blob: cf428245f362bdd3b7ece30d4b241649d78111ae [file] [log] [blame] [edit]
/*
* Copyright 2011 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#include "rtc_base/ssl_stream_adapter.h"
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <cstddef>
#include <cstdint>
#include <cstring>
#include <ctime>
#include <memory>
#include <set>
#include <string>
#include <utility>
#include <vector>
#include "absl/memory/memory.h"
#include "absl/strings/string_view.h"
#include "api/array_view.h"
#include "api/sequence_checker.h"
#include "api/task_queue/pending_task_safety_flag.h"
#include "api/units/time_delta.h"
#include "rtc_base/buffer_queue.h"
#include "rtc_base/callback_list.h"
#include "rtc_base/checks.h"
#include "rtc_base/crypto_random.h"
#include "rtc_base/fake_clock.h"
#include "rtc_base/gunit.h"
#include "rtc_base/logging.h"
#include "rtc_base/memory/fifo_buffer.h"
#include "rtc_base/memory_stream.h"
#include "rtc_base/message_digest.h"
#include "rtc_base/openssl_stream_adapter.h"
#include "rtc_base/ssl_identity.h"
#include "rtc_base/stream.h"
#include "rtc_base/third_party/sigslot/sigslot.h"
#include "rtc_base/thread.h"
#include "rtc_base/time_utils.h"
#include "test/field_trial.h"
#include "test/gmock.h"
#include "test/gtest.h"
using ::testing::Combine;
using ::testing::NotNull;
using ::testing::tuple;
using ::testing::Values;
using ::testing::WithParamInterface;
using ::webrtc::SafeTask;
static const char kExporterLabel[] = "label";
static const unsigned char kExporterContext[] = "context";
static int kExporterContextLen = sizeof(kExporterContext);
// A private key used for testing, broken into pieces in order to avoid
// issues with Git's checks for private keys in repos.
// Generated using `openssl genrsa -out key.pem 2048`
#define RSA_PRIVATE_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----\n"
static const char kRSA_PRIVATE_KEY_PEM[] = RSA_PRIVATE_KEY_HEADER
"MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4XOJ6agj673j+\n"
"O8sEnPmhVkjDOd858shAa07kVdeRePlE+wU4GUTY0i5JdXF8cUQLTSdKfqsR7f8L\n"
"jtxhehZk7+OQs5P1VsSQeotr2L0WFBNQZ+cSswLBHt4DjG9vyDJMELwPYkLO/EZw\n"
"Q1HBgrSSHUHE9mRak2JQzxEqdnj2ssUs+K9kTkYLnzq86dMRGc+TA4TiVA4U065M\n"
"lwSe95QMJ5OqYBwbNsVF6BTvdnkkNyizunfoGWB8m9gqYIdlmo3uT21OEnF40Pei\n"
"K5CjvB29IpO6cPmNDR7+vwCy/IeGkXwzvICq/ZrocFNBR5Z4tSm003HX6BbIHtnj\n"
"tvxVaIeFAgMBAAECggEADxQ3yOPh0qZiCsc4smqlZzr/rgoOdjajhtNQC1BzFnii\n"
"yK/QTDeS4DoGo6b5roA0HMmFcGweUVPaM6eOYmGiMcTGI9hwPlWHs7p2K065nnPr\n"
"ZXzuEyM1kzaTWY5zsdyZsot+2jJC/Rt4pmd3KSDn5HiEn9e4OwlJdgsNoB+7ApBW\n"
"G8UmI9IUYic+xgS0IADJIYFx99bVmjLi7zshQAHVemn15v9GcBTCA7uojxX+FLmR\n"
"i8nuqUcTqGemE6PaQiX9MahgHU7NJ/gLs9dEeX4tD+8KVkrH/RRbg43eEATkRo8D\n"
"bO3JZ6MBwVNL6BU4hr+BViXEkHqBa9adoImIWHaLGQKBgQC4zlmHrDm9Ftb6fgsc\n"
"KXbEphPF/fuw4FJrPXP+0kRvF8AGbGqesBksX/JJCo46jfehNNGHmKFZ7oKMsHbS\n"
"yZp1/YZlg020ZLJkJz4GGPF1HgaxdV1L6TvIlofKWKKUEyi3RpMhq6w8hb/+mz/C\n"
"KverTah0EkZjZWwSZa4lQjwCaQKBgQD/YtL6WXiduF94pfVz7MmEoBa00C0rPFaC\n"
"5TOMVH+W2RbcGyVoPoLmwf1H2lN9v+wzaTRaPeHWs5MwQ4HDUbACXtGQ+I+6VNvo\n"
"iEo23jIK0hYzFgRGSMK7E0Uj8oBuPdJjkpCM4qqr0p8UHrktUOD8kB3DjdJrbqLm\n"
"q+9qAWzAvQKBgQCGR5EwDojphuXvnpPuA4bDvjSR4Uj3LRdVypI07o1A903UnQQf\n"
"h67S2mhOgDf1/d+XJ6yzTMi4cqAzH6lG4au03eDAc9aLI7unIAhmH8uaIJYWbUO7\n"
"+50v04iZEywWUZF9Ee+oQHfmhfyKQD3klJnew4+Jvxmb8T7EY1NUyTqXOQKBgQDM\n"
"EpsGZBJm7dqUXQE7Zh5NtWMPjz5YyzlSFXbQjwD5eHW04phMqY8OeDs9fG+1D3Te\n"
"TBYCemqJlytpqLf7bL4Z1szdbFHlkkO7l5S+LWWNkf0dS12VEDVTKf3Y0MHh1dLV\n"
"sFuDyOiaro5hlH9if7uY9kxiZGSdZmYTr5Z7fbH6fQKBgF+NKzivaJKz0a7ZCFhR\n"
"UfjvWrldeRzvyOiq+6nohTy3WNUZ+jSjwXZ7B4HGbHeaTBbsaNeO7aPGNe+Rt3Sr\n"
"rj6EzpBKk60ukkg49c+X/Rski/RmRosovJv4YUHtafafjAzeMhfU/tdKvjM00p9x\n"
"yf5MmWCNPsPfGsRZJpnYGvg3\n"
"-----END RSA PRIVATE KEY-----\n";
#undef RSA_PRIVATE_KEY_HEADER
// Generated using
// `openssl req -new -x509 -key key.pem -out cert.pem -days 365`
// after setting the machine date to something that will ensure the
// certificate is expired.
static const char kCERT_PEM[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIDjTCCAnWgAwIBAgIUTkCy4o8+4W/86RYmgWc8FEhWTzYwDQYJKoZIhvcNAQEL\n"
"BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\n"
"GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGV2ViUlRDMB4XDTI0\n"
"MDkwMzAwNTk0NloXDTI1MDkwMzAwNTk0NlowVjELMAkGA1UEBhMCQVUxEzARBgNV\n"
"BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0\n"
"ZDEPMA0GA1UEAwwGV2ViUlRDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\n"
"AQEAuFziemoI+u94/jvLBJz5oVZIwznfOfLIQGtO5FXXkXj5RPsFOBlE2NIuSXVx\n"
"fHFEC00nSn6rEe3/C47cYXoWZO/jkLOT9VbEkHqLa9i9FhQTUGfnErMCwR7eA4xv\n"
"b8gyTBC8D2JCzvxGcENRwYK0kh1BxPZkWpNiUM8RKnZ49rLFLPivZE5GC586vOnT\n"
"ERnPkwOE4lQOFNOuTJcEnveUDCeTqmAcGzbFRegU73Z5JDcos7p36BlgfJvYKmCH\n"
"ZZqN7k9tThJxeND3oiuQo7wdvSKTunD5jQ0e/r8AsvyHhpF8M7yAqv2a6HBTQUeW\n"
"eLUptNNx1+gWyB7Z47b8VWiHhQIDAQABo1MwUTAdBgNVHQ4EFgQUlZmkvo2n5ZEa\n"
"B/GCnl8SMQr8G04wHwYDVR0jBBgwFoAUlZmkvo2n5ZEaB/GCnl8SMQr8G04wDwYD\n"
"VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAnHDEEEOdPaujj3jVWDnk\n"
"bxQYQXuymHr5oqIbGSNZaDiK1ZDwui6fywiUjQUgFipC4Gt3EvpEv8b/M9G4Kr3d\n"
"ET1loApfl6dMRyRym8HydsF4rWs/KmUMpHEcgQzz6ehsX5kqQtStdsAxtTE2QkoY\n"
"5YbQgTKQ0yrwsagKX8pWv0UmXQASJUa26h5H9YpNNfwHy5PZvQya0719qFd8r2EH\n"
"JW67EJElwG5qE2N8DStPUjvVsydfbJflvRBjnf9IRuY9rGogeIOTkkkHAOyNWj3V\n"
"3tZ0r8lKDpUSH6Z5fALuwfEQsWj1qZkZn2ysv1GzEJS2jhS/xPfzOqs8eLVi91lx\n"
"1A==\n"
"-----END CERTIFICATE-----\n";
// Google GTS CA 1C3 certificate. Obtained from https://www.webrtc.org
static const char kIntCert1[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQsw\n"
"CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\n"
"MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAw\n"
"MDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\n"
"Y2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQAD\n"
"ggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl/ejLa6T/belaI+KZ9hzp\n"
"kgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsX\n"
"lOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu/t/bgRQIh4JZCF8/ZK2VWNAcm\n"
"BA2o/X3KLu/qSHw3TT8An4Pf73WELnlXXPxXbhqW//yMmqaZviXZf5YsBvcRKgKA\n"
"gOtjGDxQSYflispfGStZloEAoPtR28p3CwvJlk/vcEnHXG0g/Zm0tOLKLnf9LdwL\n"
"tmsTDIwZKxeWmLnwi/agJ7u2441Rj72ux5uxiZ0CAwEAAaOCAYAwggF8MA4GA1Ud\n"
"DwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0T\n"
"AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUinR/r4XN7pXNPZzQ4kYU83E1HScwHwYD\n"
"VR0jBBgwFoAU5K8rJnEaK0gnhS9SZizv8IkTcT4waAYIKwYBBQUHAQEEXDBaMCYG\n"
"CCsGAQUFBzABhhpodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHNyMTAwBggrBgEFBQcw\n"
"AoYkaHR0cDovL3BraS5nb29nL3JlcG8vY2VydHMvZ3RzcjEuZGVyMDQGA1UdHwQt\n"
"MCswKaAnoCWGI2h0dHA6Ly9jcmwucGtpLmdvb2cvZ3RzcjEvZ3RzcjEuY3JsMFcG\n"
"A1UdIARQME4wOAYKKwYBBAHWeQIFAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3Br\n"
"aS5nb29nL3JlcG9zaXRvcnkvMAgGBmeBDAECATAIBgZngQwBAgIwDQYJKoZIhvcN\n"
"AQELBQADggIBAIl9rCBcDDy+mqhXlRu0rvqrpXJxtDaV/d9AEQNMwkYUuxQkq/BQ\n"
"cSLbrcRuf8/xam/IgxvYzolfh2yHuKkMo5uhYpSTld9brmYZCwKWnvy15xBpPnrL\n"
"RklfRuFBsdeYTWU0AIAaP0+fbH9JAIFTQaSSIYKCGvGjRFsqUBITTcFTNvNCCK9U\n"
"+o53UxtkOCcXCb1YyRt8OS1b887U7ZfbFAO/CVMkH8IMBHmYJvJh8VNS/UKMG2Yr\n"
"PxWhu//2m+OBmgEGcYk1KCTd4b3rGS3hSMs9WYNRtHTGnXzGsYZbr8w0xNPM1IER\n"
"lQCh9BIiAfq0g3GvjLeMcySsN1PCAJA/Ef5c7TaUEDu9Ka7ixzpiO2xj2YC/WXGs\n"
"Yye5TBeg2vZzFb8q3o/zpWwygTMD0IZRcZk0upONXbVRWPeyk+gB9lm+cZv9TSjO\n"
"z23HFtz30dZGm6fKa+l3D/2gthsjgx0QGtkJAITgRNOidSOzNIb2ILCkXhAd4FJG\n"
"AJ2xDx8hcFH1mt0G/FX0Kw4zd8NLQsLxdxP8c4CU6x+7Nz/OAipmsHMdMqUybDKw\n"
"juDEI/9bfU1lcKwrmz3O2+BtjjKAvpafkmO8l7tdufThcV4q5O8DIrGKZTqPwJNl\n"
"1IXNDw9bg1kWRxYtnCQ6yICmJhSFm/Y3m6xv+cXDBlHz4n/FsRC6UfTd\n"
"-----END CERTIFICATE-----\n";
// Google GTS Root R1 certificate. Obtained from https://www.webrtc.org
static const char kCACert[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH\n"
"MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM\n"
"QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy\n"
"MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl\n"
"cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB\n"
"AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM\n"
"f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX\n"
"mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7\n"
"zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P\n"
"fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc\n"
"vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4\n"
"Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp\n"
"zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO\n"
"Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW\n"
"k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+\n"
"DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF\n"
"lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV\n"
"HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW\n"
"Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1\n"
"d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z\n"
"XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR\n"
"gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3\n"
"d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv\n"
"J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg\n"
"DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM\n"
"+SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy\n"
"F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9\n"
"SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws\n"
"E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl\n"
"-----END CERTIFICATE-----\n";
class SSLStreamAdapterTestBase;
// StreamWrapper is a middle layer between `stream`, which supports a single
// event callback, and test classes in this file that need that event forwarded
// to them. I.e. this class wraps a `stream` object that it delegates all calls
// to, but for the event callback, `StreamWrapper` additionally provides support
// for forwarding event notifications to test classes that call
// `SubscribeStreamEvent()`.
//
// This is needed because in this file, tests connect both client and server
// streams (SSLDummyStream) to the same underlying `stream` objects
// (see CreateClientStream() and CreateServerStream()).
class StreamWrapper : public rtc::StreamInterface {
public:
explicit StreamWrapper(std::unique_ptr<rtc::StreamInterface> stream)
: stream_(std::move(stream)) {
stream_->SetEventCallback([this](int events, int err) {
RTC_DCHECK_RUN_ON(&callback_sequence_);
callbacks_.Send(events, err);
FireEvent(events, err);
});
}
template <typename F>
void SubscribeStreamEvent(const void* removal_tag, F&& callback) {
callbacks_.AddReceiver(removal_tag, std::forward<F>(callback));
}
void UnsubscribeStreamEvent(const void* removal_tag) {
callbacks_.RemoveReceivers(removal_tag);
}
rtc::StreamState GetState() const override { return stream_->GetState(); }
void Close() override { stream_->Close(); }
rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
size_t& read,
int& error) override {
return stream_->Read(buffer, read, error);
}
rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
size_t& written,
int& error) override {
return stream_->Write(data, written, error);
}
private:
const std::unique_ptr<rtc::StreamInterface> stream_;
webrtc::CallbackList<int, int> callbacks_;
};
class SSLDummyStream final : public rtc::StreamInterface {
public:
SSLDummyStream(SSLStreamAdapterTestBase* test,
absl::string_view side,
StreamWrapper* in,
StreamWrapper* out)
: test_base_(test), side_(side), in_(in), out_(out), first_packet_(true) {
RTC_CHECK(thread_);
RTC_CHECK_NE(in, out);
in_->SubscribeStreamEvent(
this, [this](int events, int err) { OnEventIn(events, err); });
out_->SubscribeStreamEvent(
this, [this](int events, int err) { OnEventOut(events, err); });
}
~SSLDummyStream() override {
in_->UnsubscribeStreamEvent(this);
out_->UnsubscribeStreamEvent(this);
}
rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
size_t& read,
int& error) override {
rtc::StreamResult r;
r = in_->Read(buffer, read, error);
if (r == rtc::SR_BLOCK)
return rtc::SR_BLOCK;
if (r == rtc::SR_EOS)
return rtc::SR_EOS;
if (r != rtc::SR_SUCCESS) {
ADD_FAILURE();
return rtc::SR_ERROR;
}
return rtc::SR_SUCCESS;
}
// Catch readability events on in and pass them up.
void OnEventIn(int sig, int err) {
int mask = (rtc::SE_READ | rtc::SE_CLOSE);
if (sig & mask) {
RTC_LOG(LS_VERBOSE) << "SSLDummyStream::OnEventIn side=" << side_
<< " sig=" << sig << " forwarding upward";
PostEvent(sig & mask, 0);
}
}
// Catch writeability events on out and pass them up.
void OnEventOut(int sig, int err) {
if (sig & rtc::SE_WRITE) {
RTC_LOG(LS_VERBOSE) << "SSLDummyStream::OnEventOut side=" << side_
<< " sig=" << sig << " forwarding upward";
PostEvent(sig & rtc::SE_WRITE, 0);
}
}
// Write to the outgoing FifoBuffer
rtc::StreamResult WriteData(rtc::ArrayView<const uint8_t> data,
size_t& written,
int& error) {
return out_->Write(data, written, error);
}
rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
size_t& written,
int& error) override;
void Close() override {
RTC_LOG(LS_INFO) << "Closing outbound stream";
out_->Close();
}
private:
void PostEvent(int events, int err) {
thread_->PostTask(SafeTask(task_safety_.flag(), [this, events, err]() {
RTC_DCHECK_RUN_ON(&callback_sequence_);
FireEvent(events, err);
}));
}
webrtc::ScopedTaskSafety task_safety_;
rtc::Thread* const thread_ = rtc::Thread::Current();
SSLStreamAdapterTestBase* test_base_;
const std::string side_;
StreamWrapper* const in_;
StreamWrapper* const out_;
bool first_packet_;
};
class BufferQueueStream : public rtc::StreamInterface {
public:
BufferQueueStream(size_t capacity, size_t default_size)
: buffer_(capacity, default_size) {}
// Implementation of abstract StreamInterface methods.
// A buffer queue stream is always "open".
rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
// Reading a buffer queue stream will either succeed or block.
rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
size_t& read,
int& error) override {
const bool was_writable = buffer_.is_writable();
if (!buffer_.ReadFront(buffer.data(), buffer.size(), &read))
return rtc::SR_BLOCK;
if (!was_writable)
NotifyWritableForTest();
return rtc::SR_SUCCESS;
}
// Writing to a buffer queue stream will either succeed or block.
rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
size_t& written,
int& error) override {
const bool was_readable = buffer_.is_readable();
if (!buffer_.WriteBack(data.data(), data.size(), &written))
return rtc::SR_BLOCK;
if (!was_readable)
NotifyReadableForTest();
return rtc::SR_SUCCESS;
}
// A buffer queue stream can not be closed.
void Close() override {}
protected:
void NotifyReadableForTest() { PostEvent(rtc::SE_READ, 0); }
void NotifyWritableForTest() { PostEvent(rtc::SE_WRITE, 0); }
private:
void PostEvent(int events, int err) {
thread_->PostTask(SafeTask(task_safety_.flag(), [this, events, err]() {
RTC_DCHECK_RUN_ON(&callback_sequence_);
FireEvent(events, err);
}));
}
rtc::Thread* const thread_ = rtc::Thread::Current();
webrtc::ScopedTaskSafety task_safety_;
rtc::BufferQueue buffer_;
};
static const int kBufferCapacity = 1;
static const size_t kDefaultBufferSize = 2048;
class SSLStreamAdapterTestBase : public ::testing::Test,
public sigslot::has_slots<> {
public:
SSLStreamAdapterTestBase(
absl::string_view client_cert_pem,
absl::string_view client_private_key_pem,
bool dtls,
rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT),
rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT),
std::pair<std::string, size_t> digest =
std::make_pair(rtc::DIGEST_SHA_256, SHA256_DIGEST_LENGTH))
: client_cert_pem_(client_cert_pem),
client_private_key_pem_(client_private_key_pem),
client_key_type_(client_key_type),
server_key_type_(server_key_type),
digest_algorithm_(digest.first),
digest_length_(digest.second),
delay_(0),
mtu_(1460),
loss_(0),
lose_first_packet_(false),
damage_(false),
dtls_(dtls),
handshake_wait_(5000),
identities_set_(false) {
// Set use of the test RNG to get predictable loss patterns.
rtc::SetRandomTestMode(true);
}
~SSLStreamAdapterTestBase() override {
// Put it back for the next test.
rtc::SetRandomTestMode(false);
}
void SetUp() override {
InitializeClientAndServerStreams();
std::unique_ptr<rtc::SSLIdentity> client_identity;
if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
client_private_key_pem_, client_cert_pem_);
} else {
client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
}
auto server_identity = rtc::SSLIdentity::Create("server", server_key_type_);
client_ssl_->SetIdentity(std::move(client_identity));
server_ssl_->SetIdentity(std::move(server_identity));
}
void TearDown() override {
client_ssl_.reset(nullptr);
server_ssl_.reset(nullptr);
}
virtual std::unique_ptr<rtc::StreamInterface> CreateClientStream() = 0;
virtual std::unique_ptr<rtc::StreamInterface> CreateServerStream() = 0;
void InitializeClientAndServerStreams(
absl::string_view client_experiment = "",
absl::string_view server_experiment = "") {
// Note: `client_ssl_` and `server_ssl_` may be non-nullptr.
// The legacy TLS protocols flag is read when the OpenSSLStreamAdapter is
// initialized, so we set the field trials while constructing the adapters.
using webrtc::test::ScopedFieldTrials;
{
std::unique_ptr<ScopedFieldTrials> trial(
client_experiment.empty() ? nullptr
: new ScopedFieldTrials(client_experiment));
client_ssl_ = rtc::SSLStreamAdapter::Create(CreateClientStream());
}
{
std::unique_ptr<ScopedFieldTrials> trial(
server_experiment.empty() ? nullptr
: new ScopedFieldTrials(server_experiment));
server_ssl_ = rtc::SSLStreamAdapter::Create(CreateServerStream());
}
client_ssl_->SetEventCallback(
[this](int events, int err) { OnClientEvent(events, err); });
server_ssl_->SetEventCallback(
[this](int events, int err) { OnServerEvent(events, err); });
}
// Recreate the client/server identities with the specified validity period.
// `not_before` and `not_after` are offsets from the current time in number
// of seconds.
void ResetIdentitiesWithValidity(int not_before, int not_after) {
InitializeClientAndServerStreams();
time_t now = time(nullptr);
rtc::SSLIdentityParams client_params;
client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
client_params.common_name = "client";
client_params.not_before = now + not_before;
client_params.not_after = now + not_after;
auto client_identity = rtc::SSLIdentity::CreateForTest(client_params);
rtc::SSLIdentityParams server_params;
server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
server_params.common_name = "server";
server_params.not_before = now + not_before;
server_params.not_after = now + not_after;
auto server_identity = rtc::SSLIdentity::CreateForTest(server_params);
client_ssl_->SetIdentity(std::move(client_identity));
server_ssl_->SetIdentity(std::move(server_identity));
}
void SetPeerIdentitiesByDigest(bool correct, bool expect_success) {
unsigned char server_digest[EVP_MAX_MD_SIZE];
size_t server_digest_len;
unsigned char client_digest[EVP_MAX_MD_SIZE];
size_t client_digest_len;
bool rv;
rtc::SSLPeerCertificateDigestError err;
rtc::SSLPeerCertificateDigestError expected_err =
expect_success
? rtc::SSLPeerCertificateDigestError::NONE
: rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED;
RTC_LOG(LS_INFO) << "Setting peer identities by digest";
RTC_DCHECK(server_identity());
RTC_DCHECK(client_identity());
rv = server_identity()->certificate().ComputeDigest(
digest_algorithm_, server_digest, digest_length_, &server_digest_len);
ASSERT_TRUE(rv);
rv = client_identity()->certificate().ComputeDigest(
digest_algorithm_, client_digest, digest_length_, &client_digest_len);
ASSERT_TRUE(rv);
if (!correct) {
RTC_LOG(LS_INFO) << "Setting bogus digest for server cert";
server_digest[0]++;
}
rv = client_ssl_->SetPeerCertificateDigest(digest_algorithm_, server_digest,
server_digest_len, &err);
EXPECT_EQ(expected_err, err);
EXPECT_EQ(expect_success, rv);
if (!correct) {
RTC_LOG(LS_INFO) << "Setting bogus digest for client cert";
client_digest[0]++;
}
rv = server_ssl_->SetPeerCertificateDigest(digest_algorithm_, client_digest,
client_digest_len, &err);
EXPECT_EQ(expected_err, err);
EXPECT_EQ(expect_success, rv);
identities_set_ = true;
}
void SetupProtocolVersions(rtc::SSLProtocolVersion server_version,
rtc::SSLProtocolVersion client_version) {
server_ssl_->SetMaxProtocolVersion(server_version);
client_ssl_->SetMaxProtocolVersion(client_version);
}
void TestHandshake(bool expect_success = true) {
if (!dtls_) {
// Make sure we simulate a reliable network for TLS.
// This is just a check to make sure that people don't write wrong
// tests.
RTC_CHECK_EQ(1460, mtu_);
RTC_CHECK(!loss_);
RTC_CHECK(!lose_first_packet_);
}
if (!identities_set_)
SetPeerIdentitiesByDigest(true, true);
// Start the handshake
int rv;
server_ssl_->SetServerRole();
rv = server_ssl_->StartSSL();
ASSERT_EQ(0, rv);
rv = client_ssl_->StartSSL();
ASSERT_EQ(0, rv);
// Now run the handshake
if (expect_success) {
EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN) &&
(server_ssl_->GetState() == rtc::SS_OPEN),
handshake_wait_);
} else {
EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED,
handshake_wait_);
}
}
// This tests that we give up after 12 DTLS resends.
// Only works for BoringSSL which allows advancing the fake clock.
void TestHandshakeTimeout() {
rtc::ScopedFakeClock clock;
int64_t time_start = clock.TimeNanos();
webrtc::TimeDelta time_increment = webrtc::TimeDelta::Millis(1000);
if (!dtls_) {
// Make sure we simulate a reliable network for TLS.
// This is just a check to make sure that people don't write wrong
// tests.
RTC_CHECK_EQ(1460, mtu_);
RTC_CHECK(!loss_);
RTC_CHECK(!lose_first_packet_);
}
if (!identities_set_)
SetPeerIdentitiesByDigest(true, true);
// Start the handshake
int rv;
server_ssl_->SetServerRole();
rv = server_ssl_->StartSSL();
ASSERT_EQ(0, rv);
rv = client_ssl_->StartSSL();
ASSERT_EQ(0, rv);
// Now wait for the handshake to timeout (or fail after an hour of simulated
// time).
while (client_ssl_->GetState() == rtc::SS_OPENING &&
(rtc::TimeDiff(clock.TimeNanos(), time_start) <
3600 * rtc::kNumNanosecsPerSec)) {
EXPECT_TRUE_WAIT(!((client_ssl_->GetState() == rtc::SS_OPEN) &&
(server_ssl_->GetState() == rtc::SS_OPEN)),
1000);
clock.AdvanceTime(time_increment);
}
EXPECT_EQ(client_ssl_->GetState(), rtc::SS_CLOSED);
}
// This tests that the handshake can complete before the identity is verified,
// and the identity will be verified after the fact. It also verifies that
// packets can't be read or written before the identity has been verified.
void TestHandshakeWithDelayedIdentity(bool valid_identity) {
if (!dtls_) {
// Make sure we simulate a reliable network for TLS.
// This is just a check to make sure that people don't write wrong
// tests.
RTC_CHECK_EQ(1460, mtu_);
RTC_CHECK(!loss_);
RTC_CHECK(!lose_first_packet_);
}
// Start the handshake
server_ssl_->SetServerRole();
ASSERT_EQ(0, server_ssl_->StartSSL());
ASSERT_EQ(0, client_ssl_->StartSSL());
// Now run the handshake.
EXPECT_TRUE_WAIT(
client_ssl_->IsTlsConnected() && server_ssl_->IsTlsConnected(),
handshake_wait_);
// Until the identity has been verified, the state should still be
// SS_OPENING and writes should return SR_BLOCK.
EXPECT_EQ(rtc::SS_OPENING, client_ssl_->GetState());
EXPECT_EQ(rtc::SS_OPENING, server_ssl_->GetState());
uint8_t packet[1];
size_t sent;
int error;
EXPECT_EQ(rtc::SR_BLOCK, client_ssl_->Write(packet, sent, error));
EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Write(packet, sent, error));
// Collect both of the certificate digests; needs to be done before calling
// SetPeerCertificateDigest as that may reset the identity.
unsigned char server_digest[EVP_MAX_MD_SIZE];
size_t server_digest_len;
unsigned char client_digest[EVP_MAX_MD_SIZE];
size_t client_digest_len;
bool rv;
ASSERT_THAT(server_identity(), NotNull());
rv = server_identity()->certificate().ComputeDigest(
digest_algorithm_, server_digest, digest_length_, &server_digest_len);
ASSERT_TRUE(rv);
ASSERT_THAT(client_identity(), NotNull());
rv = client_identity()->certificate().ComputeDigest(
digest_algorithm_, client_digest, digest_length_, &client_digest_len);
ASSERT_TRUE(rv);
if (!valid_identity) {
RTC_LOG(LS_INFO) << "Setting bogus digest for client/server certs";
client_digest[0]++;
server_digest[0]++;
}
// Set the peer certificate digest for the client.
rtc::SSLPeerCertificateDigestError err;
rtc::SSLPeerCertificateDigestError expected_err =
valid_identity
? rtc::SSLPeerCertificateDigestError::NONE
: rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED;
rv = client_ssl_->SetPeerCertificateDigest(digest_algorithm_, server_digest,
server_digest_len, &err);
EXPECT_EQ(expected_err, err);
EXPECT_EQ(valid_identity, rv);
// State should then transition to SS_OPEN or SS_CLOSED based on validation
// of the identity.
if (valid_identity) {
EXPECT_EQ(rtc::SS_OPEN, client_ssl_->GetState());
// If the client sends a packet while the server still hasn't verified the
// client identity, the server should continue to return SR_BLOCK.
int error;
EXPECT_EQ(rtc::SR_SUCCESS, client_ssl_->Write(packet, sent, error));
size_t read;
EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Read(packet, read, error));
} else {
EXPECT_EQ(rtc::SS_CLOSED, client_ssl_->GetState());
}
// Set the peer certificate digest for the server.
rv = server_ssl_->SetPeerCertificateDigest(digest_algorithm_, client_digest,
client_digest_len, &err);
EXPECT_EQ(expected_err, err);
EXPECT_EQ(valid_identity, rv);
if (valid_identity) {
EXPECT_EQ(rtc::SS_OPEN, server_ssl_->GetState());
} else {
EXPECT_EQ(rtc::SS_CLOSED, server_ssl_->GetState());
}
}
rtc::StreamResult DataWritten(SSLDummyStream* from,
const void* data,
size_t data_len,
size_t& written,
int& error) {
// Randomly drop loss_ percent of packets
if (rtc::CreateRandomId() % 100 < static_cast<uint32_t>(loss_)) {
RTC_LOG(LS_VERBOSE) << "Randomly dropping packet, size=" << data_len;
written = data_len;
return rtc::SR_SUCCESS;
}
if (dtls_ && (data_len > mtu_)) {
RTC_LOG(LS_VERBOSE) << "Dropping packet > mtu, size=" << data_len;
written = data_len;
return rtc::SR_SUCCESS;
}
// Optionally damage application data (type 23). Note that we don't damage
// handshake packets and we damage the last byte to keep the header
// intact but break the MAC.
if (damage_ && (*static_cast<const unsigned char*>(data) == 23)) {
std::vector<uint8_t> buf(data_len);
RTC_LOG(LS_VERBOSE) << "Damaging packet";
memcpy(&buf[0], data, data_len);
buf[data_len - 1]++;
return from->WriteData(rtc::MakeArrayView(&buf[0], data_len), written,
error);
}
return from->WriteData(
rtc::MakeArrayView(reinterpret_cast<const uint8_t*>(data), data_len),
written, error);
}
void SetDelay(int delay) { delay_ = delay; }
int GetDelay() { return delay_; }
void SetLoseFirstPacket(bool lose) { lose_first_packet_ = lose; }
bool GetLoseFirstPacket() { return lose_first_packet_; }
void SetLoss(int percent) { loss_ = percent; }
void SetDamage() { damage_ = true; }
void SetMtu(size_t mtu) { mtu_ = mtu; }
void SetHandshakeWait(int wait) { handshake_wait_ = wait; }
void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {
if (client)
client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
else
server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
}
bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {
if (client)
return client_ssl_->GetDtlsSrtpCryptoSuite(retval);
else
return server_ssl_->GetDtlsSrtpCryptoSuite(retval);
}
std::unique_ptr<rtc::SSLCertificate> GetPeerCertificate(bool client) {
std::unique_ptr<rtc::SSLCertChain> chain;
if (client)
chain = client_ssl_->GetPeerSSLCertChain();
else
chain = server_ssl_->GetPeerSSLCertChain();
return (chain && chain->GetSize()) ? chain->Get(0).Clone() : nullptr;
}
bool GetSslCipherSuite(bool client, int* retval) {
if (client)
return client_ssl_->GetSslCipherSuite(retval);
else
return server_ssl_->GetSslCipherSuite(retval);
}
bool GetSslVersionBytes(bool client, int* version) {
if (client)
return client_ssl_->GetSslVersionBytes(version);
else
return server_ssl_->GetSslVersionBytes(version);
}
bool ExportKeyingMaterial(absl::string_view label,
const unsigned char* context,
size_t context_len,
bool use_context,
bool client,
unsigned char* result,
size_t result_len) {
if (client)
return client_ssl_->ExportKeyingMaterial(label, context, context_len,
use_context, result, result_len);
else
return server_ssl_->ExportKeyingMaterial(label, context, context_len,
use_context, result, result_len);
}
// To be implemented by subclasses.
virtual void WriteData() = 0;
virtual void ReadData(rtc::StreamInterface* stream) = 0;
virtual void TestTransfer(int size) = 0;
private:
void OnClientEvent(int sig, int err) {
RTC_LOG(LS_VERBOSE) << "SSLStreamAdapterTestBase::OnClientEvent sig="
<< sig;
if (sig & rtc::SE_READ) {
ReadData(client_ssl_.get());
}
if (sig & rtc::SE_WRITE) {
WriteData();
}
}
void OnServerEvent(int sig, int err) {
RTC_LOG(LS_VERBOSE) << "SSLStreamAdapterTestBase::OnServerEvent sig="
<< sig;
if (sig & rtc::SE_READ) {
ReadData(server_ssl_.get());
}
}
protected:
rtc::SSLIdentity* client_identity() const {
if (!client_ssl_) {
return nullptr;
}
return client_ssl_->GetIdentityForTesting();
}
rtc::SSLIdentity* server_identity() const {
if (!server_ssl_) {
return nullptr;
}
return server_ssl_->GetIdentityForTesting();
}
rtc::AutoThread main_thread_;
std::string client_cert_pem_;
std::string client_private_key_pem_;
rtc::KeyParams client_key_type_;
rtc::KeyParams server_key_type_;
std::string digest_algorithm_;
size_t digest_length_;
std::unique_ptr<rtc::SSLStreamAdapter> client_ssl_;
std::unique_ptr<rtc::SSLStreamAdapter> server_ssl_;
int delay_;
size_t mtu_;
int loss_;
bool lose_first_packet_;
bool damage_;
bool dtls_;
int handshake_wait_;
bool identities_set_;
};
class SSLStreamAdapterTestDTLSBase : public SSLStreamAdapterTestBase {
public:
SSLStreamAdapterTestDTLSBase(rtc::KeyParams param1,
rtc::KeyParams param2,
std::pair<std::string, size_t> digest)
: SSLStreamAdapterTestBase("", "", true, param1, param2, digest),
packet_size_(1000),
count_(0),
sent_(0) {}
SSLStreamAdapterTestDTLSBase(absl::string_view cert_pem,
absl::string_view private_key_pem)
: SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),
packet_size_(1000),
count_(0),
sent_(0) {}
std::unique_ptr<rtc::StreamInterface> CreateClientStream() override final {
return absl::WrapUnique(
new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_));
}
std::unique_ptr<rtc::StreamInterface> CreateServerStream() override final {
return absl::WrapUnique(
new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_));
}
void WriteData() override {
uint8_t* packet = new uint8_t[1600];
while (sent_ < count_) {
unsigned int rand_state = sent_;
packet[0] = sent_;
for (size_t i = 1; i < packet_size_; i++) {
// This is a simple LC PRNG. Keep in synch with identical code below.
rand_state = (rand_state * 251 + 19937) >> 7;
packet[i] = rand_state & 0xff;
}
size_t sent;
int error;
rtc::StreamResult rv = client_ssl_->Write(
rtc::MakeArrayView(packet, packet_size_), sent, error);
if (rv == rtc::SR_SUCCESS) {
RTC_LOG(LS_VERBOSE) << "Sent: " << sent_;
sent_++;
} else if (rv == rtc::SR_BLOCK) {
RTC_LOG(LS_VERBOSE) << "Blocked...";
break;
} else {
ADD_FAILURE();
break;
}
}
delete[] packet;
}
void ReadData(rtc::StreamInterface* stream) override final {
uint8_t buffer[2000];
size_t bread;
int err2;
rtc::StreamResult r;
for (;;) {
r = stream->Read(buffer, bread, err2);
if (r == rtc::SR_ERROR) {
// Unfortunately, errors are the way that the stream adapter
// signals close right now
stream->Close();
return;
}
if (r == rtc::SR_BLOCK)
break;
ASSERT_EQ(rtc::SR_SUCCESS, r);
RTC_LOG(LS_VERBOSE) << "Read " << bread;
// Now parse the datagram
ASSERT_EQ(packet_size_, bread);
unsigned char packet_num = buffer[0];
unsigned int rand_state = packet_num;
for (size_t i = 1; i < packet_size_; i++) {
// This is a simple LC PRNG. Keep in synch with identical code above.
rand_state = (rand_state * 251 + 19937) >> 7;
ASSERT_EQ(rand_state & 0xff, buffer[i]);
}
received_.insert(packet_num);
}
}
void TestTransfer(int count) override {
count_ = count;
WriteData();
EXPECT_TRUE_WAIT(sent_ == count_, 10000);
RTC_LOG(LS_INFO) << "sent_ == " << sent_;
if (damage_) {
WAIT(false, 2000);
EXPECT_EQ(0U, received_.size());
} else if (loss_ == 0) {
EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000);
} else {
RTC_LOG(LS_INFO) << "Sent " << sent_ << " packets; received "
<< received_.size();
}
}
protected:
StreamWrapper client_buffer_{
std::make_unique<BufferQueueStream>(kBufferCapacity, kDefaultBufferSize)};
StreamWrapper server_buffer_{
std::make_unique<BufferQueueStream>(kBufferCapacity, kDefaultBufferSize)};
private:
size_t packet_size_;
int count_;
int sent_;
std::set<int> received_;
};
rtc::StreamResult SSLDummyStream::Write(rtc::ArrayView<const uint8_t> data,
size_t& written,
int& error) {
RTC_LOG(LS_VERBOSE) << "Writing to loopback " << data.size();
if (first_packet_) {
first_packet_ = false;
if (test_base_->GetLoseFirstPacket()) {
RTC_LOG(LS_INFO) << "Losing initial packet of length " << data.size();
written = data.size(); // Fake successful writing also to writer.
return rtc::SR_SUCCESS;
}
}
return test_base_->DataWritten(this, data.data(), data.size(), written,
error);
}
// Test fixture for certificate chaining. Server will push more than one
// certificate. Note: these tests use RSA keys and SHA1 digests.
class SSLStreamAdapterTestDTLSCertChain : public SSLStreamAdapterTestDTLSBase {
public:
SSLStreamAdapterTestDTLSCertChain() : SSLStreamAdapterTestDTLSBase("", "") {}
void SetUp() override {
InitializeClientAndServerStreams();
// These tests apparently need a longer DTLS timeout due to the larger
// handshake. If the client triggers a resend before the handshake is
// complete, the handshake fails.
client_ssl_->SetInitialRetransmissionTimeout(/*timeout_ms=*/1000);
server_ssl_->SetInitialRetransmissionTimeout(/*timeout_ms=*/1000);
std::unique_ptr<rtc::SSLIdentity> client_identity;
if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
client_private_key_pem_, client_cert_pem_);
} else {
client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
}
client_ssl_->SetIdentity(std::move(client_identity));
}
};
TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshake) {
auto server_identity = rtc::SSLIdentity::CreateFromPEMChainStrings(
kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert);
server_ssl_->SetIdentity(std::move(server_identity));
TestHandshake();
std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
client_ssl_->GetPeerSSLCertChain();
ASSERT_NE(nullptr, peer_cert_chain);
EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
// TODO(bugs.webrtc.org/15153): Fix peer_cert_chain to return multiple
// certificates under OpenSSL. Today it only works with BoringSSL.
#ifdef OPENSSL_IS_BORINGSSL
ASSERT_EQ(2u, peer_cert_chain->GetSize());
EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
#endif
}
TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshakeWithCopy) {
server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert));
TestHandshake();
std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
client_ssl_->GetPeerSSLCertChain();
ASSERT_NE(nullptr, peer_cert_chain);
EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
// TODO(bugs.webrtc.org/15153): Fix peer_cert_chain to return multiple
// certificates under OpenSSL. Today it only works with BoringSSL.
#ifdef OPENSSL_IS_BORINGSSL
ASSERT_EQ(2u, peer_cert_chain->GetSize());
EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
#endif
}
TEST_F(SSLStreamAdapterTestDTLSCertChain, ThreeCertHandshake) {
server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kIntCert1 + kCACert));
TestHandshake();
std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
client_ssl_->GetPeerSSLCertChain();
ASSERT_NE(nullptr, peer_cert_chain);
EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
// TODO(bugs.webrtc.org/15153): Fix peer_cert_chain to return multiple
// certificates under OpenSSL. Today it only works with BoringSSL.
#ifdef OPENSSL_IS_BORINGSSL
ASSERT_EQ(3u, peer_cert_chain->GetSize());
EXPECT_EQ(kIntCert1, peer_cert_chain->Get(1).ToPEMString());
EXPECT_EQ(kCACert, peer_cert_chain->Get(2).ToPEMString());
#endif
}
class SSLStreamAdapterTestDTLSHandshake
: public SSLStreamAdapterTestDTLSBase,
public WithParamInterface<tuple<rtc::KeyParams,
rtc::KeyParams,
std::pair<std::string, size_t>>> {
public:
SSLStreamAdapterTestDTLSHandshake()
: SSLStreamAdapterTestDTLSBase(::testing::get<0>(GetParam()),
::testing::get<1>(GetParam()),
::testing::get<2>(GetParam())) {}
};
// Test that we can make a handshake work with different parameters.
TEST_P(SSLStreamAdapterTestDTLSHandshake, TestDTLSConnect) {
TestHandshake();
}
// Test getting the used DTLS ciphers.
// DTLS 1.2 is max version for client and server.
TEST_P(SSLStreamAdapterTestDTLSHandshake, TestGetSslCipherSuite) {
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(
server_cipher, ::testing::get<1>(GetParam()).type()));
}
// Test different key sizes with SHA-256, then different signature algorithms
// with ECDSA.
INSTANTIATE_TEST_SUITE_P(
SSLStreamAdapterTestDTLSHandshakeKeyParameters,
SSLStreamAdapterTestDTLSHandshake,
Combine(Values(rtc::KeyParams::RSA(rtc::kRsaDefaultModSize,
rtc::kRsaDefaultExponent),
rtc::KeyParams::RSA(2 * 1152, rtc::kRsaDefaultExponent),
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
Values(rtc::KeyParams::RSA(rtc::kRsaDefaultModSize,
rtc::kRsaDefaultExponent),
rtc::KeyParams::RSA(2 * 1152, rtc::kRsaDefaultExponent),
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
Values(std::make_pair(rtc::DIGEST_SHA_256, SHA256_DIGEST_LENGTH))));
INSTANTIATE_TEST_SUITE_P(
SSLStreamAdapterTestDTLSHandshakeSignatureAlgorithms,
SSLStreamAdapterTestDTLSHandshake,
Combine(Values(rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
Values(rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
Values(std::make_pair(rtc::DIGEST_SHA_1, SHA_DIGEST_LENGTH),
std::make_pair(rtc::DIGEST_SHA_224, SHA224_DIGEST_LENGTH),
std::make_pair(rtc::DIGEST_SHA_256, SHA256_DIGEST_LENGTH),
std::make_pair(rtc::DIGEST_SHA_384, SHA384_DIGEST_LENGTH),
std::make_pair(rtc::DIGEST_SHA_512, SHA512_DIGEST_LENGTH))));
// Basic tests done with ECDSA certificates and SHA-256.
class SSLStreamAdapterTestDTLS : public SSLStreamAdapterTestDTLSBase {
public:
SSLStreamAdapterTestDTLS()
: SSLStreamAdapterTestDTLSBase(
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256),
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256),
std::make_pair(rtc::DIGEST_SHA_256, SHA256_DIGEST_LENGTH)) {}
};
// Test that we can make a handshake work if the first packet in
// each direction is lost. This gives us predictable loss
// rather than having to tune random
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
SetLoseFirstPacket(true);
TestHandshake();
}
// Test a handshake with loss and delay
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
SetLoseFirstPacket(true);
SetDelay(2000);
SetHandshakeWait(20000);
TestHandshake();
}
// Test a handshake with small MTU
// Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
TEST_F(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
SetMtu(700);
SetHandshakeWait(20000);
TestHandshake();
}
// Test a handshake with total loss and timing out.
// Only works in BoringSSL.
#ifdef OPENSSL_IS_BORINGSSL
#define MAYBE_TestDTLSConnectTimeout TestDTLSConnectTimeout
#else
#define MAYBE_TestDTLSConnectTimeout DISABLED_TestDTLSConnectTimeout
#endif
TEST_F(SSLStreamAdapterTestDTLS, MAYBE_TestDTLSConnectTimeout) {
SetLoss(100);
TestHandshakeTimeout();
}
// Test transfer -- trivial
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
TestHandshake();
TestTransfer(100);
}
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
TestHandshake();
SetLoss(10);
TestTransfer(100);
}
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
SetDamage(); // Must be called first because first packet
// write happens at end of handshake.
TestHandshake();
TestTransfer(100);
}
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) {
TestHandshakeWithDelayedIdentity(true);
}
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) {
TestHandshakeWithDelayedIdentity(false);
}
// Test DTLS-SRTP with SrtpAes128CmSha1_80
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpAes128CmSha1_80) {
const std::vector<int> crypto_suites = {rtc::kSrtpAes128CmSha1_80};
SetDtlsSrtpCryptoSuites(crypto_suites, true);
SetDtlsSrtpCryptoSuites(crypto_suites, false);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80);
}
// Test DTLS-SRTP with SrtpAes128CmSha1_32
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpAes128CmSha1_32) {
const std::vector<int> crypto_suites = {rtc::kSrtpAes128CmSha1_32};
SetDtlsSrtpCryptoSuites(crypto_suites, true);
SetDtlsSrtpCryptoSuites(crypto_suites, false);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_32);
}
// Test DTLS-SRTP with incompatible cipher suites -- should not converge.
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpIncompatibleCipherSuites) {
SetDtlsSrtpCryptoSuites({rtc::kSrtpAes128CmSha1_80}, true);
SetDtlsSrtpCryptoSuites({rtc::kSrtpAes128CmSha1_32}, false);
TestHandshake();
int client_cipher;
ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
}
// Test DTLS-SRTP with each side being mixed -- should select the stronger
// cipher.
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
const std::vector<int> crypto_suites = {rtc::kSrtpAes128CmSha1_80,
rtc::kSrtpAes128CmSha1_32};
SetDtlsSrtpCryptoSuites(crypto_suites, true);
SetDtlsSrtpCryptoSuites(crypto_suites, false);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80);
}
// Test DTLS-SRTP with SrtpAeadAes128Gcm.
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpAeadAes128Gcm) {
std::vector<int> crypto_suites = {rtc::kSrtpAeadAes128Gcm};
SetDtlsSrtpCryptoSuites(crypto_suites, true);
SetDtlsSrtpCryptoSuites(crypto_suites, false);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes128Gcm);
}
// Test DTLS-SRTP with all GCM-256 ciphers.
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
std::vector<int> crypto_suites = {rtc::kSrtpAeadAes256Gcm};
SetDtlsSrtpCryptoSuites(crypto_suites, true);
SetDtlsSrtpCryptoSuites(crypto_suites, false);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm);
}
// Test DTLS-SRTP with incompatbile GCM-128/-256 ciphers -- should not converge.
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpIncompatibleGcmCipherSuites) {
SetDtlsSrtpCryptoSuites({rtc::kSrtpAeadAes128Gcm}, true);
SetDtlsSrtpCryptoSuites({rtc::kSrtpAeadAes256Gcm}, false);
TestHandshake();
int client_cipher;
ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
}
// Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
std::vector<int> crypto_suites = {rtc::kSrtpAeadAes256Gcm,
rtc::kSrtpAeadAes128Gcm};
SetDtlsSrtpCryptoSuites(crypto_suites, true);
SetDtlsSrtpCryptoSuites(crypto_suites, false);
TestHandshake();
int client_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
int server_cipher;
ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm);
}
// Test SRTP cipher suite lengths.
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
int key_len;
int salt_len;
ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpInvalidCryptoSuite,
&key_len, &salt_len));
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_32, &key_len,
&salt_len));
ASSERT_EQ(128 / 8, key_len);
ASSERT_EQ(112 / 8, salt_len);
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_80, &key_len,
&salt_len));
ASSERT_EQ(128 / 8, key_len);
ASSERT_EQ(112 / 8, salt_len);
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes128Gcm, &key_len,
&salt_len));
ASSERT_EQ(128 / 8, key_len);
ASSERT_EQ(96 / 8, salt_len);
ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes256Gcm, &key_len,
&salt_len));
ASSERT_EQ(256 / 8, key_len);
ASSERT_EQ(96 / 8, salt_len);
}
// Test an exporter
TEST_F(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
TestHandshake();
unsigned char client_out[EVP_MAX_MD_SIZE];
unsigned char server_out[EVP_MAX_MD_SIZE];
bool result;
result = ExportKeyingMaterial(kExporterLabel, kExporterContext,
kExporterContextLen, true, true, client_out,
sizeof(client_out));
ASSERT_TRUE(result);
result = ExportKeyingMaterial(kExporterLabel, kExporterContext,
kExporterContextLen, true, false, server_out,
sizeof(server_out));
ASSERT_TRUE(result);
ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));
}
// Test not yet valid certificates are not rejected.
TEST_F(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
long one_day = 60 * 60 * 24;
// Make the certificates not valid until one day later.
ResetIdentitiesWithValidity(one_day, one_day);
TestHandshake();
}
// Test expired certificates are not rejected.
TEST_F(SSLStreamAdapterTestDTLS, TestCertExpired) {
long one_day = 60 * 60 * 24;
// Make the certificates already expired.
ResetIdentitiesWithValidity(-one_day, -one_day);
TestHandshake();
}
class SSLStreamAdapterTestDTLSFromPEMStrings
: public SSLStreamAdapterTestDTLSBase {
public:
SSLStreamAdapterTestDTLSFromPEMStrings()
: SSLStreamAdapterTestDTLSBase(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {}
};
// Test data transfer using certs created from strings.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
TestHandshake();
TestTransfer(100);
}
// Test getting the remote certificate.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
// Peer certificates haven't been received yet.
ASSERT_FALSE(GetPeerCertificate(true));
ASSERT_FALSE(GetPeerCertificate(false));
TestHandshake();
// The client should have a peer certificate after the handshake.
std::unique_ptr<rtc::SSLCertificate> client_peer_cert =
GetPeerCertificate(true);
ASSERT_TRUE(client_peer_cert);
// It's not kCERT_PEM.
std::string client_peer_string = client_peer_cert->ToPEMString();
ASSERT_NE(kCERT_PEM, client_peer_string);
// The server should have a peer certificate after the handshake.
std::unique_ptr<rtc::SSLCertificate> server_peer_cert =
GetPeerCertificate(false);
ASSERT_TRUE(server_peer_cert);
// It's kCERT_PEM
ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
}
// Test getting the DTLS 1.2 version.
TEST_F(SSLStreamAdapterTestDTLS, TestGetSslVersionBytes) {
// https://datatracker.ietf.org/doc/html/rfc9147#section-5.3
const int kDtls1_2 = 0xFEFD;
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
int client_version;
ASSERT_TRUE(GetSslVersionBytes(true, &client_version));
EXPECT_EQ(client_version, kDtls1_2);
int server_version;
ASSERT_TRUE(GetSslVersionBytes(false, &server_version));
EXPECT_EQ(server_version, kDtls1_2);
}
// Tests for enabling the (D)TLS extension permutation which randomizes the
// order of extensions in the client hello.
// These tests are a no-op under OpenSSL.
#ifdef OPENSSL_IS_BORINGSSL
class SSLStreamAdapterTestDTLSExtensionPermutation
: public SSLStreamAdapterTestDTLSBase {
public:
SSLStreamAdapterTestDTLSExtensionPermutation()
: SSLStreamAdapterTestDTLSBase(
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256),
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256),
std::make_pair(rtc::DIGEST_SHA_256, SHA256_DIGEST_LENGTH)) {}
void Initialize(absl::string_view client_experiment,
absl::string_view server_experiment) {
InitializeClientAndServerStreams(client_experiment, server_experiment);
client_ssl_->SetIdentity(
rtc::SSLIdentity::Create("client", client_key_type_));
server_ssl_->SetIdentity(
rtc::SSLIdentity::Create("server", server_key_type_));
}
};
TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
ClientDefaultServerDefault) {
Initialize("", "");
TestHandshake();
}
TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
ClientDisabledServerDisabled) {
Initialize("WebRTC-PermuteTlsClientHello/Disabled/",
"WebRTC-PermuteTlsClientHello/Disabled/");
TestHandshake();
}
TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
ClientDisabledServerPermute) {
Initialize("WebRTC-PermuteTlsClientHello/Disabled/",
"WebRTC-PermuteTlsClientHello/Enabled/");
TestHandshake();
}
TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
ClientPermuteServerDisabled) {
Initialize("WebRTC-PermuteTlsClientHello/Enabled/",
"WebRTC-PermuteTlsClientHello/Disabled/");
TestHandshake();
}
TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
ClientPermuteServerPermute) {
Initialize("WebRTC-PermuteTlsClientHello/Enabled/",
"WebRTC-PermuteTlsClientHello/Enabled/");
TestHandshake();
}
#endif // OPENSSL_IS_BORINGSSL