From 40a355a42d4a9444dc753c04c6608dade2f06a23 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 03:13:27 +0200
Subject: Adding upstream version 125.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 third_party/libwebrtc/pc/srtp_session_unittest.cc | 32 +++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'third_party/libwebrtc/pc/srtp_session_unittest.cc')

diff --git a/third_party/libwebrtc/pc/srtp_session_unittest.cc b/third_party/libwebrtc/pc/srtp_session_unittest.cc
index 16a840a307..7adfee86fd 100644
--- a/third_party/libwebrtc/pc/srtp_session_unittest.cc
+++ b/third_party/libwebrtc/pc/srtp_session_unittest.cc
@@ -251,4 +251,36 @@ TEST_F(SrtpSessionTest, TestReplay) {
       s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len));
 }
 
+TEST_F(SrtpSessionTest, RemoveSsrc) {
+  EXPECT_TRUE(s1_.SetSend(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
+                          kEncryptedHeaderExtensionIds));
+  EXPECT_TRUE(s2_.SetRecv(kSrtpAes128CmSha1_80, kTestKey1, kTestKeyLen,
+                          kEncryptedHeaderExtensionIds));
+  int out_len;
+  // Encrypt and decrypt the packet once.
+  EXPECT_TRUE(
+      s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len));
+  EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, out_len, &out_len));
+  EXPECT_EQ(rtp_len_, out_len);
+  EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len));
+
+  // Recreate the original packet and encrypt again.
+  memcpy(rtp_packet_, kPcmuFrame, rtp_len_);
+  EXPECT_TRUE(
+      s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), &out_len));
+  // Attempting to decrypt will fail as a replay attack.
+  // (srtp_err_status_replay_fail) since the sequence number was already seen.
+  EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, out_len, &out_len));
+
+  // Remove the fake packet SSRC 1 from the session.
+  EXPECT_TRUE(s2_.RemoveSsrcFromSession(1));
+  EXPECT_FALSE(s2_.RemoveSsrcFromSession(1));
+
+  // Since the SRTP state was discarded, this is no longer a replay attack.
+  EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, out_len, &out_len));
+  EXPECT_EQ(rtp_len_, out_len);
+  EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len));
+  EXPECT_TRUE(s2_.RemoveSsrcFromSession(1));
+}
+
 }  // namespace rtc
-- 
cgit v1.2.3