Add DTLS-SRTP tests.

Just the negotiation portion as everything else is external. This feature is
used in WebRTC.

Change-Id: Iccc3983ea99e7d054b59010182f9a56a8099e116
Reviewed-on: https://boringssl-review.googlesource.com/2310
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index a302687..8c661a6 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -129,6 +129,9 @@
 	// expectedNextProtoType, if non-zero, is the expected next
 	// protocol negotiation mechanism.
 	expectedNextProtoType int
+	// expectedSRTPProtectionProfile is the DTLS-SRTP profile that
+	// should be negotiated. If zero, none should be negotiated.
+	expectedSRTPProtectionProfile uint16
 	// messageLen is the length, in bytes, of the test message that will be
 	// sent.
 	messageLen int
@@ -357,7 +360,7 @@
 		name:     "FragmentAlert",
 		config: Config{
 			Bugs: ProtocolBugs{
-				FragmentAlert: true,
+				FragmentAlert:     true,
 				SendSpuriousAlert: true,
 			},
 		},
@@ -589,6 +592,10 @@
 		}
 	}
 
+	if p := tlsConn.ConnectionState().SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile {
+		return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile)
+	}
+
 	if test.shimWritesFirst {
 		var buf [5]byte
 		_, err := io.ReadFull(tlsConn, buf[:])
@@ -1741,6 +1748,82 @@
 		shouldFail:    true,
 		expectedError: ":DECODE_ERROR:",
 	})
+	// Basic DTLS-SRTP tests. Include fake profiles to ensure they
+	// are ignored.
+	testCases = append(testCases, testCase{
+		protocol: dtls,
+		name:     "SRTP-Client",
+		config: Config{
+			SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
+		},
+		flags: []string{
+			"-srtp-profiles",
+			"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
+		},
+		expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
+	})
+	testCases = append(testCases, testCase{
+		protocol: dtls,
+		testType: serverTest,
+		name:     "SRTP-Server",
+		config: Config{
+			SRTPProtectionProfiles: []uint16{40, SRTP_AES128_CM_HMAC_SHA1_80, 42},
+		},
+		flags: []string{
+			"-srtp-profiles",
+			"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
+		},
+		expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
+	})
+	// Test that the MKI is ignored.
+	testCases = append(testCases, testCase{
+		protocol: dtls,
+		testType: serverTest,
+		name:     "SRTP-Server-IgnoreMKI",
+		config: Config{
+			SRTPProtectionProfiles: []uint16{SRTP_AES128_CM_HMAC_SHA1_80},
+			Bugs: ProtocolBugs{
+				SRTPMasterKeyIdentifer: "bogus",
+			},
+		},
+		flags: []string{
+			"-srtp-profiles",
+			"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
+		},
+		expectedSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_80,
+	})
+	// Test that SRTP isn't negotiated on the server if there were
+	// no matching profiles.
+	testCases = append(testCases, testCase{
+		protocol: dtls,
+		testType: serverTest,
+		name:     "SRTP-Server-NoMatch",
+		config: Config{
+			SRTPProtectionProfiles: []uint16{100, 101, 102},
+		},
+		flags: []string{
+			"-srtp-profiles",
+			"SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32",
+		},
+		expectedSRTPProtectionProfile: 0,
+	})
+	// Test that the server returning an invalid SRTP profile is
+	// flagged as an error by the client.
+	testCases = append(testCases, testCase{
+		protocol: dtls,
+		name:     "SRTP-Client-NoMatch",
+		config: Config{
+			Bugs: ProtocolBugs{
+				SendSRTPProtectionProfile: SRTP_AES128_CM_HMAC_SHA1_32,
+			},
+		},
+		flags: []string{
+			"-srtp-profiles",
+			"SRTP_AES128_CM_SHA1_80",
+		},
+		shouldFail:    true,
+		expectedError: ":BAD_SRTP_PROTECTION_PROFILE_LIST:",
+	})
 }
 
 func addResumptionVersionTests() {