henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 11 | #include "rtc_base/ssl_stream_adapter.h" |
| 12 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 13 | #include <algorithm> |
jbauch | 555604a | 2016-04-26 10:13:22 | [diff] [blame] | 14 | #include <memory> |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 15 | #include <set> |
| 16 | #include <string> |
| 17 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 18 | #include "absl/memory/memory.h" |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 19 | #include "absl/strings/string_view.h" |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 20 | #include "api/array_view.h" |
Artem Titov | c374d11 | 2022-06-16 19:27:45 | [diff] [blame] | 21 | #include "api/task_queue/pending_task_safety_flag.h" |
Steve Anton | 10542f2 | 2019-01-11 17:11:00 | [diff] [blame] | 22 | #include "rtc_base/buffer_queue.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 04:47:31 | [diff] [blame] | 23 | #include "rtc_base/checks.h" |
| 24 | #include "rtc_base/gunit.h" |
| 25 | #include "rtc_base/helpers.h" |
Niels Möller | 1333948 | 2019-03-28 12:30:15 | [diff] [blame] | 26 | #include "rtc_base/memory/fifo_buffer.h" |
Niels Möller | e7547d5 | 2018-11-01 08:33:08 | [diff] [blame] | 27 | #include "rtc_base/memory_stream.h" |
Steve Anton | 10542f2 | 2019-01-11 17:11:00 | [diff] [blame] | 28 | #include "rtc_base/message_digest.h" |
Guido Urdaneta | 14bba6e | 2020-09-25 14:00:51 | [diff] [blame] | 29 | #include "rtc_base/openssl_stream_adapter.h" |
Steve Anton | 10542f2 | 2019-01-11 17:11:00 | [diff] [blame] | 30 | #include "rtc_base/ssl_adapter.h" |
| 31 | #include "rtc_base/ssl_identity.h" |
Mirko Bonadei | 92ea95e | 2017-09-15 04:47:31 | [diff] [blame] | 32 | #include "rtc_base/stream.h" |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 33 | #include "test/field_trial.h" |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 34 | |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 35 | using ::testing::Combine; |
| 36 | using ::testing::tuple; |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 37 | using ::testing::Values; |
| 38 | using ::testing::WithParamInterface; |
Danil Chapovalov | 5286dcf | 2022-07-18 15:04:56 | [diff] [blame] | 39 | using ::webrtc::SafeTask; |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 40 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 41 | static const int kBlockSize = 4096; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 42 | static const char kExporterLabel[] = "label"; |
| 43 | static const unsigned char kExporterContext[] = "context"; |
| 44 | static int kExporterContextLen = sizeof(kExporterContext); |
| 45 | |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 46 | // A private key used for testing, broken into pieces in order to avoid |
| 47 | // issues with Git's checks for private keys in repos. |
| 48 | #define RSA_PRIVATE_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----\n" |
| 49 | |
| 50 | static const char kRSA_PRIVATE_KEY_PEM[] = RSA_PRIVATE_KEY_HEADER |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 51 | "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n" |
| 52 | "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" |
| 53 | "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" |
| 54 | "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n" |
| 55 | "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n" |
| 56 | "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n" |
| 57 | "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n" |
| 58 | "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n" |
| 59 | "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n" |
| 60 | "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n" |
| 61 | "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n" |
| 62 | "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n" |
| 63 | "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n" |
| 64 | "UCXiYxSsu20QNVw=\n" |
| 65 | "-----END RSA PRIVATE KEY-----\n"; |
| 66 | |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 67 | #undef RSA_PRIVATE_KEY_HEADER |
| 68 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 69 | static const char kCERT_PEM[] = |
| 70 | "-----BEGIN CERTIFICATE-----\n" |
| 71 | "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n" |
| 72 | "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" |
| 73 | "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" |
| 74 | "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" |
| 75 | "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" |
| 76 | "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" |
| 77 | "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" |
| 78 | "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" |
| 79 | "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" |
| 80 | "-----END CERTIFICATE-----\n"; |
| 81 | |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 82 | static const char kIntCert1[] = |
| 83 | "-----BEGIN CERTIFICATE-----\n" |
| 84 | "MIIEUjCCAjqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCVVMx\n" |
| 85 | "EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS\n" |
| 86 | "BgNVBAoMC0dvb2dsZSwgSW5jMQwwCgYDVQQLDANHVFAxFzAVBgNVBAMMDnRlbGVw\n" |
| 87 | "aG9ueS5nb29nMR0wGwYJKoZIhvcNAQkBFg5ndHBAZ29vZ2xlLmNvbTAeFw0xNzA5\n" |
| 88 | "MjYwNDA5MDNaFw0yMDA2MjIwNDA5MDNaMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQI\n" |
| 89 | "DAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEXMBUGA1UECgwOdGVsZXBob255\n" |
| 90 | "Lmdvb2cxFzAVBgNVBAMMDnRlbGVwaG9ueS5nb29nMIGfMA0GCSqGSIb3DQEBAQUA\n" |
| 91 | "A4GNADCBiQKBgQDJXWeeU1v1+wlqkVobzI3aN7Uh2iVQA9YCdq5suuabtiD/qoOD\n" |
| 92 | "NKpmQqsx7WZGGWSZTDFEBaUpvIK7Hb+nzRqk6iioPCFOFuarm6GxO1xVneImMuE6\n" |
| 93 | "tuWb3YZPr+ikChJbl11y5UcSbg0QsbeUc+jHl5umNvrL85Y+z8SP0rxbBwIDAQAB\n" |
| 94 | "o2AwXjAdBgNVHQ4EFgQU7tdZobqlN8R8V72FQnRxmqq8tKswHwYDVR0jBBgwFoAU\n" |
| 95 | "5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC\n" |
| 96 | "AQYwDQYJKoZIhvcNAQELBQADggIBADObh9Z+z14FmP9zSenhFtq7hFnmNrSkklk8\n" |
| 97 | "eyYWXKfOuIriEQQBZsz76ZcnzStih8Rj+yQ0AXydk4fJ5LOwC2cUqQBar17g6Pd2\n" |
| 98 | "8g4SIL4azR9WvtiSvpuGlwp25b+yunaacDne6ebnf/MUiiKT5w61Xo3cEPVfl38e\n" |
| 99 | "/Up2l0bioid5enUTmg6LY6RxDO6tnZQkz3XD+nNSwT4ehtkqFpHYWjErj0BbkDM2\n" |
| 100 | "hiVc/JsYOZn3DmuOlHVHU6sKwqh3JEyvHO/d7DGzMGWHpHwv2mCTJq6l/sR95Tc2\n" |
| 101 | "GaQZgGDVNs9pdEouJCDm9e/PbQWRYhnat82PTkXx/6mDAAwdZlIi/pACzq8K4p7e\n" |
| 102 | "6hF0t8uKGnXJubHPXxlnJU6yxZ0yWmivAGjwWK4ur832gKlho4jeMDhiI/T3QPpl\n" |
| 103 | "iMNsIvxRhdD+GxJkQP1ezayw8s+Uc9KwKglrkBSRRDLCJUfPOvMmXLUDSTMX7kp4\n" |
| 104 | "/Ak1CA8dVLJIlfEjLBUuvAttlP7+7lsKNgxAjCxZkWLXIyGULzNPQwVWkGfCbrQs\n" |
| 105 | "XyMvSbFsSIb7blV7eLlmf9a+2RprUUkc2ALXLLCI9YQXmxm2beBfMyNmmebwBJzT\n" |
| 106 | "B0OR+5pFFNTJPoNlqpdrDsGrDu7JlUtk0ZLZzYyKXbgy2qXxfd4OWzXXjxpLMszZ\n" |
| 107 | "LDIpOAkj\n" |
| 108 | "-----END CERTIFICATE-----\n"; |
| 109 | |
| 110 | static const char kCACert[] = |
| 111 | "-----BEGIN CERTIFICATE-----\n" |
| 112 | "MIIGETCCA/mgAwIBAgIJAKN9r/BdbGUJMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD\n" |
| 113 | "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g\n" |
| 114 | "VmlldzEUMBIGA1UECgwLR29vZ2xlLCBJbmMxDDAKBgNVBAsMA0dUUDEXMBUGA1UE\n" |
| 115 | "AwwOdGVsZXBob255Lmdvb2cxHTAbBgkqhkiG9w0BCQEWDmd0cEBnb29nbGUuY29t\n" |
| 116 | "MB4XDTE3MDcyNzIzMDE0NVoXDTE3MDgyNjIzMDE0NVowgZYxCzAJBgNVBAYTAlVT\n" |
| 117 | "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQw\n" |
| 118 | "EgYDVQQKDAtHb29nbGUsIEluYzEMMAoGA1UECwwDR1RQMRcwFQYDVQQDDA50ZWxl\n" |
| 119 | "cGhvbnkuZ29vZzEdMBsGCSqGSIb3DQEJARYOZ3RwQGdvb2dsZS5jb20wggIiMA0G\n" |
| 120 | "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfvpF7aBV5Hp1EHsWoIlL3GeHwh8dS\n" |
| 121 | "lv9VQCegN9rD06Ny7MgcED5AiK2vqXmUmOVS+7NbATkdVYN/eozDhKtN3Q3n87kJ\n" |
| 122 | "Nt/TD/TcZZHOZIGsRPbrf2URK26E/5KzTzbzXVBOA1e+gSj+EBbltGqb01ZO5ErF\n" |
| 123 | "iPGViPM/HpYKdq6mfz2bS5PhU67XZMM2zvToyReQ/Fjm/6PJhwKSRXSgZF5djPhk\n" |
| 124 | "2LfOKMLS0AeZtd2C4DFsCU41lfLUkybioDgFuzTQ3TFi1K8A07KYTMmLY/yQppnf\n" |
| 125 | "SpNX58shlVhM+Ed37K1Z0rU0OfVCZ5P+KKaSSfMranjlU7zeUIhZYjqq/EYrEhbS\n" |
| 126 | "dLnNHwgJrqxzId3kq8uuLM6+VB7JZKnZLfT90GdAbX4+tutNe21smmogF9f80vEy\n" |
| 127 | "gM4tOp9rXrvz9vCwWHXVY9kdKemdLAsREoO6MS9k2ctK4jj80o2dROuFC6Q3e7mz\n" |
| 128 | "RjvZr5Tvi464c2o9o/jNlJ0O6q7V2eQzohD+7VnV5QPpRGXxlIeqpR2zoAg+WtRS\n" |
| 129 | "4OgHOVYiD3M6uAlggJA5pcDjMfkEZ+pkhtVcT4qMCEoruk6GbyPxS565oSHu16bH\n" |
| 130 | "EjeCqbZOVND5T3oA7nz6aQSs8sJabt0jmxUkGVnE+4ZDIuuRtkRma+0P/96Mtqor\n" |
| 131 | "OlpNWY1OBDY64QIDAQABo2AwXjAdBgNVHQ4EFgQU5GgKMUtcxkQ2dJrtNR5YOlIA\n" |
| 132 | "PDswHwYDVR0jBBgwFoAU5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUw\n" |
| 133 | "AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAARQly5/bB6VUL2C\n" |
| 134 | "ykDYgWt48go407pAra6tL2kjpdfxV5PdL7iMZRkeht00vj+BVahIqZKrNOa/f5Fx\n" |
| 135 | "vlpahZFu0PDN436aQwRZ9qWut2qDOK0/z9Hhj6NWybquRFwMwqkPG/ivLMDU8Dmj\n" |
| 136 | "CIplpngPYNwXCs0KzdjSXYxqxJbwMjQXELD+/RcurY0oTtJMM1/2vKQMzw24UJqe\n" |
| 137 | "XLJAlsnd2AnWzWNUEviDZY89j9NdkHerBmV2gGzcU+X5lgOO5M8odBv0ZC9D+a6Z\n" |
| 138 | "QPZAOfdGVw60hhGvTW5s/s0dHwCpegRidhs0MD0fTmwwjYFBSmUx3Gztr4JTzOOr\n" |
| 139 | "7e5daJuak2ujQ5DqcGBvt1gePjSudb5brS7JQtN8tI/FyrnR4q/OuOwv1EvlC5RG\n" |
| 140 | "hLX+TXaWqFxB1Hd8ebKRR40mboFG6KcUI3lLBthDvQE7jnq48QfZMjlMQK0ZF1l7\n" |
| 141 | "SrlwRXWA74bU8CLJvnZKKo9p4TsTiDYGSYC6tNHKj5s3TGWL46oqGyZ0KdGNhrtC\n" |
| 142 | "rIGenMhth1vPYjyy0XuGBndXT85yi+IM2l8g8oU845+plxIhgpSI8bbC0oLwnhQ5\n" |
| 143 | "ARfsiYLkXDE7imSS0CSUmye76372mlzAIB1is4bBB/SzpPQtBuB9LDKtONgpSGHn\n" |
| 144 | "dGaXBy+qbVXVyGXaeEbIRjtJ6m92\n" |
| 145 | "-----END CERTIFICATE-----\n"; |
| 146 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 147 | class SSLStreamAdapterTestBase; |
| 148 | |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 149 | class SSLDummyStreamBase : public rtc::StreamInterface, |
| 150 | public sigslot::has_slots<> { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 151 | public: |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 152 | SSLDummyStreamBase(SSLStreamAdapterTestBase* test, |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 153 | absl::string_view side, |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 154 | rtc::StreamInterface* in, |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 155 | rtc::StreamInterface* out) |
| 156 | : test_base_(test), side_(side), in_(in), out_(out), first_packet_(true) { |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 157 | in_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventIn); |
| 158 | out_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventOut); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 159 | } |
| 160 | |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 161 | rtc::StreamState GetState() const override { return rtc::SS_OPEN; } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 162 | |
Harald Alvestrand | cf70776 | 2022-11-17 10:50:45 | [diff] [blame] | 163 | rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer, |
| 164 | size_t& read, |
| 165 | int& error) override { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 166 | rtc::StreamResult r; |
| 167 | |
Harald Alvestrand | cf70776 | 2022-11-17 10:50:45 | [diff] [blame] | 168 | r = in_->Read(buffer, read, error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 169 | if (r == rtc::SR_BLOCK) |
| 170 | return rtc::SR_BLOCK; |
| 171 | if (r == rtc::SR_EOS) |
| 172 | return rtc::SR_EOS; |
| 173 | |
| 174 | if (r != rtc::SR_SUCCESS) { |
| 175 | ADD_FAILURE(); |
| 176 | return rtc::SR_ERROR; |
| 177 | } |
| 178 | |
| 179 | return rtc::SR_SUCCESS; |
| 180 | } |
| 181 | |
| 182 | // Catch readability events on in and pass them up. |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 183 | void OnEventIn(rtc::StreamInterface* stream, int sig, int err) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 184 | int mask = (rtc::SE_READ | rtc::SE_CLOSE); |
| 185 | |
| 186 | if (sig & mask) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 187 | RTC_LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_ |
| 188 | << " sig=" << sig << " forwarding upward"; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 189 | PostEvent(sig & mask, 0); |
| 190 | } |
| 191 | } |
| 192 | |
| 193 | // Catch writeability events on out and pass them up. |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 194 | void OnEventOut(rtc::StreamInterface* stream, int sig, int err) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 195 | if (sig & rtc::SE_WRITE) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 196 | RTC_LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_ |
| 197 | << " sig=" << sig << " forwarding upward"; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 198 | |
| 199 | PostEvent(sig & rtc::SE_WRITE, 0); |
| 200 | } |
| 201 | } |
| 202 | |
| 203 | // Write to the outgoing FifoBuffer |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 204 | rtc::StreamResult WriteData(rtc::ArrayView<const uint8_t> data, |
| 205 | size_t& written, |
| 206 | int& error) { |
| 207 | return out_->Write(data, written, error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 208 | } |
| 209 | |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 210 | rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data, |
| 211 | size_t& written, |
| 212 | int& error) override; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 213 | |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 214 | void Close() override { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 215 | RTC_LOG(LS_INFO) << "Closing outbound stream"; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 216 | out_->Close(); |
| 217 | } |
| 218 | |
Tommi | 0448298 | 2020-10-05 12:43:53 | [diff] [blame] | 219 | private: |
| 220 | void PostEvent(int events, int err) { |
Danil Chapovalov | 5286dcf | 2022-07-18 15:04:56 | [diff] [blame] | 221 | thread_->PostTask(SafeTask(task_safety_.flag(), [this, events, err]() { |
Tommi | 0448298 | 2020-10-05 12:43:53 | [diff] [blame] | 222 | SignalEvent(this, events, err); |
| 223 | })); |
| 224 | } |
| 225 | |
| 226 | webrtc::ScopedTaskSafety task_safety_; |
| 227 | rtc::Thread* const thread_ = rtc::Thread::Current(); |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 228 | SSLStreamAdapterTestBase* test_base_; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 229 | const std::string side_; |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 230 | rtc::StreamInterface* in_; |
| 231 | rtc::StreamInterface* out_; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 232 | bool first_packet_; |
| 233 | }; |
| 234 | |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 235 | class SSLDummyStreamTLS : public SSLDummyStreamBase { |
| 236 | public: |
| 237 | SSLDummyStreamTLS(SSLStreamAdapterTestBase* test, |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 238 | absl::string_view side, |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 239 | rtc::FifoBuffer* in, |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 240 | rtc::FifoBuffer* out) |
| 241 | : SSLDummyStreamBase(test, side, in, out) {} |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 242 | }; |
| 243 | |
Tomas Gunnarsson | b6bc09b | 2020-09-29 11:04:01 | [diff] [blame] | 244 | class BufferQueueStream : public rtc::StreamInterface { |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 245 | public: |
| 246 | BufferQueueStream(size_t capacity, size_t default_size) |
Tomas Gunnarsson | b6bc09b | 2020-09-29 11:04:01 | [diff] [blame] | 247 | : buffer_(capacity, default_size) {} |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 248 | |
| 249 | // Implementation of abstract StreamInterface methods. |
| 250 | |
| 251 | // A buffer queue stream is always "open". |
| 252 | rtc::StreamState GetState() const override { return rtc::SS_OPEN; } |
| 253 | |
| 254 | // Reading a buffer queue stream will either succeed or block. |
Harald Alvestrand | cf70776 | 2022-11-17 10:50:45 | [diff] [blame] | 255 | rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer, |
| 256 | size_t& read, |
| 257 | int& error) override { |
Tomas Gunnarsson | b6bc09b | 2020-09-29 11:04:01 | [diff] [blame] | 258 | const bool was_writable = buffer_.is_writable(); |
Harald Alvestrand | cf70776 | 2022-11-17 10:50:45 | [diff] [blame] | 259 | if (!buffer_.ReadFront(buffer.data(), buffer.size(), &read)) |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 260 | return rtc::SR_BLOCK; |
Tomas Gunnarsson | b6bc09b | 2020-09-29 11:04:01 | [diff] [blame] | 261 | |
| 262 | if (!was_writable) |
| 263 | NotifyWritableForTest(); |
| 264 | |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 265 | return rtc::SR_SUCCESS; |
| 266 | } |
| 267 | |
| 268 | // Writing to a buffer queue stream will either succeed or block. |
Harald Alvestrand | cf70776 | 2022-11-17 10:50:45 | [diff] [blame] | 269 | rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data, |
| 270 | size_t& written, |
| 271 | int& error) override { |
Tomas Gunnarsson | b6bc09b | 2020-09-29 11:04:01 | [diff] [blame] | 272 | const bool was_readable = buffer_.is_readable(); |
Harald Alvestrand | cf70776 | 2022-11-17 10:50:45 | [diff] [blame] | 273 | if (!buffer_.WriteBack(data.data(), data.size(), &written)) |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 274 | return rtc::SR_BLOCK; |
Tomas Gunnarsson | b6bc09b | 2020-09-29 11:04:01 | [diff] [blame] | 275 | |
| 276 | if (!was_readable) |
| 277 | NotifyReadableForTest(); |
| 278 | |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 279 | return rtc::SR_SUCCESS; |
| 280 | } |
| 281 | |
| 282 | // A buffer queue stream can not be closed. |
| 283 | void Close() override {} |
| 284 | |
| 285 | protected: |
Tomas Gunnarsson | b6bc09b | 2020-09-29 11:04:01 | [diff] [blame] | 286 | void NotifyReadableForTest() { PostEvent(rtc::SE_READ, 0); } |
Tomas Gunnarsson | b6bc09b | 2020-09-29 11:04:01 | [diff] [blame] | 287 | void NotifyWritableForTest() { PostEvent(rtc::SE_WRITE, 0); } |
| 288 | |
| 289 | private: |
Tommi | 0448298 | 2020-10-05 12:43:53 | [diff] [blame] | 290 | void PostEvent(int events, int err) { |
Danil Chapovalov | 5286dcf | 2022-07-18 15:04:56 | [diff] [blame] | 291 | thread_->PostTask(SafeTask(task_safety_.flag(), [this, events, err]() { |
Tommi | 0448298 | 2020-10-05 12:43:53 | [diff] [blame] | 292 | SignalEvent(this, events, err); |
| 293 | })); |
| 294 | } |
| 295 | |
| 296 | rtc::Thread* const thread_ = rtc::Thread::Current(); |
| 297 | webrtc::ScopedTaskSafety task_safety_; |
Tomas Gunnarsson | b6bc09b | 2020-09-29 11:04:01 | [diff] [blame] | 298 | rtc::BufferQueue buffer_; |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 299 | }; |
| 300 | |
| 301 | class SSLDummyStreamDTLS : public SSLDummyStreamBase { |
| 302 | public: |
| 303 | SSLDummyStreamDTLS(SSLStreamAdapterTestBase* test, |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 304 | absl::string_view side, |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 305 | BufferQueueStream* in, |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 306 | BufferQueueStream* out) |
| 307 | : SSLDummyStreamBase(test, side, in, out) {} |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 308 | }; |
| 309 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 310 | static const int kFifoBufferSize = 4096; |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 311 | static const int kBufferCapacity = 1; |
| 312 | static const size_t kDefaultBufferSize = 2048; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 313 | |
Mirko Bonadei | 6a489f2 | 2019-04-09 13:11:12 | [diff] [blame] | 314 | class SSLStreamAdapterTestBase : public ::testing::Test, |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 315 | public sigslot::has_slots<> { |
| 316 | public: |
torbjorng | 4e57247 | 2015-10-08 16:42:49 | [diff] [blame] | 317 | SSLStreamAdapterTestBase( |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 318 | absl::string_view client_cert_pem, |
| 319 | absl::string_view client_private_key_pem, |
torbjorng | 4e57247 | 2015-10-08 16:42:49 | [diff] [blame] | 320 | bool dtls, |
| 321 | rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT), |
| 322 | rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT)) |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 323 | : client_cert_pem_(client_cert_pem), |
| 324 | client_private_key_pem_(client_private_key_pem), |
| 325 | client_key_type_(client_key_type), |
| 326 | server_key_type_(server_key_type), |
deadbeef | 37f5ecf | 2017-02-27 22:06:41 | [diff] [blame] | 327 | client_stream_(nullptr), |
| 328 | server_stream_(nullptr), |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 329 | delay_(0), |
| 330 | mtu_(1460), |
| 331 | loss_(0), |
| 332 | lose_first_packet_(false), |
| 333 | damage_(false), |
| 334 | dtls_(dtls), |
| 335 | handshake_wait_(5000), |
Benjamin Wright | af1f865 | 2019-04-01 18:25:23 | [diff] [blame] | 336 | identities_set_(false) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 337 | // Set use of the test RNG to get predictable loss patterns. |
| 338 | rtc::SetRandomTestMode(true); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 339 | } |
| 340 | |
Steve Anton | 9de3aac | 2017-10-24 17:08:26 | [diff] [blame] | 341 | ~SSLStreamAdapterTestBase() override { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 342 | // Put it back for the next test. |
| 343 | rtc::SetRandomTestMode(false); |
| 344 | } |
| 345 | |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 346 | void SetUp() override { |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 347 | CreateStreams(); |
| 348 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 349 | client_ssl_ = |
| 350 | rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_)); |
| 351 | server_ssl_ = |
| 352 | rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_)); |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 353 | |
| 354 | // Set up the slots |
| 355 | client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 356 | server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 357 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 358 | std::unique_ptr<rtc::SSLIdentity> client_identity; |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 359 | if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) { |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 360 | client_identity = rtc::SSLIdentity::CreateFromPEMStrings( |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 361 | client_private_key_pem_, client_cert_pem_); |
| 362 | } else { |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 363 | client_identity = rtc::SSLIdentity::Create("client", client_key_type_); |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 364 | } |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 365 | auto server_identity = rtc::SSLIdentity::Create("server", server_key_type_); |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 366 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 367 | client_ssl_->SetIdentity(std::move(client_identity)); |
| 368 | server_ssl_->SetIdentity(std::move(server_identity)); |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 369 | } |
| 370 | |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 371 | void TearDown() override { |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 372 | client_ssl_.reset(nullptr); |
| 373 | server_ssl_.reset(nullptr); |
| 374 | } |
| 375 | |
| 376 | virtual void CreateStreams() = 0; |
| 377 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 378 | // Recreate the client/server identities with the specified validity period. |
Artem Titov | 96e3b99 | 2021-07-26 14:03:14 | [diff] [blame] | 379 | // `not_before` and `not_after` are offsets from the current time in number |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 380 | // of seconds. |
| 381 | void ResetIdentitiesWithValidity(int not_before, int not_after) { |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 382 | CreateStreams(); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 383 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 384 | client_ssl_ = |
| 385 | rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_)); |
| 386 | server_ssl_ = |
| 387 | rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_)); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 388 | |
| 389 | client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 390 | server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 391 | |
Torbjorn Granlund | 46c9cc0 | 2015-12-01 12:06:34 | [diff] [blame] | 392 | time_t now = time(nullptr); |
| 393 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 394 | rtc::SSLIdentityParams client_params; |
torbjorng | 4e57247 | 2015-10-08 16:42:49 | [diff] [blame] | 395 | client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 396 | client_params.common_name = "client"; |
Torbjorn Granlund | 46c9cc0 | 2015-12-01 12:06:34 | [diff] [blame] | 397 | client_params.not_before = now + not_before; |
| 398 | client_params.not_after = now + not_after; |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 399 | auto client_identity = rtc::SSLIdentity::CreateForTest(client_params); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 400 | |
| 401 | rtc::SSLIdentityParams server_params; |
torbjorng | 4e57247 | 2015-10-08 16:42:49 | [diff] [blame] | 402 | server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 403 | server_params.common_name = "server"; |
Torbjorn Granlund | 46c9cc0 | 2015-12-01 12:06:34 | [diff] [blame] | 404 | server_params.not_before = now + not_before; |
| 405 | server_params.not_after = now + not_after; |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 406 | auto server_identity = rtc::SSLIdentity::CreateForTest(server_params); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 407 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 408 | client_ssl_->SetIdentity(std::move(client_identity)); |
| 409 | server_ssl_->SetIdentity(std::move(server_identity)); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 410 | } |
| 411 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 412 | virtual void OnEvent(rtc::StreamInterface* stream, int sig, int err) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 413 | RTC_LOG(LS_VERBOSE) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 414 | |
| 415 | if (sig & rtc::SE_READ) { |
| 416 | ReadData(stream); |
| 417 | } |
| 418 | |
| 419 | if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) { |
| 420 | WriteData(); |
| 421 | } |
| 422 | } |
| 423 | |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 424 | void SetPeerIdentitiesByDigest(bool correct, bool expect_success) { |
| 425 | unsigned char server_digest[20]; |
| 426 | size_t server_digest_len; |
| 427 | unsigned char client_digest[20]; |
| 428 | size_t client_digest_len; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 429 | bool rv; |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 430 | rtc::SSLPeerCertificateDigestError err; |
| 431 | rtc::SSLPeerCertificateDigestError expected_err = |
| 432 | expect_success |
| 433 | ? rtc::SSLPeerCertificateDigestError::NONE |
| 434 | : rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 435 | |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 436 | RTC_LOG(LS_INFO) << "Setting peer identities by digest"; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 437 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 438 | rv = server_identity()->certificate().ComputeDigest( |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 439 | rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 440 | ASSERT_TRUE(rv); |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 441 | rv = client_identity()->certificate().ComputeDigest( |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 442 | rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len); |
| 443 | ASSERT_TRUE(rv); |
| 444 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 445 | if (!correct) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 446 | RTC_LOG(LS_INFO) << "Setting bogus digest for server cert"; |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 447 | server_digest[0]++; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 448 | } |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 449 | rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest, |
| 450 | server_digest_len, &err); |
| 451 | EXPECT_EQ(expected_err, err); |
| 452 | EXPECT_EQ(expect_success, rv); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 453 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 454 | if (!correct) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 455 | RTC_LOG(LS_INFO) << "Setting bogus digest for client cert"; |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 456 | client_digest[0]++; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 457 | } |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 458 | rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, client_digest, |
| 459 | client_digest_len, &err); |
| 460 | EXPECT_EQ(expected_err, err); |
| 461 | EXPECT_EQ(expect_success, rv); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 462 | |
| 463 | identities_set_ = true; |
| 464 | } |
| 465 | |
Joachim Bauch | 831c558 | 2015-05-20 10:48:41 | [diff] [blame] | 466 | void SetupProtocolVersions(rtc::SSLProtocolVersion server_version, |
| 467 | rtc::SSLProtocolVersion client_version) { |
| 468 | server_ssl_->SetMaxProtocolVersion(server_version); |
| 469 | client_ssl_->SetMaxProtocolVersion(client_version); |
| 470 | } |
| 471 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 472 | void TestHandshake(bool expect_success = true) { |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 473 | server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS); |
| 474 | client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 475 | |
| 476 | if (!dtls_) { |
| 477 | // Make sure we simulate a reliable network for TLS. |
| 478 | // This is just a check to make sure that people don't write wrong |
| 479 | // tests. |
nisse | c16fa5e | 2017-02-07 15:18:43 | [diff] [blame] | 480 | RTC_CHECK_EQ(1460, mtu_); |
| 481 | RTC_CHECK(!loss_); |
| 482 | RTC_CHECK(!lose_first_packet_); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 483 | } |
| 484 | |
| 485 | if (!identities_set_) |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 486 | SetPeerIdentitiesByDigest(true, true); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 487 | |
| 488 | // Start the handshake |
| 489 | int rv; |
| 490 | |
| 491 | server_ssl_->SetServerRole(); |
Taylor Brandstetter | c8762a8 | 2016-08-11 19:01:49 | [diff] [blame] | 492 | rv = server_ssl_->StartSSL(); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 493 | ASSERT_EQ(0, rv); |
| 494 | |
Taylor Brandstetter | c8762a8 | 2016-08-11 19:01:49 | [diff] [blame] | 495 | rv = client_ssl_->StartSSL(); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 496 | ASSERT_EQ(0, rv); |
| 497 | |
| 498 | // Now run the handshake |
| 499 | if (expect_success) { |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 500 | EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN) && |
| 501 | (server_ssl_->GetState() == rtc::SS_OPEN), |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 502 | handshake_wait_); |
| 503 | } else { |
| 504 | EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED, |
| 505 | handshake_wait_); |
| 506 | } |
| 507 | } |
| 508 | |
Philipp Hancke | 9c83d9d | 2022-04-28 17:01:28 | [diff] [blame] | 509 | // This tests that we give up after 12 DTLS resends. |
| 510 | void TestHandshakeTimeout() { |
| 511 | rtc::ScopedFakeClock clock; |
| 512 | int64_t time_start = clock.TimeNanos(); |
| 513 | webrtc::TimeDelta time_increment = webrtc::TimeDelta::Millis(1000); |
| 514 | server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS); |
| 515 | client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS); |
| 516 | |
| 517 | if (!dtls_) { |
| 518 | // Make sure we simulate a reliable network for TLS. |
| 519 | // This is just a check to make sure that people don't write wrong |
| 520 | // tests. |
| 521 | RTC_CHECK_EQ(1460, mtu_); |
| 522 | RTC_CHECK(!loss_); |
| 523 | RTC_CHECK(!lose_first_packet_); |
| 524 | } |
| 525 | |
| 526 | if (!identities_set_) |
| 527 | SetPeerIdentitiesByDigest(true, true); |
| 528 | |
| 529 | // Start the handshake |
| 530 | int rv; |
| 531 | |
| 532 | server_ssl_->SetServerRole(); |
| 533 | rv = server_ssl_->StartSSL(); |
| 534 | ASSERT_EQ(0, rv); |
| 535 | |
| 536 | rv = client_ssl_->StartSSL(); |
| 537 | ASSERT_EQ(0, rv); |
| 538 | |
| 539 | // Now wait for the handshake to timeout (or fail after an hour of simulated |
| 540 | // time). |
| 541 | while (client_ssl_->GetState() == rtc::SS_OPENING && |
| 542 | (rtc::TimeDiff(clock.TimeNanos(), time_start) < |
| 543 | 3600 * rtc::kNumNanosecsPerSec)) { |
| 544 | EXPECT_TRUE_WAIT(!((client_ssl_->GetState() == rtc::SS_OPEN) && |
| 545 | (server_ssl_->GetState() == rtc::SS_OPEN)), |
| 546 | 1000); |
| 547 | clock.AdvanceTime(time_increment); |
| 548 | } |
| 549 | RTC_CHECK_EQ(client_ssl_->GetState(), rtc::SS_CLOSED); |
| 550 | } |
| 551 | |
Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 552 | // This tests that the handshake can complete before the identity is verified, |
| 553 | // and the identity will be verified after the fact. It also verifies that |
| 554 | // packets can't be read or written before the identity has been verified. |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 555 | void TestHandshakeWithDelayedIdentity(bool valid_identity) { |
| 556 | server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS); |
| 557 | client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS); |
| 558 | |
| 559 | if (!dtls_) { |
| 560 | // Make sure we simulate a reliable network for TLS. |
| 561 | // This is just a check to make sure that people don't write wrong |
| 562 | // tests. |
nisse | c16fa5e | 2017-02-07 15:18:43 | [diff] [blame] | 563 | RTC_CHECK_EQ(1460, mtu_); |
| 564 | RTC_CHECK(!loss_); |
| 565 | RTC_CHECK(!lose_first_packet_); |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 566 | } |
| 567 | |
| 568 | // Start the handshake |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 569 | server_ssl_->SetServerRole(); |
Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 570 | ASSERT_EQ(0, server_ssl_->StartSSL()); |
| 571 | ASSERT_EQ(0, client_ssl_->StartSSL()); |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 572 | |
| 573 | // Now run the handshake. |
| 574 | EXPECT_TRUE_WAIT( |
| 575 | client_ssl_->IsTlsConnected() && server_ssl_->IsTlsConnected(), |
| 576 | handshake_wait_); |
| 577 | |
| 578 | // Until the identity has been verified, the state should still be |
| 579 | // SS_OPENING and writes should return SR_BLOCK. |
| 580 | EXPECT_EQ(rtc::SS_OPENING, client_ssl_->GetState()); |
| 581 | EXPECT_EQ(rtc::SS_OPENING, server_ssl_->GetState()); |
Harald Alvestrand | 1f609c8 | 2022-11-07 17:12:07 | [diff] [blame] | 582 | uint8_t packet[1]; |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 583 | size_t sent; |
Harald Alvestrand | 1f609c8 | 2022-11-07 17:12:07 | [diff] [blame] | 584 | int error; |
| 585 | EXPECT_EQ(rtc::SR_BLOCK, client_ssl_->Write(packet, sent, error)); |
| 586 | EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Write(packet, sent, error)); |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 587 | |
Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 588 | // Collect both of the certificate digests; needs to be done before calling |
| 589 | // SetPeerCertificateDigest as that may reset the identity. |
| 590 | unsigned char server_digest[20]; |
| 591 | size_t server_digest_len; |
| 592 | unsigned char client_digest[20]; |
| 593 | size_t client_digest_len; |
| 594 | bool rv; |
| 595 | |
| 596 | rv = server_identity()->certificate().ComputeDigest( |
| 597 | rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len); |
| 598 | ASSERT_TRUE(rv); |
| 599 | rv = client_identity()->certificate().ComputeDigest( |
| 600 | rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len); |
| 601 | ASSERT_TRUE(rv); |
| 602 | |
| 603 | if (!valid_identity) { |
| 604 | RTC_LOG(LS_INFO) << "Setting bogus digest for client/server certs"; |
| 605 | client_digest[0]++; |
| 606 | server_digest[0]++; |
| 607 | } |
| 608 | |
| 609 | // Set the peer certificate digest for the client. |
| 610 | rtc::SSLPeerCertificateDigestError err; |
| 611 | rtc::SSLPeerCertificateDigestError expected_err = |
| 612 | valid_identity |
| 613 | ? rtc::SSLPeerCertificateDigestError::NONE |
| 614 | : rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED; |
| 615 | rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest, |
| 616 | server_digest_len, &err); |
| 617 | EXPECT_EQ(expected_err, err); |
| 618 | EXPECT_EQ(valid_identity, rv); |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 619 | // State should then transition to SS_OPEN or SS_CLOSED based on validation |
| 620 | // of the identity. |
| 621 | if (valid_identity) { |
| 622 | EXPECT_EQ(rtc::SS_OPEN, client_ssl_->GetState()); |
Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 623 | // If the client sends a packet while the server still hasn't verified the |
| 624 | // client identity, the server should continue to return SR_BLOCK. |
Harald Alvestrand | 1f609c8 | 2022-11-07 17:12:07 | [diff] [blame] | 625 | int error; |
| 626 | EXPECT_EQ(rtc::SR_SUCCESS, client_ssl_->Write(packet, sent, error)); |
| 627 | size_t read; |
| 628 | EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Read(packet, read, error)); |
Taylor Brandstetter | 72f638a | 2020-11-15 21:01:15 | [diff] [blame] | 629 | } else { |
Sam Zackrisson | 7e6290d | 2020-12-10 07:55:28 | [diff] [blame] | 630 | EXPECT_EQ(rtc::SS_CLOSED, client_ssl_->GetState()); |
Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 631 | } |
| 632 | |
| 633 | // Set the peer certificate digest for the server. |
| 634 | rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, client_digest, |
| 635 | client_digest_len, &err); |
| 636 | EXPECT_EQ(expected_err, err); |
| 637 | EXPECT_EQ(valid_identity, rv); |
| 638 | if (valid_identity) { |
| 639 | EXPECT_EQ(rtc::SS_OPEN, server_ssl_->GetState()); |
| 640 | } else { |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 641 | EXPECT_EQ(rtc::SS_CLOSED, server_ssl_->GetState()); |
| 642 | } |
| 643 | } |
| 644 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 645 | rtc::StreamResult DataWritten(SSLDummyStreamBase* from, |
| 646 | const void* data, |
| 647 | size_t data_len, |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 648 | size_t& written, |
| 649 | int& error) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 650 | // Randomly drop loss_ percent of packets |
Peter Boström | 0c4e06b | 2015-10-07 10:23:21 | [diff] [blame] | 651 | if (rtc::CreateRandomId() % 100 < static_cast<uint32_t>(loss_)) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 652 | RTC_LOG(LS_VERBOSE) << "Randomly dropping packet, size=" << data_len; |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 653 | written = data_len; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 654 | return rtc::SR_SUCCESS; |
| 655 | } |
| 656 | if (dtls_ && (data_len > mtu_)) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 657 | RTC_LOG(LS_VERBOSE) << "Dropping packet > mtu, size=" << data_len; |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 658 | written = data_len; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 659 | return rtc::SR_SUCCESS; |
| 660 | } |
| 661 | |
| 662 | // Optionally damage application data (type 23). Note that we don't damage |
| 663 | // handshake packets and we damage the last byte to keep the header |
| 664 | // intact but break the MAC. |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 665 | if (damage_ && (*static_cast<const unsigned char*>(data) == 23)) { |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 666 | std::vector<uint8_t> buf(data_len); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 667 | |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 668 | RTC_LOG(LS_VERBOSE) << "Damaging packet"; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 669 | |
| 670 | memcpy(&buf[0], data, data_len); |
| 671 | buf[data_len - 1]++; |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 672 | return from->WriteData(rtc::MakeArrayView(&buf[0], data_len), written, |
| 673 | error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 674 | } |
| 675 | |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 676 | return from->WriteData( |
| 677 | rtc::MakeArrayView(reinterpret_cast<const uint8_t*>(data), data_len), |
| 678 | written, error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 679 | } |
| 680 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 681 | void SetDelay(int delay) { delay_ = delay; } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 682 | int GetDelay() { return delay_; } |
| 683 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 684 | void SetLoseFirstPacket(bool lose) { lose_first_packet_ = lose; } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 685 | bool GetLoseFirstPacket() { return lose_first_packet_; } |
| 686 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 687 | void SetLoss(int percent) { loss_ = percent; } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 688 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 689 | void SetDamage() { damage_ = true; } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 690 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 691 | void SetMtu(size_t mtu) { mtu_ = mtu; } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 692 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 693 | void SetHandshakeWait(int wait) { handshake_wait_ = wait; } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 694 | |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 695 | void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 696 | if (client) |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 697 | client_ssl_->SetDtlsSrtpCryptoSuites(ciphers); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 698 | else |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 699 | server_ssl_->SetDtlsSrtpCryptoSuites(ciphers); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 700 | } |
| 701 | |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 702 | bool GetDtlsSrtpCryptoSuite(bool client, int* retval) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 703 | if (client) |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 704 | return client_ssl_->GetDtlsSrtpCryptoSuite(retval); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 705 | else |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 706 | return server_ssl_->GetDtlsSrtpCryptoSuite(retval); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 707 | } |
| 708 | |
jbauch | 555604a | 2016-04-26 10:13:22 | [diff] [blame] | 709 | std::unique_ptr<rtc::SSLCertificate> GetPeerCertificate(bool client) { |
Taylor Brandstetter | c392866 | 2018-02-23 21:04:51 | [diff] [blame] | 710 | std::unique_ptr<rtc::SSLCertChain> chain; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 711 | if (client) |
Taylor Brandstetter | c392866 | 2018-02-23 21:04:51 | [diff] [blame] | 712 | chain = client_ssl_->GetPeerSSLCertChain(); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 713 | else |
Taylor Brandstetter | c392866 | 2018-02-23 21:04:51 | [diff] [blame] | 714 | chain = server_ssl_->GetPeerSSLCertChain(); |
Steve Anton | f25303e | 2018-10-16 22:23:31 | [diff] [blame] | 715 | return (chain && chain->GetSize()) ? chain->Get(0).Clone() : nullptr; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 716 | } |
| 717 | |
Guo-wei Shieh | 6caafbe | 2015-10-05 19:43:27 | [diff] [blame] | 718 | bool GetSslCipherSuite(bool client, int* retval) { |
pthatcher@webrtc.org | 3ee4fe5 | 2015-02-11 22:34:36 | [diff] [blame] | 719 | if (client) |
Guo-wei Shieh | 456696a | 2015-10-01 04:48:54 | [diff] [blame] | 720 | return client_ssl_->GetSslCipherSuite(retval); |
pthatcher@webrtc.org | 3ee4fe5 | 2015-02-11 22:34:36 | [diff] [blame] | 721 | else |
Guo-wei Shieh | 456696a | 2015-10-01 04:48:54 | [diff] [blame] | 722 | return server_ssl_->GetSslCipherSuite(retval); |
pthatcher@webrtc.org | 3ee4fe5 | 2015-02-11 22:34:36 | [diff] [blame] | 723 | } |
| 724 | |
torbjorng | 43166b8 | 2016-03-11 08:06:47 | [diff] [blame] | 725 | int GetSslVersion(bool client) { |
| 726 | if (client) |
| 727 | return client_ssl_->GetSslVersion(); |
| 728 | else |
| 729 | return server_ssl_->GetSslVersion(); |
| 730 | } |
| 731 | |
Ali Tofigh | 2ab914c | 2022-04-13 10:55:15 | [diff] [blame] | 732 | bool ExportKeyingMaterial(absl::string_view label, |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 733 | const unsigned char* context, |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 734 | size_t context_len, |
| 735 | bool use_context, |
| 736 | bool client, |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 737 | unsigned char* result, |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 738 | size_t result_len) { |
| 739 | if (client) |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 740 | return client_ssl_->ExportKeyingMaterial(label, context, context_len, |
| 741 | use_context, result, result_len); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 742 | else |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 743 | return server_ssl_->ExportKeyingMaterial(label, context, context_len, |
| 744 | use_context, result, result_len); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 745 | } |
| 746 | |
| 747 | // To be implemented by subclasses. |
| 748 | virtual void WriteData() = 0; |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 749 | virtual void ReadData(rtc::StreamInterface* stream) = 0; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 750 | virtual void TestTransfer(int size) = 0; |
| 751 | |
| 752 | protected: |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 753 | rtc::SSLIdentity* client_identity() const { |
| 754 | if (!client_ssl_) { |
| 755 | return nullptr; |
| 756 | } |
| 757 | return client_ssl_->GetIdentityForTesting(); |
| 758 | } |
| 759 | rtc::SSLIdentity* server_identity() const { |
| 760 | if (!server_ssl_) { |
| 761 | return nullptr; |
| 762 | } |
| 763 | return server_ssl_->GetIdentityForTesting(); |
| 764 | } |
| 765 | |
Niels Möller | 83830f3 | 2022-05-20 07:12:57 | [diff] [blame] | 766 | rtc::AutoThread main_thread_; |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 767 | std::string client_cert_pem_; |
| 768 | std::string client_private_key_pem_; |
| 769 | rtc::KeyParams client_key_type_; |
| 770 | rtc::KeyParams server_key_type_; |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 771 | SSLDummyStreamBase* client_stream_; // freed by client_ssl_ destructor |
| 772 | SSLDummyStreamBase* server_stream_; // freed by server_ssl_ destructor |
jbauch | 555604a | 2016-04-26 10:13:22 | [diff] [blame] | 773 | std::unique_ptr<rtc::SSLStreamAdapter> client_ssl_; |
| 774 | std::unique_ptr<rtc::SSLStreamAdapter> server_ssl_; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 775 | int delay_; |
| 776 | size_t mtu_; |
| 777 | int loss_; |
| 778 | bool lose_first_packet_; |
| 779 | bool damage_; |
| 780 | bool dtls_; |
| 781 | int handshake_wait_; |
| 782 | bool identities_set_; |
| 783 | }; |
| 784 | |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 785 | class SSLStreamAdapterTestTLS |
| 786 | : public SSLStreamAdapterTestBase, |
torbjorng | 4e57247 | 2015-10-08 16:42:49 | [diff] [blame] | 787 | public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 788 | public: |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 789 | SSLStreamAdapterTestTLS() |
| 790 | : SSLStreamAdapterTestBase("", |
| 791 | "", |
| 792 | false, |
| 793 | ::testing::get<0>(GetParam()), |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 794 | ::testing::get<1>(GetParam())), |
| 795 | client_buffer_(kFifoBufferSize), |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 796 | server_buffer_(kFifoBufferSize) {} |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 797 | |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 798 | void CreateStreams() override { |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 799 | client_stream_ = |
| 800 | new SSLDummyStreamTLS(this, "c2s", &client_buffer_, &server_buffer_); |
| 801 | server_stream_ = |
| 802 | new SSLDummyStreamTLS(this, "s2c", &server_buffer_, &client_buffer_); |
| 803 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 804 | |
| 805 | // Test data transfer for TLS |
nisse | ef8b61e | 2016-04-29 13:09:15 | [diff] [blame] | 806 | void TestTransfer(int size) override { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 807 | RTC_LOG(LS_INFO) << "Starting transfer test with " << size << " bytes"; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 808 | // Create some dummy data to send. |
| 809 | size_t received; |
| 810 | |
| 811 | send_stream_.ReserveSize(size); |
| 812 | for (int i = 0; i < size; ++i) { |
Harald Alvestrand | dd4c406 | 2022-11-16 07:29:57 | [diff] [blame] | 813 | uint8_t ch = static_cast<uint8_t>(i); |
| 814 | size_t written; |
| 815 | int error; |
| 816 | send_stream_.Write(rtc::MakeArrayView(&ch, 1), written, error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 817 | } |
| 818 | send_stream_.Rewind(); |
| 819 | |
| 820 | // Prepare the receive stream. |
| 821 | recv_stream_.ReserveSize(size); |
| 822 | |
| 823 | // Start sending |
| 824 | WriteData(); |
| 825 | |
| 826 | // Wait for the client to close |
| 827 | EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000); |
| 828 | |
| 829 | // Now check the data |
| 830 | recv_stream_.GetSize(&received); |
| 831 | |
| 832 | EXPECT_EQ(static_cast<size_t>(size), received); |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 833 | EXPECT_EQ(0, |
| 834 | memcmp(send_stream_.GetBuffer(), recv_stream_.GetBuffer(), size)); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 835 | } |
| 836 | |
nisse | ef8b61e | 2016-04-29 13:09:15 | [diff] [blame] | 837 | void WriteData() override { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 838 | size_t position, tosend, size; |
| 839 | rtc::StreamResult rv; |
| 840 | size_t sent; |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 841 | uint8_t block[kBlockSize]; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 842 | |
| 843 | send_stream_.GetSize(&size); |
| 844 | if (!size) |
| 845 | return; |
| 846 | |
| 847 | for (;;) { |
| 848 | send_stream_.GetPosition(&position); |
Harald Alvestrand | dd4c406 | 2022-11-16 07:29:57 | [diff] [blame] | 849 | int dummy_error; |
| 850 | if (send_stream_.Read(block, tosend, dummy_error) != rtc::SR_EOS) { |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 851 | int error; |
| 852 | rv = client_ssl_->Write(rtc::MakeArrayView(block, tosend), sent, error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 853 | |
| 854 | if (rv == rtc::SR_SUCCESS) { |
| 855 | send_stream_.SetPosition(position + sent); |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 856 | RTC_LOG(LS_VERBOSE) << "Sent: " << position + sent; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 857 | } else if (rv == rtc::SR_BLOCK) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 858 | RTC_LOG(LS_VERBOSE) << "Blocked..."; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 859 | send_stream_.SetPosition(position); |
| 860 | break; |
| 861 | } else { |
| 862 | ADD_FAILURE(); |
| 863 | break; |
| 864 | } |
| 865 | } else { |
| 866 | // Now close |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 867 | RTC_LOG(LS_INFO) << "Wrote " << position << " bytes. Closing"; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 868 | client_ssl_->Close(); |
| 869 | break; |
| 870 | } |
| 871 | } |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 872 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 873 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 874 | void ReadData(rtc::StreamInterface* stream) override { |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 875 | uint8_t buffer[1600]; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 876 | size_t bread; |
| 877 | int err2; |
| 878 | rtc::StreamResult r; |
| 879 | |
| 880 | for (;;) { |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 881 | r = stream->Read(buffer, bread, err2); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 882 | |
| 883 | if (r == rtc::SR_ERROR || r == rtc::SR_EOS) { |
| 884 | // Unfortunately, errors are the way that the stream adapter |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 885 | // signals close in OpenSSL. |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 886 | stream->Close(); |
| 887 | return; |
| 888 | } |
| 889 | |
| 890 | if (r == rtc::SR_BLOCK) |
| 891 | break; |
| 892 | |
| 893 | ASSERT_EQ(rtc::SR_SUCCESS, r); |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 894 | RTC_LOG(LS_VERBOSE) << "Read " << bread; |
Harald Alvestrand | dd4c406 | 2022-11-16 07:29:57 | [diff] [blame] | 895 | size_t written; |
| 896 | int error; |
| 897 | recv_stream_.Write(rtc::MakeArrayView(buffer, bread), written, error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 898 | } |
| 899 | } |
| 900 | |
| 901 | private: |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 902 | rtc::FifoBuffer client_buffer_; |
| 903 | rtc::FifoBuffer server_buffer_; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 904 | rtc::MemoryStream send_stream_; |
| 905 | rtc::MemoryStream recv_stream_; |
| 906 | }; |
| 907 | |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 908 | class SSLStreamAdapterTestDTLSBase : public SSLStreamAdapterTestBase { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 909 | public: |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 910 | SSLStreamAdapterTestDTLSBase(rtc::KeyParams param1, rtc::KeyParams param2) |
| 911 | : SSLStreamAdapterTestBase("", "", true, param1, param2), |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 912 | client_buffer_(kBufferCapacity, kDefaultBufferSize), |
| 913 | server_buffer_(kBufferCapacity, kDefaultBufferSize), |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 914 | packet_size_(1000), |
| 915 | count_(0), |
| 916 | sent_(0) {} |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 917 | |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 918 | SSLStreamAdapterTestDTLSBase(absl::string_view cert_pem, |
| 919 | absl::string_view private_key_pem) |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 920 | : SSLStreamAdapterTestBase(cert_pem, private_key_pem, true), |
| 921 | client_buffer_(kBufferCapacity, kDefaultBufferSize), |
| 922 | server_buffer_(kBufferCapacity, kDefaultBufferSize), |
| 923 | packet_size_(1000), |
| 924 | count_(0), |
| 925 | sent_(0) {} |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 926 | |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 927 | void CreateStreams() override { |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 928 | client_stream_ = |
| 929 | new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_); |
| 930 | server_stream_ = |
| 931 | new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_); |
| 932 | } |
| 933 | |
nisse | ef8b61e | 2016-04-29 13:09:15 | [diff] [blame] | 934 | void WriteData() override { |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 935 | uint8_t* packet = new uint8_t[1600]; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 936 | |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 937 | while (sent_ < count_) { |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 938 | unsigned int rand_state = sent_; |
| 939 | packet[0] = sent_; |
| 940 | for (size_t i = 1; i < packet_size_; i++) { |
| 941 | // This is a simple LC PRNG. Keep in synch with identical code below. |
| 942 | rand_state = (rand_state * 251 + 19937) >> 7; |
| 943 | packet[i] = rand_state & 0xff; |
| 944 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 945 | |
| 946 | size_t sent; |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 947 | int error; |
| 948 | rtc::StreamResult rv = client_ssl_->Write( |
| 949 | rtc::MakeArrayView(packet, packet_size_), sent, error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 950 | if (rv == rtc::SR_SUCCESS) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 951 | RTC_LOG(LS_VERBOSE) << "Sent: " << sent_; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 952 | sent_++; |
| 953 | } else if (rv == rtc::SR_BLOCK) { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 954 | RTC_LOG(LS_VERBOSE) << "Blocked..."; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 955 | break; |
| 956 | } else { |
| 957 | ADD_FAILURE(); |
| 958 | break; |
| 959 | } |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 960 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 961 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 962 | delete[] packet; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 963 | } |
| 964 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 965 | void ReadData(rtc::StreamInterface* stream) override { |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 966 | uint8_t buffer[2000]; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 967 | size_t bread; |
| 968 | int err2; |
| 969 | rtc::StreamResult r; |
| 970 | |
| 971 | for (;;) { |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 972 | r = stream->Read(buffer, bread, err2); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 973 | |
| 974 | if (r == rtc::SR_ERROR) { |
| 975 | // Unfortunately, errors are the way that the stream adapter |
| 976 | // signals close right now |
| 977 | stream->Close(); |
| 978 | return; |
| 979 | } |
| 980 | |
| 981 | if (r == rtc::SR_BLOCK) |
| 982 | break; |
| 983 | |
| 984 | ASSERT_EQ(rtc::SR_SUCCESS, r); |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 985 | RTC_LOG(LS_VERBOSE) << "Read " << bread; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 986 | |
| 987 | // Now parse the datagram |
| 988 | ASSERT_EQ(packet_size_, bread); |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 989 | unsigned char packet_num = buffer[0]; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 990 | |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 991 | unsigned int rand_state = packet_num; |
| 992 | for (size_t i = 1; i < packet_size_; i++) { |
| 993 | // This is a simple LC PRNG. Keep in synch with identical code above. |
| 994 | rand_state = (rand_state * 251 + 19937) >> 7; |
| 995 | ASSERT_EQ(rand_state & 0xff, buffer[i]); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 996 | } |
| 997 | received_.insert(packet_num); |
| 998 | } |
| 999 | } |
| 1000 | |
nisse | ef8b61e | 2016-04-29 13:09:15 | [diff] [blame] | 1001 | void TestTransfer(int count) override { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1002 | count_ = count; |
| 1003 | |
| 1004 | WriteData(); |
| 1005 | |
| 1006 | EXPECT_TRUE_WAIT(sent_ == count_, 10000); |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 1007 | RTC_LOG(LS_INFO) << "sent_ == " << sent_; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1008 | |
| 1009 | if (damage_) { |
| 1010 | WAIT(false, 2000); |
| 1011 | EXPECT_EQ(0U, received_.size()); |
| 1012 | } else if (loss_ == 0) { |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 1013 | EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1014 | } else { |
Mirko Bonadei | 675513b | 2017-11-09 10:09:25 | [diff] [blame] | 1015 | RTC_LOG(LS_INFO) << "Sent " << sent_ << " packets; received " |
| 1016 | << received_.size(); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1017 | } |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1018 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1019 | |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1020 | protected: |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 1021 | BufferQueueStream client_buffer_; |
| 1022 | BufferQueueStream server_buffer_; |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1023 | |
| 1024 | private: |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1025 | size_t packet_size_; |
| 1026 | int count_; |
| 1027 | int sent_; |
| 1028 | std::set<int> received_; |
| 1029 | }; |
| 1030 | |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1031 | class SSLStreamAdapterTestDTLS |
| 1032 | : public SSLStreamAdapterTestDTLSBase, |
| 1033 | public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> { |
| 1034 | public: |
| 1035 | SSLStreamAdapterTestDTLS() |
| 1036 | : SSLStreamAdapterTestDTLSBase(::testing::get<0>(GetParam()), |
| 1037 | ::testing::get<1>(GetParam())) {} |
| 1038 | |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 1039 | SSLStreamAdapterTestDTLS(absl::string_view cert_pem, |
| 1040 | absl::string_view private_key_pem) |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1041 | : SSLStreamAdapterTestDTLSBase(cert_pem, private_key_pem) {} |
| 1042 | }; |
| 1043 | |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 1044 | rtc::StreamResult SSLDummyStreamBase::Write(rtc::ArrayView<const uint8_t> data, |
| 1045 | size_t& written, |
| 1046 | int& error) { |
| 1047 | RTC_LOG(LS_VERBOSE) << "Writing to loopback " << data.size(); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1048 | |
| 1049 | if (first_packet_) { |
| 1050 | first_packet_ = false; |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 1051 | if (test_base_->GetLoseFirstPacket()) { |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 1052 | RTC_LOG(LS_INFO) << "Losing initial packet of length " << data.size(); |
| 1053 | written = data.size(); // Fake successful writing also to writer. |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1054 | return rtc::SR_SUCCESS; |
| 1055 | } |
| 1056 | } |
| 1057 | |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 1058 | return test_base_->DataWritten(this, data.data(), data.size(), written, |
| 1059 | error); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1060 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1061 | |
| 1062 | class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS { |
| 1063 | public: |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 1064 | SSLStreamAdapterTestDTLSFromPEMStrings() |
| 1065 | : SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {} |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1066 | }; |
| 1067 | |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1068 | // Test fixture for certificate chaining. Server will push more than one |
| 1069 | // certificate. |
| 1070 | class SSLStreamAdapterTestDTLSCertChain : public SSLStreamAdapterTestDTLS { |
| 1071 | public: |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1072 | SSLStreamAdapterTestDTLSCertChain() : SSLStreamAdapterTestDTLS("", "") {} |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1073 | void SetUp() override { |
| 1074 | CreateStreams(); |
| 1075 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1076 | client_ssl_ = |
| 1077 | rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_)); |
| 1078 | server_ssl_ = |
| 1079 | rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_)); |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1080 | |
| 1081 | // Set up the slots |
| 1082 | client_ssl_->SignalEvent.connect( |
| 1083 | reinterpret_cast<SSLStreamAdapterTestBase*>(this), |
| 1084 | &SSLStreamAdapterTestBase::OnEvent); |
| 1085 | server_ssl_->SignalEvent.connect( |
| 1086 | reinterpret_cast<SSLStreamAdapterTestBase*>(this), |
| 1087 | &SSLStreamAdapterTestBase::OnEvent); |
| 1088 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1089 | std::unique_ptr<rtc::SSLIdentity> client_identity; |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1090 | if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) { |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1091 | client_identity = rtc::SSLIdentity::CreateFromPEMStrings( |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1092 | client_private_key_pem_, client_cert_pem_); |
| 1093 | } else { |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1094 | client_identity = rtc::SSLIdentity::Create("client", client_key_type_); |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1095 | } |
| 1096 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1097 | client_ssl_->SetIdentity(std::move(client_identity)); |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1098 | } |
| 1099 | }; |
| 1100 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1101 | // Basic tests: TLS |
| 1102 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1103 | // Test that we can make a handshake work |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1104 | TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1105 | TestHandshake(); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1106 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1107 | |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1108 | TEST_P(SSLStreamAdapterTestTLS, GetPeerCertChainWithOneCertificate) { |
| 1109 | TestHandshake(); |
| 1110 | std::unique_ptr<rtc::SSLCertChain> cert_chain = |
| 1111 | client_ssl_->GetPeerSSLCertChain(); |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1112 | ASSERT_NE(nullptr, cert_chain); |
| 1113 | EXPECT_EQ(1u, cert_chain->GetSize()); |
Taylor Brandstetter | c392866 | 2018-02-23 21:04:51 | [diff] [blame] | 1114 | EXPECT_EQ(cert_chain->Get(0).ToPEMString(), |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1115 | server_identity()->certificate().ToPEMString()); |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1116 | } |
| 1117 | |
| 1118 | TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshake) { |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1119 | auto server_identity = rtc::SSLIdentity::CreateFromPEMChainStrings( |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1120 | kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert); |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1121 | server_ssl_->SetIdentity(std::move(server_identity)); |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1122 | TestHandshake(); |
| 1123 | std::unique_ptr<rtc::SSLCertChain> peer_cert_chain = |
| 1124 | client_ssl_->GetPeerSSLCertChain(); |
| 1125 | ASSERT_NE(nullptr, peer_cert_chain); |
| 1126 | ASSERT_EQ(2u, peer_cert_chain->GetSize()); |
| 1127 | EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString()); |
| 1128 | EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString()); |
| 1129 | } |
| 1130 | |
David Benjamin | ea84b6b | 2017-12-01 22:25:45 | [diff] [blame] | 1131 | TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshakeWithCopy) { |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1132 | server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings( |
| 1133 | kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert)); |
David Benjamin | ea84b6b | 2017-12-01 22:25:45 | [diff] [blame] | 1134 | TestHandshake(); |
| 1135 | std::unique_ptr<rtc::SSLCertChain> peer_cert_chain = |
| 1136 | client_ssl_->GetPeerSSLCertChain(); |
| 1137 | ASSERT_NE(nullptr, peer_cert_chain); |
| 1138 | ASSERT_EQ(2u, peer_cert_chain->GetSize()); |
| 1139 | EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString()); |
| 1140 | EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString()); |
| 1141 | } |
| 1142 | |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1143 | TEST_F(SSLStreamAdapterTestDTLSCertChain, ThreeCertHandshake) { |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1144 | server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings( |
| 1145 | kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kIntCert1 + kCACert)); |
Jian Cui | 0a8798b | 2017-11-17 00:58:02 | [diff] [blame] | 1146 | TestHandshake(); |
| 1147 | std::unique_ptr<rtc::SSLCertChain> peer_cert_chain = |
| 1148 | client_ssl_->GetPeerSSLCertChain(); |
| 1149 | ASSERT_NE(nullptr, peer_cert_chain); |
| 1150 | ASSERT_EQ(3u, peer_cert_chain->GetSize()); |
| 1151 | EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString()); |
| 1152 | EXPECT_EQ(kIntCert1, peer_cert_chain->Get(1).ToPEMString()); |
| 1153 | EXPECT_EQ(kCACert, peer_cert_chain->Get(2).ToPEMString()); |
| 1154 | } |
| 1155 | |
jiayl@webrtc.org | f1d751c | 2014-09-25 16:38:46 | [diff] [blame] | 1156 | // Test that closing the connection on one side updates the other side. |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1157 | TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) { |
jiayl@webrtc.org | f1d751c | 2014-09-25 16:38:46 | [diff] [blame] | 1158 | TestHandshake(); |
| 1159 | client_ssl_->Close(); |
| 1160 | EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1161 | } |
jiayl@webrtc.org | f1d751c | 2014-09-25 16:38:46 | [diff] [blame] | 1162 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1163 | // Test transfer -- trivial |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1164 | TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1165 | TestHandshake(); |
| 1166 | TestTransfer(100000); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1167 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1168 | |
| 1169 | // Test read-write after close. |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1170 | TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1171 | TestHandshake(); |
| 1172 | TestTransfer(100000); |
| 1173 | client_ssl_->Close(); |
| 1174 | |
| 1175 | rtc::StreamResult rv; |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 1176 | uint8_t block[kBlockSize]; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1177 | size_t dummy; |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 1178 | int error; |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1179 | |
| 1180 | // It's an error to write after closed. |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 1181 | rv = client_ssl_->Write(block, dummy, error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1182 | ASSERT_EQ(rtc::SR_ERROR, rv); |
| 1183 | |
| 1184 | // But after closed read gives you EOS. |
Harald Alvestrand | 11840ce | 2022-11-10 10:50:50 | [diff] [blame] | 1185 | rv = client_ssl_->Read(block, dummy, error); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1186 | ASSERT_EQ(rtc::SR_EOS, rv); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1187 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1188 | |
| 1189 | // Test a handshake with a bogus peer digest |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1190 | TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) { |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 1191 | SetPeerIdentitiesByDigest(false, true); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1192 | TestHandshake(false); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1193 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1194 | |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 1195 | TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentity) { |
| 1196 | TestHandshakeWithDelayedIdentity(true); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1197 | } |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 1198 | |
| 1199 | TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentityWithBogusDigest) { |
| 1200 | TestHandshakeWithDelayedIdentity(false); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1201 | } |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 1202 | |
| 1203 | // Test that the correct error is returned when SetPeerCertificateDigest is |
| 1204 | // called with an unknown algorithm. |
| 1205 | TEST_P(SSLStreamAdapterTestTLS, |
| 1206 | TestSetPeerCertificateDigestWithUnknownAlgorithm) { |
| 1207 | unsigned char server_digest[20]; |
| 1208 | size_t server_digest_len; |
| 1209 | bool rv; |
| 1210 | rtc::SSLPeerCertificateDigestError err; |
| 1211 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1212 | rv = server_identity()->certificate().ComputeDigest( |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 1213 | rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len); |
| 1214 | ASSERT_TRUE(rv); |
| 1215 | |
| 1216 | rv = client_ssl_->SetPeerCertificateDigest("unknown algorithm", server_digest, |
| 1217 | server_digest_len, &err); |
| 1218 | EXPECT_EQ(rtc::SSLPeerCertificateDigestError::UNKNOWN_ALGORITHM, err); |
| 1219 | EXPECT_FALSE(rv); |
| 1220 | } |
| 1221 | |
| 1222 | // Test that the correct error is returned when SetPeerCertificateDigest is |
| 1223 | // called with an invalid digest length. |
| 1224 | TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) { |
| 1225 | unsigned char server_digest[20]; |
| 1226 | size_t server_digest_len; |
| 1227 | bool rv; |
| 1228 | rtc::SSLPeerCertificateDigestError err; |
| 1229 | |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1230 | rv = server_identity()->certificate().ComputeDigest( |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 1231 | rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len); |
| 1232 | ASSERT_TRUE(rv); |
| 1233 | |
| 1234 | rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest, |
| 1235 | server_digest_len - 1, &err); |
| 1236 | EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err); |
| 1237 | EXPECT_FALSE(rv); |
| 1238 | } |
| 1239 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1240 | // Test moving a bunch of data |
| 1241 | |
| 1242 | // Basic tests: DTLS |
| 1243 | // Test that we can make a handshake work |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1244 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1245 | TestHandshake(); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1246 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1247 | |
| 1248 | // Test that we can make a handshake work if the first packet in |
| 1249 | // each direction is lost. This gives us predictable loss |
| 1250 | // rather than having to tune random |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1251 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1252 | SetLoseFirstPacket(true); |
| 1253 | TestHandshake(); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1254 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1255 | |
| 1256 | // Test a handshake with loss and delay |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1257 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1258 | SetLoseFirstPacket(true); |
| 1259 | SetDelay(2000); |
| 1260 | SetHandshakeWait(20000); |
| 1261 | TestHandshake(); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1262 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1263 | |
| 1264 | // Test a handshake with small MTU |
pbos@webrtc.org | 127ca3f | 2014-10-09 07:52:03 | [diff] [blame] | 1265 | // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1266 | TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1267 | SetMtu(700); |
| 1268 | SetHandshakeWait(20000); |
| 1269 | TestHandshake(); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1270 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1271 | |
Philipp Hancke | 9c83d9d | 2022-04-28 17:01:28 | [diff] [blame] | 1272 | // Test a handshake with total loss and timing out. |
| 1273 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectTimeout) { |
| 1274 | SetLoss(100); |
| 1275 | TestHandshakeTimeout(); |
| 1276 | } |
| 1277 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1278 | // Test transfer -- trivial |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 1279 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1280 | TestHandshake(); |
| 1281 | TestTransfer(100); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1282 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1283 | |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 1284 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1285 | TestHandshake(); |
| 1286 | SetLoss(10); |
| 1287 | TestTransfer(100); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1288 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1289 | |
jbauch | e488a0d | 2015-11-19 13:17:58 | [diff] [blame] | 1290 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1291 | SetDamage(); // Must be called first because first packet |
| 1292 | // write happens at end of handshake. |
| 1293 | TestHandshake(); |
| 1294 | TestTransfer(100); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1295 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1296 | |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 1297 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) { |
| 1298 | TestHandshakeWithDelayedIdentity(true); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1299 | } |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 1300 | |
| 1301 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) { |
| 1302 | TestHandshakeWithDelayedIdentity(false); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1303 | } |
deadbeef | 89824f6 | 2016-09-30 18:55:43 | [diff] [blame] | 1304 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1305 | // Test DTLS-SRTP with all high ciphers |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1306 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1307 | std::vector<int> high; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1308 | high.push_back(rtc::kSrtpAes128CmSha1_80); |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1309 | SetDtlsSrtpCryptoSuites(high, true); |
| 1310 | SetDtlsSrtpCryptoSuites(high, false); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1311 | TestHandshake(); |
| 1312 | |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1313 | int client_cipher; |
| 1314 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1315 | int server_cipher; |
| 1316 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1317 | |
| 1318 | ASSERT_EQ(client_cipher, server_cipher); |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1319 | ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1320 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1321 | |
| 1322 | // Test DTLS-SRTP with all low ciphers |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1323 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1324 | std::vector<int> low; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1325 | low.push_back(rtc::kSrtpAes128CmSha1_32); |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1326 | SetDtlsSrtpCryptoSuites(low, true); |
| 1327 | SetDtlsSrtpCryptoSuites(low, false); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1328 | TestHandshake(); |
| 1329 | |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1330 | int client_cipher; |
| 1331 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1332 | int server_cipher; |
| 1333 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1334 | |
| 1335 | ASSERT_EQ(client_cipher, server_cipher); |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1336 | ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_32); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1337 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1338 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1339 | // Test DTLS-SRTP with a mismatch -- should not converge |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1340 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1341 | std::vector<int> high; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1342 | high.push_back(rtc::kSrtpAes128CmSha1_80); |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1343 | std::vector<int> low; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1344 | low.push_back(rtc::kSrtpAes128CmSha1_32); |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1345 | SetDtlsSrtpCryptoSuites(high, true); |
| 1346 | SetDtlsSrtpCryptoSuites(low, false); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1347 | TestHandshake(); |
| 1348 | |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1349 | int client_cipher; |
| 1350 | ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1351 | int server_cipher; |
| 1352 | ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1353 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1354 | |
| 1355 | // Test DTLS-SRTP with each side being mixed -- should select high |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1356 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1357 | std::vector<int> mixed; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1358 | mixed.push_back(rtc::kSrtpAes128CmSha1_80); |
| 1359 | mixed.push_back(rtc::kSrtpAes128CmSha1_32); |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1360 | SetDtlsSrtpCryptoSuites(mixed, true); |
| 1361 | SetDtlsSrtpCryptoSuites(mixed, false); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1362 | TestHandshake(); |
| 1363 | |
Guo-wei Shieh | 521ed7b | 2015-11-19 03:41:53 | [diff] [blame] | 1364 | int client_cipher; |
| 1365 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1366 | int server_cipher; |
| 1367 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1368 | |
| 1369 | ASSERT_EQ(client_cipher, server_cipher); |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1370 | ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1371 | } |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1372 | |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1373 | // Test DTLS-SRTP with all GCM-128 ciphers. |
| 1374 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) { |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1375 | std::vector<int> gcm128; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1376 | gcm128.push_back(rtc::kSrtpAeadAes128Gcm); |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1377 | SetDtlsSrtpCryptoSuites(gcm128, true); |
| 1378 | SetDtlsSrtpCryptoSuites(gcm128, false); |
| 1379 | TestHandshake(); |
| 1380 | |
| 1381 | int client_cipher; |
| 1382 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1383 | int server_cipher; |
| 1384 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1385 | |
| 1386 | ASSERT_EQ(client_cipher, server_cipher); |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1387 | ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes128Gcm); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1388 | } |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1389 | |
| 1390 | // Test DTLS-SRTP with all GCM-256 ciphers. |
| 1391 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) { |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1392 | std::vector<int> gcm256; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1393 | gcm256.push_back(rtc::kSrtpAeadAes256Gcm); |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1394 | SetDtlsSrtpCryptoSuites(gcm256, true); |
| 1395 | SetDtlsSrtpCryptoSuites(gcm256, false); |
| 1396 | TestHandshake(); |
| 1397 | |
| 1398 | int client_cipher; |
| 1399 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1400 | int server_cipher; |
| 1401 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1402 | |
| 1403 | ASSERT_EQ(client_cipher, server_cipher); |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1404 | ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1405 | } |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1406 | |
| 1407 | // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge. |
| 1408 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) { |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1409 | std::vector<int> gcm128; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1410 | gcm128.push_back(rtc::kSrtpAeadAes128Gcm); |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1411 | std::vector<int> gcm256; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1412 | gcm256.push_back(rtc::kSrtpAeadAes256Gcm); |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1413 | SetDtlsSrtpCryptoSuites(gcm128, true); |
| 1414 | SetDtlsSrtpCryptoSuites(gcm256, false); |
| 1415 | TestHandshake(); |
| 1416 | |
| 1417 | int client_cipher; |
| 1418 | ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1419 | int server_cipher; |
| 1420 | ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1421 | } |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1422 | |
| 1423 | // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256. |
| 1424 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) { |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1425 | std::vector<int> gcmBoth; |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1426 | gcmBoth.push_back(rtc::kSrtpAeadAes256Gcm); |
| 1427 | gcmBoth.push_back(rtc::kSrtpAeadAes128Gcm); |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1428 | SetDtlsSrtpCryptoSuites(gcmBoth, true); |
| 1429 | SetDtlsSrtpCryptoSuites(gcmBoth, false); |
| 1430 | TestHandshake(); |
| 1431 | |
| 1432 | int client_cipher; |
| 1433 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); |
| 1434 | int server_cipher; |
| 1435 | ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); |
| 1436 | |
| 1437 | ASSERT_EQ(client_cipher, server_cipher); |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1438 | ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1439 | } |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1440 | |
| 1441 | // Test SRTP cipher suite lengths. |
| 1442 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) { |
| 1443 | int key_len; |
| 1444 | int salt_len; |
| 1445 | |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1446 | ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpInvalidCryptoSuite, |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 1447 | &key_len, &salt_len)); |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1448 | |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1449 | ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_32, &key_len, |
| 1450 | &salt_len)); |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 1451 | ASSERT_EQ(128 / 8, key_len); |
| 1452 | ASSERT_EQ(112 / 8, salt_len); |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1453 | |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1454 | ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_80, &key_len, |
| 1455 | &salt_len)); |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 1456 | ASSERT_EQ(128 / 8, key_len); |
| 1457 | ASSERT_EQ(112 / 8, salt_len); |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1458 | |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1459 | ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes128Gcm, &key_len, |
| 1460 | &salt_len)); |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 1461 | ASSERT_EQ(128 / 8, key_len); |
| 1462 | ASSERT_EQ(96 / 8, salt_len); |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1463 | |
Mirko Bonadei | 7750d80 | 2021-07-26 15:27:42 | [diff] [blame] | 1464 | ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes256Gcm, &key_len, |
| 1465 | &salt_len)); |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 1466 | ASSERT_EQ(256 / 8, key_len); |
| 1467 | ASSERT_EQ(96 / 8, salt_len); |
Mirko Bonadei | c4dd730 | 2019-02-25 08:12:02 | [diff] [blame] | 1468 | } |
jbauch | cb56065 | 2016-08-04 12:20:32 | [diff] [blame] | 1469 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1470 | // Test an exporter |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1471 | TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1472 | TestHandshake(); |
| 1473 | unsigned char client_out[20]; |
| 1474 | unsigned char server_out[20]; |
| 1475 | |
| 1476 | bool result; |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 1477 | result = ExportKeyingMaterial(kExporterLabel, kExporterContext, |
| 1478 | kExporterContextLen, true, true, client_out, |
| 1479 | sizeof(client_out)); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1480 | ASSERT_TRUE(result); |
| 1481 | |
Yves Gerey | 665174f | 2018-06-19 13:03:05 | [diff] [blame] | 1482 | result = ExportKeyingMaterial(kExporterLabel, kExporterContext, |
| 1483 | kExporterContextLen, true, false, server_out, |
| 1484 | sizeof(server_out)); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1485 | ASSERT_TRUE(result); |
| 1486 | |
| 1487 | ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); |
| 1488 | } |
| 1489 | |
| 1490 | // Test not yet valid certificates are not rejected. |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1491 | TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1492 | long one_day = 60 * 60 * 24; |
| 1493 | // Make the certificates not valid until one day later. |
| 1494 | ResetIdentitiesWithValidity(one_day, one_day); |
| 1495 | TestHandshake(); |
| 1496 | } |
| 1497 | |
| 1498 | // Test expired certificates are not rejected. |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1499 | TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1500 | long one_day = 60 * 60 * 24; |
| 1501 | // Make the certificates already expired. |
| 1502 | ResetIdentitiesWithValidity(-one_day, -one_day); |
| 1503 | TestHandshake(); |
| 1504 | } |
| 1505 | |
| 1506 | // Test data transfer using certs created from strings. |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 1507 | TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1508 | TestHandshake(); |
| 1509 | TestTransfer(100); |
| 1510 | } |
| 1511 | |
| 1512 | // Test getting the remote certificate. |
torbjorng | 7593aad | 2015-11-19 20:20:51 | [diff] [blame] | 1513 | TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1514 | // Peer certificates haven't been received yet. |
kwiberg | b4d01c4 | 2016-04-06 12:15:06 | [diff] [blame] | 1515 | ASSERT_FALSE(GetPeerCertificate(true)); |
| 1516 | ASSERT_FALSE(GetPeerCertificate(false)); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1517 | |
| 1518 | TestHandshake(); |
| 1519 | |
| 1520 | // The client should have a peer certificate after the handshake. |
jbauch | 555604a | 2016-04-26 10:13:22 | [diff] [blame] | 1521 | std::unique_ptr<rtc::SSLCertificate> client_peer_cert = |
kwiberg | b4d01c4 | 2016-04-06 12:15:06 | [diff] [blame] | 1522 | GetPeerCertificate(true); |
| 1523 | ASSERT_TRUE(client_peer_cert); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1524 | |
| 1525 | // It's not kCERT_PEM. |
| 1526 | std::string client_peer_string = client_peer_cert->ToPEMString(); |
| 1527 | ASSERT_NE(kCERT_PEM, client_peer_string); |
| 1528 | |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1529 | // The server should have a peer certificate after the handshake. |
jbauch | 555604a | 2016-04-26 10:13:22 | [diff] [blame] | 1530 | std::unique_ptr<rtc::SSLCertificate> server_peer_cert = |
kwiberg | b4d01c4 | 2016-04-06 12:15:06 | [diff] [blame] | 1531 | GetPeerCertificate(false); |
| 1532 | ASSERT_TRUE(server_peer_cert); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1533 | |
| 1534 | // It's kCERT_PEM |
| 1535 | ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); |
henrike@webrtc.org | f048872 | 2014-05-13 18:00:26 | [diff] [blame] | 1536 | } |
pthatcher@webrtc.org | 3ee4fe5 | 2015-02-11 22:34:36 | [diff] [blame] | 1537 | |
Joachim Bauch | 831c558 | 2015-05-20 10:48:41 | [diff] [blame] | 1538 | // Test getting the used DTLS 1.2 ciphers. |
| 1539 | // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. |
Guo-wei Shieh | 456696a | 2015-10-01 04:48:54 | [diff] [blame] | 1540 | TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { |
Joachim Bauch | 831c558 | 2015-05-20 10:48:41 | [diff] [blame] | 1541 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
| 1542 | TestHandshake(); |
| 1543 | |
Guo-wei Shieh | 6caafbe | 2015-10-05 19:43:27 | [diff] [blame] | 1544 | int client_cipher; |
Guo-wei Shieh | 456696a | 2015-10-01 04:48:54 | [diff] [blame] | 1545 | ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
Guo-wei Shieh | 6caafbe | 2015-10-05 19:43:27 | [diff] [blame] | 1546 | int server_cipher; |
Guo-wei Shieh | 456696a | 2015-10-01 04:48:54 | [diff] [blame] | 1547 | ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
Joachim Bauch | 831c558 | 2015-05-20 10:48:41 | [diff] [blame] | 1548 | |
torbjorng | 43166b8 | 2016-03-11 08:06:47 | [diff] [blame] | 1549 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); |
| 1550 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); |
| 1551 | |
Joachim Bauch | 831c558 | 2015-05-20 10:48:41 | [diff] [blame] | 1552 | ASSERT_EQ(client_cipher, server_cipher); |
torbjorng | 43166b8 | 2016-03-11 08:06:47 | [diff] [blame] | 1553 | ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1554 | server_cipher, ::testing::get<1>(GetParam()).type())); |
Joachim Bauch | 831c558 | 2015-05-20 10:48:41 | [diff] [blame] | 1555 | } |
| 1556 | |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1557 | // Test getting the used DTLS ciphers. |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1558 | // DTLS 1.2 is max version for client and server. |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1559 | TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1560 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
Benjamin Wright | af1f865 | 2019-04-01 18:25:23 | [diff] [blame] | 1561 | TestHandshake(); |
| 1562 | |
| 1563 | int client_cipher; |
| 1564 | ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1565 | int server_cipher; |
| 1566 | ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1567 | |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1568 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); |
| 1569 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); |
torbjorng | 43166b8 | 2016-03-11 08:06:47 | [diff] [blame] | 1570 | |
Joachim Bauch | 831c558 | 2015-05-20 10:48:41 | [diff] [blame] | 1571 | ASSERT_EQ(client_cipher, server_cipher); |
torbjorng | 43166b8 | 2016-03-11 08:06:47 | [diff] [blame] | 1572 | ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( |
| 1573 | server_cipher, ::testing::get<1>(GetParam()).type())); |
pthatcher@webrtc.org | 3ee4fe5 | 2015-02-11 22:34:36 | [diff] [blame] | 1574 | } |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 12:08:59 | [diff] [blame] | 1575 | |
torbjorng | 4e57247 | 2015-10-08 16:42:49 | [diff] [blame] | 1576 | // The RSA keysizes here might look strange, why not include the RFC's size |
| 1577 | // 2048?. The reason is test case slowness; testing two sizes to exercise |
| 1578 | // parametrization is sufficient. |
Mirko Bonadei | c84f661 | 2019-01-31 11:20:57 | [diff] [blame] | 1579 | INSTANTIATE_TEST_SUITE_P( |
torbjorng | 4e57247 | 2015-10-08 16:42:49 | [diff] [blame] | 1580 | SSLStreamAdapterTestsTLS, |
| 1581 | SSLStreamAdapterTestTLS, |
| 1582 | Combine(Values(rtc::KeyParams::RSA(1024, 65537), |
| 1583 | rtc::KeyParams::RSA(1152, 65537), |
| 1584 | rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), |
| 1585 | Values(rtc::KeyParams::RSA(1024, 65537), |
| 1586 | rtc::KeyParams::RSA(1152, 65537), |
| 1587 | rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
Mirko Bonadei | c84f661 | 2019-01-31 11:20:57 | [diff] [blame] | 1588 | INSTANTIATE_TEST_SUITE_P( |
torbjorng | 4e57247 | 2015-10-08 16:42:49 | [diff] [blame] | 1589 | SSLStreamAdapterTestsDTLS, |
| 1590 | SSLStreamAdapterTestDTLS, |
| 1591 | Combine(Values(rtc::KeyParams::RSA(1024, 65537), |
| 1592 | rtc::KeyParams::RSA(1152, 65537), |
| 1593 | rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), |
| 1594 | Values(rtc::KeyParams::RSA(1024, 65537), |
| 1595 | rtc::KeyParams::RSA(1152, 65537), |
| 1596 | rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1597 | |
| 1598 | // Tests for enabling / disabling legacy TLS protocols in DTLS. |
| 1599 | class SSLStreamAdapterTestDTLSLegacyProtocols |
| 1600 | : public SSLStreamAdapterTestDTLSBase { |
| 1601 | public: |
| 1602 | SSLStreamAdapterTestDTLSLegacyProtocols() |
| 1603 | : SSLStreamAdapterTestDTLSBase(rtc::KeyParams::ECDSA(rtc::EC_NIST_P256), |
| 1604 | rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)) { |
| 1605 | } |
| 1606 | |
| 1607 | // Do not use the SetUp version from the parent class. |
| 1608 | void SetUp() override {} |
| 1609 | |
| 1610 | // The legacy TLS protocols flag is read when the OpenSSLStreamAdapter is |
| 1611 | // initialized, so we set the experiment while creationg client_ssl_ |
| 1612 | // and server_ssl_. |
| 1613 | |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 1614 | void ConfigureClient(absl::string_view experiment) { |
| 1615 | webrtc::test::ScopedFieldTrials trial{std::string(experiment)}; |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1616 | client_stream_ = |
| 1617 | new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_); |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1618 | client_ssl_ = |
| 1619 | rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_)); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1620 | client_ssl_->SignalEvent.connect( |
| 1621 | static_cast<SSLStreamAdapterTestBase*>(this), |
| 1622 | &SSLStreamAdapterTestBase::OnEvent); |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1623 | auto client_identity = rtc::SSLIdentity::Create("client", client_key_type_); |
| 1624 | client_ssl_->SetIdentity(std::move(client_identity)); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1625 | } |
| 1626 | |
Ali Tofigh | 7fa9057 | 2022-03-17 14:47:49 | [diff] [blame] | 1627 | void ConfigureServer(absl::string_view experiment) { |
| 1628 | webrtc::test::ScopedFieldTrials trial{std::string(experiment)}; |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1629 | server_stream_ = |
| 1630 | new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_); |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1631 | server_ssl_ = |
| 1632 | rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_)); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1633 | server_ssl_->SignalEvent.connect( |
| 1634 | static_cast<SSLStreamAdapterTestBase*>(this), |
| 1635 | &SSLStreamAdapterTestBase::OnEvent); |
Harald Alvestrand | 8515d5a | 2020-03-20 21:51:32 | [diff] [blame] | 1636 | server_ssl_->SetIdentity( |
| 1637 | rtc::SSLIdentity::Create("server", server_key_type_)); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1638 | } |
| 1639 | }; |
| 1640 | |
| 1641 | // Test getting the used DTLS ciphers. |
| 1642 | // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. |
| 1643 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, TestGetSslCipherSuite) { |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1644 | ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/"); |
| 1645 | ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/"); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1646 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 1647 | TestHandshake(); |
| 1648 | |
| 1649 | int client_cipher; |
| 1650 | ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1651 | int server_cipher; |
| 1652 | ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1653 | |
| 1654 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1655 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| 1656 | |
| 1657 | ASSERT_EQ(client_cipher, server_cipher); |
| 1658 | } |
| 1659 | |
| 1660 | // Test getting the used DTLS 1.2 ciphers. |
| 1661 | // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. |
| 1662 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1663 | TestGetSslCipherSuiteDtls12Both) { |
| 1664 | ConfigureClient(""); |
| 1665 | ConfigureServer(""); |
| 1666 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
| 1667 | TestHandshake(); |
| 1668 | |
| 1669 | int client_cipher; |
| 1670 | ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1671 | int server_cipher; |
| 1672 | ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1673 | |
| 1674 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); |
| 1675 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); |
| 1676 | |
| 1677 | ASSERT_EQ(client_cipher, server_cipher); |
| 1678 | } |
| 1679 | |
| 1680 | // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. |
| 1681 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1682 | TestGetSslCipherSuiteDtls12Client) { |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1683 | ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/"); |
| 1684 | ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/"); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1685 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); |
| 1686 | TestHandshake(); |
| 1687 | |
| 1688 | int client_cipher; |
| 1689 | ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1690 | int server_cipher; |
| 1691 | ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1692 | |
| 1693 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1694 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| 1695 | |
| 1696 | ASSERT_EQ(client_cipher, server_cipher); |
| 1697 | } |
| 1698 | |
| 1699 | // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. |
| 1700 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1701 | TestGetSslCipherSuiteDtls12Server) { |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1702 | ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/"); |
| 1703 | ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/"); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1704 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); |
| 1705 | TestHandshake(); |
| 1706 | |
| 1707 | int client_cipher; |
| 1708 | ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); |
| 1709 | int server_cipher; |
| 1710 | ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); |
| 1711 | |
| 1712 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true)); |
| 1713 | ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false)); |
| 1714 | |
| 1715 | ASSERT_EQ(client_cipher, server_cipher); |
| 1716 | } |
| 1717 | |
| 1718 | // Client has legacy TLS versions disabled, server has DTLS 1.0 only. |
| 1719 | // This is meant to cause a failure. |
| 1720 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1721 | TestGetSslVersionLegacyDisabledServer10) { |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1722 | ConfigureClient(""); |
| 1723 | ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/"); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1724 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); |
| 1725 | // Handshake should fail. |
| 1726 | TestHandshake(false); |
| 1727 | } |
| 1728 | |
| 1729 | // Both client and server have legacy TLS versions disabled and support |
| 1730 | // DTLS 1.2. This should work. |
| 1731 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1732 | TestGetSslVersionLegacyDisabledServer12) { |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1733 | ConfigureClient(""); |
| 1734 | ConfigureServer(""); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1735 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); |
| 1736 | TestHandshake(); |
| 1737 | } |
| 1738 | |
| 1739 | // Both client and server have legacy TLS versions enabled and support DTLS 1.0. |
| 1740 | // This should work. |
| 1741 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1742 | TestGetSslVersionLegacyEnabledClient10Server10) { |
| 1743 | ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/"); |
| 1744 | ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/"); |
| 1745 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 1746 | TestHandshake(); |
| 1747 | } |
| 1748 | |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1749 | // Legacy protocols are disabled in the client, max TLS version is 1.0 |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1750 | // This should be a configuration error, and handshake should fail. |
| 1751 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1752 | TestGetSslVersionLegacyDisabledClient10Server10) { |
Guido Urdaneta | ae2e864 | 2020-10-26 08:55:26 | [diff] [blame] | 1753 | ConfigureClient(""); |
| 1754 | ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/"); |
Harald Alvestrand | 1379913 | 2020-03-09 18:39:36 | [diff] [blame] | 1755 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 1756 | TestHandshake(false); |
| 1757 | } |
Guido Urdaneta | 14bba6e | 2020-09-25 14:00:51 | [diff] [blame] | 1758 | |
| 1759 | // Both client and server have legacy TLS versions enabled and support DTLS 1.0. |
| 1760 | // This should work. |
| 1761 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1762 | TestGetSslVersionLegacyOverrideEnabledClient10Server10) { |
| 1763 | rtc::SetAllowLegacyTLSProtocols(true); |
| 1764 | ConfigureClient(""); |
| 1765 | ConfigureServer(""); |
| 1766 | // Remove override. |
| 1767 | rtc::SetAllowLegacyTLSProtocols(absl::nullopt); |
| 1768 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 1769 | TestHandshake(); |
| 1770 | } |
| 1771 | |
| 1772 | // Client has legacy TLS disabled and server has legacy TLS enabled via |
| 1773 | // override. Handshake for DTLS 1.0 should fail. |
| 1774 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1775 | TestGetSslVersionLegacyOverrideDisabledClient10EnabledServer10) { |
| 1776 | rtc::SetAllowLegacyTLSProtocols(false); |
| 1777 | ConfigureClient(""); |
| 1778 | rtc::SetAllowLegacyTLSProtocols(true); |
| 1779 | ConfigureServer(""); |
| 1780 | // Remove override. |
| 1781 | rtc::SetAllowLegacyTLSProtocols(absl::nullopt); |
| 1782 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 1783 | TestHandshake(false); |
| 1784 | } |
| 1785 | |
| 1786 | // Client has legacy TLS enabled and server has legacy TLS disabled via |
| 1787 | // override. Handshake for DTLS 1.0 should fail. |
| 1788 | TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, |
| 1789 | TestGetSslVersionLegacyOverrideEnabledClient10DisabledServer10) { |
| 1790 | rtc::SetAllowLegacyTLSProtocols(true); |
| 1791 | ConfigureClient(""); |
| 1792 | rtc::SetAllowLegacyTLSProtocols(false); |
| 1793 | ConfigureServer(""); |
| 1794 | // Remove override. |
| 1795 | rtc::SetAllowLegacyTLSProtocols(absl::nullopt); |
| 1796 | SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); |
| 1797 | TestHandshake(false); |
| 1798 | } |