webrtc/base/sslstreamadapter_unittest.cc - Issue 2877023002: Move webrtc/{base => rtc_base}

Side by Side Diff: webrtc/base/sslstreamadapter_unittest.cc

Issue 2877023002: Move webrtc/{base => rtc_base} (Closed)

Patch Set: update presubmit.py and DEPS include rules Created 3 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
	(Empty)
1 /*

2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.

3 *

4 * Use of this source code is governed by a BSD-style license

5 * that can be found in the LICENSE file in the root of the source

6 * tree. An additional intellectual property rights grant can be found

7 * in the file PATENTS. All contributing project authors may

8 * be found in the AUTHORS file in the root of the source tree.

9 */

10

11

12 #include <algorithm>

13 #include <memory>

14 #include <set>

15 #include <string>

16

17 #include "webrtc/base/bufferqueue.h"

18 #include "webrtc/base/checks.h"

19 #include "webrtc/base/gunit.h"

20 #include "webrtc/base/helpers.h"

21 #include "webrtc/base/ssladapter.h"

22 #include "webrtc/base/sslidentity.h"

23 #include "webrtc/base/sslstreamadapter.h"

24 #include "webrtc/base/stream.h"

25

26 using ::testing::WithParamInterface;

27 using ::testing::Values;

28 using ::testing::Combine;

29 using ::testing::tuple;

30

31 static const int kBlockSize = 4096;

32 static const char kExporterLabel[] = "label";

33 static const unsigned char kExporterContext[] = "context";

34 static int kExporterContextLen = sizeof(kExporterContext);

35

36 static const char kRSA_PRIVATE_KEY_PEM[] =

37 "-----BEGIN RSA PRIVATE KEY-----\n"

38 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"

39 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"

40 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"

41 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"

42 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"

43 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"

44 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"

45 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"

46 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"

47 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"

48 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"

49 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"

50 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"

51 "UCXiYxSsu20QNVw=\n"

52 "-----END RSA PRIVATE KEY-----\n";

53

54 static const char kCERT_PEM[] =

55 "-----BEGIN CERTIFICATE-----\n"

56 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"

57 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"

58 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"

59 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"

60 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"

61 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"

62 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"

63 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"

64 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"

65 "-----END CERTIFICATE-----\n";

66

67 class SSLStreamAdapterTestBase;

68

69 class SSLDummyStreamBase : public rtc::StreamInterface,

70 public sigslot::has_slots<> {

71 public:

72 SSLDummyStreamBase(SSLStreamAdapterTestBase* test,

73 const std::string &side,

74 rtc::StreamInterface* in,

75 rtc::StreamInterface* out) :

76 test_base_(test),

77 side_(side),

78 in_(in),

79 out_(out),

80 first_packet_(true) {

81 in_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventIn);

82 out_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventOut);

83 }

84

85 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }

86

87 rtc::StreamResult Read(void* buffer, size_t buffer_len,

88 size_t* read, int* error) override {

89 rtc::StreamResult r;

90

91 r = in_->Read(buffer, buffer_len, read, error);

92 if (r == rtc::SR_BLOCK)

93 return rtc::SR_BLOCK;

94 if (r == rtc::SR_EOS)

95 return rtc::SR_EOS;

96

97 if (r != rtc::SR_SUCCESS) {

98 ADD_FAILURE();

99 return rtc::SR_ERROR;

100 }

101

102 return rtc::SR_SUCCESS;

103 }

104

105 // Catch readability events on in and pass them up.

106 void OnEventIn(rtc::StreamInterface* stream, int sig, int err) {

107 int mask = (rtc::SE_READ \| rtc::SE_CLOSE);

108

109 if (sig & mask) {

110 LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_

111 << " sig=" << sig << " forwarding upward";

112 PostEvent(sig & mask, 0);

113 }

114 }

115

116 // Catch writeability events on out and pass them up.

117 void OnEventOut(rtc::StreamInterface* stream, int sig, int err) {

118 if (sig & rtc::SE_WRITE) {

119 LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_

120 << " sig=" << sig << " forwarding upward";

121

122 PostEvent(sig & rtc::SE_WRITE, 0);

123 }

124 }

125

126 // Write to the outgoing FifoBuffer

127 rtc::StreamResult WriteData(const void* data, size_t data_len,

128 size_t* written, int* error) {

129 return out_->Write(data, data_len, written, error);

130 }

131

132 rtc::StreamResult Write(const void* data, size_t data_len,

133 size_t* written, int* error) override;

134

135 void Close() override {

136 LOG(LS_INFO) << "Closing outbound stream";

137 out_->Close();

138 }

139

140 protected:

141 SSLStreamAdapterTestBase* test_base_;

142 const std::string side_;

143 rtc::StreamInterface* in_;

144 rtc::StreamInterface* out_;

145 bool first_packet_;

146 };

147

148 class SSLDummyStreamTLS : public SSLDummyStreamBase {

149 public:

150 SSLDummyStreamTLS(SSLStreamAdapterTestBase* test,

151 const std::string& side,

152 rtc::FifoBuffer* in,

153 rtc::FifoBuffer* out) :

154 SSLDummyStreamBase(test, side, in, out) {

155 }

156 };

157

158 class BufferQueueStream : public rtc::BufferQueue,

159 public rtc::StreamInterface {

160 public:

161 BufferQueueStream(size_t capacity, size_t default_size)

162 : rtc::BufferQueue(capacity, default_size) {

163 }

164

165 // Implementation of abstract StreamInterface methods.

166

167 // A buffer queue stream is always "open".

168 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }

169

170 // Reading a buffer queue stream will either succeed or block.

171 rtc::StreamResult Read(void* buffer, size_t buffer_len,

172 size_t* read, int* error) override {

173 if (!ReadFront(buffer, buffer_len, read)) {

174 return rtc::SR_BLOCK;

175 }

176 return rtc::SR_SUCCESS;

177 }

178

179 // Writing to a buffer queue stream will either succeed or block.

180 rtc::StreamResult Write(const void* data, size_t data_len,

181 size_t* written, int* error) override {

182 if (!WriteBack(data, data_len, written)) {

183 return rtc::SR_BLOCK;

184 }

185 return rtc::SR_SUCCESS;

186 }

187

188 // A buffer queue stream can not be closed.

189 void Close() override {}

190

191 protected:

192 void NotifyReadableForTest() override {

193 PostEvent(rtc::SE_READ, 0);

194 }

195

196 void NotifyWritableForTest() override {

197 PostEvent(rtc::SE_WRITE, 0);

198 }

199 };

200

201 class SSLDummyStreamDTLS : public SSLDummyStreamBase {

202 public:

203 SSLDummyStreamDTLS(SSLStreamAdapterTestBase* test,

204 const std::string& side,

205 BufferQueueStream* in,

206 BufferQueueStream* out) :

207 SSLDummyStreamBase(test, side, in, out) {

208 }

209 };

210

211 static const int kFifoBufferSize = 4096;

212 static const int kBufferCapacity = 1;

213 static const size_t kDefaultBufferSize = 2048;

214

215 class SSLStreamAdapterTestBase : public testing::Test,

216 public sigslot::has_slots<> {

217 public:

218 SSLStreamAdapterTestBase(

219 const std::string& client_cert_pem,

220 const std::string& client_private_key_pem,

221 bool dtls,

222 rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT),

223 rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT))

224 : client_cert_pem_(client_cert_pem),

225 client_private_key_pem_(client_private_key_pem),

226 client_key_type_(client_key_type),

227 server_key_type_(server_key_type),

228 client_stream_(nullptr),

229 server_stream_(nullptr),

230 client_identity_(nullptr),

231 server_identity_(nullptr),

232 delay_(0),

233 mtu_(1460),

234 loss_(0),

235 lose_first_packet_(false),

236 damage_(false),

237 dtls_(dtls),

238 handshake_wait_(5000),

239 identities_set_(false) {

240 // Set use of the test RNG to get predictable loss patterns.

241 rtc::SetRandomTestMode(true);

242 }

243

244 ~SSLStreamAdapterTestBase() {

245 // Put it back for the next test.

246 rtc::SetRandomTestMode(false);

247 }

248

249 void SetUp() override {

250 CreateStreams();

251

252 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));

253 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));

254

255 // Set up the slots

256 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);

257 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);

258

259 if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {

260 client_identity_ = rtc::SSLIdentity::FromPEMStrings(

261 client_private_key_pem_, client_cert_pem_);

262 } else {

263 client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type_);

264 }

265 server_identity_ = rtc::SSLIdentity::Generate("server", server_key_type_);

266

267 client_ssl_->SetIdentity(client_identity_);

268 server_ssl_->SetIdentity(server_identity_);

269 }

270

271 void TearDown() override {

272 client_ssl_.reset(nullptr);

273 server_ssl_.reset(nullptr);

274 }

275

276 virtual void CreateStreams() = 0;

277

278 // Recreate the client/server identities with the specified validity period.

279 // \|not_before\| and \|not_after\| are offsets from the current time in number

280 // of seconds.

281 void ResetIdentitiesWithValidity(int not_before, int not_after) {

282 CreateStreams();

283

284 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));

285 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));

286

287 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);

288 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);

289

290 time_t now = time(nullptr);

291

292 rtc::SSLIdentityParams client_params;

293 client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);

294 client_params.common_name = "client";

295 client_params.not_before = now + not_before;

296 client_params.not_after = now + not_after;

297 client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params);

298

299 rtc::SSLIdentityParams server_params;

300 server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);

301 server_params.common_name = "server";

302 server_params.not_before = now + not_before;

303 server_params.not_after = now + not_after;

304 server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params);

305

306 client_ssl_->SetIdentity(client_identity_);

307 server_ssl_->SetIdentity(server_identity_);

308 }

309

310 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) {

311 LOG(LS_VERBOSE) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig;

312

313 if (sig & rtc::SE_READ) {

314 ReadData(stream);

315 }

316

317 if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) {

318 WriteData();

319 }

320 }

321

322 void SetPeerIdentitiesByDigest(bool correct, bool expect_success) {

323 unsigned char server_digest[20];

324 size_t server_digest_len;

325 unsigned char client_digest[20];

326 size_t client_digest_len;

327 bool rv;

328 rtc::SSLPeerCertificateDigestError err;

329 rtc::SSLPeerCertificateDigestError expected_err =

330 expect_success

331 ? rtc::SSLPeerCertificateDigestError::NONE

332 : rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED;

333

334 LOG(LS_INFO) << "Setting peer identities by digest";

335

336 rv = server_identity_->certificate().ComputeDigest(

337 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);

338 ASSERT_TRUE(rv);

339 rv = client_identity_->certificate().ComputeDigest(

340 rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len);

341 ASSERT_TRUE(rv);

342

343 if (!correct) {

344 LOG(LS_INFO) << "Setting bogus digest for server cert";

345 server_digest[0]++;

346 }

347 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,

348 server_digest_len, &err);

349 EXPECT_EQ(expected_err, err);

350 EXPECT_EQ(expect_success, rv);

351

352 if (!correct) {

353 LOG(LS_INFO) << "Setting bogus digest for client cert";

354 client_digest[0]++;

355 }

356 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, client_digest,

357 client_digest_len, &err);

358 EXPECT_EQ(expected_err, err);

359 EXPECT_EQ(expect_success, rv);

360

361 identities_set_ = true;

362 }

363

364 void SetupProtocolVersions(rtc::SSLProtocolVersion server_version,

365 rtc::SSLProtocolVersion client_version) {

366 server_ssl_->SetMaxProtocolVersion(server_version);

367 client_ssl_->SetMaxProtocolVersion(client_version);

368 }

369

370 void TestHandshake(bool expect_success = true) {

371 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS :

372 rtc::SSL_MODE_TLS);

373 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS :

374 rtc::SSL_MODE_TLS);

375

376 if (!dtls_) {

377 // Make sure we simulate a reliable network for TLS.

378 // This is just a check to make sure that people don't write wrong

379 // tests.

380 RTC_CHECK_EQ(1460, mtu_);

381 RTC_CHECK(!loss_);

382 RTC_CHECK(!lose_first_packet_);

383 }

384

385 if (!identities_set_)

386 SetPeerIdentitiesByDigest(true, true);

387

388 // Start the handshake

389 int rv;

390

391 server_ssl_->SetServerRole();

392 rv = server_ssl_->StartSSL();

393 ASSERT_EQ(0, rv);

394

395 rv = client_ssl_->StartSSL();

396 ASSERT_EQ(0, rv);

397

398 // Now run the handshake

399 if (expect_success) {

400 EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN)

401 && (server_ssl_->GetState() == rtc::SS_OPEN),

402 handshake_wait_);

403 } else {

404 EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED,

405 handshake_wait_);

406 }

407 }

408

409 // This tests that the handshake can complete before the identity is

410 // verified, and the identity will be verified after the fact.

411 void TestHandshakeWithDelayedIdentity(bool valid_identity) {

412 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);

413 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);

414

415 if (!dtls_) {

416 // Make sure we simulate a reliable network for TLS.

417 // This is just a check to make sure that people don't write wrong

418 // tests.

419 RTC_CHECK_EQ(1460, mtu_);

420 RTC_CHECK(!loss_);

421 RTC_CHECK(!lose_first_packet_);

422 }

423

424 // Start the handshake

425 int rv;

426

427 server_ssl_->SetServerRole();

428 rv = server_ssl_->StartSSL();

429 ASSERT_EQ(0, rv);

430

431 rv = client_ssl_->StartSSL();

432 ASSERT_EQ(0, rv);

433

434 // Now run the handshake.

435 EXPECT_TRUE_WAIT(

436 client_ssl_->IsTlsConnected() && server_ssl_->IsTlsConnected(),

437 handshake_wait_);

438

439 // Until the identity has been verified, the state should still be

440 // SS_OPENING and writes should return SR_BLOCK.

441 EXPECT_EQ(rtc::SS_OPENING, client_ssl_->GetState());

442 EXPECT_EQ(rtc::SS_OPENING, server_ssl_->GetState());

443 unsigned char packet[1];

444 size_t sent;

445 EXPECT_EQ(rtc::SR_BLOCK, client_ssl_->Write(&packet, 1, &sent, 0));

446 EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Write(&packet, 1, &sent, 0));

447

448 // If we set an invalid identity at this point, SetPeerCertificateDigest

449 // should return false.

450 SetPeerIdentitiesByDigest(valid_identity, valid_identity);

451 // State should then transition to SS_OPEN or SS_CLOSED based on validation

452 // of the identity.

453 if (valid_identity) {

454 EXPECT_EQ(rtc::SS_OPEN, client_ssl_->GetState());

455 EXPECT_EQ(rtc::SS_OPEN, server_ssl_->GetState());

456 } else {

457 EXPECT_EQ(rtc::SS_CLOSED, client_ssl_->GetState());

458 EXPECT_EQ(rtc::SS_CLOSED, server_ssl_->GetState());

459 }

460 }

461

462 rtc::StreamResult DataWritten(SSLDummyStreamBase from, const void data,

463 size_t data_len, size_t *written,

464 int *error) {

465 // Randomly drop loss_ percent of packets

466 if (rtc::CreateRandomId() % 100 < static_cast<uint32_t>(loss_)) {

467 LOG(LS_VERBOSE) << "Randomly dropping packet, size=" << data_len;

468 *written = data_len;

469 return rtc::SR_SUCCESS;

470 }

471 if (dtls_ && (data_len > mtu_)) {

472 LOG(LS_VERBOSE) << "Dropping packet > mtu, size=" << data_len;

473 *written = data_len;

474 return rtc::SR_SUCCESS;

475 }

476

477 // Optionally damage application data (type 23). Note that we don't damage

478 // handshake packets and we damage the last byte to keep the header

479 // intact but break the MAC.

480 if (damage_ && (static_cast<const unsigned char >(data) == 23)) {

481 std::vector<char> buf(data_len);

482

483 LOG(LS_VERBOSE) << "Damaging packet";

484

485 memcpy(&buf[0], data, data_len);

486 buf[data_len - 1]++;

487

488 return from->WriteData(&buf[0], data_len, written, error);

489 }

490

491 return from->WriteData(data, data_len, written, error);

492 }

493

494 void SetDelay(int delay) {

495 delay_ = delay;

496 }

497 int GetDelay() { return delay_; }

498

499 void SetLoseFirstPacket(bool lose) {

500 lose_first_packet_ = lose;

501 }

502 bool GetLoseFirstPacket() { return lose_first_packet_; }

503

504 void SetLoss(int percent) {

505 loss_ = percent;

506 }

507

508 void SetDamage() {

509 damage_ = true;

510 }

511

512 void SetMtu(size_t mtu) {

513 mtu_ = mtu;

514 }

515

516 void SetHandshakeWait(int wait) {

517 handshake_wait_ = wait;

518 }

519

520 void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {

521 if (client)

522 client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);

523 else

524 server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);

525 }

526

527 bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {

528 if (client)

529 return client_ssl_->GetDtlsSrtpCryptoSuite(retval);

530 else

531 return server_ssl_->GetDtlsSrtpCryptoSuite(retval);

532 }

533

534 std::unique_ptr<rtc::SSLCertificate> GetPeerCertificate(bool client) {

535 if (client)

536 return client_ssl_->GetPeerCertificate();

537 else

538 return server_ssl_->GetPeerCertificate();

539 }

540

541 bool GetSslCipherSuite(bool client, int* retval) {

542 if (client)

543 return client_ssl_->GetSslCipherSuite(retval);

544 else

545 return server_ssl_->GetSslCipherSuite(retval);

546 }

547

548 int GetSslVersion(bool client) {

549 if (client)

550 return client_ssl_->GetSslVersion();

551 else

552 return server_ssl_->GetSslVersion();

553 }

554

555 bool ExportKeyingMaterial(const char *label,

556 const unsigned char *context,

557 size_t context_len,

558 bool use_context,

559 bool client,

560 unsigned char *result,

561 size_t result_len) {

562 if (client)

563 return client_ssl_->ExportKeyingMaterial(label,

564 context, context_len,

565 use_context,

566 result, result_len);

567 else

568 return server_ssl_->ExportKeyingMaterial(label,

569 context, context_len,

570 use_context,

571 result, result_len);

572 }

573

574 // To be implemented by subclasses.

575 virtual void WriteData() = 0;

576 virtual void ReadData(rtc::StreamInterface *stream) = 0;

577 virtual void TestTransfer(int size) = 0;

578

579 protected:

580 std::string client_cert_pem_;

581 std::string client_private_key_pem_;

582 rtc::KeyParams client_key_type_;

583 rtc::KeyParams server_key_type_;

584 SSLDummyStreamBase *client_stream_; // freed by client_ssl_ destructor

585 SSLDummyStreamBase *server_stream_; // freed by server_ssl_ destructor

586 std::unique_ptr<rtc::SSLStreamAdapter> client_ssl_;

587 std::unique_ptr<rtc::SSLStreamAdapter> server_ssl_;

588 rtc::SSLIdentity *client_identity_; // freed by client_ssl_ destructor

589 rtc::SSLIdentity *server_identity_; // freed by server_ssl_ destructor

590 int delay_;

591 size_t mtu_;

592 int loss_;

593 bool lose_first_packet_;

594 bool damage_;

595 bool dtls_;

596 int handshake_wait_;

597 bool identities_set_;

598 };

599

600 class SSLStreamAdapterTestTLS

601 : public SSLStreamAdapterTestBase,

602 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {

603 public:

604 SSLStreamAdapterTestTLS()

605 : SSLStreamAdapterTestBase("",

606 "",

607 false,

608 ::testing::get<0>(GetParam()),

609 ::testing::get<1>(GetParam())),

610 client_buffer_(kFifoBufferSize),

611 server_buffer_(kFifoBufferSize) {

612 }

613

614 void CreateStreams() override {

615 client_stream_ =

616 new SSLDummyStreamTLS(this, "c2s", &client_buffer_, &server_buffer_);

617 server_stream_ =

618 new SSLDummyStreamTLS(this, "s2c", &server_buffer_, &client_buffer_);

619 }

620

621 // Test data transfer for TLS

622 void TestTransfer(int size) override {

623 LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";

624 // Create some dummy data to send.

625 size_t received;

626

627 send_stream_.ReserveSize(size);

628 for (int i = 0; i < size; ++i) {

629 char ch = static_cast<char>(i);

630 send_stream_.Write(&ch, 1, nullptr, nullptr);

631 }

632 send_stream_.Rewind();

633

634 // Prepare the receive stream.

635 recv_stream_.ReserveSize(size);

636

637 // Start sending

638 WriteData();

639

640 // Wait for the client to close

641 EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000);

642

643 // Now check the data

644 recv_stream_.GetSize(&received);

645

646 EXPECT_EQ(static_cast<size_t>(size), received);

647 EXPECT_EQ(0, memcmp(send_stream_.GetBuffer(),

648 recv_stream_.GetBuffer(), size));

649 }

650

651 void WriteData() override {

652 size_t position, tosend, size;

653 rtc::StreamResult rv;

654 size_t sent;

655 char block[kBlockSize];

656

657 send_stream_.GetSize(&size);

658 if (!size)

659 return;

660

661 for (;;) {

662 send_stream_.GetPosition(&position);

663 if (send_stream_.Read(block, sizeof(block), &tosend, nullptr) !=

664 rtc::SR_EOS) {

665 rv = client_ssl_->Write(block, tosend, &sent, 0);

666

667 if (rv == rtc::SR_SUCCESS) {

668 send_stream_.SetPosition(position + sent);

669 LOG(LS_VERBOSE) << "Sent: " << position + sent;

670 } else if (rv == rtc::SR_BLOCK) {

671 LOG(LS_VERBOSE) << "Blocked...";

672 send_stream_.SetPosition(position);

673 break;

674 } else {

675 ADD_FAILURE();

676 break;

677 }

678 } else {

679 // Now close

680 LOG(LS_INFO) << "Wrote " << position << " bytes. Closing";

681 client_ssl_->Close();

682 break;

683 }

684 }

685 };

686

687 void ReadData(rtc::StreamInterface *stream) override {

688 char buffer[1600];

689 size_t bread;

690 int err2;

691 rtc::StreamResult r;

692

693 for (;;) {

694 r = stream->Read(buffer, sizeof(buffer), &bread, &err2);

695

696 if (r == rtc::SR_ERROR \|\| r == rtc::SR_EOS) {

697 // Unfortunately, errors are the way that the stream adapter

698 // signals close in OpenSSL.

699 stream->Close();

700 return;

701 }

702

703 if (r == rtc::SR_BLOCK)

704 break;

705

706 ASSERT_EQ(rtc::SR_SUCCESS, r);

707 LOG(LS_VERBOSE) << "Read " << bread;

708

709 recv_stream_.Write(buffer, bread, nullptr, nullptr);

710 }

711 }

712

713 private:

714 rtc::FifoBuffer client_buffer_;

715 rtc::FifoBuffer server_buffer_;

716 rtc::MemoryStream send_stream_;

717 rtc::MemoryStream recv_stream_;

718 };

719

720 class SSLStreamAdapterTestDTLS

721 : public SSLStreamAdapterTestBase,

722 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {

723 public:

724 SSLStreamAdapterTestDTLS()

725 : SSLStreamAdapterTestBase("",

726 "",

727 true,

728 ::testing::get<0>(GetParam()),

729 ::testing::get<1>(GetParam())),

730 client_buffer_(kBufferCapacity, kDefaultBufferSize),

731 server_buffer_(kBufferCapacity, kDefaultBufferSize),

732 packet_size_(1000),

733 count_(0),

734 sent_(0) {}

735

736 SSLStreamAdapterTestDTLS(const std::string& cert_pem,

737 const std::string& private_key_pem) :

738 SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),

739 client_buffer_(kBufferCapacity, kDefaultBufferSize),

740 server_buffer_(kBufferCapacity, kDefaultBufferSize),

741 packet_size_(1000), count_(0), sent_(0) {

742 }

743

744 void CreateStreams() override {

745 client_stream_ =

746 new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);

747 server_stream_ =

748 new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);

749 }

750

751 void WriteData() override {

752 unsigned char *packet = new unsigned char[1600];

753

754 while (sent_ < count_) {

755 unsigned int rand_state = sent_;

756 packet[0] = sent_;

757 for (size_t i = 1; i < packet_size_; i++) {

758 // This is a simple LC PRNG. Keep in synch with identical code below.

759 rand_state = (rand_state * 251 + 19937) >> 7;

760 packet[i] = rand_state & 0xff;

761 }

762

763 size_t sent;

764 rtc::StreamResult rv = client_ssl_->Write(packet, packet_size_, &sent, 0);

765 if (rv == rtc::SR_SUCCESS) {

766 LOG(LS_VERBOSE) << "Sent: " << sent_;

767 sent_++;

768 } else if (rv == rtc::SR_BLOCK) {

769 LOG(LS_VERBOSE) << "Blocked...";

770 break;

771 } else {

772 ADD_FAILURE();

773 break;

774 }

775 }

776

777 delete [] packet;

778 }

779

780 void ReadData(rtc::StreamInterface *stream) override {

781 unsigned char buffer[2000];

782 size_t bread;

783 int err2;

784 rtc::StreamResult r;

785

786 for (;;) {

787 r = stream->Read(buffer, 2000, &bread, &err2);

788

789 if (r == rtc::SR_ERROR) {

790 // Unfortunately, errors are the way that the stream adapter

791 // signals close right now

792 stream->Close();

793 return;

794 }

795

796 if (r == rtc::SR_BLOCK)

797 break;

798

799 ASSERT_EQ(rtc::SR_SUCCESS, r);

800 LOG(LS_VERBOSE) << "Read " << bread;

801

802 // Now parse the datagram

803 ASSERT_EQ(packet_size_, bread);

804 unsigned char packet_num = buffer[0];

805

806 unsigned int rand_state = packet_num;

807 for (size_t i = 1; i < packet_size_; i++) {

808 // This is a simple LC PRNG. Keep in synch with identical code above.

809 rand_state = (rand_state * 251 + 19937) >> 7;

810 ASSERT_EQ(rand_state & 0xff, buffer[i]);

811 }

812 received_.insert(packet_num);

813 }

814 }

815

816 void TestTransfer(int count) override {

817 count_ = count;

818

819 WriteData();

820

821 EXPECT_TRUE_WAIT(sent_ == count_, 10000);

822 LOG(LS_INFO) << "sent_ == " << sent_;

823

824 if (damage_) {

825 WAIT(false, 2000);

826 EXPECT_EQ(0U, received_.size());

827 } else if (loss_ == 0) {

828 EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000);

829 } else {

830 LOG(LS_INFO) << "Sent " << sent_ << " packets; received " <<

831 received_.size();

832 }

833 };

834

835 private:

836 BufferQueueStream client_buffer_;

837 BufferQueueStream server_buffer_;

838 size_t packet_size_;

839 int count_;

840 int sent_;

841 std::set<int> received_;

842 };

843

844

845 rtc::StreamResult SSLDummyStreamBase::Write(const void* data, size_t data_len,

846 size_t* written, int* error) {

847 LOG(LS_VERBOSE) << "Writing to loopback " << data_len;

848

849 if (first_packet_) {

850 first_packet_ = false;

851 if (test_base_->GetLoseFirstPacket()) {

852 LOG(LS_INFO) << "Losing initial packet of length " << data_len;

853 *written = data_len; // Fake successful writing also to writer.

854 return rtc::SR_SUCCESS;

855 }

856 }

857

858 return test_base_->DataWritten(this, data, data_len, written, error);

859 };

860

861 class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS {

862 public:

863 SSLStreamAdapterTestDTLSFromPEMStrings() :

864 SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {

865 }

866 };

867

868 // Basic tests: TLS

869

870 // Test that we can make a handshake work

871 TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) {

872 TestHandshake();

873 };

874

875 // Test that closing the connection on one side updates the other side.

876 TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) {

877 TestHandshake();

878 client_ssl_->Close();

879 EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);

880 };

881

882 // Test transfer -- trivial

883 TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) {

884 TestHandshake();

885 TestTransfer(100000);

886 };

887

888 // Test read-write after close.

889 TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {

890 TestHandshake();

891 TestTransfer(100000);

892 client_ssl_->Close();

893

894 rtc::StreamResult rv;

895 char block[kBlockSize];

896 size_t dummy;

897

898 // It's an error to write after closed.

899 rv = client_ssl_->Write(block, sizeof(block), &dummy, nullptr);

900 ASSERT_EQ(rtc::SR_ERROR, rv);

901

902 // But after closed read gives you EOS.

903 rv = client_ssl_->Read(block, sizeof(block), &dummy, nullptr);

904 ASSERT_EQ(rtc::SR_EOS, rv);

905 };

906

907 // Test a handshake with a bogus peer digest

908 TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {

909 SetPeerIdentitiesByDigest(false, true);

910 TestHandshake(false);

911 };

912

913 TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentity) {

914 TestHandshakeWithDelayedIdentity(true);

915 };

916

917 TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentityWithBogusDigest) {

918 TestHandshakeWithDelayedIdentity(false);

919 };

920

921 // Test that the correct error is returned when SetPeerCertificateDigest is

922 // called with an unknown algorithm.

923 TEST_P(SSLStreamAdapterTestTLS,

924 TestSetPeerCertificateDigestWithUnknownAlgorithm) {

925 unsigned char server_digest[20];

926 size_t server_digest_len;

927 bool rv;

928 rtc::SSLPeerCertificateDigestError err;

929

930 rv = server_identity_->certificate().ComputeDigest(

931 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);

932 ASSERT_TRUE(rv);

933

934 rv = client_ssl_->SetPeerCertificateDigest("unknown algorithm", server_digest,

935 server_digest_len, &err);

936 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::UNKNOWN_ALGORITHM, err);

937 EXPECT_FALSE(rv);

938 }

939

940 // Test that the correct error is returned when SetPeerCertificateDigest is

941 // called with an invalid digest length.

942 TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) {

943 unsigned char server_digest[20];

944 size_t server_digest_len;

945 bool rv;

946 rtc::SSLPeerCertificateDigestError err;

947

948 rv = server_identity_->certificate().ComputeDigest(

949 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);

950 ASSERT_TRUE(rv);

951

952 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,

953 server_digest_len - 1, &err);

954 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err);

955 EXPECT_FALSE(rv);

956 }

957

958 // Test moving a bunch of data

959

960 // Basic tests: DTLS

961 // Test that we can make a handshake work

962 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {

963 TestHandshake();

964 };

965

966 // Test that we can make a handshake work if the first packet in

967 // each direction is lost. This gives us predictable loss

968 // rather than having to tune random

969 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {

970 SetLoseFirstPacket(true);

971 TestHandshake();

972 };

973

974 // Test a handshake with loss and delay

975 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {

976 SetLoseFirstPacket(true);

977 SetDelay(2000);

978 SetHandshakeWait(20000);

979 TestHandshake();

980 };

981

982 // Test a handshake with small MTU

983 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910

984 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {

985 SetMtu(700);

986 SetHandshakeWait(20000);

987 TestHandshake();

988 };

989

990 // Test transfer -- trivial

991 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {

992 TestHandshake();

993 TestTransfer(100);

994 };

995

996 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {

997 TestHandshake();

998 SetLoss(10);

999 TestTransfer(100);

1000 };

1001

1002 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {

1003 SetDamage(); // Must be called first because first packet

1004 // write happens at end of handshake.

1005 TestHandshake();

1006 TestTransfer(100);

1007 };

1008

1009 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) {

1010 TestHandshakeWithDelayedIdentity(true);

1011 };

1012

1013 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) {

1014 TestHandshakeWithDelayedIdentity(false);

1015 };

1016

1017 // Test DTLS-SRTP with all high ciphers

1018 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {

1019 std::vector<int> high;

1020 high.push_back(rtc::SRTP_AES128_CM_SHA1_80);

1021 SetDtlsSrtpCryptoSuites(high, true);

1022 SetDtlsSrtpCryptoSuites(high, false);

1023 TestHandshake();

1024

1025 int client_cipher;

1026 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));

1027 int server_cipher;

1028 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));

1029

1030 ASSERT_EQ(client_cipher, server_cipher);

1031 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);

1032 };

1033

1034 // Test DTLS-SRTP with all low ciphers

1035 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {

1036 std::vector<int> low;

1037 low.push_back(rtc::SRTP_AES128_CM_SHA1_32);

1038 SetDtlsSrtpCryptoSuites(low, true);

1039 SetDtlsSrtpCryptoSuites(low, false);

1040 TestHandshake();

1041

1042 int client_cipher;

1043 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));

1044 int server_cipher;

1045 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));

1046

1047 ASSERT_EQ(client_cipher, server_cipher);

1048 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);

1049 };

1050

1051 // Test DTLS-SRTP with a mismatch -- should not converge

1052 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {

1053 std::vector<int> high;

1054 high.push_back(rtc::SRTP_AES128_CM_SHA1_80);

1055 std::vector<int> low;

1056 low.push_back(rtc::SRTP_AES128_CM_SHA1_32);

1057 SetDtlsSrtpCryptoSuites(high, true);

1058 SetDtlsSrtpCryptoSuites(low, false);

1059 TestHandshake();

1060

1061 int client_cipher;

1062 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));

1063 int server_cipher;

1064 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));

1065 };

1066

1067 // Test DTLS-SRTP with each side being mixed -- should select high

1068 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {

1069 std::vector<int> mixed;

1070 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);

1071 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);

1072 SetDtlsSrtpCryptoSuites(mixed, true);

1073 SetDtlsSrtpCryptoSuites(mixed, false);

1074 TestHandshake();

1075

1076 int client_cipher;

1077 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));

1078 int server_cipher;

1079 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));

1080

1081 ASSERT_EQ(client_cipher, server_cipher);

1082 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);

1083 };

1084

1085 // Test DTLS-SRTP with all GCM-128 ciphers.

1086 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {

1087 std::vector<int> gcm128;

1088 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);

1089 SetDtlsSrtpCryptoSuites(gcm128, true);

1090 SetDtlsSrtpCryptoSuites(gcm128, false);

1091 TestHandshake();

1092

1093 int client_cipher;

1094 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));

1095 int server_cipher;

1096 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));

1097

1098 ASSERT_EQ(client_cipher, server_cipher);

1099 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM);

1100 };

1101

1102 // Test DTLS-SRTP with all GCM-256 ciphers.

1103 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {

1104 std::vector<int> gcm256;

1105 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);

1106 SetDtlsSrtpCryptoSuites(gcm256, true);

1107 SetDtlsSrtpCryptoSuites(gcm256, false);

1108 TestHandshake();

1109

1110 int client_cipher;

1111 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));

1112 int server_cipher;

1113 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));

1114

1115 ASSERT_EQ(client_cipher, server_cipher);

1116 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);

1117 };

1118

1119 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.

1120 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {

1121 std::vector<int> gcm128;

1122 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);

1123 std::vector<int> gcm256;

1124 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);

1125 SetDtlsSrtpCryptoSuites(gcm128, true);

1126 SetDtlsSrtpCryptoSuites(gcm256, false);

1127 TestHandshake();

1128

1129 int client_cipher;

1130 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));

1131 int server_cipher;

1132 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));

1133 };

1134

1135 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.

1136 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {

1137 std::vector<int> gcmBoth;

1138 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);

1139 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);

1140 SetDtlsSrtpCryptoSuites(gcmBoth, true);

1141 SetDtlsSrtpCryptoSuites(gcmBoth, false);

1142 TestHandshake();

1143

1144 int client_cipher;

1145 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));

1146 int server_cipher;

1147 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));

1148

1149 ASSERT_EQ(client_cipher, server_cipher);

1150 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);

1151 };

1152

1153 // Test SRTP cipher suite lengths.

1154 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {

1155 int key_len;

1156 int salt_len;

1157

1158 ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(

1159 rtc::SRTP_INVALID_CRYPTO_SUITE, &key_len, &salt_len));

1160

1161 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(

1162 rtc::SRTP_AES128_CM_SHA1_32, &key_len, &salt_len));

1163 ASSERT_EQ(128/8, key_len);

1164 ASSERT_EQ(112/8, salt_len);

1165

1166 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(

1167 rtc::SRTP_AES128_CM_SHA1_80, &key_len, &salt_len));

1168 ASSERT_EQ(128/8, key_len);

1169 ASSERT_EQ(112/8, salt_len);

1170

1171 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(

1172 rtc::SRTP_AEAD_AES_128_GCM, &key_len, &salt_len));

1173 ASSERT_EQ(128/8, key_len);

1174 ASSERT_EQ(96/8, salt_len);

1175

1176 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(

1177 rtc::SRTP_AEAD_AES_256_GCM, &key_len, &salt_len));

1178 ASSERT_EQ(256/8, key_len);

1179 ASSERT_EQ(96/8, salt_len);

1180 };

1181

1182 // Test an exporter

1183 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {

1184 TestHandshake();

1185 unsigned char client_out[20];

1186 unsigned char server_out[20];

1187

1188 bool result;

1189 result = ExportKeyingMaterial(kExporterLabel,

1190 kExporterContext, kExporterContextLen,

1191 true, true,

1192 client_out, sizeof(client_out));

1193 ASSERT_TRUE(result);

1194

1195 result = ExportKeyingMaterial(kExporterLabel,

1196 kExporterContext, kExporterContextLen,

1197 true, false,

1198 server_out, sizeof(server_out));

1199 ASSERT_TRUE(result);

1200

1201 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));

1202 }

1203

1204 // Test not yet valid certificates are not rejected.

1205 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {

1206 long one_day = 60 * 60 * 24;

1207 // Make the certificates not valid until one day later.

1208 ResetIdentitiesWithValidity(one_day, one_day);

1209 TestHandshake();

1210 }

1211

1212 // Test expired certificates are not rejected.

1213 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {

1214 long one_day = 60 * 60 * 24;

1215 // Make the certificates already expired.

1216 ResetIdentitiesWithValidity(-one_day, -one_day);

1217 TestHandshake();

1218 }

1219

1220 // Test data transfer using certs created from strings.

1221 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {

1222 TestHandshake();

1223 TestTransfer(100);

1224 }

1225

1226 // Test getting the remote certificate.

1227 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {

1228 // Peer certificates haven't been received yet.

1229 ASSERT_FALSE(GetPeerCertificate(true));

1230 ASSERT_FALSE(GetPeerCertificate(false));

1231

1232 TestHandshake();

1233

1234 // The client should have a peer certificate after the handshake.

1235 std::unique_ptr<rtc::SSLCertificate> client_peer_cert =

1236 GetPeerCertificate(true);

1237 ASSERT_TRUE(client_peer_cert);

1238

1239 // It's not kCERT_PEM.

1240 std::string client_peer_string = client_peer_cert->ToPEMString();

1241 ASSERT_NE(kCERT_PEM, client_peer_string);

1242

1243 // It must not have a chain, because the test certs are self-signed.

1244 ASSERT_FALSE(client_peer_cert->GetChain());

1245

1246 // The server should have a peer certificate after the handshake.

1247 std::unique_ptr<rtc::SSLCertificate> server_peer_cert =

1248 GetPeerCertificate(false);

1249 ASSERT_TRUE(server_peer_cert);

1250

1251 // It's kCERT_PEM

1252 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());

1253

1254 // It must not have a chain, because the test certs are self-signed.

1255 ASSERT_FALSE(server_peer_cert->GetChain());

1256 }

1257

1258 // Test getting the used DTLS ciphers.

1259 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.

1260 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {

1261 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);

1262 TestHandshake();

1263

1264 int client_cipher;

1265 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));

1266 int server_cipher;

1267 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));

1268

1269 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));

1270 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));

1271

1272 ASSERT_EQ(client_cipher, server_cipher);

1273 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(

1274 server_cipher, ::testing::get<1>(GetParam()).type()));

1275 }

1276

1277 // Test getting the used DTLS 1.2 ciphers.

1278 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.

1279 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {

1280 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);

1281 TestHandshake();

1282

1283 int client_cipher;

1284 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));

1285 int server_cipher;

1286 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));

1287

1288 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));

1289 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));

1290

1291 ASSERT_EQ(client_cipher, server_cipher);

1292 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(

1293 server_cipher, ::testing::get<1>(GetParam()).type()));

1294 }

1295

1296 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.

1297 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {

1298 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);

1299 TestHandshake();

1300

1301 int client_cipher;

1302 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));

1303 int server_cipher;

1304 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));

1305

1306 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));

1307 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));

1308

1309 ASSERT_EQ(client_cipher, server_cipher);

1310 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(

1311 server_cipher, ::testing::get<1>(GetParam()).type()));

1312 }

1313

1314 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.

1315 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) {

1316 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);

1317 TestHandshake();

1318

1319 int client_cipher;

1320 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));

1321 int server_cipher;

1322 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));

1323

1324 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));

1325 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));

1326

1327 ASSERT_EQ(client_cipher, server_cipher);

1328 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(

1329 server_cipher, ::testing::get<1>(GetParam()).type()));

1330 }

1331

1332 // The RSA keysizes here might look strange, why not include the RFC's size

1333 // 2048?. The reason is test case slowness; testing two sizes to exercise

1334 // parametrization is sufficient.

1335 INSTANTIATE_TEST_CASE_P(

1336 SSLStreamAdapterTestsTLS,

1337 SSLStreamAdapterTestTLS,

1338 Combine(Values(rtc::KeyParams::RSA(1024, 65537),

1339 rtc::KeyParams::RSA(1152, 65537),

1340 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),

1341 Values(rtc::KeyParams::RSA(1024, 65537),

1342 rtc::KeyParams::RSA(1152, 65537),

1343 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));

1344 INSTANTIATE_TEST_CASE_P(

1345 SSLStreamAdapterTestsDTLS,

1346 SSLStreamAdapterTestDTLS,

1347 Combine(Values(rtc::KeyParams::RSA(1024, 65537),

1348 rtc::KeyParams::RSA(1152, 65537),

1349 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),

1350 Values(rtc::KeyParams::RSA(1024, 65537),

1351 rtc::KeyParams::RSA(1152, 65537),

1352 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));

OLD	NEW

« no previous file with comments | « webrtc/base/sslstreamadapter.cc ('k') | webrtc/base/stream.h » ('j') | no next file with comments »