Chromium Code Reviews Chromium Code Reviews
Issue 1360633002:
Implement Token Binding negotiation TLS extension (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/location.h" | 8 #include "base/location.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
| (...skipping 2566 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2577 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2577 ssl_options.key_exchanges = SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2578 ASSERT_TRUE(StartTestServer(ssl_options)); | 2578 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2579 | 2579 |
| 2580 SSLConfig config; | 2580 SSLConfig config; |
| 2581 config.require_ecdhe = true; | 2581 config.require_ecdhe = true; |
| 2582 int rv; | 2582 int rv; |
| 2583 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); | 2583 ASSERT_TRUE(CreateAndConnectSSLClientSocket(config, &rv)); |
| 2584 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); | 2584 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
| 2585 } | 2585 } |
| 2586 | 2586 |
| 2587 TEST_F(SSLClientSocketTest, TokenBindingEnabled) { | |
| 2588 SpawnedTestServer::SSLOptions ssl_options; | |
| 2589 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
| 2590 ssl_options.disable_channel_id = true; | |
|
davidben
2015/11/04 17:40:13
Not needed either. :-)
nharper
2015/11/04 19:43:19
Done.
| |
| 2591 ASSERT_TRUE(StartTestServer(ssl_options)); | |
| 2592 | |
| 2593 SSLConfig ssl_config; | |
| 2594 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
| 2595 | |
| 2596 int rv; | |
| 2597 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2598 EXPECT_EQ(OK, rv); | |
| 2599 SSLInfo info; | |
| 2600 EXPECT_TRUE(sock_->GetSSLInfo(&info)); | |
| 2601 EXPECT_TRUE(info.token_binding_negotiated); | |
| 2602 EXPECT_EQ(TB_PARAM_ECDSAP256, info.token_binding_key_param); | |
| 2603 } | |
| 2604 | |
| 2605 TEST_F(SSLClientSocketTest, TokenBindingFailsWithEmsDisabled) { | |
| 2606 SpawnedTestServer::SSLOptions ssl_options; | |
| 2607 ssl_options.supported_token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
| 2608 ssl_options.disable_extended_master_secret = true; | |
| 2609 ssl_options.disable_channel_id = true; | |
|
davidben
2015/11/04 17:40:13
Ditto.
nharper
2015/11/04 19:43:19
Done.
| |
| 2610 ASSERT_TRUE(StartTestServer(ssl_options)); | |
| 2611 | |
| 2612 SSLConfig ssl_config; | |
| 2613 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
| 2614 | |
| 2615 int rv; | |
| 2616 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2617 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | |
| 2618 } | |
| 2619 | |
| 2620 TEST_F(SSLClientSocketTest, TokenBindingEnabledWithoutServerSupport) { | |
| 2621 SpawnedTestServer::SSLOptions ssl_options; | |
| 2622 ASSERT_TRUE(StartTestServer(ssl_options)); | |
| 2623 | |
| 2624 SSLConfig ssl_config; | |
| 2625 ssl_config.token_binding_params.push_back(TB_PARAM_ECDSAP256); | |
| 2626 | |
| 2627 int rv; | |
| 2628 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | |
| 2629 EXPECT_EQ(OK, rv); | |
| 2630 SSLInfo info; | |
| 2631 EXPECT_TRUE(sock_->GetSSLInfo(&info)); | |
| 2632 EXPECT_FALSE(info.token_binding_negotiated); | |
| 2633 } | |
| 2634 | |
| 2587 // In tests requiring NPN, client_config.alpn_protos and | 2635 // In tests requiring NPN, client_config.alpn_protos and |
| 2588 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is | 2636 // client_config.npn_protos both need to be set when using NSS, otherwise NPN is |
| 2589 // disabled due to quirks of the implementation. | 2637 // disabled due to quirks of the implementation. |
| 2590 | 2638 |
| 2591 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | 2639 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
| 2592 // False Start requires NPN/ALPN, ECDHE, and an AEAD. | 2640 // False Start requires NPN/ALPN, ECDHE, and an AEAD. |
| 2593 SpawnedTestServer::SSLOptions server_options; | 2641 SpawnedTestServer::SSLOptions server_options; |
| 2594 server_options.key_exchanges = | 2642 server_options.key_exchanges = |
| 2595 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2643 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; |
| 2596 server_options.bulk_ciphers = | 2644 server_options.bulk_ciphers = |
| (...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3015 int rv; | 3063 int rv; |
| 3016 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3064 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3017 EXPECT_EQ(OK, rv); | 3065 EXPECT_EQ(OK, rv); |
| 3018 | 3066 |
| 3019 std::string proto; | 3067 std::string proto; |
| 3020 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, | 3068 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, |
| 3021 sock_->GetNextProto(&proto)); | 3069 sock_->GetNextProto(&proto)); |
| 3022 } | 3070 } |
| 3023 | 3071 |
| 3024 } // namespace net | 3072 } // namespace net |
| OLD | NEW |
