use crate::packet::{RtpHeader, RtpPacket};
use crate::security::{
sdes::{Sdes, SdesConfig, SdesRole},
SecurityKeyExchange,
};
use crate::srtp::{SrtpContext, SrtpCryptoKey, SRTP_AES128_CM_SHA1_80};
use bytes::Bytes;
#[test]
fn test_srtp_with_sdes_key_exchange() {
let offerer_config = SdesConfig {
crypto_suites: vec![SRTP_AES128_CM_SHA1_80],
offer_count: 1,
};
let mut offerer = Sdes::new(offerer_config, SdesRole::Offerer);
let answerer_config = SdesConfig {
crypto_suites: vec![SRTP_AES128_CM_SHA1_80],
offer_count: 1,
};
let mut answerer = Sdes::new(answerer_config, SdesRole::Answerer);
offerer.init().expect("Failed to initialize offerer");
answerer.init().expect("Failed to initialize answerer");
let offer_result = offerer
.process_message(b"")
.expect("Failed to create offer");
let offer = offer_result.unwrap();
let answer_result = answerer
.process_message(&offer)
.expect("Failed to process offer");
let answer = answer_result.unwrap();
offerer
.process_message(&answer)
.expect("Failed to process answer");
assert!(offerer.is_complete());
assert!(answerer.is_complete());
assert!(offerer.get_srtp_key().is_some());
assert!(answerer.get_srtp_key().is_some());
let offerer_srtp = SrtpContext::new(
offerer.get_srtp_suite().unwrap(),
offerer.get_srtp_key().unwrap(),
)
.expect("Failed to create offerer SRTP context");
let mut answerer_srtp = SrtpContext::new(
answerer.get_srtp_suite().unwrap(),
answerer.get_srtp_key().unwrap(),
)
.expect("Failed to create answerer SRTP context");
let header = RtpHeader::new(96, 1000, 12345, 0xabcdef01);
let payload = Bytes::from_static(b"Hello secure RTP world!");
let packet = RtpPacket::new(header, payload);
let mut offerer_srtp_mut = offerer_srtp;
let protected = offerer_srtp_mut
.protect(&packet)
.expect("Failed to protect RTP packet");
let protected_bytes = protected
.serialize()
.expect("Failed to serialize protected packet");
let decrypted = answerer_srtp
.unprotect(&protected_bytes)
.expect("Failed to unprotect RTP packet");
assert_eq!(decrypted.header.payload_type, packet.header.payload_type);
assert_eq!(
decrypted.header.sequence_number,
packet.header.sequence_number
);
assert_eq!(decrypted.header.timestamp, packet.header.timestamp);
assert_eq!(decrypted.header.ssrc, packet.header.ssrc);
assert_eq!(decrypted.payload, packet.payload);
}
#[test]
fn test_srtp_with_mikey_key_exchange() {
use crate::security::mikey::{Mikey, MikeyConfig, MikeyKeyExchangeMethod, MikeyRole};
let psk = vec![1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16];
let initiator_config = MikeyConfig {
method: MikeyKeyExchangeMethod::Psk,
psk: Some(psk.clone()),
srtp_profile: SRTP_AES128_CM_SHA1_80,
..Default::default()
};
let mut initiator = Mikey::new(initiator_config, MikeyRole::Initiator);
let responder_config = MikeyConfig {
method: MikeyKeyExchangeMethod::Psk,
psk: Some(psk.clone()),
srtp_profile: SRTP_AES128_CM_SHA1_80,
..Default::default()
};
let _responder = Mikey::new(responder_config, MikeyRole::Responder);
initiator.init().expect("Failed to initialize initiator");
if let Some(initiator_key) = initiator.get_srtp_key() {
if let Some(initiator_suite) = initiator.get_srtp_suite() {
let mut srtp_context = SrtpContext::new(initiator_suite, initiator_key)
.expect("Failed to create SRTP context");
let header = RtpHeader::new(96, 1000, 12345, 0xabcdef01);
let payload = Bytes::from_static(b"Hello MIKEY secured RTP world!");
let packet = RtpPacket::new(header, payload);
let protected = srtp_context
.protect(&packet)
.expect("Failed to protect RTP packet");
assert!(protected.auth_tag.is_some());
let protected_bytes = protected
.serialize()
.expect("Failed to serialize protected packet");
let decrypted = srtp_context
.unprotect(&protected_bytes)
.expect("Failed to unprotect RTP packet");
assert_eq!(decrypted.header.payload_type, packet.header.payload_type);
assert_eq!(
decrypted.header.sequence_number,
packet.header.sequence_number
);
assert_eq!(decrypted.header.timestamp, packet.header.timestamp);
assert_eq!(decrypted.header.ssrc, packet.header.ssrc);
assert_eq!(decrypted.payload, packet.payload);
}
}
}
#[test]
fn test_srtp_with_zrtp_key_exchange() {
use crate::security::zrtp::{
Zrtp, ZrtpAuthTag, ZrtpCipher, ZrtpConfig, ZrtpHash, ZrtpKeyAgreement, ZrtpRole,
ZrtpSasType,
};
let initiator_config = ZrtpConfig {
ciphers: vec![ZrtpCipher::Aes1],
hashes: vec![ZrtpHash::S256],
auth_tags: vec![ZrtpAuthTag::HS80],
key_agreements: vec![ZrtpKeyAgreement::EC25],
sas_types: vec![ZrtpSasType::B32],
client_id: "RVOIP ZRTP Test".to_string(),
srtp_profile: SRTP_AES128_CM_SHA1_80,
};
let mut initiator = Zrtp::new(initiator_config, ZrtpRole::Initiator);
initiator.init().expect("Failed to initialize initiator");
let manual_key = SrtpCryptoKey::new(
vec![
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
0x0F, 0x10,
],
vec![
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E,
],
);
let mut srtp_context = SrtpContext::new(SRTP_AES128_CM_SHA1_80, manual_key)
.expect("Failed to create SRTP context");
let rtcp_data = vec![
0x81, 0xc8, 0x00, 0x0c, 0xab, 0xcd, 0xef, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x39, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x64, 0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ];
let protected_rtcp = srtp_context
.protect_rtcp(&rtcp_data)
.expect("Failed to protect RTCP packet");
let unprotected_rtcp = srtp_context
.unprotect_rtcp(&protected_rtcp)
.expect("Failed to unprotect RTCP packet");
assert_eq!(unprotected_rtcp.len(), rtcp_data.len());
assert_eq!(&unprotected_rtcp[0..4], &rtcp_data[0..4]);
let header = RtpHeader::new(96, 1000, 12345, 0xabcdef01);
let payload = Bytes::from_static(b"Hello ZRTP secured RTP world!");
let packet = RtpPacket::new(header, payload);
let protected = srtp_context
.protect(&packet)
.expect("Failed to protect RTP packet");
assert!(protected.auth_tag.is_some());
let protected_bytes = protected
.serialize()
.expect("Failed to serialize protected packet");
let decrypted = srtp_context
.unprotect(&protected_bytes)
.expect("Failed to unprotect RTP packet");
assert_eq!(decrypted.header.payload_type, packet.header.payload_type);
assert_eq!(
decrypted.header.sequence_number,
packet.header.sequence_number
);
assert_eq!(decrypted.header.timestamp, packet.header.timestamp);
assert_eq!(decrypted.header.ssrc, packet.header.ssrc);
assert_eq!(decrypted.payload, packet.payload);
}