1 /*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include <algorithm>
12 #include <memory>
13 #include <set>
14 #include <string>
15
16 #include "absl/memory/memory.h"
17 #include "rtc_base/buffer_queue.h"
18 #include "rtc_base/checks.h"
19 #include "rtc_base/gunit.h"
20 #include "rtc_base/helpers.h"
21 #include "rtc_base/memory/fifo_buffer.h"
22 #include "rtc_base/memory_stream.h"
23 #include "rtc_base/message_digest.h"
24 #include "rtc_base/openssl_stream_adapter.h"
25 #include "rtc_base/ssl_adapter.h"
26 #include "rtc_base/ssl_identity.h"
27 #include "rtc_base/ssl_stream_adapter.h"
28 #include "rtc_base/stream.h"
29 #include "rtc_base/task_utils/pending_task_safety_flag.h"
30 #include "rtc_base/task_utils/to_queued_task.h"
31 #include "test/field_trial.h"
32
33 using ::testing::Combine;
34 using ::testing::tuple;
35 using ::testing::Values;
36 using ::testing::WithParamInterface;
37
38 static const int kBlockSize = 4096;
39 static const char kExporterLabel[] = "label";
40 static const unsigned char kExporterContext[] = "context";
41 static int kExporterContextLen = sizeof(kExporterContext);
42
43 // A private key used for testing, broken into pieces in order to avoid
44 // issues with Git's checks for private keys in repos.
45 #define RSA_PRIVATE_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----\n"
46
47 static const char kRSA_PRIVATE_KEY_PEM[] = RSA_PRIVATE_KEY_HEADER
48 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
49 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
50 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
51 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
52 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
53 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
54 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
55 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
56 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
57 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
58 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
59 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
60 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
61 "UCXiYxSsu20QNVw=\n"
62 "-----END RSA PRIVATE KEY-----\n";
63
64 #undef RSA_PRIVATE_KEY_HEADER
65
66 static const char kCERT_PEM[] =
67 "-----BEGIN CERTIFICATE-----\n"
68 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
69 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
70 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
71 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
72 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
73 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
74 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
75 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
76 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
77 "-----END CERTIFICATE-----\n";
78
79 static const char kIntCert1[] =
80 "-----BEGIN CERTIFICATE-----\n"
81 "MIIEUjCCAjqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCVVMx\n"
82 "EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS\n"
83 "BgNVBAoMC0dvb2dsZSwgSW5jMQwwCgYDVQQLDANHVFAxFzAVBgNVBAMMDnRlbGVw\n"
84 "aG9ueS5nb29nMR0wGwYJKoZIhvcNAQkBFg5ndHBAZ29vZ2xlLmNvbTAeFw0xNzA5\n"
85 "MjYwNDA5MDNaFw0yMDA2MjIwNDA5MDNaMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQI\n"
86 "DAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEXMBUGA1UECgwOdGVsZXBob255\n"
87 "Lmdvb2cxFzAVBgNVBAMMDnRlbGVwaG9ueS5nb29nMIGfMA0GCSqGSIb3DQEBAQUA\n"
88 "A4GNADCBiQKBgQDJXWeeU1v1+wlqkVobzI3aN7Uh2iVQA9YCdq5suuabtiD/qoOD\n"
89 "NKpmQqsx7WZGGWSZTDFEBaUpvIK7Hb+nzRqk6iioPCFOFuarm6GxO1xVneImMuE6\n"
90 "tuWb3YZPr+ikChJbl11y5UcSbg0QsbeUc+jHl5umNvrL85Y+z8SP0rxbBwIDAQAB\n"
91 "o2AwXjAdBgNVHQ4EFgQU7tdZobqlN8R8V72FQnRxmqq8tKswHwYDVR0jBBgwFoAU\n"
92 "5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC\n"
93 "AQYwDQYJKoZIhvcNAQELBQADggIBADObh9Z+z14FmP9zSenhFtq7hFnmNrSkklk8\n"
94 "eyYWXKfOuIriEQQBZsz76ZcnzStih8Rj+yQ0AXydk4fJ5LOwC2cUqQBar17g6Pd2\n"
95 "8g4SIL4azR9WvtiSvpuGlwp25b+yunaacDne6ebnf/MUiiKT5w61Xo3cEPVfl38e\n"
96 "/Up2l0bioid5enUTmg6LY6RxDO6tnZQkz3XD+nNSwT4ehtkqFpHYWjErj0BbkDM2\n"
97 "hiVc/JsYOZn3DmuOlHVHU6sKwqh3JEyvHO/d7DGzMGWHpHwv2mCTJq6l/sR95Tc2\n"
98 "GaQZgGDVNs9pdEouJCDm9e/PbQWRYhnat82PTkXx/6mDAAwdZlIi/pACzq8K4p7e\n"
99 "6hF0t8uKGnXJubHPXxlnJU6yxZ0yWmivAGjwWK4ur832gKlho4jeMDhiI/T3QPpl\n"
100 "iMNsIvxRhdD+GxJkQP1ezayw8s+Uc9KwKglrkBSRRDLCJUfPOvMmXLUDSTMX7kp4\n"
101 "/Ak1CA8dVLJIlfEjLBUuvAttlP7+7lsKNgxAjCxZkWLXIyGULzNPQwVWkGfCbrQs\n"
102 "XyMvSbFsSIb7blV7eLlmf9a+2RprUUkc2ALXLLCI9YQXmxm2beBfMyNmmebwBJzT\n"
103 "B0OR+5pFFNTJPoNlqpdrDsGrDu7JlUtk0ZLZzYyKXbgy2qXxfd4OWzXXjxpLMszZ\n"
104 "LDIpOAkj\n"
105 "-----END CERTIFICATE-----\n";
106
107 static const char kCACert[] =
108 "-----BEGIN CERTIFICATE-----\n"
109 "MIIGETCCA/mgAwIBAgIJAKN9r/BdbGUJMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD\n"
110 "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g\n"
111 "VmlldzEUMBIGA1UECgwLR29vZ2xlLCBJbmMxDDAKBgNVBAsMA0dUUDEXMBUGA1UE\n"
112 "AwwOdGVsZXBob255Lmdvb2cxHTAbBgkqhkiG9w0BCQEWDmd0cEBnb29nbGUuY29t\n"
113 "MB4XDTE3MDcyNzIzMDE0NVoXDTE3MDgyNjIzMDE0NVowgZYxCzAJBgNVBAYTAlVT\n"
114 "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQw\n"
115 "EgYDVQQKDAtHb29nbGUsIEluYzEMMAoGA1UECwwDR1RQMRcwFQYDVQQDDA50ZWxl\n"
116 "cGhvbnkuZ29vZzEdMBsGCSqGSIb3DQEJARYOZ3RwQGdvb2dsZS5jb20wggIiMA0G\n"
117 "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfvpF7aBV5Hp1EHsWoIlL3GeHwh8dS\n"
118 "lv9VQCegN9rD06Ny7MgcED5AiK2vqXmUmOVS+7NbATkdVYN/eozDhKtN3Q3n87kJ\n"
119 "Nt/TD/TcZZHOZIGsRPbrf2URK26E/5KzTzbzXVBOA1e+gSj+EBbltGqb01ZO5ErF\n"
120 "iPGViPM/HpYKdq6mfz2bS5PhU67XZMM2zvToyReQ/Fjm/6PJhwKSRXSgZF5djPhk\n"
121 "2LfOKMLS0AeZtd2C4DFsCU41lfLUkybioDgFuzTQ3TFi1K8A07KYTMmLY/yQppnf\n"
122 "SpNX58shlVhM+Ed37K1Z0rU0OfVCZ5P+KKaSSfMranjlU7zeUIhZYjqq/EYrEhbS\n"
123 "dLnNHwgJrqxzId3kq8uuLM6+VB7JZKnZLfT90GdAbX4+tutNe21smmogF9f80vEy\n"
124 "gM4tOp9rXrvz9vCwWHXVY9kdKemdLAsREoO6MS9k2ctK4jj80o2dROuFC6Q3e7mz\n"
125 "RjvZr5Tvi464c2o9o/jNlJ0O6q7V2eQzohD+7VnV5QPpRGXxlIeqpR2zoAg+WtRS\n"
126 "4OgHOVYiD3M6uAlggJA5pcDjMfkEZ+pkhtVcT4qMCEoruk6GbyPxS565oSHu16bH\n"
127 "EjeCqbZOVND5T3oA7nz6aQSs8sJabt0jmxUkGVnE+4ZDIuuRtkRma+0P/96Mtqor\n"
128 "OlpNWY1OBDY64QIDAQABo2AwXjAdBgNVHQ4EFgQU5GgKMUtcxkQ2dJrtNR5YOlIA\n"
129 "PDswHwYDVR0jBBgwFoAU5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUw\n"
130 "AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAARQly5/bB6VUL2C\n"
131 "ykDYgWt48go407pAra6tL2kjpdfxV5PdL7iMZRkeht00vj+BVahIqZKrNOa/f5Fx\n"
132 "vlpahZFu0PDN436aQwRZ9qWut2qDOK0/z9Hhj6NWybquRFwMwqkPG/ivLMDU8Dmj\n"
133 "CIplpngPYNwXCs0KzdjSXYxqxJbwMjQXELD+/RcurY0oTtJMM1/2vKQMzw24UJqe\n"
134 "XLJAlsnd2AnWzWNUEviDZY89j9NdkHerBmV2gGzcU+X5lgOO5M8odBv0ZC9D+a6Z\n"
135 "QPZAOfdGVw60hhGvTW5s/s0dHwCpegRidhs0MD0fTmwwjYFBSmUx3Gztr4JTzOOr\n"
136 "7e5daJuak2ujQ5DqcGBvt1gePjSudb5brS7JQtN8tI/FyrnR4q/OuOwv1EvlC5RG\n"
137 "hLX+TXaWqFxB1Hd8ebKRR40mboFG6KcUI3lLBthDvQE7jnq48QfZMjlMQK0ZF1l7\n"
138 "SrlwRXWA74bU8CLJvnZKKo9p4TsTiDYGSYC6tNHKj5s3TGWL46oqGyZ0KdGNhrtC\n"
139 "rIGenMhth1vPYjyy0XuGBndXT85yi+IM2l8g8oU845+plxIhgpSI8bbC0oLwnhQ5\n"
140 "ARfsiYLkXDE7imSS0CSUmye76372mlzAIB1is4bBB/SzpPQtBuB9LDKtONgpSGHn\n"
141 "dGaXBy+qbVXVyGXaeEbIRjtJ6m92\n"
142 "-----END CERTIFICATE-----\n";
143
144 class SSLStreamAdapterTestBase;
145
146 class SSLDummyStreamBase : public rtc::StreamInterface,
147 public sigslot::has_slots<> {
148 public:
SSLDummyStreamBase(SSLStreamAdapterTestBase * test,const std::string & side,rtc::StreamInterface * in,rtc::StreamInterface * out)149 SSLDummyStreamBase(SSLStreamAdapterTestBase* test,
150 const std::string& side,
151 rtc::StreamInterface* in,
152 rtc::StreamInterface* out)
153 : test_base_(test), side_(side), in_(in), out_(out), first_packet_(true) {
154 in_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventIn);
155 out_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventOut);
156 }
157
GetState() const158 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
159
Read(void * buffer,size_t buffer_len,size_t * read,int * error)160 rtc::StreamResult Read(void* buffer,
161 size_t buffer_len,
162 size_t* read,
163 int* error) override {
164 rtc::StreamResult r;
165
166 r = in_->Read(buffer, buffer_len, read, error);
167 if (r == rtc::SR_BLOCK)
168 return rtc::SR_BLOCK;
169 if (r == rtc::SR_EOS)
170 return rtc::SR_EOS;
171
172 if (r != rtc::SR_SUCCESS) {
173 ADD_FAILURE();
174 return rtc::SR_ERROR;
175 }
176
177 return rtc::SR_SUCCESS;
178 }
179
180 // Catch readability events on in and pass them up.
OnEventIn(rtc::StreamInterface * stream,int sig,int err)181 void OnEventIn(rtc::StreamInterface* stream, int sig, int err) {
182 int mask = (rtc::SE_READ | rtc::SE_CLOSE);
183
184 if (sig & mask) {
185 RTC_LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_
186 << " sig=" << sig << " forwarding upward";
187 PostEvent(sig & mask, 0);
188 }
189 }
190
191 // Catch writeability events on out and pass them up.
OnEventOut(rtc::StreamInterface * stream,int sig,int err)192 void OnEventOut(rtc::StreamInterface* stream, int sig, int err) {
193 if (sig & rtc::SE_WRITE) {
194 RTC_LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_
195 << " sig=" << sig << " forwarding upward";
196
197 PostEvent(sig & rtc::SE_WRITE, 0);
198 }
199 }
200
201 // Write to the outgoing FifoBuffer
WriteData(const void * data,size_t data_len,size_t * written,int * error)202 rtc::StreamResult WriteData(const void* data,
203 size_t data_len,
204 size_t* written,
205 int* error) {
206 return out_->Write(data, data_len, written, error);
207 }
208
209 rtc::StreamResult Write(const void* data,
210 size_t data_len,
211 size_t* written,
212 int* error) override;
213
Close()214 void Close() override {
215 RTC_LOG(LS_INFO) << "Closing outbound stream";
216 out_->Close();
217 }
218
219 private:
PostEvent(int events,int err)220 void PostEvent(int events, int err) {
221 thread_->PostTask(webrtc::ToQueuedTask(task_safety_, [this, events, err]() {
222 SignalEvent(this, events, err);
223 }));
224 }
225
226 webrtc::ScopedTaskSafety task_safety_;
227 rtc::Thread* const thread_ = rtc::Thread::Current();
228 SSLStreamAdapterTestBase* test_base_;
229 const std::string side_;
230 rtc::StreamInterface* in_;
231 rtc::StreamInterface* out_;
232 bool first_packet_;
233 };
234
235 class SSLDummyStreamTLS : public SSLDummyStreamBase {
236 public:
SSLDummyStreamTLS(SSLStreamAdapterTestBase * test,const std::string & side,rtc::FifoBuffer * in,rtc::FifoBuffer * out)237 SSLDummyStreamTLS(SSLStreamAdapterTestBase* test,
238 const std::string& side,
239 rtc::FifoBuffer* in,
240 rtc::FifoBuffer* out)
241 : SSLDummyStreamBase(test, side, in, out) {}
242 };
243
244 class BufferQueueStream : public rtc::StreamInterface {
245 public:
BufferQueueStream(size_t capacity,size_t default_size)246 BufferQueueStream(size_t capacity, size_t default_size)
247 : buffer_(capacity, default_size) {}
248
249 // Implementation of abstract StreamInterface methods.
250
251 // A buffer queue stream is always "open".
GetState() const252 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
253
254 // Reading a buffer queue stream will either succeed or block.
Read(void * buffer,size_t buffer_len,size_t * read,int * error)255 rtc::StreamResult Read(void* buffer,
256 size_t buffer_len,
257 size_t* read,
258 int* error) override {
259 const bool was_writable = buffer_.is_writable();
260 if (!buffer_.ReadFront(buffer, buffer_len, read))
261 return rtc::SR_BLOCK;
262
263 if (!was_writable)
264 NotifyWritableForTest();
265
266 return rtc::SR_SUCCESS;
267 }
268
269 // Writing to a buffer queue stream will either succeed or block.
Write(const void * data,size_t data_len,size_t * written,int * error)270 rtc::StreamResult Write(const void* data,
271 size_t data_len,
272 size_t* written,
273 int* error) override {
274 const bool was_readable = buffer_.is_readable();
275 if (!buffer_.WriteBack(data, data_len, written))
276 return rtc::SR_BLOCK;
277
278 if (!was_readable)
279 NotifyReadableForTest();
280
281 return rtc::SR_SUCCESS;
282 }
283
284 // A buffer queue stream can not be closed.
Close()285 void Close() override {}
286
287 protected:
NotifyReadableForTest()288 void NotifyReadableForTest() { PostEvent(rtc::SE_READ, 0); }
NotifyWritableForTest()289 void NotifyWritableForTest() { PostEvent(rtc::SE_WRITE, 0); }
290
291 private:
PostEvent(int events,int err)292 void PostEvent(int events, int err) {
293 thread_->PostTask(webrtc::ToQueuedTask(task_safety_, [this, events, err]() {
294 SignalEvent(this, events, err);
295 }));
296 }
297
298 rtc::Thread* const thread_ = rtc::Thread::Current();
299 webrtc::ScopedTaskSafety task_safety_;
300 rtc::BufferQueue buffer_;
301 };
302
303 class SSLDummyStreamDTLS : public SSLDummyStreamBase {
304 public:
SSLDummyStreamDTLS(SSLStreamAdapterTestBase * test,const std::string & side,BufferQueueStream * in,BufferQueueStream * out)305 SSLDummyStreamDTLS(SSLStreamAdapterTestBase* test,
306 const std::string& side,
307 BufferQueueStream* in,
308 BufferQueueStream* out)
309 : SSLDummyStreamBase(test, side, in, out) {}
310 };
311
312 static const int kFifoBufferSize = 4096;
313 static const int kBufferCapacity = 1;
314 static const size_t kDefaultBufferSize = 2048;
315
316 class SSLStreamAdapterTestBase : public ::testing::Test,
317 public sigslot::has_slots<> {
318 public:
SSLStreamAdapterTestBase(const std::string & client_cert_pem,const std::string & client_private_key_pem,bool dtls,rtc::KeyParams client_key_type=rtc::KeyParams (rtc::KT_DEFAULT),rtc::KeyParams server_key_type=rtc::KeyParams (rtc::KT_DEFAULT))319 SSLStreamAdapterTestBase(
320 const std::string& client_cert_pem,
321 const std::string& client_private_key_pem,
322 bool dtls,
323 rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT),
324 rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT))
325 : client_cert_pem_(client_cert_pem),
326 client_private_key_pem_(client_private_key_pem),
327 client_key_type_(client_key_type),
328 server_key_type_(server_key_type),
329 client_stream_(nullptr),
330 server_stream_(nullptr),
331 delay_(0),
332 mtu_(1460),
333 loss_(0),
334 lose_first_packet_(false),
335 damage_(false),
336 dtls_(dtls),
337 handshake_wait_(5000),
338 identities_set_(false) {
339 // Set use of the test RNG to get predictable loss patterns.
340 rtc::SetRandomTestMode(true);
341 }
342
~SSLStreamAdapterTestBase()343 ~SSLStreamAdapterTestBase() override {
344 // Put it back for the next test.
345 rtc::SetRandomTestMode(false);
346 }
347
SetUp()348 void SetUp() override {
349 CreateStreams();
350
351 client_ssl_ =
352 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
353 server_ssl_ =
354 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
355
356 // Set up the slots
357 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
358 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
359
360 std::unique_ptr<rtc::SSLIdentity> client_identity;
361 if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
362 client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
363 client_private_key_pem_, client_cert_pem_);
364 } else {
365 client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
366 }
367 auto server_identity = rtc::SSLIdentity::Create("server", server_key_type_);
368
369 client_ssl_->SetIdentity(std::move(client_identity));
370 server_ssl_->SetIdentity(std::move(server_identity));
371 }
372
TearDown()373 void TearDown() override {
374 client_ssl_.reset(nullptr);
375 server_ssl_.reset(nullptr);
376 }
377
378 virtual void CreateStreams() = 0;
379
380 // Recreate the client/server identities with the specified validity period.
381 // |not_before| and |not_after| are offsets from the current time in number
382 // of seconds.
ResetIdentitiesWithValidity(int not_before,int not_after)383 void ResetIdentitiesWithValidity(int not_before, int not_after) {
384 CreateStreams();
385
386 client_ssl_ =
387 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
388 server_ssl_ =
389 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
390
391 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
392 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
393
394 time_t now = time(nullptr);
395
396 rtc::SSLIdentityParams client_params;
397 client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
398 client_params.common_name = "client";
399 client_params.not_before = now + not_before;
400 client_params.not_after = now + not_after;
401 auto client_identity = rtc::SSLIdentity::CreateForTest(client_params);
402
403 rtc::SSLIdentityParams server_params;
404 server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
405 server_params.common_name = "server";
406 server_params.not_before = now + not_before;
407 server_params.not_after = now + not_after;
408 auto server_identity = rtc::SSLIdentity::CreateForTest(server_params);
409
410 client_ssl_->SetIdentity(std::move(client_identity));
411 server_ssl_->SetIdentity(std::move(server_identity));
412 }
413
OnEvent(rtc::StreamInterface * stream,int sig,int err)414 virtual void OnEvent(rtc::StreamInterface* stream, int sig, int err) {
415 RTC_LOG(LS_VERBOSE) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig;
416
417 if (sig & rtc::SE_READ) {
418 ReadData(stream);
419 }
420
421 if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) {
422 WriteData();
423 }
424 }
425
SetPeerIdentitiesByDigest(bool correct,bool expect_success)426 void SetPeerIdentitiesByDigest(bool correct, bool expect_success) {
427 unsigned char server_digest[20];
428 size_t server_digest_len;
429 unsigned char client_digest[20];
430 size_t client_digest_len;
431 bool rv;
432 rtc::SSLPeerCertificateDigestError err;
433 rtc::SSLPeerCertificateDigestError expected_err =
434 expect_success
435 ? rtc::SSLPeerCertificateDigestError::NONE
436 : rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED;
437
438 RTC_LOG(LS_INFO) << "Setting peer identities by digest";
439
440 rv = server_identity()->certificate().ComputeDigest(
441 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
442 ASSERT_TRUE(rv);
443 rv = client_identity()->certificate().ComputeDigest(
444 rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len);
445 ASSERT_TRUE(rv);
446
447 if (!correct) {
448 RTC_LOG(LS_INFO) << "Setting bogus digest for server cert";
449 server_digest[0]++;
450 }
451 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
452 server_digest_len, &err);
453 EXPECT_EQ(expected_err, err);
454 EXPECT_EQ(expect_success, rv);
455
456 if (!correct) {
457 RTC_LOG(LS_INFO) << "Setting bogus digest for client cert";
458 client_digest[0]++;
459 }
460 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, client_digest,
461 client_digest_len, &err);
462 EXPECT_EQ(expected_err, err);
463 EXPECT_EQ(expect_success, rv);
464
465 identities_set_ = true;
466 }
467
SetupProtocolVersions(rtc::SSLProtocolVersion server_version,rtc::SSLProtocolVersion client_version)468 void SetupProtocolVersions(rtc::SSLProtocolVersion server_version,
469 rtc::SSLProtocolVersion client_version) {
470 server_ssl_->SetMaxProtocolVersion(server_version);
471 client_ssl_->SetMaxProtocolVersion(client_version);
472 }
473
TestHandshake(bool expect_success=true)474 void TestHandshake(bool expect_success = true) {
475 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
476 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
477
478 if (!dtls_) {
479 // Make sure we simulate a reliable network for TLS.
480 // This is just a check to make sure that people don't write wrong
481 // tests.
482 RTC_CHECK_EQ(1460, mtu_);
483 RTC_CHECK(!loss_);
484 RTC_CHECK(!lose_first_packet_);
485 }
486
487 if (!identities_set_)
488 SetPeerIdentitiesByDigest(true, true);
489
490 // Start the handshake
491 int rv;
492
493 server_ssl_->SetServerRole();
494 rv = server_ssl_->StartSSL();
495 ASSERT_EQ(0, rv);
496
497 rv = client_ssl_->StartSSL();
498 ASSERT_EQ(0, rv);
499
500 // Now run the handshake
501 if (expect_success) {
502 EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN) &&
503 (server_ssl_->GetState() == rtc::SS_OPEN),
504 handshake_wait_);
505 } else {
506 EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED,
507 handshake_wait_);
508 }
509 }
510
511 // This tests that the handshake can complete before the identity is verified,
512 // and the identity will be verified after the fact. It also verifies that
513 // packets can't be read or written before the identity has been verified.
TestHandshakeWithDelayedIdentity(bool valid_identity)514 void TestHandshakeWithDelayedIdentity(bool valid_identity) {
515 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
516 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
517
518 if (!dtls_) {
519 // Make sure we simulate a reliable network for TLS.
520 // This is just a check to make sure that people don't write wrong
521 // tests.
522 RTC_CHECK_EQ(1460, mtu_);
523 RTC_CHECK(!loss_);
524 RTC_CHECK(!lose_first_packet_);
525 }
526
527 // Start the handshake
528 server_ssl_->SetServerRole();
529 ASSERT_EQ(0, server_ssl_->StartSSL());
530 ASSERT_EQ(0, client_ssl_->StartSSL());
531
532 // Now run the handshake.
533 EXPECT_TRUE_WAIT(
534 client_ssl_->IsTlsConnected() && server_ssl_->IsTlsConnected(),
535 handshake_wait_);
536
537 // Until the identity has been verified, the state should still be
538 // SS_OPENING and writes should return SR_BLOCK.
539 EXPECT_EQ(rtc::SS_OPENING, client_ssl_->GetState());
540 EXPECT_EQ(rtc::SS_OPENING, server_ssl_->GetState());
541 unsigned char packet[1];
542 size_t sent;
543 EXPECT_EQ(rtc::SR_BLOCK, client_ssl_->Write(&packet, 1, &sent, 0));
544 EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Write(&packet, 1, &sent, 0));
545
546 // Collect both of the certificate digests; needs to be done before calling
547 // SetPeerCertificateDigest as that may reset the identity.
548 unsigned char server_digest[20];
549 size_t server_digest_len;
550 unsigned char client_digest[20];
551 size_t client_digest_len;
552 bool rv;
553
554 rv = server_identity()->certificate().ComputeDigest(
555 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
556 ASSERT_TRUE(rv);
557 rv = client_identity()->certificate().ComputeDigest(
558 rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len);
559 ASSERT_TRUE(rv);
560
561 if (!valid_identity) {
562 RTC_LOG(LS_INFO) << "Setting bogus digest for client/server certs";
563 client_digest[0]++;
564 server_digest[0]++;
565 }
566
567 // Set the peer certificate digest for the client.
568 rtc::SSLPeerCertificateDigestError err;
569 rtc::SSLPeerCertificateDigestError expected_err =
570 valid_identity
571 ? rtc::SSLPeerCertificateDigestError::NONE
572 : rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED;
573 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
574 server_digest_len, &err);
575 EXPECT_EQ(expected_err, err);
576 EXPECT_EQ(valid_identity, rv);
577 // State should then transition to SS_OPEN or SS_CLOSED based on validation
578 // of the identity.
579 if (valid_identity) {
580 EXPECT_EQ(rtc::SS_OPEN, client_ssl_->GetState());
581 // If the client sends a packet while the server still hasn't verified the
582 // client identity, the server should continue to return SR_BLOCK.
583 EXPECT_EQ(rtc::SR_SUCCESS, client_ssl_->Write(&packet, 1, &sent, 0));
584 EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Read(&packet, 1, 0, 0));
585 } else {
586 EXPECT_EQ(rtc::SS_CLOSED, client_ssl_->GetState());
587 }
588
589 // Set the peer certificate digest for the server.
590 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, client_digest,
591 client_digest_len, &err);
592 EXPECT_EQ(expected_err, err);
593 EXPECT_EQ(valid_identity, rv);
594 if (valid_identity) {
595 EXPECT_EQ(rtc::SS_OPEN, server_ssl_->GetState());
596 } else {
597 EXPECT_EQ(rtc::SS_CLOSED, server_ssl_->GetState());
598 }
599 }
600
DataWritten(SSLDummyStreamBase * from,const void * data,size_t data_len,size_t * written,int * error)601 rtc::StreamResult DataWritten(SSLDummyStreamBase* from,
602 const void* data,
603 size_t data_len,
604 size_t* written,
605 int* error) {
606 // Randomly drop loss_ percent of packets
607 if (rtc::CreateRandomId() % 100 < static_cast<uint32_t>(loss_)) {
608 RTC_LOG(LS_VERBOSE) << "Randomly dropping packet, size=" << data_len;
609 *written = data_len;
610 return rtc::SR_SUCCESS;
611 }
612 if (dtls_ && (data_len > mtu_)) {
613 RTC_LOG(LS_VERBOSE) << "Dropping packet > mtu, size=" << data_len;
614 *written = data_len;
615 return rtc::SR_SUCCESS;
616 }
617
618 // Optionally damage application data (type 23). Note that we don't damage
619 // handshake packets and we damage the last byte to keep the header
620 // intact but break the MAC.
621 if (damage_ && (*static_cast<const unsigned char*>(data) == 23)) {
622 std::vector<char> buf(data_len);
623
624 RTC_LOG(LS_VERBOSE) << "Damaging packet";
625
626 memcpy(&buf[0], data, data_len);
627 buf[data_len - 1]++;
628
629 return from->WriteData(&buf[0], data_len, written, error);
630 }
631
632 return from->WriteData(data, data_len, written, error);
633 }
634
SetDelay(int delay)635 void SetDelay(int delay) { delay_ = delay; }
GetDelay()636 int GetDelay() { return delay_; }
637
SetLoseFirstPacket(bool lose)638 void SetLoseFirstPacket(bool lose) { lose_first_packet_ = lose; }
GetLoseFirstPacket()639 bool GetLoseFirstPacket() { return lose_first_packet_; }
640
SetLoss(int percent)641 void SetLoss(int percent) { loss_ = percent; }
642
SetDamage()643 void SetDamage() { damage_ = true; }
644
SetMtu(size_t mtu)645 void SetMtu(size_t mtu) { mtu_ = mtu; }
646
SetHandshakeWait(int wait)647 void SetHandshakeWait(int wait) { handshake_wait_ = wait; }
648
SetDtlsSrtpCryptoSuites(const std::vector<int> & ciphers,bool client)649 void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {
650 if (client)
651 client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
652 else
653 server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
654 }
655
GetDtlsSrtpCryptoSuite(bool client,int * retval)656 bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {
657 if (client)
658 return client_ssl_->GetDtlsSrtpCryptoSuite(retval);
659 else
660 return server_ssl_->GetDtlsSrtpCryptoSuite(retval);
661 }
662
GetPeerCertificate(bool client)663 std::unique_ptr<rtc::SSLCertificate> GetPeerCertificate(bool client) {
664 std::unique_ptr<rtc::SSLCertChain> chain;
665 if (client)
666 chain = client_ssl_->GetPeerSSLCertChain();
667 else
668 chain = server_ssl_->GetPeerSSLCertChain();
669 return (chain && chain->GetSize()) ? chain->Get(0).Clone() : nullptr;
670 }
671
GetSslCipherSuite(bool client,int * retval)672 bool GetSslCipherSuite(bool client, int* retval) {
673 if (client)
674 return client_ssl_->GetSslCipherSuite(retval);
675 else
676 return server_ssl_->GetSslCipherSuite(retval);
677 }
678
GetSslVersion(bool client)679 int GetSslVersion(bool client) {
680 if (client)
681 return client_ssl_->GetSslVersion();
682 else
683 return server_ssl_->GetSslVersion();
684 }
685
ExportKeyingMaterial(const char * label,const unsigned char * context,size_t context_len,bool use_context,bool client,unsigned char * result,size_t result_len)686 bool ExportKeyingMaterial(const char* label,
687 const unsigned char* context,
688 size_t context_len,
689 bool use_context,
690 bool client,
691 unsigned char* result,
692 size_t result_len) {
693 if (client)
694 return client_ssl_->ExportKeyingMaterial(label, context, context_len,
695 use_context, result, result_len);
696 else
697 return server_ssl_->ExportKeyingMaterial(label, context, context_len,
698 use_context, result, result_len);
699 }
700
701 // To be implemented by subclasses.
702 virtual void WriteData() = 0;
703 virtual void ReadData(rtc::StreamInterface* stream) = 0;
704 virtual void TestTransfer(int size) = 0;
705
706 protected:
client_identity() const707 rtc::SSLIdentity* client_identity() const {
708 if (!client_ssl_) {
709 return nullptr;
710 }
711 return client_ssl_->GetIdentityForTesting();
712 }
server_identity() const713 rtc::SSLIdentity* server_identity() const {
714 if (!server_ssl_) {
715 return nullptr;
716 }
717 return server_ssl_->GetIdentityForTesting();
718 }
719
720 std::string client_cert_pem_;
721 std::string client_private_key_pem_;
722 rtc::KeyParams client_key_type_;
723 rtc::KeyParams server_key_type_;
724 SSLDummyStreamBase* client_stream_; // freed by client_ssl_ destructor
725 SSLDummyStreamBase* server_stream_; // freed by server_ssl_ destructor
726 std::unique_ptr<rtc::SSLStreamAdapter> client_ssl_;
727 std::unique_ptr<rtc::SSLStreamAdapter> server_ssl_;
728 int delay_;
729 size_t mtu_;
730 int loss_;
731 bool lose_first_packet_;
732 bool damage_;
733 bool dtls_;
734 int handshake_wait_;
735 bool identities_set_;
736 };
737
738 class SSLStreamAdapterTestTLS
739 : public SSLStreamAdapterTestBase,
740 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
741 public:
SSLStreamAdapterTestTLS()742 SSLStreamAdapterTestTLS()
743 : SSLStreamAdapterTestBase("",
744 "",
745 false,
746 ::testing::get<0>(GetParam()),
747 ::testing::get<1>(GetParam())),
748 client_buffer_(kFifoBufferSize),
749 server_buffer_(kFifoBufferSize) {}
750
CreateStreams()751 void CreateStreams() override {
752 client_stream_ =
753 new SSLDummyStreamTLS(this, "c2s", &client_buffer_, &server_buffer_);
754 server_stream_ =
755 new SSLDummyStreamTLS(this, "s2c", &server_buffer_, &client_buffer_);
756 }
757
758 // Test data transfer for TLS
TestTransfer(int size)759 void TestTransfer(int size) override {
760 RTC_LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";
761 // Create some dummy data to send.
762 size_t received;
763
764 send_stream_.ReserveSize(size);
765 for (int i = 0; i < size; ++i) {
766 char ch = static_cast<char>(i);
767 send_stream_.Write(&ch, 1, nullptr, nullptr);
768 }
769 send_stream_.Rewind();
770
771 // Prepare the receive stream.
772 recv_stream_.ReserveSize(size);
773
774 // Start sending
775 WriteData();
776
777 // Wait for the client to close
778 EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000);
779
780 // Now check the data
781 recv_stream_.GetSize(&received);
782
783 EXPECT_EQ(static_cast<size_t>(size), received);
784 EXPECT_EQ(0,
785 memcmp(send_stream_.GetBuffer(), recv_stream_.GetBuffer(), size));
786 }
787
WriteData()788 void WriteData() override {
789 size_t position, tosend, size;
790 rtc::StreamResult rv;
791 size_t sent;
792 char block[kBlockSize];
793
794 send_stream_.GetSize(&size);
795 if (!size)
796 return;
797
798 for (;;) {
799 send_stream_.GetPosition(&position);
800 if (send_stream_.Read(block, sizeof(block), &tosend, nullptr) !=
801 rtc::SR_EOS) {
802 rv = client_ssl_->Write(block, tosend, &sent, 0);
803
804 if (rv == rtc::SR_SUCCESS) {
805 send_stream_.SetPosition(position + sent);
806 RTC_LOG(LS_VERBOSE) << "Sent: " << position + sent;
807 } else if (rv == rtc::SR_BLOCK) {
808 RTC_LOG(LS_VERBOSE) << "Blocked...";
809 send_stream_.SetPosition(position);
810 break;
811 } else {
812 ADD_FAILURE();
813 break;
814 }
815 } else {
816 // Now close
817 RTC_LOG(LS_INFO) << "Wrote " << position << " bytes. Closing";
818 client_ssl_->Close();
819 break;
820 }
821 }
822 }
823
ReadData(rtc::StreamInterface * stream)824 void ReadData(rtc::StreamInterface* stream) override {
825 char buffer[1600];
826 size_t bread;
827 int err2;
828 rtc::StreamResult r;
829
830 for (;;) {
831 r = stream->Read(buffer, sizeof(buffer), &bread, &err2);
832
833 if (r == rtc::SR_ERROR || r == rtc::SR_EOS) {
834 // Unfortunately, errors are the way that the stream adapter
835 // signals close in OpenSSL.
836 stream->Close();
837 return;
838 }
839
840 if (r == rtc::SR_BLOCK)
841 break;
842
843 ASSERT_EQ(rtc::SR_SUCCESS, r);
844 RTC_LOG(LS_VERBOSE) << "Read " << bread;
845
846 recv_stream_.Write(buffer, bread, nullptr, nullptr);
847 }
848 }
849
850 private:
851 rtc::FifoBuffer client_buffer_;
852 rtc::FifoBuffer server_buffer_;
853 rtc::MemoryStream send_stream_;
854 rtc::MemoryStream recv_stream_;
855 };
856
857 class SSLStreamAdapterTestDTLSBase : public SSLStreamAdapterTestBase {
858 public:
SSLStreamAdapterTestDTLSBase(rtc::KeyParams param1,rtc::KeyParams param2)859 SSLStreamAdapterTestDTLSBase(rtc::KeyParams param1, rtc::KeyParams param2)
860 : SSLStreamAdapterTestBase("", "", true, param1, param2),
861 client_buffer_(kBufferCapacity, kDefaultBufferSize),
862 server_buffer_(kBufferCapacity, kDefaultBufferSize),
863 packet_size_(1000),
864 count_(0),
865 sent_(0) {}
866
SSLStreamAdapterTestDTLSBase(const std::string & cert_pem,const std::string & private_key_pem)867 SSLStreamAdapterTestDTLSBase(const std::string& cert_pem,
868 const std::string& private_key_pem)
869 : SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),
870 client_buffer_(kBufferCapacity, kDefaultBufferSize),
871 server_buffer_(kBufferCapacity, kDefaultBufferSize),
872 packet_size_(1000),
873 count_(0),
874 sent_(0) {}
875
CreateStreams()876 void CreateStreams() override {
877 client_stream_ =
878 new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);
879 server_stream_ =
880 new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);
881 }
882
WriteData()883 void WriteData() override {
884 unsigned char* packet = new unsigned char[1600];
885
886 while (sent_ < count_) {
887 unsigned int rand_state = sent_;
888 packet[0] = sent_;
889 for (size_t i = 1; i < packet_size_; i++) {
890 // This is a simple LC PRNG. Keep in synch with identical code below.
891 rand_state = (rand_state * 251 + 19937) >> 7;
892 packet[i] = rand_state & 0xff;
893 }
894
895 size_t sent;
896 rtc::StreamResult rv = client_ssl_->Write(packet, packet_size_, &sent, 0);
897 if (rv == rtc::SR_SUCCESS) {
898 RTC_LOG(LS_VERBOSE) << "Sent: " << sent_;
899 sent_++;
900 } else if (rv == rtc::SR_BLOCK) {
901 RTC_LOG(LS_VERBOSE) << "Blocked...";
902 break;
903 } else {
904 ADD_FAILURE();
905 break;
906 }
907 }
908
909 delete[] packet;
910 }
911
ReadData(rtc::StreamInterface * stream)912 void ReadData(rtc::StreamInterface* stream) override {
913 unsigned char buffer[2000];
914 size_t bread;
915 int err2;
916 rtc::StreamResult r;
917
918 for (;;) {
919 r = stream->Read(buffer, 2000, &bread, &err2);
920
921 if (r == rtc::SR_ERROR) {
922 // Unfortunately, errors are the way that the stream adapter
923 // signals close right now
924 stream->Close();
925 return;
926 }
927
928 if (r == rtc::SR_BLOCK)
929 break;
930
931 ASSERT_EQ(rtc::SR_SUCCESS, r);
932 RTC_LOG(LS_VERBOSE) << "Read " << bread;
933
934 // Now parse the datagram
935 ASSERT_EQ(packet_size_, bread);
936 unsigned char packet_num = buffer[0];
937
938 unsigned int rand_state = packet_num;
939 for (size_t i = 1; i < packet_size_; i++) {
940 // This is a simple LC PRNG. Keep in synch with identical code above.
941 rand_state = (rand_state * 251 + 19937) >> 7;
942 ASSERT_EQ(rand_state & 0xff, buffer[i]);
943 }
944 received_.insert(packet_num);
945 }
946 }
947
TestTransfer(int count)948 void TestTransfer(int count) override {
949 count_ = count;
950
951 WriteData();
952
953 EXPECT_TRUE_WAIT(sent_ == count_, 10000);
954 RTC_LOG(LS_INFO) << "sent_ == " << sent_;
955
956 if (damage_) {
957 WAIT(false, 2000);
958 EXPECT_EQ(0U, received_.size());
959 } else if (loss_ == 0) {
960 EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000);
961 } else {
962 RTC_LOG(LS_INFO) << "Sent " << sent_ << " packets; received "
963 << received_.size();
964 }
965 }
966
967 protected:
968 BufferQueueStream client_buffer_;
969 BufferQueueStream server_buffer_;
970
971 private:
972 size_t packet_size_;
973 int count_;
974 int sent_;
975 std::set<int> received_;
976 };
977
978 class SSLStreamAdapterTestDTLS
979 : public SSLStreamAdapterTestDTLSBase,
980 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
981 public:
SSLStreamAdapterTestDTLS()982 SSLStreamAdapterTestDTLS()
983 : SSLStreamAdapterTestDTLSBase(::testing::get<0>(GetParam()),
984 ::testing::get<1>(GetParam())) {}
985
SSLStreamAdapterTestDTLS(const std::string & cert_pem,const std::string & private_key_pem)986 SSLStreamAdapterTestDTLS(const std::string& cert_pem,
987 const std::string& private_key_pem)
988 : SSLStreamAdapterTestDTLSBase(cert_pem, private_key_pem) {}
989 };
990
Write(const void * data,size_t data_len,size_t * written,int * error)991 rtc::StreamResult SSLDummyStreamBase::Write(const void* data,
992 size_t data_len,
993 size_t* written,
994 int* error) {
995 RTC_LOG(LS_VERBOSE) << "Writing to loopback " << data_len;
996
997 if (first_packet_) {
998 first_packet_ = false;
999 if (test_base_->GetLoseFirstPacket()) {
1000 RTC_LOG(LS_INFO) << "Losing initial packet of length " << data_len;
1001 *written = data_len; // Fake successful writing also to writer.
1002 return rtc::SR_SUCCESS;
1003 }
1004 }
1005
1006 return test_base_->DataWritten(this, data, data_len, written, error);
1007 }
1008
1009 class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS {
1010 public:
SSLStreamAdapterTestDTLSFromPEMStrings()1011 SSLStreamAdapterTestDTLSFromPEMStrings()
1012 : SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {}
1013 };
1014
1015 // Test fixture for certificate chaining. Server will push more than one
1016 // certificate.
1017 class SSLStreamAdapterTestDTLSCertChain : public SSLStreamAdapterTestDTLS {
1018 public:
SSLStreamAdapterTestDTLSCertChain()1019 SSLStreamAdapterTestDTLSCertChain() : SSLStreamAdapterTestDTLS("", "") {}
SetUp()1020 void SetUp() override {
1021 CreateStreams();
1022
1023 client_ssl_ =
1024 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
1025 server_ssl_ =
1026 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
1027
1028 // Set up the slots
1029 client_ssl_->SignalEvent.connect(
1030 reinterpret_cast<SSLStreamAdapterTestBase*>(this),
1031 &SSLStreamAdapterTestBase::OnEvent);
1032 server_ssl_->SignalEvent.connect(
1033 reinterpret_cast<SSLStreamAdapterTestBase*>(this),
1034 &SSLStreamAdapterTestBase::OnEvent);
1035
1036 std::unique_ptr<rtc::SSLIdentity> client_identity;
1037 if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
1038 client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
1039 client_private_key_pem_, client_cert_pem_);
1040 } else {
1041 client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
1042 }
1043
1044 client_ssl_->SetIdentity(std::move(client_identity));
1045 }
1046 };
1047
1048 // Basic tests: TLS
1049
1050 // Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestTLS,TestTLSConnect)1051 TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) {
1052 TestHandshake();
1053 }
1054
TEST_P(SSLStreamAdapterTestTLS,GetPeerCertChainWithOneCertificate)1055 TEST_P(SSLStreamAdapterTestTLS, GetPeerCertChainWithOneCertificate) {
1056 TestHandshake();
1057 std::unique_ptr<rtc::SSLCertChain> cert_chain =
1058 client_ssl_->GetPeerSSLCertChain();
1059 ASSERT_NE(nullptr, cert_chain);
1060 EXPECT_EQ(1u, cert_chain->GetSize());
1061 EXPECT_EQ(cert_chain->Get(0).ToPEMString(),
1062 server_identity()->certificate().ToPEMString());
1063 }
1064
TEST_F(SSLStreamAdapterTestDTLSCertChain,TwoCertHandshake)1065 TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshake) {
1066 auto server_identity = rtc::SSLIdentity::CreateFromPEMChainStrings(
1067 kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert);
1068 server_ssl_->SetIdentity(std::move(server_identity));
1069 TestHandshake();
1070 std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
1071 client_ssl_->GetPeerSSLCertChain();
1072 ASSERT_NE(nullptr, peer_cert_chain);
1073 ASSERT_EQ(2u, peer_cert_chain->GetSize());
1074 EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
1075 EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
1076 }
1077
TEST_F(SSLStreamAdapterTestDTLSCertChain,TwoCertHandshakeWithCopy)1078 TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshakeWithCopy) {
1079 server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
1080 kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert));
1081 TestHandshake();
1082 std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
1083 client_ssl_->GetPeerSSLCertChain();
1084 ASSERT_NE(nullptr, peer_cert_chain);
1085 ASSERT_EQ(2u, peer_cert_chain->GetSize());
1086 EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
1087 EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
1088 }
1089
TEST_F(SSLStreamAdapterTestDTLSCertChain,ThreeCertHandshake)1090 TEST_F(SSLStreamAdapterTestDTLSCertChain, ThreeCertHandshake) {
1091 server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
1092 kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kIntCert1 + kCACert));
1093 TestHandshake();
1094 std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
1095 client_ssl_->GetPeerSSLCertChain();
1096 ASSERT_NE(nullptr, peer_cert_chain);
1097 ASSERT_EQ(3u, peer_cert_chain->GetSize());
1098 EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
1099 EXPECT_EQ(kIntCert1, peer_cert_chain->Get(1).ToPEMString());
1100 EXPECT_EQ(kCACert, peer_cert_chain->Get(2).ToPEMString());
1101 }
1102
1103 // Test that closing the connection on one side updates the other side.
TEST_P(SSLStreamAdapterTestTLS,TestTLSClose)1104 TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) {
1105 TestHandshake();
1106 client_ssl_->Close();
1107 EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);
1108 }
1109
1110 // Test transfer -- trivial
TEST_P(SSLStreamAdapterTestTLS,TestTLSTransfer)1111 TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) {
1112 TestHandshake();
1113 TestTransfer(100000);
1114 }
1115
1116 // Test read-write after close.
TEST_P(SSLStreamAdapterTestTLS,ReadWriteAfterClose)1117 TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
1118 TestHandshake();
1119 TestTransfer(100000);
1120 client_ssl_->Close();
1121
1122 rtc::StreamResult rv;
1123 char block[kBlockSize];
1124 size_t dummy;
1125
1126 // It's an error to write after closed.
1127 rv = client_ssl_->Write(block, sizeof(block), &dummy, nullptr);
1128 ASSERT_EQ(rtc::SR_ERROR, rv);
1129
1130 // But after closed read gives you EOS.
1131 rv = client_ssl_->Read(block, sizeof(block), &dummy, nullptr);
1132 ASSERT_EQ(rtc::SR_EOS, rv);
1133 }
1134
1135 // Test a handshake with a bogus peer digest
TEST_P(SSLStreamAdapterTestTLS,TestTLSBogusDigest)1136 TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
1137 SetPeerIdentitiesByDigest(false, true);
1138 TestHandshake(false);
1139 }
1140
TEST_P(SSLStreamAdapterTestTLS,TestTLSDelayedIdentity)1141 TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentity) {
1142 TestHandshakeWithDelayedIdentity(true);
1143 }
1144
TEST_P(SSLStreamAdapterTestTLS,TestTLSDelayedIdentityWithBogusDigest)1145 TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentityWithBogusDigest) {
1146 TestHandshakeWithDelayedIdentity(false);
1147 }
1148
1149 // Test that the correct error is returned when SetPeerCertificateDigest is
1150 // called with an unknown algorithm.
TEST_P(SSLStreamAdapterTestTLS,TestSetPeerCertificateDigestWithUnknownAlgorithm)1151 TEST_P(SSLStreamAdapterTestTLS,
1152 TestSetPeerCertificateDigestWithUnknownAlgorithm) {
1153 unsigned char server_digest[20];
1154 size_t server_digest_len;
1155 bool rv;
1156 rtc::SSLPeerCertificateDigestError err;
1157
1158 rv = server_identity()->certificate().ComputeDigest(
1159 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
1160 ASSERT_TRUE(rv);
1161
1162 rv = client_ssl_->SetPeerCertificateDigest("unknown algorithm", server_digest,
1163 server_digest_len, &err);
1164 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::UNKNOWN_ALGORITHM, err);
1165 EXPECT_FALSE(rv);
1166 }
1167
1168 // Test that the correct error is returned when SetPeerCertificateDigest is
1169 // called with an invalid digest length.
TEST_P(SSLStreamAdapterTestTLS,TestSetPeerCertificateDigestWithInvalidLength)1170 TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) {
1171 unsigned char server_digest[20];
1172 size_t server_digest_len;
1173 bool rv;
1174 rtc::SSLPeerCertificateDigestError err;
1175
1176 rv = server_identity()->certificate().ComputeDigest(
1177 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
1178 ASSERT_TRUE(rv);
1179
1180 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
1181 server_digest_len - 1, &err);
1182 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err);
1183 EXPECT_FALSE(rv);
1184 }
1185
1186 // Test moving a bunch of data
1187
1188 // Basic tests: DTLS
1189 // Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnect)1190 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
1191 TestHandshake();
1192 }
1193
1194 // Test that we can make a handshake work if the first packet in
1195 // each direction is lost. This gives us predictable loss
1196 // rather than having to tune random
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnectWithLostFirstPacket)1197 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
1198 SetLoseFirstPacket(true);
1199 TestHandshake();
1200 }
1201
1202 // Test a handshake with loss and delay
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnectWithLostFirstPacketDelay2s)1203 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
1204 SetLoseFirstPacket(true);
1205 SetDelay(2000);
1206 SetHandshakeWait(20000);
1207 TestHandshake();
1208 }
1209
1210 // Test a handshake with small MTU
1211 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
TEST_P(SSLStreamAdapterTestDTLS,DISABLED_TestDTLSConnectWithSmallMtu)1212 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
1213 SetMtu(700);
1214 SetHandshakeWait(20000);
1215 TestHandshake();
1216 }
1217
1218 // Test transfer -- trivial
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSTransfer)1219 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
1220 TestHandshake();
1221 TestTransfer(100);
1222 }
1223
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSTransferWithLoss)1224 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
1225 TestHandshake();
1226 SetLoss(10);
1227 TestTransfer(100);
1228 }
1229
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSTransferWithDamage)1230 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
1231 SetDamage(); // Must be called first because first packet
1232 // write happens at end of handshake.
1233 TestHandshake();
1234 TestTransfer(100);
1235 }
1236
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSDelayedIdentity)1237 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) {
1238 TestHandshakeWithDelayedIdentity(true);
1239 }
1240
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSDelayedIdentityWithBogusDigest)1241 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) {
1242 TestHandshakeWithDelayedIdentity(false);
1243 }
1244
1245 // Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpHigh)1246 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
1247 std::vector<int> high;
1248 high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
1249 SetDtlsSrtpCryptoSuites(high, true);
1250 SetDtlsSrtpCryptoSuites(high, false);
1251 TestHandshake();
1252
1253 int client_cipher;
1254 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1255 int server_cipher;
1256 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1257
1258 ASSERT_EQ(client_cipher, server_cipher);
1259 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
1260 }
1261
1262 // Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpLow)1263 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
1264 std::vector<int> low;
1265 low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
1266 SetDtlsSrtpCryptoSuites(low, true);
1267 SetDtlsSrtpCryptoSuites(low, false);
1268 TestHandshake();
1269
1270 int client_cipher;
1271 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1272 int server_cipher;
1273 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1274
1275 ASSERT_EQ(client_cipher, server_cipher);
1276 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
1277 }
1278
1279 // Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpHighLow)1280 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
1281 std::vector<int> high;
1282 high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
1283 std::vector<int> low;
1284 low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
1285 SetDtlsSrtpCryptoSuites(high, true);
1286 SetDtlsSrtpCryptoSuites(low, false);
1287 TestHandshake();
1288
1289 int client_cipher;
1290 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1291 int server_cipher;
1292 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1293 }
1294
1295 // Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpMixed)1296 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
1297 std::vector<int> mixed;
1298 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
1299 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
1300 SetDtlsSrtpCryptoSuites(mixed, true);
1301 SetDtlsSrtpCryptoSuites(mixed, false);
1302 TestHandshake();
1303
1304 int client_cipher;
1305 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1306 int server_cipher;
1307 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1308
1309 ASSERT_EQ(client_cipher, server_cipher);
1310 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
1311 }
1312
1313 // Test DTLS-SRTP with all GCM-128 ciphers.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpGCM128)1314 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
1315 std::vector<int> gcm128;
1316 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
1317 SetDtlsSrtpCryptoSuites(gcm128, true);
1318 SetDtlsSrtpCryptoSuites(gcm128, false);
1319 TestHandshake();
1320
1321 int client_cipher;
1322 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1323 int server_cipher;
1324 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1325
1326 ASSERT_EQ(client_cipher, server_cipher);
1327 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_128_GCM);
1328 }
1329
1330 // Test DTLS-SRTP with all GCM-256 ciphers.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpGCM256)1331 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
1332 std::vector<int> gcm256;
1333 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
1334 SetDtlsSrtpCryptoSuites(gcm256, true);
1335 SetDtlsSrtpCryptoSuites(gcm256, false);
1336 TestHandshake();
1337
1338 int client_cipher;
1339 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1340 int server_cipher;
1341 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1342
1343 ASSERT_EQ(client_cipher, server_cipher);
1344 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
1345 }
1346
1347 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpGCMMismatch)1348 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
1349 std::vector<int> gcm128;
1350 gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
1351 std::vector<int> gcm256;
1352 gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
1353 SetDtlsSrtpCryptoSuites(gcm128, true);
1354 SetDtlsSrtpCryptoSuites(gcm256, false);
1355 TestHandshake();
1356
1357 int client_cipher;
1358 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1359 int server_cipher;
1360 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1361 }
1362
1363 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpGCMMixed)1364 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
1365 std::vector<int> gcmBoth;
1366 gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
1367 gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
1368 SetDtlsSrtpCryptoSuites(gcmBoth, true);
1369 SetDtlsSrtpCryptoSuites(gcmBoth, false);
1370 TestHandshake();
1371
1372 int client_cipher;
1373 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1374 int server_cipher;
1375 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1376
1377 ASSERT_EQ(client_cipher, server_cipher);
1378 ASSERT_EQ(client_cipher, rtc::SRTP_AEAD_AES_256_GCM);
1379 }
1380
1381 // Test SRTP cipher suite lengths.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpKeyAndSaltLengths)1382 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
1383 int key_len;
1384 int salt_len;
1385
1386 ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_INVALID_CRYPTO_SUITE,
1387 &key_len, &salt_len));
1388
1389 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AES128_CM_SHA1_32,
1390 &key_len, &salt_len));
1391 ASSERT_EQ(128 / 8, key_len);
1392 ASSERT_EQ(112 / 8, salt_len);
1393
1394 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AES128_CM_SHA1_80,
1395 &key_len, &salt_len));
1396 ASSERT_EQ(128 / 8, key_len);
1397 ASSERT_EQ(112 / 8, salt_len);
1398
1399 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AEAD_AES_128_GCM,
1400 &key_len, &salt_len));
1401 ASSERT_EQ(128 / 8, key_len);
1402 ASSERT_EQ(96 / 8, salt_len);
1403
1404 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::SRTP_AEAD_AES_256_GCM,
1405 &key_len, &salt_len));
1406 ASSERT_EQ(256 / 8, key_len);
1407 ASSERT_EQ(96 / 8, salt_len);
1408 }
1409
1410 // Test an exporter
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSExporter)1411 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
1412 TestHandshake();
1413 unsigned char client_out[20];
1414 unsigned char server_out[20];
1415
1416 bool result;
1417 result = ExportKeyingMaterial(kExporterLabel, kExporterContext,
1418 kExporterContextLen, true, true, client_out,
1419 sizeof(client_out));
1420 ASSERT_TRUE(result);
1421
1422 result = ExportKeyingMaterial(kExporterLabel, kExporterContext,
1423 kExporterContextLen, true, false, server_out,
1424 sizeof(server_out));
1425 ASSERT_TRUE(result);
1426
1427 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));
1428 }
1429
1430 // Test not yet valid certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS,TestCertNotYetValid)1431 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
1432 long one_day = 60 * 60 * 24;
1433 // Make the certificates not valid until one day later.
1434 ResetIdentitiesWithValidity(one_day, one_day);
1435 TestHandshake();
1436 }
1437
1438 // Test expired certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS,TestCertExpired)1439 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
1440 long one_day = 60 * 60 * 24;
1441 // Make the certificates already expired.
1442 ResetIdentitiesWithValidity(-one_day, -one_day);
1443 TestHandshake();
1444 }
1445
1446 // Test data transfer using certs created from strings.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings,TestTransfer)1447 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
1448 TestHandshake();
1449 TestTransfer(100);
1450 }
1451
1452 // Test getting the remote certificate.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings,TestDTLSGetPeerCertificate)1453 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
1454 // Peer certificates haven't been received yet.
1455 ASSERT_FALSE(GetPeerCertificate(true));
1456 ASSERT_FALSE(GetPeerCertificate(false));
1457
1458 TestHandshake();
1459
1460 // The client should have a peer certificate after the handshake.
1461 std::unique_ptr<rtc::SSLCertificate> client_peer_cert =
1462 GetPeerCertificate(true);
1463 ASSERT_TRUE(client_peer_cert);
1464
1465 // It's not kCERT_PEM.
1466 std::string client_peer_string = client_peer_cert->ToPEMString();
1467 ASSERT_NE(kCERT_PEM, client_peer_string);
1468
1469 // The server should have a peer certificate after the handshake.
1470 std::unique_ptr<rtc::SSLCertificate> server_peer_cert =
1471 GetPeerCertificate(false);
1472 ASSERT_TRUE(server_peer_cert);
1473
1474 // It's kCERT_PEM
1475 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
1476 }
1477
1478 // Test getting the used DTLS 1.2 ciphers.
1479 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
TEST_P(SSLStreamAdapterTestDTLS,TestGetSslCipherSuiteDtls12Both)1480 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
1481 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1482 TestHandshake();
1483
1484 int client_cipher;
1485 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1486 int server_cipher;
1487 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1488
1489 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
1490 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
1491
1492 ASSERT_EQ(client_cipher, server_cipher);
1493 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(
1494 server_cipher, ::testing::get<1>(GetParam()).type()));
1495 }
1496
1497 // Test getting the used DTLS ciphers.
1498 // DTLS 1.2 is max version for client and server.
TEST_P(SSLStreamAdapterTestDTLS,TestGetSslCipherSuite)1499 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
1500 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1501 TestHandshake();
1502
1503 int client_cipher;
1504 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1505 int server_cipher;
1506 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1507
1508 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
1509 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
1510
1511 ASSERT_EQ(client_cipher, server_cipher);
1512 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(
1513 server_cipher, ::testing::get<1>(GetParam()).type()));
1514 }
1515
1516 // The RSA keysizes here might look strange, why not include the RFC's size
1517 // 2048?. The reason is test case slowness; testing two sizes to exercise
1518 // parametrization is sufficient.
1519 INSTANTIATE_TEST_SUITE_P(
1520 SSLStreamAdapterTestsTLS,
1521 SSLStreamAdapterTestTLS,
1522 Combine(Values(rtc::KeyParams::RSA(1024, 65537),
1523 rtc::KeyParams::RSA(1152, 65537),
1524 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
1525 Values(rtc::KeyParams::RSA(1024, 65537),
1526 rtc::KeyParams::RSA(1152, 65537),
1527 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
1528 INSTANTIATE_TEST_SUITE_P(
1529 SSLStreamAdapterTestsDTLS,
1530 SSLStreamAdapterTestDTLS,
1531 Combine(Values(rtc::KeyParams::RSA(1024, 65537),
1532 rtc::KeyParams::RSA(1152, 65537),
1533 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
1534 Values(rtc::KeyParams::RSA(1024, 65537),
1535 rtc::KeyParams::RSA(1152, 65537),
1536 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
1537
1538 // Tests for enabling / disabling legacy TLS protocols in DTLS.
1539 class SSLStreamAdapterTestDTLSLegacyProtocols
1540 : public SSLStreamAdapterTestDTLSBase {
1541 public:
SSLStreamAdapterTestDTLSLegacyProtocols()1542 SSLStreamAdapterTestDTLSLegacyProtocols()
1543 : SSLStreamAdapterTestDTLSBase(rtc::KeyParams::ECDSA(rtc::EC_NIST_P256),
1544 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)) {
1545 }
1546
1547 // Do not use the SetUp version from the parent class.
SetUp()1548 void SetUp() override {}
1549
1550 // The legacy TLS protocols flag is read when the OpenSSLStreamAdapter is
1551 // initialized, so we set the experiment while creationg client_ssl_
1552 // and server_ssl_.
1553
ConfigureClient(std::string experiment)1554 void ConfigureClient(std::string experiment) {
1555 webrtc::test::ScopedFieldTrials trial(experiment);
1556 client_stream_ =
1557 new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);
1558 client_ssl_ =
1559 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
1560 client_ssl_->SignalEvent.connect(
1561 static_cast<SSLStreamAdapterTestBase*>(this),
1562 &SSLStreamAdapterTestBase::OnEvent);
1563 auto client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
1564 client_ssl_->SetIdentity(std::move(client_identity));
1565 }
1566
ConfigureServer(std::string experiment)1567 void ConfigureServer(std::string experiment) {
1568 webrtc::test::ScopedFieldTrials trial(experiment);
1569 server_stream_ =
1570 new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);
1571 server_ssl_ =
1572 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
1573 server_ssl_->SignalEvent.connect(
1574 static_cast<SSLStreamAdapterTestBase*>(this),
1575 &SSLStreamAdapterTestBase::OnEvent);
1576 server_ssl_->SetIdentity(
1577 rtc::SSLIdentity::Create("server", server_key_type_));
1578 }
1579 };
1580
1581 // Test getting the used DTLS ciphers.
1582 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslCipherSuite)1583 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, TestGetSslCipherSuite) {
1584 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1585 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1586 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1587 TestHandshake();
1588
1589 int client_cipher;
1590 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1591 int server_cipher;
1592 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1593
1594 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));
1595 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));
1596
1597 ASSERT_EQ(client_cipher, server_cipher);
1598 }
1599
1600 // Test getting the used DTLS 1.2 ciphers.
1601 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslCipherSuiteDtls12Both)1602 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1603 TestGetSslCipherSuiteDtls12Both) {
1604 ConfigureClient("");
1605 ConfigureServer("");
1606 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1607 TestHandshake();
1608
1609 int client_cipher;
1610 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1611 int server_cipher;
1612 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1613
1614 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
1615 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
1616
1617 ASSERT_EQ(client_cipher, server_cipher);
1618 }
1619
1620 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslCipherSuiteDtls12Client)1621 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1622 TestGetSslCipherSuiteDtls12Client) {
1623 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1624 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1625 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
1626 TestHandshake();
1627
1628 int client_cipher;
1629 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1630 int server_cipher;
1631 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1632
1633 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));
1634 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));
1635
1636 ASSERT_EQ(client_cipher, server_cipher);
1637 }
1638
1639 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslCipherSuiteDtls12Server)1640 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1641 TestGetSslCipherSuiteDtls12Server) {
1642 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1643 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1644 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
1645 TestHandshake();
1646
1647 int client_cipher;
1648 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1649 int server_cipher;
1650 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1651
1652 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));
1653 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));
1654
1655 ASSERT_EQ(client_cipher, server_cipher);
1656 }
1657
1658 // Client has legacy TLS versions disabled, server has DTLS 1.0 only.
1659 // This is meant to cause a failure.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyDisabledServer10)1660 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1661 TestGetSslVersionLegacyDisabledServer10) {
1662 ConfigureClient("");
1663 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1664 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
1665 // Handshake should fail.
1666 TestHandshake(false);
1667 }
1668
1669 // Both client and server have legacy TLS versions disabled and support
1670 // DTLS 1.2. This should work.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyDisabledServer12)1671 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1672 TestGetSslVersionLegacyDisabledServer12) {
1673 ConfigureClient("");
1674 ConfigureServer("");
1675 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1676 TestHandshake();
1677 }
1678
1679 // Both client and server have legacy TLS versions enabled and support DTLS 1.0.
1680 // This should work.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyEnabledClient10Server10)1681 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1682 TestGetSslVersionLegacyEnabledClient10Server10) {
1683 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1684 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1685 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1686 TestHandshake();
1687 }
1688
1689 // Legacy protocols are disabled in the client, max TLS version is 1.0
1690 // This should be a configuration error, and handshake should fail.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyDisabledClient10Server10)1691 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1692 TestGetSslVersionLegacyDisabledClient10Server10) {
1693 ConfigureClient("");
1694 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1695 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1696 TestHandshake(false);
1697 }
1698
1699 // Both client and server have legacy TLS versions enabled and support DTLS 1.0.
1700 // This should work.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyOverrideEnabledClient10Server10)1701 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1702 TestGetSslVersionLegacyOverrideEnabledClient10Server10) {
1703 rtc::SetAllowLegacyTLSProtocols(true);
1704 ConfigureClient("");
1705 ConfigureServer("");
1706 // Remove override.
1707 rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
1708 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1709 TestHandshake();
1710 }
1711
1712 // Client has legacy TLS disabled and server has legacy TLS enabled via
1713 // override. Handshake for DTLS 1.0 should fail.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyOverrideDisabledClient10EnabledServer10)1714 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1715 TestGetSslVersionLegacyOverrideDisabledClient10EnabledServer10) {
1716 rtc::SetAllowLegacyTLSProtocols(false);
1717 ConfigureClient("");
1718 rtc::SetAllowLegacyTLSProtocols(true);
1719 ConfigureServer("");
1720 // Remove override.
1721 rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
1722 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1723 TestHandshake(false);
1724 }
1725
1726 // Client has legacy TLS enabled and server has legacy TLS disabled via
1727 // override. Handshake for DTLS 1.0 should fail.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyOverrideEnabledClient10DisabledServer10)1728 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1729 TestGetSslVersionLegacyOverrideEnabledClient10DisabledServer10) {
1730 rtc::SetAllowLegacyTLSProtocols(true);
1731 ConfigureClient("");
1732 rtc::SetAllowLegacyTLSProtocols(false);
1733 ConfigureServer("");
1734 // Remove override.
1735 rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
1736 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1737 TestHandshake(false);
1738 }
1739