1 /*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11
12 #include <algorithm>
13 #include <set>
14 #include <string>
15
16 #include "webrtc/base/bufferqueue.h"
17 #include "webrtc/base/gunit.h"
18 #include "webrtc/base/helpers.h"
19 #include "webrtc/base/scoped_ptr.h"
20 #include "webrtc/base/ssladapter.h"
21 #include "webrtc/base/sslconfig.h"
22 #include "webrtc/base/sslidentity.h"
23 #include "webrtc/base/sslstreamadapter.h"
24 #include "webrtc/base/stream.h"
25
26 using ::testing::WithParamInterface;
27 using ::testing::Values;
28 using ::testing::Combine;
29 using ::testing::tuple;
30
31 static const int kBlockSize = 4096;
32 static const char kExporterLabel[] = "label";
33 static const unsigned char kExporterContext[] = "context";
34 static int kExporterContextLen = sizeof(kExporterContext);
35
36 static const char kRSA_PRIVATE_KEY_PEM[] =
37 "-----BEGIN RSA PRIVATE KEY-----\n"
38 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
39 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
40 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
41 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
42 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
43 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
44 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
45 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
46 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
47 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
48 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
49 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
50 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
51 "UCXiYxSsu20QNVw=\n"
52 "-----END RSA PRIVATE KEY-----\n";
53
54 static const char kCERT_PEM[] =
55 "-----BEGIN CERTIFICATE-----\n"
56 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
57 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
58 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
59 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
60 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
61 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
62 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
63 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
64 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
65 "-----END CERTIFICATE-----\n";
66
67 #define MAYBE_SKIP_TEST(feature) \
68 if (!(rtc::SSLStreamAdapter::feature())) { \
69 LOG(LS_INFO) << "Feature disabled... skipping"; \
70 return; \
71 }
72
73 class SSLStreamAdapterTestBase;
74
75 class SSLDummyStreamBase : public rtc::StreamInterface,
76 public sigslot::has_slots<> {
77 public:
SSLDummyStreamBase(SSLStreamAdapterTestBase * test,const std::string & side,rtc::StreamInterface * in,rtc::StreamInterface * out)78 SSLDummyStreamBase(SSLStreamAdapterTestBase* test,
79 const std::string &side,
80 rtc::StreamInterface* in,
81 rtc::StreamInterface* out) :
82 test_base_(test),
83 side_(side),
84 in_(in),
85 out_(out),
86 first_packet_(true) {
87 in_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventIn);
88 out_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventOut);
89 }
90
GetState() const91 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
92
Read(void * buffer,size_t buffer_len,size_t * read,int * error)93 rtc::StreamResult Read(void* buffer, size_t buffer_len,
94 size_t* read, int* error) override {
95 rtc::StreamResult r;
96
97 r = in_->Read(buffer, buffer_len, read, error);
98 if (r == rtc::SR_BLOCK)
99 return rtc::SR_BLOCK;
100 if (r == rtc::SR_EOS)
101 return rtc::SR_EOS;
102
103 if (r != rtc::SR_SUCCESS) {
104 ADD_FAILURE();
105 return rtc::SR_ERROR;
106 }
107
108 return rtc::SR_SUCCESS;
109 }
110
111 // Catch readability events on in and pass them up.
OnEventIn(rtc::StreamInterface * stream,int sig,int err)112 void OnEventIn(rtc::StreamInterface* stream, int sig, int err) {
113 int mask = (rtc::SE_READ | rtc::SE_CLOSE);
114
115 if (sig & mask) {
116 LOG(LS_INFO) << "SSLDummyStreamBase::OnEvent side=" << side_ << " sig="
117 << sig << " forwarding upward";
118 PostEvent(sig & mask, 0);
119 }
120 }
121
122 // Catch writeability events on out and pass them up.
OnEventOut(rtc::StreamInterface * stream,int sig,int err)123 void OnEventOut(rtc::StreamInterface* stream, int sig, int err) {
124 if (sig & rtc::SE_WRITE) {
125 LOG(LS_INFO) << "SSLDummyStreamBase::OnEvent side=" << side_ << " sig="
126 << sig << " forwarding upward";
127
128 PostEvent(sig & rtc::SE_WRITE, 0);
129 }
130 }
131
132 // Write to the outgoing FifoBuffer
WriteData(const void * data,size_t data_len,size_t * written,int * error)133 rtc::StreamResult WriteData(const void* data, size_t data_len,
134 size_t* written, int* error) {
135 return out_->Write(data, data_len, written, error);
136 }
137
138 rtc::StreamResult Write(const void* data, size_t data_len,
139 size_t* written, int* error) override;
140
Close()141 void Close() override {
142 LOG(LS_INFO) << "Closing outbound stream";
143 out_->Close();
144 }
145
146 protected:
147 SSLStreamAdapterTestBase* test_base_;
148 const std::string side_;
149 rtc::StreamInterface* in_;
150 rtc::StreamInterface* out_;
151 bool first_packet_;
152 };
153
154 class SSLDummyStreamTLS : public SSLDummyStreamBase {
155 public:
SSLDummyStreamTLS(SSLStreamAdapterTestBase * test,const std::string & side,rtc::FifoBuffer * in,rtc::FifoBuffer * out)156 SSLDummyStreamTLS(SSLStreamAdapterTestBase* test,
157 const std::string& side,
158 rtc::FifoBuffer* in,
159 rtc::FifoBuffer* out) :
160 SSLDummyStreamBase(test, side, in, out) {
161 }
162 };
163
164 class BufferQueueStream : public rtc::BufferQueue,
165 public rtc::StreamInterface {
166 public:
BufferQueueStream(size_t capacity,size_t default_size)167 BufferQueueStream(size_t capacity, size_t default_size)
168 : rtc::BufferQueue(capacity, default_size) {
169 }
170
171 // Implementation of abstract StreamInterface methods.
172
173 // A buffer queue stream is always "open".
GetState() const174 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
175
176 // Reading a buffer queue stream will either succeed or block.
Read(void * buffer,size_t buffer_len,size_t * read,int * error)177 rtc::StreamResult Read(void* buffer, size_t buffer_len,
178 size_t* read, int* error) override {
179 if (!ReadFront(buffer, buffer_len, read)) {
180 return rtc::SR_BLOCK;
181 }
182 return rtc::SR_SUCCESS;
183 }
184
185 // Writing to a buffer queue stream will either succeed or block.
Write(const void * data,size_t data_len,size_t * written,int * error)186 rtc::StreamResult Write(const void* data, size_t data_len,
187 size_t* written, int* error) override {
188 if (!WriteBack(data, data_len, written)) {
189 return rtc::SR_BLOCK;
190 }
191 return rtc::SR_SUCCESS;
192 }
193
194 // A buffer queue stream can not be closed.
Close()195 void Close() override {}
196
197 protected:
NotifyReadableForTest()198 void NotifyReadableForTest() override {
199 PostEvent(rtc::SE_READ, 0);
200 }
201
NotifyWritableForTest()202 void NotifyWritableForTest() override {
203 PostEvent(rtc::SE_WRITE, 0);
204 }
205 };
206
207 class SSLDummyStreamDTLS : public SSLDummyStreamBase {
208 public:
SSLDummyStreamDTLS(SSLStreamAdapterTestBase * test,const std::string & side,BufferQueueStream * in,BufferQueueStream * out)209 SSLDummyStreamDTLS(SSLStreamAdapterTestBase* test,
210 const std::string& side,
211 BufferQueueStream* in,
212 BufferQueueStream* out) :
213 SSLDummyStreamBase(test, side, in, out) {
214 }
215 };
216
217 static const int kFifoBufferSize = 4096;
218 static const int kBufferCapacity = 1;
219 static const size_t kDefaultBufferSize = 2048;
220
221 class SSLStreamAdapterTestBase : public testing::Test,
222 public sigslot::has_slots<> {
223 public:
SSLStreamAdapterTestBase(const std::string & client_cert_pem,const std::string & client_private_key_pem,bool dtls,rtc::KeyParams client_key_type=rtc::KeyParams (rtc::KT_DEFAULT),rtc::KeyParams server_key_type=rtc::KeyParams (rtc::KT_DEFAULT))224 SSLStreamAdapterTestBase(
225 const std::string& client_cert_pem,
226 const std::string& client_private_key_pem,
227 bool dtls,
228 rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT),
229 rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT))
230 : client_cert_pem_(client_cert_pem),
231 client_private_key_pem_(client_private_key_pem),
232 client_key_type_(client_key_type),
233 server_key_type_(server_key_type),
234 client_stream_(NULL),
235 server_stream_(NULL),
236 client_identity_(NULL),
237 server_identity_(NULL),
238 delay_(0),
239 mtu_(1460),
240 loss_(0),
241 lose_first_packet_(false),
242 damage_(false),
243 dtls_(dtls),
244 handshake_wait_(5000),
245 identities_set_(false) {
246 // Set use of the test RNG to get predictable loss patterns.
247 rtc::SetRandomTestMode(true);
248 }
249
~SSLStreamAdapterTestBase()250 ~SSLStreamAdapterTestBase() {
251 // Put it back for the next test.
252 rtc::SetRandomTestMode(false);
253 }
254
SetUp()255 void SetUp() override {
256 CreateStreams();
257
258 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
259 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
260
261 // Set up the slots
262 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
263 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
264
265 if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
266 client_identity_ = rtc::SSLIdentity::FromPEMStrings(
267 client_private_key_pem_, client_cert_pem_);
268 } else {
269 client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type_);
270 }
271 server_identity_ = rtc::SSLIdentity::Generate("server", server_key_type_);
272
273 client_ssl_->SetIdentity(client_identity_);
274 server_ssl_->SetIdentity(server_identity_);
275 }
276
TearDown()277 void TearDown() override {
278 client_ssl_.reset(nullptr);
279 server_ssl_.reset(nullptr);
280 }
281
282 virtual void CreateStreams() = 0;
283
284 // Recreate the client/server identities with the specified validity period.
285 // |not_before| and |not_after| are offsets from the current time in number
286 // of seconds.
ResetIdentitiesWithValidity(int not_before,int not_after)287 void ResetIdentitiesWithValidity(int not_before, int not_after) {
288 CreateStreams();
289
290 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
291 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
292
293 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
294 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
295
296 time_t now = time(nullptr);
297
298 rtc::SSLIdentityParams client_params;
299 client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
300 client_params.common_name = "client";
301 client_params.not_before = now + not_before;
302 client_params.not_after = now + not_after;
303 client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params);
304
305 rtc::SSLIdentityParams server_params;
306 server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
307 server_params.common_name = "server";
308 server_params.not_before = now + not_before;
309 server_params.not_after = now + not_after;
310 server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params);
311
312 client_ssl_->SetIdentity(client_identity_);
313 server_ssl_->SetIdentity(server_identity_);
314 }
315
OnEvent(rtc::StreamInterface * stream,int sig,int err)316 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) {
317 LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig;
318
319 if (sig & rtc::SE_READ) {
320 ReadData(stream);
321 }
322
323 if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) {
324 WriteData();
325 }
326 }
327
SetPeerIdentitiesByDigest(bool correct)328 void SetPeerIdentitiesByDigest(bool correct) {
329 unsigned char digest[20];
330 size_t digest_len;
331 bool rv;
332
333 LOG(LS_INFO) << "Setting peer identities by digest";
334
335 rv = server_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1,
336 digest, 20,
337 &digest_len);
338 ASSERT_TRUE(rv);
339 if (!correct) {
340 LOG(LS_INFO) << "Setting bogus digest for server cert";
341 digest[0]++;
342 }
343 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
344 digest_len);
345 ASSERT_TRUE(rv);
346
347
348 rv = client_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1,
349 digest, 20, &digest_len);
350 ASSERT_TRUE(rv);
351 if (!correct) {
352 LOG(LS_INFO) << "Setting bogus digest for client cert";
353 digest[0]++;
354 }
355 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
356 digest_len);
357 ASSERT_TRUE(rv);
358
359 identities_set_ = true;
360 }
361
SetupProtocolVersions(rtc::SSLProtocolVersion server_version,rtc::SSLProtocolVersion client_version)362 void SetupProtocolVersions(rtc::SSLProtocolVersion server_version,
363 rtc::SSLProtocolVersion client_version) {
364 server_ssl_->SetMaxProtocolVersion(server_version);
365 client_ssl_->SetMaxProtocolVersion(client_version);
366 }
367
TestHandshake(bool expect_success=true)368 void TestHandshake(bool expect_success = true) {
369 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS :
370 rtc::SSL_MODE_TLS);
371 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS :
372 rtc::SSL_MODE_TLS);
373
374 if (!dtls_) {
375 // Make sure we simulate a reliable network for TLS.
376 // This is just a check to make sure that people don't write wrong
377 // tests.
378 ASSERT((mtu_ == 1460) && (loss_ == 0) && (lose_first_packet_ == 0));
379 }
380
381 if (!identities_set_)
382 SetPeerIdentitiesByDigest(true);
383
384 // Start the handshake
385 int rv;
386
387 server_ssl_->SetServerRole();
388 rv = server_ssl_->StartSSLWithPeer();
389 ASSERT_EQ(0, rv);
390
391 rv = client_ssl_->StartSSLWithPeer();
392 ASSERT_EQ(0, rv);
393
394 // Now run the handshake
395 if (expect_success) {
396 EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN)
397 && (server_ssl_->GetState() == rtc::SS_OPEN),
398 handshake_wait_);
399 } else {
400 EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED,
401 handshake_wait_);
402 }
403 }
404
DataWritten(SSLDummyStreamBase * from,const void * data,size_t data_len,size_t * written,int * error)405 rtc::StreamResult DataWritten(SSLDummyStreamBase *from, const void *data,
406 size_t data_len, size_t *written,
407 int *error) {
408 // Randomly drop loss_ percent of packets
409 if (rtc::CreateRandomId() % 100 < static_cast<uint32_t>(loss_)) {
410 LOG(LS_INFO) << "Randomly dropping packet, size=" << data_len;
411 *written = data_len;
412 return rtc::SR_SUCCESS;
413 }
414 if (dtls_ && (data_len > mtu_)) {
415 LOG(LS_INFO) << "Dropping packet > mtu, size=" << data_len;
416 *written = data_len;
417 return rtc::SR_SUCCESS;
418 }
419
420 // Optionally damage application data (type 23). Note that we don't damage
421 // handshake packets and we damage the last byte to keep the header
422 // intact but break the MAC.
423 if (damage_ && (*static_cast<const unsigned char *>(data) == 23)) {
424 std::vector<char> buf(data_len);
425
426 LOG(LS_INFO) << "Damaging packet";
427
428 memcpy(&buf[0], data, data_len);
429 buf[data_len - 1]++;
430
431 return from->WriteData(&buf[0], data_len, written, error);
432 }
433
434 return from->WriteData(data, data_len, written, error);
435 }
436
SetDelay(int delay)437 void SetDelay(int delay) {
438 delay_ = delay;
439 }
GetDelay()440 int GetDelay() { return delay_; }
441
SetLoseFirstPacket(bool lose)442 void SetLoseFirstPacket(bool lose) {
443 lose_first_packet_ = lose;
444 }
GetLoseFirstPacket()445 bool GetLoseFirstPacket() { return lose_first_packet_; }
446
SetLoss(int percent)447 void SetLoss(int percent) {
448 loss_ = percent;
449 }
450
SetDamage()451 void SetDamage() {
452 damage_ = true;
453 }
454
SetMtu(size_t mtu)455 void SetMtu(size_t mtu) {
456 mtu_ = mtu;
457 }
458
SetHandshakeWait(int wait)459 void SetHandshakeWait(int wait) {
460 handshake_wait_ = wait;
461 }
462
SetDtlsSrtpCryptoSuites(const std::vector<int> & ciphers,bool client)463 void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {
464 if (client)
465 client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
466 else
467 server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
468 }
469
GetDtlsSrtpCryptoSuite(bool client,int * retval)470 bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {
471 if (client)
472 return client_ssl_->GetDtlsSrtpCryptoSuite(retval);
473 else
474 return server_ssl_->GetDtlsSrtpCryptoSuite(retval);
475 }
476
GetPeerCertificate(bool client,rtc::SSLCertificate ** cert)477 bool GetPeerCertificate(bool client, rtc::SSLCertificate** cert) {
478 if (client)
479 return client_ssl_->GetPeerCertificate(cert);
480 else
481 return server_ssl_->GetPeerCertificate(cert);
482 }
483
GetSslCipherSuite(bool client,int * retval)484 bool GetSslCipherSuite(bool client, int* retval) {
485 if (client)
486 return client_ssl_->GetSslCipherSuite(retval);
487 else
488 return server_ssl_->GetSslCipherSuite(retval);
489 }
490
ExportKeyingMaterial(const char * label,const unsigned char * context,size_t context_len,bool use_context,bool client,unsigned char * result,size_t result_len)491 bool ExportKeyingMaterial(const char *label,
492 const unsigned char *context,
493 size_t context_len,
494 bool use_context,
495 bool client,
496 unsigned char *result,
497 size_t result_len) {
498 if (client)
499 return client_ssl_->ExportKeyingMaterial(label,
500 context, context_len,
501 use_context,
502 result, result_len);
503 else
504 return server_ssl_->ExportKeyingMaterial(label,
505 context, context_len,
506 use_context,
507 result, result_len);
508 }
509
510 // To be implemented by subclasses.
511 virtual void WriteData() = 0;
512 virtual void ReadData(rtc::StreamInterface *stream) = 0;
513 virtual void TestTransfer(int size) = 0;
514
515 protected:
516 std::string client_cert_pem_;
517 std::string client_private_key_pem_;
518 rtc::KeyParams client_key_type_;
519 rtc::KeyParams server_key_type_;
520 SSLDummyStreamBase *client_stream_; // freed by client_ssl_ destructor
521 SSLDummyStreamBase *server_stream_; // freed by server_ssl_ destructor
522 rtc::scoped_ptr<rtc::SSLStreamAdapter> client_ssl_;
523 rtc::scoped_ptr<rtc::SSLStreamAdapter> server_ssl_;
524 rtc::SSLIdentity *client_identity_; // freed by client_ssl_ destructor
525 rtc::SSLIdentity *server_identity_; // freed by server_ssl_ destructor
526 int delay_;
527 size_t mtu_;
528 int loss_;
529 bool lose_first_packet_;
530 bool damage_;
531 bool dtls_;
532 int handshake_wait_;
533 bool identities_set_;
534 };
535
536 class SSLStreamAdapterTestTLS
537 : public SSLStreamAdapterTestBase,
538 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
539 public:
SSLStreamAdapterTestTLS()540 SSLStreamAdapterTestTLS()
541 : SSLStreamAdapterTestBase("",
542 "",
543 false,
544 ::testing::get<0>(GetParam()),
545 ::testing::get<1>(GetParam())),
546 client_buffer_(kFifoBufferSize),
547 server_buffer_(kFifoBufferSize) {
548 }
549
CreateStreams()550 void CreateStreams() override {
551 client_stream_ =
552 new SSLDummyStreamTLS(this, "c2s", &client_buffer_, &server_buffer_);
553 server_stream_ =
554 new SSLDummyStreamTLS(this, "s2c", &server_buffer_, &client_buffer_);
555 }
556
557 // Test data transfer for TLS
TestTransfer(int size)558 virtual void TestTransfer(int size) {
559 LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";
560 // Create some dummy data to send.
561 size_t received;
562
563 send_stream_.ReserveSize(size);
564 for (int i = 0; i < size; ++i) {
565 char ch = static_cast<char>(i);
566 send_stream_.Write(&ch, 1, NULL, NULL);
567 }
568 send_stream_.Rewind();
569
570 // Prepare the receive stream.
571 recv_stream_.ReserveSize(size);
572
573 // Start sending
574 WriteData();
575
576 // Wait for the client to close
577 EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000);
578
579 // Now check the data
580 recv_stream_.GetSize(&received);
581
582 EXPECT_EQ(static_cast<size_t>(size), received);
583 EXPECT_EQ(0, memcmp(send_stream_.GetBuffer(),
584 recv_stream_.GetBuffer(), size));
585 }
586
WriteData()587 void WriteData() {
588 size_t position, tosend, size;
589 rtc::StreamResult rv;
590 size_t sent;
591 char block[kBlockSize];
592
593 send_stream_.GetSize(&size);
594 if (!size)
595 return;
596
597 for (;;) {
598 send_stream_.GetPosition(&position);
599 if (send_stream_.Read(block, sizeof(block), &tosend, NULL) !=
600 rtc::SR_EOS) {
601 rv = client_ssl_->Write(block, tosend, &sent, 0);
602
603 if (rv == rtc::SR_SUCCESS) {
604 send_stream_.SetPosition(position + sent);
605 LOG(LS_VERBOSE) << "Sent: " << position + sent;
606 } else if (rv == rtc::SR_BLOCK) {
607 LOG(LS_VERBOSE) << "Blocked...";
608 send_stream_.SetPosition(position);
609 break;
610 } else {
611 ADD_FAILURE();
612 break;
613 }
614 } else {
615 // Now close
616 LOG(LS_INFO) << "Wrote " << position << " bytes. Closing";
617 client_ssl_->Close();
618 break;
619 }
620 }
621 };
622
ReadData(rtc::StreamInterface * stream)623 virtual void ReadData(rtc::StreamInterface *stream) {
624 char buffer[1600];
625 size_t bread;
626 int err2;
627 rtc::StreamResult r;
628
629 for (;;) {
630 r = stream->Read(buffer, sizeof(buffer), &bread, &err2);
631
632 if (r == rtc::SR_ERROR || r == rtc::SR_EOS) {
633 // Unfortunately, errors are the way that the stream adapter
634 // signals close in OpenSSL.
635 stream->Close();
636 return;
637 }
638
639 if (r == rtc::SR_BLOCK)
640 break;
641
642 ASSERT_EQ(rtc::SR_SUCCESS, r);
643 LOG(LS_INFO) << "Read " << bread;
644
645 recv_stream_.Write(buffer, bread, NULL, NULL);
646 }
647 }
648
649 private:
650 rtc::FifoBuffer client_buffer_;
651 rtc::FifoBuffer server_buffer_;
652 rtc::MemoryStream send_stream_;
653 rtc::MemoryStream recv_stream_;
654 };
655
656 class SSLStreamAdapterTestDTLS
657 : public SSLStreamAdapterTestBase,
658 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
659 public:
SSLStreamAdapterTestDTLS()660 SSLStreamAdapterTestDTLS()
661 : SSLStreamAdapterTestBase("",
662 "",
663 true,
664 ::testing::get<0>(GetParam()),
665 ::testing::get<1>(GetParam())),
666 client_buffer_(kBufferCapacity, kDefaultBufferSize),
667 server_buffer_(kBufferCapacity, kDefaultBufferSize),
668 packet_size_(1000),
669 count_(0),
670 sent_(0) {}
671
SSLStreamAdapterTestDTLS(const std::string & cert_pem,const std::string & private_key_pem)672 SSLStreamAdapterTestDTLS(const std::string& cert_pem,
673 const std::string& private_key_pem) :
674 SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),
675 client_buffer_(kBufferCapacity, kDefaultBufferSize),
676 server_buffer_(kBufferCapacity, kDefaultBufferSize),
677 packet_size_(1000), count_(0), sent_(0) {
678 }
679
CreateStreams()680 void CreateStreams() override {
681 client_stream_ =
682 new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);
683 server_stream_ =
684 new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);
685 }
686
WriteData()687 virtual void WriteData() {
688 unsigned char *packet = new unsigned char[1600];
689
690 while (sent_ < count_) {
691 unsigned int rand_state = sent_;
692 packet[0] = sent_;
693 for (size_t i = 1; i < packet_size_; i++) {
694 // This is a simple LC PRNG. Keep in synch with identical code below.
695 rand_state = (rand_state * 251 + 19937) >> 7;
696 packet[i] = rand_state & 0xff;
697 }
698
699 size_t sent;
700 rtc::StreamResult rv = client_ssl_->Write(packet, packet_size_, &sent, 0);
701 if (rv == rtc::SR_SUCCESS) {
702 LOG(LS_VERBOSE) << "Sent: " << sent_;
703 sent_++;
704 } else if (rv == rtc::SR_BLOCK) {
705 LOG(LS_VERBOSE) << "Blocked...";
706 break;
707 } else {
708 ADD_FAILURE();
709 break;
710 }
711 }
712
713 delete [] packet;
714 }
715
ReadData(rtc::StreamInterface * stream)716 virtual void ReadData(rtc::StreamInterface *stream) {
717 unsigned char buffer[2000];
718 size_t bread;
719 int err2;
720 rtc::StreamResult r;
721
722 for (;;) {
723 r = stream->Read(buffer, 2000, &bread, &err2);
724
725 if (r == rtc::SR_ERROR) {
726 // Unfortunately, errors are the way that the stream adapter
727 // signals close right now
728 stream->Close();
729 return;
730 }
731
732 if (r == rtc::SR_BLOCK)
733 break;
734
735 ASSERT_EQ(rtc::SR_SUCCESS, r);
736 LOG(LS_INFO) << "Read " << bread;
737
738 // Now parse the datagram
739 ASSERT_EQ(packet_size_, bread);
740 unsigned char packet_num = buffer[0];
741
742 unsigned int rand_state = packet_num;
743 for (size_t i = 1; i < packet_size_; i++) {
744 // This is a simple LC PRNG. Keep in synch with identical code above.
745 rand_state = (rand_state * 251 + 19937) >> 7;
746 ASSERT_EQ(rand_state & 0xff, buffer[i]);
747 }
748 received_.insert(packet_num);
749 }
750 }
751
TestTransfer(int count)752 virtual void TestTransfer(int count) {
753 count_ = count;
754
755 WriteData();
756
757 EXPECT_TRUE_WAIT(sent_ == count_, 10000);
758 LOG(LS_INFO) << "sent_ == " << sent_;
759
760 if (damage_) {
761 WAIT(false, 2000);
762 EXPECT_EQ(0U, received_.size());
763 } else if (loss_ == 0) {
764 EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000);
765 } else {
766 LOG(LS_INFO) << "Sent " << sent_ << " packets; received " <<
767 received_.size();
768 }
769 };
770
771 private:
772 BufferQueueStream client_buffer_;
773 BufferQueueStream server_buffer_;
774 size_t packet_size_;
775 int count_;
776 int sent_;
777 std::set<int> received_;
778 };
779
780
Write(const void * data,size_t data_len,size_t * written,int * error)781 rtc::StreamResult SSLDummyStreamBase::Write(const void* data, size_t data_len,
782 size_t* written, int* error) {
783 LOG(LS_INFO) << "Writing to loopback " << data_len;
784
785 if (first_packet_) {
786 first_packet_ = false;
787 if (test_base_->GetLoseFirstPacket()) {
788 LOG(LS_INFO) << "Losing initial packet of length " << data_len;
789 *written = data_len; // Fake successful writing also to writer.
790 return rtc::SR_SUCCESS;
791 }
792 }
793
794 return test_base_->DataWritten(this, data, data_len, written, error);
795 };
796
797 class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS {
798 public:
SSLStreamAdapterTestDTLSFromPEMStrings()799 SSLStreamAdapterTestDTLSFromPEMStrings() :
800 SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {
801 }
802 };
803
804 // Basic tests: TLS
805
806 // Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestTLS,TestTLSConnect)807 TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) {
808 TestHandshake();
809 };
810
811 // Test that closing the connection on one side updates the other side.
TEST_P(SSLStreamAdapterTestTLS,TestTLSClose)812 TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) {
813 TestHandshake();
814 client_ssl_->Close();
815 EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);
816 };
817
818 // Test transfer -- trivial
TEST_P(SSLStreamAdapterTestTLS,TestTLSTransfer)819 TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) {
820 TestHandshake();
821 TestTransfer(100000);
822 };
823
824 // Test read-write after close.
TEST_P(SSLStreamAdapterTestTLS,ReadWriteAfterClose)825 TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
826 TestHandshake();
827 TestTransfer(100000);
828 client_ssl_->Close();
829
830 rtc::StreamResult rv;
831 char block[kBlockSize];
832 size_t dummy;
833
834 // It's an error to write after closed.
835 rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL);
836 ASSERT_EQ(rtc::SR_ERROR, rv);
837
838 // But after closed read gives you EOS.
839 rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL);
840 ASSERT_EQ(rtc::SR_EOS, rv);
841 };
842
843 // Test a handshake with a bogus peer digest
TEST_P(SSLStreamAdapterTestTLS,TestTLSBogusDigest)844 TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
845 SetPeerIdentitiesByDigest(false);
846 TestHandshake(false);
847 };
848
849 // Test moving a bunch of data
850
851 // Basic tests: DTLS
852 // Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnect)853 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
854 MAYBE_SKIP_TEST(HaveDtls);
855 TestHandshake();
856 };
857
858 // Test that we can make a handshake work if the first packet in
859 // each direction is lost. This gives us predictable loss
860 // rather than having to tune random
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnectWithLostFirstPacket)861 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
862 MAYBE_SKIP_TEST(HaveDtls);
863 SetLoseFirstPacket(true);
864 TestHandshake();
865 };
866
867 // Test a handshake with loss and delay
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnectWithLostFirstPacketDelay2s)868 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
869 MAYBE_SKIP_TEST(HaveDtls);
870 SetLoseFirstPacket(true);
871 SetDelay(2000);
872 SetHandshakeWait(20000);
873 TestHandshake();
874 };
875
876 // Test a handshake with small MTU
877 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
TEST_P(SSLStreamAdapterTestDTLS,DISABLED_TestDTLSConnectWithSmallMtu)878 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
879 MAYBE_SKIP_TEST(HaveDtls);
880 SetMtu(700);
881 SetHandshakeWait(20000);
882 TestHandshake();
883 };
884
885 // Test transfer -- trivial
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSTransfer)886 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
887 MAYBE_SKIP_TEST(HaveDtls);
888 TestHandshake();
889 TestTransfer(100);
890 };
891
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSTransferWithLoss)892 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
893 MAYBE_SKIP_TEST(HaveDtls);
894 TestHandshake();
895 SetLoss(10);
896 TestTransfer(100);
897 };
898
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSTransferWithDamage)899 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
900 MAYBE_SKIP_TEST(HaveDtls);
901 SetDamage(); // Must be called first because first packet
902 // write happens at end of handshake.
903 TestHandshake();
904 TestTransfer(100);
905 };
906
907 // Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpHigh)908 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
909 MAYBE_SKIP_TEST(HaveDtlsSrtp);
910 std::vector<int> high;
911 high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
912 SetDtlsSrtpCryptoSuites(high, true);
913 SetDtlsSrtpCryptoSuites(high, false);
914 TestHandshake();
915
916 int client_cipher;
917 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
918 int server_cipher;
919 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
920
921 ASSERT_EQ(client_cipher, server_cipher);
922 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
923 };
924
925 // Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpLow)926 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
927 MAYBE_SKIP_TEST(HaveDtlsSrtp);
928 std::vector<int> low;
929 low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
930 SetDtlsSrtpCryptoSuites(low, true);
931 SetDtlsSrtpCryptoSuites(low, false);
932 TestHandshake();
933
934 int client_cipher;
935 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
936 int server_cipher;
937 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
938
939 ASSERT_EQ(client_cipher, server_cipher);
940 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
941 };
942
943
944 // Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpHighLow)945 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
946 MAYBE_SKIP_TEST(HaveDtlsSrtp);
947 std::vector<int> high;
948 high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
949 std::vector<int> low;
950 low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
951 SetDtlsSrtpCryptoSuites(high, true);
952 SetDtlsSrtpCryptoSuites(low, false);
953 TestHandshake();
954
955 int client_cipher;
956 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
957 int server_cipher;
958 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
959 };
960
961 // Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpMixed)962 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
963 MAYBE_SKIP_TEST(HaveDtlsSrtp);
964 std::vector<int> mixed;
965 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
966 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
967 SetDtlsSrtpCryptoSuites(mixed, true);
968 SetDtlsSrtpCryptoSuites(mixed, false);
969 TestHandshake();
970
971 int client_cipher;
972 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
973 int server_cipher;
974 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
975
976 ASSERT_EQ(client_cipher, server_cipher);
977 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
978 };
979
980 // Test an exporter
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSExporter)981 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
982 MAYBE_SKIP_TEST(HaveExporter);
983 TestHandshake();
984 unsigned char client_out[20];
985 unsigned char server_out[20];
986
987 bool result;
988 result = ExportKeyingMaterial(kExporterLabel,
989 kExporterContext, kExporterContextLen,
990 true, true,
991 client_out, sizeof(client_out));
992 ASSERT_TRUE(result);
993
994 result = ExportKeyingMaterial(kExporterLabel,
995 kExporterContext, kExporterContextLen,
996 true, false,
997 server_out, sizeof(server_out));
998 ASSERT_TRUE(result);
999
1000 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));
1001 }
1002
1003 // Test not yet valid certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS,TestCertNotYetValid)1004 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
1005 MAYBE_SKIP_TEST(HaveDtls);
1006 long one_day = 60 * 60 * 24;
1007 // Make the certificates not valid until one day later.
1008 ResetIdentitiesWithValidity(one_day, one_day);
1009 TestHandshake();
1010 }
1011
1012 // Test expired certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS,TestCertExpired)1013 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
1014 MAYBE_SKIP_TEST(HaveDtls);
1015 long one_day = 60 * 60 * 24;
1016 // Make the certificates already expired.
1017 ResetIdentitiesWithValidity(-one_day, -one_day);
1018 TestHandshake();
1019 }
1020
1021 // Test data transfer using certs created from strings.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings,TestTransfer)1022 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
1023 MAYBE_SKIP_TEST(HaveDtls);
1024 TestHandshake();
1025 TestTransfer(100);
1026 }
1027
1028 // Test getting the remote certificate.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings,TestDTLSGetPeerCertificate)1029 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
1030 MAYBE_SKIP_TEST(HaveDtls);
1031
1032 // Peer certificates haven't been received yet.
1033 rtc::scoped_ptr<rtc::SSLCertificate> client_peer_cert;
1034 ASSERT_FALSE(GetPeerCertificate(true, client_peer_cert.accept()));
1035 ASSERT_FALSE(client_peer_cert != NULL);
1036
1037 rtc::scoped_ptr<rtc::SSLCertificate> server_peer_cert;
1038 ASSERT_FALSE(GetPeerCertificate(false, server_peer_cert.accept()));
1039 ASSERT_FALSE(server_peer_cert != NULL);
1040
1041 TestHandshake();
1042
1043 // The client should have a peer certificate after the handshake.
1044 ASSERT_TRUE(GetPeerCertificate(true, client_peer_cert.accept()));
1045 ASSERT_TRUE(client_peer_cert != NULL);
1046
1047 // It's not kCERT_PEM.
1048 std::string client_peer_string = client_peer_cert->ToPEMString();
1049 ASSERT_NE(kCERT_PEM, client_peer_string);
1050
1051 // It must not have a chain, because the test certs are self-signed.
1052 rtc::SSLCertChain* client_peer_chain;
1053 ASSERT_FALSE(client_peer_cert->GetChain(&client_peer_chain));
1054
1055 // The server should have a peer certificate after the handshake.
1056 ASSERT_TRUE(GetPeerCertificate(false, server_peer_cert.accept()));
1057 ASSERT_TRUE(server_peer_cert != NULL);
1058
1059 // It's kCERT_PEM
1060 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
1061
1062 // It must not have a chain, because the test certs are self-signed.
1063 rtc::SSLCertChain* server_peer_chain;
1064 ASSERT_FALSE(server_peer_cert->GetChain(&server_peer_chain));
1065 }
1066
1067 // Test getting the used DTLS ciphers.
1068 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS,TestGetSslCipherSuite)1069 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
1070 MAYBE_SKIP_TEST(HaveDtls);
1071 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1072 TestHandshake();
1073
1074 int client_cipher;
1075 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1076 int server_cipher;
1077 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1078
1079 ASSERT_EQ(client_cipher, server_cipher);
1080 ASSERT_EQ(
1081 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
1082 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()),
1083 server_cipher);
1084 }
1085
1086 // Test getting the used DTLS 1.2 ciphers.
1087 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
TEST_P(SSLStreamAdapterTestDTLS,TestGetSslCipherSuiteDtls12Both)1088 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
1089 MAYBE_SKIP_TEST(HaveDtls);
1090 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1091 TestHandshake();
1092
1093 int client_cipher;
1094 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1095 int server_cipher;
1096 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1097
1098 ASSERT_EQ(client_cipher, server_cipher);
1099 ASSERT_EQ(
1100 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
1101 rtc::SSL_PROTOCOL_DTLS_12, ::testing::get<1>(GetParam()).type()),
1102 server_cipher);
1103 }
1104
1105 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS,TestGetSslCipherSuiteDtls12Client)1106 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
1107 MAYBE_SKIP_TEST(HaveDtls);
1108 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
1109 TestHandshake();
1110
1111 int client_cipher;
1112 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1113 int server_cipher;
1114 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1115
1116 ASSERT_EQ(client_cipher, server_cipher);
1117 ASSERT_EQ(
1118 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
1119 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()),
1120 server_cipher);
1121 }
1122
1123 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS,TestGetSslCipherSuiteDtls12Server)1124 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) {
1125 MAYBE_SKIP_TEST(HaveDtls);
1126 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
1127 TestHandshake();
1128
1129 int client_cipher;
1130 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1131 int server_cipher;
1132 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1133
1134 ASSERT_EQ(client_cipher, server_cipher);
1135 ASSERT_EQ(
1136 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
1137 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()),
1138 server_cipher);
1139 }
1140
1141 // The RSA keysizes here might look strange, why not include the RFC's size
1142 // 2048?. The reason is test case slowness; testing two sizes to exercise
1143 // parametrization is sufficient.
1144 INSTANTIATE_TEST_CASE_P(
1145 SSLStreamAdapterTestsTLS,
1146 SSLStreamAdapterTestTLS,
1147 Combine(Values(rtc::KeyParams::RSA(1024, 65537),
1148 rtc::KeyParams::RSA(1152, 65537),
1149 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
1150 Values(rtc::KeyParams::RSA(1024, 65537),
1151 rtc::KeyParams::RSA(1152, 65537),
1152 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
1153
1154 #if !defined(MEMORY_SANITIZER)
1155 // Fails under MemorySanitizer:
1156 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
1157 INSTANTIATE_TEST_CASE_P(
1158 SSLStreamAdapterTestsDTLS,
1159 SSLStreamAdapterTestDTLS,
1160 Combine(Values(rtc::KeyParams::RSA(1024, 65537),
1161 rtc::KeyParams::RSA(1152, 65537),
1162 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
1163 Values(rtc::KeyParams::RSA(1024, 65537),
1164 rtc::KeyParams::RSA(1152, 65537),
1165 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
1166 #endif
1167