tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

crypto-suite.https.html (2794B)

      1 <!doctype html>
      2 <meta charset=utf-8>
      3 <title>RTCPeerConnection.prototype.createOffer</title>
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="../RTCPeerConnection-helper.js"></script>
      7 <script>
      8 'use strict';
      9 
     10 // draft-ietf-rtcweb-security-20 section 6.5
     11 //
     12 // All Implementations MUST support DTLS 1.2 with the
     13 // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256
     14 // curve [FIPS186].
     15 //   .......  The DTLS-SRTP protection profile
     16 // SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP.
     17 // Implementations MUST favor cipher suites which support (Perfect
     18 // Forward Secrecy) PFS over non-PFS cipher suites and SHOULD favor AEAD
     19 // over non-AEAD cipher suites.
     20 
     21 const acceptableTlsVersions = new Set([
     22  'FEFD', // DTLS 1.2 - RFC 6437 section 4.1
     23  '0304', // TLS 1.3 - RFC 8446 section 5.1
     24  'FEFC', // DTLS 1.3 - RFC 9147 section 5.3
     25 ]);
     26 
     27 const acceptableDtlsCiphersuites = new Set([
     28  'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
     29  'TLS_AES_128_GCM_SHA256',
     30 ]);
     31 
     32 const acceptableSrtpCiphersuites = new Set([
     33  'SRTP_AES128_CM_HMAC_SHA1_80',
     34  'AES_CM_128_HMAC_SHA1_80',
     35 ]);
     36 
     37 const acceptableValues = {
     38  'tlsVersion': acceptableTlsVersions,
     39  'dtlsCipher': acceptableDtlsCiphersuites,
     40  'srtpCipher': acceptableSrtpCiphersuites,
     41 };
     42 
     43 function verifyStat(name, transportStats) {
     44  assert_not_equals(typeof transportStats, 'undefined');
     45  assert_true(name in transportStats, 'Value present:');
     46  assert_true(acceptableValues[name].has(transportStats[name]));
     47 }
     48 
     49 for (const name of Object.keys(acceptableValues)) {
     50  promise_test(async t => {
     51    const pc1 = new RTCPeerConnection();
     52    const pc2 = new RTCPeerConnection();
     53    t.add_cleanup(() => pc1.close());
     54    t.add_cleanup(() => pc2.close());
     55    pc1.createDataChannel('foo');
     56    exchangeIceCandidates(pc1, pc2);
     57    await exchangeOfferAnswer(pc1, pc2);
     58    await waitForState(pc1.sctp.transport, 'connected');
     59    const statsReport = await pc1.getStats();
     60    const transportStats = [...statsReport.values()].find(({type}) => type === 'transport');
     61    verifyStat(name, transportStats);
     62  }, name + ' is acceptable on data-only');
     63 
     64  promise_test(async t => {
     65    const pc1 = new RTCPeerConnection();
     66    const pc2 = new RTCPeerConnection();
     67    t.add_cleanup(() => pc1.close());
     68    t.add_cleanup(() => pc2.close());
     69    const transceiver = pc1.addTransceiver('video');
     70 
     71    exchangeIceCandidates(pc1, pc2);
     72    await exchangeOfferAnswer(pc1, pc2);
     73    await waitForState(transceiver.sender.transport, 'connected');
     74    const statsReport = await pc1.getStats();
     75    const transportStats = [...statsReport.values()].find(({type}) => type === 'transport');
     76    verifyStat(name, transportStats);
     77  }, name + ' is acceptable on video-only');
     78 }
     79 </script>