OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/macros.h" | 6 #include "base/macros.h" |
7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
8 #include "remoting/base/rsa_key_pair.h" | 8 #include "remoting/base/rsa_key_pair.h" |
9 #include "remoting/protocol/authenticator_test_base.h" | 9 #include "remoting/protocol/authenticator_test_base.h" |
10 #include "remoting/protocol/channel_authenticator.h" | 10 #include "remoting/protocol/channel_authenticator.h" |
(...skipping 27 matching lines...) Expand all Loading... |
38 | 38 |
39 const char kTestPairedSecret[] = "1111-2222-3333"; | 39 const char kTestPairedSecret[] = "1111-2222-3333"; |
40 const char kTestPairedSecretBad[] = "4444-5555-6666"; | 40 const char kTestPairedSecretBad[] = "4444-5555-6666"; |
41 const char kTestPin[] = "123456"; | 41 const char kTestPin[] = "123456"; |
42 const char kTestPinBad[] = "654321"; | 42 const char kTestPinBad[] = "654321"; |
43 | 43 |
44 } // namespace | 44 } // namespace |
45 | 45 |
46 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { | 46 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { |
47 public: | 47 public: |
48 NegotiatingAuthenticatorTest() { | 48 NegotiatingAuthenticatorTest() {} |
49 } | |
50 ~NegotiatingAuthenticatorTest() override {} | 49 ~NegotiatingAuthenticatorTest() override {} |
51 | 50 |
52 protected: | 51 protected: |
53 void InitAuthenticators( | 52 void InitAuthenticators(const std::string& client_id, |
54 const std::string& client_id, | 53 const std::string& client_paired_secret, |
55 const std::string& client_paired_secret, | 54 const std::string& client_interactive_pin, |
56 const std::string& client_interactive_pin, | 55 const std::string& host_secret, |
57 const std::string& host_secret, | 56 bool it2me, |
58 AuthenticationMethod::HashFunction hash_function, | 57 bool client_hmac_only) { |
59 bool client_hmac_only) { | 58 if (it2me) { |
60 std::string host_secret_hash = AuthenticationMethod::ApplyHashFunction( | 59 host_ = NegotiatingHostAuthenticator::CreateForIt2Me( |
61 hash_function, kTestHostId, host_secret); | 60 host_cert_, key_pair_, host_secret); |
62 host_ = NegotiatingHostAuthenticator::CreateWithSharedSecret( | 61 } else { |
63 host_cert_, key_pair_, host_secret_hash, hash_function, | 62 std::string host_secret_hash = ApplySharedSecretHashFunction( |
64 pairing_registry_); | 63 HashFunction::HMAC_SHA256, kTestHostId, host_secret); |
| 64 host_ = NegotiatingHostAuthenticator::CreateWithPin( |
| 65 host_cert_, key_pair_, host_secret_hash, pairing_registry_); |
| 66 } |
65 | 67 |
66 std::vector<AuthenticationMethod> methods; | 68 std::vector<AuthenticationMethod> methods; |
67 methods.push_back(AuthenticationMethod::Spake2Pair()); | 69 methods.push_back(AuthenticationMethod::SPAKE2_PAIR); |
68 methods.push_back(AuthenticationMethod::Spake2( | 70 methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC); |
69 AuthenticationMethod::HMAC_SHA256)); | |
70 if (!client_hmac_only) { | 71 if (!client_hmac_only) { |
71 methods.push_back(AuthenticationMethod::Spake2( | 72 methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN); |
72 AuthenticationMethod::NONE)); | |
73 } | 73 } |
74 bool pairing_expected = pairing_registry_.get() != nullptr; | 74 bool pairing_expected = pairing_registry_.get() != nullptr; |
75 FetchSecretCallback fetch_secret_callback = | 75 FetchSecretCallback fetch_secret_callback = |
76 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, | 76 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, |
77 client_interactive_pin, | 77 client_interactive_pin, |
78 pairing_expected); | 78 pairing_expected); |
79 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( | 79 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( |
80 client_id, client_paired_secret, | 80 client_id, client_paired_secret, |
81 kTestHostId, fetch_secret_callback, | 81 kTestHostId, fetch_secret_callback, |
82 nullptr, methods); | 82 nullptr, methods); |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
139 | 139 |
140 // Use a bare pointer because the storage is managed by the base class. | 140 // Use a bare pointer because the storage is managed by the base class. |
141 NegotiatingClientAuthenticator* client_as_negotiating_authenticator_; | 141 NegotiatingClientAuthenticator* client_as_negotiating_authenticator_; |
142 | 142 |
143 private: | 143 private: |
144 scoped_refptr<PairingRegistry> pairing_registry_; | 144 scoped_refptr<PairingRegistry> pairing_registry_; |
145 | 145 |
146 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); | 146 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); |
147 }; | 147 }; |
148 | 148 |
149 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthHmac) { | 149 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { |
150 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 150 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
151 kNoClientId, kNoPairedSecret, kTestPin, kTestPin, | 151 kTestPin, kTestPin, false, false)); |
152 AuthenticationMethod::HMAC_SHA256, false)); | 152 VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC); |
153 VerifyAccepted( | |
154 AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256)); | |
155 } | 153 } |
156 | 154 |
157 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthPlain) { | 155 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { |
158 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 156 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
159 kNoClientId, kNoPairedSecret, kTestPin, kTestPin, | 157 kTestPin, kTestPin, true, false)); |
160 AuthenticationMethod::NONE, false)); | 158 VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN); |
161 VerifyAccepted(AuthenticationMethod::Spake2(AuthenticationMethod::NONE)); | |
162 } | 159 } |
163 | 160 |
164 TEST_F(NegotiatingAuthenticatorTest, InvalidSecretHmac) { | 161 TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { |
165 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 162 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
166 kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin, | 163 kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin, false, false)); |
167 AuthenticationMethod::HMAC_SHA256, false)); | |
168 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 164 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
169 | 165 |
170 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 166 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
171 } | 167 } |
172 | 168 |
173 TEST_F(NegotiatingAuthenticatorTest, InvalidSecretPlain) { | 169 TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) { |
174 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 170 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
175 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, | 171 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, false)); |
176 AuthenticationMethod::NONE, false)); | |
177 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 172 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
178 | 173 |
179 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 174 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
180 } | 175 } |
181 | 176 |
182 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { | 177 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { |
183 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 178 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
184 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, | 179 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, true)); |
185 AuthenticationMethod::NONE, true)); | |
186 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 180 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
187 | 181 |
188 VerifyRejected(Authenticator::PROTOCOL_ERROR); | 182 VerifyRejected(Authenticator::PROTOCOL_ERROR); |
189 } | 183 } |
190 | 184 |
191 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { | 185 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { |
192 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 186 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
193 kTestClientId, kTestPairedSecret, kTestPin, kTestPin, | 187 kTestPin, kTestPin, false, false)); |
194 AuthenticationMethod::HMAC_SHA256, false)); | |
195 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 188 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
196 VerifyAccepted( | 189 VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC); |
197 AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256)); | |
198 } | 190 } |
199 | 191 |
200 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { | 192 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { |
201 CreatePairingRegistry(false); | 193 CreatePairingRegistry(false); |
202 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 194 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
203 kNoClientId, kNoPairedSecret, kTestPin, kTestPin, | 195 kTestPin, kTestPin, false, false)); |
204 AuthenticationMethod::HMAC_SHA256, false)); | |
205 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 196 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
206 VerifyAccepted(AuthenticationMethod::Spake2Pair()); | 197 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); |
207 } | 198 } |
208 | 199 |
209 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { | 200 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { |
210 CreatePairingRegistry(false); | 201 CreatePairingRegistry(false); |
211 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 202 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
212 kTestClientId, kTestPairedSecret, kTestPin, kTestPin, | 203 kTestPin, kTestPin, false, false)); |
213 AuthenticationMethod::HMAC_SHA256, false)); | |
214 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 204 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
215 VerifyAccepted(AuthenticationMethod::Spake2Pair()); | 205 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); |
216 } | 206 } |
217 | 207 |
218 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { | 208 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { |
219 CreatePairingRegistry(false); | 209 CreatePairingRegistry(false); |
220 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 210 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
221 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, | 211 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false)); |
222 AuthenticationMethod::HMAC_SHA256, false)); | |
223 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 212 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
224 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 213 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
225 } | 214 } |
226 | 215 |
227 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { | 216 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { |
228 CreatePairingRegistry(true); | 217 CreatePairingRegistry(true); |
229 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 218 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
230 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, | 219 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false)); |
231 AuthenticationMethod::HMAC_SHA256, false)); | |
232 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 220 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
233 VerifyAccepted(AuthenticationMethod::Spake2Pair()); | 221 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); |
234 } | 222 } |
235 | 223 |
236 TEST_F(NegotiatingAuthenticatorTest, | 224 TEST_F(NegotiatingAuthenticatorTest, |
237 PairingSucceededInvalidSecretButPinOkay) { | 225 PairingSucceededInvalidSecretButPinOkay) { |
238 CreatePairingRegistry(true); | 226 CreatePairingRegistry(true); |
239 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 227 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
240 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, | 228 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false, false)); |
241 AuthenticationMethod::HMAC_SHA256, false)); | |
242 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 229 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
243 VerifyAccepted(AuthenticationMethod::Spake2Pair()); | 230 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); |
244 } | 231 } |
245 | 232 |
246 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { | 233 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { |
247 CreatePairingRegistry(true); | 234 CreatePairingRegistry(true); |
248 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 235 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, |
249 kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, | 236 kTestPairedSecretBad, kTestPinBad, |
250 AuthenticationMethod::HMAC_SHA256, false)); | 237 kTestPin, false, false)); |
251 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 238 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
252 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 239 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
253 } | 240 } |
254 | 241 |
255 } // namespace protocol | 242 } // namespace protocol |
256 } // namespace remoting | 243 } // namespace remoting |
OLD | NEW |