| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 | 11 |
| 12 #include <algorithm> | 12 #include <algorithm> |
| 13 #include <memory> | 13 #include <memory> |
| 14 #include <set> | 14 #include <set> |
| 15 #include <string> | 15 #include <string> |
| 16 | 16 |
| 17 #include "webrtc/base/bufferqueue.h" | 17 #include "webrtc/base/bufferqueue.h" |
| 18 #include "webrtc/base/checks.h" | 18 #include "webrtc/base/checks.h" |
| 19 #include "webrtc/base/gunit.h" | 19 #include "webrtc/base/gunit.h" |
| 20 #include "webrtc/base/helpers.h" | 20 #include "webrtc/base/helpers.h" |
| 21 #include "webrtc/base/ssladapter.h" | 21 #include "webrtc/base/ssladapter.h" |
| 22 #include "webrtc/base/sslconfig.h" |
| 22 #include "webrtc/base/sslidentity.h" | 23 #include "webrtc/base/sslidentity.h" |
| 23 #include "webrtc/base/sslstreamadapter.h" | 24 #include "webrtc/base/sslstreamadapter.h" |
| 24 #include "webrtc/base/stream.h" | 25 #include "webrtc/base/stream.h" |
| 25 | 26 |
| 26 using ::testing::WithParamInterface; | 27 using ::testing::WithParamInterface; |
| 27 using ::testing::Values; | 28 using ::testing::Values; |
| 28 using ::testing::Combine; | 29 using ::testing::Combine; |
| 29 using ::testing::tuple; | 30 using ::testing::tuple; |
| 30 | 31 |
| 31 static const int kBlockSize = 4096; | 32 static const int kBlockSize = 4096; |
| (...skipping 25 matching lines...) Expand all Loading... |
| 57 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" | 58 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" |
| 58 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" | 59 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" |
| 59 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" | 60 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" |
| 60 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" | 61 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" |
| 61 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" | 62 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" |
| 62 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" | 63 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" |
| 63 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" | 64 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" |
| 64 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" | 65 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" |
| 65 "-----END CERTIFICATE-----\n"; | 66 "-----END CERTIFICATE-----\n"; |
| 66 | 67 |
| 68 #define MAYBE_SKIP_TEST(feature) \ |
| 69 if (!(rtc::SSLStreamAdapter::feature())) { \ |
| 70 LOG(LS_INFO) << "Feature disabled... skipping"; \ |
| 71 return; \ |
| 72 } |
| 73 |
| 67 class SSLStreamAdapterTestBase; | 74 class SSLStreamAdapterTestBase; |
| 68 | 75 |
| 69 class SSLDummyStreamBase : public rtc::StreamInterface, | 76 class SSLDummyStreamBase : public rtc::StreamInterface, |
| 70 public sigslot::has_slots<> { | 77 public sigslot::has_slots<> { |
| 71 public: | 78 public: |
| 72 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, | 79 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, |
| 73 const std::string &side, | 80 const std::string &side, |
| 74 rtc::StreamInterface* in, | 81 rtc::StreamInterface* in, |
| 75 rtc::StreamInterface* out) : | 82 rtc::StreamInterface* out) : |
| 76 test_base_(test), | 83 test_base_(test), |
| (...skipping 872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 949 server_digest_len - 1, &err); | 956 server_digest_len - 1, &err); |
| 950 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); | 957 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); |
| 951 EXPECT_FALSE(rv); | 958 EXPECT_FALSE(rv); |
| 952 } | 959 } |
| 953 | 960 |
| 954 // Test moving a bunch of data | 961 // Test moving a bunch of data |
| 955 | 962 |
| 956 // Basic tests: DTLS | 963 // Basic tests: DTLS |
| 957 // Test that we can make a handshake work | 964 // Test that we can make a handshake work |
| 958 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { | 965 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { |
| 966 MAYBE_SKIP_TEST(HaveDtls); |
| 959 TestHandshake(); | 967 TestHandshake(); |
| 960 }; | 968 }; |
| 961 | 969 |
| 962 // Test that we can make a handshake work if the first packet in | 970 // Test that we can make a handshake work if the first packet in |
| 963 // each direction is lost. This gives us predictable loss | 971 // each direction is lost. This gives us predictable loss |
| 964 // rather than having to tune random | 972 // rather than having to tune random |
| 965 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { | 973 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { |
| 974 MAYBE_SKIP_TEST(HaveDtls); |
| 966 SetLoseFirstPacket(true); | 975 SetLoseFirstPacket(true); |
| 967 TestHandshake(); | 976 TestHandshake(); |
| 968 }; | 977 }; |
| 969 | 978 |
| 970 // Test a handshake with loss and delay | 979 // Test a handshake with loss and delay |
| 971 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { | 980 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { |
| 981 MAYBE_SKIP_TEST(HaveDtls); |
| 972 SetLoseFirstPacket(true); | 982 SetLoseFirstPacket(true); |
| 973 SetDelay(2000); | 983 SetDelay(2000); |
| 974 SetHandshakeWait(20000); | 984 SetHandshakeWait(20000); |
| 975 TestHandshake(); | 985 TestHandshake(); |
| 976 }; | 986 }; |
| 977 | 987 |
| 978 // Test a handshake with small MTU | 988 // Test a handshake with small MTU |
| 979 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 | 989 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 |
| 980 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { | 990 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { |
| 991 MAYBE_SKIP_TEST(HaveDtls); |
| 981 SetMtu(700); | 992 SetMtu(700); |
| 982 SetHandshakeWait(20000); | 993 SetHandshakeWait(20000); |
| 983 TestHandshake(); | 994 TestHandshake(); |
| 984 }; | 995 }; |
| 985 | 996 |
| 986 // Test transfer -- trivial | 997 // Test transfer -- trivial |
| 987 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { | 998 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { |
| 999 MAYBE_SKIP_TEST(HaveDtls); |
| 988 TestHandshake(); | 1000 TestHandshake(); |
| 989 TestTransfer(100); | 1001 TestTransfer(100); |
| 990 }; | 1002 }; |
| 991 | 1003 |
| 992 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { | 1004 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { |
| 1005 MAYBE_SKIP_TEST(HaveDtls); |
| 993 TestHandshake(); | 1006 TestHandshake(); |
| 994 SetLoss(10); | 1007 SetLoss(10); |
| 995 TestTransfer(100); | 1008 TestTransfer(100); |
| 996 }; | 1009 }; |
| 997 | 1010 |
| 998 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { | 1011 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { |
| 1012 MAYBE_SKIP_TEST(HaveDtls); |
| 999 SetDamage(); // Must be called first because first packet | 1013 SetDamage(); // Must be called first because first packet |
| 1000 // write happens at end of handshake. | 1014 // write happens at end of handshake. |
| 1001 TestHandshake(); | 1015 TestHandshake(); |
| 1002 TestTransfer(100); | 1016 TestTransfer(100); |
| 1003 }; | 1017 }; |
| 1004 | 1018 |
| 1005 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { | 1019 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { |
| 1006 TestHandshakeWithDelayedIdentity(true); | 1020 TestHandshakeWithDelayedIdentity(true); |
| 1007 }; | 1021 }; |
| 1008 | 1022 |
| 1009 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { | 1023 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { |
| 1010 TestHandshakeWithDelayedIdentity(false); | 1024 TestHandshakeWithDelayedIdentity(false); |
| 1011 }; | 1025 }; |
| 1012 | 1026 |
| 1013 // Test DTLS-SRTP with all high ciphers | 1027 // Test DTLS-SRTP with all high ciphers |
| 1014 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { | 1028 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { |
| 1029 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
| 1015 std::vector<int> high; | 1030 std::vector<int> high; |
| 1016 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1031 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
| 1017 SetDtlsSrtpCryptoSuites(high, true); | 1032 SetDtlsSrtpCryptoSuites(high, true); |
| 1018 SetDtlsSrtpCryptoSuites(high, false); | 1033 SetDtlsSrtpCryptoSuites(high, false); |
| 1019 TestHandshake(); | 1034 TestHandshake(); |
| 1020 | 1035 |
| 1021 int client_cipher; | 1036 int client_cipher; |
| 1022 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1037 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1023 int server_cipher; | 1038 int server_cipher; |
| 1024 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1039 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1025 | 1040 |
| 1026 ASSERT_EQ(client_cipher, server_cipher); | 1041 ASSERT_EQ(client_cipher, server_cipher); |
| 1027 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1042 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
| 1028 }; | 1043 }; |
| 1029 | 1044 |
| 1030 // Test DTLS-SRTP with all low ciphers | 1045 // Test DTLS-SRTP with all low ciphers |
| 1031 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { | 1046 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { |
| 1047 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
| 1032 std::vector<int> low; | 1048 std::vector<int> low; |
| 1033 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1049 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
| 1034 SetDtlsSrtpCryptoSuites(low, true); | 1050 SetDtlsSrtpCryptoSuites(low, true); |
| 1035 SetDtlsSrtpCryptoSuites(low, false); | 1051 SetDtlsSrtpCryptoSuites(low, false); |
| 1036 TestHandshake(); | 1052 TestHandshake(); |
| 1037 | 1053 |
| 1038 int client_cipher; | 1054 int client_cipher; |
| 1039 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1055 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1040 int server_cipher; | 1056 int server_cipher; |
| 1041 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1057 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1042 | 1058 |
| 1043 ASSERT_EQ(client_cipher, server_cipher); | 1059 ASSERT_EQ(client_cipher, server_cipher); |
| 1044 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); | 1060 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); |
| 1045 }; | 1061 }; |
| 1046 | 1062 |
| 1047 // Test DTLS-SRTP with a mismatch -- should not converge | 1063 // Test DTLS-SRTP with a mismatch -- should not converge |
| 1048 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { | 1064 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { |
| 1065 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
| 1049 std::vector<int> high; | 1066 std::vector<int> high; |
| 1050 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1067 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
| 1051 std::vector<int> low; | 1068 std::vector<int> low; |
| 1052 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1069 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
| 1053 SetDtlsSrtpCryptoSuites(high, true); | 1070 SetDtlsSrtpCryptoSuites(high, true); |
| 1054 SetDtlsSrtpCryptoSuites(low, false); | 1071 SetDtlsSrtpCryptoSuites(low, false); |
| 1055 TestHandshake(); | 1072 TestHandshake(); |
| 1056 | 1073 |
| 1057 int client_cipher; | 1074 int client_cipher; |
| 1058 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1075 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1059 int server_cipher; | 1076 int server_cipher; |
| 1060 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1077 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1061 }; | 1078 }; |
| 1062 | 1079 |
| 1063 // Test DTLS-SRTP with each side being mixed -- should select high | 1080 // Test DTLS-SRTP with each side being mixed -- should select high |
| 1064 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { | 1081 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { |
| 1082 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
| 1065 std::vector<int> mixed; | 1083 std::vector<int> mixed; |
| 1066 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); | 1084 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); |
| 1067 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); | 1085 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); |
| 1068 SetDtlsSrtpCryptoSuites(mixed, true); | 1086 SetDtlsSrtpCryptoSuites(mixed, true); |
| 1069 SetDtlsSrtpCryptoSuites(mixed, false); | 1087 SetDtlsSrtpCryptoSuites(mixed, false); |
| 1070 TestHandshake(); | 1088 TestHandshake(); |
| 1071 | 1089 |
| 1072 int client_cipher; | 1090 int client_cipher; |
| 1073 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1091 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1074 int server_cipher; | 1092 int server_cipher; |
| 1075 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1093 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1076 | 1094 |
| 1077 ASSERT_EQ(client_cipher, server_cipher); | 1095 ASSERT_EQ(client_cipher, server_cipher); |
| 1078 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); | 1096 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); |
| 1079 }; | 1097 }; |
| 1080 | 1098 |
| 1081 // Test DTLS-SRTP with all GCM-128 ciphers. | 1099 // Test DTLS-SRTP with all GCM-128 ciphers. |
| 1082 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { | 1100 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { |
| 1101 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
| 1083 std::vector<int> gcm128; | 1102 std::vector<int> gcm128; |
| 1084 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1103 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
| 1085 SetDtlsSrtpCryptoSuites(gcm128, true); | 1104 SetDtlsSrtpCryptoSuites(gcm128, true); |
| 1086 SetDtlsSrtpCryptoSuites(gcm128, false); | 1105 SetDtlsSrtpCryptoSuites(gcm128, false); |
| 1087 TestHandshake(); | 1106 TestHandshake(); |
| 1088 | 1107 |
| 1089 int client_cipher; | 1108 int client_cipher; |
| 1090 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1109 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1091 int server_cipher; | 1110 int server_cipher; |
| 1092 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1111 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1093 | 1112 |
| 1094 ASSERT_EQ(client_cipher, server_cipher); | 1113 ASSERT_EQ(client_cipher, server_cipher); |
| 1095 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); | 1114 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM); |
| 1096 }; | 1115 }; |
| 1097 | 1116 |
| 1098 // Test DTLS-SRTP with all GCM-256 ciphers. | 1117 // Test DTLS-SRTP with all GCM-256 ciphers. |
| 1099 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { | 1118 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { |
| 1119 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
| 1100 std::vector<int> gcm256; | 1120 std::vector<int> gcm256; |
| 1101 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1121 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
| 1102 SetDtlsSrtpCryptoSuites(gcm256, true); | 1122 SetDtlsSrtpCryptoSuites(gcm256, true); |
| 1103 SetDtlsSrtpCryptoSuites(gcm256, false); | 1123 SetDtlsSrtpCryptoSuites(gcm256, false); |
| 1104 TestHandshake(); | 1124 TestHandshake(); |
| 1105 | 1125 |
| 1106 int client_cipher; | 1126 int client_cipher; |
| 1107 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1127 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1108 int server_cipher; | 1128 int server_cipher; |
| 1109 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1129 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1110 | 1130 |
| 1111 ASSERT_EQ(client_cipher, server_cipher); | 1131 ASSERT_EQ(client_cipher, server_cipher); |
| 1112 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); | 1132 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM); |
| 1113 }; | 1133 }; |
| 1114 | 1134 |
| 1115 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. | 1135 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. |
| 1116 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { | 1136 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { |
| 1137 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
| 1117 std::vector<int> gcm128; | 1138 std::vector<int> gcm128; |
| 1118 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1139 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
| 1119 std::vector<int> gcm256; | 1140 std::vector<int> gcm256; |
| 1120 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1141 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
| 1121 SetDtlsSrtpCryptoSuites(gcm128, true); | 1142 SetDtlsSrtpCryptoSuites(gcm128, true); |
| 1122 SetDtlsSrtpCryptoSuites(gcm256, false); | 1143 SetDtlsSrtpCryptoSuites(gcm256, false); |
| 1123 TestHandshake(); | 1144 TestHandshake(); |
| 1124 | 1145 |
| 1125 int client_cipher; | 1146 int client_cipher; |
| 1126 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1147 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1127 int server_cipher; | 1148 int server_cipher; |
| 1128 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); | 1149 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1129 }; | 1150 }; |
| 1130 | 1151 |
| 1131 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. | 1152 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. |
| 1132 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { | 1153 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { |
| 1154 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
| 1133 std::vector<int> gcmBoth; | 1155 std::vector<int> gcmBoth; |
| 1134 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); | 1156 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM); |
| 1135 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); | 1157 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM); |
| 1136 SetDtlsSrtpCryptoSuites(gcmBoth, true); | 1158 SetDtlsSrtpCryptoSuites(gcmBoth, true); |
| 1137 SetDtlsSrtpCryptoSuites(gcmBoth, false); | 1159 SetDtlsSrtpCryptoSuites(gcmBoth, false); |
| 1138 TestHandshake(); | 1160 TestHandshake(); |
| 1139 | 1161 |
| 1140 int client_cipher; | 1162 int client_cipher; |
| 1141 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); | 1163 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1142 int server_cipher; | 1164 int server_cipher; |
| (...skipping 27 matching lines...) Expand all Loading... |
| 1170 ASSERT_EQ(96/8, salt_len); | 1192 ASSERT_EQ(96/8, salt_len); |
| 1171 | 1193 |
| 1172 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( | 1194 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths( |
| 1173 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); | 1195 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len)); |
| 1174 ASSERT_EQ(256/8, key_len); | 1196 ASSERT_EQ(256/8, key_len); |
| 1175 ASSERT_EQ(96/8, salt_len); | 1197 ASSERT_EQ(96/8, salt_len); |
| 1176 }; | 1198 }; |
| 1177 | 1199 |
| 1178 // Test an exporter | 1200 // Test an exporter |
| 1179 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { | 1201 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { |
| 1202 MAYBE_SKIP_TEST(HaveExporter); |
| 1180 TestHandshake(); | 1203 TestHandshake(); |
| 1181 unsigned char client_out[20]; | 1204 unsigned char client_out[20]; |
| 1182 unsigned char server_out[20]; | 1205 unsigned char server_out[20]; |
| 1183 | 1206 |
| 1184 bool result; | 1207 bool result; |
| 1185 result = ExportKeyingMaterial(kExporterLabel, | 1208 result = ExportKeyingMaterial(kExporterLabel, |
| 1186 kExporterContext, kExporterContextLen, | 1209 kExporterContext, kExporterContextLen, |
| 1187 true, true, | 1210 true, true, |
| 1188 client_out, sizeof(client_out)); | 1211 client_out, sizeof(client_out)); |
| 1189 ASSERT_TRUE(result); | 1212 ASSERT_TRUE(result); |
| 1190 | 1213 |
| 1191 result = ExportKeyingMaterial(kExporterLabel, | 1214 result = ExportKeyingMaterial(kExporterLabel, |
| 1192 kExporterContext, kExporterContextLen, | 1215 kExporterContext, kExporterContextLen, |
| 1193 true, false, | 1216 true, false, |
| 1194 server_out, sizeof(server_out)); | 1217 server_out, sizeof(server_out)); |
| 1195 ASSERT_TRUE(result); | 1218 ASSERT_TRUE(result); |
| 1196 | 1219 |
| 1197 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); | 1220 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); |
| 1198 } | 1221 } |
| 1199 | 1222 |
| 1200 // Test not yet valid certificates are not rejected. | 1223 // Test not yet valid certificates are not rejected. |
| 1201 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { | 1224 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { |
| 1225 MAYBE_SKIP_TEST(HaveDtls); |
| 1202 long one_day = 60 * 60 * 24; | 1226 long one_day = 60 * 60 * 24; |
| 1203 // Make the certificates not valid until one day later. | 1227 // Make the certificates not valid until one day later. |
| 1204 ResetIdentitiesWithValidity(one_day, one_day); | 1228 ResetIdentitiesWithValidity(one_day, one_day); |
| 1205 TestHandshake(); | 1229 TestHandshake(); |
| 1206 } | 1230 } |
| 1207 | 1231 |
| 1208 // Test expired certificates are not rejected. | 1232 // Test expired certificates are not rejected. |
| 1209 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { | 1233 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { |
| 1234 MAYBE_SKIP_TEST(HaveDtls); |
| 1210 long one_day = 60 * 60 * 24; | 1235 long one_day = 60 * 60 * 24; |
| 1211 // Make the certificates already expired. | 1236 // Make the certificates already expired. |
| 1212 ResetIdentitiesWithValidity(-one_day, -one_day); | 1237 ResetIdentitiesWithValidity(-one_day, -one_day); |
| 1213 TestHandshake(); | 1238 TestHandshake(); |
| 1214 } | 1239 } |
| 1215 | 1240 |
| 1216 // Test data transfer using certs created from strings. | 1241 // Test data transfer using certs created from strings. |
| 1217 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { | 1242 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { |
| 1243 MAYBE_SKIP_TEST(HaveDtls); |
| 1218 TestHandshake(); | 1244 TestHandshake(); |
| 1219 TestTransfer(100); | 1245 TestTransfer(100); |
| 1220 } | 1246 } |
| 1221 | 1247 |
| 1222 // Test getting the remote certificate. | 1248 // Test getting the remote certificate. |
| 1223 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { | 1249 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { |
| 1250 MAYBE_SKIP_TEST(HaveDtls); |
| 1251 |
| 1224 // Peer certificates haven't been received yet. | 1252 // Peer certificates haven't been received yet. |
| 1225 ASSERT_FALSE(GetPeerCertificate(true)); | 1253 ASSERT_FALSE(GetPeerCertificate(true)); |
| 1226 ASSERT_FALSE(GetPeerCertificate(false)); | 1254 ASSERT_FALSE(GetPeerCertificate(false)); |
| 1227 | 1255 |
| 1228 TestHandshake(); | 1256 TestHandshake(); |
| 1229 | 1257 |
| 1230 // The client should have a peer certificate after the handshake. | 1258 // The client should have a peer certificate after the handshake. |
| 1231 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = | 1259 std::unique_ptr<rtc::SSLCertificate> client_peer_cert = |
| 1232 GetPeerCertificate(true); | 1260 GetPeerCertificate(true); |
| 1233 ASSERT_TRUE(client_peer_cert); | 1261 ASSERT_TRUE(client_peer_cert); |
| (...skipping 13 matching lines...) Expand all Loading... |
| 1247 // It's kCERT_PEM | 1275 // It's kCERT_PEM |
| 1248 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); | 1276 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); |
| 1249 | 1277 |
| 1250 // It must not have a chain, because the test certs are self-signed. | 1278 // It must not have a chain, because the test certs are self-signed. |
| 1251 ASSERT_FALSE(server_peer_cert->GetChain()); | 1279 ASSERT_FALSE(server_peer_cert->GetChain()); |
| 1252 } | 1280 } |
| 1253 | 1281 |
| 1254 // Test getting the used DTLS ciphers. | 1282 // Test getting the used DTLS ciphers. |
| 1255 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. | 1283 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. |
| 1256 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { | 1284 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { |
| 1285 MAYBE_SKIP_TEST(HaveDtls); |
| 1257 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); | 1286 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 1258 TestHandshake(); | 1287 TestHandshake(); |
| 1259 | 1288 |
| 1260 int client_cipher; | 1289 int client_cipher; |
| 1261 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1290 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1262 int server_cipher; | 1291 int server_cipher; |
| 1263 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1292 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1264 | 1293 |
| 1265 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1294 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1266 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1295 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| 1267 | 1296 |
| 1268 ASSERT_EQ(client_cipher, server_cipher); | 1297 ASSERT_EQ(client_cipher, server_cipher); |
| 1269 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1298 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1270 server_cipher, ::testing::get<1>(GetParam()).type())); | 1299 server_cipher, ::testing::get<1>(GetParam()).type())); |
| 1271 } | 1300 } |
| 1272 | 1301 |
| 1273 // Test getting the used DTLS 1.2 ciphers. | 1302 // Test getting the used DTLS 1.2 ciphers. |
| 1274 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. | 1303 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. |
| 1275 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { | 1304 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { |
| 1305 MAYBE_SKIP_TEST(HaveDtls); |
| 1276 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); | 1306 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
| 1277 TestHandshake(); | 1307 TestHandshake(); |
| 1278 | 1308 |
| 1279 int client_cipher; | 1309 int client_cipher; |
| 1280 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1310 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1281 int server_cipher; | 1311 int server_cipher; |
| 1282 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1312 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1283 | 1313 |
| 1284 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); | 1314 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); |
| 1285 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); | 1315 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); |
| 1286 | 1316 |
| 1287 ASSERT_EQ(client_cipher, server_cipher); | 1317 ASSERT_EQ(client_cipher, server_cipher); |
| 1288 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1318 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1289 server_cipher, ::testing::get<1>(GetParam()).type())); | 1319 server_cipher, ::testing::get<1>(GetParam()).type())); |
| 1290 } | 1320 } |
| 1291 | 1321 |
| 1292 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. | 1322 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. |
| 1293 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { | 1323 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { |
| 1324 MAYBE_SKIP_TEST(HaveDtls); |
| 1294 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); | 1325 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); |
| 1295 TestHandshake(); | 1326 TestHandshake(); |
| 1296 | 1327 |
| 1297 int client_cipher; | 1328 int client_cipher; |
| 1298 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1329 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1299 int server_cipher; | 1330 int server_cipher; |
| 1300 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1331 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1301 | 1332 |
| 1302 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1333 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1303 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1334 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| 1304 | 1335 |
| 1305 ASSERT_EQ(client_cipher, server_cipher); | 1336 ASSERT_EQ(client_cipher, server_cipher); |
| 1306 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( | 1337 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1307 server_cipher, ::testing::get<1>(GetParam()).type())); | 1338 server_cipher, ::testing::get<1>(GetParam()).type())); |
| 1308 } | 1339 } |
| 1309 | 1340 |
| 1310 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. | 1341 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. |
| 1311 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { | 1342 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { |
| 1343 MAYBE_SKIP_TEST(HaveDtls); |
| 1312 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); | 1344 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); |
| 1313 TestHandshake(); | 1345 TestHandshake(); |
| 1314 | 1346 |
| 1315 int client_cipher; | 1347 int client_cipher; |
| 1316 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); | 1348 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1317 int server_cipher; | 1349 int server_cipher; |
| 1318 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); | 1350 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1319 | 1351 |
| 1320 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); | 1352 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1321 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); | 1353 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 1339 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1371 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
| 1340 INSTANTIATE_TEST_CASE_P( | 1372 INSTANTIATE_TEST_CASE_P( |
| 1341 SSLStreamAdapterTestsDTLS, | 1373 SSLStreamAdapterTestsDTLS, |
| 1342 SSLStreamAdapterTestDTLS, | 1374 SSLStreamAdapterTestDTLS, |
| 1343 Combine(Values(rtc::KeyParams::RSA(1024, 65537), | 1375 Combine(Values(rtc::KeyParams::RSA(1024, 65537), |
| 1344 rtc::KeyParams::RSA(1152, 65537), | 1376 rtc::KeyParams::RSA(1152, 65537), |
| 1345 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), | 1377 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), |
| 1346 Values(rtc::KeyParams::RSA(1024, 65537), | 1378 Values(rtc::KeyParams::RSA(1024, 65537), |
| 1347 rtc::KeyParams::RSA(1152, 65537), | 1379 rtc::KeyParams::RSA(1152, 65537), |
| 1348 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); | 1380 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2648003003:
Revert of Removing #defines previously used for building without BoringSSL/OpenSSL. (Closed)
