Negotiate the same SRTP crypto suites for every DTLS association formed.

webrtc/p2p/base/dtlstransportchannel_unittest.cc

 /*
  *  Copyright 2011 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 59 matching lines @@
  public:
   DtlsTestClient(const std::string& name) : name_(name) {}
   void CreateCertificate(rtc::KeyType key_type) {
     certificate_ =
         rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
             rtc::SSLIdentity::Generate(name_, key_type)));
   }
   const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() {
     return certificate_;
   }
-  void SetupSrtp() {
-    EXPECT_TRUE(certificate_ != nullptr);
-    use_dtls_srtp_ = true;
-  }
   void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) {
     ssl_max_version_ = version;
   }
   void SetupChannels(int count, cricket::IceRole role, int async_delay_ms = 0) {
     transport_.reset(
         new cricket::JsepTransport("dtls content name", certificate_));
     for (int i = 0; i < count; ++i) {
       cricket::FakeIceTransport* fake_ice_channel =
           new cricket::FakeIceTransport(transport_->mid(), i);
       fake_ice_channel->SetAsync(true);
       fake_ice_channel->SetAsyncDelay(async_delay_ms);
       // Hook the raw packets so that we can verify they are encrypted.
       fake_ice_channel->SignalReadPacket.connect(
           this, &DtlsTestClient::OnFakeTransportChannelReadPacket);
 
       cricket::DtlsTransport* dtls =
-          new cricket::DtlsTransport(fake_ice_channel);
+          new cricket::DtlsTransport(fake_ice_channel, rtc::CryptoOptions());
       dtls->SetLocalCertificate(certificate_);
       dtls->ice_transport()->SetIceRole(role);
       dtls->ice_transport()->SetIceTiebreaker(
           (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2);
       dtls->SetSslMaxProtocolVersion(ssl_max_version_);
       dtls->SignalWritableState.connect(
           this, &DtlsTestClient::OnTransportChannelWritableState);
       dtls->SignalReadPacket.connect(
           this, &DtlsTestClient::OnTransportChannelReadPacket);
       dtls->SignalSentPacket.connect(
           this, &DtlsTestClient::OnTransportChannelSentPacket);
-      fake_dtls_transports_.push_back(
-          std::unique_ptr<cricket::DtlsTransport>(dtls));
+      dtls_transports_.push_back(std::unique_ptr<cricket::DtlsTransport>(dtls));
       fake_ice_transports_.push_back(
           std::unique_ptr<cricket::FakeIceTransport>(fake_ice_channel));
       transport_->AddChannel(dtls, i);
     }
   }
 
   cricket::JsepTransport* transport() { return transport_.get(); }
 
   cricket::FakeIceTransport* GetFakeIceTransort(int component) {
     for (const auto& ch : fake_ice_transports_) {
       if (ch->component() == component) {
         return ch.get();
       }
     }
     return nullptr;
   }
 
   cricket::DtlsTransport* GetDtlsTransport(int component) {
-    for (const auto& dtls : fake_dtls_transports_) {
+    for (const auto& dtls : dtls_transports_) {
       if (dtls->component() == component) {
         return dtls.get();
       }
     }
     return nullptr;
   }
 
   // Offer DTLS if we have an identity; pass in a remote fingerprint only if
   // both sides support DTLS.
   void Negotiate(DtlsTestClient* peer, cricket::ContentAction action,
                  ConnectionRole local_role, ConnectionRole remote_role,
                  int flags) {
     Negotiate(certificate_, certificate_ ? peer->certificate_ : nullptr, action,
               local_role, remote_role, flags);
   }
 
-  void MaybeSetSrtpCryptoSuites() {
-    if (!use_dtls_srtp_) {
-      return;
-    }
-    std::vector<int> ciphers;
-    ciphers.push_back(rtc::SRTP_AES128_CM_SHA1_80);
-    // SRTP ciphers will be set only in the beginning.
-    for (const auto& dtls : fake_dtls_transports_) {
-      EXPECT_TRUE(dtls->SetSrtpCryptoSuites(ciphers));
-    }
-  }
-
   void SetLocalTransportDescription(
       const rtc::scoped_refptr<rtc::RTCCertificate>& cert,
       cricket::ContentAction action,
       ConnectionRole role,
       int flags) {
     // If |NF_EXPECT_FAILURE| is set, expect SRTD or SLTD to fail when
     // content action is CA_ANSWER.
     bool expect_success =
         !((action == cricket::CA_ANSWER) && (flags & NF_EXPECT_FAILURE));
     EXPECT_EQ(expect_success,
@@ skipping 15 matching lines @@
                   MakeTransportDescription(cert, role), action, nullptr));
   }
 
   // Allow any DTLS configuration to be specified (including invalid ones).
   void Negotiate(const rtc::scoped_refptr<rtc::RTCCertificate>& local_cert,
                  const rtc::scoped_refptr<rtc::RTCCertificate>& remote_cert,
                  cricket::ContentAction action,
                  ConnectionRole local_role,
                  ConnectionRole remote_role,
                  int flags) {
-    if (!(flags & NF_REOFFER)) {
-      // SRTP ciphers will be set only in the beginning.
-      MaybeSetSrtpCryptoSuites();
-    }
     if (action == cricket::CA_OFFER) {
       SetLocalTransportDescription(local_cert, cricket::CA_OFFER, local_role,
                                    flags);
       SetRemoteTransportDescription(remote_cert, cricket::CA_ANSWER,
                                     remote_role, flags);
     } else {
       SetRemoteTransportDescription(remote_cert, cricket::CA_OFFER, remote_role,
                                     flags);
       // If remote if the offerer and has no DTLS support, answer will be
       // without any fingerprint.
       SetLocalTransportDescription(remote_cert ? local_cert : nullptr,
                                    cricket::CA_ANSWER, local_role, flags);
     }
   }
 
   bool Connect(DtlsTestClient* peer, bool asymmetric) {
     for (auto& ice : fake_ice_transports_) {
       ice->SetDestination(peer->GetFakeIceTransort(ice->component()),
                           asymmetric);
     }
     return true;
   }
 
   bool all_dtls_transports_writable() const {
-    if (fake_dtls_transports_.empty()) {
+    if (dtls_transports_.empty()) {
       return false;
     }
-    for (const auto& dtls : fake_dtls_transports_) {
+    for (const auto& dtls : dtls_transports_) {
       if (!dtls->writable()) {
         return false;
       }
     }
     return true;
   }
 
   bool all_ice_transports_writable() const {
-    if (fake_dtls_transports_.empty()) {
+    if (dtls_transports_.empty()) {
       return false;
     }
-    for (const auto& dtls : fake_dtls_transports_) {
+    for (const auto& dtls : dtls_transports_) {
       if (!dtls->ice_transport()->writable()) {
         return false;
       }
     }
     return true;
   }
 
   int received_dtls_client_hellos() const {
     return received_dtls_client_hellos_;
   }
@@ skipping 13 matching lines @@
     if (role == rtc::SSL_CLIENT) {
       ASSERT_EQ(0, received_dtls_client_hellos_);
       ASSERT_GT(received_dtls_server_hellos_, 0);
     } else {
       ASSERT_GT(received_dtls_client_hellos_, 0);
       ASSERT_EQ(0, received_dtls_server_hellos_);
     }
   }
 
   void CheckSrtp(int expected_crypto_suite) {
-    for (const auto& dtls : fake_dtls_transports_) {
+    for (const auto& dtls : dtls_transports_) {
       int crypto_suite;
 
       bool rv = dtls->GetSrtpCryptoSuite(&crypto_suite);
       if (negotiated_dtls() && expected_crypto_suite) {
         ASSERT_TRUE(rv);
 
         ASSERT_EQ(crypto_suite, expected_crypto_suite);
       } else {
         ASSERT_FALSE(rv);
       }
     }
   }
 
   void CheckSsl() {
-    for (const auto& dtls : fake_dtls_transports_) {
+    for (const auto& dtls : dtls_transports_) {
       int cipher;
 
       bool rv = dtls->GetSslCipherSuite(&cipher);
       if (negotiated_dtls()) {
         ASSERT_TRUE(rv);
 
         EXPECT_TRUE(
             rtc::SSLStreamAdapter::IsAcceptableCipher(cipher, rtc::KT_DEFAULT));
       } else {
         ASSERT_FALSE(rv);
       }
     }
   }
 
   void SendPackets(size_t transport, size_t size, size_t count, bool srtp) {
-    RTC_CHECK(transport < fake_dtls_transports_.size());
+    RTC_CHECK(transport < dtls_transports_.size());
     std::unique_ptr<char[]> packet(new char[size]);
     size_t sent = 0;
     do {
       // Fill the packet with a known value and a sequence number to check
       // against, and make sure that it doesn't look like DTLS.
       memset(packet.get(), sent & 0xff, size);
       packet[0] = (srtp) ? 0x80 : 0x00;
       rtc::SetBE32(packet.get() + kPacketNumOffset,
                    static_cast<uint32_t>(sent));
 
       // Only set the bypass flag if we've activated DTLS.
       int flags = (certificate_ && srtp) ? cricket::PF_SRTP_BYPASS : 0;
       rtc::PacketOptions packet_options;
       packet_options.packet_id = kFakePacketId;
-      int rv = fake_dtls_transports_[transport]->SendPacket(
-          packet.get(), size, packet_options, flags);
+      int rv = dtls_transports_[transport]->SendPacket(packet.get(), size,
+                                                       packet_options, flags);
       ASSERT_GT(rv, 0);
       ASSERT_EQ(size, static_cast<size_t>(rv));
       ++sent;
     } while (sent < count);
   }
 
   int SendInvalidSrtpPacket(size_t transport, size_t size) {
-    RTC_CHECK(transport < fake_dtls_transports_.size());
+    RTC_CHECK(transport < dtls_transports_.size());
     std::unique_ptr<char[]> packet(new char[size]);
     // Fill the packet with 0 to form an invalid SRTP packet.
     memset(packet.get(), 0, size);
 
     rtc::PacketOptions packet_options;
-    return fake_dtls_transports_[transport]->SendPacket(
+    return dtls_transports_[transport]->SendPacket(
         packet.get(), size, packet_options, cricket::PF_SRTP_BYPASS);
   }
 
   void ExpectPackets(size_t transport, size_t size) {
     packet_size_ = size;
     received_.clear();
   }
 
   size_t NumPacketsReceived() {
     return received_.size();
@@ skipping 83 matching lines @@
       } else if (IsRtpLeadByte(data[0])) {
         ASSERT_TRUE(VerifyPacket(data, size, NULL));
       }
     }
   }
 
  private:
   std::string name_;
   rtc::scoped_refptr<rtc::RTCCertificate> certificate_;
   std::vector<std::unique_ptr<cricket::FakeIceTransport>> fake_ice_transports_;
-  std::vector<std::unique_ptr<cricket::DtlsTransport>> fake_dtls_transports_;
+  std::vector<std::unique_ptr<cricket::DtlsTransport>> dtls_transports_;
   std::unique_ptr<cricket::JsepTransport> transport_;
   size_t packet_size_ = 0u;
   std::set<int> received_;
-  bool use_dtls_srtp_ = false;
   rtc::SSLProtocolVersion ssl_max_version_ = rtc::SSL_PROTOCOL_DTLS_12;
   int received_dtls_client_hellos_ = 0;
   int received_dtls_server_hellos_ = 0;
   rtc::SentPacket sent_packet_;
 };
 
 // Base class for DtlsTransportChannelTest and DtlsEventOrderingTest, which
 // inherit from different variants of testing::Test.
 //
 // Note that this test always uses a FakeClock, due to the |fake_clock_| member
 // variable.
 class DtlsTransportChannelTestBase {
  public:
   DtlsTransportChannelTestBase()
       : client1_("P1"),
         client2_("P2"),
         channel_ct_(1),
         use_dtls_(false),
-        use_dtls_srtp_(false),
         ssl_expected_version_(rtc::SSL_PROTOCOL_DTLS_12) {}
 
   void SetChannelCount(size_t channel_ct) {
     channel_ct_ = static_cast<int>(channel_ct);
   }
   void SetMaxProtocolVersions(rtc::SSLProtocolVersion c1,
                               rtc::SSLProtocolVersion c2) {
     client1_.SetupMaxProtocolVersion(c1);
     client2_.SetupMaxProtocolVersion(c2);
     ssl_expected_version_ = std::min(c1, c2);
   }
   void PrepareDtls(bool c1, bool c2, rtc::KeyType key_type) {
     if (c1) {
       client1_.CreateCertificate(key_type);
     }
     if (c2) {
       client2_.CreateCertificate(key_type);
     }
     if (c1 && c2)
       use_dtls_ = true;
   }
-  void PrepareDtlsSrtp(bool c1, bool c2) {
-    if (!use_dtls_)
-      return;
-
-    if (c1)
-      client1_.SetupSrtp();
-    if (c2)
-      client2_.SetupSrtp();
-
-    if (c1 && c2)
-      use_dtls_srtp_ = true;
-  }
 
   // Negotiate local/remote fingerprint before or after the underlying
   // tranpsort is connected?
   enum NegotiateOrdering { NEGOTIATE_BEFORE_CONNECT, CONNECT_BEFORE_NEGOTIATE };
   bool Connect(ConnectionRole client1_role,
                ConnectionRole client2_role,
                NegotiateOrdering ordering = NEGOTIATE_BEFORE_CONNECT) {
     bool rv;
     if (ordering == NEGOTIATE_BEFORE_CONNECT) {
       Negotiate(client1_role, client2_role);
       rv = client1_.Connect(&client2_, false);
     } else {
       client1_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLING);
       client2_.SetupChannels(channel_ct_, cricket::ICEROLE_CONTROLLED);
-      client1_.MaybeSetSrtpCryptoSuites();
-      client2_.MaybeSetSrtpCryptoSuites();
       // This is equivalent to an offer being processed on both sides, but an
       // answer not yet being received on the initiating side. So the
       // connection will be made before negotiation has finished on both sides.
       client1_.SetLocalTransportDescription(client1_.certificate(),
                                             cricket::CA_OFFER, client1_role, 0);
       client2_.SetRemoteTransportDescription(
           client1_.certificate(), cricket::CA_OFFER, client1_role, 0);
       client2_.SetLocalTransportDescription(
           client2_.certificate(), cricket::CA_ANSWER, client2_role, 0);
       rv = client1_.Connect(&client2_, false);
@@ skipping 23 matching lines @@
       rtc::SSLRole client2_ssl_role =
           (client2_role == cricket::CONNECTIONROLE_ACTIVE ||
            (client1_role == cricket::CONNECTIONROLE_PASSIVE &&
             client2_role == cricket::CONNECTIONROLE_ACTPASS)) ?
               rtc::SSL_CLIENT : rtc::SSL_SERVER;
 
       client1_.CheckRole(client1_ssl_role);
       client2_.CheckRole(client2_ssl_role);
     }
 
-    // Check that we negotiated the right ciphers.
-    if (use_dtls_srtp_) {
-      client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
-      client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80);
+    if (use_dtls_) {
+      // Check that we negotiated the right ciphers. Since GCM ciphers are not
+      // negotiated by default, we should end up with SRTP_AES128_CM_SHA1_32.
+      client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_32);
+      client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_32);
     } else {
+      // If DTLS isn't actually being used, GetSrtpCryptoSuite should return
+      // false.
       client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
       client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE);
     }
 
     client1_.CheckSsl();
     client2_.CheckSsl();
 
     return true;
   }
 
@@ skipping 54 matching lines @@
     EXPECT_EQ_SIMULATED_WAIT(count, client2_.NumPacketsReceived(), kTimeout,
                              fake_clock_);
   }
 
  protected:
   rtc::ScopedFakeClock fake_clock_;
   DtlsTestClient client1_;
   DtlsTestClient client2_;
   int channel_ct_;
   bool use_dtls_;
-  bool use_dtls_srtp_;
   rtc::SSLProtocolVersion ssl_expected_version_;
 };
 
 class DtlsTransportChannelTest : public DtlsTransportChannelTestBase,
                                  public ::testing::Test {};
 
 // Test that transport negotiation of ICE, no DTLS works properly.
 TEST_F(DtlsTransportChannelTest, TestChannelSetupIce) {
   Negotiate();
   cricket::FakeIceTransport* channel1 = client1_.GetFakeIceTransort(0);
@@ skipping 100 matching lines @@
 }
 
 // Create two channels with DTLS 1.2 / DTLS 1.0 and check ciphers.
 TEST_F(DtlsTransportChannelTest, TestDtls12Client2) {
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
   ASSERT_TRUE(Connect());
 }
 
-// Connect with DTLS, negotiate DTLS-SRTP, and transfer SRTP using bypass.
+// Connect with DTLS, negotiating DTLS-SRTP, and transfer SRTP using bypass.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtp) {
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect());
   TestTransfer(0, 1000, 100, true);
 }
 
 // Connect with DTLS-SRTP, transfer an invalid SRTP packet, and expects -1
 // returned.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsInvalidSrtpPacket) {
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect());
   int result = client1_.SendInvalidSrtpPacket(0, 100);
   ASSERT_EQ(-1, result);
 }
 
 // Connect with DTLS. A does DTLS-SRTP but B does not.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpRejected) {
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, false);
   ASSERT_TRUE(Connect());
 }
 
 // Connect with DTLS. B does DTLS-SRTP but A does not.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpNotOffered) {
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(false, true);
   ASSERT_TRUE(Connect());
 }
 
 // Create two channels with DTLS, negotiate DTLS-SRTP, and transfer bypass SRTP.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpTwoChannels) {
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect());
   TestTransfer(0, 1000, 100, true);
   TestTransfer(1, 1000, 100, true);
 }
 
 // Create a single channel with DTLS, and send normal data and SRTP data on it.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpDemux) {
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect());
   TestTransfer(0, 1000, 100, false);
   TestTransfer(0, 1000, 100, true);
 }
 
 // Testing when the remote is passive.
 TEST_F(DtlsTransportChannelTest, TestTransferDtlsAnswererIsPassive) {
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
                       cricket::CONNECTIONROLE_PASSIVE));
   TestTransfer(0, 1000, 100, true);
   TestTransfer(1, 1000, 100, true);
 }
 
 // Testing with the legacy DTLS client which doesn't use setup attribute.
 // In this case legacy is the answerer.
 TEST_F(DtlsTransportChannelTest, TestDtlsSetupWithLegacyAsAnswerer) {
   PrepareDtls(true, true, rtc::KT_DEFAULT);
   NegotiateWithLegacy();
   EXPECT_EQ(rtc::SSL_SERVER, *client1_.transport()->GetSslRole());
   EXPECT_EQ(rtc::SSL_CLIENT, *client2_.transport()->GetSslRole());
 }
 
 // Testing re offer/answer after the session is estbalished. Roles will be
 // kept same as of the previous negotiation.
 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromOfferer) {
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   // Initial role for client1 is ACTPASS and client2 is ACTIVE.
   ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
                       cricket::CONNECTIONROLE_ACTIVE));
   TestTransfer(0, 1000, 100, true);
   TestTransfer(1, 1000, 100, true);
   // Using input roles for the re-offer.
   Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS,
               cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER);
   TestTransfer(0, 1000, 100, true);
   TestTransfer(1, 1000, 100, true);
 }
 
 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromAnswerer) {
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   // Initial role for client1 is ACTPASS and client2 is ACTIVE.
   ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
                       cricket::CONNECTIONROLE_ACTIVE));
   TestTransfer(0, 1000, 100, true);
   TestTransfer(1, 1000, 100, true);
   // Using input roles for the re-offer.
   Renegotiate(&client2_, cricket::CONNECTIONROLE_PASSIVE,
               cricket::CONNECTIONROLE_ACTPASS, NF_REOFFER);
   TestTransfer(0, 1000, 100, true);
   TestTransfer(1, 1000, 100, true);
 }
 
 // Test that any change in role after the intial setup will result in failure.
 TEST_F(DtlsTransportChannelTest, TestDtlsRoleReversal) {
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
                       cricket::CONNECTIONROLE_PASSIVE));
 
   // Renegotiate from client2 with actpass and client1 as active.
   Renegotiate(&client2_, cricket::CONNECTIONROLE_ACTPASS,
               cricket::CONNECTIONROLE_ACTIVE,
               NF_REOFFER | NF_EXPECT_FAILURE);
 }
 
 // Test that using different setup attributes which results in similar ssl
 // role as the initial negotiation will result in success.
 TEST_F(DtlsTransportChannelTest, TestDtlsReOfferWithDifferentSetupAttr) {
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
                       cricket::CONNECTIONROLE_PASSIVE));
   // Renegotiate from client2 with actpass and client1 as active.
   Renegotiate(&client2_, cricket::CONNECTIONROLE_ACTIVE,
               cricket::CONNECTIONROLE_ACTPASS, NF_REOFFER);
   TestTransfer(0, 1000, 100, true);
   TestTransfer(1, 1000, 100, true);
 }
 
 // Test that re-negotiation can be started before the clients become connected
 // in the first negotiation.
 TEST_F(DtlsTransportChannelTest, TestRenegotiateBeforeConnect) {
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);
-  PrepareDtlsSrtp(true, true);
   Negotiate();
 
   Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS,
               cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER);
   bool rv = client1_.Connect(&client2_, false);
   EXPECT_TRUE(rv);
   EXPECT_TRUE_SIMULATED_WAIT(client1_.all_dtls_transports_writable() &&
                                  client2_.all_dtls_transports_writable(),
                              kTimeout, fake_clock_);
 
@@ skipping 252 matching lines @@
             std::vector<DtlsTransportEvent>{
                 CALLER_RECEIVES_CLIENTHELLO, CALLER_RECEIVES_FINGERPRINT,
                 CALLER_WRITABLE, HANDSHAKE_FINISHES},
             std::vector<DtlsTransportEvent>{
                 CALLER_RECEIVES_CLIENTHELLO, CALLER_WRITABLE,
                 CALLER_RECEIVES_FINGERPRINT, HANDSHAKE_FINISHES},
             std::vector<DtlsTransportEvent>{CALLER_RECEIVES_CLIENTHELLO,
                                             CALLER_WRITABLE, HANDSHAKE_FINISHES,
                                             CALLER_RECEIVES_FINGERPRINT}),
         ::testing::Bool()));