| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 | 11 |
| 12 #include <algorithm> | 12 #include <algorithm> |
| 13 #include <memory> | 13 #include <memory> |
| 14 #include <set> | 14 #include <set> |
| 15 #include <string> | 15 #include <string> |
| 16 | 16 |
| 17 #include "webrtc/base/bufferqueue.h" | 17 #include "webrtc/base/bufferqueue.h" |
| 18 #include "webrtc/base/gunit.h" | 18 #include "webrtc/base/gunit.h" |
| 19 #include "webrtc/base/helpers.h" | 19 #include "webrtc/base/helpers.h" |
| 20 #include "webrtc/base/ssladapter.h" | 20 #include "webrtc/base/ssladapter.h" |
| 21 #include "webrtc/base/sslconfig.h" | |
| 22 #include "webrtc/base/sslidentity.h" | 21 #include "webrtc/base/sslidentity.h" |
| 23 #include "webrtc/base/sslstreamadapter.h" | 22 #include "webrtc/base/sslstreamadapter.h" |
| 24 #include "webrtc/base/stream.h" | 23 #include "webrtc/base/stream.h" |
| 25 | 24 |
| 26 using ::testing::WithParamInterface; | 25 using ::testing::WithParamInterface; |
| 27 using ::testing::Values; | 26 using ::testing::Values; |
| 28 using ::testing::Combine; | 27 using ::testing::Combine; |
| 29 using ::testing::tuple; | 28 using ::testing::tuple; |
| 30 | 29 |
| 31 static const int kBlockSize = 4096; | 30 static const int kBlockSize = 4096; |
| (...skipping 25 matching lines...) Expand all Loading... |
| 57 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" | 56 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" |
| 58 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" | 57 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" |
| 59 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" | 58 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" |
| 60 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" | 59 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" |
| 61 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" | 60 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" |
| 62 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" | 61 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" |
| 63 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" | 62 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" |
| 64 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" | 63 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" |
| 65 "-----END CERTIFICATE-----\n"; | 64 "-----END CERTIFICATE-----\n"; |
| 66 | 65 |
| 67 #define MAYBE_SKIP_TEST(feature) \ | |
| 68 if (!(rtc::SSLStreamAdapter::feature())) { \ | |
| 69 LOG(LS_INFO) << "Feature disabled... skipping"; \ | |
| 70 return; \ | |
| 71 } | |
| 72 | |
| 73 class SSLStreamAdapterTestBase; | 66 class SSLStreamAdapterTestBase; |
| 74 | 67 |
| 75 class SSLDummyStreamBase : public rtc::StreamInterface, | 68 class SSLDummyStreamBase : public rtc::StreamInterface, |
| 76 public sigslot::has_slots<> { | 69 public sigslot::has_slots<> { |
| 77 public: | 70 public: |
| 78 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, | 71 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, |
| 79 const std::string &side, | 72 const std::string &side, |
| 80 rtc::StreamInterface* in, | 73 rtc::StreamInterface* in, |
| 81 rtc::StreamInterface* out) : | 74 rtc::StreamInterface* out) : |
| 82 test_base_(test), | 75 test_base_(test), |
| (...skipping 872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 955 server_digest_len - 1, &err); | 948 server_digest_len - 1, &err); |
| 956 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); | 949 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); |
| 957 EXPECT_FALSE(rv); | 950 EXPECT_FALSE(rv); |
| 958 } | 951 } |
| 959 | 952 |
| 960 // Test moving a bunch of data | 953 // Test moving a bunch of data |
| 961 | 954 |
| 962 // Basic tests: DTLS | 955 // Basic tests: DTLS |
| 963 // Test that we can make a handshake work | 956 // Test that we can make a handshake work |
| 964 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { | 957 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { |
| 965 MAYBE_SKIP_TEST(HaveDtls); | |
| 966 TestHandshake(); | 958 TestHandshake(); |
| 967 }; | 959 }; |
| 968 | 960 |
| 969 // Test that we can make a handshake work if the first packet in | 961 // Test that we can make a handshake work if the first packet in |
| 970 // each direction is lost. This gives us predictable loss | 962 // each direction is lost. This gives us predictable loss |
| 971 // rather than having to tune random | 963 // rather than having to tune random |
| 972 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { | 964 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { |
| 973 MAYBE_SKIP_TEST(HaveDtls); | |
| 974 SetLoseFirstPacket(true); | 965 SetLoseFirstPacket(true); |
| 975 TestHandshake(); | 966 TestHandshake(); |
| 976 }; | 967 }; |
| 977 | 968 |
| 978 // Test a handshake with loss and delay | 969 // Test a handshake with loss and delay |
| 979 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { | 970 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { |
| 980 MAYBE_SKIP_TEST(HaveDtls); | |
| 981 SetLoseFirstPacket(true); | 971 SetLoseFirstPacket(true); |
| 982 SetDelay(2000); | 972 SetDelay(2000); |
| 983 SetHandshakeWait(20000); | 973 SetHandshakeWait(20000); |
| 984 TestHandshake(); | 974 TestHandshake(); |
| 985 }; | 975 }; |
| 986 | 976 |
| 987 // Test a handshake with small MTU | 977 // Test a handshake with small MTU |
| 988 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 | 978 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 |
| 989 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { | 979 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { |
| 990 MAYBE_SKIP_TEST(HaveDtls); | |
| 991 SetMtu(700); | 980 SetMtu(700); |
| 992 SetHandshakeWait(20000); | 981 SetHandshakeWait(20000); |
| 993 TestHandshake(); | 982 TestHandshake(); |
| 994 }; | 983 }; |
| 995 | 984 |
| 996 // Test transfer -- trivial | 985 // Test transfer -- trivial |
| 997 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { | 986 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { |
| 998 MAYBE_SKIP_TEST(HaveDtls); | |
| 999 TestHandshake(); | 987 TestHandshake(); |
| 1000 TestTransfer(100); | 988 TestTransfer(100); |
| 1001 }; | 989 }; |
| 1002 | 990 |
| 1003 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { | 991 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { |
| 1004 MAYBE_SKIP_TEST(HaveDtls); | |
| 1005 TestHandshake(); | 992 TestHandshake(); |
| 1006 SetLoss(10); | 993 SetLoss(10); |
| 1007 TestTransfer(100); | 994 TestTransfer(100); |
| 1008 }; | 995 }; |
| 1009 | 996 |
| 1010 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { | 997 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { |
| 1011 MAYBE_SKIP_TEST(HaveDtls); | |
| 1012 SetDamage(); // Must be called first because first packet | 998 SetDamage(); // Must be called first because first packet |
| 1013 // write happens at end of handshake. | 999 // write happens at end of handshake. |
| 1014 TestHandshake(); | 1000 TestHandshake(); |
| 1015 TestTransfer(100); | 1001 TestTransfer(100); |
| 1016 }; | 1002 }; |
| 1017 | 1003 |
| 1018 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { | 1004 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { |
| 1019 TestHandshakeWithDelayedIdentity(true); | 1005 TestHandshakeWithDelayedIdentity(true); |
| 1020 }; | 1006 }; |
| 1021 | 1007 |
| 1022 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { | 1008 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { |
| 1023 TestHandshakeWithDelayedIdentity(false); | 1009 TestHandshakeWithDelayedIdentity(false); |
| 1024 }; | 1010 }; |
| 1025 | 1011 |
| 1026 // Test DTLS-SRTP with all high ciphers | 1012 // Test DTLS-SRTP with all high ciphers |
| 1027 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { | 1013 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { |
| 1028 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1029 std::vector<int> high; | 1014 std::vector<int> high; |
| 1030 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1015 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
| 1031 SetDtlsSrtpCryptoSuites(high, true); | 1016 SetDtlsSrtpCryptoSuites(high, true); |
| 1032 SetDtlsSrtpCryptoSuites(high, false); | 1017 SetDtlsSrtpCryptoSuites(high, false); |
| 1033 TestHandshake(); | 1018 TestHandshake(); |
| 1034 | 1019 |
| 1035 int client_cipher; | 1020 int client_cipher; |
| 1036 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1021 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1037 int server_cipher; | 1022 int server_cipher; |
| 1038 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1023 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1039 | 1024 |
| 1040 ASSERT_EQ(client_cipher, server_cipher); | 1025 ASSERT_EQ(client_cipher, server_cipher); |
| 1041 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1026 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
| 1042 }; | 1027 }; |
| 1043 | 1028 |
| 1044 // Test DTLS-SRTP with all low ciphers | 1029 // Test DTLS-SRTP with all low ciphers |
| 1045 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { | 1030 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { |
| 1046 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1047 std::vector<int> low; | 1031 std::vector<int> low; |
| 1048 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1032 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
| 1049 SetDtlsSrtpCryptoSuites(low, true); | 1033 SetDtlsSrtpCryptoSuites(low, true); |
| 1050 SetDtlsSrtpCryptoSuites(low, false); | 1034 SetDtlsSrtpCryptoSuites(low, false); |
| 1051 TestHandshake(); | 1035 TestHandshake(); |
| 1052 | 1036 |
| 1053 int client_cipher; | 1037 int client_cipher; |
| 1054 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1038 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1055 int server_cipher; | 1039 int server_cipher; |
| 1056 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1040 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1057 | 1041 |
| 1058 ASSERT_EQ(client_cipher, server_cipher); | 1042 ASSERT_EQ(client_cipher, server_cipher); |
| 1059 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); | 1043 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); |
| 1060 }; | 1044 }; |
| 1061 | 1045 |
| 1062 // Test DTLS-SRTP with a mismatch -- should not converge | 1046 // Test DTLS-SRTP with a mismatch -- should not converge |
| 1063 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { | 1047 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { |
| 1064 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1065 std::vector<int> high; | 1048 std::vector<int> high; |
| 1066 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1049 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
| 1067 std::vector<int> low; | 1050 std::vector<int> low; |
| 1068 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1051 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
| 1069 SetDtlsSrtpCryptoSuites(high, true); | 1052 SetDtlsSrtpCryptoSuites(high, true); |
| 1070 SetDtlsSrtpCryptoSuites(low, false); | 1053 SetDtlsSrtpCryptoSuites(low, false); |
| 1071 TestHandshake(); | 1054 TestHandshake(); |
| 1072 | 1055 |
| 1073 int client_cipher; | 1056 int client_cipher; |
| 1074 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1057 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1075 int server_cipher; | 1058 int server_cipher; |
| 1076 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1059 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1077 }; | 1060 }; |
| 1078 | 1061 |
| 1079 // Test DTLS-SRTP with each side being mixed -- should select high | 1062 // Test DTLS-SRTP with each side being mixed -- should select high |
| 1080 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { | 1063 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { |
| 1081 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1082 std::vector<int> mixed; | 1064 std::vector<int> mixed; |
| 1083 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1065 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
| 1084 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1066 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
| 1085 SetDtlsSrtpCryptoSuites(mixed, true); | 1067 SetDtlsSrtpCryptoSuites(mixed, true); |
| 1086 SetDtlsSrtpCryptoSuites(mixed, false); | 1068 SetDtlsSrtpCryptoSuites(mixed, false); |
| 1087 TestHandshake(); | 1069 TestHandshake(); |
| 1088 | 1070 |
| 1089 int client_cipher; | 1071 int client_cipher; |
| 1090 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1072 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1091 int server_cipher; | 1073 int server_cipher; |
| 1092 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1074 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1093 | 1075 |
| 1094 ASSERT_EQ(client_cipher, server_cipher); | 1076 ASSERT_EQ(client_cipher, server_cipher); |
| 1095 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1077 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
| 1096 }; | 1078 }; |
| 1097 | 1079 |
| 1098 // Test DTLS-SRTP with all GCM-128 ciphers. | 1080 // Test DTLS-SRTP with all GCM-128 ciphers. |
| 1099 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { | 1081 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { |
| 1100 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1101 std::vector<int> gcm128; | 1082 std::vector<int> gcm128; |
| 1102 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1083 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
| 1103 SetDtlsSrtpCryptoSuites(gcm128, true); | 1084 SetDtlsSrtpCryptoSuites(gcm128, true); |
| 1104 SetDtlsSrtpCryptoSuites(gcm128, false); | 1085 SetDtlsSrtpCryptoSuites(gcm128, false); |
| 1105 TestHandshake(); | 1086 TestHandshake(); |
| 1106 | 1087 |
| 1107 int client_cipher; | 1088 int client_cipher; |
| 1108 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1089 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1109 int server_cipher; | 1090 int server_cipher; |
| 1110 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1091 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1111 | 1092 |
| 1112 ASSERT_EQ(client_cipher, server_cipher); | 1093 ASSERT_EQ(client_cipher, server_cipher); |
| 1113 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); | 1094 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); |
| 1114 }; | 1095 }; |
| 1115 | 1096 |
| 1116 // Test DTLS-SRTP with all GCM-256 ciphers. | 1097 // Test DTLS-SRTP with all GCM-256 ciphers. |
| 1117 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { | 1098 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { |
| 1118 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1119 std::vector<int> gcm256; | 1099 std::vector<int> gcm256; |
| 1120 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1100 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
| 1121 SetDtlsSrtpCryptoSuites(gcm256, true); | 1101 SetDtlsSrtpCryptoSuites(gcm256, true); |
| 1122 SetDtlsSrtpCryptoSuites(gcm256, false); | 1102 SetDtlsSrtpCryptoSuites(gcm256, false); |
| 1123 TestHandshake(); | 1103 TestHandshake(); |
| 1124 | 1104 |
| 1125 int client_cipher; | 1105 int client_cipher; |
| 1126 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1106 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1127 int server_cipher; | 1107 int server_cipher; |
| 1128 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1108 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1129 | 1109 |
| 1130 ASSERT_EQ(client_cipher, server_cipher); | 1110 ASSERT_EQ(client_cipher, server_cipher); |
| 1131 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); | 1111 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); |
| 1132 }; | 1112 }; |
| 1133 | 1113 |
| 1134 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. | 1114 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. |
| 1135 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { | 1115 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { |
| 1136 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1137 std::vector<int> gcm128; | 1116 std::vector<int> gcm128; |
| 1138 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1117 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
| 1139 std::vector<int> gcm256; | 1118 std::vector<int> gcm256; |
| 1140 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1119 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
| 1141 SetDtlsSrtpCryptoSuites(gcm128, true); | 1120 SetDtlsSrtpCryptoSuites(gcm128, true); |
| 1142 SetDtlsSrtpCryptoSuites(gcm256, false); | 1121 SetDtlsSrtpCryptoSuites(gcm256, false); |
| 1143 TestHandshake(); | 1122 TestHandshake(); |
| 1144 | 1123 |
| 1145 int client_cipher; | 1124 int client_cipher; |
| 1146 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1125 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1147 int server_cipher; | 1126 int server_cipher; |
| 1148 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1127 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1149 }; | 1128 }; |
| 1150 | 1129 |
| 1151 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. | 1130 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. |
| 1152 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { | 1131 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { |
| 1153 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1154 std::vector<int> gcmBoth; | 1132 std::vector<int> gcmBoth; |
| 1155 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1133 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
| 1156 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1134 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
| 1157 SetDtlsSrtpCryptoSuites(gcmBoth, true); | 1135 SetDtlsSrtpCryptoSuites(gcmBoth, true); |
| 1158 SetDtlsSrtpCryptoSuites(gcmBoth, false); | 1136 SetDtlsSrtpCryptoSuites(gcmBoth, false); |
| 1159 TestHandshake(); | 1137 TestHandshake(); |
| 1160 | 1138 |
| 1161 int client_cipher; | 1139 int client_cipher; |
| 1162 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1140 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1163 int server_cipher; | 1141 int server_cipher; |
| (...skipping 27 matching lines...) Expand all Loading... |
| 1191 ASSERT_EQ(96/8, salt_len); | 1169 ASSERT_EQ(96/8, salt_len); |
| 1192 | 1170 |
| 1193 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( | 1171 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( |
| 1194 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); | 1172 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); |
| 1195 ASSERT_EQ(256/8, key_len); | 1173 ASSERT_EQ(256/8, key_len); |
| 1196 ASSERT_EQ(96/8, salt_len); | 1174 ASSERT_EQ(96/8, salt_len); |
| 1197 }; | 1175 }; |
| 1198 | 1176 |
| 1199 // Test an exporter | 1177 // Test an exporter |
| 1200 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { | 1178 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { |
| 1201 MAYBE_SKIP_TEST(HaveExporter); | |
| 1202 TestHandshake(); | 1179 TestHandshake(); |
| 1203 unsigned char client_out[20]; | 1180 unsigned char client_out[20]; |
| 1204 unsigned char server_out[20]; | 1181 unsigned char server_out[20]; |
| 1205 | 1182 |
| 1206 bool result; | 1183 bool result; |
| 1207 result = ExportKeyingMaterial(kExporterLabel, | 1184 result = ExportKeyingMaterial(kExporterLabel, |
| 1208 kExporterContext, kExporterContextLen, | 1185 kExporterContext, kExporterContextLen, |
| 1209 true, true, | 1186 true, true, |
| 1210 client_out, sizeof(client_out)); | 1187 client_out, sizeof(client_out)); |
| 1211 ASSERT_TRUE(result); | 1188 ASSERT_TRUE(result); |
| 1212 | 1189 |
| 1213 result = ExportKeyingMaterial(kExporterLabel, | 1190 result = ExportKeyingMaterial(kExporterLabel, |
| 1214 kExporterContext, kExporterContextLen, | 1191 kExporterContext, kExporterContextLen, |
| 1215 true, false, | 1192 true, false, |
| 1216 server_out, sizeof(server_out)); | 1193 server_out, sizeof(server_out)); |
| 1217 ASSERT_TRUE(result); | 1194 ASSERT_TRUE(result); |
| 1218 | 1195 |
| 1219 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); | 1196 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); |
| 1220 } | 1197 } |
| 1221 | 1198 |
| 1222 // Test not yet valid certificates are not rejected. | 1199 // Test not yet valid certificates are not rejected. |
| 1223 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { | 1200 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { |
| 1224 MAYBE_SKIP_TEST(HaveDtls); | |
| 1225 long one_day = 60 * 60 * 24; | 1201 long one_day = 60 * 60 * 24; |
| 1226 // Make the certificates not valid until one day later. | 1202 // Make the certificates not valid until one day later. |
| 1227 ResetIdentitiesWithValidity(one_day, one_day); | 1203 ResetIdentitiesWithValidity(one_day, one_day); |
| 1228 TestHandshake(); | 1204 TestHandshake(); |
| 1229 } | 1205 } |
| 1230 | 1206 |
| 1231 // Test expired certificates are not rejected. | 1207 // Test expired certificates are not rejected. |
| 1232 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { | 1208 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { |
| 1233 MAYBE_SKIP_TEST(HaveDtls); | |
| 1234 long one_day = 60 * 60 * 24; | 1209 long one_day = 60 * 60 * 24; |
| 1235 // Make the certificates already expired. | 1210 // Make the certificates already expired. |
| 1236 ResetIdentitiesWithValidity(-one_day, -one_day); | 1211 ResetIdentitiesWithValidity(-one_day, -one_day); |
| 1237 TestHandshake(); | 1212 TestHandshake(); |
| 1238 } | 1213 } |
| 1239 | 1214 |
| 1240 // Test data transfer using certs created from strings. | 1215 // Test data transfer using certs created from strings. |
| 1241 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { | 1216 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { |
| 1242 MAYBE_SKIP_TEST(HaveDtls); | |
| 1243 TestHandshake(); | 1217 TestHandshake(); |
| 1244 TestTransfer(100); | 1218 TestTransfer(100); |
| 1245 } | 1219 } |
| 1246 | 1220 |
| 1247 // Test getting the remote certificate. | 1221 // Test getting the remote certificate. |
| 1248 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { | 1222 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { |
| 1249 MAYBE_SKIP_TEST(HaveDtls); | |
| 1250 | |
| 1251 // Peer certificates haven't been received yet. | 1223 // Peer certificates haven't been received yet. |
| 1252 ASSERT_FALSE(GetPeerCertificate(true)); | 1224 ASSERT_FALSE(GetPeerCertificate(true)); |
| 1253 ASSERT_FALSE(GetPeerCertificate(false)); | 1225 ASSERT_FALSE(GetPeerCertificate(false)); |
| 1254 | 1226 |
| 1255 TestHandshake(); | 1227 TestHandshake(); |
| 1256 | 1228 |
| 1257 // The client should have a peer certificate after the handshake. | 1229 // The client should have a peer certificate after the handshake. |
| 1258 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = | 1230 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = |
| 1259 GetPeerCertificate(true); | 1231 GetPeerCertificate(true); |
| 1260 ASSERT_TRUE(client_peer_cert); | 1232 ASSERT_TRUE(client_peer_cert); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 1274 // It's kCERT_PEM | 1246 // It's kCERT_PEM |
| 1275 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); | 1247 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); |
| 1276 | 1248 |
| 1277 // It must not have a chain, because the test certs are self-signed. | 1249 // It must not have a chain, because the test certs are self-signed. |
| 1278 ASSERT_FALSE(server_peer_cert->GetChain()); | 1250 ASSERT_FALSE(server_peer_cert->GetChain()); |
| 1279 } | 1251 } |
| 1280 | 1252 |
| 1281 // Test getting the used DTLS ciphers. | 1253 // Test getting the used DTLS ciphers. |
| 1282 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. | 1254 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. |
| 1283 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { | 1255 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { |
| 1284 MAYBE_SKIP_TEST(HaveDtls); | |
| 1285 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); | 1256 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 1286 TestHandshake(); | 1257 TestHandshake(); |
| 1287 | 1258 |
| 1288 int client_cipher; | 1259 int client_cipher; |
| 1289 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1260 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1290 int server_cipher; | 1261 int server_cipher; |
| 1291 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1262 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1292 | 1263 |
| 1293 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1264 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1294 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1265 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| 1295 | 1266 |
| 1296 ASSERT_EQ(client_cipher, server_cipher); | 1267 ASSERT_EQ(client_cipher, server_cipher); |
| 1297 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1268 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1298 server_cipher, ::testing::get<1>(GetParam()).type())); | 1269 server_cipher, ::testing::get<1>(GetParam()).type())); |
| 1299 } | 1270 } |
| 1300 | 1271 |
| 1301 // Test getting the used DTLS 1.2 ciphers. | 1272 // Test getting the used DTLS 1.2 ciphers. |
| 1302 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. | 1273 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. |
| 1303 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { | 1274 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { |
| 1304 MAYBE_SKIP_TEST(HaveDtls); | |
| 1305 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); | 1275 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
| 1306 TestHandshake(); | 1276 TestHandshake(); |
| 1307 | 1277 |
| 1308 int client_cipher; | 1278 int client_cipher; |
| 1309 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1279 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1310 int server_cipher; | 1280 int server_cipher; |
| 1311 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1281 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1312 | 1282 |
| 1313 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); | 1283 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); |
| 1314 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); | 1284 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); |
| 1315 | 1285 |
| 1316 ASSERT_EQ(client_cipher, server_cipher); | 1286 ASSERT_EQ(client_cipher, server_cipher); |
| 1317 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1287 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1318 server_cipher, ::testing::get<1>(GetParam()).type())); | 1288 server_cipher, ::testing::get<1>(GetParam()).type())); |
| 1319 } | 1289 } |
| 1320 | 1290 |
| 1321 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. | 1291 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. |
| 1322 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { | 1292 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { |
| 1323 MAYBE_SKIP_TEST(HaveDtls); | |
| 1324 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); | 1293 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); |
| 1325 TestHandshake(); | 1294 TestHandshake(); |
| 1326 | 1295 |
| 1327 int client_cipher; | 1296 int client_cipher; |
| 1328 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1297 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1329 int server_cipher; | 1298 int server_cipher; |
| 1330 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1299 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1331 | 1300 |
| 1332 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1301 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1333 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1302 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| 1334 | 1303 |
| 1335 ASSERT_EQ(client_cipher, server_cipher); | 1304 ASSERT_EQ(client_cipher, server_cipher); |
| 1336 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1305 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1337 server_cipher, ::testing::get<1>(GetParam()).type())); | 1306 server_cipher, ::testing::get<1>(GetParam()).type())); |
| 1338 } | 1307 } |
| 1339 | 1308 |
| 1340 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. | 1309 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. |
| 1341 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { | 1310 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { |
| 1342 MAYBE_SKIP_TEST(HaveDtls); | |
| 1343 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); | 1311 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); |
| 1344 TestHandshake(); | 1312 TestHandshake(); |
| 1345 | 1313 |
| 1346 int client_cipher; | 1314 int client_cipher; |
| 1347 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1315 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1348 int server_cipher; | 1316 int server_cipher; |
| 1349 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1317 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1350 | 1318 |
| 1351 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1319 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1352 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1320 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 1370 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1338 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
| 1371 INSTANTIATE_TEST_CASE_P( | 1339 INSTANTIATE_TEST_CASE_P( |
| 1372 SSLStreamAdapterTestsDTLS, | 1340 SSLStreamAdapterTestsDTLS, |
| 1373 SSLStreamAdapterTestDTLS, | 1341 SSLStreamAdapterTestDTLS, |
| 1374 Combine(Values(rtc::KeyParams::RSA(1024, 65537), | 1342 Combine(Values(rtc::KeyParams::RSA(1024, 65537), |
| 1375 rtc::KeyParams::RSA(1152, 65537), | 1343 rtc::KeyParams::RSA(1152, 65537), |
| 1376 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), | 1344 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), |
| 1377 Values(rtc::KeyParams::RSA(1024, 65537), | 1345 Values(rtc::KeyParams::RSA(1024, 65537), |
| 1378 rtc::KeyParams::RSA(1152, 65537), | 1346 rtc::KeyParams::RSA(1152, 65537), |
| 1379 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1347 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2640513002:
Relanding: Removing #defines previously used for building without BoringSSL/OpenSSL. (Closed)
