1 /* 2 * libjingle 3 * Copyright 2004 Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include "talk/base/byteorder.h" 29 #include "talk/base/gunit.h" 30 #include "talk/base/thread.h" 31 #include "talk/media/base/cryptoparams.h" 32 #include "talk/media/base/fakertp.h" 33 #include "talk/p2p/base/sessiondescription.h" 34 #include "talk/session/media/srtpfilter.h" 35 #ifdef SRTP_RELATIVE_PATH 36 #include "crypto/include/err.h" 37 #else 38 #include "third_party/libsrtp/crypto/include/err.h" 39 #endif 40 41 using cricket::CS_AES_CM_128_HMAC_SHA1_80; 42 using cricket::CS_AES_CM_128_HMAC_SHA1_32; 43 using cricket::CryptoParams; 44 using cricket::CS_LOCAL; 45 using cricket::CS_REMOTE; 46 47 static const uint8 kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; 48 static const uint8 kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; 49 static const int kTestKeyLen = 30; 50 static const std::string kTestKeyParams1 = 51 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; 52 static const std::string kTestKeyParams2 = 53 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; 54 static const std::string kTestKeyParams3 = 55 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; 56 static const std::string kTestKeyParams4 = 57 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; 58 static const cricket::CryptoParams kTestCryptoParams1( 59 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams1, ""); 60 static const cricket::CryptoParams kTestCryptoParams2( 61 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams2, ""); 62 63 static int rtp_auth_tag_len(const std::string& cs) { 64 return (cs == CS_AES_CM_128_HMAC_SHA1_32) ? 4 : 10; 65 } 66 static int rtcp_auth_tag_len(const std::string& cs) { 67 return 10; 68 } 69 70 class SrtpFilterTest : public testing::Test { 71 protected: 72 SrtpFilterTest() 73 // Need to initialize |sequence_number_|, the value does not matter. 74 : sequence_number_(1) { 75 } 76 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { 77 std::vector<CryptoParams> vec; 78 vec.push_back(params); 79 return vec; 80 } 81 void TestSetParams(const std::vector<CryptoParams>& params1, 82 const std::vector<CryptoParams>& params2) { 83 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); 84 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); 85 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); 86 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); 87 EXPECT_TRUE(f1_.IsActive()); 88 } 89 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { 90 char rtp_packet[sizeof(kPcmuFrame) + 10]; 91 char original_rtp_packet[sizeof(kPcmuFrame)]; 92 char rtcp_packet[sizeof(kRtcpReport) + 4 + 10]; 93 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; 94 memcpy(rtp_packet, kPcmuFrame, rtp_len); 95 // In order to be able to run this test function multiple times we can not 96 // use the same sequence number twice. Increase the sequence number by one. 97 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet) + 2, 98 ++sequence_number_); 99 memcpy(original_rtp_packet, rtp_packet, rtp_len); 100 memcpy(rtcp_packet, kRtcpReport, rtcp_len); 101 102 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, 103 sizeof(rtp_packet), &out_len)); 104 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); 105 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); 106 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); 107 EXPECT_EQ(rtp_len, out_len); 108 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); 109 110 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, 111 sizeof(rtp_packet), &out_len)); 112 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); 113 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); 114 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); 115 EXPECT_EQ(rtp_len, out_len); 116 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); 117 118 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, 119 sizeof(rtcp_packet), &out_len)); 120 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT 121 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); 122 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); 123 EXPECT_EQ(rtcp_len, out_len); 124 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); 125 126 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len, 127 sizeof(rtcp_packet), &out_len)); 128 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT 129 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); 130 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); 131 EXPECT_EQ(rtcp_len, out_len); 132 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); 133 } 134 cricket::SrtpFilter f1_; 135 cricket::SrtpFilter f2_; 136 int sequence_number_; 137 }; 138 139 // Test that we can set up the session and keys properly. 140 TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) { 141 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 142 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 143 EXPECT_TRUE(f1_.IsActive()); 144 } 145 146 // Test that we can set up things with multiple params. 147 TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) { 148 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 149 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 150 offer.push_back(kTestCryptoParams1); 151 offer[1].tag = 2; 152 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 153 answer[0].tag = 2; 154 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 155 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 156 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 157 EXPECT_TRUE(f1_.IsActive()); 158 } 159 160 // Test that we handle the cases where crypto is not desired. 161 TEST_F(SrtpFilterTest, TestGoodSetupNoCipherSuites) { 162 std::vector<CryptoParams> offer, answer; 163 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 164 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 165 EXPECT_FALSE(f1_.IsActive()); 166 } 167 168 // Test that we handle the cases where crypto is not desired by the remote side. 169 TEST_F(SrtpFilterTest, TestGoodSetupNoAnswerCipherSuites) { 170 std::vector<CryptoParams> answer; 171 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 172 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 173 EXPECT_FALSE(f1_.IsActive()); 174 } 175 176 // Test that we fail if we call the functions the wrong way. 177 TEST_F(SrtpFilterTest, TestBadSetup) { 178 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 179 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 180 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL)); 181 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 182 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 183 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL)); 184 EXPECT_FALSE(f1_.IsActive()); 185 } 186 187 // Test that we can set offer multiple times from the same source. 188 TEST_F(SrtpFilterTest, TestGoodSetupMultipleOffers) { 189 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 190 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 191 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 192 EXPECT_TRUE(f1_.IsActive()); 193 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 194 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 195 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 196 197 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE)); 198 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 199 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 200 EXPECT_TRUE(f2_.IsActive()); 201 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE)); 202 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 203 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 204 } 205 // Test that we can't set offer multiple times from different sources. 206 TEST_F(SrtpFilterTest, TestBadSetupMultipleOffers) { 207 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 208 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 209 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams1), CS_REMOTE)); 210 EXPECT_TRUE(f1_.IsActive()); 211 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 212 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE)); 213 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 214 215 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 216 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 217 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 218 EXPECT_TRUE(f2_.IsActive()); 219 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 220 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 221 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 222 } 223 224 // Test that we fail if we have params in the answer when none were offered. 225 TEST_F(SrtpFilterTest, TestNoAnswerCipherSuites) { 226 std::vector<CryptoParams> offer; 227 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 228 EXPECT_FALSE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 229 EXPECT_FALSE(f1_.IsActive()); 230 } 231 232 // Test that we fail if we have too many params in our answer. 233 TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) { 234 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 235 answer.push_back(kTestCryptoParams2); 236 answer[1].tag = 2; 237 answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 238 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 239 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 240 EXPECT_FALSE(f1_.IsActive()); 241 } 242 243 // Test that we fail if we don't support the cipher-suite. 244 TEST_F(SrtpFilterTest, TestInvalidCipherSuite) { 245 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 246 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 247 offer[0].cipher_suite = answer[0].cipher_suite = "FOO"; 248 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 249 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 250 EXPECT_FALSE(f1_.IsActive()); 251 } 252 253 // Test that we fail if we can't agree on a tag. 254 TEST_F(SrtpFilterTest, TestNoMatchingTag) { 255 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 256 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 257 answer[0].tag = 99; 258 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 259 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 260 EXPECT_FALSE(f1_.IsActive()); 261 } 262 263 // Test that we fail if we can't agree on a cipher-suite. 264 TEST_F(SrtpFilterTest, TestNoMatchingCipherSuite) { 265 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 266 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 267 answer[0].tag = 2; 268 answer[0].cipher_suite = "FOO"; 269 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 270 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 271 EXPECT_FALSE(f1_.IsActive()); 272 } 273 274 // Test that we fail keys with bad base64 content. 275 TEST_F(SrtpFilterTest, TestInvalidKeyData) { 276 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 277 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 278 answer[0].key_params = "inline:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; 279 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 280 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 281 EXPECT_FALSE(f1_.IsActive()); 282 } 283 284 // Test that we fail keys with the wrong key-method. 285 TEST_F(SrtpFilterTest, TestWrongKeyMethod) { 286 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 287 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 288 answer[0].key_params = "outline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; 289 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 290 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 291 EXPECT_FALSE(f1_.IsActive()); 292 } 293 294 // Test that we fail keys of the wrong length. 295 TEST_F(SrtpFilterTest, TestKeyTooShort) { 296 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 297 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 298 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtx"; 299 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 300 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 301 EXPECT_FALSE(f1_.IsActive()); 302 } 303 304 // Test that we fail keys of the wrong length. 305 TEST_F(SrtpFilterTest, TestKeyTooLong) { 306 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 307 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 308 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBRABCD"; 309 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 310 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 311 EXPECT_FALSE(f1_.IsActive()); 312 } 313 314 // Test that we fail keys with lifetime or MKI set (since we don't support) 315 TEST_F(SrtpFilterTest, TestUnsupportedOptions) { 316 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 317 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 318 answer[0].key_params = 319 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4"; 320 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 321 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 322 EXPECT_FALSE(f1_.IsActive()); 323 } 324 325 // Test that we can encrypt/decrypt after setting the same CryptoParams again on 326 // one side. 327 TEST_F(SrtpFilterTest, TestSettingSameKeyOnOneSide) { 328 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 329 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 330 TestSetParams(offer, answer); 331 332 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, 333 CS_AES_CM_128_HMAC_SHA1_80); 334 335 // Re-applying the same keys on one end and it should not reset the ROC. 336 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 337 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 338 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 339 } 340 341 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80. 342 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { 343 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 344 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 345 offer.push_back(kTestCryptoParams1); 346 offer[1].tag = 2; 347 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 348 TestSetParams(offer, answer); 349 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 350 } 351 352 // Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32. 353 TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { 354 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 355 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 356 offer.push_back(kTestCryptoParams1); 357 offer[1].tag = 2; 358 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 359 answer[0].tag = 2; 360 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 361 TestSetParams(offer, answer); 362 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); 363 } 364 365 // Test that we can change encryption parameters. 366 TEST_F(SrtpFilterTest, TestChangeParameters) { 367 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 368 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 369 370 TestSetParams(offer, answer); 371 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 372 373 // Change the key parameters and cipher_suite. 374 offer[0].key_params = kTestKeyParams3; 375 offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 376 answer[0].key_params = kTestKeyParams4; 377 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 378 379 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 380 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 381 EXPECT_TRUE(f1_.IsActive()); 382 EXPECT_TRUE(f1_.IsActive()); 383 384 // Test that the old keys are valid until the negotiation is complete. 385 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 386 387 // Complete the negotiation and test that we can still understand each other. 388 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 389 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 390 391 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); 392 } 393 394 // Test that we can send and receive provisional answers with crypto enabled. 395 // Also test that we can change the crypto. 396 TEST_F(SrtpFilterTest, TestProvisionalAnswer) { 397 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 398 offer.push_back(kTestCryptoParams1); 399 offer[1].tag = 2; 400 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 401 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 402 403 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 404 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 405 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); 406 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); 407 EXPECT_TRUE(f1_.IsActive()); 408 EXPECT_TRUE(f2_.IsActive()); 409 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 410 411 answer[0].key_params = kTestKeyParams4; 412 answer[0].tag = 2; 413 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 414 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 415 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 416 EXPECT_TRUE(f1_.IsActive()); 417 EXPECT_TRUE(f2_.IsActive()); 418 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); 419 } 420 421 // Test that a provisional answer doesn't need to contain a crypto. 422 TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) { 423 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 424 std::vector<CryptoParams> answer; 425 426 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 427 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 428 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); 429 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); 430 EXPECT_FALSE(f1_.IsActive()); 431 EXPECT_FALSE(f2_.IsActive()); 432 433 answer.push_back(kTestCryptoParams2); 434 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 435 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 436 EXPECT_TRUE(f1_.IsActive()); 437 EXPECT_TRUE(f2_.IsActive()); 438 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 439 } 440 441 // Test that we can disable encryption. 442 TEST_F(SrtpFilterTest, TestDisableEncryption) { 443 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 444 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 445 446 TestSetParams(offer, answer); 447 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 448 449 offer.clear(); 450 answer.clear(); 451 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 452 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 453 EXPECT_TRUE(f1_.IsActive()); 454 EXPECT_TRUE(f2_.IsActive()); 455 456 // Test that the old keys are valid until the negotiation is complete. 457 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 458 459 // Complete the negotiation. 460 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 461 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 462 463 EXPECT_FALSE(f1_.IsActive()); 464 EXPECT_FALSE(f2_.IsActive()); 465 } 466 467 // Test directly setting the params with AES_CM_128_HMAC_SHA1_80 468 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { 469 EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80, 470 kTestKey1, kTestKeyLen, 471 CS_AES_CM_128_HMAC_SHA1_80, 472 kTestKey2, kTestKeyLen)); 473 EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80, 474 kTestKey2, kTestKeyLen, 475 CS_AES_CM_128_HMAC_SHA1_80, 476 kTestKey1, kTestKeyLen)); 477 EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80, 478 kTestKey1, kTestKeyLen, 479 CS_AES_CM_128_HMAC_SHA1_80, 480 kTestKey2, kTestKeyLen)); 481 EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80, 482 kTestKey2, kTestKeyLen, 483 CS_AES_CM_128_HMAC_SHA1_80, 484 kTestKey1, kTestKeyLen)); 485 EXPECT_TRUE(f1_.IsActive()); 486 EXPECT_TRUE(f2_.IsActive()); 487 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 488 } 489 490 // Test directly setting the params with AES_CM_128_HMAC_SHA1_32 491 TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { 492 EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32, 493 kTestKey1, kTestKeyLen, 494 CS_AES_CM_128_HMAC_SHA1_32, 495 kTestKey2, kTestKeyLen)); 496 EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32, 497 kTestKey2, kTestKeyLen, 498 CS_AES_CM_128_HMAC_SHA1_32, 499 kTestKey1, kTestKeyLen)); 500 EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32, 501 kTestKey1, kTestKeyLen, 502 CS_AES_CM_128_HMAC_SHA1_32, 503 kTestKey2, kTestKeyLen)); 504 EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32, 505 kTestKey2, kTestKeyLen, 506 CS_AES_CM_128_HMAC_SHA1_32, 507 kTestKey1, kTestKeyLen)); 508 EXPECT_TRUE(f1_.IsActive()); 509 EXPECT_TRUE(f2_.IsActive()); 510 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); 511 } 512 513 // Test directly setting the params with bogus keys 514 TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { 515 EXPECT_FALSE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80, 516 kTestKey1, kTestKeyLen - 1, 517 CS_AES_CM_128_HMAC_SHA1_80, 518 kTestKey1, kTestKeyLen - 1)); 519 EXPECT_FALSE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80, 520 kTestKey1, kTestKeyLen - 1, 521 CS_AES_CM_128_HMAC_SHA1_80, 522 kTestKey1, kTestKeyLen - 1)); 523 } 524 525 class SrtpSessionTest : public testing::Test { 526 protected: 527 virtual void SetUp() { 528 rtp_len_ = sizeof(kPcmuFrame); 529 rtcp_len_ = sizeof(kRtcpReport); 530 memcpy(rtp_packet_, kPcmuFrame, rtp_len_); 531 memcpy(rtcp_packet_, kRtcpReport, rtcp_len_); 532 } 533 void TestProtectRtp(const std::string& cs) { 534 int out_len = 0; 535 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, 536 sizeof(rtp_packet_), &out_len)); 537 EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs)); 538 EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_)); 539 rtp_len_ = out_len; 540 } 541 void TestProtectRtcp(const std::string& cs) { 542 int out_len = 0; 543 EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, 544 sizeof(rtcp_packet_), &out_len)); 545 EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs)); // NOLINT 546 EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_)); 547 rtcp_len_ = out_len; 548 } 549 void TestUnprotectRtp(const std::string& cs) { 550 int out_len = 0, expected_len = sizeof(kPcmuFrame); 551 EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); 552 EXPECT_EQ(expected_len, out_len); 553 EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len)); 554 } 555 void TestUnprotectRtcp(const std::string& cs) { 556 int out_len = 0, expected_len = sizeof(kRtcpReport); 557 EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); 558 EXPECT_EQ(expected_len, out_len); 559 EXPECT_EQ(0, memcmp(rtcp_packet_, kRtcpReport, out_len)); 560 } 561 cricket::SrtpSession s1_; 562 cricket::SrtpSession s2_; 563 char rtp_packet_[sizeof(kPcmuFrame) + 10]; 564 char rtcp_packet_[sizeof(kRtcpReport) + 4 + 10]; 565 int rtp_len_; 566 int rtcp_len_; 567 }; 568 569 // Test that we can set up the session and keys properly. 570 TEST_F(SrtpSessionTest, TestGoodSetup) { 571 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 572 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 573 } 574 575 // Test that we can't change the keys once set. 576 TEST_F(SrtpSessionTest, TestBadSetup) { 577 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 578 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 579 EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen)); 580 EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen)); 581 } 582 583 // Test that we fail keys of the wrong length. 584 TEST_F(SrtpSessionTest, TestKeysTooShort) { 585 EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1)); 586 EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1)); 587 } 588 589 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80. 590 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { 591 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 592 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 593 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); 594 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); 595 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80); 596 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80); 597 } 598 599 // Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32. 600 TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { 601 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen)); 602 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen)); 603 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32); 604 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32); 605 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32); 606 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32); 607 } 608 609 // Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods. 610 TEST_F(SrtpSessionTest, TestTamperReject) { 611 int out_len; 612 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 613 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 614 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); 615 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); 616 rtp_packet_[0] = 0x12; 617 rtcp_packet_[1] = 0x34; 618 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); 619 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); 620 } 621 622 // Test that we fail to unprotect if the payloads are not authenticated. 623 TEST_F(SrtpSessionTest, TestUnencryptReject) { 624 int out_len; 625 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 626 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 627 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); 628 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); 629 } 630 631 // Test that we fail when using buffers that are too small. 632 TEST_F(SrtpSessionTest, TestBuffersTooSmall) { 633 int out_len; 634 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 635 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, 636 sizeof(rtp_packet_) - 10, &out_len)); 637 EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, 638 sizeof(rtcp_packet_) - 14, &out_len)); 639 } 640 641 TEST_F(SrtpSessionTest, TestReplay) { 642 static const uint16 kMaxSeqnum = static_cast<uint16>(-1); 643 static const uint16 seqnum_big = 62275; 644 static const uint16 seqnum_small = 10; 645 static const uint16 replay_window = 1024; 646 int out_len; 647 648 EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 649 EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen)); 650 651 // Initial sequence number. 652 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum_big); 653 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 654 &out_len)); 655 656 // Replay within the 1024 window should succeed. 657 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, 658 seqnum_big - replay_window + 1); 659 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 660 &out_len)); 661 662 // Replay out side of the 1024 window should fail. 663 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, 664 seqnum_big - replay_window - 1); 665 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 666 &out_len)); 667 668 // Increment sequence number to a small number. 669 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum_small); 670 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 671 &out_len)); 672 673 // Replay around 0 but out side of the 1024 window should fail. 674 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, 675 kMaxSeqnum + seqnum_small - replay_window - 1); 676 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 677 &out_len)); 678 679 // Replay around 0 but within the 1024 window should succeed. 680 for (uint16 seqnum = 65000; seqnum < 65003; ++seqnum) { 681 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum); 682 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 683 &out_len)); 684 } 685 686 // Go back to normal sequence nubmer. 687 // NOTE: without the fix in libsrtp, this would fail. This is because 688 // without the fix, the loop above would keep incrementing local sequence 689 // number in libsrtp, eventually the new sequence number would go out side 690 // of the window. 691 talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, 692 seqnum_small + 1); 693 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 694 &out_len)); 695 } 696 697 class SrtpStatTest 698 : public testing::Test, 699 public sigslot::has_slots<> { 700 public: 701 SrtpStatTest() 702 : ssrc_(0U), 703 mode_(-1), 704 error_(cricket::SrtpFilter::ERROR_NONE) { 705 srtp_stat_.SignalSrtpError.connect(this, &SrtpStatTest::OnSrtpError); 706 srtp_stat_.set_signal_silent_time(200); 707 } 708 709 protected: 710 void OnSrtpError(uint32 ssrc, cricket::SrtpFilter::Mode mode, 711 cricket::SrtpFilter::Error error) { 712 ssrc_ = ssrc; 713 mode_ = mode; 714 error_ = error; 715 } 716 void Reset() { 717 ssrc_ = 0U; 718 mode_ = -1; 719 error_ = cricket::SrtpFilter::ERROR_NONE; 720 } 721 722 cricket::SrtpStat srtp_stat_; 723 uint32 ssrc_; 724 int mode_; 725 cricket::SrtpFilter::Error error_; 726 727 private: 728 DISALLOW_COPY_AND_ASSIGN(SrtpStatTest); 729 }; 730 731 TEST_F(SrtpStatTest, TestProtectRtpError) { 732 Reset(); 733 srtp_stat_.AddProtectRtpResult(1, err_status_ok); 734 EXPECT_EQ(0U, ssrc_); 735 EXPECT_EQ(-1, mode_); 736 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 737 Reset(); 738 srtp_stat_.AddProtectRtpResult(1, err_status_auth_fail); 739 EXPECT_EQ(1U, ssrc_); 740 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 741 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_); 742 Reset(); 743 srtp_stat_.AddProtectRtpResult(1, err_status_fail); 744 EXPECT_EQ(1U, ssrc_); 745 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 746 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 747 // Within 200ms, the error will not be triggered. 748 Reset(); 749 srtp_stat_.AddProtectRtpResult(1, err_status_fail); 750 EXPECT_EQ(0U, ssrc_); 751 EXPECT_EQ(-1, mode_); 752 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 753 // Now the error will be triggered again. 754 Reset(); 755 talk_base::Thread::Current()->SleepMs(210); 756 srtp_stat_.AddProtectRtpResult(1, err_status_fail); 757 EXPECT_EQ(1U, ssrc_); 758 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 759 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 760 } 761 762 TEST_F(SrtpStatTest, TestUnprotectRtpError) { 763 Reset(); 764 srtp_stat_.AddUnprotectRtpResult(1, err_status_ok); 765 EXPECT_EQ(0U, ssrc_); 766 EXPECT_EQ(-1, mode_); 767 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 768 Reset(); 769 srtp_stat_.AddUnprotectRtpResult(1, err_status_auth_fail); 770 EXPECT_EQ(1U, ssrc_); 771 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 772 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_); 773 Reset(); 774 srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_fail); 775 EXPECT_EQ(1U, ssrc_); 776 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 777 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_); 778 Reset(); 779 talk_base::Thread::Current()->SleepMs(210); 780 srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_old); 781 EXPECT_EQ(1U, ssrc_); 782 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 783 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_); 784 Reset(); 785 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail); 786 EXPECT_EQ(1U, ssrc_); 787 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 788 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 789 // Within 200ms, the error will not be triggered. 790 Reset(); 791 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail); 792 EXPECT_EQ(0U, ssrc_); 793 EXPECT_EQ(-1, mode_); 794 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 795 // Now the error will be triggered again. 796 Reset(); 797 talk_base::Thread::Current()->SleepMs(210); 798 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail); 799 EXPECT_EQ(1U, ssrc_); 800 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 801 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 802 } 803 804 TEST_F(SrtpStatTest, TestProtectRtcpError) { 805 Reset(); 806 srtp_stat_.AddProtectRtcpResult(err_status_ok); 807 EXPECT_EQ(-1, mode_); 808 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 809 Reset(); 810 srtp_stat_.AddProtectRtcpResult(err_status_auth_fail); 811 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 812 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_); 813 Reset(); 814 srtp_stat_.AddProtectRtcpResult(err_status_fail); 815 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 816 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 817 // Within 200ms, the error will not be triggered. 818 Reset(); 819 srtp_stat_.AddProtectRtcpResult(err_status_fail); 820 EXPECT_EQ(-1, mode_); 821 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 822 // Now the error will be triggered again. 823 Reset(); 824 talk_base::Thread::Current()->SleepMs(210); 825 srtp_stat_.AddProtectRtcpResult(err_status_fail); 826 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 827 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 828 } 829 830 TEST_F(SrtpStatTest, TestUnprotectRtcpError) { 831 Reset(); 832 srtp_stat_.AddUnprotectRtcpResult(err_status_ok); 833 EXPECT_EQ(-1, mode_); 834 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 835 Reset(); 836 srtp_stat_.AddUnprotectRtcpResult(err_status_auth_fail); 837 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 838 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_); 839 Reset(); 840 srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail); 841 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 842 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_); 843 Reset(); 844 talk_base::Thread::Current()->SleepMs(210); 845 srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail); 846 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 847 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_); 848 Reset(); 849 srtp_stat_.AddUnprotectRtcpResult(err_status_fail); 850 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 851 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 852 // Within 200ms, the error will not be triggered. 853 Reset(); 854 srtp_stat_.AddUnprotectRtcpResult(err_status_fail); 855 EXPECT_EQ(-1, mode_); 856 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 857 // Now the error will be triggered again. 858 Reset(); 859 talk_base::Thread::Current()->SleepMs(210); 860 srtp_stat_.AddUnprotectRtcpResult(err_status_fail); 861 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 862 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 863 } 864
