| /* |
| * Copyright 2017 The WebRTC project authors. All Rights Reserved. |
| * |
| * Use of this source code is governed by a BSD-style license |
| * that can be found in the LICENSE file in the root of the source |
| * tree. An additional intellectual property rights grant can be found |
| * in the file PATENTS. All contributing project authors may |
| * be found in the AUTHORS file in the root of the source tree. |
| */ |
| |
| #include <stddef.h> |
| |
| #include <memory> |
| #include <ostream> |
| #include <string> |
| #include <tuple> |
| #include <type_traits> |
| #include <utility> |
| #include <vector> |
| |
| #include "absl/types/optional.h" |
| #include "api/audio/audio_mixer.h" |
| #include "api/audio_codecs/builtin_audio_decoder_factory.h" |
| #include "api/audio_codecs/builtin_audio_encoder_factory.h" |
| #include "api/create_peerconnection_factory.h" |
| #include "api/crypto/crypto_options.h" |
| #include "api/crypto_params.h" |
| #include "api/jsep.h" |
| #include "api/peer_connection_interface.h" |
| #include "api/scoped_refptr.h" |
| #include "api/video_codecs/builtin_video_decoder_factory.h" |
| #include "api/video_codecs/builtin_video_encoder_factory.h" |
| #include "modules/audio_device/include/audio_device.h" |
| #include "modules/audio_processing/include/audio_processing.h" |
| #include "p2p/base/fake_port_allocator.h" |
| #include "p2p/base/port_allocator.h" |
| #include "p2p/base/transport_description.h" |
| #include "p2p/base/transport_info.h" |
| #include "pc/media_protocol_names.h" |
| #include "pc/media_session.h" |
| #include "pc/peer_connection_wrapper.h" |
| #include "pc/sdp_utils.h" |
| #include "pc/session_description.h" |
| #include "pc/test/mock_peer_connection_observers.h" |
| #include "rtc_base/checks.h" |
| #include "rtc_base/ref_counted_object.h" |
| #include "rtc_base/rtc_certificate.h" |
| #include "rtc_base/rtc_certificate_generator.h" |
| #include "rtc_base/ssl_fingerprint.h" |
| #include "rtc_base/thread.h" |
| #include "test/gtest.h" |
| #ifdef WEBRTC_ANDROID |
| #include "pc/test/android_test_initializer.h" |
| #endif |
| #include "pc/test/fake_audio_capture_module.h" |
| #include "pc/test/fake_rtc_certificate_generator.h" |
| #include "rtc_base/gunit.h" |
| #include "rtc_base/virtual_socket_server.h" |
| |
| namespace webrtc { |
| |
| using RTCConfiguration = PeerConnectionInterface::RTCConfiguration; |
| using RTCOfferAnswerOptions = PeerConnectionInterface::RTCOfferAnswerOptions; |
| using ::testing::Combine; |
| using ::testing::Values; |
| |
| constexpr int kGenerateCertTimeout = 1000; |
| |
| class PeerConnectionCryptoBaseTest : public ::testing::Test { |
| protected: |
| typedef std::unique_ptr<PeerConnectionWrapper> WrapperPtr; |
| |
| explicit PeerConnectionCryptoBaseTest(SdpSemantics sdp_semantics) |
| : vss_(new rtc::VirtualSocketServer()), |
| main_(vss_.get()), |
| sdp_semantics_(sdp_semantics) { |
| #ifdef WEBRTC_ANDROID |
| InitializeAndroidObjects(); |
| #endif |
| pc_factory_ = CreatePeerConnectionFactory( |
| rtc::Thread::Current(), rtc::Thread::Current(), rtc::Thread::Current(), |
| FakeAudioCaptureModule::Create(), CreateBuiltinAudioEncoderFactory(), |
| CreateBuiltinAudioDecoderFactory(), CreateBuiltinVideoEncoderFactory(), |
| CreateBuiltinVideoDecoderFactory(), nullptr /* audio_mixer */, |
| nullptr /* audio_processing */); |
| } |
| |
| WrapperPtr CreatePeerConnection() { |
| return CreatePeerConnection(RTCConfiguration()); |
| } |
| |
| WrapperPtr CreatePeerConnection(const RTCConfiguration& config) { |
| return CreatePeerConnection(config, nullptr); |
| } |
| |
| WrapperPtr CreatePeerConnection( |
| const RTCConfiguration& config, |
| std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_gen) { |
| auto fake_port_allocator = std::make_unique<cricket::FakePortAllocator>( |
| rtc::Thread::Current(), nullptr); |
| auto observer = std::make_unique<MockPeerConnectionObserver>(); |
| RTCConfiguration modified_config = config; |
| modified_config.sdp_semantics = sdp_semantics_; |
| PeerConnectionDependencies pc_dependencies(observer.get()); |
| pc_dependencies.allocator = std::move(fake_port_allocator); |
| pc_dependencies.cert_generator = std::move(cert_gen); |
| auto result = pc_factory_->CreatePeerConnectionOrError( |
| modified_config, std::move(pc_dependencies)); |
| if (!result.ok()) { |
| return nullptr; |
| } |
| |
| observer->SetPeerConnectionInterface(result.value().get()); |
| return std::make_unique<PeerConnectionWrapper>( |
| pc_factory_, result.MoveValue(), std::move(observer)); |
| } |
| |
| // Accepts the same arguments as CreatePeerConnection and adds default audio |
| // and video tracks. |
| template <typename... Args> |
| WrapperPtr CreatePeerConnectionWithAudioVideo(Args&&... args) { |
| auto wrapper = CreatePeerConnection(std::forward<Args>(args)...); |
| if (!wrapper) { |
| return nullptr; |
| } |
| wrapper->AddAudioTrack("a"); |
| wrapper->AddVideoTrack("v"); |
| return wrapper; |
| } |
| |
| cricket::ConnectionRole& AudioConnectionRole( |
| cricket::SessionDescription* desc) { |
| return ConnectionRoleFromContent(desc, cricket::GetFirstAudioContent(desc)); |
| } |
| |
| cricket::ConnectionRole& VideoConnectionRole( |
| cricket::SessionDescription* desc) { |
| return ConnectionRoleFromContent(desc, cricket::GetFirstVideoContent(desc)); |
| } |
| |
| cricket::ConnectionRole& ConnectionRoleFromContent( |
| cricket::SessionDescription* desc, |
| cricket::ContentInfo* content) { |
| RTC_DCHECK(content); |
| auto* transport_info = desc->GetTransportInfoByName(content->name); |
| RTC_DCHECK(transport_info); |
| return transport_info->description.connection_role; |
| } |
| |
| std::unique_ptr<rtc::VirtualSocketServer> vss_; |
| rtc::AutoSocketServerThread main_; |
| rtc::scoped_refptr<PeerConnectionFactoryInterface> pc_factory_; |
| const SdpSemantics sdp_semantics_; |
| }; |
| |
| SdpContentPredicate HaveDtlsFingerprint() { |
| return [](const cricket::ContentInfo* content, |
| const cricket::TransportInfo* transport) { |
| return transport->description.identity_fingerprint != nullptr; |
| }; |
| } |
| |
| SdpContentPredicate HaveSdesCryptos() { |
| return [](const cricket::ContentInfo* content, |
| const cricket::TransportInfo* transport) { |
| return !content->media_description()->cryptos().empty(); |
| }; |
| } |
| |
| SdpContentPredicate HaveProtocol(const std::string& protocol) { |
| return [protocol](const cricket::ContentInfo* content, |
| const cricket::TransportInfo* transport) { |
| return content->media_description()->protocol() == protocol; |
| }; |
| } |
| |
| SdpContentPredicate HaveSdesGcmCryptos(size_t num_crypto_suites) { |
| return [num_crypto_suites](const cricket::ContentInfo* content, |
| const cricket::TransportInfo* transport) { |
| const auto& cryptos = content->media_description()->cryptos(); |
| if (cryptos.size() != num_crypto_suites) { |
| return false; |
| } |
| for (size_t i = 0; i < cryptos.size(); ++i) { |
| if (cryptos[i].key_params.size() == 67U && |
| cryptos[i].cipher_suite == "AEAD_AES_256_GCM") |
| return true; |
| } |
| return false; |
| }; |
| } |
| |
| class PeerConnectionCryptoTest |
| : public PeerConnectionCryptoBaseTest, |
| public ::testing::WithParamInterface<SdpSemantics> { |
| protected: |
| PeerConnectionCryptoTest() : PeerConnectionCryptoBaseTest(GetParam()) {} |
| }; |
| |
| SdpContentMutator RemoveSdesCryptos() { |
| return [](cricket::ContentInfo* content, cricket::TransportInfo* transport) { |
| content->media_description()->set_cryptos({}); |
| }; |
| } |
| |
| SdpContentMutator RemoveDtlsFingerprint() { |
| return [](cricket::ContentInfo* content, cricket::TransportInfo* transport) { |
| transport->description.identity_fingerprint.reset(); |
| }; |
| } |
| |
| // When DTLS is enabled, the SDP offer/answer should have a DTLS fingerprint and |
| // no SDES cryptos. |
| TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWhenDtlsEnabled) { |
| RTCConfiguration config; |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| ASSERT_TRUE(offer); |
| |
| ASSERT_FALSE(offer->description()->contents().empty()); |
| EXPECT_TRUE(SdpContentsAll(HaveDtlsFingerprint(), offer->description())); |
| EXPECT_TRUE(SdpContentsNone(HaveSdesCryptos(), offer->description())); |
| EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolDtlsSavpf), |
| offer->description())); |
| } |
| TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWhenDtlsEnabled) { |
| RTCConfiguration config; |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| callee->SetRemoteDescription(caller->CreateOffer()); |
| auto answer = callee->CreateAnswer(); |
| ASSERT_TRUE(answer); |
| |
| ASSERT_FALSE(answer->description()->contents().empty()); |
| EXPECT_TRUE(SdpContentsAll(HaveDtlsFingerprint(), answer->description())); |
| EXPECT_TRUE(SdpContentsNone(HaveSdesCryptos(), answer->description())); |
| EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolDtlsSavpf), |
| answer->description())); |
| } |
| |
| #if defined(WEBRTC_FUCHSIA) |
| // When DTLS is disabled, the SDP offer/answer should include SDES cryptos and |
| // should not have a DTLS fingerprint. |
| TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWhenDtlsDisabled) { |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| ASSERT_TRUE(offer); |
| |
| ASSERT_FALSE(offer->description()->contents().empty()); |
| EXPECT_TRUE(SdpContentsAll(HaveSdesCryptos(), offer->description())); |
| EXPECT_TRUE(SdpContentsNone(HaveDtlsFingerprint(), offer->description())); |
| EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolSavpf), |
| offer->description())); |
| } |
| |
| TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWhenDtlsDisabled) { |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| callee->SetRemoteDescription(caller->CreateOffer()); |
| auto answer = callee->CreateAnswer(); |
| ASSERT_TRUE(answer); |
| |
| ASSERT_FALSE(answer->description()->contents().empty()); |
| EXPECT_TRUE(SdpContentsAll(HaveSdesCryptos(), answer->description())); |
| EXPECT_TRUE(SdpContentsNone(HaveDtlsFingerprint(), answer->description())); |
| EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolSavpf), |
| answer->description())); |
| } |
| |
| // When encryption is disabled, the SDP offer/answer should have neither a DTLS |
| // fingerprint nor any SDES crypto options. |
| TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWhenEncryptionDisabled) { |
| PeerConnectionFactoryInterface::Options options; |
| options.disable_encryption = true; |
| pc_factory_->SetOptions(options); |
| |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| ASSERT_TRUE(offer); |
| |
| ASSERT_FALSE(offer->description()->contents().empty()); |
| EXPECT_TRUE(SdpContentsNone(HaveSdesCryptos(), offer->description())); |
| EXPECT_TRUE(SdpContentsNone(HaveDtlsFingerprint(), offer->description())); |
| EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolAvpf), |
| offer->description())); |
| } |
| |
| TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWhenEncryptionDisabled) { |
| PeerConnectionFactoryInterface::Options options; |
| options.disable_encryption = true; |
| pc_factory_->SetOptions(options); |
| |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| callee->SetRemoteDescription(caller->CreateOffer()); |
| auto answer = callee->CreateAnswer(); |
| ASSERT_TRUE(answer); |
| |
| ASSERT_FALSE(answer->description()->contents().empty()); |
| EXPECT_TRUE(SdpContentsNone(HaveSdesCryptos(), answer->description())); |
| EXPECT_TRUE(SdpContentsNone(HaveDtlsFingerprint(), answer->description())); |
| EXPECT_TRUE(SdpContentsAll(HaveProtocol(cricket::kMediaProtocolAvpf), |
| answer->description())); |
| } |
| |
| // CryptoOptions has been promoted to RTCConfiguration. As such if it is ever |
| // set in the configuration it should overrite the settings set in the factory. |
| TEST_P(PeerConnectionCryptoTest, RTCConfigurationCryptoOptionOverridesFactory) { |
| PeerConnectionFactoryInterface::Options options; |
| options.crypto_options.srtp.enable_gcm_crypto_suites = true; |
| pc_factory_->SetOptions(options); |
| |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| CryptoOptions crypto_options; |
| crypto_options.srtp.enable_gcm_crypto_suites = false; |
| config.crypto_options = crypto_options; |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| ASSERT_TRUE(offer); |
| |
| ASSERT_FALSE(offer->description()->contents().empty()); |
| // This should exist if GCM is enabled see CorrectCryptoInOfferWithSdesAndGcm |
| EXPECT_FALSE(SdpContentsAll(HaveSdesGcmCryptos(3), offer->description())); |
| } |
| |
| // When DTLS is disabled and GCM cipher suites are enabled, the SDP offer/answer |
| // should have the correct ciphers in the SDES crypto options. |
| // With GCM cipher suites enabled, there will be 3 cryptos in the offer and 1 |
| // in the answer. |
| TEST_P(PeerConnectionCryptoTest, CorrectCryptoInOfferWithSdesAndGcm) { |
| PeerConnectionFactoryInterface::Options options; |
| options.crypto_options.srtp.enable_gcm_crypto_suites = true; |
| pc_factory_->SetOptions(options); |
| |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| ASSERT_TRUE(offer); |
| |
| ASSERT_FALSE(offer->description()->contents().empty()); |
| EXPECT_TRUE(SdpContentsAll(HaveSdesGcmCryptos(3), offer->description())); |
| } |
| |
| TEST_P(PeerConnectionCryptoTest, CorrectCryptoInAnswerWithSdesAndGcm) { |
| PeerConnectionFactoryInterface::Options options; |
| options.crypto_options.srtp.enable_gcm_crypto_suites = true; |
| pc_factory_->SetOptions(options); |
| |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| for (cricket::ContentInfo& content : offer->description()->contents()) { |
| auto cryptos = content.media_description()->cryptos(); |
| cryptos.erase(cryptos.begin()); // Assumes that non-GCM is the default. |
| content.media_description()->set_cryptos(cryptos); |
| } |
| |
| callee->SetRemoteDescription(std::move(offer)); |
| auto answer = callee->CreateAnswer(); |
| ASSERT_TRUE(answer); |
| |
| ASSERT_FALSE(answer->description()->contents().empty()); |
| EXPECT_TRUE(SdpContentsAll(HaveSdesGcmCryptos(1), answer->description())); |
| } |
| |
| TEST_P(PeerConnectionCryptoTest, CanSetSdesGcmRemoteOfferAndLocalAnswer) { |
| PeerConnectionFactoryInterface::Options options; |
| options.crypto_options.srtp.enable_gcm_crypto_suites = true; |
| pc_factory_->SetOptions(options); |
| |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| ASSERT_TRUE(offer); |
| ASSERT_TRUE(callee->SetRemoteDescription(std::move(offer))); |
| |
| auto answer = callee->CreateAnswer(); |
| ASSERT_TRUE(answer); |
| ASSERT_TRUE(callee->SetLocalDescription(std::move(answer))); |
| } |
| |
| // The following group tests that two PeerConnections can successfully exchange |
| // an offer/answer when DTLS is off and that they will refuse any offer/answer |
| // applied locally/remotely if it does not include SDES cryptos. |
| TEST_P(PeerConnectionCryptoTest, ExchangeOfferAnswerWhenSdesOn) { |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOfferAndSetAsLocal(); |
| ASSERT_TRUE(offer); |
| ASSERT_TRUE(callee->SetRemoteDescription(std::move(offer))); |
| |
| auto answer = callee->CreateAnswerAndSetAsLocal(); |
| ASSERT_TRUE(answer); |
| ASSERT_TRUE(caller->SetRemoteDescription(std::move(answer))); |
| } |
| TEST_P(PeerConnectionCryptoTest, FailToSetLocalOfferWithNoCryptosWhenSdesOn) { |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| SdpContentsForEach(RemoveSdesCryptos(), offer->description()); |
| |
| EXPECT_FALSE(caller->SetLocalDescription(std::move(offer))); |
| } |
| TEST_P(PeerConnectionCryptoTest, FailToSetRemoteOfferWithNoCryptosWhenSdesOn) { |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| SdpContentsForEach(RemoveSdesCryptos(), offer->description()); |
| |
| EXPECT_FALSE(callee->SetRemoteDescription(std::move(offer))); |
| } |
| TEST_P(PeerConnectionCryptoTest, FailToSetLocalAnswerWithNoCryptosWhenSdesOn) { |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| callee->SetRemoteDescription(caller->CreateOfferAndSetAsLocal()); |
| auto answer = callee->CreateAnswer(); |
| SdpContentsForEach(RemoveSdesCryptos(), answer->description()); |
| |
| EXPECT_FALSE(callee->SetLocalDescription(std::move(answer))); |
| } |
| TEST_P(PeerConnectionCryptoTest, FailToSetRemoteAnswerWithNoCryptosWhenSdesOn) { |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| callee->SetRemoteDescription(caller->CreateOfferAndSetAsLocal()); |
| auto answer = callee->CreateAnswerAndSetAsLocal(); |
| SdpContentsForEach(RemoveSdesCryptos(), answer->description()); |
| |
| EXPECT_FALSE(caller->SetRemoteDescription(std::move(answer))); |
| } |
| #endif |
| |
| // The following group tests that two PeerConnections can successfully exchange |
| // an offer/answer when DTLS is on and that they will refuse any offer/answer |
| // applied locally/remotely if it does not include a DTLS fingerprint. |
| TEST_P(PeerConnectionCryptoTest, ExchangeOfferAnswerWhenDtlsOn) { |
| RTCConfiguration config; |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOfferAndSetAsLocal(); |
| ASSERT_TRUE(offer); |
| ASSERT_TRUE(callee->SetRemoteDescription(std::move(offer))); |
| |
| auto answer = callee->CreateAnswerAndSetAsLocal(); |
| ASSERT_TRUE(answer); |
| ASSERT_TRUE(caller->SetRemoteDescription(std::move(answer))); |
| } |
| TEST_P(PeerConnectionCryptoTest, |
| FailToSetLocalOfferWithNoFingerprintWhenDtlsOn) { |
| RTCConfiguration config; |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| SdpContentsForEach(RemoveDtlsFingerprint(), offer->description()); |
| |
| EXPECT_FALSE(caller->SetLocalDescription(std::move(offer))); |
| } |
| TEST_P(PeerConnectionCryptoTest, |
| FailToSetRemoteOfferWithNoFingerprintWhenDtlsOn) { |
| RTCConfiguration config; |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOffer(); |
| SdpContentsForEach(RemoveDtlsFingerprint(), offer->description()); |
| |
| EXPECT_FALSE(callee->SetRemoteDescription(std::move(offer))); |
| } |
| TEST_P(PeerConnectionCryptoTest, |
| FailToSetLocalAnswerWithNoFingerprintWhenDtlsOn) { |
| RTCConfiguration config; |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| callee->SetRemoteDescription(caller->CreateOfferAndSetAsLocal()); |
| auto answer = callee->CreateAnswer(); |
| SdpContentsForEach(RemoveDtlsFingerprint(), answer->description()); |
| } |
| TEST_P(PeerConnectionCryptoTest, |
| FailToSetRemoteAnswerWithNoFingerprintWhenDtlsOn) { |
| RTCConfiguration config; |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| callee->SetRemoteDescription(caller->CreateOfferAndSetAsLocal()); |
| auto answer = callee->CreateAnswerAndSetAsLocal(); |
| SdpContentsForEach(RemoveDtlsFingerprint(), answer->description()); |
| |
| EXPECT_FALSE(caller->SetRemoteDescription(std::move(answer))); |
| } |
| |
| #if defined(WEBRTC_FUCHSIA) |
| // Test that an offer/answer can be exchanged when encryption is disabled. |
| TEST_P(PeerConnectionCryptoTest, ExchangeOfferAnswerWhenNoEncryption) { |
| PeerConnectionFactoryInterface::Options options; |
| options.disable_encryption = true; |
| pc_factory_->SetOptions(options); |
| |
| RTCConfiguration config; |
| config.enable_dtls_srtp.emplace(false); |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| auto callee = CreatePeerConnectionWithAudioVideo(config); |
| |
| auto offer = caller->CreateOfferAndSetAsLocal(); |
| ASSERT_TRUE(offer); |
| ASSERT_TRUE(callee->SetRemoteDescription(std::move(offer))); |
| |
| auto answer = callee->CreateAnswerAndSetAsLocal(); |
| ASSERT_TRUE(answer); |
| ASSERT_TRUE(caller->SetRemoteDescription(std::move(answer))); |
| } |
| #endif |
| |
| // Tests that a DTLS call can be established when the certificate is specified |
| // in the PeerConnection config and no certificate generator is specified. |
| TEST_P(PeerConnectionCryptoTest, |
| ExchangeOfferAnswerWhenDtlsCertificateInConfig) { |
| RTCConfiguration caller_config; |
| caller_config.certificates.push_back( |
| FakeRTCCertificateGenerator::GenerateCertificate()); |
| auto caller = CreatePeerConnectionWithAudioVideo(caller_config); |
| |
| RTCConfiguration callee_config; |
| callee_config.certificates.push_back( |
| FakeRTCCertificateGenerator::GenerateCertificate()); |
| auto callee = CreatePeerConnectionWithAudioVideo(callee_config); |
| |
| auto offer = caller->CreateOfferAndSetAsLocal(); |
| ASSERT_TRUE(offer); |
| ASSERT_TRUE(callee->SetRemoteDescription(std::move(offer))); |
| |
| auto answer = callee->CreateAnswerAndSetAsLocal(); |
| ASSERT_TRUE(answer); |
| ASSERT_TRUE(caller->SetRemoteDescription(std::move(answer))); |
| } |
| |
| // The following parameterized test verifies that CreateOffer/CreateAnswer |
| // returns successfully (or with failure if the underlying certificate generator |
| // fails) no matter when the DTLS certificate is generated. If multiple |
| // CreateOffer/CreateAnswer calls are made while waiting for the certificate, |
| // they all finish after the certificate is generated. |
| |
| // Whether the certificate will be generated before calling CreateOffer or |
| // while CreateOffer is executing. |
| enum class CertGenTime { kBefore, kDuring }; |
| std::ostream& operator<<(std::ostream& out, CertGenTime value) { |
| switch (value) { |
| case CertGenTime::kBefore: |
| return out << "before"; |
| case CertGenTime::kDuring: |
| return out << "during"; |
| default: |
| return out << "unknown"; |
| } |
| } |
| |
| // Whether the fake certificate generator will produce a certificate or fail. |
| enum class CertGenResult { kSucceed, kFail }; |
| std::ostream& operator<<(std::ostream& out, CertGenResult value) { |
| switch (value) { |
| case CertGenResult::kSucceed: |
| return out << "succeed"; |
| case CertGenResult::kFail: |
| return out << "fail"; |
| default: |
| return out << "unknown"; |
| } |
| } |
| |
| class PeerConnectionCryptoDtlsCertGenTest |
| : public PeerConnectionCryptoBaseTest, |
| public ::testing::WithParamInterface<std::tuple<SdpSemantics, |
| SdpType, |
| CertGenTime, |
| CertGenResult, |
| size_t>> { |
| protected: |
| PeerConnectionCryptoDtlsCertGenTest() |
| : PeerConnectionCryptoBaseTest(std::get<0>(GetParam())) { |
| sdp_type_ = std::get<1>(GetParam()); |
| cert_gen_time_ = std::get<2>(GetParam()); |
| cert_gen_result_ = std::get<3>(GetParam()); |
| concurrent_calls_ = std::get<4>(GetParam()); |
| } |
| |
| SdpType sdp_type_; |
| CertGenTime cert_gen_time_; |
| CertGenResult cert_gen_result_; |
| size_t concurrent_calls_; |
| }; |
| |
| TEST_P(PeerConnectionCryptoDtlsCertGenTest, TestCertificateGeneration) { |
| RTCConfiguration config; |
| auto owned_fake_certificate_generator = |
| std::make_unique<FakeRTCCertificateGenerator>(); |
| auto* fake_certificate_generator = owned_fake_certificate_generator.get(); |
| fake_certificate_generator->set_should_fail(cert_gen_result_ == |
| CertGenResult::kFail); |
| fake_certificate_generator->set_should_wait(cert_gen_time_ == |
| CertGenTime::kDuring); |
| WrapperPtr pc; |
| if (sdp_type_ == SdpType::kOffer) { |
| pc = CreatePeerConnectionWithAudioVideo( |
| config, std::move(owned_fake_certificate_generator)); |
| } else { |
| auto caller = CreatePeerConnectionWithAudioVideo(config); |
| pc = CreatePeerConnectionWithAudioVideo( |
| config, std::move(owned_fake_certificate_generator)); |
| pc->SetRemoteDescription(caller->CreateOfferAndSetAsLocal()); |
| } |
| if (cert_gen_time_ == CertGenTime::kBefore) { |
| ASSERT_TRUE_WAIT(fake_certificate_generator->generated_certificates() + |
| fake_certificate_generator->generated_failures() > |
| 0, |
| kGenerateCertTimeout); |
| } else { |
| ASSERT_EQ(fake_certificate_generator->generated_certificates(), 0); |
| fake_certificate_generator->set_should_wait(false); |
| } |
| std::vector<rtc::scoped_refptr<MockCreateSessionDescriptionObserver>> |
| observers; |
| for (size_t i = 0; i < concurrent_calls_; i++) { |
| rtc::scoped_refptr<MockCreateSessionDescriptionObserver> observer = |
| rtc::make_ref_counted<MockCreateSessionDescriptionObserver>(); |
| observers.push_back(observer); |
| if (sdp_type_ == SdpType::kOffer) { |
| pc->pc()->CreateOffer(observer.get(), |
| PeerConnectionInterface::RTCOfferAnswerOptions()); |
| } else { |
| pc->pc()->CreateAnswer(observer.get(), |
| PeerConnectionInterface::RTCOfferAnswerOptions()); |
| } |
| } |
| for (auto& observer : observers) { |
| EXPECT_TRUE_WAIT(observer->called(), 1000); |
| if (cert_gen_result_ == CertGenResult::kSucceed) { |
| EXPECT_TRUE(observer->result()); |
| } else { |
| EXPECT_FALSE(observer->result()); |
| } |
| } |
| } |
| |
| INSTANTIATE_TEST_SUITE_P( |
| PeerConnectionCryptoTest, |
| PeerConnectionCryptoDtlsCertGenTest, |
| Combine(Values(SdpSemantics::kPlanB_DEPRECATED, SdpSemantics::kUnifiedPlan), |
| Values(SdpType::kOffer, SdpType::kAnswer), |
| Values(CertGenTime::kBefore, CertGenTime::kDuring), |
| Values(CertGenResult::kSucceed, CertGenResult::kFail), |
| Values(1, 3))); |
| |
| // Test that we can create and set an answer correctly when different |
| // SSL roles have been negotiated for different transports. |
| // See: https://bugs.chromium.org/p/webrtc/issues/detail?id=4525 |
| TEST_P(PeerConnectionCryptoTest, CreateAnswerWithDifferentSslRoles) { |
| auto caller = CreatePeerConnectionWithAudioVideo(); |
| auto callee = CreatePeerConnectionWithAudioVideo(); |
| |
| RTCOfferAnswerOptions options_no_bundle; |
| options_no_bundle.use_rtp_mux = false; |
| |
| // First, negotiate different SSL roles for audio and video. |
| ASSERT_TRUE(callee->SetRemoteDescription(caller->CreateOfferAndSetAsLocal())); |
| auto answer = callee->CreateAnswer(options_no_bundle); |
| |
| AudioConnectionRole(answer->description()) = cricket::CONNECTIONROLE_ACTIVE; |
| VideoConnectionRole(answer->description()) = cricket::CONNECTIONROLE_PASSIVE; |
| |
| ASSERT_TRUE( |
| callee->SetLocalDescription(CloneSessionDescription(answer.get()))); |
| ASSERT_TRUE(caller->SetRemoteDescription(std::move(answer))); |
| |
| // Now create an offer in the reverse direction, and ensure the initial |
| // offerer responds with an answer with the correct SSL roles. |
| ASSERT_TRUE(caller->SetRemoteDescription(callee->CreateOfferAndSetAsLocal())); |
| answer = caller->CreateAnswer(options_no_bundle); |
| |
| EXPECT_EQ(cricket::CONNECTIONROLE_PASSIVE, |
| AudioConnectionRole(answer->description())); |
| EXPECT_EQ(cricket::CONNECTIONROLE_ACTIVE, |
| VideoConnectionRole(answer->description())); |
| |
| ASSERT_TRUE( |
| caller->SetLocalDescription(CloneSessionDescription(answer.get()))); |
| ASSERT_TRUE(callee->SetRemoteDescription(std::move(answer))); |
| |
| // Lastly, start BUNDLE-ing on "audio", expecting that the "passive" role of |
| // audio is transferred over to video in the answer that completes the BUNDLE |
| // negotiation. |
| RTCOfferAnswerOptions options_bundle; |
| options_bundle.use_rtp_mux = true; |
| |
| ASSERT_TRUE(caller->SetRemoteDescription(callee->CreateOfferAndSetAsLocal())); |
| answer = caller->CreateAnswer(options_bundle); |
| |
| EXPECT_EQ(cricket::CONNECTIONROLE_PASSIVE, |
| AudioConnectionRole(answer->description())); |
| EXPECT_EQ(cricket::CONNECTIONROLE_PASSIVE, |
| VideoConnectionRole(answer->description())); |
| |
| ASSERT_TRUE( |
| caller->SetLocalDescription(CloneSessionDescription(answer.get()))); |
| ASSERT_TRUE(callee->SetRemoteDescription(std::move(answer))); |
| } |
| |
| // Tests that if the DTLS fingerprint is invalid then all future calls to |
| // SetLocalDescription and SetRemoteDescription will fail due to a session |
| // error. |
| // This is a regression test for crbug.com/800775 |
| TEST_P(PeerConnectionCryptoTest, SessionErrorIfFingerprintInvalid) { |
| auto callee_certificate = rtc::RTCCertificate::FromPEM(kRsaPems[0]); |
| auto other_certificate = rtc::RTCCertificate::FromPEM(kRsaPems[1]); |
| |
| auto caller = CreatePeerConnectionWithAudioVideo(); |
| RTCConfiguration callee_config; |
| callee_config.certificates.push_back(callee_certificate); |
| auto callee = CreatePeerConnectionWithAudioVideo(callee_config); |
| |
| ASSERT_TRUE(callee->SetRemoteDescription(caller->CreateOfferAndSetAsLocal())); |
| |
| // Create an invalid answer with the other certificate's fingerprint. |
| auto valid_answer = callee->CreateAnswer(); |
| auto invalid_answer = CloneSessionDescription(valid_answer.get()); |
| auto* audio_content = |
| cricket::GetFirstAudioContent(invalid_answer->description()); |
| ASSERT_TRUE(audio_content); |
| auto* audio_transport_info = |
| invalid_answer->description()->GetTransportInfoByName( |
| audio_content->name); |
| ASSERT_TRUE(audio_transport_info); |
| audio_transport_info->description.identity_fingerprint = |
| rtc::SSLFingerprint::CreateFromCertificate(*other_certificate); |
| |
| // Set the invalid answer and expect a fingerprint error. |
| std::string error; |
| ASSERT_FALSE(callee->SetLocalDescription(std::move(invalid_answer), &error)); |
| EXPECT_PRED_FORMAT2(AssertStringContains, error, |
| "Local fingerprint does not match identity."); |
| |
| // Make sure that setting a valid remote offer or local answer also fails now. |
| ASSERT_FALSE(callee->SetRemoteDescription(caller->CreateOffer(), &error)); |
| EXPECT_PRED_FORMAT2(AssertStringContains, error, |
| "Session error code: ERROR_CONTENT."); |
| ASSERT_FALSE(callee->SetLocalDescription(std::move(valid_answer), &error)); |
| EXPECT_PRED_FORMAT2(AssertStringContains, error, |
| "Session error code: ERROR_CONTENT."); |
| } |
| |
| INSTANTIATE_TEST_SUITE_P(PeerConnectionCryptoTest, |
| PeerConnectionCryptoTest, |
| Values(SdpSemantics::kPlanB_DEPRECATED, |
| SdpSemantics::kUnifiedPlan)); |
| |
| } // namespace webrtc |