| Index: net/ssl/ssl_cipher_suite_names_unittest.cc
|
| diff --git a/net/ssl/ssl_cipher_suite_names_unittest.cc b/net/ssl/ssl_cipher_suite_names_unittest.cc
|
| index cfa26e0a6b20c262084bb70e331861fd3ffd20b1..89024ea28e85cf118ce2faed5486e69f716804fe 100644
|
| --- a/net/ssl/ssl_cipher_suite_names_unittest.cc
|
| +++ b/net/ssl/ssl_cipher_suite_names_unittest.cc
|
| @@ -5,12 +5,22 @@
|
| #include "net/ssl/ssl_cipher_suite_names.h"
|
|
|
| #include "base/macros.h"
|
| +#include "net/ssl/ssl_connection_status_flags.h"
|
| #include "testing/gtest/include/gtest/gtest.h"
|
|
|
| namespace net {
|
|
|
| namespace {
|
|
|
| +int MakeConnectionStatus(int version, uint16_t cipher_suite) {
|
| + int connection_status = 0;
|
| +
|
| + SSLConnectionStatusSetVersion(version, &connection_status);
|
| + SSLConnectionStatusSetCipherSuite(cipher_suite, &connection_status);
|
| +
|
| + return connection_status;
|
| +}
|
| +
|
| TEST(CipherSuiteNamesTest, Basic) {
|
| const char *key_exchange, *cipher, *mac;
|
| bool is_aead;
|
| @@ -69,38 +79,83 @@ TEST(CipherSuiteNamesTest, ParseSSLCipherStringFails) {
|
| }
|
| }
|
|
|
| -TEST(CipherSuiteNamesTest, SecureCipherSuites) {
|
| - // Picked some random cipher suites.
|
| - EXPECT_FALSE(IsSecureTLSCipherSuite(0x0 /* TLS_NULL_WITH_NULL_NULL */));
|
| - EXPECT_FALSE(
|
| - IsSecureTLSCipherSuite(0x39 /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */));
|
| - EXPECT_FALSE(IsSecureTLSCipherSuite(
|
| - 0xc5 /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */));
|
| - EXPECT_FALSE(
|
| - IsSecureTLSCipherSuite(0xc00f /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */));
|
| - EXPECT_FALSE(IsSecureTLSCipherSuite(
|
| - 0xc083 /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */));
|
| - EXPECT_FALSE(
|
| - IsSecureTLSCipherSuite(0x9e /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */));
|
| - EXPECT_FALSE(
|
| - IsSecureTLSCipherSuite(0xc014 /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */));
|
| - EXPECT_FALSE(
|
| - IsSecureTLSCipherSuite(0x9c /* TLS_RSA_WITH_AES_128_GCM_SHA256 */));
|
| -
|
| - // Non-existent cipher suite.
|
| - EXPECT_FALSE(IsSecureTLSCipherSuite(0xffff)) << "Doesn't exist!";
|
| +TEST(CipherSuiteNamesTest, ObsoleteSSLStatusProtocol) {
|
| + // Modern cipher suite. Note that this can't actually appear with obsolete
|
| + // cipher suites in a real connection, but we're just trying to test that
|
| + // ObsoleteSSLStatus() can identify an obsolete protocol individually.
|
| + uint16_t kModernCipherSuite =
|
| + 0xc02f; /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
|
| +
|
| + // Obsolete
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_SSL2,
|
| + kModernCipherSuite)));
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_SSL3,
|
| + kModernCipherSuite)));
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_TLS1,
|
| + kModernCipherSuite)));
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + SSL_CONNECTION_VERSION_TLS1_1, kModernCipherSuite)));
|
| +
|
| + // Modern
|
| + EXPECT_EQ(OBSOLETE_SSL_NONE,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + SSL_CONNECTION_VERSION_TLS1_2, kModernCipherSuite)));
|
| + EXPECT_EQ(OBSOLETE_SSL_NONE,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_QUIC,
|
| + kModernCipherSuite)));
|
| +}
|
|
|
| - // Secure ones.
|
| - EXPECT_TRUE(IsSecureTLSCipherSuite(
|
| - 0xc02f /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */));
|
| - EXPECT_TRUE(IsSecureTLSCipherSuite(
|
| - 0xcc13 /* ECDHE_RSA_WITH_CHACHA20_POLY1305 (non-standard) */));
|
| - EXPECT_TRUE(IsSecureTLSCipherSuite(
|
| - 0xcc14 /* ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard) */));
|
| - EXPECT_TRUE(IsSecureTLSCipherSuite(
|
| - 0xcca8 /* ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */));
|
| - EXPECT_TRUE(IsSecureTLSCipherSuite(
|
| - 0xcca9 /* ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */));
|
| +TEST(CipherSuiteNamesTest, ObsoleteSSLStatusProtocolAndCipherSuite) {
|
| + int kObsoleteVersion = SSL_CONNECTION_VERSION_TLS1;
|
| + int kModernVersion = SSL_CONNECTION_VERSION_TLS1_2;
|
| +
|
| + uint16_t kObsoleteCipherObsoleteKeyExchange =
|
| + 0x67; /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
|
| + uint16_t kObsoleteCipherModernKeyExchange =
|
| + 0x9e; /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
|
| + uint16_t kModernCipherObsoleteKeyExchange =
|
| + 0xc014; /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
|
| + uint16_t kModernCipherModernKeyExchange =
|
| + 0xc02f; /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
|
| +
|
| + // Bogus
|
| + EXPECT_EQ(
|
| + OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE |
|
| + OBSOLETE_SSL_MASK_CIPHER,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + SSL_CONNECTION_VERSION_UNKNOWN, 0x0 /* TLS_NULL_WITH_NULL_NULL */)));
|
| +
|
| + // Cartesian combos
|
| + // As above, some of these combinations can't happen in practice.
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE |
|
| + OBSOLETE_SSL_MASK_CIPHER,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + kObsoleteVersion, kObsoleteCipherObsoleteKeyExchange)));
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + kObsoleteVersion, kObsoleteCipherModernKeyExchange)));
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_CIPHER,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + kObsoleteVersion, kModernCipherObsoleteKeyExchange)));
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + kObsoleteVersion, kModernCipherModernKeyExchange)));
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_KEY_EXCHANGE | OBSOLETE_SSL_MASK_CIPHER,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + kModernVersion, kObsoleteCipherObsoleteKeyExchange)));
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_KEY_EXCHANGE,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + kModernVersion, kObsoleteCipherModernKeyExchange)));
|
| + EXPECT_EQ(OBSOLETE_SSL_MASK_CIPHER,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + kModernVersion, kModernCipherObsoleteKeyExchange)));
|
| + EXPECT_EQ(OBSOLETE_SSL_NONE,
|
| + ObsoleteSSLStatus(MakeConnectionStatus(
|
| + kModernVersion, kModernCipherModernKeyExchange)));
|
| }
|
|
|
| TEST(CipherSuiteNamesTest, HTTP2CipherSuites) {
|
|
|
Chromium Code Reviews
Issue 1727133002:
Expose TLS settings in the Security panel overview, and call out individual obsolete settings. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master