Google Git
Sign in
webrtc / src / 69c8d3c843326aff9dee32cc639741c1cd7f8ae9 / . / pc / srtp_filter_unittest.cc
blob: eadaad68afde76c73ab019e6bbae35fca443d53b [file] [log] [blame]
Harald Alvestrand0d018412021-11-04 13:52:31[diff] [blame]1/*
2 * Copyright 2004 The WebRTC project authors. All Rights Reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11#include "pc/srtp_filter.h"
12
13#include <string.h>
14
15#include "api/crypto_params.h"
16#include "rtc_base/ssl_stream_adapter.h"
17#include "test/gtest.h"
18
19using cricket::CryptoParams;
20using cricket::CS_LOCAL;
21using cricket::CS_REMOTE;
22
23namespace rtc {
24
25static const char kTestKeyParams1[] =
26 "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
27static const char kTestKeyParams2[] =
28 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
29static const char kTestKeyParams3[] =
30 "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
31static const char kTestKeyParams4[] =
32 "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
33static const char kTestKeyParamsGcm1[] =
34 "inline:e166KFlKzJsGW0d5apX+rrI05vxbrvMJEzFI14aTDCa63IRTlLK4iH66uOI=";
35static const char kTestKeyParamsGcm2[] =
36 "inline:6X0oCd55zfz4VgtOwsuqcFq61275PDYN5uwuu3p7ZUHbfUY2FMpdP4m2PEo=";
37static const char kTestKeyParamsGcm3[] =
38 "inline:YKlABGZWMgX32xuMotrG0v0T7G83veegaVzubQ==";
39static const char kTestKeyParamsGcm4[] =
40 "inline:gJ6tWoUym2v+/F6xjr7xaxiS3QbJJozl3ZD/0A==";
41static const cricket::CryptoParams kTestCryptoParams1(1,
42 "AES_CM_128_HMAC_SHA1_80",
43 kTestKeyParams1,
44 "");
45static const cricket::CryptoParams kTestCryptoParams2(1,
46 "AES_CM_128_HMAC_SHA1_80",
47 kTestKeyParams2,
48 "");
49static const cricket::CryptoParams kTestCryptoParamsGcm1(1,
50 "AEAD_AES_256_GCM",
51 kTestKeyParamsGcm1,
52 "");
53static const cricket::CryptoParams kTestCryptoParamsGcm2(1,
54 "AEAD_AES_256_GCM",
55 kTestKeyParamsGcm2,
56 "");
57static const cricket::CryptoParams kTestCryptoParamsGcm3(1,
58 "AEAD_AES_128_GCM",
59 kTestKeyParamsGcm3,
60 "");
61static const cricket::CryptoParams kTestCryptoParamsGcm4(1,
62 "AEAD_AES_128_GCM",
63 kTestKeyParamsGcm4,
64 "");
65
66class SrtpFilterTest : public ::testing::Test {
67 protected:
68 SrtpFilterTest() {}
69 static std::vector<CryptoParams> MakeVector(const CryptoParams& params) {
70 std::vector<CryptoParams> vec;
71 vec.push_back(params);
72 return vec;
73 }
74
75 void TestSetParams(const std::vector<CryptoParams>& params1,
76 const std::vector<CryptoParams>& params2) {
77 EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL));
78 EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE));
79 EXPECT_FALSE(f1_.IsActive());
80 EXPECT_FALSE(f2_.IsActive());
81 EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL));
82 EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE));
83 EXPECT_TRUE(f1_.IsActive());
84 EXPECT_TRUE(f2_.IsActive());
85 }
86
87 void VerifyKeysAreEqual(ArrayView<const uint8_t> key1,
88 ArrayView<const uint8_t> key2) {
89 EXPECT_EQ(key1.size(), key2.size());
90 EXPECT_EQ(0, memcmp(key1.data(), key2.data(), key1.size()));
91 }
92
93 void VerifyCryptoParamsMatch(const std::string& cs1, const std::string& cs2) {
94 EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs1), f1_.send_cipher_suite());
95 EXPECT_EQ(rtc::SrtpCryptoSuiteFromName(cs2), f2_.send_cipher_suite());
96 VerifyKeysAreEqual(f1_.send_key(), f2_.recv_key());
97 VerifyKeysAreEqual(f2_.send_key(), f1_.recv_key());
98 }
99
100 cricket::SrtpFilter f1_;
101 cricket::SrtpFilter f2_;
102};
103
104// Test that we can set up the session and keys properly.
105TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) {
106 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
107 EXPECT_FALSE(f1_.IsActive());
108 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
109 EXPECT_TRUE(f1_.IsActive());
110}
111
112TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuiteGcm) {
113 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParamsGcm1), CS_LOCAL));
114 EXPECT_FALSE(f1_.IsActive());
115 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParamsGcm2), CS_REMOTE));
116 EXPECT_TRUE(f1_.IsActive());
117}
118
119// Test that we can set up things with multiple params.
120TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) {
121 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
122 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
123 offer.push_back(kTestCryptoParams1);
124 offer[1].tag = 2;
125 offer[1].cipher_suite = kCsAesCm128HmacSha1_32;
126 answer[0].tag = 2;
127 answer[0].cipher_suite = kCsAesCm128HmacSha1_32;
128 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
129 EXPECT_FALSE(f1_.IsActive());
130 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
131 EXPECT_TRUE(f1_.IsActive());
132}
133
134TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuitesGcm) {
135 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParamsGcm1));
136 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParamsGcm3));
137 offer.push_back(kTestCryptoParamsGcm4);
138 offer[1].tag = 2;
139 answer[0].tag = 2;
140 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
141 EXPECT_FALSE(f1_.IsActive());
142 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
143 EXPECT_TRUE(f1_.IsActive());
144}
145
146// Test that we handle the cases where crypto is not desired.
147TEST_F(SrtpFilterTest, TestGoodSetupNoCipherSuites) {
148 std::vector<CryptoParams> offer, answer;
149 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
150 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
151 EXPECT_FALSE(f1_.IsActive());
152}
153
154// Test that we handle the cases where crypto is not desired by the remote side.
155TEST_F(SrtpFilterTest, TestGoodSetupNoAnswerCipherSuites) {
156 std::vector<CryptoParams> answer;
157 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
158 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
159 EXPECT_FALSE(f1_.IsActive());
160}
161
162// Test that we fail if we call the functions the wrong way.
163TEST_F(SrtpFilterTest, TestBadSetup) {
164 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
165 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
166 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
167 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
168 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
169 EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
170 EXPECT_FALSE(f1_.IsActive());
171}
172
173// Test that we can set offer multiple times from the same source.
174TEST_F(SrtpFilterTest, TestGoodSetupMultipleOffers) {
175 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
176 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
177 EXPECT_FALSE(f1_.IsActive());
178 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
179 EXPECT_TRUE(f1_.IsActive());
180 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
181 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
182 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
183
184 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
185 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
186 EXPECT_FALSE(f2_.IsActive());
187 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
188 EXPECT_TRUE(f2_.IsActive());
189 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
190 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
191 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
192}
193// Test that we can't set offer multiple times from different sources.
194TEST_F(SrtpFilterTest, TestBadSetupMultipleOffers) {
195 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
196 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
197 EXPECT_FALSE(f1_.IsActive());
198 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams1), CS_REMOTE));
199 EXPECT_TRUE(f1_.IsActive());
200 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams2), CS_LOCAL));
201 EXPECT_FALSE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_REMOTE));
202 EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
203
204 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
205 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
206 EXPECT_FALSE(f2_.IsActive());
207 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
208 EXPECT_TRUE(f2_.IsActive());
209 EXPECT_TRUE(f2_.SetOffer(MakeVector(kTestCryptoParams2), CS_REMOTE));
210 EXPECT_FALSE(f2_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
211 EXPECT_TRUE(f2_.SetAnswer(MakeVector(kTestCryptoParams2), CS_LOCAL));
212}
213
214// Test that we fail if we have params in the answer when none were offered.
215TEST_F(SrtpFilterTest, TestNoAnswerCipherSuites) {
216 std::vector<CryptoParams> offer;
217 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
218 EXPECT_FALSE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
219 EXPECT_FALSE(f1_.IsActive());
220}
221
222// Test that we fail if we have too many params in our answer.
223TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) {
224 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
225 answer.push_back(kTestCryptoParams2);
226 answer[1].tag = 2;
227 answer[1].cipher_suite = kCsAesCm128HmacSha1_32;
228 EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
229 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
230 EXPECT_FALSE(f1_.IsActive());
231}
232
233// Test that we fail if we don't support the cipher-suite.
234TEST_F(SrtpFilterTest, TestInvalidCipherSuite) {
235 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
236 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
237 offer[0].cipher_suite = answer[0].cipher_suite = "FOO";
238 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
239 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
240 EXPECT_FALSE(f1_.IsActive());
241}
242
243// Test that we fail if we can't agree on a tag.
244TEST_F(SrtpFilterTest, TestNoMatchingTag) {
245 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
246 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
247 answer[0].tag = 99;
248 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
249 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
250 EXPECT_FALSE(f1_.IsActive());
251}
252
253// Test that we fail if we can't agree on a cipher-suite.
254TEST_F(SrtpFilterTest, TestNoMatchingCipherSuite) {
255 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
256 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
257 answer[0].tag = 2;
258 answer[0].cipher_suite = "FOO";
259 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
260 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
261 EXPECT_FALSE(f1_.IsActive());
262}
263
264// Test that we fail keys with bad base64 content.
265TEST_F(SrtpFilterTest, TestInvalidKeyData) {
266 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
267 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
268 answer[0].key_params = "inline:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
269 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
270 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
271 EXPECT_FALSE(f1_.IsActive());
272}
273
274// Test that we fail keys with the wrong key-method.
275TEST_F(SrtpFilterTest, TestWrongKeyMethod) {
276 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
277 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
278 answer[0].key_params = "outline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
279 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
280 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
281 EXPECT_FALSE(f1_.IsActive());
282}
283
284// Test that we fail keys of the wrong length.
285TEST_F(SrtpFilterTest, TestKeyTooShort) {
286 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
287 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
288 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtx";
289 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
290 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
291 EXPECT_FALSE(f1_.IsActive());
292}
293
294// Test that we fail keys of the wrong length.
295TEST_F(SrtpFilterTest, TestKeyTooLong) {
296 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
297 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
298 answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBRABCD";
299 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
300 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
301 EXPECT_FALSE(f1_.IsActive());
302}
303
304// Test that we fail keys with lifetime or MKI set (since we don't support)
305TEST_F(SrtpFilterTest, TestUnsupportedOptions) {
306 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
307 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
308 answer[0].key_params =
309 "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4";
310 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
311 EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
312 EXPECT_FALSE(f1_.IsActive());
313}
314
315// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80.
316TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
317 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
318 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
319 offer.push_back(kTestCryptoParams1);
320 offer[1].tag = 2;
321 offer[1].cipher_suite = kCsAesCm128HmacSha1_32;
322 TestSetParams(offer, answer);
323 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
324}
325
326// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
327TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
328 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
329 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
330 offer.push_back(kTestCryptoParams1);
331 offer[1].tag = 2;
332 offer[1].cipher_suite = kCsAesCm128HmacSha1_32;
333 answer[0].tag = 2;
334 answer[0].cipher_suite = kCsAesCm128HmacSha1_32;
335 TestSetParams(offer, answer);
336 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_32, kCsAesCm128HmacSha1_32);
337}
338
339// Test that we can change encryption parameters.
340TEST_F(SrtpFilterTest, TestChangeParameters) {
341 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
342 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
343
344 TestSetParams(offer, answer);
345 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
346
347 // Change the key parameters and cipher_suite.
348 offer[0].key_params = kTestKeyParams3;
349 offer[0].cipher_suite = kCsAesCm128HmacSha1_32;
350 answer[0].key_params = kTestKeyParams4;
351 answer[0].cipher_suite = kCsAesCm128HmacSha1_32;
352
353 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
354 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
355 EXPECT_TRUE(f1_.IsActive());
356 EXPECT_TRUE(f1_.IsActive());
357
358 // Test that the old keys are valid until the negotiation is complete.
359 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
360
361 // Complete the negotiation and test that we can still understand each other.
362 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
363 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
364
365 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_32, kCsAesCm128HmacSha1_32);
366}
367
368// Test that we can send and receive provisional answers with crypto enabled.
369// Also test that we can change the crypto.
370TEST_F(SrtpFilterTest, TestProvisionalAnswer) {
371 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
372 offer.push_back(kTestCryptoParams1);
373 offer[1].tag = 2;
374 offer[1].cipher_suite = kCsAesCm128HmacSha1_32;
375 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
376
377 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
378 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
379 EXPECT_FALSE(f1_.IsActive());
380 EXPECT_FALSE(f2_.IsActive());
381 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
382 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
383 EXPECT_TRUE(f1_.IsActive());
384 EXPECT_TRUE(f2_.IsActive());
385 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
386
387 answer[0].key_params = kTestKeyParams4;
388 answer[0].tag = 2;
389 answer[0].cipher_suite = kCsAesCm128HmacSha1_32;
390 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
391 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
392 EXPECT_TRUE(f1_.IsActive());
393 EXPECT_TRUE(f2_.IsActive());
394 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_32, kCsAesCm128HmacSha1_32);
395}
396
397// Test that a provisional answer doesn't need to contain a crypto.
398TEST_F(SrtpFilterTest, TestProvisionalAnswerWithoutCrypto) {
399 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
400 std::vector<CryptoParams> answer;
401
402 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
403 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
404 EXPECT_FALSE(f1_.IsActive());
405 EXPECT_FALSE(f2_.IsActive());
406 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
407 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
408 EXPECT_FALSE(f1_.IsActive());
409 EXPECT_FALSE(f2_.IsActive());
410
411 answer.push_back(kTestCryptoParams2);
412 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
413 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
414 EXPECT_TRUE(f1_.IsActive());
415 EXPECT_TRUE(f2_.IsActive());
416 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
417}
418
419// Test that if we get a new local offer after a provisional answer
420// with no crypto, that we are in an inactive state.
421TEST_F(SrtpFilterTest, TestLocalOfferAfterProvisionalAnswerWithoutCrypto) {
422 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
423 std::vector<CryptoParams> answer;
424
425 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
426 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
427 EXPECT_TRUE(f1_.SetProvisionalAnswer(answer, CS_REMOTE));
428 EXPECT_TRUE(f2_.SetProvisionalAnswer(answer, CS_LOCAL));
429 EXPECT_FALSE(f1_.IsActive());
430 EXPECT_FALSE(f2_.IsActive());
431 // The calls to set an offer after a provisional answer fail, so the
432 // state doesn't change.
433 EXPECT_FALSE(f1_.SetOffer(offer, CS_LOCAL));
434 EXPECT_FALSE(f2_.SetOffer(offer, CS_REMOTE));
435 EXPECT_FALSE(f1_.IsActive());
436 EXPECT_FALSE(f2_.IsActive());
437
438 answer.push_back(kTestCryptoParams2);
439 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
440 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
441 EXPECT_TRUE(f1_.IsActive());
442 EXPECT_TRUE(f2_.IsActive());
443 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
444}
445
446// Test that we can disable encryption.
447TEST_F(SrtpFilterTest, TestDisableEncryption) {
448 std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
449 std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
450
451 TestSetParams(offer, answer);
452 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
453
454 offer.clear();
455 answer.clear();
456 EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
457 EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
458 EXPECT_TRUE(f1_.IsActive());
459 EXPECT_TRUE(f2_.IsActive());
460
461 // Test that the old keys are valid until the negotiation is complete.
462 VerifyCryptoParamsMatch(kCsAesCm128HmacSha1_80, kCsAesCm128HmacSha1_80);
463
464 // Complete the negotiation.
465 EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
466 EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
467
468 EXPECT_FALSE(f1_.IsActive());
469 EXPECT_FALSE(f2_.IsActive());
470}
471
472} // namespace rtc