1 /*
2 * libjingle
3 * Copyright 2004 Google Inc.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "talk/media/base/cryptoparams.h"
29 #include "talk/media/base/fakertp.h"
30 #include "webrtc/p2p/base/sessiondescription.h"
31 #include "talk/session/media/srtpfilter.h"
32 #include "webrtc/base/byteorder.h"
33 #include "webrtc/base/gunit.h"
34 #include "webrtc/base/thread.h"
35 extern "C" {
36 #ifdef SRTP_RELATIVE_PATH
37 #include "crypto/include/err.h"
38 #else
39 #include "third_party/libsrtp/srtp/crypto/include/err.h"
40 #endif
41 }
42
43 using rtc::CS_AES_CM_128_HMAC_SHA1_80;
44 using rtc::CS_AES_CM_128_HMAC_SHA1_32;
45 using cricket::CryptoParams;
46 using cricket::CS_LOCAL;
47 using cricket::CS_REMOTE;
48
49 static const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
50 static const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA";
51 static const int kTestKeyLen = 30;
52 static const std::string kTestKeyParams1 =
53 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
54 static const std::string kTestKeyParams2 =
55 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
56 static const std::string kTestKeyParams3 =
57 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
58 static const std::string kTestKeyParams4 =
59 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
60 static const cricket::CryptoParams kTestCryptoParams1(
61 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams1, "");
62 static const cricket::CryptoParams kTestCryptoParams2(
63 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams2, "");
64
rtp_auth_tag_len(const std::string & cs)65 static int rtp_auth_tag_len(const std::string& cs) {
66 return (cs == CS_AES_CM_128_HMAC_SHA1_32) ? 4 : 10;
67 }
rtcp_auth_tag_len(const std::string & cs)68 static int rtcp_auth_tag_len(const std::string& cs) {
69 return 10;
70 }
71
72 class SrtpFilterTest : public testing::Test {
73 protected:
SrtpFilterTest()74 SrtpFilterTest()
75 // Need to initialize |sequence_number_|, the value does not matter.
76 : sequence_number_(1) {
77 }
MakeVector(const CryptoParams & params)78 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) {
79 std::vector<CryptoParams> vec;
80 vec.push_back(params);
81 return vec;
82 }
TestSetParams(const std::vector<CryptoParams> & params1,const std::vector<CryptoParams> & params2)83 void TestSetParams(const std::vector<CryptoParams>& params1,
84 const std::vector<CryptoParams>& params2) {
85 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL));
86 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE));
87 EXPECT_FALSE(f1_.IsActive());
88 EXPECT_FALSE(f2_.IsActive());
89 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL));
90 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE));
91 EXPECT_TRUE(f1_.IsActive());
92 EXPECT_TRUE(f2_.IsActive());
93 }
TestProtectUnprotect(const std::string & cs1,const std::string & cs2)94 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) {
95 char rtp_packet[sizeof(kPcmuFrame) + 10];
96 char original_rtp_packet[sizeof(kPcmuFrame)];
97 char rtcp_packet[sizeof(kRtcpReport) + 4 + 10];
98 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len;
99 memcpy(rtp_packet, kPcmuFrame, rtp_len);
100 // In order to be able to run this test function multiple times we can not
101 // use the same sequence number twice. Increase the sequence number by one.
102 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2,
103 ++sequence_number_);
104 memcpy(original_rtp_packet, rtp_packet, rtp_len);
105 memcpy(rtcp_packet, kRtcpReport, rtcp_len);
106
107 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len,
108 sizeof(rtp_packet), &out_len));
109 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
110 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
111 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
112 EXPECT_EQ(rtp_len, out_len);
113 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
114
115 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
116 sizeof(rtp_packet), &out_len));
117 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
118 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
119 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
120 EXPECT_EQ(rtp_len, out_len);
121 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
122
123 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len,
124 sizeof(rtcp_packet), &out_len));
125 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT
126 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
127 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
128 EXPECT_EQ(rtcp_len, out_len);
129 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
130
131 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len,
132 sizeof(rtcp_packet), &out_len));
133 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT
134 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
135 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
136 EXPECT_EQ(rtcp_len, out_len);
137 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
138 }
139 cricket::SrtpFilter f1_;
140 cricket::SrtpFilter f2_;
141 int sequence_number_;
142 };
143
144 // Test that we can set up the session and keys properly.
TEST_F(SrtpFilterTest,TestGoodSetupOneCipherSuite)145 TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) {
146 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
147 EXPECT_FALSE(f1_.IsActive());
148 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
149 EXPECT_TRUE(f1_.IsActive());
150 }
151
152 // Test that we can set up things with multiple params.
TEST_F(SrtpFilterTest,TestGoodSetupMultipleCipherSuites)153 TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) {
154 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
155 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
156 offer.push_back(kTestCryptoParams1);
157 offer[1].tag = 2;
158 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
159 answer[0].tag = 2;
160 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
161 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
162 EXPECT_FALSE(f1_.IsActive());
163 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
164 EXPECT_TRUE(f1_.IsActive());
165 }
166
167 // Test that we handle the cases where crypto is not desired.
TEST_F(SrtpFilterTest,TestGoodSetupNoCipherSuites)168 TEST_F(SrtpFilterTest, TestGoodSetupNoCipherSuites) {
169 std::vector<CryptoParams> offer, answer;
170 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
171 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
172 EXPECT_FALSE(f1_.IsActive());
173 }
174
175 // Test that we handle the cases where crypto is not desired by the remote side.
TEST_F(SrtpFilterTest,TestGoodSetupNoAnswerCipherSuites)176 TEST_F(SrtpFilterTest, TestGoodSetupNoAnswerCipherSuites) {
177 std::vector<CryptoParams> answer;
178 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
179 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
180 EXPECT_FALSE(f1_.IsActive());
181 }
182
183 // Test that we fail if we call the functions the wrong way.
TEST_F(SrtpFilterTest,TestBadSetup)184 TEST_F(SrtpFilterTest, TestBadSetup) {
185 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
186 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
187 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
188 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
189 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
190 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
191 EXPECT_FALSE(f1_.IsActive());
192 }
193
194 // Test that we can set offer multiple times from the same source.
TEST_F(SrtpFilterTest,TestGoodSetupMultipleOffers)195 TEST_F(SrtpFilterTest, TestGoodSetupMultipleOffers) {
196 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
197 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
198 EXPECT_FALSE(f1_.IsActive());
199 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
200 EXPECT_TRUE(f1_.IsActive());
201 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
202 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
203 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
204
205 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
206 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
207 EXPECT_FALSE(f2_.IsActive());
208 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
209 EXPECT_TRUE(f2_.IsActive());
210 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
211 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
212 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
213 }
214 // Test that we can't set offer multiple times from different sources.
TEST_F(SrtpFilterTest,TestBadSetupMultipleOffers)215 TEST_F(SrtpFilterTest, TestBadSetupMultipleOffers) {
216 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
217 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
218 EXPECT_FALSE(f1_.IsActive());
219 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams1), CS_REMOTE));
220 EXPECT_TRUE(f1_.IsActive());
221 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
222 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
223 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
224
225 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
226 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
227 EXPECT_FALSE(f2_.IsActive());
228 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
229 EXPECT_TRUE(f2_.IsActive());
230 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
231 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
232 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
233 }
234
235 // Test that we fail if we have params in the answer when none were offered.
TEST_F(SrtpFilterTest,TestNoAnswerCipherSuites)236 TEST_F(SrtpFilterTest, TestNoAnswerCipherSuites) {
237 std::vector<CryptoParams> offer;
238 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
239 EXPECT_FALSE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
240 EXPECT_FALSE(f1_.IsActive());
241 }
242
243 // Test that we fail if we have too many params in our answer.
TEST_F(SrtpFilterTest,TestMultipleAnswerCipherSuites)244 TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) {
245 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
246 answer.push_back(kTestCryptoParams2);
247 answer[1].tag = 2;
248 answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
249 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
250 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
251 EXPECT_FALSE(f1_.IsActive());
252 }
253
254 // Test that we fail if we don't support the cipher-suite.
TEST_F(SrtpFilterTest,TestInvalidCipherSuite)255 TEST_F(SrtpFilterTest, TestInvalidCipherSuite) {
256 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
257 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
258 offer[0].cipher_suite = answer[0].cipher_suite = "FOO";
259 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
260 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
261 EXPECT_FALSE(f1_.IsActive());
262 }
263
264 // Test that we fail if we can't agree on a tag.
TEST_F(SrtpFilterTest,TestNoMatchingTag)265 TEST_F(SrtpFilterTest, TestNoMatchingTag) {
266 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
267 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
268 answer[0].tag = 99;
269 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
270 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
271 EXPECT_FALSE(f1_.IsActive());
272 }
273
274 // Test that we fail if we can't agree on a cipher-suite.
TEST_F(SrtpFilterTest,TestNoMatchingCipherSuite)275 TEST_F(SrtpFilterTest, TestNoMatchingCipherSuite) {
276 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
277 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
278 answer[0].tag = 2;
279 answer[0].cipher_suite = "FOO";
280 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
281 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
282 EXPECT_FALSE(f1_.IsActive());
283 }
284
285 // Test that we fail keys with bad base64 content.
TEST_F(SrtpFilterTest,TestInvalidKeyData)286 TEST_F(SrtpFilterTest, TestInvalidKeyData) {
287 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
288 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
289 answer[0].key_params = "inline:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
290 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
291 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
292 EXPECT_FALSE(f1_.IsActive());
293 }
294
295 // Test that we fail keys with the wrong key-method.
TEST_F(SrtpFilterTest,TestWrongKeyMethod)296 TEST_F(SrtpFilterTest, TestWrongKeyMethod) {
297 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
298 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
299 answer[0].key_params = "outline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
300 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
301 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
302 EXPECT_FALSE(f1_.IsActive());
303 }
304
305 // Test that we fail keys of the wrong length.
TEST_F(SrtpFilterTest,TestKeyTooShort)306 TEST_F(SrtpFilterTest, TestKeyTooShort) {
307 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
308 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
309 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtx";
310 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
311 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
312 EXPECT_FALSE(f1_.IsActive());
313 }
314
315 // Test that we fail keys of the wrong length.
TEST_F(SrtpFilterTest,TestKeyTooLong)316 TEST_F(SrtpFilterTest, TestKeyTooLong) {
317 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
318 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
319 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBRABCD";
320 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
321 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
322 EXPECT_FALSE(f1_.IsActive());
323 }
324
325 // Test that we fail keys with lifetime or MKI set (since we don't support)
TEST_F(SrtpFilterTest,TestUnsupportedOptions)326 TEST_F(SrtpFilterTest, TestUnsupportedOptions) {
327 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
328 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
329 answer[0].key_params =
330 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4";
331 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
332 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
333 EXPECT_FALSE(f1_.IsActive());
334 }
335
336 // Test that we can encrypt/decrypt after setting the same CryptoParams again on
337 // one side.
TEST_F(SrtpFilterTest,TestSettingSameKeyOnOneSide)338 TEST_F(SrtpFilterTest, TestSettingSameKeyOnOneSide) {
339 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
340 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
341 TestSetParams(offer, answer);
342
343 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80,
344 CS_AES_CM_128_HMAC_SHA1_80);
345
346 // Re-applying the same keys on one end and it should not reset the ROC.
347 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
348 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
349 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
350 }
351
352 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80.
TEST_F(SrtpFilterTest,TestProtect_AES_CM_128_HMAC_SHA1_80)353 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
354 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
355 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
356 offer.push_back(kTestCryptoParams1);
357 offer[1].tag = 2;
358 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
359 TestSetParams(offer, answer);
360 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
361 }
362
363 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
TEST_F(SrtpFilterTest,TestProtect_AES_CM_128_HMAC_SHA1_32)364 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
365 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
366 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
367 offer.push_back(kTestCryptoParams1);
368 offer[1].tag = 2;
369 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
370 answer[0].tag = 2;
371 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
372 TestSetParams(offer, answer);
373 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
374 }
375
376 // Test that we can change encryption parameters.
TEST_F(SrtpFilterTest,TestChangeParameters)377 TEST_F(SrtpFilterTest, TestChangeParameters) {
378 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
379 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
380
381 TestSetParams(offer, answer);
382 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
383
384 // Change the key parameters and cipher_suite.
385 offer[0].key_params = kTestKeyParams3;
386 offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
387 answer[0].key_params = kTestKeyParams4;
388 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
389
390 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
391 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
392 EXPECT_TRUE(f1_.IsActive());
393 EXPECT_TRUE(f1_.IsActive());
394
395 // Test that the old keys are valid until the negotiation is complete.
396 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
397
398 // Complete the negotiation and test that we can still understand each other.
399 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
400 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
401
402 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
403 }
404
405 // Test that we can send and receive provisional answers with crypto enabled.
406 // Also test that we can change the crypto.
TEST_F(SrtpFilterTest,TestProvisionalAnswer)407 TEST_F(SrtpFilterTest, TestProvisionalAnswer) {
408 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
409 offer.push_back(kTestCryptoParams1);
410 offer[1].tag = 2;
411 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
412 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
413
414 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
415 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
416 EXPECT_FALSE(f1_.IsActive());
417 EXPECT_FALSE(f2_.IsActive());
418 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
419 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
420 EXPECT_TRUE(f1_.IsActive());
421 EXPECT_TRUE(f2_.IsActive());
422 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
423
424 answer[0].key_params = kTestKeyParams4;
425 answer[0].tag = 2;
426 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
427 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
428 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
429 EXPECT_TRUE(f1_.IsActive());
430 EXPECT_TRUE(f2_.IsActive());
431 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
432 }
433
434 // Test that a provisional answer doesn't need to contain a crypto.
TEST_F(SrtpFilterTest,TestProvisionalAnswerWithoutCrypto)435 TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) {
436 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
437 std::vector<CryptoParams> answer;
438
439 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
440 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
441 EXPECT_FALSE(f1_.IsActive());
442 EXPECT_FALSE(f2_.IsActive());
443 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
444 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
445 EXPECT_FALSE(f1_.IsActive());
446 EXPECT_FALSE(f2_.IsActive());
447
448 answer.push_back(kTestCryptoParams2);
449 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
450 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
451 EXPECT_TRUE(f1_.IsActive());
452 EXPECT_TRUE(f2_.IsActive());
453 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
454 }
455
456 // Test that if we get a new local offer after a provisional answer
457 // with no crypto, that we are in an inactive state.
TEST_F(SrtpFilterTest,TestLocalOfferAfterProvisionalAnswerWithoutCrypto)458 TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) {
459 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
460 std::vector<CryptoParams> answer;
461
462 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
463 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
464 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
465 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
466 EXPECT_FALSE(f1_.IsActive());
467 EXPECT_FALSE(f2_.IsActive());
468 // The calls to set an offer after a provisional answer fail, so the
469 // state doesn't change.
470 EXPECT_FALSE(f1_.SetOffer(offer, CS_LOCAL));
471 EXPECT_FALSE(f2_.SetOffer(offer, CS_REMOTE));
472 EXPECT_FALSE(f1_.IsActive());
473 EXPECT_FALSE(f2_.IsActive());
474
475 answer.push_back(kTestCryptoParams2);
476 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
477 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
478 EXPECT_TRUE(f1_.IsActive());
479 EXPECT_TRUE(f2_.IsActive());
480 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
481 }
482
483 // Test that we can disable encryption.
TEST_F(SrtpFilterTest,TestDisableEncryption)484 TEST_F(SrtpFilterTest, TestDisableEncryption) {
485 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
486 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
487
488 TestSetParams(offer, answer);
489 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
490
491 offer.clear();
492 answer.clear();
493 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
494 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
495 EXPECT_TRUE(f1_.IsActive());
496 EXPECT_TRUE(f2_.IsActive());
497
498 // Test that the old keys are valid until the negotiation is complete.
499 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
500
501 // Complete the negotiation.
502 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
503 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
504
505 EXPECT_FALSE(f1_.IsActive());
506 EXPECT_FALSE(f2_.IsActive());
507 }
508
509 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80
TEST_F(SrtpFilterTest,TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80)510 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
511 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
512 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
513 kTestKey2, kTestKeyLen));
514 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
515 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
516 kTestKey1, kTestKeyLen));
517 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
518 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
519 kTestKey2, kTestKeyLen));
520 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2,
521 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80,
522 kTestKey1, kTestKeyLen));
523 EXPECT_TRUE(f1_.IsActive());
524 EXPECT_TRUE(f2_.IsActive());
525 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
526 }
527
528 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32
TEST_F(SrtpFilterTest,TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32)529 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
530 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
531 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
532 kTestKey2, kTestKeyLen));
533 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
534 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
535 kTestKey1, kTestKeyLen));
536 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
537 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
538 kTestKey2, kTestKeyLen));
539 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2,
540 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
541 kTestKey1, kTestKeyLen));
542 EXPECT_TRUE(f1_.IsActive());
543 EXPECT_TRUE(f2_.IsActive());
544 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
545 }
546
547 // Test directly setting the params with bogus keys
TEST_F(SrtpFilterTest,TestSetParamsKeyTooShort)548 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
549 EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
550 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80,
551 kTestKey1, kTestKeyLen - 1));
552 EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1,
553 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80,
554 kTestKey1, kTestKeyLen - 1));
555 }
556
557 #if defined(ENABLE_EXTERNAL_AUTH)
TEST_F(SrtpFilterTest,TestGetSendAuthParams)558 TEST_F(SrtpFilterTest, TestGetSendAuthParams) {
559 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
560 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
561 kTestKey2, kTestKeyLen));
562 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1,
563 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32,
564 kTestKey2, kTestKeyLen));
565 uint8_t* auth_key = NULL;
566 int auth_key_len = 0, auth_tag_len = 0;
567 EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len));
568 EXPECT_TRUE(auth_key != NULL);
569 EXPECT_EQ(20, auth_key_len);
570 EXPECT_EQ(4, auth_tag_len);
571 }
572 #endif
573
574 class SrtpSessionTest : public testing::Test {
575 protected:
SetUp()576 virtual void SetUp() {
577 rtp_len_ = sizeof(kPcmuFrame);
578 rtcp_len_ = sizeof(kRtcpReport);
579 memcpy(rtp_packet_, kPcmuFrame, rtp_len_);
580 memcpy(rtcp_packet_, kRtcpReport, rtcp_len_);
581 }
TestProtectRtp(const std::string & cs)582 void TestProtectRtp(const std::string& cs) {
583 int out_len = 0;
584 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
585 sizeof(rtp_packet_), &out_len));
586 EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs));
587 EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_));
588 rtp_len_ = out_len;
589 }
TestProtectRtcp(const std::string & cs)590 void TestProtectRtcp(const std::string& cs) {
591 int out_len = 0;
592 EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
593 sizeof(rtcp_packet_), &out_len));
594 EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs)); // NOLINT
595 EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_));
596 rtcp_len_ = out_len;
597 }
TestUnprotectRtp(const std::string & cs)598 void TestUnprotectRtp(const std::string& cs) {
599 int out_len = 0, expected_len = sizeof(kPcmuFrame);
600 EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
601 EXPECT_EQ(expected_len, out_len);
602 EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len));
603 }
TestUnprotectRtcp(const std::string & cs)604 void TestUnprotectRtcp(const std::string& cs) {
605 int out_len = 0, expected_len = sizeof(kRtcpReport);
606 EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
607 EXPECT_EQ(expected_len, out_len);
608 EXPECT_EQ(0, memcmp(rtcp_packet_, kRtcpReport, out_len));
609 }
610 cricket::SrtpSession s1_;
611 cricket::SrtpSession s2_;
612 char rtp_packet_[sizeof(kPcmuFrame) + 10];
613 char rtcp_packet_[sizeof(kRtcpReport) + 4 + 10];
614 int rtp_len_;
615 int rtcp_len_;
616 };
617
618 // Test that we can set up the session and keys properly.
TEST_F(SrtpSessionTest,TestGoodSetup)619 TEST_F(SrtpSessionTest, TestGoodSetup) {
620 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
621 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
622 }
623
624 // Test that we can't change the keys once set.
TEST_F(SrtpSessionTest,TestBadSetup)625 TEST_F(SrtpSessionTest, TestBadSetup) {
626 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
627 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
628 EXPECT_FALSE(
629 s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen));
630 EXPECT_FALSE(
631 s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen));
632 }
633
634 // Test that we fail keys of the wrong length.
TEST_F(SrtpSessionTest,TestKeysTooShort)635 TEST_F(SrtpSessionTest, TestKeysTooShort) {
636 EXPECT_FALSE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1));
637 EXPECT_FALSE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1));
638 }
639
640 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80.
TEST_F(SrtpSessionTest,TestProtect_AES_CM_128_HMAC_SHA1_80)641 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
642 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
643 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
644 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
645 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
646 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80);
647 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
648 }
649
650 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
TEST_F(SrtpSessionTest,TestProtect_AES_CM_128_HMAC_SHA1_32)651 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
652 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
653 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
654 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32);
655 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
656 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32);
657 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
658 }
659
TEST_F(SrtpSessionTest,TestGetSendStreamPacketIndex)660 TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) {
661 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen));
662 int64_t index;
663 int out_len = 0;
664 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
665 sizeof(rtp_packet_), &out_len, &index));
666 // |index| will be shifted by 16.
667 int64_t be64_index = static_cast<int64_t>(rtc::NetworkToHost64(1 << 16));
668 EXPECT_EQ(be64_index, index);
669 }
670
671 // Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods.
TEST_F(SrtpSessionTest,TestTamperReject)672 TEST_F(SrtpSessionTest, TestTamperReject) {
673 int out_len;
674 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
675 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
676 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
677 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
678 rtp_packet_[0] = 0x12;
679 rtcp_packet_[1] = 0x34;
680 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
681 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
682 }
683
684 // Test that we fail to unprotect if the payloads are not authenticated.
TEST_F(SrtpSessionTest,TestUnencryptReject)685 TEST_F(SrtpSessionTest, TestUnencryptReject) {
686 int out_len;
687 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
688 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
689 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
690 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
691 }
692
693 // Test that we fail when using buffers that are too small.
TEST_F(SrtpSessionTest,TestBuffersTooSmall)694 TEST_F(SrtpSessionTest, TestBuffersTooSmall) {
695 int out_len;
696 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
697 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
698 sizeof(rtp_packet_) - 10, &out_len));
699 EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
700 sizeof(rtcp_packet_) - 14, &out_len));
701 }
702
TEST_F(SrtpSessionTest,TestReplay)703 TEST_F(SrtpSessionTest, TestReplay) {
704 static const uint16_t kMaxSeqnum = static_cast<uint16_t>(-1);
705 static const uint16_t seqnum_big = 62275;
706 static const uint16_t seqnum_small = 10;
707 static const uint16_t replay_window = 1024;
708 int out_len;
709
710 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
711 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen));
712
713 // Initial sequence number.
714 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_big);
715 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
716 &out_len));
717
718 // Replay within the 1024 window should succeed.
719 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2,
720 seqnum_big - replay_window + 1);
721 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
722 &out_len));
723
724 // Replay out side of the 1024 window should fail.
725 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2,
726 seqnum_big - replay_window - 1);
727 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
728 &out_len));
729
730 // Increment sequence number to a small number.
731 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_small);
732 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
733 &out_len));
734
735 // Replay around 0 but out side of the 1024 window should fail.
736 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2,
737 kMaxSeqnum + seqnum_small - replay_window - 1);
738 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
739 &out_len));
740
741 // Replay around 0 but within the 1024 window should succeed.
742 for (uint16_t seqnum = 65000; seqnum < 65003; ++seqnum) {
743 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum);
744 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
745 &out_len));
746 }
747
748 // Go back to normal sequence nubmer.
749 // NOTE: without the fix in libsrtp, this would fail. This is because
750 // without the fix, the loop above would keep incrementing local sequence
751 // number in libsrtp, eventually the new sequence number would go out side
752 // of the window.
753 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_small + 1);
754 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
755 &out_len));
756 }
757
758 class SrtpStatTest
759 : public testing::Test,
760 public sigslot::has_slots<> {
761 public:
SrtpStatTest()762 SrtpStatTest()
763 : ssrc_(0U),
764 mode_(-1),
765 error_(cricket::SrtpFilter::ERROR_NONE) {
766 srtp_stat_.SignalSrtpError.connect(this, &SrtpStatTest::OnSrtpError);
767 srtp_stat_.set_signal_silent_time(200);
768 }
769
770 protected:
OnSrtpError(uint32_t ssrc,cricket::SrtpFilter::Mode mode,cricket::SrtpFilter::Error error)771 void OnSrtpError(uint32_t ssrc,
772 cricket::SrtpFilter::Mode mode,
773 cricket::SrtpFilter::Error error) {
774 ssrc_ = ssrc;
775 mode_ = mode;
776 error_ = error;
777 }
Reset()778 void Reset() {
779 ssrc_ = 0U;
780 mode_ = -1;
781 error_ = cricket::SrtpFilter::ERROR_NONE;
782 }
783
784 cricket::SrtpStat srtp_stat_;
785 uint32_t ssrc_;
786 int mode_;
787 cricket::SrtpFilter::Error error_;
788
789 private:
790 RTC_DISALLOW_COPY_AND_ASSIGN(SrtpStatTest);
791 };
792
TEST_F(SrtpStatTest,TestProtectRtpError)793 TEST_F(SrtpStatTest, TestProtectRtpError) {
794 Reset();
795 srtp_stat_.AddProtectRtpResult(1, err_status_ok);
796 EXPECT_EQ(0U, ssrc_);
797 EXPECT_EQ(-1, mode_);
798 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
799 Reset();
800 srtp_stat_.AddProtectRtpResult(1, err_status_auth_fail);
801 EXPECT_EQ(1U, ssrc_);
802 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
803 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
804 Reset();
805 srtp_stat_.AddProtectRtpResult(1, err_status_fail);
806 EXPECT_EQ(1U, ssrc_);
807 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
808 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
809 // Within 200ms, the error will not be triggered.
810 Reset();
811 srtp_stat_.AddProtectRtpResult(1, err_status_fail);
812 EXPECT_EQ(0U, ssrc_);
813 EXPECT_EQ(-1, mode_);
814 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
815 // Now the error will be triggered again.
816 Reset();
817 rtc::Thread::Current()->SleepMs(210);
818 srtp_stat_.AddProtectRtpResult(1, err_status_fail);
819 EXPECT_EQ(1U, ssrc_);
820 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
821 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
822 }
823
TEST_F(SrtpStatTest,TestUnprotectRtpError)824 TEST_F(SrtpStatTest, TestUnprotectRtpError) {
825 Reset();
826 srtp_stat_.AddUnprotectRtpResult(1, err_status_ok);
827 EXPECT_EQ(0U, ssrc_);
828 EXPECT_EQ(-1, mode_);
829 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
830 Reset();
831 srtp_stat_.AddUnprotectRtpResult(1, err_status_auth_fail);
832 EXPECT_EQ(1U, ssrc_);
833 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
834 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
835 Reset();
836 srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_fail);
837 EXPECT_EQ(1U, ssrc_);
838 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
839 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
840 Reset();
841 rtc::Thread::Current()->SleepMs(210);
842 srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_old);
843 EXPECT_EQ(1U, ssrc_);
844 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
845 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
846 Reset();
847 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
848 EXPECT_EQ(1U, ssrc_);
849 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
850 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
851 // Within 200ms, the error will not be triggered.
852 Reset();
853 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
854 EXPECT_EQ(0U, ssrc_);
855 EXPECT_EQ(-1, mode_);
856 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
857 // Now the error will be triggered again.
858 Reset();
859 rtc::Thread::Current()->SleepMs(210);
860 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
861 EXPECT_EQ(1U, ssrc_);
862 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
863 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
864 }
865
TEST_F(SrtpStatTest,TestProtectRtcpError)866 TEST_F(SrtpStatTest, TestProtectRtcpError) {
867 Reset();
868 srtp_stat_.AddProtectRtcpResult(err_status_ok);
869 EXPECT_EQ(-1, mode_);
870 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
871 Reset();
872 srtp_stat_.AddProtectRtcpResult(err_status_auth_fail);
873 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
874 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
875 Reset();
876 srtp_stat_.AddProtectRtcpResult(err_status_fail);
877 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
878 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
879 // Within 200ms, the error will not be triggered.
880 Reset();
881 srtp_stat_.AddProtectRtcpResult(err_status_fail);
882 EXPECT_EQ(-1, mode_);
883 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
884 // Now the error will be triggered again.
885 Reset();
886 rtc::Thread::Current()->SleepMs(210);
887 srtp_stat_.AddProtectRtcpResult(err_status_fail);
888 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
889 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
890 }
891
TEST_F(SrtpStatTest,TestUnprotectRtcpError)892 TEST_F(SrtpStatTest, TestUnprotectRtcpError) {
893 Reset();
894 srtp_stat_.AddUnprotectRtcpResult(err_status_ok);
895 EXPECT_EQ(-1, mode_);
896 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
897 Reset();
898 srtp_stat_.AddUnprotectRtcpResult(err_status_auth_fail);
899 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
900 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
901 Reset();
902 srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail);
903 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
904 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
905 Reset();
906 rtc::Thread::Current()->SleepMs(210);
907 srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail);
908 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
909 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
910 Reset();
911 srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
912 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
913 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
914 // Within 200ms, the error will not be triggered.
915 Reset();
916 srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
917 EXPECT_EQ(-1, mode_);
918 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
919 // Now the error will be triggered again.
920 Reset();
921 rtc::Thread::Current()->SleepMs(210);
922 srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
923 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
924 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
925 }
926