1 /*
2 * libjingle
3 * Copyright 2004 Google Inc.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "talk/base/byteorder.h"
29 #include "talk/base/gunit.h"
30 #include "talk/base/thread.h"
31 #include "talk/media/base/cryptoparams.h"
32 #include "talk/media/base/fakertp.h"
33 #include "talk/p2p/base/sessiondescription.h"
34 #include "talk/session/media/srtpfilter.h"
35 #ifdef SRTP_RELATIVE_PATH
36 #include "crypto/include/err.h"
37 #else
38 #include "third_party/libsrtp/crypto/include/err.h"
39 #endif
40
41 using cricket::CS_AES_CM_128_HMAC_SHA1_80;
42 using cricket::CS_AES_CM_128_HMAC_SHA1_32;
43 using cricket::CryptoParams;
44 using cricket::CS_LOCAL;
45 using cricket::CS_REMOTE;
46
47 static const uint8 kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
48 static const uint8 kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA";
49 static const int kTestKeyLen = 30;
50 static const std::string kTestKeyParams1 =
51 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
52 static const std::string kTestKeyParams2 =
53 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
54 static const std::string kTestKeyParams3 =
55 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
56 static const std::string kTestKeyParams4 =
57 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
58 static const cricket::CryptoParams kTestCryptoParams1(
59 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams1, "");
60 static const cricket::CryptoParams kTestCryptoParams2(
61 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams2, "");
62
rtp_auth_tag_len(const std::string & cs)63 static int rtp_auth_tag_len(const std::string& cs) {
64 return (cs == CS_AES_CM_128_HMAC_SHA1_32) ? 4 : 10;
65 }
rtcp_auth_tag_len(const std::string & cs)66 static int rtcp_auth_tag_len(const std::string& cs) {
67 return 10;
68 }
69
70 class SrtpFilterTest : public testing::Test {
71 protected:
SrtpFilterTest()72 SrtpFilterTest()
73 // Need to initialize |sequence_number_|, the value does not matter.
74 : sequence_number_(1) {
75 }
MakeVector(const CryptoParams & params)76 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) {
77 std::vector<CryptoParams> vec;
78 vec.push_back(params);
79 return vec;
80 }
TestSetParams(const std::vector<CryptoParams> & params1,const std::vector<CryptoParams> & params2)81 void TestSetParams(const std::vector<CryptoParams>& params1,
82 const std::vector<CryptoParams>& params2) {
83 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL));
84 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE));
85 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL));
86 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE));
87 EXPECT_TRUE(f1_.IsActive());
88 }
TestProtectUnprotect(const std::string & cs1,const std::string & cs2)89 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) {
90 char rtp_packet[sizeof(kPcmuFrame) + 10];
91 char original_rtp_packet[sizeof(kPcmuFrame)];
92 char rtcp_packet[sizeof(kRtcpReport) + 4 + 10];
93 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len;
94 memcpy(rtp_packet, kPcmuFrame, rtp_len);
95 // In order to be able to run this test function multiple times we can not
96 // use the same sequence number twice. Increase the sequence number by one.
97 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet) + 2,
98 ++sequence_number_);
99 memcpy(original_rtp_packet, rtp_packet, rtp_len);
100 memcpy(rtcp_packet, kRtcpReport, rtcp_len);
101
102 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len,
103 sizeof(rtp_packet), &out_len));
104 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
105 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
106 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
107 EXPECT_EQ(rtp_len, out_len);
108 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
109
110 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
111 sizeof(rtp_packet), &out_len));
112 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
113 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
114 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
115 EXPECT_EQ(rtp_len, out_len);
116 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
117
118 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len,
119 sizeof(rtcp_packet), &out_len));
120 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT
121 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
122 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
123 EXPECT_EQ(rtcp_len, out_len);
124 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
125
126 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len,
127 sizeof(rtcp_packet), &out_len));
128 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT
129 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
130 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
131 EXPECT_EQ(rtcp_len, out_len);
132 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
133 }
134 cricket::SrtpFilter f1_;
135 cricket::SrtpFilter f2_;
136 int sequence_number_;
137 };
138
139 // Test that we can set up the session and keys properly.
TEST_F(SrtpFilterTest,TestGoodSetupOneCipherSuite)140 TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) {
141 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
142 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
143 EXPECT_TRUE(f1_.IsActive());
144 }
145
146 // Test that we can set up things with multiple params.
TEST_F(SrtpFilterTest,TestGoodSetupMultipleCipherSuites)147 TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) {
148 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
149 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
150 offer.push_back(kTestCryptoParams1);
151 offer[1].tag = 2;
152 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
153 answer[0].tag = 2;
154 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
155 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
156 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
157 EXPECT_TRUE(f1_.IsActive());
158 }
159
160 // Test that we handle the cases where crypto is not desired.
TEST_F(SrtpFilterTest,TestGoodSetupNoCipherSuites)161 TEST_F(SrtpFilterTest, TestGoodSetupNoCipherSuites) {
162 std::vector<CryptoParams> offer, answer;
163 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
164 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
165 EXPECT_FALSE(f1_.IsActive());
166 }
167
168 // Test that we handle the cases where crypto is not desired by the remote side.
TEST_F(SrtpFilterTest,TestGoodSetupNoAnswerCipherSuites)169 TEST_F(SrtpFilterTest, TestGoodSetupNoAnswerCipherSuites) {
170 std::vector<CryptoParams> answer;
171 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
172 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
173 EXPECT_FALSE(f1_.IsActive());
174 }
175
176 // Test that we fail if we call the functions the wrong way.
TEST_F(SrtpFilterTest,TestBadSetup)177 TEST_F(SrtpFilterTest, TestBadSetup) {
178 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
179 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
180 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
181 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
182 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
183 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
184 EXPECT_FALSE(f1_.IsActive());
185 }
186
187 // Test that we can set offer multiple times from the same source.
TEST_F(SrtpFilterTest,TestGoodSetupMultipleOffers)188 TEST_F(SrtpFilterTest, TestGoodSetupMultipleOffers) {
189 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
190 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
191 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
192 EXPECT_TRUE(f1_.IsActive());
193 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
194 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
195 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
196
197 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
198 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
199 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
200 EXPECT_TRUE(f2_.IsActive());
201 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
202 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
203 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
204 }
205 // Test that we can't set offer multiple times from different sources.
TEST_F(SrtpFilterTest,TestBadSetupMultipleOffers)206 TEST_F(SrtpFilterTest, TestBadSetupMultipleOffers) {
207 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
208 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
209 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams1), CS_REMOTE));
210 EXPECT_TRUE(f1_.IsActive());
211 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
212 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
213 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
214
215 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
216 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
217 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
218 EXPECT_TRUE(f2_.IsActive());
219 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
220 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
221 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
222 }
223
224 // Test that we fail if we have params in the answer when none were offered.
TEST_F(SrtpFilterTest,TestNoAnswerCipherSuites)225 TEST_F(SrtpFilterTest, TestNoAnswerCipherSuites) {
226 std::vector<CryptoParams> offer;
227 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
228 EXPECT_FALSE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
229 EXPECT_FALSE(f1_.IsActive());
230 }
231
232 // Test that we fail if we have too many params in our answer.
TEST_F(SrtpFilterTest,TestMultipleAnswerCipherSuites)233 TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) {
234 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
235 answer.push_back(kTestCryptoParams2);
236 answer[1].tag = 2;
237 answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
238 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
239 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
240 EXPECT_FALSE(f1_.IsActive());
241 }
242
243 // Test that we fail if we don't support the cipher-suite.
TEST_F(SrtpFilterTest,TestInvalidCipherSuite)244 TEST_F(SrtpFilterTest, TestInvalidCipherSuite) {
245 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
246 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
247 offer[0].cipher_suite = answer[0].cipher_suite = "FOO";
248 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
249 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
250 EXPECT_FALSE(f1_.IsActive());
251 }
252
253 // Test that we fail if we can't agree on a tag.
TEST_F(SrtpFilterTest,TestNoMatchingTag)254 TEST_F(SrtpFilterTest, TestNoMatchingTag) {
255 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
256 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
257 answer[0].tag = 99;
258 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
259 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
260 EXPECT_FALSE(f1_.IsActive());
261 }
262
263 // Test that we fail if we can't agree on a cipher-suite.
TEST_F(SrtpFilterTest,TestNoMatchingCipherSuite)264 TEST_F(SrtpFilterTest, TestNoMatchingCipherSuite) {
265 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
266 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
267 answer[0].tag = 2;
268 answer[0].cipher_suite = "FOO";
269 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
270 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
271 EXPECT_FALSE(f1_.IsActive());
272 }
273
274 // Test that we fail keys with bad base64 content.
TEST_F(SrtpFilterTest,TestInvalidKeyData)275 TEST_F(SrtpFilterTest, TestInvalidKeyData) {
276 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
277 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
278 answer[0].key_params = "inline:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
279 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
280 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
281 EXPECT_FALSE(f1_.IsActive());
282 }
283
284 // Test that we fail keys with the wrong key-method.
TEST_F(SrtpFilterTest,TestWrongKeyMethod)285 TEST_F(SrtpFilterTest, TestWrongKeyMethod) {
286 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
287 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
288 answer[0].key_params = "outline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
289 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
290 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
291 EXPECT_FALSE(f1_.IsActive());
292 }
293
294 // Test that we fail keys of the wrong length.
TEST_F(SrtpFilterTest,TestKeyTooShort)295 TEST_F(SrtpFilterTest, TestKeyTooShort) {
296 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
297 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
298 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtx";
299 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
300 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
301 EXPECT_FALSE(f1_.IsActive());
302 }
303
304 // Test that we fail keys of the wrong length.
TEST_F(SrtpFilterTest,TestKeyTooLong)305 TEST_F(SrtpFilterTest, TestKeyTooLong) {
306 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
307 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
308 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBRABCD";
309 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
310 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
311 EXPECT_FALSE(f1_.IsActive());
312 }
313
314 // Test that we fail keys with lifetime or MKI set (since we don't support)
TEST_F(SrtpFilterTest,TestUnsupportedOptions)315 TEST_F(SrtpFilterTest, TestUnsupportedOptions) {
316 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
317 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
318 answer[0].key_params =
319 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4";
320 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
321 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
322 EXPECT_FALSE(f1_.IsActive());
323 }
324
325 // Test that we can encrypt/decrypt after setting the same CryptoParams again on
326 // one side.
TEST_F(SrtpFilterTest,TestSettingSameKeyOnOneSide)327 TEST_F(SrtpFilterTest, TestSettingSameKeyOnOneSide) {
328 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
329 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
330 TestSetParams(offer, answer);
331
332 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80,
333 CS_AES_CM_128_HMAC_SHA1_80);
334
335 // Re-applying the same keys on one end and it should not reset the ROC.
336 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
337 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
338 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
339 }
340
341 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80.
TEST_F(SrtpFilterTest,TestProtect_AES_CM_128_HMAC_SHA1_80)342 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
343 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
344 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
345 offer.push_back(kTestCryptoParams1);
346 offer[1].tag = 2;
347 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
348 TestSetParams(offer, answer);
349 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
350 }
351
352 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
TEST_F(SrtpFilterTest,TestProtect_AES_CM_128_HMAC_SHA1_32)353 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
354 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
355 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
356 offer.push_back(kTestCryptoParams1);
357 offer[1].tag = 2;
358 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
359 answer[0].tag = 2;
360 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
361 TestSetParams(offer, answer);
362 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
363 }
364
365 // Test that we can change encryption parameters.
TEST_F(SrtpFilterTest,TestChangeParameters)366 TEST_F(SrtpFilterTest, TestChangeParameters) {
367 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
368 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
369
370 TestSetParams(offer, answer);
371 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
372
373 // Change the key parameters and cipher_suite.
374 offer[0].key_params = kTestKeyParams3;
375 offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
376 answer[0].key_params = kTestKeyParams4;
377 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
378
379 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
380 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
381 EXPECT_TRUE(f1_.IsActive());
382 EXPECT_TRUE(f1_.IsActive());
383
384 // Test that the old keys are valid until the negotiation is complete.
385 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
386
387 // Complete the negotiation and test that we can still understand each other.
388 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
389 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
390
391 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
392 }
393
394 // Test that we can send and receive provisional answers with crypto enabled.
395 // Also test that we can change the crypto.
TEST_F(SrtpFilterTest,TestProvisionalAnswer)396 TEST_F(SrtpFilterTest, TestProvisionalAnswer) {
397 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
398 offer.push_back(kTestCryptoParams1);
399 offer[1].tag = 2;
400 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
401 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
402
403 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
404 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
405 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
406 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
407 EXPECT_TRUE(f1_.IsActive());
408 EXPECT_TRUE(f2_.IsActive());
409 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
410
411 answer[0].key_params = kTestKeyParams4;
412 answer[0].tag = 2;
413 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
414 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
415 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
416 EXPECT_TRUE(f1_.IsActive());
417 EXPECT_TRUE(f2_.IsActive());
418 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
419 }
420
421 // Test that a provisional answer doesn't need to contain a crypto.
TEST_F(SrtpFilterTest,TestProvisionalAnswerWithoutCrypto)422 TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) {
423 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
424 std::vector<CryptoParams> answer;
425
426 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
427 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
428 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
429 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
430 EXPECT_FALSE(f1_.IsActive());
431 EXPECT_FALSE(f2_.IsActive());
432
433 answer.push_back(kTestCryptoParams2);
434 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
435 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
436 EXPECT_TRUE(f1_.IsActive());
437 EXPECT_TRUE(f2_.IsActive());
438 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
439 }
440
441 // Test that we can disable encryption.
TEST_F(SrtpFilterTest,TestDisableEncryption)442 TEST_F(SrtpFilterTest, TestDisableEncryption) {
443 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
444 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
445
446 TestSetParams(offer, answer);
447 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
448
449 offer.clear();
450 answer.clear();
451 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
452 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
453 EXPECT_TRUE(f1_.IsActive());
454 EXPECT_TRUE(f2_.IsActive());
455
456 // Test that the old keys are valid until the negotiation is complete.
457 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
458
459 // Complete the negotiation.
460 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
461 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
462
463 EXPECT_FALSE(f1_.IsActive());
464 EXPECT_FALSE(f2_.IsActive());
465 }
466
467 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80
TEST_F(SrtpFilterTest,TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80)468 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
469 EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
470 kTestKey1, kTestKeyLen,
471 CS_AES_CM_128_HMAC_SHA1_80,
472 kTestKey2, kTestKeyLen));
473 EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
474 kTestKey2, kTestKeyLen,
475 CS_AES_CM_128_HMAC_SHA1_80,
476 kTestKey1, kTestKeyLen));
477 EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
478 kTestKey1, kTestKeyLen,
479 CS_AES_CM_128_HMAC_SHA1_80,
480 kTestKey2, kTestKeyLen));
481 EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
482 kTestKey2, kTestKeyLen,
483 CS_AES_CM_128_HMAC_SHA1_80,
484 kTestKey1, kTestKeyLen));
485 EXPECT_TRUE(f1_.IsActive());
486 EXPECT_TRUE(f2_.IsActive());
487 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
488 }
489
490 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32
TEST_F(SrtpFilterTest,TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32)491 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
492 EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
493 kTestKey1, kTestKeyLen,
494 CS_AES_CM_128_HMAC_SHA1_32,
495 kTestKey2, kTestKeyLen));
496 EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
497 kTestKey2, kTestKeyLen,
498 CS_AES_CM_128_HMAC_SHA1_32,
499 kTestKey1, kTestKeyLen));
500 EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
501 kTestKey1, kTestKeyLen,
502 CS_AES_CM_128_HMAC_SHA1_32,
503 kTestKey2, kTestKeyLen));
504 EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
505 kTestKey2, kTestKeyLen,
506 CS_AES_CM_128_HMAC_SHA1_32,
507 kTestKey1, kTestKeyLen));
508 EXPECT_TRUE(f1_.IsActive());
509 EXPECT_TRUE(f2_.IsActive());
510 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
511 }
512
513 // Test directly setting the params with bogus keys
TEST_F(SrtpFilterTest,TestSetParamsKeyTooShort)514 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
515 EXPECT_FALSE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
516 kTestKey1, kTestKeyLen - 1,
517 CS_AES_CM_128_HMAC_SHA1_80,
518 kTestKey1, kTestKeyLen - 1));
519 EXPECT_FALSE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
520 kTestKey1, kTestKeyLen - 1,
521 CS_AES_CM_128_HMAC_SHA1_80,
522 kTestKey1, kTestKeyLen - 1));
523 }
524
525 class SrtpSessionTest : public testing::Test {
526 protected:
SetUp()527 virtual void SetUp() {
528 rtp_len_ = sizeof(kPcmuFrame);
529 rtcp_len_ = sizeof(kRtcpReport);
530 memcpy(rtp_packet_, kPcmuFrame, rtp_len_);
531 memcpy(rtcp_packet_, kRtcpReport, rtcp_len_);
532 }
TestProtectRtp(const std::string & cs)533 void TestProtectRtp(const std::string& cs) {
534 int out_len = 0;
535 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
536 sizeof(rtp_packet_), &out_len));
537 EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs));
538 EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_));
539 rtp_len_ = out_len;
540 }
TestProtectRtcp(const std::string & cs)541 void TestProtectRtcp(const std::string& cs) {
542 int out_len = 0;
543 EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
544 sizeof(rtcp_packet_), &out_len));
545 EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs)); // NOLINT
546 EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_));
547 rtcp_len_ = out_len;
548 }
TestUnprotectRtp(const std::string & cs)549 void TestUnprotectRtp(const std::string& cs) {
550 int out_len = 0, expected_len = sizeof(kPcmuFrame);
551 EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
552 EXPECT_EQ(expected_len, out_len);
553 EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len));
554 }
TestUnprotectRtcp(const std::string & cs)555 void TestUnprotectRtcp(const std::string& cs) {
556 int out_len = 0, expected_len = sizeof(kRtcpReport);
557 EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
558 EXPECT_EQ(expected_len, out_len);
559 EXPECT_EQ(0, memcmp(rtcp_packet_, kRtcpReport, out_len));
560 }
561 cricket::SrtpSession s1_;
562 cricket::SrtpSession s2_;
563 char rtp_packet_[sizeof(kPcmuFrame) + 10];
564 char rtcp_packet_[sizeof(kRtcpReport) + 4 + 10];
565 int rtp_len_;
566 int rtcp_len_;
567 };
568
569 // Test that we can set up the session and keys properly.
TEST_F(SrtpSessionTest,TestGoodSetup)570 TEST_F(SrtpSessionTest, TestGoodSetup) {
571 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
572 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
573 }
574
575 // Test that we can't change the keys once set.
TEST_F(SrtpSessionTest,TestBadSetup)576 TEST_F(SrtpSessionTest, TestBadSetup) {
577 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
578 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
579 EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
580 EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
581 }
582
583 // Test that we fail keys of the wrong length.
TEST_F(SrtpSessionTest,TestKeysTooShort)584 TEST_F(SrtpSessionTest, TestKeysTooShort) {
585 EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
586 EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
587 }
588
589 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80.
TEST_F(SrtpSessionTest,TestProtect_AES_CM_128_HMAC_SHA1_80)590 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
591 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
592 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
593 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
594 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
595 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80);
596 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
597 }
598
599 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
TEST_F(SrtpSessionTest,TestProtect_AES_CM_128_HMAC_SHA1_32)600 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
601 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
602 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
603 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32);
604 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
605 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32);
606 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
607 }
608
609 // Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods.
TEST_F(SrtpSessionTest,TestTamperReject)610 TEST_F(SrtpSessionTest, TestTamperReject) {
611 int out_len;
612 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
613 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
614 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
615 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
616 rtp_packet_[0] = 0x12;
617 rtcp_packet_[1] = 0x34;
618 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
619 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
620 }
621
622 // Test that we fail to unprotect if the payloads are not authenticated.
TEST_F(SrtpSessionTest,TestUnencryptReject)623 TEST_F(SrtpSessionTest, TestUnencryptReject) {
624 int out_len;
625 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
626 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
627 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
628 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
629 }
630
631 // Test that we fail when using buffers that are too small.
TEST_F(SrtpSessionTest,TestBuffersTooSmall)632 TEST_F(SrtpSessionTest, TestBuffersTooSmall) {
633 int out_len;
634 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
635 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
636 sizeof(rtp_packet_) - 10, &out_len));
637 EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
638 sizeof(rtcp_packet_) - 14, &out_len));
639 }
640
TEST_F(SrtpSessionTest,TestReplay)641 TEST_F(SrtpSessionTest, TestReplay) {
642 static const uint16 kMaxSeqnum = static_cast<uint16>(-1);
643 static const uint16 seqnum_big = 62275;
644 static const uint16 seqnum_small = 10;
645 static const uint16 replay_window = 1024;
646 int out_len;
647
648 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
649 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
650
651 // Initial sequence number.
652 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum_big);
653 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
654 &out_len));
655
656 // Replay within the 1024 window should succeed.
657 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
658 seqnum_big - replay_window + 1);
659 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
660 &out_len));
661
662 // Replay out side of the 1024 window should fail.
663 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
664 seqnum_big - replay_window - 1);
665 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
666 &out_len));
667
668 // Increment sequence number to a small number.
669 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum_small);
670 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
671 &out_len));
672
673 // Replay around 0 but out side of the 1024 window should fail.
674 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
675 kMaxSeqnum + seqnum_small - replay_window - 1);
676 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
677 &out_len));
678
679 // Replay around 0 but within the 1024 window should succeed.
680 for (uint16 seqnum = 65000; seqnum < 65003; ++seqnum) {
681 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum);
682 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
683 &out_len));
684 }
685
686 // Go back to normal sequence nubmer.
687 // NOTE: without the fix in libsrtp, this would fail. This is because
688 // without the fix, the loop above would keep incrementing local sequence
689 // number in libsrtp, eventually the new sequence number would go out side
690 // of the window.
691 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
692 seqnum_small + 1);
693 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
694 &out_len));
695 }
696
697 class SrtpStatTest
698 : public testing::Test,
699 public sigslot::has_slots<> {
700 public:
SrtpStatTest()701 SrtpStatTest()
702 : ssrc_(0U),
703 mode_(-1),
704 error_(cricket::SrtpFilter::ERROR_NONE) {
705 srtp_stat_.SignalSrtpError.connect(this, &SrtpStatTest::OnSrtpError);
706 srtp_stat_.set_signal_silent_time(200);
707 }
708
709 protected:
OnSrtpError(uint32 ssrc,cricket::SrtpFilter::Mode mode,cricket::SrtpFilter::Error error)710 void OnSrtpError(uint32 ssrc, cricket::SrtpFilter::Mode mode,
711 cricket::SrtpFilter::Error error) {
712 ssrc_ = ssrc;
713 mode_ = mode;
714 error_ = error;
715 }
Reset()716 void Reset() {
717 ssrc_ = 0U;
718 mode_ = -1;
719 error_ = cricket::SrtpFilter::ERROR_NONE;
720 }
721
722 cricket::SrtpStat srtp_stat_;
723 uint32 ssrc_;
724 int mode_;
725 cricket::SrtpFilter::Error error_;
726
727 private:
728 DISALLOW_COPY_AND_ASSIGN(SrtpStatTest);
729 };
730
TEST_F(SrtpStatTest,TestProtectRtpError)731 TEST_F(SrtpStatTest, TestProtectRtpError) {
732 Reset();
733 srtp_stat_.AddProtectRtpResult(1, err_status_ok);
734 EXPECT_EQ(0U, ssrc_);
735 EXPECT_EQ(-1, mode_);
736 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
737 Reset();
738 srtp_stat_.AddProtectRtpResult(1, err_status_auth_fail);
739 EXPECT_EQ(1U, ssrc_);
740 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
741 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
742 Reset();
743 srtp_stat_.AddProtectRtpResult(1, err_status_fail);
744 EXPECT_EQ(1U, ssrc_);
745 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
746 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
747 // Within 200ms, the error will not be triggered.
748 Reset();
749 srtp_stat_.AddProtectRtpResult(1, err_status_fail);
750 EXPECT_EQ(0U, ssrc_);
751 EXPECT_EQ(-1, mode_);
752 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
753 // Now the error will be triggered again.
754 Reset();
755 talk_base::Thread::Current()->SleepMs(210);
756 srtp_stat_.AddProtectRtpResult(1, err_status_fail);
757 EXPECT_EQ(1U, ssrc_);
758 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
759 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
760 }
761
TEST_F(SrtpStatTest,TestUnprotectRtpError)762 TEST_F(SrtpStatTest, TestUnprotectRtpError) {
763 Reset();
764 srtp_stat_.AddUnprotectRtpResult(1, err_status_ok);
765 EXPECT_EQ(0U, ssrc_);
766 EXPECT_EQ(-1, mode_);
767 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
768 Reset();
769 srtp_stat_.AddUnprotectRtpResult(1, err_status_auth_fail);
770 EXPECT_EQ(1U, ssrc_);
771 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
772 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
773 Reset();
774 srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_fail);
775 EXPECT_EQ(1U, ssrc_);
776 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
777 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
778 Reset();
779 talk_base::Thread::Current()->SleepMs(210);
780 srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_old);
781 EXPECT_EQ(1U, ssrc_);
782 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
783 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
784 Reset();
785 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
786 EXPECT_EQ(1U, ssrc_);
787 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
788 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
789 // Within 200ms, the error will not be triggered.
790 Reset();
791 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
792 EXPECT_EQ(0U, ssrc_);
793 EXPECT_EQ(-1, mode_);
794 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
795 // Now the error will be triggered again.
796 Reset();
797 talk_base::Thread::Current()->SleepMs(210);
798 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
799 EXPECT_EQ(1U, ssrc_);
800 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
801 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
802 }
803
TEST_F(SrtpStatTest,TestProtectRtcpError)804 TEST_F(SrtpStatTest, TestProtectRtcpError) {
805 Reset();
806 srtp_stat_.AddProtectRtcpResult(err_status_ok);
807 EXPECT_EQ(-1, mode_);
808 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
809 Reset();
810 srtp_stat_.AddProtectRtcpResult(err_status_auth_fail);
811 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
812 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
813 Reset();
814 srtp_stat_.AddProtectRtcpResult(err_status_fail);
815 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
816 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
817 // Within 200ms, the error will not be triggered.
818 Reset();
819 srtp_stat_.AddProtectRtcpResult(err_status_fail);
820 EXPECT_EQ(-1, mode_);
821 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
822 // Now the error will be triggered again.
823 Reset();
824 talk_base::Thread::Current()->SleepMs(210);
825 srtp_stat_.AddProtectRtcpResult(err_status_fail);
826 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
827 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
828 }
829
TEST_F(SrtpStatTest,TestUnprotectRtcpError)830 TEST_F(SrtpStatTest, TestUnprotectRtcpError) {
831 Reset();
832 srtp_stat_.AddUnprotectRtcpResult(err_status_ok);
833 EXPECT_EQ(-1, mode_);
834 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
835 Reset();
836 srtp_stat_.AddUnprotectRtcpResult(err_status_auth_fail);
837 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
838 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
839 Reset();
840 srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail);
841 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
842 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
843 Reset();
844 talk_base::Thread::Current()->SleepMs(210);
845 srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail);
846 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
847 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
848 Reset();
849 srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
850 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
851 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
852 // Within 200ms, the error will not be triggered.
853 Reset();
854 srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
855 EXPECT_EQ(-1, mode_);
856 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
857 // Now the error will be triggered again.
858 Reset();
859 talk_base::Thread::Current()->SleepMs(210);
860 srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
861 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
862 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
863 }
864