OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This test suite uses SSLClientSocket to test the implementation of | 5 // This test suite uses SSLClientSocket to test the implementation of |
6 // SSLServerSocket. In order to establish connections between the sockets | 6 // SSLServerSocket. In order to establish connections between the sockets |
7 // we need two additional classes: | 7 // we need two additional classes: |
8 // 1. FakeSocket | 8 // 1. FakeSocket |
9 // Connects SSL socket to FakeDataChannel. This class is just a stub. | 9 // Connects SSL socket to FakeDataChannel. This class is just a stub. |
10 // | 10 // |
(...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
319 std::string key_string; | 319 std::string key_string; |
320 ASSERT_TRUE(base::ReadFileToString(key_path, &key_string)); | 320 ASSERT_TRUE(base::ReadFileToString(key_path, &key_string)); |
321 std::vector<uint8> key_vector( | 321 std::vector<uint8> key_vector( |
322 reinterpret_cast<const uint8*>(key_string.data()), | 322 reinterpret_cast<const uint8*>(key_string.data()), |
323 reinterpret_cast<const uint8*>(key_string.data() + | 323 reinterpret_cast<const uint8*>(key_string.data() + |
324 key_string.length())); | 324 key_string.length())); |
325 | 325 |
326 scoped_ptr<crypto::RSAPrivateKey> private_key( | 326 scoped_ptr<crypto::RSAPrivateKey> private_key( |
327 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); | 327 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); |
328 | 328 |
329 SSLConfig ssl_config; | 329 client_ssl_config_.false_start_enabled = false; |
330 ssl_config.false_start_enabled = false; | 330 client_ssl_config_.channel_id_enabled = false; |
331 ssl_config.channel_id_enabled = false; | |
332 | 331 |
333 // Certificate provided by the host doesn't need authority. | 332 // Certificate provided by the host doesn't need authority. |
334 SSLConfig::CertAndStatus cert_and_status; | 333 SSLConfig::CertAndStatus cert_and_status; |
335 cert_and_status.cert_status = CERT_STATUS_AUTHORITY_INVALID; | 334 cert_and_status.cert_status = CERT_STATUS_AUTHORITY_INVALID; |
336 cert_and_status.der_cert = cert_der; | 335 cert_and_status.der_cert = cert_der; |
337 ssl_config.allowed_bad_certs.push_back(cert_and_status); | 336 client_ssl_config_.allowed_bad_certs.push_back(cert_and_status); |
338 | 337 |
339 HostPortPair host_and_pair("unittest", 0); | 338 HostPortPair host_and_pair("unittest", 0); |
340 SSLClientSocketContext context; | 339 SSLClientSocketContext context; |
341 context.cert_verifier = cert_verifier_.get(); | 340 context.cert_verifier = cert_verifier_.get(); |
342 context.transport_security_state = transport_security_state_.get(); | 341 context.transport_security_state = transport_security_state_.get(); |
343 client_socket_ = | 342 client_socket_ = socket_factory_->CreateSSLClientSocket( |
344 socket_factory_->CreateSSLClientSocket( | 343 client_connection.Pass(), host_and_pair, client_ssl_config_, context); |
345 client_connection.Pass(), host_and_pair, ssl_config, context); | 344 server_socket_ = |
346 server_socket_ = CreateSSLServerSocket( | 345 CreateSSLServerSocket(server_socket.Pass(), cert.get(), |
347 server_socket.Pass(), | 346 private_key.get(), server_ssl_config_); |
348 cert.get(), private_key.get(), SSLConfig()); | |
349 } | 347 } |
350 | 348 |
351 FakeDataChannel channel_1_; | 349 FakeDataChannel channel_1_; |
352 FakeDataChannel channel_2_; | 350 FakeDataChannel channel_2_; |
| 351 SSLConfig client_ssl_config_; |
| 352 SSLConfig server_ssl_config_; |
353 scoped_ptr<SSLClientSocket> client_socket_; | 353 scoped_ptr<SSLClientSocket> client_socket_; |
354 scoped_ptr<SSLServerSocket> server_socket_; | 354 scoped_ptr<SSLServerSocket> server_socket_; |
355 ClientSocketFactory* socket_factory_; | 355 ClientSocketFactory* socket_factory_; |
356 scoped_ptr<MockCertVerifier> cert_verifier_; | 356 scoped_ptr<MockCertVerifier> cert_verifier_; |
357 scoped_ptr<TransportSecurityState> transport_security_state_; | 357 scoped_ptr<TransportSecurityState> transport_security_state_; |
358 }; | 358 }; |
359 | 359 |
360 // This test only executes creation of client and server sockets. This is to | 360 // This test only executes creation of client and server sockets. This is to |
361 // test that creation of sockets doesn't crash and have minimal code to run | 361 // test that creation of sockets doesn't crash and have minimal code to run |
362 // under valgrind in order to help debugging memory problems. | 362 // under valgrind in order to help debugging memory problems. |
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
584 | 584 |
585 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad"; | 585 const char kKeyingLabelBad[] = "EXPERIMENTAL-server-socket-test-bad"; |
586 unsigned char client_bad[kKeyingMaterialSize]; | 586 unsigned char client_bad[kKeyingMaterialSize]; |
587 rv = client_socket_->ExportKeyingMaterial(kKeyingLabelBad, | 587 rv = client_socket_->ExportKeyingMaterial(kKeyingLabelBad, |
588 false, kKeyingContext, | 588 false, kKeyingContext, |
589 client_bad, sizeof(client_bad)); | 589 client_bad, sizeof(client_bad)); |
590 ASSERT_EQ(rv, OK); | 590 ASSERT_EQ(rv, OK); |
591 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out))); | 591 EXPECT_NE(0, memcmp(server_out, client_bad, sizeof(server_out))); |
592 } | 592 } |
593 | 593 |
| 594 // Verifies that SSLConfig::require_ecdhe flags works properly. |
| 595 TEST_F(SSLServerSocketTest, RequireEcdheFlag) { |
| 596 // Disable all ECDHE suites on the client side. |
| 597 uint16_t kEcdheCiphers[] = { |
| 598 0xc007, // ECDHE_ECDSA_WITH_RC4_128_SHA |
| 599 0xc009, // ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
| 600 0xc00a, // ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| 601 0xc011, // ECDHE_RSA_WITH_RC4_128_SHA |
| 602 0xc013, // ECDHE_RSA_WITH_AES_128_CBC_SHA |
| 603 0xc014, // ECDHE_RSA_WITH_AES_256_CBC_SHA |
| 604 0xc02b, // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| 605 0xc02f, // ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| 606 0xcc13, // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
| 607 0xcc14, // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
| 608 }; |
| 609 client_ssl_config_.disabled_cipher_suites.assign( |
| 610 kEcdheCiphers, kEcdheCiphers + arraysize(kEcdheCiphers)); |
| 611 |
| 612 // Require ECDHE on the server. |
| 613 server_ssl_config_.require_ecdhe = true; |
| 614 |
| 615 Initialize(); |
| 616 |
| 617 TestCompletionCallback connect_callback; |
| 618 TestCompletionCallback handshake_callback; |
| 619 |
| 620 int client_ret = client_socket_->Connect(connect_callback.callback()); |
| 621 int server_ret = server_socket_->Handshake(handshake_callback.callback()); |
| 622 |
| 623 client_ret = connect_callback.GetResult(client_ret); |
| 624 server_ret = handshake_callback.GetResult(client_ret); |
| 625 |
| 626 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, client_ret); |
| 627 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, server_ret); |
| 628 } |
| 629 |
594 } // namespace net | 630 } // namespace net |
OLD | NEW |