Chromium Code Reviews Chromium Code Reviews
Issue 1329493005:
Provide RSA2048 as per RFC (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 154 rtc::FifoBuffer *in_; | 154 rtc::FifoBuffer *in_; |
| 155 rtc::FifoBuffer *out_; | 155 rtc::FifoBuffer *out_; |
| 156 bool first_packet_; | 156 bool first_packet_; |
| 157 }; | 157 }; |
| 158 | 158 |
| 159 static const int kFifoBufferSize = 4096; | 159 static const int kFifoBufferSize = 4096; |
| 160 | 160 |
| 161 class SSLStreamAdapterTestBase : public testing::Test, | 161 class SSLStreamAdapterTestBase : public testing::Test, |
| 162 public sigslot::has_slots<> { | 162 public sigslot::has_slots<> { |
| 163 public: | 163 public: |
| 164 SSLStreamAdapterTestBase(const std::string& client_cert_pem, | 164 SSLStreamAdapterTestBase( |
| 165 const std::string& client_private_key_pem, | 165 const std::string& client_cert_pem, |
| 166 bool dtls, | 166 const std::string& client_private_key_pem, |
| 167 rtc::KeyType client_key_type = rtc::KT_DEFAULT, | 167 bool dtls, |
| 168 rtc::KeyType server_key_type = rtc::KT_DEFAULT) | 168 rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT), |
| 169 rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT)) | |
| 169 : client_buffer_(kFifoBufferSize), | 170 : client_buffer_(kFifoBufferSize), |
| 170 server_buffer_(kFifoBufferSize), | 171 server_buffer_(kFifoBufferSize), |
| 171 client_stream_( | 172 client_stream_( |
| 172 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_)), | 173 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_)), |
| 173 server_stream_( | 174 server_stream_( |
| 174 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_)), | 175 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_)), |
| 175 client_ssl_(rtc::SSLStreamAdapter::Create(client_stream_)), | 176 client_ssl_(rtc::SSLStreamAdapter::Create(client_stream_)), |
| 176 server_ssl_(rtc::SSLStreamAdapter::Create(server_stream_)), | 177 server_ssl_(rtc::SSLStreamAdapter::Create(server_stream_)), |
| 177 client_identity_(NULL), | 178 client_identity_(NULL), |
| 178 server_identity_(NULL), | 179 server_identity_(NULL), |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 216 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_); | 217 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_); |
| 217 server_stream_ = | 218 server_stream_ = |
| 218 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_); | 219 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_); |
| 219 | 220 |
| 220 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_)); | 221 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_)); |
| 221 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_)); | 222 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_)); |
| 222 | 223 |
| 223 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); | 224 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 224 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); | 225 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 225 | 226 |
| 226 rtc::SSLIdentityParams client_params; | 227 rtc::SSLIdentityParams client_params((rtc::KeyParams(rtc::KT_DEFAULT))); |
|
juberti
2015/10/07 06:35:23
Remove extra parens, here and below
torbjorng (webrtc)
2015/10/07 13:30:04
The extra parens are required; these variable decl
| |
| 227 client_params.common_name = "client"; | 228 client_params.common_name = "client"; |
| 228 client_params.not_before = not_before; | 229 client_params.not_before = not_before; |
| 229 client_params.not_after = not_after; | 230 client_params.not_after = not_after; |
| 230 client_params.key_type = rtc::KT_DEFAULT; | |
| 231 client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params); | 231 client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params); |
| 232 | 232 |
| 233 rtc::SSLIdentityParams server_params; | 233 rtc::SSLIdentityParams server_params((rtc::KeyParams(rtc::KT_DEFAULT))); |
| 234 server_params.common_name = "server"; | 234 server_params.common_name = "server"; |
| 235 server_params.not_before = not_before; | 235 server_params.not_before = not_before; |
| 236 server_params.not_after = not_after; | 236 server_params.not_after = not_after; |
| 237 server_params.key_type = rtc::KT_DEFAULT; | |
| 238 server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params); | 237 server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params); |
| 239 | 238 |
| 240 client_ssl_->SetIdentity(client_identity_); | 239 client_ssl_->SetIdentity(client_identity_); |
| 241 server_ssl_->SetIdentity(server_identity_); | 240 server_ssl_->SetIdentity(server_identity_); |
| 242 } | 241 } |
| 243 | 242 |
| 244 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) { | 243 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) { |
| 245 LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig; | 244 LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig; |
| 246 | 245 |
| 247 if (sig & rtc::SE_READ) { | 246 if (sig & rtc::SE_READ) { |
| (...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 455 int loss_; | 454 int loss_; |
| 456 bool lose_first_packet_; | 455 bool lose_first_packet_; |
| 457 bool damage_; | 456 bool damage_; |
| 458 bool dtls_; | 457 bool dtls_; |
| 459 int handshake_wait_; | 458 int handshake_wait_; |
| 460 bool identities_set_; | 459 bool identities_set_; |
| 461 }; | 460 }; |
| 462 | 461 |
| 463 class SSLStreamAdapterTestTLS | 462 class SSLStreamAdapterTestTLS |
| 464 : public SSLStreamAdapterTestBase, | 463 : public SSLStreamAdapterTestBase, |
| 465 public WithParamInterface<tuple<rtc::KeyType, rtc::KeyType>> { | 464 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> { |
| 466 public: | 465 public: |
| 467 SSLStreamAdapterTestTLS() | 466 SSLStreamAdapterTestTLS() |
| 468 : SSLStreamAdapterTestBase("", | 467 : SSLStreamAdapterTestBase("", |
| 469 "", | 468 "", |
| 470 false, | 469 false, |
| 471 ::testing::get<0>(GetParam()), | 470 ::testing::get<0>(GetParam()), |
| 472 ::testing::get<1>(GetParam())){}; | 471 ::testing::get<1>(GetParam())){}; |
| 473 | 472 |
| 474 // Test data transfer for TLS | 473 // Test data transfer for TLS |
| 475 virtual void TestTransfer(int size) { | 474 virtual void TestTransfer(int size) { |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 563 } | 562 } |
| 564 } | 563 } |
| 565 | 564 |
| 566 private: | 565 private: |
| 567 rtc::MemoryStream send_stream_; | 566 rtc::MemoryStream send_stream_; |
| 568 rtc::MemoryStream recv_stream_; | 567 rtc::MemoryStream recv_stream_; |
| 569 }; | 568 }; |
| 570 | 569 |
| 571 class SSLStreamAdapterTestDTLS | 570 class SSLStreamAdapterTestDTLS |
| 572 : public SSLStreamAdapterTestBase, | 571 : public SSLStreamAdapterTestBase, |
| 573 public WithParamInterface<tuple<rtc::KeyType, rtc::KeyType>> { | 572 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> { |
| 574 public: | 573 public: |
| 575 SSLStreamAdapterTestDTLS() | 574 SSLStreamAdapterTestDTLS() |
| 576 : SSLStreamAdapterTestBase("", | 575 : SSLStreamAdapterTestBase("", |
| 577 "", | 576 "", |
| 578 true, | 577 true, |
| 579 ::testing::get<0>(GetParam()), | 578 ::testing::get<0>(GetParam()), |
| 580 ::testing::get<1>(GetParam())), | 579 ::testing::get<1>(GetParam())), |
| 581 packet_size_(1000), | 580 packet_size_(1000), |
| 582 count_(0), | 581 count_(0), |
| 583 sent_(0) {} | 582 sent_(0) {} |
| (...skipping 387 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 971 MAYBE_SKIP_TEST(HaveDtls); | 970 MAYBE_SKIP_TEST(HaveDtls); |
| 972 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); | 971 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 973 TestHandshake(); | 972 TestHandshake(); |
| 974 | 973 |
| 975 uint16_t client_cipher; | 974 uint16_t client_cipher; |
| 976 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 975 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 977 uint16_t server_cipher; | 976 uint16_t server_cipher; |
| 978 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 977 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 979 | 978 |
| 980 ASSERT_EQ(client_cipher, server_cipher); | 979 ASSERT_EQ(client_cipher, server_cipher); |
| 981 ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( | 980 ASSERT_EQ( |
| 982 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())), | 981 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( |
| 983 server_cipher); | 982 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()), |
| 983 server_cipher); | |
| 984 } | 984 } |
| 985 | 985 |
| 986 // Test getting the used DTLS 1.2 ciphers. | 986 // Test getting the used DTLS 1.2 ciphers. |
| 987 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. | 987 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. |
| 988 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { | 988 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { |
| 989 MAYBE_SKIP_TEST(HaveDtls); | 989 MAYBE_SKIP_TEST(HaveDtls); |
| 990 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); | 990 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
| 991 TestHandshake(); | 991 TestHandshake(); |
| 992 | 992 |
| 993 uint16_t client_cipher; | 993 uint16_t client_cipher; |
| 994 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 994 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 995 uint16_t server_cipher; | 995 uint16_t server_cipher; |
| 996 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 996 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 997 | 997 |
| 998 ASSERT_EQ(client_cipher, server_cipher); | 998 ASSERT_EQ(client_cipher, server_cipher); |
| 999 ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( | 999 ASSERT_EQ( |
| 1000 rtc::SSL_PROTOCOL_DTLS_12, ::testing::get<1>(GetParam())), | 1000 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( |
| 1001 server_cipher); | 1001 rtc::SSL_PROTOCOL_DTLS_12, ::testing::get<1>(GetParam()).type()), |
| 1002 server_cipher); | |
| 1002 } | 1003 } |
| 1003 | 1004 |
| 1004 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. | 1005 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. |
| 1005 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { | 1006 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { |
| 1006 MAYBE_SKIP_TEST(HaveDtls); | 1007 MAYBE_SKIP_TEST(HaveDtls); |
| 1007 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); | 1008 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); |
| 1008 TestHandshake(); | 1009 TestHandshake(); |
| 1009 | 1010 |
| 1010 uint16_t client_cipher; | 1011 uint16_t client_cipher; |
| 1011 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1012 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1012 uint16_t server_cipher; | 1013 uint16_t server_cipher; |
| 1013 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1014 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1014 | 1015 |
| 1015 ASSERT_EQ(client_cipher, server_cipher); | 1016 ASSERT_EQ(client_cipher, server_cipher); |
| 1016 ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( | 1017 ASSERT_EQ( |
| 1017 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())), | 1018 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( |
| 1018 server_cipher); | 1019 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()), |
| 1020 server_cipher); | |
| 1019 } | 1021 } |
| 1020 | 1022 |
| 1021 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. | 1023 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. |
| 1022 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { | 1024 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { |
| 1023 MAYBE_SKIP_TEST(HaveDtls); | 1025 MAYBE_SKIP_TEST(HaveDtls); |
| 1024 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); | 1026 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); |
| 1025 TestHandshake(); | 1027 TestHandshake(); |
| 1026 | 1028 |
| 1027 uint16_t client_cipher; | 1029 uint16_t client_cipher; |
| 1028 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1030 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1029 uint16_t server_cipher; | 1031 uint16_t server_cipher; |
| 1030 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1032 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1031 | 1033 |
| 1032 ASSERT_EQ(client_cipher, server_cipher); | 1034 ASSERT_EQ(client_cipher, server_cipher); |
| 1033 ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( | 1035 ASSERT_EQ( |
| 1034 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())), | 1036 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( |
| 1035 server_cipher); | 1037 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()), |
| 1038 server_cipher); | |
| 1036 } | 1039 } |
| 1037 | 1040 |
| 1038 INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsTLS, | 1041 // The RSA keysizes here might look strange, why not include the RFC's size |
| 1039 SSLStreamAdapterTestTLS, | 1042 // 2048?. The reason is test case slowness; testing two sizes to exercise |
| 1040 Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA), | 1043 // parametrization is sufficient. |
| 1041 Values(rtc::KT_RSA, rtc::KT_ECDSA))); | 1044 INSTANTIATE_TEST_CASE_P( |
| 1042 INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsDTLS, | 1045 SSLStreamAdapterTestsTLS, |
| 1043 SSLStreamAdapterTestDTLS, | 1046 SSLStreamAdapterTestTLS, |
| 1044 Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA), | 1047 Combine(Values(rtc::KeyParams::RSA(1024, 65537), |
| 1045 Values(rtc::KT_RSA, rtc::KT_ECDSA))); | 1048 rtc::KeyParams::RSA(1152, 65537), |
| 1049 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), | |
| 1050 Values(rtc::KeyParams::RSA(1024, 65537), | |
| 1051 rtc::KeyParams::RSA(1152, 65537), | |
| 1052 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | |
| 1053 INSTANTIATE_TEST_CASE_P( | |
| 1054 SSLStreamAdapterTestsDTLS, | |
| 1055 SSLStreamAdapterTestDTLS, | |
| 1056 Combine(Values(rtc::KeyParams::RSA(1024, 65537), | |
| 1057 rtc::KeyParams::RSA(1152, 65537), | |
| 1058 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), | |
| 1059 Values(rtc::KeyParams::RSA(1024, 65537), | |
| 1060 rtc::KeyParams::RSA(1152, 65537), | |
| 1061 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | |
| OLD | NEW |
