Adding flag to enable/disable use of SRTP_AES128_CM_SHA1_32 crypto suite.
This flag (added to CryptoOptions) will allow applications to opt-in to
use of this suite, before it's disabled by default later. See bug for
more details.
TBR=magjed@webrtc.org
Bug: webrtc:7670
Change-Id: I800bedd4b26d807b6b7ac66b505d419c3323e454
Reviewed-on: https://webrtc-review.googlesource.com/64390
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22586}diff --git a/pc/peerconnection_integrationtest.cc b/pc/peerconnection_integrationtest.cc
index ec53298..33bf267 100644
--- a/pc/peerconnection_integrationtest.cc
+++ b/pc/peerconnection_integrationtest.cc
@@ -1365,13 +1365,10 @@
return expectations_correct;
}
- void TestGcmNegotiationUsesCipherSuite(bool local_gcm_enabled,
- bool remote_gcm_enabled,
- int expected_cipher_suite) {
- PeerConnectionFactory::Options caller_options;
- caller_options.crypto_options.enable_gcm_crypto_suites = local_gcm_enabled;
- PeerConnectionFactory::Options callee_options;
- callee_options.crypto_options.enable_gcm_crypto_suites = remote_gcm_enabled;
+ void TestNegotiatedCipherSuite(
+ const PeerConnectionFactory::Options& caller_options,
+ const PeerConnectionFactory::Options& callee_options,
+ int expected_cipher_suite) {
ASSERT_TRUE(CreatePeerConnectionWrappersWithOptions(caller_options,
callee_options));
rtc::scoped_refptr<webrtc::FakeMetricsObserver> caller_observer =
@@ -1390,6 +1387,17 @@
caller()->pc()->RegisterUMAObserver(nullptr);
}
+ void TestGcmNegotiationUsesCipherSuite(bool local_gcm_enabled,
+ bool remote_gcm_enabled,
+ int expected_cipher_suite) {
+ PeerConnectionFactory::Options caller_options;
+ caller_options.crypto_options.enable_gcm_crypto_suites = local_gcm_enabled;
+ PeerConnectionFactory::Options callee_options;
+ callee_options.crypto_options.enable_gcm_crypto_suites = remote_gcm_enabled;
+ TestNegotiatedCipherSuite(caller_options, callee_options,
+ expected_cipher_suite);
+ }
+
protected:
const SdpSemantics sdp_semantics_;
@@ -2600,6 +2608,40 @@
ASSERT_TRUE(ExpectNewFrames(media_expectations));
}
+// The three tests below verify that "enable_aes128_sha1_32_crypto_cipher"
+// works as expected; the cipher should only be used if enabled by both sides.
+TEST_P(PeerConnectionIntegrationTest,
+ Aes128Sha1_32_CipherNotUsedWhenOnlyCallerSupported) {
+ PeerConnectionFactory::Options caller_options;
+ caller_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
+ PeerConnectionFactory::Options callee_options;
+ callee_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = false;
+ int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80;
+ TestNegotiatedCipherSuite(caller_options, callee_options,
+ expected_cipher_suite);
+}
+
+TEST_P(PeerConnectionIntegrationTest,
+ Aes128Sha1_32_CipherNotUsedWhenOnlyCalleeSupported) {
+ PeerConnectionFactory::Options caller_options;
+ caller_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = false;
+ PeerConnectionFactory::Options callee_options;
+ callee_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
+ int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80;
+ TestNegotiatedCipherSuite(caller_options, callee_options,
+ expected_cipher_suite);
+}
+
+TEST_P(PeerConnectionIntegrationTest, Aes128Sha1_32_CipherUsedWhenSupported) {
+ PeerConnectionFactory::Options caller_options;
+ caller_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
+ PeerConnectionFactory::Options callee_options;
+ callee_options.crypto_options.enable_aes128_sha1_32_crypto_cipher = true;
+ int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_32;
+ TestNegotiatedCipherSuite(caller_options, callee_options,
+ expected_cipher_suite);
+}
+
// Test that a non-GCM cipher is used if both sides only support non-GCM.
TEST_P(PeerConnectionIntegrationTest, NonGcmCipherUsedWhenGcmNotSupported) {
bool local_gcm_enabled = false;
