blob: fb909e7ea1840b4bd25c3af66b0b58d991217c35 [file] [log] [blame]
henrike@webrtc.orgf0488722014-05-13 18:00:261/*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
Ali Tofigh7fa90572022-03-17 14:47:4911#include "rtc_base/ssl_stream_adapter.h"
12
henrike@webrtc.orgf0488722014-05-13 18:00:2613#include <algorithm>
jbauch555604a2016-04-26 10:13:2214#include <memory>
henrike@webrtc.orgf0488722014-05-13 18:00:2615#include <set>
16#include <string>
17
Harald Alvestrand8515d5a2020-03-20 21:51:3218#include "absl/memory/memory.h"
Ali Tofigh7fa90572022-03-17 14:47:4919#include "absl/strings/string_view.h"
Harald Alvestrand11840ce2022-11-10 10:50:5020#include "api/array_view.h"
Artem Titovc374d112022-06-16 19:27:4521#include "api/task_queue/pending_task_safety_flag.h"
Steve Anton10542f22019-01-11 17:11:0022#include "rtc_base/buffer_queue.h"
Mirko Bonadei92ea95e2017-09-15 04:47:3123#include "rtc_base/checks.h"
24#include "rtc_base/gunit.h"
25#include "rtc_base/helpers.h"
Niels Möller13339482019-03-28 12:30:1526#include "rtc_base/memory/fifo_buffer.h"
Niels Möllere7547d52018-11-01 08:33:0827#include "rtc_base/memory_stream.h"
Steve Anton10542f22019-01-11 17:11:0028#include "rtc_base/message_digest.h"
Guido Urdaneta14bba6e2020-09-25 14:00:5129#include "rtc_base/openssl_stream_adapter.h"
Steve Anton10542f22019-01-11 17:11:0030#include "rtc_base/ssl_adapter.h"
31#include "rtc_base/ssl_identity.h"
Mirko Bonadei92ea95e2017-09-15 04:47:3132#include "rtc_base/stream.h"
Harald Alvestrand13799132020-03-09 18:39:3633#include "test/field_trial.h"
henrike@webrtc.orgf0488722014-05-13 18:00:2634
Torbjorn Granlundb6d4ec42015-08-17 12:08:5935using ::testing::Combine;
36using ::testing::tuple;
Harald Alvestrand13799132020-03-09 18:39:3637using ::testing::Values;
38using ::testing::WithParamInterface;
Danil Chapovalov5286dcf2022-07-18 15:04:5639using ::webrtc::SafeTask;
Torbjorn Granlundb6d4ec42015-08-17 12:08:5940
henrike@webrtc.orgf0488722014-05-13 18:00:2641static const int kBlockSize = 4096;
henrike@webrtc.orgf0488722014-05-13 18:00:2642static const char kExporterLabel[] = "label";
43static const unsigned char kExporterContext[] = "context";
44static int kExporterContextLen = sizeof(kExporterContext);
45
Harald Alvestrand13799132020-03-09 18:39:3646// A private key used for testing, broken into pieces in order to avoid
47// issues with Git's checks for private keys in repos.
48#define RSA_PRIVATE_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----\n"
49
50static const char kRSA_PRIVATE_KEY_PEM[] = RSA_PRIVATE_KEY_HEADER
henrike@webrtc.orgf0488722014-05-13 18:00:2651 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
52 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
53 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
54 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
55 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
56 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
57 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
58 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
59 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
60 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
61 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
62 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
63 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
64 "UCXiYxSsu20QNVw=\n"
65 "-----END RSA PRIVATE KEY-----\n";
66
Harald Alvestrand13799132020-03-09 18:39:3667#undef RSA_PRIVATE_KEY_HEADER
68
henrike@webrtc.orgf0488722014-05-13 18:00:2669static const char kCERT_PEM[] =
70 "-----BEGIN CERTIFICATE-----\n"
71 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
72 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
73 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
74 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
75 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
76 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
77 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
78 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
79 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
80 "-----END CERTIFICATE-----\n";
81
Jian Cui0a8798b2017-11-17 00:58:0282static const char kIntCert1[] =
83 "-----BEGIN CERTIFICATE-----\n"
84 "MIIEUjCCAjqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCVVMx\n"
85 "EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS\n"
86 "BgNVBAoMC0dvb2dsZSwgSW5jMQwwCgYDVQQLDANHVFAxFzAVBgNVBAMMDnRlbGVw\n"
87 "aG9ueS5nb29nMR0wGwYJKoZIhvcNAQkBFg5ndHBAZ29vZ2xlLmNvbTAeFw0xNzA5\n"
88 "MjYwNDA5MDNaFw0yMDA2MjIwNDA5MDNaMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQI\n"
89 "DAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEXMBUGA1UECgwOdGVsZXBob255\n"
90 "Lmdvb2cxFzAVBgNVBAMMDnRlbGVwaG9ueS5nb29nMIGfMA0GCSqGSIb3DQEBAQUA\n"
91 "A4GNADCBiQKBgQDJXWeeU1v1+wlqkVobzI3aN7Uh2iVQA9YCdq5suuabtiD/qoOD\n"
92 "NKpmQqsx7WZGGWSZTDFEBaUpvIK7Hb+nzRqk6iioPCFOFuarm6GxO1xVneImMuE6\n"
93 "tuWb3YZPr+ikChJbl11y5UcSbg0QsbeUc+jHl5umNvrL85Y+z8SP0rxbBwIDAQAB\n"
94 "o2AwXjAdBgNVHQ4EFgQU7tdZobqlN8R8V72FQnRxmqq8tKswHwYDVR0jBBgwFoAU\n"
95 "5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC\n"
96 "AQYwDQYJKoZIhvcNAQELBQADggIBADObh9Z+z14FmP9zSenhFtq7hFnmNrSkklk8\n"
97 "eyYWXKfOuIriEQQBZsz76ZcnzStih8Rj+yQ0AXydk4fJ5LOwC2cUqQBar17g6Pd2\n"
98 "8g4SIL4azR9WvtiSvpuGlwp25b+yunaacDne6ebnf/MUiiKT5w61Xo3cEPVfl38e\n"
99 "/Up2l0bioid5enUTmg6LY6RxDO6tnZQkz3XD+nNSwT4ehtkqFpHYWjErj0BbkDM2\n"
100 "hiVc/JsYOZn3DmuOlHVHU6sKwqh3JEyvHO/d7DGzMGWHpHwv2mCTJq6l/sR95Tc2\n"
101 "GaQZgGDVNs9pdEouJCDm9e/PbQWRYhnat82PTkXx/6mDAAwdZlIi/pACzq8K4p7e\n"
102 "6hF0t8uKGnXJubHPXxlnJU6yxZ0yWmivAGjwWK4ur832gKlho4jeMDhiI/T3QPpl\n"
103 "iMNsIvxRhdD+GxJkQP1ezayw8s+Uc9KwKglrkBSRRDLCJUfPOvMmXLUDSTMX7kp4\n"
104 "/Ak1CA8dVLJIlfEjLBUuvAttlP7+7lsKNgxAjCxZkWLXIyGULzNPQwVWkGfCbrQs\n"
105 "XyMvSbFsSIb7blV7eLlmf9a+2RprUUkc2ALXLLCI9YQXmxm2beBfMyNmmebwBJzT\n"
106 "B0OR+5pFFNTJPoNlqpdrDsGrDu7JlUtk0ZLZzYyKXbgy2qXxfd4OWzXXjxpLMszZ\n"
107 "LDIpOAkj\n"
108 "-----END CERTIFICATE-----\n";
109
110static const char kCACert[] =
111 "-----BEGIN CERTIFICATE-----\n"
112 "MIIGETCCA/mgAwIBAgIJAKN9r/BdbGUJMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD\n"
113 "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g\n"
114 "VmlldzEUMBIGA1UECgwLR29vZ2xlLCBJbmMxDDAKBgNVBAsMA0dUUDEXMBUGA1UE\n"
115 "AwwOdGVsZXBob255Lmdvb2cxHTAbBgkqhkiG9w0BCQEWDmd0cEBnb29nbGUuY29t\n"
116 "MB4XDTE3MDcyNzIzMDE0NVoXDTE3MDgyNjIzMDE0NVowgZYxCzAJBgNVBAYTAlVT\n"
117 "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQw\n"
118 "EgYDVQQKDAtHb29nbGUsIEluYzEMMAoGA1UECwwDR1RQMRcwFQYDVQQDDA50ZWxl\n"
119 "cGhvbnkuZ29vZzEdMBsGCSqGSIb3DQEJARYOZ3RwQGdvb2dsZS5jb20wggIiMA0G\n"
120 "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfvpF7aBV5Hp1EHsWoIlL3GeHwh8dS\n"
121 "lv9VQCegN9rD06Ny7MgcED5AiK2vqXmUmOVS+7NbATkdVYN/eozDhKtN3Q3n87kJ\n"
122 "Nt/TD/TcZZHOZIGsRPbrf2URK26E/5KzTzbzXVBOA1e+gSj+EBbltGqb01ZO5ErF\n"
123 "iPGViPM/HpYKdq6mfz2bS5PhU67XZMM2zvToyReQ/Fjm/6PJhwKSRXSgZF5djPhk\n"
124 "2LfOKMLS0AeZtd2C4DFsCU41lfLUkybioDgFuzTQ3TFi1K8A07KYTMmLY/yQppnf\n"
125 "SpNX58shlVhM+Ed37K1Z0rU0OfVCZ5P+KKaSSfMranjlU7zeUIhZYjqq/EYrEhbS\n"
126 "dLnNHwgJrqxzId3kq8uuLM6+VB7JZKnZLfT90GdAbX4+tutNe21smmogF9f80vEy\n"
127 "gM4tOp9rXrvz9vCwWHXVY9kdKemdLAsREoO6MS9k2ctK4jj80o2dROuFC6Q3e7mz\n"
128 "RjvZr5Tvi464c2o9o/jNlJ0O6q7V2eQzohD+7VnV5QPpRGXxlIeqpR2zoAg+WtRS\n"
129 "4OgHOVYiD3M6uAlggJA5pcDjMfkEZ+pkhtVcT4qMCEoruk6GbyPxS565oSHu16bH\n"
130 "EjeCqbZOVND5T3oA7nz6aQSs8sJabt0jmxUkGVnE+4ZDIuuRtkRma+0P/96Mtqor\n"
131 "OlpNWY1OBDY64QIDAQABo2AwXjAdBgNVHQ4EFgQU5GgKMUtcxkQ2dJrtNR5YOlIA\n"
132 "PDswHwYDVR0jBBgwFoAU5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUw\n"
133 "AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAARQly5/bB6VUL2C\n"
134 "ykDYgWt48go407pAra6tL2kjpdfxV5PdL7iMZRkeht00vj+BVahIqZKrNOa/f5Fx\n"
135 "vlpahZFu0PDN436aQwRZ9qWut2qDOK0/z9Hhj6NWybquRFwMwqkPG/ivLMDU8Dmj\n"
136 "CIplpngPYNwXCs0KzdjSXYxqxJbwMjQXELD+/RcurY0oTtJMM1/2vKQMzw24UJqe\n"
137 "XLJAlsnd2AnWzWNUEviDZY89j9NdkHerBmV2gGzcU+X5lgOO5M8odBv0ZC9D+a6Z\n"
138 "QPZAOfdGVw60hhGvTW5s/s0dHwCpegRidhs0MD0fTmwwjYFBSmUx3Gztr4JTzOOr\n"
139 "7e5daJuak2ujQ5DqcGBvt1gePjSudb5brS7JQtN8tI/FyrnR4q/OuOwv1EvlC5RG\n"
140 "hLX+TXaWqFxB1Hd8ebKRR40mboFG6KcUI3lLBthDvQE7jnq48QfZMjlMQK0ZF1l7\n"
141 "SrlwRXWA74bU8CLJvnZKKo9p4TsTiDYGSYC6tNHKj5s3TGWL46oqGyZ0KdGNhrtC\n"
142 "rIGenMhth1vPYjyy0XuGBndXT85yi+IM2l8g8oU845+plxIhgpSI8bbC0oLwnhQ5\n"
143 "ARfsiYLkXDE7imSS0CSUmye76372mlzAIB1is4bBB/SzpPQtBuB9LDKtONgpSGHn\n"
144 "dGaXBy+qbVXVyGXaeEbIRjtJ6m92\n"
145 "-----END CERTIFICATE-----\n";
146
henrike@webrtc.orgf0488722014-05-13 18:00:26147class SSLStreamAdapterTestBase;
148
jbauche488a0d2015-11-19 13:17:58149class SSLDummyStreamBase : public rtc::StreamInterface,
150 public sigslot::has_slots<> {
henrike@webrtc.orgf0488722014-05-13 18:00:26151 public:
jbauche488a0d2015-11-19 13:17:58152 SSLDummyStreamBase(SSLStreamAdapterTestBase* test,
Ali Tofigh7fa90572022-03-17 14:47:49153 absl::string_view side,
jbauche488a0d2015-11-19 13:17:58154 rtc::StreamInterface* in,
Yves Gerey665174f2018-06-19 13:03:05155 rtc::StreamInterface* out)
156 : test_base_(test), side_(side), in_(in), out_(out), first_packet_(true) {
jbauche488a0d2015-11-19 13:17:58157 in_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventIn);
158 out_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventOut);
henrike@webrtc.orgf0488722014-05-13 18:00:26159 }
160
jbauche488a0d2015-11-19 13:17:58161 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
henrike@webrtc.orgf0488722014-05-13 18:00:26162
Harald Alvestrandcf707762022-11-17 10:50:45163 rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
164 size_t& read,
165 int& error) override {
henrike@webrtc.orgf0488722014-05-13 18:00:26166 rtc::StreamResult r;
167
Harald Alvestrandcf707762022-11-17 10:50:45168 r = in_->Read(buffer, read, error);
henrike@webrtc.orgf0488722014-05-13 18:00:26169 if (r == rtc::SR_BLOCK)
170 return rtc::SR_BLOCK;
171 if (r == rtc::SR_EOS)
172 return rtc::SR_EOS;
173
174 if (r != rtc::SR_SUCCESS) {
175 ADD_FAILURE();
176 return rtc::SR_ERROR;
177 }
178
179 return rtc::SR_SUCCESS;
180 }
181
182 // Catch readability events on in and pass them up.
jbauche488a0d2015-11-19 13:17:58183 void OnEventIn(rtc::StreamInterface* stream, int sig, int err) {
henrike@webrtc.orgf0488722014-05-13 18:00:26184 int mask = (rtc::SE_READ | rtc::SE_CLOSE);
185
186 if (sig & mask) {
Mirko Bonadei675513b2017-11-09 10:09:25187 RTC_LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_
188 << " sig=" << sig << " forwarding upward";
henrike@webrtc.orgf0488722014-05-13 18:00:26189 PostEvent(sig & mask, 0);
190 }
191 }
192
193 // Catch writeability events on out and pass them up.
jbauche488a0d2015-11-19 13:17:58194 void OnEventOut(rtc::StreamInterface* stream, int sig, int err) {
henrike@webrtc.orgf0488722014-05-13 18:00:26195 if (sig & rtc::SE_WRITE) {
Mirko Bonadei675513b2017-11-09 10:09:25196 RTC_LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_
197 << " sig=" << sig << " forwarding upward";
henrike@webrtc.orgf0488722014-05-13 18:00:26198
199 PostEvent(sig & rtc::SE_WRITE, 0);
200 }
201 }
202
203 // Write to the outgoing FifoBuffer
Harald Alvestrand11840ce2022-11-10 10:50:50204 rtc::StreamResult WriteData(rtc::ArrayView<const uint8_t> data,
205 size_t& written,
206 int& error) {
207 return out_->Write(data, written, error);
henrike@webrtc.orgf0488722014-05-13 18:00:26208 }
209
Harald Alvestrand11840ce2022-11-10 10:50:50210 rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
211 size_t& written,
212 int& error) override;
henrike@webrtc.orgf0488722014-05-13 18:00:26213
jbauche488a0d2015-11-19 13:17:58214 void Close() override {
Mirko Bonadei675513b2017-11-09 10:09:25215 RTC_LOG(LS_INFO) << "Closing outbound stream";
henrike@webrtc.orgf0488722014-05-13 18:00:26216 out_->Close();
217 }
218
Tommi04482982020-10-05 12:43:53219 private:
220 void PostEvent(int events, int err) {
Danil Chapovalov5286dcf2022-07-18 15:04:56221 thread_->PostTask(SafeTask(task_safety_.flag(), [this, events, err]() {
Tommi04482982020-10-05 12:43:53222 SignalEvent(this, events, err);
223 }));
224 }
225
226 webrtc::ScopedTaskSafety task_safety_;
227 rtc::Thread* const thread_ = rtc::Thread::Current();
jbauche488a0d2015-11-19 13:17:58228 SSLStreamAdapterTestBase* test_base_;
henrike@webrtc.orgf0488722014-05-13 18:00:26229 const std::string side_;
jbauche488a0d2015-11-19 13:17:58230 rtc::StreamInterface* in_;
231 rtc::StreamInterface* out_;
henrike@webrtc.orgf0488722014-05-13 18:00:26232 bool first_packet_;
233};
234
jbauche488a0d2015-11-19 13:17:58235class SSLDummyStreamTLS : public SSLDummyStreamBase {
236 public:
237 SSLDummyStreamTLS(SSLStreamAdapterTestBase* test,
Ali Tofigh7fa90572022-03-17 14:47:49238 absl::string_view side,
jbauche488a0d2015-11-19 13:17:58239 rtc::FifoBuffer* in,
Yves Gerey665174f2018-06-19 13:03:05240 rtc::FifoBuffer* out)
241 : SSLDummyStreamBase(test, side, in, out) {}
jbauche488a0d2015-11-19 13:17:58242};
243
Tomas Gunnarssonb6bc09b2020-09-29 11:04:01244class BufferQueueStream : public rtc::StreamInterface {
jbauche488a0d2015-11-19 13:17:58245 public:
246 BufferQueueStream(size_t capacity, size_t default_size)
Tomas Gunnarssonb6bc09b2020-09-29 11:04:01247 : buffer_(capacity, default_size) {}
jbauche488a0d2015-11-19 13:17:58248
249 // Implementation of abstract StreamInterface methods.
250
251 // A buffer queue stream is always "open".
252 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
253
254 // Reading a buffer queue stream will either succeed or block.
Harald Alvestrandcf707762022-11-17 10:50:45255 rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
256 size_t& read,
257 int& error) override {
Tomas Gunnarssonb6bc09b2020-09-29 11:04:01258 const bool was_writable = buffer_.is_writable();
Harald Alvestrandcf707762022-11-17 10:50:45259 if (!buffer_.ReadFront(buffer.data(), buffer.size(), &read))
jbauche488a0d2015-11-19 13:17:58260 return rtc::SR_BLOCK;
Tomas Gunnarssonb6bc09b2020-09-29 11:04:01261
262 if (!was_writable)
263 NotifyWritableForTest();
264
jbauche488a0d2015-11-19 13:17:58265 return rtc::SR_SUCCESS;
266 }
267
268 // Writing to a buffer queue stream will either succeed or block.
Harald Alvestrandcf707762022-11-17 10:50:45269 rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
270 size_t& written,
271 int& error) override {
Tomas Gunnarssonb6bc09b2020-09-29 11:04:01272 const bool was_readable = buffer_.is_readable();
Harald Alvestrandcf707762022-11-17 10:50:45273 if (!buffer_.WriteBack(data.data(), data.size(), &written))
jbauche488a0d2015-11-19 13:17:58274 return rtc::SR_BLOCK;
Tomas Gunnarssonb6bc09b2020-09-29 11:04:01275
276 if (!was_readable)
277 NotifyReadableForTest();
278
jbauche488a0d2015-11-19 13:17:58279 return rtc::SR_SUCCESS;
280 }
281
282 // A buffer queue stream can not be closed.
283 void Close() override {}
284
285 protected:
Tomas Gunnarssonb6bc09b2020-09-29 11:04:01286 void NotifyReadableForTest() { PostEvent(rtc::SE_READ, 0); }
Tomas Gunnarssonb6bc09b2020-09-29 11:04:01287 void NotifyWritableForTest() { PostEvent(rtc::SE_WRITE, 0); }
288
289 private:
Tommi04482982020-10-05 12:43:53290 void PostEvent(int events, int err) {
Danil Chapovalov5286dcf2022-07-18 15:04:56291 thread_->PostTask(SafeTask(task_safety_.flag(), [this, events, err]() {
Tommi04482982020-10-05 12:43:53292 SignalEvent(this, events, err);
293 }));
294 }
295
296 rtc::Thread* const thread_ = rtc::Thread::Current();
297 webrtc::ScopedTaskSafety task_safety_;
Tomas Gunnarssonb6bc09b2020-09-29 11:04:01298 rtc::BufferQueue buffer_;
jbauche488a0d2015-11-19 13:17:58299};
300
301class SSLDummyStreamDTLS : public SSLDummyStreamBase {
302 public:
303 SSLDummyStreamDTLS(SSLStreamAdapterTestBase* test,
Ali Tofigh7fa90572022-03-17 14:47:49304 absl::string_view side,
jbauche488a0d2015-11-19 13:17:58305 BufferQueueStream* in,
Yves Gerey665174f2018-06-19 13:03:05306 BufferQueueStream* out)
307 : SSLDummyStreamBase(test, side, in, out) {}
jbauche488a0d2015-11-19 13:17:58308};
309
henrike@webrtc.orgf0488722014-05-13 18:00:26310static const int kFifoBufferSize = 4096;
jbauche488a0d2015-11-19 13:17:58311static const int kBufferCapacity = 1;
312static const size_t kDefaultBufferSize = 2048;
henrike@webrtc.orgf0488722014-05-13 18:00:26313
Mirko Bonadei6a489f22019-04-09 13:11:12314class SSLStreamAdapterTestBase : public ::testing::Test,
henrike@webrtc.orgf0488722014-05-13 18:00:26315 public sigslot::has_slots<> {
316 public:
torbjorng4e572472015-10-08 16:42:49317 SSLStreamAdapterTestBase(
Ali Tofigh7fa90572022-03-17 14:47:49318 absl::string_view client_cert_pem,
319 absl::string_view client_private_key_pem,
torbjorng4e572472015-10-08 16:42:49320 bool dtls,
321 rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT),
322 rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT))
jbauche488a0d2015-11-19 13:17:58323 : client_cert_pem_(client_cert_pem),
324 client_private_key_pem_(client_private_key_pem),
325 client_key_type_(client_key_type),
326 server_key_type_(server_key_type),
deadbeef37f5ecf2017-02-27 22:06:41327 client_stream_(nullptr),
328 server_stream_(nullptr),
Torbjorn Granlundb6d4ec42015-08-17 12:08:59329 delay_(0),
330 mtu_(1460),
331 loss_(0),
332 lose_first_packet_(false),
333 damage_(false),
334 dtls_(dtls),
335 handshake_wait_(5000),
Benjamin Wrightaf1f8652019-04-01 18:25:23336 identities_set_(false) {
henrike@webrtc.orgf0488722014-05-13 18:00:26337 // Set use of the test RNG to get predictable loss patterns.
338 rtc::SetRandomTestMode(true);
henrike@webrtc.orgf0488722014-05-13 18:00:26339 }
340
Steve Anton9de3aac2017-10-24 17:08:26341 ~SSLStreamAdapterTestBase() override {
henrike@webrtc.orgf0488722014-05-13 18:00:26342 // Put it back for the next test.
343 rtc::SetRandomTestMode(false);
344 }
345
torbjorng7593aad2015-11-19 20:20:51346 void SetUp() override {
jbauche488a0d2015-11-19 13:17:58347 CreateStreams();
348
Harald Alvestrand8515d5a2020-03-20 21:51:32349 client_ssl_ =
350 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
351 server_ssl_ =
352 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
jbauche488a0d2015-11-19 13:17:58353
354 // Set up the slots
355 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
356 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
357
Harald Alvestrand8515d5a2020-03-20 21:51:32358 std::unique_ptr<rtc::SSLIdentity> client_identity;
jbauche488a0d2015-11-19 13:17:58359 if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
Harald Alvestrand8515d5a2020-03-20 21:51:32360 client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
jbauche488a0d2015-11-19 13:17:58361 client_private_key_pem_, client_cert_pem_);
362 } else {
Harald Alvestrand8515d5a2020-03-20 21:51:32363 client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
jbauche488a0d2015-11-19 13:17:58364 }
Harald Alvestrand8515d5a2020-03-20 21:51:32365 auto server_identity = rtc::SSLIdentity::Create("server", server_key_type_);
jbauche488a0d2015-11-19 13:17:58366
Harald Alvestrand8515d5a2020-03-20 21:51:32367 client_ssl_->SetIdentity(std::move(client_identity));
368 server_ssl_->SetIdentity(std::move(server_identity));
jbauche488a0d2015-11-19 13:17:58369 }
370
torbjorng7593aad2015-11-19 20:20:51371 void TearDown() override {
jbauche488a0d2015-11-19 13:17:58372 client_ssl_.reset(nullptr);
373 server_ssl_.reset(nullptr);
374 }
375
376 virtual void CreateStreams() = 0;
377
henrike@webrtc.orgf0488722014-05-13 18:00:26378 // Recreate the client/server identities with the specified validity period.
Artem Titov96e3b992021-07-26 14:03:14379 // `not_before` and `not_after` are offsets from the current time in number
henrike@webrtc.orgf0488722014-05-13 18:00:26380 // of seconds.
381 void ResetIdentitiesWithValidity(int not_before, int not_after) {
jbauche488a0d2015-11-19 13:17:58382 CreateStreams();
henrike@webrtc.orgf0488722014-05-13 18:00:26383
Harald Alvestrand8515d5a2020-03-20 21:51:32384 client_ssl_ =
385 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
386 server_ssl_ =
387 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
henrike@webrtc.orgf0488722014-05-13 18:00:26388
389 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
390 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
391
Torbjorn Granlund46c9cc02015-12-01 12:06:34392 time_t now = time(nullptr);
393
henrike@webrtc.orgf0488722014-05-13 18:00:26394 rtc::SSLIdentityParams client_params;
torbjorng4e572472015-10-08 16:42:49395 client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
henrike@webrtc.orgf0488722014-05-13 18:00:26396 client_params.common_name = "client";
Torbjorn Granlund46c9cc02015-12-01 12:06:34397 client_params.not_before = now + not_before;
398 client_params.not_after = now + not_after;
Harald Alvestrand8515d5a2020-03-20 21:51:32399 auto client_identity = rtc::SSLIdentity::CreateForTest(client_params);
henrike@webrtc.orgf0488722014-05-13 18:00:26400
401 rtc::SSLIdentityParams server_params;
torbjorng4e572472015-10-08 16:42:49402 server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
henrike@webrtc.orgf0488722014-05-13 18:00:26403 server_params.common_name = "server";
Torbjorn Granlund46c9cc02015-12-01 12:06:34404 server_params.not_before = now + not_before;
405 server_params.not_after = now + not_after;
Harald Alvestrand8515d5a2020-03-20 21:51:32406 auto server_identity = rtc::SSLIdentity::CreateForTest(server_params);
henrike@webrtc.orgf0488722014-05-13 18:00:26407
Harald Alvestrand8515d5a2020-03-20 21:51:32408 client_ssl_->SetIdentity(std::move(client_identity));
409 server_ssl_->SetIdentity(std::move(server_identity));
henrike@webrtc.orgf0488722014-05-13 18:00:26410 }
411
Yves Gerey665174f2018-06-19 13:03:05412 virtual void OnEvent(rtc::StreamInterface* stream, int sig, int err) {
Mirko Bonadei675513b2017-11-09 10:09:25413 RTC_LOG(LS_VERBOSE) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig;
henrike@webrtc.orgf0488722014-05-13 18:00:26414
415 if (sig & rtc::SE_READ) {
416 ReadData(stream);
417 }
418
419 if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) {
420 WriteData();
421 }
422 }
423
deadbeef89824f62016-09-30 18:55:43424 void SetPeerIdentitiesByDigest(bool correct, bool expect_success) {
425 unsigned char server_digest[20];
426 size_t server_digest_len;
427 unsigned char client_digest[20];
428 size_t client_digest_len;
henrike@webrtc.orgf0488722014-05-13 18:00:26429 bool rv;
deadbeef89824f62016-09-30 18:55:43430 rtc::SSLPeerCertificateDigestError err;
431 rtc::SSLPeerCertificateDigestError expected_err =
432 expect_success
433 ? rtc::SSLPeerCertificateDigestError::NONE
434 : rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED;
henrike@webrtc.orgf0488722014-05-13 18:00:26435
Mirko Bonadei675513b2017-11-09 10:09:25436 RTC_LOG(LS_INFO) << "Setting peer identities by digest";
henrike@webrtc.orgf0488722014-05-13 18:00:26437
Harald Alvestrand8515d5a2020-03-20 21:51:32438 rv = server_identity()->certificate().ComputeDigest(
deadbeef89824f62016-09-30 18:55:43439 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
henrike@webrtc.orgf0488722014-05-13 18:00:26440 ASSERT_TRUE(rv);
Harald Alvestrand8515d5a2020-03-20 21:51:32441 rv = client_identity()->certificate().ComputeDigest(
deadbeef89824f62016-09-30 18:55:43442 rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len);
443 ASSERT_TRUE(rv);
444
henrike@webrtc.orgf0488722014-05-13 18:00:26445 if (!correct) {
Mirko Bonadei675513b2017-11-09 10:09:25446 RTC_LOG(LS_INFO) << "Setting bogus digest for server cert";
deadbeef89824f62016-09-30 18:55:43447 server_digest[0]++;
henrike@webrtc.orgf0488722014-05-13 18:00:26448 }
deadbeef89824f62016-09-30 18:55:43449 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
450 server_digest_len, &err);
451 EXPECT_EQ(expected_err, err);
452 EXPECT_EQ(expect_success, rv);
henrike@webrtc.orgf0488722014-05-13 18:00:26453
henrike@webrtc.orgf0488722014-05-13 18:00:26454 if (!correct) {
Mirko Bonadei675513b2017-11-09 10:09:25455 RTC_LOG(LS_INFO) << "Setting bogus digest for client cert";
deadbeef89824f62016-09-30 18:55:43456 client_digest[0]++;
henrike@webrtc.orgf0488722014-05-13 18:00:26457 }
deadbeef89824f62016-09-30 18:55:43458 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, client_digest,
459 client_digest_len, &err);
460 EXPECT_EQ(expected_err, err);
461 EXPECT_EQ(expect_success, rv);
henrike@webrtc.orgf0488722014-05-13 18:00:26462
463 identities_set_ = true;
464 }
465
Joachim Bauch831c5582015-05-20 10:48:41466 void SetupProtocolVersions(rtc::SSLProtocolVersion server_version,
467 rtc::SSLProtocolVersion client_version) {
468 server_ssl_->SetMaxProtocolVersion(server_version);
469 client_ssl_->SetMaxProtocolVersion(client_version);
470 }
471
henrike@webrtc.orgf0488722014-05-13 18:00:26472 void TestHandshake(bool expect_success = true) {
Yves Gerey665174f2018-06-19 13:03:05473 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
474 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
henrike@webrtc.orgf0488722014-05-13 18:00:26475
476 if (!dtls_) {
477 // Make sure we simulate a reliable network for TLS.
478 // This is just a check to make sure that people don't write wrong
479 // tests.
nissec16fa5e2017-02-07 15:18:43480 RTC_CHECK_EQ(1460, mtu_);
481 RTC_CHECK(!loss_);
482 RTC_CHECK(!lose_first_packet_);
henrike@webrtc.orgf0488722014-05-13 18:00:26483 }
484
485 if (!identities_set_)
deadbeef89824f62016-09-30 18:55:43486 SetPeerIdentitiesByDigest(true, true);
henrike@webrtc.orgf0488722014-05-13 18:00:26487
488 // Start the handshake
489 int rv;
490
491 server_ssl_->SetServerRole();
Taylor Brandstetterc8762a82016-08-11 19:01:49492 rv = server_ssl_->StartSSL();
henrike@webrtc.orgf0488722014-05-13 18:00:26493 ASSERT_EQ(0, rv);
494
Taylor Brandstetterc8762a82016-08-11 19:01:49495 rv = client_ssl_->StartSSL();
henrike@webrtc.orgf0488722014-05-13 18:00:26496 ASSERT_EQ(0, rv);
497
498 // Now run the handshake
499 if (expect_success) {
Yves Gerey665174f2018-06-19 13:03:05500 EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN) &&
501 (server_ssl_->GetState() == rtc::SS_OPEN),
henrike@webrtc.orgf0488722014-05-13 18:00:26502 handshake_wait_);
503 } else {
504 EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED,
505 handshake_wait_);
506 }
507 }
508
Philipp Hancke9c83d9d2022-04-28 17:01:28509 // This tests that we give up after 12 DTLS resends.
510 void TestHandshakeTimeout() {
511 rtc::ScopedFakeClock clock;
512 int64_t time_start = clock.TimeNanos();
513 webrtc::TimeDelta time_increment = webrtc::TimeDelta::Millis(1000);
514 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
515 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
516
517 if (!dtls_) {
518 // Make sure we simulate a reliable network for TLS.
519 // This is just a check to make sure that people don't write wrong
520 // tests.
521 RTC_CHECK_EQ(1460, mtu_);
522 RTC_CHECK(!loss_);
523 RTC_CHECK(!lose_first_packet_);
524 }
525
526 if (!identities_set_)
527 SetPeerIdentitiesByDigest(true, true);
528
529 // Start the handshake
530 int rv;
531
532 server_ssl_->SetServerRole();
533 rv = server_ssl_->StartSSL();
534 ASSERT_EQ(0, rv);
535
536 rv = client_ssl_->StartSSL();
537 ASSERT_EQ(0, rv);
538
539 // Now wait for the handshake to timeout (or fail after an hour of simulated
540 // time).
541 while (client_ssl_->GetState() == rtc::SS_OPENING &&
542 (rtc::TimeDiff(clock.TimeNanos(), time_start) <
543 3600 * rtc::kNumNanosecsPerSec)) {
544 EXPECT_TRUE_WAIT(!((client_ssl_->GetState() == rtc::SS_OPEN) &&
545 (server_ssl_->GetState() == rtc::SS_OPEN)),
546 1000);
547 clock.AdvanceTime(time_increment);
548 }
549 RTC_CHECK_EQ(client_ssl_->GetState(), rtc::SS_CLOSED);
550 }
551
Taylor Brandstetter165c6182020-12-11 00:23:03552 // This tests that the handshake can complete before the identity is verified,
553 // and the identity will be verified after the fact. It also verifies that
554 // packets can't be read or written before the identity has been verified.
deadbeef89824f62016-09-30 18:55:43555 void TestHandshakeWithDelayedIdentity(bool valid_identity) {
556 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
557 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
558
559 if (!dtls_) {
560 // Make sure we simulate a reliable network for TLS.
561 // This is just a check to make sure that people don't write wrong
562 // tests.
nissec16fa5e2017-02-07 15:18:43563 RTC_CHECK_EQ(1460, mtu_);
564 RTC_CHECK(!loss_);
565 RTC_CHECK(!lose_first_packet_);
deadbeef89824f62016-09-30 18:55:43566 }
567
568 // Start the handshake
deadbeef89824f62016-09-30 18:55:43569 server_ssl_->SetServerRole();
Taylor Brandstetter165c6182020-12-11 00:23:03570 ASSERT_EQ(0, server_ssl_->StartSSL());
571 ASSERT_EQ(0, client_ssl_->StartSSL());
deadbeef89824f62016-09-30 18:55:43572
573 // Now run the handshake.
574 EXPECT_TRUE_WAIT(
575 client_ssl_->IsTlsConnected() && server_ssl_->IsTlsConnected(),
576 handshake_wait_);
577
578 // Until the identity has been verified, the state should still be
579 // SS_OPENING and writes should return SR_BLOCK.
580 EXPECT_EQ(rtc::SS_OPENING, client_ssl_->GetState());
581 EXPECT_EQ(rtc::SS_OPENING, server_ssl_->GetState());
Harald Alvestrand1f609c82022-11-07 17:12:07582 uint8_t packet[1];
deadbeef89824f62016-09-30 18:55:43583 size_t sent;
Harald Alvestrand1f609c82022-11-07 17:12:07584 int error;
585 EXPECT_EQ(rtc::SR_BLOCK, client_ssl_->Write(packet, sent, error));
586 EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Write(packet, sent, error));
deadbeef89824f62016-09-30 18:55:43587
Taylor Brandstetter165c6182020-12-11 00:23:03588 // Collect both of the certificate digests; needs to be done before calling
589 // SetPeerCertificateDigest as that may reset the identity.
590 unsigned char server_digest[20];
591 size_t server_digest_len;
592 unsigned char client_digest[20];
593 size_t client_digest_len;
594 bool rv;
595
596 rv = server_identity()->certificate().ComputeDigest(
597 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
598 ASSERT_TRUE(rv);
599 rv = client_identity()->certificate().ComputeDigest(
600 rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len);
601 ASSERT_TRUE(rv);
602
603 if (!valid_identity) {
604 RTC_LOG(LS_INFO) << "Setting bogus digest for client/server certs";
605 client_digest[0]++;
606 server_digest[0]++;
607 }
608
609 // Set the peer certificate digest for the client.
610 rtc::SSLPeerCertificateDigestError err;
611 rtc::SSLPeerCertificateDigestError expected_err =
612 valid_identity
613 ? rtc::SSLPeerCertificateDigestError::NONE
614 : rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED;
615 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
616 server_digest_len, &err);
617 EXPECT_EQ(expected_err, err);
618 EXPECT_EQ(valid_identity, rv);
deadbeef89824f62016-09-30 18:55:43619 // State should then transition to SS_OPEN or SS_CLOSED based on validation
620 // of the identity.
621 if (valid_identity) {
622 EXPECT_EQ(rtc::SS_OPEN, client_ssl_->GetState());
Taylor Brandstetter165c6182020-12-11 00:23:03623 // If the client sends a packet while the server still hasn't verified the
624 // client identity, the server should continue to return SR_BLOCK.
Harald Alvestrand1f609c82022-11-07 17:12:07625 int error;
626 EXPECT_EQ(rtc::SR_SUCCESS, client_ssl_->Write(packet, sent, error));
627 size_t read;
628 EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Read(packet, read, error));
Taylor Brandstetter72f638a2020-11-15 21:01:15629 } else {
Sam Zackrisson7e6290d2020-12-10 07:55:28630 EXPECT_EQ(rtc::SS_CLOSED, client_ssl_->GetState());
Taylor Brandstetter165c6182020-12-11 00:23:03631 }
632
633 // Set the peer certificate digest for the server.
634 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, client_digest,
635 client_digest_len, &err);
636 EXPECT_EQ(expected_err, err);
637 EXPECT_EQ(valid_identity, rv);
638 if (valid_identity) {
639 EXPECT_EQ(rtc::SS_OPEN, server_ssl_->GetState());
640 } else {
deadbeef89824f62016-09-30 18:55:43641 EXPECT_EQ(rtc::SS_CLOSED, server_ssl_->GetState());
642 }
643 }
644
Yves Gerey665174f2018-06-19 13:03:05645 rtc::StreamResult DataWritten(SSLDummyStreamBase* from,
646 const void* data,
647 size_t data_len,
Harald Alvestrand11840ce2022-11-10 10:50:50648 size_t& written,
649 int& error) {
henrike@webrtc.orgf0488722014-05-13 18:00:26650 // Randomly drop loss_ percent of packets
Peter Boström0c4e06b2015-10-07 10:23:21651 if (rtc::CreateRandomId() % 100 < static_cast<uint32_t>(loss_)) {
Mirko Bonadei675513b2017-11-09 10:09:25652 RTC_LOG(LS_VERBOSE) << "Randomly dropping packet, size=" << data_len;
Harald Alvestrand11840ce2022-11-10 10:50:50653 written = data_len;
henrike@webrtc.orgf0488722014-05-13 18:00:26654 return rtc::SR_SUCCESS;
655 }
656 if (dtls_ && (data_len > mtu_)) {
Mirko Bonadei675513b2017-11-09 10:09:25657 RTC_LOG(LS_VERBOSE) << "Dropping packet > mtu, size=" << data_len;
Harald Alvestrand11840ce2022-11-10 10:50:50658 written = data_len;
henrike@webrtc.orgf0488722014-05-13 18:00:26659 return rtc::SR_SUCCESS;
660 }
661
662 // Optionally damage application data (type 23). Note that we don't damage
663 // handshake packets and we damage the last byte to keep the header
664 // intact but break the MAC.
Yves Gerey665174f2018-06-19 13:03:05665 if (damage_ && (*static_cast<const unsigned char*>(data) == 23)) {
Harald Alvestrand11840ce2022-11-10 10:50:50666 std::vector<uint8_t> buf(data_len);
henrike@webrtc.orgf0488722014-05-13 18:00:26667
Mirko Bonadei675513b2017-11-09 10:09:25668 RTC_LOG(LS_VERBOSE) << "Damaging packet";
henrike@webrtc.orgf0488722014-05-13 18:00:26669
670 memcpy(&buf[0], data, data_len);
671 buf[data_len - 1]++;
Harald Alvestrand11840ce2022-11-10 10:50:50672 return from->WriteData(rtc::MakeArrayView(&buf[0], data_len), written,
673 error);
henrike@webrtc.orgf0488722014-05-13 18:00:26674 }
675
Harald Alvestrand11840ce2022-11-10 10:50:50676 return from->WriteData(
677 rtc::MakeArrayView(reinterpret_cast<const uint8_t*>(data), data_len),
678 written, error);
henrike@webrtc.orgf0488722014-05-13 18:00:26679 }
680
Yves Gerey665174f2018-06-19 13:03:05681 void SetDelay(int delay) { delay_ = delay; }
henrike@webrtc.orgf0488722014-05-13 18:00:26682 int GetDelay() { return delay_; }
683
Yves Gerey665174f2018-06-19 13:03:05684 void SetLoseFirstPacket(bool lose) { lose_first_packet_ = lose; }
henrike@webrtc.orgf0488722014-05-13 18:00:26685 bool GetLoseFirstPacket() { return lose_first_packet_; }
686
Yves Gerey665174f2018-06-19 13:03:05687 void SetLoss(int percent) { loss_ = percent; }
henrike@webrtc.orgf0488722014-05-13 18:00:26688
Yves Gerey665174f2018-06-19 13:03:05689 void SetDamage() { damage_ = true; }
henrike@webrtc.orgf0488722014-05-13 18:00:26690
Yves Gerey665174f2018-06-19 13:03:05691 void SetMtu(size_t mtu) { mtu_ = mtu; }
henrike@webrtc.orgf0488722014-05-13 18:00:26692
Yves Gerey665174f2018-06-19 13:03:05693 void SetHandshakeWait(int wait) { handshake_wait_ = wait; }
henrike@webrtc.orgf0488722014-05-13 18:00:26694
Guo-wei Shieh521ed7b2015-11-19 03:41:53695 void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {
henrike@webrtc.orgf0488722014-05-13 18:00:26696 if (client)
Guo-wei Shieh521ed7b2015-11-19 03:41:53697 client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
henrike@webrtc.orgf0488722014-05-13 18:00:26698 else
Guo-wei Shieh521ed7b2015-11-19 03:41:53699 server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
henrike@webrtc.orgf0488722014-05-13 18:00:26700 }
701
Guo-wei Shieh521ed7b2015-11-19 03:41:53702 bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {
henrike@webrtc.orgf0488722014-05-13 18:00:26703 if (client)
Guo-wei Shieh521ed7b2015-11-19 03:41:53704 return client_ssl_->GetDtlsSrtpCryptoSuite(retval);
henrike@webrtc.orgf0488722014-05-13 18:00:26705 else
Guo-wei Shieh521ed7b2015-11-19 03:41:53706 return server_ssl_->GetDtlsSrtpCryptoSuite(retval);
henrike@webrtc.orgf0488722014-05-13 18:00:26707 }
708
jbauch555604a2016-04-26 10:13:22709 std::unique_ptr<rtc::SSLCertificate> GetPeerCertificate(bool client) {
Taylor Brandstetterc3928662018-02-23 21:04:51710 std::unique_ptr<rtc::SSLCertChain> chain;
henrike@webrtc.orgf0488722014-05-13 18:00:26711 if (client)
Taylor Brandstetterc3928662018-02-23 21:04:51712 chain = client_ssl_->GetPeerSSLCertChain();
henrike@webrtc.orgf0488722014-05-13 18:00:26713 else
Taylor Brandstetterc3928662018-02-23 21:04:51714 chain = server_ssl_->GetPeerSSLCertChain();
Steve Antonf25303e2018-10-16 22:23:31715 return (chain && chain->GetSize()) ? chain->Get(0).Clone() : nullptr;
henrike@webrtc.orgf0488722014-05-13 18:00:26716 }
717
Guo-wei Shieh6caafbe2015-10-05 19:43:27718 bool GetSslCipherSuite(bool client, int* retval) {
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36719 if (client)
Guo-wei Shieh456696a2015-10-01 04:48:54720 return client_ssl_->GetSslCipherSuite(retval);
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36721 else
Guo-wei Shieh456696a2015-10-01 04:48:54722 return server_ssl_->GetSslCipherSuite(retval);
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:36723 }
724
torbjorng43166b82016-03-11 08:06:47725 int GetSslVersion(bool client) {
726 if (client)
727 return client_ssl_->GetSslVersion();
728 else
729 return server_ssl_->GetSslVersion();
730 }
731
Ali Tofigh2ab914c2022-04-13 10:55:15732 bool ExportKeyingMaterial(absl::string_view label,
Yves Gerey665174f2018-06-19 13:03:05733 const unsigned char* context,
henrike@webrtc.orgf0488722014-05-13 18:00:26734 size_t context_len,
735 bool use_context,
736 bool client,
Yves Gerey665174f2018-06-19 13:03:05737 unsigned char* result,
henrike@webrtc.orgf0488722014-05-13 18:00:26738 size_t result_len) {
739 if (client)
Yves Gerey665174f2018-06-19 13:03:05740 return client_ssl_->ExportKeyingMaterial(label, context, context_len,
741 use_context, result, result_len);
henrike@webrtc.orgf0488722014-05-13 18:00:26742 else
Yves Gerey665174f2018-06-19 13:03:05743 return server_ssl_->ExportKeyingMaterial(label, context, context_len,
744 use_context, result, result_len);
henrike@webrtc.orgf0488722014-05-13 18:00:26745 }
746
747 // To be implemented by subclasses.
748 virtual void WriteData() = 0;
Yves Gerey665174f2018-06-19 13:03:05749 virtual void ReadData(rtc::StreamInterface* stream) = 0;
henrike@webrtc.orgf0488722014-05-13 18:00:26750 virtual void TestTransfer(int size) = 0;
751
752 protected:
Harald Alvestrand8515d5a2020-03-20 21:51:32753 rtc::SSLIdentity* client_identity() const {
754 if (!client_ssl_) {
755 return nullptr;
756 }
757 return client_ssl_->GetIdentityForTesting();
758 }
759 rtc::SSLIdentity* server_identity() const {
760 if (!server_ssl_) {
761 return nullptr;
762 }
763 return server_ssl_->GetIdentityForTesting();
764 }
765
Niels Möller83830f32022-05-20 07:12:57766 rtc::AutoThread main_thread_;
jbauche488a0d2015-11-19 13:17:58767 std::string client_cert_pem_;
768 std::string client_private_key_pem_;
769 rtc::KeyParams client_key_type_;
770 rtc::KeyParams server_key_type_;
Yves Gerey665174f2018-06-19 13:03:05771 SSLDummyStreamBase* client_stream_; // freed by client_ssl_ destructor
772 SSLDummyStreamBase* server_stream_; // freed by server_ssl_ destructor
jbauch555604a2016-04-26 10:13:22773 std::unique_ptr<rtc::SSLStreamAdapter> client_ssl_;
774 std::unique_ptr<rtc::SSLStreamAdapter> server_ssl_;
henrike@webrtc.orgf0488722014-05-13 18:00:26775 int delay_;
776 size_t mtu_;
777 int loss_;
778 bool lose_first_packet_;
779 bool damage_;
780 bool dtls_;
781 int handshake_wait_;
782 bool identities_set_;
783};
784
Torbjorn Granlundb6d4ec42015-08-17 12:08:59785class SSLStreamAdapterTestTLS
786 : public SSLStreamAdapterTestBase,
torbjorng4e572472015-10-08 16:42:49787 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
henrike@webrtc.orgf0488722014-05-13 18:00:26788 public:
Torbjorn Granlundb6d4ec42015-08-17 12:08:59789 SSLStreamAdapterTestTLS()
790 : SSLStreamAdapterTestBase("",
791 "",
792 false,
793 ::testing::get<0>(GetParam()),
jbauche488a0d2015-11-19 13:17:58794 ::testing::get<1>(GetParam())),
795 client_buffer_(kFifoBufferSize),
Yves Gerey665174f2018-06-19 13:03:05796 server_buffer_(kFifoBufferSize) {}
jbauche488a0d2015-11-19 13:17:58797
torbjorng7593aad2015-11-19 20:20:51798 void CreateStreams() override {
jbauche488a0d2015-11-19 13:17:58799 client_stream_ =
800 new SSLDummyStreamTLS(this, "c2s", &client_buffer_, &server_buffer_);
801 server_stream_ =
802 new SSLDummyStreamTLS(this, "s2c", &server_buffer_, &client_buffer_);
803 }
henrike@webrtc.orgf0488722014-05-13 18:00:26804
805 // Test data transfer for TLS
nisseef8b61e2016-04-29 13:09:15806 void TestTransfer(int size) override {
Mirko Bonadei675513b2017-11-09 10:09:25807 RTC_LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";
henrike@webrtc.orgf0488722014-05-13 18:00:26808 // Create some dummy data to send.
809 size_t received;
810
811 send_stream_.ReserveSize(size);
812 for (int i = 0; i < size; ++i) {
Harald Alvestranddd4c4062022-11-16 07:29:57813 uint8_t ch = static_cast<uint8_t>(i);
814 size_t written;
815 int error;
816 send_stream_.Write(rtc::MakeArrayView(&ch, 1), written, error);
henrike@webrtc.orgf0488722014-05-13 18:00:26817 }
818 send_stream_.Rewind();
819
820 // Prepare the receive stream.
821 recv_stream_.ReserveSize(size);
822
823 // Start sending
824 WriteData();
825
826 // Wait for the client to close
827 EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000);
828
829 // Now check the data
830 recv_stream_.GetSize(&received);
831
832 EXPECT_EQ(static_cast<size_t>(size), received);
Yves Gerey665174f2018-06-19 13:03:05833 EXPECT_EQ(0,
834 memcmp(send_stream_.GetBuffer(), recv_stream_.GetBuffer(), size));
henrike@webrtc.orgf0488722014-05-13 18:00:26835 }
836
nisseef8b61e2016-04-29 13:09:15837 void WriteData() override {
henrike@webrtc.orgf0488722014-05-13 18:00:26838 size_t position, tosend, size;
839 rtc::StreamResult rv;
840 size_t sent;
Harald Alvestrand11840ce2022-11-10 10:50:50841 uint8_t block[kBlockSize];
henrike@webrtc.orgf0488722014-05-13 18:00:26842
843 send_stream_.GetSize(&size);
844 if (!size)
845 return;
846
847 for (;;) {
848 send_stream_.GetPosition(&position);
Harald Alvestranddd4c4062022-11-16 07:29:57849 int dummy_error;
850 if (send_stream_.Read(block, tosend, dummy_error) != rtc::SR_EOS) {
Harald Alvestrand11840ce2022-11-10 10:50:50851 int error;
852 rv = client_ssl_->Write(rtc::MakeArrayView(block, tosend), sent, error);
henrike@webrtc.orgf0488722014-05-13 18:00:26853
854 if (rv == rtc::SR_SUCCESS) {
855 send_stream_.SetPosition(position + sent);
Mirko Bonadei675513b2017-11-09 10:09:25856 RTC_LOG(LS_VERBOSE) << "Sent: " << position + sent;
henrike@webrtc.orgf0488722014-05-13 18:00:26857 } else if (rv == rtc::SR_BLOCK) {
Mirko Bonadei675513b2017-11-09 10:09:25858 RTC_LOG(LS_VERBOSE) << "Blocked...";
henrike@webrtc.orgf0488722014-05-13 18:00:26859 send_stream_.SetPosition(position);
860 break;
861 } else {
862 ADD_FAILURE();
863 break;
864 }
865 } else {
866 // Now close
Mirko Bonadei675513b2017-11-09 10:09:25867 RTC_LOG(LS_INFO) << "Wrote " << position << " bytes. Closing";
henrike@webrtc.orgf0488722014-05-13 18:00:26868 client_ssl_->Close();
869 break;
870 }
871 }
Mirko Bonadeic4dd7302019-02-25 08:12:02872 }
henrike@webrtc.orgf0488722014-05-13 18:00:26873
Yves Gerey665174f2018-06-19 13:03:05874 void ReadData(rtc::StreamInterface* stream) override {
Harald Alvestrand11840ce2022-11-10 10:50:50875 uint8_t buffer[1600];
henrike@webrtc.orgf0488722014-05-13 18:00:26876 size_t bread;
877 int err2;
878 rtc::StreamResult r;
879
880 for (;;) {
Harald Alvestrand11840ce2022-11-10 10:50:50881 r = stream->Read(buffer, bread, err2);
henrike@webrtc.orgf0488722014-05-13 18:00:26882
883 if (r == rtc::SR_ERROR || r == rtc::SR_EOS) {
884 // Unfortunately, errors are the way that the stream adapter
torbjorng7593aad2015-11-19 20:20:51885 // signals close in OpenSSL.
henrike@webrtc.orgf0488722014-05-13 18:00:26886 stream->Close();
887 return;
888 }
889
890 if (r == rtc::SR_BLOCK)
891 break;
892
893 ASSERT_EQ(rtc::SR_SUCCESS, r);
Mirko Bonadei675513b2017-11-09 10:09:25894 RTC_LOG(LS_VERBOSE) << "Read " << bread;
Harald Alvestranddd4c4062022-11-16 07:29:57895 size_t written;
896 int error;
897 recv_stream_.Write(rtc::MakeArrayView(buffer, bread), written, error);
henrike@webrtc.orgf0488722014-05-13 18:00:26898 }
899 }
900
901 private:
jbauche488a0d2015-11-19 13:17:58902 rtc::FifoBuffer client_buffer_;
903 rtc::FifoBuffer server_buffer_;
henrike@webrtc.orgf0488722014-05-13 18:00:26904 rtc::MemoryStream send_stream_;
905 rtc::MemoryStream recv_stream_;
906};
907
Harald Alvestrand13799132020-03-09 18:39:36908class SSLStreamAdapterTestDTLSBase : public SSLStreamAdapterTestBase {
henrike@webrtc.orgf0488722014-05-13 18:00:26909 public:
Harald Alvestrand13799132020-03-09 18:39:36910 SSLStreamAdapterTestDTLSBase(rtc::KeyParams param1, rtc::KeyParams param2)
911 : SSLStreamAdapterTestBase("", "", true, param1, param2),
jbauche488a0d2015-11-19 13:17:58912 client_buffer_(kBufferCapacity, kDefaultBufferSize),
913 server_buffer_(kBufferCapacity, kDefaultBufferSize),
Torbjorn Granlundb6d4ec42015-08-17 12:08:59914 packet_size_(1000),
915 count_(0),
916 sent_(0) {}
henrike@webrtc.orgf0488722014-05-13 18:00:26917
Ali Tofigh7fa90572022-03-17 14:47:49918 SSLStreamAdapterTestDTLSBase(absl::string_view cert_pem,
919 absl::string_view private_key_pem)
Yves Gerey665174f2018-06-19 13:03:05920 : SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),
921 client_buffer_(kBufferCapacity, kDefaultBufferSize),
922 server_buffer_(kBufferCapacity, kDefaultBufferSize),
923 packet_size_(1000),
924 count_(0),
925 sent_(0) {}
henrike@webrtc.orgf0488722014-05-13 18:00:26926
torbjorng7593aad2015-11-19 20:20:51927 void CreateStreams() override {
jbauche488a0d2015-11-19 13:17:58928 client_stream_ =
929 new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);
930 server_stream_ =
931 new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);
932 }
933
nisseef8b61e2016-04-29 13:09:15934 void WriteData() override {
Harald Alvestrand11840ce2022-11-10 10:50:50935 uint8_t* packet = new uint8_t[1600];
henrike@webrtc.orgf0488722014-05-13 18:00:26936
jbauche488a0d2015-11-19 13:17:58937 while (sent_ < count_) {
torbjorng7593aad2015-11-19 20:20:51938 unsigned int rand_state = sent_;
939 packet[0] = sent_;
940 for (size_t i = 1; i < packet_size_; i++) {
941 // This is a simple LC PRNG. Keep in synch with identical code below.
942 rand_state = (rand_state * 251 + 19937) >> 7;
943 packet[i] = rand_state & 0xff;
944 }
henrike@webrtc.orgf0488722014-05-13 18:00:26945
946 size_t sent;
Harald Alvestrand11840ce2022-11-10 10:50:50947 int error;
948 rtc::StreamResult rv = client_ssl_->Write(
949 rtc::MakeArrayView(packet, packet_size_), sent, error);
henrike@webrtc.orgf0488722014-05-13 18:00:26950 if (rv == rtc::SR_SUCCESS) {
Mirko Bonadei675513b2017-11-09 10:09:25951 RTC_LOG(LS_VERBOSE) << "Sent: " << sent_;
henrike@webrtc.orgf0488722014-05-13 18:00:26952 sent_++;
953 } else if (rv == rtc::SR_BLOCK) {
Mirko Bonadei675513b2017-11-09 10:09:25954 RTC_LOG(LS_VERBOSE) << "Blocked...";
henrike@webrtc.orgf0488722014-05-13 18:00:26955 break;
956 } else {
957 ADD_FAILURE();
958 break;
959 }
jbauche488a0d2015-11-19 13:17:58960 }
henrike@webrtc.orgf0488722014-05-13 18:00:26961
Yves Gerey665174f2018-06-19 13:03:05962 delete[] packet;
henrike@webrtc.orgf0488722014-05-13 18:00:26963 }
964
Yves Gerey665174f2018-06-19 13:03:05965 void ReadData(rtc::StreamInterface* stream) override {
Harald Alvestrand11840ce2022-11-10 10:50:50966 uint8_t buffer[2000];
henrike@webrtc.orgf0488722014-05-13 18:00:26967 size_t bread;
968 int err2;
969 rtc::StreamResult r;
970
971 for (;;) {
Harald Alvestrand11840ce2022-11-10 10:50:50972 r = stream->Read(buffer, bread, err2);
henrike@webrtc.orgf0488722014-05-13 18:00:26973
974 if (r == rtc::SR_ERROR) {
975 // Unfortunately, errors are the way that the stream adapter
976 // signals close right now
977 stream->Close();
978 return;
979 }
980
981 if (r == rtc::SR_BLOCK)
982 break;
983
984 ASSERT_EQ(rtc::SR_SUCCESS, r);
Mirko Bonadei675513b2017-11-09 10:09:25985 RTC_LOG(LS_VERBOSE) << "Read " << bread;
henrike@webrtc.orgf0488722014-05-13 18:00:26986
987 // Now parse the datagram
988 ASSERT_EQ(packet_size_, bread);
torbjorng7593aad2015-11-19 20:20:51989 unsigned char packet_num = buffer[0];
henrike@webrtc.orgf0488722014-05-13 18:00:26990
torbjorng7593aad2015-11-19 20:20:51991 unsigned int rand_state = packet_num;
992 for (size_t i = 1; i < packet_size_; i++) {
993 // This is a simple LC PRNG. Keep in synch with identical code above.
994 rand_state = (rand_state * 251 + 19937) >> 7;
995 ASSERT_EQ(rand_state & 0xff, buffer[i]);
henrike@webrtc.orgf0488722014-05-13 18:00:26996 }
997 received_.insert(packet_num);
998 }
999 }
1000
nisseef8b61e2016-04-29 13:09:151001 void TestTransfer(int count) override {
henrike@webrtc.orgf0488722014-05-13 18:00:261002 count_ = count;
1003
1004 WriteData();
1005
1006 EXPECT_TRUE_WAIT(sent_ == count_, 10000);
Mirko Bonadei675513b2017-11-09 10:09:251007 RTC_LOG(LS_INFO) << "sent_ == " << sent_;
henrike@webrtc.orgf0488722014-05-13 18:00:261008
1009 if (damage_) {
1010 WAIT(false, 2000);
1011 EXPECT_EQ(0U, received_.size());
1012 } else if (loss_ == 0) {
Yves Gerey665174f2018-06-19 13:03:051013 EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000);
henrike@webrtc.orgf0488722014-05-13 18:00:261014 } else {
Mirko Bonadei675513b2017-11-09 10:09:251015 RTC_LOG(LS_INFO) << "Sent " << sent_ << " packets; received "
1016 << received_.size();
henrike@webrtc.orgf0488722014-05-13 18:00:261017 }
Mirko Bonadeic4dd7302019-02-25 08:12:021018 }
henrike@webrtc.orgf0488722014-05-13 18:00:261019
Harald Alvestrand13799132020-03-09 18:39:361020 protected:
jbauche488a0d2015-11-19 13:17:581021 BufferQueueStream client_buffer_;
1022 BufferQueueStream server_buffer_;
Harald Alvestrand13799132020-03-09 18:39:361023
1024 private:
henrike@webrtc.orgf0488722014-05-13 18:00:261025 size_t packet_size_;
1026 int count_;
1027 int sent_;
1028 std::set<int> received_;
1029};
1030
Harald Alvestrand13799132020-03-09 18:39:361031class SSLStreamAdapterTestDTLS
1032 : public SSLStreamAdapterTestDTLSBase,
1033 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
1034 public:
1035 SSLStreamAdapterTestDTLS()
1036 : SSLStreamAdapterTestDTLSBase(::testing::get<0>(GetParam()),
1037 ::testing::get<1>(GetParam())) {}
1038
Ali Tofigh7fa90572022-03-17 14:47:491039 SSLStreamAdapterTestDTLS(absl::string_view cert_pem,
1040 absl::string_view private_key_pem)
Harald Alvestrand13799132020-03-09 18:39:361041 : SSLStreamAdapterTestDTLSBase(cert_pem, private_key_pem) {}
1042};
1043
Harald Alvestrand11840ce2022-11-10 10:50:501044rtc::StreamResult SSLDummyStreamBase::Write(rtc::ArrayView<const uint8_t> data,
1045 size_t& written,
1046 int& error) {
1047 RTC_LOG(LS_VERBOSE) << "Writing to loopback " << data.size();
henrike@webrtc.orgf0488722014-05-13 18:00:261048
1049 if (first_packet_) {
1050 first_packet_ = false;
jbauche488a0d2015-11-19 13:17:581051 if (test_base_->GetLoseFirstPacket()) {
Harald Alvestrand11840ce2022-11-10 10:50:501052 RTC_LOG(LS_INFO) << "Losing initial packet of length " << data.size();
1053 written = data.size(); // Fake successful writing also to writer.
henrike@webrtc.orgf0488722014-05-13 18:00:261054 return rtc::SR_SUCCESS;
1055 }
1056 }
1057
Harald Alvestrand11840ce2022-11-10 10:50:501058 return test_base_->DataWritten(this, data.data(), data.size(), written,
1059 error);
Mirko Bonadeic4dd7302019-02-25 08:12:021060}
henrike@webrtc.orgf0488722014-05-13 18:00:261061
1062class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS {
1063 public:
Yves Gerey665174f2018-06-19 13:03:051064 SSLStreamAdapterTestDTLSFromPEMStrings()
1065 : SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {}
henrike@webrtc.orgf0488722014-05-13 18:00:261066};
1067
Jian Cui0a8798b2017-11-17 00:58:021068// Test fixture for certificate chaining. Server will push more than one
1069// certificate.
1070class SSLStreamAdapterTestDTLSCertChain : public SSLStreamAdapterTestDTLS {
1071 public:
Mirko Bonadeic4dd7302019-02-25 08:12:021072 SSLStreamAdapterTestDTLSCertChain() : SSLStreamAdapterTestDTLS("", "") {}
Jian Cui0a8798b2017-11-17 00:58:021073 void SetUp() override {
1074 CreateStreams();
1075
Harald Alvestrand8515d5a2020-03-20 21:51:321076 client_ssl_ =
1077 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
1078 server_ssl_ =
1079 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
Jian Cui0a8798b2017-11-17 00:58:021080
1081 // Set up the slots
1082 client_ssl_->SignalEvent.connect(
1083 reinterpret_cast<SSLStreamAdapterTestBase*>(this),
1084 &SSLStreamAdapterTestBase::OnEvent);
1085 server_ssl_->SignalEvent.connect(
1086 reinterpret_cast<SSLStreamAdapterTestBase*>(this),
1087 &SSLStreamAdapterTestBase::OnEvent);
1088
Harald Alvestrand8515d5a2020-03-20 21:51:321089 std::unique_ptr<rtc::SSLIdentity> client_identity;
Jian Cui0a8798b2017-11-17 00:58:021090 if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
Harald Alvestrand8515d5a2020-03-20 21:51:321091 client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
Jian Cui0a8798b2017-11-17 00:58:021092 client_private_key_pem_, client_cert_pem_);
1093 } else {
Harald Alvestrand8515d5a2020-03-20 21:51:321094 client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
Jian Cui0a8798b2017-11-17 00:58:021095 }
1096
Harald Alvestrand8515d5a2020-03-20 21:51:321097 client_ssl_->SetIdentity(std::move(client_identity));
Jian Cui0a8798b2017-11-17 00:58:021098 }
1099};
1100
henrike@webrtc.orgf0488722014-05-13 18:00:261101// Basic tests: TLS
1102
henrike@webrtc.orgf0488722014-05-13 18:00:261103// Test that we can make a handshake work
Torbjorn Granlundb6d4ec42015-08-17 12:08:591104TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) {
henrike@webrtc.orgf0488722014-05-13 18:00:261105 TestHandshake();
Mirko Bonadeic4dd7302019-02-25 08:12:021106}
henrike@webrtc.orgf0488722014-05-13 18:00:261107
Jian Cui0a8798b2017-11-17 00:58:021108TEST_P(SSLStreamAdapterTestTLS, GetPeerCertChainWithOneCertificate) {
1109 TestHandshake();
1110 std::unique_ptr<rtc::SSLCertChain> cert_chain =
1111 client_ssl_->GetPeerSSLCertChain();
Jian Cui0a8798b2017-11-17 00:58:021112 ASSERT_NE(nullptr, cert_chain);
1113 EXPECT_EQ(1u, cert_chain->GetSize());
Taylor Brandstetterc3928662018-02-23 21:04:511114 EXPECT_EQ(cert_chain->Get(0).ToPEMString(),
Harald Alvestrand8515d5a2020-03-20 21:51:321115 server_identity()->certificate().ToPEMString());
Jian Cui0a8798b2017-11-17 00:58:021116}
1117
1118TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshake) {
Harald Alvestrand8515d5a2020-03-20 21:51:321119 auto server_identity = rtc::SSLIdentity::CreateFromPEMChainStrings(
Jian Cui0a8798b2017-11-17 00:58:021120 kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert);
Harald Alvestrand8515d5a2020-03-20 21:51:321121 server_ssl_->SetIdentity(std::move(server_identity));
Jian Cui0a8798b2017-11-17 00:58:021122 TestHandshake();
1123 std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
1124 client_ssl_->GetPeerSSLCertChain();
1125 ASSERT_NE(nullptr, peer_cert_chain);
1126 ASSERT_EQ(2u, peer_cert_chain->GetSize());
1127 EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
1128 EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
1129}
1130
David Benjaminea84b6b2017-12-01 22:25:451131TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshakeWithCopy) {
Harald Alvestrand8515d5a2020-03-20 21:51:321132 server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
1133 kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert));
David Benjaminea84b6b2017-12-01 22:25:451134 TestHandshake();
1135 std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
1136 client_ssl_->GetPeerSSLCertChain();
1137 ASSERT_NE(nullptr, peer_cert_chain);
1138 ASSERT_EQ(2u, peer_cert_chain->GetSize());
1139 EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
1140 EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
1141}
1142
Jian Cui0a8798b2017-11-17 00:58:021143TEST_F(SSLStreamAdapterTestDTLSCertChain, ThreeCertHandshake) {
Harald Alvestrand8515d5a2020-03-20 21:51:321144 server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
1145 kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kIntCert1 + kCACert));
Jian Cui0a8798b2017-11-17 00:58:021146 TestHandshake();
1147 std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
1148 client_ssl_->GetPeerSSLCertChain();
1149 ASSERT_NE(nullptr, peer_cert_chain);
1150 ASSERT_EQ(3u, peer_cert_chain->GetSize());
1151 EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
1152 EXPECT_EQ(kIntCert1, peer_cert_chain->Get(1).ToPEMString());
1153 EXPECT_EQ(kCACert, peer_cert_chain->Get(2).ToPEMString());
1154}
1155
jiayl@webrtc.orgf1d751c2014-09-25 16:38:461156// Test that closing the connection on one side updates the other side.
Torbjorn Granlundb6d4ec42015-08-17 12:08:591157TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) {
jiayl@webrtc.orgf1d751c2014-09-25 16:38:461158 TestHandshake();
1159 client_ssl_->Close();
1160 EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);
Mirko Bonadeic4dd7302019-02-25 08:12:021161}
jiayl@webrtc.orgf1d751c2014-09-25 16:38:461162
henrike@webrtc.orgf0488722014-05-13 18:00:261163// Test transfer -- trivial
Torbjorn Granlundb6d4ec42015-08-17 12:08:591164TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) {
henrike@webrtc.orgf0488722014-05-13 18:00:261165 TestHandshake();
1166 TestTransfer(100000);
Mirko Bonadeic4dd7302019-02-25 08:12:021167}
henrike@webrtc.orgf0488722014-05-13 18:00:261168
1169// Test read-write after close.
Torbjorn Granlundb6d4ec42015-08-17 12:08:591170TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
henrike@webrtc.orgf0488722014-05-13 18:00:261171 TestHandshake();
1172 TestTransfer(100000);
1173 client_ssl_->Close();
1174
1175 rtc::StreamResult rv;
Harald Alvestrand11840ce2022-11-10 10:50:501176 uint8_t block[kBlockSize];
henrike@webrtc.orgf0488722014-05-13 18:00:261177 size_t dummy;
Harald Alvestrand11840ce2022-11-10 10:50:501178 int error;
henrike@webrtc.orgf0488722014-05-13 18:00:261179
1180 // It's an error to write after closed.
Harald Alvestrand11840ce2022-11-10 10:50:501181 rv = client_ssl_->Write(block, dummy, error);
henrike@webrtc.orgf0488722014-05-13 18:00:261182 ASSERT_EQ(rtc::SR_ERROR, rv);
1183
1184 // But after closed read gives you EOS.
Harald Alvestrand11840ce2022-11-10 10:50:501185 rv = client_ssl_->Read(block, dummy, error);
henrike@webrtc.orgf0488722014-05-13 18:00:261186 ASSERT_EQ(rtc::SR_EOS, rv);
Mirko Bonadeic4dd7302019-02-25 08:12:021187}
henrike@webrtc.orgf0488722014-05-13 18:00:261188
1189// Test a handshake with a bogus peer digest
Torbjorn Granlundb6d4ec42015-08-17 12:08:591190TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
deadbeef89824f62016-09-30 18:55:431191 SetPeerIdentitiesByDigest(false, true);
henrike@webrtc.orgf0488722014-05-13 18:00:261192 TestHandshake(false);
Mirko Bonadeic4dd7302019-02-25 08:12:021193}
henrike@webrtc.orgf0488722014-05-13 18:00:261194
deadbeef89824f62016-09-30 18:55:431195TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentity) {
1196 TestHandshakeWithDelayedIdentity(true);
Mirko Bonadeic4dd7302019-02-25 08:12:021197}
deadbeef89824f62016-09-30 18:55:431198
1199TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentityWithBogusDigest) {
1200 TestHandshakeWithDelayedIdentity(false);
Mirko Bonadeic4dd7302019-02-25 08:12:021201}
deadbeef89824f62016-09-30 18:55:431202
1203// Test that the correct error is returned when SetPeerCertificateDigest is
1204// called with an unknown algorithm.
1205TEST_P(SSLStreamAdapterTestTLS,
1206 TestSetPeerCertificateDigestWithUnknownAlgorithm) {
1207 unsigned char server_digest[20];
1208 size_t server_digest_len;
1209 bool rv;
1210 rtc::SSLPeerCertificateDigestError err;
1211
Harald Alvestrand8515d5a2020-03-20 21:51:321212 rv = server_identity()->certificate().ComputeDigest(
deadbeef89824f62016-09-30 18:55:431213 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
1214 ASSERT_TRUE(rv);
1215
1216 rv = client_ssl_->SetPeerCertificateDigest("unknown algorithm", server_digest,
1217 server_digest_len, &err);
1218 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::UNKNOWN_ALGORITHM, err);
1219 EXPECT_FALSE(rv);
1220}
1221
1222// Test that the correct error is returned when SetPeerCertificateDigest is
1223// called with an invalid digest length.
1224TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) {
1225 unsigned char server_digest[20];
1226 size_t server_digest_len;
1227 bool rv;
1228 rtc::SSLPeerCertificateDigestError err;
1229
Harald Alvestrand8515d5a2020-03-20 21:51:321230 rv = server_identity()->certificate().ComputeDigest(
deadbeef89824f62016-09-30 18:55:431231 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
1232 ASSERT_TRUE(rv);
1233
1234 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
1235 server_digest_len - 1, &err);
1236 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err);
1237 EXPECT_FALSE(rv);
1238}
1239
henrike@webrtc.orgf0488722014-05-13 18:00:261240// Test moving a bunch of data
1241
1242// Basic tests: DTLS
1243// Test that we can make a handshake work
Torbjorn Granlundb6d4ec42015-08-17 12:08:591244TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
henrike@webrtc.orgf0488722014-05-13 18:00:261245 TestHandshake();
Mirko Bonadeic4dd7302019-02-25 08:12:021246}
henrike@webrtc.orgf0488722014-05-13 18:00:261247
1248// Test that we can make a handshake work if the first packet in
1249// each direction is lost. This gives us predictable loss
1250// rather than having to tune random
Torbjorn Granlundb6d4ec42015-08-17 12:08:591251TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
henrike@webrtc.orgf0488722014-05-13 18:00:261252 SetLoseFirstPacket(true);
1253 TestHandshake();
Mirko Bonadeic4dd7302019-02-25 08:12:021254}
henrike@webrtc.orgf0488722014-05-13 18:00:261255
1256// Test a handshake with loss and delay
Torbjorn Granlundb6d4ec42015-08-17 12:08:591257TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
henrike@webrtc.orgf0488722014-05-13 18:00:261258 SetLoseFirstPacket(true);
1259 SetDelay(2000);
1260 SetHandshakeWait(20000);
1261 TestHandshake();
Mirko Bonadeic4dd7302019-02-25 08:12:021262}
henrike@webrtc.orgf0488722014-05-13 18:00:261263
1264// Test a handshake with small MTU
pbos@webrtc.org127ca3f2014-10-09 07:52:031265// Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
Torbjorn Granlundb6d4ec42015-08-17 12:08:591266TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
henrike@webrtc.orgf0488722014-05-13 18:00:261267 SetMtu(700);
1268 SetHandshakeWait(20000);
1269 TestHandshake();
Mirko Bonadeic4dd7302019-02-25 08:12:021270}
henrike@webrtc.orgf0488722014-05-13 18:00:261271
Philipp Hancke9c83d9d2022-04-28 17:01:281272// Test a handshake with total loss and timing out.
1273TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectTimeout) {
1274 SetLoss(100);
1275 TestHandshakeTimeout();
1276}
1277
henrike@webrtc.orgf0488722014-05-13 18:00:261278// Test transfer -- trivial
jbauche488a0d2015-11-19 13:17:581279TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
henrike@webrtc.orgf0488722014-05-13 18:00:261280 TestHandshake();
1281 TestTransfer(100);
Mirko Bonadeic4dd7302019-02-25 08:12:021282}
henrike@webrtc.orgf0488722014-05-13 18:00:261283
jbauche488a0d2015-11-19 13:17:581284TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
henrike@webrtc.orgf0488722014-05-13 18:00:261285 TestHandshake();
1286 SetLoss(10);
1287 TestTransfer(100);
Mirko Bonadeic4dd7302019-02-25 08:12:021288}
henrike@webrtc.orgf0488722014-05-13 18:00:261289
jbauche488a0d2015-11-19 13:17:581290TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
henrike@webrtc.orgf0488722014-05-13 18:00:261291 SetDamage(); // Must be called first because first packet
1292 // write happens at end of handshake.
1293 TestHandshake();
1294 TestTransfer(100);
Mirko Bonadeic4dd7302019-02-25 08:12:021295}
henrike@webrtc.orgf0488722014-05-13 18:00:261296
deadbeef89824f62016-09-30 18:55:431297TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) {
1298 TestHandshakeWithDelayedIdentity(true);
Mirko Bonadeic4dd7302019-02-25 08:12:021299}
deadbeef89824f62016-09-30 18:55:431300
1301TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) {
1302 TestHandshakeWithDelayedIdentity(false);
Mirko Bonadeic4dd7302019-02-25 08:12:021303}
deadbeef89824f62016-09-30 18:55:431304
henrike@webrtc.orgf0488722014-05-13 18:00:261305// Test DTLS-SRTP with all high ciphers
Torbjorn Granlundb6d4ec42015-08-17 12:08:591306TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
Guo-wei Shieh521ed7b2015-11-19 03:41:531307 std::vector<int> high;
Mirko Bonadei7750d802021-07-26 15:27:421308 high.push_back(rtc::kSrtpAes128CmSha1_80);
Guo-wei Shieh521ed7b2015-11-19 03:41:531309 SetDtlsSrtpCryptoSuites(high, true);
1310 SetDtlsSrtpCryptoSuites(high, false);
henrike@webrtc.orgf0488722014-05-13 18:00:261311 TestHandshake();
1312
Guo-wei Shieh521ed7b2015-11-19 03:41:531313 int client_cipher;
1314 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1315 int server_cipher;
1316 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
henrike@webrtc.orgf0488722014-05-13 18:00:261317
1318 ASSERT_EQ(client_cipher, server_cipher);
Mirko Bonadei7750d802021-07-26 15:27:421319 ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80);
Mirko Bonadeic4dd7302019-02-25 08:12:021320}
henrike@webrtc.orgf0488722014-05-13 18:00:261321
1322// Test DTLS-SRTP with all low ciphers
Torbjorn Granlundb6d4ec42015-08-17 12:08:591323TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
Guo-wei Shieh521ed7b2015-11-19 03:41:531324 std::vector<int> low;
Mirko Bonadei7750d802021-07-26 15:27:421325 low.push_back(rtc::kSrtpAes128CmSha1_32);
Guo-wei Shieh521ed7b2015-11-19 03:41:531326 SetDtlsSrtpCryptoSuites(low, true);
1327 SetDtlsSrtpCryptoSuites(low, false);
henrike@webrtc.orgf0488722014-05-13 18:00:261328 TestHandshake();
1329
Guo-wei Shieh521ed7b2015-11-19 03:41:531330 int client_cipher;
1331 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1332 int server_cipher;
1333 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
henrike@webrtc.orgf0488722014-05-13 18:00:261334
1335 ASSERT_EQ(client_cipher, server_cipher);
Mirko Bonadei7750d802021-07-26 15:27:421336 ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_32);
Mirko Bonadeic4dd7302019-02-25 08:12:021337}
henrike@webrtc.orgf0488722014-05-13 18:00:261338
henrike@webrtc.orgf0488722014-05-13 18:00:261339// Test DTLS-SRTP with a mismatch -- should not converge
Torbjorn Granlundb6d4ec42015-08-17 12:08:591340TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
Guo-wei Shieh521ed7b2015-11-19 03:41:531341 std::vector<int> high;
Mirko Bonadei7750d802021-07-26 15:27:421342 high.push_back(rtc::kSrtpAes128CmSha1_80);
Guo-wei Shieh521ed7b2015-11-19 03:41:531343 std::vector<int> low;
Mirko Bonadei7750d802021-07-26 15:27:421344 low.push_back(rtc::kSrtpAes128CmSha1_32);
Guo-wei Shieh521ed7b2015-11-19 03:41:531345 SetDtlsSrtpCryptoSuites(high, true);
1346 SetDtlsSrtpCryptoSuites(low, false);
henrike@webrtc.orgf0488722014-05-13 18:00:261347 TestHandshake();
1348
Guo-wei Shieh521ed7b2015-11-19 03:41:531349 int client_cipher;
1350 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1351 int server_cipher;
1352 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
Mirko Bonadeic4dd7302019-02-25 08:12:021353}
henrike@webrtc.orgf0488722014-05-13 18:00:261354
1355// Test DTLS-SRTP with each side being mixed -- should select high
Torbjorn Granlundb6d4ec42015-08-17 12:08:591356TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
Guo-wei Shieh521ed7b2015-11-19 03:41:531357 std::vector<int> mixed;
Mirko Bonadei7750d802021-07-26 15:27:421358 mixed.push_back(rtc::kSrtpAes128CmSha1_80);
1359 mixed.push_back(rtc::kSrtpAes128CmSha1_32);
Guo-wei Shieh521ed7b2015-11-19 03:41:531360 SetDtlsSrtpCryptoSuites(mixed, true);
1361 SetDtlsSrtpCryptoSuites(mixed, false);
henrike@webrtc.orgf0488722014-05-13 18:00:261362 TestHandshake();
1363
Guo-wei Shieh521ed7b2015-11-19 03:41:531364 int client_cipher;
1365 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1366 int server_cipher;
1367 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
henrike@webrtc.orgf0488722014-05-13 18:00:261368
1369 ASSERT_EQ(client_cipher, server_cipher);
Mirko Bonadei7750d802021-07-26 15:27:421370 ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80);
Mirko Bonadeic4dd7302019-02-25 08:12:021371}
henrike@webrtc.orgf0488722014-05-13 18:00:261372
jbauchcb560652016-08-04 12:20:321373// Test DTLS-SRTP with all GCM-128 ciphers.
1374TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
jbauchcb560652016-08-04 12:20:321375 std::vector<int> gcm128;
Mirko Bonadei7750d802021-07-26 15:27:421376 gcm128.push_back(rtc::kSrtpAeadAes128Gcm);
jbauchcb560652016-08-04 12:20:321377 SetDtlsSrtpCryptoSuites(gcm128, true);
1378 SetDtlsSrtpCryptoSuites(gcm128, false);
1379 TestHandshake();
1380
1381 int client_cipher;
1382 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1383 int server_cipher;
1384 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1385
1386 ASSERT_EQ(client_cipher, server_cipher);
Mirko Bonadei7750d802021-07-26 15:27:421387 ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes128Gcm);
Mirko Bonadeic4dd7302019-02-25 08:12:021388}
jbauchcb560652016-08-04 12:20:321389
1390// Test DTLS-SRTP with all GCM-256 ciphers.
1391TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
jbauchcb560652016-08-04 12:20:321392 std::vector<int> gcm256;
Mirko Bonadei7750d802021-07-26 15:27:421393 gcm256.push_back(rtc::kSrtpAeadAes256Gcm);
jbauchcb560652016-08-04 12:20:321394 SetDtlsSrtpCryptoSuites(gcm256, true);
1395 SetDtlsSrtpCryptoSuites(gcm256, false);
1396 TestHandshake();
1397
1398 int client_cipher;
1399 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1400 int server_cipher;
1401 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1402
1403 ASSERT_EQ(client_cipher, server_cipher);
Mirko Bonadei7750d802021-07-26 15:27:421404 ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm);
Mirko Bonadeic4dd7302019-02-25 08:12:021405}
jbauchcb560652016-08-04 12:20:321406
1407// Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
1408TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
jbauchcb560652016-08-04 12:20:321409 std::vector<int> gcm128;
Mirko Bonadei7750d802021-07-26 15:27:421410 gcm128.push_back(rtc::kSrtpAeadAes128Gcm);
jbauchcb560652016-08-04 12:20:321411 std::vector<int> gcm256;
Mirko Bonadei7750d802021-07-26 15:27:421412 gcm256.push_back(rtc::kSrtpAeadAes256Gcm);
jbauchcb560652016-08-04 12:20:321413 SetDtlsSrtpCryptoSuites(gcm128, true);
1414 SetDtlsSrtpCryptoSuites(gcm256, false);
1415 TestHandshake();
1416
1417 int client_cipher;
1418 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1419 int server_cipher;
1420 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
Mirko Bonadeic4dd7302019-02-25 08:12:021421}
jbauchcb560652016-08-04 12:20:321422
1423// Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
1424TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
jbauchcb560652016-08-04 12:20:321425 std::vector<int> gcmBoth;
Mirko Bonadei7750d802021-07-26 15:27:421426 gcmBoth.push_back(rtc::kSrtpAeadAes256Gcm);
1427 gcmBoth.push_back(rtc::kSrtpAeadAes128Gcm);
jbauchcb560652016-08-04 12:20:321428 SetDtlsSrtpCryptoSuites(gcmBoth, true);
1429 SetDtlsSrtpCryptoSuites(gcmBoth, false);
1430 TestHandshake();
1431
1432 int client_cipher;
1433 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1434 int server_cipher;
1435 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1436
1437 ASSERT_EQ(client_cipher, server_cipher);
Mirko Bonadei7750d802021-07-26 15:27:421438 ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm);
Mirko Bonadeic4dd7302019-02-25 08:12:021439}
jbauchcb560652016-08-04 12:20:321440
1441// Test SRTP cipher suite lengths.
1442TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
1443 int key_len;
1444 int salt_len;
1445
Mirko Bonadei7750d802021-07-26 15:27:421446 ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpInvalidCryptoSuite,
Yves Gerey665174f2018-06-19 13:03:051447 &key_len, &salt_len));
jbauchcb560652016-08-04 12:20:321448
Mirko Bonadei7750d802021-07-26 15:27:421449 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_32, &key_len,
1450 &salt_len));
Yves Gerey665174f2018-06-19 13:03:051451 ASSERT_EQ(128 / 8, key_len);
1452 ASSERT_EQ(112 / 8, salt_len);
jbauchcb560652016-08-04 12:20:321453
Mirko Bonadei7750d802021-07-26 15:27:421454 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_80, &key_len,
1455 &salt_len));
Yves Gerey665174f2018-06-19 13:03:051456 ASSERT_EQ(128 / 8, key_len);
1457 ASSERT_EQ(112 / 8, salt_len);
jbauchcb560652016-08-04 12:20:321458
Mirko Bonadei7750d802021-07-26 15:27:421459 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes128Gcm, &key_len,
1460 &salt_len));
Yves Gerey665174f2018-06-19 13:03:051461 ASSERT_EQ(128 / 8, key_len);
1462 ASSERT_EQ(96 / 8, salt_len);
jbauchcb560652016-08-04 12:20:321463
Mirko Bonadei7750d802021-07-26 15:27:421464 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes256Gcm, &key_len,
1465 &salt_len));
Yves Gerey665174f2018-06-19 13:03:051466 ASSERT_EQ(256 / 8, key_len);
1467 ASSERT_EQ(96 / 8, salt_len);
Mirko Bonadeic4dd7302019-02-25 08:12:021468}
jbauchcb560652016-08-04 12:20:321469
henrike@webrtc.orgf0488722014-05-13 18:00:261470// Test an exporter
Torbjorn Granlundb6d4ec42015-08-17 12:08:591471TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
henrike@webrtc.orgf0488722014-05-13 18:00:261472 TestHandshake();
1473 unsigned char client_out[20];
1474 unsigned char server_out[20];
1475
1476 bool result;
Yves Gerey665174f2018-06-19 13:03:051477 result = ExportKeyingMaterial(kExporterLabel, kExporterContext,
1478 kExporterContextLen, true, true, client_out,
1479 sizeof(client_out));
henrike@webrtc.orgf0488722014-05-13 18:00:261480 ASSERT_TRUE(result);
1481
Yves Gerey665174f2018-06-19 13:03:051482 result = ExportKeyingMaterial(kExporterLabel, kExporterContext,
1483 kExporterContextLen, true, false, server_out,
1484 sizeof(server_out));
henrike@webrtc.orgf0488722014-05-13 18:00:261485 ASSERT_TRUE(result);
1486
1487 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));
1488}
1489
1490// Test not yet valid certificates are not rejected.
Torbjorn Granlundb6d4ec42015-08-17 12:08:591491TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
henrike@webrtc.orgf0488722014-05-13 18:00:261492 long one_day = 60 * 60 * 24;
1493 // Make the certificates not valid until one day later.
1494 ResetIdentitiesWithValidity(one_day, one_day);
1495 TestHandshake();
1496}
1497
1498// Test expired certificates are not rejected.
Torbjorn Granlundb6d4ec42015-08-17 12:08:591499TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
henrike@webrtc.orgf0488722014-05-13 18:00:261500 long one_day = 60 * 60 * 24;
1501 // Make the certificates already expired.
1502 ResetIdentitiesWithValidity(-one_day, -one_day);
1503 TestHandshake();
1504}
1505
1506// Test data transfer using certs created from strings.
torbjorng7593aad2015-11-19 20:20:511507TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
henrike@webrtc.orgf0488722014-05-13 18:00:261508 TestHandshake();
1509 TestTransfer(100);
1510}
1511
1512// Test getting the remote certificate.
torbjorng7593aad2015-11-19 20:20:511513TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
henrike@webrtc.orgf0488722014-05-13 18:00:261514 // Peer certificates haven't been received yet.
kwibergb4d01c42016-04-06 12:15:061515 ASSERT_FALSE(GetPeerCertificate(true));
1516 ASSERT_FALSE(GetPeerCertificate(false));
henrike@webrtc.orgf0488722014-05-13 18:00:261517
1518 TestHandshake();
1519
1520 // The client should have a peer certificate after the handshake.
jbauch555604a2016-04-26 10:13:221521 std::unique_ptr<rtc::SSLCertificate> client_peer_cert =
kwibergb4d01c42016-04-06 12:15:061522 GetPeerCertificate(true);
1523 ASSERT_TRUE(client_peer_cert);
henrike@webrtc.orgf0488722014-05-13 18:00:261524
1525 // It's not kCERT_PEM.
1526 std::string client_peer_string = client_peer_cert->ToPEMString();
1527 ASSERT_NE(kCERT_PEM, client_peer_string);
1528
henrike@webrtc.orgf0488722014-05-13 18:00:261529 // The server should have a peer certificate after the handshake.
jbauch555604a2016-04-26 10:13:221530 std::unique_ptr<rtc::SSLCertificate> server_peer_cert =
kwibergb4d01c42016-04-06 12:15:061531 GetPeerCertificate(false);
1532 ASSERT_TRUE(server_peer_cert);
henrike@webrtc.orgf0488722014-05-13 18:00:261533
1534 // It's kCERT_PEM
1535 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
henrike@webrtc.orgf0488722014-05-13 18:00:261536}
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:361537
Joachim Bauch831c5582015-05-20 10:48:411538// Test getting the used DTLS 1.2 ciphers.
1539// DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
Guo-wei Shieh456696a2015-10-01 04:48:541540TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
Joachim Bauch831c5582015-05-20 10:48:411541 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1542 TestHandshake();
1543
Guo-wei Shieh6caafbe2015-10-05 19:43:271544 int client_cipher;
Guo-wei Shieh456696a2015-10-01 04:48:541545 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
Guo-wei Shieh6caafbe2015-10-05 19:43:271546 int server_cipher;
Guo-wei Shieh456696a2015-10-01 04:48:541547 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
Joachim Bauch831c5582015-05-20 10:48:411548
torbjorng43166b82016-03-11 08:06:471549 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
1550 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
1551
Joachim Bauch831c5582015-05-20 10:48:411552 ASSERT_EQ(client_cipher, server_cipher);
torbjorng43166b82016-03-11 08:06:471553 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(
1554 server_cipher, ::testing::get<1>(GetParam()).type()));
Joachim Bauch831c5582015-05-20 10:48:411555}
1556
Harald Alvestrand13799132020-03-09 18:39:361557// Test getting the used DTLS ciphers.
Guido Urdanetaae2e8642020-10-26 08:55:261558// DTLS 1.2 is max version for client and server.
Harald Alvestrand13799132020-03-09 18:39:361559TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
Guido Urdanetaae2e8642020-10-26 08:55:261560 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
Benjamin Wrightaf1f8652019-04-01 18:25:231561 TestHandshake();
1562
1563 int client_cipher;
1564 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1565 int server_cipher;
1566 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1567
Guido Urdanetaae2e8642020-10-26 08:55:261568 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
1569 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
torbjorng43166b82016-03-11 08:06:471570
Joachim Bauch831c5582015-05-20 10:48:411571 ASSERT_EQ(client_cipher, server_cipher);
torbjorng43166b82016-03-11 08:06:471572 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(
1573 server_cipher, ::testing::get<1>(GetParam()).type()));
pthatcher@webrtc.org3ee4fe52015-02-11 22:34:361574}
Torbjorn Granlundb6d4ec42015-08-17 12:08:591575
torbjorng4e572472015-10-08 16:42:491576// The RSA keysizes here might look strange, why not include the RFC's size
1577// 2048?. The reason is test case slowness; testing two sizes to exercise
1578// parametrization is sufficient.
Mirko Bonadeic84f6612019-01-31 11:20:571579INSTANTIATE_TEST_SUITE_P(
torbjorng4e572472015-10-08 16:42:491580 SSLStreamAdapterTestsTLS,
1581 SSLStreamAdapterTestTLS,
1582 Combine(Values(rtc::KeyParams::RSA(1024, 65537),
1583 rtc::KeyParams::RSA(1152, 65537),
1584 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
1585 Values(rtc::KeyParams::RSA(1024, 65537),
1586 rtc::KeyParams::RSA(1152, 65537),
1587 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
Mirko Bonadeic84f6612019-01-31 11:20:571588INSTANTIATE_TEST_SUITE_P(
torbjorng4e572472015-10-08 16:42:491589 SSLStreamAdapterTestsDTLS,
1590 SSLStreamAdapterTestDTLS,
1591 Combine(Values(rtc::KeyParams::RSA(1024, 65537),
1592 rtc::KeyParams::RSA(1152, 65537),
1593 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
1594 Values(rtc::KeyParams::RSA(1024, 65537),
1595 rtc::KeyParams::RSA(1152, 65537),
1596 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
Harald Alvestrand13799132020-03-09 18:39:361597
1598// Tests for enabling / disabling legacy TLS protocols in DTLS.
1599class SSLStreamAdapterTestDTLSLegacyProtocols
1600 : public SSLStreamAdapterTestDTLSBase {
1601 public:
1602 SSLStreamAdapterTestDTLSLegacyProtocols()
1603 : SSLStreamAdapterTestDTLSBase(rtc::KeyParams::ECDSA(rtc::EC_NIST_P256),
1604 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)) {
1605 }
1606
1607 // Do not use the SetUp version from the parent class.
1608 void SetUp() override {}
1609
1610 // The legacy TLS protocols flag is read when the OpenSSLStreamAdapter is
1611 // initialized, so we set the experiment while creationg client_ssl_
1612 // and server_ssl_.
1613
Ali Tofigh7fa90572022-03-17 14:47:491614 void ConfigureClient(absl::string_view experiment) {
1615 webrtc::test::ScopedFieldTrials trial{std::string(experiment)};
Harald Alvestrand13799132020-03-09 18:39:361616 client_stream_ =
1617 new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);
Harald Alvestrand8515d5a2020-03-20 21:51:321618 client_ssl_ =
1619 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
Harald Alvestrand13799132020-03-09 18:39:361620 client_ssl_->SignalEvent.connect(
1621 static_cast<SSLStreamAdapterTestBase*>(this),
1622 &SSLStreamAdapterTestBase::OnEvent);
Harald Alvestrand8515d5a2020-03-20 21:51:321623 auto client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
1624 client_ssl_->SetIdentity(std::move(client_identity));
Harald Alvestrand13799132020-03-09 18:39:361625 }
1626
Ali Tofigh7fa90572022-03-17 14:47:491627 void ConfigureServer(absl::string_view experiment) {
1628 webrtc::test::ScopedFieldTrials trial{std::string(experiment)};
Harald Alvestrand13799132020-03-09 18:39:361629 server_stream_ =
1630 new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);
Harald Alvestrand8515d5a2020-03-20 21:51:321631 server_ssl_ =
1632 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
Harald Alvestrand13799132020-03-09 18:39:361633 server_ssl_->SignalEvent.connect(
1634 static_cast<SSLStreamAdapterTestBase*>(this),
1635 &SSLStreamAdapterTestBase::OnEvent);
Harald Alvestrand8515d5a2020-03-20 21:51:321636 server_ssl_->SetIdentity(
1637 rtc::SSLIdentity::Create("server", server_key_type_));
Harald Alvestrand13799132020-03-09 18:39:361638 }
1639};
1640
1641// Test getting the used DTLS ciphers.
1642// DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
1643TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, TestGetSslCipherSuite) {
Guido Urdanetaae2e8642020-10-26 08:55:261644 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1645 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
Harald Alvestrand13799132020-03-09 18:39:361646 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1647 TestHandshake();
1648
1649 int client_cipher;
1650 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1651 int server_cipher;
1652 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1653
1654 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));
1655 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));
1656
1657 ASSERT_EQ(client_cipher, server_cipher);
1658}
1659
1660// Test getting the used DTLS 1.2 ciphers.
1661// DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
1662TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1663 TestGetSslCipherSuiteDtls12Both) {
1664 ConfigureClient("");
1665 ConfigureServer("");
1666 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1667 TestHandshake();
1668
1669 int client_cipher;
1670 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1671 int server_cipher;
1672 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1673
1674 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
1675 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
1676
1677 ASSERT_EQ(client_cipher, server_cipher);
1678}
1679
1680// DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
1681TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1682 TestGetSslCipherSuiteDtls12Client) {
Guido Urdanetaae2e8642020-10-26 08:55:261683 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1684 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
Harald Alvestrand13799132020-03-09 18:39:361685 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
1686 TestHandshake();
1687
1688 int client_cipher;
1689 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1690 int server_cipher;
1691 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1692
1693 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));
1694 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));
1695
1696 ASSERT_EQ(client_cipher, server_cipher);
1697}
1698
1699// DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
1700TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1701 TestGetSslCipherSuiteDtls12Server) {
Guido Urdanetaae2e8642020-10-26 08:55:261702 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1703 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
Harald Alvestrand13799132020-03-09 18:39:361704 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
1705 TestHandshake();
1706
1707 int client_cipher;
1708 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1709 int server_cipher;
1710 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1711
1712 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));
1713 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));
1714
1715 ASSERT_EQ(client_cipher, server_cipher);
1716}
1717
1718// Client has legacy TLS versions disabled, server has DTLS 1.0 only.
1719// This is meant to cause a failure.
1720TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1721 TestGetSslVersionLegacyDisabledServer10) {
Guido Urdanetaae2e8642020-10-26 08:55:261722 ConfigureClient("");
1723 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
Harald Alvestrand13799132020-03-09 18:39:361724 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
1725 // Handshake should fail.
1726 TestHandshake(false);
1727}
1728
1729// Both client and server have legacy TLS versions disabled and support
1730// DTLS 1.2. This should work.
1731TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1732 TestGetSslVersionLegacyDisabledServer12) {
Guido Urdanetaae2e8642020-10-26 08:55:261733 ConfigureClient("");
1734 ConfigureServer("");
Harald Alvestrand13799132020-03-09 18:39:361735 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1736 TestHandshake();
1737}
1738
1739// Both client and server have legacy TLS versions enabled and support DTLS 1.0.
1740// This should work.
1741TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1742 TestGetSslVersionLegacyEnabledClient10Server10) {
1743 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1744 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1745 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1746 TestHandshake();
1747}
1748
Guido Urdanetaae2e8642020-10-26 08:55:261749// Legacy protocols are disabled in the client, max TLS version is 1.0
Harald Alvestrand13799132020-03-09 18:39:361750// This should be a configuration error, and handshake should fail.
1751TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1752 TestGetSslVersionLegacyDisabledClient10Server10) {
Guido Urdanetaae2e8642020-10-26 08:55:261753 ConfigureClient("");
1754 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
Harald Alvestrand13799132020-03-09 18:39:361755 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1756 TestHandshake(false);
1757}
Guido Urdaneta14bba6e2020-09-25 14:00:511758
1759// Both client and server have legacy TLS versions enabled and support DTLS 1.0.
1760// This should work.
1761TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1762 TestGetSslVersionLegacyOverrideEnabledClient10Server10) {
1763 rtc::SetAllowLegacyTLSProtocols(true);
1764 ConfigureClient("");
1765 ConfigureServer("");
1766 // Remove override.
1767 rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
1768 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1769 TestHandshake();
1770}
1771
1772// Client has legacy TLS disabled and server has legacy TLS enabled via
1773// override. Handshake for DTLS 1.0 should fail.
1774TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1775 TestGetSslVersionLegacyOverrideDisabledClient10EnabledServer10) {
1776 rtc::SetAllowLegacyTLSProtocols(false);
1777 ConfigureClient("");
1778 rtc::SetAllowLegacyTLSProtocols(true);
1779 ConfigureServer("");
1780 // Remove override.
1781 rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
1782 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1783 TestHandshake(false);
1784}
1785
1786// Client has legacy TLS enabled and server has legacy TLS disabled via
1787// override. Handshake for DTLS 1.0 should fail.
1788TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1789 TestGetSslVersionLegacyOverrideEnabledClient10DisabledServer10) {
1790 rtc::SetAllowLegacyTLSProtocols(true);
1791 ConfigureClient("");
1792 rtc::SetAllowLegacyTLSProtocols(false);
1793 ConfigureServer("");
1794 // Remove override.
1795 rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
1796 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1797 TestHandshake(false);
1798}