Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(41)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_cipher_suite_names_unittest.cc

Issue 1405383003: IsSecureTLSCipherSuite should not classify DHE_RSA as secure. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_cipher_suite_names.h" 5 #include "net/ssl/ssl_cipher_suite_names.h"
6 6
7 #include "base/basictypes.h" 7 #include "base/basictypes.h"
8 #include "testing/gtest/include/gtest/gtest.h" 8 #include "testing/gtest/include/gtest/gtest.h"
9 9
10 namespace net { 10 namespace net {
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
57 }; 57 };
58 58
59 for (size_t i = 0; i < arraysize(cipher_strings); ++i) { 59 for (size_t i = 0; i < arraysize(cipher_strings); ++i) {
60 uint16 cipher_suite = 0; 60 uint16 cipher_suite = 0;
61 EXPECT_FALSE(ParseSSLCipherString(cipher_strings[i], &cipher_suite)); 61 EXPECT_FALSE(ParseSSLCipherString(cipher_strings[i], &cipher_suite));
62 } 62 }
63 } 63 }
64 64
65 TEST(CipherSuiteNamesTest, SecureCipherSuites) { 65 TEST(CipherSuiteNamesTest, SecureCipherSuites) {
66 // Picked some random cipher suites. 66 // Picked some random cipher suites.
67 EXPECT_FALSE(IsSecureTLSCipherSuite(0x0)); 67 EXPECT_FALSE(IsSecureTLSCipherSuite(0x0 /* TLS_NULL_WITH_NULL_NULL */));
68 EXPECT_FALSE(IsSecureTLSCipherSuite(0x39)); 68 EXPECT_FALSE(
69 EXPECT_FALSE(IsSecureTLSCipherSuite(0xc5)); 69 IsSecureTLSCipherSuite(0x39 /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */));
70 EXPECT_FALSE(IsSecureTLSCipherSuite(0xc00f)); 70 EXPECT_FALSE(IsSecureTLSCipherSuite(
71 EXPECT_FALSE(IsSecureTLSCipherSuite(0xc083)); 71 0xc5 /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */));
72 EXPECT_FALSE(
73 IsSecureTLSCipherSuite(0xc00f /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */));
74 EXPECT_FALSE(IsSecureTLSCipherSuite(
75 0xc083 /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */));
76 EXPECT_FALSE(
77 IsSecureTLSCipherSuite(0x9e /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */));
78 EXPECT_FALSE(
79 IsSecureTLSCipherSuite(0xc014 /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */));
80 EXPECT_FALSE(
81 IsSecureTLSCipherSuite(0x9c /* TLS_RSA_WITH_AES_128_GCM_SHA256 */));
72 82
73 // Non-existent cipher suite. 83 // Non-existent cipher suite.
74 EXPECT_FALSE(IsSecureTLSCipherSuite(0xffff)) << "Doesn't exist!"; 84 EXPECT_FALSE(IsSecureTLSCipherSuite(0xffff)) << "Doesn't exist!";
75 85
76 // Secure ones. 86 // Secure ones.
77 EXPECT_TRUE(IsSecureTLSCipherSuite(0xcc13)); 87 EXPECT_TRUE(IsSecureTLSCipherSuite(
78 EXPECT_TRUE(IsSecureTLSCipherSuite(0xcc14)); 88 0xc02f /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */));
79 EXPECT_TRUE(IsSecureTLSCipherSuite(0xcc15)); 89 EXPECT_TRUE(IsSecureTLSCipherSuite(
davidben 2015/10/16 21:39:19 (0xcc15 is the non-standard DHE_RSA CHACHA20_POLY1
90 0xcc13 /* ECDHE_RSA_WITH_CHACHA20_POLY1305 (non-standard) */));
91 EXPECT_TRUE(IsSecureTLSCipherSuite(
92 0xcc14 /* ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard) */));
93 }
94
95 TEST(CipherSuiteNamesTest, HTTP2CipherSuites) {
96 // Picked some random cipher suites.
97 EXPECT_FALSE(
98 IsTLSCipherSuiteAllowedByHTTP2(0x0 /* TLS_NULL_WITH_NULL_NULL */));
99 EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2(
100 0x39 /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */));
101 EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2(
102 0xc5 /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */));
103 EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2(
104 0xc00f /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */));
105 EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2(
106 0xc083 /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */));
107 EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2(
108 0xc014 /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */));
109 EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2(
110 0x9c /* TLS_RSA_WITH_AES_128_GCM_SHA256 */));
111
112 // Non-existent cipher suite.
113 EXPECT_FALSE(IsTLSCipherSuiteAllowedByHTTP2(0xffff)) << "Doesn't exist!";
114
115 // HTTP/2-compatible ones.
116 EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2(
117 0x9e /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */));
118 EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2(
119 0xc02f /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */));
120 EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2(
121 0xcc13 /* ECDHE_RSA_WITH_CHACHA20_POLY1305 (non-standard) */));
122 EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2(
123 0xcc14 /* ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard) */));
80 } 124 }
81 125
82 } // anonymous namespace 126 } // anonymous namespace
83 127
84 } // namespace net 128 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698