Google Git
Sign in
webrtc / src / b6d50e3a1758a808118170e6c6a6119e96356f3b / . / pc / srtp_filter_unittest.cc
blob: 9a5720614c04f703125c3514402dc4d56365afc1 [file] [log] [blame]
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]1/*
kjellander65c7f672016-02-12 08:05:01[diff] [blame]2 * Copyright 2004 The WebRTC project authors. All Rights Reserved.
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]3 *
kjellander65c7f672016-02-12 08:05:01[diff] [blame]4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]9 */
10
Jonas Olssona4d87372019-07-05 17:08:33[diff] [blame]11#include "pc/srtp_filter.h"
12
Yves Gerey3e707812018-11-28 15:47:49[diff] [blame]13#include <string.h>
mattdr0d8ade52016-10-25 16:47:26[diff] [blame]14
Steve Anton10542f22019-01-11 17:11:00[diff] [blame]15#include "api/crypto_params.h"
Steve Anton10542f22019-01-11 17:11:00[diff] [blame]16#include "rtc_base/ssl_stream_adapter.h"
Yves Gerey3e707812018-11-28 15:47:49[diff] [blame]17#include "test/gtest.h"
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]18
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]19using cricket::CryptoParams;
20using cricket::CS_LOCAL;
21using cricket::CS_REMOTE;
22
zstein4dde3df2017-07-07 21:26:25[diff] [blame]23namespace rtc {
24
Steve Anton36b29d12017-10-30 16:57:42[diff] [blame]25static const char kTestKeyParams1[] =
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]26 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
Steve Anton36b29d12017-10-30 16:57:42[diff] [blame]27static const char kTestKeyParams2[] =
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]28 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
Steve Anton36b29d12017-10-30 16:57:42[diff] [blame]29static const char kTestKeyParams3[] =
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]30 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
Steve Anton36b29d12017-10-30 16:57:42[diff] [blame]31static const char kTestKeyParams4[] =
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]32 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
Steve Anton36b29d12017-10-30 16:57:42[diff] [blame]33static const char kTestKeyParamsGcm1[] =
jbauchcb560652016-08-04 12:20:32[diff] [blame]34 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI=";
Steve Anton36b29d12017-10-30 16:57:42[diff] [blame]35static const char kTestKeyParamsGcm2[] =
jbauchcb560652016-08-04 12:20:32[diff] [blame]36 "inline:6X0oCd55zfz4VgtOwsuqcFq61275PDYN5uwuu3p7ZUHbfUY2FMpdP4m2PEo=";
Steve Anton36b29d12017-10-30 16:57:42[diff] [blame]37static const char kTestKeyParamsGcm3[] =
jbauchcb560652016-08-04 12:20:32[diff] [blame]38 "inline:YKlABGZWMgX32xuMotrG0v0T7G83veegaVzubQ==";
Steve Anton36b29d12017-10-30 16:57:42[diff] [blame]39static const char kTestKeyParamsGcm4[] =
jbauchcb560652016-08-04 12:20:32[diff] [blame]40 "inline:gJ6tWoUym2v+/F6xjr7xaxiS3QbJJozl3ZD/0A==";
Yves Gerey665174f2018-06-19 13:03:05[diff] [blame]41static const cricket::CryptoParams kTestCryptoParams1(1,
42 "AES_CM_128_HMAC_SHA1_80",
43 kTestKeyParams1,
44 "");
45static const cricket::CryptoParams kTestCryptoParams2(1,
46 "AES_CM_128_HMAC_SHA1_80",
47 kTestKeyParams2,
48 "");
49static const cricket::CryptoParams kTestCryptoParamsGcm1(1,
50 "AEAD_AES_256_GCM",
51 kTestKeyParamsGcm1,
52 "");
53static const cricket::CryptoParams kTestCryptoParamsGcm2(1,
54 "AEAD_AES_256_GCM",
55 kTestKeyParamsGcm2,
56 "");
57static const cricket::CryptoParams kTestCryptoParamsGcm3(1,
58 "AEAD_AES_128_GCM",
59 kTestKeyParamsGcm3,
60 "");
61static const cricket::CryptoParams kTestCryptoParamsGcm4(1,
62 "AEAD_AES_128_GCM",
63 kTestKeyParamsGcm4,
64 "");
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]65
Mirko Bonadei6a489f22019-04-09 13:11:12[diff] [blame]66class SrtpFilterTest : public ::testing::Test {
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]67 protected:
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]68 SrtpFilterTest() {}
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]69 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) {
70 std::vector<CryptoParams> vec;
71 vec.push_back(params);
72 return vec;
73 }
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]74
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]75 void TestSetParams(const std::vector<CryptoParams>& params1,
76 const std::vector<CryptoParams>& params2) {
77 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL));
78 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]79 EXPECT_FALSE(f1_.IsActive());
80 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]81 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL));
82 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE));
83 EXPECT_TRUE(f1_.IsActive());
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]84 EXPECT_TRUE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]85 }
jbauchdfcab722017-03-06 08:14:10[diff] [blame]86
Joachim Bauch5b32f232018-03-07 19:02:26[diff] [blame]87 void VerifyKeysAreEqual(ArrayView<const uint8_t> key1,
88 ArrayView<const uint8_t> key2) {
89 EXPECT_EQ(key1.size(), key2.size());
90 EXPECT_EQ(0, memcmp(key1.data(), key2.data(), key1.size()));
91 }
92
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]93 void VerifyCryptoParamsMatch(const std::string& cs1, const std::string& cs2) {
94 EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs1), f1_.send_cipher_suite());
95 EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs2), f2_.send_cipher_suite());
Joachim Bauch5b32f232018-03-07 19:02:26[diff] [blame]96 VerifyKeysAreEqual(f1_.send_key(), f2_.recv_key());
97 VerifyKeysAreEqual(f2_.send_key(), f1_.recv_key());
jbauchdfcab722017-03-06 08:14:10[diff] [blame]98 }
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]99
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]100 cricket::SrtpFilter f1_;
101 cricket::SrtpFilter f2_;
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]102};
103
104// Test that we can set up the session and keys properly.
105TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) {
106 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]107 EXPECT_FALSE(f1_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]108 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
109 EXPECT_TRUE(f1_.IsActive());
110}
111
jbauchcb560652016-08-04 12:20:32[diff] [blame]112TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuiteGcm) {
113 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParamsGcm1), CS_LOCAL));
114 EXPECT_FALSE(f1_.IsActive());
115 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParamsGcm2), CS_REMOTE));
116 EXPECT_TRUE(f1_.IsActive());
117}
118
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]119// Test that we can set up things with multiple params.
120TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) {
121 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
122 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
123 offer.push_back(kTestCryptoParams1);
124 offer[1].tag = 2;
125 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
126 answer[0].tag = 2;
127 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
128 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]129 EXPECT_FALSE(f1_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]130 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
131 EXPECT_TRUE(f1_.IsActive());
132}
133
jbauchcb560652016-08-04 12:20:32[diff] [blame]134TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuitesGcm) {
135 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParamsGcm1));
136 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParamsGcm3));
137 offer.push_back(kTestCryptoParamsGcm4);
138 offer[1].tag = 2;
139 answer[0].tag = 2;
140 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
141 EXPECT_FALSE(f1_.IsActive());
142 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
143 EXPECT_TRUE(f1_.IsActive());
144}
145
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]146// Test that we handle the cases where crypto is not desired.
147TEST_F(SrtpFilterTest, TestGoodSetupNoCipherSuites) {
148 std::vector<CryptoParams> offer, answer;
149 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
150 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
151 EXPECT_FALSE(f1_.IsActive());
152}
153
154// Test that we handle the cases where crypto is not desired by the remote side.
155TEST_F(SrtpFilterTest, TestGoodSetupNoAnswerCipherSuites) {
156 std::vector<CryptoParams> answer;
157 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
158 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
159 EXPECT_FALSE(f1_.IsActive());
160}
161
162// Test that we fail if we call the functions the wrong way.
163TEST_F(SrtpFilterTest, TestBadSetup) {
164 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
165 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
166 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
167 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
168 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
169 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
170 EXPECT_FALSE(f1_.IsActive());
171}
172
173// Test that we can set offer multiple times from the same source.
174TEST_F(SrtpFilterTest, TestGoodSetupMultipleOffers) {
175 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
176 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]177 EXPECT_FALSE(f1_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]178 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
179 EXPECT_TRUE(f1_.IsActive());
180 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
181 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
182 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
183
184 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
185 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]186 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]187 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
188 EXPECT_TRUE(f2_.IsActive());
189 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
190 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
191 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
192}
193// Test that we can't set offer multiple times from different sources.
194TEST_F(SrtpFilterTest, TestBadSetupMultipleOffers) {
195 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
196 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]197 EXPECT_FALSE(f1_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]198 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams1), CS_REMOTE));
199 EXPECT_TRUE(f1_.IsActive());
200 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
201 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
202 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
203
204 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
205 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]206 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]207 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
208 EXPECT_TRUE(f2_.IsActive());
209 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
210 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
211 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
212}
213
214// Test that we fail if we have params in the answer when none were offered.
215TEST_F(SrtpFilterTest, TestNoAnswerCipherSuites) {
216 std::vector<CryptoParams> offer;
217 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
218 EXPECT_FALSE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
219 EXPECT_FALSE(f1_.IsActive());
220}
221
222// Test that we fail if we have too many params in our answer.
223TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) {
224 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
225 answer.push_back(kTestCryptoParams2);
226 answer[1].tag = 2;
227 answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
228 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
229 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
230 EXPECT_FALSE(f1_.IsActive());
231}
232
233// Test that we fail if we don't support the cipher-suite.
234TEST_F(SrtpFilterTest, TestInvalidCipherSuite) {
235 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
236 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
237 offer[0].cipher_suite = answer[0].cipher_suite = "FOO";
238 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
239 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
240 EXPECT_FALSE(f1_.IsActive());
241}
242
243// Test that we fail if we can't agree on a tag.
244TEST_F(SrtpFilterTest, TestNoMatchingTag) {
245 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
246 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
247 answer[0].tag = 99;
248 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
249 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
250 EXPECT_FALSE(f1_.IsActive());
251}
252
253// Test that we fail if we can't agree on a cipher-suite.
254TEST_F(SrtpFilterTest, TestNoMatchingCipherSuite) {
255 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
256 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
257 answer[0].tag = 2;
258 answer[0].cipher_suite = "FOO";
259 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
260 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
261 EXPECT_FALSE(f1_.IsActive());
262}
263
264// Test that we fail keys with bad base64 content.
265TEST_F(SrtpFilterTest, TestInvalidKeyData) {
266 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
267 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
268 answer[0].key_params = "inline:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
269 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
270 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
271 EXPECT_FALSE(f1_.IsActive());
272}
273
274// Test that we fail keys with the wrong key-method.
275TEST_F(SrtpFilterTest, TestWrongKeyMethod) {
276 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
277 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
278 answer[0].key_params = "outline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
279 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
280 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
281 EXPECT_FALSE(f1_.IsActive());
282}
283
284// Test that we fail keys of the wrong length.
285TEST_F(SrtpFilterTest, TestKeyTooShort) {
286 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
287 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
288 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtx";
289 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
290 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
291 EXPECT_FALSE(f1_.IsActive());
292}
293
294// Test that we fail keys of the wrong length.
295TEST_F(SrtpFilterTest, TestKeyTooLong) {
296 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
297 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
298 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBRABCD";
299 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
300 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
301 EXPECT_FALSE(f1_.IsActive());
302}
303
304// Test that we fail keys with lifetime or MKI set (since we don't support)
305TEST_F(SrtpFilterTest, TestUnsupportedOptions) {
306 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
307 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
308 answer[0].key_params =
309 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4";
310 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
311 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
312 EXPECT_FALSE(f1_.IsActive());
313}
314
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]315// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80.
316TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
317 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
318 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
319 offer.push_back(kTestCryptoParams1);
320 offer[1].tag = 2;
321 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
322 TestSetParams(offer, answer);
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]323 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
324 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]325}
326
327// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
328TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
329 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
330 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
331 offer.push_back(kTestCryptoParams1);
332 offer[1].tag = 2;
333 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
334 answer[0].tag = 2;
335 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
336 TestSetParams(offer, answer);
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]337 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
338 CS_AES_CM_128_HMAC_SHA1_32);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]339}
340
341// Test that we can change encryption parameters.
342TEST_F(SrtpFilterTest, TestChangeParameters) {
343 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
344 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
345
346 TestSetParams(offer, answer);
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]347 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
348 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]349
350 // Change the key parameters and cipher_suite.
351 offer[0].key_params = kTestKeyParams3;
352 offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
353 answer[0].key_params = kTestKeyParams4;
354 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
355
356 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
357 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
358 EXPECT_TRUE(f1_.IsActive());
359 EXPECT_TRUE(f1_.IsActive());
360
361 // Test that the old keys are valid until the negotiation is complete.
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]362 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
363 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]364
365 // Complete the negotiation and test that we can still understand each other.
366 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
367 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
368
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]369 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
370 CS_AES_CM_128_HMAC_SHA1_32);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]371}
372
373// Test that we can send and receive provisional answers with crypto enabled.
374// Also test that we can change the crypto.
375TEST_F(SrtpFilterTest, TestProvisionalAnswer) {
376 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
377 offer.push_back(kTestCryptoParams1);
378 offer[1].tag = 2;
379 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
380 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
381
382 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
383 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]384 EXPECT_FALSE(f1_.IsActive());
385 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]386 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
387 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
388 EXPECT_TRUE(f1_.IsActive());
389 EXPECT_TRUE(f2_.IsActive());
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]390 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
391 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]392
393 answer[0].key_params = kTestKeyParams4;
394 answer[0].tag = 2;
395 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
396 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
397 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
398 EXPECT_TRUE(f1_.IsActive());
399 EXPECT_TRUE(f2_.IsActive());
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]400 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32,
401 CS_AES_CM_128_HMAC_SHA1_32);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]402}
403
404// Test that a provisional answer doesn't need to contain a crypto.
405TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) {
406 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
407 std::vector<CryptoParams> answer;
408
409 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
410 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]411 EXPECT_FALSE(f1_.IsActive());
412 EXPECT_FALSE(f2_.IsActive());
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]413 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
414 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
415 EXPECT_FALSE(f1_.IsActive());
416 EXPECT_FALSE(f2_.IsActive());
417
418 answer.push_back(kTestCryptoParams2);
419 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
420 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
421 EXPECT_TRUE(f1_.IsActive());
422 EXPECT_TRUE(f2_.IsActive());
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]423 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
424 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]425}
426
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]427// Test that if we get a new local offer after a provisional answer
428// with no crypto, that we are in an inactive state.
429TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) {
430 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
431 std::vector<CryptoParams> answer;
432
433 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
434 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
435 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
436 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
437 EXPECT_FALSE(f1_.IsActive());
438 EXPECT_FALSE(f2_.IsActive());
439 // The calls to set an offer after a provisional answer fail, so the
440 // state doesn't change.
441 EXPECT_FALSE(f1_.SetOffer(offer, CS_LOCAL));
442 EXPECT_FALSE(f2_.SetOffer(offer, CS_REMOTE));
443 EXPECT_FALSE(f1_.IsActive());
444 EXPECT_FALSE(f2_.IsActive());
445
446 answer.push_back(kTestCryptoParams2);
447 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
448 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
449 EXPECT_TRUE(f1_.IsActive());
450 EXPECT_TRUE(f2_.IsActive());
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]451 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
452 CS_AES_CM_128_HMAC_SHA1_80);
pthatcher@webrtc.org2e7ee4b2014-10-27 16:10:29[diff] [blame]453}
454
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]455// Test that we can disable encryption.
456TEST_F(SrtpFilterTest, TestDisableEncryption) {
457 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
458 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
459
460 TestSetParams(offer, answer);
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]461 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
462 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]463
464 offer.clear();
465 answer.clear();
466 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
467 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
468 EXPECT_TRUE(f1_.IsActive());
469 EXPECT_TRUE(f2_.IsActive());
470
471 // Test that the old keys are valid until the negotiation is complete.
Zhi Huangcf990f52017-09-22 19:12:30[diff] [blame]472 VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80,
473 CS_AES_CM_128_HMAC_SHA1_80);
henrike@webrtc.org28e20752013-07-10 00:45:36[diff] [blame]474
475 // Complete the negotiation.
476 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
477 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
478
479 EXPECT_FALSE(f1_.IsActive());
480 EXPECT_FALSE(f2_.IsActive());
481}
482
zstein4dde3df2017-07-07 21:26:25[diff] [blame]483} // namespace rtc