OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
(...skipping 2185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2196 if (rv == ERR_IO_PENDING) | 2196 if (rv == ERR_IO_PENDING) |
2197 rv = callback.WaitForResult(); | 2197 rv = callback.WaitForResult(); |
2198 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 2198 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
2199 } | 2199 } |
2200 | 2200 |
2201 TEST_F(SSLClientSocketTest, CipherSuiteDisables) { | 2201 TEST_F(SSLClientSocketTest, CipherSuiteDisables) { |
2202 // Rather than exhaustively disabling every RC4 ciphersuite defined at | 2202 // Rather than exhaustively disabling every RC4 ciphersuite defined at |
2203 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml, | 2203 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml, |
2204 // only disabling those cipher suites that the test server actually | 2204 // only disabling those cipher suites that the test server actually |
2205 // implements. | 2205 // implements. |
2206 const uint16 kCiphersToDisable[] = { | 2206 const uint16 kCiphersToDisable[] = {0x0005, // TLS_RSA_WITH_RC4_128_SHA |
2207 0x0005, // TLS_RSA_WITH_RC4_128_SHA | |
2208 0xc011, // TLS_ECDHE_RSA_WITH_RC4_128_SHA | |
2209 }; | 2207 }; |
2210 | 2208 |
2211 SpawnedTestServer::SSLOptions ssl_options; | 2209 SpawnedTestServer::SSLOptions ssl_options; |
2212 // Enable only RC4 on the test server. | 2210 // Enable only RC4 on the test server. |
2213 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4; | 2211 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4; |
2214 SpawnedTestServer test_server( | 2212 SpawnedTestServer test_server( |
2215 SpawnedTestServer::TYPE_HTTPS, ssl_options, base::FilePath()); | 2213 SpawnedTestServer::TYPE_HTTPS, ssl_options, base::FilePath()); |
2216 ASSERT_TRUE(test_server.Start()); | 2214 ASSERT_TRUE(test_server.Start()); |
2217 | 2215 |
2218 AddressList addr; | 2216 AddressList addr; |
(...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2876 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, | 2874 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, |
2877 SSLConnectionStatusToVersion(ssl_info.connection_status)); | 2875 SSLConnectionStatusToVersion(ssl_info.connection_status)); |
2878 } | 2876 } |
2879 | 2877 |
2880 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | 2878 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
2881 if (!SupportsAESGCM()) { | 2879 if (!SupportsAESGCM()) { |
2882 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2880 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
2883 return; | 2881 return; |
2884 } | 2882 } |
2885 | 2883 |
2886 // False Start requires NPN/ALPN, ECDHE, and an AEAD. | 2884 // False Start requires NPN/ALPN, perfect forward secrecy, and an AEAD. |
2887 SpawnedTestServer::SSLOptions server_options; | 2885 SpawnedTestServer::SSLOptions server_options; |
2888 server_options.key_exchanges = | 2886 server_options.key_exchanges = |
2889 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2887 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
2890 server_options.bulk_ciphers = | 2888 server_options.bulk_ciphers = |
2891 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2889 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2892 server_options.enable_npn = true; | 2890 server_options.enable_npn = true; |
2893 SSLConfig client_config; | 2891 SSLConfig client_config; |
2894 client_config.next_protos.push_back(kProtoHTTP11); | 2892 client_config.next_protos.push_back(kProtoHTTP11); |
2895 ASSERT_NO_FATAL_FAILURE( | 2893 ASSERT_NO_FATAL_FAILURE( |
2896 TestFalseStart(server_options, client_config, true)); | 2894 TestFalseStart(server_options, client_config, true)); |
2897 } | 2895 } |
2898 | 2896 |
2899 // Test that False Start is disabled without NPN. | 2897 // Test that False Start is disabled without NPN. |
2900 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { | 2898 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { |
2901 if (!SupportsAESGCM()) { | 2899 if (!SupportsAESGCM()) { |
2902 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2900 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
2903 return; | 2901 return; |
2904 } | 2902 } |
2905 | 2903 |
2906 SpawnedTestServer::SSLOptions server_options; | 2904 SpawnedTestServer::SSLOptions server_options; |
2907 server_options.key_exchanges = | 2905 server_options.key_exchanges = |
2908 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2906 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
2909 server_options.bulk_ciphers = | 2907 server_options.bulk_ciphers = |
2910 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2908 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2911 SSLConfig client_config; | 2909 SSLConfig client_config; |
2912 client_config.next_protos.clear(); | 2910 client_config.next_protos.clear(); |
2913 ASSERT_NO_FATAL_FAILURE( | 2911 ASSERT_NO_FATAL_FAILURE( |
2914 TestFalseStart(server_options, client_config, false)); | 2912 TestFalseStart(server_options, client_config, false)); |
2915 } | 2913 } |
2916 | 2914 |
2917 // Test that False Start is disabled with plain RSA ciphers. | 2915 // Test that False Start is disabled without perfect forward secrecy. |
2918 TEST_F(SSLClientSocketFalseStartTest, RSA) { | 2916 TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) { |
2919 if (!SupportsAESGCM()) { | 2917 if (!SupportsAESGCM()) { |
2920 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2918 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
2921 return; | 2919 return; |
2922 } | 2920 } |
2923 | 2921 |
2924 SpawnedTestServer::SSLOptions server_options; | 2922 SpawnedTestServer::SSLOptions server_options; |
2925 server_options.key_exchanges = | 2923 server_options.key_exchanges = |
2926 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2924 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
2927 server_options.bulk_ciphers = | 2925 server_options.bulk_ciphers = |
2928 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2926 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2929 server_options.enable_npn = true; | 2927 server_options.enable_npn = true; |
2930 SSLConfig client_config; | 2928 SSLConfig client_config; |
2931 client_config.next_protos.push_back(kProtoHTTP11); | 2929 client_config.next_protos.push_back(kProtoHTTP11); |
2932 ASSERT_NO_FATAL_FAILURE( | 2930 ASSERT_NO_FATAL_FAILURE( |
2933 TestFalseStart(server_options, client_config, false)); | 2931 TestFalseStart(server_options, client_config, false)); |
2934 } | 2932 } |
2935 | 2933 |
2936 // Test that False Start is disabled with DHE_RSA ciphers. | 2934 // Test that False Start is disabled without an AEAD. |
2937 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { | 2935 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
| 2936 SpawnedTestServer::SSLOptions server_options; |
| 2937 server_options.key_exchanges = |
| 2938 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2939 server_options.bulk_ciphers = |
| 2940 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
| 2941 server_options.enable_npn = true; |
| 2942 SSLConfig client_config; |
| 2943 client_config.next_protos.push_back(kProtoHTTP11); |
| 2944 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
| 2945 } |
| 2946 |
| 2947 // Test that sessions are resumable after receiving the server Finished message. |
| 2948 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { |
2938 if (!SupportsAESGCM()) { | 2949 if (!SupportsAESGCM()) { |
2939 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2950 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
2940 return; | 2951 return; |
2941 } | 2952 } |
2942 | 2953 |
| 2954 // Start a server. |
2943 SpawnedTestServer::SSLOptions server_options; | 2955 SpawnedTestServer::SSLOptions server_options; |
2944 server_options.key_exchanges = | 2956 server_options.key_exchanges = |
2945 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2957 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
2946 server_options.bulk_ciphers = | 2958 server_options.bulk_ciphers = |
2947 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2959 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2948 server_options.enable_npn = true; | 2960 server_options.enable_npn = true; |
2949 SSLConfig client_config; | 2961 SSLConfig client_config; |
2950 client_config.next_protos.push_back(kProtoHTTP11); | 2962 client_config.next_protos.push_back(kProtoHTTP11); |
2951 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | |
2952 } | |
2953 | |
2954 // Test that False Start is disabled without an AEAD. | |
2955 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | |
2956 SpawnedTestServer::SSLOptions server_options; | |
2957 server_options.key_exchanges = | |
2958 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | |
2959 server_options.bulk_ciphers = | |
2960 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | |
2961 server_options.enable_npn = true; | |
2962 SSLConfig client_config; | |
2963 client_config.next_protos.push_back(kProtoHTTP11); | |
2964 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | |
2965 } | |
2966 | |
2967 // Test that sessions are resumable after receiving the server Finished message. | |
2968 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { | |
2969 if (!SupportsAESGCM()) { | |
2970 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | |
2971 return; | |
2972 } | |
2973 | |
2974 // Start a server. | |
2975 SpawnedTestServer::SSLOptions server_options; | |
2976 server_options.key_exchanges = | |
2977 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | |
2978 server_options.bulk_ciphers = | |
2979 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | |
2980 server_options.enable_npn = true; | |
2981 SSLConfig client_config; | |
2982 client_config.next_protos.push_back(kProtoHTTP11); | |
2983 | 2963 |
2984 // Let a full handshake complete with False Start. | 2964 // Let a full handshake complete with False Start. |
2985 ASSERT_NO_FATAL_FAILURE( | 2965 ASSERT_NO_FATAL_FAILURE( |
2986 TestFalseStart(server_options, client_config, true)); | 2966 TestFalseStart(server_options, client_config, true)); |
2987 | 2967 |
2988 // Make a second connection. | 2968 // Make a second connection. |
2989 TestCompletionCallback callback; | 2969 TestCompletionCallback callback; |
2990 scoped_ptr<StreamSocket> transport2( | 2970 scoped_ptr<StreamSocket> transport2( |
2991 new TCPClientSocket(addr(), &log_, NetLog::Source())); | 2971 new TCPClientSocket(addr(), &log_, NetLog::Source())); |
2992 EXPECT_EQ(OK, callback.GetResult(transport2->Connect(callback.callback()))); | 2972 EXPECT_EQ(OK, callback.GetResult(transport2->Connect(callback.callback()))); |
(...skipping 12 matching lines...) Expand all Loading... |
3005 // message. | 2985 // message. |
3006 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { | 2986 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { |
3007 if (!SupportsAESGCM()) { | 2987 if (!SupportsAESGCM()) { |
3008 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2988 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
3009 return; | 2989 return; |
3010 } | 2990 } |
3011 | 2991 |
3012 // Start a server. | 2992 // Start a server. |
3013 SpawnedTestServer::SSLOptions server_options; | 2993 SpawnedTestServer::SSLOptions server_options; |
3014 server_options.key_exchanges = | 2994 server_options.key_exchanges = |
3015 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2995 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
3016 server_options.bulk_ciphers = | 2996 server_options.bulk_ciphers = |
3017 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2997 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
3018 server_options.enable_npn = true; | 2998 server_options.enable_npn = true; |
3019 ASSERT_TRUE(StartTestServer(server_options)); | 2999 ASSERT_TRUE(StartTestServer(server_options)); |
3020 | 3000 |
3021 SSLConfig client_config; | 3001 SSLConfig client_config; |
3022 client_config.next_protos.push_back(kProtoHTTP11); | 3002 client_config.next_protos.push_back(kProtoHTTP11); |
3023 | 3003 |
3024 // Start a handshake up to the server Finished message. | 3004 // Start a handshake up to the server Finished message. |
3025 TestCompletionCallback callback; | 3005 TestCompletionCallback callback; |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3119 ssl_config.channel_id_enabled = true; | 3099 ssl_config.channel_id_enabled = true; |
3120 | 3100 |
3121 int rv; | 3101 int rv; |
3122 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 3102 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
3123 | 3103 |
3124 EXPECT_EQ(ERR_UNEXPECTED, rv); | 3104 EXPECT_EQ(ERR_UNEXPECTED, rv); |
3125 EXPECT_FALSE(sock_->IsConnected()); | 3105 EXPECT_FALSE(sock_->IsConnected()); |
3126 } | 3106 } |
3127 | 3107 |
3128 } // namespace net | 3108 } // namespace net |
OLD | NEW |