From d81f121cfa7d7ad5d66f461f97d647e1540bd0ac Mon Sep 17 00:00:00 2001 From: jbauch Date: Sat, 4 Mar 2017 01:37:28 -0800 Subject: [PATCH] Revert of Improve testing of SRTP external auth code paths. (patchset #2 id:20001 of https://codereview.webrtc.org/2722423003/ ) Reason for revert: Breaks compilation in FYI bots, e.g. here: http://build.chromium.org/p/chromium.webrtc.fyi/builders/Win%20Builder/builds/9314 FAILED: obj/third_party/webrtc/pc/rtc_pc/channel.obj ninja -t msvc -e environment.x86 -- E:\b\c\goma_client/gomacc.exe "E:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\VC\bin\amd64_x86/cl.exe" /nologo /showIncludes /FC @obj/third_party/webrtc/pc/rtc_pc/channel.obj.rsp /c ../../third_party/webrtc/pc/channel.cc /Foobj/third_party/webrtc/pc/rtc_pc/channel.obj /Fd"obj/third_party/webrtc/pc/rtc_pc_cc.pdb" e:\b\c\b\win_builder\src\third_party\webrtc\pc\channel.cc(176): error C2819: type 'cricket::SrtpFilter' does not have an overloaded member 'operator ->' e:\b\c\b\win_builder\src\third_party\webrtc\pc\srtpfilter.h(45): note: see declaration of 'cricket::SrtpFilter' e:\b\c\b\win_builder\src\third_party\webrtc\pc\channel.cc(176): note: did you intend to use '.' instead? e:\b\c\b\win_builder\src\third_party\webrtc\pc\channel.cc(176): error C2232: '->cricket::SrtpFilter::EnableExternalAuth': left operand has 'class' type, use '.' Original issue's description: > Improve testing of SRTP external auth code paths. > > Previously code behind ENABLE_EXTERNAL_AUTH was only compiled with Chromium > but developed in WebRTC, which made testing rather complicated. This caused > some trouble in the past (e.g. https://crbug.com/628400#c1) > > This CL helps in that the external auth code is now compiled with WebRTC > and the srtpfilter integration gets tested. > > BUG=chromium:628400 > > Review-Url: https://codereview.webrtc.org/2722423003 > Cr-Commit-Position: refs/heads/master@{#17030} > Committed: https://chromium.googlesource.com/external/webrtc/+/ac170d5c214e1f487ba82b888e5c3d5000118de0 TBR=deadbeef@webrtc.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=chromium:628400 Review-Url: https://codereview.webrtc.org/2734643002 Cr-Commit-Position: refs/heads/master@{#17031} --- webrtc/pc/BUILD.gn | 8 +- webrtc/pc/channel.cc | 3 - webrtc/pc/externalhmac.cc | 4 +- webrtc/pc/externalhmac.h | 4 +- webrtc/pc/srtpfilter.cc | 43 +++---- webrtc/pc/srtpfilter.h | 28 ++--- webrtc/pc/srtpfilter_unittest.cc | 200 ++++++++++++++++--------------- 7 files changed, 141 insertions(+), 149 deletions(-) diff --git a/webrtc/pc/BUILD.gn b/webrtc/pc/BUILD.gn index f84622b231..eed2ee9049 100644 --- a/webrtc/pc/BUILD.gn +++ b/webrtc/pc/BUILD.gn @@ -38,8 +38,6 @@ rtc_static_library("rtc_pc") { "channelmanager.h", "currentspeakermonitor.cc", "currentspeakermonitor.h", - "externalhmac.cc", - "externalhmac.h", "mediamonitor.cc", "mediamonitor.h", "mediasession.cc", @@ -57,6 +55,12 @@ rtc_static_library("rtc_pc") { "../media", ] + if (rtc_enable_external_auth) { + sources += [ + "externalhmac.cc", + "externalhmac.h", + ] + } if (rtc_build_libsrtp) { deps += [ "//third_party/libsrtp" ] } diff --git a/webrtc/pc/channel.cc b/webrtc/pc/channel.cc index 8a17f8fe95..68fdabb390 100644 --- a/webrtc/pc/channel.cc +++ b/webrtc/pc/channel.cc @@ -172,9 +172,6 @@ BaseChannel::BaseChannel(rtc::Thread* worker_thread, media_channel_(media_channel), selected_candidate_pair_(nullptr) { RTC_DCHECK(worker_thread_ == rtc::Thread::Current()); -#if defined(ENABLE_EXTERNAL_AUTH) - srtp_filter_->EnableExternalAuth(); -#endif LOG(LS_INFO) << "Created channel for " << content_name; } diff --git a/webrtc/pc/externalhmac.cc b/webrtc/pc/externalhmac.cc index 2d3ff5f873..ec71833d75 100644 --- a/webrtc/pc/externalhmac.cc +++ b/webrtc/pc/externalhmac.cc @@ -19,7 +19,7 @@ #include "third_party/libsrtp/include/srtp.h" #endif // HAVE_SRTP -#if defined(HAVE_SRTP) +#if defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH) // Begin test case 0 */ static const uint8_t kExternalHmacTestCase0Key[20] = { @@ -151,4 +151,4 @@ srtp_err_status_t external_crypto_init() { return srtp_err_status_ok; } -#endif // defined(HAVE_SRTP) +#endif // defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH) diff --git a/webrtc/pc/externalhmac.h b/webrtc/pc/externalhmac.h index c0f2ce1ff6..2666d90cb8 100644 --- a/webrtc/pc/externalhmac.h +++ b/webrtc/pc/externalhmac.h @@ -34,7 +34,7 @@ #include "third_party/libsrtp/crypto/include/auth.h" #endif // HAVE_SRTP -#if defined(HAVE_SRTP) +#if defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH) #define EXTERNAL_HMAC_SHA1 SRTP_HMAC_SHA1 + 1 #define HMAC_KEY_LENGTH 20 @@ -71,5 +71,5 @@ srtp_err_status_t external_hmac_compute(ExternalHmacContext* state, srtp_err_status_t external_crypto_init(); -#endif // defined(HAVE_SRTP) +#endif // defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH) #endif // WEBRTC_PC_EXTERNALHMAC_H_ diff --git a/webrtc/pc/srtpfilter.cc b/webrtc/pc/srtpfilter.cc index 82ab4e1432..5094987a76 100644 --- a/webrtc/pc/srtpfilter.cc +++ b/webrtc/pc/srtpfilter.cc @@ -51,7 +51,9 @@ void ShutdownSrtp() { #endif } -SrtpFilter::SrtpFilter() { +SrtpFilter::SrtpFilter() + : state_(ST_INIT), + signal_silent_time_in_ms_(0) { } SrtpFilter::~SrtpFilter() { @@ -224,15 +226,7 @@ bool SrtpFilter::GetSrtpOverhead(int* srtp_overhead) const { return true; } -void SrtpFilter::EnableExternalAuth() { - RTC_DCHECK(!IsActive()); - external_auth_enabled_ = true; -} - -bool SrtpFilter::IsExternalAuthEnabled() const { - return external_auth_enabled_; -} - +#if defined(ENABLE_EXTERNAL_AUTH) bool SrtpFilter::IsExternalAuthActive() const { if (!IsActive()) { LOG(LS_WARNING) << "Failed to check IsExternalAuthActive: SRTP not active"; @@ -242,6 +236,7 @@ bool SrtpFilter::IsExternalAuthActive() const { RTC_CHECK(send_session_); return send_session_->IsExternalAuthActive(); } +#endif void SrtpFilter::set_signal_silent_time(int signal_silent_time_in_ms) { signal_silent_time_in_ms_ = signal_silent_time_in_ms; @@ -343,9 +338,6 @@ void SrtpFilter::CreateSrtpSessions() { send_session_->set_signal_silent_time(signal_silent_time_in_ms_); recv_session_->set_signal_silent_time(signal_silent_time_in_ms_); - if (external_auth_enabled_) { - send_session_->EnableExternalAuth(); - } } bool SrtpFilter::NegotiateParams(const std::vector& answer_params, @@ -607,6 +599,7 @@ bool SrtpSession::UnprotectRtcp(void* p, int in_len, int* out_len) { } bool SrtpSession::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) { +#if defined(ENABLE_EXTERNAL_AUTH) RTC_DCHECK(thread_checker_.CalledOnValidThread()); RTC_DCHECK(IsExternalAuthActive()); if (!IsExternalAuthActive()) { @@ -631,24 +624,20 @@ bool SrtpSession::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) { *key_len = external_hmac->key_length; *tag_len = rtp_auth_tag_len_; return true; +#else + return false; +#endif } int SrtpSession::GetSrtpOverhead() const { return rtp_auth_tag_len_; } -void SrtpSession::EnableExternalAuth() { - RTC_DCHECK(!session_); - external_auth_enabled_ = true; -} - -bool SrtpSession::IsExternalAuthEnabled() const { - return external_auth_enabled_; -} - +#if defined(ENABLE_EXTERNAL_AUTH) bool SrtpSession::IsExternalAuthActive() const { return external_auth_active_; } +#endif bool SrtpSession::GetSendStreamPacketIndex(void* p, int in_len, @@ -730,12 +719,13 @@ bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) { // id EXTERNAL_HMAC_SHA1 in the policy structure. // We want to set this option only for rtp packets. // By default policy structure is initialized to HMAC_SHA1. +#if defined(ENABLE_EXTERNAL_AUTH) // Enable external HMAC authentication only for outgoing streams and only // for cipher suites that support it (i.e. only non-GCM cipher suites). - if (type == ssrc_any_outbound && IsExternalAuthEnabled() && - !rtc::IsGcmCryptoSuite(cs)) { + if (type == ssrc_any_outbound && !rtc::IsGcmCryptoSuite(cs)) { policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; } +#endif policy.next = nullptr; int err = srtp_create(&session_, &policy); @@ -748,7 +738,9 @@ bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) { srtp_set_user_data(session_, this); rtp_auth_tag_len_ = policy.rtp.auth_tag_len; rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; +#if defined(ENABLE_EXTERNAL_AUTH) external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1); +#endif return true; } @@ -768,12 +760,13 @@ bool SrtpSession::Init() { LOG(LS_ERROR) << "Failed to install SRTP event handler, err=" << err; return false; } - +#if defined(ENABLE_EXTERNAL_AUTH) err = external_crypto_init(); if (err != srtp_err_status_ok) { LOG(LS_ERROR) << "Failed to initialize fake auth, err=" << err; return false; } +#endif inited_ = true; } diff --git a/webrtc/pc/srtpfilter.h b/webrtc/pc/srtpfilter.h index 3df787646c..46b9dea19f 100644 --- a/webrtc/pc/srtpfilter.h +++ b/webrtc/pc/srtpfilter.h @@ -114,18 +114,12 @@ class SrtpFilter { // Returns srtp overhead for rtp packets. bool GetSrtpOverhead(int* srtp_overhead) const; - // If external auth is enabled, SRTP will write a dummy auth tag that then - // later must get replaced before the packet is sent out. Only supported for - // non-GCM cipher suites and can be checked through "IsExternalAuthActive" - // if it is actually used. This method is only valid before the RTP params - // have been set. - void EnableExternalAuth(); - bool IsExternalAuthEnabled() const; - +#if defined(ENABLE_EXTERNAL_AUTH) // A SRTP filter supports external creation of the auth tag if a non-GCM // cipher is used. This method is only valid after the RTP params have // been set. bool IsExternalAuthActive() const; +#endif // Update the silent threshold (in ms) for signaling errors. void set_signal_silent_time(int signal_silent_time_in_ms); @@ -175,9 +169,8 @@ class SrtpFilter { // ST_INIT. ST_RECEIVEDPRANSWER }; - State state_ = ST_INIT; - int signal_silent_time_in_ms_ = 0; - bool external_auth_enabled_ = false; + State state_; + int signal_silent_time_in_ms_; std::vector offer_params_; std::unique_ptr send_session_; std::unique_ptr recv_session_; @@ -220,18 +213,12 @@ class SrtpSession { int GetSrtpOverhead() const; - // If external auth is enabled, SRTP will write a dummy auth tag that then - // later must get replaced before the packet is sent out. Only supported for - // non-GCM cipher suites and can be checked through "IsExternalAuthActive" - // if it is actually used. This method is only valid before the RTP params - // have been set. - void EnableExternalAuth(); - bool IsExternalAuthEnabled() const; - +#if defined(ENABLE_EXTERNAL_AUTH) // A SRTP session supports external creation of the auth tag if a non-GCM // cipher is used. This method is only valid after the RTP params have // been set. bool IsExternalAuthActive() const; +#endif // Update the silent threshold (in ms) for signaling errors. void set_signal_silent_time(int signal_silent_time_in_ms); @@ -259,8 +246,9 @@ class SrtpSession { static bool inited_; static rtc::GlobalLockPod lock_; int last_send_seq_num_ = -1; +#if defined(ENABLE_EXTERNAL_AUTH) bool external_auth_active_ = false; - bool external_auth_enabled_ = false; +#endif RTC_DISALLOW_COPY_AND_ASSIGN(SrtpSession); }; diff --git a/webrtc/pc/srtpfilter_unittest.cc b/webrtc/pc/srtpfilter_unittest.cc index af8b69f73e..9486dd6ac9 100644 --- a/webrtc/pc/srtpfilter_unittest.cc +++ b/webrtc/pc/srtpfilter_unittest.cc @@ -107,29 +107,6 @@ class SrtpFilterTest : public testing::Test { EXPECT_TRUE(f1_.IsActive()); EXPECT_TRUE(f2_.IsActive()); } - void TestRtpAuthParams(cricket::SrtpFilter* filter, const std::string& cs) { - int overhead; - EXPECT_TRUE(filter->GetSrtpOverhead(&overhead)); - switch (rtc::SrtpCryptoSuiteFromName(cs)) { - case rtc::SRTP_AES128_CM_SHA1_32: - EXPECT_EQ(32/8, overhead); // 32-bit tag. - break; - case rtc::SRTP_AES128_CM_SHA1_80: - EXPECT_EQ(80/8, overhead); // 80-bit tag. - break; - default: - RTC_NOTREACHED(); - break; - } - - uint8_t* auth_key = nullptr; - int key_len = 0; - int tag_len = 0; - EXPECT_TRUE(filter->GetRtpAuthParams(&auth_key, &key_len, &tag_len)); - EXPECT_NE(nullptr, auth_key); - EXPECT_EQ(160/8, key_len); // Length of SHA-1 is 160 bits. - EXPECT_EQ(overhead, tag_len); - } void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { rtc::Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1)); char* rtp_packet = rtp_buffer.data(); @@ -150,30 +127,18 @@ class SrtpFilterTest : public testing::Test { &out_len)); EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); - if (!f1_.IsExternalAuthActive()) { - EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); - EXPECT_EQ(rtp_len, out_len); - EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); - } else { - // With external auth enabled, SRTP doesn't write the auth tag and - // unprotect would fail. Check accessing the information about the - // tag instead, similar to what the actual code would do that relies - // on external auth. - TestRtpAuthParams(&f1_, cs1); - } + EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); + EXPECT_EQ(rtp_len, out_len); + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, static_cast(rtp_buffer.size()), &out_len)); EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); - if (!f2_.IsExternalAuthActive()) { - EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); - EXPECT_EQ(rtp_len, out_len); - EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); - } else { - TestRtpAuthParams(&f2_, cs2); - } + EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); + EXPECT_EQ(rtp_len, out_len); + EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, static_cast(rtcp_buffer.size()), @@ -193,30 +158,6 @@ class SrtpFilterTest : public testing::Test { EXPECT_EQ(rtcp_len, out_len); EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); } - void TestProtectSetParamsDirect(bool enable_external_auth, int cs, - const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len, - const std::string& cs_name) { - EXPECT_EQ(key1_len, key2_len); - EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs)); - if (enable_external_auth) { - f1_.EnableExternalAuth(); - f2_.EnableExternalAuth(); - } - EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len)); - EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len)); - EXPECT_TRUE(f1_.SetRtcpParams(cs, key1, key1_len, cs, key2, key2_len)); - EXPECT_TRUE(f2_.SetRtcpParams(cs, key2, key2_len, cs, key1, key1_len)); - EXPECT_TRUE(f1_.IsActive()); - EXPECT_TRUE(f2_.IsActive()); - if (rtc::IsGcmCryptoSuite(cs)) { - EXPECT_FALSE(f1_.IsExternalAuthActive()); - EXPECT_FALSE(f2_.IsExternalAuthActive()); - } else if (enable_external_auth) { - EXPECT_TRUE(f1_.IsExternalAuthActive()); - EXPECT_TRUE(f2_.IsExternalAuthActive()); - } - TestProtectUnprotect(cs_name, cs_name); - } cricket::SrtpFilter f1_; cricket::SrtpFilter f2_; int sequence_number_; @@ -606,48 +547,98 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) { EXPECT_FALSE(f2_.IsActive()); } -class SrtpFilterProtectSetParamsDirectTest - : public SrtpFilterTest, - public testing::WithParamInterface { -}; - // Test directly setting the params with AES_CM_128_HMAC_SHA1_80. -TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_80) { - bool enable_external_auth = GetParam(); - TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_80, - kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, - CS_AES_CM_128_HMAC_SHA1_80); +TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { + EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, + kTestKey2, kTestKeyLen)); + EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, + kTestKey1, kTestKeyLen)); + EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, + kTestKey2, kTestKeyLen)); + EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, + kTestKey1, kTestKeyLen)); + EXPECT_TRUE(f1_.IsActive()); + EXPECT_TRUE(f2_.IsActive()); +#if defined(ENABLE_EXTERNAL_AUTH) + EXPECT_TRUE(f1_.IsExternalAuthActive()); + EXPECT_TRUE(f2_.IsExternalAuthActive()); +#endif + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); } // Test directly setting the params with AES_CM_128_HMAC_SHA1_32. -TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_32) { - bool enable_external_auth = GetParam(); - TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_32, - kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, - CS_AES_CM_128_HMAC_SHA1_32); +TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { + EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + kTestKey2, kTestKeyLen)); + EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + kTestKey1, kTestKeyLen)); + EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + kTestKey2, kTestKeyLen)); + EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + kTestKey1, kTestKeyLen)); + EXPECT_TRUE(f1_.IsActive()); + EXPECT_TRUE(f2_.IsActive()); +#if defined(ENABLE_EXTERNAL_AUTH) + EXPECT_TRUE(f1_.IsExternalAuthActive()); + EXPECT_TRUE(f2_.IsExternalAuthActive()); +#endif + TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); } // Test directly setting the params with SRTP_AEAD_AES_128_GCM. -TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_128_GCM) { - bool enable_external_auth = GetParam(); - TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AEAD_AES_128_GCM, - kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, kTestKeyGcm128Len, - CS_AEAD_AES_128_GCM); +TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_128_GCM) { + EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, + kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, + kTestKeyGcm128_2, kTestKeyGcm128Len)); + EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, + kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, + kTestKeyGcm128_1, kTestKeyGcm128Len)); + EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, + kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, + kTestKeyGcm128_2, kTestKeyGcm128Len)); + EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2, + kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM, + kTestKeyGcm128_1, kTestKeyGcm128Len)); + EXPECT_TRUE(f1_.IsActive()); + EXPECT_TRUE(f2_.IsActive()); +#if defined(ENABLE_EXTERNAL_AUTH) + EXPECT_FALSE(f1_.IsExternalAuthActive()); + EXPECT_FALSE(f2_.IsExternalAuthActive()); +#endif + TestProtectUnprotect(CS_AEAD_AES_128_GCM, CS_AEAD_AES_128_GCM); } // Test directly setting the params with SRTP_AEAD_AES_256_GCM. -TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_256_GCM) { - bool enable_external_auth = GetParam(); - TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AEAD_AES_256_GCM, - kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, kTestKeyGcm256Len, - CS_AEAD_AES_256_GCM); +TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_256_GCM) { + EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, + kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, + kTestKeyGcm256_2, kTestKeyGcm256Len)); + EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, + kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, + kTestKeyGcm256_1, kTestKeyGcm256Len)); + EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, + kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, + kTestKeyGcm256_2, kTestKeyGcm256Len)); + EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2, + kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM, + kTestKeyGcm256_1, kTestKeyGcm256Len)); + EXPECT_TRUE(f1_.IsActive()); + EXPECT_TRUE(f2_.IsActive()); +#if defined(ENABLE_EXTERNAL_AUTH) + EXPECT_FALSE(f1_.IsExternalAuthActive()); + EXPECT_FALSE(f2_.IsExternalAuthActive()); +#endif + TestProtectUnprotect(CS_AEAD_AES_256_GCM, CS_AEAD_AES_256_GCM); } -// Run all tests both with and without external auth enabled. -INSTANTIATE_TEST_CASE_P(ExternalAuth, - SrtpFilterProtectSetParamsDirectTest, - ::testing::Values(true, false)); - // Test directly setting the params with bogus keys. TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, @@ -658,6 +649,25 @@ TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { kTestKey1, kTestKeyLen - 1)); } +#if defined(ENABLE_EXTERNAL_AUTH) +TEST_F(SrtpFilterTest, TestGetSendAuthParams) { + EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + kTestKey2, kTestKeyLen)); + EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, + kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, + kTestKey2, kTestKeyLen)); + // Non-GCM ciphers support external auth. + EXPECT_TRUE(f1_.IsExternalAuthActive()); + uint8_t* auth_key = NULL; + int auth_key_len = 0, auth_tag_len = 0; + EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len)); + EXPECT_TRUE(auth_key != NULL); + EXPECT_EQ(20, auth_key_len); + EXPECT_EQ(4, auth_tag_len); +} +#endif + class SrtpSessionTest : public testing::Test { protected: virtual void SetUp() {