OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/macros.h" | 6 #include "base/macros.h" |
7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
8 #include "remoting/base/rsa_key_pair.h" | 8 #include "remoting/base/rsa_key_pair.h" |
9 #include "remoting/protocol/auth_util.h" | 9 #include "remoting/protocol/auth_util.h" |
10 #include "remoting/protocol/authenticator_test_base.h" | 10 #include "remoting/protocol/authenticator_test_base.h" |
(...skipping 19 matching lines...) Expand all Loading... |
30 | 30 |
31 const int kMessageSize = 100; | 31 const int kMessageSize = 100; |
32 const int kMessages = 1; | 32 const int kMessages = 1; |
33 | 33 |
34 const char kNoClientId[] = ""; | 34 const char kNoClientId[] = ""; |
35 const char kNoPairedSecret[] = ""; | 35 const char kNoPairedSecret[] = ""; |
36 const char kTestClientName[] = "client-name"; | 36 const char kTestClientName[] = "client-name"; |
37 const char kTestClientId[] = "client-id"; | 37 const char kTestClientId[] = "client-id"; |
38 const char kTestHostId[] = "12345678910123456"; | 38 const char kTestHostId[] = "12345678910123456"; |
39 | 39 |
| 40 const char kClientJid[] = "alice@gmail.com/abc"; |
| 41 const char kHostJid[] = "alice@gmail.com/123"; |
| 42 |
40 const char kTestPairedSecret[] = "1111-2222-3333"; | 43 const char kTestPairedSecret[] = "1111-2222-3333"; |
41 const char kTestPairedSecretBad[] = "4444-5555-6666"; | 44 const char kTestPairedSecretBad[] = "4444-5555-6666"; |
42 const char kTestPin[] = "123456"; | 45 const char kTestPin[] = "123456"; |
43 const char kTestPinBad[] = "654321"; | 46 const char kTestPinBad[] = "654321"; |
44 | 47 |
45 } // namespace | 48 } // namespace |
46 | 49 |
47 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { | 50 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { |
48 public: | 51 public: |
49 NegotiatingAuthenticatorTest() {} | 52 NegotiatingAuthenticatorTest() {} |
50 ~NegotiatingAuthenticatorTest() override {} | 53 ~NegotiatingAuthenticatorTest() override {} |
51 | 54 |
52 protected: | 55 protected: |
53 void InitAuthenticators(const std::string& client_id, | 56 void InitAuthenticators(const std::string& client_id, |
54 const std::string& client_paired_secret, | 57 const std::string& client_paired_secret, |
55 const std::string& client_interactive_pin, | 58 const std::string& client_interactive_pin, |
56 const std::string& host_secret, | 59 const std::string& host_secret, |
57 bool it2me) { | 60 bool it2me) { |
58 if (it2me) { | 61 if (it2me) { |
59 host_ = NegotiatingHostAuthenticator::CreateForIt2Me( | 62 host_ = NegotiatingHostAuthenticator::CreateForIt2Me( |
60 host_cert_, key_pair_, host_secret); | 63 kHostJid, kClientJid, host_cert_, key_pair_, host_secret); |
61 } else { | 64 } else { |
62 std::string host_secret_hash = | 65 std::string host_secret_hash = |
63 GetSharedSecretHash(kTestHostId, host_secret); | 66 GetSharedSecretHash(kTestHostId, host_secret); |
64 host_ = NegotiatingHostAuthenticator::CreateWithPin( | 67 host_ = NegotiatingHostAuthenticator::CreateWithPin( |
65 host_cert_, key_pair_, host_secret_hash, pairing_registry_); | 68 kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash, |
| 69 pairing_registry_); |
66 } | 70 } |
67 | 71 |
68 | |
69 protocol::ClientAuthenticationConfig client_auth_config; | 72 protocol::ClientAuthenticationConfig client_auth_config; |
70 client_auth_config.host_id = kTestHostId; | 73 client_auth_config.host_id = kTestHostId; |
71 client_auth_config.pairing_client_id = client_id; | 74 client_auth_config.pairing_client_id = client_id; |
72 client_auth_config.pairing_secret= client_paired_secret; | 75 client_auth_config.pairing_secret= client_paired_secret; |
73 bool pairing_expected = pairing_registry_.get() != nullptr; | 76 bool pairing_expected = pairing_registry_.get() != nullptr; |
74 client_auth_config.fetch_secret_callback = | 77 client_auth_config.fetch_secret_callback = |
75 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, | 78 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, |
76 client_interactive_pin, pairing_expected); | 79 client_interactive_pin, pairing_expected); |
77 client_as_negotiating_authenticator_ = | 80 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( |
78 new NegotiatingClientAuthenticator(client_auth_config); | 81 kClientJid, kHostJid, client_auth_config); |
79 client_.reset(client_as_negotiating_authenticator_); | 82 client_.reset(client_as_negotiating_authenticator_); |
80 } | 83 } |
81 | 84 |
82 void CreatePairingRegistry(bool with_paired_client) { | 85 void CreatePairingRegistry(bool with_paired_client) { |
83 pairing_registry_ = new SynchronousPairingRegistry( | 86 pairing_registry_ = new SynchronousPairingRegistry( |
84 make_scoped_ptr(new MockPairingRegistryDelegate())); | 87 make_scoped_ptr(new MockPairingRegistryDelegate())); |
85 if (with_paired_client) { | 88 if (with_paired_client) { |
86 PairingRegistry::Pairing pairing( | 89 PairingRegistry::Pairing pairing( |
87 base::Time(), kTestClientName, kTestClientId, kTestPairedSecret); | 90 base::Time(), kTestClientName, kTestClientId, kTestPairedSecret); |
88 pairing_registry_->AddPairing(pairing); | 91 pairing_registry_->AddPairing(pairing); |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
138 private: | 141 private: |
139 scoped_refptr<PairingRegistry> pairing_registry_; | 142 scoped_refptr<PairingRegistry> pairing_registry_; |
140 | 143 |
141 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); | 144 DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); |
142 }; | 145 }; |
143 | 146 |
144 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { | 147 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { |
145 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 148 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
146 kTestPin, kTestPin, false)); | 149 kTestPin, kTestPin, false)); |
147 VerifyAccepted( | 150 VerifyAccepted( |
148 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC); | 151 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519); |
149 } | 152 } |
150 | 153 |
151 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { | 154 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { |
152 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 155 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
153 kTestPin, kTestPin, true)); | 156 kTestPin, kTestPin, true)); |
154 VerifyAccepted( | 157 VerifyAccepted( |
155 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_PLAIN); | 158 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224); |
156 } | 159 } |
157 | 160 |
158 TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { | 161 TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { |
159 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 162 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
160 kTestPinBad, kTestPin, false)); | 163 kTestPinBad, kTestPin, false)); |
161 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 164 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
162 | 165 |
163 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 166 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
164 } | 167 } |
165 | 168 |
166 TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) { | 169 TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) { |
167 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 170 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
168 kTestPin, kTestPinBad, true)); | 171 kTestPin, kTestPinBad, true)); |
169 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 172 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
170 | 173 |
171 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 174 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
172 } | 175 } |
173 | 176 |
174 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { | 177 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { |
175 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 178 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
176 kTestPin, kTestPinBad, true)); | 179 kTestPin, kTestPinBad, true)); |
177 std::vector<NegotiatingAuthenticatorBase::Method>* methods = | 180 std::vector<NegotiatingAuthenticatorBase::Method>* methods = |
178 &(client_as_negotiating_authenticator_->methods_); | 181 &(client_as_negotiating_authenticator_->methods_); |
179 methods->erase(std::find( | 182 methods->erase(std::find( |
180 methods->begin(), methods->end(), | 183 methods->begin(), methods->end(), |
181 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_PLAIN)); | 184 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224)); |
182 | 185 |
183 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 186 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
184 | 187 |
185 VerifyRejected(Authenticator::PROTOCOL_ERROR); | 188 VerifyRejected(Authenticator::PROTOCOL_ERROR); |
186 } | 189 } |
187 | 190 |
188 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { | 191 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { |
189 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 192 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
190 kTestPin, kTestPin, false)); | 193 kTestPin, kTestPin, false)); |
191 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 194 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
192 VerifyAccepted( | 195 VerifyAccepted( |
193 NegotiatingAuthenticatorBase::Method::SPAKE2_SHARED_SECRET_HMAC); | 196 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519); |
194 } | 197 } |
195 | 198 |
196 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { | 199 TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { |
197 CreatePairingRegistry(false); | 200 CreatePairingRegistry(false); |
198 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 201 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
199 kTestPin, kTestPin, false)); | 202 kTestPin, kTestPin, false)); |
200 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 203 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
201 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); | 204 VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); |
202 } | 205 } |
203 | 206 |
204 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { | 207 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { |
205 CreatePairingRegistry(false); | 208 CreatePairingRegistry(false); |
206 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 209 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
207 kTestPin, kTestPin, false)); | 210 kTestPin, kTestPin, false)); |
208 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 211 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
209 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); | 212 VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); |
210 } | 213 } |
211 | 214 |
212 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { | 215 TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { |
213 CreatePairingRegistry(false); | 216 CreatePairingRegistry(false); |
214 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 217 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
215 kTestPinBad, kTestPin, false)); | 218 kTestPinBad, kTestPin, false)); |
216 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 219 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
217 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 220 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
218 } | 221 } |
219 | 222 |
220 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { | 223 TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { |
221 CreatePairingRegistry(true); | 224 CreatePairingRegistry(true); |
222 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 225 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
223 kTestPinBad, kTestPin, false)); | 226 kTestPinBad, kTestPin, false)); |
224 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 227 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
225 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); | 228 VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); |
226 } | 229 } |
227 | 230 |
228 TEST_F(NegotiatingAuthenticatorTest, | 231 TEST_F(NegotiatingAuthenticatorTest, |
229 PairingSucceededInvalidSecretButPinOkay) { | 232 PairingSucceededInvalidSecretButPinOkay) { |
230 CreatePairingRegistry(true); | 233 CreatePairingRegistry(true); |
231 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 234 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
232 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false)); | 235 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false)); |
233 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 236 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
234 VerifyAccepted(NegotiatingAuthenticatorBase::Method::SPAKE2_PAIR); | 237 VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); |
235 } | 238 } |
236 | 239 |
237 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { | 240 TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { |
238 CreatePairingRegistry(true); | 241 CreatePairingRegistry(true); |
239 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 242 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
240 kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, false)); | 243 kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, false)); |
241 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 244 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
242 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 245 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
243 } | 246 } |
244 | 247 |
245 } // namespace protocol | 248 } // namespace protocol |
246 } // namespace remoting | 249 } // namespace remoting |
OLD | NEW |