OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 | 11 |
12 #include <algorithm> | 12 #include <algorithm> |
13 #include <memory> | 13 #include <memory> |
14 #include <set> | 14 #include <set> |
15 #include <string> | 15 #include <string> |
16 | 16 |
17 #include "webrtc/base/bufferqueue.h" | 17 #include "webrtc/base/bufferqueue.h" |
18 #include "webrtc/base/checks.h" | 18 #include "webrtc/base/checks.h" |
19 #include "webrtc/base/gunit.h" | 19 #include "webrtc/base/gunit.h" |
20 #include "webrtc/base/helpers.h" | 20 #include "webrtc/base/helpers.h" |
21 #include "webrtc/base/ssladapter.h" | 21 #include "webrtc/base/ssladapter.h" |
| 22 #include "webrtc/base/sslconfig.h" |
22 #include "webrtc/base/sslidentity.h" | 23 #include "webrtc/base/sslidentity.h" |
23 #include "webrtc/base/sslstreamadapter.h" | 24 #include "webrtc/base/sslstreamadapter.h" |
24 #include "webrtc/base/stream.h" | 25 #include "webrtc/base/stream.h" |
25 | 26 |
26 using ::testing::WithParamInterface; | 27 using ::testing::WithParamInterface; |
27 using ::testing::Values; | 28 using ::testing::Values; |
28 using ::testing::Combine; | 29 using ::testing::Combine; |
29 using ::testing::tuple; | 30 using ::testing::tuple; |
30 | 31 |
31 static const int kBlockSize = 4096; | 32 static const int kBlockSize = 4096; |
(...skipping 25 matching lines...) Expand all Loading... |
57 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" | 58 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" |
58 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" | 59 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" |
59 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" | 60 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" |
60 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" | 61 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" |
61 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" | 62 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" |
62 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" | 63 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" |
63 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" | 64 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" |
64 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" | 65 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" |
65 "-----END CERTIFICATE-----\n"; | 66 "-----END CERTIFICATE-----\n"; |
66 | 67 |
| 68 #define MAYBE_SKIP_TEST(feature) \ |
| 69 if (!(rtc::SSLStreamAdapter::feature())) { \ |
| 70 LOG(LS_INFO) << "Feature disabled... skipping"; \ |
| 71 return; \ |
| 72 } |
| 73 |
67 class SSLStreamAdapterTestBase; | 74 class SSLStreamAdapterTestBase; |
68 | 75 |
69 class SSLDummyStreamBase : public rtc::StreamInterface, | 76 class SSLDummyStreamBase : public rtc::StreamInterface, |
70 public sigslot::has_slots<> { | 77 public sigslot::has_slots<> { |
71 public: | 78 public: |
72 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, | 79 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, |
73 const std::string &side, | 80 const std::string &side, |
74 rtc::StreamInterface* in, | 81 rtc::StreamInterface* in, |
75 rtc::StreamInterface* out) : | 82 rtc::StreamInterface* out) : |
76 test_base_(test), | 83 test_base_(test), |
(...skipping 872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
949 server_digest_len - 1, &err); | 956 server_digest_len - 1, &err); |
950 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); | 957 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); |
951 EXPECT_FALSE(rv); | 958 EXPECT_FALSE(rv); |
952 } | 959 } |
953 | 960 |
954 // Test moving a bunch of data | 961 // Test moving a bunch of data |
955 | 962 |
956 // Basic tests: DTLS | 963 // Basic tests: DTLS |
957 // Test that we can make a handshake work | 964 // Test that we can make a handshake work |
958 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { | 965 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { |
| 966 MAYBE_SKIP_TEST(HaveDtls); |
959 TestHandshake(); | 967 TestHandshake(); |
960 }; | 968 }; |
961 | 969 |
962 // Test that we can make a handshake work if the first packet in | 970 // Test that we can make a handshake work if the first packet in |
963 // each direction is lost. This gives us predictable loss | 971 // each direction is lost. This gives us predictable loss |
964 // rather than having to tune random | 972 // rather than having to tune random |
965 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { | 973 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { |
| 974 MAYBE_SKIP_TEST(HaveDtls); |
966 SetLoseFirstPacket(true); | 975 SetLoseFirstPacket(true); |
967 TestHandshake(); | 976 TestHandshake(); |
968 }; | 977 }; |
969 | 978 |
970 // Test a handshake with loss and delay | 979 // Test a handshake with loss and delay |
971 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { | 980 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { |
| 981 MAYBE_SKIP_TEST(HaveDtls); |
972 SetLoseFirstPacket(true); | 982 SetLoseFirstPacket(true); |
973 SetDelay(2000); | 983 SetDelay(2000); |
974 SetHandshakeWait(20000); | 984 SetHandshakeWait(20000); |
975 TestHandshake(); | 985 TestHandshake(); |
976 }; | 986 }; |
977 | 987 |
978 // Test a handshake with small MTU | 988 // Test a handshake with small MTU |
979 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 | 989 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 |
980 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { | 990 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { |
| 991 MAYBE_SKIP_TEST(HaveDtls); |
981 SetMtu(700); | 992 SetMtu(700); |
982 SetHandshakeWait(20000); | 993 SetHandshakeWait(20000); |
983 TestHandshake(); | 994 TestHandshake(); |
984 }; | 995 }; |
985 | 996 |
986 // Test transfer -- trivial | 997 // Test transfer -- trivial |
987 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { | 998 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { |
| 999 MAYBE_SKIP_TEST(HaveDtls); |
988 TestHandshake(); | 1000 TestHandshake(); |
989 TestTransfer(100); | 1001 TestTransfer(100); |
990 }; | 1002 }; |
991 | 1003 |
992 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { | 1004 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { |
| 1005 MAYBE_SKIP_TEST(HaveDtls); |
993 TestHandshake(); | 1006 TestHandshake(); |
994 SetLoss(10); | 1007 SetLoss(10); |
995 TestTransfer(100); | 1008 TestTransfer(100); |
996 }; | 1009 }; |
997 | 1010 |
998 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { | 1011 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { |
| 1012 MAYBE_SKIP_TEST(HaveDtls); |
999 SetDamage(); // Must be called first because first packet | 1013 SetDamage(); // Must be called first because first packet |
1000 // write happens at end of handshake. | 1014 // write happens at end of handshake. |
1001 TestHandshake(); | 1015 TestHandshake(); |
1002 TestTransfer(100); | 1016 TestTransfer(100); |
1003 }; | 1017 }; |
1004 | 1018 |
1005 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { | 1019 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { |
1006 TestHandshakeWithDelayedIdentity(true); | 1020 TestHandshakeWithDelayedIdentity(true); |
1007 }; | 1021 }; |
1008 | 1022 |
1009 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { | 1023 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { |
1010 TestHandshakeWithDelayedIdentity(false); | 1024 TestHandshakeWithDelayedIdentity(false); |
1011 }; | 1025 }; |
1012 | 1026 |
1013 // Test DTLS-SRTP with all high ciphers | 1027 // Test DTLS-SRTP with all high ciphers |
1014 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { | 1028 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { |
| 1029 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
1015 std::vector<int> high; | 1030 std::vector<int> high; |
1016 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1031 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
1017 SetDtlsSrtpCryptoSuites(high, true); | 1032 SetDtlsSrtpCryptoSuites(high, true); |
1018 SetDtlsSrtpCryptoSuites(high, false); | 1033 SetDtlsSrtpCryptoSuites(high, false); |
1019 TestHandshake(); | 1034 TestHandshake(); |
1020 | 1035 |
1021 int client_cipher; | 1036 int client_cipher; |
1022 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1037 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1023 int server_cipher; | 1038 int server_cipher; |
1024 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1039 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1025 | 1040 |
1026 ASSERT_EQ(client_cipher, server_cipher); | 1041 ASSERT_EQ(client_cipher, server_cipher); |
1027 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1042 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
1028 }; | 1043 }; |
1029 | 1044 |
1030 // Test DTLS-SRTP with all low ciphers | 1045 // Test DTLS-SRTP with all low ciphers |
1031 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { | 1046 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { |
| 1047 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
1032 std::vector<int> low; | 1048 std::vector<int> low; |
1033 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1049 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
1034 SetDtlsSrtpCryptoSuites(low, true); | 1050 SetDtlsSrtpCryptoSuites(low, true); |
1035 SetDtlsSrtpCryptoSuites(low, false); | 1051 SetDtlsSrtpCryptoSuites(low, false); |
1036 TestHandshake(); | 1052 TestHandshake(); |
1037 | 1053 |
1038 int client_cipher; | 1054 int client_cipher; |
1039 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1055 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1040 int server_cipher; | 1056 int server_cipher; |
1041 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1057 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1042 | 1058 |
1043 ASSERT_EQ(client_cipher, server_cipher); | 1059 ASSERT_EQ(client_cipher, server_cipher); |
1044 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); | 1060 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); |
1045 }; | 1061 }; |
1046 | 1062 |
1047 // Test DTLS-SRTP with a mismatch -- should not converge | 1063 // Test DTLS-SRTP with a mismatch -- should not converge |
1048 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { | 1064 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { |
| 1065 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
1049 std::vector<int> high; | 1066 std::vector<int> high; |
1050 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1067 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
1051 std::vector<int> low; | 1068 std::vector<int> low; |
1052 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1069 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
1053 SetDtlsSrtpCryptoSuites(high, true); | 1070 SetDtlsSrtpCryptoSuites(high, true); |
1054 SetDtlsSrtpCryptoSuites(low, false); | 1071 SetDtlsSrtpCryptoSuites(low, false); |
1055 TestHandshake(); | 1072 TestHandshake(); |
1056 | 1073 |
1057 int client_cipher; | 1074 int client_cipher; |
1058 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1075 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1059 int server_cipher; | 1076 int server_cipher; |
1060 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1077 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1061 }; | 1078 }; |
1062 | 1079 |
1063 // Test DTLS-SRTP with each side being mixed -- should select high | 1080 // Test DTLS-SRTP with each side being mixed -- should select high |
1064 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { | 1081 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { |
| 1082 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
1065 std::vector<int> mixed; | 1083 std::vector<int> mixed; |
1066 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1084 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
1067 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1085 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
1068 SetDtlsSrtpCryptoSuites(mixed, true); | 1086 SetDtlsSrtpCryptoSuites(mixed, true); |
1069 SetDtlsSrtpCryptoSuites(mixed, false); | 1087 SetDtlsSrtpCryptoSuites(mixed, false); |
1070 TestHandshake(); | 1088 TestHandshake(); |
1071 | 1089 |
1072 int client_cipher; | 1090 int client_cipher; |
1073 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1091 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1074 int server_cipher; | 1092 int server_cipher; |
1075 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1093 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1076 | 1094 |
1077 ASSERT_EQ(client_cipher, server_cipher); | 1095 ASSERT_EQ(client_cipher, server_cipher); |
1078 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1096 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
1079 }; | 1097 }; |
1080 | 1098 |
1081 // Test DTLS-SRTP with all GCM-128 ciphers. | 1099 // Test DTLS-SRTP with all GCM-128 ciphers. |
1082 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { | 1100 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { |
| 1101 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
1083 std::vector<int> gcm128; | 1102 std::vector<int> gcm128; |
1084 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1103 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
1085 SetDtlsSrtpCryptoSuites(gcm128, true); | 1104 SetDtlsSrtpCryptoSuites(gcm128, true); |
1086 SetDtlsSrtpCryptoSuites(gcm128, false); | 1105 SetDtlsSrtpCryptoSuites(gcm128, false); |
1087 TestHandshake(); | 1106 TestHandshake(); |
1088 | 1107 |
1089 int client_cipher; | 1108 int client_cipher; |
1090 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1109 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1091 int server_cipher; | 1110 int server_cipher; |
1092 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1111 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1093 | 1112 |
1094 ASSERT_EQ(client_cipher, server_cipher); | 1113 ASSERT_EQ(client_cipher, server_cipher); |
1095 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); | 1114 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); |
1096 }; | 1115 }; |
1097 | 1116 |
1098 // Test DTLS-SRTP with all GCM-256 ciphers. | 1117 // Test DTLS-SRTP with all GCM-256 ciphers. |
1099 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { | 1118 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { |
| 1119 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
1100 std::vector<int> gcm256; | 1120 std::vector<int> gcm256; |
1101 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1121 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
1102 SetDtlsSrtpCryptoSuites(gcm256, true); | 1122 SetDtlsSrtpCryptoSuites(gcm256, true); |
1103 SetDtlsSrtpCryptoSuites(gcm256, false); | 1123 SetDtlsSrtpCryptoSuites(gcm256, false); |
1104 TestHandshake(); | 1124 TestHandshake(); |
1105 | 1125 |
1106 int client_cipher; | 1126 int client_cipher; |
1107 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1127 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1108 int server_cipher; | 1128 int server_cipher; |
1109 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1129 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1110 | 1130 |
1111 ASSERT_EQ(client_cipher, server_cipher); | 1131 ASSERT_EQ(client_cipher, server_cipher); |
1112 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); | 1132 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); |
1113 }; | 1133 }; |
1114 | 1134 |
1115 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. | 1135 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. |
1116 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { | 1136 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { |
| 1137 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
1117 std::vector<int> gcm128; | 1138 std::vector<int> gcm128; |
1118 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1139 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
1119 std::vector<int> gcm256; | 1140 std::vector<int> gcm256; |
1120 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1141 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
1121 SetDtlsSrtpCryptoSuites(gcm128, true); | 1142 SetDtlsSrtpCryptoSuites(gcm128, true); |
1122 SetDtlsSrtpCryptoSuites(gcm256, false); | 1143 SetDtlsSrtpCryptoSuites(gcm256, false); |
1123 TestHandshake(); | 1144 TestHandshake(); |
1124 | 1145 |
1125 int client_cipher; | 1146 int client_cipher; |
1126 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1147 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1127 int server_cipher; | 1148 int server_cipher; |
1128 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1149 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
1129 }; | 1150 }; |
1130 | 1151 |
1131 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. | 1152 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. |
1132 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { | 1153 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { |
| 1154 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
1133 std::vector<int> gcmBoth; | 1155 std::vector<int> gcmBoth; |
1134 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1156 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
1135 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1157 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
1136 SetDtlsSrtpCryptoSuites(gcmBoth, true); | 1158 SetDtlsSrtpCryptoSuites(gcmBoth, true); |
1137 SetDtlsSrtpCryptoSuites(gcmBoth, false); | 1159 SetDtlsSrtpCryptoSuites(gcmBoth, false); |
1138 TestHandshake(); | 1160 TestHandshake(); |
1139 | 1161 |
1140 int client_cipher; | 1162 int client_cipher; |
1141 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1163 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
1142 int server_cipher; | 1164 int server_cipher; |
(...skipping 27 matching lines...) Expand all Loading... |
1170 ASSERT_EQ(96/8, salt_len); | 1192 ASSERT_EQ(96/8, salt_len); |
1171 | 1193 |
1172 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( | 1194 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( |
1173 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); | 1195 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); |
1174 ASSERT_EQ(256/8, key_len); | 1196 ASSERT_EQ(256/8, key_len); |
1175 ASSERT_EQ(96/8, salt_len); | 1197 ASSERT_EQ(96/8, salt_len); |
1176 }; | 1198 }; |
1177 | 1199 |
1178 // Test an exporter | 1200 // Test an exporter |
1179 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { | 1201 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { |
| 1202 MAYBE_SKIP_TEST(HaveExporter); |
1180 TestHandshake(); | 1203 TestHandshake(); |
1181 unsigned char client_out[20]; | 1204 unsigned char client_out[20]; |
1182 unsigned char server_out[20]; | 1205 unsigned char server_out[20]; |
1183 | 1206 |
1184 bool result; | 1207 bool result; |
1185 result = ExportKeyingMaterial(kExporterLabel, | 1208 result = ExportKeyingMaterial(kExporterLabel, |
1186 kExporterContext, kExporterContextLen, | 1209 kExporterContext, kExporterContextLen, |
1187 true, true, | 1210 true, true, |
1188 client_out, sizeof(client_out)); | 1211 client_out, sizeof(client_out)); |
1189 ASSERT_TRUE(result); | 1212 ASSERT_TRUE(result); |
1190 | 1213 |
1191 result = ExportKeyingMaterial(kExporterLabel, | 1214 result = ExportKeyingMaterial(kExporterLabel, |
1192 kExporterContext, kExporterContextLen, | 1215 kExporterContext, kExporterContextLen, |
1193 true, false, | 1216 true, false, |
1194 server_out, sizeof(server_out)); | 1217 server_out, sizeof(server_out)); |
1195 ASSERT_TRUE(result); | 1218 ASSERT_TRUE(result); |
1196 | 1219 |
1197 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); | 1220 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); |
1198 } | 1221 } |
1199 | 1222 |
1200 // Test not yet valid certificates are not rejected. | 1223 // Test not yet valid certificates are not rejected. |
1201 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { | 1224 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { |
| 1225 MAYBE_SKIP_TEST(HaveDtls); |
1202 long one_day = 60 * 60 * 24; | 1226 long one_day = 60 * 60 * 24; |
1203 // Make the certificates not valid until one day later. | 1227 // Make the certificates not valid until one day later. |
1204 ResetIdentitiesWithValidity(one_day, one_day); | 1228 ResetIdentitiesWithValidity(one_day, one_day); |
1205 TestHandshake(); | 1229 TestHandshake(); |
1206 } | 1230 } |
1207 | 1231 |
1208 // Test expired certificates are not rejected. | 1232 // Test expired certificates are not rejected. |
1209 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { | 1233 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { |
| 1234 MAYBE_SKIP_TEST(HaveDtls); |
1210 long one_day = 60 * 60 * 24; | 1235 long one_day = 60 * 60 * 24; |
1211 // Make the certificates already expired. | 1236 // Make the certificates already expired. |
1212 ResetIdentitiesWithValidity(-one_day, -one_day); | 1237 ResetIdentitiesWithValidity(-one_day, -one_day); |
1213 TestHandshake(); | 1238 TestHandshake(); |
1214 } | 1239 } |
1215 | 1240 |
1216 // Test data transfer using certs created from strings. | 1241 // Test data transfer using certs created from strings. |
1217 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { | 1242 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { |
| 1243 MAYBE_SKIP_TEST(HaveDtls); |
1218 TestHandshake(); | 1244 TestHandshake(); |
1219 TestTransfer(100); | 1245 TestTransfer(100); |
1220 } | 1246 } |
1221 | 1247 |
1222 // Test getting the remote certificate. | 1248 // Test getting the remote certificate. |
1223 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { | 1249 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { |
| 1250 MAYBE_SKIP_TEST(HaveDtls); |
| 1251 |
1224 // Peer certificates haven't been received yet. | 1252 // Peer certificates haven't been received yet. |
1225 ASSERT_FALSE(GetPeerCertificate(true)); | 1253 ASSERT_FALSE(GetPeerCertificate(true)); |
1226 ASSERT_FALSE(GetPeerCertificate(false)); | 1254 ASSERT_FALSE(GetPeerCertificate(false)); |
1227 | 1255 |
1228 TestHandshake(); | 1256 TestHandshake(); |
1229 | 1257 |
1230 // The client should have a peer certificate after the handshake. | 1258 // The client should have a peer certificate after the handshake. |
1231 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = | 1259 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = |
1232 GetPeerCertificate(true); | 1260 GetPeerCertificate(true); |
1233 ASSERT_TRUE(client_peer_cert); | 1261 ASSERT_TRUE(client_peer_cert); |
(...skipping 13 matching lines...) Expand all Loading... |
1247 // It's kCERT_PEM | 1275 // It's kCERT_PEM |
1248 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); | 1276 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); |
1249 | 1277 |
1250 // It must not have a chain, because the test certs are self-signed. | 1278 // It must not have a chain, because the test certs are self-signed. |
1251 ASSERT_FALSE(server_peer_cert->GetChain()); | 1279 ASSERT_FALSE(server_peer_cert->GetChain()); |
1252 } | 1280 } |
1253 | 1281 |
1254 // Test getting the used DTLS ciphers. | 1282 // Test getting the used DTLS ciphers. |
1255 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. | 1283 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. |
1256 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { | 1284 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { |
| 1285 MAYBE_SKIP_TEST(HaveDtls); |
1257 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); | 1286 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
1258 TestHandshake(); | 1287 TestHandshake(); |
1259 | 1288 |
1260 int client_cipher; | 1289 int client_cipher; |
1261 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1290 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
1262 int server_cipher; | 1291 int server_cipher; |
1263 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1292 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
1264 | 1293 |
1265 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1294 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
1266 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1295 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
1267 | 1296 |
1268 ASSERT_EQ(client_cipher, server_cipher); | 1297 ASSERT_EQ(client_cipher, server_cipher); |
1269 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1298 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
1270 server_cipher, ::testing::get<1>(GetParam()).type())); | 1299 server_cipher, ::testing::get<1>(GetParam()).type())); |
1271 } | 1300 } |
1272 | 1301 |
1273 // Test getting the used DTLS 1.2 ciphers. | 1302 // Test getting the used DTLS 1.2 ciphers. |
1274 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. | 1303 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. |
1275 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { | 1304 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { |
| 1305 MAYBE_SKIP_TEST(HaveDtls); |
1276 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); | 1306 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
1277 TestHandshake(); | 1307 TestHandshake(); |
1278 | 1308 |
1279 int client_cipher; | 1309 int client_cipher; |
1280 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1310 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
1281 int server_cipher; | 1311 int server_cipher; |
1282 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1312 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
1283 | 1313 |
1284 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); | 1314 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); |
1285 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); | 1315 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); |
1286 | 1316 |
1287 ASSERT_EQ(client_cipher, server_cipher); | 1317 ASSERT_EQ(client_cipher, server_cipher); |
1288 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1318 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
1289 server_cipher, ::testing::get<1>(GetParam()).type())); | 1319 server_cipher, ::testing::get<1>(GetParam()).type())); |
1290 } | 1320 } |
1291 | 1321 |
1292 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. | 1322 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. |
1293 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { | 1323 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { |
| 1324 MAYBE_SKIP_TEST(HaveDtls); |
1294 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); | 1325 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); |
1295 TestHandshake(); | 1326 TestHandshake(); |
1296 | 1327 |
1297 int client_cipher; | 1328 int client_cipher; |
1298 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1329 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
1299 int server_cipher; | 1330 int server_cipher; |
1300 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1331 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
1301 | 1332 |
1302 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1333 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
1303 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1334 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
1304 | 1335 |
1305 ASSERT_EQ(client_cipher, server_cipher); | 1336 ASSERT_EQ(client_cipher, server_cipher); |
1306 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1337 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
1307 server_cipher, ::testing::get<1>(GetParam()).type())); | 1338 server_cipher, ::testing::get<1>(GetParam()).type())); |
1308 } | 1339 } |
1309 | 1340 |
1310 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. | 1341 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. |
1311 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { | 1342 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { |
| 1343 MAYBE_SKIP_TEST(HaveDtls); |
1312 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); | 1344 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); |
1313 TestHandshake(); | 1345 TestHandshake(); |
1314 | 1346 |
1315 int client_cipher; | 1347 int client_cipher; |
1316 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1348 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
1317 int server_cipher; | 1349 int server_cipher; |
1318 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1350 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
1319 | 1351 |
1320 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1352 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
1321 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1353 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
(...skipping 17 matching lines...) Expand all Loading... |
1339 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1371 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
1340 INSTANTIATE_TEST_CASE_P( | 1372 INSTANTIATE_TEST_CASE_P( |
1341 SSLStreamAdapterTestsDTLS, | 1373 SSLStreamAdapterTestsDTLS, |
1342 SSLStreamAdapterTestDTLS, | 1374 SSLStreamAdapterTestDTLS, |
1343 Combine(Values(rtc::KeyParams::RSA(1024, 65537), | 1375 Combine(Values(rtc::KeyParams::RSA(1024, 65537), |
1344 rtc::KeyParams::RSA(1152, 65537), | 1376 rtc::KeyParams::RSA(1152, 65537), |
1345 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), | 1377 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), |
1346 Values(rtc::KeyParams::RSA(1024, 65537), | 1378 Values(rtc::KeyParams::RSA(1024, 65537), |
1347 rtc::KeyParams::RSA(1152, 65537), | 1379 rtc::KeyParams::RSA(1152, 65537), |
1348 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1380 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
OLD | NEW |