blob: 2012c49d741fa4933e592540f4bce6df98ba078f [file] [log] [blame]
Zhi Huangf2d7beb2017-11-20 14:35:11 -08001/*
2 * Copyright 2017 The WebRTC project authors. All Rights Reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11#include "pc/dtlssrtptransport.h"
12
13#include <memory>
14#include <utility>
15
Karl Wiberg918f50c2018-07-05 11:40:33 +020016#include "absl/memory/memory.h"
Zhi Huangf2d7beb2017-11-20 14:35:11 -080017#include "media/base/fakertp.h"
18#include "p2p/base/dtlstransportinternal.h"
19#include "p2p/base/fakedtlstransport.h"
20#include "p2p/base/fakepackettransport.h"
21#include "p2p/base/p2pconstants.h"
22#include "pc/rtptransport.h"
23#include "pc/rtptransporttestutil.h"
24#include "rtc_base/asyncpacketsocket.h"
25#include "rtc_base/gunit.h"
Zhi Huangf2d7beb2017-11-20 14:35:11 -080026#include "rtc_base/sslstreamadapter.h"
27
28using cricket::FakeDtlsTransport;
29using cricket::FakeIceTransport;
30using webrtc::DtlsSrtpTransport;
31using webrtc::SrtpTransport;
32using webrtc::RtpTransport;
33
34const int kRtpAuthTagLen = 10;
35
Zhi Huangf2d7beb2017-11-20 14:35:11 -080036class DtlsSrtpTransportTest : public testing::Test,
37 public sigslot::has_slots<> {
38 protected:
39 DtlsSrtpTransportTest() {}
40
Zhi Huang365381f2018-04-13 16:44:34 -070041 ~DtlsSrtpTransportTest() {
42 if (dtls_srtp_transport1_) {
43 dtls_srtp_transport1_->UnregisterRtpDemuxerSink(&transport_observer1_);
44 }
45 if (dtls_srtp_transport2_) {
46 dtls_srtp_transport2_->UnregisterRtpDemuxerSink(&transport_observer2_);
47 }
48 }
49
Zhi Huangf2d7beb2017-11-20 14:35:11 -080050 std::unique_ptr<DtlsSrtpTransport> MakeDtlsSrtpTransport(
51 FakeDtlsTransport* rtp_dtls,
52 FakeDtlsTransport* rtcp_dtls,
53 bool rtcp_mux_enabled) {
Zhi Huangf2d7beb2017-11-20 14:35:11 -080054 auto dtls_srtp_transport =
Karl Wiberg918f50c2018-07-05 11:40:33 +020055 absl::make_unique<DtlsSrtpTransport>(rtcp_mux_enabled);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080056
57 dtls_srtp_transport->SetDtlsTransports(rtp_dtls, rtcp_dtls);
58
59 return dtls_srtp_transport;
60 }
61
62 void MakeDtlsSrtpTransports(FakeDtlsTransport* rtp_dtls1,
63 FakeDtlsTransport* rtcp_dtls1,
64 FakeDtlsTransport* rtp_dtls2,
65 FakeDtlsTransport* rtcp_dtls2,
66 bool rtcp_mux_enabled) {
67 dtls_srtp_transport1_ =
68 MakeDtlsSrtpTransport(rtp_dtls1, rtcp_dtls1, rtcp_mux_enabled);
69 dtls_srtp_transport2_ =
70 MakeDtlsSrtpTransport(rtp_dtls2, rtcp_dtls2, rtcp_mux_enabled);
71
Zhi Huang365381f2018-04-13 16:44:34 -070072 dtls_srtp_transport1_->SignalRtcpPacketReceived.connect(
73 &transport_observer1_,
74 &webrtc::TransportObserver::OnRtcpPacketReceived);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080075 dtls_srtp_transport1_->SignalReadyToSend.connect(
Zhi Huang365381f2018-04-13 16:44:34 -070076 &transport_observer1_, &webrtc::TransportObserver::OnReadyToSend);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080077
Zhi Huang365381f2018-04-13 16:44:34 -070078 dtls_srtp_transport2_->SignalRtcpPacketReceived.connect(
79 &transport_observer2_,
80 &webrtc::TransportObserver::OnRtcpPacketReceived);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080081 dtls_srtp_transport2_->SignalReadyToSend.connect(
Zhi Huang365381f2018-04-13 16:44:34 -070082 &transport_observer2_, &webrtc::TransportObserver::OnReadyToSend);
83 webrtc::RtpDemuxerCriteria demuxer_criteria;
84 // 0x00 is the payload type used in kPcmuFrame.
85 demuxer_criteria.payload_types = {0x00};
86 dtls_srtp_transport1_->RegisterRtpDemuxerSink(demuxer_criteria,
87 &transport_observer1_);
88 dtls_srtp_transport2_->RegisterRtpDemuxerSink(demuxer_criteria,
89 &transport_observer2_);
Zhi Huangf2d7beb2017-11-20 14:35:11 -080090 }
91
92 void CompleteDtlsHandshake(FakeDtlsTransport* fake_dtls1,
93 FakeDtlsTransport* fake_dtls2) {
94 auto cert1 = rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
95 rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
96 fake_dtls1->SetLocalCertificate(cert1);
97 auto cert2 = rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
98 rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
99 fake_dtls2->SetLocalCertificate(cert2);
100 fake_dtls1->SetDestination(fake_dtls2);
101 }
102
103 void SendRecvRtpPackets() {
104 ASSERT_TRUE(dtls_srtp_transport1_);
105 ASSERT_TRUE(dtls_srtp_transport2_);
Zhi Huange830e682018-03-30 10:48:35 -0700106 ASSERT_TRUE(dtls_srtp_transport1_->IsSrtpActive());
107 ASSERT_TRUE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800108
109 size_t rtp_len = sizeof(kPcmuFrame);
110 size_t packet_size = rtp_len + kRtpAuthTagLen;
111 rtc::Buffer rtp_packet_buffer(packet_size);
112 char* rtp_packet_data = rtp_packet_buffer.data<char>();
113 memcpy(rtp_packet_data, kPcmuFrame, rtp_len);
114 // In order to be able to run this test function multiple times we can not
115 // use the same sequence number twice. Increase the sequence number by one.
116 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_data) + 2,
117 ++sequence_number_);
118 rtc::CopyOnWriteBuffer rtp_packet1to2(rtp_packet_data, rtp_len,
119 packet_size);
120 rtc::CopyOnWriteBuffer rtp_packet2to1(rtp_packet_data, rtp_len,
121 packet_size);
122
123 rtc::PacketOptions options;
124 // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify
125 // that the packet can be successfully received and decrypted.
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700126 int prev_received_packets = transport_observer2_.rtp_count();
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800127 ASSERT_TRUE(dtls_srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options,
128 cricket::PF_SRTP_BYPASS));
129 ASSERT_TRUE(transport_observer2_.last_recv_rtp_packet().data());
130 EXPECT_EQ(0, memcmp(transport_observer2_.last_recv_rtp_packet().data(),
131 kPcmuFrame, rtp_len));
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700132 EXPECT_EQ(prev_received_packets + 1, transport_observer2_.rtp_count());
133
134 prev_received_packets = transport_observer1_.rtp_count();
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800135 ASSERT_TRUE(dtls_srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options,
136 cricket::PF_SRTP_BYPASS));
137 ASSERT_TRUE(transport_observer1_.last_recv_rtp_packet().data());
138 EXPECT_EQ(0, memcmp(transport_observer1_.last_recv_rtp_packet().data(),
139 kPcmuFrame, rtp_len));
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700140 EXPECT_EQ(prev_received_packets + 1, transport_observer1_.rtp_count());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800141 }
142
143 void SendRecvRtcpPackets() {
144 size_t rtcp_len = sizeof(kRtcpReport);
145 size_t packet_size = rtcp_len + 4 + kRtpAuthTagLen;
146 rtc::Buffer rtcp_packet_buffer(packet_size);
147
148 // TODO(zhihuang): Remove the extra copy when the SendRtpPacket method
149 // doesn't take the CopyOnWriteBuffer by pointer.
150 rtc::CopyOnWriteBuffer rtcp_packet1to2(kRtcpReport, rtcp_len, packet_size);
151 rtc::CopyOnWriteBuffer rtcp_packet2to1(kRtcpReport, rtcp_len, packet_size);
152
153 rtc::PacketOptions options;
154 // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify
155 // that the packet can be successfully received and decrypted.
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700156 int prev_received_packets = transport_observer2_.rtcp_count();
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800157 ASSERT_TRUE(dtls_srtp_transport1_->SendRtcpPacket(&rtcp_packet1to2, options,
158 cricket::PF_SRTP_BYPASS));
159 ASSERT_TRUE(transport_observer2_.last_recv_rtcp_packet().data());
160 EXPECT_EQ(0, memcmp(transport_observer2_.last_recv_rtcp_packet().data(),
161 kRtcpReport, rtcp_len));
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700162 EXPECT_EQ(prev_received_packets + 1, transport_observer2_.rtcp_count());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800163
164 // Do the same thing in the opposite direction;
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700165 prev_received_packets = transport_observer1_.rtcp_count();
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800166 ASSERT_TRUE(dtls_srtp_transport2_->SendRtcpPacket(&rtcp_packet2to1, options,
167 cricket::PF_SRTP_BYPASS));
168 ASSERT_TRUE(transport_observer1_.last_recv_rtcp_packet().data());
169 EXPECT_EQ(0, memcmp(transport_observer1_.last_recv_rtcp_packet().data(),
170 kRtcpReport, rtcp_len));
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700171 EXPECT_EQ(prev_received_packets + 1, transport_observer1_.rtcp_count());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800172 }
173
174 void SendRecvRtpPacketsWithHeaderExtension(
175 const std::vector<int>& encrypted_header_ids) {
176 ASSERT_TRUE(dtls_srtp_transport1_);
177 ASSERT_TRUE(dtls_srtp_transport2_);
Zhi Huange830e682018-03-30 10:48:35 -0700178 ASSERT_TRUE(dtls_srtp_transport1_->IsSrtpActive());
179 ASSERT_TRUE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800180
181 size_t rtp_len = sizeof(kPcmuFrameWithExtensions);
182 size_t packet_size = rtp_len + kRtpAuthTagLen;
183 rtc::Buffer rtp_packet_buffer(packet_size);
184 char* rtp_packet_data = rtp_packet_buffer.data<char>();
185 memcpy(rtp_packet_data, kPcmuFrameWithExtensions, rtp_len);
186 // In order to be able to run this test function multiple times we can not
187 // use the same sequence number twice. Increase the sequence number by one.
188 rtc::SetBE16(reinterpret_cast<uint8_t*>(rtp_packet_data) + 2,
189 ++sequence_number_);
190 rtc::CopyOnWriteBuffer rtp_packet1to2(rtp_packet_data, rtp_len,
191 packet_size);
192 rtc::CopyOnWriteBuffer rtp_packet2to1(rtp_packet_data, rtp_len,
193 packet_size);
194
195 char original_rtp_data[sizeof(kPcmuFrameWithExtensions)];
196 memcpy(original_rtp_data, rtp_packet_data, rtp_len);
197
198 rtc::PacketOptions options;
199 // Send a packet from |srtp_transport1_| to |srtp_transport2_| and verify
200 // that the packet can be successfully received and decrypted.
201 ASSERT_TRUE(dtls_srtp_transport1_->SendRtpPacket(&rtp_packet1to2, options,
202 cricket::PF_SRTP_BYPASS));
203 ASSERT_TRUE(transport_observer2_.last_recv_rtp_packet().data());
204 EXPECT_EQ(0, memcmp(transport_observer2_.last_recv_rtp_packet().data(),
205 original_rtp_data, rtp_len));
206 // Get the encrypted packet from underneath packet transport and verify the
207 // data and header extension are actually encrypted.
208 auto fake_dtls_transport = static_cast<FakeDtlsTransport*>(
209 dtls_srtp_transport1_->rtp_packet_transport());
210 auto fake_ice_transport =
211 static_cast<FakeIceTransport*>(fake_dtls_transport->ice_transport());
212 EXPECT_NE(0, memcmp(fake_ice_transport->last_sent_packet().data(),
213 original_rtp_data, rtp_len));
214 CompareHeaderExtensions(reinterpret_cast<const char*>(
215 fake_ice_transport->last_sent_packet().data()),
216 fake_ice_transport->last_sent_packet().size(),
217 original_rtp_data, rtp_len, encrypted_header_ids,
218 false);
219
220 // Do the same thing in the opposite direction.
221 ASSERT_TRUE(dtls_srtp_transport2_->SendRtpPacket(&rtp_packet2to1, options,
222 cricket::PF_SRTP_BYPASS));
223 ASSERT_TRUE(transport_observer1_.last_recv_rtp_packet().data());
224 EXPECT_EQ(0, memcmp(transport_observer1_.last_recv_rtp_packet().data(),
225 original_rtp_data, rtp_len));
226 // Get the encrypted packet from underneath packet transport and verify the
227 // data and header extension are actually encrypted.
228 fake_dtls_transport = static_cast<FakeDtlsTransport*>(
229 dtls_srtp_transport2_->rtp_packet_transport());
230 fake_ice_transport =
231 static_cast<FakeIceTransport*>(fake_dtls_transport->ice_transport());
232 EXPECT_NE(0, memcmp(fake_ice_transport->last_sent_packet().data(),
233 original_rtp_data, rtp_len));
234 CompareHeaderExtensions(reinterpret_cast<const char*>(
235 fake_ice_transport->last_sent_packet().data()),
236 fake_ice_transport->last_sent_packet().size(),
237 original_rtp_data, rtp_len, encrypted_header_ids,
238 false);
239 }
240
241 void SendRecvPackets() {
242 SendRecvRtpPackets();
243 SendRecvRtcpPackets();
244 }
245
246 std::unique_ptr<DtlsSrtpTransport> dtls_srtp_transport1_;
247 std::unique_ptr<DtlsSrtpTransport> dtls_srtp_transport2_;
Zhi Huang365381f2018-04-13 16:44:34 -0700248 webrtc::TransportObserver transport_observer1_;
249 webrtc::TransportObserver transport_observer2_;
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800250
251 int sequence_number_ = 0;
252};
253
254// Tests that if RTCP muxing is enabled and transports are set after RTP
255// transport finished the handshake, SRTP is set up.
256TEST_F(DtlsSrtpTransportTest, SetTransportsAfterHandshakeCompleteWithRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200257 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800258 "video", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200259 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800260 "video", cricket::ICE_CANDIDATE_COMPONENT_RTP);
261
262 MakeDtlsSrtpTransports(rtp_dtls1.get(), nullptr, rtp_dtls2.get(), nullptr,
263 /*rtcp_mux_enabled=*/true);
264
Karl Wiberg918f50c2018-07-05 11:40:33 +0200265 auto rtp_dtls3 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800266 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200267 auto rtp_dtls4 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800268 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
269
270 CompleteDtlsHandshake(rtp_dtls3.get(), rtp_dtls4.get());
271
272 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls3.get(), nullptr);
273 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls4.get(), nullptr);
274
275 SendRecvPackets();
276}
277
278// Tests that if RTCP muxing is not enabled and transports are set after both
279// RTP and RTCP transports finished the handshake, SRTP is set up.
280TEST_F(DtlsSrtpTransportTest,
281 SetTransportsAfterHandshakeCompleteWithoutRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200282 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800283 "video", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200284 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800285 "video", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200286 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800287 "video", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200288 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800289 "video", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
290
291 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
292 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/false);
293
Karl Wiberg918f50c2018-07-05 11:40:33 +0200294 auto rtp_dtls3 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800295 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200296 auto rtcp_dtls3 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800297 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200298 auto rtp_dtls4 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800299 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200300 auto rtcp_dtls4 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800301 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
302 CompleteDtlsHandshake(rtp_dtls3.get(), rtp_dtls4.get());
303 CompleteDtlsHandshake(rtcp_dtls3.get(), rtcp_dtls4.get());
304
305 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls3.get(), rtcp_dtls3.get());
306 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls4.get(), rtcp_dtls4.get());
307
308 SendRecvPackets();
309}
310
311// Tests if RTCP muxing is enabled, SRTP is set up as soon as the RTP DTLS
312// handshake is finished.
313TEST_F(DtlsSrtpTransportTest, SetTransportsBeforeHandshakeCompleteWithRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200314 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800315 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200316 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800317 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200318 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800319 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200320 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800321 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
322
323 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
324 rtcp_dtls2.get(),
325 /*rtcp_mux_enabled=*/false);
326
327 dtls_srtp_transport1_->SetRtcpMuxEnabled(true);
328 dtls_srtp_transport2_->SetRtcpMuxEnabled(true);
329 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
330 SendRecvPackets();
331}
332
333// Tests if RTCP muxing is not enabled, SRTP is set up when both the RTP and
334// RTCP DTLS handshake are finished.
335TEST_F(DtlsSrtpTransportTest,
336 SetTransportsBeforeHandshakeCompleteWithoutRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200337 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800338 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200339 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800340 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200341 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800342 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200343 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800344 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
345
346 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
347 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/false);
348
349 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
Zhi Huange830e682018-03-30 10:48:35 -0700350 EXPECT_FALSE(dtls_srtp_transport1_->IsSrtpActive());
351 EXPECT_FALSE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800352 CompleteDtlsHandshake(rtcp_dtls1.get(), rtcp_dtls2.get());
353 SendRecvPackets();
354}
355
356// Tests that if the DtlsTransport underneath is changed, the previous DTLS-SRTP
357// context will be reset and will be re-setup once the new transports' handshake
358// complete.
359TEST_F(DtlsSrtpTransportTest, DtlsSrtpResetAfterDtlsTransportChange) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200360 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800361 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200362 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800363 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
364
365 MakeDtlsSrtpTransports(rtp_dtls1.get(), nullptr, rtp_dtls2.get(), nullptr,
366 /*rtcp_mux_enabled=*/true);
367
368 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
Zhi Huange830e682018-03-30 10:48:35 -0700369 EXPECT_TRUE(dtls_srtp_transport1_->IsSrtpActive());
370 EXPECT_TRUE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800371
Karl Wiberg918f50c2018-07-05 11:40:33 +0200372 auto rtp_dtls3 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800373 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200374 auto rtp_dtls4 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800375 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
376
377 // The previous context is reset.
378 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls3.get(), nullptr);
379 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls4.get(), nullptr);
Zhi Huange830e682018-03-30 10:48:35 -0700380 EXPECT_FALSE(dtls_srtp_transport1_->IsSrtpActive());
381 EXPECT_FALSE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800382
383 // Re-setup.
384 CompleteDtlsHandshake(rtp_dtls3.get(), rtp_dtls4.get());
385 SendRecvPackets();
386}
387
388// Tests if only the RTP DTLS handshake complete, and then RTCP muxing is
389// enabled, SRTP is set up.
390TEST_F(DtlsSrtpTransportTest,
391 RtcpMuxEnabledAfterRtpTransportHandshakeComplete) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200392 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800393 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200394 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800395 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200396 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800397 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200398 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800399 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
400
401 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
402 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/false);
403
404 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
405 // Inactive because the RTCP transport handshake didn't complete.
Zhi Huange830e682018-03-30 10:48:35 -0700406 EXPECT_FALSE(dtls_srtp_transport1_->IsSrtpActive());
407 EXPECT_FALSE(dtls_srtp_transport2_->IsSrtpActive());
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800408
409 dtls_srtp_transport1_->SetRtcpMuxEnabled(true);
410 dtls_srtp_transport2_->SetRtcpMuxEnabled(true);
411 // The transports should be active and be able to send packets when the
412 // RTCP muxing is enabled.
413 SendRecvPackets();
414}
415
416// Tests that when SetSend/RecvEncryptedHeaderExtensionIds is called, the SRTP
417// sessions are updated with new encryped header extension IDs immediately.
418TEST_F(DtlsSrtpTransportTest, EncryptedHeaderExtensionIdUpdated) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200419 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800420 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200421 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800422 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
423
424 MakeDtlsSrtpTransports(rtp_dtls1.get(), nullptr, rtp_dtls2.get(), nullptr,
425 /*rtcp_mux_enabled=*/true);
426 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
427
428 std::vector<int> encrypted_headers;
429 encrypted_headers.push_back(kHeaderExtensionIDs[0]);
430 encrypted_headers.push_back(kHeaderExtensionIDs[1]);
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800431
Zhi Huangcd3fc5d2017-11-29 10:41:57 -0800432 dtls_srtp_transport1_->UpdateSendEncryptedHeaderExtensionIds(
433 encrypted_headers);
434 dtls_srtp_transport1_->UpdateRecvEncryptedHeaderExtensionIds(
435 encrypted_headers);
436 dtls_srtp_transport2_->UpdateSendEncryptedHeaderExtensionIds(
437 encrypted_headers);
438 dtls_srtp_transport2_->UpdateRecvEncryptedHeaderExtensionIds(
439 encrypted_headers);
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800440}
441
442// Tests if RTCP muxing is enabled. DtlsSrtpTransport is ready to send once the
443// RTP DtlsTransport is ready.
444TEST_F(DtlsSrtpTransportTest, SignalReadyToSendFiredWithRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200445 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800446 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200447 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800448 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
449
450 MakeDtlsSrtpTransports(rtp_dtls1.get(), nullptr, rtp_dtls2.get(), nullptr,
451 /*rtcp_mux_enabled=*/true);
452
453 rtp_dtls1->SetDestination(rtp_dtls2.get());
454 EXPECT_TRUE(transport_observer1_.ready_to_send());
455 EXPECT_TRUE(transport_observer2_.ready_to_send());
456}
457
458// Tests if RTCP muxing is not enabled. DtlsSrtpTransport is ready to send once
459// both the RTP and RTCP DtlsTransport are ready.
460TEST_F(DtlsSrtpTransportTest, SignalReadyToSendFiredWithoutRtcpMux) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200461 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800462 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200463 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800464 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200465 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800466 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200467 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangf2d7beb2017-11-20 14:35:11 -0800468 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
469
470 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
471 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/false);
472
473 rtp_dtls1->SetDestination(rtp_dtls2.get());
474 EXPECT_FALSE(transport_observer1_.ready_to_send());
475 EXPECT_FALSE(transport_observer2_.ready_to_send());
476
477 rtcp_dtls1->SetDestination(rtcp_dtls2.get());
478 EXPECT_TRUE(transport_observer1_.ready_to_send());
479 EXPECT_TRUE(transport_observer2_.ready_to_send());
480}
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700481
482// Test that if an endpoint "fully" enables RTCP mux, setting the RTCP
483// transport to null, it *doesn't* reset its SRTP context. That would cause the
484// ROC and SRTCP index to be reset, causing replay detection and other errors
485// when attempting to unprotect packets.
486// Regression test for bugs.webrtc.org/8996
487TEST_F(DtlsSrtpTransportTest, SrtpSessionNotResetWhenRtcpTransportRemoved) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200488 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700489 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200490 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700491 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200492 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700493 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200494 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Taylor Brandstetter53e43b32018-04-19 14:44:12 -0700495 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
496
497 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
498 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/true);
499 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
500 CompleteDtlsHandshake(rtcp_dtls1.get(), rtcp_dtls2.get());
501
502 // Send some RTCP packets, causing the SRTCP index to be incremented.
503 SendRecvRtcpPackets();
504
505 // Set RTCP transport to null, which previously would trigger this problem.
506 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls1.get(), nullptr);
507
508 // Attempt to send more RTCP packets. If the issue occurred, one side would
509 // reset its context while the other would not, causing replay detection
510 // errors when a packet with a duplicate SRTCP index is received.
511 SendRecvRtcpPackets();
512}
Zhi Huangb57e1692018-06-12 11:41:11 -0700513
514// Tests that RTCP packets can be sent and received if both sides actively reset
515// the SRTP parameters with the |active_reset_srtp_params_| flag.
516TEST_F(DtlsSrtpTransportTest, ActivelyResetSrtpParams) {
Karl Wiberg918f50c2018-07-05 11:40:33 +0200517 auto rtp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangb57e1692018-06-12 11:41:11 -0700518 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200519 auto rtcp_dtls1 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangb57e1692018-06-12 11:41:11 -0700520 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200521 auto rtp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangb57e1692018-06-12 11:41:11 -0700522 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
Karl Wiberg918f50c2018-07-05 11:40:33 +0200523 auto rtcp_dtls2 = absl::make_unique<FakeDtlsTransport>(
Zhi Huangb57e1692018-06-12 11:41:11 -0700524 "audio", cricket::ICE_CANDIDATE_COMPONENT_RTCP);
525
526 MakeDtlsSrtpTransports(rtp_dtls1.get(), rtcp_dtls1.get(), rtp_dtls2.get(),
527 rtcp_dtls2.get(), /*rtcp_mux_enabled=*/true);
528 CompleteDtlsHandshake(rtp_dtls1.get(), rtp_dtls2.get());
529 CompleteDtlsHandshake(rtcp_dtls1.get(), rtcp_dtls2.get());
530
531 // Send some RTCP packets, causing the SRTCP index to be incremented.
532 SendRecvRtcpPackets();
533
534 // Only set the |active_reset_srtp_params_| flag to be true one side.
535 dtls_srtp_transport1_->SetActiveResetSrtpParams(true);
536 // Set RTCP transport to null to trigger the SRTP parameters update.
537 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls1.get(), nullptr);
538 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls2.get(), nullptr);
539
540 // Sending some RTCP packets.
541 size_t rtcp_len = sizeof(kRtcpReport);
542 size_t packet_size = rtcp_len + 4 + kRtpAuthTagLen;
543 rtc::Buffer rtcp_packet_buffer(packet_size);
544 rtc::CopyOnWriteBuffer rtcp_packet(kRtcpReport, rtcp_len, packet_size);
545 int prev_received_packets = transport_observer2_.rtcp_count();
546 ASSERT_TRUE(dtls_srtp_transport1_->SendRtcpPacket(
547 &rtcp_packet, rtc::PacketOptions(), cricket::PF_SRTP_BYPASS));
548 // The RTCP packet is not exepected to be received because the SRTP parameters
549 // are only reset on one side and the SRTCP index is out of sync.
550 EXPECT_EQ(prev_received_packets, transport_observer2_.rtcp_count());
551
552 // Set the flag to be true on the other side.
553 dtls_srtp_transport2_->SetActiveResetSrtpParams(true);
554 // Set RTCP transport to null to trigger the SRTP parameters update.
555 dtls_srtp_transport1_->SetDtlsTransports(rtp_dtls1.get(), nullptr);
556 dtls_srtp_transport2_->SetDtlsTransports(rtp_dtls2.get(), nullptr);
557
558 // RTCP packets flow is expected to work just fine.
559 SendRecvRtcpPackets();
560}