diff --git a/api/crypto/crypto_options.cc b/api/crypto/crypto_options.cc index f47e844596..22c5dd464b 100644 --- a/api/crypto/crypto_options.cc +++ b/api/crypto/crypto_options.cc @@ -32,24 +32,24 @@ CryptoOptions CryptoOptions::NoGcm() { std::vector CryptoOptions::GetSupportedDtlsSrtpCryptoSuites() const { std::vector crypto_suites; - // Note: SRTP_AES128_CM_SHA1_80 is what is required to be supported (by - // draft-ietf-rtcweb-security-arch), but SRTP_AES128_CM_SHA1_32 is allowed as + // Note: kSrtpAes128CmSha1_80 is what is required to be supported (by + // draft-ietf-rtcweb-security-arch), but kSrtpAes128CmSha1_32 is allowed as // well, and saves a few bytes per packet if it ends up selected. // As the cipher suite is potentially insecure, it will only be used if // enabled by both peers. if (srtp.enable_aes128_sha1_32_crypto_cipher) { - crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_32); + crypto_suites.push_back(rtc::kSrtpAes128CmSha1_32); } if (srtp.enable_aes128_sha1_80_crypto_cipher) { - crypto_suites.push_back(rtc::SRTP_AES128_CM_SHA1_80); + crypto_suites.push_back(rtc::kSrtpAes128CmSha1_80); } // Note: GCM cipher suites are not the top choice since they increase the // packet size. In order to negotiate them the other side must not support - // SRTP_AES128_CM_SHA1_80. + // kSrtpAes128CmSha1_80. if (srtp.enable_gcm_crypto_suites) { - crypto_suites.push_back(rtc::SRTP_AEAD_AES_256_GCM); - crypto_suites.push_back(rtc::SRTP_AEAD_AES_128_GCM); + crypto_suites.push_back(rtc::kSrtpAeadAes256Gcm); + crypto_suites.push_back(rtc::kSrtpAeadAes128Gcm); } RTC_CHECK(!crypto_suites.empty()); return crypto_suites; diff --git a/api/crypto/crypto_options.h b/api/crypto/crypto_options.h index 5f6cea6c82..317995134a 100644 --- a/api/crypto/crypto_options.h +++ b/api/crypto/crypto_options.h @@ -44,7 +44,7 @@ struct RTC_EXPORT CryptoOptions { bool enable_gcm_crypto_suites = false; // If set to true, the (potentially insecure) crypto cipher - // SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers + // kSrtpAes128CmSha1_32 will be included in the list of supported ciphers // during negotiation. It will only be used if both peers support it and no // other ciphers get preferred. bool enable_aes128_sha1_32_crypto_cipher = false; diff --git a/p2p/base/dtls_transport_unittest.cc b/p2p/base/dtls_transport_unittest.cc index f01566d263..f584d94ac4 100644 --- a/p2p/base/dtls_transport_unittest.cc +++ b/p2p/base/dtls_transport_unittest.cc @@ -338,14 +338,14 @@ class DtlsTransportTestBase { if (use_dtls_) { // Check that we negotiated the right ciphers. Since GCM ciphers are not - // negotiated by default, we should end up with SRTP_AES128_CM_SHA1_80. - client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80); - client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80); + // negotiated by default, we should end up with kSrtpAes128CmSha1_80. + client1_.CheckSrtp(rtc::kSrtpAes128CmSha1_80); + client2_.CheckSrtp(rtc::kSrtpAes128CmSha1_80); } else { // If DTLS isn't actually being used, GetSrtpCryptoSuite should return // false. - client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE); - client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE); + client1_.CheckSrtp(rtc::kSrtpInvalidCryptoSuite); + client2_.CheckSrtp(rtc::kSrtpInvalidCryptoSuite); } client1_.CheckSsl(); diff --git a/p2p/base/fake_dtls_transport.h b/p2p/base/fake_dtls_transport.h index e02755c68f..af00016f9e 100644 --- a/p2p/base/fake_dtls_transport.h +++ b/p2p/base/fake_dtls_transport.h @@ -293,7 +293,7 @@ class FakeDtlsTransport : public DtlsTransportInternal { rtc::SSLProtocolVersion ssl_max_version_ = rtc::SSL_PROTOCOL_DTLS_12; rtc::SSLFingerprint dtls_fingerprint_; absl::optional dtls_role_; - int crypto_suite_ = rtc::SRTP_AES128_CM_SHA1_80; + int crypto_suite_ = rtc::kSrtpAes128CmSha1_80; absl::optional ssl_cipher_suite_; webrtc::DtlsTransportState dtls_state_ = webrtc::DtlsTransportState::kNew; diff --git a/pc/jsep_transport_unittest.cc b/pc/jsep_transport_unittest.cc index ffca560cdd..8c526a9613 100644 --- a/pc/jsep_transport_unittest.cc +++ b/pc/jsep_transport_unittest.cc @@ -924,8 +924,8 @@ TEST_F(JsepTransport2Test, SdesNegotiation) { JsepTransportDescription offer_desc; offer_desc.cryptos.push_back(cricket::CryptoParams( - 1, rtc::CS_AES_CM_128_HMAC_SHA1_32, - "inline:" + rtc::CreateRandomString(40), std::string())); + 1, rtc::kCsAesCm128HmacSha1_32, "inline:" + rtc::CreateRandomString(40), + std::string())); ASSERT_TRUE( jsep_transport_ ->SetLocalJsepTransportDescription(offer_desc, SdpType::kOffer) @@ -933,8 +933,8 @@ TEST_F(JsepTransport2Test, SdesNegotiation) { JsepTransportDescription answer_desc; answer_desc.cryptos.push_back(cricket::CryptoParams( - 1, rtc::CS_AES_CM_128_HMAC_SHA1_32, - "inline:" + rtc::CreateRandomString(40), std::string())); + 1, rtc::kCsAesCm128HmacSha1_32, "inline:" + rtc::CreateRandomString(40), + std::string())); ASSERT_TRUE( jsep_transport_ ->SetRemoteJsepTransportDescription(answer_desc, SdpType::kAnswer) @@ -950,8 +950,8 @@ TEST_F(JsepTransport2Test, SdesNegotiationWithEmptyCryptosInAnswer) { JsepTransportDescription offer_desc; offer_desc.cryptos.push_back(cricket::CryptoParams( - 1, rtc::CS_AES_CM_128_HMAC_SHA1_32, - "inline:" + rtc::CreateRandomString(40), std::string())); + 1, rtc::kCsAesCm128HmacSha1_32, "inline:" + rtc::CreateRandomString(40), + std::string())); ASSERT_TRUE( jsep_transport_ ->SetLocalJsepTransportDescription(offer_desc, SdpType::kOffer) @@ -974,8 +974,8 @@ TEST_F(JsepTransport2Test, SdesNegotiationWithMismatchedCryptos) { JsepTransportDescription offer_desc; offer_desc.cryptos.push_back(cricket::CryptoParams( - 1, rtc::CS_AES_CM_128_HMAC_SHA1_32, - "inline:" + rtc::CreateRandomString(40), std::string())); + 1, rtc::kCsAesCm128HmacSha1_32, "inline:" + rtc::CreateRandomString(40), + std::string())); ASSERT_TRUE( jsep_transport_ ->SetLocalJsepTransportDescription(offer_desc, SdpType::kOffer) @@ -983,8 +983,8 @@ TEST_F(JsepTransport2Test, SdesNegotiationWithMismatchedCryptos) { JsepTransportDescription answer_desc; answer_desc.cryptos.push_back(cricket::CryptoParams( - 1, rtc::CS_AES_CM_128_HMAC_SHA1_80, - "inline:" + rtc::CreateRandomString(40), std::string())); + 1, rtc::kCsAesCm128HmacSha1_80, "inline:" + rtc::CreateRandomString(40), + std::string())); // Expected to fail because the crypto parameters don't match. ASSERT_FALSE( jsep_transport_ @@ -1148,7 +1148,7 @@ TEST_P(JsepTransport2HeaderExtensionTest, EncryptedHeaderExtensionNegotiation) { recv_encrypted_headers1_.push_back(kHeaderExtensionIDs[0]); recv_encrypted_headers2_.push_back(kHeaderExtensionIDs[1]); - cricket::CryptoParams sdes_param(1, rtc::CS_AES_CM_128_HMAC_SHA1_80, + cricket::CryptoParams sdes_param(1, rtc::kCsAesCm128HmacSha1_80, "inline:" + rtc::CreateRandomString(40), std::string()); if (use_gcm) { @@ -1157,8 +1157,8 @@ TEST_P(JsepTransport2HeaderExtensionTest, EncryptedHeaderExtensionNegotiation) { auto fake_dtls2 = static_cast(jsep_transport2_->rtp_dtls_transport()); - fake_dtls1->SetSrtpCryptoSuite(rtc::SRTP_AEAD_AES_256_GCM); - fake_dtls2->SetSrtpCryptoSuite(rtc::SRTP_AEAD_AES_256_GCM); + fake_dtls1->SetSrtpCryptoSuite(rtc::kSrtpAeadAes256Gcm); + fake_dtls2->SetSrtpCryptoSuite(rtc::kSrtpAeadAes256Gcm); } if (scenario == Scenario::kDtlsBeforeCallerSendOffer) { diff --git a/pc/media_session.cc b/pc/media_session.cc index 3c73ddf535..0944a7a357 100644 --- a/pc/media_session.cc +++ b/pc/media_session.cc @@ -240,12 +240,12 @@ void GetSupportedAudioSdesCryptoSuites( const webrtc::CryptoOptions& crypto_options, std::vector* crypto_suites) { if (crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher) { - crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_32); + crypto_suites->push_back(rtc::kSrtpAes128CmSha1_32); } - crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80); + crypto_suites->push_back(rtc::kSrtpAes128CmSha1_80); if (crypto_options.srtp.enable_gcm_crypto_suites) { - crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM); - crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM); + crypto_suites->push_back(rtc::kSrtpAeadAes256Gcm); + crypto_suites->push_back(rtc::kSrtpAeadAes128Gcm); } } @@ -259,10 +259,10 @@ void GetSupportedAudioSdesCryptoSuiteNames( void GetSupportedVideoSdesCryptoSuites( const webrtc::CryptoOptions& crypto_options, std::vector* crypto_suites) { - crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80); + crypto_suites->push_back(rtc::kSrtpAes128CmSha1_80); if (crypto_options.srtp.enable_gcm_crypto_suites) { - crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM); - crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM); + crypto_suites->push_back(rtc::kSrtpAeadAes256Gcm); + crypto_suites->push_back(rtc::kSrtpAeadAes128Gcm); } } @@ -276,10 +276,10 @@ void GetSupportedVideoSdesCryptoSuiteNames( void GetSupportedDataSdesCryptoSuites( const webrtc::CryptoOptions& crypto_options, std::vector* crypto_suites) { - crypto_suites->push_back(rtc::SRTP_AES128_CM_SHA1_80); + crypto_suites->push_back(rtc::kSrtpAes128CmSha1_80); if (crypto_options.srtp.enable_gcm_crypto_suites) { - crypto_suites->push_back(rtc::SRTP_AEAD_AES_256_GCM); - crypto_suites->push_back(rtc::SRTP_AEAD_AES_128_GCM); + crypto_suites->push_back(rtc::kSrtpAeadAes256Gcm); + crypto_suites->push_back(rtc::kSrtpAeadAes128Gcm); } } @@ -304,8 +304,8 @@ static bool SelectCrypto(const MediaContentDescription* offer, for (const CryptoParams& crypto : cryptos) { if ((crypto_options.srtp.enable_gcm_crypto_suites && rtc::IsGcmCryptoSuiteName(crypto.cipher_suite)) || - rtc::CS_AES_CM_128_HMAC_SHA1_80 == crypto.cipher_suite || - (rtc::CS_AES_CM_128_HMAC_SHA1_32 == crypto.cipher_suite && audio && + rtc::kCsAesCm128HmacSha1_80 == crypto.cipher_suite || + (rtc::kCsAesCm128HmacSha1_32 == crypto.cipher_suite && audio && !bundle && crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher)) { return CreateCryptoParams(crypto.tag, crypto.cipher_suite, crypto_out); } diff --git a/pc/media_session_unittest.cc b/pc/media_session_unittest.cc index c7c07fc527..c808d94080 100644 --- a/pc/media_session_unittest.cc +++ b/pc/media_session_unittest.cc @@ -80,10 +80,10 @@ using cricket::TransportDescriptionFactory; using cricket::TransportInfo; using cricket::VideoCodec; using cricket::VideoContentDescription; -using rtc::CS_AEAD_AES_128_GCM; -using rtc::CS_AEAD_AES_256_GCM; -using rtc::CS_AES_CM_128_HMAC_SHA1_32; -using rtc::CS_AES_CM_128_HMAC_SHA1_80; +using rtc::kCsAeadAes128Gcm; +using rtc::kCsAeadAes256Gcm; +using rtc::kCsAesCm128HmacSha1_32; +using rtc::kCsAesCm128HmacSha1_80; using rtc::UniqueRandomIdGenerator; using ::testing::Contains; using ::testing::Each; @@ -267,8 +267,8 @@ static const char* kMediaProtocolsDtls[] = { // SRTP cipher name negotiated by the tests. This must be updated if the // default changes. -static const char* kDefaultSrtpCryptoSuite = CS_AES_CM_128_HMAC_SHA1_80; -static const char* kDefaultSrtpCryptoSuiteGcm = CS_AEAD_AES_256_GCM; +static const char* kDefaultSrtpCryptoSuite = kCsAesCm128HmacSha1_80; +static const char* kDefaultSrtpCryptoSuiteGcm = kCsAeadAes256Gcm; // These constants are used to make the code using "AddMediaDescriptionOptions" // more readable. @@ -408,8 +408,8 @@ void PreferGcmCryptoParameters(CryptoParamsVec* cryptos) { cryptos->erase( std::remove_if(cryptos->begin(), cryptos->end(), [](const cricket::CryptoParams& crypto) { - return crypto.cipher_suite != CS_AEAD_AES_256_GCM && - crypto.cipher_suite != CS_AEAD_AES_128_GCM; + return crypto.cipher_suite != kCsAeadAes256Gcm && + crypto.cipher_suite != kCsAeadAes128Gcm; }), cryptos->end()); } diff --git a/pc/peer_connection.cc b/pc/peer_connection.cc index 276af1787d..8ddf42ca34 100644 --- a/pc/peer_connection.cc +++ b/pc/peer_connection.cc @@ -2741,28 +2741,28 @@ void PeerConnection::ReportNegotiatedCiphers( int srtp_crypto_suite = stats.channel_stats[0].srtp_crypto_suite; int ssl_cipher_suite = stats.channel_stats[0].ssl_cipher_suite; - if (srtp_crypto_suite == rtc::SRTP_INVALID_CRYPTO_SUITE && - ssl_cipher_suite == rtc::TLS_NULL_WITH_NULL_NULL) { + if (srtp_crypto_suite == rtc::kSrtpInvalidCryptoSuite && + ssl_cipher_suite == rtc::kTlsNullWithNullNull) { return; } - if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE) { + if (srtp_crypto_suite != rtc::kSrtpInvalidCryptoSuite) { for (cricket::MediaType media_type : media_types) { switch (media_type) { case cricket::MEDIA_TYPE_AUDIO: RTC_HISTOGRAM_ENUMERATION_SPARSE( "WebRTC.PeerConnection.SrtpCryptoSuite.Audio", srtp_crypto_suite, - rtc::SRTP_CRYPTO_SUITE_MAX_VALUE); + rtc::kSrtpCryptoSuiteMaxValue); break; case cricket::MEDIA_TYPE_VIDEO: RTC_HISTOGRAM_ENUMERATION_SPARSE( "WebRTC.PeerConnection.SrtpCryptoSuite.Video", srtp_crypto_suite, - rtc::SRTP_CRYPTO_SUITE_MAX_VALUE); + rtc::kSrtpCryptoSuiteMaxValue); break; case cricket::MEDIA_TYPE_DATA: RTC_HISTOGRAM_ENUMERATION_SPARSE( "WebRTC.PeerConnection.SrtpCryptoSuite.Data", srtp_crypto_suite, - rtc::SRTP_CRYPTO_SUITE_MAX_VALUE); + rtc::kSrtpCryptoSuiteMaxValue); break; default: RTC_NOTREACHED(); @@ -2771,23 +2771,23 @@ void PeerConnection::ReportNegotiatedCiphers( } } - if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL) { + if (ssl_cipher_suite != rtc::kTlsNullWithNullNull) { for (cricket::MediaType media_type : media_types) { switch (media_type) { case cricket::MEDIA_TYPE_AUDIO: RTC_HISTOGRAM_ENUMERATION_SPARSE( "WebRTC.PeerConnection.SslCipherSuite.Audio", ssl_cipher_suite, - rtc::SSL_CIPHER_SUITE_MAX_VALUE); + rtc::kSslCipherSuiteMaxValue); break; case cricket::MEDIA_TYPE_VIDEO: RTC_HISTOGRAM_ENUMERATION_SPARSE( "WebRTC.PeerConnection.SslCipherSuite.Video", ssl_cipher_suite, - rtc::SSL_CIPHER_SUITE_MAX_VALUE); + rtc::kSslCipherSuiteMaxValue); break; case cricket::MEDIA_TYPE_DATA: RTC_HISTOGRAM_ENUMERATION_SPARSE( "WebRTC.PeerConnection.SslCipherSuite.Data", ssl_cipher_suite, - rtc::SSL_CIPHER_SUITE_MAX_VALUE); + rtc::kSslCipherSuiteMaxValue); break; default: RTC_NOTREACHED(); diff --git a/pc/peer_connection_integrationtest.cc b/pc/peer_connection_integrationtest.cc index 53b674d851..4ec86b3af3 100644 --- a/pc/peer_connection_integrationtest.cc +++ b/pc/peer_connection_integrationtest.cc @@ -1762,7 +1762,7 @@ TEST_P(PeerConnectionIntegrationTest, PeerConnectionFactory::Options callee_options; callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = false; - int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80; + int expected_cipher_suite = rtc::kSrtpAes128CmSha1_80; TestNegotiatedCipherSuite(caller_options, callee_options, expected_cipher_suite); } @@ -1774,7 +1774,7 @@ TEST_P(PeerConnectionIntegrationTest, false; PeerConnectionFactory::Options callee_options; callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true; - int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_80; + int expected_cipher_suite = rtc::kSrtpAes128CmSha1_80; TestNegotiatedCipherSuite(caller_options, callee_options, expected_cipher_suite); } @@ -1784,7 +1784,7 @@ TEST_P(PeerConnectionIntegrationTest, Aes128Sha1_32_CipherUsedWhenSupported) { caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true; PeerConnectionFactory::Options callee_options; callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true; - int expected_cipher_suite = rtc::SRTP_AES128_CM_SHA1_32; + int expected_cipher_suite = rtc::kSrtpAes128CmSha1_32; TestNegotiatedCipherSuite(caller_options, callee_options, expected_cipher_suite); } diff --git a/pc/rtc_stats_collector.cc b/pc/rtc_stats_collector.cc index ee5826486c..1fdc736227 100644 --- a/pc/rtc_stats_collector.cc +++ b/pc/rtc_stats_collector.cc @@ -2036,7 +2036,7 @@ void RTCStatsCollector::ProduceTransportStats_n( snprintf(bytes, sizeof(bytes), "%04X", channel_stats.ssl_version_bytes); transport_stats->tls_version = bytes; } - if (channel_stats.ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL && + if (channel_stats.ssl_cipher_suite != rtc::kTlsNullWithNullNull && rtc::SSLStreamAdapter::SslCipherSuiteToName( channel_stats.ssl_cipher_suite) .length()) { @@ -2044,7 +2044,7 @@ void RTCStatsCollector::ProduceTransportStats_n( rtc::SSLStreamAdapter::SslCipherSuiteToName( channel_stats.ssl_cipher_suite); } - if (channel_stats.srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE && + if (channel_stats.srtp_crypto_suite != rtc::kSrtpInvalidCryptoSuite && rtc::SrtpCryptoSuiteToName(channel_stats.srtp_crypto_suite) .length()) { transport_stats->srtp_cipher = diff --git a/pc/rtc_stats_collector_unittest.cc b/pc/rtc_stats_collector_unittest.cc index 4ec86ab24f..44cafbc9a2 100644 --- a/pc/rtc_stats_collector_unittest.cc +++ b/pc/rtc_stats_collector_unittest.cc @@ -2528,7 +2528,7 @@ TEST_F(RTCStatsCollectorTest, CollectRTCTransportStatsWithCrypto) { rtp_transport_channel_stats.ssl_version_bytes = 0x0203; // 0x2F is TLS_RSA_WITH_AES_128_CBC_SHA according to IANA rtp_transport_channel_stats.ssl_cipher_suite = 0x2F; - rtp_transport_channel_stats.srtp_crypto_suite = rtc::SRTP_AES128_CM_SHA1_80; + rtp_transport_channel_stats.srtp_crypto_suite = rtc::kSrtpAes128CmSha1_80; pc_->SetTransportStats(kTransportName, {rtp_transport_channel_stats}); // Get stats diff --git a/pc/srtp_filter.cc b/pc/srtp_filter.cc index 2f8d06cbea..c48dfdb4cd 100644 --- a/pc/srtp_filter.cc +++ b/pc/srtp_filter.cc @@ -200,7 +200,7 @@ bool SrtpFilter::ApplySendParams(const CryptoParams& send_params) { } send_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(send_params.cipher_suite); - if (send_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) { + if (send_cipher_suite_ == rtc::kSrtpInvalidCryptoSuite) { RTC_LOG(LS_WARNING) << "Unknown crypto suite(s) received:" " send cipher_suite " << send_params.cipher_suite; @@ -231,7 +231,7 @@ bool SrtpFilter::ApplyRecvParams(const CryptoParams& recv_params) { } recv_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(recv_params.cipher_suite); - if (recv_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) { + if (recv_cipher_suite_ == rtc::kSrtpInvalidCryptoSuite) { RTC_LOG(LS_WARNING) << "Unknown crypto suite(s) received:" " recv cipher_suite " << recv_params.cipher_suite; diff --git a/pc/srtp_filter_unittest.cc b/pc/srtp_filter_unittest.cc index 9a5720614c..eadaad68af 100644 --- a/pc/srtp_filter_unittest.cc +++ b/pc/srtp_filter_unittest.cc @@ -122,9 +122,9 @@ TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) { std::vector answer(MakeVector(kTestCryptoParams2)); offer.push_back(kTestCryptoParams1); offer[1].tag = 2; - offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + offer[1].cipher_suite = kCsAesCm128HmacSha1_32; answer[0].tag = 2; - answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + answer[0].cipher_suite = kCsAesCm128HmacSha1_32; EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); EXPECT_FALSE(f1_.IsActive()); EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); @@ -224,7 +224,7 @@ TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) { std::vector answer(MakeVector(kTestCryptoParams2)); answer.push_back(kTestCryptoParams2); answer[1].tag = 2; - answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + answer[1].cipher_suite = kCsAesCm128HmacSha1_32; EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); EXPECT_FALSE(f1_.IsActive()); @@ -318,10 +318,9 @@ TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { std::vector answer(MakeVector(kTestCryptoParams2)); offer.push_back(kTestCryptoParams1); offer[1].tag = 2; - offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + offer[1].cipher_suite = kCsAesCm128HmacSha1_32; TestSetParams(offer, answer); - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, - CS_AES_CM_128_HMAC_SHA1_80); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80); } // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32. @@ -330,12 +329,11 @@ TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { std::vector answer(MakeVector(kTestCryptoParams2)); offer.push_back(kTestCryptoParams1); offer[1].tag = 2; - offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + offer[1].cipher_suite = kCsAesCm128HmacSha1_32; answer[0].tag = 2; - answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + answer[0].cipher_suite = kCsAesCm128HmacSha1_32; TestSetParams(offer, answer); - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32, - CS_AES_CM_128_HMAC_SHA1_32); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_32, kCsAesCm128HmacSha1_32); } // Test that we can change encryption parameters. @@ -344,14 +342,13 @@ TEST_F(SrtpFilterTest, TestChangeParameters) { std::vector answer(MakeVector(kTestCryptoParams2)); TestSetParams(offer, answer); - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, - CS_AES_CM_128_HMAC_SHA1_80); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80); // Change the key parameters and cipher_suite. offer[0].key_params = kTestKeyParams3; - offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + offer[0].cipher_suite = kCsAesCm128HmacSha1_32; answer[0].key_params = kTestKeyParams4; - answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + answer[0].cipher_suite = kCsAesCm128HmacSha1_32; EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); @@ -359,15 +356,13 @@ TEST_F(SrtpFilterTest, TestChangeParameters) { EXPECT_TRUE(f1_.IsActive()); // Test that the old keys are valid until the negotiation is complete. - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, - CS_AES_CM_128_HMAC_SHA1_80); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80); // Complete the negotiation and test that we can still understand each other. EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32, - CS_AES_CM_128_HMAC_SHA1_32); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_32, kCsAesCm128HmacSha1_32); } // Test that we can send and receive provisional answers with crypto enabled. @@ -376,7 +371,7 @@ TEST_F(SrtpFilterTest, TestProvisionalAnswer) { std::vector offer(MakeVector(kTestCryptoParams1)); offer.push_back(kTestCryptoParams1); offer[1].tag = 2; - offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + offer[1].cipher_suite = kCsAesCm128HmacSha1_32; std::vector answer(MakeVector(kTestCryptoParams2)); EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); @@ -387,18 +382,16 @@ TEST_F(SrtpFilterTest, TestProvisionalAnswer) { EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); EXPECT_TRUE(f1_.IsActive()); EXPECT_TRUE(f2_.IsActive()); - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, - CS_AES_CM_128_HMAC_SHA1_80); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80); answer[0].key_params = kTestKeyParams4; answer[0].tag = 2; - answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; + answer[0].cipher_suite = kCsAesCm128HmacSha1_32; EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); EXPECT_TRUE(f1_.IsActive()); EXPECT_TRUE(f2_.IsActive()); - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_32, - CS_AES_CM_128_HMAC_SHA1_32); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_32, kCsAesCm128HmacSha1_32); } // Test that a provisional answer doesn't need to contain a crypto. @@ -420,8 +413,7 @@ TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) { EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); EXPECT_TRUE(f1_.IsActive()); EXPECT_TRUE(f2_.IsActive()); - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, - CS_AES_CM_128_HMAC_SHA1_80); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80); } // Test that if we get a new local offer after a provisional answer @@ -448,8 +440,7 @@ TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) { EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); EXPECT_TRUE(f1_.IsActive()); EXPECT_TRUE(f2_.IsActive()); - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, - CS_AES_CM_128_HMAC_SHA1_80); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80); } // Test that we can disable encryption. @@ -458,8 +449,7 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) { std::vector answer(MakeVector(kTestCryptoParams2)); TestSetParams(offer, answer); - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, - CS_AES_CM_128_HMAC_SHA1_80); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80); offer.clear(); answer.clear(); @@ -469,8 +459,7 @@ TEST_F(SrtpFilterTest, TestDisableEncryption) { EXPECT_TRUE(f2_.IsActive()); // Test that the old keys are valid until the negotiation is complete. - VerifyCryptoParamsMatch(CS_AES_CM_128_HMAC_SHA1_80, - CS_AES_CM_128_HMAC_SHA1_80); + VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80); // Complete the negotiation. EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); diff --git a/pc/srtp_session.h b/pc/srtp_session.h index 0396412481..89fab0daf2 100644 --- a/pc/srtp_session.h +++ b/pc/srtp_session.h @@ -129,7 +129,7 @@ class SrtpSession { // Overhead of the SRTP auth tag for RTP and RTCP in bytes. // Depends on the cipher suite used and is usually the same with the exception - // of the CS_AES_CM_128_HMAC_SHA1_32 cipher suite. The additional four bytes + // of the kCsAesCm128HmacSha1_32 cipher suite. The additional four bytes // required for RTCP protection are not included. int rtp_auth_tag_len_ = 0; int rtcp_auth_tag_len_ = 0; diff --git a/pc/srtp_session_unittest.cc b/pc/srtp_session_unittest.cc index d0f6ea6c84..c492c635dc 100644 --- a/pc/srtp_session_unittest.cc +++ b/pc/srtp_session_unittest.cc @@ -79,58 +79,58 @@ class SrtpSessionTest : public ::testing::Test { // Test that we can set up the session and keys properly. TEST_F(SrtpSessionTest, TestGoodSetup) { - EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); } // Test that we can't change the keys once set. TEST_F(SrtpSessionTest, TestBadSetup) { - EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - EXPECT_FALSE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen, + EXPECT_FALSE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey2, kTestKeyLen, kEncryptedHeaderExtensionIds)); - EXPECT_FALSE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen, + EXPECT_FALSE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey2, kTestKeyLen, kEncryptedHeaderExtensionIds)); } // Test that we fail keys of the wrong length. TEST_F(SrtpSessionTest, TestKeysTooShort) { - EXPECT_FALSE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, 1, + EXPECT_FALSE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, 1, kEncryptedHeaderExtensionIds)); - EXPECT_FALSE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, 1, + EXPECT_FALSE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, 1, kEncryptedHeaderExtensionIds)); } // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80. TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { - EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); - TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); - TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80); - TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80); + TestProtectRtp(kCsAesCm128HmacSha1_80); + TestProtectRtcp(kCsAesCm128HmacSha1_80); + TestUnprotectRtp(kCsAesCm128HmacSha1_80); + TestUnprotectRtcp(kCsAesCm128HmacSha1_80); } // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32. TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { - EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32); - TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32); - TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32); - TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32); + TestProtectRtp(kCsAesCm128HmacSha1_32); + TestProtectRtcp(kCsAesCm128HmacSha1_32); + TestUnprotectRtp(kCsAesCm128HmacSha1_32); + TestUnprotectRtcp(kCsAesCm128HmacSha1_32); } TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) { - EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); int64_t index; int out_len = 0; @@ -144,12 +144,12 @@ TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) { // Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods. TEST_F(SrtpSessionTest, TestTamperReject) { int out_len; - EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); - TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); + TestProtectRtp(kCsAesCm128HmacSha1_80); + TestProtectRtcp(kCsAesCm128HmacSha1_80); rtp_packet_[0] = 0x12; rtcp_packet_[1] = 0x34; EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); @@ -165,9 +165,9 @@ TEST_F(SrtpSessionTest, TestTamperReject) { // Test that we fail to unprotect if the payloads are not authenticated. TEST_F(SrtpSessionTest, TestUnencryptReject) { int out_len; - EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); EXPECT_METRIC_THAT( @@ -182,7 +182,7 @@ TEST_F(SrtpSessionTest, TestUnencryptReject) { // Test that we fail when using buffers that are too small. TEST_F(SrtpSessionTest, TestBuffersTooSmall) { int out_len; - EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_) - 10, &out_len)); @@ -197,9 +197,9 @@ TEST_F(SrtpSessionTest, TestReplay) { static const uint16_t replay_window = 1024; int out_len; - EXPECT_TRUE(s1_.SetSend(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); - EXPECT_TRUE(s2_.SetRecv(SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen, + EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kEncryptedHeaderExtensionIds)); // Initial sequence number. diff --git a/pc/srtp_transport.cc b/pc/srtp_transport.cc index 47ba6d673f..230c1a347b 100644 --- a/pc/srtp_transport.cc +++ b/pc/srtp_transport.cc @@ -50,7 +50,7 @@ RTCError SrtpTransport::SetSrtpSendKey(const cricket::CryptoParams& params) { } send_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(params.cipher_suite); - if (*send_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) { + if (*send_cipher_suite_ == rtc::kSrtpInvalidCryptoSuite) { return RTCError(RTCErrorType::INVALID_PARAMETER, "Invalid SRTP crypto suite"); } @@ -90,7 +90,7 @@ RTCError SrtpTransport::SetSrtpReceiveKey(const cricket::CryptoParams& params) { } recv_cipher_suite_ = rtc::SrtpCryptoSuiteFromName(params.cipher_suite); - if (*recv_cipher_suite_ == rtc::SRTP_INVALID_CRYPTO_SUITE) { + if (*recv_cipher_suite_ == rtc::kSrtpInvalidCryptoSuite) { return RTCError(RTCErrorType::INVALID_PARAMETER, "Invalid SRTP crypto suite"); } diff --git a/pc/srtp_transport_unittest.cc b/pc/srtp_transport_unittest.cc index fa095bf399..cb8d836f24 100644 --- a/pc/srtp_transport_unittest.cc +++ b/pc/srtp_transport_unittest.cc @@ -29,10 +29,10 @@ #include "rtc_base/third_party/sigslot/sigslot.h" #include "test/gtest.h" +using rtc::kSrtpAeadAes128Gcm; using rtc::kTestKey1; using rtc::kTestKey2; using rtc::kTestKeyLen; -using rtc::SRTP_AEAD_AES_128_GCM; namespace webrtc { static const uint8_t kTestKeyGcm128_1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ12"; @@ -94,10 +94,10 @@ class SrtpTransportTest : public ::testing::Test, public sigslot::has_slots<> { int overhead; EXPECT_TRUE(transport->GetSrtpOverhead(&overhead)); switch (rtc::SrtpCryptoSuiteFromName(cs)) { - case rtc::SRTP_AES128_CM_SHA1_32: + case rtc::kSrtpAes128CmSha1_32: EXPECT_EQ(32 / 8, overhead); // 32-bit tag. break; - case rtc::SRTP_AES128_CM_SHA1_80: + case rtc::kSrtpAes128CmSha1_80: EXPECT_EQ(80 / 8, overhead); // 80-bit tag. break; default: @@ -343,61 +343,61 @@ class SrtpTransportTestWithExternalAuth TEST_P(SrtpTransportTestWithExternalAuth, SendAndRecvPacket_AES_CM_128_HMAC_SHA1_80) { bool enable_external_auth = GetParam(); - TestSendRecvPacket(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_80, - kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, - rtc::CS_AES_CM_128_HMAC_SHA1_80); + TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_80, kTestKey1, + kTestKeyLen, kTestKey2, kTestKeyLen, + rtc::kCsAesCm128HmacSha1_80); } TEST_F(SrtpTransportTest, SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_80) { - TestSendRecvEncryptedHeaderExtension(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, + TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, - rtc::CS_AES_CM_128_HMAC_SHA1_80); + rtc::kCsAesCm128HmacSha1_80); } TEST_P(SrtpTransportTestWithExternalAuth, SendAndRecvPacket_AES_CM_128_HMAC_SHA1_32) { bool enable_external_auth = GetParam(); - TestSendRecvPacket(enable_external_auth, rtc::SRTP_AES128_CM_SHA1_32, - kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, - rtc::CS_AES_CM_128_HMAC_SHA1_32); + TestSendRecvPacket(enable_external_auth, rtc::kSrtpAes128CmSha1_32, kTestKey1, + kTestKeyLen, kTestKey2, kTestKeyLen, + rtc::kCsAesCm128HmacSha1_32); } TEST_F(SrtpTransportTest, SendAndRecvPacketWithHeaderExtension_AES_CM_128_HMAC_SHA1_32) { - TestSendRecvEncryptedHeaderExtension(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, + TestSendRecvEncryptedHeaderExtension(rtc::kSrtpAes128CmSha1_32, kTestKey1, kTestKeyLen, kTestKey2, kTestKeyLen, - rtc::CS_AES_CM_128_HMAC_SHA1_32); + rtc::kCsAesCm128HmacSha1_32); } TEST_P(SrtpTransportTestWithExternalAuth, - SendAndRecvPacket_SRTP_AEAD_AES_128_GCM) { + SendAndRecvPacket_kSrtpAeadAes128Gcm) { bool enable_external_auth = GetParam(); - TestSendRecvPacket(enable_external_auth, rtc::SRTP_AEAD_AES_128_GCM, + TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes128Gcm, kTestKeyGcm128_1, kTestKeyGcm128Len, kTestKeyGcm128_2, - kTestKeyGcm128Len, rtc::CS_AEAD_AES_128_GCM); + kTestKeyGcm128Len, rtc::kCsAeadAes128Gcm); } TEST_F(SrtpTransportTest, - SendAndRecvPacketWithHeaderExtension_SRTP_AEAD_AES_128_GCM) { + SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes128Gcm) { TestSendRecvEncryptedHeaderExtension( - rtc::SRTP_AEAD_AES_128_GCM, kTestKeyGcm128_1, kTestKeyGcm128Len, - kTestKeyGcm128_2, kTestKeyGcm128Len, rtc::CS_AEAD_AES_128_GCM); + rtc::kSrtpAeadAes128Gcm, kTestKeyGcm128_1, kTestKeyGcm128Len, + kTestKeyGcm128_2, kTestKeyGcm128Len, rtc::kCsAeadAes128Gcm); } TEST_P(SrtpTransportTestWithExternalAuth, - SendAndRecvPacket_SRTP_AEAD_AES_256_GCM) { + SendAndRecvPacket_kSrtpAeadAes256Gcm) { bool enable_external_auth = GetParam(); - TestSendRecvPacket(enable_external_auth, rtc::SRTP_AEAD_AES_256_GCM, + TestSendRecvPacket(enable_external_auth, rtc::kSrtpAeadAes256Gcm, kTestKeyGcm256_1, kTestKeyGcm256Len, kTestKeyGcm256_2, - kTestKeyGcm256Len, rtc::CS_AEAD_AES_256_GCM); + kTestKeyGcm256Len, rtc::kCsAeadAes256Gcm); } TEST_F(SrtpTransportTest, - SendAndRecvPacketWithHeaderExtension_SRTP_AEAD_AES_256_GCM) { + SendAndRecvPacketWithHeaderExtension_kSrtpAeadAes256Gcm) { TestSendRecvEncryptedHeaderExtension( - rtc::SRTP_AEAD_AES_256_GCM, kTestKeyGcm256_1, kTestKeyGcm256Len, - kTestKeyGcm256_2, kTestKeyGcm256Len, rtc::CS_AEAD_AES_256_GCM); + rtc::kSrtpAeadAes256Gcm, kTestKeyGcm256_1, kTestKeyGcm256Len, + kTestKeyGcm256_2, kTestKeyGcm256Len, rtc::kCsAeadAes256Gcm); } // Run all tests both with and without external auth enabled. @@ -409,11 +409,11 @@ INSTANTIATE_TEST_SUITE_P(ExternalAuth, TEST_F(SrtpTransportTest, TestSetParamsKeyTooShort) { std::vector extension_ids; EXPECT_FALSE(srtp_transport1_->SetRtpParams( - rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids, - rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids)); + rtc::kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen - 1, extension_ids, + rtc::kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen - 1, extension_ids)); EXPECT_FALSE(srtp_transport1_->SetRtcpParams( - rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids, - rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen - 1, extension_ids)); + rtc::kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen - 1, extension_ids, + rtc::kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen - 1, extension_ids)); } } // namespace webrtc diff --git a/pc/stats_collector.cc b/pc/stats_collector.cc index eb2176ed38..c91566152a 100644 --- a/pc/stats_collector.cc +++ b/pc/stats_collector.cc @@ -977,14 +977,14 @@ void StatsCollector::ExtractSessionInfo_s(SessionStats& session_stats) { remote_cert_report_id); } int srtp_crypto_suite = channel_iter.srtp_crypto_suite; - if (srtp_crypto_suite != rtc::SRTP_INVALID_CRYPTO_SUITE && + if (srtp_crypto_suite != rtc::kSrtpInvalidCryptoSuite && rtc::SrtpCryptoSuiteToName(srtp_crypto_suite).length()) { channel_report->AddString( StatsReport::kStatsValueNameSrtpCipher, rtc::SrtpCryptoSuiteToName(srtp_crypto_suite)); } int ssl_cipher_suite = channel_iter.ssl_cipher_suite; - if (ssl_cipher_suite != rtc::TLS_NULL_WITH_NULL_NULL && + if (ssl_cipher_suite != rtc::kTlsNullWithNullNull && rtc::SSLStreamAdapter::SslCipherSuiteToName(ssl_cipher_suite) .length()) { channel_report->AddString( diff --git a/pc/stats_collector_unittest.cc b/pc/stats_collector_unittest.cc index c630c3af6c..a42ed86018 100644 --- a/pc/stats_collector_unittest.cc +++ b/pc/stats_collector_unittest.cc @@ -674,7 +674,7 @@ class StatsCollectorTest : public ::testing::Test { // Fake stats to process. TransportChannelStats channel_stats; channel_stats.component = 1; - channel_stats.srtp_crypto_suite = rtc::SRTP_AES128_CM_SHA1_80; + channel_stats.srtp_crypto_suite = rtc::kSrtpAes128CmSha1_80; channel_stats.ssl_cipher_suite = internal::TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; pc->SetTransportStats(kTransportName, channel_stats); @@ -729,7 +729,7 @@ class StatsCollectorTest : public ::testing::Test { std::string srtp_crypto_suite = ExtractStatsValue(StatsReport::kStatsReportTypeComponent, reports, StatsReport::kStatsValueNameSrtpCipher); - EXPECT_EQ(rtc::SrtpCryptoSuiteToName(rtc::SRTP_AES128_CM_SHA1_80), + EXPECT_EQ(rtc::SrtpCryptoSuiteToName(rtc::kSrtpAes128CmSha1_80), srtp_crypto_suite); } }; diff --git a/pc/test/integration_test_helpers.h b/pc/test/integration_test_helpers.h index 9ec9b0e982..af59a83a9b 100644 --- a/pc/test/integration_test_helpers.h +++ b/pc/test/integration_test_helpers.h @@ -150,8 +150,8 @@ static const char kDataChannelLabel[] = "data_channel"; // SRTP cipher name negotiated by the tests. This must be updated if the // default changes. -static const int kDefaultSrtpCryptoSuite = rtc::SRTP_AES128_CM_SHA1_80; -static const int kDefaultSrtpCryptoSuiteGcm = rtc::SRTP_AEAD_AES_256_GCM; +static const int kDefaultSrtpCryptoSuite = rtc::kSrtpAes128CmSha1_80; +static const int kDefaultSrtpCryptoSuiteGcm = rtc::kSrtpAeadAes256Gcm; static const SocketAddress kDefaultLocalAddress("192.168.1.1", 0); diff --git a/pc/test/srtp_test_util.h b/pc/test/srtp_test_util.h index ed12e541bf..ae02310eba 100644 --- a/pc/test/srtp_test_util.h +++ b/pc/test/srtp_test_util.h @@ -15,25 +15,25 @@ namespace rtc { -extern const char CS_AES_CM_128_HMAC_SHA1_32[]; -extern const char CS_AEAD_AES_128_GCM[]; -extern const char CS_AEAD_AES_256_GCM[]; +extern const char kCsAesCm128HmacSha1_32[]; +extern const char kCsAeadAes128Gcm[]; +extern const char kCsAeadAes256Gcm[]; static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; static const int kTestKeyLen = 30; static int rtp_auth_tag_len(const std::string& cs) { - if (cs == CS_AES_CM_128_HMAC_SHA1_32) { + if (cs == kCsAesCm128HmacSha1_32) { return 4; - } else if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { + } else if (cs == kCsAeadAes128Gcm || cs == kCsAeadAes256Gcm) { return 16; } else { return 10; } } static int rtcp_auth_tag_len(const std::string& cs) { - if (cs == CS_AEAD_AES_128_GCM || cs == CS_AEAD_AES_256_GCM) { + if (cs == kCsAeadAes128Gcm || cs == kCsAeadAes256Gcm) { return 16; } else { return 10; diff --git a/pc/transport_stats.h b/pc/transport_stats.h index 173af91fba..2f43d45808 100644 --- a/pc/transport_stats.h +++ b/pc/transport_stats.h @@ -29,8 +29,8 @@ struct TransportChannelStats { int component = 0; int ssl_version_bytes = 0; - int srtp_crypto_suite = rtc::SRTP_INVALID_CRYPTO_SUITE; - int ssl_cipher_suite = rtc::TLS_NULL_WITH_NULL_NULL; + int srtp_crypto_suite = rtc::kSrtpInvalidCryptoSuite; + int ssl_cipher_suite = rtc::kTlsNullWithNullNull; webrtc::DtlsTransportState dtls_state = webrtc::DtlsTransportState::kNew; IceTransportStats ice_transport_stats; }; diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc index aa0bc3d40c..d250853815 100644 --- a/rtc_base/openssl_stream_adapter.cc +++ b/rtc_base/openssl_stream_adapter.cc @@ -73,10 +73,10 @@ struct SslCipherMapEntry { // This isn't elegant, but it's better than an external reference constexpr SrtpCipherMapEntry kSrtpCipherMap[] = { - {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80}, - {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32}, - {"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM}, - {"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM}}; + {"SRTP_AES128_CM_SHA1_80", kSrtpAes128CmSha1_80}, + {"SRTP_AES128_CM_SHA1_32", kSrtpAes128CmSha1_32}, + {"SRTP_AEAD_AES_128_GCM", kSrtpAeadAes128Gcm}, + {"SRTP_AEAD_AES_256_GCM", kSrtpAeadAes256Gcm}}; #ifndef OPENSSL_IS_BORINGSSL // The "SSL_CIPHER_standard_name" function is only available in OpenSSL when diff --git a/rtc_base/ssl_stream_adapter.cc b/rtc_base/ssl_stream_adapter.cc index 5730af63d8..718c62d20f 100644 --- a/rtc_base/ssl_stream_adapter.cc +++ b/rtc_base/ssl_stream_adapter.cc @@ -19,57 +19,66 @@ namespace rtc { // TODO(guoweis): Move this to SDP layer and use int form internally. // webrtc:5043. +const char kCsAesCm128HmacSha1_80[] = "AES_CM_128_HMAC_SHA1_80"; +const char kCsAesCm128HmacSha1_32[] = "AES_CM_128_HMAC_SHA1_32"; +const char kCsAeadAes128Gcm[] = "AEAD_AES_128_GCM"; +const char kCsAeadAes256Gcm[] = "AEAD_AES_256_GCM"; + +// TODO(bugs.webrtc.org/12997): Start. +// Remove the following constants which violate the style guide and can +// potentially clash with OpenSSL macros. const char CS_AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80"; const char CS_AES_CM_128_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32"; const char CS_AEAD_AES_128_GCM[] = "AEAD_AES_128_GCM"; const char CS_AEAD_AES_256_GCM[] = "AEAD_AES_256_GCM"; +// TODO(bugs.webrtc.org/12997): End. std::string SrtpCryptoSuiteToName(int crypto_suite) { switch (crypto_suite) { - case SRTP_AES128_CM_SHA1_32: - return CS_AES_CM_128_HMAC_SHA1_32; - case SRTP_AES128_CM_SHA1_80: - return CS_AES_CM_128_HMAC_SHA1_80; - case SRTP_AEAD_AES_128_GCM: - return CS_AEAD_AES_128_GCM; - case SRTP_AEAD_AES_256_GCM: - return CS_AEAD_AES_256_GCM; + case kSrtpAes128CmSha1_32: + return kCsAesCm128HmacSha1_32; + case kSrtpAes128CmSha1_80: + return kCsAesCm128HmacSha1_80; + case kSrtpAeadAes128Gcm: + return kCsAeadAes128Gcm; + case kSrtpAeadAes256Gcm: + return kCsAeadAes256Gcm; default: return std::string(); } } int SrtpCryptoSuiteFromName(const std::string& crypto_suite) { - if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_32) - return SRTP_AES128_CM_SHA1_32; - if (crypto_suite == CS_AES_CM_128_HMAC_SHA1_80) - return SRTP_AES128_CM_SHA1_80; - if (crypto_suite == CS_AEAD_AES_128_GCM) - return SRTP_AEAD_AES_128_GCM; - if (crypto_suite == CS_AEAD_AES_256_GCM) - return SRTP_AEAD_AES_256_GCM; - return SRTP_INVALID_CRYPTO_SUITE; + if (crypto_suite == kCsAesCm128HmacSha1_32) + return kSrtpAes128CmSha1_32; + if (crypto_suite == kCsAesCm128HmacSha1_80) + return kSrtpAes128CmSha1_80; + if (crypto_suite == kCsAeadAes128Gcm) + return kSrtpAeadAes128Gcm; + if (crypto_suite == kCsAeadAes256Gcm) + return kSrtpAeadAes256Gcm; + return kSrtpInvalidCryptoSuite; } bool GetSrtpKeyAndSaltLengths(int crypto_suite, int* key_length, int* salt_length) { switch (crypto_suite) { - case SRTP_AES128_CM_SHA1_32: - case SRTP_AES128_CM_SHA1_80: + case kSrtpAes128CmSha1_32: + case kSrtpAes128CmSha1_80: // SRTP_AES128_CM_HMAC_SHA1_32 and SRTP_AES128_CM_HMAC_SHA1_80 are defined // in RFC 5764 to use a 128 bits key and 112 bits salt for the cipher. *key_length = 16; *salt_length = 14; break; - case SRTP_AEAD_AES_128_GCM: - // SRTP_AEAD_AES_128_GCM is defined in RFC 7714 to use a 128 bits key and + case kSrtpAeadAes128Gcm: + // kSrtpAeadAes128Gcm is defined in RFC 7714 to use a 128 bits key and // a 96 bits salt for the cipher. *key_length = 16; *salt_length = 12; break; - case SRTP_AEAD_AES_256_GCM: - // SRTP_AEAD_AES_256_GCM is defined in RFC 7714 to use a 256 bits key and + case kSrtpAeadAes256Gcm: + // kSrtpAeadAes256Gcm is defined in RFC 7714 to use a 256 bits key and // a 96 bits salt for the cipher. *key_length = 32; *salt_length = 12; @@ -81,13 +90,12 @@ bool GetSrtpKeyAndSaltLengths(int crypto_suite, } bool IsGcmCryptoSuite(int crypto_suite) { - return (crypto_suite == SRTP_AEAD_AES_256_GCM || - crypto_suite == SRTP_AEAD_AES_128_GCM); + return (crypto_suite == kSrtpAeadAes256Gcm || + crypto_suite == kSrtpAeadAes128Gcm); } bool IsGcmCryptoSuiteName(const std::string& crypto_suite) { - return (crypto_suite == CS_AEAD_AES_256_GCM || - crypto_suite == CS_AEAD_AES_128_GCM); + return (crypto_suite == kCsAeadAes256Gcm || crypto_suite == kCsAeadAes128Gcm); } std::unique_ptr SSLStreamAdapter::Create( diff --git a/rtc_base/ssl_stream_adapter.h b/rtc_base/ssl_stream_adapter.h index 6b44c76455..6a21c6bed4 100644 --- a/rtc_base/ssl_stream_adapter.h +++ b/rtc_base/ssl_stream_adapter.h @@ -26,11 +26,12 @@ namespace rtc { // Constants for SSL profile. -const int TLS_NULL_WITH_NULL_NULL = 0; -const int SSL_CIPHER_SUITE_MAX_VALUE = 0xFFFF; +constexpr int kTlsNullWithNullNull = 0; +constexpr int kSslCipherSuiteMaxValue = 0xFFFF; -// Constants for SRTP profiles. -const int SRTP_INVALID_CRYPTO_SUITE = 0; +// TODO(bugs.webrtc.org/12997): Start. +// Remove the following constants which violate the style guide and can +// potentially clash with OpenSSL macros. #ifndef SRTP_AES128_CM_SHA1_80 const int SRTP_AES128_CM_SHA1_80 = 0x0001; #endif @@ -43,8 +44,6 @@ const int SRTP_AEAD_AES_128_GCM = 0x0007; #ifndef SRTP_AEAD_AES_256_GCM const int SRTP_AEAD_AES_256_GCM = 0x0008; #endif -const int SRTP_CRYPTO_SUITE_MAX_VALUE = 0xFFFF; - // Names of SRTP profiles listed above. // 128-bit AES with 80-bit SHA-1 HMAC. extern const char CS_AES_CM_128_HMAC_SHA1_80[]; @@ -54,6 +53,25 @@ extern const char CS_AES_CM_128_HMAC_SHA1_32[]; extern const char CS_AEAD_AES_128_GCM[]; // 256-bit AES GCM with 16 byte AEAD auth tag. extern const char CS_AEAD_AES_256_GCM[]; +// TODO(bugs.webrtc.org/12997): End. + +// Constants for SRTP profiles. +constexpr int kSrtpInvalidCryptoSuite = 0; +constexpr int kSrtpAes128CmSha1_80 = 0x0001; +constexpr int kSrtpAes128CmSha1_32 = 0x0002; +constexpr int kSrtpAeadAes128Gcm = 0x0007; +constexpr int kSrtpAeadAes256Gcm = 0x0008; +constexpr int kSrtpCryptoSuiteMaxValue = 0xFFFF; + +// Names of SRTP profiles listed above. +// 128-bit AES with 80-bit SHA-1 HMAC. +extern const char kCsAesCm128HmacSha1_80[]; +// 128-bit AES with 32-bit SHA-1 HMAC. +extern const char kCsAesCm128HmacSha1_32[]; +// 128-bit AES GCM with 16 byte AEAD auth tag. +extern const char kCsAeadAes128Gcm[]; +// 256-bit AES GCM with 16 byte AEAD auth tag. +extern const char kCsAeadAes256Gcm[]; // Given the DTLS-SRTP protection profile ID, as defined in // https://tools.ietf.org/html/rfc4568#section-6.2 , return the SRTP profile diff --git a/rtc_base/ssl_stream_adapter_unittest.cc b/rtc_base/ssl_stream_adapter_unittest.cc index c580d835c5..1c6eee2802 100644 --- a/rtc_base/ssl_stream_adapter_unittest.cc +++ b/rtc_base/ssl_stream_adapter_unittest.cc @@ -1245,7 +1245,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { // Test DTLS-SRTP with all high ciphers TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { std::vector high; - high.push_back(rtc::SRTP_AES128_CM_SHA1_80); + high.push_back(rtc::kSrtpAes128CmSha1_80); SetDtlsSrtpCryptoSuites(high, true); SetDtlsSrtpCryptoSuites(high, false); TestHandshake(); @@ -1256,13 +1256,13 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); ASSERT_EQ(client_cipher, server_cipher); - ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); + ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80); } // Test DTLS-SRTP with all low ciphers TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { std::vector low; - low.push_back(rtc::SRTP_AES128_CM_SHA1_32); + low.push_back(rtc::kSrtpAes128CmSha1_32); SetDtlsSrtpCryptoSuites(low, true); SetDtlsSrtpCryptoSuites(low, false); TestHandshake(); @@ -1273,15 +1273,15 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); ASSERT_EQ(client_cipher, server_cipher); - ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); + ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_32); } // Test DTLS-SRTP with a mismatch -- should not converge TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { std::vector high; - high.push_back(rtc::SRTP_AES128_CM_SHA1_80); + high.push_back(rtc::kSrtpAes128CmSha1_80); std::vector low; - low.push_back(rtc::SRTP_AES128_CM_SHA1_32); + low.push_back(rtc::kSrtpAes128CmSha1_32); SetDtlsSrtpCryptoSuites(high, true); SetDtlsSrtpCryptoSuites(low, false); TestHandshake(); @@ -1295,8 +1295,8 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { // Test DTLS-SRTP with each side being mixed -- should select high TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { std::vector mixed; - mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); - mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); + mixed.push_back(rtc::kSrtpAes128CmSha1_80); + mixed.push_back(rtc::kSrtpAes128CmSha1_32); SetDtlsSrtpCryptoSuites(mixed, true); SetDtlsSrtpCryptoSuites(mixed, false); TestHandshake(); @@ -1307,13 +1307,13 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); ASSERT_EQ(client_cipher, server_cipher); - ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); + ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80); } // Test DTLS-SRTP with all GCM-128 ciphers. TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { std::vector gcm128; - gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); + gcm128.push_back(rtc::kSrtpAeadAes128Gcm); SetDtlsSrtpCryptoSuites(gcm128, true); SetDtlsSrtpCryptoSuites(gcm128, false); TestHandshake(); @@ -1324,13 +1324,13 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); ASSERT_EQ(client_cipher, server_cipher); - ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); + ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes128Gcm); } // Test DTLS-SRTP with all GCM-256 ciphers. TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { std::vector gcm256; - gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); + gcm256.push_back(rtc::kSrtpAeadAes256Gcm); SetDtlsSrtpCryptoSuites(gcm256, true); SetDtlsSrtpCryptoSuites(gcm256, false); TestHandshake(); @@ -1341,15 +1341,15 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); ASSERT_EQ(client_cipher, server_cipher); - ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); + ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm); } // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { std::vector gcm128; - gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); + gcm128.push_back(rtc::kSrtpAeadAes128Gcm); std::vector gcm256; - gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); + gcm256.push_back(rtc::kSrtpAeadAes256Gcm); SetDtlsSrtpCryptoSuites(gcm128, true); SetDtlsSrtpCryptoSuites(gcm256, false); TestHandshake(); @@ -1363,8 +1363,8 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { std::vector gcmBoth; - gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); - gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); + gcmBoth.push_back(rtc::kSrtpAeadAes256Gcm); + gcmBoth.push_back(rtc::kSrtpAeadAes128Gcm); SetDtlsSrtpCryptoSuites(gcmBoth, true); SetDtlsSrtpCryptoSuites(gcmBoth, false); TestHandshake(); @@ -1375,7 +1375,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); ASSERT_EQ(client_cipher, server_cipher); - ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); + ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm); } // Test SRTP cipher suite lengths. @@ -1383,26 +1383,26 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) { int key_len; int salt_len; - ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_INVALID_CRYPTO_SUITE, + ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpInvalidCryptoSuite, &key_len, &salt_len)); - ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AES128_CM_SHA1_32, - &key_len, &salt_len)); + ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_32, &key_len, + &salt_len)); ASSERT_EQ(128 / 8, key_len); ASSERT_EQ(112 / 8, salt_len); - ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AES128_CM_SHA1_80, - &key_len, &salt_len)); + ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_80, &key_len, + &salt_len)); ASSERT_EQ(128 / 8, key_len); ASSERT_EQ(112 / 8, salt_len); - ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AEAD_AES_128_GCM, - &key_len, &salt_len)); + ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes128Gcm, &key_len, + &salt_len)); ASSERT_EQ(128 / 8, key_len); ASSERT_EQ(96 / 8, salt_len); - ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AEAD_AES_256_GCM, - &key_len, &salt_len)); + ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes256Gcm, &key_len, + &salt_len)); ASSERT_EQ(256 / 8, key_len); ASSERT_EQ(96 / 8, salt_len); } diff --git a/sdk/android/api/org/webrtc/CryptoOptions.java b/sdk/android/api/org/webrtc/CryptoOptions.java index 77b9552aad..6e06bc6426 100644 --- a/sdk/android/api/org/webrtc/CryptoOptions.java +++ b/sdk/android/api/org/webrtc/CryptoOptions.java @@ -29,7 +29,7 @@ public final class CryptoOptions { private final boolean enableGcmCryptoSuites; /** * If set to true, the (potentially insecure) crypto cipher - * SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers + * kSrtpAes128CmSha1_32 will be included in the list of supported ciphers * during negotiation. It will only be used if both peers support it and no * other ciphers get preferred. */ diff --git a/sdk/objc/api/peerconnection/RTCCryptoOptions.h b/sdk/objc/api/peerconnection/RTCCryptoOptions.h index 759a45e037..7894c8d50c 100644 --- a/sdk/objc/api/peerconnection/RTCCryptoOptions.h +++ b/sdk/objc/api/peerconnection/RTCCryptoOptions.h @@ -28,7 +28,7 @@ RTC_OBJC_EXPORT @property(nonatomic, assign) BOOL srtpEnableGcmCryptoSuites; /** * If set to true, the (potentially insecure) crypto cipher - * SRTP_AES128_CM_SHA1_32 will be included in the list of supported ciphers + * kSrtpAes128CmSha1_32 will be included in the list of supported ciphers * during negotiation. It will only be used if both peers support it and no * other ciphers get preferred. */