAC_SHA1_32,
"inline:" + rtc::CreateRandomString(40), std::string()));
1, rtc::kCsAesCm128HmacSha1_32, "inline:" + rtc::CreateRandomString(40),
std::string()));
ASSERT_TRUE(
jsep_transport_
->SetLocalJsepTransportDescription(offer_desc, SdpType::kOffer)
@ -983,8 +983,8 @@ TEST_F(JsepTransport2Test, SdesNegotiationWithMismatchedCryptos) {
JsepTransportDescription answer_desc;
answer_desc.cryptos.push_back(cricket::CryptoParams(
1, rtc::CS_AES_CM_128_HMAC_SHA1_80,
"inline:" + rtc::CreateRandomString(40), std::string()));
1, rtc::kCsAesCm128HmacSha1_80, "inline:" + rtc::CreateRandomString(40),
std::string()));
// Expected to fail because the crypto parameters don't match.
ASSERT_FALSE(
jsep_transport_
@ -1148,7 +1148,7 @@ TEST_P(JsepTransport2HeaderExtensionTest, EncryptedHeaderExtensionNegotiation) {
recv_encrypted_headers1_.push_back(kHeaderExtensionIDs[0]);
recv_encrypted_headers2_.push_back(kHeaderExtensionIDs[1]);
cricket::CryptoParams sdes_param(1, rtc::CS_AES_CM_128_HMAC_SHA1_80,
cricket::CryptoParams sdes_param(1, rtc::kCsAesCm128HmacSha1_80,
"inline:" + rtc::CreateRandomString(40),
std::string());
if (use_gcm) {
@ -1157,8 +1157,8 @@ TEST_P(JsepTransport2HeaderExtensionTest, EncryptedHeaderExtensionNegotiation) {
auto fake_dtls2 =
static_cast<FakeDtlsTransport*>(jsep_transport2_->rtp_dtls_transport());
fake_dtls1->SetSrtpCryptoSuite(rtc::SRTP_AEAD_AES_256_GCM);
fake_dtls2->SetSrtpCryptoSuite(rtc::SRTP_AEAD_AES_256_GCM);
fake_dtls1->SetSrtpCryptoSuite(rtc::kSrtpAeadAes256Gcm);
fake_dtls2->SetSrtpCryptoSuite(rtc::kSrtpAeadAes256Gcm);
}
if (scenario == Scenario::kDtlsBeforeCallerSendOffer) {

24
pc/media_session.cc
View File

@ -240,12 +240,12 @@ void GetSupportedAudioSdesCryptoSuites(
const webrtc::CryptoOptions& crypto_options,
std::vector<int>* crypto_suites) {
if (crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher) {
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32);
crypto_suites->push_back(rtc::kSrtpAes128CmSha1_32);
}
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
crypto_suites->push_back(rtc::kSrtpAes128CmSha1_80);
if (crypto_options.srtp.enable_gcm_crypto_suites) {
crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
crypto_suites->push_back(rtc::kSrtpAeadAes256Gcm);
crypto_suites->push_back(rtc::kSrtpAeadAes128Gcm);
}
}
@ -259,10 +259,10 @@ void GetSupportedAudioSdesCryptoSuiteNames(
void GetSupportedVideoSdesCryptoSuites(
const webrtc::CryptoOptions& crypto_options,
std::vector<int>* crypto_suites) {
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
crypto_suites->push_back(rtc::kSrtpAes128CmSha1_80);
if (crypto_options.srtp.enable_gcm_crypto_suites) {
crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
crypto_suites->push_back(rtc::kSrtpAeadAes256Gcm);
crypto_suites->push_back(rtc::kSrtpAeadAes128Gcm);
}
}
@ -276,10 +276,10 @@ void GetSupportedVideoSdesCryptoSuiteNames(
void GetSupportedDataSdesCryptoSuites(
const webrtc::CryptoOptions& crypto_options,
std::vector<int>* crypto_suites) {
crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80);
crypto_suites->push_back(rtc::kSrtpAes128CmSha1_80);
if (crypto_options.srtp.enable_gcm_crypto_suites) {
crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM);
crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM);
crypto_suites->push_back(rtc::kSrtpAeadAes256Gcm);
crypto_suites->push_back(rtc::kSrtpAeadAes128Gcm);
}
}
@ -304,8 +304,8 @@ static bool SelectCrypto(const MediaContentDescription* offer,
for (const CryptoParams& crypto : cryptos) {
if ((crypto_options.srtp.enable_gcm_crypto_suites &&
rtc::IsGcmCryptoSuiteName(crypto.cipher_suite)) ||
rtc::CS_AES_CM_128_HMAC_SHA1_80 == crypto.cipher_suite ||
(rtc::CS_AES_CM_128_HMAC_SHA1_32 == crypto.cipher_suite && audio &&
rtc::kCsAesCm128HmacSha1_80 == crypto.cipher_suite ||
(rtc::kCsAesCm128HmacSha1_32 == crypto.cipher_suite && audio &&
!bundle && crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher)) {
return CreateCryptoParams(crypto.tag, crypto.cipher_suite, crypto_out);
}

16
pc/media_session_unittest.cc
View File

@ -80,10 +80,10 @@ using cricket::TransportDescriptionFactory;
using cricket::TransportInfo;
using cricket::VideoCodec;
using cricket::VideoContentDescription;
using rtc::CS_AEAD_AES_128_GCM;
using rtc::CS_AEAD_AES_256_GCM;
using rtc::CS_AES_CM_128_HMAC_SHA1_32;
using rtc::CS_AES_CM_128_HMAC_SHA1_80;
using rtc::kCsAeadAes128Gcm;
using rtc::kCsAeadAes256Gcm;
using rtc::kCsAesCm128HmacSha1_32;
using rtc::kCsAesCm128HmacSha1_80;
using rtc::UniqueRandomIdGenerator;
using ::testing::Contains;
using ::testing::Each;
@ -267,8 +267,8 @@ static const char* kMediaProtocolsDtls[] = {
// SRTP cipher name negotiated by the tests. This must be updated if the
// default changes.
static const char* kDefaultSrtpCryptoSuite = CS_AES_CM_128_HMAC_SHA1_80;
static const char* kDefaultSrtpCryptoSuiteGcm = CS_AEAD_AES_256_GCM;
static const char* kDefaultSrtpCryptoSuite = kCsAesCm128HmacSha1_80;
static const char* kDefaultSrtpCryptoSuiteGcm = kCsAeadAes256Gcm;
// These constants are used to make the code using "AddMediaDescriptionOptions"
// more readable.
@ -408,8 +408,8 @@ void PreferGcmCryptoParameters(CryptoParamsVec* cryptos) {
cryptos->erase(
std::remove_if(cryptos->begin(), cryptos->end(),
[](const cricket::CryptoParams& crypto) {
return crypto.cipher_suite != CS_AEAD_AES_256_GCM &&
crypto.cipher_suite != CS_AEAD_AES_128_GCM;
return crypto.cipher_suite != kCsAeadAes256Gcm &&
crypto.cipher_suite != kCsAeadAes128Gcm;
}),
cryptos->end());
}

20
pc/peer_connection.cc
View File

@ -2741,28 +2741,28 @@ void PeerConnection::ReportNegotiatedCiphers(
int srtp_crypto_suite = stats.channel_stats[0].srtp_crypto_suite;
int ssl_cipher_suite = stats.channel_stats[0].ssl_cipher_suite;
if (srtp_crypto_suite == rtc::SRTP_INVALID_CRYPTO_SUITE &&
ssl_cipher_suite == rtc::TLS_NULL_WITH_NULL_NULL) {
if (srtp_crypto_suite == rtc::kSrtpInvalidCryptoSuite &&
ssl_cipher_suite == rtc::kTlsNullWithNullNull) {
return;
}
if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE) {
if (srtp_crypto_suite != rtc::kSrtpInvalidCryptoSuite) {
for (cricket::MediaType media_type : media_types) {
switch (media_type) {
case cricket::MEDIA_TYPE_AUDIO:
RTC_HISTOGRAM_ENUMERATION_SPARSE(
"WebRTC.PeerConnection.SrtpCryptoSuite.Audio", srtp_crypto_suite,
rtc::SRTP_CRYPTO_SUITE_MAX_VALUE);
rtc::kSrtpCryptoSuiteMaxValue);
break;
case cricket::MEDIA_TYPE_VIDEO:
RTC_HISTOGRAM_ENUMERATION_SPARSE(
"WebRTC.PeerConnection.SrtpCryptoSuite.Video", srtp_crypto_suite,
rtc::SRTP_CRYPTO_SUITE_MAX_VALUE);
rtc::kSrtpCryptoSuiteMaxValue);
break;
case cricket::MEDIA_TYPE_DATA:
RTC_HISTOGRAM_ENUMERATION_SPARSE(
"WebRTC.PeerConnection.SrtpCryptoSuite.Data", srtp_crypto_suite,
rtc::SRTP_CRYPTO_SUITE_MAX_VALUE);
rtc::kSrtpCryptoSuiteMaxValue);
break;
default:
RTC_NOTREACHED();
@ -2771,23 +2771,23 @@ void PeerConnection::ReportNegotiatedCiphers(
}
}
if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL) {
if (ssl_cipher_suite != rtc::kTlsNullWithNullNull) {
for (cricket::MediaType media_type : media_types) {
switch (media_type) {
case cricket::MEDIA_TYPE_AUDIO:
RTC_HISTOGRAM_ENUMERATION_SPARSE(
"WebRTC.PeerConnection.SslCipherSuite.Audio", ssl_cipher_suite,
rtc::SSL_CIPHER_SUITE_MAX_VALUE);
rtc::kSslCipherSuiteMaxValue);
break;
case cricket::MEDIA_TYPE_VIDEO:
RTC_HISTOGRAM_ENUMERATION_SPARSE(
"WebRTC.PeerConnection.SslCipherSuite.Video", ssl_cipher_suite,
rtc::SSL_CIPHER_SUITE_MAX_VALUE);
rtc::kSslCipherSuiteMaxValue);
break;
case cricket::MEDIA_TYPE_DATA:
RTC_HISTOGRAM_ENUMERATION_SPARSE(
"WebRTC.PeerConnection.SslCipherSuite.Data", ssl_cipher_suite,
rtc::SSL_CIPHER_SUITE_MAX_VALUE);
rtc::kSslCipherSuiteMaxValue);
break;
default:
RTC_NOTREACHED();

6
pc/peer_connection_integrationtest.cc
View File

@ -1762,7 +1762,7 @@ TEST_P(PeerConnectionIntegrationTest,
PeerConnectionFactory::Options callee_options;
callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
false;
int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80;
int expected_cipher_suite = rtc::kSrtpAes128CmSha1_80;
TestNegotiatedCipherSuite(caller_options, callee_options,
expected_cipher_suite);
}
@ -1774,7 +1774,7 @@ TEST_P(PeerConnectionIntegrationTest,
false;
PeerConnectionFactory::Options callee_options;
callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80;
int expected_cipher_suite = rtc::kSrtpAes128CmSha1_80;
TestNegotiatedCipherSuite(caller_options, callee_options,
expected_cipher_suite);
}
@ -1784,7 +1784,7 @@ TEST_P(PeerConnectionIntegrationTest, Aes128Sha1_32_CipherUsedWhenSupported) {
caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
PeerConnectionFactory::Options callee_options;
callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_32;
int expected_cipher_suite = rtc::kSrtpAes128CmSha1_32;
TestNegotiatedCipherSuite(caller_options, callee_options,
expected_cipher_suite);
}

4
pc/rtc_stats_collector.cc
View File

@ -2036,7 +2036,7 @@ void RTCStatsCollector::ProduceTransportStats_n(
snprintf(bytes, sizeof(bytes), "%04X", channel_stats.ssl_version_bytes);
transport_stats->tls_version = bytes;
}
if (channel_stats.ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL &&
if (channel_stats.ssl_cipher_suite != rtc::kTlsNullWithNullNull &&
rtc::SSLStreamAdapter::SslCipherSuiteToName(
channel_stats.ssl_cipher_suite)
.length()) {
@ -2044,7 +2044,7 @@ void RTCStatsCollector::ProduceTransportStats_n(
rtc::SSLStreamAdapter::SslCipherSuiteToName(
channel_stats.ssl_cipher_suite);
}
if (channel_stats.srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE &&
if (channel_stats.srtp_crypto_suite != rtc::kSrtpInvalidCryptoSuite &&
rtc::SrtpCryptoSuiteToName(channel_stats.srtp_crypto_suite)
.length()) {
transport_stats->srtp_cipher =

2
pc/rtc_stats_collector_unittest.cc
View File

@ -2528,7 +2528,7 @@ TEST_F(RTCStatsCollectorTest, CollectRTCTransportStatsWithCrypto) {
rtp_transport_channel_stats.ssl_version_bytes = 0x0203;
// 0x2F is TLS_RSA_WITH_AES_128_CBC_SHA according to IANA
rtp_transport_channel_stats.ssl_cipher_suite = 0x2F;
rtp_transport_channel_stats.srtp_crypto_suite = rtc::SRTP_AES128_CM_SHA1_80;
rtp_transport_channel_stats.srtp_crypto_suite = rtc::kSrtpAes128CmSha1_80;
pc_->SetTransportStats(kTransportName, {rtp_transport_channel_stats});
// Get stats

4
pc/srtp_filter.cc
View File

@ -200,7 +200,7 @@ bool SrtpFilter::ApplySendParams(const CryptoParams& send_params) {
}
send_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite);
if (send_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) {
if (send_cipher_suite_ == rtc::kSrtpInvalidCryptoSuite) {
RTC_LOG(LS_WARNING) << "Unknown crypto suite(s) received:"
" send cipher_suite "
<< send_params.cipher_suite;
@ -231,7 +231,7 @@ bool SrtpFilter::ApplyRecvParams(const CryptoParams& recv_params) {
}
recv_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite);
if (recv_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) {
if (recv_cipher_suite_ == rtc::kSrtpInvalidCryptoSuite) {
RTC_LOG(LS_WARNING) << "Unknown crypto suite(s) received:"
" recv cipher_suite "
<< recv_params.cipher_suite;

53
pc/srtp_filter_unittest.cc
View File

@ -122,9 +122,9 @@ TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) {
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
offer.push_back(kTestCryptoParams1);
offer[1].tag = 2;
offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
offer[1].cipher_suite = kCsAesCm128HmacSha1_32;
answer[0].tag = 2;
answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
answer[0].cipher_suite = kCsAesCm128HmacSha1_32;
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
EXPECT_FALSE(f1_.IsActive());
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
@ -224,7 +224,7 @@ TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) {
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
answer.push_back(kTestCryptoParams2);
answer[1].tag = 2;
answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
answer[1].cipher_suite = kCsAesCm128HmacSha1_32;
EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
EXPECT_FALSE(f1_.IsActive());
@ -318,10 +318,9 @@ TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
offer.push_back(kTestCryptoParams1);
offer[1].tag = 2;
offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
offer[1].cipher_suite = kCsAesCm128HmacSha1_32;
TestSetParams(offer, answer);
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
CS_AES_CM_128_HMAC_SHA1_80);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
}
// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
@ -330,12 +329,11 @@ TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
offer.push_back(kTestCryptoParams1);
offer[1].tag = 2;
offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
offer[1].cipher_suite = kCsAesCm128HmacSha1_32;
answer[0].tag = 2;
answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
answer[0].cipher_suite = kCsAesCm128HmacSha1_32;
TestSetParams(offer, answer);
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
CS_AES_CM_128_HMAC_SHA1_32);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_32, kCsAesCm128HmacSha1_32);
}
// Test that we can change encryption parameters.
@ -344,14 +342,13 @@ TEST_F(SrtpFilterTest, TestChangeParameters) {
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
TestSetParams(offer, answer);
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
CS_AES_CM_128_HMAC_SHA1_80);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
// Change the key parameters and cipher_suite.
offer[0].key_params = kTestKeyParams3;
offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
offer[0].cipher_suite = kCsAesCm128HmacSha1_32;
answer[0].key_params = kTestKeyParams4;
answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
answer[0].cipher_suite = kCsAesCm128HmacSha1_32;
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
@ -359,15 +356,13 @@ TEST_F(SrtpFilterTest, TestChangeParameters) {
EXPECT_TRUE(f1_.IsActive());
// Test that the old keys are valid until the negotiation is complete.
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
CS_AES_CM_128_HMAC_SHA1_80);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
// Complete the negotiation and test that we can still understand each other.
EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
CS_AES_CM_128_HMAC_SHA1_32);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_32, kCsAesCm128HmacSha1_32);
}
// Test that we can send and receive provisional answers with crypto enabled.
@ -376,7 +371,7 @@ TEST_F(SrtpFilterTest, TestProvisionalAnswer) {
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
offer.push_back(kTestCryptoParams1);
offer[1].tag = 2;
offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
offer[1].cipher_suite = kCsAesCm128HmacSha1_32;
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
@ -387,18 +382,16 @@ TEST_F(SrtpFilterTest, TestProvisionalAnswer) {
EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
CS_AES_CM_128_HMAC_SHA1_80);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
answer[0].key_params = kTestKeyParams4;
answer[0].tag = 2;
answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
answer[0].cipher_suite = kCsAesCm128HmacSha1_32;
EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
CS_AES_CM_128_HMAC_SHA1_32);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_32, kCsAesCm128HmacSha1_32);
}
// Test that a provisional answer doesn't need to contain a crypto.
@ -420,8 +413,7 @@ TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) {
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
CS_AES_CM_128_HMAC_SHA1_80);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
}
// Test that if we get a new local offer after a provisional answer
@ -448,8 +440,7 @@ TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) {
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
CS_AES_CM_128_HMAC_SHA1_80);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
}
// Test that we can disable encryption.
@ -458,8 +449,7 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) {
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
TestSetParams(offer, answer);
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
CS_AES_CM_128_HMAC_SHA1_80);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
offer.clear();
answer.clear();
@ -469,8 +459,7 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) {
EXPECT_TRUE(f2_.IsActive());
// Test that the old keys are valid until the negotiation is complete.
VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
CS_AES_CM_128_HMAC_SHA1_80);
VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
// Complete the negotiation.
EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));

2
pc/srtp_session.h
View File

@ -129,7 +129,7 @@ class SrtpSession {
// Overhead of the SRTP auth tag for RTP and RTCP in bytes.
// Depends on the cipher suite used and is usually the same with the exception
// of the CS_AES_CM_128_HMAC_SHA1_32 cipher suite. The additional four bytes
// of the kCsAesCm128HmacSha1_32 cipher suite. The additional four bytes
// required for RTCP protection are not included.
int rtp_auth_tag_len_ = 0;
int rtcp_auth_tag_len_ = 0;

60
pc/srtp_session_unittest.cc
View File

@ -79,58 +79,58 @@ class SrtpSessionTest : public ::testing::Test {
// Test that we can set up the session and keys properly.
TEST_F(SrtpSessionTest, TestGoodSetup) {
EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
}
// Test that we can't change the keys once set.
TEST_F(SrtpSessionTest, TestBadSetup) {
EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_FALSE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen,
EXPECT_FALSE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey2, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_FALSE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen,
EXPECT_FALSE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey2, kTestKeyLen,
kEncryptedHeaderExtensionIds));
}
// Test that we fail keys of the wrong length.
TEST_F(SrtpSessionTest, TestKeysTooShort) {
EXPECT_FALSE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, 1,
EXPECT_FALSE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, 1,
kEncryptedHeaderExtensionIds));
EXPECT_FALSE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, 1,
EXPECT_FALSE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, 1,
kEncryptedHeaderExtensionIds));
}
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80.
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80);
TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtp(kCsAesCm128HmacSha1_80);
TestProtectRtcp(kCsAesCm128HmacSha1_80);
TestUnprotectRtp(kCsAesCm128HmacSha1_80);
TestUnprotectRtcp(kCsAesCm128HmacSha1_80);
}
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32);
TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
TestProtectRtp(kCsAesCm128HmacSha1_32);
TestProtectRtcp(kCsAesCm128HmacSha1_32);
TestUnprotectRtp(kCsAesCm128HmacSha1_32);
TestUnprotectRtcp(kCsAesCm128HmacSha1_32);
}
TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
int64_t index;
int out_len = 0;
@ -144,12 +144,12 @@ TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
// Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods.
TEST_F(SrtpSessionTest, TestTamperReject) {
int out_len;
EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
TestProtectRtp(kCsAesCm128HmacSha1_80);
TestProtectRtcp(kCsAesCm128HmacSha1_80);
rtp_packet_[0] = 0x12;
rtcp_packet_[1] = 0x34;
EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
@ -165,9 +165,9 @@ TEST_F(SrtpSessionTest, TestTamperReject) {
// Test that we fail to unprotect if the payloads are not authenticated.
TEST_F(SrtpSessionTest, TestUnencryptReject) {
int out_len;
EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
EXPECT_METRIC_THAT(
@ -182,7 +182,7 @@ TEST_F(SrtpSessionTest, TestUnencryptReject) {
// Test that we fail when using buffers that are too small.
TEST_F(SrtpSessionTest, TestBuffersTooSmall) {
int out_len;
EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_) - 10,
&out_len));
@ -197,9 +197,9 @@ TEST_F(SrtpSessionTest, TestReplay) {
static const uint16_t replay_window = 1024;
int out_len;
EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen,
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds));
// Initial sequence number.

4
pc/srtp_transport.cc
View File

@ -50,7 +50,7 @@ RTCError SrtpTransport::SetSrtpSendKey(const cricket::CryptoParams& params) {
}
send_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(params.cipher_suite);
if (*send_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) {
if (*send_cipher_suite_ == rtc::kSrtpInvalidCryptoSuite) {
return RTCError(RTCErrorType::INVALID_PARAMETER,
"Invalid SRTP crypto suite");
}
@ -90,7 +90,7 @@ RTCError SrtpTransport::SetSrtpReceiveKey(const cricket::CryptoParams& params) {
}
recv_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(params.cipher_suite);
if (*recv_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) {
if (*recv_cipher_suite_ == rtc::kSrtpInvalidCryptoSuite) {
return RTCError(RTCErrorType::INVALID_PARAMETER,
"Invalid SRTP crypto suite");
}

58
pc/srtp_transport_unittest.cc
View File

@ -29,10 +29,10 @@
#include "rtc_base/third_party/sigslot/sigslot.h"
#include "test/gtest.h"
using rtc::kSrtpAeadAes128Gcm;
using rtc::kTestKey1;
using rtc::kTestKey2;
using rtc::kTestKeyLen;
using rtc::SRTP_AEAD_AES_128_GCM;
namespace webrtc {
static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12";
@ -94,10 +94,10 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
int overhead;
EXPECT_TRUE(transport->GetSrtpOverhead(&overhead));
switch (rtc::SrtpCryptoSuiteFromName(cs)) {
case rtc::SRTP_AES128_CM_SHA1_32:
case rtc::kSrtpAes128CmSha1_32:
EXPECT_EQ(32 / 8, overhead); // 32-bit tag.
break;
case rtc::SRTP_AES128_CM_SHA1_80:
case rtc::kSrtpAes128CmSha1_80:
EXPECT_EQ(80 / 8, overhead); // 80-bit tag.
break;
default:
@ -343,61 +343,61 @@ class SrtpTransportTestWithExternalAuth
TEST_P(SrtpTransportTestWithExternalAuth,
SendAndRecvPacket_AES_CM_128_HMAC_SHA1_80) {
bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::CS_AES_CM_128_HMAC_SHA1_80);
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_80, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::kCsAesCm128HmacSha1_80);
}
TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_80) {
TestSendRecvEncryptedHeaderExtension(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_80, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::CS_AES_CM_128_HMAC_SHA1_80);
rtc::kCsAesCm128HmacSha1_80);
}
TEST_P(SrtpTransportTestWithExternalAuth,
SendAndRecvPacket_AES_CM_128_HMAC_SHA1_32) {
bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::CS_AES_CM_128_HMAC_SHA1_32);
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_32, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::kCsAesCm128HmacSha1_32);
}
TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_32) {
TestSendRecvEncryptedHeaderExtension(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_32, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen,
rtc::CS_AES_CM_128_HMAC_SHA1_32);
rtc::kCsAesCm128HmacSha1_32);
}
TEST_P(SrtpTransportTestWithExternalAuth,
SendAndRecvPacket_SRTP_AEAD_AES_128_GCM) {
SendAndRecvPacket_kSrtpAeadAes128Gcm) {
bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::SRTP_AEAD_AES_128_GCM,
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes128Gcm,
kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2,
kTestKeyGcm128Len, rtc::CS_AEAD_AES_128_GCM);
kTestKeyGcm128Len, rtc::kCsAeadAes128Gcm);
}
TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_SRTP_AEAD_AES_128_GCM) {
SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes128Gcm) {
TestSendRecvEncryptedHeaderExtension(
rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, kTestKeyGcm128Len,
kTestKeyGcm128_2, kTestKeyGcm128Len, rtc::CS_AEAD_AES_128_GCM);
rtc::kSrtpAeadAes128Gcm, kTestKeyGcm128_1, kTestKeyGcm128Len,
kTestKeyGcm128_2, kTestKeyGcm128Len, rtc::kCsAeadAes128Gcm);
}
TEST_P(SrtpTransportTestWithExternalAuth,
SendAndRecvPacket_SRTP_AEAD_AES_256_GCM) {
SendAndRecvPacket_kSrtpAeadAes256Gcm) {
bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::SRTP_AEAD_AES_256_GCM,
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes256Gcm,
kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2,
kTestKeyGcm256Len, rtc::CS_AEAD_AES_256_GCM);
kTestKeyGcm256Len, rtc::kCsAeadAes256Gcm);
}
TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_SRTP_AEAD_AES_256_GCM) {
SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes256Gcm) {
TestSendRecvEncryptedHeaderExtension(
rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, kTestKeyGcm256Len,
kTestKeyGcm256_2, kTestKeyGcm256Len, rtc::CS_AEAD_AES_256_GCM);
rtc::kSrtpAeadAes256Gcm, kTestKeyGcm256_1, kTestKeyGcm256Len,
kTestKeyGcm256_2, kTestKeyGcm256Len, rtc::kCsAeadAes256Gcm);
}
// Run all tests both with and without external auth enabled.
@ -409,11 +409,11 @@ INSTANTIATE_TEST_SUITE_P(ExternalAuth,
TEST_F(SrtpTransportTest, TestSetParamsKeyTooShort) {
std::vector<int> extension_ids;
EXPECT_FALSE(srtp_transport1_->SetRtpParams(
rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids,
rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids));
rtc::kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen - 1, extension_ids,
rtc::kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen - 1, extension_ids));
EXPECT_FALSE(srtp_transport1_->SetRtcpParams(
rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids,
rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids));
rtc::kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen - 1, extension_ids,
rtc::kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen - 1, extension_ids));
}
} // namespace webrtc

4
pc/stats_collector.cc
View File

@ -977,14 +977,14 @@ void StatsCollector::ExtractSessionInfo_s(SessionStats& session_stats) {
remote_cert_report_id);
}
int srtp_crypto_suite = channel_iter.srtp_crypto_suite;
if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE &&
if (srtp_crypto_suite != rtc::kSrtpInvalidCryptoSuite &&
rtc::SrtpCryptoSuiteToName(srtp_crypto_suite).length()) {
channel_report->AddString(
StatsReport::kStatsValueNameSrtpCipher,
rtc::SrtpCryptoSuiteToName(srtp_crypto_suite));
}
int ssl_cipher_suite = channel_iter.ssl_cipher_suite;
if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL &&
if (ssl_cipher_suite != rtc::kTlsNullWithNullNull &&
rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite)
.length()) {
channel_report->AddString(

4
pc/stats_collector_unittest.cc
View File

@ -674,7 +674,7 @@ class StatsCollectorTest : public ::testing::Test {
// Fake stats to process.
TransportChannelStats channel_stats;
channel_stats.component = 1;
channel_stats.srtp_crypto_suite = rtc::SRTP_AES128_CM_SHA1_80;
channel_stats.srtp_crypto_suite = rtc::kSrtpAes128CmSha1_80;
channel_stats.ssl_cipher_suite =
internal::TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
pc->SetTransportStats(kTransportName, channel_stats);
@ -729,7 +729,7 @@ class StatsCollectorTest : public ::testing::Test {
std::string srtp_crypto_suite =
ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports,
StatsReport::kStatsValueNameSrtpCipher);
EXPECT_EQ(rtc::SrtpCryptoSuiteToName(rtc::SRTP_AES128_CM_SHA1_80),
EXPECT_EQ(rtc::SrtpCryptoSuiteToName(rtc::kSrtpAes128CmSha1_80),
srtp_crypto_suite);
}
};

4
pc/test/integration_test_helpers.h
View File

@ -150,8 +150,8 @@ static const char kDataChannelLabel[] = "data_channel";
// SRTP cipher name negotiated by the tests. This must be updated if the
// default changes.
static const int kDefaultSrtpCryptoSuite = rtc::SRTP_AES128_CM_SHA1_80;
static const int kDefaultSrtpCryptoSuiteGcm = rtc::SRTP_AEAD_AES_256_GCM;
static const int kDefaultSrtpCryptoSuite = rtc::kSrtpAes128CmSha1_80;
static const int kDefaultSrtpCryptoSuiteGcm = rtc::kSrtpAeadAes256Gcm;
static const SocketAddress kDefaultLocalAddress("192.168.1.1", 0);

12
pc/test/srtp_test_util.h
View File

@ -15,25 +15,25 @@
namespace rtc {
extern const char CS_AES_CM_128_HMAC_SHA1_32[];
extern const char CS_AEAD_AES_128_GCM[];
extern const char CS_AEAD_AES_256_GCM[];
extern const char kCsAesCm128HmacSha1_32[];
extern const char kCsAeadAes128Gcm[];
extern const char kCsAeadAes256Gcm[];
static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA";
static const int kTestKeyLen = 30;
static int rtp_auth_tag_len(const std::string& cs) {
if (cs == CS_AES_CM_128_HMAC_SHA1_32) {
if (cs == kCsAesCm128HmacSha1_32) {
return 4;
} else if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) {
} else if (cs == kCsAeadAes128Gcm || cs == kCsAeadAes256Gcm) {
return 16;
} else {
return 10;
}
}
static int rtcp_auth_tag_len(const std::string& cs) {
if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) {
if (cs == kCsAeadAes128Gcm || cs == kCsAeadAes256Gcm) {
return 16;
} else {
return 10;

4
pc/transport_stats.h
View File

@ -29,8 +29,8 @@ struct TransportChannelStats {
int component = 0;
int ssl_version_bytes = 0;
int srtp_crypto_suite = rtc::SRTP_INVALID_CRYPTO_SUITE;
int ssl_cipher_suite = rtc::TLS_NULL_WITH_NULL_NULL;
int srtp_crypto_suite = rtc::kSrtpInvalidCryptoSuite;
int ssl_cipher_suite = rtc::kTlsNullWithNullNull;
webrtc::DtlsTransportState dtls_state = webrtc::DtlsTransportState::kNew;
IceTransportStats ice_transport_stats;
};

8
rtc_base/openssl_stream_adapter.cc
View File

@ -73,10 +73,10 @@ struct SslCipherMapEntry {
// This isn't elegant, but it's better than an external reference
constexpr SrtpCipherMapEntry kSrtpCipherMap[] = {
{"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80},
{"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32},
{"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM},
{"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM}};
{"SRTP_AES128_CM_SHA1_80", kSrtpAes128CmSha1_80},
{"SRTP_AES128_CM_SHA1_32", kSrtpAes128CmSha1_32},
{"SRTP_AEAD_AES_128_GCM", kSrtpAeadAes128Gcm},
{"SRTP_AEAD_AES_256_GCM", kSrtpAeadAes256Gcm}};
#ifndef OPENSSL_IS_BORINGSSL
// The "SSL_CIPHER_standard_name" function is only available in OpenSSL when

62
rtc_base/ssl_stream_adapter.cc
View File

@ -19,57 +19,66 @@ namespace rtc {
// TODO(guoweis): Move this to SDP layer and use int form internally.
// webrtc:5043.
const char kCsAesCm128HmacSha1_80[] = "AES_CM_128_HMAC_SHA1_80";
const char kCsAesCm128HmacSha1_32[] = "AES_CM_128_HMAC_SHA1_32";
const char kCsAeadAes128Gcm[] = "AEAD_AES_128_GCM";
const char kCsAeadAes256Gcm[] = "AEAD_AES_256_GCM";
// TODO(bugs.webrtc.org/12997): Start.
// Remove the following constants which violate the style guide and can
// potentially clash with OpenSSL macros.
const char CS_AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
const char CS_AES_CM_128_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
const char CS_AEAD_AES_128_GCM[] = "AEAD_AES_128_GCM";
const char CS_AEAD_AES_256_GCM[] = "AEAD_AES_256_GCM";
// TODO(bugs.webrtc.org/12997): End.
std::string SrtpCryptoSuiteToName(int crypto_suite) {
switch (crypto_suite) {
case SRTP_AES128_CM_SHA1_32:
return CS_AES_CM_128_HMAC_SHA1_32;
case SRTP_AES128_CM_SHA1_80:
return CS_AES_CM_128_HMAC_SHA1_80;
case SRTP_AEAD_AES_128_GCM:
return CS_AEAD_AES_128_GCM;
case SRTP_AEAD_AES_256_GCM:
return CS_AEAD_AES_256_GCM;
case kSrtpAes128CmSha1_32:
return kCsAesCm128HmacSha1_32;
case kSrtpAes128CmSha1_80:
return kCsAesCm128HmacSha1_80;
case kSrtpAeadAes128Gcm:
return kCsAeadAes128Gcm;
case kSrtpAeadAes256Gcm:
return kCsAeadAes256Gcm;
default:
return std::string();
}
}
int SrtpCryptoSuiteFromName(const std::string& crypto_suite) {
if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_32)
return SRTP_AES128_CM_SHA1_32;
if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_80)
return SRTP_AES128_CM_SHA1_80;
if (crypto_suite == CS_AEAD_AES_128_GCM)
return SRTP_AEAD_AES_128_GCM;
if (crypto_suite == CS_AEAD_AES_256_GCM)
return SRTP_AEAD_AES_256_GCM;
return SRTP_INVALID_CRYPTO_SUITE;
if (crypto_suite == kCsAesCm128HmacSha1_32)
return kSrtpAes128CmSha1_32;
if (crypto_suite == kCsAesCm128HmacSha1_80)
return kSrtpAes128CmSha1_80;
if (crypto_suite == kCsAeadAes128Gcm)
return kSrtpAeadAes128Gcm;
if (crypto_suite == kCsAeadAes256Gcm)
return kSrtpAeadAes256Gcm;
return kSrtpInvalidCryptoSuite;
}
bool GetSrtpKeyAndSaltLengths(int crypto_suite,
int* key_length,
int* salt_length) {
switch (crypto_suite) {
case SRTP_AES128_CM_SHA1_32:
case SRTP_AES128_CM_SHA1_80:
case kSrtpAes128CmSha1_32:
case kSrtpAes128CmSha1_80:
// SRTP_AES128_CM_HMAC_SHA1_32 and SRTP_AES128_CM_HMAC_SHA1_80 are defined
// in RFC 5764 to use a 128 bits key and 112 bits salt for the cipher.
*key_length = 16;
*salt_length = 14;
break;
case SRTP_AEAD_AES_128_GCM:
// SRTP_AEAD_AES_128_GCM is defined in RFC 7714 to use a 128 bits key and
case kSrtpAeadAes128Gcm:
// kSrtpAeadAes128Gcm is defined in RFC 7714 to use a 128 bits key and
// a 96 bits salt for the cipher.
*key_length = 16;
*salt_length = 12;
break;
case SRTP_AEAD_AES_256_GCM:
// SRTP_AEAD_AES_256_GCM is defined in RFC 7714 to use a 256 bits key and
case kSrtpAeadAes256Gcm:
// kSrtpAeadAes256Gcm is defined in RFC 7714 to use a 256 bits key and
// a 96 bits salt for the cipher.
*key_length = 32;
*salt_length = 12;
@ -81,13 +90,12 @@ bool GetSrtpKeyAndSaltLengths(int crypto_suite,
}
bool IsGcmCryptoSuite(int crypto_suite) {
return (crypto_suite == SRTP_AEAD_AES_256_GCM ||
crypto_suite == SRTP_AEAD_AES_128_GCM);
return (crypto_suite == kSrtpAeadAes256Gcm ||
crypto_suite == kSrtpAeadAes128Gcm);
}
bool IsGcmCryptoSuiteName(const std::string& crypto_suite) {
return (crypto_suite == CS_AEAD_AES_256_GCM ||
crypto_suite == CS_AEAD_AES_128_GCM);
return (crypto_suite == kCsAeadAes256Gcm || crypto_suite == kCsAeadAes128Gcm);
}
std::unique_ptr<SSLStreamAdapter> SSLStreamAdapter::Create(

30
rtc_base/ssl_stream_adapter.h
View File

@ -26,11 +26,12 @@
namespace rtc {
// Constants for SSL profile.
const int TLS_NULL_WITH_NULL_NULL = 0;
const int SSL_CIPHER_SUITE_MAX_VALUE = 0xFFFF;
constexpr int kTlsNullWithNullNull = 0;
constexpr int kSslCipherSuiteMaxValue = 0xFFFF;
// Constants for SRTP profiles.
const int SRTP_INVALID_CRYPTO_SUITE = 0;
// TODO(bugs.webrtc.org/12997): Start.
// Remove the following constants which violate the style guide and can
// potentially clash with OpenSSL macros.
#ifndef SRTP_AES128_CM_SHA1_80
const int SRTP_AES128_CM_SHA1_80 = 0x0001;
#endif
@ -43,8 +44,6 @@ const int SRTP_AEAD_AES_128_GCM = 0x0007;
#ifndef SRTP_AEAD_AES_256_GCM
const int SRTP_AEAD_AES_256_GCM = 0x0008;
#endif
const int SRTP_CRYPTO_SUITE_MAX_VALUE = 0xFFFF;
// Names of SRTP profiles listed above.
// 128-bit AES with 80-bit SHA-1 HMAC.
extern const char CS_AES_CM_128_HMAC_SHA1_80[];
@ -54,6 +53,25 @@ extern const char CS_AES_CM_128_HMAC_SHA1_32[];
extern const char CS_AEAD_AES_128_GCM[];
// 256-bit AES GCM with 16 byte AEAD auth tag.
extern const char CS_AEAD_AES_256_GCM[];
// TODO(bugs.webrtc.org/12997): End.
// Constants for SRTP profiles.
constexpr int kSrtpInvalidCryptoSuite = 0;
constexpr int kSrtpAes128CmSha1_80 = 0x0001;
constexpr int kSrtpAes128CmSha1_32 = 0x0002;
constexpr int kSrtpAeadAes128Gcm = 0x0007;
constexpr int kSrtpAeadAes256Gcm = 0x0008;
constexpr int kSrtpCryptoSuiteMaxValue = 0xFFFF;
// Names of SRTP profiles listed above.
// 128-bit AES with 80-bit SHA-1 HMAC.
extern const char kCsAesCm128HmacSha1_80[];
// 128-bit AES with 32-bit SHA-1 HMAC.
extern const char kCsAesCm128HmacSha1_32[];
// 128-bit AES GCM with 16 byte AEAD auth tag.
extern const char kCsAeadAes128Gcm[];
// 256-bit AES GCM with 16 byte AEAD auth tag.
extern const char kCsAeadAes256Gcm[];
// Given the DTLS-SRTP protection profile ID, as defined in
// https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile

54
rtc_base/ssl_stream_adapter_unittest.cc
View File

@ -1245,7 +1245,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) {
// Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
high.push_back(rtc::kSrtpAes128CmSha1_80);
SetDtlsSrtpCryptoSuites(high, true);
SetDtlsSrtpCryptoSuites(high, false);
TestHandshake();
@ -1256,13 +1256,13 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80);
}
// Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
low.push_back(rtc::kSrtpAes128CmSha1_32);
SetDtlsSrtpCryptoSuites(low, true);
SetDtlsSrtpCryptoSuites(low, false);
TestHandshake();
@ -1273,15 +1273,15 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_32);
}
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
high.push_back(rtc::kSrtpAes128CmSha1_80);
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
low.push_back(rtc::kSrtpAes128CmSha1_32);
SetDtlsSrtpCryptoSuites(high, true);
SetDtlsSrtpCryptoSuites(low, false);
TestHandshake();
@ -1295,8 +1295,8 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
// Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
std::vector<int> mixed;
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
mixed.push_back(rtc::kSrtpAes128CmSha1_80);
mixed.push_back(rtc::kSrtpAes128CmSha1_32);
SetDtlsSrtpCryptoSuites(mixed, true);
SetDtlsSrtpCryptoSuites(mixed, false);
TestHandshake();
@ -1307,13 +1307,13 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80);
}
// Test DTLS-SRTP with all GCM-128 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
gcm128.push_back(rtc::kSrtpAeadAes128Gcm);
SetDtlsSrtpCryptoSuites(gcm128, true);
SetDtlsSrtpCryptoSuites(gcm128, false);
TestHandshake();
@ -1324,13 +1324,13 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM);
ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes128Gcm);
}
// Test DTLS-SRTP with all GCM-256 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
std::vector<int> gcm256;
gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
gcm256.push_back(rtc::kSrtpAeadAes256Gcm);
SetDtlsSrtpCryptoSuites(gcm256, true);
SetDtlsSrtpCryptoSuites(gcm256, false);
TestHandshake();
@ -1341,15 +1341,15 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm);
}
// Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
gcm128.push_back(rtc::kSrtpAeadAes128Gcm);
std::vector<int> gcm256;
gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
gcm256.push_back(rtc::kSrtpAeadAes256Gcm);
SetDtlsSrtpCryptoSuites(gcm128, true);
SetDtlsSrtpCryptoSuites(gcm256, false);
TestHandshake();
@ -1363,8 +1363,8 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
// Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
std::vector<int> gcmBoth;
gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
gcmBoth.push_back(rtc::kSrtpAeadAes256Gcm);
gcmBoth.push_back(rtc::kSrtpAeadAes128Gcm);
SetDtlsSrtpCryptoSuites(gcmBoth, true);
SetDtlsSrtpCryptoSuites(gcmBoth, false);
TestHandshake();
@ -1375,7 +1375,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm);
}
// Test SRTP cipher suite lengths.
@ -1383,26 +1383,26 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
int key_len;
int salt_len;
ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_INVALID_CRYPTO_SUITE,
ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpInvalidCryptoSuite,
&key_len, &salt_len));
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AES128_CM_SHA1_32,
&key_len, &salt_len));
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_32, &key_len,
&salt_len));
ASSERT_EQ(128 / 8, key_len);
ASSERT_EQ(112 / 8, salt_len);
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AES128_CM_SHA1_80,
&key_len, &salt_len));
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_80, &key_len,
&salt_len));
ASSERT_EQ(128 / 8, key_len);
ASSERT_EQ(112 / 8, salt_len);
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AEAD_AES_128_GCM,
&key_len, &salt_len));
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes128Gcm, &key_len,
&salt_len));
ASSERT_EQ(128 / 8, key_len);
ASSERT_EQ(96 / 8, salt_len);
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AEAD_AES_256_GCM,
&key_len, &salt_len));
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes256Gcm, &key_len,
&salt_len));
ASSERT_EQ(256 / 8, key_len);
ASSERT_EQ(96 / 8, salt_len);
}

2
sdk/android/api/org/webrtc/CryptoOptions.java
View File

@ -29,7 +29,7 @@ public final class CryptoOptions {
private final boolean enableGcmCryptoSuites;
/**
* If set to true, the (potentially insecure) crypto cipher
* SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
* kSrtpAes128CmSha1_32 will be included in the list of supported ciphers
* during negotiation. It will only be used if both peers support it and no
* other ciphers get preferred.
*/

2
sdk/objc/api/peerconnection/RTCCryptoOptions.h
View File

@ -28,7 +28,7 @@ RTC_OBJC_EXPORT
@property(nonatomic, assign) BOOL srtpEnableGcmCryptoSuites;
/**
* If set to true, the (potentially insecure) crypto cipher
* SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
* kSrtpAes128CmSha1_32 will be included in the list of supported ciphers
* during negotiation. It will only be used if both peers support it and no
* other ciphers get preferred.
*/