Reland: Completed the functionalities of SrtpTransport.
The SrtpTransport takes the SRTP responsibilities from the BaseChannel
and SrtpFilter. SrtpTransport is now responsible for setting the crypto
keys, protecting and unprotecting the packets. SrtpTransport doesn't
know if the keys are from SDES or DTLS handshake.
BaseChannel is now only responsible setting the offer/answer for SDES
or extracting the key from DtlsTransport and configuring the
SrtpTransport.
SrtpFilter is used by BaseChannel as a helper for SDES negotiation.
BUG=webrtc:7013
Change-Id: If61489dfbdf23481a1f1831ad181fbf45eaadb3e
Reviewed-on: https://webrtc-review.googlesource.com/2560
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Commit-Queue: Zhi Huang <zhihuang@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#19977}diff --git a/pc/srtpfilter_unittest.cc b/pc/srtpfilter_unittest.cc
index 75a4e39..a71762c 100644
--- a/pc/srtpfilter_unittest.cc
+++ b/pc/srtpfilter_unittest.cc
@@ -13,14 +13,7 @@
#include "pc/srtpfilter.h"
#include "media/base/cryptoparams.h"
-#include "media/base/fakertp.h"
-#include "p2p/base/sessiondescription.h"
-#include "pc/srtptestutil.h"
-#include "rtc_base/buffer.h"
-#include "rtc_base/byteorder.h"
-#include "rtc_base/constructormagic.h"
#include "rtc_base/gunit.h"
-#include "rtc_base/thread.h"
using cricket::CryptoParams;
using cricket::CS_LOCAL;
@@ -28,14 +21,6 @@
namespace rtc {
-static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12";
-static const uint8_t kTestKeyGcm128_2[] = "21ZYXWVUTSRQPONMLKJIHGFEDCBA";
-static const int kTestKeyGcm128Len = 28; // 128 bits key + 96 bits salt.
-static const uint8_t kTestKeyGcm256_1[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr";
-static const uint8_t kTestKeyGcm256_2[] =
- "rqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA";
-static const int kTestKeyGcm256Len = 44; // 256 bits key + 96 bits salt.
static const std::string kTestKeyParams1 =
"inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
static const std::string kTestKeyParams2 =
@@ -67,14 +52,13 @@
class SrtpFilterTest : public testing::Test {
protected:
- SrtpFilterTest()
- // Need to initialize |sequence_number_|, the value does not matter.
- : sequence_number_(1) {}
+ SrtpFilterTest() {}
static std::vector<CryptoParams> MakeVector(const CryptoParams& params) {
std::vector<CryptoParams> vec;
vec.push_back(params);
return vec;
}
+
void TestSetParams(const std::vector<CryptoParams>& params1,
const std::vector<CryptoParams>& params2) {
EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL));
@@ -86,186 +70,16 @@
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
}
- void TestRtpAuthParams(cricket::SrtpFilter* filter, const std::string& cs) {
- int overhead;
- EXPECT_TRUE(filter->GetSrtpOverhead(&overhead));
- switch (SrtpCryptoSuiteFromName(cs)) {
- case SRTP_AES128_CM_SHA1_32:
- EXPECT_EQ(32 / 8, overhead); // 32-bit tag.
- break;
- case SRTP_AES128_CM_SHA1_80:
- EXPECT_EQ(80 / 8, overhead); // 80-bit tag.
- break;
- default:
- RTC_NOTREACHED();
- break;
- }
- uint8_t* auth_key = nullptr;
- int key_len = 0;
- int tag_len = 0;
- EXPECT_TRUE(filter->GetRtpAuthParams(&auth_key, &key_len, &tag_len));
- EXPECT_NE(nullptr, auth_key);
- EXPECT_EQ(160 / 8, key_len); // Length of SHA-1 is 160 bits.
- EXPECT_EQ(overhead, tag_len);
+ void VerifyCryptoParamsMatch(const std::string& cs1, const std::string& cs2) {
+ EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs1), f1_.send_cipher_suite());
+ EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs2), f2_.send_cipher_suite());
+ EXPECT_TRUE(f1_.send_key() == f2_.recv_key());
+ EXPECT_TRUE(f2_.send_key() == f1_.recv_key());
}
- void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) {
- Buffer rtp_buffer(sizeof(kPcmuFrame) + rtp_auth_tag_len(cs1));
- char* rtp_packet = rtp_buffer.data<char>();
- char original_rtp_packet[sizeof(kPcmuFrame)];
- Buffer rtcp_buffer(sizeof(kRtcpReport) + 4 + rtcp_auth_tag_len(cs2));
- char* rtcp_packet = rtcp_buffer.data<char>();
- int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len;
- memcpy(rtp_packet, kPcmuFrame, rtp_len);
- // In order to be able to run this test function multiple times we can not
- // use the same sequence number twice. Increase the sequence number by one.
- SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, ++sequence_number_);
- memcpy(original_rtp_packet, rtp_packet, rtp_len);
- memcpy(rtcp_packet, kRtcpReport, rtcp_len);
- EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len,
- static_cast<int>(rtp_buffer.size()), &out_len));
- EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
- EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
- if (!f1_.IsExternalAuthActive()) {
- EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
- EXPECT_EQ(rtp_len, out_len);
- EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
- } else {
- // With external auth enabled, SRTP doesn't write the auth tag and
- // unprotect would fail. Check accessing the information about the
- // tag instead, similar to what the actual code would do that relies
- // on external auth.
- TestRtpAuthParams(&f1_, cs1);
- }
-
- EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
- static_cast<int>(rtp_buffer.size()), &out_len));
- EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
- EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
- if (!f2_.IsExternalAuthActive()) {
- EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
- EXPECT_EQ(rtp_len, out_len);
- EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
- } else {
- TestRtpAuthParams(&f2_, cs2);
- }
-
- EXPECT_TRUE(f1_.ProtectRtcp(
- rtcp_packet, rtcp_len, static_cast<int>(rtcp_buffer.size()), &out_len));
- EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT
- EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
- EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
- EXPECT_EQ(rtcp_len, out_len);
- EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
-
- EXPECT_TRUE(f2_.ProtectRtcp(
- rtcp_packet, rtcp_len, static_cast<int>(rtcp_buffer.size()), &out_len));
- EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT
- EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
- EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
- EXPECT_EQ(rtcp_len, out_len);
- EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
- }
- void TestProtectUnprotectHeaderEncryption(
- const std::string& cs1,
- const std::string& cs2,
- const std::vector<int>& encrypted_header_ids) {
- Buffer rtp_buffer(sizeof(kPcmuFrameWithExtensions) + rtp_auth_tag_len(cs1));
- char* rtp_packet = rtp_buffer.data<char>();
- size_t rtp_packet_size = rtp_buffer.size();
- char original_rtp_packet[sizeof(kPcmuFrameWithExtensions)];
- size_t original_rtp_packet_size = sizeof(original_rtp_packet);
- int rtp_len = sizeof(kPcmuFrameWithExtensions), out_len;
- memcpy(rtp_packet, kPcmuFrameWithExtensions, rtp_len);
- // In order to be able to run this test function multiple times we can not
- // use the same sequence number twice. Increase the sequence number by one.
- SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, ++sequence_number_);
- memcpy(original_rtp_packet, rtp_packet, rtp_len);
-
- EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len,
- static_cast<int>(rtp_buffer.size()), &out_len));
- EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
- EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
- CompareHeaderExtensions(rtp_packet, rtp_packet_size, original_rtp_packet,
- original_rtp_packet_size, encrypted_header_ids,
- false);
- EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
- EXPECT_EQ(rtp_len, out_len);
- EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
- CompareHeaderExtensions(rtp_packet, rtp_packet_size, original_rtp_packet,
- original_rtp_packet_size, encrypted_header_ids,
- true);
-
- EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
- static_cast<int>(rtp_buffer.size()), &out_len));
- EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
- EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
- CompareHeaderExtensions(rtp_packet, rtp_packet_size, original_rtp_packet,
- original_rtp_packet_size, encrypted_header_ids,
- false);
- EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
- EXPECT_EQ(rtp_len, out_len);
- EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
- CompareHeaderExtensions(rtp_packet, rtp_packet_size, original_rtp_packet,
- original_rtp_packet_size, encrypted_header_ids,
- true);
- }
- void TestProtectSetParamsDirect(bool enable_external_auth,
- int cs,
- const uint8_t* key1,
- int key1_len,
- const uint8_t* key2,
- int key2_len,
- const std::string& cs_name) {
- EXPECT_EQ(key1_len, key2_len);
- EXPECT_EQ(cs_name, SrtpCryptoSuiteToName(cs));
- if (enable_external_auth) {
- f1_.EnableExternalAuth();
- f2_.EnableExternalAuth();
- }
- EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len));
- EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len));
- EXPECT_TRUE(f1_.SetRtcpParams(cs, key1, key1_len, cs, key2, key2_len));
- EXPECT_TRUE(f2_.SetRtcpParams(cs, key2, key2_len, cs, key1, key1_len));
- EXPECT_TRUE(f1_.IsActive());
- EXPECT_TRUE(f2_.IsActive());
- if (IsGcmCryptoSuite(cs)) {
- EXPECT_FALSE(f1_.IsExternalAuthActive());
- EXPECT_FALSE(f2_.IsExternalAuthActive());
- } else if (enable_external_auth) {
- EXPECT_TRUE(f1_.IsExternalAuthActive());
- EXPECT_TRUE(f2_.IsExternalAuthActive());
- }
- TestProtectUnprotect(cs_name, cs_name);
- }
- void TestProtectSetParamsDirectHeaderEncryption(int cs,
- const uint8_t* key1,
- int key1_len,
- const uint8_t* key2,
- int key2_len,
- const std::string& cs_name) {
- std::vector<int> encrypted_headers;
- encrypted_headers.push_back(1);
- // Don't encrypt header ids 2 and 3.
- encrypted_headers.push_back(4);
- EXPECT_EQ(key1_len, key2_len);
- EXPECT_EQ(cs_name, SrtpCryptoSuiteToName(cs));
- f1_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers);
- f1_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers);
- f2_.SetEncryptedHeaderExtensionIds(CS_LOCAL, encrypted_headers);
- f2_.SetEncryptedHeaderExtensionIds(CS_REMOTE, encrypted_headers);
- EXPECT_TRUE(f1_.SetRtpParams(cs, key1, key1_len, cs, key2, key2_len));
- EXPECT_TRUE(f2_.SetRtpParams(cs, key2, key2_len, cs, key1, key1_len));
- EXPECT_TRUE(f1_.IsActive());
- EXPECT_TRUE(f2_.IsActive());
- EXPECT_FALSE(f1_.IsExternalAuthActive());
- EXPECT_FALSE(f2_.IsExternalAuthActive());
- TestProtectUnprotectHeaderEncryption(cs_name, cs_name, encrypted_headers);
- }
cricket::SrtpFilter f1_;
cricket::SrtpFilter f2_;
- int sequence_number_;
};
// Test that we can set up the session and keys properly.
@@ -479,21 +293,6 @@
EXPECT_FALSE(f1_.IsActive());
}
-// Test that we can encrypt/decrypt after setting the same CryptoParams again on
-// one side.
-TEST_F(SrtpFilterTest, TestSettingSameKeyOnOneSide) {
- std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
- std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
- TestSetParams(offer, answer);
-
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
-
- // Re-applying the same keys on one end and it should not reset the ROC.
- EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
- EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
-}
-
// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80.
TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
@@ -502,7 +301,8 @@
offer[1].tag = 2;
offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
TestSetParams(offer, answer);
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
+ CS_AES_CM_128_HMAC_SHA1_80);
}
// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
@@ -515,7 +315,8 @@
answer[0].tag = 2;
answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
TestSetParams(offer, answer);
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
+ CS_AES_CM_128_HMAC_SHA1_32);
}
// Test that we can change encryption parameters.
@@ -524,7 +325,8 @@
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
TestSetParams(offer, answer);
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
+ CS_AES_CM_128_HMAC_SHA1_80);
// Change the key parameters and cipher_suite.
offer[0].key_params = kTestKeyParams3;
@@ -538,13 +340,15 @@
EXPECT_TRUE(f1_.IsActive());
// Test that the old keys are valid until the negotiation is complete.
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
+ CS_AES_CM_128_HMAC_SHA1_80);
// Complete the negotiation and test that we can still understand each other.
EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
+ CS_AES_CM_128_HMAC_SHA1_32);
}
// Test that we can send and receive provisional answers with crypto enabled.
@@ -564,7 +368,8 @@
EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
+ CS_AES_CM_128_HMAC_SHA1_80);
answer[0].key_params = kTestKeyParams4;
answer[0].tag = 2;
@@ -573,7 +378,8 @@
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
+ CS_AES_CM_128_HMAC_SHA1_32);
}
// Test that a provisional answer doesn't need to contain a crypto.
@@ -595,7 +401,8 @@
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
+ CS_AES_CM_128_HMAC_SHA1_80);
}
// Test that if we get a new local offer after a provisional answer
@@ -622,7 +429,8 @@
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
EXPECT_TRUE(f1_.IsActive());
EXPECT_TRUE(f2_.IsActive());
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
+ CS_AES_CM_128_HMAC_SHA1_80);
}
// Test that we can disable encryption.
@@ -631,7 +439,8 @@
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
TestSetParams(offer, answer);
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
+ CS_AES_CM_128_HMAC_SHA1_80);
offer.clear();
answer.clear();
@@ -641,7 +450,8 @@
EXPECT_TRUE(f2_.IsActive());
// Test that the old keys are valid until the negotiation is complete.
- TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
+ VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
+ CS_AES_CM_128_HMAC_SHA1_80);
// Complete the negotiation.
EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
@@ -651,85 +461,4 @@
EXPECT_FALSE(f2_.IsActive());
}
-class SrtpFilterProtectSetParamsDirectTest
- : public SrtpFilterTest,
- public testing::WithParamInterface<bool> {};
-
-// Test directly setting the params with AES_CM_128_HMAC_SHA1_80.
-TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_80) {
- bool enable_external_auth = GetParam();
- TestProtectSetParamsDirect(enable_external_auth, SRTP_AES128_CM_SHA1_80,
- kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_80);
-}
-
-TEST_F(SrtpFilterTest,
- TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_80) {
- TestProtectSetParamsDirectHeaderEncryption(
- SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_80);
-}
-
-// Test directly setting the params with AES_CM_128_HMAC_SHA1_32.
-TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_AES_CM_128_HMAC_SHA1_32) {
- bool enable_external_auth = GetParam();
- TestProtectSetParamsDirect(enable_external_auth, SRTP_AES128_CM_SHA1_32,
- kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_32);
-}
-
-TEST_F(SrtpFilterTest,
- TestProtectSetParamsDirectHeaderEncryption_AES_CM_128_HMAC_SHA1_32) {
- TestProtectSetParamsDirectHeaderEncryption(
- SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen,
- CS_AES_CM_128_HMAC_SHA1_32);
-}
-
-// Test directly setting the params with SRTP_AEAD_AES_128_GCM.
-TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_128_GCM) {
- bool enable_external_auth = GetParam();
- TestProtectSetParamsDirect(enable_external_auth, SRTP_AEAD_AES_128_GCM,
- kTestKeyGcm128_1, kTestKeyGcm128Len,
- kTestKeyGcm128_2, kTestKeyGcm128Len,
- CS_AEAD_AES_128_GCM);
-}
-
-TEST_F(SrtpFilterTest,
- TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_128_GCM) {
- TestProtectSetParamsDirectHeaderEncryption(
- SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, kTestKeyGcm128Len,
- kTestKeyGcm128_2, kTestKeyGcm128Len, CS_AEAD_AES_128_GCM);
-}
-
-// Test directly setting the params with SRTP_AEAD_AES_256_GCM.
-TEST_P(SrtpFilterProtectSetParamsDirectTest, Test_SRTP_AEAD_AES_256_GCM) {
- bool enable_external_auth = GetParam();
- TestProtectSetParamsDirect(enable_external_auth, SRTP_AEAD_AES_256_GCM,
- kTestKeyGcm256_1, kTestKeyGcm256Len,
- kTestKeyGcm256_2, kTestKeyGcm256Len,
- CS_AEAD_AES_256_GCM);
-}
-
-TEST_F(SrtpFilterTest,
- TestProtectSetParamsDirectHeaderEncryption_SRTP_AEAD_AES_256_GCM) {
- TestProtectSetParamsDirectHeaderEncryption(
- SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, kTestKeyGcm256Len,
- kTestKeyGcm256_2, kTestKeyGcm256Len, CS_AEAD_AES_256_GCM);
-}
-
-// Run all tests both with and without external auth enabled.
-INSTANTIATE_TEST_CASE_P(ExternalAuth,
- SrtpFilterProtectSetParamsDirectTest,
- ::testing::Values(true, false));
-
-// Test directly setting the params with bogus keys.
-TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
- EXPECT_FALSE(f1_.SetRtpParams(SRTP_AES128_CM_SHA1_80, kTestKey1,
- kTestKeyLen - 1, SRTP_AES128_CM_SHA1_80,
- kTestKey1, kTestKeyLen - 1));
- EXPECT_FALSE(f1_.SetRtcpParams(SRTP_AES128_CM_SHA1_80, kTestKey1,
- kTestKeyLen - 1, SRTP_AES128_CM_SHA1_80,
- kTestKey1, kTestKeyLen - 1));
-}
-
} // namespace rtc
