1 /*
2 * Copyright 2014 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include "rtc_base/ssl_adapter.h"
12
13 #include <memory>
14 #include <string>
15 #include <utility>
16
17 #include "absl/memory/memory.h"
18 #include "absl/strings/string_view.h"
19 #include "rtc_base/gunit.h"
20 #include "rtc_base/ip_address.h"
21 #include "rtc_base/message_digest.h"
22 #include "rtc_base/socket_stream.h"
23 #include "rtc_base/ssl_identity.h"
24 #include "rtc_base/ssl_stream_adapter.h"
25 #include "rtc_base/stream.h"
26 #include "rtc_base/string_encode.h"
27 #include "rtc_base/virtual_socket_server.h"
28 #include "test/gmock.h"
29
30 using ::testing::_;
31 using ::testing::Return;
32
33 static const int kTimeout = 5000;
34
CreateSocket(const rtc::SSLMode & ssl_mode)35 static rtc::Socket* CreateSocket(const rtc::SSLMode& ssl_mode) {
36 rtc::SocketAddress address(rtc::IPAddress(INADDR_ANY), 0);
37
38 rtc::Socket* socket = rtc::Thread::Current()->socketserver()->CreateSocket(
39 address.family(),
40 (ssl_mode == rtc::SSL_MODE_DTLS) ? SOCK_DGRAM : SOCK_STREAM);
41 socket->Bind(address);
42
43 return socket;
44 }
45
GetSSLProtocolName(const rtc::SSLMode & ssl_mode)46 static std::string GetSSLProtocolName(const rtc::SSLMode& ssl_mode) {
47 return (ssl_mode == rtc::SSL_MODE_DTLS) ? "DTLS" : "TLS";
48 }
49
50 // Simple mock for the certificate verifier.
51 class MockCertVerifier : public rtc::SSLCertificateVerifier {
52 public:
53 virtual ~MockCertVerifier() = default;
54 MOCK_METHOD(bool, Verify, (const rtc::SSLCertificate&), (override));
55 };
56
57 // TODO(benwright) - Move to using INSTANTIATE_TEST_SUITE_P instead of using
58 // duplicate test cases for simple parameter changes.
59 class SSLAdapterTestDummyClient : public sigslot::has_slots<> {
60 public:
SSLAdapterTestDummyClient(const rtc::SSLMode & ssl_mode)61 explicit SSLAdapterTestDummyClient(const rtc::SSLMode& ssl_mode)
62 : ssl_mode_(ssl_mode) {
63 rtc::Socket* socket = CreateSocket(ssl_mode_);
64
65 ssl_adapter_.reset(rtc::SSLAdapter::Create(socket));
66
67 ssl_adapter_->SetMode(ssl_mode_);
68
69 // Ignore any certificate errors for the purpose of testing.
70 // Note: We do this only because we don't have a real certificate.
71 // NEVER USE THIS IN PRODUCTION CODE!
72 ssl_adapter_->SetIgnoreBadCert(true);
73
74 ssl_adapter_->SignalReadEvent.connect(
75 this, &SSLAdapterTestDummyClient::OnSSLAdapterReadEvent);
76 ssl_adapter_->SignalCloseEvent.connect(
77 this, &SSLAdapterTestDummyClient::OnSSLAdapterCloseEvent);
78 }
79
SetIgnoreBadCert(bool ignore_bad_cert)80 void SetIgnoreBadCert(bool ignore_bad_cert) {
81 ssl_adapter_->SetIgnoreBadCert(ignore_bad_cert);
82 }
83
SetCertVerifier(rtc::SSLCertificateVerifier * ssl_cert_verifier)84 void SetCertVerifier(rtc::SSLCertificateVerifier* ssl_cert_verifier) {
85 ssl_adapter_->SetCertVerifier(ssl_cert_verifier);
86 }
87
SetAlpnProtocols(const std::vector<std::string> & protos)88 void SetAlpnProtocols(const std::vector<std::string>& protos) {
89 ssl_adapter_->SetAlpnProtocols(protos);
90 }
91
SetEllipticCurves(const std::vector<std::string> & curves)92 void SetEllipticCurves(const std::vector<std::string>& curves) {
93 ssl_adapter_->SetEllipticCurves(curves);
94 }
95
GetAddress() const96 rtc::SocketAddress GetAddress() const {
97 return ssl_adapter_->GetLocalAddress();
98 }
99
GetState() const100 rtc::Socket::ConnState GetState() const { return ssl_adapter_->GetState(); }
101
GetReceivedData() const102 const std::string& GetReceivedData() const { return data_; }
103
Connect(absl::string_view hostname,const rtc::SocketAddress & address)104 int Connect(absl::string_view hostname, const rtc::SocketAddress& address) {
105 RTC_LOG(LS_INFO) << "Initiating connection with " << address.ToString();
106
107 int rv = ssl_adapter_->Connect(address);
108
109 if (rv == 0) {
110 RTC_LOG(LS_INFO) << "Starting " << GetSSLProtocolName(ssl_mode_)
111 << " handshake with " << hostname;
112
113 if (ssl_adapter_->StartSSL(hostname) != 0) {
114 return -1;
115 }
116 }
117
118 return rv;
119 }
120
Close()121 int Close() { return ssl_adapter_->Close(); }
122
Send(absl::string_view message)123 int Send(absl::string_view message) {
124 RTC_LOG(LS_INFO) << "Client sending '" << message << "'";
125
126 return ssl_adapter_->Send(message.data(), message.length());
127 }
128
OnSSLAdapterReadEvent(rtc::Socket * socket)129 void OnSSLAdapterReadEvent(rtc::Socket* socket) {
130 char buffer[4096] = "";
131
132 // Read data received from the server and store it in our internal buffer.
133 int read = socket->Recv(buffer, sizeof(buffer) - 1, nullptr);
134 if (read != -1) {
135 buffer[read] = '\0';
136
137 RTC_LOG(LS_INFO) << "Client received '" << buffer << "'";
138
139 data_ += buffer;
140 }
141 }
142
OnSSLAdapterCloseEvent(rtc::Socket * socket,int error)143 void OnSSLAdapterCloseEvent(rtc::Socket* socket, int error) {
144 // OpenSSLAdapter signals handshake failure with a close event, but without
145 // closing the socket! Let's close the socket here. This way GetState() can
146 // return CS_CLOSED after failure.
147 if (socket->GetState() != rtc::Socket::CS_CLOSED) {
148 socket->Close();
149 }
150 }
151
152 private:
153 const rtc::SSLMode ssl_mode_;
154
155 std::unique_ptr<rtc::SSLAdapter> ssl_adapter_;
156
157 std::string data_;
158 };
159
160 class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
161 public:
SSLAdapterTestDummyServer(const rtc::SSLMode & ssl_mode,const rtc::KeyParams & key_params)162 explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode,
163 const rtc::KeyParams& key_params)
164 : ssl_mode_(ssl_mode) {
165 // Generate a key pair and a certificate for this host.
166 ssl_identity_ = rtc::SSLIdentity::Create(GetHostname(), key_params);
167
168 server_socket_.reset(CreateSocket(ssl_mode_));
169
170 if (ssl_mode_ == rtc::SSL_MODE_TLS) {
171 server_socket_->SignalReadEvent.connect(
172 this, &SSLAdapterTestDummyServer::OnServerSocketReadEvent);
173
174 server_socket_->Listen(1);
175 }
176
177 RTC_LOG(LS_INFO) << ((ssl_mode_ == rtc::SSL_MODE_DTLS) ? "UDP" : "TCP")
178 << " server listening on "
179 << server_socket_->GetLocalAddress().ToString();
180 }
181
GetAddress() const182 rtc::SocketAddress GetAddress() const {
183 return server_socket_->GetLocalAddress();
184 }
185
GetHostname() const186 std::string GetHostname() const {
187 // Since we don't have a real certificate anyway, the value here doesn't
188 // really matter.
189 return "example.com";
190 }
191
GetReceivedData() const192 const std::string& GetReceivedData() const { return data_; }
193
Send(absl::string_view message)194 int Send(absl::string_view message) {
195 if (ssl_stream_adapter_ == nullptr ||
196 ssl_stream_adapter_->GetState() != rtc::SS_OPEN) {
197 // No connection yet.
198 return -1;
199 }
200
201 RTC_LOG(LS_INFO) << "Server sending '" << message << "'";
202
203 size_t written;
204 int error;
205
206 rtc::StreamResult r = ssl_stream_adapter_->Write(
207 rtc::MakeArrayView(reinterpret_cast<const uint8_t*>(message.data()),
208 message.size()),
209 written, error);
210 if (r == rtc::SR_SUCCESS) {
211 return written;
212 } else {
213 return -1;
214 }
215 }
216
AcceptConnection(const rtc::SocketAddress & address)217 void AcceptConnection(const rtc::SocketAddress& address) {
218 // Only a single connection is supported.
219 ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
220
221 // This is only for DTLS.
222 ASSERT_EQ(rtc::SSL_MODE_DTLS, ssl_mode_);
223
224 // Transfer ownership of the socket to the SSLStreamAdapter object.
225 rtc::Socket* socket = server_socket_.release();
226
227 socket->Connect(address);
228
229 DoHandshake(socket);
230 }
231
OnServerSocketReadEvent(rtc::Socket * socket)232 void OnServerSocketReadEvent(rtc::Socket* socket) {
233 // Only a single connection is supported.
234 ASSERT_TRUE(ssl_stream_adapter_ == nullptr);
235
236 DoHandshake(server_socket_->Accept(nullptr));
237 }
238
OnSSLStreamAdapterEvent(rtc::StreamInterface * stream,int sig,int err)239 void OnSSLStreamAdapterEvent(rtc::StreamInterface* stream, int sig, int err) {
240 if (sig & rtc::SE_READ) {
241 uint8_t buffer[4096] = "";
242 size_t read;
243 int error;
244
245 // Read data received from the client and store it in our internal
246 // buffer.
247 rtc::StreamResult r = stream->Read(buffer, read, error);
248 if (r == rtc::SR_SUCCESS) {
249 buffer[read] = '\0';
250 // Here we assume that the buffer is interpretable as string.
251 char* buffer_as_char = reinterpret_cast<char*>(buffer);
252 RTC_LOG(LS_INFO) << "Server received '" << buffer_as_char << "'";
253 data_ += buffer_as_char;
254 }
255 }
256 }
257
258 private:
DoHandshake(rtc::Socket * socket)259 void DoHandshake(rtc::Socket* socket) {
260 ssl_stream_adapter_ = rtc::SSLStreamAdapter::Create(
261 std::make_unique<rtc::SocketStream>(socket));
262
263 ssl_stream_adapter_->SetMode(ssl_mode_);
264 ssl_stream_adapter_->SetServerRole();
265
266 // SSLStreamAdapter is normally used for peer-to-peer communication, but
267 // here we're testing communication between a client and a server
268 // (e.g. a WebRTC-based application and an RFC 5766 TURN server), where
269 // clients are not required to provide a certificate during handshake.
270 // Accordingly, we must disable client authentication here.
271 ssl_stream_adapter_->SetClientAuthEnabledForTesting(false);
272
273 ssl_stream_adapter_->SetIdentity(ssl_identity_->Clone());
274
275 // Set a bogus peer certificate digest.
276 unsigned char digest[20];
277 size_t digest_len = sizeof(digest);
278 ssl_stream_adapter_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
279 digest_len);
280
281 ssl_stream_adapter_->StartSSL();
282
283 ssl_stream_adapter_->SignalEvent.connect(
284 this, &SSLAdapterTestDummyServer::OnSSLStreamAdapterEvent);
285 }
286
287 const rtc::SSLMode ssl_mode_;
288
289 std::unique_ptr<rtc::Socket> server_socket_;
290 std::unique_ptr<rtc::SSLStreamAdapter> ssl_stream_adapter_;
291
292 std::unique_ptr<rtc::SSLIdentity> ssl_identity_;
293
294 std::string data_;
295 };
296
297 class SSLAdapterTestBase : public ::testing::Test, public sigslot::has_slots<> {
298 public:
SSLAdapterTestBase(const rtc::SSLMode & ssl_mode,const rtc::KeyParams & key_params)299 explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode,
300 const rtc::KeyParams& key_params)
301 : ssl_mode_(ssl_mode),
302 vss_(new rtc::VirtualSocketServer()),
303 thread_(vss_.get()),
304 server_(new SSLAdapterTestDummyServer(ssl_mode_, key_params)),
305 client_(new SSLAdapterTestDummyClient(ssl_mode_)),
306 handshake_wait_(kTimeout) {}
307
SetHandshakeWait(int wait)308 void SetHandshakeWait(int wait) { handshake_wait_ = wait; }
309
SetIgnoreBadCert(bool ignore_bad_cert)310 void SetIgnoreBadCert(bool ignore_bad_cert) {
311 client_->SetIgnoreBadCert(ignore_bad_cert);
312 }
313
SetCertVerifier(rtc::SSLCertificateVerifier * ssl_cert_verifier)314 void SetCertVerifier(rtc::SSLCertificateVerifier* ssl_cert_verifier) {
315 client_->SetCertVerifier(ssl_cert_verifier);
316 }
317
SetAlpnProtocols(const std::vector<std::string> & protos)318 void SetAlpnProtocols(const std::vector<std::string>& protos) {
319 client_->SetAlpnProtocols(protos);
320 }
321
SetEllipticCurves(const std::vector<std::string> & curves)322 void SetEllipticCurves(const std::vector<std::string>& curves) {
323 client_->SetEllipticCurves(curves);
324 }
325
SetMockCertVerifier(bool return_value)326 void SetMockCertVerifier(bool return_value) {
327 auto mock_verifier = std::make_unique<MockCertVerifier>();
328 EXPECT_CALL(*mock_verifier, Verify(_)).WillRepeatedly(Return(return_value));
329 cert_verifier_ =
330 std::unique_ptr<rtc::SSLCertificateVerifier>(std::move(mock_verifier));
331
332 SetIgnoreBadCert(false);
333 SetCertVerifier(cert_verifier_.get());
334 }
335
TestHandshake(bool expect_success)336 void TestHandshake(bool expect_success) {
337 int rv;
338
339 // The initial state is CS_CLOSED
340 ASSERT_EQ(rtc::Socket::CS_CLOSED, client_->GetState());
341
342 rv = client_->Connect(server_->GetHostname(), server_->GetAddress());
343 ASSERT_EQ(0, rv);
344
345 // Now the state should be CS_CONNECTING
346 ASSERT_EQ(rtc::Socket::CS_CONNECTING, client_->GetState());
347
348 if (ssl_mode_ == rtc::SSL_MODE_DTLS) {
349 // For DTLS, call AcceptConnection() with the client's address.
350 server_->AcceptConnection(client_->GetAddress());
351 }
352
353 if (expect_success) {
354 // If expecting success, the client should end up in the CS_CONNECTED
355 // state after handshake.
356 EXPECT_EQ_WAIT(rtc::Socket::CS_CONNECTED, client_->GetState(),
357 handshake_wait_);
358
359 RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_)
360 << " handshake complete.";
361
362 } else {
363 // On handshake failure the client should end up in the CS_CLOSED state.
364 EXPECT_EQ_WAIT(rtc::Socket::CS_CLOSED, client_->GetState(),
365 handshake_wait_);
366
367 RTC_LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_) << " handshake failed.";
368 }
369 }
370
TestTransfer(absl::string_view message)371 void TestTransfer(absl::string_view message) {
372 int rv;
373
374 rv = client_->Send(message);
375 ASSERT_EQ(static_cast<int>(message.length()), rv);
376
377 // The server should have received the client's message.
378 EXPECT_EQ_WAIT(message, server_->GetReceivedData(), kTimeout);
379
380 rv = server_->Send(message);
381 ASSERT_EQ(static_cast<int>(message.length()), rv);
382
383 // The client should have received the server's message.
384 EXPECT_EQ_WAIT(message, client_->GetReceivedData(), kTimeout);
385
386 RTC_LOG(LS_INFO) << "Transfer complete.";
387 }
388
389 protected:
390 const rtc::SSLMode ssl_mode_;
391
392 std::unique_ptr<rtc::VirtualSocketServer> vss_;
393 rtc::AutoSocketServerThread thread_;
394 std::unique_ptr<SSLAdapterTestDummyServer> server_;
395 std::unique_ptr<SSLAdapterTestDummyClient> client_;
396 std::unique_ptr<rtc::SSLCertificateVerifier> cert_verifier_;
397
398 int handshake_wait_;
399 };
400
401 class SSLAdapterTestTLS_RSA : public SSLAdapterTestBase {
402 public:
SSLAdapterTestTLS_RSA()403 SSLAdapterTestTLS_RSA()
404 : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::RSA()) {}
405 };
406
407 class SSLAdapterTestTLS_ECDSA : public SSLAdapterTestBase {
408 public:
SSLAdapterTestTLS_ECDSA()409 SSLAdapterTestTLS_ECDSA()
410 : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::ECDSA()) {}
411 };
412
413 class SSLAdapterTestDTLS_RSA : public SSLAdapterTestBase {
414 public:
SSLAdapterTestDTLS_RSA()415 SSLAdapterTestDTLS_RSA()
416 : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::RSA()) {}
417 };
418
419 class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase {
420 public:
SSLAdapterTestDTLS_ECDSA()421 SSLAdapterTestDTLS_ECDSA()
422 : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
423 };
424
425 // Basic tests: TLS
426
427 // Test that handshake works, using RSA
TEST_F(SSLAdapterTestTLS_RSA,TestTLSConnect)428 TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnect) {
429 TestHandshake(true);
430 }
431
432 // Test that handshake works with a custom verifier that returns true. RSA.
TEST_F(SSLAdapterTestTLS_RSA,TestTLSConnectCustomCertVerifierSucceeds)433 TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnectCustomCertVerifierSucceeds) {
434 SetMockCertVerifier(/*return_value=*/true);
435 TestHandshake(/*expect_success=*/true);
436 }
437
438 // Test that handshake fails with a custom verifier that returns false. RSA.
TEST_F(SSLAdapterTestTLS_RSA,TestTLSConnectCustomCertVerifierFails)439 TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnectCustomCertVerifierFails) {
440 SetMockCertVerifier(/*return_value=*/false);
441 TestHandshake(/*expect_success=*/false);
442 }
443
444 // Test that handshake works, using ECDSA
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSConnect)445 TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnect) {
446 SetMockCertVerifier(/*return_value=*/true);
447 TestHandshake(/*expect_success=*/true);
448 }
449
450 // Test that handshake works with a custom verifier that returns true. ECDSA.
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSConnectCustomCertVerifierSucceeds)451 TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnectCustomCertVerifierSucceeds) {
452 SetMockCertVerifier(/*return_value=*/true);
453 TestHandshake(/*expect_success=*/true);
454 }
455
456 // Test that handshake fails with a custom verifier that returns false. ECDSA.
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSConnectCustomCertVerifierFails)457 TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnectCustomCertVerifierFails) {
458 SetMockCertVerifier(/*return_value=*/false);
459 TestHandshake(/*expect_success=*/false);
460 }
461
462 // Test transfer between client and server, using RSA
TEST_F(SSLAdapterTestTLS_RSA,TestTLSTransfer)463 TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransfer) {
464 TestHandshake(true);
465 TestTransfer("Hello, world!");
466 }
467
468 // Test transfer between client and server, using RSA with custom cert verifier.
TEST_F(SSLAdapterTestTLS_RSA,TestTLSTransferCustomCertVerifier)469 TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransferCustomCertVerifier) {
470 SetMockCertVerifier(/*return_value=*/true);
471 TestHandshake(/*expect_success=*/true);
472 TestTransfer("Hello, world!");
473 }
474
TEST_F(SSLAdapterTestTLS_RSA,TestTLSTransferWithBlockedSocket)475 TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransferWithBlockedSocket) {
476 TestHandshake(true);
477
478 // Tell the underlying socket to simulate being blocked.
479 vss_->SetSendingBlocked(true);
480
481 std::string expected;
482 int rv;
483 // Send messages until the SSL socket adapter starts applying backpressure.
484 // Note that this may not occur immediately since there may be some amount of
485 // intermediate buffering (either in our code or in BoringSSL).
486 for (int i = 0; i < 1024; ++i) {
487 std::string message = "Hello, world: " + rtc::ToString(i);
488 rv = client_->Send(message);
489 if (rv != static_cast<int>(message.size())) {
490 // This test assumes either the whole message or none of it is sent.
491 ASSERT_EQ(-1, rv);
492 break;
493 }
494 expected += message;
495 }
496 // Assert that the loop above exited due to Send returning -1.
497 ASSERT_EQ(-1, rv);
498
499 // Try sending another message while blocked. -1 should be returned again and
500 // it shouldn't end up received by the server later.
501 EXPECT_EQ(-1, client_->Send("Never sent"));
502
503 // Unblock the underlying socket. All of the buffered messages should be sent
504 // without any further action.
505 vss_->SetSendingBlocked(false);
506 EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout);
507
508 // Send another message. This previously wasn't working
509 std::string final_message = "Fin.";
510 expected += final_message;
511 EXPECT_EQ(static_cast<int>(final_message.size()),
512 client_->Send(final_message));
513 EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout);
514 }
515
516 // Test transfer between client and server, using ECDSA
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSTransfer)517 TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransfer) {
518 TestHandshake(true);
519 TestTransfer("Hello, world!");
520 }
521
522 // Test transfer between client and server, using ECDSA with custom cert
523 // verifier.
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSTransferCustomCertVerifier)524 TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransferCustomCertVerifier) {
525 SetMockCertVerifier(/*return_value=*/true);
526 TestHandshake(/*expect_success=*/true);
527 TestTransfer("Hello, world!");
528 }
529
530 // Test transfer using ALPN with protos as h2 and http/1.1
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSALPN)531 TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSALPN) {
532 std::vector<std::string> alpn_protos{"h2", "http/1.1"};
533 SetAlpnProtocols(alpn_protos);
534 TestHandshake(true);
535 TestTransfer("Hello, world!");
536 }
537
538 // Test transfer with TLS Elliptic curves set to "X25519:P-256:P-384:P-521"
TEST_F(SSLAdapterTestTLS_ECDSA,TestTLSEllipticCurves)539 TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSEllipticCurves) {
540 std::vector<std::string> elliptic_curves{"X25519", "P-256", "P-384", "P-521"};
541 SetEllipticCurves(elliptic_curves);
542 TestHandshake(true);
543 TestTransfer("Hello, world!");
544 }
545
546 // Basic tests: DTLS
547
548 // Test that handshake works, using RSA
TEST_F(SSLAdapterTestDTLS_RSA,TestDTLSConnect)549 TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnect) {
550 TestHandshake(true);
551 }
552
553 // Test that handshake works with a custom verifier that returns true. DTLS_RSA.
TEST_F(SSLAdapterTestDTLS_RSA,TestDTLSConnectCustomCertVerifierSucceeds)554 TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnectCustomCertVerifierSucceeds) {
555 SetMockCertVerifier(/*return_value=*/true);
556 TestHandshake(/*expect_success=*/true);
557 }
558
559 // Test that handshake fails with a custom verifier that returns false.
560 // DTLS_RSA.
TEST_F(SSLAdapterTestDTLS_RSA,TestTLSConnectCustomCertVerifierFails)561 TEST_F(SSLAdapterTestDTLS_RSA, TestTLSConnectCustomCertVerifierFails) {
562 SetMockCertVerifier(/*return_value=*/false);
563 TestHandshake(/*expect_success=*/false);
564 }
565
566 // Test that handshake works, using ECDSA
TEST_F(SSLAdapterTestDTLS_ECDSA,TestDTLSConnect)567 TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnect) {
568 TestHandshake(true);
569 }
570
571 // Test that handshake works with a custom verifier that returns true.
572 // DTLS_ECDSA.
TEST_F(SSLAdapterTestDTLS_ECDSA,TestDTLSConnectCustomCertVerifierSucceeds)573 TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnectCustomCertVerifierSucceeds) {
574 SetMockCertVerifier(/*return_value=*/true);
575 TestHandshake(/*expect_success=*/true);
576 }
577
578 // Test that handshake fails with a custom verifier that returns false.
579 // DTLS_ECDSA.
TEST_F(SSLAdapterTestDTLS_ECDSA,TestTLSConnectCustomCertVerifierFails)580 TEST_F(SSLAdapterTestDTLS_ECDSA, TestTLSConnectCustomCertVerifierFails) {
581 SetMockCertVerifier(/*return_value=*/false);
582 TestHandshake(/*expect_success=*/false);
583 }
584
585 // Test transfer between client and server, using RSA
TEST_F(SSLAdapterTestDTLS_RSA,TestDTLSTransfer)586 TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransfer) {
587 TestHandshake(true);
588 TestTransfer("Hello, world!");
589 }
590
591 // Test transfer between client and server, using RSA with custom cert verifier.
TEST_F(SSLAdapterTestDTLS_RSA,TestDTLSTransferCustomCertVerifier)592 TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransferCustomCertVerifier) {
593 SetMockCertVerifier(/*return_value=*/true);
594 TestHandshake(/*expect_success=*/true);
595 TestTransfer("Hello, world!");
596 }
597
598 // Test transfer between client and server, using ECDSA
TEST_F(SSLAdapterTestDTLS_ECDSA,TestDTLSTransfer)599 TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransfer) {
600 TestHandshake(true);
601 TestTransfer("Hello, world!");
602 }
603
604 // Test transfer between client and server, using ECDSA with custom cert
605 // verifier.
TEST_F(SSLAdapterTestDTLS_ECDSA,TestDTLSTransferCustomCertVerifier)606 TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransferCustomCertVerifier) {
607 SetMockCertVerifier(/*return_value=*/true);
608 TestHandshake(/*expect_success=*/true);
609 TestTransfer("Hello, world!");
610 }
611