New SRTP cipher test suite

Moved tests from srtp_cipher_aead_aes_gcm_test.go to new file, cleaned up their code to make it more DRY. Added tests for AES CM ciphers there too. This new cipher test suite will make it easier to add tests for new SRTP features without lots of copy/paste.
pion · Jul 7, 2024 · a717d6f · a717d6f
1 parent 180f6ef
commit a717d6f
Show file tree

Hide file tree

Showing 3 changed files with 202 additions and 164 deletions.
diff --git a/protection_profile.go b/protection_profile.go
@@ -84,3 +84,18 @@ func (p ProtectionProfile) authKeyLen() (int, error) {
 		return 0, fmt.Errorf("%w: %#v", errNoSuchSRTPProfile, p)
 	}
 }
+
+func (p ProtectionProfile) String() string {
+	switch p {
+	case ProtectionProfileAes128CmHmacSha1_80:
+		return "SRTP_AES128_CM_HMAC_SHA1_80"
+	case ProtectionProfileAes128CmHmacSha1_32:
+		return "SRTP_AES128_CM_HMAC_SHA1_32"
+	case ProtectionProfileAeadAes128Gcm:
+		return "SRTP_AEAD_AES_128_GCM"
+	case ProtectionProfileAeadAes256Gcm:
+		return "SRTP_AEAD_AES_256_GCM"
+	default:
+		return fmt.Sprintf("Unknown SRTP profile: %#v", p)
+	}
+}
diff --git a/srtp_cipher_aead_aes_gcm_test.go b/srtp_cipher_aead_aes_gcm_test.go
diff --git a/srtp_cipher_test.go b/srtp_cipher_test.go
@@ -0,0 +1,187 @@
+// SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
+// SPDX-License-Identifier: MIT
+
+package srtp
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type testCipher struct {
+	profile    ProtectionProfile // Protection profile
+	masterKey  []byte            // Master key
+	masterSalt []byte            // Master salt
+
+	decryptedRTPPacket  []byte
+	encryptedRTPPacket  []byte
+	decryptedRTCPPacket []byte
+	encryptedRTCPPacket []byte
+}
+
+// create array of testCiphers for each supported profile
+func createTestCiphers() []testCipher {
+	tests := []testCipher{
+		{
+			profile: ProtectionProfileAes128CmHmacSha1_32,
+			encryptedRTPPacket: []byte{
+				0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+				0xca, 0xfe, 0xba, 0xbe, 0xe2, 0xd8, 0xdf, 0x8f,
+				0x7a, 0x75, 0xd6, 0x88, 0xc3, 0x50, 0x2e, 0xee,
+				0xc2, 0xa9, 0x80, 0x66, 0xcd, 0x7c, 0x0d, 0x09,
+			},
+			encryptedRTCPPacket: []byte{
+				0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+				0x56, 0x74, 0xbf, 0x01, 0x81, 0x3d, 0xc0, 0x62,
+				0xac, 0x1d, 0xf6, 0xf7, 0x5f, 0x77, 0xc6, 0x88,
+				0x80, 0x00, 0x00, 0x01, 0x3d, 0xb7, 0xa1, 0x98,
+				0x37, 0xff, 0x64, 0xe5, 0xcb, 0xd2,
+			},
+		},
+		{
+			profile: ProtectionProfileAes128CmHmacSha1_80,
+			encryptedRTPPacket: []byte{
+				0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+				0xca, 0xfe, 0xba, 0xbe, 0xe2, 0xd8, 0xdf, 0x8f,
+				0x7a, 0x75, 0xd6, 0x88, 0xc3, 0x50, 0x2e, 0xee,
+				0xc2, 0xa9, 0x80, 0x66, 0xcd, 0x7c, 0x0d, 0x09,
+				0xca, 0x44, 0x32, 0xa5, 0x6e, 0x3d,
+			},
+			encryptedRTCPPacket: []byte{
+				0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+				0x56, 0x74, 0xbf, 0x01, 0x81, 0x3d, 0xc0, 0x62,
+				0xac, 0x1d, 0xf6, 0xf7, 0x5f, 0x77, 0xc6, 0x88,
+				0x80, 0x00, 0x00, 0x01, 0x3d, 0xb7, 0xa1, 0x98,
+				0x37, 0xff, 0x64, 0xe5, 0xcb, 0xd2,
+			},
+		},
+		{
+			profile: ProtectionProfileAeadAes128Gcm,
+			encryptedRTPPacket: []byte{
+				0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+				0xca, 0xfe, 0xba, 0xbe, 0xc5, 0x00, 0x2e, 0xde,
+				0x04, 0xcf, 0xdd, 0x2e, 0xb9, 0x11, 0x59, 0xe0,
+				0x88, 0x0a, 0xa0, 0x6e, 0xd2, 0x97, 0x68, 0x26,
+				0xf7, 0x96, 0xb2, 0x01, 0xdf, 0x31, 0x31, 0xa1,
+				0x27, 0xe8, 0xa3, 0x92,
+			},
+			encryptedRTCPPacket: []byte{
+				0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+				0xc9, 0x8b, 0x8b, 0x5d, 0xf0, 0x39, 0x2a, 0x55,
+				0x85, 0x2b, 0x6c, 0x21, 0xac, 0x8e, 0x70, 0x25,
+				0xc5, 0x2c, 0x6f, 0xbe, 0xa2, 0xb3, 0xb4, 0x46,
+				0xea, 0x31, 0x12, 0x3b, 0xa8, 0x8c, 0xe6, 0x1e,
+				0x80, 0x00, 0x00, 0x01,
+			},
+		},
+		{
+			profile: ProtectionProfileAeadAes256Gcm,
+			encryptedRTPPacket: []byte{
+				0x80, 0xf, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+				0xca, 0xfe, 0xba, 0xbe, 0xaf, 0x49, 0x96, 0x8f,
+				0x7e, 0x9c, 0x43, 0xf8, 0x01, 0xdd, 0x0c, 0x84,
+				0x8b, 0x1e, 0xc9, 0xb0, 0x29, 0xcd, 0xf8, 0x5c,
+				0xb7, 0x9a, 0x2f, 0x95, 0x60, 0xd4, 0x69, 0x75,
+				0x98, 0x50, 0x77, 0x25,
+			},
+			encryptedRTCPPacket: []byte{
+				0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+				0x98, 0x22, 0xba, 0x22, 0x96, 0x1c, 0x31, 0x48,
+				0xe7, 0xb7, 0xec, 0x4f, 0x09, 0xf4, 0x26, 0xdc,
+				0xf6, 0xb5, 0x9a, 0x75, 0xad, 0xec, 0x74, 0xfd,
+				0xb9, 0x51, 0xb6, 0x66, 0x84, 0x24, 0xd4, 0xe2,
+				0x80, 0x00, 0x00, 0x01,
+			},
+		},
+	}
+
+	masterKey := []byte{
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+	}
+	masterSalt := []byte{
+		0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+		0xa8, 0xa9, 0xaa, 0xab, 0x0ac, 0xad,
+	}
+	decryptedRTPPacket := []byte{
+		0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+		0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+		0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+		0xab, 0xab, 0xab, 0xab,
+	}
+	decryptedRTCPPacket := []byte{
+		0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+		0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+		0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+	}
+
+	for k, v := range tests {
+		keyLen, err := v.profile.keyLen()
+		if err != nil {
+			panic(err)
+		}
+		saltLen, err := v.profile.saltLen()
+		if err != nil {
+			panic(err)
+		}
+		tests[k].masterKey = masterKey[:keyLen]
+		tests[k].masterSalt = masterSalt[:saltLen]
+		tests[k].decryptedRTPPacket = decryptedRTPPacket
+		tests[k].decryptedRTCPPacket = decryptedRTCPPacket
+	}
+
+	return tests
+}
+
+func TestSrtpCipher(t *testing.T) {
+	for _, c := range createTestCiphers() {
+		t.Run(c.profile.String(), func(t *testing.T) {
+			t.Run("Encrypt RTP", func(t *testing.T) {
+				ctx, err := CreateContext(c.masterKey, c.masterSalt, c.profile)
+				assert.NoError(t, err)
+
+				t.Run("New Allocation", func(t *testing.T) {
+					actualEncrypted, err := ctx.EncryptRTP(nil, c.decryptedRTPPacket, nil)
+					assert.NoError(t, err)
+					assert.Equal(t, c.encryptedRTPPacket, actualEncrypted)
+				})
+			})
+
+			t.Run("Decrypt RTP", func(t *testing.T) {
+				ctx, err := CreateContext(c.masterKey, c.masterSalt, c.profile)
+				assert.NoError(t, err)
+
+				t.Run("New Allocation", func(t *testing.T) {
+					actualDecrypted, err := ctx.DecryptRTP(nil, c.encryptedRTPPacket, nil)
+					assert.NoError(t, err)
+					assert.Equal(t, c.decryptedRTPPacket, actualDecrypted)
+				})
+			})
+
+			t.Run("Encrypt RTCP", func(t *testing.T) {
+				ctx, err := CreateContext(c.masterKey, c.masterSalt, c.profile)
+				assert.NoError(t, err)
+
+				t.Run("New Allocation", func(t *testing.T) {
+					actualEncrypted, err := ctx.EncryptRTCP(nil, c.decryptedRTCPPacket, nil)
+					assert.NoError(t, err)
+					assert.Equal(t, c.encryptedRTCPPacket, actualEncrypted)
+				})
+			})
+
+			t.Run("Decrypt RTCP", func(t *testing.T) {
+				ctx, err := CreateContext(c.masterKey, c.masterSalt, c.profile)
+				assert.NoError(t, err)
+
+				t.Run("New Allocation", func(t *testing.T) {
+					actualDecrypted, err := ctx.DecryptRTCP(nil, c.encryptedRTCPPacket, nil)
+					assert.NoError(t, err)
+					assert.Equal(t, c.decryptedRTCPPacket, actualDecrypted)
+				})
+			})
+		})
+	}
+}