Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / 0001adcfef93492ebfa278dcd12a6a913419157b / . / webrtc / base / sslstreamadapter_unittest.cc
blob: 622e309e8cd0916200c296da63922675283fa9ee [file] [log] [blame]
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1/*
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11
12#include <algorithm>
13#include <set>
14#include <string>
15
16#include "webrtc/base/gunit.h"
17#include "webrtc/base/helpers.h"
18#include "webrtc/base/scoped_ptr.h"
19#include "webrtc/base/ssladapter.h"
20#include "webrtc/base/sslconfig.h"
21#include "webrtc/base/sslidentity.h"
22#include "webrtc/base/sslstreamadapter.h"
23#include "webrtc/base/stream.h"
henrike@webrtc.orgfded02c2014-09-19 13:10:10 +0000[diff] [blame]24#include "webrtc/test/testsupport/gtest_disable.h"
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]25
26static const int kBlockSize = 4096;
27static const char kAES_CM_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80";
28static const char kAES_CM_HMAC_SHA1_32[] = "AES_CM_128_HMAC_SHA1_32";
29static const char kExporterLabel[] = "label";
30static const unsigned char kExporterContext[] = "context";
31static int kExporterContextLen = sizeof(kExporterContext);
32
33static const char kRSA_PRIVATE_KEY_PEM[] =
34 "-----BEGIN RSA PRIVATE KEY-----\n"
35 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
36 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
37 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
38 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
39 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
40 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
41 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
42 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
43 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
44 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
45 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
46 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
47 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
48 "UCXiYxSsu20QNVw=\n"
49 "-----END RSA PRIVATE KEY-----\n";
50
51static const char kCERT_PEM[] =
52 "-----BEGIN CERTIFICATE-----\n"
53 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
54 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
55 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
56 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
57 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
58 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
59 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
60 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
61 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
62 "-----END CERTIFICATE-----\n";
63
64#define MAYBE_SKIP_TEST(feature) \
65 if (!(rtc::SSLStreamAdapter::feature())) { \
66 LOG(LS_INFO) << "Feature disabled... skipping"; \
67 return; \
68 }
69
70class SSLStreamAdapterTestBase;
71
72class SSLDummyStream : public rtc::StreamInterface,
73 public sigslot::has_slots<> {
74 public:
75 explicit SSLDummyStream(SSLStreamAdapterTestBase *test,
76 const std::string &side,
77 rtc::FifoBuffer *in,
78 rtc::FifoBuffer *out) :
79 test_(test),
80 side_(side),
81 in_(in),
82 out_(out),
83 first_packet_(true) {
84 in_->SignalEvent.connect(this, &SSLDummyStream::OnEventIn);
85 out_->SignalEvent.connect(this, &SSLDummyStream::OnEventOut);
86 }
87
88 virtual rtc::StreamState GetState() const { return rtc::SS_OPEN; }
89
90 virtual rtc::StreamResult Read(void* buffer, size_t buffer_len,
91 size_t* read, int* error) {
92 rtc::StreamResult r;
93
94 r = in_->Read(buffer, buffer_len, read, error);
95 if (r == rtc::SR_BLOCK)
96 return rtc::SR_BLOCK;
97 if (r == rtc::SR_EOS)
98 return rtc::SR_EOS;
99
100 if (r != rtc::SR_SUCCESS) {
101 ADD_FAILURE();
102 return rtc::SR_ERROR;
103 }
104
105 return rtc::SR_SUCCESS;
106 }
107
108 // Catch readability events on in and pass them up.
109 virtual void OnEventIn(rtc::StreamInterface *stream, int sig,
110 int err) {
111 int mask = (rtc::SE_READ | rtc::SE_CLOSE);
112
113 if (sig & mask) {
114 LOG(LS_INFO) << "SSLDummyStream::OnEvent side=" << side_ << " sig="
115 << sig << " forwarding upward";
116 PostEvent(sig & mask, 0);
117 }
118 }
119
120 // Catch writeability events on out and pass them up.
121 virtual void OnEventOut(rtc::StreamInterface *stream, int sig,
122 int err) {
123 if (sig & rtc::SE_WRITE) {
124 LOG(LS_INFO) << "SSLDummyStream::OnEvent side=" << side_ << " sig="
125 << sig << " forwarding upward";
126
127 PostEvent(sig & rtc::SE_WRITE, 0);
128 }
129 }
130
131 // Write to the outgoing FifoBuffer
132 rtc::StreamResult WriteData(const void* data, size_t data_len,
133 size_t* written, int* error) {
134 return out_->Write(data, data_len, written, error);
135 }
136
137 // Defined later
138 virtual rtc::StreamResult Write(const void* data, size_t data_len,
139 size_t* written, int* error);
140
141 virtual void Close() {
142 LOG(LS_INFO) << "Closing outbound stream";
143 out_->Close();
144 }
145
146 private:
147 SSLStreamAdapterTestBase *test_;
148 const std::string side_;
149 rtc::FifoBuffer *in_;
150 rtc::FifoBuffer *out_;
151 bool first_packet_;
152};
153
154static const int kFifoBufferSize = 4096;
155
156class SSLStreamAdapterTestBase : public testing::Test,
157 public sigslot::has_slots<> {
158 public:
159 SSLStreamAdapterTestBase(const std::string& client_cert_pem,
160 const std::string& client_private_key_pem,
161 bool dtls) :
162 client_buffer_(kFifoBufferSize), server_buffer_(kFifoBufferSize),
163 client_stream_(
164 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_)),
165 server_stream_(
166 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_)),
167 client_ssl_(rtc::SSLStreamAdapter::Create(client_stream_)),
168 server_ssl_(rtc::SSLStreamAdapter::Create(server_stream_)),
169 client_identity_(NULL), server_identity_(NULL),
170 delay_(0), mtu_(1460), loss_(0), lose_first_packet_(false),
171 damage_(false), dtls_(dtls),
172 handshake_wait_(5000), identities_set_(false) {
173 // Set use of the test RNG to get predictable loss patterns.
174 rtc::SetRandomTestMode(true);
175
176 // Set up the slots
177 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
178 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
179
180 if (!client_cert_pem.empty() && !client_private_key_pem.empty()) {
181 client_identity_ = rtc::SSLIdentity::FromPEMStrings(
182 client_private_key_pem, client_cert_pem);
183 } else {
184 client_identity_ = rtc::SSLIdentity::Generate("client");
185 }
186 server_identity_ = rtc::SSLIdentity::Generate("server");
187
188 client_ssl_->SetIdentity(client_identity_);
189 server_ssl_->SetIdentity(server_identity_);
190 }
191
192 ~SSLStreamAdapterTestBase() {
193 // Put it back for the next test.
194 rtc::SetRandomTestMode(false);
195 }
196
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]197 // Recreate the client/server identities with the specified validity period.
198 // |not_before| and |not_after| are offsets from the current time in number
199 // of seconds.
200 void ResetIdentitiesWithValidity(int not_before, int not_after) {
201 client_stream_ =
202 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_);
203 server_stream_ =
204 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_);
205
206 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
207 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
208
209 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
210 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
211
212 rtc::SSLIdentityParams client_params;
213 client_params.common_name = "client";
214 client_params.not_before = not_before;
215 client_params.not_after = not_after;
216 client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params);
217
218 rtc::SSLIdentityParams server_params;
219 server_params.common_name = "server";
220 server_params.not_before = not_before;
221 server_params.not_after = not_after;
222 server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params);
223
224 client_ssl_->SetIdentity(client_identity_);
225 server_ssl_->SetIdentity(server_identity_);
226 }
227
228 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) {
229 LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig;
230
231 if (sig & rtc::SE_READ) {
232 ReadData(stream);
233 }
234
235 if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) {
236 WriteData();
237 }
238 }
239
240 void SetPeerIdentitiesByDigest(bool correct) {
241 unsigned char digest[20];
242 size_t digest_len;
243 bool rv;
244
245 LOG(LS_INFO) << "Setting peer identities by digest";
246
247 rv = server_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1,
248 digest, 20,
249 &digest_len);
250 ASSERT_TRUE(rv);
251 if (!correct) {
252 LOG(LS_INFO) << "Setting bogus digest for server cert";
253 digest[0]++;
254 }
255 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
256 digest_len);
257 ASSERT_TRUE(rv);
258
259
260 rv = client_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1,
261 digest, 20, &digest_len);
262 ASSERT_TRUE(rv);
263 if (!correct) {
264 LOG(LS_INFO) << "Setting bogus digest for client cert";
265 digest[0]++;
266 }
267 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
268 digest_len);
269 ASSERT_TRUE(rv);
270
271 identities_set_ = true;
272 }
273
274 void TestHandshake(bool expect_success = true) {
275 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS :
276 rtc::SSL_MODE_TLS);
277 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS :
278 rtc::SSL_MODE_TLS);
279
280 if (!dtls_) {
281 // Make sure we simulate a reliable network for TLS.
282 // This is just a check to make sure that people don't write wrong
283 // tests.
284 ASSERT((mtu_ == 1460) && (loss_ == 0) && (lose_first_packet_ == 0));
285 }
286
287 if (!identities_set_)
288 SetPeerIdentitiesByDigest(true);
289
290 // Start the handshake
291 int rv;
292
293 server_ssl_->SetServerRole();
294 rv = server_ssl_->StartSSLWithPeer();
295 ASSERT_EQ(0, rv);
296
297 rv = client_ssl_->StartSSLWithPeer();
298 ASSERT_EQ(0, rv);
299
300 // Now run the handshake
301 if (expect_success) {
302 EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN)
303 && (server_ssl_->GetState() == rtc::SS_OPEN),
304 handshake_wait_);
305 } else {
306 EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED,
307 handshake_wait_);
308 }
309 }
310
311 rtc::StreamResult DataWritten(SSLDummyStream *from, const void *data,
312 size_t data_len, size_t *written,
313 int *error) {
314 // Randomly drop loss_ percent of packets
315 if (rtc::CreateRandomId() % 100 < static_cast<uint32>(loss_)) {
316 LOG(LS_INFO) << "Randomly dropping packet, size=" << data_len;
317 *written = data_len;
318 return rtc::SR_SUCCESS;
319 }
320 if (dtls_ && (data_len > mtu_)) {
321 LOG(LS_INFO) << "Dropping packet > mtu, size=" << data_len;
322 *written = data_len;
323 return rtc::SR_SUCCESS;
324 }
325
326 // Optionally damage application data (type 23). Note that we don't damage
327 // handshake packets and we damage the last byte to keep the header
328 // intact but break the MAC.
329 if (damage_ && (*static_cast<const unsigned char *>(data) == 23)) {
330 std::vector<char> buf(data_len);
331
332 LOG(LS_INFO) << "Damaging packet";
333
334 memcpy(&buf[0], data, data_len);
335 buf[data_len - 1]++;
336
337 return from->WriteData(&buf[0], data_len, written, error);
338 }
339
340 return from->WriteData(data, data_len, written, error);
341 }
342
343 void SetDelay(int delay) {
344 delay_ = delay;
345 }
346 int GetDelay() { return delay_; }
347
348 void SetLoseFirstPacket(bool lose) {
349 lose_first_packet_ = lose;
350 }
351 bool GetLoseFirstPacket() { return lose_first_packet_; }
352
353 void SetLoss(int percent) {
354 loss_ = percent;
355 }
356
357 void SetDamage() {
358 damage_ = true;
359 }
360
361 void SetMtu(size_t mtu) {
362 mtu_ = mtu;
363 }
364
365 void SetHandshakeWait(int wait) {
366 handshake_wait_ = wait;
367 }
368
369 void SetDtlsSrtpCiphers(const std::vector<std::string> &ciphers,
370 bool client) {
371 if (client)
372 client_ssl_->SetDtlsSrtpCiphers(ciphers);
373 else
374 server_ssl_->SetDtlsSrtpCiphers(ciphers);
375 }
376
377 bool GetDtlsSrtpCipher(bool client, std::string *retval) {
378 if (client)
379 return client_ssl_->GetDtlsSrtpCipher(retval);
380 else
381 return server_ssl_->GetDtlsSrtpCipher(retval);
382 }
383
384 bool GetPeerCertificate(bool client, rtc::SSLCertificate** cert) {
385 if (client)
386 return client_ssl_->GetPeerCertificate(cert);
387 else
388 return server_ssl_->GetPeerCertificate(cert);
389 }
390
391 bool ExportKeyingMaterial(const char *label,
392 const unsigned char *context,
393 size_t context_len,
394 bool use_context,
395 bool client,
396 unsigned char *result,
397 size_t result_len) {
398 if (client)
399 return client_ssl_->ExportKeyingMaterial(label,
400 context, context_len,
401 use_context,
402 result, result_len);
403 else
404 return server_ssl_->ExportKeyingMaterial(label,
405 context, context_len,
406 use_context,
407 result, result_len);
408 }
409
410 // To be implemented by subclasses.
411 virtual void WriteData() = 0;
412 virtual void ReadData(rtc::StreamInterface *stream) = 0;
413 virtual void TestTransfer(int size) = 0;
414
415 protected:
416 rtc::FifoBuffer client_buffer_;
417 rtc::FifoBuffer server_buffer_;
418 SSLDummyStream *client_stream_; // freed by client_ssl_ destructor
419 SSLDummyStream *server_stream_; // freed by server_ssl_ destructor
420 rtc::scoped_ptr<rtc::SSLStreamAdapter> client_ssl_;
421 rtc::scoped_ptr<rtc::SSLStreamAdapter> server_ssl_;
422 rtc::SSLIdentity *client_identity_; // freed by client_ssl_ destructor
423 rtc::SSLIdentity *server_identity_; // freed by server_ssl_ destructor
424 int delay_;
425 size_t mtu_;
426 int loss_;
427 bool lose_first_packet_;
428 bool damage_;
429 bool dtls_;
430 int handshake_wait_;
431 bool identities_set_;
432};
433
434class SSLStreamAdapterTestTLS : public SSLStreamAdapterTestBase {
435 public:
436 SSLStreamAdapterTestTLS() :
437 SSLStreamAdapterTestBase("", "", false) {
438 };
439
440 // Test data transfer for TLS
441 virtual void TestTransfer(int size) {
442 LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";
443 // Create some dummy data to send.
444 size_t received;
445
446 send_stream_.ReserveSize(size);
447 for (int i = 0; i < size; ++i) {
448 char ch = static_cast<char>(i);
449 send_stream_.Write(&ch, 1, NULL, NULL);
450 }
451 send_stream_.Rewind();
452
453 // Prepare the receive stream.
454 recv_stream_.ReserveSize(size);
455
456 // Start sending
457 WriteData();
458
459 // Wait for the client to close
460 EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000);
461
462 // Now check the data
463 recv_stream_.GetSize(&received);
464
465 EXPECT_EQ(static_cast<size_t>(size), received);
466 EXPECT_EQ(0, memcmp(send_stream_.GetBuffer(),
467 recv_stream_.GetBuffer(), size));
468 }
469
470 void WriteData() {
471 size_t position, tosend, size;
472 rtc::StreamResult rv;
473 size_t sent;
474 char block[kBlockSize];
475
476 send_stream_.GetSize(&size);
477 if (!size)
478 return;
479
480 for (;;) {
481 send_stream_.GetPosition(&position);
482 if (send_stream_.Read(block, sizeof(block), &tosend, NULL) !=
483 rtc::SR_EOS) {
484 rv = client_ssl_->Write(block, tosend, &sent, 0);
485
486 if (rv == rtc::SR_SUCCESS) {
487 send_stream_.SetPosition(position + sent);
488 LOG(LS_VERBOSE) << "Sent: " << position + sent;
489 } else if (rv == rtc::SR_BLOCK) {
490 LOG(LS_VERBOSE) << "Blocked...";
491 send_stream_.SetPosition(position);
492 break;
493 } else {
494 ADD_FAILURE();
495 break;
496 }
497 } else {
498 // Now close
499 LOG(LS_INFO) << "Wrote " << position << " bytes. Closing";
500 client_ssl_->Close();
501 break;
502 }
503 }
504 };
505
506 virtual void ReadData(rtc::StreamInterface *stream) {
507 char buffer[1600];
508 size_t bread;
509 int err2;
510 rtc::StreamResult r;
511
512 for (;;) {
513 r = stream->Read(buffer, sizeof(buffer), &bread, &err2);
514
515 if (r == rtc::SR_ERROR || r == rtc::SR_EOS) {
516 // Unfortunately, errors are the way that the stream adapter
517 // signals close in OpenSSL
518 stream->Close();
519 return;
520 }
521
522 if (r == rtc::SR_BLOCK)
523 break;
524
525 ASSERT_EQ(rtc::SR_SUCCESS, r);
526 LOG(LS_INFO) << "Read " << bread;
527
528 recv_stream_.Write(buffer, bread, NULL, NULL);
529 }
530 }
531
532 private:
533 rtc::MemoryStream send_stream_;
534 rtc::MemoryStream recv_stream_;
535};
536
537class SSLStreamAdapterTestDTLS : public SSLStreamAdapterTestBase {
538 public:
539 SSLStreamAdapterTestDTLS() :
540 SSLStreamAdapterTestBase("", "", true),
541 packet_size_(1000), count_(0), sent_(0) {
542 }
543
544 SSLStreamAdapterTestDTLS(const std::string& cert_pem,
545 const std::string& private_key_pem) :
546 SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),
547 packet_size_(1000), count_(0), sent_(0) {
548 }
549
550 virtual void WriteData() {
551 unsigned char *packet = new unsigned char[1600];
552
553 do {
554 memset(packet, sent_ & 0xff, packet_size_);
555 *(reinterpret_cast<uint32_t *>(packet)) = sent_;
556
557 size_t sent;
558 int rv = client_ssl_->Write(packet, packet_size_, &sent, 0);
559 if (rv == rtc::SR_SUCCESS) {
560 LOG(LS_VERBOSE) << "Sent: " << sent_;
561 sent_++;
562 } else if (rv == rtc::SR_BLOCK) {
563 LOG(LS_VERBOSE) << "Blocked...";
564 break;
565 } else {
566 ADD_FAILURE();
567 break;
568 }
569 } while (sent_ < count_);
570
571 delete [] packet;
572 }
573
574 virtual void ReadData(rtc::StreamInterface *stream) {
575 unsigned char buffer[2000];
576 size_t bread;
577 int err2;
578 rtc::StreamResult r;
579
580 for (;;) {
581 r = stream->Read(buffer, 2000, &bread, &err2);
582
583 if (r == rtc::SR_ERROR) {
584 // Unfortunately, errors are the way that the stream adapter
585 // signals close right now
586 stream->Close();
587 return;
588 }
589
590 if (r == rtc::SR_BLOCK)
591 break;
592
593 ASSERT_EQ(rtc::SR_SUCCESS, r);
594 LOG(LS_INFO) << "Read " << bread;
595
596 // Now parse the datagram
597 ASSERT_EQ(packet_size_, bread);
598 unsigned char* ptr_to_buffer = buffer;
599 uint32_t packet_num = *(reinterpret_cast<uint32_t *>(ptr_to_buffer));
600
601 for (size_t i = 4; i < packet_size_; i++) {
602 ASSERT_EQ((packet_num & 0xff), buffer[i]);
603 }
604 received_.insert(packet_num);
605 }
606 }
607
608 virtual void TestTransfer(int count) {
609 count_ = count;
610
611 WriteData();
612
613 EXPECT_TRUE_WAIT(sent_ == count_, 10000);
614 LOG(LS_INFO) << "sent_ == " << sent_;
615
616 if (damage_) {
617 WAIT(false, 2000);
618 EXPECT_EQ(0U, received_.size());
619 } else if (loss_ == 0) {
620 EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000);
621 } else {
622 LOG(LS_INFO) << "Sent " << sent_ << " packets; received " <<
623 received_.size();
624 }
625 };
626
627 private:
628 size_t packet_size_;
629 int count_;
630 int sent_;
631 std::set<int> received_;
632};
633
634
635rtc::StreamResult SSLDummyStream::Write(const void* data, size_t data_len,
636 size_t* written, int* error) {
637 *written = data_len;
638
639 LOG(LS_INFO) << "Writing to loopback " << data_len;
640
641 if (first_packet_) {
642 first_packet_ = false;
643 if (test_->GetLoseFirstPacket()) {
644 LOG(LS_INFO) << "Losing initial packet of length " << data_len;
645 return rtc::SR_SUCCESS;
646 }
647 }
648
649 return test_->DataWritten(this, data, data_len, written, error);
650
651 return rtc::SR_SUCCESS;
652};
653
654class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS {
655 public:
656 SSLStreamAdapterTestDTLSFromPEMStrings() :
657 SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {
658 }
659};
660
661// Basic tests: TLS
662
663// Test that we cannot read/write if we have not yet handshaked.
664// This test only applies to NSS because OpenSSL has passthrough
665// semantics for I/O before the handshake is started.
666#if SSL_USE_NSS
667TEST_F(SSLStreamAdapterTestTLS, TestNoReadWriteBeforeConnect) {
668 rtc::StreamResult rv;
669 char block[kBlockSize];
670 size_t dummy;
671
672 rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL);
673 ASSERT_EQ(rtc::SR_BLOCK, rv);
674
675 rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL);
676 ASSERT_EQ(rtc::SR_BLOCK, rv);
677}
678#endif
679
680
681// Test that we can make a handshake work
682TEST_F(SSLStreamAdapterTestTLS, TestTLSConnect) {
683 TestHandshake();
684};
685
jiayl@webrtc.orgf1d751c2014-09-25 16:38:46 +0000[diff] [blame]686// Test that closing the connection on one side updates the other side.
687TEST_F(SSLStreamAdapterTestTLS, TestTLSClose) {
688 TestHandshake();
689 client_ssl_->Close();
690 EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);
691};
692
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]693// Test transfer -- trivial
694TEST_F(SSLStreamAdapterTestTLS, TestTLSTransfer) {
695 TestHandshake();
696 TestTransfer(100000);
697};
698
699// Test read-write after close.
700TEST_F(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
701 TestHandshake();
702 TestTransfer(100000);
703 client_ssl_->Close();
704
705 rtc::StreamResult rv;
706 char block[kBlockSize];
707 size_t dummy;
708
709 // It's an error to write after closed.
710 rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL);
711 ASSERT_EQ(rtc::SR_ERROR, rv);
712
713 // But after closed read gives you EOS.
714 rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL);
715 ASSERT_EQ(rtc::SR_EOS, rv);
716};
717
718// Test a handshake with a bogus peer digest
719TEST_F(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
720 SetPeerIdentitiesByDigest(false);
721 TestHandshake(false);
722};
723
724// Test moving a bunch of data
725
726// Basic tests: DTLS
727// Test that we can make a handshake work
728TEST_F(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
729 MAYBE_SKIP_TEST(HaveDtls);
730 TestHandshake();
731};
732
733// Test that we can make a handshake work if the first packet in
734// each direction is lost. This gives us predictable loss
735// rather than having to tune random
736TEST_F(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
737 MAYBE_SKIP_TEST(HaveDtls);
738 SetLoseFirstPacket(true);
739 TestHandshake();
740};
741
742// Test a handshake with loss and delay
743TEST_F(SSLStreamAdapterTestDTLS,
744 TestDTLSConnectWithLostFirstPacketDelay2s) {
745 MAYBE_SKIP_TEST(HaveDtls);
746 SetLoseFirstPacket(true);
747 SetDelay(2000);
748 SetHandshakeWait(20000);
749 TestHandshake();
750};
751
752// Test a handshake with small MTU
henrike@webrtc.orgfded02c2014-09-19 13:10:10 +0000[diff] [blame]753TEST_F(SSLStreamAdapterTestDTLS, DISABLED_ON_MAC(TestDTLSConnectWithSmallMtu)) {
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]754 MAYBE_SKIP_TEST(HaveDtls);
755 SetMtu(700);
756 SetHandshakeWait(20000);
757 TestHandshake();
758};
759
760// Test transfer -- trivial
761TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
762 MAYBE_SKIP_TEST(HaveDtls);
763 TestHandshake();
764 TestTransfer(100);
765};
766
767TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
768 MAYBE_SKIP_TEST(HaveDtls);
769 TestHandshake();
770 SetLoss(10);
771 TestTransfer(100);
772};
773
774TEST_F(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
775 MAYBE_SKIP_TEST(HaveDtls);
776 SetDamage(); // Must be called first because first packet
777 // write happens at end of handshake.
778 TestHandshake();
779 TestTransfer(100);
780};
781
782// Test DTLS-SRTP with all high ciphers
783TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
784 MAYBE_SKIP_TEST(HaveDtlsSrtp);
785 std::vector<std::string> high;
786 high.push_back(kAES_CM_HMAC_SHA1_80);
787 SetDtlsSrtpCiphers(high, true);
788 SetDtlsSrtpCiphers(high, false);
789 TestHandshake();
790
791 std::string client_cipher;
792 ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
793 std::string server_cipher;
794 ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
795
796 ASSERT_EQ(client_cipher, server_cipher);
797 ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
798};
799
800// Test DTLS-SRTP with all low ciphers
801TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
802 MAYBE_SKIP_TEST(HaveDtlsSrtp);
803 std::vector<std::string> low;
804 low.push_back(kAES_CM_HMAC_SHA1_32);
805 SetDtlsSrtpCiphers(low, true);
806 SetDtlsSrtpCiphers(low, false);
807 TestHandshake();
808
809 std::string client_cipher;
810 ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
811 std::string server_cipher;
812 ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
813
814 ASSERT_EQ(client_cipher, server_cipher);
815 ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_32);
816};
817
818
819// Test DTLS-SRTP with a mismatch -- should not converge
820TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
821 MAYBE_SKIP_TEST(HaveDtlsSrtp);
822 std::vector<std::string> high;
823 high.push_back(kAES_CM_HMAC_SHA1_80);
824 std::vector<std::string> low;
825 low.push_back(kAES_CM_HMAC_SHA1_32);
826 SetDtlsSrtpCiphers(high, true);
827 SetDtlsSrtpCiphers(low, false);
828 TestHandshake();
829
830 std::string client_cipher;
831 ASSERT_FALSE(GetDtlsSrtpCipher(true, &client_cipher));
832 std::string server_cipher;
833 ASSERT_FALSE(GetDtlsSrtpCipher(false, &server_cipher));
834};
835
836// Test DTLS-SRTP with each side being mixed -- should select high
837TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
838 MAYBE_SKIP_TEST(HaveDtlsSrtp);
839 std::vector<std::string> mixed;
840 mixed.push_back(kAES_CM_HMAC_SHA1_80);
841 mixed.push_back(kAES_CM_HMAC_SHA1_32);
842 SetDtlsSrtpCiphers(mixed, true);
843 SetDtlsSrtpCiphers(mixed, false);
844 TestHandshake();
845
846 std::string client_cipher;
847 ASSERT_TRUE(GetDtlsSrtpCipher(true, &client_cipher));
848 std::string server_cipher;
849 ASSERT_TRUE(GetDtlsSrtpCipher(false, &server_cipher));
850
851 ASSERT_EQ(client_cipher, server_cipher);
852 ASSERT_EQ(client_cipher, kAES_CM_HMAC_SHA1_80);
853};
854
855// Test an exporter
856TEST_F(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
857 MAYBE_SKIP_TEST(HaveExporter);
858 TestHandshake();
859 unsigned char client_out[20];
860 unsigned char server_out[20];
861
862 bool result;
863 result = ExportKeyingMaterial(kExporterLabel,
864 kExporterContext, kExporterContextLen,
865 true, true,
866 client_out, sizeof(client_out));
867 ASSERT_TRUE(result);
868
869 result = ExportKeyingMaterial(kExporterLabel,
870 kExporterContext, kExporterContextLen,
871 true, false,
872 server_out, sizeof(server_out));
873 ASSERT_TRUE(result);
874
875 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));
876}
877
878// Test not yet valid certificates are not rejected.
879TEST_F(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
880 MAYBE_SKIP_TEST(HaveDtls);
881 long one_day = 60 * 60 * 24;
882 // Make the certificates not valid until one day later.
883 ResetIdentitiesWithValidity(one_day, one_day);
884 TestHandshake();
885}
886
887// Test expired certificates are not rejected.
888TEST_F(SSLStreamAdapterTestDTLS, TestCertExpired) {
889 MAYBE_SKIP_TEST(HaveDtls);
890 long one_day = 60 * 60 * 24;
891 // Make the certificates already expired.
892 ResetIdentitiesWithValidity(-one_day, -one_day);
893 TestHandshake();
894}
895
896// Test data transfer using certs created from strings.
897TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
898 MAYBE_SKIP_TEST(HaveDtls);
899 TestHandshake();
900 TestTransfer(100);
901}
902
903// Test getting the remote certificate.
904TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
905 MAYBE_SKIP_TEST(HaveDtls);
906
907 // Peer certificates haven't been received yet.
908 rtc::scoped_ptr<rtc::SSLCertificate> client_peer_cert;
909 ASSERT_FALSE(GetPeerCertificate(true, client_peer_cert.accept()));
910 ASSERT_FALSE(client_peer_cert != NULL);
911
912 rtc::scoped_ptr<rtc::SSLCertificate> server_peer_cert;
913 ASSERT_FALSE(GetPeerCertificate(false, server_peer_cert.accept()));
914 ASSERT_FALSE(server_peer_cert != NULL);
915
916 TestHandshake();
917
918 // The client should have a peer certificate after the handshake.
919 ASSERT_TRUE(GetPeerCertificate(true, client_peer_cert.accept()));
920 ASSERT_TRUE(client_peer_cert != NULL);
921
922 // It's not kCERT_PEM.
923 std::string client_peer_string = client_peer_cert->ToPEMString();
924 ASSERT_NE(kCERT_PEM, client_peer_string);
925
926 // It must not have a chain, because the test certs are self-signed.
927 rtc::SSLCertChain* client_peer_chain;
928 ASSERT_FALSE(client_peer_cert->GetChain(&client_peer_chain));
929
930 // The server should have a peer certificate after the handshake.
931 ASSERT_TRUE(GetPeerCertificate(false, server_peer_cert.accept()));
932 ASSERT_TRUE(server_peer_cert != NULL);
933
934 // It's kCERT_PEM
935 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
936
937 // It must not have a chain, because the test certs are self-signed.
938 rtc::SSLCertChain* server_peer_chain;
939 ASSERT_FALSE(server_peer_cert->GetChain(&server_peer_chain));
940}