admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

By default, don't use SRTP_AES128_CM_SHA1_32 protection profile.

Browse Source 
This profile will now not be used unless the application explicitly
sets the flag in CryptoOptions to true. As a result, an 80-bit
authentication tag will be used instead of a 32-bit one. See bug for
more details.

Bug: webrtc:7670
Change-Id: I7c0a118fd7b1e7aac23b9eb8717099f055de0441
Reviewed-on: https://webrtc-review.googlesource.com/66600
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Peter Thatcher <pthatcher@webrtc.org>
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22757}
This commit is contained in:
Taylor Brandstetter 2018-04-03 16:29:26 -07:00 committed by Commit Bot
parent c8b90aabd5
commit fd350d74ee
6 changed files with 50 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
p2p/base/dtlstransport_unittest.cc
View File

@ -334,9 +334,9 @@ class DtlsTransportTestBase {
if (use_dtls_) { if (use_dtls_) {
// Check that we negotiated the right ciphers. Since GCM ciphers are not // Check that we negotiated the right ciphers. Since GCM ciphers are not
// negotiated by default, we should end up with SRTP_AES128_CM_SHA1_32. // negotiated by default, we should end up with SRTP_AES128_CM_SHA1_80.
client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_32); client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_32); client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
} else { } else {
// If DTLS isn't actually being used, GetSrtpCryptoSuite should return // If DTLS isn't actually being used, GetSrtpCryptoSuite should return
// false. // false.

75
pc/mediasession_unittest.cc
View File

@ -213,6 +213,11 @@ static const char* kMediaProtocolsDtls[] = {
"TCP/TLS/RTP/SAVPF", "TCP/TLS/RTP/SAVP", "UDP/TLS/RTP/SAVPF", "TCP/TLS/RTP/SAVPF", "TCP/TLS/RTP/SAVP", "UDP/TLS/RTP/SAVPF",
"UDP/TLS/RTP/SAVP"}; "UDP/TLS/RTP/SAVP"};
// SRTP cipher name negotiated by the tests. This must be updated if the
// default changes.
static const char* kDefaultSrtpCryptoSuite = CS_AES_CM_128_HMAC_SHA1_80;
static const char* kDefaultSrtpCryptoSuiteGcm = CS_AEAD_AES_256_GCM;
// These constants are used to make the code using "AddMediaSection" more // These constants are used to make the code using "AddMediaSection" more
// readable. // readable.
static constexpr bool kStopped = true; static constexpr bool kStopped = true;
@ -545,7 +550,7 @@ class MediaSessionDescriptionFactoryTest : public testing::Test {
EXPECT_TRUE(CompareCryptoParams(audio_media_desc->cryptos(), EXPECT_TRUE(CompareCryptoParams(audio_media_desc->cryptos(),
video_media_desc->cryptos())); video_media_desc->cryptos()));
EXPECT_EQ(1u, audio_media_desc->cryptos().size()); EXPECT_EQ(1u, audio_media_desc->cryptos().size());
EXPECT_EQ(std::string(CS_AES_CM_128_HMAC_SHA1_80), EXPECT_EQ(std::string(kDefaultSrtpCryptoSuite),
audio_media_desc->cryptos()[0].cipher_suite); audio_media_desc->cryptos()[0].cipher_suite);
// Verify the selected crypto is one from the reference audio // Verify the selected crypto is one from the reference audio
@ -636,18 +641,18 @@ class MediaSessionDescriptionFactoryTest : public testing::Test {
EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached
EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux
if (gcm_offer && gcm_answer) { if (gcm_offer && gcm_answer) {
ASSERT_CRYPTO(acd, 1U, CS_AEAD_AES_256_GCM); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuiteGcm);
} else { } else {
ASSERT_CRYPTO(acd, 1U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
} }
EXPECT_EQ(MEDIA_TYPE_VIDEO, vcd->type()); EXPECT_EQ(MEDIA_TYPE_VIDEO, vcd->type());
EXPECT_EQ(MAKE_VECTOR(kVideoCodecsAnswer), vcd->codecs()); EXPECT_EQ(MAKE_VECTOR(kVideoCodecsAnswer), vcd->codecs());
EXPECT_EQ(0U, vcd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, vcd->first_ssrc()); // no sender is attached
EXPECT_TRUE(vcd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(vcd->rtcp_mux()); // negotiated rtcp-mux
if (gcm_offer && gcm_answer) { if (gcm_offer && gcm_answer) {
ASSERT_CRYPTO(vcd, 1U, CS_AEAD_AES_256_GCM); ASSERT_CRYPTO(vcd, 1U, kDefaultSrtpCryptoSuiteGcm);
} else { } else {
ASSERT_CRYPTO(vcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(vcd, 1U, kDefaultSrtpCryptoSuite);
} }
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), vcd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), vcd->protocol());
} }
@ -676,7 +681,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateAudioOffer) {
EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached. EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached.
EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // default bandwidth (auto) EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // default bandwidth (auto)
EXPECT_TRUE(acd->rtcp_mux()); // rtcp-mux defaults on EXPECT_TRUE(acd->rtcp_mux()); // rtcp-mux defaults on
ASSERT_CRYPTO(acd, 2U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol());
} }
@ -700,14 +705,14 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateVideoOffer) {
EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached
EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // default bandwidth (auto) EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // default bandwidth (auto)
EXPECT_TRUE(acd->rtcp_mux()); // rtcp-mux defaults on EXPECT_TRUE(acd->rtcp_mux()); // rtcp-mux defaults on
ASSERT_CRYPTO(acd, 2U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol());
EXPECT_EQ(MEDIA_TYPE_VIDEO, vcd->type()); EXPECT_EQ(MEDIA_TYPE_VIDEO, vcd->type());
EXPECT_EQ(f1_.video_codecs(), vcd->codecs()); EXPECT_EQ(f1_.video_codecs(), vcd->codecs());
EXPECT_EQ(0U, vcd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, vcd->first_ssrc()); // no sender is attached
EXPECT_EQ(kAutoBandwidth, vcd->bandwidth()); // default bandwidth (auto) EXPECT_EQ(kAutoBandwidth, vcd->bandwidth()); // default bandwidth (auto)
EXPECT_TRUE(vcd->rtcp_mux()); // rtcp-mux defaults on EXPECT_TRUE(vcd->rtcp_mux()); // rtcp-mux defaults on
ASSERT_CRYPTO(vcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(vcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), vcd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), vcd->protocol());
} }
@ -778,11 +783,11 @@ TEST_F(MediaSessionDescriptionFactoryTest,
EXPECT_TRUE(NULL != acd); EXPECT_TRUE(NULL != acd);
EXPECT_TRUE(NULL != dcd); EXPECT_TRUE(NULL != dcd);
ASSERT_CRYPTO(acd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol());
ASSERT_CRYPTO(vcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(vcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), vcd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), vcd->protocol());
ASSERT_CRYPTO(dcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(dcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), dcd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), dcd->protocol());
} }
@ -807,7 +812,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateRtpDataOffer) {
EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attched. EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attched.
EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // default bandwidth (auto) EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // default bandwidth (auto)
EXPECT_TRUE(acd->rtcp_mux()); // rtcp-mux defaults on EXPECT_TRUE(acd->rtcp_mux()); // rtcp-mux defaults on
ASSERT_CRYPTO(acd, 2U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol());
EXPECT_EQ(MEDIA_TYPE_DATA, dcd->type()); EXPECT_EQ(MEDIA_TYPE_DATA, dcd->type());
EXPECT_EQ(f1_.data_codecs(), dcd->codecs()); EXPECT_EQ(f1_.data_codecs(), dcd->codecs());
@ -815,7 +820,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateRtpDataOffer) {
EXPECT_EQ(cricket::kDataMaxBandwidth, EXPECT_EQ(cricket::kDataMaxBandwidth,
dcd->bandwidth()); // default bandwidth (auto) dcd->bandwidth()); // default bandwidth (auto)
EXPECT_TRUE(dcd->rtcp_mux()); // rtcp-mux defaults on EXPECT_TRUE(dcd->rtcp_mux()); // rtcp-mux defaults on
ASSERT_CRYPTO(dcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(dcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), dcd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), dcd->protocol());
} }
@ -943,7 +948,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateAudioAnswer) {
EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached
EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw
EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux
ASSERT_CRYPTO(acd, 1U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol());
} }
@ -969,7 +974,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateAudioAnswerGcm) {
EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached
EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw
EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux
ASSERT_CRYPTO(acd, 1U, CS_AEAD_AES_256_GCM); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuiteGcm);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), acd->protocol());
} }
@ -996,12 +1001,12 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateVideoAnswer) {
EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw
EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached
EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux
ASSERT_CRYPTO(acd, 1U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(MEDIA_TYPE_VIDEO, vcd->type()); EXPECT_EQ(MEDIA_TYPE_VIDEO, vcd->type());
EXPECT_EQ(MAKE_VECTOR(kVideoCodecsAnswer), vcd->codecs()); EXPECT_EQ(MAKE_VECTOR(kVideoCodecsAnswer), vcd->codecs());
EXPECT_EQ(0U, vcd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, vcd->first_ssrc()); // no sender is attached
EXPECT_TRUE(vcd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(vcd->rtcp_mux()); // negotiated rtcp-mux
ASSERT_CRYPTO(vcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(vcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), vcd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), vcd->protocol());
} }
@ -1045,12 +1050,12 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateDataAnswer) {
EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw
EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached
EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux
ASSERT_CRYPTO(acd, 1U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(MEDIA_TYPE_DATA, dcd->type()); EXPECT_EQ(MEDIA_TYPE_DATA, dcd->type());
EXPECT_EQ(MAKE_VECTOR(kDataCodecsAnswer), dcd->codecs()); EXPECT_EQ(MAKE_VECTOR(kDataCodecsAnswer), dcd->codecs());
EXPECT_EQ(0U, dcd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, dcd->first_ssrc()); // no sender is attached
EXPECT_TRUE(dcd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(dcd->rtcp_mux()); // negotiated rtcp-mux
ASSERT_CRYPTO(dcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(dcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), dcd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), dcd->protocol());
} }
@ -1077,12 +1082,12 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateDataAnswerGcm) {
EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // negotiated auto bw
EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, acd->first_ssrc()); // no sender is attached
EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(acd->rtcp_mux()); // negotiated rtcp-mux
ASSERT_CRYPTO(acd, 1U, CS_AEAD_AES_256_GCM); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuiteGcm);
EXPECT_EQ(MEDIA_TYPE_DATA, dcd->type()); EXPECT_EQ(MEDIA_TYPE_DATA, dcd->type());
EXPECT_EQ(MAKE_VECTOR(kDataCodecsAnswer), dcd->codecs()); EXPECT_EQ(MAKE_VECTOR(kDataCodecsAnswer), dcd->codecs());
EXPECT_EQ(0U, dcd->first_ssrc()); // no sender is attached EXPECT_EQ(0U, dcd->first_ssrc()); // no sender is attached
EXPECT_TRUE(dcd->rtcp_mux()); // negotiated rtcp-mux EXPECT_TRUE(dcd->rtcp_mux()); // negotiated rtcp-mux
ASSERT_CRYPTO(dcd, 1U, CS_AEAD_AES_256_GCM); ASSERT_CRYPTO(dcd, 1U, kDefaultSrtpCryptoSuiteGcm);
EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), dcd->protocol()); EXPECT_EQ(std::string(cricket::kMediaProtocolSavpf), dcd->protocol());
} }
@ -1643,11 +1648,11 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateMultiStreamVideoOffer) {
EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // default bandwidth (auto) EXPECT_EQ(kAutoBandwidth, acd->bandwidth()); // default bandwidth (auto)
EXPECT_TRUE(acd->rtcp_mux()); // rtcp-mux defaults on EXPECT_TRUE(acd->rtcp_mux()); // rtcp-mux defaults on
ASSERT_CRYPTO(acd, 2U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(MEDIA_TYPE_VIDEO, vcd->type()); EXPECT_EQ(MEDIA_TYPE_VIDEO, vcd->type());
EXPECT_EQ(f1_.video_codecs(), vcd->codecs()); EXPECT_EQ(f1_.video_codecs(), vcd->codecs());
ASSERT_CRYPTO(vcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(vcd, 1U, kDefaultSrtpCryptoSuite);
const StreamParamsVec& video_streams = vcd->streams(); const StreamParamsVec& video_streams = vcd->streams();
ASSERT_EQ(1U, video_streams.size()); ASSERT_EQ(1U, video_streams.size());
@ -1658,7 +1663,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateMultiStreamVideoOffer) {
EXPECT_EQ(MEDIA_TYPE_DATA, dcd->type()); EXPECT_EQ(MEDIA_TYPE_DATA, dcd->type());
EXPECT_EQ(f1_.data_codecs(), dcd->codecs()); EXPECT_EQ(f1_.data_codecs(), dcd->codecs());
ASSERT_CRYPTO(dcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(dcd, 1U, kDefaultSrtpCryptoSuite);
const StreamParamsVec& data_streams = dcd->streams(); const StreamParamsVec& data_streams = dcd->streams();
ASSERT_EQ(2U, data_streams.size()); ASSERT_EQ(2U, data_streams.size());
@ -1673,7 +1678,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateMultiStreamVideoOffer) {
EXPECT_EQ(cricket::kDataMaxBandwidth, EXPECT_EQ(cricket::kDataMaxBandwidth,
dcd->bandwidth()); // default bandwidth (auto) dcd->bandwidth()); // default bandwidth (auto)
EXPECT_TRUE(dcd->rtcp_mux()); // rtcp-mux defaults on EXPECT_TRUE(dcd->rtcp_mux()); // rtcp-mux defaults on
ASSERT_CRYPTO(dcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(dcd, 1U, kDefaultSrtpCryptoSuite);
// Update the offer. Add a new video track that is not synched to the // Update the offer. Add a new video track that is not synched to the
// other tracks and replace audio track 2 with audio track 3. // other tracks and replace audio track 2 with audio track 3.
@ -1708,11 +1713,11 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateMultiStreamVideoOffer) {
EXPECT_EQ(vcd->codecs(), updated_vcd->codecs()); EXPECT_EQ(vcd->codecs(), updated_vcd->codecs());
EXPECT_EQ(dcd->type(), updated_dcd->type()); EXPECT_EQ(dcd->type(), updated_dcd->type());
EXPECT_EQ(dcd->codecs(), updated_dcd->codecs()); EXPECT_EQ(dcd->codecs(), updated_dcd->codecs());
ASSERT_CRYPTO(updated_acd, 2U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(updated_acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_TRUE(CompareCryptoParams(acd->cryptos(), updated_acd->cryptos())); EXPECT_TRUE(CompareCryptoParams(acd->cryptos(), updated_acd->cryptos()));
ASSERT_CRYPTO(updated_vcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(updated_vcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_TRUE(CompareCryptoParams(vcd->cryptos(), updated_vcd->cryptos())); EXPECT_TRUE(CompareCryptoParams(vcd->cryptos(), updated_vcd->cryptos()));
ASSERT_CRYPTO(updated_dcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(updated_dcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_TRUE(CompareCryptoParams(dcd->cryptos(), updated_dcd->cryptos())); EXPECT_TRUE(CompareCryptoParams(dcd->cryptos(), updated_dcd->cryptos()));
const StreamParamsVec& updated_audio_streams = updated_acd->streams(); const StreamParamsVec& updated_audio_streams = updated_acd->streams();
@ -1821,9 +1826,9 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateMultiStreamVideoAnswer) {
const AudioContentDescription* acd = ac->media_description()->as_audio(); const AudioContentDescription* acd = ac->media_description()->as_audio();
const VideoContentDescription* vcd = vc->media_description()->as_video(); const VideoContentDescription* vcd = vc->media_description()->as_video();
const DataContentDescription* dcd = dc->media_description()->as_data(); const DataContentDescription* dcd = dc->media_description()->as_data();
ASSERT_CRYPTO(acd, 1U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(acd, 1U, kDefaultSrtpCryptoSuite);
ASSERT_CRYPTO(vcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(vcd, 1U, kDefaultSrtpCryptoSuite);
ASSERT_CRYPTO(dcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(dcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_EQ(MEDIA_TYPE_AUDIO, acd->type()); EXPECT_EQ(MEDIA_TYPE_AUDIO, acd->type());
EXPECT_EQ(MAKE_VECTOR(kAudioCodecsAnswer), acd->codecs()); EXPECT_EQ(MAKE_VECTOR(kAudioCodecsAnswer), acd->codecs());
@ -1891,11 +1896,11 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCreateMultiStreamVideoAnswer) {
const DataContentDescription* updated_dcd = const DataContentDescription* updated_dcd =
dc->media_description()->as_data(); dc->media_description()->as_data();
ASSERT_CRYPTO(updated_acd, 1U, CS_AES_CM_128_HMAC_SHA1_32); ASSERT_CRYPTO(updated_acd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_TRUE(CompareCryptoParams(acd->cryptos(), updated_acd->cryptos())); EXPECT_TRUE(CompareCryptoParams(acd->cryptos(), updated_acd->cryptos()));
ASSERT_CRYPTO(updated_vcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(updated_vcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_TRUE(CompareCryptoParams(vcd->cryptos(), updated_vcd->cryptos())); EXPECT_TRUE(CompareCryptoParams(vcd->cryptos(), updated_vcd->cryptos()));
ASSERT_CRYPTO(updated_dcd, 1U, CS_AES_CM_128_HMAC_SHA1_80); ASSERT_CRYPTO(updated_dcd, 1U, kDefaultSrtpCryptoSuite);
EXPECT_TRUE(CompareCryptoParams(dcd->cryptos(), updated_dcd->cryptos())); EXPECT_TRUE(CompareCryptoParams(dcd->cryptos(), updated_dcd->cryptos()));
EXPECT_EQ(acd->type(), updated_acd->type()); EXPECT_EQ(acd->type(), updated_acd->type());
@ -2819,7 +2824,7 @@ TEST_F(MediaSessionDescriptionFactoryTest, TestCryptoDtls) {
ASSERT_TRUE(audio_media_desc != NULL); ASSERT_TRUE(audio_media_desc != NULL);
video_media_desc = offer->GetContentDescriptionByName("video"); video_media_desc = offer->GetContentDescriptionByName("video");
ASSERT_TRUE(video_media_desc != NULL); ASSERT_TRUE(video_media_desc != NULL);
EXPECT_EQ(2u, audio_media_desc->cryptos().size()); EXPECT_EQ(1u, audio_media_desc->cryptos().size());
EXPECT_EQ(1u, video_media_desc->cryptos().size()); EXPECT_EQ(1u, video_media_desc->cryptos().size());
audio_trans_desc = offer->GetTransportDescriptionByName("audio"); audio_trans_desc = offer->GetTransportDescriptionByName("audio");

2
pc/peerconnection_integrationtest.cc
View File

@ -114,7 +114,7 @@ static const char kDataChannelLabel[] = "data_channel";
// SRTP cipher name negotiated by the tests. This must be updated if the // SRTP cipher name negotiated by the tests. This must be updated if the
// default changes. // default changes.
static const int kDefaultSrtpCryptoSuite = rtc::SRTP_AES128_CM_SHA1_32; static const int kDefaultSrtpCryptoSuite = rtc::SRTP_AES128_CM_SHA1_80;
static const int kDefaultSrtpCryptoSuiteGcm = rtc::SRTP_AEAD_AES_256_GCM; static const int kDefaultSrtpCryptoSuiteGcm = rtc::SRTP_AEAD_AES_256_GCM;
static const SocketAddress kDefaultLocalAddress("192.168.1.1", 0); static const SocketAddress kDefaultLocalAddress("192.168.1.1", 0);

2
pc/peerconnectioninterface_unittest.cc
View File

@ -403,7 +403,7 @@ static const char kDtlsSdesFallbackSdp[] =
"a=fingerprint:sha-1 " "a=fingerprint:sha-1 "
"4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB\r\n" "4A:AD:B9:B1:3F:82:18:3B:54:02:12:DF:3E:5D:49:6B:19:E5:7C:AB\r\n"
"a=setup:actpass\r\n" "a=setup:actpass\r\n"
"a=crypto:1 AES_CM_128_HMAC_SHA1_32 " "a=crypto:0 AES_CM_128_HMAC_SHA1_80 "
"inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 " "inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32 "
"dummy_session_params\r\n"; "dummy_session_params\r\n";

8
pc/test/testsdpstrings.h
View File

@ -92,7 +92,7 @@ static const char kAudioSdpPlanB[] =
"a=sendrecv\r\n" "a=sendrecv\r\n"
"a=rtcp:16000 IN IP4 192.168.30.208\r\n" "a=rtcp:16000 IN IP4 192.168.30.208\r\n"
"a=rtcp-mux\r\n" "a=rtcp-mux\r\n"
"a=crypto:1 AES_CM_128_HMAC_SHA1_80 " "a=crypto:0 AES_CM_128_HMAC_SHA1_80 "
"inline:tvKIFjbMQ7W0/C2RzhwN0oQglj/7GJg+frdsNRxt\r\n" "inline:tvKIFjbMQ7W0/C2RzhwN0oQglj/7GJg+frdsNRxt\r\n"
"a=ice-ufrag:AI2sRT3r\r\n" "a=ice-ufrag:AI2sRT3r\r\n"
"a=ice-pwd:lByS9z2RSQlSE9XurlvjYmEm\r\n" "a=ice-pwd:lByS9z2RSQlSE9XurlvjYmEm\r\n"
@ -117,7 +117,7 @@ static const char kAudioSdpUnifiedPlan[] =
"a=sendrecv\r\n" "a=sendrecv\r\n"
"a=rtcp:16000 IN IP4 192.168.30.208\r\n" "a=rtcp:16000 IN IP4 192.168.30.208\r\n"
"a=rtcp-mux\r\n" "a=rtcp-mux\r\n"
"a=crypto:1 AES_CM_128_HMAC_SHA1_80 " "a=crypto:0 AES_CM_128_HMAC_SHA1_80 "
"inline:tvKIFjbMQ7W0/C2RzhwN0oQglj/7GJg+frdsNRxt\r\n" "inline:tvKIFjbMQ7W0/C2RzhwN0oQglj/7GJg+frdsNRxt\r\n"
"a=ice-ufrag:AI2sRT3r\r\n" "a=ice-ufrag:AI2sRT3r\r\n"
"a=ice-pwd:lByS9z2RSQlSE9XurlvjYmEm\r\n" "a=ice-pwd:lByS9z2RSQlSE9XurlvjYmEm\r\n"
@ -142,7 +142,7 @@ static const char kAudioSdpWithUnsupportedCodecsPlanB[] =
"a=sendonly\r\n" "a=sendonly\r\n"
"a=rtcp:16000 IN IP4 192.168.30.208\r\n" "a=rtcp:16000 IN IP4 192.168.30.208\r\n"
"a=rtcp-mux\r\n" "a=rtcp-mux\r\n"
"a=crypto:1 AES_CM_128_HMAC_SHA1_80 " "a=crypto:0 AES_CM_128_HMAC_SHA1_80 "
"inline:tvKIFjbMQ7W0/C2RzhwN0oQglj/7GJg+frdsNRxt\r\n" "inline:tvKIFjbMQ7W0/C2RzhwN0oQglj/7GJg+frdsNRxt\r\n"
"a=ice-ufrag:AI2sRT3r\r\n" "a=ice-ufrag:AI2sRT3r\r\n"
"a=ice-pwd:lByS9z2RSQlSE9XurlvjYmEm\r\n" "a=ice-pwd:lByS9z2RSQlSE9XurlvjYmEm\r\n"
@ -169,7 +169,7 @@ static const char kAudioSdpWithUnsupportedCodecsUnifiedPlan[] =
"a=sendonly\r\n" "a=sendonly\r\n"
"a=rtcp:16000 IN IP4 192.168.30.208\r\n" "a=rtcp:16000 IN IP4 192.168.30.208\r\n"
"a=rtcp-mux\r\n" "a=rtcp-mux\r\n"
"a=crypto:1 AES_CM_128_HMAC_SHA1_80 " "a=crypto:0 AES_CM_128_HMAC_SHA1_80 "
"inline:tvKIFjbMQ7W0/C2RzhwN0oQglj/7GJg+frdsNRxt\r\n" "inline:tvKIFjbMQ7W0/C2RzhwN0oQglj/7GJg+frdsNRxt\r\n"
"a=ice-ufrag:AI2sRT3r\r\n" "a=ice-ufrag:AI2sRT3r\r\n"
"a=ice-pwd:lByS9z2RSQlSE9XurlvjYmEm\r\n" "a=ice-pwd:lByS9z2RSQlSE9XurlvjYmEm\r\n"

5
rtc_base/sslstreamadapter.h
View File

@ -84,10 +84,7 @@ struct CryptoOptions {
// SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers // SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers
// during negotiation. It will only be used if both peers support it and no // during negotiation. It will only be used if both peers support it and no
// other ciphers get preferred. // other ciphers get preferred.
// TODO(crbug.com/webrtc/7670): Change default to false after sending PSA and bool enable_aes128_sha1_32_crypto_cipher = false;
// giving time for users to set this flag to true explicitly, if they still
// want to use this crypto suite.
bool enable_aes128_sha1_32_crypto_cipher = true;
// If set to true, encrypted RTP header extensions as defined in RFC 6904 // If set to true, encrypted RTP header extensions as defined in RFC 6904
// will be negotiated. They will only be used if both peers support them. // will be negotiated. They will only be used if both peers support them.