| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 | 11 |
| 12 #include <algorithm> | 12 #include <algorithm> |
| 13 #include <memory> | 13 #include <memory> |
| 14 #include <set> | 14 #include <set> |
| 15 #include <string> | 15 #include <string> |
| 16 | 16 |
| 17 #include "webrtc/base/bufferqueue.h" | 17 #include "webrtc/base/bufferqueue.h" |
| 18 #include "webrtc/base/checks.h" | 18 #include "webrtc/base/checks.h" |
| 19 #include "webrtc/base/gunit.h" | 19 #include "webrtc/base/gunit.h" |
| 20 #include "webrtc/base/helpers.h" | 20 #include "webrtc/base/helpers.h" |
| 21 #include "webrtc/base/ssladapter.h" | 21 #include "webrtc/base/ssladapter.h" |
| 22 #include "webrtc/base/sslconfig.h" | |
| 23 #include "webrtc/base/sslidentity.h" | 22 #include "webrtc/base/sslidentity.h" |
| 24 #include "webrtc/base/sslstreamadapter.h" | 23 #include "webrtc/base/sslstreamadapter.h" |
| 25 #include "webrtc/base/stream.h" | 24 #include "webrtc/base/stream.h" |
| 26 | 25 |
| 27 using ::testing::WithParamInterface; | 26 using ::testing::WithParamInterface; |
| 28 using ::testing::Values; | 27 using ::testing::Values; |
| 29 using ::testing::Combine; | 28 using ::testing::Combine; |
| 30 using ::testing::tuple; | 29 using ::testing::tuple; |
| 31 | 30 |
| 32 static const int kBlockSize = 4096; | 31 static const int kBlockSize = 4096; |
| (...skipping 25 matching lines...) Expand all Loading... |
| 58 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" | 57 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" |
| 59 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" | 58 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" |
| 60 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" | 59 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" |
| 61 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" | 60 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" |
| 62 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" | 61 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" |
| 63 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" | 62 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" |
| 64 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" | 63 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" |
| 65 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" | 64 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" |
| 66 "-----END CERTIFICATE-----\n"; | 65 "-----END CERTIFICATE-----\n"; |
| 67 | 66 |
| 68 #define MAYBE_SKIP_TEST(feature) \ | |
| 69 if (!(rtc::SSLStreamAdapter::feature())) { \ | |
| 70 LOG(LS_INFO) << "Feature disabled... skipping"; \ | |
| 71 return; \ | |
| 72 } | |
| 73 | |
| 74 class SSLStreamAdapterTestBase; | 67 class SSLStreamAdapterTestBase; |
| 75 | 68 |
| 76 class SSLDummyStreamBase : public rtc::StreamInterface, | 69 class SSLDummyStreamBase : public rtc::StreamInterface, |
| 77 public sigslot::has_slots<> { | 70 public sigslot::has_slots<> { |
| 78 public: | 71 public: |
| 79 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, | 72 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, |
| 80 const std::string &side, | 73 const std::string &side, |
| 81 rtc::StreamInterface* in, | 74 rtc::StreamInterface* in, |
| 82 rtc::StreamInterface* out) : | 75 rtc::StreamInterface* out) : |
| 83 test_base_(test), | 76 test_base_(test), |
| (...skipping 872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 956 server_digest_len - 1, &err); | 949 server_digest_len - 1, &err); |
| 957 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); | 950 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); |
| 958 EXPECT_FALSE(rv); | 951 EXPECT_FALSE(rv); |
| 959 } | 952 } |
| 960 | 953 |
| 961 // Test moving a bunch of data | 954 // Test moving a bunch of data |
| 962 | 955 |
| 963 // Basic tests: DTLS | 956 // Basic tests: DTLS |
| 964 // Test that we can make a handshake work | 957 // Test that we can make a handshake work |
| 965 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { | 958 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { |
| 966 MAYBE_SKIP_TEST(HaveDtls); | |
| 967 TestHandshake(); | 959 TestHandshake(); |
| 968 }; | 960 }; |
| 969 | 961 |
| 970 // Test that we can make a handshake work if the first packet in | 962 // Test that we can make a handshake work if the first packet in |
| 971 // each direction is lost. This gives us predictable loss | 963 // each direction is lost. This gives us predictable loss |
| 972 // rather than having to tune random | 964 // rather than having to tune random |
| 973 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { | 965 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { |
| 974 MAYBE_SKIP_TEST(HaveDtls); | |
| 975 SetLoseFirstPacket(true); | 966 SetLoseFirstPacket(true); |
| 976 TestHandshake(); | 967 TestHandshake(); |
| 977 }; | 968 }; |
| 978 | 969 |
| 979 // Test a handshake with loss and delay | 970 // Test a handshake with loss and delay |
| 980 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { | 971 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { |
| 981 MAYBE_SKIP_TEST(HaveDtls); | |
| 982 SetLoseFirstPacket(true); | 972 SetLoseFirstPacket(true); |
| 983 SetDelay(2000); | 973 SetDelay(2000); |
| 984 SetHandshakeWait(20000); | 974 SetHandshakeWait(20000); |
| 985 TestHandshake(); | 975 TestHandshake(); |
| 986 }; | 976 }; |
| 987 | 977 |
| 988 // Test a handshake with small MTU | 978 // Test a handshake with small MTU |
| 989 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 | 979 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 |
| 990 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { | 980 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { |
| 991 MAYBE_SKIP_TEST(HaveDtls); | |
| 992 SetMtu(700); | 981 SetMtu(700); |
| 993 SetHandshakeWait(20000); | 982 SetHandshakeWait(20000); |
| 994 TestHandshake(); | 983 TestHandshake(); |
| 995 }; | 984 }; |
| 996 | 985 |
| 997 // Test transfer -- trivial | 986 // Test transfer -- trivial |
| 998 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { | 987 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { |
| 999 MAYBE_SKIP_TEST(HaveDtls); | |
| 1000 TestHandshake(); | 988 TestHandshake(); |
| 1001 TestTransfer(100); | 989 TestTransfer(100); |
| 1002 }; | 990 }; |
| 1003 | 991 |
| 1004 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { | 992 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { |
| 1005 MAYBE_SKIP_TEST(HaveDtls); | |
| 1006 TestHandshake(); | 993 TestHandshake(); |
| 1007 SetLoss(10); | 994 SetLoss(10); |
| 1008 TestTransfer(100); | 995 TestTransfer(100); |
| 1009 }; | 996 }; |
| 1010 | 997 |
| 1011 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { | 998 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { |
| 1012 MAYBE_SKIP_TEST(HaveDtls); | |
| 1013 SetDamage(); // Must be called first because first packet | 999 SetDamage(); // Must be called first because first packet |
| 1014 // write happens at end of handshake. | 1000 // write happens at end of handshake. |
| 1015 TestHandshake(); | 1001 TestHandshake(); |
| 1016 TestTransfer(100); | 1002 TestTransfer(100); |
| 1017 }; | 1003 }; |
| 1018 | 1004 |
| 1019 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { | 1005 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { |
| 1020 TestHandshakeWithDelayedIdentity(true); | 1006 TestHandshakeWithDelayedIdentity(true); |
| 1021 }; | 1007 }; |
| 1022 | 1008 |
| 1023 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { | 1009 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { |
| 1024 TestHandshakeWithDelayedIdentity(false); | 1010 TestHandshakeWithDelayedIdentity(false); |
| 1025 }; | 1011 }; |
| 1026 | 1012 |
| 1027 // Test DTLS-SRTP with all high ciphers | 1013 // Test DTLS-SRTP with all high ciphers |
| 1028 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { | 1014 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { |
| 1029 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1030 std::vector<int> high; | 1015 std::vector<int> high; |
| 1031 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1016 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
| 1032 SetDtlsSrtpCryptoSuites(high, true); | 1017 SetDtlsSrtpCryptoSuites(high, true); |
| 1033 SetDtlsSrtpCryptoSuites(high, false); | 1018 SetDtlsSrtpCryptoSuites(high, false); |
| 1034 TestHandshake(); | 1019 TestHandshake(); |
| 1035 | 1020 |
| 1036 int client_cipher; | 1021 int client_cipher; |
| 1037 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1022 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1038 int server_cipher; | 1023 int server_cipher; |
| 1039 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1024 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1040 | 1025 |
| 1041 ASSERT_EQ(client_cipher, server_cipher); | 1026 ASSERT_EQ(client_cipher, server_cipher); |
| 1042 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1027 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
| 1043 }; | 1028 }; |
| 1044 | 1029 |
| 1045 // Test DTLS-SRTP with all low ciphers | 1030 // Test DTLS-SRTP with all low ciphers |
| 1046 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { | 1031 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { |
| 1047 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1048 std::vector<int> low; | 1032 std::vector<int> low; |
| 1049 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1033 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
| 1050 SetDtlsSrtpCryptoSuites(low, true); | 1034 SetDtlsSrtpCryptoSuites(low, true); |
| 1051 SetDtlsSrtpCryptoSuites(low, false); | 1035 SetDtlsSrtpCryptoSuites(low, false); |
| 1052 TestHandshake(); | 1036 TestHandshake(); |
| 1053 | 1037 |
| 1054 int client_cipher; | 1038 int client_cipher; |
| 1055 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1039 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1056 int server_cipher; | 1040 int server_cipher; |
| 1057 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1041 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1058 | 1042 |
| 1059 ASSERT_EQ(client_cipher, server_cipher); | 1043 ASSERT_EQ(client_cipher, server_cipher); |
| 1060 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); | 1044 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); |
| 1061 }; | 1045 }; |
| 1062 | 1046 |
| 1063 // Test DTLS-SRTP with a mismatch -- should not converge | 1047 // Test DTLS-SRTP with a mismatch -- should not converge |
| 1064 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { | 1048 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { |
| 1065 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1066 std::vector<int> high; | 1049 std::vector<int> high; |
| 1067 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1050 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
| 1068 std::vector<int> low; | 1051 std::vector<int> low; |
| 1069 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1052 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
| 1070 SetDtlsSrtpCryptoSuites(high, true); | 1053 SetDtlsSrtpCryptoSuites(high, true); |
| 1071 SetDtlsSrtpCryptoSuites(low, false); | 1054 SetDtlsSrtpCryptoSuites(low, false); |
| 1072 TestHandshake(); | 1055 TestHandshake(); |
| 1073 | 1056 |
| 1074 int client_cipher; | 1057 int client_cipher; |
| 1075 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1058 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1076 int server_cipher; | 1059 int server_cipher; |
| 1077 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1060 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1078 }; | 1061 }; |
| 1079 | 1062 |
| 1080 // Test DTLS-SRTP with each side being mixed -- should select high | 1063 // Test DTLS-SRTP with each side being mixed -- should select high |
| 1081 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { | 1064 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { |
| 1082 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1083 std::vector<int> mixed; | 1065 std::vector<int> mixed; |
| 1084 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1066 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
| 1085 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1067 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
| 1086 SetDtlsSrtpCryptoSuites(mixed, true); | 1068 SetDtlsSrtpCryptoSuites(mixed, true); |
| 1087 SetDtlsSrtpCryptoSuites(mixed, false); | 1069 SetDtlsSrtpCryptoSuites(mixed, false); |
| 1088 TestHandshake(); | 1070 TestHandshake(); |
| 1089 | 1071 |
| 1090 int client_cipher; | 1072 int client_cipher; |
| 1091 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1073 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1092 int server_cipher; | 1074 int server_cipher; |
| 1093 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1075 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1094 | 1076 |
| 1095 ASSERT_EQ(client_cipher, server_cipher); | 1077 ASSERT_EQ(client_cipher, server_cipher); |
| 1096 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1078 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
| 1097 }; | 1079 }; |
| 1098 | 1080 |
| 1099 // Test DTLS-SRTP with all GCM-128 ciphers. | 1081 // Test DTLS-SRTP with all GCM-128 ciphers. |
| 1100 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { | 1082 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { |
| 1101 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1102 std::vector<int> gcm128; | 1083 std::vector<int> gcm128; |
| 1103 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1084 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
| 1104 SetDtlsSrtpCryptoSuites(gcm128, true); | 1085 SetDtlsSrtpCryptoSuites(gcm128, true); |
| 1105 SetDtlsSrtpCryptoSuites(gcm128, false); | 1086 SetDtlsSrtpCryptoSuites(gcm128, false); |
| 1106 TestHandshake(); | 1087 TestHandshake(); |
| 1107 | 1088 |
| 1108 int client_cipher; | 1089 int client_cipher; |
| 1109 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1090 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1110 int server_cipher; | 1091 int server_cipher; |
| 1111 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1092 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1112 | 1093 |
| 1113 ASSERT_EQ(client_cipher, server_cipher); | 1094 ASSERT_EQ(client_cipher, server_cipher); |
| 1114 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); | 1095 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); |
| 1115 }; | 1096 }; |
| 1116 | 1097 |
| 1117 // Test DTLS-SRTP with all GCM-256 ciphers. | 1098 // Test DTLS-SRTP with all GCM-256 ciphers. |
| 1118 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { | 1099 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { |
| 1119 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1120 std::vector<int> gcm256; | 1100 std::vector<int> gcm256; |
| 1121 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1101 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
| 1122 SetDtlsSrtpCryptoSuites(gcm256, true); | 1102 SetDtlsSrtpCryptoSuites(gcm256, true); |
| 1123 SetDtlsSrtpCryptoSuites(gcm256, false); | 1103 SetDtlsSrtpCryptoSuites(gcm256, false); |
| 1124 TestHandshake(); | 1104 TestHandshake(); |
| 1125 | 1105 |
| 1126 int client_cipher; | 1106 int client_cipher; |
| 1127 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1107 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1128 int server_cipher; | 1108 int server_cipher; |
| 1129 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1109 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1130 | 1110 |
| 1131 ASSERT_EQ(client_cipher, server_cipher); | 1111 ASSERT_EQ(client_cipher, server_cipher); |
| 1132 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); | 1112 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); |
| 1133 }; | 1113 }; |
| 1134 | 1114 |
| 1135 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. | 1115 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. |
| 1136 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { | 1116 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { |
| 1137 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1138 std::vector<int> gcm128; | 1117 std::vector<int> gcm128; |
| 1139 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1118 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
| 1140 std::vector<int> gcm256; | 1119 std::vector<int> gcm256; |
| 1141 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1120 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
| 1142 SetDtlsSrtpCryptoSuites(gcm128, true); | 1121 SetDtlsSrtpCryptoSuites(gcm128, true); |
| 1143 SetDtlsSrtpCryptoSuites(gcm256, false); | 1122 SetDtlsSrtpCryptoSuites(gcm256, false); |
| 1144 TestHandshake(); | 1123 TestHandshake(); |
| 1145 | 1124 |
| 1146 int client_cipher; | 1125 int client_cipher; |
| 1147 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1126 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1148 int server_cipher; | 1127 int server_cipher; |
| 1149 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1128 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1150 }; | 1129 }; |
| 1151 | 1130 |
| 1152 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. | 1131 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. |
| 1153 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { | 1132 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { |
| 1154 MAYBE_SKIP_TEST(HaveDtlsSrtp); | |
| 1155 std::vector<int> gcmBoth; | 1133 std::vector<int> gcmBoth; |
| 1156 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1134 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
| 1157 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1135 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
| 1158 SetDtlsSrtpCryptoSuites(gcmBoth, true); | 1136 SetDtlsSrtpCryptoSuites(gcmBoth, true); |
| 1159 SetDtlsSrtpCryptoSuites(gcmBoth, false); | 1137 SetDtlsSrtpCryptoSuites(gcmBoth, false); |
| 1160 TestHandshake(); | 1138 TestHandshake(); |
| 1161 | 1139 |
| 1162 int client_cipher; | 1140 int client_cipher; |
| 1163 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1141 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1164 int server_cipher; | 1142 int server_cipher; |
| (...skipping 27 matching lines...) Expand all Loading... |
| 1192 ASSERT_EQ(96/8, salt_len); | 1170 ASSERT_EQ(96/8, salt_len); |
| 1193 | 1171 |
| 1194 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( | 1172 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( |
| 1195 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); | 1173 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); |
| 1196 ASSERT_EQ(256/8, key_len); | 1174 ASSERT_EQ(256/8, key_len); |
| 1197 ASSERT_EQ(96/8, salt_len); | 1175 ASSERT_EQ(96/8, salt_len); |
| 1198 }; | 1176 }; |
| 1199 | 1177 |
| 1200 // Test an exporter | 1178 // Test an exporter |
| 1201 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { | 1179 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { |
| 1202 MAYBE_SKIP_TEST(HaveExporter); | |
| 1203 TestHandshake(); | 1180 TestHandshake(); |
| 1204 unsigned char client_out[20]; | 1181 unsigned char client_out[20]; |
| 1205 unsigned char server_out[20]; | 1182 unsigned char server_out[20]; |
| 1206 | 1183 |
| 1207 bool result; | 1184 bool result; |
| 1208 result = ExportKeyingMaterial(kExporterLabel, | 1185 result = ExportKeyingMaterial(kExporterLabel, |
| 1209 kExporterContext, kExporterContextLen, | 1186 kExporterContext, kExporterContextLen, |
| 1210 true, true, | 1187 true, true, |
| 1211 client_out, sizeof(client_out)); | 1188 client_out, sizeof(client_out)); |
| 1212 ASSERT_TRUE(result); | 1189 ASSERT_TRUE(result); |
| 1213 | 1190 |
| 1214 result = ExportKeyingMaterial(kExporterLabel, | 1191 result = ExportKeyingMaterial(kExporterLabel, |
| 1215 kExporterContext, kExporterContextLen, | 1192 kExporterContext, kExporterContextLen, |
| 1216 true, false, | 1193 true, false, |
| 1217 server_out, sizeof(server_out)); | 1194 server_out, sizeof(server_out)); |
| 1218 ASSERT_TRUE(result); | 1195 ASSERT_TRUE(result); |
| 1219 | 1196 |
| 1220 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); | 1197 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); |
| 1221 } | 1198 } |
| 1222 | 1199 |
| 1223 // Test not yet valid certificates are not rejected. | 1200 // Test not yet valid certificates are not rejected. |
| 1224 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { | 1201 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { |
| 1225 MAYBE_SKIP_TEST(HaveDtls); | |
| 1226 long one_day = 60 * 60 * 24; | 1202 long one_day = 60 * 60 * 24; |
| 1227 // Make the certificates not valid until one day later. | 1203 // Make the certificates not valid until one day later. |
| 1228 ResetIdentitiesWithValidity(one_day, one_day); | 1204 ResetIdentitiesWithValidity(one_day, one_day); |
| 1229 TestHandshake(); | 1205 TestHandshake(); |
| 1230 } | 1206 } |
| 1231 | 1207 |
| 1232 // Test expired certificates are not rejected. | 1208 // Test expired certificates are not rejected. |
| 1233 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { | 1209 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { |
| 1234 MAYBE_SKIP_TEST(HaveDtls); | |
| 1235 long one_day = 60 * 60 * 24; | 1210 long one_day = 60 * 60 * 24; |
| 1236 // Make the certificates already expired. | 1211 // Make the certificates already expired. |
| 1237 ResetIdentitiesWithValidity(-one_day, -one_day); | 1212 ResetIdentitiesWithValidity(-one_day, -one_day); |
| 1238 TestHandshake(); | 1213 TestHandshake(); |
| 1239 } | 1214 } |
| 1240 | 1215 |
| 1241 // Test data transfer using certs created from strings. | 1216 // Test data transfer using certs created from strings. |
| 1242 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { | 1217 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { |
| 1243 MAYBE_SKIP_TEST(HaveDtls); | |
| 1244 TestHandshake(); | 1218 TestHandshake(); |
| 1245 TestTransfer(100); | 1219 TestTransfer(100); |
| 1246 } | 1220 } |
| 1247 | 1221 |
| 1248 // Test getting the remote certificate. | 1222 // Test getting the remote certificate. |
| 1249 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { | 1223 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { |
| 1250 MAYBE_SKIP_TEST(HaveDtls); | |
| 1251 | |
| 1252 // Peer certificates haven't been received yet. | 1224 // Peer certificates haven't been received yet. |
| 1253 ASSERT_FALSE(GetPeerCertificate(true)); | 1225 ASSERT_FALSE(GetPeerCertificate(true)); |
| 1254 ASSERT_FALSE(GetPeerCertificate(false)); | 1226 ASSERT_FALSE(GetPeerCertificate(false)); |
| 1255 | 1227 |
| 1256 TestHandshake(); | 1228 TestHandshake(); |
| 1257 | 1229 |
| 1258 // The client should have a peer certificate after the handshake. | 1230 // The client should have a peer certificate after the handshake. |
| 1259 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = | 1231 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = |
| 1260 GetPeerCertificate(true); | 1232 GetPeerCertificate(true); |
| 1261 ASSERT_TRUE(client_peer_cert); | 1233 ASSERT_TRUE(client_peer_cert); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 1275 // It's kCERT_PEM | 1247 // It's kCERT_PEM |
| 1276 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); | 1248 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); |
| 1277 | 1249 |
| 1278 // It must not have a chain, because the test certs are self-signed. | 1250 // It must not have a chain, because the test certs are self-signed. |
| 1279 ASSERT_FALSE(server_peer_cert->GetChain()); | 1251 ASSERT_FALSE(server_peer_cert->GetChain()); |
| 1280 } | 1252 } |
| 1281 | 1253 |
| 1282 // Test getting the used DTLS ciphers. | 1254 // Test getting the used DTLS ciphers. |
| 1283 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. | 1255 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. |
| 1284 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { | 1256 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { |
| 1285 MAYBE_SKIP_TEST(HaveDtls); | |
| 1286 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); | 1257 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 1287 TestHandshake(); | 1258 TestHandshake(); |
| 1288 | 1259 |
| 1289 int client_cipher; | 1260 int client_cipher; |
| 1290 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1261 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1291 int server_cipher; | 1262 int server_cipher; |
| 1292 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1263 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1293 | 1264 |
| 1294 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1265 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1295 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1266 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| 1296 | 1267 |
| 1297 ASSERT_EQ(client_cipher, server_cipher); | 1268 ASSERT_EQ(client_cipher, server_cipher); |
| 1298 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1269 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1299 server_cipher, ::testing::get<1>(GetParam()).type())); | 1270 server_cipher, ::testing::get<1>(GetParam()).type())); |
| 1300 } | 1271 } |
| 1301 | 1272 |
| 1302 // Test getting the used DTLS 1.2 ciphers. | 1273 // Test getting the used DTLS 1.2 ciphers. |
| 1303 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. | 1274 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. |
| 1304 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { | 1275 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { |
| 1305 MAYBE_SKIP_TEST(HaveDtls); | |
| 1306 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); | 1276 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
| 1307 TestHandshake(); | 1277 TestHandshake(); |
| 1308 | 1278 |
| 1309 int client_cipher; | 1279 int client_cipher; |
| 1310 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1280 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1311 int server_cipher; | 1281 int server_cipher; |
| 1312 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1282 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1313 | 1283 |
| 1314 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); | 1284 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); |
| 1315 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); | 1285 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); |
| 1316 | 1286 |
| 1317 ASSERT_EQ(client_cipher, server_cipher); | 1287 ASSERT_EQ(client_cipher, server_cipher); |
| 1318 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1288 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1319 server_cipher, ::testing::get<1>(GetParam()).type())); | 1289 server_cipher, ::testing::get<1>(GetParam()).type())); |
| 1320 } | 1290 } |
| 1321 | 1291 |
| 1322 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. | 1292 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. |
| 1323 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { | 1293 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { |
| 1324 MAYBE_SKIP_TEST(HaveDtls); | |
| 1325 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); | 1294 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); |
| 1326 TestHandshake(); | 1295 TestHandshake(); |
| 1327 | 1296 |
| 1328 int client_cipher; | 1297 int client_cipher; |
| 1329 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1298 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1330 int server_cipher; | 1299 int server_cipher; |
| 1331 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1300 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1332 | 1301 |
| 1333 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1302 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1334 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1303 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| 1335 | 1304 |
| 1336 ASSERT_EQ(client_cipher, server_cipher); | 1305 ASSERT_EQ(client_cipher, server_cipher); |
| 1337 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1306 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1338 server_cipher, ::testing::get<1>(GetParam()).type())); | 1307 server_cipher, ::testing::get<1>(GetParam()).type())); |
| 1339 } | 1308 } |
| 1340 | 1309 |
| 1341 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. | 1310 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. |
| 1342 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { | 1311 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { |
| 1343 MAYBE_SKIP_TEST(HaveDtls); | |
| 1344 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); | 1312 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); |
| 1345 TestHandshake(); | 1313 TestHandshake(); |
| 1346 | 1314 |
| 1347 int client_cipher; | 1315 int client_cipher; |
| 1348 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1316 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1349 int server_cipher; | 1317 int server_cipher; |
| 1350 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1318 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1351 | 1319 |
| 1352 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1320 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1353 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1321 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 1371 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1339 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
| 1372 INSTANTIATE_TEST_CASE_P( | 1340 INSTANTIATE_TEST_CASE_P( |
| 1373 SSLStreamAdapterTestsDTLS, | 1341 SSLStreamAdapterTestsDTLS, |
| 1374 SSLStreamAdapterTestDTLS, | 1342 SSLStreamAdapterTestDTLS, |
| 1375 Combine(Values(rtc::KeyParams::RSA(1024, 65537), | 1343 Combine(Values(rtc::KeyParams::RSA(1024, 65537), |
| 1376 rtc::KeyParams::RSA(1152, 65537), | 1344 rtc::KeyParams::RSA(1152, 65537), |
| 1377 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), | 1345 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), |
| 1378 Values(rtc::KeyParams::RSA(1024, 65537), | 1346 Values(rtc::KeyParams::RSA(1024, 65537), |
| 1379 rtc::KeyParams::RSA(1152, 65537), | 1347 rtc::KeyParams::RSA(1152, 65537), |
| 1380 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1348 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2640513002:
Relanding: Removing #defines previously used for building without BoringSSL/OpenSSL. (Closed)
