| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/macros.h" | 6 #include "base/macros.h" |
| 7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
| 8 #include "remoting/base/rsa_key_pair.h" | 8 #include "remoting/base/rsa_key_pair.h" |
| 9 #include "remoting/protocol/authenticator_test_base.h" | 9 #include "remoting/protocol/authenticator_test_base.h" |
| 10 #include "remoting/protocol/channel_authenticator.h" | 10 #include "remoting/protocol/channel_authenticator.h" |
| (...skipping 27 matching lines...) Expand all Loading... |
| 38 | 38 |
| 39 const char kTestPairedSecret[] = "1111-2222-3333"; | 39 const char kTestPairedSecret[] = "1111-2222-3333"; |
| 40 const char kTestPairedSecretBad[] = "4444-5555-6666"; | 40 const char kTestPairedSecretBad[] = "4444-5555-6666"; |
| 41 const char kTestPin[] = "123456"; | 41 const char kTestPin[] = "123456"; |
| 42 const char kTestPinBad[] = "654321"; | 42 const char kTestPinBad[] = "654321"; |
| 43 | 43 |
| 44 } // namespace | 44 } // namespace |
| 45 | 45 |
| 46 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { | 46 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { |
| 47 public: | 47 public: |
| 48 NegotiatingAuthenticatorTest() { | 48 NegotiatingAuthenticatorTest() {} |
| 49 } | |
| 50 ~NegotiatingAuthenticatorTest() override {} | 49 ~NegotiatingAuthenticatorTest() override {} |
| 51 | 50 |
| 52 protected: | 51 protected: |
| 53 void InitAuthenticators( | 52 void InitAuthenticators(const std::string& client_id, |
| 54 const std::string& client_id, | 53 const std::string& client_paired_secret, |
| 55 const std::string& client_paired_secret, | 54 const std::string& client_interactive_pin, |
| 56 const std::string& client_interactive_pin, | 55 const std::string& host_secret, |
| 57 const std::string& host_secret, | 56 bool it2me, |
| 58 AuthenticationMethod::HashFunction hash_function, | 57 bool client_hmac_only) { |
| 59 bool client_hmac_only) { | 58 if (it2me) { |
| 60 std::string host_secret_hash = AuthenticationMethod::ApplyHashFunction( | 59 host_ = NegotiatingHostAuthenticator::CreateForIt2Me( |
| 61 hash_function, kTestHostId, host_secret); | 60 host_cert_, key_pair_, host_secret); |
| 62 host_ = NegotiatingHostAuthenticator::CreateWithSharedSecret( | 61 } else { |
| 63 host_cert_, key_pair_, host_secret_hash, hash_function, | 62 std::string host_secret_hash = ApplySharedSecretHashFunction( |
| 64 pairing_registry_); | 63 HashFunction::HMAC_SHA256, kTestHostId, host_secret); |
| 64 host_ = NegotiatingHostAuthenticator::CreateWithPin( |
| 65 host_cert_, key_pair_, host_secret_hash, pairing_registry_); |
| 66 } |
| 65 | 67 |
| 66 std::vector<AuthenticationMethod> methods; | 68 std::vector<AuthenticationMethod> methods; |
| 67 methods.push_back(AuthenticationMethod::Spake2Pair()); | 69 methods.push_back(AuthenticationMethod::SPAKE2_PAIR); |
| 68 methods.push_back(AuthenticationMethod::Spake2( | 70 methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC); |
| 69 AuthenticationMethod::HMAC_SHA256)); | |
| 70 if (!client_hmac_only) { | 71 if (!client_hmac_only) { |
| 71 methods.push_back(AuthenticationMethod::Spake2( | 72 methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN); |
| 72 AuthenticationMethod::NONE)); | |
| 73 } | 73 } |
| 74 bool pairing_expected = pairing_registry_.get() != nullptr; | 74 bool pairing_expected = pairing_registry_.get() != nullptr; |
| 75 FetchSecretCallback fetch_secret_callback = | 75 FetchSecretCallback fetch_secret_callback = |
| 76 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, | 76 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, |
| 77 client_interactive_pin, | 77 client_interactive_pin, |
| 78 pairing_expected); | 78 pairing_expected); |
| 79 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( | 79 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( |
| 80 client_id, client_paired_secret, | 80 client_id, client_paired_secret, |
| 81 kTestHostId, fetch_secret_callback, | 81 kTestHostId, fetch_secret_callback, |
| 82 nullptr, methods); | 82 nullptr, methods); |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 139 | 139 |
| 140 // Use a bare pointer because the storage is managed by the base class. | 140 // Use a bare pointer because the storage is managed by the base class. |
| 141 NegotiatingClientAuthenticator* client_as_negotiating_authenticator_; | 141 NegotiatingClientAuthenticator* client_as_negotiating_authenticator_; |
| 142 | 142 |
| 143 private: | 143 private: |
| 144 scoped_refptr<PairingRegistry> pairing_registry_; | 144 scoped_refptr<PairingRegistry> pairing_registry_; |
| 145 | 145 |
| 146 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); | 146 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); |
| 147 }; | 147 }; |
| 148 | 148 |
| 149 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthHmac) { | 149 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { |
| 150 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 150 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 151 kNoClientId, kNoPairedSecret, kTestPin, kTestPin, | 151 kTestPin, kTestPin, false, false)); |
| 152 AuthenticationMethod::HMAC_SHA256, false)); | 152 VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC); |
| 153 VerifyAccepted( | |
| 154 AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256)); | |
| 155 } | 153 } |
| 156 | 154 |
| 157 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthPlain) { | 155 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { |
| 158 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 156 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 159 kNoClientId, kNoPairedSecret, kTestPin, kTestPin, | 157 kTestPin, kTestPin, true, false)); |
| 160 AuthenticationMethod::NONE, false)); | 158 VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN); |
| 161 VerifyAccepted(AuthenticationMethod::Spake2(AuthenticationMethod::NONE)); | |
| 162 } | 159 } |
| 163 | 160 |
| 164 TEST_F(NegotiatingAuthenticatorTest, InvalidSecretHmac) { | 161 TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { |
| 165 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 162 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 166 kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin, | 163 kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin, false, false)); |
| 167 AuthenticationMethod::HMAC_SHA256, false)); | |
| 168 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 164 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 169 | 165 |
| 170 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 166 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 171 } | 167 } |
| 172 | 168 |
| 173 TEST_F(NegotiatingAuthenticatorTest, InvalidSecretPlain) { | 169 TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) { |
| 174 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 170 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 175 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, | 171 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, false)); |
| 176 AuthenticationMethod::NONE, false)); | |
| 177 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 172 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 178 | 173 |
| 179 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 174 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 180 } | 175 } |
| 181 | 176 |
| 182 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { | 177 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { |
| 183 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 178 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 184 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, | 179 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, true)); |
| 185 AuthenticationMethod::NONE, true)); | |
| 186 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 180 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 187 | 181 |
| 188 VerifyRejected(Authenticator::PROTOCOL_ERROR); | 182 VerifyRejected(Authenticator::PROTOCOL_ERROR); |
| 189 } | 183 } |
| 190 | 184 |
| 191 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { | 185 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { |
| 192 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 186 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
| 193 kTestClientId, kTestPairedSecret, kTestPin, kTestPin, | 187 kTestPin, kTestPin, false, false)); |
| 194 AuthenticationMethod::HMAC_SHA256, false)); | |
| 195 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 188 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 196 VerifyAccepted( | 189 VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC); |
| 197 AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256)); | |
| 198 } | 190 } |
| 199 | 191 |
| 200 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { | 192 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { |
| 201 CreatePairingRegistry(false); | 193 CreatePairingRegistry(false); |
| 202 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 194 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 203 kNoClientId, kNoPairedSecret, kTestPin, kTestPin, | 195 kTestPin, kTestPin, false, false)); |
| 204 AuthenticationMethod::HMAC_SHA256, false)); | |
| 205 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 196 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 206 VerifyAccepted(AuthenticationMethod::Spake2Pair()); | 197 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); |
| 207 } | 198 } |
| 208 | 199 |
| 209 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { | 200 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { |
| 210 CreatePairingRegistry(false); | 201 CreatePairingRegistry(false); |
| 211 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 202 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
| 212 kTestClientId, kTestPairedSecret, kTestPin, kTestPin, | 203 kTestPin, kTestPin, false, false)); |
| 213 AuthenticationMethod::HMAC_SHA256, false)); | |
| 214 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 204 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 215 VerifyAccepted(AuthenticationMethod::Spake2Pair()); | 205 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); |
| 216 } | 206 } |
| 217 | 207 |
| 218 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { | 208 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { |
| 219 CreatePairingRegistry(false); | 209 CreatePairingRegistry(false); |
| 220 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 210 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 221 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, | 211 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false)); |
| 222 AuthenticationMethod::HMAC_SHA256, false)); | |
| 223 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 212 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 224 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 213 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 225 } | 214 } |
| 226 | 215 |
| 227 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { | 216 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { |
| 228 CreatePairingRegistry(true); | 217 CreatePairingRegistry(true); |
| 229 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 218 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 230 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, | 219 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false)); |
| 231 AuthenticationMethod::HMAC_SHA256, false)); | |
| 232 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 220 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 233 VerifyAccepted(AuthenticationMethod::Spake2Pair()); | 221 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); |
| 234 } | 222 } |
| 235 | 223 |
| 236 TEST_F(NegotiatingAuthenticatorTest, | 224 TEST_F(NegotiatingAuthenticatorTest, |
| 237 PairingSucceededInvalidSecretButPinOkay) { | 225 PairingSucceededInvalidSecretButPinOkay) { |
| 238 CreatePairingRegistry(true); | 226 CreatePairingRegistry(true); |
| 239 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 227 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 240 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, | 228 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false, false)); |
| 241 AuthenticationMethod::HMAC_SHA256, false)); | |
| 242 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 229 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 243 VerifyAccepted(AuthenticationMethod::Spake2Pair()); | 230 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); |
| 244 } | 231 } |
| 245 | 232 |
| 246 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { | 233 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { |
| 247 CreatePairingRegistry(true); | 234 CreatePairingRegistry(true); |
| 248 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 235 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, |
| 249 kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, | 236 kTestPairedSecretBad, kTestPinBad, |
| 250 AuthenticationMethod::HMAC_SHA256, false)); | 237 kTestPin, false, false)); |
| 251 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 238 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 252 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 239 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 253 } | 240 } |
| 254 | 241 |
| 255 } // namespace protocol | 242 } // namespace protocol |
| 256 } // namespace remoting | 243 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1755273003:
Simplify AuthenticationMethod type and PIN hash handling. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master