1d18304287dbabc7835be771400b85d4ae8b63de6San Mehat/* 2d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * libjingle 3d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * Copyright 2004 Google Inc. 4d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * 5d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * Redistribution and use in source and binary forms, with or without 6d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * modification, are permitted provided that the following conditions are met: 7d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * 8d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * 1. Redistributions of source code must retain the above copyright notice, 9d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * this list of conditions and the following disclaimer. 10d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * 2. Redistributions in binary form must reproduce the above copyright notice, 11d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * this list of conditions and the following disclaimer in the documentation 12d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * and/or other materials provided with the distribution. 13d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * 3. The name of the author may not be used to endorse or promote products 14d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * derived from this software without specific prior written permission. 15d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * 16d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 219ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 239d10b341a0ba46f108cb96e46691197d778cbc06San Mehat * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 249ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25d18304287dbabc7835be771400b85d4ae8b63de6San Mehat * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26d18304287dbabc7835be771400b85d4ae8b63de6San Mehat */ 279d10b341a0ba46f108cb96e46691197d778cbc06San Mehat 289ff78fb7da7158f5bd7c86d89a842691820259cfSan Mehat#include "talk/media/base/cryptoparams.h" 299d10b341a0ba46f108cb96e46691197d778cbc06San Mehat#include "talk/media/base/fakertp.h" 30d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#include "webrtc/p2p/base/sessiondescription.h" 31d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#include "talk/session/media/srtpfilter.h" 32d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#include "webrtc/base/byteorder.h" 33d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#include "webrtc/base/gunit.h" 34d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#include "webrtc/base/thread.h" 35d18304287dbabc7835be771400b85d4ae8b63de6San Mehatextern "C" { 36d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#ifdef SRTP_RELATIVE_PATH 37d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#include "crypto/include/err.h" 38d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#else 39d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#include "third_party/libsrtp/srtp/crypto/include/err.h" 40d18304287dbabc7835be771400b85d4ae8b63de6San Mehat#endif 41d18304287dbabc7835be771400b85d4ae8b63de6San Mehat} 42d18304287dbabc7835be771400b85d4ae8b63de6San Mehat 43d18304287dbabc7835be771400b85d4ae8b63de6San Mehatusing rtc::CS_AES_CM_128_HMAC_SHA1_80; 44d18304287dbabc7835be771400b85d4ae8b63de6San Mehatusing rtc::CS_AES_CM_128_HMAC_SHA1_32; 45d18304287dbabc7835be771400b85d4ae8b63de6San Mehatusing cricket::CryptoParams; 46d18304287dbabc7835be771400b85d4ae8b63de6San Mehatusing cricket::CS_LOCAL; 47d18304287dbabc7835be771400b85d4ae8b63de6San Mehatusing cricket::CS_REMOTE; 48d18304287dbabc7835be771400b85d4ae8b63de6San Mehat 49d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic const uint8_t kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234"; 50d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic const uint8_t kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA"; 51d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic const int kTestKeyLen = 30; 52d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic const std::string kTestKeyParams1 = 53d18304287dbabc7835be771400b85d4ae8b63de6San Mehat "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; 54d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic const std::string kTestKeyParams2 = 55d18304287dbabc7835be771400b85d4ae8b63de6San Mehat "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; 56d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic const std::string kTestKeyParams3 = 57d18304287dbabc7835be771400b85d4ae8b63de6San Mehat "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz"; 58d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic const std::string kTestKeyParams4 = 59d18304287dbabc7835be771400b85d4ae8b63de6San Mehat "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; 60d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic const cricket::CryptoParams kTestCryptoParams1( 61d18304287dbabc7835be771400b85d4ae8b63de6San Mehat 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams1, ""); 62d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic const cricket::CryptoParams kTestCryptoParams2( 63d18304287dbabc7835be771400b85d4ae8b63de6San Mehat 1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams2, ""); 64d18304287dbabc7835be771400b85d4ae8b63de6San Mehat 65d18304287dbabc7835be771400b85d4ae8b63de6San Mehatstatic int rtp_auth_tag_len(const std::string& cs) { 66 return (cs == CS_AES_CM_128_HMAC_SHA1_32) ? 4 : 10; 67} 68static int rtcp_auth_tag_len(const std::string& cs) { 69 return 10; 70} 71 72class SrtpFilterTest : public testing::Test { 73 protected: 74 SrtpFilterTest() 75 // Need to initialize |sequence_number_|, the value does not matter. 76 : sequence_number_(1) { 77 } 78 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) { 79 std::vector<CryptoParams> vec; 80 vec.push_back(params); 81 return vec; 82 } 83 void TestSetParams(const std::vector<CryptoParams>& params1, 84 const std::vector<CryptoParams>& params2) { 85 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL)); 86 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE)); 87 EXPECT_FALSE(f1_.IsActive()); 88 EXPECT_FALSE(f2_.IsActive()); 89 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL)); 90 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE)); 91 EXPECT_TRUE(f1_.IsActive()); 92 EXPECT_TRUE(f2_.IsActive()); 93 } 94 void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) { 95 char rtp_packet[sizeof(kPcmuFrame) + 10]; 96 char original_rtp_packet[sizeof(kPcmuFrame)]; 97 char rtcp_packet[sizeof(kRtcpReport) + 4 + 10]; 98 int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len; 99 memcpy(rtp_packet, kPcmuFrame, rtp_len); 100 // In order to be able to run this test function multiple times we can not 101 // use the same sequence number twice. Increase the sequence number by one. 102 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet) + 2, 103 ++sequence_number_); 104 memcpy(original_rtp_packet, rtp_packet, rtp_len); 105 memcpy(rtcp_packet, kRtcpReport, rtcp_len); 106 107 EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len, 108 sizeof(rtp_packet), &out_len)); 109 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1)); 110 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); 111 EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len)); 112 EXPECT_EQ(rtp_len, out_len); 113 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); 114 115 EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len, 116 sizeof(rtp_packet), &out_len)); 117 EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2)); 118 EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); 119 EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len)); 120 EXPECT_EQ(rtp_len, out_len); 121 EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len)); 122 123 EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len, 124 sizeof(rtcp_packet), &out_len)); 125 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT 126 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); 127 EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); 128 EXPECT_EQ(rtcp_len, out_len); 129 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); 130 131 EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len, 132 sizeof(rtcp_packet), &out_len)); 133 EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT 134 EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); 135 EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len)); 136 EXPECT_EQ(rtcp_len, out_len); 137 EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len)); 138 } 139 cricket::SrtpFilter f1_; 140 cricket::SrtpFilter f2_; 141 int sequence_number_; 142}; 143 144// Test that we can set up the session and keys properly. 145TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) { 146 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 147 EXPECT_FALSE(f1_.IsActive()); 148 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 149 EXPECT_TRUE(f1_.IsActive()); 150} 151 152// Test that we can set up things with multiple params. 153TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) { 154 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 155 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 156 offer.push_back(kTestCryptoParams1); 157 offer[1].tag = 2; 158 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 159 answer[0].tag = 2; 160 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 161 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 162 EXPECT_FALSE(f1_.IsActive()); 163 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 164 EXPECT_TRUE(f1_.IsActive()); 165} 166 167// Test that we handle the cases where crypto is not desired. 168TEST_F(SrtpFilterTest, TestGoodSetupNoCipherSuites) { 169 std::vector<CryptoParams> offer, answer; 170 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 171 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 172 EXPECT_FALSE(f1_.IsActive()); 173} 174 175// Test that we handle the cases where crypto is not desired by the remote side. 176TEST_F(SrtpFilterTest, TestGoodSetupNoAnswerCipherSuites) { 177 std::vector<CryptoParams> answer; 178 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 179 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 180 EXPECT_FALSE(f1_.IsActive()); 181} 182 183// Test that we fail if we call the functions the wrong way. 184TEST_F(SrtpFilterTest, TestBadSetup) { 185 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 186 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 187 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL)); 188 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 189 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 190 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL)); 191 EXPECT_FALSE(f1_.IsActive()); 192} 193 194// Test that we can set offer multiple times from the same source. 195TEST_F(SrtpFilterTest, TestGoodSetupMultipleOffers) { 196 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 197 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 198 EXPECT_FALSE(f1_.IsActive()); 199 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 200 EXPECT_TRUE(f1_.IsActive()); 201 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 202 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 203 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 204 205 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE)); 206 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 207 EXPECT_FALSE(f2_.IsActive()); 208 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 209 EXPECT_TRUE(f2_.IsActive()); 210 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE)); 211 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 212 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 213} 214// Test that we can't set offer multiple times from different sources. 215TEST_F(SrtpFilterTest, TestBadSetupMultipleOffers) { 216 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 217 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 218 EXPECT_FALSE(f1_.IsActive()); 219 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams1), CS_REMOTE)); 220 EXPECT_TRUE(f1_.IsActive()); 221 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 222 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE)); 223 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 224 225 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 226 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 227 EXPECT_FALSE(f2_.IsActive()); 228 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 229 EXPECT_TRUE(f2_.IsActive()); 230 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 231 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 232 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL)); 233} 234 235// Test that we fail if we have params in the answer when none were offered. 236TEST_F(SrtpFilterTest, TestNoAnswerCipherSuites) { 237 std::vector<CryptoParams> offer; 238 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 239 EXPECT_FALSE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE)); 240 EXPECT_FALSE(f1_.IsActive()); 241} 242 243// Test that we fail if we have too many params in our answer. 244TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) { 245 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 246 answer.push_back(kTestCryptoParams2); 247 answer[1].tag = 2; 248 answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 249 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL)); 250 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 251 EXPECT_FALSE(f1_.IsActive()); 252} 253 254// Test that we fail if we don't support the cipher-suite. 255TEST_F(SrtpFilterTest, TestInvalidCipherSuite) { 256 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 257 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 258 offer[0].cipher_suite = answer[0].cipher_suite = "FOO"; 259 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 260 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 261 EXPECT_FALSE(f1_.IsActive()); 262} 263 264// Test that we fail if we can't agree on a tag. 265TEST_F(SrtpFilterTest, TestNoMatchingTag) { 266 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 267 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 268 answer[0].tag = 99; 269 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 270 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 271 EXPECT_FALSE(f1_.IsActive()); 272} 273 274// Test that we fail if we can't agree on a cipher-suite. 275TEST_F(SrtpFilterTest, TestNoMatchingCipherSuite) { 276 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 277 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 278 answer[0].tag = 2; 279 answer[0].cipher_suite = "FOO"; 280 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 281 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 282 EXPECT_FALSE(f1_.IsActive()); 283} 284 285// Test that we fail keys with bad base64 content. 286TEST_F(SrtpFilterTest, TestInvalidKeyData) { 287 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 288 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 289 answer[0].key_params = "inline:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"; 290 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 291 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 292 EXPECT_FALSE(f1_.IsActive()); 293} 294 295// Test that we fail keys with the wrong key-method. 296TEST_F(SrtpFilterTest, TestWrongKeyMethod) { 297 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 298 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 299 answer[0].key_params = "outline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR"; 300 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 301 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 302 EXPECT_FALSE(f1_.IsActive()); 303} 304 305// Test that we fail keys of the wrong length. 306TEST_F(SrtpFilterTest, TestKeyTooShort) { 307 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 308 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 309 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtx"; 310 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 311 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 312 EXPECT_FALSE(f1_.IsActive()); 313} 314 315// Test that we fail keys of the wrong length. 316TEST_F(SrtpFilterTest, TestKeyTooLong) { 317 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 318 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 319 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBRABCD"; 320 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 321 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 322 EXPECT_FALSE(f1_.IsActive()); 323} 324 325// Test that we fail keys with lifetime or MKI set (since we don't support) 326TEST_F(SrtpFilterTest, TestUnsupportedOptions) { 327 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 328 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 329 answer[0].key_params = 330 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4"; 331 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 332 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE)); 333 EXPECT_FALSE(f1_.IsActive()); 334} 335 336// Test that we can encrypt/decrypt after setting the same CryptoParams again on 337// one side. 338TEST_F(SrtpFilterTest, TestSettingSameKeyOnOneSide) { 339 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 340 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 341 TestSetParams(offer, answer); 342 343 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, 344 CS_AES_CM_128_HMAC_SHA1_80); 345 346 // Re-applying the same keys on one end and it should not reset the ROC. 347 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 348 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 349 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 350} 351 352// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80. 353TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { 354 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 355 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 356 offer.push_back(kTestCryptoParams1); 357 offer[1].tag = 2; 358 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 359 TestSetParams(offer, answer); 360 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 361} 362 363// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32. 364TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { 365 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 366 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 367 offer.push_back(kTestCryptoParams1); 368 offer[1].tag = 2; 369 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 370 answer[0].tag = 2; 371 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 372 TestSetParams(offer, answer); 373 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); 374} 375 376// Test that we can change encryption parameters. 377TEST_F(SrtpFilterTest, TestChangeParameters) { 378 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 379 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 380 381 TestSetParams(offer, answer); 382 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 383 384 // Change the key parameters and cipher_suite. 385 offer[0].key_params = kTestKeyParams3; 386 offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 387 answer[0].key_params = kTestKeyParams4; 388 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 389 390 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 391 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 392 EXPECT_TRUE(f1_.IsActive()); 393 EXPECT_TRUE(f1_.IsActive()); 394 395 // Test that the old keys are valid until the negotiation is complete. 396 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 397 398 // Complete the negotiation and test that we can still understand each other. 399 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 400 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 401 402 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); 403} 404 405// Test that we can send and receive provisional answers with crypto enabled. 406// Also test that we can change the crypto. 407TEST_F(SrtpFilterTest, TestProvisionalAnswer) { 408 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 409 offer.push_back(kTestCryptoParams1); 410 offer[1].tag = 2; 411 offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 412 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 413 414 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 415 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 416 EXPECT_FALSE(f1_.IsActive()); 417 EXPECT_FALSE(f2_.IsActive()); 418 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); 419 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); 420 EXPECT_TRUE(f1_.IsActive()); 421 EXPECT_TRUE(f2_.IsActive()); 422 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 423 424 answer[0].key_params = kTestKeyParams4; 425 answer[0].tag = 2; 426 answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32; 427 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 428 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 429 EXPECT_TRUE(f1_.IsActive()); 430 EXPECT_TRUE(f2_.IsActive()); 431 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); 432} 433 434// Test that a provisional answer doesn't need to contain a crypto. 435TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) { 436 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 437 std::vector<CryptoParams> answer; 438 439 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 440 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 441 EXPECT_FALSE(f1_.IsActive()); 442 EXPECT_FALSE(f2_.IsActive()); 443 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); 444 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); 445 EXPECT_FALSE(f1_.IsActive()); 446 EXPECT_FALSE(f2_.IsActive()); 447 448 answer.push_back(kTestCryptoParams2); 449 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 450 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 451 EXPECT_TRUE(f1_.IsActive()); 452 EXPECT_TRUE(f2_.IsActive()); 453 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 454} 455 456// Test that if we get a new local offer after a provisional answer 457// with no crypto, that we are in an inactive state. 458TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) { 459 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 460 std::vector<CryptoParams> answer; 461 462 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 463 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 464 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE)); 465 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL)); 466 EXPECT_FALSE(f1_.IsActive()); 467 EXPECT_FALSE(f2_.IsActive()); 468 // The calls to set an offer after a provisional answer fail, so the 469 // state doesn't change. 470 EXPECT_FALSE(f1_.SetOffer(offer, CS_LOCAL)); 471 EXPECT_FALSE(f2_.SetOffer(offer, CS_REMOTE)); 472 EXPECT_FALSE(f1_.IsActive()); 473 EXPECT_FALSE(f2_.IsActive()); 474 475 answer.push_back(kTestCryptoParams2); 476 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 477 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 478 EXPECT_TRUE(f1_.IsActive()); 479 EXPECT_TRUE(f2_.IsActive()); 480 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 481} 482 483// Test that we can disable encryption. 484TEST_F(SrtpFilterTest, TestDisableEncryption) { 485 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1)); 486 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2)); 487 488 TestSetParams(offer, answer); 489 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 490 491 offer.clear(); 492 answer.clear(); 493 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL)); 494 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE)); 495 EXPECT_TRUE(f1_.IsActive()); 496 EXPECT_TRUE(f2_.IsActive()); 497 498 // Test that the old keys are valid until the negotiation is complete. 499 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 500 501 // Complete the negotiation. 502 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL)); 503 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE)); 504 505 EXPECT_FALSE(f1_.IsActive()); 506 EXPECT_FALSE(f2_.IsActive()); 507} 508 509// Test directly setting the params with AES_CM_128_HMAC_SHA1_80 510TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) { 511 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 512 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, 513 kTestKey2, kTestKeyLen)); 514 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, 515 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, 516 kTestKey1, kTestKeyLen)); 517 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 518 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, 519 kTestKey2, kTestKeyLen)); 520 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, 521 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_80, 522 kTestKey1, kTestKeyLen)); 523 EXPECT_TRUE(f1_.IsActive()); 524 EXPECT_TRUE(f2_.IsActive()); 525 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80); 526} 527 528// Test directly setting the params with AES_CM_128_HMAC_SHA1_32 529TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) { 530 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, 531 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, 532 kTestKey2, kTestKeyLen)); 533 EXPECT_TRUE(f2_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, 534 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, 535 kTestKey1, kTestKeyLen)); 536 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, 537 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, 538 kTestKey2, kTestKeyLen)); 539 EXPECT_TRUE(f2_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey2, 540 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, 541 kTestKey1, kTestKeyLen)); 542 EXPECT_TRUE(f1_.IsActive()); 543 EXPECT_TRUE(f2_.IsActive()); 544 TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32); 545} 546 547// Test directly setting the params with bogus keys 548TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) { 549 EXPECT_FALSE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 550 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, 551 kTestKey1, kTestKeyLen - 1)); 552 EXPECT_FALSE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 553 kTestKeyLen - 1, rtc::SRTP_AES128_CM_SHA1_80, 554 kTestKey1, kTestKeyLen - 1)); 555} 556 557#if defined(ENABLE_EXTERNAL_AUTH) 558TEST_F(SrtpFilterTest, TestGetSendAuthParams) { 559 EXPECT_TRUE(f1_.SetRtpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, 560 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, 561 kTestKey2, kTestKeyLen)); 562 EXPECT_TRUE(f1_.SetRtcpParams(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, 563 kTestKeyLen, rtc::SRTP_AES128_CM_SHA1_32, 564 kTestKey2, kTestKeyLen)); 565 uint8_t* auth_key = NULL; 566 int auth_key_len = 0, auth_tag_len = 0; 567 EXPECT_TRUE(f1_.GetRtpAuthParams(&auth_key, &auth_key_len, &auth_tag_len)); 568 EXPECT_TRUE(auth_key != NULL); 569 EXPECT_EQ(20, auth_key_len); 570 EXPECT_EQ(4, auth_tag_len); 571} 572#endif 573 574class SrtpSessionTest : public testing::Test { 575 protected: 576 virtual void SetUp() { 577 rtp_len_ = sizeof(kPcmuFrame); 578 rtcp_len_ = sizeof(kRtcpReport); 579 memcpy(rtp_packet_, kPcmuFrame, rtp_len_); 580 memcpy(rtcp_packet_, kRtcpReport, rtcp_len_); 581 } 582 void TestProtectRtp(const std::string& cs) { 583 int out_len = 0; 584 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, 585 sizeof(rtp_packet_), &out_len)); 586 EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs)); 587 EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_)); 588 rtp_len_ = out_len; 589 } 590 void TestProtectRtcp(const std::string& cs) { 591 int out_len = 0; 592 EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, 593 sizeof(rtcp_packet_), &out_len)); 594 EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs)); // NOLINT 595 EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_)); 596 rtcp_len_ = out_len; 597 } 598 void TestUnprotectRtp(const std::string& cs) { 599 int out_len = 0, expected_len = sizeof(kPcmuFrame); 600 EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); 601 EXPECT_EQ(expected_len, out_len); 602 EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len)); 603 } 604 void TestUnprotectRtcp(const std::string& cs) { 605 int out_len = 0, expected_len = sizeof(kRtcpReport); 606 EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); 607 EXPECT_EQ(expected_len, out_len); 608 EXPECT_EQ(0, memcmp(rtcp_packet_, kRtcpReport, out_len)); 609 } 610 cricket::SrtpSession s1_; 611 cricket::SrtpSession s2_; 612 char rtp_packet_[sizeof(kPcmuFrame) + 10]; 613 char rtcp_packet_[sizeof(kRtcpReport) + 4 + 10]; 614 int rtp_len_; 615 int rtcp_len_; 616}; 617 618// Test that we can set up the session and keys properly. 619TEST_F(SrtpSessionTest, TestGoodSetup) { 620 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 621 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 622} 623 624// Test that we can't change the keys once set. 625TEST_F(SrtpSessionTest, TestBadSetup) { 626 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 627 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 628 EXPECT_FALSE( 629 s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen)); 630 EXPECT_FALSE( 631 s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey2, kTestKeyLen)); 632} 633 634// Test that we fail keys of the wrong length. 635TEST_F(SrtpSessionTest, TestKeysTooShort) { 636 EXPECT_FALSE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1)); 637 EXPECT_FALSE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, 1)); 638} 639 640// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80. 641TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) { 642 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 643 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 644 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); 645 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); 646 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80); 647 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80); 648} 649 650// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32. 651TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) { 652 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); 653 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); 654 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32); 655 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32); 656 TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32); 657 TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32); 658} 659 660TEST_F(SrtpSessionTest, TestGetSendStreamPacketIndex) { 661 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_32, kTestKey1, kTestKeyLen)); 662 int64_t index; 663 int out_len = 0; 664 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, 665 sizeof(rtp_packet_), &out_len, &index)); 666 // |index| will be shifted by 16. 667 int64_t be64_index = static_cast<int64_t>(rtc::NetworkToHost64(1 << 16)); 668 EXPECT_EQ(be64_index, index); 669} 670 671// Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods. 672TEST_F(SrtpSessionTest, TestTamperReject) { 673 int out_len; 674 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 675 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 676 TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80); 677 TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80); 678 rtp_packet_[0] = 0x12; 679 rtcp_packet_[1] = 0x34; 680 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); 681 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); 682} 683 684// Test that we fail to unprotect if the payloads are not authenticated. 685TEST_F(SrtpSessionTest, TestUnencryptReject) { 686 int out_len; 687 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 688 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 689 EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len)); 690 EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len)); 691} 692 693// Test that we fail when using buffers that are too small. 694TEST_F(SrtpSessionTest, TestBuffersTooSmall) { 695 int out_len; 696 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 697 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, 698 sizeof(rtp_packet_) - 10, &out_len)); 699 EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_, 700 sizeof(rtcp_packet_) - 14, &out_len)); 701} 702 703TEST_F(SrtpSessionTest, TestReplay) { 704 static const uint16_t kMaxSeqnum = static_cast<uint16_t>(-1); 705 static const uint16_t seqnum_big = 62275; 706 static const uint16_t seqnum_small = 10; 707 static const uint16_t replay_window = 1024; 708 int out_len; 709 710 EXPECT_TRUE(s1_.SetSend(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 711 EXPECT_TRUE(s2_.SetRecv(rtc::SRTP_AES128_CM_SHA1_80, kTestKey1, kTestKeyLen)); 712 713 // Initial sequence number. 714 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_big); 715 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 716 &out_len)); 717 718 // Replay within the 1024 window should succeed. 719 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, 720 seqnum_big - replay_window + 1); 721 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 722 &out_len)); 723 724 // Replay out side of the 1024 window should fail. 725 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, 726 seqnum_big - replay_window - 1); 727 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 728 &out_len)); 729 730 // Increment sequence number to a small number. 731 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_small); 732 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 733 &out_len)); 734 735 // Replay around 0 but out side of the 1024 window should fail. 736 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, 737 kMaxSeqnum + seqnum_small - replay_window - 1); 738 EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 739 &out_len)); 740 741 // Replay around 0 but within the 1024 window should succeed. 742 for (uint16_t seqnum = 65000; seqnum < 65003; ++seqnum) { 743 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum); 744 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 745 &out_len)); 746 } 747 748 // Go back to normal sequence nubmer. 749 // NOTE: without the fix in libsrtp, this would fail. This is because 750 // without the fix, the loop above would keep incrementing local sequence 751 // number in libsrtp, eventually the new sequence number would go out side 752 // of the window. 753 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_) + 2, seqnum_small + 1); 754 EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_), 755 &out_len)); 756} 757 758class SrtpStatTest 759 : public testing::Test, 760 public sigslot::has_slots<> { 761 public: 762 SrtpStatTest() 763 : ssrc_(0U), 764 mode_(-1), 765 error_(cricket::SrtpFilter::ERROR_NONE) { 766 srtp_stat_.SignalSrtpError.connect(this, &SrtpStatTest::OnSrtpError); 767 srtp_stat_.set_signal_silent_time(200); 768 } 769 770 protected: 771 void OnSrtpError(uint32_t ssrc, 772 cricket::SrtpFilter::Mode mode, 773 cricket::SrtpFilter::Error error) { 774 ssrc_ = ssrc; 775 mode_ = mode; 776 error_ = error; 777 } 778 void Reset() { 779 ssrc_ = 0U; 780 mode_ = -1; 781 error_ = cricket::SrtpFilter::ERROR_NONE; 782 } 783 784 cricket::SrtpStat srtp_stat_; 785 uint32_t ssrc_; 786 int mode_; 787 cricket::SrtpFilter::Error error_; 788 789 private: 790 RTC_DISALLOW_COPY_AND_ASSIGN(SrtpStatTest); 791}; 792 793TEST_F(SrtpStatTest, TestProtectRtpError) { 794 Reset(); 795 srtp_stat_.AddProtectRtpResult(1, err_status_ok); 796 EXPECT_EQ(0U, ssrc_); 797 EXPECT_EQ(-1, mode_); 798 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 799 Reset(); 800 srtp_stat_.AddProtectRtpResult(1, err_status_auth_fail); 801 EXPECT_EQ(1U, ssrc_); 802 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 803 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_); 804 Reset(); 805 srtp_stat_.AddProtectRtpResult(1, err_status_fail); 806 EXPECT_EQ(1U, ssrc_); 807 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 808 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 809 // Within 200ms, the error will not be triggered. 810 Reset(); 811 srtp_stat_.AddProtectRtpResult(1, err_status_fail); 812 EXPECT_EQ(0U, ssrc_); 813 EXPECT_EQ(-1, mode_); 814 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 815 // Now the error will be triggered again. 816 Reset(); 817 rtc::Thread::Current()->SleepMs(210); 818 srtp_stat_.AddProtectRtpResult(1, err_status_fail); 819 EXPECT_EQ(1U, ssrc_); 820 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 821 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 822} 823 824TEST_F(SrtpStatTest, TestUnprotectRtpError) { 825 Reset(); 826 srtp_stat_.AddUnprotectRtpResult(1, err_status_ok); 827 EXPECT_EQ(0U, ssrc_); 828 EXPECT_EQ(-1, mode_); 829 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 830 Reset(); 831 srtp_stat_.AddUnprotectRtpResult(1, err_status_auth_fail); 832 EXPECT_EQ(1U, ssrc_); 833 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 834 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_); 835 Reset(); 836 srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_fail); 837 EXPECT_EQ(1U, ssrc_); 838 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 839 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_); 840 Reset(); 841 rtc::Thread::Current()->SleepMs(210); 842 srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_old); 843 EXPECT_EQ(1U, ssrc_); 844 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 845 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_); 846 Reset(); 847 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail); 848 EXPECT_EQ(1U, ssrc_); 849 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 850 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 851 // Within 200ms, the error will not be triggered. 852 Reset(); 853 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail); 854 EXPECT_EQ(0U, ssrc_); 855 EXPECT_EQ(-1, mode_); 856 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 857 // Now the error will be triggered again. 858 Reset(); 859 rtc::Thread::Current()->SleepMs(210); 860 srtp_stat_.AddUnprotectRtpResult(1, err_status_fail); 861 EXPECT_EQ(1U, ssrc_); 862 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 863 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 864} 865 866TEST_F(SrtpStatTest, TestProtectRtcpError) { 867 Reset(); 868 srtp_stat_.AddProtectRtcpResult(err_status_ok); 869 EXPECT_EQ(-1, mode_); 870 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 871 Reset(); 872 srtp_stat_.AddProtectRtcpResult(err_status_auth_fail); 873 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 874 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_); 875 Reset(); 876 srtp_stat_.AddProtectRtcpResult(err_status_fail); 877 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 878 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 879 // Within 200ms, the error will not be triggered. 880 Reset(); 881 srtp_stat_.AddProtectRtcpResult(err_status_fail); 882 EXPECT_EQ(-1, mode_); 883 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 884 // Now the error will be triggered again. 885 Reset(); 886 rtc::Thread::Current()->SleepMs(210); 887 srtp_stat_.AddProtectRtcpResult(err_status_fail); 888 EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_); 889 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 890} 891 892TEST_F(SrtpStatTest, TestUnprotectRtcpError) { 893 Reset(); 894 srtp_stat_.AddUnprotectRtcpResult(err_status_ok); 895 EXPECT_EQ(-1, mode_); 896 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 897 Reset(); 898 srtp_stat_.AddUnprotectRtcpResult(err_status_auth_fail); 899 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 900 EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_); 901 Reset(); 902 srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail); 903 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 904 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_); 905 Reset(); 906 rtc::Thread::Current()->SleepMs(210); 907 srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail); 908 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 909 EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_); 910 Reset(); 911 srtp_stat_.AddUnprotectRtcpResult(err_status_fail); 912 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 913 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 914 // Within 200ms, the error will not be triggered. 915 Reset(); 916 srtp_stat_.AddUnprotectRtcpResult(err_status_fail); 917 EXPECT_EQ(-1, mode_); 918 EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_); 919 // Now the error will be triggered again. 920 Reset(); 921 rtc::Thread::Current()->SleepMs(210); 922 srtp_stat_.AddUnprotectRtcpResult(err_status_fail); 923 EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_); 924 EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_); 925} 926