OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 10 matching lines...) Expand all Loading... |
21 #include "webrtc/base/sslidentity.h" | 21 #include "webrtc/base/sslidentity.h" |
22 #include "webrtc/base/sslstreamadapter.h" | 22 #include "webrtc/base/sslstreamadapter.h" |
23 #include "webrtc/base/stringutils.h" | 23 #include "webrtc/base/stringutils.h" |
24 | 24 |
25 #define MAYBE_SKIP_TEST(feature) \ | 25 #define MAYBE_SKIP_TEST(feature) \ |
26 if (!(rtc::SSLStreamAdapter::feature())) { \ | 26 if (!(rtc::SSLStreamAdapter::feature())) { \ |
27 LOG(LS_INFO) << "Feature disabled... skipping"; \ | 27 LOG(LS_INFO) << "Feature disabled... skipping"; \ |
28 return; \ | 28 return; \ |
29 } | 29 } |
30 | 30 |
| 31 static const char AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80"; |
31 static const char kIceUfrag1[] = "TESTICEUFRAG0001"; | 32 static const char kIceUfrag1[] = "TESTICEUFRAG0001"; |
32 static const char kIcePwd1[] = "TESTICEPWD00000000000001"; | 33 static const char kIcePwd1[] = "TESTICEPWD00000000000001"; |
33 static const size_t kPacketNumOffset = 8; | 34 static const size_t kPacketNumOffset = 8; |
34 static const size_t kPacketHeaderLen = 12; | 35 static const size_t kPacketHeaderLen = 12; |
35 static const int kFakePacketId = 0x1234; | 36 static const int kFakePacketId = 0x1234; |
36 | 37 |
37 static bool IsRtpLeadByte(uint8_t b) { | 38 static bool IsRtpLeadByte(uint8_t b) { |
38 return ((b & 0xC0) == 0x80); | 39 return ((b & 0xC0) == 0x80); |
39 } | 40 } |
40 | 41 |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
142 remote_fingerprint.reset(rtc::SSLFingerprint::Create( | 143 remote_fingerprint.reset(rtc::SSLFingerprint::Create( |
143 digest_algorithm, remote_cert->identity())); | 144 digest_algorithm, remote_cert->identity())); |
144 ASSERT_TRUE(remote_fingerprint.get() != NULL); | 145 ASSERT_TRUE(remote_fingerprint.get() != NULL); |
145 EXPECT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); | 146 EXPECT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); |
146 } | 147 } |
147 | 148 |
148 if (use_dtls_srtp_ && !(flags & NF_REOFFER)) { | 149 if (use_dtls_srtp_ && !(flags & NF_REOFFER)) { |
149 // SRTP ciphers will be set only in the beginning. | 150 // SRTP ciphers will be set only in the beginning. |
150 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = | 151 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = |
151 channels_.begin(); it != channels_.end(); ++it) { | 152 channels_.begin(); it != channels_.end(); ++it) { |
152 std::vector<int> ciphers; | 153 std::vector<std::string> ciphers; |
153 ciphers.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 154 ciphers.push_back(AES_CM_128_HMAC_SHA1_80); |
154 ASSERT_TRUE((*it)->SetSrtpCryptoSuites(ciphers)); | 155 ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers)); |
155 } | 156 } |
156 } | 157 } |
157 | 158 |
158 cricket::TransportDescription local_desc( | 159 cricket::TransportDescription local_desc( |
159 std::vector<std::string>(), kIceUfrag1, kIcePwd1, cricket::ICEMODE_FULL, | 160 std::vector<std::string>(), kIceUfrag1, kIcePwd1, cricket::ICEMODE_FULL, |
160 local_role, | 161 local_role, |
161 // If remote if the offerer and has no DTLS support, answer will be | 162 // If remote if the offerer and has no DTLS support, answer will be |
162 // without any fingerprint. | 163 // without any fingerprint. |
163 (action == cricket::CA_ANSWER && !remote_cert) | 164 (action == cricket::CA_ANSWER && !remote_cert) |
164 ? nullptr | 165 ? nullptr |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
207 void CheckRole(rtc::SSLRole role) { | 208 void CheckRole(rtc::SSLRole role) { |
208 if (role == rtc::SSL_CLIENT) { | 209 if (role == rtc::SSL_CLIENT) { |
209 ASSERT_FALSE(received_dtls_client_hello_); | 210 ASSERT_FALSE(received_dtls_client_hello_); |
210 ASSERT_TRUE(received_dtls_server_hello_); | 211 ASSERT_TRUE(received_dtls_server_hello_); |
211 } else { | 212 } else { |
212 ASSERT_TRUE(received_dtls_client_hello_); | 213 ASSERT_TRUE(received_dtls_client_hello_); |
213 ASSERT_FALSE(received_dtls_server_hello_); | 214 ASSERT_FALSE(received_dtls_server_hello_); |
214 } | 215 } |
215 } | 216 } |
216 | 217 |
217 void CheckSrtp(int expected_crypto_suite) { | 218 void CheckSrtp(const std::string& expected_cipher) { |
218 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = | 219 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = |
219 channels_.begin(); it != channels_.end(); ++it) { | 220 channels_.begin(); it != channels_.end(); ++it) { |
220 int crypto_suite; | 221 std::string cipher; |
221 | 222 |
222 bool rv = (*it)->GetSrtpCryptoSuite(&crypto_suite); | 223 bool rv = (*it)->GetSrtpCryptoSuite(&cipher); |
223 if (negotiated_dtls_ && expected_crypto_suite) { | 224 if (negotiated_dtls_ && !expected_cipher.empty()) { |
224 ASSERT_TRUE(rv); | 225 ASSERT_TRUE(rv); |
225 | 226 |
226 ASSERT_EQ(crypto_suite, expected_crypto_suite); | 227 ASSERT_EQ(cipher, expected_cipher); |
227 } else { | 228 } else { |
228 ASSERT_FALSE(rv); | 229 ASSERT_FALSE(rv); |
229 } | 230 } |
230 } | 231 } |
231 } | 232 } |
232 | 233 |
233 void CheckSsl(int expected_cipher) { | 234 void CheckSsl(int expected_cipher) { |
234 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = | 235 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = |
235 channels_.begin(); it != channels_.end(); ++it) { | 236 channels_.begin(); it != channels_.end(); ++it) { |
236 int cipher; | 237 int cipher; |
(...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
461 (client1_role == cricket::CONNECTIONROLE_PASSIVE && | 462 (client1_role == cricket::CONNECTIONROLE_PASSIVE && |
462 client2_role == cricket::CONNECTIONROLE_ACTPASS)) ? | 463 client2_role == cricket::CONNECTIONROLE_ACTPASS)) ? |
463 rtc::SSL_CLIENT : rtc::SSL_SERVER; | 464 rtc::SSL_CLIENT : rtc::SSL_SERVER; |
464 | 465 |
465 client1_.CheckRole(client1_ssl_role); | 466 client1_.CheckRole(client1_ssl_role); |
466 client2_.CheckRole(client2_ssl_role); | 467 client2_.CheckRole(client2_ssl_role); |
467 } | 468 } |
468 | 469 |
469 // Check that we negotiated the right ciphers. | 470 // Check that we negotiated the right ciphers. |
470 if (use_dtls_srtp_) { | 471 if (use_dtls_srtp_) { |
471 client1_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80); | 472 client1_.CheckSrtp(AES_CM_128_HMAC_SHA1_80); |
472 client2_.CheckSrtp(rtc::SRTP_AES128_CM_SHA1_80); | 473 client2_.CheckSrtp(AES_CM_128_HMAC_SHA1_80); |
473 } else { | 474 } else { |
474 client1_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE); | 475 client1_.CheckSrtp(""); |
475 client2_.CheckSrtp(rtc::SRTP_INVALID_CRYPTO_SUITE); | 476 client2_.CheckSrtp(""); |
476 } | 477 } |
477 client1_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( | 478 client1_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( |
478 ssl_expected_version_, rtc::KT_DEFAULT)); | 479 ssl_expected_version_, rtc::KT_DEFAULT)); |
479 client2_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( | 480 client2_.CheckSsl(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( |
480 ssl_expected_version_, rtc::KT_DEFAULT)); | 481 ssl_expected_version_, rtc::KT_DEFAULT)); |
481 | 482 |
482 return true; | 483 return true; |
483 } | 484 } |
484 | 485 |
485 bool Connect() { | 486 bool Connect() { |
(...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
884 // Each side's remote certificate is the other side's local certificate. | 885 // Each side's remote certificate is the other side's local certificate. |
885 ASSERT_TRUE( | 886 ASSERT_TRUE( |
886 client1_.transport()->GetRemoteSSLCertificate(remote_cert1.accept())); | 887 client1_.transport()->GetRemoteSSLCertificate(remote_cert1.accept())); |
887 ASSERT_EQ(remote_cert1->ToPEMString(), | 888 ASSERT_EQ(remote_cert1->ToPEMString(), |
888 certificate2->ssl_certificate().ToPEMString()); | 889 certificate2->ssl_certificate().ToPEMString()); |
889 ASSERT_TRUE( | 890 ASSERT_TRUE( |
890 client2_.transport()->GetRemoteSSLCertificate(remote_cert2.accept())); | 891 client2_.transport()->GetRemoteSSLCertificate(remote_cert2.accept())); |
891 ASSERT_EQ(remote_cert2->ToPEMString(), | 892 ASSERT_EQ(remote_cert2->ToPEMString(), |
892 certificate1->ssl_certificate().ToPEMString()); | 893 certificate1->ssl_certificate().ToPEMString()); |
893 } | 894 } |
OLD | NEW |