blob: abf1b2d307e287d99d2f8944c2a10c48492fedab [file] [log] [blame]
Zhi Huangf2d7beb2017-11-20 14:35:11 -08001/*
2 * Copyright 2017 The WebRTC project authors. All Rights Reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
Steve Anton10542f22019-01-11 09:11:00 -080011#include "pc/dtls_srtp_transport.h"
Zhi Huangf2d7beb2017-11-20 14:35:11 -080012
Yves Gerey3e707812018-11-28 16:47:49 +010013#include <string.h>
14#include <cstdint>
Zhi Huangf2d7beb2017-11-20 14:35:11 -080015#include <memory>
Yves Gerey3e707812018-11-28 16:47:49 +010016#include <set>
Zhi Huangf2d7beb2017-11-20 14:35:11 -080017
Karl Wiberg918f50c2018-07-05 11:40:33 +020018#include "absl/memory/memory.h"
Yves Gerey3e707812018-11-28 16:47:49 +010019#include "call/rtp_demuxer.h"
Steve Anton10542f22019-01-11 09:11:00 -080020#include "media/base/fake_rtp.h"
21#include "p2p/base/dtls_transport_internal.h"
22#include "p2p/base/fake_dtls_transport.h"
23#include "p2p/base/fake_ice_transport.h"
24#include "p2p/base/p2p_constants.h"
25#include "pc/rtp_transport.h"
26#include "pc/test/rtp_transport_test_util.h"
27#include "rtc_base/async_packet_socket.h"
28#include "rtc_base/byte_order.h"
29#include "rtc_base/copy_on_write_buffer.h"
30#include "rtc_base/rtc_certificate.h"
31#include "rtc_base/ssl_identity.h"
Yves Gerey3e707812018-11-28 16:47:49 +010032#include "test/gtest.h"
Zhi Huangf2d7beb2017-11-20 14:35:11 -080033
34using cricket::FakeDtlsTransport;
35using cricket::FakeIceTransport;
36using webrtc::DtlsSrtpTransport;
37using webrtc::SrtpTransport;
38using webrtc::RtpTransport;
39
40const int kRtpAuthTagLen = 10;
41
Zhi Huangf2d7beb2017-11-20 14:35:11 -080042class DtlsSrtpTransportTest : public testing::Test,
43 public sigslot::has_slots<> {
44 protected:
45 DtlsSrtpTransportTest() {}
46
Zhi Huang365381f2018-04-13 16:44:34 -070047 ~DtlsSrtpTransportTest() {
48 if (dtls_srtp_transport1_) {
49 dtls_srtp_transport1_->UnregisterRtpDemuxerSink(&transport_observer1_);
50 }
51 if (dtls_srtp_transport2_) {
52 dtls_srtp_transport2_->UnregisterRtpDemuxerSink(&transport_observer2_);
53 }
54 }
55
Zhi Huangf2d7beb2017-11-20 14:35:11 -080056 std::unique_ptr<DtlsSrtpTransport> MakeDtlsSrtpTransport(
57 FakeDtlsTransport* rtp_dtls,
58 FakeDtlsTransport* rtcp_dtls,
59 bool rtcp_mux_enabled) {
Zhi Huangf2d7beb2017-11-20 14:35:11 -080060 auto dtls_srtp_transport =
Karl Wiberg918f50c2018-07-05 11:40:33 +020061 absl::make_unique<DtlsSrtpTransport>(rtcp_mux_enabled);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080062
63 dtls_srtp_transport->SetDtlsTransports(rtp_dtls, rtcp_dtls);
64
65 return dtls_srtp_transport;
66 }
67
68 void MakeDtlsSrtpTransports(FakeDtlsTransport* rtp_dtls1,
69 FakeDtlsTransport* rtcp_dtls1,
70 FakeDtlsTransport* rtp_dtls2,
71 FakeDtlsTransport* rtcp_dtls2,
72 bool rtcp_mux_enabled) {
73 dtls_srtp_transport1_ =
74 MakeDtlsSrtpTransport(rtp_dtls1, rtcp_dtls1, rtcp_mux_enabled);
75 dtls_srtp_transport2_ =
76 MakeDtlsSrtpTransport(rtp_dtls2, rtcp_dtls2, rtcp_mux_enabled);
77
Zhi Huang365381f2018-04-13 16:44:34 -070078 dtls_srtp_transport1_->SignalRtcpPacketReceived.connect(
79 &transport_observer1_,
80 &webrtc::TransportObserver::OnRtcpPacketReceived);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080081 dtls_srtp_transport1_->SignalReadyToSend.connect(
Zhi Huang365381f2018-04-13 16:44:34 -070082 &transport_observer1_, &webrtc::TransportObserver::OnReadyToSend);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080083
Zhi Huang365381f2018-04-13 16:44:34 -070084 dtls_srtp_transport2_->SignalRtcpPacketReceived.connect(
85 &transport_observer2_,
86 &webrtc::TransportObserver::OnRtcpPacketReceived);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080087 dtls_srtp_transport2_->SignalReadyToSend.connect(
Zhi Huang365381f2018-04-13 16:44:34 -070088 &transport_observer2_, &webrtc::TransportObserver::OnReadyToSend);
89 webrtc::RtpDemuxerCriteria demuxer_criteria;
90 // 0x00 is the payload type used in kPcmuFrame.
91 demuxer_criteria.payload_types = {0x00};
92 dtls_srtp_transport1_->RegisterRtpDemuxerSink(demuxer_criteria,
93 &transport_observer1_);
94 dtls_srtp_transport2_->RegisterRtpDemuxerSink(demuxer_criteria,
95 &transport_observer2_);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080096 }
97
98 void CompleteDtlsHandshake(FakeDtlsTransport* fake_dtls1,
99 FakeDtlsTransport* fake_dtls2) {
100 auto cert1 = rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
101 rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
102 fake_dtls1->SetLocalCertificate(cert1);
103 auto cert2 = rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
104 rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
105 fake_dtls2->SetLocalCertificate(cert2);
106 fake_dtls1->SetDestination(fake_dtls2);
107 }
108
109 void SendRecvRtpPackets() {
110 ASSERT_TRUE(dtls_srtp_transport1_);
111 ASSERT_TRUE(dtls_srtp_transport2_);
Zhi Huange830e682018-03-30 10:48:35 -0700112 ASSERT_TRUE(dtls_srtp_transport1_->IsSrtpActive());
113 ASSERT_TRUE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800114
115 size_t rtp_len = sizeof(kPcmuFrame);
116 size_t packet_size = rtp_len + kRtpAuthTagLen;
117 rtc::Buffer rtp_packet_buffer(packet_size);
118 char* rtp_packet_data = rtp_packet_buffer.data<char>();
119 memcpy(rtp_packet_data, kPcmuFrame, rtp_len);
120 // In order to be able to run this test function multiple times we can not
121 // use the same sequence number twice. Increase the sequence number by one.
122 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_data) + 2,
123 ++sequence_number_);
124 rtc::CopyOnWriteBuffer rtp_packet1to2(rtp_packet_data, rtp_len,
125 packet_size);
126 rtc::CopyOnWriteBuffer rtp_packet2to1(rtp_packet_data, rtp_len,
127 packet_size);
128
129 rtc::PacketOptions options;
130 // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify
131 // that the packet can be successfully received and decrypted.
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700132 int prev_received_packets = transport_observer2_.rtp_count();
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800133 ASSERT_TRUE(dtls_srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options,
134 cricket::PF_SRTP_BYPASS));
135 ASSERT_TRUE(transport_observer2_.last_recv_rtp_packet().data());
136 EXPECT_EQ(0, memcmp(transport_observer2_.last_recv_rtp_packet().data(),
137 kPcmuFrame, rtp_len));
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700138 EXPECT_EQ(prev_received_packets + 1, transport_observer2_.rtp_count());
139
140 prev_received_packets = transport_observer1_.rtp_count();
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800141 ASSERT_TRUE(dtls_srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options,
142 cricket::PF_SRTP_BYPASS));
143 ASSERT_TRUE(transport_observer1_.last_recv_rtp_packet().data());
144 EXPECT_EQ(0, memcmp(transport_observer1_.last_recv_rtp_packet().data(),
145 kPcmuFrame, rtp_len));
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700146 EXPECT_EQ(prev_received_packets + 1, transport_observer1_.rtp_count());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800147 }
148
149 void SendRecvRtcpPackets() {
150 size_t rtcp_len = sizeof(kRtcpReport);
151 size_t packet_size = rtcp_len + 4 + kRtpAuthTagLen;
152 rtc::Buffer rtcp_packet_buffer(packet_size);
153
154 // TODO(zhihuang): Remove the extra copy when the SendRtpPacket method
155 // doesn't take the CopyOnWriteBuffer by pointer.
156 rtc::CopyOnWriteBuffer rtcp_packet1to2(kRtcpReport, rtcp_len, packet_size);
157 rtc::CopyOnWriteBuffer rtcp_packet2to1(kRtcpReport, rtcp_len, packet_size);
158
159 rtc::PacketOptions options;
160 // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify
161 // that the packet can be successfully received and decrypted.
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700162 int prev_received_packets = transport_observer2_.rtcp_count();
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800163 ASSERT_TRUE(dtls_srtp_transport1_->SendRtcpPacket(&rtcp_packet1to2, options,
164 cricket::PF_SRTP_BYPASS));
165 ASSERT_TRUE(transport_observer2_.last_recv_rtcp_packet().data());
166 EXPECT_EQ(0, memcmp(transport_observer2_.last_recv_rtcp_packet().data(),
167 kRtcpReport, rtcp_len));
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700168 EXPECT_EQ(prev_received_packets + 1, transport_observer2_.rtcp_count());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800169
170 // Do the same thing in the opposite direction;
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700171 prev_received_packets = transport_observer1_.rtcp_count();
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800172 ASSERT_TRUE(dtls_srtp_transport2_->SendRtcpPacket(&rtcp_packet2to1, options,
173 cricket::PF_SRTP_BYPASS));
174 ASSERT_TRUE(transport_observer1_.last_recv_rtcp_packet().data());
175 EXPECT_EQ(0, memcmp(transport_observer1_.last_recv_rtcp_packet().data(),
176 kRtcpReport, rtcp_len));
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700177 EXPECT_EQ(prev_received_packets + 1, transport_observer1_.rtcp_count());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800178 }
179
180 void SendRecvRtpPacketsWithHeaderExtension(
181 const std::vector<int>& encrypted_header_ids) {
182 ASSERT_TRUE(dtls_srtp_transport1_);
183 ASSERT_TRUE(dtls_srtp_transport2_);
Zhi Huange830e682018-03-30 10:48:35 -0700184 ASSERT_TRUE(dtls_srtp_transport1_->IsSrtpActive());
185 ASSERT_TRUE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800186
187 size_t rtp_len = sizeof(kPcmuFrameWithExtensions);
188 size_t packet_size = rtp_len + kRtpAuthTagLen;
189 rtc::Buffer rtp_packet_buffer(packet_size);
190 char* rtp_packet_data = rtp_packet_buffer.data<char>();
191 memcpy(rtp_packet_data, kPcmuFrameWithExtensions, rtp_len);
192 // In order to be able to run this test function multiple times we can not
193 // use the same sequence number twice. Increase the sequence number by one.
194 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_data) + 2,
195 ++sequence_number_);
196 rtc::CopyOnWriteBuffer rtp_packet1to2(rtp_packet_data, rtp_len,
197 packet_size);
198 rtc::CopyOnWriteBuffer rtp_packet2to1(rtp_packet_data, rtp_len,
199 packet_size);
200
201 char original_rtp_data[sizeof(kPcmuFrameWithExtensions)];
202 memcpy(original_rtp_data, rtp_packet_data, rtp_len);
203
204 rtc::PacketOptions options;
205 // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify
206 // that the packet can be successfully received and decrypted.
207 ASSERT_TRUE(dtls_srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options,
208 cricket::PF_SRTP_BYPASS));
209 ASSERT_TRUE(transport_observer2_.last_recv_rtp_packet().data());
210 EXPECT_EQ(0, memcmp(transport_observer2_.last_recv_rtp_packet().data(),
211 original_rtp_data, rtp_len));
212 // Get the encrypted packet from underneath packet transport and verify the
213 // data and header extension are actually encrypted.
214 auto fake_dtls_transport = static_cast<FakeDtlsTransport*>(
215 dtls_srtp_transport1_->rtp_packet_transport());
216 auto fake_ice_transport =
217 static_cast<FakeIceTransport*>(fake_dtls_transport->ice_transport());
218 EXPECT_NE(0, memcmp(fake_ice_transport->last_sent_packet().data(),
219 original_rtp_data, rtp_len));
220 CompareHeaderExtensions(reinterpret_cast<const char*>(
221 fake_ice_transport->last_sent_packet().data()),
222 fake_ice_transport->last_sent_packet().size(),
223 original_rtp_data, rtp_len, encrypted_header_ids,
224 false);
225
226 // Do the same thing in the opposite direction.
227 ASSERT_TRUE(dtls_srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options,
228 cricket::PF_SRTP_BYPASS));
229 ASSERT_TRUE(transport_observer1_.last_recv_rtp_packet().data());
230 EXPECT_EQ(0, memcmp(transport_observer1_.last_recv_rtp_packet().data(),
231 original_rtp_data, rtp_len));
232 // Get the encrypted packet from underneath packet transport and verify the
233 // data and header extension are actually encrypted.
234 fake_dtls_transport = static_cast<FakeDtlsTransport*>(
235 dtls_srtp_transport2_->rtp_packet_transport());
236 fake_ice_transport =
237 static_cast<FakeIceTransport*>(fake_dtls_transport->ice_transport());
238 EXPECT_NE(0, memcmp(fake_ice_transport->last_sent_packet().data(),
239 original_rtp_data, rtp_len));
240 CompareHeaderExtensions(reinterpret_cast<const char*>(
241 fake_ice_transport->last_sent_packet().data()),
242 fake_ice_transport->last_sent_packet().size(),
243 original_rtp_data, rtp_len, encrypted_header_ids,
244 false);
245 }
246
247 void SendRecvPackets() {
248 SendRecvRtpPackets();
249 SendRecvRtcpPackets();
250 }
251
252 std::unique_ptr<DtlsSrtpTransport> dtls_srtp_transport1_;
253 std::unique_ptr<DtlsSrtpTransport> dtls_srtp_transport2_;
Zhi Huang365381f2018-04-13 16:44:34 -0700254 webrtc::TransportObserver transport_observer1_;
255 webrtc::TransportObserver transport_observer2_;
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800256
257 int sequence_number_ = 0;
258};
259
260// Tests that if RTCP muxing is enabled and transports are set after RTP
261// transport finished the handshake, SRTP is set up.
262TEST_F(DtlsSrtpTransportTest, SetTransportsAfterHandshakeCompleteWithRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200263 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800264 "video", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200265 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800266 "video", cricket::ICE_CANDIDATE_COMPONENT_RTP);
267
268 MakeDtlsSrtpTransports(rtp_dtls1.get(), nullptr, rtp_dtls2.get(), nullptr,
269 /*rtcp_mux_enabled=*/true);
270
Karl Wiberg918f50c2018-07-05 11:40:33 +0200271 auto rtp_dtls3 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800272 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200273 auto rtp_dtls4 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800274 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
275
276 CompleteDtlsHandshake(rtp_dtls3.get(), rtp_dtls4.get());
277
278 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls3.get(), nullptr);
279 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls4.get(), nullptr);
280
281 SendRecvPackets();
282}
283
284// Tests that if RTCP muxing is not enabled and transports are set after both
285// RTP and RTCP transports finished the handshake, SRTP is set up.
286TEST_F(DtlsSrtpTransportTest,
287 SetTransportsAfterHandshakeCompleteWithoutRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200288 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800289 "video", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200290 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800291 "video", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200292 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800293 "video", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200294 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800295 "video", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
296
297 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
298 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/false);
299
Karl Wiberg918f50c2018-07-05 11:40:33 +0200300 auto rtp_dtls3 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800301 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200302 auto rtcp_dtls3 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800303 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200304 auto rtp_dtls4 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800305 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200306 auto rtcp_dtls4 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800307 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
308 CompleteDtlsHandshake(rtp_dtls3.get(), rtp_dtls4.get());
309 CompleteDtlsHandshake(rtcp_dtls3.get(), rtcp_dtls4.get());
310
311 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls3.get(), rtcp_dtls3.get());
312 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls4.get(), rtcp_dtls4.get());
313
314 SendRecvPackets();
315}
316
317// Tests if RTCP muxing is enabled, SRTP is set up as soon as the RTP DTLS
318// handshake is finished.
319TEST_F(DtlsSrtpTransportTest, SetTransportsBeforeHandshakeCompleteWithRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200320 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800321 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200322 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800323 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200324 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800325 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200326 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800327 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
328
329 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
330 rtcp_dtls2.get(),
331 /*rtcp_mux_enabled=*/false);
332
333 dtls_srtp_transport1_->SetRtcpMuxEnabled(true);
334 dtls_srtp_transport2_->SetRtcpMuxEnabled(true);
335 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
336 SendRecvPackets();
337}
338
339// Tests if RTCP muxing is not enabled, SRTP is set up when both the RTP and
340// RTCP DTLS handshake are finished.
341TEST_F(DtlsSrtpTransportTest,
342 SetTransportsBeforeHandshakeCompleteWithoutRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200343 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800344 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200345 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800346 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200347 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800348 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200349 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800350 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
351
352 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
353 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/false);
354
355 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
Zhi Huange830e682018-03-30 10:48:35 -0700356 EXPECT_FALSE(dtls_srtp_transport1_->IsSrtpActive());
357 EXPECT_FALSE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800358 CompleteDtlsHandshake(rtcp_dtls1.get(), rtcp_dtls2.get());
359 SendRecvPackets();
360}
361
362// Tests that if the DtlsTransport underneath is changed, the previous DTLS-SRTP
363// context will be reset and will be re-setup once the new transports' handshake
364// complete.
365TEST_F(DtlsSrtpTransportTest, DtlsSrtpResetAfterDtlsTransportChange) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200366 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800367 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200368 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800369 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
370
371 MakeDtlsSrtpTransports(rtp_dtls1.get(), nullptr, rtp_dtls2.get(), nullptr,
372 /*rtcp_mux_enabled=*/true);
373
374 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
Zhi Huange830e682018-03-30 10:48:35 -0700375 EXPECT_TRUE(dtls_srtp_transport1_->IsSrtpActive());
376 EXPECT_TRUE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800377
Karl Wiberg918f50c2018-07-05 11:40:33 +0200378 auto rtp_dtls3 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800379 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200380 auto rtp_dtls4 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800381 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
382
383 // The previous context is reset.
384 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls3.get(), nullptr);
385 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls4.get(), nullptr);
Zhi Huange830e682018-03-30 10:48:35 -0700386 EXPECT_FALSE(dtls_srtp_transport1_->IsSrtpActive());
387 EXPECT_FALSE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800388
389 // Re-setup.
390 CompleteDtlsHandshake(rtp_dtls3.get(), rtp_dtls4.get());
391 SendRecvPackets();
392}
393
394// Tests if only the RTP DTLS handshake complete, and then RTCP muxing is
395// enabled, SRTP is set up.
396TEST_F(DtlsSrtpTransportTest,
397 RtcpMuxEnabledAfterRtpTransportHandshakeComplete) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200398 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800399 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200400 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800401 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200402 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800403 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200404 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800405 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
406
407 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
408 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/false);
409
410 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
411 // Inactive because the RTCP transport handshake didn't complete.
Zhi Huange830e682018-03-30 10:48:35 -0700412 EXPECT_FALSE(dtls_srtp_transport1_->IsSrtpActive());
413 EXPECT_FALSE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800414
415 dtls_srtp_transport1_->SetRtcpMuxEnabled(true);
416 dtls_srtp_transport2_->SetRtcpMuxEnabled(true);
417 // The transports should be active and be able to send packets when the
418 // RTCP muxing is enabled.
419 SendRecvPackets();
420}
421
422// Tests that when SetSend/RecvEncryptedHeaderExtensionIds is called, the SRTP
423// sessions are updated with new encryped header extension IDs immediately.
424TEST_F(DtlsSrtpTransportTest, EncryptedHeaderExtensionIdUpdated) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200425 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800426 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200427 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800428 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
429
430 MakeDtlsSrtpTransports(rtp_dtls1.get(), nullptr, rtp_dtls2.get(), nullptr,
431 /*rtcp_mux_enabled=*/true);
432 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
433
434 std::vector<int> encrypted_headers;
435 encrypted_headers.push_back(kHeaderExtensionIDs[0]);
436 encrypted_headers.push_back(kHeaderExtensionIDs[1]);
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800437
Zhi Huangcd3fc5d2017-11-29 10:41:57 -0800438 dtls_srtp_transport1_->UpdateSendEncryptedHeaderExtensionIds(
439 encrypted_headers);
440 dtls_srtp_transport1_->UpdateRecvEncryptedHeaderExtensionIds(
441 encrypted_headers);
442 dtls_srtp_transport2_->UpdateSendEncryptedHeaderExtensionIds(
443 encrypted_headers);
444 dtls_srtp_transport2_->UpdateRecvEncryptedHeaderExtensionIds(
445 encrypted_headers);
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800446}
447
448// Tests if RTCP muxing is enabled. DtlsSrtpTransport is ready to send once the
449// RTP DtlsTransport is ready.
450TEST_F(DtlsSrtpTransportTest, SignalReadyToSendFiredWithRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200451 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800452 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200453 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800454 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
455
456 MakeDtlsSrtpTransports(rtp_dtls1.get(), nullptr, rtp_dtls2.get(), nullptr,
457 /*rtcp_mux_enabled=*/true);
458
459 rtp_dtls1->SetDestination(rtp_dtls2.get());
460 EXPECT_TRUE(transport_observer1_.ready_to_send());
461 EXPECT_TRUE(transport_observer2_.ready_to_send());
462}
463
464// Tests if RTCP muxing is not enabled. DtlsSrtpTransport is ready to send once
465// both the RTP and RTCP DtlsTransport are ready.
466TEST_F(DtlsSrtpTransportTest, SignalReadyToSendFiredWithoutRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200467 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800468 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200469 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800470 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200471 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800472 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200473 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800474 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
475
476 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
477 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/false);
478
479 rtp_dtls1->SetDestination(rtp_dtls2.get());
480 EXPECT_FALSE(transport_observer1_.ready_to_send());
481 EXPECT_FALSE(transport_observer2_.ready_to_send());
482
483 rtcp_dtls1->SetDestination(rtcp_dtls2.get());
484 EXPECT_TRUE(transport_observer1_.ready_to_send());
485 EXPECT_TRUE(transport_observer2_.ready_to_send());
486}
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700487
488// Test that if an endpoint "fully" enables RTCP mux, setting the RTCP
489// transport to null, it *doesn't* reset its SRTP context. That would cause the
490// ROC and SRTCP index to be reset, causing replay detection and other errors
491// when attempting to unprotect packets.
492// Regression test for bugs.webrtc.org/8996
493TEST_F(DtlsSrtpTransportTest, SrtpSessionNotResetWhenRtcpTransportRemoved) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200494 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700495 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200496 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700497 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200498 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700499 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200500 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700501 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
502
503 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
504 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/true);
505 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
506 CompleteDtlsHandshake(rtcp_dtls1.get(), rtcp_dtls2.get());
507
508 // Send some RTCP packets, causing the SRTCP index to be incremented.
509 SendRecvRtcpPackets();
510
511 // Set RTCP transport to null, which previously would trigger this problem.
512 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls1.get(), nullptr);
513
514 // Attempt to send more RTCP packets. If the issue occurred, one side would
515 // reset its context while the other would not, causing replay detection
516 // errors when a packet with a duplicate SRTCP index is received.
517 SendRecvRtcpPackets();
518}
Zhi Huangb57e1692018-06-12 11:41:11 -0700519
520// Tests that RTCP packets can be sent and received if both sides actively reset
521// the SRTP parameters with the |active_reset_srtp_params_| flag.
522TEST_F(DtlsSrtpTransportTest, ActivelyResetSrtpParams) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200523 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangb57e1692018-06-12 11:41:11 -0700524 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200525 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangb57e1692018-06-12 11:41:11 -0700526 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200527 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangb57e1692018-06-12 11:41:11 -0700528 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200529 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangb57e1692018-06-12 11:41:11 -0700530 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
531
532 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
533 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/true);
534 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
535 CompleteDtlsHandshake(rtcp_dtls1.get(), rtcp_dtls2.get());
536
537 // Send some RTCP packets, causing the SRTCP index to be incremented.
538 SendRecvRtcpPackets();
539
540 // Only set the |active_reset_srtp_params_| flag to be true one side.
541 dtls_srtp_transport1_->SetActiveResetSrtpParams(true);
542 // Set RTCP transport to null to trigger the SRTP parameters update.
543 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls1.get(), nullptr);
544 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls2.get(), nullptr);
545
546 // Sending some RTCP packets.
547 size_t rtcp_len = sizeof(kRtcpReport);
548 size_t packet_size = rtcp_len + 4 + kRtpAuthTagLen;
549 rtc::Buffer rtcp_packet_buffer(packet_size);
550 rtc::CopyOnWriteBuffer rtcp_packet(kRtcpReport, rtcp_len, packet_size);
551 int prev_received_packets = transport_observer2_.rtcp_count();
552 ASSERT_TRUE(dtls_srtp_transport1_->SendRtcpPacket(
553 &rtcp_packet, rtc::PacketOptions(), cricket::PF_SRTP_BYPASS));
554 // The RTCP packet is not exepected to be received because the SRTP parameters
555 // are only reset on one side and the SRTCP index is out of sync.
556 EXPECT_EQ(prev_received_packets, transport_observer2_.rtcp_count());
557
558 // Set the flag to be true on the other side.
559 dtls_srtp_transport2_->SetActiveResetSrtpParams(true);
560 // Set RTCP transport to null to trigger the SRTP parameters update.
561 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls1.get(), nullptr);
562 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls2.get(), nullptr);
563
564 // RTCP packets flow is expected to work just fine.
565 SendRecvRtcpPackets();
566}