Home | History | Annotate | Download | only in base
      1 /*
      2  *  Copyright 2011 The WebRTC Project Authors. All rights reserved.
      3  *
      4  *  Use of this source code is governed by a BSD-style license
      5  *  that can be found in the LICENSE file in the root of the source
      6  *  tree. An additional intellectual property rights grant can be found
      7  *  in the file PATENTS.  All contributing project authors may
      8  *  be found in the AUTHORS file in the root of the source tree.
      9  */
     10 
     11 
     12 #include <algorithm>
     13 #include <set>
     14 #include <string>
     15 
     16 #include "webrtc/base/bufferqueue.h"
     17 #include "webrtc/base/gunit.h"
     18 #include "webrtc/base/helpers.h"
     19 #include "webrtc/base/scoped_ptr.h"
     20 #include "webrtc/base/ssladapter.h"
     21 #include "webrtc/base/sslconfig.h"
     22 #include "webrtc/base/sslidentity.h"
     23 #include "webrtc/base/sslstreamadapter.h"
     24 #include "webrtc/base/stream.h"
     25 
     26 using ::testing::WithParamInterface;
     27 using ::testing::Values;
     28 using ::testing::Combine;
     29 using ::testing::tuple;
     30 
     31 static const int kBlockSize = 4096;
     32 static const char kExporterLabel[] = "label";
     33 static const unsigned char kExporterContext[] = "context";
     34 static int kExporterContextLen = sizeof(kExporterContext);
     35 
     36 static const char kRSA_PRIVATE_KEY_PEM[] =
     37     "-----BEGIN RSA PRIVATE KEY-----\n"
     38     "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
     39     "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
     40     "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
     41     "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
     42     "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
     43     "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
     44     "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
     45     "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
     46     "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
     47     "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
     48     "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
     49     "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
     50     "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
     51     "UCXiYxSsu20QNVw=\n"
     52     "-----END RSA PRIVATE KEY-----\n";
     53 
     54 static const char kCERT_PEM[] =
     55     "-----BEGIN CERTIFICATE-----\n"
     56     "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
     57     "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
     58     "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
     59     "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
     60     "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
     61     "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
     62     "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
     63     "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
     64     "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
     65     "-----END CERTIFICATE-----\n";
     66 
     67 #define MAYBE_SKIP_TEST(feature)                    \
     68   if (!(rtc::SSLStreamAdapter::feature())) {  \
     69     LOG(LS_INFO) << "Feature disabled... skipping"; \
     70     return;                                         \
     71   }
     72 
     73 class SSLStreamAdapterTestBase;
     74 
     75 class SSLDummyStreamBase : public rtc::StreamInterface,
     76                            public sigslot::has_slots<> {
     77  public:
     78   SSLDummyStreamBase(SSLStreamAdapterTestBase* test,
     79                      const std::string &side,
     80                      rtc::StreamInterface* in,
     81                      rtc::StreamInterface* out) :
     82       test_base_(test),
     83       side_(side),
     84       in_(in),
     85       out_(out),
     86       first_packet_(true) {
     87     in_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventIn);
     88     out_->SignalEvent.connect(this, &SSLDummyStreamBase::OnEventOut);
     89   }
     90 
     91   rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
     92 
     93   rtc::StreamResult Read(void* buffer, size_t buffer_len,
     94                          size_t* read, int* error) override {
     95     rtc::StreamResult r;
     96 
     97     r = in_->Read(buffer, buffer_len, read, error);
     98     if (r == rtc::SR_BLOCK)
     99       return rtc::SR_BLOCK;
    100     if (r == rtc::SR_EOS)
    101       return rtc::SR_EOS;
    102 
    103     if (r != rtc::SR_SUCCESS) {
    104       ADD_FAILURE();
    105       return rtc::SR_ERROR;
    106     }
    107 
    108     return rtc::SR_SUCCESS;
    109   }
    110 
    111   // Catch readability events on in and pass them up.
    112   void OnEventIn(rtc::StreamInterface* stream, int sig, int err) {
    113     int mask = (rtc::SE_READ | rtc::SE_CLOSE);
    114 
    115     if (sig & mask) {
    116       LOG(LS_INFO) << "SSLDummyStreamBase::OnEvent side=" << side_ <<  " sig="
    117         << sig << " forwarding upward";
    118       PostEvent(sig & mask, 0);
    119     }
    120   }
    121 
    122   // Catch writeability events on out and pass them up.
    123   void OnEventOut(rtc::StreamInterface* stream, int sig, int err) {
    124     if (sig & rtc::SE_WRITE) {
    125       LOG(LS_INFO) << "SSLDummyStreamBase::OnEvent side=" << side_ <<  " sig="
    126         << sig << " forwarding upward";
    127 
    128       PostEvent(sig & rtc::SE_WRITE, 0);
    129     }
    130   }
    131 
    132   // Write to the outgoing FifoBuffer
    133   rtc::StreamResult WriteData(const void* data, size_t data_len,
    134                               size_t* written, int* error) {
    135     return out_->Write(data, data_len, written, error);
    136   }
    137 
    138   rtc::StreamResult Write(const void* data, size_t data_len,
    139                           size_t* written, int* error) override;
    140 
    141   void Close() override {
    142     LOG(LS_INFO) << "Closing outbound stream";
    143     out_->Close();
    144   }
    145 
    146  protected:
    147   SSLStreamAdapterTestBase* test_base_;
    148   const std::string side_;
    149   rtc::StreamInterface* in_;
    150   rtc::StreamInterface* out_;
    151   bool first_packet_;
    152 };
    153 
    154 class SSLDummyStreamTLS : public SSLDummyStreamBase {
    155  public:
    156   SSLDummyStreamTLS(SSLStreamAdapterTestBase* test,
    157                     const std::string& side,
    158                     rtc::FifoBuffer* in,
    159                     rtc::FifoBuffer* out) :
    160       SSLDummyStreamBase(test, side, in, out) {
    161   }
    162 };
    163 
    164 class BufferQueueStream : public rtc::BufferQueue,
    165                           public rtc::StreamInterface {
    166  public:
    167   BufferQueueStream(size_t capacity, size_t default_size)
    168       : rtc::BufferQueue(capacity, default_size) {
    169   }
    170 
    171   // Implementation of abstract StreamInterface methods.
    172 
    173   // A buffer queue stream is always "open".
    174   rtc::StreamState GetState() const override { return rtc::SS_OPEN; }
    175 
    176   // Reading a buffer queue stream will either succeed or block.
    177   rtc::StreamResult Read(void* buffer, size_t buffer_len,
    178                          size_t* read, int* error) override {
    179     if (!ReadFront(buffer, buffer_len, read)) {
    180       return rtc::SR_BLOCK;
    181     }
    182     return rtc::SR_SUCCESS;
    183   }
    184 
    185   // Writing to a buffer queue stream will either succeed or block.
    186   rtc::StreamResult Write(const void* data, size_t data_len,
    187                           size_t* written, int* error) override {
    188     if (!WriteBack(data, data_len, written)) {
    189       return rtc::SR_BLOCK;
    190     }
    191     return rtc::SR_SUCCESS;
    192   }
    193 
    194   // A buffer queue stream can not be closed.
    195   void Close() override {}
    196 
    197  protected:
    198   void NotifyReadableForTest() override {
    199     PostEvent(rtc::SE_READ, 0);
    200   }
    201 
    202   void NotifyWritableForTest() override {
    203     PostEvent(rtc::SE_WRITE, 0);
    204   }
    205 };
    206 
    207 class SSLDummyStreamDTLS : public SSLDummyStreamBase {
    208  public:
    209   SSLDummyStreamDTLS(SSLStreamAdapterTestBase* test,
    210                      const std::string& side,
    211                      BufferQueueStream* in,
    212                      BufferQueueStream* out) :
    213       SSLDummyStreamBase(test, side, in, out) {
    214   }
    215 };
    216 
    217 static const int kFifoBufferSize = 4096;
    218 static const int kBufferCapacity = 1;
    219 static const size_t kDefaultBufferSize = 2048;
    220 
    221 class SSLStreamAdapterTestBase : public testing::Test,
    222                                  public sigslot::has_slots<> {
    223  public:
    224   SSLStreamAdapterTestBase(
    225       const std::string& client_cert_pem,
    226       const std::string& client_private_key_pem,
    227       bool dtls,
    228       rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT),
    229       rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT))
    230       : client_cert_pem_(client_cert_pem),
    231         client_private_key_pem_(client_private_key_pem),
    232         client_key_type_(client_key_type),
    233         server_key_type_(server_key_type),
    234         client_stream_(NULL),
    235         server_stream_(NULL),
    236         client_identity_(NULL),
    237         server_identity_(NULL),
    238         delay_(0),
    239         mtu_(1460),
    240         loss_(0),
    241         lose_first_packet_(false),
    242         damage_(false),
    243         dtls_(dtls),
    244         handshake_wait_(5000),
    245         identities_set_(false) {
    246     // Set use of the test RNG to get predictable loss patterns.
    247     rtc::SetRandomTestMode(true);
    248   }
    249 
    250   ~SSLStreamAdapterTestBase() {
    251     // Put it back for the next test.
    252     rtc::SetRandomTestMode(false);
    253   }
    254 
    255   void SetUp() override {
    256     CreateStreams();
    257 
    258     client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
    259     server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
    260 
    261     // Set up the slots
    262     client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
    263     server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
    264 
    265     if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
    266       client_identity_ = rtc::SSLIdentity::FromPEMStrings(
    267           client_private_key_pem_, client_cert_pem_);
    268     } else {
    269       client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type_);
    270     }
    271     server_identity_ = rtc::SSLIdentity::Generate("server", server_key_type_);
    272 
    273     client_ssl_->SetIdentity(client_identity_);
    274     server_ssl_->SetIdentity(server_identity_);
    275   }
    276 
    277   void TearDown() override {
    278     client_ssl_.reset(nullptr);
    279     server_ssl_.reset(nullptr);
    280   }
    281 
    282   virtual void CreateStreams() = 0;
    283 
    284   // Recreate the client/server identities with the specified validity period.
    285   // |not_before| and |not_after| are offsets from the current time in number
    286   // of seconds.
    287   void ResetIdentitiesWithValidity(int not_before, int not_after) {
    288     CreateStreams();
    289 
    290     client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
    291     server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
    292 
    293     client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
    294     server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
    295 
    296     time_t now = time(nullptr);
    297 
    298     rtc::SSLIdentityParams client_params;
    299     client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
    300     client_params.common_name = "client";
    301     client_params.not_before = now + not_before;
    302     client_params.not_after = now + not_after;
    303     client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params);
    304 
    305     rtc::SSLIdentityParams server_params;
    306     server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
    307     server_params.common_name = "server";
    308     server_params.not_before = now + not_before;
    309     server_params.not_after = now + not_after;
    310     server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params);
    311 
    312     client_ssl_->SetIdentity(client_identity_);
    313     server_ssl_->SetIdentity(server_identity_);
    314   }
    315 
    316   virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) {
    317     LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig;
    318 
    319     if (sig & rtc::SE_READ) {
    320       ReadData(stream);
    321     }
    322 
    323     if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) {
    324       WriteData();
    325     }
    326   }
    327 
    328   void SetPeerIdentitiesByDigest(bool correct) {
    329     unsigned char digest[20];
    330     size_t digest_len;
    331     bool rv;
    332 
    333     LOG(LS_INFO) << "Setting peer identities by digest";
    334 
    335     rv = server_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1,
    336                                                        digest, 20,
    337                                                        &digest_len);
    338     ASSERT_TRUE(rv);
    339     if (!correct) {
    340       LOG(LS_INFO) << "Setting bogus digest for server cert";
    341       digest[0]++;
    342     }
    343     rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
    344                                                digest_len);
    345     ASSERT_TRUE(rv);
    346 
    347 
    348     rv = client_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1,
    349                                                        digest, 20, &digest_len);
    350     ASSERT_TRUE(rv);
    351     if (!correct) {
    352       LOG(LS_INFO) << "Setting bogus digest for client cert";
    353       digest[0]++;
    354     }
    355     rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest,
    356                                                digest_len);
    357     ASSERT_TRUE(rv);
    358 
    359     identities_set_ = true;
    360   }
    361 
    362   void SetupProtocolVersions(rtc::SSLProtocolVersion server_version,
    363                              rtc::SSLProtocolVersion client_version) {
    364     server_ssl_->SetMaxProtocolVersion(server_version);
    365     client_ssl_->SetMaxProtocolVersion(client_version);
    366   }
    367 
    368   void TestHandshake(bool expect_success = true) {
    369     server_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS :
    370                          rtc::SSL_MODE_TLS);
    371     client_ssl_->SetMode(dtls_ ? rtc::SSL_MODE_DTLS :
    372                          rtc::SSL_MODE_TLS);
    373 
    374     if (!dtls_) {
    375       // Make sure we simulate a reliable network for TLS.
    376       // This is just a check to make sure that people don't write wrong
    377       // tests.
    378       ASSERT((mtu_ == 1460) && (loss_ == 0) && (lose_first_packet_ == 0));
    379     }
    380 
    381     if (!identities_set_)
    382       SetPeerIdentitiesByDigest(true);
    383 
    384     // Start the handshake
    385     int rv;
    386 
    387     server_ssl_->SetServerRole();
    388     rv = server_ssl_->StartSSLWithPeer();
    389     ASSERT_EQ(0, rv);
    390 
    391     rv = client_ssl_->StartSSLWithPeer();
    392     ASSERT_EQ(0, rv);
    393 
    394     // Now run the handshake
    395     if (expect_success) {
    396       EXPECT_TRUE_WAIT((client_ssl_->GetState() == rtc::SS_OPEN)
    397                        && (server_ssl_->GetState() == rtc::SS_OPEN),
    398                        handshake_wait_);
    399     } else {
    400       EXPECT_TRUE_WAIT(client_ssl_->GetState() == rtc::SS_CLOSED,
    401                        handshake_wait_);
    402     }
    403   }
    404 
    405   rtc::StreamResult DataWritten(SSLDummyStreamBase *from, const void *data,
    406                                 size_t data_len, size_t *written,
    407                                 int *error) {
    408     // Randomly drop loss_ percent of packets
    409     if (rtc::CreateRandomId() % 100 < static_cast<uint32_t>(loss_)) {
    410       LOG(LS_INFO) << "Randomly dropping packet, size=" << data_len;
    411       *written = data_len;
    412       return rtc::SR_SUCCESS;
    413     }
    414     if (dtls_ && (data_len > mtu_)) {
    415       LOG(LS_INFO) << "Dropping packet > mtu, size=" << data_len;
    416       *written = data_len;
    417       return rtc::SR_SUCCESS;
    418     }
    419 
    420     // Optionally damage application data (type 23). Note that we don't damage
    421     // handshake packets and we damage the last byte to keep the header
    422     // intact but break the MAC.
    423     if (damage_ && (*static_cast<const unsigned char *>(data) == 23)) {
    424       std::vector<char> buf(data_len);
    425 
    426       LOG(LS_INFO) << "Damaging packet";
    427 
    428       memcpy(&buf[0], data, data_len);
    429       buf[data_len - 1]++;
    430 
    431       return from->WriteData(&buf[0], data_len, written, error);
    432     }
    433 
    434     return from->WriteData(data, data_len, written, error);
    435   }
    436 
    437   void SetDelay(int delay) {
    438     delay_ = delay;
    439   }
    440   int GetDelay() { return delay_; }
    441 
    442   void SetLoseFirstPacket(bool lose) {
    443     lose_first_packet_ = lose;
    444   }
    445   bool GetLoseFirstPacket() { return lose_first_packet_; }
    446 
    447   void SetLoss(int percent) {
    448     loss_ = percent;
    449   }
    450 
    451   void SetDamage() {
    452     damage_ = true;
    453   }
    454 
    455   void SetMtu(size_t mtu) {
    456     mtu_ = mtu;
    457   }
    458 
    459   void SetHandshakeWait(int wait) {
    460     handshake_wait_ = wait;
    461   }
    462 
    463   void SetDtlsSrtpCryptoSuites(const std::vector<int>& ciphers, bool client) {
    464     if (client)
    465       client_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
    466     else
    467       server_ssl_->SetDtlsSrtpCryptoSuites(ciphers);
    468   }
    469 
    470   bool GetDtlsSrtpCryptoSuite(bool client, int* retval) {
    471     if (client)
    472       return client_ssl_->GetDtlsSrtpCryptoSuite(retval);
    473     else
    474       return server_ssl_->GetDtlsSrtpCryptoSuite(retval);
    475   }
    476 
    477   bool GetPeerCertificate(bool client, rtc::SSLCertificate** cert) {
    478     if (client)
    479       return client_ssl_->GetPeerCertificate(cert);
    480     else
    481       return server_ssl_->GetPeerCertificate(cert);
    482   }
    483 
    484   bool GetSslCipherSuite(bool client, int* retval) {
    485     if (client)
    486       return client_ssl_->GetSslCipherSuite(retval);
    487     else
    488       return server_ssl_->GetSslCipherSuite(retval);
    489   }
    490 
    491   bool ExportKeyingMaterial(const char *label,
    492                             const unsigned char *context,
    493                             size_t context_len,
    494                             bool use_context,
    495                             bool client,
    496                             unsigned char *result,
    497                             size_t result_len) {
    498     if (client)
    499       return client_ssl_->ExportKeyingMaterial(label,
    500                                                context, context_len,
    501                                                use_context,
    502                                                result, result_len);
    503     else
    504       return server_ssl_->ExportKeyingMaterial(label,
    505                                                context, context_len,
    506                                                use_context,
    507                                                result, result_len);
    508   }
    509 
    510   // To be implemented by subclasses.
    511   virtual void WriteData() = 0;
    512   virtual void ReadData(rtc::StreamInterface *stream) = 0;
    513   virtual void TestTransfer(int size) = 0;
    514 
    515  protected:
    516   std::string client_cert_pem_;
    517   std::string client_private_key_pem_;
    518   rtc::KeyParams client_key_type_;
    519   rtc::KeyParams server_key_type_;
    520   SSLDummyStreamBase *client_stream_;  // freed by client_ssl_ destructor
    521   SSLDummyStreamBase *server_stream_;  // freed by server_ssl_ destructor
    522   rtc::scoped_ptr<rtc::SSLStreamAdapter> client_ssl_;
    523   rtc::scoped_ptr<rtc::SSLStreamAdapter> server_ssl_;
    524   rtc::SSLIdentity *client_identity_;  // freed by client_ssl_ destructor
    525   rtc::SSLIdentity *server_identity_;  // freed by server_ssl_ destructor
    526   int delay_;
    527   size_t mtu_;
    528   int loss_;
    529   bool lose_first_packet_;
    530   bool damage_;
    531   bool dtls_;
    532   int handshake_wait_;
    533   bool identities_set_;
    534 };
    535 
    536 class SSLStreamAdapterTestTLS
    537     : public SSLStreamAdapterTestBase,
    538       public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
    539  public:
    540   SSLStreamAdapterTestTLS()
    541       : SSLStreamAdapterTestBase("",
    542                                  "",
    543                                  false,
    544                                  ::testing::get<0>(GetParam()),
    545                                  ::testing::get<1>(GetParam())),
    546         client_buffer_(kFifoBufferSize),
    547         server_buffer_(kFifoBufferSize) {
    548   }
    549 
    550   void CreateStreams() override {
    551     client_stream_ =
    552         new SSLDummyStreamTLS(this, "c2s", &client_buffer_, &server_buffer_);
    553     server_stream_ =
    554         new SSLDummyStreamTLS(this, "s2c", &server_buffer_, &client_buffer_);
    555   }
    556 
    557   // Test data transfer for TLS
    558   virtual void TestTransfer(int size) {
    559     LOG(LS_INFO) << "Starting transfer test with " << size << " bytes";
    560     // Create some dummy data to send.
    561     size_t received;
    562 
    563     send_stream_.ReserveSize(size);
    564     for (int i = 0; i < size; ++i) {
    565       char ch = static_cast<char>(i);
    566       send_stream_.Write(&ch, 1, NULL, NULL);
    567     }
    568     send_stream_.Rewind();
    569 
    570     // Prepare the receive stream.
    571     recv_stream_.ReserveSize(size);
    572 
    573     // Start sending
    574     WriteData();
    575 
    576     // Wait for the client to close
    577     EXPECT_TRUE_WAIT(server_ssl_->GetState() == rtc::SS_CLOSED, 10000);
    578 
    579     // Now check the data
    580     recv_stream_.GetSize(&received);
    581 
    582     EXPECT_EQ(static_cast<size_t>(size), received);
    583     EXPECT_EQ(0, memcmp(send_stream_.GetBuffer(),
    584                         recv_stream_.GetBuffer(), size));
    585   }
    586 
    587   void WriteData() {
    588     size_t position, tosend, size;
    589     rtc::StreamResult rv;
    590     size_t sent;
    591     char block[kBlockSize];
    592 
    593     send_stream_.GetSize(&size);
    594     if (!size)
    595       return;
    596 
    597     for (;;) {
    598       send_stream_.GetPosition(&position);
    599       if (send_stream_.Read(block, sizeof(block), &tosend, NULL) !=
    600           rtc::SR_EOS) {
    601         rv = client_ssl_->Write(block, tosend, &sent, 0);
    602 
    603         if (rv == rtc::SR_SUCCESS) {
    604           send_stream_.SetPosition(position + sent);
    605           LOG(LS_VERBOSE) << "Sent: " << position + sent;
    606         } else if (rv == rtc::SR_BLOCK) {
    607           LOG(LS_VERBOSE) << "Blocked...";
    608           send_stream_.SetPosition(position);
    609           break;
    610         } else {
    611           ADD_FAILURE();
    612           break;
    613         }
    614       } else {
    615         // Now close
    616         LOG(LS_INFO) << "Wrote " << position << " bytes. Closing";
    617         client_ssl_->Close();
    618         break;
    619       }
    620     }
    621   };
    622 
    623   virtual void ReadData(rtc::StreamInterface *stream) {
    624     char buffer[1600];
    625     size_t bread;
    626     int err2;
    627     rtc::StreamResult r;
    628 
    629     for (;;) {
    630       r = stream->Read(buffer, sizeof(buffer), &bread, &err2);
    631 
    632       if (r == rtc::SR_ERROR || r == rtc::SR_EOS) {
    633         // Unfortunately, errors are the way that the stream adapter
    634         // signals close in OpenSSL.
    635         stream->Close();
    636         return;
    637       }
    638 
    639       if (r == rtc::SR_BLOCK)
    640         break;
    641 
    642       ASSERT_EQ(rtc::SR_SUCCESS, r);
    643       LOG(LS_INFO) << "Read " << bread;
    644 
    645       recv_stream_.Write(buffer, bread, NULL, NULL);
    646     }
    647   }
    648 
    649  private:
    650   rtc::FifoBuffer client_buffer_;
    651   rtc::FifoBuffer server_buffer_;
    652   rtc::MemoryStream send_stream_;
    653   rtc::MemoryStream recv_stream_;
    654 };
    655 
    656 class SSLStreamAdapterTestDTLS
    657     : public SSLStreamAdapterTestBase,
    658       public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
    659  public:
    660   SSLStreamAdapterTestDTLS()
    661       : SSLStreamAdapterTestBase("",
    662                                  "",
    663                                  true,
    664                                  ::testing::get<0>(GetParam()),
    665                                  ::testing::get<1>(GetParam())),
    666         client_buffer_(kBufferCapacity, kDefaultBufferSize),
    667         server_buffer_(kBufferCapacity, kDefaultBufferSize),
    668         packet_size_(1000),
    669         count_(0),
    670         sent_(0) {}
    671 
    672   SSLStreamAdapterTestDTLS(const std::string& cert_pem,
    673                            const std::string& private_key_pem) :
    674       SSLStreamAdapterTestBase(cert_pem, private_key_pem, true),
    675       client_buffer_(kBufferCapacity, kDefaultBufferSize),
    676       server_buffer_(kBufferCapacity, kDefaultBufferSize),
    677       packet_size_(1000), count_(0), sent_(0) {
    678   }
    679 
    680   void CreateStreams() override {
    681     client_stream_ =
    682         new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);
    683     server_stream_ =
    684         new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);
    685   }
    686 
    687   virtual void WriteData() {
    688     unsigned char *packet = new unsigned char[1600];
    689 
    690     while (sent_ < count_) {
    691       unsigned int rand_state = sent_;
    692       packet[0] = sent_;
    693       for (size_t i = 1; i < packet_size_; i++) {
    694         // This is a simple LC PRNG.  Keep in synch with identical code below.
    695         rand_state = (rand_state * 251 + 19937) >> 7;
    696         packet[i] = rand_state & 0xff;
    697       }
    698 
    699       size_t sent;
    700       rtc::StreamResult rv = client_ssl_->Write(packet, packet_size_, &sent, 0);
    701       if (rv == rtc::SR_SUCCESS) {
    702         LOG(LS_VERBOSE) << "Sent: " << sent_;
    703         sent_++;
    704       } else if (rv == rtc::SR_BLOCK) {
    705         LOG(LS_VERBOSE) << "Blocked...";
    706         break;
    707       } else {
    708         ADD_FAILURE();
    709         break;
    710       }
    711     }
    712 
    713     delete [] packet;
    714   }
    715 
    716   virtual void ReadData(rtc::StreamInterface *stream) {
    717     unsigned char buffer[2000];
    718     size_t bread;
    719     int err2;
    720     rtc::StreamResult r;
    721 
    722     for (;;) {
    723       r = stream->Read(buffer, 2000, &bread, &err2);
    724 
    725       if (r == rtc::SR_ERROR) {
    726         // Unfortunately, errors are the way that the stream adapter
    727         // signals close right now
    728         stream->Close();
    729         return;
    730       }
    731 
    732       if (r == rtc::SR_BLOCK)
    733         break;
    734 
    735       ASSERT_EQ(rtc::SR_SUCCESS, r);
    736       LOG(LS_INFO) << "Read " << bread;
    737 
    738       // Now parse the datagram
    739       ASSERT_EQ(packet_size_, bread);
    740       unsigned char packet_num = buffer[0];
    741 
    742       unsigned int rand_state = packet_num;
    743       for (size_t i = 1; i < packet_size_; i++) {
    744         // This is a simple LC PRNG.  Keep in synch with identical code above.
    745         rand_state = (rand_state * 251 + 19937) >> 7;
    746         ASSERT_EQ(rand_state & 0xff, buffer[i]);
    747       }
    748       received_.insert(packet_num);
    749     }
    750   }
    751 
    752   virtual void TestTransfer(int count) {
    753     count_ = count;
    754 
    755     WriteData();
    756 
    757     EXPECT_TRUE_WAIT(sent_ == count_, 10000);
    758     LOG(LS_INFO) << "sent_ == " << sent_;
    759 
    760     if (damage_) {
    761       WAIT(false, 2000);
    762       EXPECT_EQ(0U, received_.size());
    763     } else if (loss_ == 0) {
    764         EXPECT_EQ_WAIT(static_cast<size_t>(sent_), received_.size(), 1000);
    765     } else {
    766       LOG(LS_INFO) << "Sent " << sent_ << " packets; received " <<
    767           received_.size();
    768     }
    769   };
    770 
    771  private:
    772   BufferQueueStream client_buffer_;
    773   BufferQueueStream server_buffer_;
    774   size_t packet_size_;
    775   int count_;
    776   int sent_;
    777   std::set<int> received_;
    778 };
    779 
    780 
    781 rtc::StreamResult SSLDummyStreamBase::Write(const void* data, size_t data_len,
    782                                               size_t* written, int* error) {
    783   LOG(LS_INFO) << "Writing to loopback " << data_len;
    784 
    785   if (first_packet_) {
    786     first_packet_ = false;
    787     if (test_base_->GetLoseFirstPacket()) {
    788       LOG(LS_INFO) << "Losing initial packet of length " << data_len;
    789       *written = data_len;  // Fake successful writing also to writer.
    790       return rtc::SR_SUCCESS;
    791     }
    792   }
    793 
    794   return test_base_->DataWritten(this, data, data_len, written, error);
    795 };
    796 
    797 class SSLStreamAdapterTestDTLSFromPEMStrings : public SSLStreamAdapterTestDTLS {
    798  public:
    799   SSLStreamAdapterTestDTLSFromPEMStrings() :
    800       SSLStreamAdapterTestDTLS(kCERT_PEM, kRSA_PRIVATE_KEY_PEM) {
    801   }
    802 };
    803 
    804 // Basic tests: TLS
    805 
    806 // Test that we can make a handshake work
    807 TEST_P(SSLStreamAdapterTestTLS, TestTLSConnect) {
    808   TestHandshake();
    809 };
    810 
    811 // Test that closing the connection on one side updates the other side.
    812 TEST_P(SSLStreamAdapterTestTLS, TestTLSClose) {
    813   TestHandshake();
    814   client_ssl_->Close();
    815   EXPECT_EQ_WAIT(rtc::SS_CLOSED, server_ssl_->GetState(), handshake_wait_);
    816 };
    817 
    818 // Test transfer -- trivial
    819 TEST_P(SSLStreamAdapterTestTLS, TestTLSTransfer) {
    820   TestHandshake();
    821   TestTransfer(100000);
    822 };
    823 
    824 // Test read-write after close.
    825 TEST_P(SSLStreamAdapterTestTLS, ReadWriteAfterClose) {
    826   TestHandshake();
    827   TestTransfer(100000);
    828   client_ssl_->Close();
    829 
    830   rtc::StreamResult rv;
    831   char block[kBlockSize];
    832   size_t dummy;
    833 
    834   // It's an error to write after closed.
    835   rv = client_ssl_->Write(block, sizeof(block), &dummy, NULL);
    836   ASSERT_EQ(rtc::SR_ERROR, rv);
    837 
    838   // But after closed read gives you EOS.
    839   rv = client_ssl_->Read(block, sizeof(block), &dummy, NULL);
    840   ASSERT_EQ(rtc::SR_EOS, rv);
    841 };
    842 
    843 // Test a handshake with a bogus peer digest
    844 TEST_P(SSLStreamAdapterTestTLS, TestTLSBogusDigest) {
    845   SetPeerIdentitiesByDigest(false);
    846   TestHandshake(false);
    847 };
    848 
    849 // Test moving a bunch of data
    850 
    851 // Basic tests: DTLS
    852 // Test that we can make a handshake work
    853 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
    854   MAYBE_SKIP_TEST(HaveDtls);
    855   TestHandshake();
    856 };
    857 
    858 // Test that we can make a handshake work if the first packet in
    859 // each direction is lost. This gives us predictable loss
    860 // rather than having to tune random
    861 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
    862   MAYBE_SKIP_TEST(HaveDtls);
    863   SetLoseFirstPacket(true);
    864   TestHandshake();
    865 };
    866 
    867 // Test a handshake with loss and delay
    868 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
    869   MAYBE_SKIP_TEST(HaveDtls);
    870   SetLoseFirstPacket(true);
    871   SetDelay(2000);
    872   SetHandshakeWait(20000);
    873   TestHandshake();
    874 };
    875 
    876 // Test a handshake with small MTU
    877 // Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
    878 TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
    879   MAYBE_SKIP_TEST(HaveDtls);
    880   SetMtu(700);
    881   SetHandshakeWait(20000);
    882   TestHandshake();
    883 };
    884 
    885 // Test transfer -- trivial
    886 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
    887   MAYBE_SKIP_TEST(HaveDtls);
    888   TestHandshake();
    889   TestTransfer(100);
    890 };
    891 
    892 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
    893   MAYBE_SKIP_TEST(HaveDtls);
    894   TestHandshake();
    895   SetLoss(10);
    896   TestTransfer(100);
    897 };
    898 
    899 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
    900   MAYBE_SKIP_TEST(HaveDtls);
    901   SetDamage();  // Must be called first because first packet
    902                 // write happens at end of handshake.
    903   TestHandshake();
    904   TestTransfer(100);
    905 };
    906 
    907 // Test DTLS-SRTP with all high ciphers
    908 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
    909   MAYBE_SKIP_TEST(HaveDtlsSrtp);
    910   std::vector<int> high;
    911   high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
    912   SetDtlsSrtpCryptoSuites(high, true);
    913   SetDtlsSrtpCryptoSuites(high, false);
    914   TestHandshake();
    915 
    916   int client_cipher;
    917   ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
    918   int server_cipher;
    919   ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
    920 
    921   ASSERT_EQ(client_cipher, server_cipher);
    922   ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
    923 };
    924 
    925 // Test DTLS-SRTP with all low ciphers
    926 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
    927   MAYBE_SKIP_TEST(HaveDtlsSrtp);
    928   std::vector<int> low;
    929   low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
    930   SetDtlsSrtpCryptoSuites(low, true);
    931   SetDtlsSrtpCryptoSuites(low, false);
    932   TestHandshake();
    933 
    934   int client_cipher;
    935   ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
    936   int server_cipher;
    937   ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
    938 
    939   ASSERT_EQ(client_cipher, server_cipher);
    940   ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_32);
    941 };
    942 
    943 
    944 // Test DTLS-SRTP with a mismatch -- should not converge
    945 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
    946   MAYBE_SKIP_TEST(HaveDtlsSrtp);
    947   std::vector<int> high;
    948   high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
    949   std::vector<int> low;
    950   low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
    951   SetDtlsSrtpCryptoSuites(high, true);
    952   SetDtlsSrtpCryptoSuites(low, false);
    953   TestHandshake();
    954 
    955   int client_cipher;
    956   ASSERT_FALSE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
    957   int server_cipher;
    958   ASSERT_FALSE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
    959 };
    960 
    961 // Test DTLS-SRTP with each side being mixed -- should select high
    962 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
    963   MAYBE_SKIP_TEST(HaveDtlsSrtp);
    964   std::vector<int> mixed;
    965   mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
    966   mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
    967   SetDtlsSrtpCryptoSuites(mixed, true);
    968   SetDtlsSrtpCryptoSuites(mixed, false);
    969   TestHandshake();
    970 
    971   int client_cipher;
    972   ASSERT_TRUE(GetDtlsSrtpCryptoSuite(true, &client_cipher));
    973   int server_cipher;
    974   ASSERT_TRUE(GetDtlsSrtpCryptoSuite(false, &server_cipher));
    975 
    976   ASSERT_EQ(client_cipher, server_cipher);
    977   ASSERT_EQ(client_cipher, rtc::SRTP_AES128_CM_SHA1_80);
    978 };
    979 
    980 // Test an exporter
    981 TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
    982   MAYBE_SKIP_TEST(HaveExporter);
    983   TestHandshake();
    984   unsigned char client_out[20];
    985   unsigned char server_out[20];
    986 
    987   bool result;
    988   result = ExportKeyingMaterial(kExporterLabel,
    989                                 kExporterContext, kExporterContextLen,
    990                                 true, true,
    991                                 client_out, sizeof(client_out));
    992   ASSERT_TRUE(result);
    993 
    994   result = ExportKeyingMaterial(kExporterLabel,
    995                                 kExporterContext, kExporterContextLen,
    996                                 true, false,
    997                                 server_out, sizeof(server_out));
    998   ASSERT_TRUE(result);
    999 
   1000   ASSERT_TRUE(!memcmp(client_out, server_out, sizeof(client_out)));
   1001 }
   1002 
   1003 // Test not yet valid certificates are not rejected.
   1004 TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
   1005   MAYBE_SKIP_TEST(HaveDtls);
   1006   long one_day = 60 * 60 * 24;
   1007   // Make the certificates not valid until one day later.
   1008   ResetIdentitiesWithValidity(one_day, one_day);
   1009   TestHandshake();
   1010 }
   1011 
   1012 // Test expired certificates are not rejected.
   1013 TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
   1014   MAYBE_SKIP_TEST(HaveDtls);
   1015   long one_day = 60 * 60 * 24;
   1016   // Make the certificates already expired.
   1017   ResetIdentitiesWithValidity(-one_day, -one_day);
   1018   TestHandshake();
   1019 }
   1020 
   1021 // Test data transfer using certs created from strings.
   1022 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
   1023   MAYBE_SKIP_TEST(HaveDtls);
   1024   TestHandshake();
   1025   TestTransfer(100);
   1026 }
   1027 
   1028 // Test getting the remote certificate.
   1029 TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
   1030   MAYBE_SKIP_TEST(HaveDtls);
   1031 
   1032   // Peer certificates haven't been received yet.
   1033   rtc::scoped_ptr<rtc::SSLCertificate> client_peer_cert;
   1034   ASSERT_FALSE(GetPeerCertificate(true, client_peer_cert.accept()));
   1035   ASSERT_FALSE(client_peer_cert != NULL);
   1036 
   1037   rtc::scoped_ptr<rtc::SSLCertificate> server_peer_cert;
   1038   ASSERT_FALSE(GetPeerCertificate(false, server_peer_cert.accept()));
   1039   ASSERT_FALSE(server_peer_cert != NULL);
   1040 
   1041   TestHandshake();
   1042 
   1043   // The client should have a peer certificate after the handshake.
   1044   ASSERT_TRUE(GetPeerCertificate(true, client_peer_cert.accept()));
   1045   ASSERT_TRUE(client_peer_cert != NULL);
   1046 
   1047   // It's not kCERT_PEM.
   1048   std::string client_peer_string = client_peer_cert->ToPEMString();
   1049   ASSERT_NE(kCERT_PEM, client_peer_string);
   1050 
   1051   // It must not have a chain, because the test certs are self-signed.
   1052   rtc::SSLCertChain* client_peer_chain;
   1053   ASSERT_FALSE(client_peer_cert->GetChain(&client_peer_chain));
   1054 
   1055   // The server should have a peer certificate after the handshake.
   1056   ASSERT_TRUE(GetPeerCertificate(false, server_peer_cert.accept()));
   1057   ASSERT_TRUE(server_peer_cert != NULL);
   1058 
   1059   // It's kCERT_PEM
   1060   ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
   1061 
   1062   // It must not have a chain, because the test certs are self-signed.
   1063   rtc::SSLCertChain* server_peer_chain;
   1064   ASSERT_FALSE(server_peer_cert->GetChain(&server_peer_chain));
   1065 }
   1066 
   1067 // Test getting the used DTLS ciphers.
   1068 // DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
   1069 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
   1070   MAYBE_SKIP_TEST(HaveDtls);
   1071   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
   1072   TestHandshake();
   1073 
   1074   int client_cipher;
   1075   ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
   1076   int server_cipher;
   1077   ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
   1078 
   1079   ASSERT_EQ(client_cipher, server_cipher);
   1080   ASSERT_EQ(
   1081       rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
   1082           rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()),
   1083       server_cipher);
   1084 }
   1085 
   1086 // Test getting the used DTLS 1.2 ciphers.
   1087 // DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
   1088 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
   1089   MAYBE_SKIP_TEST(HaveDtls);
   1090   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
   1091   TestHandshake();
   1092 
   1093   int client_cipher;
   1094   ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
   1095   int server_cipher;
   1096   ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
   1097 
   1098   ASSERT_EQ(client_cipher, server_cipher);
   1099   ASSERT_EQ(
   1100       rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
   1101           rtc::SSL_PROTOCOL_DTLS_12, ::testing::get<1>(GetParam()).type()),
   1102       server_cipher);
   1103 }
   1104 
   1105 // DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
   1106 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
   1107   MAYBE_SKIP_TEST(HaveDtls);
   1108   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
   1109   TestHandshake();
   1110 
   1111   int client_cipher;
   1112   ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
   1113   int server_cipher;
   1114   ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
   1115 
   1116   ASSERT_EQ(client_cipher, server_cipher);
   1117   ASSERT_EQ(
   1118       rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
   1119           rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()),
   1120       server_cipher);
   1121 }
   1122 
   1123 // DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
   1124 TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) {
   1125   MAYBE_SKIP_TEST(HaveDtls);
   1126   SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
   1127   TestHandshake();
   1128 
   1129   int client_cipher;
   1130   ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher));
   1131   int server_cipher;
   1132   ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
   1133 
   1134   ASSERT_EQ(client_cipher, server_cipher);
   1135   ASSERT_EQ(
   1136       rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
   1137           rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()),
   1138       server_cipher);
   1139 }
   1140 
   1141 // The RSA keysizes here might look strange, why not include the RFC's size
   1142 // 2048?. The reason is test case slowness; testing two sizes to exercise
   1143 // parametrization is sufficient.
   1144 INSTANTIATE_TEST_CASE_P(
   1145     SSLStreamAdapterTestsTLS,
   1146     SSLStreamAdapterTestTLS,
   1147     Combine(Values(rtc::KeyParams::RSA(1024, 65537),
   1148                    rtc::KeyParams::RSA(1152, 65537),
   1149                    rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
   1150             Values(rtc::KeyParams::RSA(1024, 65537),
   1151                    rtc::KeyParams::RSA(1152, 65537),
   1152                    rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
   1153 
   1154 #if !defined(MEMORY_SANITIZER)
   1155 // Fails under MemorySanitizer:
   1156 // See https://code.google.com/p/webrtc/issues/detail?id=5381.
   1157 INSTANTIATE_TEST_CASE_P(
   1158     SSLStreamAdapterTestsDTLS,
   1159     SSLStreamAdapterTestDTLS,
   1160     Combine(Values(rtc::KeyParams::RSA(1024, 65537),
   1161                    rtc::KeyParams::RSA(1152, 65537),
   1162                    rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
   1163             Values(rtc::KeyParams::RSA(1024, 65537),
   1164                    rtc::KeyParams::RSA(1152, 65537),
   1165                    rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
   1166 #endif
   1167