admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean up SRTP helper functions

Browse Source 
BUG=None

Change-Id: If1df1828a09aef2e335c028cf4425c9507906aac
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/354649
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Cr-Commit-Position: refs/heads/main@{#42525}
This commit is contained in:
Philipp Hancke 2024-06-21 09:43:28 -07:00 committed by WebRTC LUCI CQ
parent 26d3e569be
commit c47f649e67
7 changed files with 99 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pc/media_session_unittest.cc
View File

@ -52,10 +52,6 @@
namespace cricket { namespace cricket {
namespace { namespace {
using ::rtc::kCsAeadAes128Gcm;
using ::rtc::kCsAeadAes256Gcm;
using ::rtc::kCsAesCm128HmacSha1_32;
using ::rtc::kCsAesCm128HmacSha1_80;
using ::rtc::UniqueRandomIdGenerator; using ::rtc::UniqueRandomIdGenerator;
using ::testing::Bool; using ::testing::Bool;
using ::testing::Combine; using ::testing::Combine;

33
pc/srtp_session_unittest.cc
View File

@ -44,29 +44,30 @@ class SrtpSessionTest : public ::testing::Test {
memcpy(rtp_packet_, kPcmuFrame, rtp_len_); memcpy(rtp_packet_, kPcmuFrame, rtp_len_);
memcpy(rtcp_packet_, kRtcpReport, rtcp_len_); memcpy(rtcp_packet_, kRtcpReport, rtcp_len_);
} }
void TestProtectRtp(const std::string& cs) { void TestProtectRtp(int crypto_suite) {
int out_len = 0; int out_len = 0;
EXPECT_TRUE( EXPECT_TRUE(
s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len)); s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len));
EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs)); EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(crypto_suite));
EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_)); EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_));
rtp_len_ = out_len; rtp_len_ = out_len;
} }
void TestProtectRtcp(const std::string& cs) { void TestProtectRtcp(int crypto_suite) {
int out_len = 0; int out_len = 0;
EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, sizeof(rtcp_packet_), EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, sizeof(rtcp_packet_),
&out_len)); &out_len));
EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs)); // NOLINT EXPECT_EQ(out_len,
rtcp_len_ + 4 + rtcp_auth_tag_len(crypto_suite)); // NOLINT
EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_)); EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_));
rtcp_len_ = out_len; rtcp_len_ = out_len;
} }
void TestUnprotectRtp(const std::string& cs) { void TestUnprotectRtp(int crypto_suite) {
int out_len = 0, expected_len = sizeof(kPcmuFrame); int out_len = 0, expected_len = sizeof(kPcmuFrame);
EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
EXPECT_EQ(expected_len, out_len); EXPECT_EQ(expected_len, out_len);
EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len)); EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len));
} }
void TestUnprotectRtcp(const std::string& cs) { void TestUnprotectRtcp(int crypto_suite) {
int out_len = 0, expected_len = sizeof(kRtcpReport); int out_len = 0, expected_len = sizeof(kRtcpReport);
EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
EXPECT_EQ(expected_len, out_len); EXPECT_EQ(expected_len, out_len);
@ -115,10 +116,10 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
kEncryptedHeaderExtensionIds)); kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds)); kEncryptedHeaderExtensionIds));
TestProtectRtp(kCsAesCm128HmacSha1_80); TestProtectRtp(kSrtpAes128CmSha1_80);
TestProtectRtcp(kCsAesCm128HmacSha1_80); TestProtectRtcp(kSrtpAes128CmSha1_80);
TestUnprotectRtp(kCsAesCm128HmacSha1_80); TestUnprotectRtp(kSrtpAes128CmSha1_80);
TestUnprotectRtcp(kCsAesCm128HmacSha1_80); TestUnprotectRtcp(kSrtpAes128CmSha1_80);
} }
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32. // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
@ -127,10 +128,10 @@ TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
kEncryptedHeaderExtensionIds)); kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen, EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds)); kEncryptedHeaderExtensionIds));
TestProtectRtp(kCsAesCm128HmacSha1_32); TestProtectRtp(kSrtpAes128CmSha1_32);
TestProtectRtcp(kCsAesCm128HmacSha1_32); TestProtectRtcp(kSrtpAes128CmSha1_32);
TestUnprotectRtp(kCsAesCm128HmacSha1_32); TestUnprotectRtp(kSrtpAes128CmSha1_32);
TestUnprotectRtcp(kCsAesCm128HmacSha1_32); TestUnprotectRtcp(kSrtpAes128CmSha1_32);
} }
TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) { TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
@ -152,8 +153,8 @@ TEST_F(SrtpSessionTest, TestTamperReject) {
kEncryptedHeaderExtensionIds)); kEncryptedHeaderExtensionIds));
EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
kEncryptedHeaderExtensionIds)); kEncryptedHeaderExtensionIds));
TestProtectRtp(kCsAesCm128HmacSha1_80); TestProtectRtp(kSrtpAes128CmSha1_80);
TestProtectRtcp(kCsAesCm128HmacSha1_80); TestProtectRtcp(kSrtpAes128CmSha1_80);
rtp_packet_[0] = 0x12; rtp_packet_[0] = 0x12;
rtcp_packet_[1] = 0x34; rtcp_packet_[1] = 0x34;
EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));

100
pc/srtp_transport_unittest.cc
View File

@ -98,10 +98,10 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
// unprotect would fail. Check accessing the information about the // unprotect would fail. Check accessing the information about the
// tag instead, similar to what the actual code would do that relies // tag instead, similar to what the actual code would do that relies
// on external auth. // on external auth.
void TestRtpAuthParams(SrtpTransport* transport, const std::string& cs) { void TestRtpAuthParams(SrtpTransport* transport, int crypto_suite) {
int overhead; int overhead;
EXPECT_TRUE(transport->GetSrtpOverhead(&overhead)); EXPECT_TRUE(transport->GetSrtpOverhead(&overhead));
switch (rtc::SrtpCryptoSuiteFromName(cs)) { switch (crypto_suite) {
case rtc::kSrtpAes128CmSha1_32: case rtc::kSrtpAes128CmSha1_32:
EXPECT_EQ(32 / 8, overhead); // 32-bit tag. EXPECT_EQ(32 / 8, overhead); // 32-bit tag.
break; break;
@ -122,9 +122,9 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
EXPECT_EQ(overhead, tag_len); EXPECT_EQ(overhead, tag_len);
} }
void TestSendRecvRtpPacket(const std::string& cipher_suite_name) { void TestSendRecvRtpPacket(int crypto_suite) {
size_t rtp_len = sizeof(kPcmuFrame); size_t rtp_len = sizeof(kPcmuFrame);
size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(cipher_suite_name); size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(crypto_suite);
rtc::Buffer rtp_packet_buffer(packet_size); rtc::Buffer rtp_packet_buffer(packet_size);
char* rtp_packet_data = rtp_packet_buffer.data<char>(); char* rtp_packet_data = rtp_packet_buffer.data<char>();
memcpy(rtp_packet_data, kPcmuFrame, rtp_len); memcpy(rtp_packet_data, kPcmuFrame, rtp_len);
@ -146,7 +146,7 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
ASSERT_TRUE(srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options, ASSERT_TRUE(srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options,
cricket::PF_SRTP_BYPASS)); cricket::PF_SRTP_BYPASS));
if (srtp_transport1_->IsExternalAuthActive()) { if (srtp_transport1_->IsExternalAuthActive()) {
TestRtpAuthParams(srtp_transport1_.get(), cipher_suite_name); TestRtpAuthParams(srtp_transport1_.get(), crypto_suite);
} else { } else {
ASSERT_TRUE(rtp_sink2_.last_recv_rtp_packet().data()); ASSERT_TRUE(rtp_sink2_.last_recv_rtp_packet().data());
EXPECT_EQ(0, memcmp(rtp_sink2_.last_recv_rtp_packet().data(), EXPECT_EQ(0, memcmp(rtp_sink2_.last_recv_rtp_packet().data(),
@ -163,7 +163,7 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
ASSERT_TRUE(srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options, ASSERT_TRUE(srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options,
cricket::PF_SRTP_BYPASS)); cricket::PF_SRTP_BYPASS));
if (srtp_transport2_->IsExternalAuthActive()) { if (srtp_transport2_->IsExternalAuthActive()) {
TestRtpAuthParams(srtp_transport2_.get(), cipher_suite_name); TestRtpAuthParams(srtp_transport2_.get(), crypto_suite);
} else { } else {
ASSERT_TRUE(rtp_sink1_.last_recv_rtp_packet().data()); ASSERT_TRUE(rtp_sink1_.last_recv_rtp_packet().data());
EXPECT_EQ(0, memcmp(rtp_sink1_.last_recv_rtp_packet().data(), EXPECT_EQ(0, memcmp(rtp_sink1_.last_recv_rtp_packet().data(),
@ -175,10 +175,9 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
} }
} }
void TestSendRecvRtcpPacket(const std::string& cipher_suite_name) { void TestSendRecvRtcpPacket(int crypto_suite) {
size_t rtcp_len = sizeof(::kRtcpReport); size_t rtcp_len = sizeof(::kRtcpReport);
size_t packet_size = size_t packet_size = rtcp_len + 4 + rtc::rtcp_auth_tag_len(crypto_suite);
rtcp_len + 4 + rtc::rtcp_auth_tag_len(cipher_suite_name);
rtc::Buffer rtcp_packet_buffer(packet_size); rtc::Buffer rtcp_packet_buffer(packet_size);
char* rtcp_packet_data = rtcp_packet_buffer.data<char>(); char* rtcp_packet_data = rtcp_packet_buffer.data<char>();
memcpy(rtcp_packet_data, ::kRtcpReport, rtcp_len); memcpy(rtcp_packet_data, ::kRtcpReport, rtcp_len);
@ -216,45 +215,47 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
} }
void TestSendRecvPacket(bool enable_external_auth, void TestSendRecvPacket(bool enable_external_auth,
int cs, int crypto_suite,
const uint8_t* key1, const uint8_t* key1,
int key1_len, int key1_len,
const uint8_t* key2, const uint8_t* key2,
int key2_len, int key2_len) {
const std::string& cipher_suite_name) {
EXPECT_EQ(key1_len, key2_len); EXPECT_EQ(key1_len, key2_len);
EXPECT_EQ(cipher_suite_name, rtc::SrtpCryptoSuiteToName(cs));
if (enable_external_auth) { if (enable_external_auth) {
srtp_transport1_->EnableExternalAuth(); srtp_transport1_->EnableExternalAuth();
srtp_transport2_->EnableExternalAuth(); srtp_transport2_->EnableExternalAuth();
} }
std::vector<int> extension_ids; std::vector<int> extension_ids;
EXPECT_TRUE(srtp_transport1_->SetRtpParams( EXPECT_TRUE(srtp_transport1_->SetRtpParams(crypto_suite, key1, key1_len,
cs, key1, key1_len, extension_ids, cs, key2, key2_len, extension_ids)); extension_ids, crypto_suite,
EXPECT_TRUE(srtp_transport2_->SetRtpParams( key2, key2_len, extension_ids));
cs, key2, key2_len, extension_ids, cs, key1, key1_len, extension_ids)); EXPECT_TRUE(srtp_transport2_->SetRtpParams(crypto_suite, key2, key2_len,
EXPECT_TRUE(srtp_transport1_->SetRtcpParams( extension_ids, crypto_suite,
cs, key1, key1_len, extension_ids, cs, key2, key2_len, extension_ids)); key1, key1_len, extension_ids));
EXPECT_TRUE(srtp_transport2_->SetRtcpParams( EXPECT_TRUE(srtp_transport1_->SetRtcpParams(crypto_suite, key1, key1_len,
cs, key2, key2_len, extension_ids, cs, key1, key1_len, extension_ids)); extension_ids, crypto_suite,
key2, key2_len, extension_ids));
EXPECT_TRUE(srtp_transport2_->SetRtcpParams(crypto_suite, key2, key2_len,
extension_ids, crypto_suite,
key1, key1_len, extension_ids));
EXPECT_TRUE(srtp_transport1_->IsSrtpActive()); EXPECT_TRUE(srtp_transport1_->IsSrtpActive());
EXPECT_TRUE(srtp_transport2_->IsSrtpActive()); EXPECT_TRUE(srtp_transport2_->IsSrtpActive());
if (rtc::IsGcmCryptoSuite(cs)) { if (rtc::IsGcmCryptoSuite(crypto_suite)) {
EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive()); EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive());
EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive()); EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive());
} else if (enable_external_auth) { } else if (enable_external_auth) {
EXPECT_TRUE(srtp_transport1_->IsExternalAuthActive()); EXPECT_TRUE(srtp_transport1_->IsExternalAuthActive());
EXPECT_TRUE(srtp_transport2_->IsExternalAuthActive()); EXPECT_TRUE(srtp_transport2_->IsExternalAuthActive());
} }
TestSendRecvRtpPacket(cipher_suite_name); TestSendRecvRtpPacket(crypto_suite);
TestSendRecvRtcpPacket(cipher_suite_name); TestSendRecvRtcpPacket(crypto_suite);
} }
void TestSendRecvPacketWithEncryptedHeaderExtension( void TestSendRecvPacketWithEncryptedHeaderExtension(
const std::string& cs, int crypto_suite,
const std::vector<int>& encrypted_header_ids) { const std::vector<int>& encrypted_header_ids) {
size_t rtp_len = sizeof(kPcmuFrameWithExtensions); size_t rtp_len = sizeof(kPcmuFrameWithExtensions);
size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(cs); size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(crypto_suite);
rtc::Buffer rtp_packet_buffer(packet_size); rtc::Buffer rtp_packet_buffer(packet_size);
char* rtp_packet_data = rtp_packet_buffer.data<char>(); char* rtp_packet_data = rtp_packet_buffer.data<char>();
memcpy(rtp_packet_data, kPcmuFrameWithExtensions, rtp_len); memcpy(rtp_packet_data, kPcmuFrameWithExtensions, rtp_len);
@ -307,29 +308,28 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> {
original_rtp_data, rtp_len, encrypted_header_ids, false); original_rtp_data, rtp_len, encrypted_header_ids, false);
} }
void TestSendRecvEncryptedHeaderExtension(int cs, void TestSendRecvEncryptedHeaderExtension(int crypto_suite,
const uint8_t* key1, const uint8_t* key1,
int key1_len, int key1_len,
const uint8_t* key2, const uint8_t* key2,
int key2_len, int key2_len) {
const std::string& cs_name) {
std::vector<int> encrypted_headers; std::vector<int> encrypted_headers;
encrypted_headers.push_back(kHeaderExtensionIDs[0]); encrypted_headers.push_back(kHeaderExtensionIDs[0]);
// Don't encrypt header ids 2 and 3. // Don't encrypt header ids 2 and 3.
encrypted_headers.push_back(kHeaderExtensionIDs[1]); encrypted_headers.push_back(kHeaderExtensionIDs[1]);
EXPECT_EQ(key1_len, key2_len); EXPECT_EQ(key1_len, key2_len);
EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs)); EXPECT_TRUE(srtp_transport1_->SetRtpParams(
EXPECT_TRUE(srtp_transport1_->SetRtpParams(cs, key1, key1_len, crypto_suite, key1, key1_len, encrypted_headers, crypto_suite, key2,
encrypted_headers, cs, key2,
key2_len, encrypted_headers)); key2_len, encrypted_headers));
EXPECT_TRUE(srtp_transport2_->SetRtpParams(cs, key2, key2_len, EXPECT_TRUE(srtp_transport2_->SetRtpParams(
encrypted_headers, cs, key1, crypto_suite, key2, key2_len, encrypted_headers, crypto_suite, key1,
key1_len, encrypted_headers)); key1_len, encrypted_headers));
EXPECT_TRUE(srtp_transport1_->IsSrtpActive()); EXPECT_TRUE(srtp_transport1_->IsSrtpActive());
EXPECT_TRUE(srtp_transport2_->IsSrtpActive()); EXPECT_TRUE(srtp_transport2_->IsSrtpActive());
EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive()); EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive());
EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive()); EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive());
TestSendRecvPacketWithEncryptedHeaderExtension(cs_name, encrypted_headers); TestSendRecvPacketWithEncryptedHeaderExtension(crypto_suite,
encrypted_headers);
} }
std::unique_ptr<SrtpTransport> srtp_transport1_; std::unique_ptr<SrtpTransport> srtp_transport1_;
@ -353,30 +353,26 @@ TEST_P(SrtpTransportTestWithExternalAuth,
SendAndRecvPacket_AES_CM_128_HMAC_SHA1_80) { SendAndRecvPacket_AES_CM_128_HMAC_SHA1_80) {
bool enable_external_auth = GetParam(); bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_80, kTestKey1, TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_80, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen, kTestKeyLen, kTestKey2, kTestKeyLen);
rtc::kCsAesCm128HmacSha1_80);
} }
TEST_F(SrtpTransportTest, TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_80) { SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_80) {
TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_80, kTestKey1, TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_80, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen, kTestKeyLen, kTestKey2, kTestKeyLen);
rtc::kCsAesCm128HmacSha1_80);
} }
TEST_P(SrtpTransportTestWithExternalAuth, TEST_P(SrtpTransportTestWithExternalAuth,
SendAndRecvPacket_AES_CM_128_HMAC_SHA1_32) { SendAndRecvPacket_AES_CM_128_HMAC_SHA1_32) {
bool enable_external_auth = GetParam(); bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_32, kTestKey1, TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_32, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen, kTestKeyLen, kTestKey2, kTestKeyLen);
rtc::kCsAesCm128HmacSha1_32);
} }
TEST_F(SrtpTransportTest, TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_32) { SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_32) {
TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_32, kTestKey1, TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_32, kTestKey1,
kTestKeyLen, kTestKey2, kTestKeyLen, kTestKeyLen, kTestKey2, kTestKeyLen);
rtc::kCsAesCm128HmacSha1_32);
} }
TEST_P(SrtpTransportTestWithExternalAuth, TEST_P(SrtpTransportTestWithExternalAuth,
@ -384,14 +380,14 @@ TEST_P(SrtpTransportTestWithExternalAuth,
bool enable_external_auth = GetParam(); bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes128Gcm, TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes128Gcm,
kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2,
kTestKeyGcm128Len, rtc::kCsAeadAes128Gcm); kTestKeyGcm128Len);
} }
TEST_F(SrtpTransportTest, TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes128Gcm) { SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes128Gcm) {
TestSendRecvEncryptedHeaderExtension( TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAeadAes128Gcm,
rtc::kSrtpAeadAes128Gcm, kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_1, kTestKeyGcm128Len,
kTestKeyGcm128_2, kTestKeyGcm128Len, rtc::kCsAeadAes128Gcm); kTestKeyGcm128_2, kTestKeyGcm128Len);
} }
TEST_P(SrtpTransportTestWithExternalAuth, TEST_P(SrtpTransportTestWithExternalAuth,
@ -399,14 +395,14 @@ TEST_P(SrtpTransportTestWithExternalAuth,
bool enable_external_auth = GetParam(); bool enable_external_auth = GetParam();
TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes256Gcm, TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes256Gcm,
kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2,
kTestKeyGcm256Len, rtc::kCsAeadAes256Gcm); kTestKeyGcm256Len);
} }
TEST_F(SrtpTransportTest, TEST_F(SrtpTransportTest,
SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes256Gcm) { SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes256Gcm) {
TestSendRecvEncryptedHeaderExtension( TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAeadAes256Gcm,
rtc::kSrtpAeadAes256Gcm, kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_1, kTestKeyGcm256Len,
kTestKeyGcm256_2, kTestKeyGcm256Len, rtc::kCsAeadAes256Gcm); kTestKeyGcm256_2, kTestKeyGcm256Len);
} }
// Run all tests both with and without external auth enabled. // Run all tests both with and without external auth enabled.
@ -453,7 +449,7 @@ TEST_F(SrtpTransportTest, RemoveSrtpReceiveStream) {
// Create a packet and try to send it three times. // Create a packet and try to send it three times.
size_t rtp_len = sizeof(kPcmuFrame); size_t rtp_len = sizeof(kPcmuFrame);
size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(rtc::kCsAeadAes128Gcm); size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(rtc::kSrtpAeadAes128Gcm);
rtc::Buffer rtp_packet_buffer(packet_size); rtc::Buffer rtp_packet_buffer(packet_size);
char* rtp_packet_data = rtp_packet_buffer.data<char>(); char* rtp_packet_data = rtp_packet_buffer.data<char>();
memcpy(rtp_packet_data, kPcmuFrame, rtp_len); memcpy(rtp_packet_data, kPcmuFrame, rtp_len);

34
pc/test/srtp_test_util.h
View File

@ -11,32 +11,38 @@
#ifndef PC_TEST_SRTP_TEST_UTIL_H_ #ifndef PC_TEST_SRTP_TEST_UTIL_H_
#define PC_TEST_SRTP_TEST_UTIL_H_ #define PC_TEST_SRTP_TEST_UTIL_H_
#include <string> #include "rtc_base/ssl_stream_adapter.h"
namespace rtc { namespace rtc {
extern const char kCsAesCm128HmacSha1_32[];
extern const char kCsAeadAes128Gcm[];
extern const char kCsAeadAes256Gcm[];
static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA";
static const int kTestKeyLen = 30; static const int kTestKeyLen = 30;
static int rtp_auth_tag_len(const std::string& cs) { static int rtp_auth_tag_len(int crypto_suite) {
if (cs == kCsAesCm128HmacSha1_32) { switch (crypto_suite) {
case kSrtpAes128CmSha1_32:
return 4; return 4;
} else if (cs == kCsAeadAes128Gcm || cs == kCsAeadAes256Gcm) { case kSrtpAes128CmSha1_80:
return 16;
} else {
return 10; return 10;
case kSrtpAeadAes128Gcm:
case kSrtpAeadAes256Gcm:
return 16;
default:
RTC_CHECK_NOTREACHED();
} }
} }
static int rtcp_auth_tag_len(const std::string& cs) {
if (cs == kCsAeadAes128Gcm || cs == kCsAeadAes256Gcm) { static int rtcp_auth_tag_len(int crypto_suite) {
return 16; switch (crypto_suite) {
} else { case kSrtpAes128CmSha1_32:
case kSrtpAes128CmSha1_80:
return 10; return 10;
case kSrtpAeadAes128Gcm:
case kSrtpAeadAes256Gcm:
return 16;
default:
RTC_CHECK_NOTREACHED();
} }
} }

10
rtc_base/openssl_stream_adapter.cc
View File

@ -17,17 +17,12 @@
#include <openssl/tls1.h> #include <openssl/tls1.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "absl/strings/string_view.h"
#ifndef OPENSSL_IS_BORINGSSL
#include <openssl/dtls1.h>
#include <openssl/ssl.h>
#endif
#include <atomic> #include <atomic>
#include <memory> #include <memory>
#include <utility> #include <utility>
#include <vector> #include <vector>
#include "absl/strings/string_view.h"
#include "api/array_view.h" #include "api/array_view.h"
#include "rtc_base/checks.h" #include "rtc_base/checks.h"
#include "rtc_base/logging.h" #include "rtc_base/logging.h"
@ -36,6 +31,9 @@
#include "rtc_base/openssl_adapter.h" #include "rtc_base/openssl_adapter.h"
#include "rtc_base/openssl_digest.h" #include "rtc_base/openssl_digest.h"
#ifdef OPENSSL_IS_BORINGSSL #ifdef OPENSSL_IS_BORINGSSL
#include <openssl/dtls1.h>
#include <openssl/ssl.h>
#include "rtc_base/boringssl_identity.h" #include "rtc_base/boringssl_identity.h"
#else #else
#include "rtc_base/openssl_identity.h" #include "rtc_base/openssl_identity.h"

34
rtc_base/ssl_stream_adapter.cc
View File

@ -14,44 +14,24 @@
#include "absl/strings/string_view.h" #include "absl/strings/string_view.h"
#include "rtc_base/openssl_stream_adapter.h" #include "rtc_base/openssl_stream_adapter.h"
///////////////////////////////////////////////////////////////////////////////
namespace rtc { namespace rtc {
// TODO(guoweis): Move this to SDP layer and use int form internally.
// webrtc:5043.
const char kCsAesCm128HmacSha1_80[] = "AES_CM_128_HMAC_SHA1_80";
const char kCsAesCm128HmacSha1_32[] = "AES_CM_128_HMAC_SHA1_32";
const char kCsAeadAes128Gcm[] = "AEAD_AES_128_GCM";
const char kCsAeadAes256Gcm[] = "AEAD_AES_256_GCM";
std::string SrtpCryptoSuiteToName(int crypto_suite) { std::string SrtpCryptoSuiteToName(int crypto_suite) {
switch (crypto_suite) { switch (crypto_suite) {
case kSrtpAes128CmSha1_32:
return kCsAesCm128HmacSha1_32;
case kSrtpAes128CmSha1_80: case kSrtpAes128CmSha1_80:
return kCsAesCm128HmacSha1_80; return "AES_CM_128_HMAC_SHA1_80";
case kSrtpAes128CmSha1_32:
return "AES_CM_128_HMAC_SHA1_32";
case kSrtpAeadAes128Gcm: case kSrtpAeadAes128Gcm:
return kCsAeadAes128Gcm; return "AEAD_AES_128_GCM";
case kSrtpAeadAes256Gcm: case kSrtpAeadAes256Gcm:
return kCsAeadAes256Gcm; return "AEAD_AES_256_GCM";
default: default:
return std::string(); return std::string();
} }
} }
int SrtpCryptoSuiteFromName(absl::string_view crypto_suite) {
if (crypto_suite == kCsAesCm128HmacSha1_32)
return kSrtpAes128CmSha1_32;
if (crypto_suite == kCsAesCm128HmacSha1_80)
return kSrtpAes128CmSha1_80;
if (crypto_suite == kCsAeadAes128Gcm)
return kSrtpAeadAes128Gcm;
if (crypto_suite == kCsAeadAes256Gcm)
return kSrtpAeadAes256Gcm;
return kSrtpInvalidCryptoSuite;
}
bool GetSrtpKeyAndSaltLengths(int crypto_suite, bool GetSrtpKeyAndSaltLengths(int crypto_suite,
int* key_length, int* key_length,
int* salt_length) { int* salt_length) {
@ -86,10 +66,6 @@ bool IsGcmCryptoSuite(int crypto_suite) {
crypto_suite == kSrtpAeadAes128Gcm); crypto_suite == kSrtpAeadAes128Gcm);
} }
bool IsGcmCryptoSuiteName(absl::string_view crypto_suite) {
return (crypto_suite == kCsAeadAes256Gcm || crypto_suite == kCsAeadAes128Gcm);
}
std::unique_ptr<SSLStreamAdapter> SSLStreamAdapter::Create( std::unique_ptr<SSLStreamAdapter> SSLStreamAdapter::Create(
std::unique_ptr<StreamInterface> stream, std::unique_ptr<StreamInterface> stream,
absl::AnyInvocable<void(SSLHandshakeError)> handshake_error) { absl::AnyInvocable<void(SSLHandshakeError)> handshake_error) {

16
rtc_base/ssl_stream_adapter.h
View File

@ -43,24 +43,11 @@ constexpr int kSrtpCryptoSuiteMaxValue = 0xFFFF;
constexpr int kSslSignatureAlgorithmUnknown = 0; constexpr int kSslSignatureAlgorithmUnknown = 0;
constexpr int kSslSignatureAlgorithmMaxValue = 0xFFFF; constexpr int kSslSignatureAlgorithmMaxValue = 0xFFFF;
// Names of SRTP profiles listed above.
// 128-bit AES with 80-bit SHA-1 HMAC.
extern const char kCsAesCm128HmacSha1_80[];
// 128-bit AES with 32-bit SHA-1 HMAC.
extern const char kCsAesCm128HmacSha1_32[];
// 128-bit AES GCM with 16 byte AEAD auth tag.
extern const char kCsAeadAes128Gcm[];
// 256-bit AES GCM with 16 byte AEAD auth tag.
extern const char kCsAeadAes256Gcm[];
// Given the DTLS-SRTP protection profile ID, as defined in // Given the DTLS-SRTP protection profile ID, as defined in
// https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile // https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile
// name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2. // name, as defined in https://tools.ietf.org/html/rfc5764#section-4.1.2.
std::string SrtpCryptoSuiteToName(int crypto_suite); std::string SrtpCryptoSuiteToName(int crypto_suite);
// The reverse of above conversion.
int SrtpCryptoSuiteFromName(absl::string_view crypto_suite);
// Get key length and salt length for given crypto suite. Returns true for // Get key length and salt length for given crypto suite. Returns true for
// valid suites, otherwise false. // valid suites, otherwise false.
bool GetSrtpKeyAndSaltLengths(int crypto_suite, bool GetSrtpKeyAndSaltLengths(int crypto_suite,
@ -70,9 +57,6 @@ bool GetSrtpKeyAndSaltLengths(int crypto_suite,
// Returns true if the given crypto suite id uses a GCM cipher. // Returns true if the given crypto suite id uses a GCM cipher.
bool IsGcmCryptoSuite(int crypto_suite); bool IsGcmCryptoSuite(int crypto_suite);
// Returns true if the given crypto suite name uses a GCM cipher.
bool IsGcmCryptoSuiteName(absl::string_view crypto_suite);
// SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS. // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS.
// After SSL has been started, the stream will only open on successful // After SSL has been started, the stream will only open on successful
// SSL verification of certificates, and the communication is // SSL verification of certificates, and the communication is