zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2017 The WebRTC project authors. All Rights Reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 11 | #include <vector> |
| 12 | |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 13 | #include "pc/srtptransport.h" |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 14 | |
Karl Wiberg | 918f50c | 2018-07-05 11:40:33 +0200 | [diff] [blame^] | 15 | #include "absl/memory/memory.h" |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 16 | #include "media/base/fakertp.h" |
| 17 | #include "p2p/base/dtlstransportinternal.h" |
| 18 | #include "p2p/base/fakepackettransport.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 19 | #include "pc/rtptransport.h" |
| 20 | #include "pc/rtptransporttestutil.h" |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 21 | #include "pc/srtptestutil.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 22 | #include "rtc_base/asyncpacketsocket.h" |
| 23 | #include "rtc_base/gunit.h" |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 24 | #include "rtc_base/sslstreamadapter.h" |
| 25 | |
| 26 | using rtc::kTestKey1; |
| 27 | using rtc::kTestKey2; |
| 28 | using rtc::kTestKeyLen; |
| 29 | using rtc::SRTP_AEAD_AES_128_GCM; |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 30 | |
| 31 | namespace webrtc { |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 32 | static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12"; |
| 33 | static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 34 | static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt. |
| 35 | static const uint8_t kTestKeyGcm256_1[] = |
| 36 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr"; |
| 37 | static const uint8_t kTestKeyGcm256_2[] = |
| 38 | "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"; |
| 39 | static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt. |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 40 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 41 | class SrtpTransportTest : public testing::Test, public sigslot::has_slots<> { |
| 42 | protected: |
| 43 | SrtpTransportTest() { |
| 44 | bool rtcp_mux_enabled = true; |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 45 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 46 | rtp_packet_transport1_ = |
Karl Wiberg | 918f50c | 2018-07-05 11:40:33 +0200 | [diff] [blame^] | 47 | absl::make_unique<rtc::FakePacketTransport>("fake_packet_transport1"); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 48 | rtp_packet_transport2_ = |
Karl Wiberg | 918f50c | 2018-07-05 11:40:33 +0200 | [diff] [blame^] | 49 | absl::make_unique<rtc::FakePacketTransport>("fake_packet_transport2"); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 50 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 51 | bool asymmetric = false; |
| 52 | rtp_packet_transport1_->SetDestination(rtp_packet_transport2_.get(), |
| 53 | asymmetric); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 54 | |
Karl Wiberg | 918f50c | 2018-07-05 11:40:33 +0200 | [diff] [blame^] | 55 | srtp_transport1_ = absl::make_unique<SrtpTransport>(rtcp_mux_enabled); |
| 56 | srtp_transport2_ = absl::make_unique<SrtpTransport>(rtcp_mux_enabled); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 57 | |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 58 | srtp_transport1_->SetRtpPacketTransport(rtp_packet_transport1_.get()); |
| 59 | srtp_transport2_->SetRtpPacketTransport(rtp_packet_transport2_.get()); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 60 | |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 61 | srtp_transport1_->SignalRtcpPacketReceived.connect( |
| 62 | &rtp_sink1_, &TransportObserver::OnRtcpPacketReceived); |
| 63 | srtp_transport2_->SignalRtcpPacketReceived.connect( |
| 64 | &rtp_sink2_, &TransportObserver::OnRtcpPacketReceived); |
| 65 | |
| 66 | RtpDemuxerCriteria demuxer_criteria; |
| 67 | // 0x00 is the payload type used in kPcmuFrame. |
| 68 | demuxer_criteria.payload_types = {0x00}; |
| 69 | |
| 70 | srtp_transport1_->RegisterRtpDemuxerSink(demuxer_criteria, &rtp_sink1_); |
| 71 | srtp_transport2_->RegisterRtpDemuxerSink(demuxer_criteria, &rtp_sink2_); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 72 | } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 73 | |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 74 | ~SrtpTransportTest() { |
| 75 | if (srtp_transport1_) { |
| 76 | srtp_transport1_->UnregisterRtpDemuxerSink(&rtp_sink1_); |
| 77 | } |
| 78 | if (srtp_transport2_) { |
| 79 | srtp_transport2_->UnregisterRtpDemuxerSink(&rtp_sink2_); |
| 80 | } |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 81 | } |
| 82 | |
| 83 | // With external auth enabled, SRTP doesn't write the auth tag and |
| 84 | // unprotect would fail. Check accessing the information about the |
| 85 | // tag instead, similar to what the actual code would do that relies |
| 86 | // on external auth. |
| 87 | void TestRtpAuthParams(SrtpTransport* transport, const std::string& cs) { |
| 88 | int overhead; |
| 89 | EXPECT_TRUE(transport->GetSrtpOverhead(&overhead)); |
| 90 | switch (rtc::SrtpCryptoSuiteFromName(cs)) { |
| 91 | case rtc::SRTP_AES128_CM_SHA1_32: |
| 92 | EXPECT_EQ(32 / 8, overhead); // 32-bit tag. |
| 93 | break; |
| 94 | case rtc::SRTP_AES128_CM_SHA1_80: |
| 95 | EXPECT_EQ(80 / 8, overhead); // 80-bit tag. |
| 96 | break; |
| 97 | default: |
| 98 | RTC_NOTREACHED(); |
| 99 | break; |
| 100 | } |
| 101 | |
| 102 | uint8_t* auth_key = nullptr; |
| 103 | int key_len = 0; |
| 104 | int tag_len = 0; |
| 105 | EXPECT_TRUE(transport->GetRtpAuthParams(&auth_key, &key_len, &tag_len)); |
| 106 | EXPECT_NE(nullptr, auth_key); |
| 107 | EXPECT_EQ(160 / 8, key_len); // Length of SHA-1 is 160 bits. |
| 108 | EXPECT_EQ(overhead, tag_len); |
| 109 | } |
| 110 | |
| 111 | void TestSendRecvRtpPacket(const std::string& cipher_suite_name) { |
| 112 | size_t rtp_len = sizeof(kPcmuFrame); |
| 113 | size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(cipher_suite_name); |
| 114 | rtc::Buffer rtp_packet_buffer(packet_size); |
| 115 | char* rtp_packet_data = rtp_packet_buffer.data<char>(); |
| 116 | memcpy(rtp_packet_data, kPcmuFrame, rtp_len); |
| 117 | // In order to be able to run this test function multiple times we can not |
| 118 | // use the same sequence number twice. Increase the sequence number by one. |
| 119 | rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_data) + 2, |
| 120 | ++sequence_number_); |
| 121 | rtc::CopyOnWriteBuffer rtp_packet1to2(rtp_packet_data, rtp_len, |
| 122 | packet_size); |
| 123 | rtc::CopyOnWriteBuffer rtp_packet2to1(rtp_packet_data, rtp_len, |
| 124 | packet_size); |
| 125 | |
| 126 | char original_rtp_data[sizeof(kPcmuFrame)]; |
| 127 | memcpy(original_rtp_data, rtp_packet_data, rtp_len); |
| 128 | |
| 129 | rtc::PacketOptions options; |
| 130 | // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify |
| 131 | // that the packet can be successfully received and decrypted. |
| 132 | ASSERT_TRUE(srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options, |
| 133 | cricket::PF_SRTP_BYPASS)); |
| 134 | if (srtp_transport1_->IsExternalAuthActive()) { |
| 135 | TestRtpAuthParams(srtp_transport1_.get(), cipher_suite_name); |
| 136 | } else { |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 137 | ASSERT_TRUE(rtp_sink2_.last_recv_rtp_packet().data()); |
| 138 | EXPECT_EQ(0, memcmp(rtp_sink2_.last_recv_rtp_packet().data(), |
| 139 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 140 | // Get the encrypted packet from underneath packet transport and verify |
| 141 | // the data is actually encrypted. |
| 142 | auto fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 143 | srtp_transport1_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 144 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 145 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 146 | } |
| 147 | |
| 148 | // Do the same thing in the opposite direction; |
| 149 | ASSERT_TRUE(srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options, |
| 150 | cricket::PF_SRTP_BYPASS)); |
| 151 | if (srtp_transport2_->IsExternalAuthActive()) { |
| 152 | TestRtpAuthParams(srtp_transport2_.get(), cipher_suite_name); |
| 153 | } else { |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 154 | ASSERT_TRUE(rtp_sink1_.last_recv_rtp_packet().data()); |
| 155 | EXPECT_EQ(0, memcmp(rtp_sink1_.last_recv_rtp_packet().data(), |
| 156 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 157 | auto fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 158 | srtp_transport2_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 159 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 160 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 161 | } |
| 162 | } |
| 163 | |
| 164 | void TestSendRecvRtcpPacket(const std::string& cipher_suite_name) { |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 165 | size_t rtcp_len = sizeof(::kRtcpReport); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 166 | size_t packet_size = |
| 167 | rtcp_len + 4 + rtc::rtcp_auth_tag_len(cipher_suite_name); |
| 168 | rtc::Buffer rtcp_packet_buffer(packet_size); |
| 169 | char* rtcp_packet_data = rtcp_packet_buffer.data<char>(); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 170 | memcpy(rtcp_packet_data, ::kRtcpReport, rtcp_len); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 171 | |
| 172 | rtc::CopyOnWriteBuffer rtcp_packet1to2(rtcp_packet_data, rtcp_len, |
| 173 | packet_size); |
| 174 | rtc::CopyOnWriteBuffer rtcp_packet2to1(rtcp_packet_data, rtcp_len, |
| 175 | packet_size); |
| 176 | |
| 177 | rtc::PacketOptions options; |
| 178 | // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify |
| 179 | // that the packet can be successfully received and decrypted. |
| 180 | ASSERT_TRUE(srtp_transport1_->SendRtcpPacket(&rtcp_packet1to2, options, |
| 181 | cricket::PF_SRTP_BYPASS)); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 182 | ASSERT_TRUE(rtp_sink2_.last_recv_rtcp_packet().data()); |
| 183 | EXPECT_EQ(0, memcmp(rtp_sink2_.last_recv_rtcp_packet().data(), |
| 184 | rtcp_packet_data, rtcp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 185 | // Get the encrypted packet from underneath packet transport and verify the |
| 186 | // data is actually encrypted. |
| 187 | auto fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 188 | srtp_transport1_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 189 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 190 | rtcp_packet_data, rtcp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 191 | |
| 192 | // Do the same thing in the opposite direction; |
| 193 | ASSERT_TRUE(srtp_transport2_->SendRtcpPacket(&rtcp_packet2to1, options, |
| 194 | cricket::PF_SRTP_BYPASS)); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 195 | ASSERT_TRUE(rtp_sink1_.last_recv_rtcp_packet().data()); |
| 196 | EXPECT_EQ(0, memcmp(rtp_sink1_.last_recv_rtcp_packet().data(), |
| 197 | rtcp_packet_data, rtcp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 198 | fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 199 | srtp_transport2_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 200 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 201 | rtcp_packet_data, rtcp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 202 | } |
| 203 | |
| 204 | void TestSendRecvPacket(bool enable_external_auth, |
| 205 | int cs, |
| 206 | const uint8_t* key1, |
| 207 | int key1_len, |
| 208 | const uint8_t* key2, |
| 209 | int key2_len, |
| 210 | const std::string& cipher_suite_name) { |
| 211 | EXPECT_EQ(key1_len, key2_len); |
| 212 | EXPECT_EQ(cipher_suite_name, rtc::SrtpCryptoSuiteToName(cs)); |
| 213 | if (enable_external_auth) { |
| 214 | srtp_transport1_->EnableExternalAuth(); |
| 215 | srtp_transport2_->EnableExternalAuth(); |
| 216 | } |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 217 | std::vector<int> extension_ids; |
| 218 | EXPECT_TRUE(srtp_transport1_->SetRtpParams( |
| 219 | cs, key1, key1_len, extension_ids, cs, key2, key2_len, extension_ids)); |
| 220 | EXPECT_TRUE(srtp_transport2_->SetRtpParams( |
| 221 | cs, key2, key2_len, extension_ids, cs, key1, key1_len, extension_ids)); |
| 222 | EXPECT_TRUE(srtp_transport1_->SetRtcpParams( |
| 223 | cs, key1, key1_len, extension_ids, cs, key2, key2_len, extension_ids)); |
| 224 | EXPECT_TRUE(srtp_transport2_->SetRtcpParams( |
| 225 | cs, key2, key2_len, extension_ids, cs, key1, key1_len, extension_ids)); |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 226 | EXPECT_TRUE(srtp_transport1_->IsSrtpActive()); |
| 227 | EXPECT_TRUE(srtp_transport2_->IsSrtpActive()); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 228 | if (rtc::IsGcmCryptoSuite(cs)) { |
| 229 | EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive()); |
| 230 | EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive()); |
| 231 | } else if (enable_external_auth) { |
| 232 | EXPECT_TRUE(srtp_transport1_->IsExternalAuthActive()); |
| 233 | EXPECT_TRUE(srtp_transport2_->IsExternalAuthActive()); |
| 234 | } |
| 235 | TestSendRecvRtpPacket(cipher_suite_name); |
| 236 | TestSendRecvRtcpPacket(cipher_suite_name); |
| 237 | } |
| 238 | |
| 239 | void TestSendRecvPacketWithEncryptedHeaderExtension( |
| 240 | const std::string& cs, |
| 241 | const std::vector<int>& encrypted_header_ids) { |
| 242 | size_t rtp_len = sizeof(kPcmuFrameWithExtensions); |
| 243 | size_t packet_size = rtp_len + rtc::rtp_auth_tag_len(cs); |
| 244 | rtc::Buffer rtp_packet_buffer(packet_size); |
| 245 | char* rtp_packet_data = rtp_packet_buffer.data<char>(); |
| 246 | memcpy(rtp_packet_data, kPcmuFrameWithExtensions, rtp_len); |
| 247 | // In order to be able to run this test function multiple times we can not |
| 248 | // use the same sequence number twice. Increase the sequence number by one. |
| 249 | rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_data) + 2, |
| 250 | ++sequence_number_); |
| 251 | rtc::CopyOnWriteBuffer rtp_packet1to2(rtp_packet_data, rtp_len, |
| 252 | packet_size); |
| 253 | rtc::CopyOnWriteBuffer rtp_packet2to1(rtp_packet_data, rtp_len, |
| 254 | packet_size); |
| 255 | |
| 256 | char original_rtp_data[sizeof(kPcmuFrameWithExtensions)]; |
| 257 | memcpy(original_rtp_data, rtp_packet_data, rtp_len); |
| 258 | |
| 259 | rtc::PacketOptions options; |
| 260 | // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify |
| 261 | // that the packet can be successfully received and decrypted. |
| 262 | ASSERT_TRUE(srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options, |
| 263 | cricket::PF_SRTP_BYPASS)); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 264 | ASSERT_TRUE(rtp_sink2_.last_recv_rtp_packet().data()); |
| 265 | EXPECT_EQ(0, memcmp(rtp_sink2_.last_recv_rtp_packet().data(), |
| 266 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 267 | // Get the encrypted packet from underneath packet transport and verify the |
| 268 | // data and header extension are actually encrypted. |
| 269 | auto fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 270 | srtp_transport1_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 271 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 272 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 273 | CompareHeaderExtensions( |
| 274 | reinterpret_cast<const char*>( |
| 275 | fake_rtp_packet_transport->last_sent_packet()->data()), |
| 276 | fake_rtp_packet_transport->last_sent_packet()->size(), |
| 277 | original_rtp_data, rtp_len, encrypted_header_ids, false); |
| 278 | |
| 279 | // Do the same thing in the opposite direction; |
| 280 | ASSERT_TRUE(srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options, |
| 281 | cricket::PF_SRTP_BYPASS)); |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 282 | ASSERT_TRUE(rtp_sink1_.last_recv_rtp_packet().data()); |
| 283 | EXPECT_EQ(0, memcmp(rtp_sink1_.last_recv_rtp_packet().data(), |
| 284 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 285 | fake_rtp_packet_transport = static_cast<rtc::FakePacketTransport*>( |
| 286 | srtp_transport2_->rtp_packet_transport()); |
Steve Anton | 36b29d1 | 2017-10-30 09:57:42 -0700 | [diff] [blame] | 287 | EXPECT_NE(0, memcmp(fake_rtp_packet_transport->last_sent_packet()->data(), |
| 288 | original_rtp_data, rtp_len)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 289 | CompareHeaderExtensions( |
| 290 | reinterpret_cast<const char*>( |
| 291 | fake_rtp_packet_transport->last_sent_packet()->data()), |
| 292 | fake_rtp_packet_transport->last_sent_packet()->size(), |
| 293 | original_rtp_data, rtp_len, encrypted_header_ids, false); |
| 294 | } |
| 295 | |
| 296 | void TestSendRecvEncryptedHeaderExtension(int cs, |
| 297 | const uint8_t* key1, |
| 298 | int key1_len, |
| 299 | const uint8_t* key2, |
| 300 | int key2_len, |
| 301 | const std::string& cs_name) { |
| 302 | std::vector<int> encrypted_headers; |
Zhi Huang | f2d7beb | 2017-11-20 14:35:11 -0800 | [diff] [blame] | 303 | encrypted_headers.push_back(kHeaderExtensionIDs[0]); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 304 | // Don't encrypt header ids 2 and 3. |
Zhi Huang | f2d7beb | 2017-11-20 14:35:11 -0800 | [diff] [blame] | 305 | encrypted_headers.push_back(kHeaderExtensionIDs[1]); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 306 | EXPECT_EQ(key1_len, key2_len); |
| 307 | EXPECT_EQ(cs_name, rtc::SrtpCryptoSuiteToName(cs)); |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 308 | EXPECT_TRUE(srtp_transport1_->SetRtpParams(cs, key1, key1_len, |
| 309 | encrypted_headers, cs, key2, |
| 310 | key2_len, encrypted_headers)); |
| 311 | EXPECT_TRUE(srtp_transport2_->SetRtpParams(cs, key2, key2_len, |
| 312 | encrypted_headers, cs, key1, |
| 313 | key1_len, encrypted_headers)); |
Zhi Huang | e830e68 | 2018-03-30 10:48:35 -0700 | [diff] [blame] | 314 | EXPECT_TRUE(srtp_transport1_->IsSrtpActive()); |
| 315 | EXPECT_TRUE(srtp_transport2_->IsSrtpActive()); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 316 | EXPECT_FALSE(srtp_transport1_->IsExternalAuthActive()); |
| 317 | EXPECT_FALSE(srtp_transport2_->IsExternalAuthActive()); |
| 318 | TestSendRecvPacketWithEncryptedHeaderExtension(cs_name, encrypted_headers); |
| 319 | } |
| 320 | |
| 321 | std::unique_ptr<SrtpTransport> srtp_transport1_; |
| 322 | std::unique_ptr<SrtpTransport> srtp_transport2_; |
| 323 | |
| 324 | std::unique_ptr<rtc::FakePacketTransport> rtp_packet_transport1_; |
| 325 | std::unique_ptr<rtc::FakePacketTransport> rtp_packet_transport2_; |
| 326 | |
Zhi Huang | 365381f | 2018-04-13 16:44:34 -0700 | [diff] [blame] | 327 | TransportObserver rtp_sink1_; |
| 328 | TransportObserver rtp_sink2_; |
| 329 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 330 | int sequence_number_ = 0; |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 331 | }; |
| 332 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 333 | class SrtpTransportTestWithExternalAuth |
| 334 | : public SrtpTransportTest, |
| 335 | public testing::WithParamInterface<bool> {}; |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 336 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 337 | TEST_P(SrtpTransportTestWithExternalAuth, |
| 338 | SendAndRecvPacket_AES_CM_128_HMAC_SHA1_80) { |
| 339 | bool enable_external_auth = GetParam(); |
| 340 | TestSendRecvPacket(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_80, |
| 341 | kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| 342 | rtc::CS_AES_CM_128_HMAC_SHA1_80); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 343 | } |
| 344 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 345 | TEST_F(SrtpTransportTest, |
| 346 | SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_80) { |
| 347 | TestSendRecvEncryptedHeaderExtension(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, |
| 348 | kTestKeyLen, kTestKey2, kTestKeyLen, |
| 349 | rtc::CS_AES_CM_128_HMAC_SHA1_80); |
| 350 | } |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 351 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 352 | TEST_P(SrtpTransportTestWithExternalAuth, |
| 353 | SendAndRecvPacket_AES_CM_128_HMAC_SHA1_32) { |
| 354 | bool enable_external_auth = GetParam(); |
| 355 | TestSendRecvPacket(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_32, |
| 356 | kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, |
| 357 | rtc::CS_AES_CM_128_HMAC_SHA1_32); |
| 358 | } |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 359 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 360 | TEST_F(SrtpTransportTest, |
| 361 | SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_32) { |
| 362 | TestSendRecvEncryptedHeaderExtension(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, |
| 363 | kTestKeyLen, kTestKey2, kTestKeyLen, |
| 364 | rtc::CS_AES_CM_128_HMAC_SHA1_32); |
| 365 | } |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 366 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 367 | TEST_P(SrtpTransportTestWithExternalAuth, |
| 368 | SendAndRecvPacket_SRTP_AEAD_AES_128_GCM) { |
| 369 | bool enable_external_auth = GetParam(); |
| 370 | TestSendRecvPacket(enable_external_auth, rtc::SRTP_AEAD_AES_128_GCM, |
| 371 | kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, |
| 372 | kTestKeyGcm128Len, rtc::CS_AEAD_AES_128_GCM); |
| 373 | } |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 374 | |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 375 | TEST_F(SrtpTransportTest, |
| 376 | SendAndRecvPacketWithHeaderExtension_SRTP_AEAD_AES_128_GCM) { |
| 377 | TestSendRecvEncryptedHeaderExtension( |
| 378 | rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, kTestKeyGcm128Len, |
| 379 | kTestKeyGcm128_2, kTestKeyGcm128Len, rtc::CS_AEAD_AES_128_GCM); |
| 380 | } |
| 381 | |
| 382 | TEST_P(SrtpTransportTestWithExternalAuth, |
| 383 | SendAndRecvPacket_SRTP_AEAD_AES_256_GCM) { |
| 384 | bool enable_external_auth = GetParam(); |
| 385 | TestSendRecvPacket(enable_external_auth, rtc::SRTP_AEAD_AES_256_GCM, |
| 386 | kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, |
| 387 | kTestKeyGcm256Len, rtc::CS_AEAD_AES_256_GCM); |
| 388 | } |
| 389 | |
| 390 | TEST_F(SrtpTransportTest, |
| 391 | SendAndRecvPacketWithHeaderExtension_SRTP_AEAD_AES_256_GCM) { |
| 392 | TestSendRecvEncryptedHeaderExtension( |
| 393 | rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, kTestKeyGcm256Len, |
| 394 | kTestKeyGcm256_2, kTestKeyGcm256Len, rtc::CS_AEAD_AES_256_GCM); |
| 395 | } |
| 396 | |
| 397 | // Run all tests both with and without external auth enabled. |
| 398 | INSTANTIATE_TEST_CASE_P(ExternalAuth, |
| 399 | SrtpTransportTestWithExternalAuth, |
| 400 | ::testing::Values(true, false)); |
| 401 | |
| 402 | // Test directly setting the params with bogus keys. |
| 403 | TEST_F(SrtpTransportTest, TestSetParamsKeyTooShort) { |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 404 | std::vector<int> extension_ids; |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 405 | EXPECT_FALSE(srtp_transport1_->SetRtpParams( |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 406 | rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids, |
| 407 | rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids)); |
Zhi Huang | cf990f5 | 2017-09-22 12:12:30 -0700 | [diff] [blame] | 408 | EXPECT_FALSE(srtp_transport1_->SetRtcpParams( |
Zhi Huang | c99b6c7 | 2017-11-10 16:44:46 -0800 | [diff] [blame] | 409 | rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids, |
| 410 | rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids)); |
zstein | 398c3fd | 2017-07-19 13:38:02 -0700 | [diff] [blame] | 411 | } |
| 412 | |
| 413 | } // namespace webrtc |