1/* 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 12#include <algorithm> 13#include <set> 14#include <string> 15 16#include "webrtc/base/bufferqueue.h" 17#include "webrtc/base/gunit.h" 18#include "webrtc/base/helpers.h" 19#include "webrtc/base/scoped_ptr.h" 20#include "webrtc/base/ssladapter.h" 21#include "webrtc/base/sslconfig.h" 22#include "webrtc/base/sslidentity.h" 23#include "webrtc/base/sslstreamadapter.h" 24#include "webrtc/base/stream.h" 25 26using ::testing::WithParamInterface; 27using ::testing::Values; 28using ::testing::Combine; 29using ::testing::tuple; 30 31static const int kBlockSize = 4096; 32static const char kExporterLabel[] = "label"; 33static const unsigned char kExporterContext[] = "context"; 34static int kExporterContextLen = sizeof(kExporterContext); 35 36static const char kRSA_PRIVATE_KEY_PEM[] = 37 "-----BEGIN RSA PRIVATE KEY-----\n" 38 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n" 39 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" 40 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" 41 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n" 42 "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n" 43 "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n" 44 "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n" 45 "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n" 46 "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n" 47 "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n" 48 "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n" 49 "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n" 50 "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n" 51 "UCXiYxSsu20QNVw=\n" 52 "-----END RSA PRIVATE KEY-----\n"; 53 54static const char kCERT_PEM[] = 55 "-----BEGIN CERTIFICATE-----\n" 56 "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n" 57 "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n" 58 "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n" 59 "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n" 60 "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n" 61 "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n" 62 "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n" 63 "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n" 64 "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n" 65 "-----END CERTIFICATE-----\n"; 66 67#define MAYBE_SKIP_TEST(feature) \ 68 if (!(rtc::SSLStreamAdapter::feature())) { \ 69 LOG(LS_INFO) << "Feature disabled... skipping"; \ 70 return; \ 71 } 72 73class SSLStreamAdapterTestBase; 74 75class SSLDummyStreamBase : public rtc::StreamInterface, 76 public sigslot::has_slots<> { 77 public: 78 SSLDummyStreamBase(SSLStreamAdapterTestBase* test, 79 const std::string &side, 80 rtc::StreamInterface* in, 81 rtc::StreamInterface* out) : 82 test_base_(test), 83 side_(side), 84 in_(in), 85 out_(out), 86 first_packet_(true) { 87 in_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventIn); 88 out_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventOut); 89 } 90 91 rtc::StreamState GetState() const override { return rtc::SS_OPEN; } 92 93 rtc::StreamResult Read(void* buffer, size_t buffer_len, 94 size_t* read, int* error) override { 95 rtc::StreamResult r; 96 97 r = in_->Read(buffer, buffer_len, read, error); 98 if (r == rtc::SR_BLOCK) 99 return rtc::SR_BLOCK; 100 if (r == rtc::SR_EOS) 101 return rtc::SR_EOS; 102 103 if (r != rtc::SR_SUCCESS) { 104 ADD_FAILURE(); 105 return rtc::SR_ERROR; 106 } 107 108 return rtc::SR_SUCCESS; 109 } 110 111 // Catch readability events on in and pass them up. 112 void OnEventIn(rtc::StreamInterface* stream, int sig, int err) { 113 int mask = (rtc::SE_READ | rtc::SE_CLOSE); 114 115 if (sig & mask) { 116 LOG(LS_INFO) << "SSLDummyStreamBase::OnEvent side=" << side_ << " sig=" 117 << sig << " forwarding upward"; 118 PostEvent(sig & mask, 0); 119 } 120 } 121 122 // Catch writeability events on out and pass them up. 123 void OnEventOut(rtc::StreamInterface* stream, int sig, int err) { 124 if (sig & rtc::SE_WRITE) { 125 LOG(LS_INFO) << "SSLDummyStreamBase::OnEvent side=" << side_ << " sig=" 126 << sig << " forwarding upward"; 127 128 PostEvent(sig & rtc::SE_WRITE, 0); 129 } 130 } 131 132 // Write to the outgoing FifoBuffer 133 rtc::StreamResult WriteData(const void* data, size_t data_len, 134 size_t* written, int* error) { 135 return out_->Write(data, data_len, written, error); 136 } 137 138 rtc::StreamResult Write(const void* data, size_t data_len, 139 size_t* written, int* error) override; 140 141 void Close() override { 142 LOG(LS_INFO) << "Closing outbound stream"; 143 out_->Close(); 144 } 145 146 protected: 147 SSLStreamAdapterTestBase* test_base_; 148 const std::string side_; 149 rtc::StreamInterface* in_; 150 rtc::StreamInterface* out_; 151 bool first_packet_; 152}; 153 154class SSLDummyStreamTLS : public SSLDummyStreamBase { 155 public: 156 SSLDummyStreamTLS(SSLStreamAdapterTestBase* test, 157 const std::string& side, 158 rtc::FifoBuffer* in, 159 rtc::FifoBuffer* out) : 160 SSLDummyStreamBase(test, side, in, out) { 161 } 162}; 163 164class BufferQueueStream : public rtc::BufferQueue, 165 public rtc::StreamInterface { 166 public: 167 BufferQueueStream(size_t capacity, size_t default_size) 168 : rtc::BufferQueue(capacity, default_size) { 169 } 170 171 // Implementation of abstract StreamInterface methods. 172 173 // A buffer queue stream is always "open". 174 rtc::StreamState GetState() const override { return rtc::SS_OPEN; } 175 176 // Reading a buffer queue stream will either succeed or block. 177 rtc::StreamResult Read(void* buffer, size_t buffer_len, 178 size_t* read, int* error) override { 179 if (!ReadFront(buffer, buffer_len, read)) { 180 return rtc::SR_BLOCK; 181 } 182 return rtc::SR_SUCCESS; 183 } 184 185 // Writing to a buffer queue stream will either succeed or block. 186 rtc::StreamResult Write(const void* data, size_t data_len, 187 size_t* written, int* error) override { 188 if (!WriteBack(data, data_len, written)) { 189 return rtc::SR_BLOCK; 190 } 191 return rtc::SR_SUCCESS; 192 } 193 194 // A buffer queue stream can not be closed. 195 void Close() override {} 196 197 protected: 198 void NotifyReadableForTest() override { 199 PostEvent(rtc::SE_READ, 0); 200 } 201 202 void NotifyWritableForTest() override { 203 PostEvent(rtc::SE_WRITE, 0); 204 } 205}; 206 207class SSLDummyStreamDTLS : public SSLDummyStreamBase { 208 public: 209 SSLDummyStreamDTLS(SSLStreamAdapterTestBase* test, 210 const std::string& side, 211 BufferQueueStream* in, 212 BufferQueueStream* out) : 213 SSLDummyStreamBase(test, side, in, out) { 214 } 215}; 216 217static const int kFifoBufferSize = 4096; 218static const int kBufferCapacity = 1; 219static const size_t kDefaultBufferSize = 2048; 220 221class SSLStreamAdapterTestBase : public testing::Test, 222 public sigslot::has_slots<> { 223 public: 224 SSLStreamAdapterTestBase( 225 const std::string& client_cert_pem, 226 const std::string& client_private_key_pem, 227 bool dtls, 228 rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT), 229 rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT)) 230 : client_cert_pem_(client_cert_pem), 231 client_private_key_pem_(client_private_key_pem), 232 client_key_type_(client_key_type), 233 server_key_type_(server_key_type), 234 client_stream_(NULL), 235 server_stream_(NULL), 236 client_identity_(NULL), 237 server_identity_(NULL), 238 delay_(0), 239 mtu_(1460), 240 loss_(0), 241 lose_first_packet_(false), 242 damage_(false), 243 dtls_(dtls), 244 handshake_wait_(5000), 245 identities_set_(false) { 246 // Set use of the test RNG to get predictable loss patterns. 247 rtc::SetRandomTestMode(true); 248 } 249 250 ~SSLStreamAdapterTestBase() { 251 // Put it back for the next test. 252 rtc::SetRandomTestMode(false); 253 } 254 255 void SetUp() override { 256 CreateStreams(); 257 258 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_)); 259 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_)); 260 261 // Set up the slots 262 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); 263 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); 264 265 if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) { 266 client_identity_ = rtc::SSLIdentity::FromPEMStrings( 267 client_private_key_pem_, client_cert_pem_); 268 } else { 269 client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type_); 270 } 271 server_identity_ = rtc::SSLIdentity::Generate("server", server_key_type_); 272 273 client_ssl_->SetIdentity(client_identity_); 274 server_ssl_->SetIdentity(server_identity_); 275 } 276 277 void TearDown() override { 278 client_ssl_.reset(nullptr); 279 server_ssl_.reset(nullptr); 280 } 281 282 virtual void CreateStreams() = 0; 283 284 // Recreate the client/server identities with the specified validity period. 285 // |not_before| and |not_after| are offsets from the current time in number 286 // of seconds. 287 void ResetIdentitiesWithValidity(int not_before, int not_after) { 288 CreateStreams(); 289 290 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_)); 291 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_)); 292 293 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); 294 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); 295 296 time_t now = time(nullptr); 297 298 rtc::SSLIdentityParams client_params; 299 client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT); 300 client_params.common_name = "client"; 301 client_params.not_before = now + not_before; 302 client_params.not_after = now + not_after; 303 client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params); 304 305 rtc::SSLIdentityParams server_params; 306 server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT); 307 server_params.common_name = "server"; 308 server_params.not_before = now + not_before; 309 server_params.not_after = now + not_after; 310 server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params); 311 312 client_ssl_->SetIdentity(client_identity_); 313 server_ssl_->SetIdentity(server_identity_); 314 } 315 316 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) { 317 LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig; 318 319 if (sig & rtc::SE_READ) { 320 ReadData(stream); 321 } 322 323 if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) { 324 WriteData(); 325 } 326 } 327 328 void SetPeerIdentitiesByDigest(bool correct) { 329 unsigned char digest[20]; 330 size_t digest_len; 331 bool rv; 332 333 LOG(LS_INFO) << "Setting peer identities by digest"; 334 335 rv = server_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1, 336 digest, 20, 337 &digest_len); 338 ASSERT_TRUE(rv); 339 if (!correct) { 340 LOG(LS_INFO) << "Setting bogus digest for server cert"; 341 digest[0]++; 342 } 343 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest, 344 digest_len); 345 ASSERT_TRUE(rv); 346 347 348 rv = client_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1, 349 digest, 20, &digest_len); 350 ASSERT_TRUE(rv); 351 if (!correct) { 352 LOG(LS_INFO) << "Setting bogus digest for client cert"; 353 digest[0]++; 354 } 355 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest, 356 digest_len); 357 ASSERT_TRUE(rv); 358 359 identities_set_ = true; 360 } 361 362 void SetupProtocolVersions(rtc::SSLProtocolVersion server_version, 363 rtc::SSLProtocolVersion client_version) { 364 server_ssl_->SetMaxProtocolVersion(server_version); 365 client_ssl_->SetMaxProtocolVersion(client_version); 366 } 367 368 void TestHandshake(bool expect_success = true) { 369 server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : 370 rtc::SSL_MODE_TLS); 371 client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS : 372 rtc::SSL_MODE_TLS); 373 374 if (!dtls_) { 375 // Make sure we simulate a reliable network for TLS. 376 // This is just a check to make sure that people don't write wrong 377 // tests. 378 ASSERT((mtu_ == 1460) && (loss_ == 0) && (lose_first_packet_ == 0)); 379 } 380 381 if (!identities_set_) 382 SetPeerIdentitiesByDigest(true); 383 384 // Start the handshake 385 int rv; 386 387 server_ssl_->SetServerRole(); 388 rv = server_ssl_->StartSSLWithPeer(); 389 ASSERT_EQ(0, rv); 390 391 rv = client_ssl_->StartSSLWithPeer(); 392 ASSERT_EQ(0, rv); 393 394 // Now run the handshake 395 if (expect_success) { 396 EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN) 397 && (server_ssl_->GetState() == rtc::SS_OPEN), 398 handshake_wait_); 399 } else { 400 EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED, 401 handshake_wait_); 402 } 403 } 404 405 rtc::StreamResult DataWritten(SSLDummyStreamBase *from, const void *data, 406 size_t data_len, size_t *written, 407 int *error) { 408 // Randomly drop loss_ percent of packets 409 if (rtc::CreateRandomId() % 100 < static_cast<uint32_t>(loss_)) { 410 LOG(LS_INFO) << "Randomly dropping packet, size=" << data_len; 411 *written = data_len; 412 return rtc::SR_SUCCESS; 413 } 414 if (dtls_ && (data_len > mtu_)) { 415 LOG(LS_INFO) << "Dropping packet > mtu, size=" << data_len; 416 *written = data_len; 417 return rtc::SR_SUCCESS; 418 } 419 420 // Optionally damage application data (type 23). Note that we don't damage 421 // handshake packets and we damage the last byte to keep the header 422 // intact but break the MAC. 423 if (damage_ && (*static_cast<const unsigned char *>(data) == 23)) { 424 std::vector<char> buf(data_len); 425 426 LOG(LS_INFO) << "Damaging packet"; 427 428 memcpy(&buf[0], data, data_len); 429 buf[data_len - 1]++; 430 431 return from->WriteData(&buf[0], data_len, written, error); 432 } 433 434 return from->WriteData(data, data_len, written, error); 435 } 436 437 void SetDelay(int delay) { 438 delay_ = delay; 439 } 440 int GetDelay() { return delay_; } 441 442 void SetLoseFirstPacket(bool lose) { 443 lose_first_packet_ = lose; 444 } 445 bool GetLoseFirstPacket() { return lose_first_packet_; } 446 447 void SetLoss(int percent) { 448 loss_ = percent; 449 } 450 451 void SetDamage() { 452 damage_ = true; 453 } 454 455 void SetMtu(size_t mtu) { 456 mtu_ = mtu; 457 } 458 459 void SetHandshakeWait(int wait) { 460 handshake_wait_ = wait; 461 } 462 463 void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) { 464 if (client) 465 client_ssl_->SetDtlsSrtpCryptoSuites(ciphers); 466 else 467 server_ssl_->SetDtlsSrtpCryptoSuites(ciphers); 468 } 469 470 bool GetDtlsSrtpCryptoSuite(bool client, int* retval) { 471 if (client) 472 return client_ssl_->GetDtlsSrtpCryptoSuite(retval); 473 else 474 return server_ssl_->GetDtlsSrtpCryptoSuite(retval); 475 } 476 477 bool GetPeerCertificate(bool client, rtc::SSLCertificate** cert) { 478 if (client) 479 return client_ssl_->GetPeerCertificate(cert); 480 else 481 return server_ssl_->GetPeerCertificate(cert); 482 } 483 484 bool GetSslCipherSuite(bool client, int* retval) { 485 if (client) 486 return client_ssl_->GetSslCipherSuite(retval); 487 else 488 return server_ssl_->GetSslCipherSuite(retval); 489 } 490 491 bool ExportKeyingMaterial(const char *label, 492 const unsigned char *context, 493 size_t context_len, 494 bool use_context, 495 bool client, 496 unsigned char *result, 497 size_t result_len) { 498 if (client) 499 return client_ssl_->ExportKeyingMaterial(label, 500 context, context_len, 501 use_context, 502 result, result_len); 503 else 504 return server_ssl_->ExportKeyingMaterial(label, 505 context, context_len, 506 use_context, 507 result, result_len); 508 } 509 510 // To be implemented by subclasses. 511 virtual void WriteData() = 0; 512 virtual void ReadData(rtc::StreamInterface *stream) = 0; 513 virtual void TestTransfer(int size) = 0; 514 515 protected: 516 std::string client_cert_pem_; 517 std::string client_private_key_pem_; 518 rtc::KeyParams client_key_type_; 519 rtc::KeyParams server_key_type_; 520 SSLDummyStreamBase *client_stream_; // freed by client_ssl_ destructor 521 SSLDummyStreamBase *server_stream_; // freed by server_ssl_ destructor 522 rtc::scoped_ptr<rtc::SSLStreamAdapter> client_ssl_; 523 rtc::scoped_ptr<rtc::SSLStreamAdapter> server_ssl_; 524 rtc::SSLIdentity *client_identity_; // freed by client_ssl_ destructor 525 rtc::SSLIdentity *server_identity_; // freed by server_ssl_ destructor 526 int delay_; 527 size_t mtu_; 528 int loss_; 529 bool lose_first_packet_; 530 bool damage_; 531 bool dtls_; 532 int handshake_wait_; 533 bool identities_set_; 534}; 535 536class SSLStreamAdapterTestTLS 537 : public SSLStreamAdapterTestBase, 538 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> { 539 public: 540 SSLStreamAdapterTestTLS() 541 : SSLStreamAdapterTestBase("", 542 "", 543 false, 544 ::testing::get<0>(GetParam()), 545 ::testing::get<1>(GetParam())), 546 client_buffer_(kFifoBufferSize), 547 server_buffer_(kFifoBufferSize) { 548 } 549 550 void CreateStreams() override { 551 client_stream_ = 552 new SSLDummyStreamTLS(this, "c2s", &client_buffer_, &server_buffer_); 553 server_stream_ = 554 new SSLDummyStreamTLS(this, "s2c", &server_buffer_, &client_buffer_); 555 } 556 557 // Test data transfer for TLS 558 virtual void TestTransfer(int size) { 559 LOG(LS_INFO) << "Starting transfer test with " << size << " bytes"; 560 // Create some dummy data to send. 561 size_t received; 562 563 send_stream_.ReserveSize(size); 564 for (int i = 0; i < size; ++i) { 565 char ch = static_cast<char>(i); 566 send_stream_.Write(&ch, 1, NULL, NULL); 567 } 568 send_stream_.Rewind(); 569 570 // Prepare the receive stream. 571 recv_stream_.ReserveSize(size); 572 573 // Start sending 574 WriteData(); 575 576 // Wait for the client to close 577 EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000); 578 579 // Now check the data 580 recv_stream_.GetSize(&received); 581 582 EXPECT_EQ(static_cast<size_t>(size), received); 583 EXPECT_EQ(0, memcmp(send_stream_.GetBuffer(), 584 recv_stream_.GetBuffer(), size)); 585 } 586 587 void WriteData() { 588 size_t position, tosend, size; 589 rtc::StreamResult rv; 590 size_t sent; 591 char block[kBlockSize]; 592 593 send_stream_.GetSize(&size); 594 if (!size) 595 return; 596 597 for (;;) { 598 send_stream_.GetPosition(&position); 599 if (send_stream_.Read(block, sizeof(block), &tosend, NULL) != 600 rtc::SR_EOS) { 601 rv = client_ssl_->Write(block, tosend, &sent, 0); 602 603 if (rv == rtc::SR_SUCCESS) { 604 send_stream_.SetPosition(position + sent); 605 LOG(LS_VERBOSE) << "Sent: " << position + sent; 606 } else if (rv == rtc::SR_BLOCK) { 607 LOG(LS_VERBOSE) << "Blocked..."; 608 send_stream_.SetPosition(position); 609 break; 610 } else { 611 ADD_FAILURE(); 612 break; 613 } 614 } else { 615 // Now close 616 LOG(LS_INFO) << "Wrote " << position << " bytes. Closing"; 617 client_ssl_->Close(); 618 break; 619 } 620 } 621 }; 622 623 virtual void ReadData(rtc::StreamInterface *stream) { 624 char buffer[1600]; 625 size_t bread; 626 int err2; 627 rtc::StreamResult r; 628 629 for (;;) { 630 r = stream->Read(buffer, sizeof(buffer), &bread, &err2); 631 632 if (r == rtc::SR_ERROR || r == rtc::SR_EOS) { 633 // Unfortunately, errors are the way that the stream adapter 634 // signals close in OpenSSL. 635 stream->Close(); 636 return; 637 } 638 639 if (r == rtc::SR_BLOCK) 640 break; 641 642 ASSERT_EQ(rtc::SR_SUCCESS, r); 643 LOG(LS_INFO) << "Read " << bread; 644 645 recv_stream_.Write(buffer, bread, NULL, NULL); 646 } 647 } 648 649 private: 650 rtc::FifoBuffer client_buffer_; 651 rtc::FifoBuffer server_buffer_; 652 rtc::MemoryStream send_stream_; 653 rtc::MemoryStream recv_stream_; 654}; 655 656class SSLStreamAdapterTestDTLS 657 : public SSLStreamAdapterTestBase, 658 public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> { 659 public: 660 SSLStreamAdapterTestDTLS() 661 : SSLStreamAdapterTestBase("", 662 "", 663 true, 664 ::testing::get<0>(GetParam()), 665 ::testing::get<1>(GetParam())), 666 client_buffer_(kBufferCapacity, kDefaultBufferSize), 667 server_buffer_(kBufferCapacity, kDefaultBufferSize), 668 packet_size_(1000), 669 count_(0), 670 sent_(0) {} 671 672 SSLStreamAdapterTestDTLS(const std::string& cert_pem, 673 const std::string& private_key_pem) : 674 SSLStreamAdapterTestBase(cert_pem, private_key_pem, true), 675 client_buffer_(kBufferCapacity, kDefaultBufferSize), 676 server_buffer_(kBufferCapacity, kDefaultBufferSize), 677 packet_size_(1000), count_(0), sent_(0) { 678 } 679 680 void CreateStreams() override { 681 client_stream_ = 682 new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_); 683 server_stream_ = 684 new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_); 685 } 686 687 virtual void WriteData() { 688 unsigned char *packet = new unsigned char[1600]; 689 690 while (sent_ < count_) { 691 unsigned int rand_state = sent_; 692 packet[0] = sent_; 693 for (size_t i = 1; i < packet_size_; i++) { 694 // This is a simple LC PRNG. Keep in synch with identical code below. 695 rand_state = (rand_state * 251 + 19937) >> 7; 696 packet[i] = rand_state & 0xff; 697 } 698 699 size_t sent; 700 rtc::StreamResult rv = client_ssl_->Write(packet, packet_size_, &sent, 0); 701 if (rv == rtc::SR_SUCCESS) { 702 LOG(LS_VERBOSE) << "Sent: " << sent_; 703 sent_++; 704 } else if (rv == rtc::SR_BLOCK) { 705 LOG(LS_VERBOSE) << "Blocked..."; 706 break; 707 } else { 708 ADD_FAILURE(); 709 break; 710 } 711 } 712 713 delete [] packet; 714 } 715 716 virtual void ReadData(rtc::StreamInterface *stream) { 717 unsigned char buffer[2000]; 718 size_t bread; 719 int err2; 720 rtc::StreamResult r; 721 722 for (;;) { 723 r = stream->Read(buffer, 2000, &bread, &err2); 724 725 if (r == rtc::SR_ERROR) { 726 // Unfortunately, errors are the way that the stream adapter 727 // signals close right now 728 stream->Close(); 729 return; 730 } 731 732 if (r == rtc::SR_BLOCK) 733 break; 734 735 ASSERT_EQ(rtc::SR_SUCCESS, r); 736 LOG(LS_INFO) << "Read " << bread; 737 738 // Now parse the datagram 739 ASSERT_EQ(packet_size_, bread); 740 unsigned char packet_num = buffer[0]; 741 742 unsigned int rand_state = packet_num; 743 for (size_t i = 1; i < packet_size_; i++) { 744 // This is a simple LC PRNG. Keep in synch with identical code above. 745 rand_state = (rand_state * 251 + 19937) >> 7; 746 ASSERT_EQ(rand_state & 0xff, buffer[i]); 747 } 748 received_.insert(packet_num); 749 } 750 } 751 752 virtual void TestTransfer(int count) { 753 count_ = count; 754 755 WriteData(); 756 757 EXPECT_TRUE_WAIT(sent_ == count_, 10000); 758 LOG(LS_INFO) << "sent_ == " << sent_; 759 760 if (damage_) { 761 WAIT(false, 2000); 762 EXPECT_EQ(0U, received_.size()); 763 } else if (loss_ == 0) { 764 EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000); 765 } else { 766 LOG(LS_INFO) << "Sent " << sent_ << " packets; received " << 767 received_.size(); 768 } 769 }; 770 771 private: 772 BufferQueueStream client_buffer_; 773 BufferQueueStream server_buffer_; 774 size_t packet_size_; 775 int count_; 776 int sent_; 777 std::set<int> received_; 778}; 779 780 781rtc::StreamResult SSLDummyStreamBase::Write(const void* data, size_t data_len, 782 size_t* written, int* error) { 783 LOG(LS_INFO) << "Writing to loopback " << data_len; 784 785 if (first_packet_) { 786 first_packet_ = false; 787 if (test_base_->GetLoseFirstPacket()) { 788 LOG(LS_INFO) << "Losing initial packet of length " << data_len; 789 *written = data_len; // Fake successful writing also to writer. 790 return rtc::SR_SUCCESS; 791 } 792 } 793 794 return test_base_->DataWritten(this, data, data_len, written, error); 795}; 796 797class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS { 798 public: 799 SSLStreamAdapterTestDTLSFromPEMStrings() : 800 SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) { 801 } 802}; 803 804// Basic tests: TLS 805 806// Test that we can make a handshake work 807TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) { 808 TestHandshake(); 809}; 810 811// Test that closing the connection on one side updates the other side. 812TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) { 813 TestHandshake(); 814 client_ssl_->Close(); 815 EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_); 816}; 817 818// Test transfer -- trivial 819TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) { 820 TestHandshake(); 821 TestTransfer(100000); 822}; 823 824// Test read-write after close. 825TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) { 826 TestHandshake(); 827 TestTransfer(100000); 828 client_ssl_->Close(); 829 830 rtc::StreamResult rv; 831 char block[kBlockSize]; 832 size_t dummy; 833 834 // It's an error to write after closed. 835 rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL); 836 ASSERT_EQ(rtc::SR_ERROR, rv); 837 838 // But after closed read gives you EOS. 839 rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL); 840 ASSERT_EQ(rtc::SR_EOS, rv); 841}; 842 843// Test a handshake with a bogus peer digest 844TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) { 845 SetPeerIdentitiesByDigest(false); 846 TestHandshake(false); 847}; 848 849// Test moving a bunch of data 850 851// Basic tests: DTLS 852// Test that we can make a handshake work 853TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) { 854 MAYBE_SKIP_TEST(HaveDtls); 855 TestHandshake(); 856}; 857 858// Test that we can make a handshake work if the first packet in 859// each direction is lost. This gives us predictable loss 860// rather than having to tune random 861TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) { 862 MAYBE_SKIP_TEST(HaveDtls); 863 SetLoseFirstPacket(true); 864 TestHandshake(); 865}; 866 867// Test a handshake with loss and delay 868TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) { 869 MAYBE_SKIP_TEST(HaveDtls); 870 SetLoseFirstPacket(true); 871 SetDelay(2000); 872 SetHandshakeWait(20000); 873 TestHandshake(); 874}; 875 876// Test a handshake with small MTU 877// Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910 878TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) { 879 MAYBE_SKIP_TEST(HaveDtls); 880 SetMtu(700); 881 SetHandshakeWait(20000); 882 TestHandshake(); 883}; 884 885// Test transfer -- trivial 886TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) { 887 MAYBE_SKIP_TEST(HaveDtls); 888 TestHandshake(); 889 TestTransfer(100); 890}; 891 892TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) { 893 MAYBE_SKIP_TEST(HaveDtls); 894 TestHandshake(); 895 SetLoss(10); 896 TestTransfer(100); 897}; 898 899TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) { 900 MAYBE_SKIP_TEST(HaveDtls); 901 SetDamage(); // Must be called first because first packet 902 // write happens at end of handshake. 903 TestHandshake(); 904 TestTransfer(100); 905}; 906 907// Test DTLS-SRTP with all high ciphers 908TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) { 909 MAYBE_SKIP_TEST(HaveDtlsSrtp); 910 std::vector<int> high; 911 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); 912 SetDtlsSrtpCryptoSuites(high, true); 913 SetDtlsSrtpCryptoSuites(high, false); 914 TestHandshake(); 915 916 int client_cipher; 917 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); 918 int server_cipher; 919 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); 920 921 ASSERT_EQ(client_cipher, server_cipher); 922 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); 923}; 924 925// Test DTLS-SRTP with all low ciphers 926TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) { 927 MAYBE_SKIP_TEST(HaveDtlsSrtp); 928 std::vector<int> low; 929 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); 930 SetDtlsSrtpCryptoSuites(low, true); 931 SetDtlsSrtpCryptoSuites(low, false); 932 TestHandshake(); 933 934 int client_cipher; 935 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); 936 int server_cipher; 937 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); 938 939 ASSERT_EQ(client_cipher, server_cipher); 940 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32); 941}; 942 943 944// Test DTLS-SRTP with a mismatch -- should not converge 945TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) { 946 MAYBE_SKIP_TEST(HaveDtlsSrtp); 947 std::vector<int> high; 948 high.push_back(rtc::SRTP_AES128_CM_SHA1_80); 949 std::vector<int> low; 950 low.push_back(rtc::SRTP_AES128_CM_SHA1_32); 951 SetDtlsSrtpCryptoSuites(high, true); 952 SetDtlsSrtpCryptoSuites(low, false); 953 TestHandshake(); 954 955 int client_cipher; 956 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); 957 int server_cipher; 958 ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); 959}; 960 961// Test DTLS-SRTP with each side being mixed -- should select high 962TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) { 963 MAYBE_SKIP_TEST(HaveDtlsSrtp); 964 std::vector<int> mixed; 965 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80); 966 mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32); 967 SetDtlsSrtpCryptoSuites(mixed, true); 968 SetDtlsSrtpCryptoSuites(mixed, false); 969 TestHandshake(); 970 971 int client_cipher; 972 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher)); 973 int server_cipher; 974 ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher)); 975 976 ASSERT_EQ(client_cipher, server_cipher); 977 ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80); 978}; 979 980// Test an exporter 981TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) { 982 MAYBE_SKIP_TEST(HaveExporter); 983 TestHandshake(); 984 unsigned char client_out[20]; 985 unsigned char server_out[20]; 986 987 bool result; 988 result = ExportKeyingMaterial(kExporterLabel, 989 kExporterContext, kExporterContextLen, 990 true, true, 991 client_out, sizeof(client_out)); 992 ASSERT_TRUE(result); 993 994 result = ExportKeyingMaterial(kExporterLabel, 995 kExporterContext, kExporterContextLen, 996 true, false, 997 server_out, sizeof(server_out)); 998 ASSERT_TRUE(result); 999 1000 ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out))); 1001} 1002 1003// Test not yet valid certificates are not rejected. 1004TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) { 1005 MAYBE_SKIP_TEST(HaveDtls); 1006 long one_day = 60 * 60 * 24; 1007 // Make the certificates not valid until one day later. 1008 ResetIdentitiesWithValidity(one_day, one_day); 1009 TestHandshake(); 1010} 1011 1012// Test expired certificates are not rejected. 1013TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) { 1014 MAYBE_SKIP_TEST(HaveDtls); 1015 long one_day = 60 * 60 * 24; 1016 // Make the certificates already expired. 1017 ResetIdentitiesWithValidity(-one_day, -one_day); 1018 TestHandshake(); 1019} 1020 1021// Test data transfer using certs created from strings. 1022TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) { 1023 MAYBE_SKIP_TEST(HaveDtls); 1024 TestHandshake(); 1025 TestTransfer(100); 1026} 1027 1028// Test getting the remote certificate. 1029TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) { 1030 MAYBE_SKIP_TEST(HaveDtls); 1031 1032 // Peer certificates haven't been received yet. 1033 rtc::scoped_ptr<rtc::SSLCertificate> client_peer_cert; 1034 ASSERT_FALSE(GetPeerCertificate(true, client_peer_cert.accept())); 1035 ASSERT_FALSE(client_peer_cert != NULL); 1036 1037 rtc::scoped_ptr<rtc::SSLCertificate> server_peer_cert; 1038 ASSERT_FALSE(GetPeerCertificate(false, server_peer_cert.accept())); 1039 ASSERT_FALSE(server_peer_cert != NULL); 1040 1041 TestHandshake(); 1042 1043 // The client should have a peer certificate after the handshake. 1044 ASSERT_TRUE(GetPeerCertificate(true, client_peer_cert.accept())); 1045 ASSERT_TRUE(client_peer_cert != NULL); 1046 1047 // It's not kCERT_PEM. 1048 std::string client_peer_string = client_peer_cert->ToPEMString(); 1049 ASSERT_NE(kCERT_PEM, client_peer_string); 1050 1051 // It must not have a chain, because the test certs are self-signed. 1052 rtc::SSLCertChain* client_peer_chain; 1053 ASSERT_FALSE(client_peer_cert->GetChain(&client_peer_chain)); 1054 1055 // The server should have a peer certificate after the handshake. 1056 ASSERT_TRUE(GetPeerCertificate(false, server_peer_cert.accept())); 1057 ASSERT_TRUE(server_peer_cert != NULL); 1058 1059 // It's kCERT_PEM 1060 ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); 1061 1062 // It must not have a chain, because the test certs are self-signed. 1063 rtc::SSLCertChain* server_peer_chain; 1064 ASSERT_FALSE(server_peer_cert->GetChain(&server_peer_chain)); 1065} 1066 1067// Test getting the used DTLS ciphers. 1068// DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used. 1069TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) { 1070 MAYBE_SKIP_TEST(HaveDtls); 1071 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10); 1072 TestHandshake(); 1073 1074 int client_cipher; 1075 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); 1076 int server_cipher; 1077 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); 1078 1079 ASSERT_EQ(client_cipher, server_cipher); 1080 ASSERT_EQ( 1081 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( 1082 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()), 1083 server_cipher); 1084} 1085 1086// Test getting the used DTLS 1.2 ciphers. 1087// DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. 1088TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { 1089 MAYBE_SKIP_TEST(HaveDtls); 1090 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); 1091 TestHandshake(); 1092 1093 int client_cipher; 1094 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); 1095 int server_cipher; 1096 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); 1097 1098 ASSERT_EQ(client_cipher, server_cipher); 1099 ASSERT_EQ( 1100 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( 1101 rtc::SSL_PROTOCOL_DTLS_12, ::testing::get<1>(GetParam()).type()), 1102 server_cipher); 1103} 1104 1105// DTLS 1.2 enabled for client only -> DTLS 1.0 will be used. 1106TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) { 1107 MAYBE_SKIP_TEST(HaveDtls); 1108 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12); 1109 TestHandshake(); 1110 1111 int client_cipher; 1112 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); 1113 int server_cipher; 1114 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); 1115 1116 ASSERT_EQ(client_cipher, server_cipher); 1117 ASSERT_EQ( 1118 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( 1119 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()), 1120 server_cipher); 1121} 1122 1123// DTLS 1.2 enabled for server only -> DTLS 1.0 will be used. 1124TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) { 1125 MAYBE_SKIP_TEST(HaveDtls); 1126 SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10); 1127 TestHandshake(); 1128 1129 int client_cipher; 1130 ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); 1131 int server_cipher; 1132 ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); 1133 1134 ASSERT_EQ(client_cipher, server_cipher); 1135 ASSERT_EQ( 1136 rtc::SSLStreamAdapter::GetDefaultSslCipherForTest( 1137 rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()), 1138 server_cipher); 1139} 1140 1141// The RSA keysizes here might look strange, why not include the RFC's size 1142// 2048?. The reason is test case slowness; testing two sizes to exercise 1143// parametrization is sufficient. 1144INSTANTIATE_TEST_CASE_P( 1145 SSLStreamAdapterTestsTLS, 1146 SSLStreamAdapterTestTLS, 1147 Combine(Values(rtc::KeyParams::RSA(1024, 65537), 1148 rtc::KeyParams::RSA(1152, 65537), 1149 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), 1150 Values(rtc::KeyParams::RSA(1024, 65537), 1151 rtc::KeyParams::RSA(1152, 65537), 1152 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); 1153 1154#if !defined(MEMORY_SANITIZER) 1155// Fails under MemorySanitizer: 1156// See https://code.google.com/p/webrtc/issues/detail?id=5381. 1157INSTANTIATE_TEST_CASE_P( 1158 SSLStreamAdapterTestsDTLS, 1159 SSLStreamAdapterTestDTLS, 1160 Combine(Values(rtc::KeyParams::RSA(1024, 65537), 1161 rtc::KeyParams::RSA(1152, 65537), 1162 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)), 1163 Values(rtc::KeyParams::RSA(1024, 65537), 1164 rtc::KeyParams::RSA(1152, 65537), 1165 rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)))); 1166#endif 1167