| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/macros.h" | 6 #include "base/macros.h" |
| 7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
| 8 #include "remoting/base/rsa_key_pair.h" | 8 #include "remoting/base/rsa_key_pair.h" |
| 9 #include "remoting/protocol/auth_util.h" | 9 #include "remoting/protocol/auth_util.h" |
| 10 #include "remoting/protocol/authenticator_test_base.h" | 10 #include "remoting/protocol/authenticator_test_base.h" |
| (...skipping 19 matching lines...) Expand all Loading... |
| 30 | 30 |
| 31 const int kMessageSize = 100; | 31 const int kMessageSize = 100; |
| 32 const int kMessages = 1; | 32 const int kMessages = 1; |
| 33 | 33 |
| 34 const char kNoClientId[] = ""; | 34 const char kNoClientId[] = ""; |
| 35 const char kNoPairedSecret[] = ""; | 35 const char kNoPairedSecret[] = ""; |
| 36 const char kTestClientName[] = "client-name"; | 36 const char kTestClientName[] = "client-name"; |
| 37 const char kTestClientId[] = "client-id"; | 37 const char kTestClientId[] = "client-id"; |
| 38 const char kTestHostId[] = "12345678910123456"; | 38 const char kTestHostId[] = "12345678910123456"; |
| 39 | 39 |
| 40 const char kClientJid[] = "alice@gmail.com/abc"; |
| 41 const char kHostJid[] = "alice@gmail.com/123"; |
| 42 |
| 40 const char kTestPairedSecret[] = "1111-2222-3333"; | 43 const char kTestPairedSecret[] = "1111-2222-3333"; |
| 41 const char kTestPairedSecretBad[] = "4444-5555-6666"; | 44 const char kTestPairedSecretBad[] = "4444-5555-6666"; |
| 42 const char kTestPin[] = "123456"; | 45 const char kTestPin[] = "123456"; |
| 43 const char kTestPinBad[] = "654321"; | 46 const char kTestPinBad[] = "654321"; |
| 44 | 47 |
| 45 } // namespace | 48 } // namespace |
| 46 | 49 |
| 47 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { | 50 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { |
| 48 public: | 51 public: |
| 49 NegotiatingAuthenticatorTest() {} | 52 NegotiatingAuthenticatorTest() {} |
| 50 ~NegotiatingAuthenticatorTest() override {} | 53 ~NegotiatingAuthenticatorTest() override {} |
| 51 | 54 |
| 52 protected: | 55 protected: |
| 53 void InitAuthenticators(const std::string& client_id, | 56 void InitAuthenticators(const std::string& client_id, |
| 54 const std::string& client_paired_secret, | 57 const std::string& client_paired_secret, |
| 55 const std::string& client_interactive_pin, | 58 const std::string& client_interactive_pin, |
| 56 const std::string& host_secret, | 59 const std::string& host_secret, |
| 57 bool it2me) { | 60 bool it2me) { |
| 58 if (it2me) { | 61 if (it2me) { |
| 59 host_ = NegotiatingHostAuthenticator::CreateForIt2Me( | 62 host_ = NegotiatingHostAuthenticator::CreateForIt2Me( |
| 60 host_cert_, key_pair_, host_secret); | 63 kHostJid, kClientJid, host_cert_, key_pair_, host_secret); |
| 61 } else { | 64 } else { |
| 62 std::string host_secret_hash = | 65 std::string host_secret_hash = |
| 63 GetSharedSecretHash(kTestHostId, host_secret); | 66 GetSharedSecretHash(kTestHostId, host_secret); |
| 64 host_ = NegotiatingHostAuthenticator::CreateWithPin( | 67 host_ = NegotiatingHostAuthenticator::CreateWithPin( |
| 65 host_cert_, key_pair_, host_secret_hash, pairing_registry_); | 68 kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash, |
| 69 pairing_registry_); |
| 66 } | 70 } |
| 67 | 71 |
| 68 | |
| 69 protocol::ClientAuthenticationConfig client_auth_config; | 72 protocol::ClientAuthenticationConfig client_auth_config; |
| 70 client_auth_config.host_id = kTestHostId; | 73 client_auth_config.host_id = kTestHostId; |
| 71 client_auth_config.pairing_client_id = client_id; | 74 client_auth_config.pairing_client_id = client_id; |
| 72 client_auth_config.pairing_secret= client_paired_secret; | 75 client_auth_config.pairing_secret= client_paired_secret; |
| 73 bool pairing_expected = pairing_registry_.get() != nullptr; | 76 bool pairing_expected = pairing_registry_.get() != nullptr; |
| 74 client_auth_config.fetch_secret_callback = | 77 client_auth_config.fetch_secret_callback = |
| 75 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, | 78 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, |
| 76 client_interactive_pin, pairing_expected); | 79 client_interactive_pin, pairing_expected); |
| 77 client_as_negotiating_authenticator_ = | 80 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( |
| 78 new NegotiatingClientAuthenticator(client_auth_config); | 81 kClientJid, kHostJid, client_auth_config); |
| 79 client_.reset(client_as_negotiating_authenticator_); | 82 client_.reset(client_as_negotiating_authenticator_); |
| 80 } | 83 } |
| 81 | 84 |
| 82 void CreatePairingRegistry(bool with_paired_client) { | 85 void CreatePairingRegistry(bool with_paired_client) { |
| 83 pairing_registry_ = new SynchronousPairingRegistry( | 86 pairing_registry_ = new SynchronousPairingRegistry( |
| 84 make_scoped_ptr(new MockPairingRegistryDelegate())); | 87 make_scoped_ptr(new MockPairingRegistryDelegate())); |
| 85 if (with_paired_client) { | 88 if (with_paired_client) { |
| 86 PairingRegistry::Pairing pairing( | 89 PairingRegistry::Pairing pairing( |
| 87 base::Time(), kTestClientName, kTestClientId, kTestPairedSecret); | 90 base::Time(), kTestClientName, kTestClientId, kTestPairedSecret); |
| 88 pairing_registry_->AddPairing(pairing); | 91 pairing_registry_->AddPairing(pairing); |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 138 private: | 141 private: |
| 139 scoped_refptr<PairingRegistry> pairing_registry_; | 142 scoped_refptr<PairingRegistry> pairing_registry_; |
| 140 | 143 |
| 141 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); | 144 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); |
| 142 }; | 145 }; |
| 143 | 146 |
| 144 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { | 147 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { |
| 145 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 148 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 146 kTestPin, kTestPin, false)); | 149 kTestPin, kTestPin, false)); |
| 147 VerifyAccepted( | 150 VerifyAccepted( |
| 148 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC); | 151 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519); |
| 149 } | 152 } |
| 150 | 153 |
| 151 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { | 154 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { |
| 152 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 155 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 153 kTestPin, kTestPin, true)); | 156 kTestPin, kTestPin, true)); |
| 154 VerifyAccepted( | 157 VerifyAccepted( |
| 155 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_PLAIN); | 158 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224); |
| 156 } | 159 } |
| 157 | 160 |
| 158 TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { | 161 TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { |
| 159 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 162 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 160 kTestPinBad, kTestPin, false)); | 163 kTestPinBad, kTestPin, false)); |
| 161 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 164 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 162 | 165 |
| 163 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 166 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 164 } | 167 } |
| 165 | 168 |
| 166 TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) { | 169 TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) { |
| 167 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 170 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 168 kTestPin, kTestPinBad, true)); | 171 kTestPin, kTestPinBad, true)); |
| 169 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 172 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 170 | 173 |
| 171 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 174 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 172 } | 175 } |
| 173 | 176 |
| 174 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { | 177 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { |
| 175 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 178 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 176 kTestPin, kTestPinBad, true)); | 179 kTestPin, kTestPinBad, true)); |
| 177 std::vector<NegotiatingAuthenticatorBase::Method>* methods = | 180 std::vector<NegotiatingAuthenticatorBase::Method>* methods = |
| 178 &(client_as_negotiating_authenticator_->methods_); | 181 &(client_as_negotiating_authenticator_->methods_); |
| 179 methods->erase(std::find( | 182 methods->erase(std::find( |
| 180 methods->begin(), methods->end(), | 183 methods->begin(), methods->end(), |
| 181 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_PLAIN)); | 184 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224)); |
| 182 | 185 |
| 183 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 186 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 184 | 187 |
| 185 VerifyRejected(Authenticator::PROTOCOL_ERROR); | 188 VerifyRejected(Authenticator::PROTOCOL_ERROR); |
| 186 } | 189 } |
| 187 | 190 |
| 188 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { | 191 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { |
| 189 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 192 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
| 190 kTestPin, kTestPin, false)); | 193 kTestPin, kTestPin, false)); |
| 191 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 194 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 192 VerifyAccepted( | 195 VerifyAccepted( |
| 193 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC); | 196 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519); |
| 194 } | 197 } |
| 195 | 198 |
| 196 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { | 199 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { |
| 197 CreatePairingRegistry(false); | 200 CreatePairingRegistry(false); |
| 198 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 201 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 199 kTestPin, kTestPin, false)); | 202 kTestPin, kTestPin, false)); |
| 200 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 203 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 201 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); | 204 VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); |
| 202 } | 205 } |
| 203 | 206 |
| 204 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { | 207 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { |
| 205 CreatePairingRegistry(false); | 208 CreatePairingRegistry(false); |
| 206 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 209 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
| 207 kTestPin, kTestPin, false)); | 210 kTestPin, kTestPin, false)); |
| 208 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 211 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 209 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); | 212 VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); |
| 210 } | 213 } |
| 211 | 214 |
| 212 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { | 215 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { |
| 213 CreatePairingRegistry(false); | 216 CreatePairingRegistry(false); |
| 214 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 217 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
| 215 kTestPinBad, kTestPin, false)); | 218 kTestPinBad, kTestPin, false)); |
| 216 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 219 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 217 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 220 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 218 } | 221 } |
| 219 | 222 |
| 220 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { | 223 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { |
| 221 CreatePairingRegistry(true); | 224 CreatePairingRegistry(true); |
| 222 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 225 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
| 223 kTestPinBad, kTestPin, false)); | 226 kTestPinBad, kTestPin, false)); |
| 224 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 227 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 225 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); | 228 VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); |
| 226 } | 229 } |
| 227 | 230 |
| 228 TEST_F(NegotiatingAuthenticatorTest, | 231 TEST_F(NegotiatingAuthenticatorTest, |
| 229 PairingSucceededInvalidSecretButPinOkay) { | 232 PairingSucceededInvalidSecretButPinOkay) { |
| 230 CreatePairingRegistry(true); | 233 CreatePairingRegistry(true); |
| 231 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 234 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 232 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false)); | 235 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false)); |
| 233 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 236 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 234 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); | 237 VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); |
| 235 } | 238 } |
| 236 | 239 |
| 237 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { | 240 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { |
| 238 CreatePairingRegistry(true); | 241 CreatePairingRegistry(true); |
| 239 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 242 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 240 kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, false)); | 243 kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, false)); |
| 241 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 244 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 242 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 245 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 243 } | 246 } |
| 244 | 247 |
| 245 } // namespace protocol | 248 } // namespace protocol |
| 246 } // namespace remoting | 249 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1780403002:
Enable Curve25519 in host and client for PIN-based and third-party auth. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master