Index: net/ssl/ssl_cipher_suite_names_unittest.cc |
diff --git a/net/ssl/ssl_cipher_suite_names_unittest.cc b/net/ssl/ssl_cipher_suite_names_unittest.cc |
index f86367710832693ba7bb9acdc07f3b5680c09e5d..83eb55c617145bc4901727c0144c61eb5cae63eb 100644 |
--- a/net/ssl/ssl_cipher_suite_names_unittest.cc |
+++ b/net/ssl/ssl_cipher_suite_names_unittest.cc |
@@ -6,12 +6,37 @@ |
#include "base/macros.h" |
#include "base/strings/stringprintf.h" |
+#include "net/ssl/ssl_connection_status_flags.h" |
#include "testing/gtest/include/gtest/gtest.h" |
namespace net { |
namespace { |
+int kObsoleteVersion = SSL_CONNECTION_VERSION_TLS1; |
+int kModernVersion = SSL_CONNECTION_VERSION_TLS1_2; |
+ |
+uint16_t kModernCipherSuite = |
+ 0xc02f; /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ |
+ |
+uint16_t kObsoleteCipherObsoleteKeyExchange = |
+ 0x67; /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ |
+uint16_t kObsoleteCipherModernKeyExchange = |
+ 0x9e; /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ |
+uint16_t kModernCipherObsoleteKeyExchange = |
+ 0xc014; /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ |
+uint16_t kModernCipherModernKeyExchange = |
+ 0xc02f; /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ |
+ |
+int MakeConnectionStatus(int version, uint16_t cipher_suite) { |
+ int connection_status = 0; |
+ |
+ SSLConnectionStatusSetVersion(version, &connection_status); |
+ SSLConnectionStatusSetCipherSuite(cipher_suite, &connection_status); |
+ |
+ return connection_status; |
+} |
+ |
TEST(CipherSuiteNamesTest, Basic) { |
const char *key_exchange, *cipher, *mac; |
bool is_aead; |
@@ -70,38 +95,58 @@ TEST(CipherSuiteNamesTest, ParseSSLCipherStringFails) { |
} |
} |
-TEST(CipherSuiteNamesTest, SecureCipherSuites) { |
- // Picked some random cipher suites. |
- EXPECT_FALSE(IsSecureTLSCipherSuite(0x0 /* TLS_NULL_WITH_NULL_NULL */)); |
- EXPECT_FALSE( |
- IsSecureTLSCipherSuite(0x39 /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */)); |
- EXPECT_FALSE(IsSecureTLSCipherSuite( |
- 0xc5 /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */)); |
- EXPECT_FALSE( |
- IsSecureTLSCipherSuite(0xc00f /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */)); |
- EXPECT_FALSE(IsSecureTLSCipherSuite( |
- 0xc083 /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */)); |
- EXPECT_FALSE( |
- IsSecureTLSCipherSuite(0x9e /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */)); |
- EXPECT_FALSE( |
- IsSecureTLSCipherSuite(0xc014 /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */)); |
- EXPECT_FALSE( |
- IsSecureTLSCipherSuite(0x9c /* TLS_RSA_WITH_AES_128_GCM_SHA256 */)); |
- |
- // Non-existent cipher suite. |
- EXPECT_FALSE(IsSecureTLSCipherSuite(0xffff)) << "Doesn't exist!"; |
+TEST(CipherSuiteNamesTest, ObsoleteSSLStatusProtocol) { |
+ // Obsolete |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL, |
+ ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_SSL2, |
+ kModernCipherSuite))); |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL, |
+ ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_SSL3, |
+ kModernCipherSuite))); |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL, |
+ ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_TLS1, |
+ kModernCipherSuite))); |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ SSL_CONNECTION_VERSION_TLS1_1, kModernCipherSuite))); |
+ |
+ // Modern |
+ EXPECT_EQ(OBSOLETE_SSL_NONE, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ SSL_CONNECTION_VERSION_TLS1_2, kModernCipherSuite))); |
+ EXPECT_EQ(OBSOLETE_SSL_NONE, |
+ ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_QUIC, |
+ kModernCipherSuite))); |
+} |
- // Secure ones. |
- EXPECT_TRUE(IsSecureTLSCipherSuite( |
- 0xc02f /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */)); |
- EXPECT_TRUE(IsSecureTLSCipherSuite( |
- 0xcc13 /* ECDHE_RSA_WITH_CHACHA20_POLY1305 (non-standard) */)); |
- EXPECT_TRUE(IsSecureTLSCipherSuite( |
- 0xcc14 /* ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard) */)); |
- EXPECT_TRUE(IsSecureTLSCipherSuite( |
- 0xcca8 /* ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */)); |
- EXPECT_TRUE(IsSecureTLSCipherSuite( |
- 0xcca9 /* ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */)); |
+TEST(CipherSuiteNamesTest, ObsoleteSSLStatusProtocolAndCipherSuite) { |
+ // Cartesian combos |
+ // As above, some of these combinations can't happen in practice. |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE | |
+ OBSOLETE_SSL_MASK_CIPHER, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ kObsoleteVersion, kObsoleteCipherObsoleteKeyExchange))); |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ kObsoleteVersion, kObsoleteCipherModernKeyExchange))); |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_CIPHER, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ kObsoleteVersion, kModernCipherObsoleteKeyExchange))); |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ kObsoleteVersion, kModernCipherModernKeyExchange))); |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_KEY_EXCHANGE | OBSOLETE_SSL_MASK_CIPHER, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ kModernVersion, kObsoleteCipherObsoleteKeyExchange))); |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_KEY_EXCHANGE, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ kModernVersion, kObsoleteCipherModernKeyExchange))); |
+ EXPECT_EQ(OBSOLETE_SSL_MASK_CIPHER, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ kModernVersion, kModernCipherObsoleteKeyExchange))); |
+ EXPECT_EQ(OBSOLETE_SSL_NONE, |
+ ObsoleteSSLStatus(MakeConnectionStatus( |
+ kModernVersion, kModernCipherModernKeyExchange))); |
} |
TEST(CipherSuiteNamesTest, HTTP2CipherSuites) { |
@@ -152,7 +197,10 @@ TEST(CipherSuiteNamesTest, CECPQ1) { |
for (const uint16_t cipher_suite_id : kCECPQ1CipherSuites) { |
SCOPED_TRACE(base::StringPrintf("cipher suite %x", cipher_suite_id)); |
EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2(cipher_suite_id)); |
- EXPECT_TRUE(IsSecureTLSCipherSuite(cipher_suite_id)); |
+ |
+ int connection_status = |
+ MakeConnectionStatus(kModernVersion, cipher_suite_id); |
+ EXPECT_EQ(OBSOLETE_SSL_NONE, ObsoleteSSLStatus(connection_status)); |
SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, |
cipher_suite_id); |
EXPECT_TRUE(is_aead); |