Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(190)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/ssl_cipher_suite_names_unittest.cc

Issue 1727133002: Expose TLS settings in the Security panel overview, and call out individual obsolete settings. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Also check that connection_status is not zero, which is the case for 3 browser tests. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.cc ('k') | third_party/WebKit/LayoutTests/http/tests/inspector/security/security-explanation-ordering.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/ssl_cipher_suite_names_unittest.cc
diff --git a/net/ssl/ssl_cipher_suite_names_unittest.cc b/net/ssl/ssl_cipher_suite_names_unittest.cc
index f86367710832693ba7bb9acdc07f3b5680c09e5d..83eb55c617145bc4901727c0144c61eb5cae63eb 100644
--- a/net/ssl/ssl_cipher_suite_names_unittest.cc
+++ b/net/ssl/ssl_cipher_suite_names_unittest.cc
@@ -6,12 +6,37 @@
#include "base/macros.h"
#include "base/strings/stringprintf.h"
+#include "net/ssl/ssl_connection_status_flags.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace net {
namespace {
+int kObsoleteVersion = SSL_CONNECTION_VERSION_TLS1;
+int kModernVersion = SSL_CONNECTION_VERSION_TLS1_2;
+
+uint16_t kModernCipherSuite =
+ 0xc02f; /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
+
+uint16_t kObsoleteCipherObsoleteKeyExchange =
+ 0x67; /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */
+uint16_t kObsoleteCipherModernKeyExchange =
+ 0x9e; /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */
+uint16_t kModernCipherObsoleteKeyExchange =
+ 0xc014; /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */
+uint16_t kModernCipherModernKeyExchange =
+ 0xc02f; /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */
+
+int MakeConnectionStatus(int version, uint16_t cipher_suite) {
+ int connection_status = 0;
+
+ SSLConnectionStatusSetVersion(version, &connection_status);
+ SSLConnectionStatusSetCipherSuite(cipher_suite, &connection_status);
+
+ return connection_status;
+}
+
TEST(CipherSuiteNamesTest, Basic) {
const char *key_exchange, *cipher, *mac;
bool is_aead;
@@ -70,38 +95,58 @@ TEST(CipherSuiteNamesTest, ParseSSLCipherStringFails) {
}
}
-TEST(CipherSuiteNamesTest, SecureCipherSuites) {
- // Picked some random cipher suites.
- EXPECT_FALSE(IsSecureTLSCipherSuite(0x0 /* TLS_NULL_WITH_NULL_NULL */));
- EXPECT_FALSE(
- IsSecureTLSCipherSuite(0x39 /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */));
- EXPECT_FALSE(IsSecureTLSCipherSuite(
- 0xc5 /* TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 */));
- EXPECT_FALSE(
- IsSecureTLSCipherSuite(0xc00f /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */));
- EXPECT_FALSE(IsSecureTLSCipherSuite(
- 0xc083 /* TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 */));
- EXPECT_FALSE(
- IsSecureTLSCipherSuite(0x9e /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */));
- EXPECT_FALSE(
- IsSecureTLSCipherSuite(0xc014 /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */));
- EXPECT_FALSE(
- IsSecureTLSCipherSuite(0x9c /* TLS_RSA_WITH_AES_128_GCM_SHA256 */));
-
- // Non-existent cipher suite.
- EXPECT_FALSE(IsSecureTLSCipherSuite(0xffff)) << "Doesn't exist!";
+TEST(CipherSuiteNamesTest, ObsoleteSSLStatusProtocol) {
+ // Obsolete
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
+ ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_SSL2,
+ kModernCipherSuite)));
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
+ ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_SSL3,
+ kModernCipherSuite)));
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
+ ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_TLS1,
+ kModernCipherSuite)));
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ SSL_CONNECTION_VERSION_TLS1_1, kModernCipherSuite)));
+
+ // Modern
+ EXPECT_EQ(OBSOLETE_SSL_NONE,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ SSL_CONNECTION_VERSION_TLS1_2, kModernCipherSuite)));
+ EXPECT_EQ(OBSOLETE_SSL_NONE,
+ ObsoleteSSLStatus(MakeConnectionStatus(SSL_CONNECTION_VERSION_QUIC,
+ kModernCipherSuite)));
+}
- // Secure ones.
- EXPECT_TRUE(IsSecureTLSCipherSuite(
- 0xc02f /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */));
- EXPECT_TRUE(IsSecureTLSCipherSuite(
- 0xcc13 /* ECDHE_RSA_WITH_CHACHA20_POLY1305 (non-standard) */));
- EXPECT_TRUE(IsSecureTLSCipherSuite(
- 0xcc14 /* ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard) */));
- EXPECT_TRUE(IsSecureTLSCipherSuite(
- 0xcca8 /* ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */));
- EXPECT_TRUE(IsSecureTLSCipherSuite(
- 0xcca9 /* ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */));
+TEST(CipherSuiteNamesTest, ObsoleteSSLStatusProtocolAndCipherSuite) {
+ // Cartesian combos
+ // As above, some of these combinations can't happen in practice.
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE |
+ OBSOLETE_SSL_MASK_CIPHER,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ kObsoleteVersion, kObsoleteCipherObsoleteKeyExchange)));
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_KEY_EXCHANGE,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ kObsoleteVersion, kObsoleteCipherModernKeyExchange)));
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL | OBSOLETE_SSL_MASK_CIPHER,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ kObsoleteVersion, kModernCipherObsoleteKeyExchange)));
+ EXPECT_EQ(OBSOLETE_SSL_MASK_PROTOCOL,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ kObsoleteVersion, kModernCipherModernKeyExchange)));
+ EXPECT_EQ(OBSOLETE_SSL_MASK_KEY_EXCHANGE | OBSOLETE_SSL_MASK_CIPHER,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ kModernVersion, kObsoleteCipherObsoleteKeyExchange)));
+ EXPECT_EQ(OBSOLETE_SSL_MASK_KEY_EXCHANGE,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ kModernVersion, kObsoleteCipherModernKeyExchange)));
+ EXPECT_EQ(OBSOLETE_SSL_MASK_CIPHER,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ kModernVersion, kModernCipherObsoleteKeyExchange)));
+ EXPECT_EQ(OBSOLETE_SSL_NONE,
+ ObsoleteSSLStatus(MakeConnectionStatus(
+ kModernVersion, kModernCipherModernKeyExchange)));
}
TEST(CipherSuiteNamesTest, HTTP2CipherSuites) {
@@ -152,7 +197,10 @@ TEST(CipherSuiteNamesTest, CECPQ1) {
for (const uint16_t cipher_suite_id : kCECPQ1CipherSuites) {
SCOPED_TRACE(base::StringPrintf("cipher suite %x", cipher_suite_id));
EXPECT_TRUE(IsTLSCipherSuiteAllowedByHTTP2(cipher_suite_id));
- EXPECT_TRUE(IsSecureTLSCipherSuite(cipher_suite_id));
+
+ int connection_status =
+ MakeConnectionStatus(kModernVersion, cipher_suite_id);
+ EXPECT_EQ(OBSOLETE_SSL_NONE, ObsoleteSSLStatus(connection_status));
SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead,
cipher_suite_id);
EXPECT_TRUE(is_aead);
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.cc ('k') | third_party/WebKit/LayoutTests/http/tests/inspector/security/security-explanation-ordering.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698