admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert of Improve testing of SRTP external auth code paths. (patchset #2 id:20001 of https://codereview.webrtc.org/2722423003/ )

Browse Source 
Reason for revert:
Breaks compilation in FYI bots, e.g. here:
http://build.chromium.org/p/chromium.webrtc.fyi/builders/Win%20Builder/builds/9314

FAILED: obj/third_party/webrtc/pc/rtc_pc/channel.obj
ninja -t msvc -e environment.x86 -- E:\b\c\goma_client/gomacc.exe "E:\b\depot_tools\win_toolchain\vs_files\d3cb0e37bdd120ad0ac4650b674b09e81be45616\VC\bin\amd64_x86/cl.exe" /nologo /showIncludes /FC @obj/third_party/webrtc/pc/rtc_pc/channel.obj.rsp /c ../../third_party/webrtc/pc/channel.cc /Foobj/third_party/webrtc/pc/rtc_pc/channel.obj /Fd"obj/third_party/webrtc/pc/rtc_pc_cc.pdb"
e:\b\c\b\win_builder\src\third_party\webrtc\pc\channel.cc(176): error C2819: type 'cricket::SrtpFilter' does not have an overloaded member 'operator ->'
e:\b\c\b\win_builder\src\third_party\webrtc\pc\srtpfilter.h(45): note: see declaration of 'cricket::SrtpFilter'
e:\b\c\b\win_builder\src\third_party\webrtc\pc\channel.cc(176): note: did you intend to use '.' instead?
e:\b\c\b\win_builder\src\third_party\webrtc\pc\channel.cc(176): error C2232: '->cricket::SrtpFilter::EnableExternalAuth': left operand has 'class' type, use '.'

Original issue's description:
> Improve testing of SRTP external auth code paths.
>
> Previously code behind ENABLE_EXTERNAL_AUTH was only compiled with Chromium
> but developed in WebRTC, which made testing rather complicated. This caused
> some trouble in the past (e.g. https://crbug.com/628400#c1)
>
> This CL helps in that the external auth code is now compiled with WebRTC
> and the srtpfilter integration gets tested.
>
> BUG=chromium:628400
>
> Review-Url: https://codereview.webrtc.org/2722423003
> Cr-Commit-Position: refs/heads/master@{#17030}
> Committed: ac170d5c21

TBR=deadbeef@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=chromium:628400

Review-Url: https://codereview.webrtc.org/2734643002
Cr-Commit-Position: refs/heads/master@{#17031}
This commit is contained in:
jbauch 2017-03-04 01:37:28 -08:00 committed by Commit bot
parent ac170d5c21
commit d81f121cfa
7 changed files with 141 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
webrtc/pc/BUILD.gn
View File

@ -38,8 +38,6 @@ rtc_static_library("rtc_pc") {
"channelmanager.h", "channelmanager.h",
"currentspeakermonitor.cc", "currentspeakermonitor.cc",
"currentspeakermonitor.h", "currentspeakermonitor.h",
"externalhmac.cc",
"externalhmac.h",
"mediamonitor.cc", "mediamonitor.cc",
"mediamonitor.h", "mediamonitor.h",
"mediasession.cc", "mediasession.cc",
@ -57,6 +55,12 @@ rtc_static_library("rtc_pc") {
"../media", "../media",
] ]
if (rtc_enable_external_auth) {
sources += [
"externalhmac.cc",
"externalhmac.h",
]
}
if (rtc_build_libsrtp) { if (rtc_build_libsrtp) {
deps += [ "//third_party/libsrtp" ] deps += [ "//third_party/libsrtp" ]
} }

3
webrtc/pc/channel.cc
View File

@ -172,9 +172,6 @@ BaseChannel::BaseChannel(rtc::Thread* worker_thread,
media_channel_(media_channel), media_channel_(media_channel),
selected_candidate_pair_(nullptr) { selected_candidate_pair_(nullptr) {
RTC_DCHECK(worker_thread_ == rtc::Thread::Current()); RTC_DCHECK(worker_thread_ == rtc::Thread::Current());
#if defined(ENABLE_EXTERNAL_AUTH)
srtp_filter_->EnableExternalAuth();
#endif
LOG(LS_INFO) << "Created channel for " << content_name; LOG(LS_INFO) << "Created channel for " << content_name;
} }

4
webrtc/pc/externalhmac.cc
View File

@ -19,7 +19,7 @@
#include "third_party/libsrtp/include/srtp.h" #include "third_party/libsrtp/include/srtp.h"
#endif // HAVE_SRTP #endif // HAVE_SRTP
#if defined(HAVE_SRTP) #if defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH)
// Begin test case 0 */ // Begin test case 0 */
static const uint8_t kExternalHmacTestCase0Key[20] = { static const uint8_t kExternalHmacTestCase0Key[20] = {
@ -151,4 +151,4 @@ srtp_err_status_t external_crypto_init() {
return srtp_err_status_ok; return srtp_err_status_ok;
} }
#endif // defined(HAVE_SRTP) #endif // defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH)

4
webrtc/pc/externalhmac.h
View File

@ -34,7 +34,7 @@
#include "third_party/libsrtp/crypto/include/auth.h" #include "third_party/libsrtp/crypto/include/auth.h"
#endif // HAVE_SRTP #endif // HAVE_SRTP
#if defined(HAVE_SRTP) #if defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH)
#define EXTERNAL_HMAC_SHA1 SRTP_HMAC_SHA1 + 1 #define EXTERNAL_HMAC_SHA1 SRTP_HMAC_SHA1 + 1
#define HMAC_KEY_LENGTH 20 #define HMAC_KEY_LENGTH 20
@ -71,5 +71,5 @@ srtp_err_status_t external_hmac_compute(ExternalHmacContext* state,
srtp_err_status_t external_crypto_init(); srtp_err_status_t external_crypto_init();
#endif // defined(HAVE_SRTP) #endif // defined(HAVE_SRTP) && defined(ENABLE_EXTERNAL_AUTH)
#endif // WEBRTC_PC_EXTERNALHMAC_H_ #endif // WEBRTC_PC_EXTERNALHMAC_H_

43
webrtc/pc/srtpfilter.cc
View File

@ -51,7 +51,9 @@ void ShutdownSrtp() {
#endif #endif
} }
SrtpFilter::SrtpFilter() { SrtpFilter::SrtpFilter()
: state_(ST_INIT),
signal_silent_time_in_ms_(0) {
} }
SrtpFilter::~SrtpFilter() { SrtpFilter::~SrtpFilter() {
@ -224,15 +226,7 @@ bool SrtpFilter::GetSrtpOverhead(int* srtp_overhead) const {
return true; return true;
} }
void SrtpFilter::EnableExternalAuth() { #if defined(ENABLE_EXTERNAL_AUTH)
RTC_DCHECK(!IsActive());
external_auth_enabled_ = true;
}
bool SrtpFilter::IsExternalAuthEnabled() const {
return external_auth_enabled_;
}
bool SrtpFilter::IsExternalAuthActive() const { bool SrtpFilter::IsExternalAuthActive() const {
if (!IsActive()) { if (!IsActive()) {
LOG(LS_WARNING) << "Failed to check IsExternalAuthActive: SRTP not active"; LOG(LS_WARNING) << "Failed to check IsExternalAuthActive: SRTP not active";
@ -242,6 +236,7 @@ bool SrtpFilter::IsExternalAuthActive() const {
RTC_CHECK(send_session_); RTC_CHECK(send_session_);
return send_session_->IsExternalAuthActive(); return send_session_->IsExternalAuthActive();
} }
#endif
void SrtpFilter::set_signal_silent_time(int signal_silent_time_in_ms) { void SrtpFilter::set_signal_silent_time(int signal_silent_time_in_ms) {
signal_silent_time_in_ms_ = signal_silent_time_in_ms; signal_silent_time_in_ms_ = signal_silent_time_in_ms;
@ -343,9 +338,6 @@ void SrtpFilter::CreateSrtpSessions() {
send_session_->set_signal_silent_time(signal_silent_time_in_ms_); send_session_->set_signal_silent_time(signal_silent_time_in_ms_);
recv_session_->set_signal_silent_time(signal_silent_time_in_ms_); recv_session_->set_signal_silent_time(signal_silent_time_in_ms_);
if (external_auth_enabled_) {
send_session_->EnableExternalAuth();
}
} }
bool SrtpFilter::NegotiateParams(const std::vector<CryptoParams>& answer_params, bool SrtpFilter::NegotiateParams(const std::vector<CryptoParams>& answer_params,
@ -607,6 +599,7 @@ bool SrtpSession::UnprotectRtcp(void* p, int in_len, int* out_len) {
} }
bool SrtpSession::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) { bool SrtpSession::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) {
#if defined(ENABLE_EXTERNAL_AUTH)
RTC_DCHECK(thread_checker_.CalledOnValidThread()); RTC_DCHECK(thread_checker_.CalledOnValidThread());
RTC_DCHECK(IsExternalAuthActive()); RTC_DCHECK(IsExternalAuthActive());
if (!IsExternalAuthActive()) { if (!IsExternalAuthActive()) {
@ -631,24 +624,20 @@ bool SrtpSession::GetRtpAuthParams(uint8_t** key, int* key_len, int* tag_len) {
*key_len = external_hmac->key_length; *key_len = external_hmac->key_length;
*tag_len = rtp_auth_tag_len_; *tag_len = rtp_auth_tag_len_;
return true; return true;
#else
return false;
#endif
} }
int SrtpSession::GetSrtpOverhead() const { int SrtpSession::GetSrtpOverhead() const {
return rtp_auth_tag_len_; return rtp_auth_tag_len_;
} }
void SrtpSession::EnableExternalAuth() { #if defined(ENABLE_EXTERNAL_AUTH)
RTC_DCHECK(!session_);
external_auth_enabled_ = true;
}
bool SrtpSession::IsExternalAuthEnabled() const {
return external_auth_enabled_;
}
bool SrtpSession::IsExternalAuthActive() const { bool SrtpSession::IsExternalAuthActive() const {
return external_auth_active_; return external_auth_active_;
} }
#endif
bool SrtpSession::GetSendStreamPacketIndex(void* p, bool SrtpSession::GetSendStreamPacketIndex(void* p,
int in_len, int in_len,
@ -730,12 +719,13 @@ bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) {
// id EXTERNAL_HMAC_SHA1 in the policy structure. // id EXTERNAL_HMAC_SHA1 in the policy structure.
// We want to set this option only for rtp packets. // We want to set this option only for rtp packets.
// By default policy structure is initialized to HMAC_SHA1. // By default policy structure is initialized to HMAC_SHA1.
#if defined(ENABLE_EXTERNAL_AUTH)
// Enable external HMAC authentication only for outgoing streams and only // Enable external HMAC authentication only for outgoing streams and only
// for cipher suites that support it (i.e. only non-GCM cipher suites). // for cipher suites that support it (i.e. only non-GCM cipher suites).
if (type == ssrc_any_outbound && IsExternalAuthEnabled() && if (type == ssrc_any_outbound && !rtc::IsGcmCryptoSuite(cs)) {
!rtc::IsGcmCryptoSuite(cs)) {
policy.rtp.auth_type = EXTERNAL_HMAC_SHA1; policy.rtp.auth_type = EXTERNAL_HMAC_SHA1;
} }
#endif
policy.next = nullptr; policy.next = nullptr;
int err = srtp_create(&session_, &policy); int err = srtp_create(&session_, &policy);
@ -748,7 +738,9 @@ bool SrtpSession::SetKey(int type, int cs, const uint8_t* key, size_t len) {
srtp_set_user_data(session_, this); srtp_set_user_data(session_, this);
rtp_auth_tag_len_ = policy.rtp.auth_tag_len; rtp_auth_tag_len_ = policy.rtp.auth_tag_len;
rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len; rtcp_auth_tag_len_ = policy.rtcp.auth_tag_len;
#if defined(ENABLE_EXTERNAL_AUTH)
external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1); external_auth_active_ = (policy.rtp.auth_type == EXTERNAL_HMAC_SHA1);
#endif
return true; return true;
} }
@ -768,12 +760,13 @@ bool SrtpSession::Init() {
LOG(LS_ERROR) << "Failed to install SRTP event handler, err=" << err; LOG(LS_ERROR) << "Failed to install SRTP event handler, err=" << err;
return false; return false;
} }
#if defined(ENABLE_EXTERNAL_AUTH)
err = external_crypto_init(); err = external_crypto_init();
if (err != srtp_err_status_ok) { if (err != srtp_err_status_ok) {
LOG(LS_ERROR) << "Failed to initialize fake auth, err=" << err; LOG(LS_ERROR) << "Failed to initialize fake auth, err=" << err;
return false; return false;
} }
#endif
inited_ = true; inited_ = true;
} }

28
webrtc/pc/srtpfilter.h
View File

@ -114,18 +114,12 @@ class SrtpFilter {
// Returns srtp overhead for rtp packets. // Returns srtp overhead for rtp packets.
bool GetSrtpOverhead(int* srtp_overhead) const; bool GetSrtpOverhead(int* srtp_overhead) const;
// If external auth is enabled, SRTP will write a dummy auth tag that then #if defined(ENABLE_EXTERNAL_AUTH)
// later must get replaced before the packet is sent out. Only supported for
// non-GCM cipher suites and can be checked through "IsExternalAuthActive"
// if it is actually used. This method is only valid before the RTP params
// have been set.
void EnableExternalAuth();
bool IsExternalAuthEnabled() const;
// A SRTP filter supports external creation of the auth tag if a non-GCM // A SRTP filter supports external creation of the auth tag if a non-GCM
// cipher is used. This method is only valid after the RTP params have // cipher is used. This method is only valid after the RTP params have
// been set. // been set.
bool IsExternalAuthActive() const; bool IsExternalAuthActive() const;
#endif
// Update the silent threshold (in ms) for signaling errors. // Update the silent threshold (in ms) for signaling errors.
void set_signal_silent_time(int signal_silent_time_in_ms); void set_signal_silent_time(int signal_silent_time_in_ms);
@ -175,9 +169,8 @@ class SrtpFilter {
// ST_INIT. // ST_INIT.
ST_RECEIVEDPRANSWER ST_RECEIVEDPRANSWER
}; };
State state_ = ST_INIT; State state_;
int signal_silent_time_in_ms_ = 0; int signal_silent_time_in_ms_;
bool external_auth_enabled_ = false;
std::vector<CryptoParams> offer_params_; std::vector<CryptoParams> offer_params_;
std::unique_ptr<SrtpSession> send_session_; std::unique_ptr<SrtpSession> send_session_;
std::unique_ptr<SrtpSession> recv_session_; std::unique_ptr<SrtpSession> recv_session_;
@ -220,18 +213,12 @@ class SrtpSession {
int GetSrtpOverhead() const; int GetSrtpOverhead() const;
// If external auth is enabled, SRTP will write a dummy auth tag that then #if defined(ENABLE_EXTERNAL_AUTH)
// later must get replaced before the packet is sent out. Only supported for
// non-GCM cipher suites and can be checked through "IsExternalAuthActive"
// if it is actually used. This method is only valid before the RTP params
// have been set.
void EnableExternalAuth();
bool IsExternalAuthEnabled() const;
// A SRTP session supports external creation of the auth tag if a non-GCM // A SRTP session supports external creation of the auth tag if a non-GCM
// cipher is used. This method is only valid after the RTP params have // cipher is used. This method is only valid after the RTP params have
// been set. // been set.
bool IsExternalAuthActive() const; bool IsExternalAuthActive() const;
#endif
// Update the silent threshold (in ms) for signaling errors. // Update the silent threshold (in ms) for signaling errors.
void set_signal_silent_time(int signal_silent_time_in_ms); void set_signal_silent_time(int signal_silent_time_in_ms);
@ -259,8 +246,9 @@ class SrtpSession {
static bool inited_; static bool inited_;
static rtc::GlobalLockPod lock_; static rtc::GlobalLockPod lock_;
int last_send_seq_num_ = -1; int last_send_seq_num_ = -1;
#if defined(ENABLE_EXTERNAL_AUTH)
bool external_auth_active_ = false; bool external_auth_active_ = false;
bool external_auth_enabled_ = false; #endif
RTC_DISALLOW_COPY_AND_ASSIGN(SrtpSession); RTC_DISALLOW_COPY_AND_ASSIGN(SrtpSession);
}; };

200
webrtc/pc/srtpfilter_unittest.cc
View File

@ -107,29 +107,6 @@ class SrtpFilterTest : public testing::Test {
EXPECT_TRUE(f1_.IsActive()); EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive()); EXPECT_TRUE(f2_.IsActive());
} }
void TestRtpAuthParams(cricket::SrtpFilter* filter, const std::string& cs) {
int overhead;
EXPECT_TRUE(filter->GetSrtpOverhead(&overhead));
switch (rtc::SrtpCryptoSuiteFromName(cs)) {
case rtc::SRTP_AES128_CM_SHA1_32:
EXPECT_EQ(32/8, overhead); // 32-bit tag.
break;
case rtc::SRTP_AES128_CM_SHA1_80:
EXPECT_EQ(80/8, overhead); // 80-bit tag.
break;
default:
RTC_NOTREACHED();
break;
}
uint8_t* auth_key = nullptr;
int key_len = 0;
int tag_len = 0;
EXPECT_TRUE(filter->GetRtpAuthParams(&auth_key, &key_len, &tag_len));
EXPECT_NE(nullptr, auth_key);
EXPECT_EQ(160/8, key_len); // Length of SHA-1 is 160 bits.
EXPECT_EQ(overhead, tag_len);
}
void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) {
rtc::Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1)); rtc::Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1));
char* rtp_packet = rtp_buffer.data<char>(); char* rtp_packet = rtp_buffer.data<char>();
@ -150,30 +127,18 @@ class SrtpFilterTest : public testing::Test {
&out_len)); &out_len));
EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
if (!f1_.IsExternalAuthActive()) { EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); EXPECT_EQ(rtp_len, out_len);
EXPECT_EQ(rtp_len, out_len); EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
} else {
// With external auth enabled, SRTP doesn't write the auth tag and
// unprotect would fail. Check accessing the information about the
// tag instead, similar to what the actual code would do that relies
// on external auth.
TestRtpAuthParams(&f1_, cs1);
}
EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
static_cast<int>(rtp_buffer.size()), static_cast<int>(rtp_buffer.size()),
&out_len)); &out_len));
EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
if (!f2_.IsExternalAuthActive()) { EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); EXPECT_EQ(rtp_len, out_len);
EXPECT_EQ(rtp_len, out_len); EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
} else {
TestRtpAuthParams(&f2_, cs2);
}
EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len,
static_cast<int>(rtcp_buffer.size()), static_cast<int>(rtcp_buffer.size()),
@ -193,30 +158,6 @@ class SrtpFilterTest : public testing::Test {
EXPECT_EQ(rtcp_len, out_len); EXPECT_EQ(rtcp_len, out_len);
EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
} }
void TestProtectSetParamsDirect(bool enable_external_auth, int cs,
const uint8_t* key1, int key1_len, const uint8_t* key2, int key2_len,
const std::string& cs_name) {
EXPECT_EQ(key1_len, key2_len);
EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs));
if (enable_external_auth) {
f1_.EnableExternalAuth();
f2_.EnableExternalAuth();
}
EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len));
EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len));
EXPECT_TRUE(f1_.SetRtcpParams(cs, key1, key1_len, cs, key2, key2_len));
EXPECT_TRUE(f2_.SetRtcpParams(cs, key2, key2_len, cs, key1, key1_len));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
if (rtc::IsGcmCryptoSuite(cs)) {
EXPECT_FALSE(f1_.IsExternalAuthActive());
EXPECT_FALSE(f2_.IsExternalAuthActive());
} else if (enable_external_auth) {
EXPECT_TRUE(f1_.IsExternalAuthActive());
EXPECT_TRUE(f2_.IsExternalAuthActive());
}
TestProtectUnprotect(cs_name, cs_name);
}
cricket::SrtpFilter f1_; cricket::SrtpFilter f1_;
cricket::SrtpFilter f2_; cricket::SrtpFilter f2_;
int sequence_number_; int sequence_number_;
@ -606,48 +547,98 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) {
EXPECT_FALSE(f2_.IsActive()); EXPECT_FALSE(f2_.IsActive());
} }
class SrtpFilterProtectSetParamsDirectTest
: public SrtpFilterTest,
public testing::WithParamInterface<bool> {
};
// Test directly setting the params with AES_CM_128_HMAC_SHA1_80. // Test directly setting the params with AES_CM_128_HMAC_SHA1_80.
TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_80) { TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
bool enable_external_auth = GetParam(); EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_80, kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, kTestKey2, kTestKeyLen));
CS_AES_CM_128_HMAC_SHA1_80); EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
#if defined(ENABLE_EXTERNAL_AUTH)
EXPECT_TRUE(f1_.IsExternalAuthActive());
EXPECT_TRUE(f2_.IsExternalAuthActive());
#endif
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
} }
// Test directly setting the params with AES_CM_128_HMAC_SHA1_32. // Test directly setting the params with AES_CM_128_HMAC_SHA1_32.
TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_32) { TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
bool enable_external_auth = GetParam(); EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_32, kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, kTestKey2, kTestKeyLen));
CS_AES_CM_128_HMAC_SHA1_32); EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey1, kTestKeyLen));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
#if defined(ENABLE_EXTERNAL_AUTH)
EXPECT_TRUE(f1_.IsExternalAuthActive());
EXPECT_TRUE(f2_.IsExternalAuthActive());
#endif
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
} }
// Test directly setting the params with SRTP_AEAD_AES_128_GCM. // Test directly setting the params with SRTP_AEAD_AES_128_GCM.
TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_128_GCM) { TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_128_GCM) {
bool enable_external_auth = GetParam(); EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1,
TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM,
kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, kTestKeyGcm128Len, kTestKeyGcm128_2, kTestKeyGcm128Len));
CS_AEAD_AES_128_GCM); EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2,
kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM,
kTestKeyGcm128_1, kTestKeyGcm128Len));
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1,
kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM,
kTestKeyGcm128_2, kTestKeyGcm128Len));
EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_2,
kTestKeyGcm128Len, rtc::SRTP_AEAD_AES_128_GCM,
kTestKeyGcm128_1, kTestKeyGcm128Len));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
#if defined(ENABLE_EXTERNAL_AUTH)
EXPECT_FALSE(f1_.IsExternalAuthActive());
EXPECT_FALSE(f2_.IsExternalAuthActive());
#endif
TestProtectUnprotect(CS_AEAD_AES_128_GCM, CS_AEAD_AES_128_GCM);
} }
// Test directly setting the params with SRTP_AEAD_AES_256_GCM. // Test directly setting the params with SRTP_AEAD_AES_256_GCM.
TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_256_GCM) { TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_SRTP_AEAD_AES_256_GCM) {
bool enable_external_auth = GetParam(); EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1,
TestProtectSetParamsDirect(enable_external_auth, rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM,
kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, kTestKeyGcm256Len, kTestKeyGcm256_2, kTestKeyGcm256Len));
CS_AEAD_AES_256_GCM); EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2,
kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM,
kTestKeyGcm256_1, kTestKeyGcm256Len));
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1,
kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM,
kTestKeyGcm256_2, kTestKeyGcm256Len));
EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_2,
kTestKeyGcm256Len, rtc::SRTP_AEAD_AES_256_GCM,
kTestKeyGcm256_1, kTestKeyGcm256Len));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
#if defined(ENABLE_EXTERNAL_AUTH)
EXPECT_FALSE(f1_.IsExternalAuthActive());
EXPECT_FALSE(f2_.IsExternalAuthActive());
#endif
TestProtectUnprotect(CS_AEAD_AES_256_GCM, CS_AEAD_AES_256_GCM);
} }
// Run all tests both with and without external auth enabled.
INSTANTIATE_TEST_CASE_P(ExternalAuth,
SrtpFilterProtectSetParamsDirectTest,
::testing::Values(true, false));
// Test directly setting the params with bogus keys. // Test directly setting the params with bogus keys.
TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
@ -658,6 +649,25 @@ TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
kTestKey1, kTestKeyLen - 1)); kTestKey1, kTestKeyLen - 1));
} }
#if defined(ENABLE_EXTERNAL_AUTH)
TEST_F(SrtpFilterTest, TestGetSendAuthParams) {
EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
kTestKey2, kTestKeyLen));
// Non-GCM ciphers support external auth.
EXPECT_TRUE(f1_.IsExternalAuthActive());
uint8_t* auth_key = NULL;
int auth_key_len = 0, auth_tag_len = 0;
EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len));
EXPECT_TRUE(auth_key != NULL);
EXPECT_EQ(20, auth_key_len);
EXPECT_EQ(4, auth_tag_len);
}
#endif
class SrtpSessionTest : public testing::Test { class SrtpSessionTest : public testing::Test {
protected: protected:
virtual void SetUp() { virtual void SetUp() {