tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2014 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
jbauch | 555604a | 2016-04-26 03:13:22 -0700 | [diff] [blame] | 11 | #include <memory> |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 12 | #include <string> |
| 13 | |
Mirko Bonadei | 92ea95e | 2017-09-15 06:47:31 +0200 | [diff] [blame] | 14 | #include "rtc_base/gunit.h" |
| 15 | #include "rtc_base/ipaddress.h" |
| 16 | #include "rtc_base/socketstream.h" |
| 17 | #include "rtc_base/ssladapter.h" |
| 18 | #include "rtc_base/sslidentity.h" |
| 19 | #include "rtc_base/sslstreamadapter.h" |
| 20 | #include "rtc_base/stream.h" |
| 21 | #include "rtc_base/stringencode.h" |
| 22 | #include "rtc_base/virtualsocketserver.h" |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 23 | |
| 24 | static const int kTimeout = 5000; |
| 25 | |
| 26 | static rtc::AsyncSocket* CreateSocket(const rtc::SSLMode& ssl_mode) { |
| 27 | rtc::SocketAddress address(rtc::IPAddress(INADDR_ANY), 0); |
| 28 | |
| 29 | rtc::AsyncSocket* socket = rtc::Thread::Current()-> |
| 30 | socketserver()->CreateAsyncSocket( |
| 31 | address.family(), (ssl_mode == rtc::SSL_MODE_DTLS) ? |
| 32 | SOCK_DGRAM : SOCK_STREAM); |
| 33 | socket->Bind(address); |
| 34 | |
| 35 | return socket; |
| 36 | } |
| 37 | |
| 38 | static std::string GetSSLProtocolName(const rtc::SSLMode& ssl_mode) { |
| 39 | return (ssl_mode == rtc::SSL_MODE_DTLS) ? "DTLS" : "TLS"; |
| 40 | } |
| 41 | |
| 42 | class SSLAdapterTestDummyClient : public sigslot::has_slots<> { |
| 43 | public: |
| 44 | explicit SSLAdapterTestDummyClient(const rtc::SSLMode& ssl_mode) |
| 45 | : ssl_mode_(ssl_mode) { |
| 46 | rtc::AsyncSocket* socket = CreateSocket(ssl_mode_); |
| 47 | |
| 48 | ssl_adapter_.reset(rtc::SSLAdapter::Create(socket)); |
| 49 | |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 50 | ssl_adapter_->SetMode(ssl_mode_); |
| 51 | |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 52 | // Ignore any certificate errors for the purpose of testing. |
| 53 | // Note: We do this only because we don't have a real certificate. |
| 54 | // NEVER USE THIS IN PRODUCTION CODE! |
Diogo Real | 1dca9d5 | 2017-08-29 12:18:32 -0700 | [diff] [blame] | 55 | ssl_adapter_->SetIgnoreBadCert(true); |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 56 | |
| 57 | ssl_adapter_->SignalReadEvent.connect(this, |
| 58 | &SSLAdapterTestDummyClient::OnSSLAdapterReadEvent); |
| 59 | ssl_adapter_->SignalCloseEvent.connect(this, |
| 60 | &SSLAdapterTestDummyClient::OnSSLAdapterCloseEvent); |
| 61 | } |
| 62 | |
Diogo Real | 1dca9d5 | 2017-08-29 12:18:32 -0700 | [diff] [blame] | 63 | void SetAlpnProtocols(const std::vector<std::string>& protos) { |
| 64 | ssl_adapter_->SetAlpnProtocols(protos); |
| 65 | } |
| 66 | |
Diogo Real | 7bd1f1b | 2017-09-08 12:50:41 -0700 | [diff] [blame] | 67 | void SetEllipticCurves(const std::vector<std::string>& curves) { |
| 68 | ssl_adapter_->SetEllipticCurves(curves); |
| 69 | } |
| 70 | |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 71 | rtc::SocketAddress GetAddress() const { |
| 72 | return ssl_adapter_->GetLocalAddress(); |
| 73 | } |
| 74 | |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 75 | rtc::AsyncSocket::ConnState GetState() const { |
| 76 | return ssl_adapter_->GetState(); |
| 77 | } |
| 78 | |
| 79 | const std::string& GetReceivedData() const { |
| 80 | return data_; |
| 81 | } |
| 82 | |
| 83 | int Connect(const std::string& hostname, const rtc::SocketAddress& address) { |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 84 | LOG(LS_INFO) << "Initiating connection with " << address; |
| 85 | |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 86 | int rv = ssl_adapter_->Connect(address); |
| 87 | |
| 88 | if (rv == 0) { |
| 89 | LOG(LS_INFO) << "Starting " << GetSSLProtocolName(ssl_mode_) |
| 90 | << " handshake with " << hostname; |
| 91 | |
| 92 | if (ssl_adapter_->StartSSL(hostname.c_str(), false) != 0) { |
| 93 | return -1; |
| 94 | } |
| 95 | } |
| 96 | |
| 97 | return rv; |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 98 | } |
| 99 | |
| 100 | int Close() { |
| 101 | return ssl_adapter_->Close(); |
| 102 | } |
| 103 | |
| 104 | int Send(const std::string& message) { |
| 105 | LOG(LS_INFO) << "Client sending '" << message << "'"; |
| 106 | |
| 107 | return ssl_adapter_->Send(message.data(), message.length()); |
| 108 | } |
| 109 | |
| 110 | void OnSSLAdapterReadEvent(rtc::AsyncSocket* socket) { |
| 111 | char buffer[4096] = ""; |
| 112 | |
| 113 | // Read data received from the server and store it in our internal buffer. |
Stefan Holmer | 9131efd | 2016-05-23 18:19:26 +0200 | [diff] [blame] | 114 | int read = socket->Recv(buffer, sizeof(buffer) - 1, nullptr); |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 115 | if (read != -1) { |
| 116 | buffer[read] = '\0'; |
| 117 | |
| 118 | LOG(LS_INFO) << "Client received '" << buffer << "'"; |
| 119 | |
| 120 | data_ += buffer; |
| 121 | } |
| 122 | } |
| 123 | |
| 124 | void OnSSLAdapterCloseEvent(rtc::AsyncSocket* socket, int error) { |
| 125 | // OpenSSLAdapter signals handshake failure with a close event, but without |
| 126 | // closing the socket! Let's close the socket here. This way GetState() can |
| 127 | // return CS_CLOSED after failure. |
| 128 | if (socket->GetState() != rtc::AsyncSocket::CS_CLOSED) { |
| 129 | socket->Close(); |
| 130 | } |
| 131 | } |
| 132 | |
| 133 | private: |
| 134 | const rtc::SSLMode ssl_mode_; |
| 135 | |
jbauch | 555604a | 2016-04-26 03:13:22 -0700 | [diff] [blame] | 136 | std::unique_ptr<rtc::SSLAdapter> ssl_adapter_; |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 137 | |
| 138 | std::string data_; |
| 139 | }; |
| 140 | |
| 141 | class SSLAdapterTestDummyServer : public sigslot::has_slots<> { |
| 142 | public: |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 143 | explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode, |
torbjorng | 4e57247 | 2015-10-08 09:42:49 -0700 | [diff] [blame] | 144 | const rtc::KeyParams& key_params) |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 145 | : ssl_mode_(ssl_mode) { |
| 146 | // Generate a key pair and a certificate for this host. |
torbjorng | 4e57247 | 2015-10-08 09:42:49 -0700 | [diff] [blame] | 147 | ssl_identity_.reset(rtc::SSLIdentity::Generate(GetHostname(), key_params)); |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 148 | |
| 149 | server_socket_.reset(CreateSocket(ssl_mode_)); |
| 150 | |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 151 | if (ssl_mode_ == rtc::SSL_MODE_TLS) { |
| 152 | server_socket_->SignalReadEvent.connect(this, |
| 153 | &SSLAdapterTestDummyServer::OnServerSocketReadEvent); |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 154 | |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 155 | server_socket_->Listen(1); |
| 156 | } |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 157 | |
| 158 | LOG(LS_INFO) << ((ssl_mode_ == rtc::SSL_MODE_DTLS) ? "UDP" : "TCP") |
| 159 | << " server listening on " << server_socket_->GetLocalAddress(); |
| 160 | } |
| 161 | |
| 162 | rtc::SocketAddress GetAddress() const { |
| 163 | return server_socket_->GetLocalAddress(); |
| 164 | } |
| 165 | |
| 166 | std::string GetHostname() const { |
| 167 | // Since we don't have a real certificate anyway, the value here doesn't |
| 168 | // really matter. |
| 169 | return "example.com"; |
| 170 | } |
| 171 | |
| 172 | const std::string& GetReceivedData() const { |
| 173 | return data_; |
| 174 | } |
| 175 | |
| 176 | int Send(const std::string& message) { |
deadbeef | 37f5ecf | 2017-02-27 14:06:41 -0800 | [diff] [blame] | 177 | if (ssl_stream_adapter_ == nullptr || |
| 178 | ssl_stream_adapter_->GetState() != rtc::SS_OPEN) { |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 179 | // No connection yet. |
| 180 | return -1; |
| 181 | } |
| 182 | |
| 183 | LOG(LS_INFO) << "Server sending '" << message << "'"; |
| 184 | |
| 185 | size_t written; |
| 186 | int error; |
| 187 | |
| 188 | rtc::StreamResult r = ssl_stream_adapter_->Write(message.data(), |
| 189 | message.length(), &written, &error); |
| 190 | if (r == rtc::SR_SUCCESS) { |
| 191 | return written; |
| 192 | } else { |
| 193 | return -1; |
| 194 | } |
| 195 | } |
| 196 | |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 197 | void AcceptConnection(const rtc::SocketAddress& address) { |
| 198 | // Only a single connection is supported. |
deadbeef | 37f5ecf | 2017-02-27 14:06:41 -0800 | [diff] [blame] | 199 | ASSERT_TRUE(ssl_stream_adapter_ == nullptr); |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 200 | |
| 201 | // This is only for DTLS. |
| 202 | ASSERT_EQ(rtc::SSL_MODE_DTLS, ssl_mode_); |
| 203 | |
| 204 | // Transfer ownership of the socket to the SSLStreamAdapter object. |
| 205 | rtc::AsyncSocket* socket = server_socket_.release(); |
| 206 | |
| 207 | socket->Connect(address); |
| 208 | |
| 209 | DoHandshake(socket); |
| 210 | } |
| 211 | |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 212 | void OnServerSocketReadEvent(rtc::AsyncSocket* socket) { |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 213 | // Only a single connection is supported. |
deadbeef | 37f5ecf | 2017-02-27 14:06:41 -0800 | [diff] [blame] | 214 | ASSERT_TRUE(ssl_stream_adapter_ == nullptr); |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 215 | |
deadbeef | 37f5ecf | 2017-02-27 14:06:41 -0800 | [diff] [blame] | 216 | DoHandshake(server_socket_->Accept(nullptr)); |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 217 | } |
| 218 | |
| 219 | void OnSSLStreamAdapterEvent(rtc::StreamInterface* stream, int sig, int err) { |
| 220 | if (sig & rtc::SE_READ) { |
| 221 | char buffer[4096] = ""; |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 222 | size_t read; |
| 223 | int error; |
| 224 | |
| 225 | // Read data received from the client and store it in our internal |
| 226 | // buffer. |
deadbeef | ed3b986 | 2017-06-02 10:33:16 -0700 | [diff] [blame] | 227 | rtc::StreamResult r = |
| 228 | stream->Read(buffer, sizeof(buffer) - 1, &read, &error); |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 229 | if (r == rtc::SR_SUCCESS) { |
| 230 | buffer[read] = '\0'; |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 231 | LOG(LS_INFO) << "Server received '" << buffer << "'"; |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 232 | data_ += buffer; |
| 233 | } |
| 234 | } |
| 235 | } |
| 236 | |
| 237 | private: |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 238 | void DoHandshake(rtc::AsyncSocket* socket) { |
| 239 | rtc::SocketStream* stream = new rtc::SocketStream(socket); |
| 240 | |
| 241 | ssl_stream_adapter_.reset(rtc::SSLStreamAdapter::Create(stream)); |
| 242 | |
| 243 | ssl_stream_adapter_->SetMode(ssl_mode_); |
| 244 | ssl_stream_adapter_->SetServerRole(); |
| 245 | |
| 246 | // SSLStreamAdapter is normally used for peer-to-peer communication, but |
| 247 | // here we're testing communication between a client and a server |
| 248 | // (e.g. a WebRTC-based application and an RFC 5766 TURN server), where |
| 249 | // clients are not required to provide a certificate during handshake. |
| 250 | // Accordingly, we must disable client authentication here. |
| 251 | ssl_stream_adapter_->set_client_auth_enabled(false); |
| 252 | |
| 253 | ssl_stream_adapter_->SetIdentity(ssl_identity_->GetReference()); |
| 254 | |
| 255 | // Set a bogus peer certificate digest. |
| 256 | unsigned char digest[20]; |
| 257 | size_t digest_len = sizeof(digest); |
| 258 | ssl_stream_adapter_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest, |
| 259 | digest_len); |
| 260 | |
Taylor Brandstetter | c8762a8 | 2016-08-11 12:01:49 -0700 | [diff] [blame] | 261 | ssl_stream_adapter_->StartSSL(); |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 262 | |
| 263 | ssl_stream_adapter_->SignalEvent.connect(this, |
| 264 | &SSLAdapterTestDummyServer::OnSSLStreamAdapterEvent); |
| 265 | } |
| 266 | |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 267 | const rtc::SSLMode ssl_mode_; |
| 268 | |
jbauch | 555604a | 2016-04-26 03:13:22 -0700 | [diff] [blame] | 269 | std::unique_ptr<rtc::AsyncSocket> server_socket_; |
| 270 | std::unique_ptr<rtc::SSLStreamAdapter> ssl_stream_adapter_; |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 271 | |
jbauch | 555604a | 2016-04-26 03:13:22 -0700 | [diff] [blame] | 272 | std::unique_ptr<rtc::SSLIdentity> ssl_identity_; |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 273 | |
| 274 | std::string data_; |
| 275 | }; |
| 276 | |
| 277 | class SSLAdapterTestBase : public testing::Test, |
| 278 | public sigslot::has_slots<> { |
| 279 | public: |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 280 | explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode, |
torbjorng | 4e57247 | 2015-10-08 09:42:49 -0700 | [diff] [blame] | 281 | const rtc::KeyParams& key_params) |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 282 | : ssl_mode_(ssl_mode), |
deadbeef | 98e186c | 2017-05-16 18:00:06 -0700 | [diff] [blame] | 283 | vss_(new rtc::VirtualSocketServer()), |
nisse | 7eaa4ea | 2017-05-08 05:25:41 -0700 | [diff] [blame] | 284 | thread_(vss_.get()), |
torbjorng | 4e57247 | 2015-10-08 09:42:49 -0700 | [diff] [blame] | 285 | server_(new SSLAdapterTestDummyServer(ssl_mode_, key_params)), |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 286 | client_(new SSLAdapterTestDummyClient(ssl_mode_)), |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 287 | handshake_wait_(kTimeout) {} |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 288 | |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 289 | void SetHandshakeWait(int wait) { |
| 290 | handshake_wait_ = wait; |
| 291 | } |
| 292 | |
Diogo Real | 1dca9d5 | 2017-08-29 12:18:32 -0700 | [diff] [blame] | 293 | void SetAlpnProtocols(const std::vector<std::string>& protos) { |
| 294 | client_->SetAlpnProtocols(protos); |
| 295 | } |
| 296 | |
Diogo Real | 7bd1f1b | 2017-09-08 12:50:41 -0700 | [diff] [blame] | 297 | void SetEllipticCurves(const std::vector<std::string>& curves) { |
| 298 | client_->SetEllipticCurves(curves); |
| 299 | } |
| 300 | |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 301 | void TestHandshake(bool expect_success) { |
| 302 | int rv; |
| 303 | |
| 304 | // The initial state is CS_CLOSED |
| 305 | ASSERT_EQ(rtc::AsyncSocket::CS_CLOSED, client_->GetState()); |
| 306 | |
| 307 | rv = client_->Connect(server_->GetHostname(), server_->GetAddress()); |
| 308 | ASSERT_EQ(0, rv); |
| 309 | |
| 310 | // Now the state should be CS_CONNECTING |
| 311 | ASSERT_EQ(rtc::AsyncSocket::CS_CONNECTING, client_->GetState()); |
| 312 | |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 313 | if (ssl_mode_ == rtc::SSL_MODE_DTLS) { |
| 314 | // For DTLS, call AcceptConnection() with the client's address. |
| 315 | server_->AcceptConnection(client_->GetAddress()); |
| 316 | } |
| 317 | |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 318 | if (expect_success) { |
| 319 | // If expecting success, the client should end up in the CS_CONNECTED |
| 320 | // state after handshake. |
| 321 | EXPECT_EQ_WAIT(rtc::AsyncSocket::CS_CONNECTED, client_->GetState(), |
| 322 | handshake_wait_); |
| 323 | |
| 324 | LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_) << " handshake complete."; |
| 325 | |
| 326 | } else { |
| 327 | // On handshake failure the client should end up in the CS_CLOSED state. |
| 328 | EXPECT_EQ_WAIT(rtc::AsyncSocket::CS_CLOSED, client_->GetState(), |
| 329 | handshake_wait_); |
| 330 | |
| 331 | LOG(LS_INFO) << GetSSLProtocolName(ssl_mode_) << " handshake failed."; |
| 332 | } |
| 333 | } |
| 334 | |
| 335 | void TestTransfer(const std::string& message) { |
| 336 | int rv; |
| 337 | |
| 338 | rv = client_->Send(message); |
| 339 | ASSERT_EQ(static_cast<int>(message.length()), rv); |
| 340 | |
| 341 | // The server should have received the client's message. |
| 342 | EXPECT_EQ_WAIT(message, server_->GetReceivedData(), kTimeout); |
| 343 | |
| 344 | rv = server_->Send(message); |
| 345 | ASSERT_EQ(static_cast<int>(message.length()), rv); |
| 346 | |
| 347 | // The client should have received the server's message. |
| 348 | EXPECT_EQ_WAIT(message, client_->GetReceivedData(), kTimeout); |
| 349 | |
| 350 | LOG(LS_INFO) << "Transfer complete."; |
| 351 | } |
| 352 | |
deadbeef | ed3b986 | 2017-06-02 10:33:16 -0700 | [diff] [blame] | 353 | protected: |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 354 | const rtc::SSLMode ssl_mode_; |
| 355 | |
nisse | 7eaa4ea | 2017-05-08 05:25:41 -0700 | [diff] [blame] | 356 | std::unique_ptr<rtc::VirtualSocketServer> vss_; |
| 357 | rtc::AutoSocketServerThread thread_; |
jbauch | 555604a | 2016-04-26 03:13:22 -0700 | [diff] [blame] | 358 | std::unique_ptr<SSLAdapterTestDummyServer> server_; |
| 359 | std::unique_ptr<SSLAdapterTestDummyClient> client_; |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 360 | |
| 361 | int handshake_wait_; |
| 362 | }; |
| 363 | |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 364 | class SSLAdapterTestTLS_RSA : public SSLAdapterTestBase { |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 365 | public: |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 366 | SSLAdapterTestTLS_RSA() |
torbjorng | 4e57247 | 2015-10-08 09:42:49 -0700 | [diff] [blame] | 367 | : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::RSA()) {} |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 368 | }; |
| 369 | |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 370 | class SSLAdapterTestTLS_ECDSA : public SSLAdapterTestBase { |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 371 | public: |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 372 | SSLAdapterTestTLS_ECDSA() |
torbjorng | 4e57247 | 2015-10-08 09:42:49 -0700 | [diff] [blame] | 373 | : SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::ECDSA()) {} |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 374 | }; |
| 375 | |
| 376 | class SSLAdapterTestDTLS_RSA : public SSLAdapterTestBase { |
| 377 | public: |
| 378 | SSLAdapterTestDTLS_RSA() |
torbjorng | 4e57247 | 2015-10-08 09:42:49 -0700 | [diff] [blame] | 379 | : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::RSA()) {} |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 380 | }; |
| 381 | |
| 382 | class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase { |
| 383 | public: |
| 384 | SSLAdapterTestDTLS_ECDSA() |
torbjorng | 4e57247 | 2015-10-08 09:42:49 -0700 | [diff] [blame] | 385 | : SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {} |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 386 | }; |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 387 | |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 388 | // Basic tests: TLS |
| 389 | |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 390 | // Test that handshake works, using RSA |
| 391 | TEST_F(SSLAdapterTestTLS_RSA, TestTLSConnect) { |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 392 | TestHandshake(true); |
| 393 | } |
| 394 | |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 395 | // Test that handshake works, using ECDSA |
| 396 | TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSConnect) { |
| 397 | TestHandshake(true); |
| 398 | } |
| 399 | |
| 400 | // Test transfer between client and server, using RSA |
| 401 | TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransfer) { |
| 402 | TestHandshake(true); |
| 403 | TestTransfer("Hello, world!"); |
| 404 | } |
| 405 | |
deadbeef | ed3b986 | 2017-06-02 10:33:16 -0700 | [diff] [blame] | 406 | TEST_F(SSLAdapterTestTLS_RSA, TestTLSTransferWithBlockedSocket) { |
| 407 | TestHandshake(true); |
| 408 | |
| 409 | // Tell the underlying socket to simulate being blocked. |
| 410 | vss_->SetSendingBlocked(true); |
| 411 | |
| 412 | std::string expected; |
| 413 | int rv; |
| 414 | // Send messages until the SSL socket adapter starts applying backpressure. |
| 415 | // Note that this may not occur immediately since there may be some amount of |
| 416 | // intermediate buffering (either in our code or in BoringSSL). |
| 417 | for (int i = 0; i < 1024; ++i) { |
| 418 | std::string message = "Hello, world: " + rtc::ToString(i); |
| 419 | rv = client_->Send(message); |
| 420 | if (rv != static_cast<int>(message.size())) { |
| 421 | // This test assumes either the whole message or none of it is sent. |
| 422 | ASSERT_EQ(-1, rv); |
| 423 | break; |
| 424 | } |
| 425 | expected += message; |
| 426 | } |
| 427 | // Assert that the loop above exited due to Send returning -1. |
| 428 | ASSERT_EQ(-1, rv); |
| 429 | |
| 430 | // Try sending another message while blocked. -1 should be returned again and |
| 431 | // it shouldn't end up received by the server later. |
| 432 | EXPECT_EQ(-1, client_->Send("Never sent")); |
| 433 | |
| 434 | // Unblock the underlying socket. All of the buffered messages should be sent |
| 435 | // without any further action. |
| 436 | vss_->SetSendingBlocked(false); |
| 437 | EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout); |
| 438 | |
| 439 | // Send another message. This previously wasn't working |
| 440 | std::string final_message = "Fin."; |
| 441 | expected += final_message; |
| 442 | EXPECT_EQ(static_cast<int>(final_message.size()), |
| 443 | client_->Send(final_message)); |
| 444 | EXPECT_EQ_WAIT(expected, server_->GetReceivedData(), kTimeout); |
| 445 | } |
| 446 | |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 447 | // Test transfer between client and server, using ECDSA |
| 448 | TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSTransfer) { |
tkchin@webrtc.org | c569a49 | 2014-09-23 05:56:44 +0000 | [diff] [blame] | 449 | TestHandshake(true); |
| 450 | TestTransfer("Hello, world!"); |
| 451 | } |
| 452 | |
Diogo Real | 1dca9d5 | 2017-08-29 12:18:32 -0700 | [diff] [blame] | 453 | // Test transfer using ALPN with protos as h2 and http/1.1 |
| 454 | TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSALPN) { |
| 455 | std::vector<std::string> alpn_protos{"h2", "http/1.1"}; |
| 456 | SetAlpnProtocols(alpn_protos); |
| 457 | TestHandshake(true); |
| 458 | TestTransfer("Hello, world!"); |
| 459 | } |
| 460 | |
Diogo Real | 7bd1f1b | 2017-09-08 12:50:41 -0700 | [diff] [blame] | 461 | // Test transfer with TLS Elliptic curves set to "X25519:P-256:P-384:P-521" |
| 462 | TEST_F(SSLAdapterTestTLS_ECDSA, TestTLSEllipticCurves) { |
| 463 | std::vector<std::string> elliptic_curves{"X25519", "P-256", "P-384", "P-521"}; |
| 464 | SetEllipticCurves(elliptic_curves); |
| 465 | TestHandshake(true); |
| 466 | TestTransfer("Hello, world!"); |
| 467 | } |
| 468 | |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 469 | // Basic tests: DTLS |
| 470 | |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 471 | // Test that handshake works, using RSA |
| 472 | TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSConnect) { |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 473 | TestHandshake(true); |
| 474 | } |
| 475 | |
Torbjorn Granlund | b6d4ec4 | 2015-08-17 14:08:59 +0200 | [diff] [blame] | 476 | // Test that handshake works, using ECDSA |
| 477 | TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSConnect) { |
| 478 | TestHandshake(true); |
| 479 | } |
| 480 | |
| 481 | // Test transfer between client and server, using RSA |
| 482 | TEST_F(SSLAdapterTestDTLS_RSA, TestDTLSTransfer) { |
| 483 | TestHandshake(true); |
| 484 | TestTransfer("Hello, world!"); |
| 485 | } |
| 486 | |
| 487 | // Test transfer between client and server, using ECDSA |
| 488 | TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransfer) { |
pthatcher@webrtc.org | a9b1ec0 | 2014-12-29 23:00:14 +0000 | [diff] [blame] | 489 | TestHandshake(true); |
| 490 | TestTransfer("Hello, world!"); |
| 491 | } |