Revert of Provide RSA2048 as per RFC (patchset #9 id:200001 of https://codereview.webrtc.org/1329493005/ )
Reason for revert: Breaks chrome. Original issue's description: > provide RSA2048 as per RFC > > BUG=webrtc:4972 > > Committed: https://crrev.com/0df3eb03c9a6a8299d7e18c8c314ca58c2f0681e > Cr-Commit-Position: refs/heads/master@{#10209} TBR=hbos@webrtc.org,juberti@google.com,jbauch@webrtc.org,henrikg@webrtc.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=webrtc:4972 Review URL: https://codereview.webrtc.org/1397703002 Cr-Commit-Position: refs/heads/master@{#10210}
This commit is contained in:
torbjorng
@ -596,9 +596,8 @@ class WebRtcSessionTest
|
||||
rtc::ToString(rtc::CreateRandomId());
|
||||
// Confirmed to work with KT_RSA and KT_ECDSA.
|
||||
tdesc_factory_->set_certificate(rtc::RTCCertificate::Create(
|
||||
rtc::scoped_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate(identity_name, rtc::KT_DEFAULT))
|
||||
.Pass()));
|
||||
rtc::scoped_ptr<rtc::SSLIdentity>(rtc::SSLIdentity::Generate(
|
||||
identity_name, rtc::KT_DEFAULT)).Pass()));
|
||||
tdesc_factory_->set_secure(cricket::SEC_REQUIRED);
|
||||
}
|
||||
|
||||
|
||||
@ -33,6 +33,9 @@ namespace rtc {
|
||||
// We could have exposed a myriad of parameters for the crypto stuff,
|
||||
// but keeping it simple seems best.
|
||||
|
||||
// Strength of generated keys. Those are RSA.
|
||||
static const int KEY_LENGTH = 1024;
|
||||
|
||||
// Random bits for certificate serial number
|
||||
static const int SERIAL_RAND_BITS = 64;
|
||||
|
||||
@ -43,16 +46,15 @@ static const int CERTIFICATE_LIFETIME = 60*60*24*30; // 30 days, arbitrarily
|
||||
static const int CERTIFICATE_WINDOW = -60*60*24;
|
||||
|
||||
// Generate a key pair. Caller is responsible for freeing the returned object.
|
||||
static EVP_PKEY* MakeKey(const KeyParams& key_params) {
|
||||
static EVP_PKEY* MakeKey(KeyType key_type) {
|
||||
LOG(LS_INFO) << "Making key pair";
|
||||
EVP_PKEY* pkey = EVP_PKEY_new();
|
||||
if (key_params.type() == KT_RSA) {
|
||||
int key_length = key_params.rsa_params().mod_size;
|
||||
if (key_type == KT_RSA) {
|
||||
BIGNUM* exponent = BN_new();
|
||||
RSA* rsa = RSA_new();
|
||||
if (!pkey || !exponent || !rsa ||
|
||||
!BN_set_word(exponent, key_params.rsa_params().pub_exp) ||
|
||||
!RSA_generate_key_ex(rsa, key_length, exponent, NULL) ||
|
||||
!BN_set_word(exponent, 0x10001) || // 65537 RSA exponent
|
||||
!RSA_generate_key_ex(rsa, KEY_LENGTH, exponent, NULL) ||
|
||||
!EVP_PKEY_assign_RSA(pkey, rsa)) {
|
||||
EVP_PKEY_free(pkey);
|
||||
BN_free(exponent);
|
||||
@ -62,8 +64,7 @@ static EVP_PKEY* MakeKey(const KeyParams& key_params) {
|
||||
}
|
||||
// ownership of rsa struct was assigned, don't free it.
|
||||
BN_free(exponent);
|
||||
} else if (key_params.type() == KT_ECDSA) {
|
||||
if (key_params.ec_curve() == EC_NIST_P256) {
|
||||
} else if (key_type == KT_ECDSA) {
|
||||
EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
||||
if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) ||
|
||||
!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
|
||||
@ -73,12 +74,6 @@ static EVP_PKEY* MakeKey(const KeyParams& key_params) {
|
||||
return NULL;
|
||||
}
|
||||
// ownership of ec_key struct was assigned, don't free it.
|
||||
} else {
|
||||
// Add generation of any other curves here.
|
||||
EVP_PKEY_free(pkey);
|
||||
LOG(LS_ERROR) << "ECDSA key requested for unknown curve";
|
||||
return NULL;
|
||||
}
|
||||
} else {
|
||||
EVP_PKEY_free(pkey);
|
||||
LOG(LS_ERROR) << "Key type requested not understood";
|
||||
@ -160,8 +155,8 @@ static void LogSSLErrors(const std::string& prefix) {
|
||||
}
|
||||
}
|
||||
|
||||
OpenSSLKeyPair* OpenSSLKeyPair::Generate(const KeyParams& key_params) {
|
||||
EVP_PKEY* pkey = MakeKey(key_params);
|
||||
OpenSSLKeyPair* OpenSSLKeyPair::Generate(KeyType key_type) {
|
||||
EVP_PKEY* pkey = MakeKey(key_type);
|
||||
if (!pkey) {
|
||||
LogSSLErrors("Generating key pair");
|
||||
return NULL;
|
||||
@ -384,7 +379,7 @@ OpenSSLIdentity::~OpenSSLIdentity() = default;
|
||||
|
||||
OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
|
||||
const SSLIdentityParams& params) {
|
||||
OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_params);
|
||||
OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_type);
|
||||
if (key_pair) {
|
||||
OpenSSLCertificate* certificate =
|
||||
OpenSSLCertificate::Generate(key_pair, params);
|
||||
@ -397,12 +392,12 @@ OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
|
||||
}
|
||||
|
||||
OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name,
|
||||
const KeyParams& key_params) {
|
||||
KeyType key_type) {
|
||||
SSLIdentityParams params;
|
||||
params.key_params = key_params;
|
||||
params.common_name = common_name;
|
||||
params.not_before = CERTIFICATE_WINDOW;
|
||||
params.not_after = CERTIFICATE_LIFETIME;
|
||||
params.key_type = key_type;
|
||||
return GenerateInternal(params);
|
||||
}
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@ class OpenSSLKeyPair {
|
||||
ASSERT(pkey_ != NULL);
|
||||
}
|
||||
|
||||
static OpenSSLKeyPair* Generate(const KeyParams& key_params);
|
||||
static OpenSSLKeyPair* Generate(KeyType key_type);
|
||||
|
||||
virtual ~OpenSSLKeyPair();
|
||||
|
||||
@ -100,7 +100,7 @@ class OpenSSLCertificate : public SSLCertificate {
|
||||
class OpenSSLIdentity : public SSLIdentity {
|
||||
public:
|
||||
static OpenSSLIdentity* Generate(const std::string& common_name,
|
||||
const KeyParams& key_params);
|
||||
KeyType key_type);
|
||||
static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params);
|
||||
static SSLIdentity* FromPEMStrings(const std::string& private_key,
|
||||
const std::string& certificate);
|
||||
|
||||
@ -131,10 +131,10 @@ class SSLAdapterTestDummyClient : public sigslot::has_slots<> {
|
||||
class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
|
||||
public:
|
||||
explicit SSLAdapterTestDummyServer(const rtc::SSLMode& ssl_mode,
|
||||
const rtc::KeyParams& key_params)
|
||||
const rtc::KeyType key_type)
|
||||
: ssl_mode_(ssl_mode) {
|
||||
// Generate a key pair and a certificate for this host.
|
||||
ssl_identity_.reset(rtc::SSLIdentity::Generate(GetHostname(), key_params));
|
||||
ssl_identity_.reset(rtc::SSLIdentity::Generate(GetHostname(), key_type));
|
||||
|
||||
server_socket_.reset(CreateSocket(ssl_mode_));
|
||||
|
||||
@ -271,10 +271,10 @@ class SSLAdapterTestBase : public testing::Test,
|
||||
public sigslot::has_slots<> {
|
||||
public:
|
||||
explicit SSLAdapterTestBase(const rtc::SSLMode& ssl_mode,
|
||||
const rtc::KeyParams& key_params)
|
||||
const rtc::KeyType key_type)
|
||||
: ssl_mode_(ssl_mode),
|
||||
ss_scope_(new rtc::VirtualSocketServer(NULL)),
|
||||
server_(new SSLAdapterTestDummyServer(ssl_mode_, key_params)),
|
||||
server_(new SSLAdapterTestDummyServer(ssl_mode_, key_type)),
|
||||
client_(new SSLAdapterTestDummyClient(ssl_mode_)),
|
||||
handshake_wait_(kTimeout) {}
|
||||
|
||||
@ -348,25 +348,25 @@ class SSLAdapterTestBase : public testing::Test,
|
||||
class SSLAdapterTestTLS_RSA : public SSLAdapterTestBase {
|
||||
public:
|
||||
SSLAdapterTestTLS_RSA()
|
||||
: SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::RSA()) {}
|
||||
: SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KT_RSA) {}
|
||||
};
|
||||
|
||||
class SSLAdapterTestTLS_ECDSA : public SSLAdapterTestBase {
|
||||
public:
|
||||
SSLAdapterTestTLS_ECDSA()
|
||||
: SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KeyParams::ECDSA()) {}
|
||||
: SSLAdapterTestBase(rtc::SSL_MODE_TLS, rtc::KT_ECDSA) {}
|
||||
};
|
||||
|
||||
class SSLAdapterTestDTLS_RSA : public SSLAdapterTestBase {
|
||||
public:
|
||||
SSLAdapterTestDTLS_RSA()
|
||||
: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::RSA()) {}
|
||||
: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KT_RSA) {}
|
||||
};
|
||||
|
||||
class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase {
|
||||
public:
|
||||
SSLAdapterTestDTLS_ECDSA()
|
||||
: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
|
||||
: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KT_ECDSA) {}
|
||||
};
|
||||
|
||||
#if SSL_USE_OPENSSL
|
||||
|
||||
@ -108,8 +108,8 @@ SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) {
|
||||
}
|
||||
|
||||
SSLIdentity* SSLIdentity::Generate(const std::string& common_name,
|
||||
const KeyParams& key_params) {
|
||||
return OpenSSLIdentity::Generate(common_name, key_params);
|
||||
KeyType key_type) {
|
||||
return OpenSSLIdentity::Generate(common_name, key_type);
|
||||
}
|
||||
|
||||
SSLIdentity* SSLIdentity::GenerateForTest(const SSLIdentityParams& params) {
|
||||
|
||||
@ -18,7 +18,6 @@
|
||||
#include <vector>
|
||||
|
||||
#include "webrtc/base/buffer.h"
|
||||
#include "webrtc/base/checks.h"
|
||||
#include "webrtc/base/messagedigest.h"
|
||||
|
||||
namespace rtc {
|
||||
@ -108,105 +107,25 @@ class SSLCertChain {
|
||||
RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain);
|
||||
};
|
||||
|
||||
// KT_DEFAULT is currently an alias for KT_RSA. This is likely to change.
|
||||
// KT_LAST is intended for vector declarations and loops over all key types;
|
||||
// it does not represent any key type in itself.
|
||||
// TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating
|
||||
// PeerConnectionFactory_nativeCreatePeerConnection's certificate generation
|
||||
// code.
|
||||
enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA };
|
||||
|
||||
static const int kRsaDefaultModSize = 1024;
|
||||
static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537
|
||||
static const int kRsaMinModSize = 1024;
|
||||
static const int kRsaMaxModSize = 8192;
|
||||
|
||||
struct RSAParams {
|
||||
unsigned int mod_size;
|
||||
unsigned int pub_exp;
|
||||
};
|
||||
|
||||
enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST };
|
||||
|
||||
class KeyParams {
|
||||
public:
|
||||
// Generate a KeyParams object from a simple KeyType, using default params.
|
||||
explicit KeyParams(KeyType key_type = KT_DEFAULT) {
|
||||
if (key_type == KT_ECDSA) {
|
||||
type_ = KT_ECDSA;
|
||||
params_.curve = EC_NIST_P256;
|
||||
} else if (key_type == KT_RSA) {
|
||||
type_ = KT_RSA;
|
||||
params_.rsa.mod_size = kRsaDefaultModSize;
|
||||
params_.rsa.pub_exp = kRsaDefaultExponent;
|
||||
} else {
|
||||
RTC_NOTREACHED();
|
||||
}
|
||||
}
|
||||
|
||||
// Generate a a KeyParams for RSA with explicit parameters.
|
||||
static KeyParams RSA(int mod_size = kRsaDefaultModSize,
|
||||
int pub_exp = kRsaDefaultExponent) {
|
||||
KeyParams kt(KT_RSA);
|
||||
kt.params_.rsa.mod_size = mod_size;
|
||||
kt.params_.rsa.pub_exp = pub_exp;
|
||||
return kt;
|
||||
}
|
||||
|
||||
// Generate a a KeyParams for ECDSA specifying the curve.
|
||||
static KeyParams ECDSA(ECCurve curve = EC_NIST_P256) {
|
||||
KeyParams kt(KT_ECDSA);
|
||||
kt.params_.curve = curve;
|
||||
return kt;
|
||||
}
|
||||
|
||||
// Check validity of a KeyParams object. Since the factory functions have
|
||||
// no way of returning errors, this function can be called after creation
|
||||
// to make sure the parameters are OK.
|
||||
bool IsValid() {
|
||||
if (type_ == KT_RSA) {
|
||||
return (params_.rsa.mod_size >= kRsaMinModSize &&
|
||||
params_.rsa.mod_size <= kRsaMaxModSize &&
|
||||
params_.rsa.pub_exp > params_.rsa.mod_size);
|
||||
} else if (type_ == KT_ECDSA) {
|
||||
return (params_.curve == EC_NIST_P256);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
RSAParams rsa_params() const {
|
||||
RTC_DCHECK(type_ == KT_RSA);
|
||||
return params_.rsa;
|
||||
}
|
||||
|
||||
ECCurve ec_curve() const {
|
||||
RTC_DCHECK(type_ == KT_ECDSA);
|
||||
return params_.curve;
|
||||
}
|
||||
|
||||
KeyType type() const { return type_; }
|
||||
|
||||
private:
|
||||
KeyType type_;
|
||||
union {
|
||||
RSAParams rsa;
|
||||
ECCurve curve;
|
||||
} params_;
|
||||
};
|
||||
|
||||
// TODO(hbos): Remove once rtc::KeyType (to be modified) and
|
||||
// blink::WebRTCKeyType (to be landed) match. By using this function in Chromium
|
||||
// appropriately we can change KeyType enum -> class without breaking Chromium.
|
||||
KeyType IntKeyTypeFamilyToKeyType(int key_type_family);
|
||||
|
||||
// Parameters for generating a certificate. If |common_name| is non-empty, it
|
||||
// will be used for the certificate's subject and issuer name, otherwise a
|
||||
// random string will be used.
|
||||
// Parameters for generating an identity for testing. If common_name is
|
||||
// non-empty, it will be used for the certificate's subject and issuer name,
|
||||
// otherwise a random string will be used. |not_before| and |not_after| are
|
||||
// offsets to the current time in number of seconds.
|
||||
struct SSLIdentityParams {
|
||||
std::string common_name;
|
||||
int not_before; // offset from current time in seconds.
|
||||
int not_after; // offset from current time in seconds.
|
||||
KeyParams key_params;
|
||||
int not_before; // in seconds.
|
||||
int not_after; // in seconds.
|
||||
KeyType key_type;
|
||||
};
|
||||
|
||||
// Our identity in an SSL negotiation: a keypair and certificate (both
|
||||
@ -220,11 +139,7 @@ class SSLIdentity {
|
||||
// Returns NULL on failure.
|
||||
// Caller is responsible for freeing the returned object.
|
||||
static SSLIdentity* Generate(const std::string& common_name,
|
||||
const KeyParams& key_param);
|
||||
static SSLIdentity* Generate(const std::string& common_name,
|
||||
KeyType key_type) {
|
||||
return Generate(common_name, KeyParams(key_type));
|
||||
}
|
||||
KeyType key_type);
|
||||
|
||||
// Generates an identity with the specified validity period.
|
||||
static SSLIdentity* GenerateForTest(const SSLIdentityParams& params);
|
||||
|
||||
@ -161,12 +161,11 @@ static const int kFifoBufferSize = 4096;
|
||||
class SSLStreamAdapterTestBase : public testing::Test,
|
||||
public sigslot::has_slots<> {
|
||||
public:
|
||||
SSLStreamAdapterTestBase(
|
||||
const std::string& client_cert_pem,
|
||||
SSLStreamAdapterTestBase(const std::string& client_cert_pem,
|
||||
const std::string& client_private_key_pem,
|
||||
bool dtls,
|
||||
rtc::KeyParams client_key_type = rtc::KeyParams(rtc::KT_DEFAULT),
|
||||
rtc::KeyParams server_key_type = rtc::KeyParams(rtc::KT_DEFAULT))
|
||||
rtc::KeyType client_key_type = rtc::KT_DEFAULT,
|
||||
rtc::KeyType server_key_type = rtc::KT_DEFAULT)
|
||||
: client_buffer_(kFifoBufferSize),
|
||||
server_buffer_(kFifoBufferSize),
|
||||
client_stream_(
|
||||
@ -225,17 +224,17 @@ class SSLStreamAdapterTestBase : public testing::Test,
|
||||
server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
|
||||
|
||||
rtc::SSLIdentityParams client_params;
|
||||
client_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
|
||||
client_params.common_name = "client";
|
||||
client_params.not_before = not_before;
|
||||
client_params.not_after = not_after;
|
||||
client_params.key_type = rtc::KT_DEFAULT;
|
||||
client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params);
|
||||
|
||||
rtc::SSLIdentityParams server_params;
|
||||
server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
|
||||
server_params.common_name = "server";
|
||||
server_params.not_before = not_before;
|
||||
server_params.not_after = not_after;
|
||||
server_params.key_type = rtc::KT_DEFAULT;
|
||||
server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params);
|
||||
|
||||
client_ssl_->SetIdentity(client_identity_);
|
||||
@ -463,7 +462,7 @@ class SSLStreamAdapterTestBase : public testing::Test,
|
||||
|
||||
class SSLStreamAdapterTestTLS
|
||||
: public SSLStreamAdapterTestBase,
|
||||
public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
|
||||
public WithParamInterface<tuple<rtc::KeyType, rtc::KeyType>> {
|
||||
public:
|
||||
SSLStreamAdapterTestTLS()
|
||||
: SSLStreamAdapterTestBase("",
|
||||
@ -571,7 +570,7 @@ class SSLStreamAdapterTestTLS
|
||||
|
||||
class SSLStreamAdapterTestDTLS
|
||||
: public SSLStreamAdapterTestBase,
|
||||
public WithParamInterface<tuple<rtc::KeyParams, rtc::KeyParams>> {
|
||||
public WithParamInterface<tuple<rtc::KeyType, rtc::KeyType>> {
|
||||
public:
|
||||
SSLStreamAdapterTestDTLS()
|
||||
: SSLStreamAdapterTestBase("",
|
||||
@ -979,9 +978,8 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
|
||||
ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
|
||||
|
||||
ASSERT_EQ(client_cipher, server_cipher);
|
||||
ASSERT_EQ(
|
||||
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
|
||||
rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()),
|
||||
ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
|
||||
rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())),
|
||||
server_cipher);
|
||||
}
|
||||
|
||||
@ -998,9 +996,8 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
|
||||
ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
|
||||
|
||||
ASSERT_EQ(client_cipher, server_cipher);
|
||||
ASSERT_EQ(
|
||||
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
|
||||
rtc::SSL_PROTOCOL_DTLS_12, ::testing::get<1>(GetParam()).type()),
|
||||
ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
|
||||
rtc::SSL_PROTOCOL_DTLS_12, ::testing::get<1>(GetParam())),
|
||||
server_cipher);
|
||||
}
|
||||
|
||||
@ -1016,9 +1013,8 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
|
||||
ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
|
||||
|
||||
ASSERT_EQ(client_cipher, server_cipher);
|
||||
ASSERT_EQ(
|
||||
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
|
||||
rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()),
|
||||
ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
|
||||
rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())),
|
||||
server_cipher);
|
||||
}
|
||||
|
||||
@ -1034,30 +1030,16 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) {
|
||||
ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
|
||||
|
||||
ASSERT_EQ(client_cipher, server_cipher);
|
||||
ASSERT_EQ(
|
||||
rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
|
||||
rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam()).type()),
|
||||
ASSERT_EQ(rtc::SSLStreamAdapter::GetDefaultSslCipherForTest(
|
||||
rtc::SSL_PROTOCOL_DTLS_10, ::testing::get<1>(GetParam())),
|
||||
server_cipher);
|
||||
}
|
||||
|
||||
// The RSA keysizes here might look strange, why not include the RFC's size
|
||||
// 2048?. The reason is test case slowness; testing two sizes to exercise
|
||||
// parametrization is sufficient.
|
||||
INSTANTIATE_TEST_CASE_P(
|
||||
SSLStreamAdapterTestsTLS,
|
||||
INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsTLS,
|
||||
SSLStreamAdapterTestTLS,
|
||||
Combine(Values(rtc::KeyParams::RSA(1024, 65537),
|
||||
rtc::KeyParams::RSA(1152, 65537),
|
||||
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
|
||||
Values(rtc::KeyParams::RSA(1024, 65537),
|
||||
rtc::KeyParams::RSA(1152, 65537),
|
||||
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
|
||||
INSTANTIATE_TEST_CASE_P(
|
||||
SSLStreamAdapterTestsDTLS,
|
||||
Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA),
|
||||
Values(rtc::KT_RSA, rtc::KT_ECDSA)));
|
||||
INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsDTLS,
|
||||
SSLStreamAdapterTestDTLS,
|
||||
Combine(Values(rtc::KeyParams::RSA(1024, 65537),
|
||||
rtc::KeyParams::RSA(1152, 65537),
|
||||
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256)),
|
||||
Values(rtc::KeyParams::RSA(1024, 65537),
|
||||
rtc::KeyParams::RSA(1152, 65537),
|
||||
rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
|
||||
Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA),
|
||||
Values(rtc::KT_RSA, rtc::KT_ECDSA)));
|
||||
|
||||
Reference in New Issue
Block a user