Chromium Code Reviews Chromium Code Reviews
Issue 1189583002:
Support generation of EC keys using P256 curve and support ECDSA certs. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2014 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2014 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 #include <string> | 11 #include <string> |
| 12 | 12 |
| 13 #include "webrtc/base/gunit.h" | 13 #include "webrtc/base/gunit.h" |
| 14 #include "webrtc/base/ipaddress.h" | 14 #include "webrtc/base/ipaddress.h" |
| 15 #include "webrtc/base/socketstream.h" | 15 #include "webrtc/base/socketstream.h" |
| 16 #include "webrtc/base/ssladapter.h" | 16 #include "webrtc/base/ssladapter.h" |
| 17 #include "webrtc/base/sslstreamadapter.h" | 17 #include "webrtc/base/sslstreamadapter.h" |
| 18 #include "webrtc/base/sslidentity.h" | |
| 18 #include "webrtc/base/stream.h" | 19 #include "webrtc/base/stream.h" |
| 19 #include "webrtc/base/virtualsocketserver.h" | 20 #include "webrtc/base/virtualsocketserver.h" |
| 20 | 21 |
| 21 static const int kTimeout = 5000; | 22 static const int kTimeout = 5000; |
| 22 | 23 |
| 23 static rtc::AsyncSocket* CreateSocket(const rtc::SSLMode& ssl_mode) { | 24 static rtc::AsyncSocket* CreateSocket(const rtc::SSLMode& ssl_mode) { |
| 24 rtc::SocketAddress address(rtc::IPAddress(INADDR_ANY), 0); | 25 rtc::SocketAddress address(rtc::IPAddress(INADDR_ANY), 0); |
| 25 | 26 |
| 26 rtc::AsyncSocket* socket = rtc::Thread::Current()-> | 27 rtc::AsyncSocket* socket = rtc::Thread::Current()-> |
| 27 socketserver()->CreateAsyncSocket( | 28 socketserver()->CreateAsyncSocket( |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 122 private: | 123 private: |
| 123 const rtc::SSLMode ssl_mode_; | 124 const rtc::SSLMode ssl_mode_; |
| 124 | 125 |
| 125 rtc::scoped_ptr<rtc::SSLAdapter> ssl_adapter_; | 126 rtc::scoped_ptr<rtc::SSLAdapter> ssl_adapter_; |
| 126 | 127 |
| 127 std::string data_; | 128 std::string data_; |
| 128 }; | 129 }; |
| 129 | 130 |
| 130 class SSLAdapterTestDummyServer : public sigslot::has_slots<> { | 131 class SSLAdapterTestDummyServer : public sigslot::has_slots<> { |
| 131 public: | 132 public: |
| 132 explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode) | 133 explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode, |
| 134 const rtc::KeyType key_type) | |
| 133 : ssl_mode_(ssl_mode) { | 135 : ssl_mode_(ssl_mode) { |
| 134 // Generate a key pair and a certificate for this host. | 136 // Generate a key pair and a certificate for this host. |
| 135 ssl_identity_.reset(rtc::SSLIdentity::Generate(GetHostname())); | 137 ssl_identity_.reset(rtc::SSLIdentity::Generate(GetHostname(), key_type)); |
| 136 | 138 |
| 137 server_socket_.reset(CreateSocket(ssl_mode_)); | 139 server_socket_.reset(CreateSocket(ssl_mode_)); |
| 138 | 140 |
| 139 if (ssl_mode_ == rtc::SSL_MODE_TLS) { | 141 if (ssl_mode_ == rtc::SSL_MODE_TLS) { |
| 140 server_socket_->SignalReadEvent.connect(this, | 142 server_socket_->SignalReadEvent.connect(this, |
| 141 &SSLAdapterTestDummyServer::OnServerSocketReadEvent); | 143 &SSLAdapterTestDummyServer::OnServerSocketReadEvent); |
| 142 | 144 |
| 143 server_socket_->Listen(1); | 145 server_socket_->Listen(1); |
| 144 } | 146 } |
| 145 | 147 |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 261 rtc::scoped_ptr<rtc::SSLStreamAdapter> ssl_stream_adapter_; | 263 rtc::scoped_ptr<rtc::SSLStreamAdapter> ssl_stream_adapter_; |
| 262 | 264 |
| 263 rtc::scoped_ptr<rtc::SSLIdentity> ssl_identity_; | 265 rtc::scoped_ptr<rtc::SSLIdentity> ssl_identity_; |
| 264 | 266 |
| 265 std::string data_; | 267 std::string data_; |
| 266 }; | 268 }; |
| 267 | 269 |
| 268 class SSLAdapterTestBase : public testing::Test, | 270 class SSLAdapterTestBase : public testing::Test, |
| 269 public sigslot::has_slots<> { | 271 public sigslot::has_slots<> { |
| 270 public: | 272 public: |
| 271 explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode) | 273 explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode, |
| 274 const rtc::KeyType key_type) | |
| 272 : ssl_mode_(ssl_mode), | 275 : ssl_mode_(ssl_mode), |
| 273 ss_scope_(new rtc::VirtualSocketServer(NULL)), | 276 ss_scope_(new rtc::VirtualSocketServer(NULL)), |
| 274 server_(new SSLAdapterTestDummyServer(ssl_mode_)), | 277 server_(new SSLAdapterTestDummyServer(ssl_mode_, key_type)), |
| 275 client_(new SSLAdapterTestDummyClient(ssl_mode_)), | 278 client_(new SSLAdapterTestDummyClient(ssl_mode_)), |
| 276 handshake_wait_(kTimeout) { | 279 handshake_wait_(kTimeout) {} |
| 277 } | |
| 278 | 280 |
| 279 void SetHandshakeWait(int wait) { | 281 void SetHandshakeWait(int wait) { |
| 280 handshake_wait_ = wait; | 282 handshake_wait_ = wait; |
| 281 } | 283 } |
| 282 | 284 |
| 283 void TestHandshake(bool expect_success) { | 285 void TestHandshake(bool expect_success) { |
| 284 int rv; | 286 int rv; |
| 285 | 287 |
| 286 // The initial state is CS_CLOSED | 288 // The initial state is CS_CLOSED |
| 287 ASSERT_EQ(rtc::AsyncSocket::CS_CLOSED, client_->GetState()); | 289 ASSERT_EQ(rtc::AsyncSocket::CS_CLOSED, client_->GetState()); |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 336 const rtc::SSLMode ssl_mode_; | 338 const rtc::SSLMode ssl_mode_; |
| 337 | 339 |
| 338 const rtc::SocketServerScope ss_scope_; | 340 const rtc::SocketServerScope ss_scope_; |
| 339 | 341 |
| 340 rtc::scoped_ptr<SSLAdapterTestDummyServer> server_; | 342 rtc::scoped_ptr<SSLAdapterTestDummyServer> server_; |
| 341 rtc::scoped_ptr<SSLAdapterTestDummyClient> client_; | 343 rtc::scoped_ptr<SSLAdapterTestDummyClient> client_; |
| 342 | 344 |
| 343 int handshake_wait_; | 345 int handshake_wait_; |
| 344 }; | 346 }; |
| 345 | 347 |
| 346 class SSLAdapterTestTLS : public SSLAdapterTestBase { | 348 class SSLAdapterTestTLS_RSA : public SSLAdapterTestBase { |
| 347 public: | 349 public: |
| 348 SSLAdapterTestTLS() : SSLAdapterTestBase(rtc::SSL_MODE_TLS) {} | 350 SSLAdapterTestTLS_RSA() |
| 351 : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KT_RSA) {} | |
| 349 }; | 352 }; |
| 350 | 353 |
| 351 class SSLAdapterTestDTLS : public SSLAdapterTestBase { | 354 class SSLAdapterTestTLS_ECDSA : public SSLAdapterTestBase { |
| 352 public: | 355 public: |
| 353 SSLAdapterTestDTLS() : SSLAdapterTestBase(rtc::SSL_MODE_DTLS) {} | 356 SSLAdapterTestTLS_ECDSA() |
| 357 : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KT_ECDSA) {} | |
| 358 }; | |
| 359 | |
| 360 class SSLAdapterTestDTLS_RSA : public SSLAdapterTestBase { | |
| 361 public: | |
| 362 SSLAdapterTestDTLS_RSA() | |
| 363 : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KT_RSA) {} | |
| 364 }; | |
| 365 | |
| 366 class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase { | |
| 367 public: | |
| 368 SSLAdapterTestDTLS_ECDSA() | |
| 369 : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KT_ECDSA) {} | |
| 354 }; | 370 }; |
| 355 | 371 |
| 356 #if SSL_USE_OPENSSL | 372 #if SSL_USE_OPENSSL |
| 357 | 373 |
| 358 // Basic tests: TLS | 374 // Basic tests: TLS |
| 359 | 375 |
| 360 // Test that handshake works | 376 // Test that handshake works, using RSA |
| 361 TEST_F(SSLAdapterTestTLS, TestTLSConnect) { | 377 TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnect) { |
| 362 TestHandshake(true); | 378 TestHandshake(true); |
| 363 } | 379 } |
| 364 | 380 |
| 365 // Test transfer between client and server | 381 // Test that handshake works, using ECDSA |
| 366 TEST_F(SSLAdapterTestTLS, TestTLSTransfer) { | 382 TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnect) { |
| 383 TestHandshake(true); | |
| 384 } | |
| 385 | |
| 386 // Test transfer between client and server, using RSA | |
| 387 TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransfer) { | |
| 367 TestHandshake(true); | 388 TestHandshake(true); |
| 368 TestTransfer("Hello, world!"); | 389 TestTransfer("Hello, world!"); |
| 369 } | 390 } |
| 391 | |
| 392 // Test transfer between client and server, using ECDSA | |
| 393 TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransfer) { | |
| 394 TestHandshake(true); | |
| 395 TestTransfer("Hello, world!"); | |
| 396 } | |
| 370 | 397 |
| 371 // Basic tests: DTLS | 398 // Basic tests: DTLS |
| 372 | 399 |
| 373 // Test that handshake works | 400 // Test that handshake works |
| 374 TEST_F(SSLAdapterTestDTLS, TestDTLSConnect) { | 401 TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnect) { |
|
juberti1
2015/06/26 19:16:01
I think we need to add DTLS with ECDSA tests here.
torbjorng (webrtc)
2015/07/02 12:35:07
Oops. (I suppose this could use TEST_P here for a
| |
| 375 TestHandshake(true); | 402 TestHandshake(true); |
| 376 } | 403 } |
| 377 | 404 |
| 378 // Test transfer between client and server | 405 // Test transfer between client and server |
| 379 TEST_F(SSLAdapterTestDTLS, TestDTLSTransfer) { | 406 TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransfer) { |
| 380 TestHandshake(true); | 407 TestHandshake(true); |
| 381 TestTransfer("Hello, world!"); | 408 TestTransfer("Hello, world!"); |
| 382 } | 409 } |
| 383 | 410 |
| 384 #endif // SSL_USE_OPENSSL | 411 #endif // SSL_USE_OPENSSL |
| 385 | |
| OLD | NEW |
