diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html')
-rw-r--r-- | testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html b/testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html new file mode 100644 index 0000000000..f13f221b88 --- /dev/null +++ b/testing/web-platform/tests/webrtc/protocol/crypto-suite.https.html @@ -0,0 +1,85 @@ +<!doctype html> +<meta charset=utf-8> +<title>RTCPeerConnection.prototype.createOffer</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="../RTCPeerConnection-helper.js"></script> +<script src="../RTCStats-helper.js"></script> +<script> +'use strict'; + +// draft-ietf-rtcweb-security-20 section 6.5 +// +// All Implementations MUST support DTLS 1.2 with the +// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256 +// curve [FIPS186]. +// ....... The DTLS-SRTP protection profile +// SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP. +// Implementations MUST favor cipher suites which support (Perfect +// Forward Secrecy) PFS over non-PFS cipher suites and SHOULD favor AEAD +// over non-AEAD cipher suites. + +const acceptableTlsVersions = new Set([ + 'FEFD', // DTLS 1.2 - RFC 6437 section 4.1 + '0304', // TLS 1.3 - RFC 8446 section 5.1 +]); + +const acceptableDtlsCiphersuites = new Set([ + 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', +]); + +const acceptableSrtpCiphersuites = new Set([ + 'SRTP_AES128_CM_HMAC_SHA1_80', + 'AES_CM_128_HMAC_SHA1_80', +]); + +const acceptableTlsGroups = new Set([ + 'P-256', +]); + +const acceptableValues = { + 'tlsVersion': acceptableTlsVersions, + 'dtlsCipher': acceptableDtlsCiphersuites, + 'srtpCipher': acceptableSrtpCiphersuites, + 'tlsGroup': acceptableTlsGroups, +}; + +function verifyStat(name, transportStats) { + assert_not_equals(typeof transportStats, 'undefined'); + assert_true(name in transportStats, 'Value present:'); + assert_true(acceptableValues[name].has(transportStats[name])); +} + +for (const name of Object.keys(acceptableValues)) { + promise_test(async t => { + const pc1 = new RTCPeerConnection(); + const pc2 = new RTCPeerConnection(); + t.add_cleanup(() => pc1.close()); + t.add_cleanup(() => pc2.close()); + pc1.createDataChannel('foo'); + exchangeIceCandidates(pc1, pc2); + await exchangeOfferAnswer(pc1, pc2); + await waitForState(pc1.sctp.transport, 'connected'); + const statsReport = await pc1.getStats(); + const transportStats = findStatsFromReport(statsReport, + stats => stats.type === 'transport') + verifyStat(name, transportStats); + }, name + ' is acceptable on data-only'); + + promise_test(async t => { + const pc1 = new RTCPeerConnection(); + const pc2 = new RTCPeerConnection(); + t.add_cleanup(() => pc1.close()); + t.add_cleanup(() => pc2.close()); + const transceiver = pc1.addTransceiver('video'); + + exchangeIceCandidates(pc1, pc2); + await exchangeOfferAnswer(pc1, pc2); + await waitForState(transceiver.sender.transport, 'connected'); + const statsReport = await pc1.getStats(); + const transportStats = findStatsFromReport(statsReport, + stats => stats.type === 'transport') + verifyStat(name, transportStats); + }, name + ' is acceptable on video-only'); +} +</script> |