1 /*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include <set>
12
13 #include "webrtc/p2p/base/dtlstransport.h"
14 #include "webrtc/p2p/base/faketransportcontroller.h"
15 #include "webrtc/base/common.h"
16 #include "webrtc/base/dscp.h"
17 #include "webrtc/base/gunit.h"
18 #include "webrtc/base/helpers.h"
19 #include "webrtc/base/scoped_ptr.h"
20 #include "webrtc/base/ssladapter.h"
21 #include "webrtc/base/sslidentity.h"
22 #include "webrtc/base/sslstreamadapter.h"
23 #include "webrtc/base/stringutils.h"
24
25 #define MAYBE_SKIP_TEST(feature) \
26 if (!(rtc::SSLStreamAdapter::feature())) { \
27 LOG(LS_INFO) << "Feature disabled... skipping"; \
28 return; \
29 }
30
31 static const char kIceUfrag1[] = "TESTICEUFRAG0001";
32 static const char kIcePwd1[] = "TESTICEPWD00000000000001";
33 static const size_t kPacketNumOffset = 8;
34 static const size_t kPacketHeaderLen = 12;
35 static const int kFakePacketId = 0x1234;
36
IsRtpLeadByte(uint8_t b)37 static bool IsRtpLeadByte(uint8_t b) {
38 return ((b & 0xC0) == 0x80);
39 }
40
41 using cricket::ConnectionRole;
42
43 enum Flags { NF_REOFFER = 0x1, NF_EXPECT_FAILURE = 0x2 };
44
45 class DtlsTestClient : public sigslot::has_slots<> {
46 public:
DtlsTestClient(const std::string & name)47 DtlsTestClient(const std::string& name)
48 : name_(name),
49 packet_size_(0),
50 use_dtls_srtp_(false),
51 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_12),
52 negotiated_dtls_(false),
53 received_dtls_client_hello_(false),
54 received_dtls_server_hello_(false) {}
CreateCertificate(rtc::KeyType key_type)55 void CreateCertificate(rtc::KeyType key_type) {
56 certificate_ =
57 rtc::RTCCertificate::Create(rtc::scoped_ptr<rtc::SSLIdentity>(
58 rtc::SSLIdentity::Generate(name_, key_type)));
59 }
certificate()60 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() {
61 return certificate_;
62 }
SetupSrtp()63 void SetupSrtp() {
64 ASSERT(certificate_);
65 use_dtls_srtp_ = true;
66 }
SetupMaxProtocolVersion(rtc::SSLProtocolVersion version)67 void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) {
68 ASSERT(!transport_);
69 ssl_max_version_ = version;
70 }
SetupChannels(int count,cricket::IceRole role)71 void SetupChannels(int count, cricket::IceRole role) {
72 transport_.reset(new cricket::DtlsTransport<cricket::FakeTransport>(
73 "dtls content name", nullptr, certificate_));
74 transport_->SetAsync(true);
75 transport_->SetIceRole(role);
76 transport_->SetIceTiebreaker(
77 (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2);
78
79 for (int i = 0; i < count; ++i) {
80 cricket::DtlsTransportChannelWrapper* channel =
81 static_cast<cricket::DtlsTransportChannelWrapper*>(
82 transport_->CreateChannel(i));
83 ASSERT_TRUE(channel != NULL);
84 channel->SetSslMaxProtocolVersion(ssl_max_version_);
85 channel->SignalWritableState.connect(this,
86 &DtlsTestClient::OnTransportChannelWritableState);
87 channel->SignalReadPacket.connect(this,
88 &DtlsTestClient::OnTransportChannelReadPacket);
89 channel->SignalSentPacket.connect(
90 this, &DtlsTestClient::OnTransportChannelSentPacket);
91 channels_.push_back(channel);
92
93 // Hook the raw packets so that we can verify they are encrypted.
94 channel->channel()->SignalReadPacket.connect(
95 this, &DtlsTestClient::OnFakeTransportChannelReadPacket);
96 }
97 }
98
transport()99 cricket::Transport* transport() { return transport_.get(); }
100
GetFakeChannel(int component)101 cricket::FakeTransportChannel* GetFakeChannel(int component) {
102 cricket::TransportChannelImpl* ch = transport_->GetChannel(component);
103 cricket::DtlsTransportChannelWrapper* wrapper =
104 static_cast<cricket::DtlsTransportChannelWrapper*>(ch);
105 return (wrapper) ?
106 static_cast<cricket::FakeTransportChannel*>(wrapper->channel()) : NULL;
107 }
108
109 // Offer DTLS if we have an identity; pass in a remote fingerprint only if
110 // both sides support DTLS.
Negotiate(DtlsTestClient * peer,cricket::ContentAction action,ConnectionRole local_role,ConnectionRole remote_role,int flags)111 void Negotiate(DtlsTestClient* peer, cricket::ContentAction action,
112 ConnectionRole local_role, ConnectionRole remote_role,
113 int flags) {
114 Negotiate(certificate_, certificate_ ? peer->certificate_ : nullptr, action,
115 local_role, remote_role, flags);
116 }
117
118 // Allow any DTLS configuration to be specified (including invalid ones).
Negotiate(const rtc::scoped_refptr<rtc::RTCCertificate> & local_cert,const rtc::scoped_refptr<rtc::RTCCertificate> & remote_cert,cricket::ContentAction action,ConnectionRole local_role,ConnectionRole remote_role,int flags)119 void Negotiate(const rtc::scoped_refptr<rtc::RTCCertificate>& local_cert,
120 const rtc::scoped_refptr<rtc::RTCCertificate>& remote_cert,
121 cricket::ContentAction action,
122 ConnectionRole local_role,
123 ConnectionRole remote_role,
124 int flags) {
125 rtc::scoped_ptr<rtc::SSLFingerprint> local_fingerprint;
126 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint;
127 if (local_cert) {
128 std::string digest_algorithm;
129 ASSERT_TRUE(local_cert->ssl_certificate().GetSignatureDigestAlgorithm(
130 &digest_algorithm));
131 ASSERT_FALSE(digest_algorithm.empty());
132 local_fingerprint.reset(rtc::SSLFingerprint::Create(
133 digest_algorithm, local_cert->identity()));
134 ASSERT_TRUE(local_fingerprint.get() != NULL);
135 EXPECT_EQ(rtc::DIGEST_SHA_256, digest_algorithm);
136 }
137 if (remote_cert) {
138 std::string digest_algorithm;
139 ASSERT_TRUE(remote_cert->ssl_certificate().GetSignatureDigestAlgorithm(
140 &digest_algorithm));
141 ASSERT_FALSE(digest_algorithm.empty());
142 remote_fingerprint.reset(rtc::SSLFingerprint::Create(
143 digest_algorithm, remote_cert->identity()));
144 ASSERT_TRUE(remote_fingerprint.get() != NULL);
145 EXPECT_EQ(rtc::DIGEST_SHA_256, digest_algorithm);
146 }
147
148 if (use_dtls_srtp_ && !(flags & NF_REOFFER)) {
149 // SRTP ciphers will be set only in the beginning.
150 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
151 channels_.begin(); it != channels_.end(); ++it) {
152 std::vector<int> ciphers;
153 ciphers.push_back(rtc::SRTP_AES128_CM_SHA1_80);
154 ASSERT_TRUE((*it)->SetSrtpCryptoSuites(ciphers));
155 }
156 }
157
158 cricket::TransportDescription local_desc(
159 std::vector<std::string>(), kIceUfrag1, kIcePwd1, cricket::ICEMODE_FULL,
160 local_role,
161 // If remote if the offerer and has no DTLS support, answer will be
162 // without any fingerprint.
163 (action == cricket::CA_ANSWER && !remote_cert)
164 ? nullptr
165 : local_fingerprint.get(),
166 cricket::Candidates());
167
168 cricket::TransportDescription remote_desc(
169 std::vector<std::string>(), kIceUfrag1, kIcePwd1, cricket::ICEMODE_FULL,
170 remote_role, remote_fingerprint.get(), cricket::Candidates());
171
172 bool expect_success = (flags & NF_EXPECT_FAILURE) ? false : true;
173 // If |expect_success| is false, expect SRTD or SLTD to fail when
174 // content action is CA_ANSWER.
175 if (action == cricket::CA_OFFER) {
176 ASSERT_TRUE(transport_->SetLocalTransportDescription(
177 local_desc, cricket::CA_OFFER, NULL));
178 ASSERT_EQ(expect_success, transport_->SetRemoteTransportDescription(
179 remote_desc, cricket::CA_ANSWER, NULL));
180 } else {
181 ASSERT_TRUE(transport_->SetRemoteTransportDescription(
182 remote_desc, cricket::CA_OFFER, NULL));
183 ASSERT_EQ(expect_success, transport_->SetLocalTransportDescription(
184 local_desc, cricket::CA_ANSWER, NULL));
185 }
186 negotiated_dtls_ = (local_cert && remote_cert);
187 }
188
Connect(DtlsTestClient * peer)189 bool Connect(DtlsTestClient* peer) {
190 transport_->ConnectChannels();
191 transport_->SetDestination(peer->transport_.get());
192 return true;
193 }
194
all_channels_writable() const195 bool all_channels_writable() const {
196 if (channels_.empty()) {
197 return false;
198 }
199 for (cricket::DtlsTransportChannelWrapper* channel : channels_) {
200 if (!channel->writable()) {
201 return false;
202 }
203 }
204 return true;
205 }
206
CheckRole(rtc::SSLRole role)207 void CheckRole(rtc::SSLRole role) {
208 if (role == rtc::SSL_CLIENT) {
209 ASSERT_FALSE(received_dtls_client_hello_);
210 ASSERT_TRUE(received_dtls_server_hello_);
211 } else {
212 ASSERT_TRUE(received_dtls_client_hello_);
213 ASSERT_FALSE(received_dtls_server_hello_);
214 }
215 }
216
CheckSrtp(int expected_crypto_suite)217 void CheckSrtp(int expected_crypto_suite) {
218 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
219 channels_.begin(); it != channels_.end(); ++it) {
220 int crypto_suite;
221
222 bool rv = (*it)->GetSrtpCryptoSuite(&crypto_suite);
223 if (negotiated_dtls_ && expected_crypto_suite) {
224 ASSERT_TRUE(rv);
225
226 ASSERT_EQ(crypto_suite, expected_crypto_suite);
227 } else {
228 ASSERT_FALSE(rv);
229 }
230 }
231 }
232
CheckSsl(int expected_cipher)233 void CheckSsl(int expected_cipher) {
234 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
235 channels_.begin(); it != channels_.end(); ++it) {
236 int cipher;
237
238 bool rv = (*it)->GetSslCipherSuite(&cipher);
239 if (negotiated_dtls_ && expected_cipher) {
240 ASSERT_TRUE(rv);
241
242 ASSERT_EQ(cipher, expected_cipher);
243 } else {
244 ASSERT_FALSE(rv);
245 }
246 }
247 }
248
SendPackets(size_t channel,size_t size,size_t count,bool srtp)249 void SendPackets(size_t channel, size_t size, size_t count, bool srtp) {
250 ASSERT(channel < channels_.size());
251 rtc::scoped_ptr<char[]> packet(new char[size]);
252 size_t sent = 0;
253 do {
254 // Fill the packet with a known value and a sequence number to check
255 // against, and make sure that it doesn't look like DTLS.
256 memset(packet.get(), sent & 0xff, size);
257 packet[0] = (srtp) ? 0x80 : 0x00;
258 rtc::SetBE32(packet.get() + kPacketNumOffset,
259 static_cast<uint32_t>(sent));
260
261 // Only set the bypass flag if we've activated DTLS.
262 int flags = (certificate_ && srtp) ? cricket::PF_SRTP_BYPASS : 0;
263 rtc::PacketOptions packet_options;
264 packet_options.packet_id = kFakePacketId;
265 int rv = channels_[channel]->SendPacket(
266 packet.get(), size, packet_options, flags);
267 ASSERT_GT(rv, 0);
268 ASSERT_EQ(size, static_cast<size_t>(rv));
269 ++sent;
270 } while (sent < count);
271 }
272
SendInvalidSrtpPacket(size_t channel,size_t size)273 int SendInvalidSrtpPacket(size_t channel, size_t size) {
274 ASSERT(channel < channels_.size());
275 rtc::scoped_ptr<char[]> packet(new char[size]);
276 // Fill the packet with 0 to form an invalid SRTP packet.
277 memset(packet.get(), 0, size);
278
279 rtc::PacketOptions packet_options;
280 return channels_[channel]->SendPacket(
281 packet.get(), size, packet_options, cricket::PF_SRTP_BYPASS);
282 }
283
ExpectPackets(size_t channel,size_t size)284 void ExpectPackets(size_t channel, size_t size) {
285 packet_size_ = size;
286 received_.clear();
287 }
288
NumPacketsReceived()289 size_t NumPacketsReceived() {
290 return received_.size();
291 }
292
VerifyPacket(const char * data,size_t size,uint32_t * out_num)293 bool VerifyPacket(const char* data, size_t size, uint32_t* out_num) {
294 if (size != packet_size_ ||
295 (data[0] != 0 && static_cast<uint8_t>(data[0]) != 0x80)) {
296 return false;
297 }
298 uint32_t packet_num = rtc::GetBE32(data + kPacketNumOffset);
299 for (size_t i = kPacketHeaderLen; i < size; ++i) {
300 if (static_cast<uint8_t>(data[i]) != (packet_num & 0xff)) {
301 return false;
302 }
303 }
304 if (out_num) {
305 *out_num = packet_num;
306 }
307 return true;
308 }
VerifyEncryptedPacket(const char * data,size_t size)309 bool VerifyEncryptedPacket(const char* data, size_t size) {
310 // This is an encrypted data packet; let's make sure it's mostly random;
311 // less than 10% of the bytes should be equal to the cleartext packet.
312 if (size <= packet_size_) {
313 return false;
314 }
315 uint32_t packet_num = rtc::GetBE32(data + kPacketNumOffset);
316 int num_matches = 0;
317 for (size_t i = kPacketNumOffset; i < size; ++i) {
318 if (static_cast<uint8_t>(data[i]) == (packet_num & 0xff)) {
319 ++num_matches;
320 }
321 }
322 return (num_matches < ((static_cast<int>(size) - 5) / 10));
323 }
324
325 // Transport channel callbacks
OnTransportChannelWritableState(cricket::TransportChannel * channel)326 void OnTransportChannelWritableState(cricket::TransportChannel* channel) {
327 LOG(LS_INFO) << name_ << ": Channel '" << channel->component()
328 << "' is writable";
329 }
330
OnTransportChannelReadPacket(cricket::TransportChannel * channel,const char * data,size_t size,const rtc::PacketTime & packet_time,int flags)331 void OnTransportChannelReadPacket(cricket::TransportChannel* channel,
332 const char* data, size_t size,
333 const rtc::PacketTime& packet_time,
334 int flags) {
335 uint32_t packet_num = 0;
336 ASSERT_TRUE(VerifyPacket(data, size, &packet_num));
337 received_.insert(packet_num);
338 // Only DTLS-SRTP packets should have the bypass flag set.
339 int expected_flags =
340 (certificate_ && IsRtpLeadByte(data[0])) ? cricket::PF_SRTP_BYPASS : 0;
341 ASSERT_EQ(expected_flags, flags);
342 }
343
OnTransportChannelSentPacket(cricket::TransportChannel * channel,const rtc::SentPacket & sent_packet)344 void OnTransportChannelSentPacket(cricket::TransportChannel* channel,
345 const rtc::SentPacket& sent_packet) {
346 sent_packet_ = sent_packet;
347 }
348
sent_packet() const349 rtc::SentPacket sent_packet() const { return sent_packet_; }
350
351 // Hook into the raw packet stream to make sure DTLS packets are encrypted.
OnFakeTransportChannelReadPacket(cricket::TransportChannel * channel,const char * data,size_t size,const rtc::PacketTime & time,int flags)352 void OnFakeTransportChannelReadPacket(cricket::TransportChannel* channel,
353 const char* data, size_t size,
354 const rtc::PacketTime& time,
355 int flags) {
356 // Flags shouldn't be set on the underlying TransportChannel packets.
357 ASSERT_EQ(0, flags);
358
359 // Look at the handshake packets to see what role we played.
360 // Check that non-handshake packets are DTLS data or SRTP bypass.
361 if (negotiated_dtls_) {
362 if (data[0] == 22 && size > 17) {
363 if (data[13] == 1) {
364 received_dtls_client_hello_ = true;
365 } else if (data[13] == 2) {
366 received_dtls_server_hello_ = true;
367 }
368 } else if (!(data[0] >= 20 && data[0] <= 22)) {
369 ASSERT_TRUE(data[0] == 23 || IsRtpLeadByte(data[0]));
370 if (data[0] == 23) {
371 ASSERT_TRUE(VerifyEncryptedPacket(data, size));
372 } else if (IsRtpLeadByte(data[0])) {
373 ASSERT_TRUE(VerifyPacket(data, size, NULL));
374 }
375 }
376 }
377 }
378
379 private:
380 std::string name_;
381 rtc::scoped_refptr<rtc::RTCCertificate> certificate_;
382 rtc::scoped_ptr<cricket::FakeTransport> transport_;
383 std::vector<cricket::DtlsTransportChannelWrapper*> channels_;
384 size_t packet_size_;
385 std::set<int> received_;
386 bool use_dtls_srtp_;
387 rtc::SSLProtocolVersion ssl_max_version_;
388 bool negotiated_dtls_;
389 bool received_dtls_client_hello_;
390 bool received_dtls_server_hello_;
391 rtc::SentPacket sent_packet_;
392 };
393
394
395 class DtlsTransportChannelTest : public testing::Test {
396 public:
DtlsTransportChannelTest()397 DtlsTransportChannelTest()
398 : client1_("P1"),
399 client2_("P2"),
400 channel_ct_(1),
401 use_dtls_(false),
402 use_dtls_srtp_(false),
403 ssl_expected_version_(rtc::SSL_PROTOCOL_DTLS_12) {}
404
SetChannelCount(size_t channel_ct)405 void SetChannelCount(size_t channel_ct) {
406 channel_ct_ = static_cast<int>(channel_ct);
407 }
SetMaxProtocolVersions(rtc::SSLProtocolVersion c1,rtc::SSLProtocolVersion c2)408 void SetMaxProtocolVersions(rtc::SSLProtocolVersion c1,
409 rtc::SSLProtocolVersion c2) {
410 client1_.SetupMaxProtocolVersion(c1);
411 client2_.SetupMaxProtocolVersion(c2);
412 ssl_expected_version_ = std::min(c1, c2);
413 }
PrepareDtls(bool c1,bool c2,rtc::KeyType key_type)414 void PrepareDtls(bool c1, bool c2, rtc::KeyType key_type) {
415 if (c1) {
416 client1_.CreateCertificate(key_type);
417 }
418 if (c2) {
419 client2_.CreateCertificate(key_type);
420 }
421 if (c1 && c2)
422 use_dtls_ = true;
423 }
PrepareDtlsSrtp(bool c1,bool c2)424 void PrepareDtlsSrtp(bool c1, bool c2) {
425 if (!use_dtls_)
426 return;
427
428 if (c1)
429 client1_.SetupSrtp();
430 if (c2)
431 client2_.SetupSrtp();
432
433 if (c1 && c2)
434 use_dtls_srtp_ = true;
435 }
436
Connect(ConnectionRole client1_role,ConnectionRole client2_role)437 bool Connect(ConnectionRole client1_role, ConnectionRole client2_role) {
438 Negotiate(client1_role, client2_role);
439
440 bool rv = client1_.Connect(&client2_);
441 EXPECT_TRUE(rv);
442 if (!rv)
443 return false;
444
445 EXPECT_TRUE_WAIT(
446 client1_.all_channels_writable() && client2_.all_channels_writable(),
447 10000);
448 if (!client1_.all_channels_writable() || !client2_.all_channels_writable())
449 return false;
450
451 // Check that we used the right roles.
452 if (use_dtls_) {
453 rtc::SSLRole client1_ssl_role =
454 (client1_role == cricket::CONNECTIONROLE_ACTIVE ||
455 (client2_role == cricket::CONNECTIONROLE_PASSIVE &&
456 client1_role == cricket::CONNECTIONROLE_ACTPASS)) ?
457 rtc::SSL_CLIENT : rtc::SSL_SERVER;
458
459 rtc::SSLRole client2_ssl_role =
460 (client2_role == cricket::CONNECTIONROLE_ACTIVE ||
461 (client1_role == cricket::CONNECTIONROLE_PASSIVE &&
462 client2_role == cricket::CONNECTIONROLE_ACTPASS)) ?
463 rtc::SSL_CLIENT : rtc::SSL_SERVER;
464
465 client1_.CheckRole(client1_ssl_role);
466 client2_.CheckRole(client2_ssl_role);
467 }
468
469 // Check that we negotiated the right ciphers.
470 if (use_dtls_srtp_) {
471 client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
472 client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
473 } else {
474 client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
475 client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
476 }
477 client1_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
478 ssl_expected_version_, rtc::KT_DEFAULT));
479 client2_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
480 ssl_expected_version_, rtc::KT_DEFAULT));
481
482 return true;
483 }
484
Connect()485 bool Connect() {
486 // By default, Client1 will be Server and Client2 will be Client.
487 return Connect(cricket::CONNECTIONROLE_ACTPASS,
488 cricket::CONNECTIONROLE_ACTIVE);
489 }
490
Negotiate()491 void Negotiate() {
492 Negotiate(cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE);
493 }
494
Negotiate(ConnectionRole client1_role,ConnectionRole client2_role)495 void Negotiate(ConnectionRole client1_role, ConnectionRole client2_role) {
496 client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
497 client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
498 // Expect success from SLTD and SRTD.
499 client1_.Negotiate(&client2_, cricket::CA_OFFER,
500 client1_role, client2_role, 0);
501 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
502 client2_role, client1_role, 0);
503 }
504
505 // Negotiate with legacy client |client2|. Legacy client doesn't use setup
506 // attributes, except NONE.
NegotiateWithLegacy()507 void NegotiateWithLegacy() {
508 client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
509 client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
510 // Expect success from SLTD and SRTD.
511 client1_.Negotiate(&client2_, cricket::CA_OFFER,
512 cricket::CONNECTIONROLE_ACTPASS,
513 cricket::CONNECTIONROLE_NONE, 0);
514 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
515 cricket::CONNECTIONROLE_ACTIVE,
516 cricket::CONNECTIONROLE_NONE, 0);
517 }
518
Renegotiate(DtlsTestClient * reoffer_initiator,ConnectionRole client1_role,ConnectionRole client2_role,int flags)519 void Renegotiate(DtlsTestClient* reoffer_initiator,
520 ConnectionRole client1_role, ConnectionRole client2_role,
521 int flags) {
522 if (reoffer_initiator == &client1_) {
523 client1_.Negotiate(&client2_, cricket::CA_OFFER,
524 client1_role, client2_role, flags);
525 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
526 client2_role, client1_role, flags);
527 } else {
528 client2_.Negotiate(&client1_, cricket::CA_OFFER,
529 client2_role, client1_role, flags);
530 client1_.Negotiate(&client2_, cricket::CA_ANSWER,
531 client1_role, client2_role, flags);
532 }
533 }
534
TestTransfer(size_t channel,size_t size,size_t count,bool srtp)535 void TestTransfer(size_t channel, size_t size, size_t count, bool srtp) {
536 LOG(LS_INFO) << "Expect packets, size=" << size;
537 client2_.ExpectPackets(channel, size);
538 client1_.SendPackets(channel, size, count, srtp);
539 EXPECT_EQ_WAIT(count, client2_.NumPacketsReceived(), 10000);
540 }
541
542 protected:
543 DtlsTestClient client1_;
544 DtlsTestClient client2_;
545 int channel_ct_;
546 bool use_dtls_;
547 bool use_dtls_srtp_;
548 rtc::SSLProtocolVersion ssl_expected_version_;
549 };
550
551 // Test that transport negotiation of ICE, no DTLS works properly.
TEST_F(DtlsTransportChannelTest,TestChannelSetupIce)552 TEST_F(DtlsTransportChannelTest, TestChannelSetupIce) {
553 Negotiate();
554 cricket::FakeTransportChannel* channel1 = client1_.GetFakeChannel(0);
555 cricket::FakeTransportChannel* channel2 = client2_.GetFakeChannel(0);
556 ASSERT_TRUE(channel1 != NULL);
557 ASSERT_TRUE(channel2 != NULL);
558 EXPECT_EQ(cricket::ICEROLE_CONTROLLING, channel1->GetIceRole());
559 EXPECT_EQ(1U, channel1->IceTiebreaker());
560 EXPECT_EQ(kIceUfrag1, channel1->ice_ufrag());
561 EXPECT_EQ(kIcePwd1, channel1->ice_pwd());
562 EXPECT_EQ(cricket::ICEROLE_CONTROLLED, channel2->GetIceRole());
563 EXPECT_EQ(2U, channel2->IceTiebreaker());
564 }
565
566 // Connect without DTLS, and transfer some data.
TEST_F(DtlsTransportChannelTest,TestTransfer)567 TEST_F(DtlsTransportChannelTest, TestTransfer) {
568 ASSERT_TRUE(Connect());
569 TestTransfer(0, 1000, 100, false);
570 }
571
572 // Connect without DTLS, and transfer some data.
TEST_F(DtlsTransportChannelTest,TestOnSentPacket)573 TEST_F(DtlsTransportChannelTest, TestOnSentPacket) {
574 ASSERT_TRUE(Connect());
575 EXPECT_EQ(client1_.sent_packet().send_time_ms, -1);
576 TestTransfer(0, 1000, 100, false);
577 EXPECT_EQ(kFakePacketId, client1_.sent_packet().packet_id);
578 EXPECT_GE(client1_.sent_packet().send_time_ms, 0);
579 }
580
581 // Create two channels without DTLS, and transfer some data.
TEST_F(DtlsTransportChannelTest,TestTransferTwoChannels)582 TEST_F(DtlsTransportChannelTest, TestTransferTwoChannels) {
583 SetChannelCount(2);
584 ASSERT_TRUE(Connect());
585 TestTransfer(0, 1000, 100, false);
586 TestTransfer(1, 1000, 100, false);
587 }
588
589 // Connect without DTLS, and transfer SRTP data.
TEST_F(DtlsTransportChannelTest,TestTransferSrtp)590 TEST_F(DtlsTransportChannelTest, TestTransferSrtp) {
591 ASSERT_TRUE(Connect());
592 TestTransfer(0, 1000, 100, true);
593 }
594
595 // Create two channels without DTLS, and transfer SRTP data.
TEST_F(DtlsTransportChannelTest,TestTransferSrtpTwoChannels)596 TEST_F(DtlsTransportChannelTest, TestTransferSrtpTwoChannels) {
597 SetChannelCount(2);
598 ASSERT_TRUE(Connect());
599 TestTransfer(0, 1000, 100, true);
600 TestTransfer(1, 1000, 100, true);
601 }
602
603 #if defined(MEMORY_SANITIZER)
604 // Fails under MemorySanitizer:
605 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
606 #define MAYBE_TestTransferDtls DISABLED_TestTransferDtls
607 #else
608 #define MAYBE_TestTransferDtls TestTransferDtls
609 #endif
610 // Connect with DTLS, and transfer some data.
TEST_F(DtlsTransportChannelTest,MAYBE_TestTransferDtls)611 TEST_F(DtlsTransportChannelTest, MAYBE_TestTransferDtls) {
612 MAYBE_SKIP_TEST(HaveDtls);
613 PrepareDtls(true, true, rtc::KT_DEFAULT);
614 ASSERT_TRUE(Connect());
615 TestTransfer(0, 1000, 100, false);
616 }
617
618 #if defined(MEMORY_SANITIZER)
619 // Fails under MemorySanitizer:
620 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
621 #define MAYBE_TestTransferDtlsTwoChannels DISABLED_TestTransferDtlsTwoChannels
622 #else
623 #define MAYBE_TestTransferDtlsTwoChannels TestTransferDtlsTwoChannels
624 #endif
625 // Create two channels with DTLS, and transfer some data.
TEST_F(DtlsTransportChannelTest,MAYBE_TestTransferDtlsTwoChannels)626 TEST_F(DtlsTransportChannelTest, MAYBE_TestTransferDtlsTwoChannels) {
627 MAYBE_SKIP_TEST(HaveDtls);
628 SetChannelCount(2);
629 PrepareDtls(true, true, rtc::KT_DEFAULT);
630 ASSERT_TRUE(Connect());
631 TestTransfer(0, 1000, 100, false);
632 TestTransfer(1, 1000, 100, false);
633 }
634
635 // Connect with A doing DTLS and B not, and transfer some data.
TEST_F(DtlsTransportChannelTest,TestTransferDtlsRejected)636 TEST_F(DtlsTransportChannelTest, TestTransferDtlsRejected) {
637 PrepareDtls(true, false, rtc::KT_DEFAULT);
638 ASSERT_TRUE(Connect());
639 TestTransfer(0, 1000, 100, false);
640 }
641
642 // Connect with B doing DTLS and A not, and transfer some data.
TEST_F(DtlsTransportChannelTest,TestTransferDtlsNotOffered)643 TEST_F(DtlsTransportChannelTest, TestTransferDtlsNotOffered) {
644 PrepareDtls(false, true, rtc::KT_DEFAULT);
645 ASSERT_TRUE(Connect());
646 TestTransfer(0, 1000, 100, false);
647 }
648
649 // Create two channels with DTLS 1.0 and check ciphers.
TEST_F(DtlsTransportChannelTest,TestDtls12None)650 TEST_F(DtlsTransportChannelTest, TestDtls12None) {
651 MAYBE_SKIP_TEST(HaveDtls);
652 SetChannelCount(2);
653 PrepareDtls(true, true, rtc::KT_DEFAULT);
654 SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
655 ASSERT_TRUE(Connect());
656 }
657
658 #if defined(MEMORY_SANITIZER)
659 // Fails under MemorySanitizer:
660 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
661 #define MAYBE_TestDtls12Both DISABLED_TestDtls12Both
662 #else
663 #define MAYBE_TestDtls12Both TestDtls12Both
664 #endif
665 // Create two channels with DTLS 1.2 and check ciphers.
TEST_F(DtlsTransportChannelTest,MAYBE_TestDtls12Both)666 TEST_F(DtlsTransportChannelTest, MAYBE_TestDtls12Both) {
667 MAYBE_SKIP_TEST(HaveDtls);
668 SetChannelCount(2);
669 PrepareDtls(true, true, rtc::KT_DEFAULT);
670 SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
671 ASSERT_TRUE(Connect());
672 }
673
674 // Create two channels with DTLS 1.0 / DTLS 1.2 and check ciphers.
TEST_F(DtlsTransportChannelTest,TestDtls12Client1)675 TEST_F(DtlsTransportChannelTest, TestDtls12Client1) {
676 MAYBE_SKIP_TEST(HaveDtls);
677 SetChannelCount(2);
678 PrepareDtls(true, true, rtc::KT_DEFAULT);
679 SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
680 ASSERT_TRUE(Connect());
681 }
682
683 // Create two channels with DTLS 1.2 / DTLS 1.0 and check ciphers.
TEST_F(DtlsTransportChannelTest,TestDtls12Client2)684 TEST_F(DtlsTransportChannelTest, TestDtls12Client2) {
685 MAYBE_SKIP_TEST(HaveDtls);
686 SetChannelCount(2);
687 PrepareDtls(true, true, rtc::KT_DEFAULT);
688 SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
689 ASSERT_TRUE(Connect());
690 }
691
692 #if defined(MEMORY_SANITIZER)
693 // Fails under MemorySanitizer:
694 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
695 #define MAYBE_TestTransferDtlsSrtp DISABLED_TestTransferDtlsSrtp
696 #else
697 #define MAYBE_TestTransferDtlsSrtp TestTransferDtlsSrtp
698 #endif
699 // Connect with DTLS, negotiate DTLS-SRTP, and transfer SRTP using bypass.
TEST_F(DtlsTransportChannelTest,MAYBE_TestTransferDtlsSrtp)700 TEST_F(DtlsTransportChannelTest, MAYBE_TestTransferDtlsSrtp) {
701 MAYBE_SKIP_TEST(HaveDtlsSrtp);
702 PrepareDtls(true, true, rtc::KT_DEFAULT);
703 PrepareDtlsSrtp(true, true);
704 ASSERT_TRUE(Connect());
705 TestTransfer(0, 1000, 100, true);
706 }
707
708 #if defined(MEMORY_SANITIZER)
709 // Fails under MemorySanitizer:
710 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
711 #define MAYBE_TestTransferDtlsInvalidSrtpPacket \
712 DISABLED_TestTransferDtlsInvalidSrtpPacket
713 #else
714 #define MAYBE_TestTransferDtlsInvalidSrtpPacket \
715 TestTransferDtlsInvalidSrtpPacket
716 #endif
717 // Connect with DTLS-SRTP, transfer an invalid SRTP packet, and expects -1
718 // returned.
TEST_F(DtlsTransportChannelTest,MAYBE_TestTransferDtlsInvalidSrtpPacket)719 TEST_F(DtlsTransportChannelTest, MAYBE_TestTransferDtlsInvalidSrtpPacket) {
720 MAYBE_SKIP_TEST(HaveDtls);
721 PrepareDtls(true, true, rtc::KT_DEFAULT);
722 PrepareDtlsSrtp(true, true);
723 ASSERT_TRUE(Connect());
724 int result = client1_.SendInvalidSrtpPacket(0, 100);
725 ASSERT_EQ(-1, result);
726 }
727
728 #if defined(MEMORY_SANITIZER)
729 // Fails under MemorySanitizer:
730 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
731 #define MAYBE_TestTransferDtlsSrtpRejected DISABLED_TestTransferDtlsSrtpRejected
732 #else
733 #define MAYBE_TestTransferDtlsSrtpRejected TestTransferDtlsSrtpRejected
734 #endif
735 // Connect with DTLS. A does DTLS-SRTP but B does not.
TEST_F(DtlsTransportChannelTest,MAYBE_TestTransferDtlsSrtpRejected)736 TEST_F(DtlsTransportChannelTest, MAYBE_TestTransferDtlsSrtpRejected) {
737 MAYBE_SKIP_TEST(HaveDtlsSrtp);
738 PrepareDtls(true, true, rtc::KT_DEFAULT);
739 PrepareDtlsSrtp(true, false);
740 ASSERT_TRUE(Connect());
741 }
742
743 #if defined(MEMORY_SANITIZER)
744 // Fails under MemorySanitizer:
745 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
746 #define MAYBE_TestTransferDtlsSrtpNotOffered \
747 DISABLED_TestTransferDtlsSrtpNotOffered
748 #else
749 #define MAYBE_TestTransferDtlsSrtpNotOffered TestTransferDtlsSrtpNotOffered
750 #endif
751 // Connect with DTLS. B does DTLS-SRTP but A does not.
TEST_F(DtlsTransportChannelTest,MAYBE_TestTransferDtlsSrtpNotOffered)752 TEST_F(DtlsTransportChannelTest, MAYBE_TestTransferDtlsSrtpNotOffered) {
753 MAYBE_SKIP_TEST(HaveDtlsSrtp);
754 PrepareDtls(true, true, rtc::KT_DEFAULT);
755 PrepareDtlsSrtp(false, true);
756 ASSERT_TRUE(Connect());
757 }
758
759 #if defined(MEMORY_SANITIZER)
760 // Fails under MemorySanitizer:
761 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
762 #define MAYBE_TestTransferDtlsSrtpTwoChannels \
763 DISABLED_TestTransferDtlsSrtpTwoChannels
764 #else
765 #define MAYBE_TestTransferDtlsSrtpTwoChannels TestTransferDtlsSrtpTwoChannels
766 #endif
767 // Create two channels with DTLS, negotiate DTLS-SRTP, and transfer bypass SRTP.
TEST_F(DtlsTransportChannelTest,MAYBE_TestTransferDtlsSrtpTwoChannels)768 TEST_F(DtlsTransportChannelTest, MAYBE_TestTransferDtlsSrtpTwoChannels) {
769 MAYBE_SKIP_TEST(HaveDtlsSrtp);
770 SetChannelCount(2);
771 PrepareDtls(true, true, rtc::KT_DEFAULT);
772 PrepareDtlsSrtp(true, true);
773 ASSERT_TRUE(Connect());
774 TestTransfer(0, 1000, 100, true);
775 TestTransfer(1, 1000, 100, true);
776 }
777
778 #if defined(MEMORY_SANITIZER)
779 // Fails under MemorySanitizer:
780 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
781 #define MAYBE_TestTransferDtlsSrtpDemux DISABLED_TestTransferDtlsSrtpDemux
782 #else
783 #define MAYBE_TestTransferDtlsSrtpDemux TestTransferDtlsSrtpDemux
784 #endif
785 // Create a single channel with DTLS, and send normal data and SRTP data on it.
TEST_F(DtlsTransportChannelTest,MAYBE_TestTransferDtlsSrtpDemux)786 TEST_F(DtlsTransportChannelTest, MAYBE_TestTransferDtlsSrtpDemux) {
787 MAYBE_SKIP_TEST(HaveDtlsSrtp);
788 PrepareDtls(true, true, rtc::KT_DEFAULT);
789 PrepareDtlsSrtp(true, true);
790 ASSERT_TRUE(Connect());
791 TestTransfer(0, 1000, 100, false);
792 TestTransfer(0, 1000, 100, true);
793 }
794
795 #if defined(MEMORY_SANITIZER)
796 // Fails under MemorySanitizer:
797 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
798 #define MAYBE_TestTransferDtlsAnswererIsPassive \
799 DISABLED_TestTransferDtlsAnswererIsPassive
800 #else
801 #define MAYBE_TestTransferDtlsAnswererIsPassive \
802 TestTransferDtlsAnswererIsPassive
803 #endif
804 // Testing when the remote is passive.
TEST_F(DtlsTransportChannelTest,MAYBE_TestTransferDtlsAnswererIsPassive)805 TEST_F(DtlsTransportChannelTest, MAYBE_TestTransferDtlsAnswererIsPassive) {
806 MAYBE_SKIP_TEST(HaveDtlsSrtp);
807 SetChannelCount(2);
808 PrepareDtls(true, true, rtc::KT_DEFAULT);
809 PrepareDtlsSrtp(true, true);
810 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
811 cricket::CONNECTIONROLE_PASSIVE));
812 TestTransfer(0, 1000, 100, true);
813 TestTransfer(1, 1000, 100, true);
814 }
815
816 // Testing with the legacy DTLS client which doesn't use setup attribute.
817 // In this case legacy is the answerer.
TEST_F(DtlsTransportChannelTest,TestDtlsSetupWithLegacyAsAnswerer)818 TEST_F(DtlsTransportChannelTest, TestDtlsSetupWithLegacyAsAnswerer) {
819 MAYBE_SKIP_TEST(HaveDtlsSrtp);
820 PrepareDtls(true, true, rtc::KT_DEFAULT);
821 NegotiateWithLegacy();
822 rtc::SSLRole channel1_role;
823 rtc::SSLRole channel2_role;
824 EXPECT_TRUE(client1_.transport()->GetSslRole(&channel1_role));
825 EXPECT_TRUE(client2_.transport()->GetSslRole(&channel2_role));
826 EXPECT_EQ(rtc::SSL_SERVER, channel1_role);
827 EXPECT_EQ(rtc::SSL_CLIENT, channel2_role);
828 }
829
830 #if defined(MEMORY_SANITIZER)
831 // Fails under MemorySanitizer:
832 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
833 #define MAYBE_TestDtlsReOfferFromOfferer DISABLED_TestDtlsReOfferFromOfferer
834 #else
835 #define MAYBE_TestDtlsReOfferFromOfferer TestDtlsReOfferFromOfferer
836 #endif
837 // Testing re offer/answer after the session is estbalished. Roles will be
838 // kept same as of the previous negotiation.
TEST_F(DtlsTransportChannelTest,MAYBE_TestDtlsReOfferFromOfferer)839 TEST_F(DtlsTransportChannelTest, MAYBE_TestDtlsReOfferFromOfferer) {
840 MAYBE_SKIP_TEST(HaveDtlsSrtp);
841 SetChannelCount(2);
842 PrepareDtls(true, true, rtc::KT_DEFAULT);
843 PrepareDtlsSrtp(true, true);
844 // Initial role for client1 is ACTPASS and client2 is ACTIVE.
845 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
846 cricket::CONNECTIONROLE_ACTIVE));
847 TestTransfer(0, 1000, 100, true);
848 TestTransfer(1, 1000, 100, true);
849 // Using input roles for the re-offer.
850 Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS,
851 cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER);
852 TestTransfer(0, 1000, 100, true);
853 TestTransfer(1, 1000, 100, true);
854 }
855
856 #if defined(MEMORY_SANITIZER)
857 // Fails under MemorySanitizer:
858 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
859 #define MAYBE_TestDtlsReOfferFromAnswerer DISABLED_TestDtlsReOfferFromAnswerer
860 #else
861 #define MAYBE_TestDtlsReOfferFromAnswerer TestDtlsReOfferFromAnswerer
862 #endif
TEST_F(DtlsTransportChannelTest,MAYBE_TestDtlsReOfferFromAnswerer)863 TEST_F(DtlsTransportChannelTest, MAYBE_TestDtlsReOfferFromAnswerer) {
864 MAYBE_SKIP_TEST(HaveDtlsSrtp);
865 SetChannelCount(2);
866 PrepareDtls(true, true, rtc::KT_DEFAULT);
867 PrepareDtlsSrtp(true, true);
868 // Initial role for client1 is ACTPASS and client2 is ACTIVE.
869 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
870 cricket::CONNECTIONROLE_ACTIVE));
871 TestTransfer(0, 1000, 100, true);
872 TestTransfer(1, 1000, 100, true);
873 // Using input roles for the re-offer.
874 Renegotiate(&client2_, cricket::CONNECTIONROLE_PASSIVE,
875 cricket::CONNECTIONROLE_ACTPASS, NF_REOFFER);
876 TestTransfer(0, 1000, 100, true);
877 TestTransfer(1, 1000, 100, true);
878 }
879
880 #if defined(MEMORY_SANITIZER)
881 // Fails under MemorySanitizer:
882 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
883 #define MAYBE_TestDtlsRoleReversal DISABLED_TestDtlsRoleReversal
884 #else
885 #define MAYBE_TestDtlsRoleReversal TestDtlsRoleReversal
886 #endif
887 // Test that any change in role after the intial setup will result in failure.
TEST_F(DtlsTransportChannelTest,MAYBE_TestDtlsRoleReversal)888 TEST_F(DtlsTransportChannelTest, MAYBE_TestDtlsRoleReversal) {
889 MAYBE_SKIP_TEST(HaveDtlsSrtp);
890 SetChannelCount(2);
891 PrepareDtls(true, true, rtc::KT_DEFAULT);
892 PrepareDtlsSrtp(true, true);
893 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
894 cricket::CONNECTIONROLE_PASSIVE));
895
896 // Renegotiate from client2 with actpass and client1 as active.
897 Renegotiate(&client2_, cricket::CONNECTIONROLE_ACTPASS,
898 cricket::CONNECTIONROLE_ACTIVE,
899 NF_REOFFER | NF_EXPECT_FAILURE);
900 }
901
902 #if defined(MEMORY_SANITIZER)
903 // Fails under MemorySanitizer:
904 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
905 #define MAYBE_TestDtlsReOfferWithDifferentSetupAttr \
906 DISABLED_TestDtlsReOfferWithDifferentSetupAttr
907 #else
908 #define MAYBE_TestDtlsReOfferWithDifferentSetupAttr \
909 TestDtlsReOfferWithDifferentSetupAttr
910 #endif
911 // Test that using different setup attributes which results in similar ssl
912 // role as the initial negotiation will result in success.
TEST_F(DtlsTransportChannelTest,MAYBE_TestDtlsReOfferWithDifferentSetupAttr)913 TEST_F(DtlsTransportChannelTest, MAYBE_TestDtlsReOfferWithDifferentSetupAttr) {
914 MAYBE_SKIP_TEST(HaveDtlsSrtp);
915 SetChannelCount(2);
916 PrepareDtls(true, true, rtc::KT_DEFAULT);
917 PrepareDtlsSrtp(true, true);
918 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
919 cricket::CONNECTIONROLE_PASSIVE));
920 // Renegotiate from client2 with actpass and client1 as active.
921 Renegotiate(&client2_, cricket::CONNECTIONROLE_ACTIVE,
922 cricket::CONNECTIONROLE_ACTPASS, NF_REOFFER);
923 TestTransfer(0, 1000, 100, true);
924 TestTransfer(1, 1000, 100, true);
925 }
926
927 // Test that re-negotiation can be started before the clients become connected
928 // in the first negotiation.
TEST_F(DtlsTransportChannelTest,TestRenegotiateBeforeConnect)929 TEST_F(DtlsTransportChannelTest, TestRenegotiateBeforeConnect) {
930 MAYBE_SKIP_TEST(HaveDtlsSrtp);
931 SetChannelCount(2);
932 PrepareDtls(true, true, rtc::KT_DEFAULT);
933 PrepareDtlsSrtp(true, true);
934 Negotiate();
935
936 Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS,
937 cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER);
938 bool rv = client1_.Connect(&client2_);
939 EXPECT_TRUE(rv);
940 EXPECT_TRUE_WAIT(
941 client1_.all_channels_writable() && client2_.all_channels_writable(),
942 10000);
943
944 TestTransfer(0, 1000, 100, true);
945 TestTransfer(1, 1000, 100, true);
946 }
947
948 // Test Certificates state after negotiation but before connection.
TEST_F(DtlsTransportChannelTest,TestCertificatesBeforeConnect)949 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
950 MAYBE_SKIP_TEST(HaveDtls);
951 PrepareDtls(true, true, rtc::KT_DEFAULT);
952 Negotiate();
953
954 rtc::scoped_refptr<rtc::RTCCertificate> certificate1;
955 rtc::scoped_refptr<rtc::RTCCertificate> certificate2;
956 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1;
957 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2;
958
959 // After negotiation, each side has a distinct local certificate, but still no
960 // remote certificate, because connection has not yet occurred.
961 ASSERT_TRUE(client1_.transport()->GetLocalCertificate(&certificate1));
962 ASSERT_TRUE(client2_.transport()->GetLocalCertificate(&certificate2));
963 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(),
964 certificate2->ssl_certificate().ToPEMString());
965 ASSERT_FALSE(
966 client1_.transport()->GetRemoteSSLCertificate(remote_cert1.accept()));
967 ASSERT_FALSE(remote_cert1 != NULL);
968 ASSERT_FALSE(
969 client2_.transport()->GetRemoteSSLCertificate(remote_cert2.accept()));
970 ASSERT_FALSE(remote_cert2 != NULL);
971 }
972
973 #if defined(MEMORY_SANITIZER)
974 // Fails under MemorySanitizer:
975 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
976 #define MAYBE_TestCertificatesAfterConnect DISABLED_TestCertificatesAfterConnect
977 #else
978 #define MAYBE_TestCertificatesAfterConnect TestCertificatesAfterConnect
979 #endif
980 // Test Certificates state after connection.
TEST_F(DtlsTransportChannelTest,MAYBE_TestCertificatesAfterConnect)981 TEST_F(DtlsTransportChannelTest, MAYBE_TestCertificatesAfterConnect) {
982 MAYBE_SKIP_TEST(HaveDtls);
983 PrepareDtls(true, true, rtc::KT_DEFAULT);
984 ASSERT_TRUE(Connect());
985
986 rtc::scoped_refptr<rtc::RTCCertificate> certificate1;
987 rtc::scoped_refptr<rtc::RTCCertificate> certificate2;
988 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1;
989 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2;
990
991 // After connection, each side has a distinct local certificate.
992 ASSERT_TRUE(client1_.transport()->GetLocalCertificate(&certificate1));
993 ASSERT_TRUE(client2_.transport()->GetLocalCertificate(&certificate2));
994 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(),
995 certificate2->ssl_certificate().ToPEMString());
996
997 // Each side's remote certificate is the other side's local certificate.
998 ASSERT_TRUE(
999 client1_.transport()->GetRemoteSSLCertificate(remote_cert1.accept()));
1000 ASSERT_EQ(remote_cert1->ToPEMString(),
1001 certificate2->ssl_certificate().ToPEMString());
1002 ASSERT_TRUE(
1003 client2_.transport()->GetRemoteSSLCertificate(remote_cert2.accept()));
1004 ASSERT_EQ(remote_cert2->ToPEMString(),
1005 certificate1->ssl_certificate().ToPEMString());
1006 }
1007