Support generation of EC keys using P256 curve and support ECDSA certs.

webrtc/base/sslstreamadapter_unittest.cc

 /*
  *  Copyright 2011 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
 
 #include <algorithm>
 #include <set>
 #include <string>
 
 #include "webrtc/base/gunit.h"
 #include "webrtc/base/helpers.h"
 #include "webrtc/base/scoped_ptr.h"
 #include "webrtc/base/ssladapter.h"
 #include "webrtc/base/sslconfig.h"
 #include "webrtc/base/sslidentity.h"
 #include "webrtc/base/sslstreamadapter.h"
 #include "webrtc/base/stream.h"
 #include "webrtc/test/testsupport/gtest_disable.h"
 
+using ::testing::WithParamInterface;
+using ::testing::Values;
+using ::testing::Combine;
+using ::testing::tuple;
+
 static const int kBlockSize = 4096;
 static const char kAES_CM_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
 static const char kAES_CM_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
 static const char kExporterLabel[] = "label";
 static const unsigned char kExporterContext[] = "context";
 static int kExporterContextLen = sizeof(kExporterContext);
 
 static const char kRSA_PRIVATE_KEY_PEM[] =
     "-----BEGIN RSA PRIVATE KEY-----\n"
     "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
@@ skipping 115 matching lines @@
   bool first_packet_;
 };
 
 static const int kFifoBufferSize = 4096;
 
 class SSLStreamAdapterTestBase : public testing::Test,
                                  public sigslot::has_slots<> {
  public:
   SSLStreamAdapterTestBase(const std::string& client_cert_pem,
                            const std::string& client_private_key_pem,
-                           bool dtls) :
-      client_buffer_(kFifoBufferSize), server_buffer_(kFifoBufferSize),
-      client_stream_(
-          new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_)),
-      server_stream_(
-          new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_)),
-      client_ssl_(rtc::SSLStreamAdapter::Create(client_stream_)),
-      server_ssl_(rtc::SSLStreamAdapter::Create(server_stream_)),
-      client_identity_(NULL), server_identity_(NULL),
-      delay_(0), mtu_(1460), loss_(0), lose_first_packet_(false),
-      damage_(false), dtls_(dtls),
-      handshake_wait_(5000), identities_set_(false) {
+                           bool dtls,
+                           rtc::KeyType client_key_type = rtc::KT_DEFAULT,
+                           rtc::KeyType server_key_type = rtc::KT_DEFAULT)
+      : client_buffer_(kFifoBufferSize),
+        server_buffer_(kFifoBufferSize),
+        client_stream_(
+            new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_)),
+        server_stream_(
+            new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_)),
+        client_ssl_(rtc::SSLStreamAdapter::Create(client_stream_)),
+        server_ssl_(rtc::SSLStreamAdapter::Create(server_stream_)),
+        client_identity_(NULL),
+        server_identity_(NULL),
+        delay_(0),
+        mtu_(1460),
+        loss_(0),
+        lose_first_packet_(false),
+        damage_(false),
+        dtls_(dtls),
+        handshake_wait_(5000),
+        identities_set_(false) {
     // Set use of the test RNG to get predictable loss patterns.
     rtc::SetRandomTestMode(true);
 
     // Set up the slots
     client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
     server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
 
     if (!client_cert_pem.empty() && !client_private_key_pem.empty()) {
       client_identity_ = rtc::SSLIdentity::FromPEMStrings(
           client_private_key_pem, client_cert_pem);
     } else {
-      client_identity_ = rtc::SSLIdentity::Generate("client");
+      client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type);
     }
-    server_identity_ = rtc::SSLIdentity::Generate("server");
+    server_identity_ = rtc::SSLIdentity::Generate("server", server_key_type);
 
     client_ssl_->SetIdentity(client_identity_);
     server_ssl_->SetIdentity(server_identity_);
   }
 
   ~SSLStreamAdapterTestBase() {
     // Put it back for the next test.
     rtc::SetRandomTestMode(false);
   }
 
   // Recreate the client/server identities with the specified validity period.
   // |not_before| and |not_after| are offsets from the current time in number
   // of seconds.
   void ResetIdentitiesWithValidity(int not_before, int not_after) {
     client_stream_ =
         new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_);
     server_stream_ =
         new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_);
 
     client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
     server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
 
     client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
     server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
 
     rtc::SSLIdentityParams client_params;
     client_params.common_name = "client";
     client_params.not_before = not_before;
     client_params.not_after = not_after;
+    client_params.key_type = rtc::KT_DEFAULT;
     client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params);
 
     rtc::SSLIdentityParams server_params;
     server_params.common_name = "server";
     server_params.not_before = not_before;
     server_params.not_after = not_after;
+    server_params.key_type = rtc::KT_DEFAULT;
     server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params);
 
     client_ssl_->SetIdentity(client_identity_);
     server_ssl_->SetIdentity(server_identity_);
   }
 
   virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) {
     LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig;
 
     if (sig & rtc::SE_READ) {
@@ skipping 205 matching lines @@
   int delay_;
   size_t mtu_;
   int loss_;
   bool lose_first_packet_;
   bool damage_;
   bool dtls_;
   int handshake_wait_;
   bool identities_set_;
 };
 
-class SSLStreamAdapterTestTLS : public SSLStreamAdapterTestBase {
+class SSLStreamAdapterTestTLS
+    : public SSLStreamAdapterTestBase,
+      public WithParamInterface<tuple<rtc::KeyType, rtc::KeyType>> {
  public:
-  SSLStreamAdapterTestTLS() :
-      SSLStreamAdapterTestBase("", "", false) {
-  };
+  SSLStreamAdapterTestTLS()
+      : SSLStreamAdapterTestBase("",
+                                 "",
+                                 false,
+                                 ::testing::get<0>(GetParam()),
+                                 ::testing::get<1>(GetParam())){};
 
   // Test data transfer for TLS
   virtual void TestTransfer(int size) {
     LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";
     // Create some dummy data to send.
     size_t received;
 
     send_stream_.ReserveSize(size);
     for (int i = 0; i < size; ++i) {
       char ch = static_cast<char>(i);
@@ skipping 78 matching lines @@
 
       recv_stream_.Write(buffer, bread, NULL, NULL);
     }
   }
 
  private:
   rtc::MemoryStream send_stream_;
   rtc::MemoryStream recv_stream_;
 };
 
-class SSLStreamAdapterTestDTLS : public SSLStreamAdapterTestBase {
+class SSLStreamAdapterTestDTLS
+    : public SSLStreamAdapterTestBase,
+      public WithParamInterface<tuple<rtc::KeyType, rtc::KeyType>> {
  public:
-  SSLStreamAdapterTestDTLS() :
-      SSLStreamAdapterTestBase("", "", true),
-      packet_size_(1000), count_(0), sent_(0) {
-  }
+  SSLStreamAdapterTestDTLS()
+      : SSLStreamAdapterTestBase("",
+                                 "",
+                                 true,
+                                 ::testing::get<0>(GetParam()),
+                                 ::testing::get<1>(GetParam())),
+        packet_size_(1000),
+        count_(0),
+        sent_(0) {}
 
   SSLStreamAdapterTestDTLS(const std::string& cert_pem,
                            const std::string& private_key_pem) :
       SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),
       packet_size_(1000), count_(0), sent_(0) {
   }
 
   virtual void WriteData() {
     unsigned char *packet = new unsigned char[1600];
 
@@ skipping 104 matching lines @@
       SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {
   }
 };
 
 // Basic tests: TLS
 
 // Test that we cannot read/write if we have not yet handshaked.
 // This test only applies to NSS because OpenSSL has passthrough
 // semantics for I/O before the handshake is started.
 #if SSL_USE_NSS
-TEST_F(SSLStreamAdapterTestTLS, TestNoReadWriteBeforeConnect) {
+TEST_P(SSLStreamAdapterTestTLS, TestNoReadWriteBeforeConnect) {
   rtc::StreamResult rv;
   char block[kBlockSize];
   size_t dummy;
 
   rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL);
   ASSERT_EQ(rtc::SR_BLOCK, rv);
 
   rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL);
   ASSERT_EQ(rtc::SR_BLOCK, rv);
 }
 #endif
 
 
 // Test that we can make a handshake work
-TEST_F(SSLStreamAdapterTestTLS, TestTLSConnect) {
+TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) {
   TestHandshake();
 };
 
 // Test that closing the connection on one side updates the other side.
-TEST_F(SSLStreamAdapterTestTLS, TestTLSClose) {
+TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) {
   TestHandshake();
   client_ssl_->Close();
   EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);
 };
 
 // Test transfer -- trivial
-TEST_F(SSLStreamAdapterTestTLS, TestTLSTransfer) {
+TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) {
   TestHandshake();
   TestTransfer(100000);
 };
 
 // Test read-write after close.
-TEST_F(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
+TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
   TestHandshake();
   TestTransfer(100000);
   client_ssl_->Close();
 
   rtc::StreamResult rv;
   char block[kBlockSize];
   size_t dummy;
 
   // It's an error to write after closed.
   rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL);
   ASSERT_EQ(rtc::SR_ERROR, rv);
 
   // But after closed read gives you EOS.
   rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL);
   ASSERT_EQ(rtc::SR_EOS, rv);
 };
 
 // Test a handshake with a bogus peer digest
-TEST_F(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
+TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
   SetPeerIdentitiesByDigest(false);
   TestHandshake(false);
 };
 
 // Test moving a bunch of data
 
 // Basic tests: DTLS
 // Test that we can make a handshake work
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
   MAYBE_SKIP_TEST(HaveDtls);
   TestHandshake();
 };
 
 // Test that we can make a handshake work if the first packet in
 // each direction is lost. This gives us predictable loss
 // rather than having to tune random
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
   MAYBE_SKIP_TEST(HaveDtls);
   SetLoseFirstPacket(true);
   TestHandshake();
 };
 
 // Test a handshake with loss and delay
-TEST_F(SSLStreamAdapterTestDTLS,
-       TestDTLSConnectWithLostFirstPacketDelay2s) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
   MAYBE_SKIP_TEST(HaveDtls);
   SetLoseFirstPacket(true);
   SetDelay(2000);
   SetHandshakeWait(20000);
   TestHandshake();
 };
 
 // Test a handshake with small MTU
 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
-TEST_F(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
+TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
   MAYBE_SKIP_TEST(HaveDtls);
   SetMtu(700);
   SetHandshakeWait(20000);
   TestHandshake();
 };
 
 // Test transfer -- trivial
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
   MAYBE_SKIP_TEST(HaveDtls);
   TestHandshake();
   TestTransfer(100);
 };
 
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
   MAYBE_SKIP_TEST(HaveDtls);
   TestHandshake();
   SetLoss(10);
   TestTransfer(100);
 };
 
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
   MAYBE_SKIP_TEST(HaveDtls);
   SetDamage();  // Must be called first because first packet
                 // write happens at end of handshake.
   TestHandshake();
   TestTransfer(100);
 };
 
 // Test DTLS-SRTP with all high ciphers
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
   MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<std::string> high;
   high.push_back(kAES_CM_HMAC_SHA1_80);
   SetDtlsSrtpCiphers(high, true);
   SetDtlsSrtpCiphers(high, false);
   TestHandshake();
 
   std::string client_cipher;
   ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
   std::string server_cipher;
   ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
 
   ASSERT_EQ(client_cipher, server_cipher);
   ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
 };
 
 // Test DTLS-SRTP with all low ciphers
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
   MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<std::string> low;
   low.push_back(kAES_CM_HMAC_SHA1_32);
   SetDtlsSrtpCiphers(low, true);
   SetDtlsSrtpCiphers(low, false);
   TestHandshake();
 
   std::string client_cipher;
   ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
   std::string server_cipher;
   ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
 
   ASSERT_EQ(client_cipher, server_cipher);
   ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_32);
 };
 
 
 // Test DTLS-SRTP with a mismatch -- should not converge
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
   MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<std::string> high;
   high.push_back(kAES_CM_HMAC_SHA1_80);
   std::vector<std::string> low;
   low.push_back(kAES_CM_HMAC_SHA1_32);
   SetDtlsSrtpCiphers(high, true);
   SetDtlsSrtpCiphers(low, false);
   TestHandshake();
 
   std::string client_cipher;
   ASSERT_FALSE(GetDtlsSrtpCipher(true, &client_cipher));
   std::string server_cipher;
   ASSERT_FALSE(GetDtlsSrtpCipher(false, &server_cipher));
 };
 
 // Test DTLS-SRTP with each side being mixed -- should select high
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
   MAYBE_SKIP_TEST(HaveDtlsSrtp);
   std::vector<std::string> mixed;
   mixed.push_back(kAES_CM_HMAC_SHA1_80);
   mixed.push_back(kAES_CM_HMAC_SHA1_32);
   SetDtlsSrtpCiphers(mixed, true);
   SetDtlsSrtpCiphers(mixed, false);
   TestHandshake();
 
   std::string client_cipher;
   ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
   std::string server_cipher;
   ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
 
   ASSERT_EQ(client_cipher, server_cipher);
   ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
 };
 
 // Test an exporter
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
+TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
   MAYBE_SKIP_TEST(HaveExporter);
   TestHandshake();
   unsigned char client_out[20];
   unsigned char server_out[20];
 
   bool result;
   result = ExportKeyingMaterial(kExporterLabel,
                                 kExporterContext, kExporterContextLen,
                                 true, true,
                                 client_out, sizeof(client_out));
   ASSERT_TRUE(result);
 
   result = ExportKeyingMaterial(kExporterLabel,
                                 kExporterContext, kExporterContextLen,
                                 true, false,
                                 server_out, sizeof(server_out));
   ASSERT_TRUE(result);
 
   ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));
 }
 
 // Test not yet valid certificates are not rejected.
-TEST_F(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
+TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
   MAYBE_SKIP_TEST(HaveDtls);
   long one_day = 60 * 60 * 24;
   // Make the certificates not valid until one day later.
   ResetIdentitiesWithValidity(one_day, one_day);
   TestHandshake();
 }
 
 // Test expired certificates are not rejected.
-TEST_F(SSLStreamAdapterTestDTLS, TestCertExpired) {
+TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
   MAYBE_SKIP_TEST(HaveDtls);
   long one_day = 60 * 60 * 24;
   // Make the certificates already expired.
   ResetIdentitiesWithValidity(-one_day, -one_day);
   TestHandshake();
 }
 
 // Test data transfer using certs created from strings.
-TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
+TEST_P(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
   MAYBE_SKIP_TEST(HaveDtls);
   TestHandshake();
   TestTransfer(100);
 }
 
 // Test getting the remote certificate.
-TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
+TEST_P(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
   MAYBE_SKIP_TEST(HaveDtls);
 
   // Peer certificates haven't been received yet.
   rtc::scoped_ptr<rtc::SSLCertificate> client_peer_cert;
   ASSERT_FALSE(GetPeerCertificate(true, client_peer_cert.accept()));
   ASSERT_FALSE(client_peer_cert != NULL);
 
   rtc::scoped_ptr<rtc::SSLCertificate> server_peer_cert;
   ASSERT_FALSE(GetPeerCertificate(false, server_peer_cert.accept()));
   ASSERT_FALSE(server_peer_cert != NULL);
@@ skipping 19 matching lines @@
   // It's kCERT_PEM
   ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
 
   // It must not have a chain, because the test certs are self-signed.
   rtc::SSLCertChain* server_peer_chain;
   ASSERT_FALSE(server_peer_cert->GetChain(&server_peer_chain));
 }
 
 // Test getting the used DTLS ciphers.
 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
-TEST_F(SSLStreamAdapterTestDTLS, TestGetSslCipher) {
+TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipher) {
   MAYBE_SKIP_TEST(HaveDtls);
   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
   TestHandshake();
 
   std::string client_cipher;
   ASSERT_TRUE(GetSslCipher(true, &client_cipher));
   std::string server_cipher;
   ASSERT_TRUE(GetSslCipher(false, &server_cipher));
 
   ASSERT_EQ(client_cipher, server_cipher);
-  ASSERT_EQ(
-      rtc::SSLStreamAdapter::GetDefaultSslCipher(rtc::SSL_PROTOCOL_DTLS_10),
-      client_cipher);
+  ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipher(
+                rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())),
+            server_cipher);
 }
 
 // Test getting the used DTLS 1.2 ciphers.
 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
-TEST_F(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Both) {
+TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Both) {
   MAYBE_SKIP_TEST(HaveDtls);
   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
   TestHandshake();
 
   std::string client_cipher;
   ASSERT_TRUE(GetSslCipher(true, &client_cipher));
   std::string server_cipher;
   ASSERT_TRUE(GetSslCipher(false, &server_cipher));
 
   ASSERT_EQ(client_cipher, server_cipher);
-  ASSERT_EQ(
-      rtc::SSLStreamAdapter::GetDefaultSslCipher(rtc::SSL_PROTOCOL_DTLS_12),
-      client_cipher);
+  ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipher(
+                rtc::SSL_PROTOCOL_DTLS_12, ::testing::get<1>(GetParam())),
+            server_cipher);
 }
 
 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
-TEST_F(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Client) {
+TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Client) {
   MAYBE_SKIP_TEST(HaveDtls);
   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
   TestHandshake();
 
   std::string client_cipher;
   ASSERT_TRUE(GetSslCipher(true, &client_cipher));
   std::string server_cipher;
   ASSERT_TRUE(GetSslCipher(false, &server_cipher));
 
   ASSERT_EQ(client_cipher, server_cipher);
-  ASSERT_EQ(
-      rtc::SSLStreamAdapter::GetDefaultSslCipher(rtc::SSL_PROTOCOL_DTLS_10),
-      client_cipher);
+  ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipher(
+                rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())),
+            server_cipher);
 }
 
 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
-TEST_F(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Server) {
+TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Server) {
   MAYBE_SKIP_TEST(HaveDtls);
   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
   TestHandshake();
 
   std::string client_cipher;
   ASSERT_TRUE(GetSslCipher(true, &client_cipher));
   std::string server_cipher;
   ASSERT_TRUE(GetSslCipher(false, &server_cipher));
 
   ASSERT_EQ(client_cipher, server_cipher);
-  ASSERT_EQ(
-      rtc::SSLStreamAdapter::GetDefaultSslCipher(rtc::SSL_PROTOCOL_DTLS_10),
-      client_cipher);
+  ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipher(
+                rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())),
+            server_cipher);
 }
+
+INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsTLS,
+                        SSLStreamAdapterTestTLS,
+                        Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA),
+                                Values(rtc::KT_RSA, rtc::KT_ECDSA)));
+INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsDTLS,
+                        SSLStreamAdapterTestDTLS,
+                        Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA),
+                                Values(rtc::KT_RSA, rtc::KT_ECDSA)));