OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 | 11 |
12 #include <algorithm> | 12 #include <algorithm> |
13 #include <memory> | 13 #include <memory> |
14 #include <set> | 14 #include <set> |
15 #include <string> | 15 #include <string> |
16 | 16 |
17 #include "webrtc/base/bufferqueue.h" | 17 #include "webrtc/base/bufferqueue.h" |
18 #include "webrtc/base/checks.h" | 18 #include "webrtc/base/checks.h" |
19 #include "webrtc/base/gunit.h" | 19 #include "webrtc/base/gunit.h" |
20 #include "webrtc/base/helpers.h" | 20 #include "webrtc/base/helpers.h" |
21 #include "webrtc/base/ssladapter.h" | 21 #include "webrtc/base/ssladapter.h" |
22 #include "webrtc/base/sslconfig.h" | |
23 #include "webrtc/base/sslidentity.h" | 22 #include "webrtc/base/sslidentity.h" |
24 #include "webrtc/base/sslstreamadapter.h" | 23 #include "webrtc/base/sslstreamadapter.h" |
25 #include "webrtc/base/stream.h" | 24 #include "webrtc/base/stream.h" |
26 | 25 |
27 using ::testing::WithParamInterface; | 26 using ::testing::WithParamInterface; |
28 using ::testing::Values; | 27 using ::testing::Values; |
29 using ::testing::Combine; | 28 using ::testing::Combine; |
30 using ::testing::tuple; | 29 using ::testing::tuple; |
31 | 30 |
32 static const int kBlockSize = 4096; | 31 static const int kBlockSize = 4096; |
(...skipping 25 matching lines...) Expand all Loading... |
58 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" | 57 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" |
59 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" | 58 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" |
60 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" | 59 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" |
61 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" | 60 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" |
62 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" | 61 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" |
63 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" | 62 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" |
64 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" | 63 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" |
65 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" | 64 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" |
66 "-----END CERTIFICATE-----\n"; | 65 "-----END CERTIFICATE-----\n"; |
67 | 66 |
68 #define MAYBE_SKIP_TEST(feature) \ | |
69 if (!(rtc::SSLStreamAdapter::feature())) { \ | |
70 LOG(LS_INFO) << "Feature disabled... skipping"; \ | |
71 return; \ | |
72 } | |
73 | |
74 class SSLStreamAdapterTestBase; | 67 class SSLStreamAdapterTestBase; |
75 | 68 |
76 class SSLDummyStreamBase : public rtc::StreamInterface, | 69 class SSLDummyStreamBase : public rtc::StreamInterface, |
77 public sigslot::has_slots<> { | 70 public sigslot::has_slots<> { |
78 public: | 71 public: |
79 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, | 72 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, |
80 const std::string &side, | 73 const std::string &side, |
81 rtc::StreamInterface* in, | 74 rtc::StreamInterface* in, |
82 rtc::StreamInterface* out) : | 75 rtc::StreamInterface* out) : |
83 test_base_(test), | 76 test_base_(test), |
(...skipping 872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
956 server_digest_len - 1, &err); | 949 server_digest_len - 1, &err); |
957 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); | 950 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); |
958 EXPECT_FALSE(rv); | 951 EXPECT_FALSE(rv); |
959 } | 952 } |
960 | 953 |
961 // Test moving a bunch of data | 954 // Test moving a bunch of data |
962 | 955 |
963 // Basic tests: DTLS | 956 // Basic tests: DTLS |
964 // Test that we can make a handshake work | 957 // Test that we can make a handshake work |
965 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { | 958 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { |
966 MAYBE_SKIP_TEST(HaveDtls); | |
967 TestHandshake(); | 959 TestHandshake(); |
968 }; | 960 }; |
969 | 961 |
970 // Test that we can make a handshake work if the first packet in | 962 // Test that we can make a handshake work if the first packet in |
971 // each direction is lost. This gives us predictable loss | 963 // each direction is lost. This gives us predictable loss |
972 // rather than having to tune random | 964 // rather than having to tune random |
973 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { | 965 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { |
974 MAYBE_SKIP_TEST(HaveDtls); | |
975 SetLoseFirstPacket(true); | 966 SetLoseFirstPacket(true); |
976 TestHandshake(); | 967 TestHandshake(); |
977 }; | 968 }; |
978 | 969 |
979 // Test a handshake with loss and delay | 970 // Test a handshake with loss and delay |
980 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { | 971 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { |
981 MAYBE_SKIP_TEST(HaveDtls); | |
982 SetLoseFirstPacket(true); | 972 SetLoseFirstPacket(true); |
983 SetDelay(2000); | 973 SetDelay(2000); |
984 SetHandshakeWait(20000); | 974 SetHandshakeWait(20000); |
985 TestHandshake(); | 975 TestHandshake(); |
986 }; | 976 }; |
987 | 977 |
988 // Test a handshake with small MTU | 978 // Test a handshake with small MTU |
989 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 | 979 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 |
990 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { | 980 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { |
991 MAYBE_SKIP_TEST(HaveDtls); | |
992 SetMtu(700); | 981 SetMtu(700); |
993 SetHandshakeWait(20000); | 982 SetHandshakeWait(20000); |
994 TestHandshake(); | 983 TestHandshake(); |
995 }; | 984 }; |
996 | 985 |
997 // Test transfer -- trivial | 986 // Test transfer -- trivial |
998 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { | 987 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { |
999 MAYBE_SKIP_TEST(HaveDtls); | |
1000 TestHandshake(); | 988 TestHandshake(); |
1001 TestTransfer(100); | 989 TestTransfer(100); |
1002 }; | 990 }; |
1003 | 991 |
1004 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { | 992 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { |
1005 MAYBE_SKIP_TEST(HaveDtls); | |
1006 TestHandshake(); | 993 TestHandshake(); |
1007 SetLoss(10); | 994 SetLoss(10); |
1008 TestTransfer(100); | 995 TestTransfer(100); |
1009 }; | 996 }; |
1010 | 997 |
1011 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { | 998 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { |
1012 MAYBE_SKIP_TEST(HaveDtls); | |
1013 SetDamage(); // Must be called first because first packet | 999 SetDamage(); // Must be called first because first packet |
1014 // write happens at end of handshake. | 1000 // write happens at end of handshake. |
1015 TestHandshake(); | 1001 TestHandshake(); |
1016 TestTransfer(100); | 1002 TestTransfer(100); |
1017 }; | 1003 }; |
1018 | 1004 |
1019 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { | 1005 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { |
1020 TestHandshakeWithDelayedIdentity(true); | 1006 TestHandshakeWithDelayedIdentity(true); |
1021 }; | 1007 }; |
1022 | 1008 |
1023 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { | 1009 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { |
1024 TestHandshakeWithDelayedIdentity(false); | 1010 TestHandshakeWithDelayedIdentity(false); |
1025 }; | 1011 }; |
1026 | 1012 |
1027 // Test DTLS-SRTP with all high ciphers | 1013 // Test DTLS-SRTP with all high ciphers |
1028 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { | 1014 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { |
1029 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
1030 std::vector<int> high; | 1015 std::vector<int> high; |
1031 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1016 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
1032 SetDtlsSrtpCryptoSuites(high, true); | 1017 SetDtlsSrtpCryptoSuites(high, true); |
1033 SetDtlsSrtpCryptoSuites(high, false); | 1018 SetDtlsSrtpCryptoSuites(high, false); |
1034 TestHandshake(); | 1019 TestHandshake(); |
1035 | 1020 |
1036 int client_cipher; | 1021 int client_cipher; |
1037 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1022 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1038 int server_cipher; | 1023 int server_cipher; |
1039 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1024 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1040 | 1025 |
1041 ASSERT_EQ(client_cipher, server_cipher); | 1026 ASSERT_EQ(client_cipher, server_cipher); |
1042 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1027 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
1043 }; | 1028 }; |
1044 | 1029 |
1045 // Test DTLS-SRTP with all low ciphers | 1030 // Test DTLS-SRTP with all low ciphers |
1046 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { | 1031 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { |
1047 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
1048 std::vector<int> low; | 1032 std::vector<int> low; |
1049 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1033 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
1050 SetDtlsSrtpCryptoSuites(low, true); | 1034 SetDtlsSrtpCryptoSuites(low, true); |
1051 SetDtlsSrtpCryptoSuites(low, false); | 1035 SetDtlsSrtpCryptoSuites(low, false); |
1052 TestHandshake(); | 1036 TestHandshake(); |
1053 | 1037 |
1054 int client_cipher; | 1038 int client_cipher; |
1055 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1039 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1056 int server_cipher; | 1040 int server_cipher; |
1057 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1041 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1058 | 1042 |
1059 ASSERT_EQ(client_cipher, server_cipher); | 1043 ASSERT_EQ(client_cipher, server_cipher); |
1060 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); | 1044 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); |
1061 }; | 1045 }; |
1062 | 1046 |
1063 // Test DTLS-SRTP with a mismatch -- should not converge | 1047 // Test DTLS-SRTP with a mismatch -- should not converge |
1064 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { | 1048 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { |
1065 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
1066 std::vector<int> high; | 1049 std::vector<int> high; |
1067 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1050 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
1068 std::vector<int> low; | 1051 std::vector<int> low; |
1069 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1052 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
1070 SetDtlsSrtpCryptoSuites(high, true); | 1053 SetDtlsSrtpCryptoSuites(high, true); |
1071 SetDtlsSrtpCryptoSuites(low, false); | 1054 SetDtlsSrtpCryptoSuites(low, false); |
1072 TestHandshake(); | 1055 TestHandshake(); |
1073 | 1056 |
1074 int client_cipher; | 1057 int client_cipher; |
1075 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1058 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1076 int server_cipher; | 1059 int server_cipher; |
1077 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1060 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1078 }; | 1061 }; |
1079 | 1062 |
1080 // Test DTLS-SRTP with each side being mixed -- should select high | 1063 // Test DTLS-SRTP with each side being mixed -- should select high |
1081 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { | 1064 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { |
1082 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
1083 std::vector<int> mixed; | 1065 std::vector<int> mixed; |
1084 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1066 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
1085 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1067 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
1086 SetDtlsSrtpCryptoSuites(mixed, true); | 1068 SetDtlsSrtpCryptoSuites(mixed, true); |
1087 SetDtlsSrtpCryptoSuites(mixed, false); | 1069 SetDtlsSrtpCryptoSuites(mixed, false); |
1088 TestHandshake(); | 1070 TestHandshake(); |
1089 | 1071 |
1090 int client_cipher; | 1072 int client_cipher; |
1091 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1073 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1092 int server_cipher; | 1074 int server_cipher; |
1093 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1075 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1094 | 1076 |
1095 ASSERT_EQ(client_cipher, server_cipher); | 1077 ASSERT_EQ(client_cipher, server_cipher); |
1096 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1078 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
1097 }; | 1079 }; |
1098 | 1080 |
1099 // Test DTLS-SRTP with all GCM-128 ciphers. | 1081 // Test DTLS-SRTP with all GCM-128 ciphers. |
1100 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { | 1082 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { |
1101 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
1102 std::vector<int> gcm128; | 1083 std::vector<int> gcm128; |
1103 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1084 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
1104 SetDtlsSrtpCryptoSuites(gcm128, true); | 1085 SetDtlsSrtpCryptoSuites(gcm128, true); |
1105 SetDtlsSrtpCryptoSuites(gcm128, false); | 1086 SetDtlsSrtpCryptoSuites(gcm128, false); |
1106 TestHandshake(); | 1087 TestHandshake(); |
1107 | 1088 |
1108 int client_cipher; | 1089 int client_cipher; |
1109 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1090 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1110 int server_cipher; | 1091 int server_cipher; |
1111 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1092 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1112 | 1093 |
1113 ASSERT_EQ(client_cipher, server_cipher); | 1094 ASSERT_EQ(client_cipher, server_cipher); |
1114 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); | 1095 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); |
1115 }; | 1096 }; |
1116 | 1097 |
1117 // Test DTLS-SRTP with all GCM-256 ciphers. | 1098 // Test DTLS-SRTP with all GCM-256 ciphers. |
1118 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { | 1099 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { |
1119 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
1120 std::vector<int> gcm256; | 1100 std::vector<int> gcm256; |
1121 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1101 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
1122 SetDtlsSrtpCryptoSuites(gcm256, true); | 1102 SetDtlsSrtpCryptoSuites(gcm256, true); |
1123 SetDtlsSrtpCryptoSuites(gcm256, false); | 1103 SetDtlsSrtpCryptoSuites(gcm256, false); |
1124 TestHandshake(); | 1104 TestHandshake(); |
1125 | 1105 |
1126 int client_cipher; | 1106 int client_cipher; |
1127 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1107 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1128 int server_cipher; | 1108 int server_cipher; |
1129 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1109 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1130 | 1110 |
1131 ASSERT_EQ(client_cipher, server_cipher); | 1111 ASSERT_EQ(client_cipher, server_cipher); |
1132 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); | 1112 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); |
1133 }; | 1113 }; |
1134 | 1114 |
1135 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. | 1115 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. |
1136 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { | 1116 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { |
1137 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
1138 std::vector<int> gcm128; | 1117 std::vector<int> gcm128; |
1139 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1118 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
1140 std::vector<int> gcm256; | 1119 std::vector<int> gcm256; |
1141 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1120 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
1142 SetDtlsSrtpCryptoSuites(gcm128, true); | 1121 SetDtlsSrtpCryptoSuites(gcm128, true); |
1143 SetDtlsSrtpCryptoSuites(gcm256, false); | 1122 SetDtlsSrtpCryptoSuites(gcm256, false); |
1144 TestHandshake(); | 1123 TestHandshake(); |
1145 | 1124 |
1146 int client_cipher; | 1125 int client_cipher; |
1147 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1126 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1148 int server_cipher; | 1127 int server_cipher; |
1149 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1128 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1150 }; | 1129 }; |
1151 | 1130 |
1152 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. | 1131 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. |
1153 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { | 1132 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { |
1154 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
1155 std::vector<int> gcmBoth; | 1133 std::vector<int> gcmBoth; |
1156 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1134 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
1157 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1135 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
1158 SetDtlsSrtpCryptoSuites(gcmBoth, true); | 1136 SetDtlsSrtpCryptoSuites(gcmBoth, true); |
1159 SetDtlsSrtpCryptoSuites(gcmBoth, false); | 1137 SetDtlsSrtpCryptoSuites(gcmBoth, false); |
1160 TestHandshake(); | 1138 TestHandshake(); |
1161 | 1139 |
1162 int client_cipher; | 1140 int client_cipher; |
1163 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1141 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1164 int server_cipher; | 1142 int server_cipher; |
(...skipping 27 matching lines...) Expand all Loading... |
1192 ASSERT_EQ(96/8, salt_len); | 1170 ASSERT_EQ(96/8, salt_len); |
1193 | 1171 |
1194 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( | 1172 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( |
1195 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); | 1173 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); |
1196 ASSERT_EQ(256/8, key_len); | 1174 ASSERT_EQ(256/8, key_len); |
1197 ASSERT_EQ(96/8, salt_len); | 1175 ASSERT_EQ(96/8, salt_len); |
1198 }; | 1176 }; |
1199 | 1177 |
1200 // Test an exporter | 1178 // Test an exporter |
1201 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { | 1179 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { |
1202 MAYBE_SKIP_TEST(HaveExporter); | |
1203 TestHandshake(); | 1180 TestHandshake(); |
1204 unsigned char client_out[20]; | 1181 unsigned char client_out[20]; |
1205 unsigned char server_out[20]; | 1182 unsigned char server_out[20]; |
1206 | 1183 |
1207 bool result; | 1184 bool result; |
1208 result = ExportKeyingMaterial(kExporterLabel, | 1185 result = ExportKeyingMaterial(kExporterLabel, |
1209 kExporterContext, kExporterContextLen, | 1186 kExporterContext, kExporterContextLen, |
1210 true, true, | 1187 true, true, |
1211 client_out, sizeof(client_out)); | 1188 client_out, sizeof(client_out)); |
1212 ASSERT_TRUE(result); | 1189 ASSERT_TRUE(result); |
1213 | 1190 |
1214 result = ExportKeyingMaterial(kExporterLabel, | 1191 result = ExportKeyingMaterial(kExporterLabel, |
1215 kExporterContext, kExporterContextLen, | 1192 kExporterContext, kExporterContextLen, |
1216 true, false, | 1193 true, false, |
1217 server_out, sizeof(server_out)); | 1194 server_out, sizeof(server_out)); |
1218 ASSERT_TRUE(result); | 1195 ASSERT_TRUE(result); |
1219 | 1196 |
1220 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); | 1197 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); |
1221 } | 1198 } |
1222 | 1199 |
1223 // Test not yet valid certificates are not rejected. | 1200 // Test not yet valid certificates are not rejected. |
1224 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { | 1201 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { |
1225 MAYBE_SKIP_TEST(HaveDtls); | |
1226 long one_day = 60 * 60 * 24; | 1202 long one_day = 60 * 60 * 24; |
1227 // Make the certificates not valid until one day later. | 1203 // Make the certificates not valid until one day later. |
1228 ResetIdentitiesWithValidity(one_day, one_day); | 1204 ResetIdentitiesWithValidity(one_day, one_day); |
1229 TestHandshake(); | 1205 TestHandshake(); |
1230 } | 1206 } |
1231 | 1207 |
1232 // Test expired certificates are not rejected. | 1208 // Test expired certificates are not rejected. |
1233 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { | 1209 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { |
1234 MAYBE_SKIP_TEST(HaveDtls); | |
1235 long one_day = 60 * 60 * 24; | 1210 long one_day = 60 * 60 * 24; |
1236 // Make the certificates already expired. | 1211 // Make the certificates already expired. |
1237 ResetIdentitiesWithValidity(-one_day, -one_day); | 1212 ResetIdentitiesWithValidity(-one_day, -one_day); |
1238 TestHandshake(); | 1213 TestHandshake(); |
1239 } | 1214 } |
1240 | 1215 |
1241 // Test data transfer using certs created from strings. | 1216 // Test data transfer using certs created from strings. |
1242 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { | 1217 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { |
1243 MAYBE_SKIP_TEST(HaveDtls); | |
1244 TestHandshake(); | 1218 TestHandshake(); |
1245 TestTransfer(100); | 1219 TestTransfer(100); |
1246 } | 1220 } |
1247 | 1221 |
1248 // Test getting the remote certificate. | 1222 // Test getting the remote certificate. |
1249 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { | 1223 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { |
1250 MAYBE_SKIP_TEST(HaveDtls); | |
1251 | |
1252 // Peer certificates haven't been received yet. | 1224 // Peer certificates haven't been received yet. |
1253 ASSERT_FALSE(GetPeerCertificate(true)); | 1225 ASSERT_FALSE(GetPeerCertificate(true)); |
1254 ASSERT_FALSE(GetPeerCertificate(false)); | 1226 ASSERT_FALSE(GetPeerCertificate(false)); |
1255 | 1227 |
1256 TestHandshake(); | 1228 TestHandshake(); |
1257 | 1229 |
1258 // The client should have a peer certificate after the handshake. | 1230 // The client should have a peer certificate after the handshake. |
1259 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = | 1231 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = |
1260 GetPeerCertificate(true); | 1232 GetPeerCertificate(true); |
1261 ASSERT_TRUE(client_peer_cert); | 1233 ASSERT_TRUE(client_peer_cert); |
(...skipping 13 matching lines...) Expand all Loading... |
1275 // It's kCERT_PEM | 1247 // It's kCERT_PEM |
1276 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); | 1248 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); |
1277 | 1249 |
1278 // It must not have a chain, because the test certs are self-signed. | 1250 // It must not have a chain, because the test certs are self-signed. |
1279 ASSERT_FALSE(server_peer_cert->GetChain()); | 1251 ASSERT_FALSE(server_peer_cert->GetChain()); |
1280 } | 1252 } |
1281 | 1253 |
1282 // Test getting the used DTLS ciphers. | 1254 // Test getting the used DTLS ciphers. |
1283 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. | 1255 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. |
1284 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { | 1256 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { |
1285 MAYBE_SKIP_TEST(HaveDtls); | |
1286 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); | 1257 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
1287 TestHandshake(); | 1258 TestHandshake(); |
1288 | 1259 |
1289 int client_cipher; | 1260 int client_cipher; |
1290 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1261 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
1291 int server_cipher; | 1262 int server_cipher; |
1292 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1263 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
1293 | 1264 |
1294 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1265 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
1295 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1266 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
1296 | 1267 |
1297 ASSERT_EQ(client_cipher, server_cipher); | 1268 ASSERT_EQ(client_cipher, server_cipher); |
1298 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1269 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
1299 server_cipher, ::testing::get<1>(GetParam()).type())); | 1270 server_cipher, ::testing::get<1>(GetParam()).type())); |
1300 } | 1271 } |
1301 | 1272 |
1302 // Test getting the used DTLS 1.2 ciphers. | 1273 // Test getting the used DTLS 1.2 ciphers. |
1303 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. | 1274 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. |
1304 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { | 1275 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { |
1305 MAYBE_SKIP_TEST(HaveDtls); | |
1306 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); | 1276 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
1307 TestHandshake(); | 1277 TestHandshake(); |
1308 | 1278 |
1309 int client_cipher; | 1279 int client_cipher; |
1310 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1280 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
1311 int server_cipher; | 1281 int server_cipher; |
1312 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1282 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
1313 | 1283 |
1314 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); | 1284 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); |
1315 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); | 1285 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); |
1316 | 1286 |
1317 ASSERT_EQ(client_cipher, server_cipher); | 1287 ASSERT_EQ(client_cipher, server_cipher); |
1318 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1288 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
1319 server_cipher, ::testing::get<1>(GetParam()).type())); | 1289 server_cipher, ::testing::get<1>(GetParam()).type())); |
1320 } | 1290 } |
1321 | 1291 |
1322 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. | 1292 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. |
1323 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { | 1293 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { |
1324 MAYBE_SKIP_TEST(HaveDtls); | |
1325 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); | 1294 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); |
1326 TestHandshake(); | 1295 TestHandshake(); |
1327 | 1296 |
1328 int client_cipher; | 1297 int client_cipher; |
1329 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1298 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
1330 int server_cipher; | 1299 int server_cipher; |
1331 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1300 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
1332 | 1301 |
1333 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1302 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
1334 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1303 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
1335 | 1304 |
1336 ASSERT_EQ(client_cipher, server_cipher); | 1305 ASSERT_EQ(client_cipher, server_cipher); |
1337 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1306 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
1338 server_cipher, ::testing::get<1>(GetParam()).type())); | 1307 server_cipher, ::testing::get<1>(GetParam()).type())); |
1339 } | 1308 } |
1340 | 1309 |
1341 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. | 1310 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. |
1342 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { | 1311 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { |
1343 MAYBE_SKIP_TEST(HaveDtls); | |
1344 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); | 1312 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); |
1345 TestHandshake(); | 1313 TestHandshake(); |
1346 | 1314 |
1347 int client_cipher; | 1315 int client_cipher; |
1348 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1316 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
1349 int server_cipher; | 1317 int server_cipher; |
1350 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1318 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
1351 | 1319 |
1352 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1320 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
1353 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1321 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
(...skipping 17 matching lines...) Expand all Loading... |
1371 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1339 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
1372 INSTANTIATE_TEST_CASE_P( | 1340 INSTANTIATE_TEST_CASE_P( |
1373 SSLStreamAdapterTestsDTLS, | 1341 SSLStreamAdapterTestsDTLS, |
1374 SSLStreamAdapterTestDTLS, | 1342 SSLStreamAdapterTestDTLS, |
1375 Combine(Values(rtc::KeyParams::RSA(1024, 65537), | 1343 Combine(Values(rtc::KeyParams::RSA(1024, 65537), |
1376 rtc::KeyParams::RSA(1152, 65537), | 1344 rtc::KeyParams::RSA(1152, 65537), |
1377 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), | 1345 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), |
1378 Values(rtc::KeyParams::RSA(1024, 65537), | 1346 Values(rtc::KeyParams::RSA(1024, 65537), |
1379 rtc::KeyParams::RSA(1152, 65537), | 1347 rtc::KeyParams::RSA(1152, 65537), |
1380 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1348 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
OLD | NEW |