1 /*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11 #include "rtc_base/ssl_stream_adapter.h"
12
13 #include <algorithm>
14 #include <memory>
15 #include <set>
16 #include <string>
17
18 #include "absl/memory/memory.h"
19 #include "absl/strings/string_view.h"
20 #include "api/array_view.h"
21 #include "api/task_queue/pending_task_safety_flag.h"
22 #include "rtc_base/buffer_queue.h"
23 #include "rtc_base/checks.h"
24 #include "rtc_base/gunit.h"
25 #include "rtc_base/helpers.h"
26 #include "rtc_base/memory/fifo_buffer.h"
27 #include "rtc_base/memory_stream.h"
28 #include "rtc_base/message_digest.h"
29 #include "rtc_base/openssl_stream_adapter.h"
30 #include "rtc_base/ssl_adapter.h"
31 #include "rtc_base/ssl_identity.h"
32 #include "rtc_base/stream.h"
33 #include "test/field_trial.h"
34
35 using ::testing::Combine;
36 using ::testing::tuple;
37 using ::testing::Values;
38 using ::testing::WithParamInterface;
39 using ::webrtc::SafeTask;
40
41 static const int kBlockSize = 4096;
42 static const char kExporterLabel[] = "label";
43 static const unsigned char kExporterContext[] = "context";
44 static int kExporterContextLen = sizeof(kExporterContext);
45
46 // A private key used for testing, broken into pieces in order to avoid
47 // issues with Git's checks for private keys in repos.
48 #define RSA_PRIVATE_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----\n"
49
50 static const char kRSA_PRIVATE_KEY_PEM[] = RSA_PRIVATE_KEY_HEADER
51 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
52 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
53 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
54 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
55 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
56 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
57 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
58 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
59 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
60 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
61 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
62 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
63 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
64 "UCXiYxSsu20QNVw=\n"
65 "-----END RSA PRIVATE KEY-----\n";
66
67 #undef RSA_PRIVATE_KEY_HEADER
68
69 static const char kCERT_PEM[] =
70 "-----BEGIN CERTIFICATE-----\n"
71 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
72 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
73 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
74 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
75 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
76 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
77 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
78 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
79 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
80 "-----END CERTIFICATE-----\n";
81
82 static const char kIntCert1[] =
83 "-----BEGIN CERTIFICATE-----\n"
84 "MIIEUjCCAjqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCVVMx\n"
85 "EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS\n"
86 "BgNVBAoMC0dvb2dsZSwgSW5jMQwwCgYDVQQLDANHVFAxFzAVBgNVBAMMDnRlbGVw\n"
87 "aG9ueS5nb29nMR0wGwYJKoZIhvcNAQkBFg5ndHBAZ29vZ2xlLmNvbTAeFw0xNzA5\n"
88 "MjYwNDA5MDNaFw0yMDA2MjIwNDA5MDNaMGQxCzAJBgNVBAYTAlVTMQswCQYDVQQI\n"
89 "DAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEXMBUGA1UECgwOdGVsZXBob255\n"
90 "Lmdvb2cxFzAVBgNVBAMMDnRlbGVwaG9ueS5nb29nMIGfMA0GCSqGSIb3DQEBAQUA\n"
91 "A4GNADCBiQKBgQDJXWeeU1v1+wlqkVobzI3aN7Uh2iVQA9YCdq5suuabtiD/qoOD\n"
92 "NKpmQqsx7WZGGWSZTDFEBaUpvIK7Hb+nzRqk6iioPCFOFuarm6GxO1xVneImMuE6\n"
93 "tuWb3YZPr+ikChJbl11y5UcSbg0QsbeUc+jHl5umNvrL85Y+z8SP0rxbBwIDAQAB\n"
94 "o2AwXjAdBgNVHQ4EFgQU7tdZobqlN8R8V72FQnRxmqq8tKswHwYDVR0jBBgwFoAU\n"
95 "5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC\n"
96 "AQYwDQYJKoZIhvcNAQELBQADggIBADObh9Z+z14FmP9zSenhFtq7hFnmNrSkklk8\n"
97 "eyYWXKfOuIriEQQBZsz76ZcnzStih8Rj+yQ0AXydk4fJ5LOwC2cUqQBar17g6Pd2\n"
98 "8g4SIL4azR9WvtiSvpuGlwp25b+yunaacDne6ebnf/MUiiKT5w61Xo3cEPVfl38e\n"
99 "/Up2l0bioid5enUTmg6LY6RxDO6tnZQkz3XD+nNSwT4ehtkqFpHYWjErj0BbkDM2\n"
100 "hiVc/JsYOZn3DmuOlHVHU6sKwqh3JEyvHO/d7DGzMGWHpHwv2mCTJq6l/sR95Tc2\n"
101 "GaQZgGDVNs9pdEouJCDm9e/PbQWRYhnat82PTkXx/6mDAAwdZlIi/pACzq8K4p7e\n"
102 "6hF0t8uKGnXJubHPXxlnJU6yxZ0yWmivAGjwWK4ur832gKlho4jeMDhiI/T3QPpl\n"
103 "iMNsIvxRhdD+GxJkQP1ezayw8s+Uc9KwKglrkBSRRDLCJUfPOvMmXLUDSTMX7kp4\n"
104 "/Ak1CA8dVLJIlfEjLBUuvAttlP7+7lsKNgxAjCxZkWLXIyGULzNPQwVWkGfCbrQs\n"
105 "XyMvSbFsSIb7blV7eLlmf9a+2RprUUkc2ALXLLCI9YQXmxm2beBfMyNmmebwBJzT\n"
106 "B0OR+5pFFNTJPoNlqpdrDsGrDu7JlUtk0ZLZzYyKXbgy2qXxfd4OWzXXjxpLMszZ\n"
107 "LDIpOAkj\n"
108 "-----END CERTIFICATE-----\n";
109
110 static const char kCACert[] =
111 "-----BEGIN CERTIFICATE-----\n"
112 "MIIGETCCA/mgAwIBAgIJAKN9r/BdbGUJMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD\n"
113 "VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g\n"
114 "VmlldzEUMBIGA1UECgwLR29vZ2xlLCBJbmMxDDAKBgNVBAsMA0dUUDEXMBUGA1UE\n"
115 "AwwOdGVsZXBob255Lmdvb2cxHTAbBgkqhkiG9w0BCQEWDmd0cEBnb29nbGUuY29t\n"
116 "MB4XDTE3MDcyNzIzMDE0NVoXDTE3MDgyNjIzMDE0NVowgZYxCzAJBgNVBAYTAlVT\n"
117 "MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRQw\n"
118 "EgYDVQQKDAtHb29nbGUsIEluYzEMMAoGA1UECwwDR1RQMRcwFQYDVQQDDA50ZWxl\n"
119 "cGhvbnkuZ29vZzEdMBsGCSqGSIb3DQEJARYOZ3RwQGdvb2dsZS5jb20wggIiMA0G\n"
120 "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfvpF7aBV5Hp1EHsWoIlL3GeHwh8dS\n"
121 "lv9VQCegN9rD06Ny7MgcED5AiK2vqXmUmOVS+7NbATkdVYN/eozDhKtN3Q3n87kJ\n"
122 "Nt/TD/TcZZHOZIGsRPbrf2URK26E/5KzTzbzXVBOA1e+gSj+EBbltGqb01ZO5ErF\n"
123 "iPGViPM/HpYKdq6mfz2bS5PhU67XZMM2zvToyReQ/Fjm/6PJhwKSRXSgZF5djPhk\n"
124 "2LfOKMLS0AeZtd2C4DFsCU41lfLUkybioDgFuzTQ3TFi1K8A07KYTMmLY/yQppnf\n"
125 "SpNX58shlVhM+Ed37K1Z0rU0OfVCZ5P+KKaSSfMranjlU7zeUIhZYjqq/EYrEhbS\n"
126 "dLnNHwgJrqxzId3kq8uuLM6+VB7JZKnZLfT90GdAbX4+tutNe21smmogF9f80vEy\n"
127 "gM4tOp9rXrvz9vCwWHXVY9kdKemdLAsREoO6MS9k2ctK4jj80o2dROuFC6Q3e7mz\n"
128 "RjvZr5Tvi464c2o9o/jNlJ0O6q7V2eQzohD+7VnV5QPpRGXxlIeqpR2zoAg+WtRS\n"
129 "4OgHOVYiD3M6uAlggJA5pcDjMfkEZ+pkhtVcT4qMCEoruk6GbyPxS565oSHu16bH\n"
130 "EjeCqbZOVND5T3oA7nz6aQSs8sJabt0jmxUkGVnE+4ZDIuuRtkRma+0P/96Mtqor\n"
131 "OlpNWY1OBDY64QIDAQABo2AwXjAdBgNVHQ4EFgQU5GgKMUtcxkQ2dJrtNR5YOlIA\n"
132 "PDswHwYDVR0jBBgwFoAU5GgKMUtcxkQ2dJrtNR5YOlIAPDswDwYDVR0TAQH/BAUw\n"
133 "AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAARQly5/bB6VUL2C\n"
134 "ykDYgWt48go407pAra6tL2kjpdfxV5PdL7iMZRkeht00vj+BVahIqZKrNOa/f5Fx\n"
135 "vlpahZFu0PDN436aQwRZ9qWut2qDOK0/z9Hhj6NWybquRFwMwqkPG/ivLMDU8Dmj\n"
136 "CIplpngPYNwXCs0KzdjSXYxqxJbwMjQXELD+/RcurY0oTtJMM1/2vKQMzw24UJqe\n"
137 "XLJAlsnd2AnWzWNUEviDZY89j9NdkHerBmV2gGzcU+X5lgOO5M8odBv0ZC9D+a6Z\n"
138 "QPZAOfdGVw60hhGvTW5s/s0dHwCpegRidhs0MD0fTmwwjYFBSmUx3Gztr4JTzOOr\n"
139 "7e5daJuak2ujQ5DqcGBvt1gePjSudb5brS7JQtN8tI/FyrnR4q/OuOwv1EvlC5RG\n"
140 "hLX+TXaWqFxB1Hd8ebKRR40mboFG6KcUI3lLBthDvQE7jnq48QfZMjlMQK0ZF1l7\n"
141 "SrlwRXWA74bU8CLJvnZKKo9p4TsTiDYGSYC6tNHKj5s3TGWL46oqGyZ0KdGNhrtC\n"
142 "rIGenMhth1vPYjyy0XuGBndXT85yi+IM2l8g8oU845+plxIhgpSI8bbC0oLwnhQ5\n"
143 "ARfsiYLkXDE7imSS0CSUmye76372mlzAIB1is4bBB/SzpPQtBuB9LDKtONgpSGHn\n"
144 "dGaXBy+qbVXVyGXaeEbIRjtJ6m92\n"
145 "-----END CERTIFICATE-----\n";
146
147 class SSLStreamAdapterTestBase;
148
149 class SSLDummyStreamBase : public rtc::StreamInterface,
150 public sigslot::has_slots<> {
151 public:
SSLDummyStreamBase(SSLStreamAdapterTestBase * test,absl::string_view side,rtc::StreamInterface * in,rtc::StreamInterface * out)152 SSLDummyStreamBase(SSLStreamAdapterTestBase* test,
153 absl::string_view side,
154 rtc::StreamInterface* in,
155 rtc::StreamInterface* out)
156 : test_base_(test), side_(side), in_(in), out_(out), first_packet_(true) {
157 in_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventIn);
158 out_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventOut);
159 }
160
GetState() const161 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
162
Read(rtc::ArrayView<uint8_t> buffer,size_t & read,int & error)163 rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
164 size_t& read,
165 int& error) override {
166 rtc::StreamResult r;
167
168 r = in_->Read(buffer, read, error);
169 if (r == rtc::SR_BLOCK)
170 return rtc::SR_BLOCK;
171 if (r == rtc::SR_EOS)
172 return rtc::SR_EOS;
173
174 if (r != rtc::SR_SUCCESS) {
175 ADD_FAILURE();
176 return rtc::SR_ERROR;
177 }
178
179 return rtc::SR_SUCCESS;
180 }
181
182 // Catch readability events on in and pass them up.
OnEventIn(rtc::StreamInterface * stream,int sig,int err)183 void OnEventIn(rtc::StreamInterface* stream, int sig, int err) {
184 int mask = (rtc::SE_READ | rtc::SE_CLOSE);
185
186 if (sig & mask) {
187 RTC_LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_
188 << " sig=" << sig << " forwarding upward";
189 PostEvent(sig & mask, 0);
190 }
191 }
192
193 // Catch writeability events on out and pass them up.
OnEventOut(rtc::StreamInterface * stream,int sig,int err)194 void OnEventOut(rtc::StreamInterface* stream, int sig, int err) {
195 if (sig & rtc::SE_WRITE) {
196 RTC_LOG(LS_VERBOSE) << "SSLDummyStreamBase::OnEvent side=" << side_
197 << " sig=" << sig << " forwarding upward";
198
199 PostEvent(sig & rtc::SE_WRITE, 0);
200 }
201 }
202
203 // Write to the outgoing FifoBuffer
WriteData(rtc::ArrayView<const uint8_t> data,size_t & written,int & error)204 rtc::StreamResult WriteData(rtc::ArrayView<const uint8_t> data,
205 size_t& written,
206 int& error) {
207 return out_->Write(data, written, error);
208 }
209
210 rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
211 size_t& written,
212 int& error) override;
213
Close()214 void Close() override {
215 RTC_LOG(LS_INFO) << "Closing outbound stream";
216 out_->Close();
217 }
218
219 private:
PostEvent(int events,int err)220 void PostEvent(int events, int err) {
221 thread_->PostTask(SafeTask(task_safety_.flag(), [this, events, err]() {
222 SignalEvent(this, events, err);
223 }));
224 }
225
226 webrtc::ScopedTaskSafety task_safety_;
227 rtc::Thread* const thread_ = rtc::Thread::Current();
228 SSLStreamAdapterTestBase* test_base_;
229 const std::string side_;
230 rtc::StreamInterface* in_;
231 rtc::StreamInterface* out_;
232 bool first_packet_;
233 };
234
235 class SSLDummyStreamTLS : public SSLDummyStreamBase {
236 public:
SSLDummyStreamTLS(SSLStreamAdapterTestBase * test,absl::string_view side,rtc::FifoBuffer * in,rtc::FifoBuffer * out)237 SSLDummyStreamTLS(SSLStreamAdapterTestBase* test,
238 absl::string_view side,
239 rtc::FifoBuffer* in,
240 rtc::FifoBuffer* out)
241 : SSLDummyStreamBase(test, side, in, out) {}
242 };
243
244 class BufferQueueStream : public rtc::StreamInterface {
245 public:
BufferQueueStream(size_t capacity,size_t default_size)246 BufferQueueStream(size_t capacity, size_t default_size)
247 : buffer_(capacity, default_size) {}
248
249 // Implementation of abstract StreamInterface methods.
250
251 // A buffer queue stream is always "open".
GetState() const252 rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
253
254 // Reading a buffer queue stream will either succeed or block.
Read(rtc::ArrayView<uint8_t> buffer,size_t & read,int & error)255 rtc::StreamResult Read(rtc::ArrayView<uint8_t> buffer,
256 size_t& read,
257 int& error) override {
258 const bool was_writable = buffer_.is_writable();
259 if (!buffer_.ReadFront(buffer.data(), buffer.size(), &read))
260 return rtc::SR_BLOCK;
261
262 if (!was_writable)
263 NotifyWritableForTest();
264
265 return rtc::SR_SUCCESS;
266 }
267
268 // Writing to a buffer queue stream will either succeed or block.
Write(rtc::ArrayView<const uint8_t> data,size_t & written,int & error)269 rtc::StreamResult Write(rtc::ArrayView<const uint8_t> data,
270 size_t& written,
271 int& error) override {
272 const bool was_readable = buffer_.is_readable();
273 if (!buffer_.WriteBack(data.data(), data.size(), &written))
274 return rtc::SR_BLOCK;
275
276 if (!was_readable)
277 NotifyReadableForTest();
278
279 return rtc::SR_SUCCESS;
280 }
281
282 // A buffer queue stream can not be closed.
Close()283 void Close() override {}
284
285 protected:
NotifyReadableForTest()286 void NotifyReadableForTest() { PostEvent(rtc::SE_READ, 0); }
NotifyWritableForTest()287 void NotifyWritableForTest() { PostEvent(rtc::SE_WRITE, 0); }
288
289 private:
PostEvent(int events,int err)290 void PostEvent(int events, int err) {
291 thread_->PostTask(SafeTask(task_safety_.flag(), [this, events, err]() {
292 SignalEvent(this, events, err);
293 }));
294 }
295
296 rtc::Thread* const thread_ = rtc::Thread::Current();
297 webrtc::ScopedTaskSafety task_safety_;
298 rtc::BufferQueue buffer_;
299 };
300
301 class SSLDummyStreamDTLS : public SSLDummyStreamBase {
302 public:
SSLDummyStreamDTLS(SSLStreamAdapterTestBase * test,absl::string_view side,BufferQueueStream * in,BufferQueueStream * out)303 SSLDummyStreamDTLS(SSLStreamAdapterTestBase* test,
304 absl::string_view side,
305 BufferQueueStream* in,
306 BufferQueueStream* out)
307 : SSLDummyStreamBase(test, side, in, out) {}
308 };
309
310 static const int kFifoBufferSize = 4096;
311 static const int kBufferCapacity = 1;
312 static const size_t kDefaultBufferSize = 2048;
313
314 class SSLStreamAdapterTestBase : public ::testing::Test,
315 public sigslot::has_slots<> {
316 public:
SSLStreamAdapterTestBase(absl::string_view client_cert_pem,absl::string_view client_private_key_pem,bool dtls,rtc::KeyParams client_key_type=rtc::KeyParams (rtc::KT_DEFAULT),rtc::KeyParams server_key_type=rtc::KeyParams (rtc::KT_DEFAULT))317 SSLStreamAdapterTestBase(
318 absl::string_view client_cert_pem,
319 absl::string_view client_private_key_pem,
320 bool dtls,
321 rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT),
322 rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT))
323 : client_cert_pem_(client_cert_pem),
324 client_private_key_pem_(client_private_key_pem),
325 client_key_type_(client_key_type),
326 server_key_type_(server_key_type),
327 client_stream_(nullptr),
328 server_stream_(nullptr),
329 delay_(0),
330 mtu_(1460),
331 loss_(0),
332 lose_first_packet_(false),
333 damage_(false),
334 dtls_(dtls),
335 handshake_wait_(5000),
336 identities_set_(false) {
337 // Set use of the test RNG to get predictable loss patterns.
338 rtc::SetRandomTestMode(true);
339 }
340
~SSLStreamAdapterTestBase()341 ~SSLStreamAdapterTestBase() override {
342 // Put it back for the next test.
343 rtc::SetRandomTestMode(false);
344 }
345
SetUp()346 void SetUp() override {
347 CreateStreams();
348
349 client_ssl_ =
350 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
351 server_ssl_ =
352 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
353
354 // Set up the slots
355 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
356 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
357
358 std::unique_ptr<rtc::SSLIdentity> client_identity;
359 if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
360 client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
361 client_private_key_pem_, client_cert_pem_);
362 } else {
363 client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
364 }
365 auto server_identity = rtc::SSLIdentity::Create("server", server_key_type_);
366
367 client_ssl_->SetIdentity(std::move(client_identity));
368 server_ssl_->SetIdentity(std::move(server_identity));
369 }
370
TearDown()371 void TearDown() override {
372 client_ssl_.reset(nullptr);
373 server_ssl_.reset(nullptr);
374 }
375
376 virtual void CreateStreams() = 0;
377
378 // Recreate the client/server identities with the specified validity period.
379 // `not_before` and `not_after` are offsets from the current time in number
380 // of seconds.
ResetIdentitiesWithValidity(int not_before,int not_after)381 void ResetIdentitiesWithValidity(int not_before, int not_after) {
382 CreateStreams();
383
384 client_ssl_ =
385 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
386 server_ssl_ =
387 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
388
389 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
390 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
391
392 time_t now = time(nullptr);
393
394 rtc::SSLIdentityParams client_params;
395 client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
396 client_params.common_name = "client";
397 client_params.not_before = now + not_before;
398 client_params.not_after = now + not_after;
399 auto client_identity = rtc::SSLIdentity::CreateForTest(client_params);
400
401 rtc::SSLIdentityParams server_params;
402 server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
403 server_params.common_name = "server";
404 server_params.not_before = now + not_before;
405 server_params.not_after = now + not_after;
406 auto server_identity = rtc::SSLIdentity::CreateForTest(server_params);
407
408 client_ssl_->SetIdentity(std::move(client_identity));
409 server_ssl_->SetIdentity(std::move(server_identity));
410 }
411
OnEvent(rtc::StreamInterface * stream,int sig,int err)412 virtual void OnEvent(rtc::StreamInterface* stream, int sig, int err) {
413 RTC_LOG(LS_VERBOSE) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig;
414
415 if (sig & rtc::SE_READ) {
416 ReadData(stream);
417 }
418
419 if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) {
420 WriteData();
421 }
422 }
423
SetPeerIdentitiesByDigest(bool correct,bool expect_success)424 void SetPeerIdentitiesByDigest(bool correct, bool expect_success) {
425 unsigned char server_digest[20];
426 size_t server_digest_len;
427 unsigned char client_digest[20];
428 size_t client_digest_len;
429 bool rv;
430 rtc::SSLPeerCertificateDigestError err;
431 rtc::SSLPeerCertificateDigestError expected_err =
432 expect_success
433 ? rtc::SSLPeerCertificateDigestError::NONE
434 : rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED;
435
436 RTC_LOG(LS_INFO) << "Setting peer identities by digest";
437
438 rv = server_identity()->certificate().ComputeDigest(
439 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
440 ASSERT_TRUE(rv);
441 rv = client_identity()->certificate().ComputeDigest(
442 rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len);
443 ASSERT_TRUE(rv);
444
445 if (!correct) {
446 RTC_LOG(LS_INFO) << "Setting bogus digest for server cert";
447 server_digest[0]++;
448 }
449 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
450 server_digest_len, &err);
451 EXPECT_EQ(expected_err, err);
452 EXPECT_EQ(expect_success, rv);
453
454 if (!correct) {
455 RTC_LOG(LS_INFO) << "Setting bogus digest for client cert";
456 client_digest[0]++;
457 }
458 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, client_digest,
459 client_digest_len, &err);
460 EXPECT_EQ(expected_err, err);
461 EXPECT_EQ(expect_success, rv);
462
463 identities_set_ = true;
464 }
465
SetupProtocolVersions(rtc::SSLProtocolVersion server_version,rtc::SSLProtocolVersion client_version)466 void SetupProtocolVersions(rtc::SSLProtocolVersion server_version,
467 rtc::SSLProtocolVersion client_version) {
468 server_ssl_->SetMaxProtocolVersion(server_version);
469 client_ssl_->SetMaxProtocolVersion(client_version);
470 }
471
TestHandshake(bool expect_success=true)472 void TestHandshake(bool expect_success = true) {
473 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
474 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
475
476 if (!dtls_) {
477 // Make sure we simulate a reliable network for TLS.
478 // This is just a check to make sure that people don't write wrong
479 // tests.
480 RTC_CHECK_EQ(1460, mtu_);
481 RTC_CHECK(!loss_);
482 RTC_CHECK(!lose_first_packet_);
483 }
484
485 if (!identities_set_)
486 SetPeerIdentitiesByDigest(true, true);
487
488 // Start the handshake
489 int rv;
490
491 server_ssl_->SetServerRole();
492 rv = server_ssl_->StartSSL();
493 ASSERT_EQ(0, rv);
494
495 rv = client_ssl_->StartSSL();
496 ASSERT_EQ(0, rv);
497
498 // Now run the handshake
499 if (expect_success) {
500 EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN) &&
501 (server_ssl_->GetState() == rtc::SS_OPEN),
502 handshake_wait_);
503 } else {
504 EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED,
505 handshake_wait_);
506 }
507 }
508
509 // This tests that we give up after 12 DTLS resends.
TestHandshakeTimeout()510 void TestHandshakeTimeout() {
511 rtc::ScopedFakeClock clock;
512 int64_t time_start = clock.TimeNanos();
513 webrtc::TimeDelta time_increment = webrtc::TimeDelta::Millis(1000);
514 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
515 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
516
517 if (!dtls_) {
518 // Make sure we simulate a reliable network for TLS.
519 // This is just a check to make sure that people don't write wrong
520 // tests.
521 RTC_CHECK_EQ(1460, mtu_);
522 RTC_CHECK(!loss_);
523 RTC_CHECK(!lose_first_packet_);
524 }
525
526 if (!identities_set_)
527 SetPeerIdentitiesByDigest(true, true);
528
529 // Start the handshake
530 int rv;
531
532 server_ssl_->SetServerRole();
533 rv = server_ssl_->StartSSL();
534 ASSERT_EQ(0, rv);
535
536 rv = client_ssl_->StartSSL();
537 ASSERT_EQ(0, rv);
538
539 // Now wait for the handshake to timeout (or fail after an hour of simulated
540 // time).
541 while (client_ssl_->GetState() == rtc::SS_OPENING &&
542 (rtc::TimeDiff(clock.TimeNanos(), time_start) <
543 3600 * rtc::kNumNanosecsPerSec)) {
544 EXPECT_TRUE_WAIT(!((client_ssl_->GetState() == rtc::SS_OPEN) &&
545 (server_ssl_->GetState() == rtc::SS_OPEN)),
546 1000);
547 clock.AdvanceTime(time_increment);
548 }
549 RTC_CHECK_EQ(client_ssl_->GetState(), rtc::SS_CLOSED);
550 }
551
552 // This tests that the handshake can complete before the identity is verified,
553 // and the identity will be verified after the fact. It also verifies that
554 // packets can't be read or written before the identity has been verified.
TestHandshakeWithDelayedIdentity(bool valid_identity)555 void TestHandshakeWithDelayedIdentity(bool valid_identity) {
556 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
557 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : rtc::SSL_MODE_TLS);
558
559 if (!dtls_) {
560 // Make sure we simulate a reliable network for TLS.
561 // This is just a check to make sure that people don't write wrong
562 // tests.
563 RTC_CHECK_EQ(1460, mtu_);
564 RTC_CHECK(!loss_);
565 RTC_CHECK(!lose_first_packet_);
566 }
567
568 // Start the handshake
569 server_ssl_->SetServerRole();
570 ASSERT_EQ(0, server_ssl_->StartSSL());
571 ASSERT_EQ(0, client_ssl_->StartSSL());
572
573 // Now run the handshake.
574 EXPECT_TRUE_WAIT(
575 client_ssl_->IsTlsConnected() && server_ssl_->IsTlsConnected(),
576 handshake_wait_);
577
578 // Until the identity has been verified, the state should still be
579 // SS_OPENING and writes should return SR_BLOCK.
580 EXPECT_EQ(rtc::SS_OPENING, client_ssl_->GetState());
581 EXPECT_EQ(rtc::SS_OPENING, server_ssl_->GetState());
582 uint8_t packet[1];
583 size_t sent;
584 int error;
585 EXPECT_EQ(rtc::SR_BLOCK, client_ssl_->Write(packet, sent, error));
586 EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Write(packet, sent, error));
587
588 // Collect both of the certificate digests; needs to be done before calling
589 // SetPeerCertificateDigest as that may reset the identity.
590 unsigned char server_digest[20];
591 size_t server_digest_len;
592 unsigned char client_digest[20];
593 size_t client_digest_len;
594 bool rv;
595
596 rv = server_identity()->certificate().ComputeDigest(
597 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
598 ASSERT_TRUE(rv);
599 rv = client_identity()->certificate().ComputeDigest(
600 rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len);
601 ASSERT_TRUE(rv);
602
603 if (!valid_identity) {
604 RTC_LOG(LS_INFO) << "Setting bogus digest for client/server certs";
605 client_digest[0]++;
606 server_digest[0]++;
607 }
608
609 // Set the peer certificate digest for the client.
610 rtc::SSLPeerCertificateDigestError err;
611 rtc::SSLPeerCertificateDigestError expected_err =
612 valid_identity
613 ? rtc::SSLPeerCertificateDigestError::NONE
614 : rtc::SSLPeerCertificateDigestError::VERIFICATION_FAILED;
615 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
616 server_digest_len, &err);
617 EXPECT_EQ(expected_err, err);
618 EXPECT_EQ(valid_identity, rv);
619 // State should then transition to SS_OPEN or SS_CLOSED based on validation
620 // of the identity.
621 if (valid_identity) {
622 EXPECT_EQ(rtc::SS_OPEN, client_ssl_->GetState());
623 // If the client sends a packet while the server still hasn't verified the
624 // client identity, the server should continue to return SR_BLOCK.
625 int error;
626 EXPECT_EQ(rtc::SR_SUCCESS, client_ssl_->Write(packet, sent, error));
627 size_t read;
628 EXPECT_EQ(rtc::SR_BLOCK, server_ssl_->Read(packet, read, error));
629 } else {
630 EXPECT_EQ(rtc::SS_CLOSED, client_ssl_->GetState());
631 }
632
633 // Set the peer certificate digest for the server.
634 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, client_digest,
635 client_digest_len, &err);
636 EXPECT_EQ(expected_err, err);
637 EXPECT_EQ(valid_identity, rv);
638 if (valid_identity) {
639 EXPECT_EQ(rtc::SS_OPEN, server_ssl_->GetState());
640 } else {
641 EXPECT_EQ(rtc::SS_CLOSED, server_ssl_->GetState());
642 }
643 }
644
DataWritten(SSLDummyStreamBase * from,const void * data,size_t data_len,size_t & written,int & error)645 rtc::StreamResult DataWritten(SSLDummyStreamBase* from,
646 const void* data,
647 size_t data_len,
648 size_t& written,
649 int& error) {
650 // Randomly drop loss_ percent of packets
651 if (rtc::CreateRandomId() % 100 < static_cast<uint32_t>(loss_)) {
652 RTC_LOG(LS_VERBOSE) << "Randomly dropping packet, size=" << data_len;
653 written = data_len;
654 return rtc::SR_SUCCESS;
655 }
656 if (dtls_ && (data_len > mtu_)) {
657 RTC_LOG(LS_VERBOSE) << "Dropping packet > mtu, size=" << data_len;
658 written = data_len;
659 return rtc::SR_SUCCESS;
660 }
661
662 // Optionally damage application data (type 23). Note that we don't damage
663 // handshake packets and we damage the last byte to keep the header
664 // intact but break the MAC.
665 if (damage_ && (*static_cast<const unsigned char*>(data) == 23)) {
666 std::vector<uint8_t> buf(data_len);
667
668 RTC_LOG(LS_VERBOSE) << "Damaging packet";
669
670 memcpy(&buf[0], data, data_len);
671 buf[data_len - 1]++;
672 return from->WriteData(rtc::MakeArrayView(&buf[0], data_len), written,
673 error);
674 }
675
676 return from->WriteData(
677 rtc::MakeArrayView(reinterpret_cast<const uint8_t*>(data), data_len),
678 written, error);
679 }
680
SetDelay(int delay)681 void SetDelay(int delay) { delay_ = delay; }
GetDelay()682 int GetDelay() { return delay_; }
683
SetLoseFirstPacket(bool lose)684 void SetLoseFirstPacket(bool lose) { lose_first_packet_ = lose; }
GetLoseFirstPacket()685 bool GetLoseFirstPacket() { return lose_first_packet_; }
686
SetLoss(int percent)687 void SetLoss(int percent) { loss_ = percent; }
688
SetDamage()689 void SetDamage() { damage_ = true; }
690
SetMtu(size_t mtu)691 void SetMtu(size_t mtu) { mtu_ = mtu; }
692
SetHandshakeWait(int wait)693 void SetHandshakeWait(int wait) { handshake_wait_ = wait; }
694
SetDtlsSrtpCryptoSuites(const std::vector<int> & ciphers,bool client)695 void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {
696 if (client)
697 client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
698 else
699 server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
700 }
701
GetDtlsSrtpCryptoSuite(bool client,int * retval)702 bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {
703 if (client)
704 return client_ssl_->GetDtlsSrtpCryptoSuite(retval);
705 else
706 return server_ssl_->GetDtlsSrtpCryptoSuite(retval);
707 }
708
GetPeerCertificate(bool client)709 std::unique_ptr<rtc::SSLCertificate> GetPeerCertificate(bool client) {
710 std::unique_ptr<rtc::SSLCertChain> chain;
711 if (client)
712 chain = client_ssl_->GetPeerSSLCertChain();
713 else
714 chain = server_ssl_->GetPeerSSLCertChain();
715 return (chain && chain->GetSize()) ? chain->Get(0).Clone() : nullptr;
716 }
717
GetSslCipherSuite(bool client,int * retval)718 bool GetSslCipherSuite(bool client, int* retval) {
719 if (client)
720 return client_ssl_->GetSslCipherSuite(retval);
721 else
722 return server_ssl_->GetSslCipherSuite(retval);
723 }
724
GetSslVersion(bool client)725 int GetSslVersion(bool client) {
726 if (client)
727 return client_ssl_->GetSslVersion();
728 else
729 return server_ssl_->GetSslVersion();
730 }
731
ExportKeyingMaterial(absl::string_view label,const unsigned char * context,size_t context_len,bool use_context,bool client,unsigned char * result,size_t result_len)732 bool ExportKeyingMaterial(absl::string_view label,
733 const unsigned char* context,
734 size_t context_len,
735 bool use_context,
736 bool client,
737 unsigned char* result,
738 size_t result_len) {
739 if (client)
740 return client_ssl_->ExportKeyingMaterial(label, context, context_len,
741 use_context, result, result_len);
742 else
743 return server_ssl_->ExportKeyingMaterial(label, context, context_len,
744 use_context, result, result_len);
745 }
746
747 // To be implemented by subclasses.
748 virtual void WriteData() = 0;
749 virtual void ReadData(rtc::StreamInterface* stream) = 0;
750 virtual void TestTransfer(int size) = 0;
751
752 protected:
client_identity() const753 rtc::SSLIdentity* client_identity() const {
754 if (!client_ssl_) {
755 return nullptr;
756 }
757 return client_ssl_->GetIdentityForTesting();
758 }
server_identity() const759 rtc::SSLIdentity* server_identity() const {
760 if (!server_ssl_) {
761 return nullptr;
762 }
763 return server_ssl_->GetIdentityForTesting();
764 }
765
766 rtc::AutoThread main_thread_;
767 std::string client_cert_pem_;
768 std::string client_private_key_pem_;
769 rtc::KeyParams client_key_type_;
770 rtc::KeyParams server_key_type_;
771 SSLDummyStreamBase* client_stream_; // freed by client_ssl_ destructor
772 SSLDummyStreamBase* server_stream_; // freed by server_ssl_ destructor
773 std::unique_ptr<rtc::SSLStreamAdapter> client_ssl_;
774 std::unique_ptr<rtc::SSLStreamAdapter> server_ssl_;
775 int delay_;
776 size_t mtu_;
777 int loss_;
778 bool lose_first_packet_;
779 bool damage_;
780 bool dtls_;
781 int handshake_wait_;
782 bool identities_set_;
783 };
784
785 class SSLStreamAdapterTestTLS
786 : public SSLStreamAdapterTestBase,
787 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
788 public:
SSLStreamAdapterTestTLS()789 SSLStreamAdapterTestTLS()
790 : SSLStreamAdapterTestBase("",
791 "",
792 false,
793 ::testing::get<0>(GetParam()),
794 ::testing::get<1>(GetParam())),
795 client_buffer_(kFifoBufferSize),
796 server_buffer_(kFifoBufferSize) {}
797
CreateStreams()798 void CreateStreams() override {
799 client_stream_ =
800 new SSLDummyStreamTLS(this, "c2s", &client_buffer_, &server_buffer_);
801 server_stream_ =
802 new SSLDummyStreamTLS(this, "s2c", &server_buffer_, &client_buffer_);
803 }
804
805 // Test data transfer for TLS
TestTransfer(int size)806 void TestTransfer(int size) override {
807 RTC_LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";
808 // Create some dummy data to send.
809 size_t received;
810
811 send_stream_.ReserveSize(size);
812 for (int i = 0; i < size; ++i) {
813 uint8_t ch = static_cast<uint8_t>(i);
814 size_t written;
815 int error;
816 send_stream_.Write(rtc::MakeArrayView(&ch, 1), written, error);
817 }
818 send_stream_.Rewind();
819
820 // Prepare the receive stream.
821 recv_stream_.ReserveSize(size);
822
823 // Start sending
824 WriteData();
825
826 // Wait for the client to close
827 EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000);
828
829 // Now check the data
830 recv_stream_.GetSize(&received);
831
832 EXPECT_EQ(static_cast<size_t>(size), received);
833 EXPECT_EQ(0,
834 memcmp(send_stream_.GetBuffer(), recv_stream_.GetBuffer(), size));
835 }
836
WriteData()837 void WriteData() override {
838 size_t position, tosend, size;
839 rtc::StreamResult rv;
840 size_t sent;
841 uint8_t block[kBlockSize];
842
843 send_stream_.GetSize(&size);
844 if (!size)
845 return;
846
847 for (;;) {
848 send_stream_.GetPosition(&position);
849 int dummy_error;
850 if (send_stream_.Read(block, tosend, dummy_error) != rtc::SR_EOS) {
851 int error;
852 rv = client_ssl_->Write(rtc::MakeArrayView(block, tosend), sent, error);
853
854 if (rv == rtc::SR_SUCCESS) {
855 send_stream_.SetPosition(position + sent);
856 RTC_LOG(LS_VERBOSE) << "Sent: " << position + sent;
857 } else if (rv == rtc::SR_BLOCK) {
858 RTC_LOG(LS_VERBOSE) << "Blocked...";
859 send_stream_.SetPosition(position);
860 break;
861 } else {
862 ADD_FAILURE();
863 break;
864 }
865 } else {
866 // Now close
867 RTC_LOG(LS_INFO) << "Wrote " << position << " bytes. Closing";
868 client_ssl_->Close();
869 break;
870 }
871 }
872 }
873
ReadData(rtc::StreamInterface * stream)874 void ReadData(rtc::StreamInterface* stream) override {
875 uint8_t buffer[1600];
876 size_t bread;
877 int err2;
878 rtc::StreamResult r;
879
880 for (;;) {
881 r = stream->Read(buffer, bread, err2);
882
883 if (r == rtc::SR_ERROR || r == rtc::SR_EOS) {
884 // Unfortunately, errors are the way that the stream adapter
885 // signals close in OpenSSL.
886 stream->Close();
887 return;
888 }
889
890 if (r == rtc::SR_BLOCK)
891 break;
892
893 ASSERT_EQ(rtc::SR_SUCCESS, r);
894 RTC_LOG(LS_VERBOSE) << "Read " << bread;
895 size_t written;
896 int error;
897 recv_stream_.Write(rtc::MakeArrayView(buffer, bread), written, error);
898 }
899 }
900
901 private:
902 rtc::FifoBuffer client_buffer_;
903 rtc::FifoBuffer server_buffer_;
904 rtc::MemoryStream send_stream_;
905 rtc::MemoryStream recv_stream_;
906 };
907
908 class SSLStreamAdapterTestDTLSBase : public SSLStreamAdapterTestBase {
909 public:
SSLStreamAdapterTestDTLSBase(rtc::KeyParams param1,rtc::KeyParams param2)910 SSLStreamAdapterTestDTLSBase(rtc::KeyParams param1, rtc::KeyParams param2)
911 : SSLStreamAdapterTestBase("", "", true, param1, param2),
912 client_buffer_(kBufferCapacity, kDefaultBufferSize),
913 server_buffer_(kBufferCapacity, kDefaultBufferSize),
914 packet_size_(1000),
915 count_(0),
916 sent_(0) {}
917
SSLStreamAdapterTestDTLSBase(absl::string_view cert_pem,absl::string_view private_key_pem)918 SSLStreamAdapterTestDTLSBase(absl::string_view cert_pem,
919 absl::string_view private_key_pem)
920 : SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),
921 client_buffer_(kBufferCapacity, kDefaultBufferSize),
922 server_buffer_(kBufferCapacity, kDefaultBufferSize),
923 packet_size_(1000),
924 count_(0),
925 sent_(0) {}
926
CreateStreams()927 void CreateStreams() override {
928 client_stream_ =
929 new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);
930 server_stream_ =
931 new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);
932 }
933
WriteData()934 void WriteData() override {
935 uint8_t* packet = new uint8_t[1600];
936
937 while (sent_ < count_) {
938 unsigned int rand_state = sent_;
939 packet[0] = sent_;
940 for (size_t i = 1; i < packet_size_; i++) {
941 // This is a simple LC PRNG. Keep in synch with identical code below.
942 rand_state = (rand_state * 251 + 19937) >> 7;
943 packet[i] = rand_state & 0xff;
944 }
945
946 size_t sent;
947 int error;
948 rtc::StreamResult rv = client_ssl_->Write(
949 rtc::MakeArrayView(packet, packet_size_), sent, error);
950 if (rv == rtc::SR_SUCCESS) {
951 RTC_LOG(LS_VERBOSE) << "Sent: " << sent_;
952 sent_++;
953 } else if (rv == rtc::SR_BLOCK) {
954 RTC_LOG(LS_VERBOSE) << "Blocked...";
955 break;
956 } else {
957 ADD_FAILURE();
958 break;
959 }
960 }
961
962 delete[] packet;
963 }
964
ReadData(rtc::StreamInterface * stream)965 void ReadData(rtc::StreamInterface* stream) override {
966 uint8_t buffer[2000];
967 size_t bread;
968 int err2;
969 rtc::StreamResult r;
970
971 for (;;) {
972 r = stream->Read(buffer, bread, err2);
973
974 if (r == rtc::SR_ERROR) {
975 // Unfortunately, errors are the way that the stream adapter
976 // signals close right now
977 stream->Close();
978 return;
979 }
980
981 if (r == rtc::SR_BLOCK)
982 break;
983
984 ASSERT_EQ(rtc::SR_SUCCESS, r);
985 RTC_LOG(LS_VERBOSE) << "Read " << bread;
986
987 // Now parse the datagram
988 ASSERT_EQ(packet_size_, bread);
989 unsigned char packet_num = buffer[0];
990
991 unsigned int rand_state = packet_num;
992 for (size_t i = 1; i < packet_size_; i++) {
993 // This is a simple LC PRNG. Keep in synch with identical code above.
994 rand_state = (rand_state * 251 + 19937) >> 7;
995 ASSERT_EQ(rand_state & 0xff, buffer[i]);
996 }
997 received_.insert(packet_num);
998 }
999 }
1000
TestTransfer(int count)1001 void TestTransfer(int count) override {
1002 count_ = count;
1003
1004 WriteData();
1005
1006 EXPECT_TRUE_WAIT(sent_ == count_, 10000);
1007 RTC_LOG(LS_INFO) << "sent_ == " << sent_;
1008
1009 if (damage_) {
1010 WAIT(false, 2000);
1011 EXPECT_EQ(0U, received_.size());
1012 } else if (loss_ == 0) {
1013 EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000);
1014 } else {
1015 RTC_LOG(LS_INFO) << "Sent " << sent_ << " packets; received "
1016 << received_.size();
1017 }
1018 }
1019
1020 protected:
1021 BufferQueueStream client_buffer_;
1022 BufferQueueStream server_buffer_;
1023
1024 private:
1025 size_t packet_size_;
1026 int count_;
1027 int sent_;
1028 std::set<int> received_;
1029 };
1030
1031 class SSLStreamAdapterTestDTLS
1032 : public SSLStreamAdapterTestDTLSBase,
1033 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
1034 public:
SSLStreamAdapterTestDTLS()1035 SSLStreamAdapterTestDTLS()
1036 : SSLStreamAdapterTestDTLSBase(::testing::get<0>(GetParam()),
1037 ::testing::get<1>(GetParam())) {}
1038
SSLStreamAdapterTestDTLS(absl::string_view cert_pem,absl::string_view private_key_pem)1039 SSLStreamAdapterTestDTLS(absl::string_view cert_pem,
1040 absl::string_view private_key_pem)
1041 : SSLStreamAdapterTestDTLSBase(cert_pem, private_key_pem) {}
1042 };
1043
Write(rtc::ArrayView<const uint8_t> data,size_t & written,int & error)1044 rtc::StreamResult SSLDummyStreamBase::Write(rtc::ArrayView<const uint8_t> data,
1045 size_t& written,
1046 int& error) {
1047 RTC_LOG(LS_VERBOSE) << "Writing to loopback " << data.size();
1048
1049 if (first_packet_) {
1050 first_packet_ = false;
1051 if (test_base_->GetLoseFirstPacket()) {
1052 RTC_LOG(LS_INFO) << "Losing initial packet of length " << data.size();
1053 written = data.size(); // Fake successful writing also to writer.
1054 return rtc::SR_SUCCESS;
1055 }
1056 }
1057
1058 return test_base_->DataWritten(this, data.data(), data.size(), written,
1059 error);
1060 }
1061
1062 class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS {
1063 public:
SSLStreamAdapterTestDTLSFromPEMStrings()1064 SSLStreamAdapterTestDTLSFromPEMStrings()
1065 : SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {}
1066 };
1067
1068 // Test fixture for certificate chaining. Server will push more than one
1069 // certificate.
1070 class SSLStreamAdapterTestDTLSCertChain : public SSLStreamAdapterTestDTLS {
1071 public:
SSLStreamAdapterTestDTLSCertChain()1072 SSLStreamAdapterTestDTLSCertChain() : SSLStreamAdapterTestDTLS("", "") {}
SetUp()1073 void SetUp() override {
1074 CreateStreams();
1075
1076 client_ssl_ =
1077 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
1078 server_ssl_ =
1079 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
1080
1081 // Set up the slots
1082 client_ssl_->SignalEvent.connect(
1083 reinterpret_cast<SSLStreamAdapterTestBase*>(this),
1084 &SSLStreamAdapterTestBase::OnEvent);
1085 server_ssl_->SignalEvent.connect(
1086 reinterpret_cast<SSLStreamAdapterTestBase*>(this),
1087 &SSLStreamAdapterTestBase::OnEvent);
1088
1089 std::unique_ptr<rtc::SSLIdentity> client_identity;
1090 if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
1091 client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
1092 client_private_key_pem_, client_cert_pem_);
1093 } else {
1094 client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
1095 }
1096
1097 client_ssl_->SetIdentity(std::move(client_identity));
1098 }
1099 };
1100
1101 // Basic tests: TLS
1102
1103 // Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestTLS,TestTLSConnect)1104 TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) {
1105 TestHandshake();
1106 }
1107
TEST_P(SSLStreamAdapterTestTLS,GetPeerCertChainWithOneCertificate)1108 TEST_P(SSLStreamAdapterTestTLS, GetPeerCertChainWithOneCertificate) {
1109 TestHandshake();
1110 std::unique_ptr<rtc::SSLCertChain> cert_chain =
1111 client_ssl_->GetPeerSSLCertChain();
1112 ASSERT_NE(nullptr, cert_chain);
1113 EXPECT_EQ(1u, cert_chain->GetSize());
1114 EXPECT_EQ(cert_chain->Get(0).ToPEMString(),
1115 server_identity()->certificate().ToPEMString());
1116 }
1117
TEST_F(SSLStreamAdapterTestDTLSCertChain,TwoCertHandshake)1118 TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshake) {
1119 auto server_identity = rtc::SSLIdentity::CreateFromPEMChainStrings(
1120 kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert);
1121 server_ssl_->SetIdentity(std::move(server_identity));
1122 TestHandshake();
1123 std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
1124 client_ssl_->GetPeerSSLCertChain();
1125 ASSERT_NE(nullptr, peer_cert_chain);
1126 ASSERT_EQ(2u, peer_cert_chain->GetSize());
1127 EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
1128 EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
1129 }
1130
TEST_F(SSLStreamAdapterTestDTLSCertChain,TwoCertHandshakeWithCopy)1131 TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshakeWithCopy) {
1132 server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
1133 kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert));
1134 TestHandshake();
1135 std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
1136 client_ssl_->GetPeerSSLCertChain();
1137 ASSERT_NE(nullptr, peer_cert_chain);
1138 ASSERT_EQ(2u, peer_cert_chain->GetSize());
1139 EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
1140 EXPECT_EQ(kCACert, peer_cert_chain->Get(1).ToPEMString());
1141 }
1142
TEST_F(SSLStreamAdapterTestDTLSCertChain,ThreeCertHandshake)1143 TEST_F(SSLStreamAdapterTestDTLSCertChain, ThreeCertHandshake) {
1144 server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
1145 kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kIntCert1 + kCACert));
1146 TestHandshake();
1147 std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
1148 client_ssl_->GetPeerSSLCertChain();
1149 ASSERT_NE(nullptr, peer_cert_chain);
1150 ASSERT_EQ(3u, peer_cert_chain->GetSize());
1151 EXPECT_EQ(kCERT_PEM, peer_cert_chain->Get(0).ToPEMString());
1152 EXPECT_EQ(kIntCert1, peer_cert_chain->Get(1).ToPEMString());
1153 EXPECT_EQ(kCACert, peer_cert_chain->Get(2).ToPEMString());
1154 }
1155
1156 // Test that closing the connection on one side updates the other side.
TEST_P(SSLStreamAdapterTestTLS,TestTLSClose)1157 TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) {
1158 TestHandshake();
1159 client_ssl_->Close();
1160 EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);
1161 }
1162
1163 // Test transfer -- trivial
TEST_P(SSLStreamAdapterTestTLS,TestTLSTransfer)1164 TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) {
1165 TestHandshake();
1166 TestTransfer(100000);
1167 }
1168
1169 // Test read-write after close.
TEST_P(SSLStreamAdapterTestTLS,ReadWriteAfterClose)1170 TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
1171 TestHandshake();
1172 TestTransfer(100000);
1173 client_ssl_->Close();
1174
1175 rtc::StreamResult rv;
1176 uint8_t block[kBlockSize];
1177 size_t dummy;
1178 int error;
1179
1180 // It's an error to write after closed.
1181 rv = client_ssl_->Write(block, dummy, error);
1182 ASSERT_EQ(rtc::SR_ERROR, rv);
1183
1184 // But after closed read gives you EOS.
1185 rv = client_ssl_->Read(block, dummy, error);
1186 ASSERT_EQ(rtc::SR_EOS, rv);
1187 }
1188
1189 // Test a handshake with a bogus peer digest
TEST_P(SSLStreamAdapterTestTLS,TestTLSBogusDigest)1190 TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
1191 SetPeerIdentitiesByDigest(false, true);
1192 TestHandshake(false);
1193 }
1194
TEST_P(SSLStreamAdapterTestTLS,TestTLSDelayedIdentity)1195 TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentity) {
1196 TestHandshakeWithDelayedIdentity(true);
1197 }
1198
TEST_P(SSLStreamAdapterTestTLS,TestTLSDelayedIdentityWithBogusDigest)1199 TEST_P(SSLStreamAdapterTestTLS, TestTLSDelayedIdentityWithBogusDigest) {
1200 TestHandshakeWithDelayedIdentity(false);
1201 }
1202
1203 // Test that the correct error is returned when SetPeerCertificateDigest is
1204 // called with an unknown algorithm.
TEST_P(SSLStreamAdapterTestTLS,TestSetPeerCertificateDigestWithUnknownAlgorithm)1205 TEST_P(SSLStreamAdapterTestTLS,
1206 TestSetPeerCertificateDigestWithUnknownAlgorithm) {
1207 unsigned char server_digest[20];
1208 size_t server_digest_len;
1209 bool rv;
1210 rtc::SSLPeerCertificateDigestError err;
1211
1212 rv = server_identity()->certificate().ComputeDigest(
1213 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
1214 ASSERT_TRUE(rv);
1215
1216 rv = client_ssl_->SetPeerCertificateDigest("unknown algorithm", server_digest,
1217 server_digest_len, &err);
1218 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::UNKNOWN_ALGORITHM, err);
1219 EXPECT_FALSE(rv);
1220 }
1221
1222 // Test that the correct error is returned when SetPeerCertificateDigest is
1223 // called with an invalid digest length.
TEST_P(SSLStreamAdapterTestTLS,TestSetPeerCertificateDigestWithInvalidLength)1224 TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) {
1225 unsigned char server_digest[20];
1226 size_t server_digest_len;
1227 bool rv;
1228 rtc::SSLPeerCertificateDigestError err;
1229
1230 rv = server_identity()->certificate().ComputeDigest(
1231 rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
1232 ASSERT_TRUE(rv);
1233
1234 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, server_digest,
1235 server_digest_len - 1, &err);
1236 EXPECT_EQ(rtc::SSLPeerCertificateDigestError::INVALID_LENGTH, err);
1237 EXPECT_FALSE(rv);
1238 }
1239
1240 // Test moving a bunch of data
1241
1242 // Basic tests: DTLS
1243 // Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnect)1244 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
1245 TestHandshake();
1246 }
1247
1248 // Test that we can make a handshake work if the first packet in
1249 // each direction is lost. This gives us predictable loss
1250 // rather than having to tune random
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnectWithLostFirstPacket)1251 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
1252 SetLoseFirstPacket(true);
1253 TestHandshake();
1254 }
1255
1256 // Test a handshake with loss and delay
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnectWithLostFirstPacketDelay2s)1257 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
1258 SetLoseFirstPacket(true);
1259 SetDelay(2000);
1260 SetHandshakeWait(20000);
1261 TestHandshake();
1262 }
1263
1264 // Test a handshake with small MTU
1265 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
TEST_P(SSLStreamAdapterTestDTLS,DISABLED_TestDTLSConnectWithSmallMtu)1266 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
1267 SetMtu(700);
1268 SetHandshakeWait(20000);
1269 TestHandshake();
1270 }
1271
1272 // Test a handshake with total loss and timing out.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSConnectTimeout)1273 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectTimeout) {
1274 SetLoss(100);
1275 TestHandshakeTimeout();
1276 }
1277
1278 // Test transfer -- trivial
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSTransfer)1279 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
1280 TestHandshake();
1281 TestTransfer(100);
1282 }
1283
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSTransferWithLoss)1284 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
1285 TestHandshake();
1286 SetLoss(10);
1287 TestTransfer(100);
1288 }
1289
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSTransferWithDamage)1290 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
1291 SetDamage(); // Must be called first because first packet
1292 // write happens at end of handshake.
1293 TestHandshake();
1294 TestTransfer(100);
1295 }
1296
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSDelayedIdentity)1297 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentity) {
1298 TestHandshakeWithDelayedIdentity(true);
1299 }
1300
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSDelayedIdentityWithBogusDigest)1301 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) {
1302 TestHandshakeWithDelayedIdentity(false);
1303 }
1304
1305 // Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpHigh)1306 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
1307 std::vector<int> high;
1308 high.push_back(rtc::kSrtpAes128CmSha1_80);
1309 SetDtlsSrtpCryptoSuites(high, true);
1310 SetDtlsSrtpCryptoSuites(high, false);
1311 TestHandshake();
1312
1313 int client_cipher;
1314 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1315 int server_cipher;
1316 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1317
1318 ASSERT_EQ(client_cipher, server_cipher);
1319 ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80);
1320 }
1321
1322 // Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpLow)1323 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
1324 std::vector<int> low;
1325 low.push_back(rtc::kSrtpAes128CmSha1_32);
1326 SetDtlsSrtpCryptoSuites(low, true);
1327 SetDtlsSrtpCryptoSuites(low, false);
1328 TestHandshake();
1329
1330 int client_cipher;
1331 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1332 int server_cipher;
1333 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1334
1335 ASSERT_EQ(client_cipher, server_cipher);
1336 ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_32);
1337 }
1338
1339 // Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpHighLow)1340 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
1341 std::vector<int> high;
1342 high.push_back(rtc::kSrtpAes128CmSha1_80);
1343 std::vector<int> low;
1344 low.push_back(rtc::kSrtpAes128CmSha1_32);
1345 SetDtlsSrtpCryptoSuites(high, true);
1346 SetDtlsSrtpCryptoSuites(low, false);
1347 TestHandshake();
1348
1349 int client_cipher;
1350 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1351 int server_cipher;
1352 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1353 }
1354
1355 // Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpMixed)1356 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
1357 std::vector<int> mixed;
1358 mixed.push_back(rtc::kSrtpAes128CmSha1_80);
1359 mixed.push_back(rtc::kSrtpAes128CmSha1_32);
1360 SetDtlsSrtpCryptoSuites(mixed, true);
1361 SetDtlsSrtpCryptoSuites(mixed, false);
1362 TestHandshake();
1363
1364 int client_cipher;
1365 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1366 int server_cipher;
1367 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1368
1369 ASSERT_EQ(client_cipher, server_cipher);
1370 ASSERT_EQ(client_cipher, rtc::kSrtpAes128CmSha1_80);
1371 }
1372
1373 // Test DTLS-SRTP with all GCM-128 ciphers.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpGCM128)1374 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
1375 std::vector<int> gcm128;
1376 gcm128.push_back(rtc::kSrtpAeadAes128Gcm);
1377 SetDtlsSrtpCryptoSuites(gcm128, true);
1378 SetDtlsSrtpCryptoSuites(gcm128, false);
1379 TestHandshake();
1380
1381 int client_cipher;
1382 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1383 int server_cipher;
1384 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1385
1386 ASSERT_EQ(client_cipher, server_cipher);
1387 ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes128Gcm);
1388 }
1389
1390 // Test DTLS-SRTP with all GCM-256 ciphers.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpGCM256)1391 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
1392 std::vector<int> gcm256;
1393 gcm256.push_back(rtc::kSrtpAeadAes256Gcm);
1394 SetDtlsSrtpCryptoSuites(gcm256, true);
1395 SetDtlsSrtpCryptoSuites(gcm256, false);
1396 TestHandshake();
1397
1398 int client_cipher;
1399 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1400 int server_cipher;
1401 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1402
1403 ASSERT_EQ(client_cipher, server_cipher);
1404 ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm);
1405 }
1406
1407 // Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpGCMMismatch)1408 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
1409 std::vector<int> gcm128;
1410 gcm128.push_back(rtc::kSrtpAeadAes128Gcm);
1411 std::vector<int> gcm256;
1412 gcm256.push_back(rtc::kSrtpAeadAes256Gcm);
1413 SetDtlsSrtpCryptoSuites(gcm128, true);
1414 SetDtlsSrtpCryptoSuites(gcm256, false);
1415 TestHandshake();
1416
1417 int client_cipher;
1418 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1419 int server_cipher;
1420 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1421 }
1422
1423 // Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpGCMMixed)1424 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
1425 std::vector<int> gcmBoth;
1426 gcmBoth.push_back(rtc::kSrtpAeadAes256Gcm);
1427 gcmBoth.push_back(rtc::kSrtpAeadAes128Gcm);
1428 SetDtlsSrtpCryptoSuites(gcmBoth, true);
1429 SetDtlsSrtpCryptoSuites(gcmBoth, false);
1430 TestHandshake();
1431
1432 int client_cipher;
1433 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
1434 int server_cipher;
1435 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
1436
1437 ASSERT_EQ(client_cipher, server_cipher);
1438 ASSERT_EQ(client_cipher, rtc::kSrtpAeadAes256Gcm);
1439 }
1440
1441 // Test SRTP cipher suite lengths.
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSSrtpKeyAndSaltLengths)1442 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
1443 int key_len;
1444 int salt_len;
1445
1446 ASSERT_FALSE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpInvalidCryptoSuite,
1447 &key_len, &salt_len));
1448
1449 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_32, &key_len,
1450 &salt_len));
1451 ASSERT_EQ(128 / 8, key_len);
1452 ASSERT_EQ(112 / 8, salt_len);
1453
1454 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAes128CmSha1_80, &key_len,
1455 &salt_len));
1456 ASSERT_EQ(128 / 8, key_len);
1457 ASSERT_EQ(112 / 8, salt_len);
1458
1459 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes128Gcm, &key_len,
1460 &salt_len));
1461 ASSERT_EQ(128 / 8, key_len);
1462 ASSERT_EQ(96 / 8, salt_len);
1463
1464 ASSERT_TRUE(rtc::GetSrtpKeyAndSaltLengths(rtc::kSrtpAeadAes256Gcm, &key_len,
1465 &salt_len));
1466 ASSERT_EQ(256 / 8, key_len);
1467 ASSERT_EQ(96 / 8, salt_len);
1468 }
1469
1470 // Test an exporter
TEST_P(SSLStreamAdapterTestDTLS,TestDTLSExporter)1471 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
1472 TestHandshake();
1473 unsigned char client_out[20];
1474 unsigned char server_out[20];
1475
1476 bool result;
1477 result = ExportKeyingMaterial(kExporterLabel, kExporterContext,
1478 kExporterContextLen, true, true, client_out,
1479 sizeof(client_out));
1480 ASSERT_TRUE(result);
1481
1482 result = ExportKeyingMaterial(kExporterLabel, kExporterContext,
1483 kExporterContextLen, true, false, server_out,
1484 sizeof(server_out));
1485 ASSERT_TRUE(result);
1486
1487 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));
1488 }
1489
1490 // Test not yet valid certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS,TestCertNotYetValid)1491 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
1492 long one_day = 60 * 60 * 24;
1493 // Make the certificates not valid until one day later.
1494 ResetIdentitiesWithValidity(one_day, one_day);
1495 TestHandshake();
1496 }
1497
1498 // Test expired certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS,TestCertExpired)1499 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
1500 long one_day = 60 * 60 * 24;
1501 // Make the certificates already expired.
1502 ResetIdentitiesWithValidity(-one_day, -one_day);
1503 TestHandshake();
1504 }
1505
1506 // Test data transfer using certs created from strings.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings,TestTransfer)1507 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
1508 TestHandshake();
1509 TestTransfer(100);
1510 }
1511
1512 // Test getting the remote certificate.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings,TestDTLSGetPeerCertificate)1513 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
1514 // Peer certificates haven't been received yet.
1515 ASSERT_FALSE(GetPeerCertificate(true));
1516 ASSERT_FALSE(GetPeerCertificate(false));
1517
1518 TestHandshake();
1519
1520 // The client should have a peer certificate after the handshake.
1521 std::unique_ptr<rtc::SSLCertificate> client_peer_cert =
1522 GetPeerCertificate(true);
1523 ASSERT_TRUE(client_peer_cert);
1524
1525 // It's not kCERT_PEM.
1526 std::string client_peer_string = client_peer_cert->ToPEMString();
1527 ASSERT_NE(kCERT_PEM, client_peer_string);
1528
1529 // The server should have a peer certificate after the handshake.
1530 std::unique_ptr<rtc::SSLCertificate> server_peer_cert =
1531 GetPeerCertificate(false);
1532 ASSERT_TRUE(server_peer_cert);
1533
1534 // It's kCERT_PEM
1535 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
1536 }
1537
1538 // Test getting the used DTLS 1.2 ciphers.
1539 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
TEST_P(SSLStreamAdapterTestDTLS,TestGetSslCipherSuiteDtls12Both)1540 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
1541 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1542 TestHandshake();
1543
1544 int client_cipher;
1545 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1546 int server_cipher;
1547 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1548
1549 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
1550 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
1551
1552 ASSERT_EQ(client_cipher, server_cipher);
1553 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(
1554 server_cipher, ::testing::get<1>(GetParam()).type()));
1555 }
1556
1557 // Test getting the used DTLS ciphers.
1558 // DTLS 1.2 is max version for client and server.
TEST_P(SSLStreamAdapterTestDTLS,TestGetSslCipherSuite)1559 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
1560 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1561 TestHandshake();
1562
1563 int client_cipher;
1564 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1565 int server_cipher;
1566 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1567
1568 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
1569 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
1570
1571 ASSERT_EQ(client_cipher, server_cipher);
1572 ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(
1573 server_cipher, ::testing::get<1>(GetParam()).type()));
1574 }
1575
1576 // The RSA keysizes here might look strange, why not include the RFC's size
1577 // 2048?. The reason is test case slowness; testing two sizes to exercise
1578 // parametrization is sufficient.
1579 INSTANTIATE_TEST_SUITE_P(
1580 SSLStreamAdapterTestsTLS,
1581 SSLStreamAdapterTestTLS,
1582 Combine(Values(rtc::KeyParams::RSA(1024, 65537),
1583 rtc::KeyParams::RSA(1152, 65537),
1584 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
1585 Values(rtc::KeyParams::RSA(1024, 65537),
1586 rtc::KeyParams::RSA(1152, 65537),
1587 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
1588 INSTANTIATE_TEST_SUITE_P(
1589 SSLStreamAdapterTestsDTLS,
1590 SSLStreamAdapterTestDTLS,
1591 Combine(Values(rtc::KeyParams::RSA(1024, 65537),
1592 rtc::KeyParams::RSA(1152, 65537),
1593 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
1594 Values(rtc::KeyParams::RSA(1024, 65537),
1595 rtc::KeyParams::RSA(1152, 65537),
1596 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
1597
1598 // Tests for enabling / disabling legacy TLS protocols in DTLS.
1599 class SSLStreamAdapterTestDTLSLegacyProtocols
1600 : public SSLStreamAdapterTestDTLSBase {
1601 public:
SSLStreamAdapterTestDTLSLegacyProtocols()1602 SSLStreamAdapterTestDTLSLegacyProtocols()
1603 : SSLStreamAdapterTestDTLSBase(rtc::KeyParams::ECDSA(rtc::EC_NIST_P256),
1604 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)) {
1605 }
1606
1607 // Do not use the SetUp version from the parent class.
SetUp()1608 void SetUp() override {}
1609
1610 // The legacy TLS protocols flag is read when the OpenSSLStreamAdapter is
1611 // initialized, so we set the experiment while creationg client_ssl_
1612 // and server_ssl_.
1613
ConfigureClient(absl::string_view experiment)1614 void ConfigureClient(absl::string_view experiment) {
1615 webrtc::test::ScopedFieldTrials trial{std::string(experiment)};
1616 client_stream_ =
1617 new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);
1618 client_ssl_ =
1619 rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
1620 client_ssl_->SignalEvent.connect(
1621 static_cast<SSLStreamAdapterTestBase*>(this),
1622 &SSLStreamAdapterTestBase::OnEvent);
1623 auto client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
1624 client_ssl_->SetIdentity(std::move(client_identity));
1625 }
1626
ConfigureServer(absl::string_view experiment)1627 void ConfigureServer(absl::string_view experiment) {
1628 webrtc::test::ScopedFieldTrials trial{std::string(experiment)};
1629 server_stream_ =
1630 new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);
1631 server_ssl_ =
1632 rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
1633 server_ssl_->SignalEvent.connect(
1634 static_cast<SSLStreamAdapterTestBase*>(this),
1635 &SSLStreamAdapterTestBase::OnEvent);
1636 server_ssl_->SetIdentity(
1637 rtc::SSLIdentity::Create("server", server_key_type_));
1638 }
1639 };
1640
1641 // Test getting the used DTLS ciphers.
1642 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslCipherSuite)1643 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols, TestGetSslCipherSuite) {
1644 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1645 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1646 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1647 TestHandshake();
1648
1649 int client_cipher;
1650 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1651 int server_cipher;
1652 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1653
1654 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));
1655 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));
1656
1657 ASSERT_EQ(client_cipher, server_cipher);
1658 }
1659
1660 // Test getting the used DTLS 1.2 ciphers.
1661 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslCipherSuiteDtls12Both)1662 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1663 TestGetSslCipherSuiteDtls12Both) {
1664 ConfigureClient("");
1665 ConfigureServer("");
1666 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1667 TestHandshake();
1668
1669 int client_cipher;
1670 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1671 int server_cipher;
1672 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1673
1674 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
1675 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
1676
1677 ASSERT_EQ(client_cipher, server_cipher);
1678 }
1679
1680 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslCipherSuiteDtls12Client)1681 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1682 TestGetSslCipherSuiteDtls12Client) {
1683 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1684 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1685 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
1686 TestHandshake();
1687
1688 int client_cipher;
1689 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1690 int server_cipher;
1691 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1692
1693 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));
1694 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));
1695
1696 ASSERT_EQ(client_cipher, server_cipher);
1697 }
1698
1699 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslCipherSuiteDtls12Server)1700 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1701 TestGetSslCipherSuiteDtls12Server) {
1702 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1703 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1704 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
1705 TestHandshake();
1706
1707 int client_cipher;
1708 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
1709 int server_cipher;
1710 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
1711
1712 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(true));
1713 ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_10, GetSslVersion(false));
1714
1715 ASSERT_EQ(client_cipher, server_cipher);
1716 }
1717
1718 // Client has legacy TLS versions disabled, server has DTLS 1.0 only.
1719 // This is meant to cause a failure.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyDisabledServer10)1720 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1721 TestGetSslVersionLegacyDisabledServer10) {
1722 ConfigureClient("");
1723 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1724 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
1725 // Handshake should fail.
1726 TestHandshake(false);
1727 }
1728
1729 // Both client and server have legacy TLS versions disabled and support
1730 // DTLS 1.2. This should work.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyDisabledServer12)1731 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1732 TestGetSslVersionLegacyDisabledServer12) {
1733 ConfigureClient("");
1734 ConfigureServer("");
1735 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
1736 TestHandshake();
1737 }
1738
1739 // Both client and server have legacy TLS versions enabled and support DTLS 1.0.
1740 // This should work.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyEnabledClient10Server10)1741 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1742 TestGetSslVersionLegacyEnabledClient10Server10) {
1743 ConfigureClient("WebRTC-LegacyTlsProtocols/Enabled/");
1744 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1745 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1746 TestHandshake();
1747 }
1748
1749 // Legacy protocols are disabled in the client, max TLS version is 1.0
1750 // This should be a configuration error, and handshake should fail.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyDisabledClient10Server10)1751 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1752 TestGetSslVersionLegacyDisabledClient10Server10) {
1753 ConfigureClient("");
1754 ConfigureServer("WebRTC-LegacyTlsProtocols/Enabled/");
1755 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1756 TestHandshake(false);
1757 }
1758
1759 // Both client and server have legacy TLS versions enabled and support DTLS 1.0.
1760 // This should work.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyOverrideEnabledClient10Server10)1761 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1762 TestGetSslVersionLegacyOverrideEnabledClient10Server10) {
1763 rtc::SetAllowLegacyTLSProtocols(true);
1764 ConfigureClient("");
1765 ConfigureServer("");
1766 // Remove override.
1767 rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
1768 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1769 TestHandshake();
1770 }
1771
1772 // Client has legacy TLS disabled and server has legacy TLS enabled via
1773 // override. Handshake for DTLS 1.0 should fail.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyOverrideDisabledClient10EnabledServer10)1774 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1775 TestGetSslVersionLegacyOverrideDisabledClient10EnabledServer10) {
1776 rtc::SetAllowLegacyTLSProtocols(false);
1777 ConfigureClient("");
1778 rtc::SetAllowLegacyTLSProtocols(true);
1779 ConfigureServer("");
1780 // Remove override.
1781 rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
1782 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1783 TestHandshake(false);
1784 }
1785
1786 // Client has legacy TLS enabled and server has legacy TLS disabled via
1787 // override. Handshake for DTLS 1.0 should fail.
TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,TestGetSslVersionLegacyOverrideEnabledClient10DisabledServer10)1788 TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
1789 TestGetSslVersionLegacyOverrideEnabledClient10DisabledServer10) {
1790 rtc::SetAllowLegacyTLSProtocols(true);
1791 ConfigureClient("");
1792 rtc::SetAllowLegacyTLSProtocols(false);
1793 ConfigureServer("");
1794 // Remove override.
1795 rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
1796 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
1797 TestHandshake(false);
1798 }
1799