Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1094)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/base/sslstreamadapter_unittest.cc

Issue 1189583002: Support generation of EC keys using P256 curve and support ECDSA certs. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: generalize ssl testing code, misc fixes Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« webrtc/base/sslstreamadapter.h ('K') | « webrtc/base/sslstreamadapter.cc ('k') | webrtc/p2p/base/dtlstransportchannel_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
11 11
12 #include <algorithm> 12 #include <algorithm>
13 #include <set> 13 #include <set>
14 #include <string> 14 #include <string>
15 15
16 #include "webrtc/base/gunit.h" 16 #include "webrtc/base/gunit.h"
17 #include "webrtc/base/helpers.h" 17 #include "webrtc/base/helpers.h"
18 #include "webrtc/base/scoped_ptr.h" 18 #include "webrtc/base/scoped_ptr.h"
19 #include "webrtc/base/ssladapter.h" 19 #include "webrtc/base/ssladapter.h"
20 #include "webrtc/base/sslconfig.h" 20 #include "webrtc/base/sslconfig.h"
21 #include "webrtc/base/sslidentity.h" 21 #include "webrtc/base/sslidentity.h"
22 #include "webrtc/base/sslstreamadapter.h" 22 #include "webrtc/base/sslstreamadapter.h"
23 #include "webrtc/base/stream.h" 23 #include "webrtc/base/stream.h"
24 #include "webrtc/test/testsupport/gtest_disable.h" 24 #include "webrtc/test/testsupport/gtest_disable.h"
25 25
26 using ::testing::WithParamInterface;
27 using ::testing::Values;
28 using ::testing::Combine;
29 using ::testing::tuple;
30
26 static const int kBlockSize = 4096; 31 static const int kBlockSize = 4096;
27 static const char kAES_CM_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80"; 32 static const char kAES_CM_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
28 static const char kAES_CM_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32"; 33 static const char kAES_CM_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
29 static const char kExporterLabel[] = "label"; 34 static const char kExporterLabel[] = "label";
30 static const unsigned char kExporterContext[] = "context"; 35 static const unsigned char kExporterContext[] = "context";
31 static int kExporterContextLen = sizeof(kExporterContext); 36 static int kExporterContextLen = sizeof(kExporterContext);
32 37
33 static const char kRSA_PRIVATE_KEY_PEM[] = 38 static const char kRSA_PRIVATE_KEY_PEM[] =
34 "-----BEGIN RSA PRIVATE KEY-----\n" 39 "-----BEGIN RSA PRIVATE KEY-----\n"
35 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n" 40 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
151 bool first_packet_; 156 bool first_packet_;
152 }; 157 };
153 158
154 static const int kFifoBufferSize = 4096; 159 static const int kFifoBufferSize = 4096;
155 160
156 class SSLStreamAdapterTestBase : public testing::Test, 161 class SSLStreamAdapterTestBase : public testing::Test,
157 public sigslot::has_slots<> { 162 public sigslot::has_slots<> {
158 public: 163 public:
159 SSLStreamAdapterTestBase(const std::string& client_cert_pem, 164 SSLStreamAdapterTestBase(const std::string& client_cert_pem,
160 const std::string& client_private_key_pem, 165 const std::string& client_private_key_pem,
161 bool dtls) : 166 bool dtls,
162 client_buffer_(kFifoBufferSize), server_buffer_(kFifoBufferSize), 167 rtc::KeyType client_key_type = rtc::KT_DEFAULT,
163 client_stream_( 168 rtc::KeyType server_key_type = rtc::KT_DEFAULT)
164 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_)), 169 : client_buffer_(kFifoBufferSize),
165 server_stream_( 170 server_buffer_(kFifoBufferSize),
166 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_)), 171 client_stream_(
167 client_ssl_(rtc::SSLStreamAdapter::Create(client_stream_)), 172 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_)),
168 server_ssl_(rtc::SSLStreamAdapter::Create(server_stream_)), 173 server_stream_(
169 client_identity_(NULL), server_identity_(NULL), 174 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_)),
170 delay_(0), mtu_(1460), loss_(0), lose_first_packet_(false), 175 client_ssl_(rtc::SSLStreamAdapter::Create(client_stream_)),
171 damage_(false), dtls_(dtls), 176 server_ssl_(rtc::SSLStreamAdapter::Create(server_stream_)),
172 handshake_wait_(5000), identities_set_(false) { 177 client_identity_(NULL),
178 server_identity_(NULL),
179 delay_(0),
180 mtu_(1460),
181 loss_(0),
182 lose_first_packet_(false),
183 damage_(false),
184 dtls_(dtls),
185 handshake_wait_(5000),
186 identities_set_(false) {
173 // Set use of the test RNG to get predictable loss patterns. 187 // Set use of the test RNG to get predictable loss patterns.
174 rtc::SetRandomTestMode(true); 188 rtc::SetRandomTestMode(true);
175 189
176 // Set up the slots 190 // Set up the slots
177 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); 191 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
178 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); 192 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
179 193
180 if (!client_cert_pem.empty() && !client_private_key_pem.empty()) { 194 if (!client_cert_pem.empty() && !client_private_key_pem.empty()) {
181 client_identity_ = rtc::SSLIdentity::FromPEMStrings( 195 client_identity_ = rtc::SSLIdentity::FromPEMStrings(
182 client_private_key_pem, client_cert_pem); 196 client_private_key_pem, client_cert_pem);
183 } else { 197 } else {
184 client_identity_ = rtc::SSLIdentity::Generate("client"); 198 client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type);
185 } 199 }
186 server_identity_ = rtc::SSLIdentity::Generate("server"); 200 server_identity_ = rtc::SSLIdentity::Generate("server", server_key_type);
187 201
188 client_ssl_->SetIdentity(client_identity_); 202 client_ssl_->SetIdentity(client_identity_);
189 server_ssl_->SetIdentity(server_identity_); 203 server_ssl_->SetIdentity(server_identity_);
190 } 204 }
191 205
192 ~SSLStreamAdapterTestBase() { 206 ~SSLStreamAdapterTestBase() {
193 // Put it back for the next test. 207 // Put it back for the next test.
194 rtc::SetRandomTestMode(false); 208 rtc::SetRandomTestMode(false);
195 } 209 }
196 210
197 // Recreate the client/server identities with the specified validity period. 211 // Recreate the client/server identities with the specified validity period.
198 // |not_before| and |not_after| are offsets from the current time in number 212 // |not_before| and |not_after| are offsets from the current time in number
199 // of seconds. 213 // of seconds.
200 void ResetIdentitiesWithValidity(int not_before, int not_after) { 214 void ResetIdentitiesWithValidity(int not_before, int not_after) {
201 client_stream_ = 215 client_stream_ =
202 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_); 216 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_);
203 server_stream_ = 217 server_stream_ =
204 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_); 218 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_);
205 219
206 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_)); 220 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
207 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_)); 221 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
208 222
209 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); 223 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
210 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); 224 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
211 225
212 rtc::SSLIdentityParams client_params; 226 rtc::SSLIdentityParams client_params;
213 client_params.common_name = "client"; 227 client_params.common_name = "client";
214 client_params.not_before = not_before; 228 client_params.not_before = not_before;
215 client_params.not_after = not_after; 229 client_params.not_after = not_after;
230 client_params.key_type = rtc::KT_DEFAULT;
216 client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params); 231 client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params);
217 232
218 rtc::SSLIdentityParams server_params; 233 rtc::SSLIdentityParams server_params;
219 server_params.common_name = "server"; 234 server_params.common_name = "server";
220 server_params.not_before = not_before; 235 server_params.not_before = not_before;
221 server_params.not_after = not_after; 236 server_params.not_after = not_after;
237 server_params.key_type = rtc::KT_DEFAULT;
222 server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params); 238 server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params);
223 239
224 client_ssl_->SetIdentity(client_identity_); 240 client_ssl_->SetIdentity(client_identity_);
225 server_ssl_->SetIdentity(server_identity_); 241 server_ssl_->SetIdentity(server_identity_);
226 } 242 }
227 243
228 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) { 244 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) {
229 LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig; 245 LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig;
230 246
231 if (sig & rtc::SE_READ) { 247 if (sig & rtc::SE_READ) {
(...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after
437 int delay_; 453 int delay_;
438 size_t mtu_; 454 size_t mtu_;
439 int loss_; 455 int loss_;
440 bool lose_first_packet_; 456 bool lose_first_packet_;
441 bool damage_; 457 bool damage_;
442 bool dtls_; 458 bool dtls_;
443 int handshake_wait_; 459 int handshake_wait_;
444 bool identities_set_; 460 bool identities_set_;
445 }; 461 };
446 462
447 class SSLStreamAdapterTestTLS : public SSLStreamAdapterTestBase { 463 class SSLStreamAdapterTestTLS
464 : public SSLStreamAdapterTestBase,
465 public WithParamInterface<tuple<rtc::KeyType, rtc::KeyType>> {
448 public: 466 public:
449 SSLStreamAdapterTestTLS() : 467 SSLStreamAdapterTestTLS()
450 SSLStreamAdapterTestBase("", "", false) { 468 : SSLStreamAdapterTestBase("",
451 }; 469 "",
470 false,
471 ::testing::get<0>(GetParam()),
472 ::testing::get<1>(GetParam())){};
452 473
453 // Test data transfer for TLS 474 // Test data transfer for TLS
454 virtual void TestTransfer(int size) { 475 virtual void TestTransfer(int size) {
455 LOG(LS_INFO) << "Starting transfer test with " << size << " bytes"; 476 LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";
456 // Create some dummy data to send. 477 // Create some dummy data to send.
457 size_t received; 478 size_t received;
458 479
459 send_stream_.ReserveSize(size); 480 send_stream_.ReserveSize(size);
460 for (int i = 0; i < size; ++i) { 481 for (int i = 0; i < size; ++i) {
461 char ch = static_cast<char>(i); 482 char ch = static_cast<char>(i);
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
540 561
541 recv_stream_.Write(buffer, bread, NULL, NULL); 562 recv_stream_.Write(buffer, bread, NULL, NULL);
542 } 563 }
543 } 564 }
544 565
545 private: 566 private:
546 rtc::MemoryStream send_stream_; 567 rtc::MemoryStream send_stream_;
547 rtc::MemoryStream recv_stream_; 568 rtc::MemoryStream recv_stream_;
548 }; 569 };
549 570
550 class SSLStreamAdapterTestDTLS : public SSLStreamAdapterTestBase { 571 class SSLStreamAdapterTestDTLS
572 : public SSLStreamAdapterTestBase,
573 public WithParamInterface<tuple<rtc::KeyType, rtc::KeyType>> {
551 public: 574 public:
552 SSLStreamAdapterTestDTLS() : 575 SSLStreamAdapterTestDTLS()
553 SSLStreamAdapterTestBase("", "", true), 576 : SSLStreamAdapterTestBase("",
554 packet_size_(1000), count_(0), sent_(0) { 577 "",
555 } 578 true,
579 ::testing::get<0>(GetParam()),
580 ::testing::get<1>(GetParam())),
581 packet_size_(1000),
582 count_(0),
583 sent_(0) {}
556 584
557 SSLStreamAdapterTestDTLS(const std::string& cert_pem, 585 SSLStreamAdapterTestDTLS(const std::string& cert_pem,
558 const std::string& private_key_pem) : 586 const std::string& private_key_pem) :
559 SSLStreamAdapterTestBase(cert_pem, private_key_pem, true), 587 SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),
560 packet_size_(1000), count_(0), sent_(0) { 588 packet_size_(1000), count_(0), sent_(0) {
561 } 589 }
562 590
563 virtual void WriteData() { 591 virtual void WriteData() {
564 unsigned char *packet = new unsigned char[1600]; 592 unsigned char *packet = new unsigned char[1600];
565 593
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
670 SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) { 698 SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {
671 } 699 }
672 }; 700 };
673 701
674 // Basic tests: TLS 702 // Basic tests: TLS
675 703
676 // Test that we cannot read/write if we have not yet handshaked. 704 // Test that we cannot read/write if we have not yet handshaked.
677 // This test only applies to NSS because OpenSSL has passthrough 705 // This test only applies to NSS because OpenSSL has passthrough
678 // semantics for I/O before the handshake is started. 706 // semantics for I/O before the handshake is started.
679 #if SSL_USE_NSS 707 #if SSL_USE_NSS
680 TEST_F(SSLStreamAdapterTestTLS, TestNoReadWriteBeforeConnect) { 708 TEST_P(SSLStreamAdapterTestTLS, TestNoReadWriteBeforeConnect) {
681 rtc::StreamResult rv; 709 rtc::StreamResult rv;
682 char block[kBlockSize]; 710 char block[kBlockSize];
683 size_t dummy; 711 size_t dummy;
684 712
685 rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL); 713 rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL);
686 ASSERT_EQ(rtc::SR_BLOCK, rv); 714 ASSERT_EQ(rtc::SR_BLOCK, rv);
687 715
688 rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL); 716 rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL);
689 ASSERT_EQ(rtc::SR_BLOCK, rv); 717 ASSERT_EQ(rtc::SR_BLOCK, rv);
690 } 718 }
691 #endif 719 #endif
692 720
693 721
694 // Test that we can make a handshake work 722 // Test that we can make a handshake work
695 TEST_F(SSLStreamAdapterTestTLS, TestTLSConnect) { 723 TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) {
696 TestHandshake(); 724 TestHandshake();
697 }; 725 };
698 726
699 // Test that closing the connection on one side updates the other side. 727 // Test that closing the connection on one side updates the other side.
700 TEST_F(SSLStreamAdapterTestTLS, TestTLSClose) { 728 TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) {
701 TestHandshake(); 729 TestHandshake();
702 client_ssl_->Close(); 730 client_ssl_->Close();
703 EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_); 731 EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);
704 }; 732 };
705 733
706 // Test transfer -- trivial 734 // Test transfer -- trivial
707 TEST_F(SSLStreamAdapterTestTLS, TestTLSTransfer) { 735 TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) {
708 TestHandshake(); 736 TestHandshake();
709 TestTransfer(100000); 737 TestTransfer(100000);
710 }; 738 };
711 739
712 // Test read-write after close. 740 // Test read-write after close.
713 TEST_F(SSLStreamAdapterTestTLS, ReadWriteAfterClose) { 741 TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
714 TestHandshake(); 742 TestHandshake();
715 TestTransfer(100000); 743 TestTransfer(100000);
716 client_ssl_->Close(); 744 client_ssl_->Close();
717 745
718 rtc::StreamResult rv; 746 rtc::StreamResult rv;
719 char block[kBlockSize]; 747 char block[kBlockSize];
720 size_t dummy; 748 size_t dummy;
721 749
722 // It's an error to write after closed. 750 // It's an error to write after closed.
723 rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL); 751 rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL);
724 ASSERT_EQ(rtc::SR_ERROR, rv); 752 ASSERT_EQ(rtc::SR_ERROR, rv);
725 753
726 // But after closed read gives you EOS. 754 // But after closed read gives you EOS.
727 rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL); 755 rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL);
728 ASSERT_EQ(rtc::SR_EOS, rv); 756 ASSERT_EQ(rtc::SR_EOS, rv);
729 }; 757 };
730 758
731 // Test a handshake with a bogus peer digest 759 // Test a handshake with a bogus peer digest
732 TEST_F(SSLStreamAdapterTestTLS, TestTLSBogusDigest) { 760 TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
733 SetPeerIdentitiesByDigest(false); 761 SetPeerIdentitiesByDigest(false);
734 TestHandshake(false); 762 TestHandshake(false);
735 }; 763 };
736 764
737 // Test moving a bunch of data 765 // Test moving a bunch of data
738 766
739 // Basic tests: DTLS 767 // Basic tests: DTLS
740 // Test that we can make a handshake work 768 // Test that we can make a handshake work
741 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSConnect) { 769 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
742 MAYBE_SKIP_TEST(HaveDtls); 770 MAYBE_SKIP_TEST(HaveDtls);
743 TestHandshake(); 771 TestHandshake();
744 }; 772 };
745 773
746 // Test that we can make a handshake work if the first packet in 774 // Test that we can make a handshake work if the first packet in
747 // each direction is lost. This gives us predictable loss 775 // each direction is lost. This gives us predictable loss
748 // rather than having to tune random 776 // rather than having to tune random
749 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { 777 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
750 MAYBE_SKIP_TEST(HaveDtls); 778 MAYBE_SKIP_TEST(HaveDtls);
751 SetLoseFirstPacket(true); 779 SetLoseFirstPacket(true);
752 TestHandshake(); 780 TestHandshake();
753 }; 781 };
754 782
755 // Test a handshake with loss and delay 783 // Test a handshake with loss and delay
756 TEST_F(SSLStreamAdapterTestDTLS, 784 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
757 TestDTLSConnectWithLostFirstPacketDelay2s) {
758 MAYBE_SKIP_TEST(HaveDtls); 785 MAYBE_SKIP_TEST(HaveDtls);
759 SetLoseFirstPacket(true); 786 SetLoseFirstPacket(true);
760 SetDelay(2000); 787 SetDelay(2000);
761 SetHandshakeWait(20000); 788 SetHandshakeWait(20000);
762 TestHandshake(); 789 TestHandshake();
763 }; 790 };
764 791
765 // Test a handshake with small MTU 792 // Test a handshake with small MTU
766 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 793 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
767 TEST_F(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { 794 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
768 MAYBE_SKIP_TEST(HaveDtls); 795 MAYBE_SKIP_TEST(HaveDtls);
769 SetMtu(700); 796 SetMtu(700);
770 SetHandshakeWait(20000); 797 SetHandshakeWait(20000);
771 TestHandshake(); 798 TestHandshake();
772 }; 799 };
773 800
774 // Test transfer -- trivial 801 // Test transfer -- trivial
775 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { 802 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
776 MAYBE_SKIP_TEST(HaveDtls); 803 MAYBE_SKIP_TEST(HaveDtls);
777 TestHandshake(); 804 TestHandshake();
778 TestTransfer(100); 805 TestTransfer(100);
779 }; 806 };
780 807
781 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { 808 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
782 MAYBE_SKIP_TEST(HaveDtls); 809 MAYBE_SKIP_TEST(HaveDtls);
783 TestHandshake(); 810 TestHandshake();
784 SetLoss(10); 811 SetLoss(10);
785 TestTransfer(100); 812 TestTransfer(100);
786 }; 813 };
787 814
788 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { 815 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
789 MAYBE_SKIP_TEST(HaveDtls); 816 MAYBE_SKIP_TEST(HaveDtls);
790 SetDamage(); // Must be called first because first packet 817 SetDamage(); // Must be called first because first packet
791 // write happens at end of handshake. 818 // write happens at end of handshake.
792 TestHandshake(); 819 TestHandshake();
793 TestTransfer(100); 820 TestTransfer(100);
794 }; 821 };
795 822
796 // Test DTLS-SRTP with all high ciphers 823 // Test DTLS-SRTP with all high ciphers
797 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { 824 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
798 MAYBE_SKIP_TEST(HaveDtlsSrtp); 825 MAYBE_SKIP_TEST(HaveDtlsSrtp);
799 std::vector<std::string> high; 826 std::vector<std::string> high;
800 high.push_back(kAES_CM_HMAC_SHA1_80); 827 high.push_back(kAES_CM_HMAC_SHA1_80);
801 SetDtlsSrtpCiphers(high, true); 828 SetDtlsSrtpCiphers(high, true);
802 SetDtlsSrtpCiphers(high, false); 829 SetDtlsSrtpCiphers(high, false);
803 TestHandshake(); 830 TestHandshake();
804 831
805 std::string client_cipher; 832 std::string client_cipher;
806 ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher)); 833 ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
807 std::string server_cipher; 834 std::string server_cipher;
808 ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher)); 835 ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
809 836
810 ASSERT_EQ(client_cipher, server_cipher); 837 ASSERT_EQ(client_cipher, server_cipher);
811 ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80); 838 ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
812 }; 839 };
813 840
814 // Test DTLS-SRTP with all low ciphers 841 // Test DTLS-SRTP with all low ciphers
815 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { 842 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
816 MAYBE_SKIP_TEST(HaveDtlsSrtp); 843 MAYBE_SKIP_TEST(HaveDtlsSrtp);
817 std::vector<std::string> low; 844 std::vector<std::string> low;
818 low.push_back(kAES_CM_HMAC_SHA1_32); 845 low.push_back(kAES_CM_HMAC_SHA1_32);
819 SetDtlsSrtpCiphers(low, true); 846 SetDtlsSrtpCiphers(low, true);
820 SetDtlsSrtpCiphers(low, false); 847 SetDtlsSrtpCiphers(low, false);
821 TestHandshake(); 848 TestHandshake();
822 849
823 std::string client_cipher; 850 std::string client_cipher;
824 ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher)); 851 ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
825 std::string server_cipher; 852 std::string server_cipher;
826 ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher)); 853 ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
827 854
828 ASSERT_EQ(client_cipher, server_cipher); 855 ASSERT_EQ(client_cipher, server_cipher);
829 ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_32); 856 ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_32);
830 }; 857 };
831 858
832 859
833 // Test DTLS-SRTP with a mismatch -- should not converge 860 // Test DTLS-SRTP with a mismatch -- should not converge
834 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { 861 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
835 MAYBE_SKIP_TEST(HaveDtlsSrtp); 862 MAYBE_SKIP_TEST(HaveDtlsSrtp);
836 std::vector<std::string> high; 863 std::vector<std::string> high;
837 high.push_back(kAES_CM_HMAC_SHA1_80); 864 high.push_back(kAES_CM_HMAC_SHA1_80);
838 std::vector<std::string> low; 865 std::vector<std::string> low;
839 low.push_back(kAES_CM_HMAC_SHA1_32); 866 low.push_back(kAES_CM_HMAC_SHA1_32);
840 SetDtlsSrtpCiphers(high, true); 867 SetDtlsSrtpCiphers(high, true);
841 SetDtlsSrtpCiphers(low, false); 868 SetDtlsSrtpCiphers(low, false);
842 TestHandshake(); 869 TestHandshake();
843 870
844 std::string client_cipher; 871 std::string client_cipher;
845 ASSERT_FALSE(GetDtlsSrtpCipher(true, &client_cipher)); 872 ASSERT_FALSE(GetDtlsSrtpCipher(true, &client_cipher));
846 std::string server_cipher; 873 std::string server_cipher;
847 ASSERT_FALSE(GetDtlsSrtpCipher(false, &server_cipher)); 874 ASSERT_FALSE(GetDtlsSrtpCipher(false, &server_cipher));
848 }; 875 };
849 876
850 // Test DTLS-SRTP with each side being mixed -- should select high 877 // Test DTLS-SRTP with each side being mixed -- should select high
851 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { 878 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
852 MAYBE_SKIP_TEST(HaveDtlsSrtp); 879 MAYBE_SKIP_TEST(HaveDtlsSrtp);
853 std::vector<std::string> mixed; 880 std::vector<std::string> mixed;
854 mixed.push_back(kAES_CM_HMAC_SHA1_80); 881 mixed.push_back(kAES_CM_HMAC_SHA1_80);
855 mixed.push_back(kAES_CM_HMAC_SHA1_32); 882 mixed.push_back(kAES_CM_HMAC_SHA1_32);
856 SetDtlsSrtpCiphers(mixed, true); 883 SetDtlsSrtpCiphers(mixed, true);
857 SetDtlsSrtpCiphers(mixed, false); 884 SetDtlsSrtpCiphers(mixed, false);
858 TestHandshake(); 885 TestHandshake();
859 886
860 std::string client_cipher; 887 std::string client_cipher;
861 ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher)); 888 ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
862 std::string server_cipher; 889 std::string server_cipher;
863 ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher)); 890 ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
864 891
865 ASSERT_EQ(client_cipher, server_cipher); 892 ASSERT_EQ(client_cipher, server_cipher);
866 ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80); 893 ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
867 }; 894 };
868 895
869 // Test an exporter 896 // Test an exporter
870 TEST_F(SSLStreamAdapterTestDTLS, TestDTLSExporter) { 897 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
871 MAYBE_SKIP_TEST(HaveExporter); 898 MAYBE_SKIP_TEST(HaveExporter);
872 TestHandshake(); 899 TestHandshake();
873 unsigned char client_out[20]; 900 unsigned char client_out[20];
874 unsigned char server_out[20]; 901 unsigned char server_out[20];
875 902
876 bool result; 903 bool result;
877 result = ExportKeyingMaterial(kExporterLabel, 904 result = ExportKeyingMaterial(kExporterLabel,
878 kExporterContext, kExporterContextLen, 905 kExporterContext, kExporterContextLen,
879 true, true, 906 true, true,
880 client_out, sizeof(client_out)); 907 client_out, sizeof(client_out));
881 ASSERT_TRUE(result); 908 ASSERT_TRUE(result);
882 909
883 result = ExportKeyingMaterial(kExporterLabel, 910 result = ExportKeyingMaterial(kExporterLabel,
884 kExporterContext, kExporterContextLen, 911 kExporterContext, kExporterContextLen,
885 true, false, 912 true, false,
886 server_out, sizeof(server_out)); 913 server_out, sizeof(server_out));
887 ASSERT_TRUE(result); 914 ASSERT_TRUE(result);
888 915
889 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); 916 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));
890 } 917 }
891 918
892 // Test not yet valid certificates are not rejected. 919 // Test not yet valid certificates are not rejected.
893 TEST_F(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { 920 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
894 MAYBE_SKIP_TEST(HaveDtls); 921 MAYBE_SKIP_TEST(HaveDtls);
895 long one_day = 60 * 60 * 24; 922 long one_day = 60 * 60 * 24;
896 // Make the certificates not valid until one day later. 923 // Make the certificates not valid until one day later.
897 ResetIdentitiesWithValidity(one_day, one_day); 924 ResetIdentitiesWithValidity(one_day, one_day);
898 TestHandshake(); 925 TestHandshake();
899 } 926 }
900 927
901 // Test expired certificates are not rejected. 928 // Test expired certificates are not rejected.
902 TEST_F(SSLStreamAdapterTestDTLS, TestCertExpired) { 929 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
903 MAYBE_SKIP_TEST(HaveDtls); 930 MAYBE_SKIP_TEST(HaveDtls);
904 long one_day = 60 * 60 * 24; 931 long one_day = 60 * 60 * 24;
905 // Make the certificates already expired. 932 // Make the certificates already expired.
906 ResetIdentitiesWithValidity(-one_day, -one_day); 933 ResetIdentitiesWithValidity(-one_day, -one_day);
907 TestHandshake(); 934 TestHandshake();
908 } 935 }
909 936
910 // Test data transfer using certs created from strings. 937 // Test data transfer using certs created from strings.
911 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { 938 TEST_P(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
912 MAYBE_SKIP_TEST(HaveDtls); 939 MAYBE_SKIP_TEST(HaveDtls);
913 TestHandshake(); 940 TestHandshake();
914 TestTransfer(100); 941 TestTransfer(100);
915 } 942 }
916 943
917 // Test getting the remote certificate. 944 // Test getting the remote certificate.
918 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { 945 TEST_P(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
919 MAYBE_SKIP_TEST(HaveDtls); 946 MAYBE_SKIP_TEST(HaveDtls);
920 947
921 // Peer certificates haven't been received yet. 948 // Peer certificates haven't been received yet.
922 rtc::scoped_ptr<rtc::SSLCertificate> client_peer_cert; 949 rtc::scoped_ptr<rtc::SSLCertificate> client_peer_cert;
923 ASSERT_FALSE(GetPeerCertificate(true, client_peer_cert.accept())); 950 ASSERT_FALSE(GetPeerCertificate(true, client_peer_cert.accept()));
924 ASSERT_FALSE(client_peer_cert != NULL); 951 ASSERT_FALSE(client_peer_cert != NULL);
925 952
926 rtc::scoped_ptr<rtc::SSLCertificate> server_peer_cert; 953 rtc::scoped_ptr<rtc::SSLCertificate> server_peer_cert;
927 ASSERT_FALSE(GetPeerCertificate(false, server_peer_cert.accept())); 954 ASSERT_FALSE(GetPeerCertificate(false, server_peer_cert.accept()));
928 ASSERT_FALSE(server_peer_cert != NULL); 955 ASSERT_FALSE(server_peer_cert != NULL);
(...skipping 19 matching lines...) Expand all
948 // It's kCERT_PEM 975 // It's kCERT_PEM
949 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); 976 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
950 977
951 // It must not have a chain, because the test certs are self-signed. 978 // It must not have a chain, because the test certs are self-signed.
952 rtc::SSLCertChain* server_peer_chain; 979 rtc::SSLCertChain* server_peer_chain;
953 ASSERT_FALSE(server_peer_cert->GetChain(&server_peer_chain)); 980 ASSERT_FALSE(server_peer_cert->GetChain(&server_peer_chain));
954 } 981 }
955 982
956 // Test getting the used DTLS ciphers. 983 // Test getting the used DTLS ciphers.
957 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. 984 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
958 TEST_F(SSLStreamAdapterTestDTLS, TestGetSslCipher) { 985 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipher) {
959 MAYBE_SKIP_TEST(HaveDtls); 986 MAYBE_SKIP_TEST(HaveDtls);
960 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); 987 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
961 TestHandshake(); 988 TestHandshake();
962 989
963 std::string client_cipher; 990 std::string client_cipher;
964 ASSERT_TRUE(GetSslCipher(true, &client_cipher)); 991 ASSERT_TRUE(GetSslCipher(true, &client_cipher));
965 std::string server_cipher; 992 std::string server_cipher;
966 ASSERT_TRUE(GetSslCipher(false, &server_cipher)); 993 ASSERT_TRUE(GetSslCipher(false, &server_cipher));
967 994
968 ASSERT_EQ(client_cipher, server_cipher); 995 ASSERT_EQ(client_cipher, server_cipher);
969 ASSERT_EQ( 996 ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipher(
970 rtc::SSLStreamAdapter::GetDefaultSslCipher(rtc::SSL_PROTOCOL_DTLS_10), 997 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())),
juberti1 2015/07/03 03:15:19 Isn't <1> the server_key_type? You are using it wh
torbjorng (webrtc) 2015/07/06 10:11:55 Indeed confusing. Now we compare to server_cipher
971 client_cipher); 998 client_cipher);
972 } 999 }
973 1000
974 // Test getting the used DTLS 1.2 ciphers. 1001 // Test getting the used DTLS 1.2 ciphers.
975 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. 1002 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
976 TEST_F(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Both) { 1003 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Both) {
977 MAYBE_SKIP_TEST(HaveDtls); 1004 MAYBE_SKIP_TEST(HaveDtls);
978 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); 1005 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
979 TestHandshake(); 1006 TestHandshake();
980 1007
981 std::string client_cipher; 1008 std::string client_cipher;
982 ASSERT_TRUE(GetSslCipher(true, &client_cipher)); 1009 ASSERT_TRUE(GetSslCipher(true, &client_cipher));
983 std::string server_cipher; 1010 std::string server_cipher;
984 ASSERT_TRUE(GetSslCipher(false, &server_cipher)); 1011 ASSERT_TRUE(GetSslCipher(false, &server_cipher));
985 1012
986 ASSERT_EQ(client_cipher, server_cipher); 1013 ASSERT_EQ(client_cipher, server_cipher);
987 ASSERT_EQ( 1014 ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipher(
988 rtc::SSLStreamAdapter::GetDefaultSslCipher(rtc::SSL_PROTOCOL_DTLS_12), 1015 rtc::SSL_PROTOCOL_DTLS_12, ::testing::get<1>(GetParam())),
989 client_cipher); 1016 client_cipher);
990 } 1017 }
991 1018
992 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. 1019 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
993 TEST_F(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Client) { 1020 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Client) {
994 MAYBE_SKIP_TEST(HaveDtls); 1021 MAYBE_SKIP_TEST(HaveDtls);
995 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); 1022 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
996 TestHandshake(); 1023 TestHandshake();
997 1024
998 std::string client_cipher; 1025 std::string client_cipher;
999 ASSERT_TRUE(GetSslCipher(true, &client_cipher)); 1026 ASSERT_TRUE(GetSslCipher(true, &client_cipher));
1000 std::string server_cipher; 1027 std::string server_cipher;
1001 ASSERT_TRUE(GetSslCipher(false, &server_cipher)); 1028 ASSERT_TRUE(GetSslCipher(false, &server_cipher));
1002 1029
1003 ASSERT_EQ(client_cipher, server_cipher); 1030 ASSERT_EQ(client_cipher, server_cipher);
1004 ASSERT_EQ( 1031 ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipher(
1005 rtc::SSLStreamAdapter::GetDefaultSslCipher(rtc::SSL_PROTOCOL_DTLS_10), 1032 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())),
1006 client_cipher); 1033 client_cipher);
1007 } 1034 }
1008 1035
1009 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. 1036 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
1010 TEST_F(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Server) { 1037 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherDtls12Server) {
1011 MAYBE_SKIP_TEST(HaveDtls); 1038 MAYBE_SKIP_TEST(HaveDtls);
1012 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); 1039 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
1013 TestHandshake(); 1040 TestHandshake();
1014 1041
1015 std::string client_cipher; 1042 std::string client_cipher;
1016 ASSERT_TRUE(GetSslCipher(true, &client_cipher)); 1043 ASSERT_TRUE(GetSslCipher(true, &client_cipher));
1017 std::string server_cipher; 1044 std::string server_cipher;
1018 ASSERT_TRUE(GetSslCipher(false, &server_cipher)); 1045 ASSERT_TRUE(GetSslCipher(false, &server_cipher));
1019 1046
1020 ASSERT_EQ(client_cipher, server_cipher); 1047 ASSERT_EQ(client_cipher, server_cipher);
1021 ASSERT_EQ( 1048 ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipher(
1022 rtc::SSLStreamAdapter::GetDefaultSslCipher(rtc::SSL_PROTOCOL_DTLS_10), 1049 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())),
1023 client_cipher); 1050 client_cipher);
1024 } 1051 }
1052
1053 INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsTLS,
1054 SSLStreamAdapterTestTLS,
1055 Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA),
1056 Values(rtc::KT_RSA, rtc::KT_ECDSA)));
1057 INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsDTLS,
1058 SSLStreamAdapterTestDTLS,
1059 Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA),
1060 Values(rtc::KT_RSA, rtc::KT_ECDSA)));
OLDNEW
« webrtc/base/sslstreamadapter.h ('K') | « webrtc/base/sslstreamadapter.cc ('k') | webrtc/p2p/base/dtlstransportchannel_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698