| Index: remoting/protocol/negotiating_authenticator_unittest.cc
|
| diff --git a/remoting/protocol/negotiating_authenticator_unittest.cc b/remoting/protocol/negotiating_authenticator_unittest.cc
|
| index 8c570ca190d9e47954e544ddb18e0a8c76155f98..4461d1dae5aeb28d1b0b0b9637c0a71164df6eab 100644
|
| --- a/remoting/protocol/negotiating_authenticator_unittest.cc
|
| +++ b/remoting/protocol/negotiating_authenticator_unittest.cc
|
| @@ -45,31 +45,31 @@ const char kTestPinBad[] = "654321";
|
|
|
| class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
|
| public:
|
| - NegotiatingAuthenticatorTest() {
|
| - }
|
| + NegotiatingAuthenticatorTest() {}
|
| ~NegotiatingAuthenticatorTest() override {}
|
|
|
| protected:
|
| - void InitAuthenticators(
|
| - const std::string& client_id,
|
| - const std::string& client_paired_secret,
|
| - const std::string& client_interactive_pin,
|
| - const std::string& host_secret,
|
| - AuthenticationMethod::HashFunction hash_function,
|
| - bool client_hmac_only) {
|
| - std::string host_secret_hash = AuthenticationMethod::ApplyHashFunction(
|
| - hash_function, kTestHostId, host_secret);
|
| - host_ = NegotiatingHostAuthenticator::CreateWithSharedSecret(
|
| - host_cert_, key_pair_, host_secret_hash, hash_function,
|
| - pairing_registry_);
|
| + void InitAuthenticators(const std::string& client_id,
|
| + const std::string& client_paired_secret,
|
| + const std::string& client_interactive_pin,
|
| + const std::string& host_secret,
|
| + bool it2me,
|
| + bool client_hmac_only) {
|
| + if (it2me) {
|
| + host_ = NegotiatingHostAuthenticator::CreateForIt2Me(
|
| + host_cert_, key_pair_, host_secret);
|
| + } else {
|
| + std::string host_secret_hash = ApplySharedSecretHashFunction(
|
| + HashFunction::HMAC_SHA256, kTestHostId, host_secret);
|
| + host_ = NegotiatingHostAuthenticator::CreateWithPin(
|
| + host_cert_, key_pair_, host_secret_hash, pairing_registry_);
|
| + }
|
|
|
| std::vector<AuthenticationMethod> methods;
|
| - methods.push_back(AuthenticationMethod::Spake2Pair());
|
| - methods.push_back(AuthenticationMethod::Spake2(
|
| - AuthenticationMethod::HMAC_SHA256));
|
| + methods.push_back(AuthenticationMethod::SPAKE2_PAIR);
|
| + methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC);
|
| if (!client_hmac_only) {
|
| - methods.push_back(AuthenticationMethod::Spake2(
|
| - AuthenticationMethod::NONE));
|
| + methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN);
|
| }
|
| bool pairing_expected = pairing_registry_.get() != nullptr;
|
| FetchSecretCallback fetch_secret_callback =
|
| @@ -146,34 +146,29 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
|
| DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest);
|
| };
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthHmac) {
|
| - ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kNoClientId, kNoPairedSecret, kTestPin, kTestPin,
|
| - AuthenticationMethod::HMAC_SHA256, false));
|
| - VerifyAccepted(
|
| - AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256));
|
| +TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) {
|
| + ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
|
| + kTestPin, kTestPin, false, false));
|
| + VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC);
|
| }
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthPlain) {
|
| - ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kNoClientId, kNoPairedSecret, kTestPin, kTestPin,
|
| - AuthenticationMethod::NONE, false));
|
| - VerifyAccepted(AuthenticationMethod::Spake2(AuthenticationMethod::NONE));
|
| +TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) {
|
| + ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
|
| + kTestPin, kTestPin, true, false));
|
| + VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN);
|
| }
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest, InvalidSecretHmac) {
|
| +TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) {
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin,
|
| - AuthenticationMethod::HMAC_SHA256, false));
|
| + kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin, false, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
|
|
| VerifyRejected(Authenticator::INVALID_CREDENTIALS);
|
| }
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest, InvalidSecretPlain) {
|
| +TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) {
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad,
|
| - AuthenticationMethod::NONE, false));
|
| + kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
|
|
| VerifyRejected(Authenticator::INVALID_CREDENTIALS);
|
| @@ -181,45 +176,39 @@ TEST_F(NegotiatingAuthenticatorTest, InvalidSecretPlain) {
|
|
|
| TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) {
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad,
|
| - AuthenticationMethod::NONE, true));
|
| + kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, true));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
|
|
| VerifyRejected(Authenticator::PROTOCOL_ERROR);
|
| }
|
|
|
| TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) {
|
| - ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kTestClientId, kTestPairedSecret, kTestPin, kTestPin,
|
| - AuthenticationMethod::HMAC_SHA256, false));
|
| + ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
|
| + kTestPin, kTestPin, false, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(
|
| - AuthenticationMethod::Spake2(AuthenticationMethod::HMAC_SHA256));
|
| + VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC);
|
| }
|
|
|
| TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) {
|
| CreatePairingRegistry(false);
|
| - ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kNoClientId, kNoPairedSecret, kTestPin, kTestPin,
|
| - AuthenticationMethod::HMAC_SHA256, false));
|
| + ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
|
| + kTestPin, kTestPin, false, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(AuthenticationMethod::Spake2Pair());
|
| + VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR);
|
| }
|
|
|
| TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) {
|
| CreatePairingRegistry(false);
|
| - ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kTestClientId, kTestPairedSecret, kTestPin, kTestPin,
|
| - AuthenticationMethod::HMAC_SHA256, false));
|
| + ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
|
| + kTestPin, kTestPin, false, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(AuthenticationMethod::Spake2Pair());
|
| + VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR);
|
| }
|
|
|
| TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) {
|
| CreatePairingRegistry(false);
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin,
|
| - AuthenticationMethod::HMAC_SHA256, false));
|
| + kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| VerifyRejected(Authenticator::INVALID_CREDENTIALS);
|
| }
|
| @@ -227,27 +216,25 @@ TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) {
|
| TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) {
|
| CreatePairingRegistry(true);
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin,
|
| - AuthenticationMethod::HMAC_SHA256, false));
|
| + kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(AuthenticationMethod::Spake2Pair());
|
| + VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR);
|
| }
|
|
|
| TEST_F(NegotiatingAuthenticatorTest,
|
| PairingSucceededInvalidSecretButPinOkay) {
|
| CreatePairingRegistry(true);
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin,
|
| - AuthenticationMethod::HMAC_SHA256, false));
|
| + kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(AuthenticationMethod::Spake2Pair());
|
| + VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR);
|
| }
|
|
|
| TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) {
|
| CreatePairingRegistry(true);
|
| - ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| - kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin,
|
| - AuthenticationMethod::HMAC_SHA256, false));
|
| + ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId,
|
| + kTestPairedSecretBad, kTestPinBad,
|
| + kTestPin, false, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| VerifyRejected(Authenticator::INVALID_CREDENTIALS);
|
| }
|
|
|
Chromium Code Reviews
Issue 1755273003:
Simplify AuthenticationMethod type and PIN hash handling. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master