| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/macros.h" | 6 #include "base/macros.h" |
| 7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
| 8 #include "remoting/base/rsa_key_pair.h" | 8 #include "remoting/base/rsa_key_pair.h" |
| 9 #include "remoting/protocol/auth_util.h" | 9 #include "remoting/protocol/auth_util.h" |
| 10 #include "remoting/protocol/authenticator_test_base.h" | 10 #include "remoting/protocol/authenticator_test_base.h" |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 | 49 |
| 50 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { | 50 class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { |
| 51 public: | 51 public: |
| 52 NegotiatingAuthenticatorTest() {} | 52 NegotiatingAuthenticatorTest() {} |
| 53 ~NegotiatingAuthenticatorTest() override {} | 53 ~NegotiatingAuthenticatorTest() override {} |
| 54 | 54 |
| 55 protected: | 55 protected: |
| 56 virtual void InitAuthenticators(const std::string& client_id, | 56 virtual void InitAuthenticators(const std::string& client_id, |
| 57 const std::string& client_paired_secret, | 57 const std::string& client_paired_secret, |
| 58 const std::string& client_interactive_pin, | 58 const std::string& client_interactive_pin, |
| 59 const std::string& host_secret, | 59 const std::string& host_secret) { |
| 60 bool it2me) { | 60 std::string host_secret_hash = |
| 61 if (it2me) { | 61 GetSharedSecretHash(kTestHostId, host_secret); |
| 62 host_ = NegotiatingHostAuthenticator::CreateForIt2Me( | 62 scoped_ptr<NegotiatingHostAuthenticator> host = |
| 63 kHostJid, kClientJid, host_cert_, key_pair_, host_secret); | 63 NegotiatingHostAuthenticator::CreateWithSharedSecret( |
| 64 } else { | 64 kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash, |
| 65 std::string host_secret_hash = | 65 pairing_registry_); |
| 66 GetSharedSecretHash(kTestHostId, host_secret); | 66 host_as_negotiating_authenticator_ = host.get(); |
| 67 scoped_ptr<NegotiatingHostAuthenticator> host = | 67 host_ = std::move(host); |
| 68 NegotiatingHostAuthenticator::CreateWithPin( | |
| 69 kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash, | |
| 70 pairing_registry_); | |
| 71 host_as_negotiating_authenticator_ = host.get(); | |
| 72 host_ = std::move(host); | |
| 73 } | |
| 74 | 68 |
| 75 protocol::ClientAuthenticationConfig client_auth_config; | 69 protocol::ClientAuthenticationConfig client_auth_config; |
| 76 client_auth_config.host_id = kTestHostId; | 70 client_auth_config.host_id = kTestHostId; |
| 77 client_auth_config.pairing_client_id = client_id; | 71 client_auth_config.pairing_client_id = client_id; |
| 78 client_auth_config.pairing_secret = client_paired_secret; | 72 client_auth_config.pairing_secret = client_paired_secret; |
| 79 bool pairing_expected = pairing_registry_.get() != nullptr; | 73 bool pairing_expected = pairing_registry_.get() != nullptr; |
| 80 client_auth_config.fetch_secret_callback = | 74 client_auth_config.fetch_secret_callback = |
| 81 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, | 75 base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, |
| 82 client_interactive_pin, pairing_expected); | 76 client_interactive_pin, pairing_expected); |
| 83 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( | 77 client_as_negotiating_authenticator_ = new NegotiatingClientAuthenticator( |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 173 bool expect_curve25519_used; | 167 bool expect_curve25519_used; |
| 174 }; | 168 }; |
| 175 | 169 |
| 176 class NegotiatingPairingAuthenticatorTest | 170 class NegotiatingPairingAuthenticatorTest |
| 177 : public NegotiatingAuthenticatorTest, | 171 : public NegotiatingAuthenticatorTest, |
| 178 public testing::WithParamInterface<PairingTestParameters> { | 172 public testing::WithParamInterface<PairingTestParameters> { |
| 179 public: | 173 public: |
| 180 void InitAuthenticators(const std::string& client_id, | 174 void InitAuthenticators(const std::string& client_id, |
| 181 const std::string& client_paired_secret, | 175 const std::string& client_paired_secret, |
| 182 const std::string& client_interactive_pin, | 176 const std::string& client_interactive_pin, |
| 183 const std::string& host_secret, | 177 const std::string& host_secret) override { |
| 184 bool it2me) override { | |
| 185 NegotiatingAuthenticatorTest::InitAuthenticators( | 178 NegotiatingAuthenticatorTest::InitAuthenticators( |
| 186 client_id, client_paired_secret, client_interactive_pin, host_secret, | 179 client_id, client_paired_secret, client_interactive_pin, host_secret); |
| 187 it2me); | |
| 188 if (!GetParam().p224_on_client) { | 180 if (!GetParam().p224_on_client) { |
| 189 DisableMethodOnClient( | 181 DisableMethodOnClient( |
| 190 NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); | 182 NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); |
| 191 } | 183 } |
| 192 if (!GetParam().curve25519_on_client) { | 184 if (!GetParam().curve25519_on_client) { |
| 193 DisableMethodOnClient( | 185 DisableMethodOnClient( |
| 194 NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519); | 186 NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519); |
| 195 } | 187 } |
| 196 if (!GetParam().p224_on_host) { | 188 if (!GetParam().p224_on_host) { |
| 197 DisableMethodOnHost( | 189 DisableMethodOnHost( |
| (...skipping 27 matching lines...) Expand all Loading... |
| 225 | 217 |
| 226 // Both P224 and curve25519. | 218 // Both P224 and curve25519. |
| 227 PairingTestParameters{true, true, true, true}, | 219 PairingTestParameters{true, true, true, true}, |
| 228 | 220 |
| 229 // One end supports both, the other supports only P224 or curve25519. | 221 // One end supports both, the other supports only P224 or curve25519. |
| 230 PairingTestParameters{false, true, true, true}, | 222 PairingTestParameters{false, true, true, true}, |
| 231 PairingTestParameters{true, false, true, true}, | 223 PairingTestParameters{true, false, true, true}, |
| 232 PairingTestParameters{true, true, false, true}, | 224 PairingTestParameters{true, true, false, true}, |
| 233 PairingTestParameters{true, true, true, false})); | 225 PairingTestParameters{true, true, true, false})); |
| 234 | 226 |
| 235 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { | 227 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthSharedSecret) { |
| 236 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 228 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 237 kTestPin, kTestPin, false)); | 229 kTestPin, kTestPin)); |
| 238 VerifyAccepted(); | 230 VerifyAccepted(); |
| 239 EXPECT_EQ( | 231 EXPECT_EQ( |
| 240 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519, | 232 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519, |
| 241 current_method()); | 233 current_method()); |
| 242 } | 234 } |
| 243 | 235 |
| 244 TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { | 236 TEST_F(NegotiatingAuthenticatorTest, InvalidSharedSecret) { |
| 245 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 237 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, |
| 246 kTestPin, kTestPin, true)); | 238 kTestPinBad, kTestPin)); |
| 247 VerifyAccepted(); | |
| 248 EXPECT_EQ( | |
| 249 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224, | |
| 250 current_method()); | |
| 251 } | |
| 252 | |
| 253 TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { | |
| 254 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | |
| 255 kTestPinBad, kTestPin, false)); | |
| 256 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | |
| 257 | |
| 258 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | |
| 259 } | |
| 260 | |
| 261 TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) { | |
| 262 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | |
| 263 kTestPin, kTestPinBad, true)); | |
| 264 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 239 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 265 | 240 |
| 266 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 241 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 267 } | 242 } |
| 268 | 243 |
| 269 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { | 244 TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { |
| 270 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 245 ASSERT_NO_FATAL_FAILURE( |
| 271 kTestPin, kTestPinBad, true)); | 246 InitAuthenticators(kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad)); |
| 272 DisableMethodOnClient( | 247 DisableMethodOnClient( |
| 273 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224); | 248 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_P224); |
| 249 DisableMethodOnHost( |
| 250 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519); |
| 274 | 251 |
| 275 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 252 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 276 | 253 |
| 277 VerifyRejected(Authenticator::PROTOCOL_ERROR); | 254 VerifyRejected(Authenticator::PROTOCOL_ERROR); |
| 278 } | 255 } |
| 279 | 256 |
| 280 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { | 257 TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { |
| 281 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 258 ASSERT_NO_FATAL_FAILURE( |
| 282 kTestPin, kTestPin, false)); | 259 InitAuthenticators(kTestClientId, kTestPairedSecret, kTestPin, kTestPin)); |
| 283 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 260 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 284 VerifyAccepted(); | 261 VerifyAccepted(); |
| 285 EXPECT_EQ( | 262 EXPECT_EQ( |
| 286 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519, | 263 NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519, |
| 287 current_method()); | 264 current_method()); |
| 288 } | 265 } |
| 289 | 266 |
| 290 TEST_P(NegotiatingPairingAuthenticatorTest, PairingSupportedButNotPaired) { | 267 TEST_P(NegotiatingPairingAuthenticatorTest, PairingSupportedButNotPaired) { |
| 291 CreatePairingRegistry(false); | 268 CreatePairingRegistry(false); |
| 292 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, | 269 ASSERT_NO_FATAL_FAILURE( |
| 293 kTestPin, kTestPin, false)); | 270 InitAuthenticators(kNoClientId, kNoPairedSecret, kTestPin, kTestPin)); |
| 294 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 271 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 295 VerifyAccepted(); | 272 VerifyAccepted(); |
| 296 } | 273 } |
| 297 | 274 |
| 298 TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinOkay) { | 275 TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinOkay) { |
| 299 CreatePairingRegistry(false); | 276 CreatePairingRegistry(false); |
| 300 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 277 ASSERT_NO_FATAL_FAILURE( |
| 301 kTestPin, kTestPin, false)); | 278 InitAuthenticators(kTestClientId, kTestPairedSecret, kTestPin, kTestPin)); |
| 302 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 279 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 303 VerifyAccepted(); | 280 VerifyAccepted(); |
| 304 } | 281 } |
| 305 | 282 |
| 306 TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinBad) { | 283 TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinBad) { |
| 307 CreatePairingRegistry(false); | 284 CreatePairingRegistry(false); |
| 308 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 285 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
| 309 kTestPinBad, kTestPin, false)); | 286 kTestPinBad, kTestPin)); |
| 310 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 287 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 311 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 288 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 312 } | 289 } |
| 313 | 290 |
| 314 TEST_P(NegotiatingPairingAuthenticatorTest, PairingSucceeded) { | 291 TEST_P(NegotiatingPairingAuthenticatorTest, PairingSucceeded) { |
| 315 CreatePairingRegistry(true); | 292 CreatePairingRegistry(true); |
| 316 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, | 293 ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, |
| 317 kTestPinBad, kTestPin, false)); | 294 kTestPinBad, kTestPin)); |
| 318 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 295 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 319 VerifyAccepted(); | 296 VerifyAccepted(); |
| 320 } | 297 } |
| 321 | 298 |
| 322 TEST_P(NegotiatingPairingAuthenticatorTest, | 299 TEST_P(NegotiatingPairingAuthenticatorTest, |
| 323 PairingSucceededInvalidSecretButPinOkay) { | 300 PairingSucceededInvalidSecretButPinOkay) { |
| 324 CreatePairingRegistry(true); | 301 CreatePairingRegistry(true); |
| 325 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 302 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 326 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false)); | 303 kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin)); |
| 327 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 304 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 328 VerifyAccepted(); | 305 VerifyAccepted(); |
| 329 } | 306 } |
| 330 | 307 |
| 331 TEST_P(NegotiatingPairingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { | 308 TEST_P(NegotiatingPairingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { |
| 332 CreatePairingRegistry(true); | 309 CreatePairingRegistry(true); |
| 333 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( | 310 ASSERT_NO_FATAL_FAILURE(InitAuthenticators( |
| 334 kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, false)); | 311 kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin)); |
| 335 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); | 312 ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); |
| 336 VerifyRejected(Authenticator::INVALID_CREDENTIALS); | 313 VerifyRejected(Authenticator::INVALID_CREDENTIALS); |
| 337 } | 314 } |
| 338 | 315 |
| 339 } // namespace protocol | 316 } // namespace protocol |
| 340 } // namespace remoting | 317 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1799293002:
Remove spake2_plain authentication method. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@pair_spake