Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(172)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/p2p/base/dtlstransportchannel_unittest.cc

Issue 3004503002: Renamed dtlstransportchannel.h/.cc/_unittest.cc. (Closed)
Patch Set: Rename dtlstransportchannel.h/.cc/_unittest.cc. Created 3 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « webrtc/p2p/base/dtlstransportchannel.cc ('k') | webrtc/p2p/base/jseptransport.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include <memory>
12 #include <set>
13
14 #include "webrtc/p2p/base/dtlstransportchannel.h"
15 #include "webrtc/p2p/base/fakeicetransport.h"
16 #include "webrtc/p2p/base/packettransportinternal.h"
17 #include "webrtc/rtc_base/checks.h"
18 #include "webrtc/rtc_base/dscp.h"
19 #include "webrtc/rtc_base/gunit.h"
20 #include "webrtc/rtc_base/helpers.h"
21 #include "webrtc/rtc_base/ssladapter.h"
22 #include "webrtc/rtc_base/sslidentity.h"
23 #include "webrtc/rtc_base/sslstreamadapter.h"
24 #include "webrtc/rtc_base/stringutils.h"
25
26 #define MAYBE_SKIP_TEST(feature) \
27 if (!(rtc::SSLStreamAdapter::feature())) { \
28 LOG(LS_INFO) << #feature " feature disabled... skipping"; \
29 return; \
30 }
31
32 static const char kIceUfrag1[] = "TESTICEUFRAG0001";
33 static const char kIcePwd1[] = "TESTICEPWD00000000000001";
34 static const size_t kPacketNumOffset = 8;
35 static const size_t kPacketHeaderLen = 12;
36 static const int kFakePacketId = 0x1234;
37 static const int kTimeout = 10000;
38
39 static bool IsRtpLeadByte(uint8_t b) {
40 return ((b & 0xC0) == 0x80);
41 }
42
43 cricket::TransportDescription MakeTransportDescription(
44 const rtc::scoped_refptr<rtc::RTCCertificate>& cert,
45 cricket::ConnectionRole role) {
46 std::unique_ptr<rtc::SSLFingerprint> fingerprint;
47 if (cert) {
48 std::string digest_algorithm;
49 EXPECT_TRUE(
50 cert->ssl_certificate().GetSignatureDigestAlgorithm(&digest_algorithm));
51 EXPECT_FALSE(digest_algorithm.empty());
52 fingerprint.reset(
53 rtc::SSLFingerprint::Create(digest_algorithm, cert->identity()));
54 EXPECT_TRUE(fingerprint.get() != NULL);
55 EXPECT_EQ(rtc::DIGEST_SHA_256, digest_algorithm);
56 }
57 return cricket::TransportDescription(std::vector<std::string>(), kIceUfrag1,
58 kIcePwd1, cricket::ICEMODE_FULL, role,
59 fingerprint.get());
60 }
61
62 using cricket::ConnectionRole;
63
64 enum Flags { NF_REOFFER = 0x1, NF_EXPECT_FAILURE = 0x2 };
65
66 // TODO(deadbeef): Remove the dependency on JsepTransport. This test should be
67 // testing DtlsTransportChannel by itself, calling methods to set the
68 // configuration directly instead of negotiating TransportDescriptions.
69 class DtlsTestClient : public sigslot::has_slots<> {
70 public:
71 DtlsTestClient(const std::string& name) : name_(name) {}
72 void CreateCertificate(rtc::KeyType key_type) {
73 certificate_ =
74 rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
75 rtc::SSLIdentity::Generate(name_, key_type)));
76 }
77 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() {
78 return certificate_;
79 }
80 void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) {
81 ssl_max_version_ = version;
82 }
83 void SetupChannels(int count, cricket::IceRole role, int async_delay_ms = 0) {
84 transport_.reset(
85 new cricket::JsepTransport("dtls content name", certificate_));
86 for (int i = 0; i < count; ++i) {
87 cricket::FakeIceTransport* fake_ice_channel =
88 new cricket::FakeIceTransport(transport_->mid(), i);
89 fake_ice_channel->SetAsync(true);
90 fake_ice_channel->SetAsyncDelay(async_delay_ms);
91 // Hook the raw packets so that we can verify they are encrypted.
92 fake_ice_channel->SignalReadPacket.connect(
93 this, &DtlsTestClient::OnFakeTransportChannelReadPacket);
94
95 cricket::DtlsTransport* dtls =
96 new cricket::DtlsTransport(fake_ice_channel, rtc::CryptoOptions());
97 dtls->SetLocalCertificate(certificate_);
98 dtls->ice_transport()->SetIceRole(role);
99 dtls->ice_transport()->SetIceTiebreaker(
100 (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2);
101 dtls->SetSslMaxProtocolVersion(ssl_max_version_);
102 dtls->SignalWritableState.connect(
103 this, &DtlsTestClient::OnTransportChannelWritableState);
104 dtls->SignalReadPacket.connect(
105 this, &DtlsTestClient::OnTransportChannelReadPacket);
106 dtls->SignalSentPacket.connect(
107 this, &DtlsTestClient::OnTransportChannelSentPacket);
108 dtls_transports_.push_back(std::unique_ptr<cricket::DtlsTransport>(dtls));
109 fake_ice_transports_.push_back(
110 std::unique_ptr<cricket::FakeIceTransport>(fake_ice_channel));
111 transport_->AddChannel(dtls, i);
112 }
113 }
114
115 cricket::JsepTransport* transport() { return transport_.get(); }
116
117 cricket::FakeIceTransport* GetFakeIceTransort(int component) {
118 for (const auto& ch : fake_ice_transports_) {
119 if (ch->component() == component) {
120 return ch.get();
121 }
122 }
123 return nullptr;
124 }
125
126 cricket::DtlsTransport* GetDtlsTransport(int component) {
127 for (const auto& dtls : dtls_transports_) {
128 if (dtls->component() == component) {
129 return dtls.get();
130 }
131 }
132 return nullptr;
133 }
134
135 // Offer DTLS if we have an identity; pass in a remote fingerprint only if
136 // both sides support DTLS.
137 void Negotiate(DtlsTestClient* peer, cricket::ContentAction action,
138 ConnectionRole local_role, ConnectionRole remote_role,
139 int flags) {
140 Negotiate(certificate_, certificate_ ? peer->certificate_ : nullptr, action,
141 local_role, remote_role, flags);
142 }
143
144 void SetLocalTransportDescription(
145 const rtc::scoped_refptr<rtc::RTCCertificate>& cert,
146 cricket::ContentAction action,
147 ConnectionRole role,
148 int flags) {
149 // If |NF_EXPECT_FAILURE| is set, expect SRTD or SLTD to fail when
150 // content action is CA_ANSWER.
151 bool expect_success =
152 !((action == cricket::CA_ANSWER) && (flags & NF_EXPECT_FAILURE));
153 EXPECT_EQ(expect_success,
154 transport_->SetLocalTransportDescription(
155 MakeTransportDescription(cert, role), action, nullptr));
156 }
157
158 void SetRemoteTransportDescription(
159 const rtc::scoped_refptr<rtc::RTCCertificate>& cert,
160 cricket::ContentAction action,
161 ConnectionRole role,
162 int flags) {
163 // If |NF_EXPECT_FAILURE| is set, expect SRTD or SLTD to fail when
164 // content action is CA_ANSWER.
165 bool expect_success =
166 !((action == cricket::CA_ANSWER) && (flags & NF_EXPECT_FAILURE));
167 EXPECT_EQ(expect_success,
168 transport_->SetRemoteTransportDescription(
169 MakeTransportDescription(cert, role), action, nullptr));
170 }
171
172 // Allow any DTLS configuration to be specified (including invalid ones).
173 void Negotiate(const rtc::scoped_refptr<rtc::RTCCertificate>& local_cert,
174 const rtc::scoped_refptr<rtc::RTCCertificate>& remote_cert,
175 cricket::ContentAction action,
176 ConnectionRole local_role,
177 ConnectionRole remote_role,
178 int flags) {
179 if (action == cricket::CA_OFFER) {
180 SetLocalTransportDescription(local_cert, cricket::CA_OFFER, local_role,
181 flags);
182 SetRemoteTransportDescription(remote_cert, cricket::CA_ANSWER,
183 remote_role, flags);
184 } else {
185 SetRemoteTransportDescription(remote_cert, cricket::CA_OFFER, remote_role,
186 flags);
187 // If remote if the offerer and has no DTLS support, answer will be
188 // without any fingerprint.
189 SetLocalTransportDescription(remote_cert ? local_cert : nullptr,
190 cricket::CA_ANSWER, local_role, flags);
191 }
192 }
193
194 bool Connect(DtlsTestClient* peer, bool asymmetric) {
195 for (auto& ice : fake_ice_transports_) {
196 ice->SetDestination(peer->GetFakeIceTransort(ice->component()),
197 asymmetric);
198 }
199 return true;
200 }
201
202 bool all_dtls_transports_writable() const {
203 if (dtls_transports_.empty()) {
204 return false;
205 }
206 for (const auto& dtls : dtls_transports_) {
207 if (!dtls->writable()) {
208 return false;
209 }
210 }
211 return true;
212 }
213
214 bool all_ice_transports_writable() const {
215 if (dtls_transports_.empty()) {
216 return false;
217 }
218 for (const auto& dtls : dtls_transports_) {
219 if (!dtls->ice_transport()->writable()) {
220 return false;
221 }
222 }
223 return true;
224 }
225
226 int received_dtls_client_hellos() const {
227 return received_dtls_client_hellos_;
228 }
229
230 int received_dtls_server_hellos() const {
231 return received_dtls_server_hellos_;
232 }
233
234 bool negotiated_dtls() const {
235 return transport_->local_description() &&
236 transport_->local_description()->identity_fingerprint &&
237 transport_->remote_description() &&
238 transport_->remote_description()->identity_fingerprint;
239 }
240
241 void CheckRole(rtc::SSLRole role) {
242 if (role == rtc::SSL_CLIENT) {
243 ASSERT_EQ(0, received_dtls_client_hellos_);
244 ASSERT_GT(received_dtls_server_hellos_, 0);
245 } else {
246 ASSERT_GT(received_dtls_client_hellos_, 0);
247 ASSERT_EQ(0, received_dtls_server_hellos_);
248 }
249 }
250
251 void CheckSrtp(int expected_crypto_suite) {
252 for (const auto& dtls : dtls_transports_) {
253 int crypto_suite;
254
255 bool rv = dtls->GetSrtpCryptoSuite(&crypto_suite);
256 if (negotiated_dtls() && expected_crypto_suite) {
257 ASSERT_TRUE(rv);
258
259 ASSERT_EQ(crypto_suite, expected_crypto_suite);
260 } else {
261 ASSERT_FALSE(rv);
262 }
263 }
264 }
265
266 void CheckSsl() {
267 for (const auto& dtls : dtls_transports_) {
268 int cipher;
269
270 bool rv = dtls->GetSslCipherSuite(&cipher);
271 if (negotiated_dtls()) {
272 ASSERT_TRUE(rv);
273
274 EXPECT_TRUE(
275 rtc::SSLStreamAdapter::IsAcceptableCipher(cipher, rtc::KT_DEFAULT));
276 } else {
277 ASSERT_FALSE(rv);
278 }
279 }
280 }
281
282 void SendPackets(size_t transport, size_t size, size_t count, bool srtp) {
283 RTC_CHECK(transport < dtls_transports_.size());
284 std::unique_ptr<char[]> packet(new char[size]);
285 size_t sent = 0;
286 do {
287 // Fill the packet with a known value and a sequence number to check
288 // against, and make sure that it doesn't look like DTLS.
289 memset(packet.get(), sent & 0xff, size);
290 packet[0] = (srtp) ? 0x80 : 0x00;
291 rtc::SetBE32(packet.get() + kPacketNumOffset,
292 static_cast<uint32_t>(sent));
293
294 // Only set the bypass flag if we've activated DTLS.
295 int flags = (certificate_ && srtp) ? cricket::PF_SRTP_BYPASS : 0;
296 rtc::PacketOptions packet_options;
297 packet_options.packet_id = kFakePacketId;
298 int rv = dtls_transports_[transport]->SendPacket(packet.get(), size,
299 packet_options, flags);
300 ASSERT_GT(rv, 0);
301 ASSERT_EQ(size, static_cast<size_t>(rv));
302 ++sent;
303 } while (sent < count);
304 }
305
306 int SendInvalidSrtpPacket(size_t transport, size_t size) {
307 RTC_CHECK(transport < dtls_transports_.size());
308 std::unique_ptr<char[]> packet(new char[size]);
309 // Fill the packet with 0 to form an invalid SRTP packet.
310 memset(packet.get(), 0, size);
311
312 rtc::PacketOptions packet_options;
313 return dtls_transports_[transport]->SendPacket(
314 packet.get(), size, packet_options, cricket::PF_SRTP_BYPASS);
315 }
316
317 void ExpectPackets(size_t transport, size_t size) {
318 packet_size_ = size;
319 received_.clear();
320 }
321
322 size_t NumPacketsReceived() {
323 return received_.size();
324 }
325
326 bool VerifyPacket(const char* data, size_t size, uint32_t* out_num) {
327 if (size != packet_size_ ||
328 (data[0] != 0 && static_cast<uint8_t>(data[0]) != 0x80)) {
329 return false;
330 }
331 uint32_t packet_num = rtc::GetBE32(data + kPacketNumOffset);
332 for (size_t i = kPacketHeaderLen; i < size; ++i) {
333 if (static_cast<uint8_t>(data[i]) != (packet_num & 0xff)) {
334 return false;
335 }
336 }
337 if (out_num) {
338 *out_num = packet_num;
339 }
340 return true;
341 }
342 bool VerifyEncryptedPacket(const char* data, size_t size) {
343 // This is an encrypted data packet; let's make sure it's mostly random;
344 // less than 10% of the bytes should be equal to the cleartext packet.
345 if (size <= packet_size_) {
346 return false;
347 }
348 uint32_t packet_num = rtc::GetBE32(data + kPacketNumOffset);
349 int num_matches = 0;
350 for (size_t i = kPacketNumOffset; i < size; ++i) {
351 if (static_cast<uint8_t>(data[i]) == (packet_num & 0xff)) {
352 ++num_matches;
353 }
354 }
355 return (num_matches < ((static_cast<int>(size) - 5) / 10));
356 }
357
358 // Transport channel callbacks
359 void OnTransportChannelWritableState(
360 rtc::PacketTransportInternal* transport) {
361 LOG(LS_INFO) << name_ << ": Channel '" << transport->debug_name()
362 << "' is writable";
363 }
364
365 void OnTransportChannelReadPacket(rtc::PacketTransportInternal* transport,
366 const char* data,
367 size_t size,
368 const rtc::PacketTime& packet_time,
369 int flags) {
370 uint32_t packet_num = 0;
371 ASSERT_TRUE(VerifyPacket(data, size, &packet_num));
372 received_.insert(packet_num);
373 // Only DTLS-SRTP packets should have the bypass flag set.
374 int expected_flags =
375 (certificate_ && IsRtpLeadByte(data[0])) ? cricket::PF_SRTP_BYPASS : 0;
376 ASSERT_EQ(expected_flags, flags);
377 }
378
379 void OnTransportChannelSentPacket(rtc::PacketTransportInternal* transport,
380 const rtc::SentPacket& sent_packet) {
381 sent_packet_ = sent_packet;
382 }
383
384 rtc::SentPacket sent_packet() const { return sent_packet_; }
385
386 // Hook into the raw packet stream to make sure DTLS packets are encrypted.
387 void OnFakeTransportChannelReadPacket(rtc::PacketTransportInternal* transport,
388 const char* data,
389 size_t size,
390 const rtc::PacketTime& time,
391 int flags) {
392 // Flags shouldn't be set on the underlying TransportChannel packets.
393 ASSERT_EQ(0, flags);
394
395 // Look at the handshake packets to see what role we played.
396 // Check that non-handshake packets are DTLS data or SRTP bypass.
397 if (data[0] == 22 && size > 17) {
398 if (data[13] == 1) {
399 ++received_dtls_client_hellos_;
400 } else if (data[13] == 2) {
401 ++received_dtls_server_hellos_;
402 }
403 } else if (negotiated_dtls() && !(data[0] >= 20 && data[0] <= 22)) {
404 ASSERT_TRUE(data[0] == 23 || IsRtpLeadByte(data[0]));
405 if (data[0] == 23) {
406 ASSERT_TRUE(VerifyEncryptedPacket(data, size));
407 } else if (IsRtpLeadByte(data[0])) {
408 ASSERT_TRUE(VerifyPacket(data, size, NULL));
409 }
410 }
411 }
412
413 private:
414 std::string name_;
415 rtc::scoped_refptr<rtc::RTCCertificate> certificate_;
416 std::vector<std::unique_ptr<cricket::FakeIceTransport>> fake_ice_transports_;
417 std::vector<std::unique_ptr<cricket::DtlsTransport>> dtls_transports_;
418 std::unique_ptr<cricket::JsepTransport> transport_;
419 size_t packet_size_ = 0u;
420 std::set<int> received_;
421 rtc::SSLProtocolVersion ssl_max_version_ = rtc::SSL_PROTOCOL_DTLS_12;
422 int received_dtls_client_hellos_ = 0;
423 int received_dtls_server_hellos_ = 0;
424 rtc::SentPacket sent_packet_;
425 };
426
427 // Base class for DtlsTransportChannelTest and DtlsEventOrderingTest, which
428 // inherit from different variants of testing::Test.
429 //
430 // Note that this test always uses a FakeClock, due to the |fake_clock_| member
431 // variable.
432 class DtlsTransportChannelTestBase {
433 public:
434 DtlsTransportChannelTestBase()
435 : client1_("P1"),
436 client2_("P2"),
437 channel_ct_(1),
438 use_dtls_(false),
439 ssl_expected_version_(rtc::SSL_PROTOCOL_DTLS_12) {}
440
441 void SetChannelCount(size_t channel_ct) {
442 channel_ct_ = static_cast<int>(channel_ct);
443 }
444 void SetMaxProtocolVersions(rtc::SSLProtocolVersion c1,
445 rtc::SSLProtocolVersion c2) {
446 client1_.SetupMaxProtocolVersion(c1);
447 client2_.SetupMaxProtocolVersion(c2);
448 ssl_expected_version_ = std::min(c1, c2);
449 }
450 void PrepareDtls(bool c1, bool c2, rtc::KeyType key_type) {
451 if (c1) {
452 client1_.CreateCertificate(key_type);
453 }
454 if (c2) {
455 client2_.CreateCertificate(key_type);
456 }
457 if (c1 && c2)
458 use_dtls_ = true;
459 }
460
461 // Negotiate local/remote fingerprint before or after the underlying
462 // tranpsort is connected?
463 enum NegotiateOrdering { NEGOTIATE_BEFORE_CONNECT, CONNECT_BEFORE_NEGOTIATE };
464 bool Connect(ConnectionRole client1_role,
465 ConnectionRole client2_role,
466 NegotiateOrdering ordering = NEGOTIATE_BEFORE_CONNECT) {
467 bool rv;
468 if (ordering == NEGOTIATE_BEFORE_CONNECT) {
469 Negotiate(client1_role, client2_role);
470 rv = client1_.Connect(&client2_, false);
471 } else {
472 client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
473 client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
474 // This is equivalent to an offer being processed on both sides, but an
475 // answer not yet being received on the initiating side. So the
476 // connection will be made before negotiation has finished on both sides.
477 client1_.SetLocalTransportDescription(client1_.certificate(),
478 cricket::CA_OFFER, client1_role, 0);
479 client2_.SetRemoteTransportDescription(
480 client1_.certificate(), cricket::CA_OFFER, client1_role, 0);
481 client2_.SetLocalTransportDescription(
482 client2_.certificate(), cricket::CA_ANSWER, client2_role, 0);
483 rv = client1_.Connect(&client2_, false);
484 client1_.SetRemoteTransportDescription(
485 client2_.certificate(), cricket::CA_ANSWER, client2_role, 0);
486 }
487
488 EXPECT_TRUE(rv);
489 if (!rv)
490 return false;
491
492 EXPECT_TRUE_SIMULATED_WAIT(client1_.all_dtls_transports_writable() &&
493 client2_.all_dtls_transports_writable(),
494 kTimeout, fake_clock_);
495 if (!client1_.all_dtls_transports_writable() ||
496 !client2_.all_dtls_transports_writable())
497 return false;
498
499 // Check that we used the right roles.
500 if (use_dtls_) {
501 rtc::SSLRole client1_ssl_role =
502 (client1_role == cricket::CONNECTIONROLE_ACTIVE ||
503 (client2_role == cricket::CONNECTIONROLE_PASSIVE &&
504 client1_role == cricket::CONNECTIONROLE_ACTPASS)) ?
505 rtc::SSL_CLIENT : rtc::SSL_SERVER;
506
507 rtc::SSLRole client2_ssl_role =
508 (client2_role == cricket::CONNECTIONROLE_ACTIVE ||
509 (client1_role == cricket::CONNECTIONROLE_PASSIVE &&
510 client2_role == cricket::CONNECTIONROLE_ACTPASS)) ?
511 rtc::SSL_CLIENT : rtc::SSL_SERVER;
512
513 client1_.CheckRole(client1_ssl_role);
514 client2_.CheckRole(client2_ssl_role);
515 }
516
517 if (use_dtls_) {
518 // Check that we negotiated the right ciphers. Since GCM ciphers are not
519 // negotiated by default, we should end up with SRTP_AES128_CM_SHA1_32.
520 client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_32);
521 client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_32);
522 } else {
523 // If DTLS isn't actually being used, GetSrtpCryptoSuite should return
524 // false.
525 client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
526 client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
527 }
528
529 client1_.CheckSsl();
530 client2_.CheckSsl();
531
532 return true;
533 }
534
535 bool Connect() {
536 // By default, Client1 will be Server and Client2 will be Client.
537 return Connect(cricket::CONNECTIONROLE_ACTPASS,
538 cricket::CONNECTIONROLE_ACTIVE);
539 }
540
541 void Negotiate() {
542 Negotiate(cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE);
543 }
544
545 void Negotiate(ConnectionRole client1_role, ConnectionRole client2_role) {
546 client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
547 client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
548 // Expect success from SLTD and SRTD.
549 client1_.Negotiate(&client2_, cricket::CA_OFFER,
550 client1_role, client2_role, 0);
551 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
552 client2_role, client1_role, 0);
553 }
554
555 // Negotiate with legacy client |client2|. Legacy client doesn't use setup
556 // attributes, except NONE.
557 void NegotiateWithLegacy() {
558 client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
559 client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
560 // Expect success from SLTD and SRTD.
561 client1_.Negotiate(&client2_, cricket::CA_OFFER,
562 cricket::CONNECTIONROLE_ACTPASS,
563 cricket::CONNECTIONROLE_NONE, 0);
564 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
565 cricket::CONNECTIONROLE_ACTIVE,
566 cricket::CONNECTIONROLE_NONE, 0);
567 }
568
569 void Renegotiate(DtlsTestClient* reoffer_initiator,
570 ConnectionRole client1_role, ConnectionRole client2_role,
571 int flags) {
572 if (reoffer_initiator == &client1_) {
573 client1_.Negotiate(&client2_, cricket::CA_OFFER,
574 client1_role, client2_role, flags);
575 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
576 client2_role, client1_role, flags);
577 } else {
578 client2_.Negotiate(&client1_, cricket::CA_OFFER,
579 client2_role, client1_role, flags);
580 client1_.Negotiate(&client2_, cricket::CA_ANSWER,
581 client1_role, client2_role, flags);
582 }
583 }
584
585 void TestTransfer(size_t transport, size_t size, size_t count, bool srtp) {
586 LOG(LS_INFO) << "Expect packets, size=" << size;
587 client2_.ExpectPackets(transport, size);
588 client1_.SendPackets(transport, size, count, srtp);
589 EXPECT_EQ_SIMULATED_WAIT(count, client2_.NumPacketsReceived(), kTimeout,
590 fake_clock_);
591 }
592
593 protected:
594 rtc::ScopedFakeClock fake_clock_;
595 DtlsTestClient client1_;
596 DtlsTestClient client2_;
597 int channel_ct_;
598 bool use_dtls_;
599 rtc::SSLProtocolVersion ssl_expected_version_;
600 };
601
602 class DtlsTransportChannelTest : public DtlsTransportChannelTestBase,
603 public ::testing::Test {};
604
605 // Test that transport negotiation of ICE, no DTLS works properly.
606 TEST_F(DtlsTransportChannelTest, TestChannelSetupIce) {
607 Negotiate();
608 cricket::FakeIceTransport* channel1 = client1_.GetFakeIceTransort(0);
609 cricket::FakeIceTransport* channel2 = client2_.GetFakeIceTransort(0);
610 ASSERT_TRUE(channel1 != NULL);
611 ASSERT_TRUE(channel2 != NULL);
612 EXPECT_EQ(cricket::ICEROLE_CONTROLLING, channel1->GetIceRole());
613 EXPECT_EQ(1U, channel1->IceTiebreaker());
614 EXPECT_EQ(kIceUfrag1, channel1->ice_ufrag());
615 EXPECT_EQ(kIcePwd1, channel1->ice_pwd());
616 EXPECT_EQ(cricket::ICEROLE_CONTROLLED, channel2->GetIceRole());
617 EXPECT_EQ(2U, channel2->IceTiebreaker());
618 }
619
620 // Connect without DTLS, and transfer some data.
621 TEST_F(DtlsTransportChannelTest, TestTransfer) {
622 ASSERT_TRUE(Connect());
623 TestTransfer(0, 1000, 100, false);
624 }
625
626 // Connect without DTLS, and transfer some data.
627 TEST_F(DtlsTransportChannelTest, TestOnSentPacket) {
628 ASSERT_TRUE(Connect());
629 EXPECT_EQ(client1_.sent_packet().send_time_ms, -1);
630 TestTransfer(0, 1000, 100, false);
631 EXPECT_EQ(kFakePacketId, client1_.sent_packet().packet_id);
632 EXPECT_GE(client1_.sent_packet().send_time_ms, 0);
633 }
634
635 // Create two channels without DTLS, and transfer some data.
636 TEST_F(DtlsTransportChannelTest, TestTransferTwoChannels) {
637 SetChannelCount(2);
638 ASSERT_TRUE(Connect());
639 TestTransfer(0, 1000, 100, false);
640 TestTransfer(1, 1000, 100, false);
641 }
642
643 // Connect without DTLS, and transfer SRTP data.
644 TEST_F(DtlsTransportChannelTest, TestTransferSrtp) {
645 ASSERT_TRUE(Connect());
646 TestTransfer(0, 1000, 100, true);
647 }
648
649 // Create two channels without DTLS, and transfer SRTP data.
650 TEST_F(DtlsTransportChannelTest, TestTransferSrtpTwoChannels) {
651 SetChannelCount(2);
652 ASSERT_TRUE(Connect());
653 TestTransfer(0, 1000, 100, true);
654 TestTransfer(1, 1000, 100, true);
655 }
656
657 // Connect with DTLS, and transfer some data.
658 TEST_F(DtlsTransportChannelTest, TestTransferDtls) {
659 PrepareDtls(true, true, rtc::KT_DEFAULT);
660 ASSERT_TRUE(Connect());
661 TestTransfer(0, 1000, 100, false);
662 }
663
664 // Create two channels with DTLS, and transfer some data.
665 TEST_F(DtlsTransportChannelTest, TestTransferDtlsTwoChannels) {
666 SetChannelCount(2);
667 PrepareDtls(true, true, rtc::KT_DEFAULT);
668 ASSERT_TRUE(Connect());
669 TestTransfer(0, 1000, 100, false);
670 TestTransfer(1, 1000, 100, false);
671 }
672
673 // Connect with DTLS, combine multiple DTLS records into one packet.
674 // Our DTLS implementation doesn't do this, but other implementations may;
675 // see https://tools.ietf.org/html/rfc6347#section-4.1.1.
676 // This has caused interoperability problems with ORTCLib in the past.
677 TEST_F(DtlsTransportChannelTest, TestTransferDtlsCombineRecords) {
678 PrepareDtls(true, true, rtc::KT_DEFAULT);
679 ASSERT_TRUE(Connect());
680 // Our DTLS implementation always sends one record per packet, so to simulate
681 // an endpoint that sends multiple records per packet, we configure the fake
682 // ICE transport to combine every two consecutive packets into a single
683 // packet.
684 cricket::FakeIceTransport* transport = client1_.GetFakeIceTransort(0);
685 transport->combine_outgoing_packets(true);
686 TestTransfer(0, 500, 100, false);
687 }
688
689 // Connect with A doing DTLS and B not, and transfer some data.
690 TEST_F(DtlsTransportChannelTest, TestTransferDtlsRejected) {
691 PrepareDtls(true, false, rtc::KT_DEFAULT);
692 ASSERT_TRUE(Connect());
693 TestTransfer(0, 1000, 100, false);
694 }
695
696 // Connect with B doing DTLS and A not, and transfer some data.
697 TEST_F(DtlsTransportChannelTest, TestTransferDtlsNotOffered) {
698 PrepareDtls(false, true, rtc::KT_DEFAULT);
699 ASSERT_TRUE(Connect());
700 TestTransfer(0, 1000, 100, false);
701 }
702
703 // Create two channels with DTLS 1.0 and check ciphers.
704 TEST_F(DtlsTransportChannelTest, TestDtls12None) {
705 SetChannelCount(2);
706 PrepareDtls(true, true, rtc::KT_DEFAULT);
707 SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
708 ASSERT_TRUE(Connect());
709 }
710
711 // Create two channels with DTLS 1.2 and check ciphers.
712 TEST_F(DtlsTransportChannelTest, TestDtls12Both) {
713 SetChannelCount(2);
714 PrepareDtls(true, true, rtc::KT_DEFAULT);
715 SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
716 ASSERT_TRUE(Connect());
717 }
718
719 // Create two channels with DTLS 1.0 / DTLS 1.2 and check ciphers.
720 TEST_F(DtlsTransportChannelTest, TestDtls12Client1) {
721 SetChannelCount(2);
722 PrepareDtls(true, true, rtc::KT_DEFAULT);
723 SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
724 ASSERT_TRUE(Connect());
725 }
726
727 // Create two channels with DTLS 1.2 / DTLS 1.0 and check ciphers.
728 TEST_F(DtlsTransportChannelTest, TestDtls12Client2) {
729 SetChannelCount(2);
730 PrepareDtls(true, true, rtc::KT_DEFAULT);
731 SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
732 ASSERT_TRUE(Connect());
733 }
734
735 // Connect with DTLS, negotiating DTLS-SRTP, and transfer SRTP using bypass.
736 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtp) {
737 PrepareDtls(true, true, rtc::KT_DEFAULT);
738 ASSERT_TRUE(Connect());
739 TestTransfer(0, 1000, 100, true);
740 }
741
742 // Connect with DTLS-SRTP, transfer an invalid SRTP packet, and expects -1
743 // returned.
744 TEST_F(DtlsTransportChannelTest, TestTransferDtlsInvalidSrtpPacket) {
745 PrepareDtls(true, true, rtc::KT_DEFAULT);
746 ASSERT_TRUE(Connect());
747 int result = client1_.SendInvalidSrtpPacket(0, 100);
748 ASSERT_EQ(-1, result);
749 }
750
751 // Connect with DTLS. A does DTLS-SRTP but B does not.
752 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpRejected) {
753 PrepareDtls(true, true, rtc::KT_DEFAULT);
754 ASSERT_TRUE(Connect());
755 }
756
757 // Connect with DTLS. B does DTLS-SRTP but A does not.
758 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpNotOffered) {
759 PrepareDtls(true, true, rtc::KT_DEFAULT);
760 ASSERT_TRUE(Connect());
761 }
762
763 // Create two channels with DTLS, negotiate DTLS-SRTP, and transfer bypass SRTP.
764 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpTwoChannels) {
765 SetChannelCount(2);
766 PrepareDtls(true, true, rtc::KT_DEFAULT);
767 ASSERT_TRUE(Connect());
768 TestTransfer(0, 1000, 100, true);
769 TestTransfer(1, 1000, 100, true);
770 }
771
772 // Create a single channel with DTLS, and send normal data and SRTP data on it.
773 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpDemux) {
774 PrepareDtls(true, true, rtc::KT_DEFAULT);
775 ASSERT_TRUE(Connect());
776 TestTransfer(0, 1000, 100, false);
777 TestTransfer(0, 1000, 100, true);
778 }
779
780 // Testing when the remote is passive.
781 TEST_F(DtlsTransportChannelTest, TestTransferDtlsAnswererIsPassive) {
782 SetChannelCount(2);
783 PrepareDtls(true, true, rtc::KT_DEFAULT);
784 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
785 cricket::CONNECTIONROLE_PASSIVE));
786 TestTransfer(0, 1000, 100, true);
787 TestTransfer(1, 1000, 100, true);
788 }
789
790 // Testing with the legacy DTLS client which doesn't use setup attribute.
791 // In this case legacy is the answerer.
792 TEST_F(DtlsTransportChannelTest, TestDtlsSetupWithLegacyAsAnswerer) {
793 PrepareDtls(true, true, rtc::KT_DEFAULT);
794 NegotiateWithLegacy();
795 EXPECT_EQ(rtc::SSL_SERVER, *client1_.transport()->GetSslRole());
796 EXPECT_EQ(rtc::SSL_CLIENT, *client2_.transport()->GetSslRole());
797 }
798
799 // Testing re offer/answer after the session is estbalished. Roles will be
800 // kept same as of the previous negotiation.
801 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromOfferer) {
802 SetChannelCount(2);
803 PrepareDtls(true, true, rtc::KT_DEFAULT);
804 // Initial role for client1 is ACTPASS and client2 is ACTIVE.
805 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
806 cricket::CONNECTIONROLE_ACTIVE));
807 TestTransfer(0, 1000, 100, true);
808 TestTransfer(1, 1000, 100, true);
809 // Using input roles for the re-offer.
810 Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS,
811 cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER);
812 TestTransfer(0, 1000, 100, true);
813 TestTransfer(1, 1000, 100, true);
814 }
815
816 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromAnswerer) {
817 SetChannelCount(2);
818 PrepareDtls(true, true, rtc::KT_DEFAULT);
819 // Initial role for client1 is ACTPASS and client2 is ACTIVE.
820 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
821 cricket::CONNECTIONROLE_ACTIVE));
822 TestTransfer(0, 1000, 100, true);
823 TestTransfer(1, 1000, 100, true);
824 // Using input roles for the re-offer.
825 Renegotiate(&client2_, cricket::CONNECTIONROLE_PASSIVE,
826 cricket::CONNECTIONROLE_ACTPASS, NF_REOFFER);
827 TestTransfer(0, 1000, 100, true);
828 TestTransfer(1, 1000, 100, true);
829 }
830
831 // Test that any change in role after the intial setup will result in failure.
832 TEST_F(DtlsTransportChannelTest, TestDtlsRoleReversal) {
833 SetChannelCount(2);
834 PrepareDtls(true, true, rtc::KT_DEFAULT);
835 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
836 cricket::CONNECTIONROLE_PASSIVE));
837
838 // Renegotiate from client2 with actpass and client1 as active.
839 Renegotiate(&client2_, cricket::CONNECTIONROLE_ACTPASS,
840 cricket::CONNECTIONROLE_ACTIVE,
841 NF_REOFFER | NF_EXPECT_FAILURE);
842 }
843
844 // Test that using different setup attributes which results in similar ssl
845 // role as the initial negotiation will result in success.
846 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferWithDifferentSetupAttr) {
847 SetChannelCount(2);
848 PrepareDtls(true, true, rtc::KT_DEFAULT);
849 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
850 cricket::CONNECTIONROLE_PASSIVE));
851 // Renegotiate from client2 with actpass and client1 as active.
852 Renegotiate(&client2_, cricket::CONNECTIONROLE_ACTIVE,
853 cricket::CONNECTIONROLE_ACTPASS, NF_REOFFER);
854 TestTransfer(0, 1000, 100, true);
855 TestTransfer(1, 1000, 100, true);
856 }
857
858 // Test that re-negotiation can be started before the clients become connected
859 // in the first negotiation.
860 TEST_F(DtlsTransportChannelTest, TestRenegotiateBeforeConnect) {
861 SetChannelCount(2);
862 PrepareDtls(true, true, rtc::KT_DEFAULT);
863 Negotiate();
864
865 Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS,
866 cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER);
867 bool rv = client1_.Connect(&client2_, false);
868 EXPECT_TRUE(rv);
869 EXPECT_TRUE_SIMULATED_WAIT(client1_.all_dtls_transports_writable() &&
870 client2_.all_dtls_transports_writable(),
871 kTimeout, fake_clock_);
872
873 TestTransfer(0, 1000, 100, true);
874 TestTransfer(1, 1000, 100, true);
875 }
876
877 // Test Certificates state after negotiation but before connection.
878 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
879 PrepareDtls(true, true, rtc::KT_DEFAULT);
880 Negotiate();
881
882 rtc::scoped_refptr<rtc::RTCCertificate> certificate1;
883 rtc::scoped_refptr<rtc::RTCCertificate> certificate2;
884 std::unique_ptr<rtc::SSLCertificate> remote_cert1;
885 std::unique_ptr<rtc::SSLCertificate> remote_cert2;
886
887 // After negotiation, each side has a distinct local certificate, but still no
888 // remote certificate, because connection has not yet occurred.
889 ASSERT_TRUE(client1_.transport()->GetLocalCertificate(&certificate1));
890 ASSERT_TRUE(client2_.transport()->GetLocalCertificate(&certificate2));
891 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(),
892 certificate2->ssl_certificate().ToPEMString());
893 ASSERT_FALSE(client1_.GetDtlsTransport(0)->GetRemoteSSLCertificate());
894 ASSERT_FALSE(client2_.GetDtlsTransport(0)->GetRemoteSSLCertificate());
895 }
896
897 // Test Certificates state after connection.
898 TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) {
899 PrepareDtls(true, true, rtc::KT_DEFAULT);
900 ASSERT_TRUE(Connect());
901
902 rtc::scoped_refptr<rtc::RTCCertificate> certificate1;
903 rtc::scoped_refptr<rtc::RTCCertificate> certificate2;
904
905 // After connection, each side has a distinct local certificate.
906 ASSERT_TRUE(client1_.transport()->GetLocalCertificate(&certificate1));
907 ASSERT_TRUE(client2_.transport()->GetLocalCertificate(&certificate2));
908 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(),
909 certificate2->ssl_certificate().ToPEMString());
910
911 // Each side's remote certificate is the other side's local certificate.
912 std::unique_ptr<rtc::SSLCertificate> remote_cert1 =
913 client1_.GetDtlsTransport(0)->GetRemoteSSLCertificate();
914 ASSERT_TRUE(remote_cert1);
915 ASSERT_EQ(remote_cert1->ToPEMString(),
916 certificate2->ssl_certificate().ToPEMString());
917 std::unique_ptr<rtc::SSLCertificate> remote_cert2 =
918 client2_.GetDtlsTransport(0)->GetRemoteSSLCertificate();
919 ASSERT_TRUE(remote_cert2);
920 ASSERT_EQ(remote_cert2->ToPEMString(),
921 certificate1->ssl_certificate().ToPEMString());
922 }
923
924 // Test that packets are retransmitted according to the expected schedule.
925 // Each time a timeout occurs, the retransmission timer should be doubled up to
926 // 60 seconds. The timer defaults to 1 second, but for WebRTC we should be
927 // initializing it to 50ms.
928 TEST_F(DtlsTransportChannelTest, TestRetransmissionSchedule) {
929 // We can only change the retransmission schedule with a recently-added
930 // BoringSSL API. Skip the test if not built with BoringSSL.
931 MAYBE_SKIP_TEST(IsBoringSsl);
932
933 PrepareDtls(true, true, rtc::KT_DEFAULT);
934 // Exchange transport descriptions.
935 Negotiate(cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE);
936
937 // Make client2_ writable, but not client1_.
938 // This means client1_ will send DTLS client hellos but get no response.
939 EXPECT_TRUE(client2_.Connect(&client1_, true));
940 EXPECT_TRUE_SIMULATED_WAIT(client2_.all_ice_transports_writable(), kTimeout,
941 fake_clock_);
942
943 // Wait for the first client hello to be sent.
944 EXPECT_EQ_WAIT(1, client1_.received_dtls_client_hellos(), kTimeout);
945 EXPECT_FALSE(client1_.all_ice_transports_writable());
946
947 static int timeout_schedule_ms[] = {50, 100, 200, 400, 800, 1600,
948 3200, 6400, 12800, 25600, 51200, 60000};
949
950 int expected_hellos = 1;
951 for (size_t i = 0;
952 i < (sizeof(timeout_schedule_ms) / sizeof(timeout_schedule_ms[0]));
953 ++i) {
954 // For each expected retransmission time, advance the fake clock a
955 // millisecond before the expected time and verify that no unexpected
956 // retransmissions were sent. Then advance it the final millisecond and
957 // verify that the expected retransmission was sent.
958 fake_clock_.AdvanceTime(
959 rtc::TimeDelta::FromMilliseconds(timeout_schedule_ms[i] - 1));
960 EXPECT_EQ(expected_hellos, client1_.received_dtls_client_hellos());
961 fake_clock_.AdvanceTime(rtc::TimeDelta::FromMilliseconds(1));
962 EXPECT_EQ(++expected_hellos, client1_.received_dtls_client_hellos());
963 }
964 }
965
966 // Test that a DTLS connection can be made even if the underlying transport
967 // is connected before DTLS fingerprints/roles have been negotiated.
968 TEST_F(DtlsTransportChannelTest, TestConnectBeforeNegotiate) {
969 PrepareDtls(true, true, rtc::KT_DEFAULT);
970 ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
971 cricket::CONNECTIONROLE_ACTIVE,
972 CONNECT_BEFORE_NEGOTIATE));
973 TestTransfer(0, 1000, 100, false);
974 }
975
976 // The following events can occur in many different orders:
977 // 1. Caller receives remote fingerprint.
978 // 2. Caller is writable.
979 // 3. Caller receives ClientHello.
980 // 4. DTLS handshake finishes.
981 //
982 // The tests below cover all causally consistent permutations of these events;
983 // the caller must be writable and receive a ClientHello before the handshake
984 // finishes, but otherwise any ordering is possible.
985 //
986 // For each permutation, the test verifies that a connection is established and
987 // fingerprint verified without any DTLS packet needing to be retransmitted.
988 //
989 // Each permutation is also tested with valid and invalid fingerprints,
990 // ensuring that the handshake fails with an invalid fingerprint.
991 enum DtlsTransportEvent {
992 CALLER_RECEIVES_FINGERPRINT,
993 CALLER_WRITABLE,
994 CALLER_RECEIVES_CLIENTHELLO,
995 HANDSHAKE_FINISHES
996 };
997
998 class DtlsEventOrderingTest
999 : public DtlsTransportChannelTestBase,
1000 public ::testing::TestWithParam<
1001 ::testing::tuple<std::vector<DtlsTransportEvent>, bool>> {
1002 protected:
1003 // If |valid_fingerprint| is false, the caller will receive a fingerprint
1004 // that doesn't match the callee's certificate, so the handshake should fail.
1005 void TestEventOrdering(const std::vector<DtlsTransportEvent>& events,
1006 bool valid_fingerprint) {
1007 // Pre-setup: Set local certificate on both caller and callee, and
1008 // remote fingerprint on callee, but neither is writable and the caller
1009 // doesn't have the callee's fingerprint.
1010 PrepareDtls(true, true, rtc::KT_DEFAULT);
1011 // Simulate packets being sent and arriving asynchronously.
1012 // Otherwise the entire DTLS handshake would occur in one clock tick, and
1013 // we couldn't inject method calls in the middle of it.
1014 int simulated_delay_ms = 10;
1015 client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING,
1016 simulated_delay_ms);
1017 client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED,
1018 simulated_delay_ms);
1019 client1_.SetLocalTransportDescription(client1_.certificate(),
1020 cricket::CA_OFFER,
1021 cricket::CONNECTIONROLE_ACTPASS, 0);
1022 client2_.Negotiate(&client1_, cricket::CA_ANSWER,
1023 cricket::CONNECTIONROLE_ACTIVE,
1024 cricket::CONNECTIONROLE_ACTPASS, 0);
1025
1026 for (DtlsTransportEvent e : events) {
1027 switch (e) {
1028 case CALLER_RECEIVES_FINGERPRINT:
1029 if (valid_fingerprint) {
1030 client1_.SetRemoteTransportDescription(
1031 client2_.certificate(), cricket::CA_ANSWER,
1032 cricket::CONNECTIONROLE_ACTIVE, 0);
1033 } else {
1034 // Create a fingerprint with a correct algorithm but an invalid
1035 // digest.
1036 cricket::TransportDescription remote_desc =
1037 MakeTransportDescription(client2_.certificate(),
1038 cricket::CONNECTIONROLE_ACTIVE);
1039 ++(remote_desc.identity_fingerprint->digest[0]);
1040 // Even if certificate verification fails inside this method,
1041 // it should return true as long as the fingerprint was formatted
1042 // correctly.
1043 EXPECT_TRUE(client1_.transport()->SetRemoteTransportDescription(
1044 remote_desc, cricket::CA_ANSWER, nullptr));
1045 }
1046 break;
1047 case CALLER_WRITABLE:
1048 EXPECT_TRUE(client1_.Connect(&client2_, true));
1049 EXPECT_TRUE_SIMULATED_WAIT(client1_.all_ice_transports_writable(),
1050 kTimeout, fake_clock_);
1051 break;
1052 case CALLER_RECEIVES_CLIENTHELLO:
1053 // Sanity check that a ClientHello hasn't already been received.
1054 EXPECT_EQ(0, client1_.received_dtls_client_hellos());
1055 // Making client2_ writable will cause it to send the ClientHello.
1056 EXPECT_TRUE(client2_.Connect(&client1_, true));
1057 EXPECT_TRUE_SIMULATED_WAIT(client2_.all_ice_transports_writable(),
1058 kTimeout, fake_clock_);
1059 EXPECT_EQ_SIMULATED_WAIT(1, client1_.received_dtls_client_hellos(),
1060 kTimeout, fake_clock_);
1061 break;
1062 case HANDSHAKE_FINISHES:
1063 // Sanity check that the handshake hasn't already finished.
1064 EXPECT_FALSE(client1_.GetDtlsTransport(0)->IsDtlsConnected() ||
1065 client1_.GetDtlsTransport(0)->dtls_state() ==
1066 cricket::DTLS_TRANSPORT_FAILED);
1067 EXPECT_TRUE_SIMULATED_WAIT(
1068 client1_.GetDtlsTransport(0)->IsDtlsConnected() ||
1069 client1_.GetDtlsTransport(0)->dtls_state() ==
1070 cricket::DTLS_TRANSPORT_FAILED,
1071 kTimeout, fake_clock_);
1072 break;
1073 }
1074 }
1075
1076 cricket::DtlsTransportState expected_final_state =
1077 valid_fingerprint ? cricket::DTLS_TRANSPORT_CONNECTED
1078 : cricket::DTLS_TRANSPORT_FAILED;
1079 EXPECT_EQ_SIMULATED_WAIT(expected_final_state,
1080 client1_.GetDtlsTransport(0)->dtls_state(),
1081 kTimeout, fake_clock_);
1082 EXPECT_EQ_SIMULATED_WAIT(expected_final_state,
1083 client2_.GetDtlsTransport(0)->dtls_state(),
1084 kTimeout, fake_clock_);
1085
1086 // Channel should be writable iff there was a valid fingerprint.
1087 EXPECT_EQ(valid_fingerprint, client1_.GetDtlsTransport(0)->writable());
1088 EXPECT_EQ(valid_fingerprint, client2_.GetDtlsTransport(0)->writable());
1089
1090 // Check that no hello needed to be retransmitted.
1091 EXPECT_EQ(1, client1_.received_dtls_client_hellos());
1092 EXPECT_EQ(1, client2_.received_dtls_server_hellos());
1093
1094 if (valid_fingerprint) {
1095 TestTransfer(0, 1000, 100, false);
1096 }
1097 }
1098 };
1099
1100 TEST_P(DtlsEventOrderingTest, TestEventOrdering) {
1101 TestEventOrdering(::testing::get<0>(GetParam()),
1102 ::testing::get<1>(GetParam()));
1103 }
1104
1105 INSTANTIATE_TEST_CASE_P(
1106 TestEventOrdering,
1107 DtlsEventOrderingTest,
1108 ::testing::Combine(
1109 ::testing::Values(
1110 std::vector<DtlsTransportEvent>{
1111 CALLER_RECEIVES_FINGERPRINT, CALLER_WRITABLE,
1112 CALLER_RECEIVES_CLIENTHELLO, HANDSHAKE_FINISHES},
1113 std::vector<DtlsTransportEvent>{
1114 CALLER_WRITABLE, CALLER_RECEIVES_FINGERPRINT,
1115 CALLER_RECEIVES_CLIENTHELLO, HANDSHAKE_FINISHES},
1116 std::vector<DtlsTransportEvent>{
1117 CALLER_WRITABLE, CALLER_RECEIVES_CLIENTHELLO,
1118 CALLER_RECEIVES_FINGERPRINT, HANDSHAKE_FINISHES},
1119 std::vector<DtlsTransportEvent>{
1120 CALLER_WRITABLE, CALLER_RECEIVES_CLIENTHELLO,
1121 HANDSHAKE_FINISHES, CALLER_RECEIVES_FINGERPRINT},
1122 std::vector<DtlsTransportEvent>{
1123 CALLER_RECEIVES_FINGERPRINT, CALLER_RECEIVES_CLIENTHELLO,
1124 CALLER_WRITABLE, HANDSHAKE_FINISHES},
1125 std::vector<DtlsTransportEvent>{
1126 CALLER_RECEIVES_CLIENTHELLO, CALLER_RECEIVES_FINGERPRINT,
1127 CALLER_WRITABLE, HANDSHAKE_FINISHES},
1128 std::vector<DtlsTransportEvent>{
1129 CALLER_RECEIVES_CLIENTHELLO, CALLER_WRITABLE,
1130 CALLER_RECEIVES_FINGERPRINT, HANDSHAKE_FINISHES},
1131 std::vector<DtlsTransportEvent>{CALLER_RECEIVES_CLIENTHELLO,
1132 CALLER_WRITABLE, HANDSHAKE_FINISHES,
1133 CALLER_RECEIVES_FINGERPRINT}),
1134 ::testing::Bool()));
OLDNEW
« no previous file with comments | « webrtc/p2p/base/dtlstransportchannel.cc ('k') | webrtc/p2p/base/jseptransport.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698