summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
commit26a029d407be480d791972afb5975cf62c9360a6 (patch)
treef435a8308119effd964b339f76abb83a57c29483 /testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html
parentInitial commit. (diff)
downloadfirefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz
firefox-26a029d407be480d791972afb5975cf62c9360a6.zip
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html')
-rw-r--r--testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html77
1 files changed, 77 insertions, 0 deletions
diff --git a/testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html b/testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html
new file mode 100644
index 0000000000..c3941e409f
--- /dev/null
+++ b/testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html
@@ -0,0 +1,77 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>RTCPeerConnection.prototype.createOffer</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../RTCPeerConnection-helper.js"></script>
+<script>
+'use strict';
+
+// draft-ietf-rtcweb-security-20 section 6.5
+//
+// All Implementations MUST support DTLS 1.2 with the
+// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256
+// curve [FIPS186].
+// ....... The DTLS-SRTP protection profile
+// SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP.
+// Implementations MUST favor cipher suites which support (Perfect
+// Forward Secrecy) PFS over non-PFS cipher suites and SHOULD favor AEAD
+// over non-AEAD cipher suites.
+
+const acceptableTlsVersions = new Set([
+ 'FEFD', // DTLS 1.2 - RFC 6437 section 4.1
+ '0304', // TLS 1.3 - RFC 8446 section 5.1
+]);
+
+const acceptableDtlsCiphersuites = new Set([
+ 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
+]);
+
+const acceptableSrtpCiphersuites = new Set([
+ 'SRTP_AES128_CM_HMAC_SHA1_80',
+ 'AES_CM_128_HMAC_SHA1_80',
+]);
+
+const acceptableValues = {
+ 'tlsVersion': acceptableTlsVersions,
+ 'dtlsCipher': acceptableDtlsCiphersuites,
+ 'srtpCipher': acceptableSrtpCiphersuites,
+};
+
+function verifyStat(name, transportStats) {
+ assert_not_equals(typeof transportStats, 'undefined');
+ assert_true(name in transportStats, 'Value present:');
+ assert_true(acceptableValues[name].has(transportStats[name]));
+}
+
+for (const name of Object.keys(acceptableValues)) {
+ promise_test(async t => {
+ const pc1 = new RTCPeerConnection();
+ const pc2 = new RTCPeerConnection();
+ t.add_cleanup(() => pc1.close());
+ t.add_cleanup(() => pc2.close());
+ pc1.createDataChannel('foo');
+ exchangeIceCandidates(pc1, pc2);
+ await exchangeOfferAnswer(pc1, pc2);
+ await waitForState(pc1.sctp.transport, 'connected');
+ const statsReport = await pc1.getStats();
+ const transportStats = [...statsReport.values()].find(({type}) => type === 'transport');
+ verifyStat(name, transportStats);
+ }, name + ' is acceptable on data-only');
+
+ promise_test(async t => {
+ const pc1 = new RTCPeerConnection();
+ const pc2 = new RTCPeerConnection();
+ t.add_cleanup(() => pc1.close());
+ t.add_cleanup(() => pc2.close());
+ const transceiver = pc1.addTransceiver('video');
+
+ exchangeIceCandidates(pc1, pc2);
+ await exchangeOfferAnswer(pc1, pc2);
+ await waitForState(transceiver.sender.transport, 'connected');
+ const statsReport = await pc1.getStats();
+ const transportStats = [...statsReport.values()].find(({type}) => type === 'transport');
+ verifyStat(name, transportStats);
+ }, name + ' is acceptable on video-only');
+}
+</script>