OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/macros.h" | 6 #include "base/macros.h" |
7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
8 #include "remoting/base/rsa_key_pair.h" | 8 #include "remoting/base/rsa_key_pair.h" |
9 #include "remoting/protocol/auth_util.h" | |
9 #include "remoting/protocol/authenticator_test_base.h" | 10 #include "remoting/protocol/authenticator_test_base.h" |
10 #include "remoting/protocol/channel_authenticator.h" | 11 #include "remoting/protocol/channel_authenticator.h" |
11 #include "remoting/protocol/connection_tester.h" | 12 #include "remoting/protocol/connection_tester.h" |
12 #include "remoting/protocol/negotiating_authenticator_base.h" | 13 #include "remoting/protocol/negotiating_authenticator_base.h" |
13 #include "remoting/protocol/negotiating_client_authenticator.h" | 14 #include "remoting/protocol/negotiating_client_authenticator.h" |
14 #include "remoting/protocol/negotiating_host_authenticator.h" | 15 #include "remoting/protocol/negotiating_host_authenticator.h" |
15 #include "remoting/protocol/pairing_registry.h" | 16 #include "remoting/protocol/pairing_registry.h" |
16 #include "remoting/protocol/protocol_mock_objects.h" | 17 #include "remoting/protocol/protocol_mock_objects.h" |
17 #include "testing/gmock/include/gmock/gmock.h" | 18 #include "testing/gmock/include/gmock/gmock.h" |
18 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
(...skipping 28 matching lines...) Expand all Loading... | |
47 public: | 48 public: |
48 NegotiatingAuthenticatorTest() {} | 49 NegotiatingAuthenticatorTest() {} |
49 ~NegotiatingAuthenticatorTest() override {} | 50 ~NegotiatingAuthenticatorTest() override {} |
50 | 51 |
51 protected: | 52 protected: |
52 void InitAuthenticators(const std::string& client_id, | 53 void InitAuthenticators(const std::string& client_id, |
53 const std::string& client_paired_secret, | 54 const std::string& client_paired_secret, |
54 const std::string& client_interactive_pin, | 55 const std::string& client_interactive_pin, |
55 const std::string& host_secret, | 56 const std::string& host_secret, |
56 bool it2me, | 57 bool it2me, |
57 bool client_hmac_only) { | 58 bool client_no_it2me) { |
58 if (it2me) { | 59 if (it2me) { |
59 host_ = NegotiatingHostAuthenticator::CreateForIt2Me( | 60 host_ = NegotiatingHostAuthenticator::CreateForIt2Me( |
60 host_cert_, key_pair_, host_secret); | 61 host_cert_, key_pair_, host_secret); |
61 } else { | 62 } else { |
62 std::string host_secret_hash = ApplySharedSecretHashFunction( | 63 std::string host_secret_hash = |
63 HashFunction::HMAC_SHA256, kTestHostId, host_secret); | 64 GetSharedSecretHash(kTestHostId, host_secret); |
64 host_ = NegotiatingHostAuthenticator::CreateWithPin( | 65 host_ = NegotiatingHostAuthenticator::CreateWithPin( |
65 host_cert_, key_pair_, host_secret_hash, pairing_registry_); | 66 host_cert_, key_pair_, host_secret_hash, pairing_registry_); |
66 } | 67 } |
67 | 68 |
68 std::vector<AuthenticationMethod> methods; | |
69 methods.push_back(AuthenticationMethod::SPAKE2_PAIR); | |
70 methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC); | |
71 if (!client_hmac_only) { | |
72 methods.push_back(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN); | |
73 } | |
74 bool pairing_expected = pairing_registry_.get() != nullptr; | 69 bool pairing_expected = pairing_registry_.get() != nullptr; |
75 FetchSecretCallback fetch_secret_callback = | 70 FetchSecretCallback fetch_secret_callback = |
76 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, | 71 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, |
77 client_interactive_pin, | 72 client_interactive_pin, |
78 pairing_expected); | 73 pairing_expected); |
79 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( | 74 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( |
80 client_id, client_paired_secret, | 75 client_id, client_paired_secret, kTestHostId, fetch_secret_callback, |
81 kTestHostId, fetch_secret_callback, | 76 nullptr); |
82 nullptr, methods); | 77 client_as_negotiating_authenticator_->methods_.clear(); |
78 client_as_negotiating_authenticator_->methods_.push_back( | |
79 NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); | |
80 client_as_negotiating_authenticator_->methods_.push_back( | |
81 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC); | |
82 if (!client_no_it2me) { | |
83 client_as_negotiating_authenticator_->methods_.push_back( | |
84 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_PLAIN); | |
85 } | |
Jamie
2016/03/08 02:17:38
What's the purpose of this test? It seems like you
Sergey Ulanov
2016/03/08 18:32:40
Yes. We need to test the authenticator in the case
Jamie
2016/03/08 22:42:50
Would it make more sense to override them only for
Sergey Ulanov
2016/03/09 03:45:00
Done.
| |
83 client_.reset(client_as_negotiating_authenticator_); | 86 client_.reset(client_as_negotiating_authenticator_); |
84 } | 87 } |
85 | 88 |
86 void CreatePairingRegistry(bool with_paired_client) { | 89 void CreatePairingRegistry(bool with_paired_client) { |
87 pairing_registry_ = new SynchronousPairingRegistry( | 90 pairing_registry_ = new SynchronousPairingRegistry( |
88 make_scoped_ptr(new MockPairingRegistryDelegate())); | 91 make_scoped_ptr(new MockPairingRegistryDelegate())); |
89 if (with_paired_client) { | 92 if (with_paired_client) { |
90 PairingRegistry::Pairing pairing( | 93 PairingRegistry::Pairing pairing( |
91 base::Time(), kTestClientName, kTestClientId, kTestPairedSecret); | 94 base::Time(), kTestClientName, kTestClientId, kTestPairedSecret); |
92 pairing_registry_->AddPairing(pairing); | 95 pairing_registry_->AddPairing(pairing); |
(...skipping 13 matching lines...) Expand all Loading... | |
106 ASSERT_TRUE(client_->state() == Authenticator::REJECTED || | 109 ASSERT_TRUE(client_->state() == Authenticator::REJECTED || |
107 host_->state() == Authenticator::REJECTED); | 110 host_->state() == Authenticator::REJECTED); |
108 if (client_->state() == Authenticator::REJECTED) { | 111 if (client_->state() == Authenticator::REJECTED) { |
109 ASSERT_EQ(client_->rejection_reason(), reason); | 112 ASSERT_EQ(client_->rejection_reason(), reason); |
110 } | 113 } |
111 if (host_->state() == Authenticator::REJECTED) { | 114 if (host_->state() == Authenticator::REJECTED) { |
112 ASSERT_EQ(host_->rejection_reason(), reason); | 115 ASSERT_EQ(host_->rejection_reason(), reason); |
113 } | 116 } |
114 } | 117 } |
115 | 118 |
116 void VerifyAccepted(const AuthenticationMethod& expected_method) { | 119 void VerifyAccepted(NegotiatingAuthenticatorBase::Method expected_method) { |
117 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 120 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
118 | 121 |
119 ASSERT_EQ(Authenticator::ACCEPTED, host_->state()); | 122 ASSERT_EQ(Authenticator::ACCEPTED, host_->state()); |
120 ASSERT_EQ(Authenticator::ACCEPTED, client_->state()); | 123 ASSERT_EQ(Authenticator::ACCEPTED, client_->state()); |
121 | 124 |
122 client_auth_ = client_->CreateChannelAuthenticator(); | 125 client_auth_ = client_->CreateChannelAuthenticator(); |
123 host_auth_ = host_->CreateChannelAuthenticator(); | 126 host_auth_ = host_->CreateChannelAuthenticator(); |
124 RunChannelAuth(false); | 127 RunChannelAuth(false); |
125 | 128 |
126 EXPECT_TRUE(client_socket_.get() != nullptr); | 129 EXPECT_TRUE(client_socket_.get() != nullptr); |
127 EXPECT_TRUE(host_socket_.get() != nullptr); | 130 EXPECT_TRUE(host_socket_.get() != nullptr); |
128 | 131 |
129 StreamConnectionTester tester(host_socket_.get(), client_socket_.get(), | 132 StreamConnectionTester tester(host_socket_.get(), client_socket_.get(), |
130 kMessageSize, kMessages); | 133 kMessageSize, kMessages); |
131 | 134 |
132 tester.Start(); | 135 tester.Start(); |
133 message_loop_.Run(); | 136 message_loop_.Run(); |
134 tester.CheckResults(); | 137 tester.CheckResults(); |
135 EXPECT_EQ( | 138 EXPECT_EQ(expected_method, |
136 expected_method, | 139 client_as_negotiating_authenticator_->current_method_); |
137 client_as_negotiating_authenticator_->current_method_for_testing()); | |
138 } | 140 } |
139 | 141 |
140 // Use a bare pointer because the storage is managed by the base class. | 142 // Use a bare pointer because the storage is managed by the base class. |
141 NegotiatingClientAuthenticator* client_as_negotiating_authenticator_; | 143 NegotiatingClientAuthenticator* client_as_negotiating_authenticator_; |
142 | 144 |
143 private: | 145 private: |
144 scoped_refptr<PairingRegistry> pairing_registry_; | 146 scoped_refptr<PairingRegistry> pairing_registry_; |
145 | 147 |
146 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); | 148 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); |
147 }; | 149 }; |
148 | 150 |
149 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { | 151 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { |
150 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 152 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
151 kTestPin, kTestPin, false, false)); | 153 kTestPin, kTestPin, false, false)); |
152 VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC); | 154 VerifyAccepted( |
155 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC); | |
153 } | 156 } |
154 | 157 |
155 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { | 158 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { |
156 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 159 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
157 kTestPin, kTestPin, true, false)); | 160 kTestPin, kTestPin, true, false)); |
158 VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_PLAIN); | 161 VerifyAccepted( |
162 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_PLAIN); | |
159 } | 163 } |
160 | 164 |
161 TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { | 165 TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { |
162 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 166 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
163 kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin, false, false)); | 167 kNoClientId, kNoPairedSecret, kTestPinBad, kTestPin, false, false)); |
164 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 168 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
165 | 169 |
166 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 170 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
167 } | 171 } |
168 | 172 |
(...skipping 10 matching lines...) Expand all Loading... | |
179 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, true)); | 183 kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true, true)); |
180 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 184 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
181 | 185 |
182 VerifyRejected(Authenticator::PROTOCOL_ERROR); | 186 VerifyRejected(Authenticator::PROTOCOL_ERROR); |
183 } | 187 } |
184 | 188 |
185 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { | 189 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { |
186 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 190 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
187 kTestPin, kTestPin, false, false)); | 191 kTestPin, kTestPin, false, false)); |
188 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 192 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
189 VerifyAccepted(AuthenticationMethod::SPAKE2_SHARED_SECRET_HMAC); | 193 VerifyAccepted( |
194 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC); | |
190 } | 195 } |
191 | 196 |
192 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { | 197 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { |
193 CreatePairingRegistry(false); | 198 CreatePairingRegistry(false); |
194 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 199 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
195 kTestPin, kTestPin, false, false)); | 200 kTestPin, kTestPin, false, false)); |
196 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 201 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
197 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); | 202 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); |
198 } | 203 } |
199 | 204 |
200 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { | 205 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { |
201 CreatePairingRegistry(false); | 206 CreatePairingRegistry(false); |
202 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 207 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
203 kTestPin, kTestPin, false, false)); | 208 kTestPin, kTestPin, false, false)); |
204 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 209 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
205 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); | 210 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); |
206 } | 211 } |
207 | 212 |
208 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { | 213 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { |
209 CreatePairingRegistry(false); | 214 CreatePairingRegistry(false); |
210 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 215 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
211 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false)); | 216 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false)); |
212 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 217 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
213 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 218 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
214 } | 219 } |
215 | 220 |
216 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { | 221 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { |
217 CreatePairingRegistry(true); | 222 CreatePairingRegistry(true); |
218 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 223 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
219 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false)); | 224 kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false, false)); |
220 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 225 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
221 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); | 226 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); |
222 } | 227 } |
223 | 228 |
224 TEST_F(NegotiatingAuthenticatorTest, | 229 TEST_F(NegotiatingAuthenticatorTest, |
225 PairingSucceededInvalidSecretButPinOkay) { | 230 PairingSucceededInvalidSecretButPinOkay) { |
226 CreatePairingRegistry(true); | 231 CreatePairingRegistry(true); |
227 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 232 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
228 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false, false)); | 233 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false, false)); |
229 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 234 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
230 VerifyAccepted(AuthenticationMethod::SPAKE2_PAIR); | 235 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); |
231 } | 236 } |
232 | 237 |
233 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { | 238 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { |
234 CreatePairingRegistry(true); | 239 CreatePairingRegistry(true); |
235 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, | 240 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, |
236 kTestPairedSecretBad, kTestPinBad, | 241 kTestPairedSecretBad, kTestPinBad, |
237 kTestPin, false, false)); | 242 kTestPin, false, false)); |
238 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 243 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
239 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 244 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
240 } | 245 } |
241 | 246 |
242 } // namespace protocol | 247 } // namespace protocol |
243 } // namespace remoting | 248 } // namespace remoting |
OLD | NEW |