Chromium Code Reviews Chromium Code Reviews
Issue 1360633002:
Implement Token Binding negotiation TLS extension (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/location.h" | 8 #include "base/location.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
| (...skipping 2566 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2577 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2577 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2578 ASSERT_TRUE(StartTestServer(ssl_options)); | 2578 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2579 | 2579 |
| 2580 SSLConfig config; | 2580 SSLConfig config; |
| 2581 config.require_ecdhe = true; | 2581 config.require_ecdhe = true; |
| 2582 int rv; | 2582 int rv; |
| 2583 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); | 2583 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); |
| 2584 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); | 2584 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
| 2585 } | 2585 } |
| 2586 | 2586 |
| 2587 TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabled) { | |
| 2588 SpawnedTestServer::SSLOptions ssl_options; | |
| 2589 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
| 2590 ssl_options.disable_channel_id = true; | |
| 2591 ASSERT_TRUE(StartTestServer(ssl_options)); | |
| 2592 | |
| 2593 EnableChannelID(); | |
|
davidben
2015/11/04 00:40:36
Is there actually any need to EnableChannelID in t
nharper
2015/11/04 02:28:04
They were from when I needed a ChannelIDService (a
| |
| 2594 SSLConfig ssl_config; | |
| 2595 ssl_config.token_binding_enabled = true; | |
| 2596 | |
| 2597 int rv; | |
| 2598 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2599 EXPECT_EQ(OK, rv); | |
| 2600 SSLInfo info; | |
| 2601 EXPECT_TRUE(sock_->GetSSLInfo(&info)); | |
| 2602 EXPECT_TRUE(info.token_binding_negotiated); | |
| 2603 EXPECT_EQ(TB_PARAM_ECDSAP256, info.token_binding_key_param); | |
| 2604 } | |
| 2605 | |
| 2606 TEST_F(SSLClientSocketChannelIDTest, TokenBindingFailsWithEmsDisabled) { | |
| 2607 SpawnedTestServer::SSLOptions ssl_options; | |
| 2608 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
| 2609 ssl_options.disable_extended_master_secret = true; | |
| 2610 ssl_options.disable_channel_id = true; | |
| 2611 ASSERT_TRUE(StartTestServer(ssl_options)); | |
| 2612 | |
| 2613 EnableChannelID(); | |
| 2614 SSLConfig ssl_config; | |
| 2615 ssl_config.token_binding_enabled = true; | |
| 2616 | |
| 2617 int rv; | |
| 2618 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2619 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | |
| 2620 } | |
| 2621 | |
| 2622 TEST_F(SSLClientSocketChannelIDTest, TokenBindingEnabledWithoutServerSupport) { | |
| 2623 SpawnedTestServer::SSLOptions ssl_options; | |
| 2624 ASSERT_TRUE(StartTestServer(ssl_options)); | |
| 2625 | |
| 2626 EnableChannelID(); | |
| 2627 SSLConfig ssl_config; | |
| 2628 ssl_config.token_binding_enabled = true; | |
| 2629 | |
| 2630 int rv; | |
| 2631 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2632 EXPECT_EQ(OK, rv); | |
| 2633 SSLInfo info; | |
| 2634 EXPECT_TRUE(sock_->GetSSLInfo(&info)); | |
| 2635 EXPECT_FALSE(info.token_binding_negotiated); | |
| 2636 } | |
| 2637 | |
| 2587 // In tests requiring NPN, client_config.alpn_protos and | 2638 // In tests requiring NPN, client_config.alpn_protos and |
| 2588 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is | 2639 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is |
| 2589 // disabled due to quirks of the implementation. | 2640 // disabled due to quirks of the implementation. |
| 2590 | 2641 |
| 2591 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | 2642 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
| 2592 // False Start requires NPN/ALPN, ECDHE, and an AEAD. | 2643 // False Start requires NPN/ALPN, ECDHE, and an AEAD. |
| 2593 SpawnedTestServer::SSLOptions server_options; | 2644 SpawnedTestServer::SSLOptions server_options; |
| 2594 server_options.key_exchanges = | 2645 server_options.key_exchanges = |
| 2595 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2646 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2596 server_options.bulk_ciphers = | 2647 server_options.bulk_ciphers = |
| (...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3015 int rv; | 3066 int rv; |
| 3016 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3067 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3017 EXPECT_EQ(OK, rv); | 3068 EXPECT_EQ(OK, rv); |
| 3018 | 3069 |
| 3019 std::string proto; | 3070 std::string proto; |
| 3020 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, | 3071 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, |
| 3021 sock_->GetNextProto(&proto)); | 3072 sock_->GetNextProto(&proto)); |
| 3022 } | 3073 } |
| 3023 | 3074 |
| 3024 } // namespace net | 3075 } // namespace net |
| OLD | NEW |
