OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
6 | 6 |
7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
(...skipping 2185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2196 if (rv == ERR_IO_PENDING) | 2196 if (rv == ERR_IO_PENDING) |
2197 rv = callback.WaitForResult(); | 2197 rv = callback.WaitForResult(); |
2198 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 2198 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
2199 } | 2199 } |
2200 | 2200 |
2201 TEST_F(SSLClientSocketTest, CipherSuiteDisables) { | 2201 TEST_F(SSLClientSocketTest, CipherSuiteDisables) { |
2202 // Rather than exhaustively disabling every RC4 ciphersuite defined at | 2202 // Rather than exhaustively disabling every RC4 ciphersuite defined at |
2203 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml, | 2203 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml, |
2204 // only disabling those cipher suites that the test server actually | 2204 // only disabling those cipher suites that the test server actually |
2205 // implements. | 2205 // implements. |
2206 const uint16 kCiphersToDisable[] = {0x0005, // TLS_RSA_WITH_RC4_128_SHA | 2206 const uint16 kCiphersToDisable[] = { |
2207 0x0005, // TLS_RSA_WITH_RC4_128_SHA | |
2208 0xc011, // TLS_ECDHE_RSA_WITH_RC4_128_SHA | |
2207 }; | 2209 }; |
2208 | 2210 |
2209 SpawnedTestServer::SSLOptions ssl_options; | 2211 SpawnedTestServer::SSLOptions ssl_options; |
2210 // Enable only RC4 on the test server. | 2212 // Enable only RC4 on the test server. |
2211 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4; | 2213 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4; |
2212 SpawnedTestServer test_server( | 2214 SpawnedTestServer test_server( |
2213 SpawnedTestServer::TYPE_HTTPS, ssl_options, base::FilePath()); | 2215 SpawnedTestServer::TYPE_HTTPS, ssl_options, base::FilePath()); |
2214 ASSERT_TRUE(test_server.Start()); | 2216 ASSERT_TRUE(test_server.Start()); |
2215 | 2217 |
2216 AddressList addr; | 2218 AddressList addr; |
(...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2874 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, | 2876 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, |
2875 SSLConnectionStatusToVersion(ssl_info.connection_status)); | 2877 SSLConnectionStatusToVersion(ssl_info.connection_status)); |
2876 } | 2878 } |
2877 | 2879 |
2878 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | 2880 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
2879 if (!SupportsAESGCM()) { | 2881 if (!SupportsAESGCM()) { |
2880 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2882 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
2881 return; | 2883 return; |
2882 } | 2884 } |
2883 | 2885 |
2884 // False Start requires NPN/ALPN, perfect forward secrecy, and an AEAD. | 2886 // False Start requires NPN/ALPN, ECDHE, and an AEAD. |
2885 SpawnedTestServer::SSLOptions server_options; | 2887 SpawnedTestServer::SSLOptions server_options; |
2886 server_options.key_exchanges = | 2888 server_options.key_exchanges = |
2887 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2889 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2888 server_options.bulk_ciphers = | 2890 server_options.bulk_ciphers = |
2889 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2891 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2890 server_options.enable_npn = true; | 2892 server_options.enable_npn = true; |
2891 SSLConfig client_config; | 2893 SSLConfig client_config; |
2892 client_config.next_protos.push_back(kProtoHTTP11); | 2894 client_config.next_protos.push_back(kProtoHTTP11); |
2893 ASSERT_NO_FATAL_FAILURE( | 2895 ASSERT_NO_FATAL_FAILURE( |
2894 TestFalseStart(server_options, client_config, true)); | 2896 TestFalseStart(server_options, client_config, true)); |
2895 } | 2897 } |
2896 | 2898 |
2897 // Test that False Start is disabled without NPN. | 2899 // Test that False Start is disabled without NPN. |
2898 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { | 2900 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { |
2899 if (!SupportsAESGCM()) { | 2901 if (!SupportsAESGCM()) { |
2900 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2902 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
2901 return; | 2903 return; |
2902 } | 2904 } |
2903 | 2905 |
2904 SpawnedTestServer::SSLOptions server_options; | 2906 SpawnedTestServer::SSLOptions server_options; |
2905 server_options.key_exchanges = | 2907 server_options.key_exchanges = |
2906 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2908 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2907 server_options.bulk_ciphers = | 2909 server_options.bulk_ciphers = |
2908 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2910 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2909 SSLConfig client_config; | 2911 SSLConfig client_config; |
2910 client_config.next_protos.clear(); | 2912 client_config.next_protos.clear(); |
2911 ASSERT_NO_FATAL_FAILURE( | 2913 ASSERT_NO_FATAL_FAILURE( |
2912 TestFalseStart(server_options, client_config, false)); | 2914 TestFalseStart(server_options, client_config, false)); |
2913 } | 2915 } |
2914 | 2916 |
2915 // Test that False Start is disabled without perfect forward secrecy. | 2917 // Test that False Start is disabled without perfect forward secrecy. |
2916 TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) { | 2918 TEST_F(SSLClientSocketFalseStartTest, RSA) { |
2917 if (!SupportsAESGCM()) { | 2919 if (!SupportsAESGCM()) { |
2918 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2920 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
2919 return; | 2921 return; |
2920 } | 2922 } |
2921 | 2923 |
2922 SpawnedTestServer::SSLOptions server_options; | 2924 SpawnedTestServer::SSLOptions server_options; |
2923 server_options.key_exchanges = | 2925 server_options.key_exchanges = |
2924 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2926 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
2925 server_options.bulk_ciphers = | 2927 server_options.bulk_ciphers = |
2926 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2928 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2927 server_options.enable_npn = true; | 2929 server_options.enable_npn = true; |
2928 SSLConfig client_config; | 2930 SSLConfig client_config; |
2929 client_config.next_protos.push_back(kProtoHTTP11); | 2931 client_config.next_protos.push_back(kProtoHTTP11); |
2930 ASSERT_NO_FATAL_FAILURE( | 2932 ASSERT_NO_FATAL_FAILURE( |
2931 TestFalseStart(server_options, client_config, false)); | 2933 TestFalseStart(server_options, client_config, false)); |
2932 } | 2934 } |
2933 | 2935 |
2936 // Test that False Start is disabled without perfect forward secrecy. | |
Ryan Sleevi
2015/04/02 00:42:58
Is this comment correct? DHE is PFS
davidben
2015/04/02 16:48:31
Done.
| |
2937 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { | |
2938 if (!SupportsAESGCM()) { | |
2939 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | |
2940 return; | |
2941 } | |
2942 | |
2943 SpawnedTestServer::SSLOptions server_options; | |
2944 server_options.key_exchanges = | |
2945 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | |
2946 server_options.bulk_ciphers = | |
2947 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | |
2948 server_options.enable_npn = true; | |
2949 SSLConfig client_config; | |
2950 client_config.next_protos.push_back(kProtoHTTP11); | |
2951 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | |
2952 } | |
2953 | |
2934 // Test that False Start is disabled without an AEAD. | 2954 // Test that False Start is disabled without an AEAD. |
2935 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | 2955 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
2936 SpawnedTestServer::SSLOptions server_options; | 2956 SpawnedTestServer::SSLOptions server_options; |
2937 server_options.key_exchanges = | 2957 server_options.key_exchanges = |
2938 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2958 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2939 server_options.bulk_ciphers = | 2959 server_options.bulk_ciphers = |
2940 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | 2960 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
2941 server_options.enable_npn = true; | 2961 server_options.enable_npn = true; |
2942 SSLConfig client_config; | 2962 SSLConfig client_config; |
2943 client_config.next_protos.push_back(kProtoHTTP11); | 2963 client_config.next_protos.push_back(kProtoHTTP11); |
2944 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | 2964 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
2945 } | 2965 } |
2946 | 2966 |
2947 // Test that sessions are resumable after receiving the server Finished message. | 2967 // Test that sessions are resumable after receiving the server Finished message. |
2948 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { | 2968 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { |
2949 if (!SupportsAESGCM()) { | 2969 if (!SupportsAESGCM()) { |
2950 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2970 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
2951 return; | 2971 return; |
2952 } | 2972 } |
2953 | 2973 |
2954 // Start a server. | 2974 // Start a server. |
2955 SpawnedTestServer::SSLOptions server_options; | 2975 SpawnedTestServer::SSLOptions server_options; |
2956 server_options.key_exchanges = | 2976 server_options.key_exchanges = |
2957 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2977 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2958 server_options.bulk_ciphers = | 2978 server_options.bulk_ciphers = |
2959 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2979 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2960 server_options.enable_npn = true; | 2980 server_options.enable_npn = true; |
2961 SSLConfig client_config; | 2981 SSLConfig client_config; |
2962 client_config.next_protos.push_back(kProtoHTTP11); | 2982 client_config.next_protos.push_back(kProtoHTTP11); |
2963 | 2983 |
2964 // Let a full handshake complete with False Start. | 2984 // Let a full handshake complete with False Start. |
2965 ASSERT_NO_FATAL_FAILURE( | 2985 ASSERT_NO_FATAL_FAILURE( |
2966 TestFalseStart(server_options, client_config, true)); | 2986 TestFalseStart(server_options, client_config, true)); |
2967 | 2987 |
(...skipping 17 matching lines...) Expand all Loading... | |
2985 // message. | 3005 // message. |
2986 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { | 3006 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { |
2987 if (!SupportsAESGCM()) { | 3007 if (!SupportsAESGCM()) { |
2988 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 3008 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
2989 return; | 3009 return; |
2990 } | 3010 } |
2991 | 3011 |
2992 // Start a server. | 3012 // Start a server. |
2993 SpawnedTestServer::SSLOptions server_options; | 3013 SpawnedTestServer::SSLOptions server_options; |
2994 server_options.key_exchanges = | 3014 server_options.key_exchanges = |
2995 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 3015 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
2996 server_options.bulk_ciphers = | 3016 server_options.bulk_ciphers = |
2997 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 3017 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
2998 server_options.enable_npn = true; | 3018 server_options.enable_npn = true; |
2999 ASSERT_TRUE(StartTestServer(server_options)); | 3019 ASSERT_TRUE(StartTestServer(server_options)); |
3000 | 3020 |
3001 SSLConfig client_config; | 3021 SSLConfig client_config; |
3002 client_config.next_protos.push_back(kProtoHTTP11); | 3022 client_config.next_protos.push_back(kProtoHTTP11); |
3003 | 3023 |
3004 // Start a handshake up to the server Finished message. | 3024 // Start a handshake up to the server Finished message. |
3005 TestCompletionCallback callback; | 3025 TestCompletionCallback callback; |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3099 ssl_config.channel_id_enabled = true; | 3119 ssl_config.channel_id_enabled = true; |
3100 | 3120 |
3101 int rv; | 3121 int rv; |
3102 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 3122 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
3103 | 3123 |
3104 EXPECT_EQ(ERR_UNEXPECTED, rv); | 3124 EXPECT_EQ(ERR_UNEXPECTED, rv); |
3105 EXPECT_FALSE(sock_->IsConnected()); | 3125 EXPECT_FALSE(sock_->IsConnected()); |
3106 } | 3126 } |
3107 | 3127 |
3108 } // namespace net | 3128 } // namespace net |
OLD | NEW |