3 * Copyright 2011, Google Inc.
4 * Copyright 2011, RTFM, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * 1. Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
20 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
22 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
23 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
24 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
26 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 #include "webrtc/p2p/base/dtlstransport.h"
32 #include "webrtc/p2p/base/fakesession.h"
33 #include "webrtc/base/common.h"
34 #include "webrtc/base/dscp.h"
35 #include "webrtc/base/gunit.h"
36 #include "webrtc/base/helpers.h"
37 #include "webrtc/base/scoped_ptr.h"
38 #include "webrtc/base/ssladapter.h"
39 #include "webrtc/base/sslidentity.h"
40 #include "webrtc/base/sslstreamadapter.h"
41 #include "webrtc/base/stringutils.h"
42 #include "webrtc/base/thread.h"
44 #define MAYBE_SKIP_TEST(feature) \
45 if (!(rtc::SSLStreamAdapter::feature())) { \
46 LOG(LS_INFO) << "Feature disabled... skipping"; \
50 static const char AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
51 static const char kIceUfrag1[] = "TESTICEUFRAG0001";
52 static const char kIcePwd1[] = "TESTICEPWD00000000000001";
53 static const size_t kPacketNumOffset = 8;
54 static const size_t kPacketHeaderLen = 12;
56 static bool IsRtpLeadByte(uint8 b) {
57 return ((b & 0xC0) == 0x80);
60 using cricket::ConnectionRole;
62 enum Flags { NF_REOFFER = 0x1, NF_EXPECT_FAILURE = 0x2 };
64 class DtlsTestClient : public sigslot::has_slots<> {
66 DtlsTestClient(const std::string& name,
67 rtc::Thread* signaling_thread,
68 rtc::Thread* worker_thread) :
70 signaling_thread_(signaling_thread),
71 worker_thread_(worker_thread),
72 protocol_(cricket::ICEPROTO_GOOGLE),
74 use_dtls_srtp_(false),
75 negotiated_dtls_(false),
76 received_dtls_client_hello_(false),
77 received_dtls_server_hello_(false) {
79 void SetIceProtocol(cricket::TransportProtocol proto) {
82 void CreateIdentity() {
83 identity_.reset(rtc::SSLIdentity::Generate(name_));
85 rtc::SSLIdentity* identity() { return identity_.get(); }
87 ASSERT(identity_.get() != NULL);
88 use_dtls_srtp_ = true;
90 void SetupChannels(int count, cricket::IceRole role) {
91 transport_.reset(new cricket::DtlsTransport<cricket::FakeTransport>(
92 signaling_thread_, worker_thread_, "dtls content name", NULL,
94 transport_->SetAsync(true);
95 transport_->SetIceRole(role);
96 transport_->SetIceTiebreaker(
97 (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2);
98 transport_->SignalWritableState.connect(this,
99 &DtlsTestClient::OnTransportWritableState);
101 for (int i = 0; i < count; ++i) {
102 cricket::DtlsTransportChannelWrapper* channel =
103 static_cast<cricket::DtlsTransportChannelWrapper*>(
104 transport_->CreateChannel(i));
105 ASSERT_TRUE(channel != NULL);
106 channel->SignalWritableState.connect(this,
107 &DtlsTestClient::OnTransportChannelWritableState);
108 channel->SignalReadPacket.connect(this,
109 &DtlsTestClient::OnTransportChannelReadPacket);
110 channels_.push_back(channel);
112 // Hook the raw packets so that we can verify they are encrypted.
113 channel->channel()->SignalReadPacket.connect(
114 this, &DtlsTestClient::OnFakeTransportChannelReadPacket);
118 cricket::Transport* transport() { return transport_.get(); }
120 cricket::FakeTransportChannel* GetFakeChannel(int component) {
121 cricket::TransportChannelImpl* ch = transport_->GetChannel(component);
122 cricket::DtlsTransportChannelWrapper* wrapper =
123 static_cast<cricket::DtlsTransportChannelWrapper*>(ch);
125 static_cast<cricket::FakeTransportChannel*>(wrapper->channel()) : NULL;
128 // Offer DTLS if we have an identity; pass in a remote fingerprint only if
129 // both sides support DTLS.
130 void Negotiate(DtlsTestClient* peer, cricket::ContentAction action,
131 ConnectionRole local_role, ConnectionRole remote_role,
133 Negotiate(identity_.get(), (identity_) ? peer->identity_.get() : NULL,
134 action, local_role, remote_role, flags);
137 // Allow any DTLS configuration to be specified (including invalid ones).
138 void Negotiate(rtc::SSLIdentity* local_identity,
139 rtc::SSLIdentity* remote_identity,
140 cricket::ContentAction action,
141 ConnectionRole local_role,
142 ConnectionRole remote_role,
144 rtc::scoped_ptr<rtc::SSLFingerprint> local_fingerprint;
145 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint;
146 if (local_identity) {
147 local_fingerprint.reset(rtc::SSLFingerprint::Create(
148 rtc::DIGEST_SHA_1, local_identity));
149 ASSERT_TRUE(local_fingerprint.get() != NULL);
151 if (remote_identity) {
152 remote_fingerprint.reset(rtc::SSLFingerprint::Create(
153 rtc::DIGEST_SHA_1, remote_identity));
154 ASSERT_TRUE(remote_fingerprint.get() != NULL);
157 if (use_dtls_srtp_ && !(flags & NF_REOFFER)) {
158 // SRTP ciphers will be set only in the beginning.
159 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
160 channels_.begin(); it != channels_.end(); ++it) {
161 std::vector<std::string> ciphers;
162 ciphers.push_back(AES_CM_128_HMAC_SHA1_80);
163 ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers));
167 std::string transport_type = (protocol_ == cricket::ICEPROTO_GOOGLE) ?
168 cricket::NS_GINGLE_P2P : cricket::NS_JINGLE_ICE_UDP;
169 cricket::TransportDescription local_desc(
170 transport_type, std::vector<std::string>(), kIceUfrag1, kIcePwd1,
171 cricket::ICEMODE_FULL, local_role,
172 // If remote if the offerer and has no DTLS support, answer will be
173 // without any fingerprint.
174 (action == cricket::CA_ANSWER && !remote_identity) ?
175 NULL : local_fingerprint.get(),
176 cricket::Candidates());
178 cricket::TransportDescription remote_desc(
179 transport_type, std::vector<std::string>(), kIceUfrag1, kIcePwd1,
180 cricket::ICEMODE_FULL, remote_role, remote_fingerprint.get(),
181 cricket::Candidates());
183 bool expect_success = (flags & NF_EXPECT_FAILURE) ? false : true;
184 // If |expect_success| is false, expect SRTD or SLTD to fail when
185 // content action is CA_ANSWER.
186 if (action == cricket::CA_OFFER) {
187 ASSERT_TRUE(transport_->SetLocalTransportDescription(
188 local_desc, cricket::CA_OFFER, NULL));
189 ASSERT_EQ(expect_success, transport_->SetRemoteTransportDescription(
190 remote_desc, cricket::CA_ANSWER, NULL));
192 ASSERT_TRUE(transport_->SetRemoteTransportDescription(
193 remote_desc, cricket::CA_OFFER, NULL));
194 ASSERT_EQ(expect_success, transport_->SetLocalTransportDescription(
195 local_desc, cricket::CA_ANSWER, NULL));
197 negotiated_dtls_ = (local_identity && remote_identity);
200 bool Connect(DtlsTestClient* peer) {
201 transport_->ConnectChannels();
202 transport_->SetDestination(peer->transport_.get());
206 bool writable() const { return transport_->writable(); }
208 void CheckRole(rtc::SSLRole role) {
209 if (role == rtc::SSL_CLIENT) {
210 ASSERT_FALSE(received_dtls_client_hello_);
211 ASSERT_TRUE(received_dtls_server_hello_);
213 ASSERT_TRUE(received_dtls_client_hello_);
214 ASSERT_FALSE(received_dtls_server_hello_);
218 void CheckSrtp(const std::string& expected_cipher) {
219 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it =
220 channels_.begin(); it != channels_.end(); ++it) {
223 bool rv = (*it)->GetSrtpCipher(&cipher);
224 if (negotiated_dtls_ && !expected_cipher.empty()) {
227 ASSERT_EQ(cipher, expected_cipher);
234 void SendPackets(size_t channel, size_t size, size_t count, bool srtp) {
235 ASSERT(channel < channels_.size());
236 rtc::scoped_ptr<char[]> packet(new char[size]);
239 // Fill the packet with a known value and a sequence number to check
240 // against, and make sure that it doesn't look like DTLS.
241 memset(packet.get(), sent & 0xff, size);
242 packet[0] = (srtp) ? 0x80 : 0x00;
243 rtc::SetBE32(packet.get() + kPacketNumOffset,
244 static_cast<uint32>(sent));
246 // Only set the bypass flag if we've activated DTLS.
247 int flags = (identity_.get() && srtp) ? cricket::PF_SRTP_BYPASS : 0;
248 rtc::PacketOptions packet_options;
249 int rv = channels_[channel]->SendPacket(
250 packet.get(), size, packet_options, flags);
252 ASSERT_EQ(size, static_cast<size_t>(rv));
254 } while (sent < count);
257 int SendInvalidSrtpPacket(size_t channel, size_t size) {
258 ASSERT(channel < channels_.size());
259 rtc::scoped_ptr<char[]> packet(new char[size]);
260 // Fill the packet with 0 to form an invalid SRTP packet.
261 memset(packet.get(), 0, size);
263 rtc::PacketOptions packet_options;
264 return channels_[channel]->SendPacket(
265 packet.get(), size, packet_options, cricket::PF_SRTP_BYPASS);
268 void ExpectPackets(size_t channel, size_t size) {
273 size_t NumPacketsReceived() {
274 return received_.size();
277 bool VerifyPacket(const char* data, size_t size, uint32* out_num) {
278 if (size != packet_size_ ||
279 (data[0] != 0 && static_cast<uint8>(data[0]) != 0x80)) {
282 uint32 packet_num = rtc::GetBE32(data + kPacketNumOffset);
283 for (size_t i = kPacketHeaderLen; i < size; ++i) {
284 if (static_cast<uint8>(data[i]) != (packet_num & 0xff)) {
289 *out_num = packet_num;
293 bool VerifyEncryptedPacket(const char* data, size_t size) {
294 // This is an encrypted data packet; let's make sure it's mostly random;
295 // less than 10% of the bytes should be equal to the cleartext packet.
296 if (size <= packet_size_) {
299 uint32 packet_num = rtc::GetBE32(data + kPacketNumOffset);
301 for (size_t i = kPacketNumOffset; i < size; ++i) {
302 if (static_cast<uint8>(data[i]) == (packet_num & 0xff)) {
306 return (num_matches < ((static_cast<int>(size) - 5) / 10));
309 // Transport callbacks
310 void OnTransportWritableState(cricket::Transport* transport) {
311 LOG(LS_INFO) << name_ << ": is writable";
314 // Transport channel callbacks
315 void OnTransportChannelWritableState(cricket::TransportChannel* channel) {
316 LOG(LS_INFO) << name_ << ": Channel '" << channel->component()
320 void OnTransportChannelReadPacket(cricket::TransportChannel* channel,
321 const char* data, size_t size,
322 const rtc::PacketTime& packet_time,
324 uint32 packet_num = 0;
325 ASSERT_TRUE(VerifyPacket(data, size, &packet_num));
326 received_.insert(packet_num);
327 // Only DTLS-SRTP packets should have the bypass flag set.
328 int expected_flags = (identity_.get() && IsRtpLeadByte(data[0])) ?
329 cricket::PF_SRTP_BYPASS : 0;
330 ASSERT_EQ(expected_flags, flags);
333 // Hook into the raw packet stream to make sure DTLS packets are encrypted.
334 void OnFakeTransportChannelReadPacket(cricket::TransportChannel* channel,
335 const char* data, size_t size,
336 const rtc::PacketTime& time,
338 // Flags shouldn't be set on the underlying TransportChannel packets.
341 // Look at the handshake packets to see what role we played.
342 // Check that non-handshake packets are DTLS data or SRTP bypass.
343 if (negotiated_dtls_) {
344 if (data[0] == 22 && size > 17) {
346 received_dtls_client_hello_ = true;
347 } else if (data[13] == 2) {
348 received_dtls_server_hello_ = true;
350 } else if (!(data[0] >= 20 && data[0] <= 22)) {
351 ASSERT_TRUE(data[0] == 23 || IsRtpLeadByte(data[0]));
353 ASSERT_TRUE(VerifyEncryptedPacket(data, size));
354 } else if (IsRtpLeadByte(data[0])) {
355 ASSERT_TRUE(VerifyPacket(data, size, NULL));
363 rtc::Thread* signaling_thread_;
364 rtc::Thread* worker_thread_;
365 cricket::TransportProtocol protocol_;
366 rtc::scoped_ptr<rtc::SSLIdentity> identity_;
367 rtc::scoped_ptr<cricket::FakeTransport> transport_;
368 std::vector<cricket::DtlsTransportChannelWrapper*> channels_;
370 std::set<int> received_;
372 bool negotiated_dtls_;
373 bool received_dtls_client_hello_;
374 bool received_dtls_server_hello_;
378 class DtlsTransportChannelTest : public testing::Test {
380 DtlsTransportChannelTest() :
381 client1_("P1", rtc::Thread::Current(),
382 rtc::Thread::Current()),
383 client2_("P2", rtc::Thread::Current(),
384 rtc::Thread::Current()),
387 use_dtls_srtp_(false) {
390 void SetChannelCount(size_t channel_ct) {
391 channel_ct_ = static_cast<int>(channel_ct);
393 void PrepareDtls(bool c1, bool c2) {
395 client1_.CreateIdentity();
398 client2_.CreateIdentity();
403 void PrepareDtlsSrtp(bool c1, bool c2) {
408 client1_.SetupSrtp();
410 client2_.SetupSrtp();
413 use_dtls_srtp_ = true;
416 bool Connect(ConnectionRole client1_role, ConnectionRole client2_role) {
417 Negotiate(client1_role, client2_role);
419 bool rv = client1_.Connect(&client2_);
424 EXPECT_TRUE_WAIT(client1_.writable() && client2_.writable(), 10000);
425 if (!client1_.writable() || !client2_.writable())
428 // Check that we used the right roles.
430 rtc::SSLRole client1_ssl_role =
431 (client1_role == cricket::CONNECTIONROLE_ACTIVE ||
432 (client2_role == cricket::CONNECTIONROLE_PASSIVE &&
433 client1_role == cricket::CONNECTIONROLE_ACTPASS)) ?
434 rtc::SSL_CLIENT : rtc::SSL_SERVER;
436 rtc::SSLRole client2_ssl_role =
437 (client2_role == cricket::CONNECTIONROLE_ACTIVE ||
438 (client1_role == cricket::CONNECTIONROLE_PASSIVE &&
439 client2_role == cricket::CONNECTIONROLE_ACTPASS)) ?
440 rtc::SSL_CLIENT : rtc::SSL_SERVER;
442 client1_.CheckRole(client1_ssl_role);
443 client2_.CheckRole(client2_ssl_role);
446 // Check that we negotiated the right ciphers.
447 if (use_dtls_srtp_) {
448 client1_.CheckSrtp(AES_CM_128_HMAC_SHA1_80);
449 client2_.CheckSrtp(AES_CM_128_HMAC_SHA1_80);
451 client1_.CheckSrtp("");
452 client2_.CheckSrtp("");
459 // By default, Client1 will be Server and Client2 will be Client.
460 return Connect(cricket::CONNECTIONROLE_ACTPASS,
461 cricket::CONNECTIONROLE_ACTIVE);
465 Negotiate(cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE);
468 void Negotiate(ConnectionRole client1_role, ConnectionRole client2_role) {
469 client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
470 client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
471 // Expect success from SLTD and SRTD.
472 client1_.Negotiate(&client2_, cricket::CA_OFFER,
473 client1_role, client2_role, 0);
474 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
475 client2_role, client1_role, 0);
478 // Negotiate with legacy client |client2|. Legacy client doesn't use setup
479 // attributes, except NONE.
480 void NegotiateWithLegacy() {
481 client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
482 client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
483 // Expect success from SLTD and SRTD.
484 client1_.Negotiate(&client2_, cricket::CA_OFFER,
485 cricket::CONNECTIONROLE_ACTPASS,
486 cricket::CONNECTIONROLE_NONE, 0);
487 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
488 cricket::CONNECTIONROLE_ACTIVE,
489 cricket::CONNECTIONROLE_NONE, 0);
492 void Renegotiate(DtlsTestClient* reoffer_initiator,
493 ConnectionRole client1_role, ConnectionRole client2_role,
495 if (reoffer_initiator == &client1_) {
496 client1_.Negotiate(&client2_, cricket::CA_OFFER,
497 client1_role, client2_role, flags);
498 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
499 client2_role, client1_role, flags);
501 client2_.Negotiate(&client1_, cricket::CA_OFFER,
502 client2_role, client1_role, flags);
503 client1_.Negotiate(&client2_, cricket::CA_ANSWER,
504 client1_role, client2_role, flags);
508 void TestTransfer(size_t channel, size_t size, size_t count, bool srtp) {
509 LOG(LS_INFO) << "Expect packets, size=" << size;
510 client2_.ExpectPackets(channel, size);
511 client1_.SendPackets(channel, size, count, srtp);
512 EXPECT_EQ_WAIT(count, client2_.NumPacketsReceived(), 10000);
516 DtlsTestClient client1_;
517 DtlsTestClient client2_;
523 // Test that transport negotiation of ICE, no DTLS works properly.
524 TEST_F(DtlsTransportChannelTest, TestChannelSetupIce) {
525 client1_.SetIceProtocol(cricket::ICEPROTO_RFC5245);
526 client2_.SetIceProtocol(cricket::ICEPROTO_RFC5245);
528 cricket::FakeTransportChannel* channel1 = client1_.GetFakeChannel(0);
529 cricket::FakeTransportChannel* channel2 = client2_.GetFakeChannel(0);
530 ASSERT_TRUE(channel1 != NULL);
531 ASSERT_TRUE(channel2 != NULL);
532 EXPECT_EQ(cricket::ICEROLE_CONTROLLING, channel1->GetIceRole());
533 EXPECT_EQ(1U, channel1->IceTiebreaker());
534 EXPECT_EQ(cricket::ICEPROTO_RFC5245, channel1->protocol());
535 EXPECT_EQ(kIceUfrag1, channel1->ice_ufrag());
536 EXPECT_EQ(kIcePwd1, channel1->ice_pwd());
537 EXPECT_EQ(cricket::ICEROLE_CONTROLLED, channel2->GetIceRole());
538 EXPECT_EQ(2U, channel2->IceTiebreaker());
539 EXPECT_EQ(cricket::ICEPROTO_RFC5245, channel2->protocol());
542 // Test that transport negotiation of GICE, no DTLS works properly.
543 TEST_F(DtlsTransportChannelTest, TestChannelSetupGice) {
544 client1_.SetIceProtocol(cricket::ICEPROTO_GOOGLE);
545 client2_.SetIceProtocol(cricket::ICEPROTO_GOOGLE);
547 cricket::FakeTransportChannel* channel1 = client1_.GetFakeChannel(0);
548 cricket::FakeTransportChannel* channel2 = client2_.GetFakeChannel(0);
549 ASSERT_TRUE(channel1 != NULL);
550 ASSERT_TRUE(channel2 != NULL);
551 EXPECT_EQ(cricket::ICEROLE_CONTROLLING, channel1->GetIceRole());
552 EXPECT_EQ(1U, channel1->IceTiebreaker());
553 EXPECT_EQ(cricket::ICEPROTO_GOOGLE, channel1->protocol());
554 EXPECT_EQ(kIceUfrag1, channel1->ice_ufrag());
555 EXPECT_EQ(kIcePwd1, channel1->ice_pwd());
556 EXPECT_EQ(cricket::ICEROLE_CONTROLLED, channel2->GetIceRole());
557 EXPECT_EQ(2U, channel2->IceTiebreaker());
558 EXPECT_EQ(cricket::ICEPROTO_GOOGLE, channel2->protocol());
561 // Connect without DTLS, and transfer some data.
562 TEST_F(DtlsTransportChannelTest, TestTransfer) {
563 ASSERT_TRUE(Connect());
564 TestTransfer(0, 1000, 100, false);
567 // Create two channels without DTLS, and transfer some data.
568 TEST_F(DtlsTransportChannelTest, TestTransferTwoChannels) {
570 ASSERT_TRUE(Connect());
571 TestTransfer(0, 1000, 100, false);
572 TestTransfer(1, 1000, 100, false);
575 // Connect without DTLS, and transfer SRTP data.
576 TEST_F(DtlsTransportChannelTest, TestTransferSrtp) {
577 ASSERT_TRUE(Connect());
578 TestTransfer(0, 1000, 100, true);
581 // Create two channels without DTLS, and transfer SRTP data.
582 TEST_F(DtlsTransportChannelTest, TestTransferSrtpTwoChannels) {
584 ASSERT_TRUE(Connect());
585 TestTransfer(0, 1000, 100, true);
586 TestTransfer(1, 1000, 100, true);
589 // Connect with DTLS, and transfer some data.
590 TEST_F(DtlsTransportChannelTest, TestTransferDtls) {
591 MAYBE_SKIP_TEST(HaveDtls);
592 PrepareDtls(true, true);
593 ASSERT_TRUE(Connect());
594 TestTransfer(0, 1000, 100, false);
597 // Create two channels with DTLS, and transfer some data.
598 TEST_F(DtlsTransportChannelTest, TestTransferDtlsTwoChannels) {
599 MAYBE_SKIP_TEST(HaveDtls);
601 PrepareDtls(true, true);
602 ASSERT_TRUE(Connect());
603 TestTransfer(0, 1000, 100, false);
604 TestTransfer(1, 1000, 100, false);
607 // Connect with A doing DTLS and B not, and transfer some data.
608 TEST_F(DtlsTransportChannelTest, TestTransferDtlsRejected) {
609 PrepareDtls(true, false);
610 ASSERT_TRUE(Connect());
611 TestTransfer(0, 1000, 100, false);
614 // Connect with B doing DTLS and A not, and transfer some data.
615 TEST_F(DtlsTransportChannelTest, TestTransferDtlsNotOffered) {
616 PrepareDtls(false, true);
617 ASSERT_TRUE(Connect());
618 TestTransfer(0, 1000, 100, false);
621 // Connect with DTLS, negotiate DTLS-SRTP, and transfer SRTP using bypass.
622 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtp) {
623 MAYBE_SKIP_TEST(HaveDtlsSrtp);
624 PrepareDtls(true, true);
625 PrepareDtlsSrtp(true, true);
626 ASSERT_TRUE(Connect());
627 TestTransfer(0, 1000, 100, true);
630 // Connect with DTLS-SRTP, transfer an invalid SRTP packet, and expects -1
632 TEST_F(DtlsTransportChannelTest, TestTransferDtlsInvalidSrtpPacket) {
633 MAYBE_SKIP_TEST(HaveDtls);
634 PrepareDtls(true, true);
635 PrepareDtlsSrtp(true, true);
636 ASSERT_TRUE(Connect());
637 int result = client1_.SendInvalidSrtpPacket(0, 100);
638 ASSERT_EQ(-1, result);
641 // Connect with DTLS. A does DTLS-SRTP but B does not.
642 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpRejected) {
643 MAYBE_SKIP_TEST(HaveDtlsSrtp);
644 PrepareDtls(true, true);
645 PrepareDtlsSrtp(true, false);
646 ASSERT_TRUE(Connect());
649 // Connect with DTLS. B does DTLS-SRTP but A does not.
650 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpNotOffered) {
651 MAYBE_SKIP_TEST(HaveDtlsSrtp);
652 PrepareDtls(true, true);
653 PrepareDtlsSrtp(false, true);
654 ASSERT_TRUE(Connect());
657 // Create two channels with DTLS, negotiate DTLS-SRTP, and transfer bypass SRTP.
658 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpTwoChannels) {
659 MAYBE_SKIP_TEST(HaveDtlsSrtp);
661 PrepareDtls(true, true);
662 PrepareDtlsSrtp(true, true);
663 ASSERT_TRUE(Connect());
664 TestTransfer(0, 1000, 100, true);
665 TestTransfer(1, 1000, 100, true);
668 // Create a single channel with DTLS, and send normal data and SRTP data on it.
669 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpDemux) {
670 MAYBE_SKIP_TEST(HaveDtlsSrtp);
671 PrepareDtls(true, true);
672 PrepareDtlsSrtp(true, true);
673 ASSERT_TRUE(Connect());
674 TestTransfer(0, 1000, 100, false);
675 TestTransfer(0, 1000, 100, true);
678 // Testing when the remote is passive.
679 TEST_F(DtlsTransportChannelTest, TestTransferDtlsAnswererIsPassive) {
680 MAYBE_SKIP_TEST(HaveDtlsSrtp);
682 PrepareDtls(true, true);
683 PrepareDtlsSrtp(true, true);
684 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
685 cricket::CONNECTIONROLE_PASSIVE));
686 TestTransfer(0, 1000, 100, true);
687 TestTransfer(1, 1000, 100, true);
690 // Testing with the legacy DTLS client which doesn't use setup attribute.
691 // In this case legacy is the answerer.
692 TEST_F(DtlsTransportChannelTest, TestDtlsSetupWithLegacyAsAnswerer) {
693 MAYBE_SKIP_TEST(HaveDtlsSrtp);
694 PrepareDtls(true, true);
695 NegotiateWithLegacy();
696 rtc::SSLRole channel1_role;
697 rtc::SSLRole channel2_role;
698 EXPECT_TRUE(client1_.transport()->GetSslRole(&channel1_role));
699 EXPECT_TRUE(client2_.transport()->GetSslRole(&channel2_role));
700 EXPECT_EQ(rtc::SSL_SERVER, channel1_role);
701 EXPECT_EQ(rtc::SSL_CLIENT, channel2_role);
704 // Testing re offer/answer after the session is estbalished. Roles will be
705 // kept same as of the previous negotiation.
706 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromOfferer) {
707 MAYBE_SKIP_TEST(HaveDtlsSrtp);
709 PrepareDtls(true, true);
710 PrepareDtlsSrtp(true, true);
711 // Initial role for client1 is ACTPASS and client2 is ACTIVE.
712 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
713 cricket::CONNECTIONROLE_ACTIVE));
714 TestTransfer(0, 1000, 100, true);
715 TestTransfer(1, 1000, 100, true);
716 // Using input roles for the re-offer.
717 Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS,
718 cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER);
719 TestTransfer(0, 1000, 100, true);
720 TestTransfer(1, 1000, 100, true);
723 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromAnswerer) {
724 MAYBE_SKIP_TEST(HaveDtlsSrtp);
726 PrepareDtls(true, true);
727 PrepareDtlsSrtp(true, true);
728 // Initial role for client1 is ACTPASS and client2 is ACTIVE.
729 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
730 cricket::CONNECTIONROLE_ACTIVE));
731 TestTransfer(0, 1000, 100, true);
732 TestTransfer(1, 1000, 100, true);
733 // Using input roles for the re-offer.
734 Renegotiate(&client2_, cricket::CONNECTIONROLE_PASSIVE,
735 cricket::CONNECTIONROLE_ACTPASS, NF_REOFFER);
736 TestTransfer(0, 1000, 100, true);
737 TestTransfer(1, 1000, 100, true);
740 // Test that any change in role after the intial setup will result in failure.
741 TEST_F(DtlsTransportChannelTest, TestDtlsRoleReversal) {
742 MAYBE_SKIP_TEST(HaveDtlsSrtp);
744 PrepareDtls(true, true);
745 PrepareDtlsSrtp(true, true);
746 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
747 cricket::CONNECTIONROLE_PASSIVE));
749 // Renegotiate from client2 with actpass and client1 as active.
750 Renegotiate(&client2_, cricket::CONNECTIONROLE_ACTPASS,
751 cricket::CONNECTIONROLE_ACTIVE,
752 NF_REOFFER | NF_EXPECT_FAILURE);
755 // Test that using different setup attributes which results in similar ssl
756 // role as the initial negotiation will result in success.
757 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferWithDifferentSetupAttr) {
758 MAYBE_SKIP_TEST(HaveDtlsSrtp);
760 PrepareDtls(true, true);
761 PrepareDtlsSrtp(true, true);
762 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
763 cricket::CONNECTIONROLE_PASSIVE));
764 // Renegotiate from client2 with actpass and client1 as active.
765 Renegotiate(&client2_, cricket::CONNECTIONROLE_ACTIVE,
766 cricket::CONNECTIONROLE_ACTPASS, NF_REOFFER);
767 TestTransfer(0, 1000, 100, true);
768 TestTransfer(1, 1000, 100, true);
771 // Test that re-negotiation can be started before the clients become connected
772 // in the first negotiation.
773 TEST_F(DtlsTransportChannelTest, TestRenegotiateBeforeConnect) {
774 MAYBE_SKIP_TEST(HaveDtlsSrtp);
776 PrepareDtls(true, true);
777 PrepareDtlsSrtp(true, true);
780 Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS,
781 cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER);
782 bool rv = client1_.Connect(&client2_);
784 EXPECT_TRUE_WAIT(client1_.writable() && client2_.writable(), 10000);
786 TestTransfer(0, 1000, 100, true);
787 TestTransfer(1, 1000, 100, true);
790 // Test Certificates state after negotiation but before connection.
791 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
792 MAYBE_SKIP_TEST(HaveDtls);
793 PrepareDtls(true, true);
796 rtc::scoped_ptr<rtc::SSLIdentity> identity1;
797 rtc::scoped_ptr<rtc::SSLIdentity> identity2;
798 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1;
799 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2;
801 // After negotiation, each side has a distinct local certificate, but still no
802 // remote certificate, because connection has not yet occurred.
803 ASSERT_TRUE(client1_.transport()->GetIdentity(identity1.accept()));
804 ASSERT_TRUE(client2_.transport()->GetIdentity(identity2.accept()));
805 ASSERT_NE(identity1->certificate().ToPEMString(),
806 identity2->certificate().ToPEMString());
808 client1_.transport()->GetRemoteCertificate(remote_cert1.accept()));
809 ASSERT_FALSE(remote_cert1 != NULL);
811 client2_.transport()->GetRemoteCertificate(remote_cert2.accept()));
812 ASSERT_FALSE(remote_cert2 != NULL);
815 // Test Certificates state after connection.
816 TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) {
817 MAYBE_SKIP_TEST(HaveDtls);
818 PrepareDtls(true, true);
819 ASSERT_TRUE(Connect());
821 rtc::scoped_ptr<rtc::SSLIdentity> identity1;
822 rtc::scoped_ptr<rtc::SSLIdentity> identity2;
823 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1;
824 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2;
826 // After connection, each side has a distinct local certificate.
827 ASSERT_TRUE(client1_.transport()->GetIdentity(identity1.accept()));
828 ASSERT_TRUE(client2_.transport()->GetIdentity(identity2.accept()));
829 ASSERT_NE(identity1->certificate().ToPEMString(),
830 identity2->certificate().ToPEMString());
832 // Each side's remote certificate is the other side's local certificate.
834 client1_.transport()->GetRemoteCertificate(remote_cert1.accept()));
835 ASSERT_EQ(remote_cert1->ToPEMString(),
836 identity2->certificate().ToPEMString());
838 client2_.transport()->GetRemoteCertificate(remote_cert2.accept()));
839 ASSERT_EQ(remote_cert2->ToPEMString(),
840 identity1->certificate().ToPEMString());