Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1324)

Unified Diff: remoting/protocol/negotiating_authenticator_unittest.cc

Issue 1800823002: Add Curve25519 version of pairing authenticators (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: remoting/protocol/negotiating_authenticator_unittest.cc
diff --git a/remoting/protocol/negotiating_authenticator_unittest.cc b/remoting/protocol/negotiating_authenticator_unittest.cc
index f07be708dc6772c84701724e8a264e9e9da10f9e..889e287ddc7f7bd3c0dacede64d84add1307081e 100644
--- a/remoting/protocol/negotiating_authenticator_unittest.cc
+++ b/remoting/protocol/negotiating_authenticator_unittest.cc
@@ -53,26 +53,29 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
~NegotiatingAuthenticatorTest() override {}
protected:
- void InitAuthenticators(const std::string& client_id,
- const std::string& client_paired_secret,
- const std::string& client_interactive_pin,
- const std::string& host_secret,
- bool it2me) {
+ virtual void InitAuthenticators(const std::string& client_id,
+ const std::string& client_paired_secret,
+ const std::string& client_interactive_pin,
+ const std::string& host_secret,
+ bool it2me) {
if (it2me) {
host_ = NegotiatingHostAuthenticator::CreateForIt2Me(
kHostJid, kClientJid, host_cert_, key_pair_, host_secret);
} else {
std::string host_secret_hash =
GetSharedSecretHash(kTestHostId, host_secret);
- host_ = NegotiatingHostAuthenticator::CreateWithPin(
- kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash,
- pairing_registry_);
+ scoped_ptr<NegotiatingHostAuthenticator> host =
+ NegotiatingHostAuthenticator::CreateWithPin(
+ kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash,
+ pairing_registry_);
+ host_as_negotiating_authenticator_ = host.get();
+ host_ = std::move(host);
}
protocol::ClientAuthenticationConfig client_auth_config;
client_auth_config.host_id = kTestHostId;
client_auth_config.pairing_client_id = client_id;
- client_auth_config.pairing_secret= client_paired_secret;
+ client_auth_config.pairing_secret = client_paired_secret;
bool pairing_expected = pairing_registry_.get() != nullptr;
client_auth_config.fetch_secret_callback =
base::Bind(&NegotiatingAuthenticatorTest::FetchSecret,
@@ -82,6 +85,20 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
client_.reset(client_as_negotiating_authenticator_);
}
+ void DisableMethodOnClient(NegotiatingAuthenticatorBase::Method method) {
+ auto* methods = &(client_as_negotiating_authenticator_->methods_);
+ auto iter = std::find(methods->begin(), methods->end(), method);
+ ASSERT_TRUE(iter != methods->end());
+ methods->erase(iter);
+ }
+
+ void DisableMethodOnHost(NegotiatingAuthenticatorBase::Method method) {
+ auto* methods = &(host_as_negotiating_authenticator_->methods_);
+ auto iter = std::find(methods->begin(), methods->end(), method);
+ ASSERT_TRUE(iter != methods->end());
+ methods->erase(iter);
+ }
+
void CreatePairingRegistry(bool with_paired_client) {
pairing_registry_ = new SynchronousPairingRegistry(
make_scoped_ptr(new MockPairingRegistryDelegate()));
@@ -112,7 +129,7 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
}
}
- void VerifyAccepted(NegotiatingAuthenticatorBase::Method expected_method) {
+ virtual void VerifyAccepted() {
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
ASSERT_EQ(Authenticator::ACCEPTED, host_->state());
@@ -131,11 +148,14 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
tester.Start();
message_loop_.Run();
tester.CheckResults();
- EXPECT_EQ(expected_method,
- client_as_negotiating_authenticator_->current_method_);
+ }
+
+ NegotiatingAuthenticatorBase::Method current_method() {
+ return client_as_negotiating_authenticator_->current_method_;
}
// Use a bare pointer because the storage is managed by the base class.
+ NegotiatingHostAuthenticator* host_as_negotiating_authenticator_;
NegotiatingClientAuthenticator* client_as_negotiating_authenticator_;
private:
@@ -144,18 +164,90 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest);
};
+struct PairingTestParameters {
+ bool p224_on_client;
+ bool curve25519_on_client;
+ bool p224_on_host;
+ bool curve25519_on_host;
+
+ bool expect_curve25519_used;
+};
+
+class NegotiatingPairingAuthenticatorTest
+ : public NegotiatingAuthenticatorTest,
+ public testing::WithParamInterface<PairingTestParameters> {
+public:
+ void InitAuthenticators(const std::string& client_id,
+ const std::string& client_paired_secret,
+ const std::string& client_interactive_pin,
+ const std::string& host_secret,
+ bool it2me) override {
+ NegotiatingAuthenticatorTest::InitAuthenticators(
+ client_id, client_paired_secret, client_interactive_pin, host_secret,
+ it2me);
+ if (!GetParam().p224_on_client) {
+ DisableMethodOnClient(
+ NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
+ }
+ if (!GetParam().curve25519_on_client) {
+ DisableMethodOnClient(
+ NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519);
+ }
+ if (!GetParam().p224_on_host) {
+ DisableMethodOnHost(
+ NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
+ }
+ if (!GetParam().curve25519_on_host) {
+ DisableMethodOnHost(
+ NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519);
+ }
+ }
+
+ void VerifyAccepted() override {
+ NegotiatingAuthenticatorTest::VerifyAccepted();
+ EXPECT_TRUE(
+ current_method() ==
+ NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224 ||
+ current_method() ==
+ NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519);
+ }
+};
+
+INSTANTIATE_TEST_CASE_P(
+ PairingParams,
+ NegotiatingPairingAuthenticatorTest,
+ testing::Values(
+ // Only P224.
+ PairingTestParameters{true, false, true, false},
+
+ // Only curve25519.
+ PairingTestParameters{false, true, false, true},
+
+ // Both P224 and curve25519.
+ PairingTestParameters{true, true, true, true},
+
+ // One end supports both, the other supports only P224 or curve25519.
+ PairingTestParameters{false, true, true, true},
+ PairingTestParameters{true, false, true, true},
+ PairingTestParameters{true, true, false, true},
+ PairingTestParameters{true, true, true, false}));
+
TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPin, kTestPin, false));
- VerifyAccepted(
- NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519);
+ VerifyAccepted();
+ EXPECT_EQ(
+ NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519,
+ current_method());
}
TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPin, kTestPin, true));
- VerifyAccepted(
- NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224);
+ VerifyAccepted();
+ EXPECT_EQ(
+ NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224,
+ current_method());
}
TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) {
@@ -177,11 +269,8 @@ TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) {
TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPin, kTestPinBad, true));
- std::vector<NegotiatingAuthenticatorBase::Method>* methods =
- &(client_as_negotiating_authenticator_->methods_);
- methods->erase(std::find(
- methods->begin(), methods->end(),
- NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224));
+ DisableMethodOnClient(
+ NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224);
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
@@ -192,27 +281,29 @@ TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) {
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
kTestPin, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
- VerifyAccepted(
- NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519);
+ VerifyAccepted();
+ EXPECT_EQ(
+ NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519,
+ current_method());
}
-TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) {
+TEST_P(NegotiatingPairingAuthenticatorTest, PairingSupportedButNotPaired) {
CreatePairingRegistry(false);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
kTestPin, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
- VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
+ VerifyAccepted();
}
-TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) {
+TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinOkay) {
CreatePairingRegistry(false);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
kTestPin, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
- VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
+ VerifyAccepted();
}
-TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) {
+TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinBad) {
CreatePairingRegistry(false);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
kTestPinBad, kTestPin, false));
@@ -220,24 +311,24 @@ TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) {
VerifyRejected(Authenticator::INVALID_CREDENTIALS);
}
-TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) {
+TEST_P(NegotiatingPairingAuthenticatorTest, PairingSucceeded) {
CreatePairingRegistry(true);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
kTestPinBad, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
- VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
+ VerifyAccepted();
}
-TEST_F(NegotiatingAuthenticatorTest,
+TEST_P(NegotiatingPairingAuthenticatorTest,
PairingSucceededInvalidSecretButPinOkay) {
CreatePairingRegistry(true);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false));
ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
- VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
+ VerifyAccepted();
}
-TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) {
+TEST_P(NegotiatingPairingAuthenticatorTest, PairingFailedInvalidSecretAndPin) {
CreatePairingRegistry(true);
ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, false));
« no previous file with comments | « remoting/protocol/negotiating_authenticator_base.cc ('k') | remoting/protocol/negotiating_client_authenticator.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698