Negotiate the same SRTP crypto suites for every DTLS association formed.

webrtc/p2p/base/dtlstransportchannel_unittest.cc

 /*
  *  Copyright 2011 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 79 matching lines @@
     for (int i = 0; i < count; ++i) {
       cricket::FakeIceTransport* fake_ice_channel =
           new cricket::FakeIceTransport(transport_->mid(), i);
       fake_ice_channel->SetAsync(true);
       fake_ice_channel->SetAsyncDelay(async_delay_ms);
       // Hook the raw packets so that we can verify they are encrypted.
       fake_ice_channel->SignalReadPacket.connect(
           this, &DtlsTestClient::OnFakeTransportChannelReadPacket);
 
       cricket::DtlsTransport* dtls =
-          new cricket::DtlsTransport(fake_ice_channel);
+          new cricket::DtlsTransport(fake_ice_channel, rtc::CryptoOptions());
       dtls->SetLocalCertificate(certificate_);
       dtls->ice_transport()->SetIceRole(role);
       dtls->ice_transport()->SetIceTiebreaker(
           (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2);
       dtls->SetSslMaxProtocolVersion(ssl_max_version_);
       dtls->SignalWritableState.connect(
           this, &DtlsTestClient::OnTransportChannelWritableState);
       dtls->SignalReadPacket.connect(
           this, &DtlsTestClient::OnTransportChannelReadPacket);
       dtls->SignalSentPacket.connect(
@@ skipping 28 matching lines @@
 
   // Offer DTLS if we have an identity; pass in a remote fingerprint only if
   // both sides support DTLS.
   void Negotiate(DtlsTestClient* peer, cricket::ContentAction action,
                  ConnectionRole local_role, ConnectionRole remote_role,
                  int flags) {
     Negotiate(certificate_, certificate_ ? peer->certificate_ : nullptr, action,
               local_role, remote_role, flags);
   }
 
-  void MaybeSetSrtpCryptoSuites() {
-    if (!use_dtls_srtp_) {
-      return;
-    }
-    std::vector<int> ciphers;
-    ciphers.push_back(rtc::SRTP_AES128_CM_SHA1_80);
-    // SRTP ciphers will be set only in the beginning.
-    for (const auto& dtls : fake_dtls_transports_) {
-      EXPECT_TRUE(dtls->SetSrtpCryptoSuites(ciphers));
-    }
-  }
-
   void SetLocalTransportDescription(
       const rtc::scoped_refptr<rtc::RTCCertificate>& cert,
       cricket::ContentAction action,
       ConnectionRole role,
       int flags) {
     // If |NF_EXPECT_FAILURE| is set, expect SRTD or SLTD to fail when
     // content action is CA_ANSWER.
     bool expect_success =
         !((action == cricket::CA_ANSWER) && (flags & NF_EXPECT_FAILURE));
     EXPECT_EQ(expect_success,
@@ skipping 15 matching lines @@
                   MakeTransportDescription(cert, role), action, nullptr));
   }
 
   // Allow any DTLS configuration to be specified (including invalid ones).
   void Negotiate(const rtc::scoped_refptr<rtc::RTCCertificate>& local_cert,
                  const rtc::scoped_refptr<rtc::RTCCertificate>& remote_cert,
                  cricket::ContentAction action,
                  ConnectionRole local_role,
                  ConnectionRole remote_role,
                  int flags) {
-    if (!(flags & NF_REOFFER)) {
-      // SRTP ciphers will be set only in the beginning.
-      MaybeSetSrtpCryptoSuites();
-    }
     if (action == cricket::CA_OFFER) {
       SetLocalTransportDescription(local_cert, cricket::CA_OFFER, local_role,
                                    flags);
       SetRemoteTransportDescription(remote_cert, cricket::CA_ANSWER,
                                     remote_role, flags);
     } else {
       SetRemoteTransportDescription(remote_cert, cricket::CA_OFFER, remote_role,
                                     flags);
       // If remote if the offerer and has no DTLS support, answer will be
       // without any fingerprint.
@@ skipping 289 matching lines @@
   bool Connect(ConnectionRole client1_role,
                ConnectionRole client2_role,
                NegotiateOrdering ordering = NEGOTIATE_BEFORE_CONNECT) {
     bool rv;
     if (ordering == NEGOTIATE_BEFORE_CONNECT) {
       Negotiate(client1_role, client2_role);
       rv = client1_.Connect(&client2_, false);
     } else {
       client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
       client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
-      client1_.MaybeSetSrtpCryptoSuites();
-      client2_.MaybeSetSrtpCryptoSuites();
       // This is equivalent to an offer being processed on both sides, but an
       // answer not yet being received on the initiating side. So the
       // connection will be made before negotiation has finished on both sides.
       client1_.SetLocalTransportDescription(client1_.certificate(),
                                             cricket::CA_OFFER, client1_role, 0);
       client2_.SetRemoteTransportDescription(
           client1_.certificate(), cricket::CA_OFFER, client1_role, 0);
       client2_.SetLocalTransportDescription(
           client2_.certificate(), cricket::CA_ANSWER, client2_role, 0);
       rv = client1_.Connect(&client2_, false);
@@ skipping 635 matching lines @@
             std::vector<DtlsTransportEvent>{
                 CALLER_RECEIVES_CLIENTHELLO, CALLER_RECEIVES_FINGERPRINT,
                 CALLER_WRITABLE, HANDSHAKE_FINISHES},
             std::vector<DtlsTransportEvent>{
                 CALLER_RECEIVES_CLIENTHELLO, CALLER_WRITABLE,
                 CALLER_RECEIVES_FINGERPRINT, HANDSHAKE_FINISHES},
             std::vector<DtlsTransportEvent>{CALLER_RECEIVES_CLIENTHELLO,
                                             CALLER_WRITABLE, HANDSHAKE_FINISHES,
                                             CALLER_RECEIVES_FINGERPRINT}),
         ::testing::Bool()));