3
* Copyright 2004--2009, Google Inc.
5
* Redistribution and use in source and binary forms, with or without
6
* modification, are permitted provided that the following conditions are met:
8
* 1. Redistributions of source code must retain the above copyright notice,
9
* this list of conditions and the following disclaimer.
10
* 2. Redistributions in binary form must reproduce the above copyright notice,
11
* this list of conditions and the following disclaimer in the documentation
12
* and/or other materials provided with the distribution.
13
* 3. The name of the author may not be used to endorse or promote products
14
* derived from this software without specific prior written permission.
16
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19
* EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
#include "talk/base/byteorder.h"
29
#include "talk/base/gunit.h"
30
#include "talk/base/thread.h"
31
#include "talk/p2p/base/sessiondescription.h"
32
#include "talk/session/phone/cryptoparams.h"
33
#include "talk/session/phone/fakertp.h"
34
#include "talk/session/phone/srtpfilter.h"
35
#ifdef SRTP_RELATIVE_PATH
36
#include "crypto/include/err.h"
38
#include "third_party/libsrtp/crypto/include/err.h"
41
using cricket::CS_AES_CM_128_HMAC_SHA1_80;
42
using cricket::CS_AES_CM_128_HMAC_SHA1_32;
43
using cricket::CryptoParams;
44
using cricket::CS_LOCAL;
45
using cricket::CS_REMOTE;
47
static const uint8 kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
48
static const uint8 kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA";
49
static const int kTestKeyLen = 30;
50
static const std::string kTestKeyParams1 =
51
"inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
52
static const std::string kTestKeyParams2 =
53
"inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
54
static const std::string kTestKeyParams3 =
55
"inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
56
static const std::string kTestKeyParams4 =
57
"inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
58
static const cricket::CryptoParams kTestCryptoParams1(
59
1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams1, "");
60
static const cricket::CryptoParams kTestCryptoParams2(
61
1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams2, "");
63
static int rtp_auth_tag_len(const std::string& cs) {
64
return (cs == CS_AES_CM_128_HMAC_SHA1_32) ? 4 : 10;
66
static int rtcp_auth_tag_len(const std::string& cs) {
70
class SrtpFilterTest : public testing::Test {
73
// Need to initialize |sequence_number_|, the value does not matter.
74
: sequence_number_(1) {
76
static std::vector<CryptoParams> MakeVector(const CryptoParams& params) {
77
std::vector<CryptoParams> vec;
78
vec.push_back(params);
81
void TestSetParams(const std::vector<CryptoParams>& params1,
82
const std::vector<CryptoParams>& params2) {
83
EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL));
84
EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE));
85
EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL));
86
EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE));
87
EXPECT_TRUE(f1_.IsActive());
89
void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) {
90
char rtp_packet[sizeof(kPcmuFrame) + 10];
91
char original_rtp_packet[sizeof(kPcmuFrame)];
92
char rtcp_packet[sizeof(kRtcpReport) + 4 + 10];
93
int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len;
94
memcpy(rtp_packet, kPcmuFrame, rtp_len);
95
// In order to be able to run this test function multiple times we can not
96
// use the same sequence number twice. Increase the sequence number by one.
97
talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet) + 2,
99
memcpy(original_rtp_packet, rtp_packet, rtp_len);
100
memcpy(rtcp_packet, kRtcpReport, rtcp_len);
102
EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len,
103
sizeof(rtp_packet), &out_len));
104
EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
105
EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
106
EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
107
EXPECT_EQ(rtp_len, out_len);
108
EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
110
EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
111
sizeof(rtp_packet), &out_len));
112
EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
113
EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
114
EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
115
EXPECT_EQ(rtp_len, out_len);
116
EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
118
EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len,
119
sizeof(rtcp_packet), &out_len));
120
EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1)); // NOLINT
121
EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
122
EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
123
EXPECT_EQ(rtcp_len, out_len);
124
EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
126
EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len,
127
sizeof(rtcp_packet), &out_len));
128
EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2)); // NOLINT
129
EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
130
EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
131
EXPECT_EQ(rtcp_len, out_len);
132
EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
134
cricket::SrtpFilter f1_;
135
cricket::SrtpFilter f2_;
136
int sequence_number_;
139
// Test that we can set up the session and keys properly.
140
TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) {
141
EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
142
EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
143
EXPECT_TRUE(f1_.IsActive());
146
// Test that we can set up things with multiple params.
147
TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) {
148
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
149
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
150
offer.push_back(kTestCryptoParams1);
152
offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
154
answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
155
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
156
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
157
EXPECT_TRUE(f1_.IsActive());
160
// Test that we handle the cases where crypto is not desired.
161
TEST_F(SrtpFilterTest, TestGoodSetupNoCipherSuites) {
162
std::vector<CryptoParams> offer, answer;
163
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
164
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
165
EXPECT_FALSE(f1_.IsActive());
168
// Test that we handle the cases where crypto is not desired by the remote side.
169
TEST_F(SrtpFilterTest, TestGoodSetupNoAnswerCipherSuites) {
170
std::vector<CryptoParams> answer;
171
EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
172
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
173
EXPECT_FALSE(f1_.IsActive());
176
// Test that we fail if we call the functions the wrong way.
177
TEST_F(SrtpFilterTest, TestBadSetup) {
178
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
179
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
180
EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
181
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
182
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
183
EXPECT_FALSE(f1_.SetOffer(answer, CS_REMOTE));
184
EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
185
EXPECT_FALSE(f1_.IsActive());
188
// Test that we fail if we have params in the answer when none were offered.
189
TEST_F(SrtpFilterTest, TestNoAnswerCipherSuites) {
190
std::vector<CryptoParams> offer;
191
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
192
EXPECT_FALSE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
193
EXPECT_FALSE(f1_.IsActive());
196
// Test that we fail if we have too many params in our answer.
197
TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) {
198
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
199
answer.push_back(kTestCryptoParams2);
201
answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
202
EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
203
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
204
EXPECT_FALSE(f1_.IsActive());
207
// Test that we fail if we don't support the cipher-suite.
208
TEST_F(SrtpFilterTest, TestInvalidCipherSuite) {
209
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
210
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
211
offer[0].cipher_suite = answer[0].cipher_suite = "FOO";
212
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
213
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
214
EXPECT_FALSE(f1_.IsActive());
217
// Test that we fail if we can't agree on a tag.
218
TEST_F(SrtpFilterTest, TestNoMatchingTag) {
219
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
220
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
222
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
223
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
224
EXPECT_FALSE(f1_.IsActive());
227
// Test that we fail if we can't agree on a cipher-suite.
228
TEST_F(SrtpFilterTest, TestNoMatchingCipherSuite) {
229
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
230
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
232
answer[0].cipher_suite = "FOO";
233
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
234
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
235
EXPECT_FALSE(f1_.IsActive());
238
// Test that we fail keys with bad base64 content.
239
TEST_F(SrtpFilterTest, TestInvalidKeyData) {
240
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
241
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
242
answer[0].key_params = "inline:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
243
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
244
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
245
EXPECT_FALSE(f1_.IsActive());
248
// Test that we fail keys with the wrong key-method.
249
TEST_F(SrtpFilterTest, TestWrongKeyMethod) {
250
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
251
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
252
answer[0].key_params = "outline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
253
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
254
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
255
EXPECT_FALSE(f1_.IsActive());
258
// Test that we fail keys of the wrong length.
259
TEST_F(SrtpFilterTest, TestKeyTooShort) {
260
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
261
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
262
answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtx";
263
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
264
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
265
EXPECT_FALSE(f1_.IsActive());
268
// Test that we fail keys of the wrong length.
269
TEST_F(SrtpFilterTest, TestKeyTooLong) {
270
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
271
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
272
answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBRABCD";
273
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
274
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
275
EXPECT_FALSE(f1_.IsActive());
278
// Test that we fail keys with lifetime or MKI set (since we don't support)
279
TEST_F(SrtpFilterTest, TestUnsupportedOptions) {
280
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
281
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
282
answer[0].key_params =
283
"inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4";
284
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
285
EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
286
EXPECT_FALSE(f1_.IsActive());
289
// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80.
290
TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
291
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
292
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
293
offer.push_back(kTestCryptoParams1);
295
offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
296
TestSetParams(offer, answer);
297
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
300
// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
301
TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
302
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
303
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
304
offer.push_back(kTestCryptoParams1);
306
offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
308
answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
309
TestSetParams(offer, answer);
310
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
313
// Test that we can change encryption parameters.
314
TEST_F(SrtpFilterTest, TestChangeParameters) {
315
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
316
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
318
TestSetParams(offer, answer);
319
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
321
// Change the key parameters and cipher_suite.
322
offer[0].key_params = kTestKeyParams3;
323
offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
324
answer[0].key_params = kTestKeyParams4;
325
answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
327
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
328
EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
329
EXPECT_TRUE(f1_.IsActive());
330
EXPECT_TRUE(f1_.IsActive());
332
// Test that the old keys are valid until the negotiation is complete.
333
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
335
// Complete the negotiation and test that we can still understand each other.
336
EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
337
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
339
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
342
// Test that we can disable encryption.
343
TEST_F(SrtpFilterTest, TestDisableEncryption) {
344
std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
345
std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
347
TestSetParams(offer, answer);
348
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
352
EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
353
EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
354
EXPECT_TRUE(f1_.IsActive());
355
EXPECT_TRUE(f2_.IsActive());
357
// Test that the old keys are valid until the negotiation is complete.
358
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
360
// Complete the negotiation.
361
EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
362
EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
364
EXPECT_FALSE(f1_.IsActive());
365
EXPECT_FALSE(f2_.IsActive());
368
// Test directly setting the params with AES_CM_128_HMAC_SHA1_80
369
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
370
EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
371
kTestKey1, kTestKeyLen,
372
CS_AES_CM_128_HMAC_SHA1_80,
373
kTestKey2, kTestKeyLen));
374
EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
375
kTestKey2, kTestKeyLen,
376
CS_AES_CM_128_HMAC_SHA1_80,
377
kTestKey1, kTestKeyLen));
378
EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
379
kTestKey1, kTestKeyLen,
380
CS_AES_CM_128_HMAC_SHA1_80,
381
kTestKey2, kTestKeyLen));
382
EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
383
kTestKey2, kTestKeyLen,
384
CS_AES_CM_128_HMAC_SHA1_80,
385
kTestKey1, kTestKeyLen));
386
EXPECT_TRUE(f1_.IsActive());
387
EXPECT_TRUE(f2_.IsActive());
388
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
391
// Test directly setting the params with AES_CM_128_HMAC_SHA1_32
392
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
393
EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
394
kTestKey1, kTestKeyLen,
395
CS_AES_CM_128_HMAC_SHA1_32,
396
kTestKey2, kTestKeyLen));
397
EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
398
kTestKey2, kTestKeyLen,
399
CS_AES_CM_128_HMAC_SHA1_32,
400
kTestKey1, kTestKeyLen));
401
EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
402
kTestKey1, kTestKeyLen,
403
CS_AES_CM_128_HMAC_SHA1_32,
404
kTestKey2, kTestKeyLen));
405
EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
406
kTestKey2, kTestKeyLen,
407
CS_AES_CM_128_HMAC_SHA1_32,
408
kTestKey1, kTestKeyLen));
409
EXPECT_TRUE(f1_.IsActive());
410
EXPECT_TRUE(f2_.IsActive());
411
TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
414
// Test directly setting the params with bogus keys
415
TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
416
EXPECT_FALSE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
417
kTestKey1, kTestKeyLen - 1,
418
CS_AES_CM_128_HMAC_SHA1_80,
419
kTestKey1, kTestKeyLen - 1));
420
EXPECT_FALSE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
421
kTestKey1, kTestKeyLen - 1,
422
CS_AES_CM_128_HMAC_SHA1_80,
423
kTestKey1, kTestKeyLen - 1));
426
class SrtpSessionTest : public testing::Test {
428
virtual void SetUp() {
429
rtp_len_ = sizeof(kPcmuFrame);
430
rtcp_len_ = sizeof(kRtcpReport);
431
memcpy(rtp_packet_, kPcmuFrame, rtp_len_);
432
memcpy(rtcp_packet_, kRtcpReport, rtcp_len_);
434
void TestProtectRtp(const std::string& cs) {
436
EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
437
sizeof(rtp_packet_), &out_len));
438
EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs));
439
EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_));
442
void TestProtectRtcp(const std::string& cs) {
444
EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
445
sizeof(rtcp_packet_), &out_len));
446
EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs)); // NOLINT
447
EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_));
450
void TestUnprotectRtp(const std::string& cs) {
451
int out_len = 0, expected_len = sizeof(kPcmuFrame);
452
EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
453
EXPECT_EQ(expected_len, out_len);
454
EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len));
456
void TestUnprotectRtcp(const std::string& cs) {
457
int out_len = 0, expected_len = sizeof(kRtcpReport);
458
EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
459
EXPECT_EQ(expected_len, out_len);
460
EXPECT_EQ(0, memcmp(rtcp_packet_, kRtcpReport, out_len));
462
cricket::SrtpSession s1_;
463
cricket::SrtpSession s2_;
464
char rtp_packet_[sizeof(kPcmuFrame) + 10];
465
char rtcp_packet_[sizeof(kRtcpReport) + 4 + 10];
470
// Test that we can set up the session and keys properly.
471
TEST_F(SrtpSessionTest, TestGoodSetup) {
472
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
473
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
476
// Test that we can't change the keys once set.
477
TEST_F(SrtpSessionTest, TestBadSetup) {
478
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
479
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
480
EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
481
EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
484
// Test that we fail keys of the wrong length.
485
TEST_F(SrtpSessionTest, TestKeysTooShort) {
486
EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
487
EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
490
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80.
491
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
492
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
493
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
494
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
495
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
496
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80);
497
TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
500
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
501
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
502
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
503
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
504
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32);
505
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
506
TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32);
507
TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
510
// Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods.
511
TEST_F(SrtpSessionTest, TestTamperReject) {
513
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
514
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
515
TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
516
TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
517
rtp_packet_[0] = 0x12;
518
rtcp_packet_[1] = 0x34;
519
EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
520
EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
523
// Test that we fail to unprotect if the payloads are not authenticated.
524
TEST_F(SrtpSessionTest, TestUnencryptReject) {
526
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
527
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
528
EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
529
EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
532
// Test that we fail when using buffers that are too small.
533
TEST_F(SrtpSessionTest, TestBuffersTooSmall) {
535
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
536
EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
537
sizeof(rtp_packet_) - 10, &out_len));
538
EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
539
sizeof(rtcp_packet_) - 14, &out_len));
542
TEST_F(SrtpSessionTest, TestReplay) {
543
static const uint16 kMaxSeqnum = static_cast<uint16>(-1);
544
static const uint16 seqnum_big = 62275;
545
static const uint16 seqnum_small = 10;
546
static const uint16 replay_window = 1024;
549
EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
550
EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
552
// Initial sequence number.
553
talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum_big);
554
EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
557
// Replay within the 1024 window should succeed.
558
talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
559
seqnum_big - replay_window + 1);
560
EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
563
// Replay out side of the 1024 window should fail.
564
talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
565
seqnum_big - replay_window - 1);
566
EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
569
// Increment sequence number to a small number.
570
talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum_small);
571
EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
574
// Replay around 0 but out side of the 1024 window should fail.
575
talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
576
kMaxSeqnum + seqnum_small - replay_window - 1);
577
EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
580
// Replay around 0 but within the 1024 window should succeed.
581
for (uint16 seqnum = 65000; seqnum < 65003; ++seqnum) {
582
talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum);
583
EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
587
// Go back to normal sequence nubmer.
588
// NOTE: without the fix in libsrtp, this would fail. This is because
589
// without the fix, the loop above would keep incrementing local sequence
590
// number in libsrtp, eventually the new sequence number would go out side
592
talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
594
EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
599
: public testing::Test,
600
public sigslot::has_slots<> {
605
error_(cricket::SrtpFilter::ERROR_NONE) {
606
srtp_stat_.SignalSrtpError.connect(this, &SrtpStatTest::OnSrtpError);
607
srtp_stat_.set_signal_silent_time(200);
611
void OnSrtpError(uint32 ssrc, cricket::SrtpFilter::Mode mode,
612
cricket::SrtpFilter::Error error) {
620
error_ = cricket::SrtpFilter::ERROR_NONE;
623
cricket::SrtpStat srtp_stat_;
626
cricket::SrtpFilter::Error error_;
629
DISALLOW_COPY_AND_ASSIGN(SrtpStatTest);
632
TEST_F(SrtpStatTest, TestProtectRtpError) {
634
srtp_stat_.AddProtectRtpResult(1, err_status_ok);
635
EXPECT_EQ(0U, ssrc_);
636
EXPECT_EQ(-1, mode_);
637
EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
639
srtp_stat_.AddProtectRtpResult(1, err_status_auth_fail);
640
EXPECT_EQ(1U, ssrc_);
641
EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
642
EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
644
srtp_stat_.AddProtectRtpResult(1, err_status_fail);
645
EXPECT_EQ(1U, ssrc_);
646
EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
647
EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
648
// Within 200ms, the error will not be triggered.
650
srtp_stat_.AddProtectRtpResult(1, err_status_fail);
651
EXPECT_EQ(0U, ssrc_);
652
EXPECT_EQ(-1, mode_);
653
EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
654
// Now the error will be triggered again.
656
talk_base::Thread::Current()->SleepMs(210);
657
srtp_stat_.AddProtectRtpResult(1, err_status_fail);
658
EXPECT_EQ(1U, ssrc_);
659
EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
660
EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
663
TEST_F(SrtpStatTest, TestUnprotectRtpError) {
665
srtp_stat_.AddUnprotectRtpResult(1, err_status_ok);
666
EXPECT_EQ(0U, ssrc_);
667
EXPECT_EQ(-1, mode_);
668
EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
670
srtp_stat_.AddUnprotectRtpResult(1, err_status_auth_fail);
671
EXPECT_EQ(1U, ssrc_);
672
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
673
EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
675
srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_fail);
676
EXPECT_EQ(1U, ssrc_);
677
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
678
EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
680
talk_base::Thread::Current()->SleepMs(210);
681
srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_old);
682
EXPECT_EQ(1U, ssrc_);
683
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
684
EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
686
srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
687
EXPECT_EQ(1U, ssrc_);
688
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
689
EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
690
// Within 200ms, the error will not be triggered.
692
srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
693
EXPECT_EQ(0U, ssrc_);
694
EXPECT_EQ(-1, mode_);
695
EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
696
// Now the error will be triggered again.
698
talk_base::Thread::Current()->SleepMs(210);
699
srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
700
EXPECT_EQ(1U, ssrc_);
701
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
702
EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
705
TEST_F(SrtpStatTest, TestProtectRtcpError) {
707
srtp_stat_.AddProtectRtcpResult(err_status_ok);
708
EXPECT_EQ(-1, mode_);
709
EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
711
srtp_stat_.AddProtectRtcpResult(err_status_auth_fail);
712
EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
713
EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
715
srtp_stat_.AddProtectRtcpResult(err_status_fail);
716
EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
717
EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
718
// Within 200ms, the error will not be triggered.
720
srtp_stat_.AddProtectRtcpResult(err_status_fail);
721
EXPECT_EQ(-1, mode_);
722
EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
723
// Now the error will be triggered again.
725
talk_base::Thread::Current()->SleepMs(210);
726
srtp_stat_.AddProtectRtcpResult(err_status_fail);
727
EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
728
EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
731
TEST_F(SrtpStatTest, TestUnprotectRtcpError) {
733
srtp_stat_.AddUnprotectRtcpResult(err_status_ok);
734
EXPECT_EQ(-1, mode_);
735
EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
737
srtp_stat_.AddUnprotectRtcpResult(err_status_auth_fail);
738
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
739
EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
741
srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail);
742
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
743
EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
745
talk_base::Thread::Current()->SleepMs(210);
746
srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail);
747
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
748
EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
750
srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
751
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
752
EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
753
// Within 200ms, the error will not be triggered.
755
srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
756
EXPECT_EQ(-1, mode_);
757
EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
758
// Now the error will be triggered again.
760
talk_base::Thread::Current()->SleepMs(210);
761
srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
762
EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
763
EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);