← Back to branch summary

~ubuntu-branches/debian/experimental/kopete/experimental

« back to all changes in this revision

Viewing changes to protocols/jabber/libjingle/talk/session/phone/srtpfilter_unittest.cc

  • Committer: Package Import Robot
  • Author(s): Maximiliano Curia
  • Date: 2015-02-24 11:32:57 UTC
  • mfrom: (1.1.41 vivid)
  • Revision ID: package-import@ubuntu.com-20150224113257-gnupg4v7lzz18ij0
Tags: 4:14.12.2-1
* New upstream release (14.12.2).
* Bump Standards-Version to 3.9.6, no changes needed.

Show diffs side-by-side

added added

removed removed

Lines of Context:
protocols/jabber/libjingle/talk/session/phone/srtpfilter_unittest.cc
 
1
/*
 
2
 * libjingle
 
3
 * Copyright 2004--2009, Google Inc.
 
4
 *
 
5
 * Redistribution and use in source and binary forms, with or without
 
6
 * modification, are permitted provided that the following conditions are met:
 
7
 *
 
8
 *  1. Redistributions of source code must retain the above copyright notice,
 
9
 *     this list of conditions and the following disclaimer.
 
10
 *  2. Redistributions in binary form must reproduce the above copyright notice,
 
11
 *     this list of conditions and the following disclaimer in the documentation
 
12
 *     and/or other materials provided with the distribution.
 
13
 *  3. The name of the author may not be used to endorse or promote products
 
14
 *     derived from this software without specific prior written permission.
 
15
 *
 
16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
 
17
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 
18
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
 
19
 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 
20
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 
21
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 
22
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 
23
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 
24
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 
25
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
26
 */
 
27
 
 
28
#include "talk/base/byteorder.h"
 
29
#include "talk/base/gunit.h"
 
30
#include "talk/base/thread.h"
 
31
#include "talk/p2p/base/sessiondescription.h"
 
32
#include "talk/session/phone/cryptoparams.h"
 
33
#include "talk/session/phone/fakertp.h"
 
34
#include "talk/session/phone/srtpfilter.h"
 
35
#ifdef SRTP_RELATIVE_PATH
 
36
#include "crypto/include/err.h"
 
37
#else
 
38
#include "third_party/libsrtp/crypto/include/err.h"
 
39
#endif
 
40
 
 
41
using cricket::CS_AES_CM_128_HMAC_SHA1_80;
 
42
using cricket::CS_AES_CM_128_HMAC_SHA1_32;
 
43
using cricket::CryptoParams;
 
44
using cricket::CS_LOCAL;
 
45
using cricket::CS_REMOTE;
 
46
 
 
47
static const uint8 kTestKey1[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234";
 
48
static const uint8 kTestKey2[] = "4321ZYXWVUTSRQPONMLKJIHGFEDCBA";
 
49
static const int kTestKeyLen = 30;
 
50
static const std::string kTestKeyParams1 =
 
51
    "inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
 
52
static const std::string kTestKeyParams2 =
 
53
    "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
 
54
static const std::string kTestKeyParams3 =
 
55
    "inline:1234X19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz";
 
56
static const std::string kTestKeyParams4 =
 
57
    "inline:4567QCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
 
58
static const cricket::CryptoParams kTestCryptoParams1(
 
59
    1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams1, "");
 
60
static const cricket::CryptoParams kTestCryptoParams2(
 
61
    1, "AES_CM_128_HMAC_SHA1_80", kTestKeyParams2, "");
 
62
 
 
63
static int rtp_auth_tag_len(const std::string& cs) {
 
64
  return (cs == CS_AES_CM_128_HMAC_SHA1_32) ? 4 : 10;
 
65
}
 
66
static int rtcp_auth_tag_len(const std::string& cs) {
 
67
  return 10;
 
68
}
 
69
 
 
70
class SrtpFilterTest : public testing::Test {
 
71
 protected:
 
72
  SrtpFilterTest()
 
73
  // Need to initialize |sequence_number_|, the value does not matter.
 
74
      : sequence_number_(1) {
 
75
  }
 
76
  static std::vector<CryptoParams> MakeVector(const CryptoParams& params) {
 
77
    std::vector<CryptoParams> vec;
 
78
    vec.push_back(params);
 
79
    return vec;
 
80
  }
 
81
  void TestSetParams(const std::vector<CryptoParams>& params1,
 
82
                     const std::vector<CryptoParams>& params2) {
 
83
    EXPECT_TRUE(f1_.SetOffer(params1, CS_LOCAL));
 
84
    EXPECT_TRUE(f2_.SetOffer(params1, CS_REMOTE));
 
85
    EXPECT_TRUE(f2_.SetAnswer(params2, CS_LOCAL));
 
86
    EXPECT_TRUE(f1_.SetAnswer(params2, CS_REMOTE));
 
87
    EXPECT_TRUE(f1_.IsActive());
 
88
  }
 
89
  void TestProtectUnprotect(const std::string& cs1, const std::string& cs2) {
 
90
    char rtp_packet[sizeof(kPcmuFrame) + 10];
 
91
    char original_rtp_packet[sizeof(kPcmuFrame)];
 
92
    char rtcp_packet[sizeof(kRtcpReport) + 4 + 10];
 
93
    int rtp_len = sizeof(kPcmuFrame), rtcp_len = sizeof(kRtcpReport), out_len;
 
94
    memcpy(rtp_packet, kPcmuFrame, rtp_len);
 
95
    // In order to be able to run this test function multiple times we can not
 
96
    // use the same sequence number twice. Increase the sequence number by one.
 
97
    talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet) + 2,
 
98
                       ++sequence_number_);
 
99
    memcpy(original_rtp_packet, rtp_packet, rtp_len);
 
100
    memcpy(rtcp_packet, kRtcpReport, rtcp_len);
 
101
 
 
102
    EXPECT_TRUE(f1_.ProtectRtp(rtp_packet, rtp_len,
 
103
                               sizeof(rtp_packet), &out_len));
 
104
    EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs1));
 
105
    EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
 
106
    EXPECT_TRUE(f2_.UnprotectRtp(rtp_packet, out_len, &out_len));
 
107
    EXPECT_EQ(rtp_len, out_len);
 
108
    EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
 
109
 
 
110
    EXPECT_TRUE(f2_.ProtectRtp(rtp_packet, rtp_len,
 
111
                               sizeof(rtp_packet), &out_len));
 
112
    EXPECT_EQ(out_len, rtp_len + rtp_auth_tag_len(cs2));
 
113
    EXPECT_NE(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
 
114
    EXPECT_TRUE(f1_.UnprotectRtp(rtp_packet, out_len, &out_len));
 
115
    EXPECT_EQ(rtp_len, out_len);
 
116
    EXPECT_EQ(0, memcmp(rtp_packet, original_rtp_packet, rtp_len));
 
117
 
 
118
    EXPECT_TRUE(f1_.ProtectRtcp(rtcp_packet, rtcp_len,
 
119
                                sizeof(rtcp_packet), &out_len));
 
120
    EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs1));  // NOLINT
 
121
    EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
 
122
    EXPECT_TRUE(f2_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
 
123
    EXPECT_EQ(rtcp_len, out_len);
 
124
    EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
 
125
 
 
126
    EXPECT_TRUE(f2_.ProtectRtcp(rtcp_packet, rtcp_len,
 
127
                                sizeof(rtcp_packet), &out_len));
 
128
    EXPECT_EQ(out_len, rtcp_len + 4 + rtcp_auth_tag_len(cs2));  // NOLINT
 
129
    EXPECT_NE(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
 
130
    EXPECT_TRUE(f1_.UnprotectRtcp(rtcp_packet, out_len, &out_len));
 
131
    EXPECT_EQ(rtcp_len, out_len);
 
132
    EXPECT_EQ(0, memcmp(rtcp_packet, kRtcpReport, rtcp_len));
 
133
  }
 
134
  cricket::SrtpFilter f1_;
 
135
  cricket::SrtpFilter f2_;
 
136
  int sequence_number_;
 
137
};
 
138
 
 
139
// Test that we can set up the session and keys properly.
 
140
TEST_F(SrtpFilterTest, TestGoodSetupOneCipherSuite) {
 
141
  EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
 
142
  EXPECT_TRUE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
 
143
  EXPECT_TRUE(f1_.IsActive());
 
144
}
 
145
 
 
146
// Test that we can set up things with multiple params.
 
147
TEST_F(SrtpFilterTest, TestGoodSetupMultipleCipherSuites) {
 
148
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
149
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
150
  offer.push_back(kTestCryptoParams1);
 
151
  offer[1].tag = 2;
 
152
  offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
 
153
  answer[0].tag = 2;
 
154
  answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
 
155
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
156
  EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
 
157
  EXPECT_TRUE(f1_.IsActive());
 
158
}
 
159
 
 
160
// Test that we handle the cases where crypto is not desired.
 
161
TEST_F(SrtpFilterTest, TestGoodSetupNoCipherSuites) {
 
162
  std::vector<CryptoParams> offer, answer;
 
163
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
164
  EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
 
165
  EXPECT_FALSE(f1_.IsActive());
 
166
}
 
167
 
 
168
// Test that we handle the cases where crypto is not desired by the remote side.
 
169
TEST_F(SrtpFilterTest, TestGoodSetupNoAnswerCipherSuites) {
 
170
  std::vector<CryptoParams> answer;
 
171
  EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
 
172
  EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
 
173
  EXPECT_FALSE(f1_.IsActive());
 
174
}
 
175
 
 
176
// Test that we fail if we call the functions the wrong way.
 
177
TEST_F(SrtpFilterTest, TestBadSetup) {
 
178
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
179
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
180
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
 
181
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
182
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
183
  EXPECT_FALSE(f1_.SetOffer(answer, CS_REMOTE));
 
184
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_LOCAL));
 
185
  EXPECT_FALSE(f1_.IsActive());
 
186
}
 
187
 
 
188
// Test that we fail if we have params in the answer when none were offered.
 
189
TEST_F(SrtpFilterTest, TestNoAnswerCipherSuites) {
 
190
  std::vector<CryptoParams> offer;
 
191
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
192
  EXPECT_FALSE(f1_.SetAnswer(MakeVector(kTestCryptoParams2), CS_REMOTE));
 
193
  EXPECT_FALSE(f1_.IsActive());
 
194
}
 
195
 
 
196
// Test that we fail if we have too many params in our answer.
 
197
TEST_F(SrtpFilterTest, TestMultipleAnswerCipherSuites) {
 
198
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
199
  answer.push_back(kTestCryptoParams2);
 
200
  answer[1].tag = 2;
 
201
  answer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
 
202
  EXPECT_TRUE(f1_.SetOffer(MakeVector(kTestCryptoParams1), CS_LOCAL));
 
203
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
204
  EXPECT_FALSE(f1_.IsActive());
 
205
}
 
206
 
 
207
// Test that we fail if we don't support the cipher-suite.
 
208
TEST_F(SrtpFilterTest, TestInvalidCipherSuite) {
 
209
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
210
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
211
  offer[0].cipher_suite = answer[0].cipher_suite = "FOO";
 
212
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
213
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
214
  EXPECT_FALSE(f1_.IsActive());
 
215
}
 
216
 
 
217
// Test that we fail if we can't agree on a tag.
 
218
TEST_F(SrtpFilterTest, TestNoMatchingTag) {
 
219
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
220
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
221
  answer[0].tag = 99;
 
222
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
223
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
224
  EXPECT_FALSE(f1_.IsActive());
 
225
}
 
226
 
 
227
// Test that we fail if we can't agree on a cipher-suite.
 
228
TEST_F(SrtpFilterTest, TestNoMatchingCipherSuite) {
 
229
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
230
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
231
  answer[0].tag = 2;
 
232
  answer[0].cipher_suite = "FOO";
 
233
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
234
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
235
  EXPECT_FALSE(f1_.IsActive());
 
236
}
 
237
 
 
238
// Test that we fail keys with bad base64 content.
 
239
TEST_F(SrtpFilterTest, TestInvalidKeyData) {
 
240
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
241
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
242
  answer[0].key_params = "inline:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
 
243
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
244
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
245
  EXPECT_FALSE(f1_.IsActive());
 
246
}
 
247
 
 
248
// Test that we fail keys with the wrong key-method.
 
249
TEST_F(SrtpFilterTest, TestWrongKeyMethod) {
 
250
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
251
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
252
  answer[0].key_params = "outline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR";
 
253
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
254
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
255
  EXPECT_FALSE(f1_.IsActive());
 
256
}
 
257
 
 
258
// Test that we fail keys of the wrong length.
 
259
TEST_F(SrtpFilterTest, TestKeyTooShort) {
 
260
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
261
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
262
  answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtx";
 
263
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
264
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
265
  EXPECT_FALSE(f1_.IsActive());
 
266
}
 
267
 
 
268
// Test that we fail keys of the wrong length.
 
269
TEST_F(SrtpFilterTest, TestKeyTooLong) {
 
270
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
271
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
272
  answer[0].key_params = "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBRABCD";
 
273
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
274
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
275
  EXPECT_FALSE(f1_.IsActive());
 
276
}
 
277
 
 
278
// Test that we fail keys with lifetime or MKI set (since we don't support)
 
279
TEST_F(SrtpFilterTest, TestUnsupportedOptions) {
 
280
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
281
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
282
  answer[0].key_params =
 
283
      "inline:PS1uQCVeeCFCanVmcjkpPywjNWhcYD0mXXtxaVBR|2^20|1:4";
 
284
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
285
  EXPECT_FALSE(f1_.SetAnswer(answer, CS_REMOTE));
 
286
  EXPECT_FALSE(f1_.IsActive());
 
287
}
 
288
 
 
289
// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_80.
 
290
TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
 
291
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
292
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
293
  offer.push_back(kTestCryptoParams1);
 
294
  offer[1].tag = 2;
 
295
  offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
 
296
  TestSetParams(offer, answer);
 
297
  TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
 
298
}
 
299
 
 
300
// Test that we can encrypt/decrypt after negotiating AES_CM_128_HMAC_SHA1_32.
 
301
TEST_F(SrtpFilterTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
 
302
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
303
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
304
  offer.push_back(kTestCryptoParams1);
 
305
  offer[1].tag = 2;
 
306
  offer[1].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
 
307
  answer[0].tag = 2;
 
308
  answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
 
309
  TestSetParams(offer, answer);
 
310
  TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
 
311
}
 
312
 
 
313
// Test that we can change encryption parameters.
 
314
TEST_F(SrtpFilterTest, TestChangeParameters) {
 
315
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
316
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
317
 
 
318
  TestSetParams(offer, answer);
 
319
  TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
 
320
 
 
321
  // Change the key parameters and cipher_suite.
 
322
  offer[0].key_params = kTestKeyParams3;
 
323
  offer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
 
324
  answer[0].key_params = kTestKeyParams4;
 
325
  answer[0].cipher_suite = CS_AES_CM_128_HMAC_SHA1_32;
 
326
 
 
327
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
328
  EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
 
329
  EXPECT_TRUE(f1_.IsActive());
 
330
  EXPECT_TRUE(f1_.IsActive());
 
331
 
 
332
  // Test that the old keys are valid until the negotiation is complete.
 
333
  TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
 
334
 
 
335
  // Complete the negotiation and test that we can still understand each other.
 
336
  EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
 
337
  EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
 
338
 
 
339
  TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
 
340
}
 
341
 
 
342
// Test that we can disable encryption.
 
343
TEST_F(SrtpFilterTest, TestDisableEncryption) {
 
344
  std::vector<CryptoParams> offer(MakeVector(kTestCryptoParams1));
 
345
  std::vector<CryptoParams> answer(MakeVector(kTestCryptoParams2));
 
346
 
 
347
  TestSetParams(offer, answer);
 
348
  TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
 
349
 
 
350
  offer.clear();
 
351
  answer.clear();
 
352
  EXPECT_TRUE(f1_.SetOffer(offer, CS_LOCAL));
 
353
  EXPECT_TRUE(f2_.SetOffer(offer, CS_REMOTE));
 
354
  EXPECT_TRUE(f1_.IsActive());
 
355
  EXPECT_TRUE(f2_.IsActive());
 
356
 
 
357
  // Test that the old keys are valid until the negotiation is complete.
 
358
  TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
 
359
 
 
360
  // Complete the negotiation.
 
361
  EXPECT_TRUE(f2_.SetAnswer(answer, CS_LOCAL));
 
362
  EXPECT_TRUE(f1_.SetAnswer(answer, CS_REMOTE));
 
363
 
 
364
  EXPECT_FALSE(f1_.IsActive());
 
365
  EXPECT_FALSE(f2_.IsActive());
 
366
}
 
367
 
 
368
// Test directly setting the params with AES_CM_128_HMAC_SHA1_80
 
369
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_80) {
 
370
  EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
 
371
                               kTestKey1, kTestKeyLen,
 
372
                               CS_AES_CM_128_HMAC_SHA1_80,
 
373
                               kTestKey2, kTestKeyLen));
 
374
  EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
 
375
                               kTestKey2, kTestKeyLen,
 
376
                               CS_AES_CM_128_HMAC_SHA1_80,
 
377
                               kTestKey1, kTestKeyLen));
 
378
  EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
 
379
                                kTestKey1, kTestKeyLen,
 
380
                                CS_AES_CM_128_HMAC_SHA1_80,
 
381
                                kTestKey2, kTestKeyLen));
 
382
  EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
 
383
                                kTestKey2, kTestKeyLen,
 
384
                                CS_AES_CM_128_HMAC_SHA1_80,
 
385
                                kTestKey1, kTestKeyLen));
 
386
  EXPECT_TRUE(f1_.IsActive());
 
387
  EXPECT_TRUE(f2_.IsActive());
 
388
  TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_80, CS_AES_CM_128_HMAC_SHA1_80);
 
389
}
 
390
 
 
391
// Test directly setting the params with AES_CM_128_HMAC_SHA1_32
 
392
TEST_F(SrtpFilterTest, TestProtect_SetParamsDirect_AES_CM_128_HMAC_SHA1_32) {
 
393
  EXPECT_TRUE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
 
394
                               kTestKey1, kTestKeyLen,
 
395
                               CS_AES_CM_128_HMAC_SHA1_32,
 
396
                               kTestKey2, kTestKeyLen));
 
397
  EXPECT_TRUE(f2_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_32,
 
398
                               kTestKey2, kTestKeyLen,
 
399
                               CS_AES_CM_128_HMAC_SHA1_32,
 
400
                               kTestKey1, kTestKeyLen));
 
401
  EXPECT_TRUE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
 
402
                                kTestKey1, kTestKeyLen,
 
403
                                CS_AES_CM_128_HMAC_SHA1_32,
 
404
                                kTestKey2, kTestKeyLen));
 
405
  EXPECT_TRUE(f2_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_32,
 
406
                                kTestKey2, kTestKeyLen,
 
407
                                CS_AES_CM_128_HMAC_SHA1_32,
 
408
                                kTestKey1, kTestKeyLen));
 
409
  EXPECT_TRUE(f1_.IsActive());
 
410
  EXPECT_TRUE(f2_.IsActive());
 
411
  TestProtectUnprotect(CS_AES_CM_128_HMAC_SHA1_32, CS_AES_CM_128_HMAC_SHA1_32);
 
412
}
 
413
 
 
414
// Test directly setting the params with bogus keys
 
415
TEST_F(SrtpFilterTest, TestSetParamsKeyTooShort) {
 
416
  EXPECT_FALSE(f1_.SetRtpParams(CS_AES_CM_128_HMAC_SHA1_80,
 
417
                                kTestKey1, kTestKeyLen - 1,
 
418
                                CS_AES_CM_128_HMAC_SHA1_80,
 
419
                                kTestKey1, kTestKeyLen - 1));
 
420
  EXPECT_FALSE(f1_.SetRtcpParams(CS_AES_CM_128_HMAC_SHA1_80,
 
421
                                 kTestKey1, kTestKeyLen - 1,
 
422
                                 CS_AES_CM_128_HMAC_SHA1_80,
 
423
                                 kTestKey1, kTestKeyLen - 1));
 
424
}
 
425
 
 
426
class SrtpSessionTest : public testing::Test {
 
427
 protected:
 
428
  virtual void SetUp() {
 
429
    rtp_len_ = sizeof(kPcmuFrame);
 
430
    rtcp_len_ = sizeof(kRtcpReport);
 
431
    memcpy(rtp_packet_, kPcmuFrame, rtp_len_);
 
432
    memcpy(rtcp_packet_, kRtcpReport, rtcp_len_);
 
433
  }
 
434
  void TestProtectRtp(const std::string& cs) {
 
435
    int out_len = 0;
 
436
    EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
 
437
                               sizeof(rtp_packet_), &out_len));
 
438
    EXPECT_EQ(out_len, rtp_len_ + rtp_auth_tag_len(cs));
 
439
    EXPECT_NE(0, memcmp(rtp_packet_, kPcmuFrame, rtp_len_));
 
440
    rtp_len_ = out_len;
 
441
  }
 
442
  void TestProtectRtcp(const std::string& cs) {
 
443
    int out_len = 0;
 
444
    EXPECT_TRUE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
 
445
                                sizeof(rtcp_packet_), &out_len));
 
446
    EXPECT_EQ(out_len, rtcp_len_ + 4 + rtcp_auth_tag_len(cs));  // NOLINT
 
447
    EXPECT_NE(0, memcmp(rtcp_packet_, kRtcpReport, rtcp_len_));
 
448
    rtcp_len_ = out_len;
 
449
  }
 
450
  void TestUnprotectRtp(const std::string& cs) {
 
451
    int out_len = 0, expected_len = sizeof(kPcmuFrame);
 
452
    EXPECT_TRUE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
 
453
    EXPECT_EQ(expected_len, out_len);
 
454
    EXPECT_EQ(0, memcmp(rtp_packet_, kPcmuFrame, out_len));
 
455
  }
 
456
  void TestUnprotectRtcp(const std::string& cs) {
 
457
    int out_len = 0, expected_len = sizeof(kRtcpReport);
 
458
    EXPECT_TRUE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
 
459
    EXPECT_EQ(expected_len, out_len);
 
460
    EXPECT_EQ(0, memcmp(rtcp_packet_, kRtcpReport, out_len));
 
461
  }
 
462
  cricket::SrtpSession s1_;
 
463
  cricket::SrtpSession s2_;
 
464
  char rtp_packet_[sizeof(kPcmuFrame) + 10];
 
465
  char rtcp_packet_[sizeof(kRtcpReport) + 4 + 10];
 
466
  int rtp_len_;
 
467
  int rtcp_len_;
 
468
};
 
469
 
 
470
// Test that we can set up the session and keys properly.
 
471
TEST_F(SrtpSessionTest, TestGoodSetup) {
 
472
  EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
473
  EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
474
}
 
475
 
 
476
// Test that we can't change the keys once set.
 
477
TEST_F(SrtpSessionTest, TestBadSetup) {
 
478
  EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
479
  EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
480
  EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
 
481
  EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey2, kTestKeyLen));
 
482
}
 
483
 
 
484
// Test that we fail keys of the wrong length.
 
485
TEST_F(SrtpSessionTest, TestKeysTooShort) {
 
486
  EXPECT_FALSE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
 
487
  EXPECT_FALSE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, 1));
 
488
}
 
489
 
 
490
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_80.
 
491
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_80) {
 
492
  EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
493
  EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
494
  TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
 
495
  TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
 
496
  TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_80);
 
497
  TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
 
498
}
 
499
 
 
500
// Test that we can encrypt and decrypt RTP/RTCP using AES_CM_128_HMAC_SHA1_32.
 
501
TEST_F(SrtpSessionTest, TestProtect_AES_CM_128_HMAC_SHA1_32) {
 
502
  EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
 
503
  EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_32, kTestKey1, kTestKeyLen));
 
504
  TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_32);
 
505
  TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
 
506
  TestUnprotectRtp(CS_AES_CM_128_HMAC_SHA1_32);
 
507
  TestUnprotectRtcp(CS_AES_CM_128_HMAC_SHA1_32);
 
508
}
 
509
 
 
510
// Test that we fail to unprotect if someone tampers with the RTP/RTCP paylaods.
 
511
TEST_F(SrtpSessionTest, TestTamperReject) {
 
512
  int out_len;
 
513
  EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
514
  EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
515
  TestProtectRtp(CS_AES_CM_128_HMAC_SHA1_80);
 
516
  TestProtectRtcp(CS_AES_CM_128_HMAC_SHA1_80);
 
517
  rtp_packet_[0] = 0x12;
 
518
  rtcp_packet_[1] = 0x34;
 
519
  EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
 
520
  EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
 
521
}
 
522
 
 
523
// Test that we fail to unprotect if the payloads are not authenticated.
 
524
TEST_F(SrtpSessionTest, TestUnencryptReject) {
 
525
  int out_len;
 
526
  EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
527
  EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
528
  EXPECT_FALSE(s2_.UnprotectRtp(rtp_packet_, rtp_len_, &out_len));
 
529
  EXPECT_FALSE(s2_.UnprotectRtcp(rtcp_packet_, rtcp_len_, &out_len));
 
530
}
 
531
 
 
532
// Test that we fail when using buffers that are too small.
 
533
TEST_F(SrtpSessionTest, TestBuffersTooSmall) {
 
534
  int out_len;
 
535
  EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
536
  EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_,
 
537
                              sizeof(rtp_packet_) - 10, &out_len));
 
538
  EXPECT_FALSE(s1_.ProtectRtcp(rtcp_packet_, rtcp_len_,
 
539
                               sizeof(rtcp_packet_) - 14, &out_len));
 
540
}
 
541
 
 
542
TEST_F(SrtpSessionTest, TestReplay) {
 
543
  static const uint16 kMaxSeqnum = static_cast<uint16>(-1);
 
544
  static const uint16 seqnum_big = 62275;
 
545
  static const uint16 seqnum_small = 10;
 
546
  static const uint16 replay_window = 1024;
 
547
  int out_len;
 
548
 
 
549
  EXPECT_TRUE(s1_.SetSend(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
550
  EXPECT_TRUE(s2_.SetRecv(CS_AES_CM_128_HMAC_SHA1_80, kTestKey1, kTestKeyLen));
 
551
 
 
552
  // Initial sequence number.
 
553
  talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum_big);
 
554
  EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
 
555
                             &out_len));
 
556
 
 
557
  // Replay within the 1024 window should succeed.
 
558
  talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
 
559
                     seqnum_big - replay_window + 1);
 
560
  EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
 
561
                             &out_len));
 
562
 
 
563
  // Replay out side of the 1024 window should fail.
 
564
  talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
 
565
                     seqnum_big - replay_window - 1);
 
566
  EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
 
567
                              &out_len));
 
568
 
 
569
  // Increment sequence number to a small number.
 
570
  talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum_small);
 
571
  EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
 
572
                             &out_len));
 
573
 
 
574
  // Replay around 0 but out side of the 1024 window should fail.
 
575
  talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
 
576
                     kMaxSeqnum + seqnum_small - replay_window - 1);
 
577
  EXPECT_FALSE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
 
578
                              &out_len));
 
579
 
 
580
  // Replay around 0 but within the 1024 window should succeed.
 
581
  for (uint16 seqnum = 65000; seqnum < 65003; ++seqnum) {
 
582
    talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2, seqnum);
 
583
    EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
 
584
                               &out_len));
 
585
  }
 
586
 
 
587
  // Go back to normal sequence nubmer.
 
588
  // NOTE: without the fix in libsrtp, this would fail. This is because
 
589
  // without the fix, the loop above would keep incrementing local sequence
 
590
  // number in libsrtp, eventually the new sequence number would go out side
 
591
  // of the window.
 
592
  talk_base::SetBE16(reinterpret_cast<uint8*>(rtp_packet_) + 2,
 
593
                     seqnum_small + 1);
 
594
  EXPECT_TRUE(s1_.ProtectRtp(rtp_packet_, rtp_len_, sizeof(rtp_packet_),
 
595
                             &out_len));
 
596
}
 
597
 
 
598
class SrtpStatTest
 
599
    : public testing::Test,
 
600
      public sigslot::has_slots<> {
 
601
 public:
 
602
  SrtpStatTest()
 
603
      : ssrc_(0U),
 
604
        mode_(-1),
 
605
        error_(cricket::SrtpFilter::ERROR_NONE) {
 
606
    srtp_stat_.SignalSrtpError.connect(this, &SrtpStatTest::OnSrtpError);
 
607
    srtp_stat_.set_signal_silent_time(200);
 
608
  }
 
609
 
 
610
 protected:
 
611
  void OnSrtpError(uint32 ssrc, cricket::SrtpFilter::Mode mode,
 
612
                   cricket::SrtpFilter::Error error) {
 
613
    ssrc_ = ssrc;
 
614
    mode_ = mode;
 
615
    error_ = error;
 
616
  }
 
617
  void Reset() {
 
618
    ssrc_ = 0U;
 
619
    mode_ = -1;
 
620
    error_ = cricket::SrtpFilter::ERROR_NONE;
 
621
  }
 
622
 
 
623
  cricket::SrtpStat srtp_stat_;
 
624
  uint32 ssrc_;
 
625
  int mode_;
 
626
  cricket::SrtpFilter::Error error_;
 
627
 
 
628
 private:
 
629
  DISALLOW_COPY_AND_ASSIGN(SrtpStatTest);
 
630
};
 
631
 
 
632
TEST_F(SrtpStatTest, TestProtectRtpError) {
 
633
  Reset();
 
634
  srtp_stat_.AddProtectRtpResult(1, err_status_ok);
 
635
  EXPECT_EQ(0U, ssrc_);
 
636
  EXPECT_EQ(-1, mode_);
 
637
  EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
 
638
  Reset();
 
639
  srtp_stat_.AddProtectRtpResult(1, err_status_auth_fail);
 
640
  EXPECT_EQ(1U, ssrc_);
 
641
  EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
 
642
  EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
 
643
  Reset();
 
644
  srtp_stat_.AddProtectRtpResult(1, err_status_fail);
 
645
  EXPECT_EQ(1U, ssrc_);
 
646
  EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
 
647
  EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
 
648
  // Within 200ms, the error will not be triggered.
 
649
  Reset();
 
650
  srtp_stat_.AddProtectRtpResult(1, err_status_fail);
 
651
  EXPECT_EQ(0U, ssrc_);
 
652
  EXPECT_EQ(-1, mode_);
 
653
  EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
 
654
  // Now the error will be triggered again.
 
655
  Reset();
 
656
  talk_base::Thread::Current()->SleepMs(210);
 
657
  srtp_stat_.AddProtectRtpResult(1, err_status_fail);
 
658
  EXPECT_EQ(1U, ssrc_);
 
659
  EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
 
660
  EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
 
661
}
 
662
 
 
663
TEST_F(SrtpStatTest, TestUnprotectRtpError) {
 
664
  Reset();
 
665
  srtp_stat_.AddUnprotectRtpResult(1, err_status_ok);
 
666
  EXPECT_EQ(0U, ssrc_);
 
667
  EXPECT_EQ(-1, mode_);
 
668
  EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
 
669
  Reset();
 
670
  srtp_stat_.AddUnprotectRtpResult(1, err_status_auth_fail);
 
671
  EXPECT_EQ(1U, ssrc_);
 
672
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
673
  EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
 
674
  Reset();
 
675
  srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_fail);
 
676
  EXPECT_EQ(1U, ssrc_);
 
677
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
678
  EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
 
679
  Reset();
 
680
  talk_base::Thread::Current()->SleepMs(210);
 
681
  srtp_stat_.AddUnprotectRtpResult(1, err_status_replay_old);
 
682
  EXPECT_EQ(1U, ssrc_);
 
683
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
684
  EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
 
685
  Reset();
 
686
  srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
 
687
  EXPECT_EQ(1U, ssrc_);
 
688
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
689
  EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
 
690
  // Within 200ms, the error will not be triggered.
 
691
  Reset();
 
692
  srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
 
693
  EXPECT_EQ(0U, ssrc_);
 
694
  EXPECT_EQ(-1, mode_);
 
695
  EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
 
696
  // Now the error will be triggered again.
 
697
  Reset();
 
698
  talk_base::Thread::Current()->SleepMs(210);
 
699
  srtp_stat_.AddUnprotectRtpResult(1, err_status_fail);
 
700
  EXPECT_EQ(1U, ssrc_);
 
701
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
702
  EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
 
703
}
 
704
 
 
705
TEST_F(SrtpStatTest, TestProtectRtcpError) {
 
706
  Reset();
 
707
  srtp_stat_.AddProtectRtcpResult(err_status_ok);
 
708
  EXPECT_EQ(-1, mode_);
 
709
  EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
 
710
  Reset();
 
711
  srtp_stat_.AddProtectRtcpResult(err_status_auth_fail);
 
712
  EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
 
713
  EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
 
714
  Reset();
 
715
  srtp_stat_.AddProtectRtcpResult(err_status_fail);
 
716
  EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
 
717
  EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
 
718
  // Within 200ms, the error will not be triggered.
 
719
  Reset();
 
720
  srtp_stat_.AddProtectRtcpResult(err_status_fail);
 
721
  EXPECT_EQ(-1, mode_);
 
722
  EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
 
723
  // Now the error will be triggered again.
 
724
  Reset();
 
725
  talk_base::Thread::Current()->SleepMs(210);
 
726
  srtp_stat_.AddProtectRtcpResult(err_status_fail);
 
727
  EXPECT_EQ(cricket::SrtpFilter::PROTECT, mode_);
 
728
  EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
 
729
}
 
730
 
 
731
TEST_F(SrtpStatTest, TestUnprotectRtcpError) {
 
732
  Reset();
 
733
  srtp_stat_.AddUnprotectRtcpResult(err_status_ok);
 
734
  EXPECT_EQ(-1, mode_);
 
735
  EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
 
736
  Reset();
 
737
  srtp_stat_.AddUnprotectRtcpResult(err_status_auth_fail);
 
738
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
739
  EXPECT_EQ(cricket::SrtpFilter::ERROR_AUTH, error_);
 
740
  Reset();
 
741
  srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail);
 
742
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
743
  EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
 
744
  Reset();
 
745
  talk_base::Thread::Current()->SleepMs(210);
 
746
  srtp_stat_.AddUnprotectRtcpResult(err_status_replay_fail);
 
747
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
748
  EXPECT_EQ(cricket::SrtpFilter::ERROR_REPLAY, error_);
 
749
  Reset();
 
750
  srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
 
751
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
752
  EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
 
753
  // Within 200ms, the error will not be triggered.
 
754
  Reset();
 
755
  srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
 
756
  EXPECT_EQ(-1, mode_);
 
757
  EXPECT_EQ(cricket::SrtpFilter::ERROR_NONE, error_);
 
758
  // Now the error will be triggered again.
 
759
  Reset();
 
760
  talk_base::Thread::Current()->SleepMs(210);
 
761
  srtp_stat_.AddUnprotectRtcpResult(err_status_fail);
 
762
  EXPECT_EQ(cricket::SrtpFilter::UNPROTECT, mode_);
 
763
  EXPECT_EQ(cricket::SrtpFilter::ERROR_FAIL, error_);
 
764
}