| Index: remoting/protocol/negotiating_authenticator_unittest.cc
|
| diff --git a/remoting/protocol/negotiating_authenticator_unittest.cc b/remoting/protocol/negotiating_authenticator_unittest.cc
|
| index f07be708dc6772c84701724e8a264e9e9da10f9e..889e287ddc7f7bd3c0dacede64d84add1307081e 100644
|
| --- a/remoting/protocol/negotiating_authenticator_unittest.cc
|
| +++ b/remoting/protocol/negotiating_authenticator_unittest.cc
|
| @@ -53,26 +53,29 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
|
| ~NegotiatingAuthenticatorTest() override {}
|
|
|
| protected:
|
| - void InitAuthenticators(const std::string& client_id,
|
| - const std::string& client_paired_secret,
|
| - const std::string& client_interactive_pin,
|
| - const std::string& host_secret,
|
| - bool it2me) {
|
| + virtual void InitAuthenticators(const std::string& client_id,
|
| + const std::string& client_paired_secret,
|
| + const std::string& client_interactive_pin,
|
| + const std::string& host_secret,
|
| + bool it2me) {
|
| if (it2me) {
|
| host_ = NegotiatingHostAuthenticator::CreateForIt2Me(
|
| kHostJid, kClientJid, host_cert_, key_pair_, host_secret);
|
| } else {
|
| std::string host_secret_hash =
|
| GetSharedSecretHash(kTestHostId, host_secret);
|
| - host_ = NegotiatingHostAuthenticator::CreateWithPin(
|
| - kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash,
|
| - pairing_registry_);
|
| + scoped_ptr<NegotiatingHostAuthenticator> host =
|
| + NegotiatingHostAuthenticator::CreateWithPin(
|
| + kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash,
|
| + pairing_registry_);
|
| + host_as_negotiating_authenticator_ = host.get();
|
| + host_ = std::move(host);
|
| }
|
|
|
| protocol::ClientAuthenticationConfig client_auth_config;
|
| client_auth_config.host_id = kTestHostId;
|
| client_auth_config.pairing_client_id = client_id;
|
| - client_auth_config.pairing_secret= client_paired_secret;
|
| + client_auth_config.pairing_secret = client_paired_secret;
|
| bool pairing_expected = pairing_registry_.get() != nullptr;
|
| client_auth_config.fetch_secret_callback =
|
| base::Bind(&NegotiatingAuthenticatorTest::FetchSecret,
|
| @@ -82,6 +85,20 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
|
| client_.reset(client_as_negotiating_authenticator_);
|
| }
|
|
|
| + void DisableMethodOnClient(NegotiatingAuthenticatorBase::Method method) {
|
| + auto* methods = &(client_as_negotiating_authenticator_->methods_);
|
| + auto iter = std::find(methods->begin(), methods->end(), method);
|
| + ASSERT_TRUE(iter != methods->end());
|
| + methods->erase(iter);
|
| + }
|
| +
|
| + void DisableMethodOnHost(NegotiatingAuthenticatorBase::Method method) {
|
| + auto* methods = &(host_as_negotiating_authenticator_->methods_);
|
| + auto iter = std::find(methods->begin(), methods->end(), method);
|
| + ASSERT_TRUE(iter != methods->end());
|
| + methods->erase(iter);
|
| + }
|
| +
|
| void CreatePairingRegistry(bool with_paired_client) {
|
| pairing_registry_ = new SynchronousPairingRegistry(
|
| make_scoped_ptr(new MockPairingRegistryDelegate()));
|
| @@ -112,7 +129,7 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
|
| }
|
| }
|
|
|
| - void VerifyAccepted(NegotiatingAuthenticatorBase::Method expected_method) {
|
| + virtual void VerifyAccepted() {
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
|
|
| ASSERT_EQ(Authenticator::ACCEPTED, host_->state());
|
| @@ -131,11 +148,14 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
|
| tester.Start();
|
| message_loop_.Run();
|
| tester.CheckResults();
|
| - EXPECT_EQ(expected_method,
|
| - client_as_negotiating_authenticator_->current_method_);
|
| + }
|
| +
|
| + NegotiatingAuthenticatorBase::Method current_method() {
|
| + return client_as_negotiating_authenticator_->current_method_;
|
| }
|
|
|
| // Use a bare pointer because the storage is managed by the base class.
|
| + NegotiatingHostAuthenticator* host_as_negotiating_authenticator_;
|
| NegotiatingClientAuthenticator* client_as_negotiating_authenticator_;
|
|
|
| private:
|
| @@ -144,18 +164,90 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase {
|
| DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest);
|
| };
|
|
|
| +struct PairingTestParameters {
|
| + bool p224_on_client;
|
| + bool curve25519_on_client;
|
| + bool p224_on_host;
|
| + bool curve25519_on_host;
|
| +
|
| + bool expect_curve25519_used;
|
| +};
|
| +
|
| +class NegotiatingPairingAuthenticatorTest
|
| + : public NegotiatingAuthenticatorTest,
|
| + public testing::WithParamInterface<PairingTestParameters> {
|
| +public:
|
| + void InitAuthenticators(const std::string& client_id,
|
| + const std::string& client_paired_secret,
|
| + const std::string& client_interactive_pin,
|
| + const std::string& host_secret,
|
| + bool it2me) override {
|
| + NegotiatingAuthenticatorTest::InitAuthenticators(
|
| + client_id, client_paired_secret, client_interactive_pin, host_secret,
|
| + it2me);
|
| + if (!GetParam().p224_on_client) {
|
| + DisableMethodOnClient(
|
| + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
|
| + }
|
| + if (!GetParam().curve25519_on_client) {
|
| + DisableMethodOnClient(
|
| + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519);
|
| + }
|
| + if (!GetParam().p224_on_host) {
|
| + DisableMethodOnHost(
|
| + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
|
| + }
|
| + if (!GetParam().curve25519_on_host) {
|
| + DisableMethodOnHost(
|
| + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519);
|
| + }
|
| + }
|
| +
|
| + void VerifyAccepted() override {
|
| + NegotiatingAuthenticatorTest::VerifyAccepted();
|
| + EXPECT_TRUE(
|
| + current_method() ==
|
| + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224 ||
|
| + current_method() ==
|
| + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519);
|
| + }
|
| +};
|
| +
|
| +INSTANTIATE_TEST_CASE_P(
|
| + PairingParams,
|
| + NegotiatingPairingAuthenticatorTest,
|
| + testing::Values(
|
| + // Only P224.
|
| + PairingTestParameters{true, false, true, false},
|
| +
|
| + // Only curve25519.
|
| + PairingTestParameters{false, true, false, true},
|
| +
|
| + // Both P224 and curve25519.
|
| + PairingTestParameters{true, true, true, true},
|
| +
|
| + // One end supports both, the other supports only P224 or curve25519.
|
| + PairingTestParameters{false, true, true, true},
|
| + PairingTestParameters{true, false, true, true},
|
| + PairingTestParameters{true, true, false, true},
|
| + PairingTestParameters{true, true, true, false}));
|
| +
|
| TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) {
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
|
| kTestPin, kTestPin, false));
|
| - VerifyAccepted(
|
| - NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519);
|
| + VerifyAccepted();
|
| + EXPECT_EQ(
|
| + NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519,
|
| + current_method());
|
| }
|
|
|
| TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) {
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
|
| kTestPin, kTestPin, true));
|
| - VerifyAccepted(
|
| - NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224);
|
| + VerifyAccepted();
|
| + EXPECT_EQ(
|
| + NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224,
|
| + current_method());
|
| }
|
|
|
| TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) {
|
| @@ -177,11 +269,8 @@ TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) {
|
| TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) {
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
|
| kTestPin, kTestPinBad, true));
|
| - std::vector<NegotiatingAuthenticatorBase::Method>* methods =
|
| - &(client_as_negotiating_authenticator_->methods_);
|
| - methods->erase(std::find(
|
| - methods->begin(), methods->end(),
|
| - NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224));
|
| + DisableMethodOnClient(
|
| + NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224);
|
|
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
|
|
| @@ -192,27 +281,29 @@ TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) {
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
|
| kTestPin, kTestPin, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(
|
| - NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519);
|
| + VerifyAccepted();
|
| + EXPECT_EQ(
|
| + NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519,
|
| + current_method());
|
| }
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) {
|
| +TEST_P(NegotiatingPairingAuthenticatorTest, PairingSupportedButNotPaired) {
|
| CreatePairingRegistry(false);
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret,
|
| kTestPin, kTestPin, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
|
| + VerifyAccepted();
|
| }
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) {
|
| +TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinOkay) {
|
| CreatePairingRegistry(false);
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
|
| kTestPin, kTestPin, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
|
| + VerifyAccepted();
|
| }
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) {
|
| +TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinBad) {
|
| CreatePairingRegistry(false);
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
|
| kTestPinBad, kTestPin, false));
|
| @@ -220,24 +311,24 @@ TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) {
|
| VerifyRejected(Authenticator::INVALID_CREDENTIALS);
|
| }
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) {
|
| +TEST_P(NegotiatingPairingAuthenticatorTest, PairingSucceeded) {
|
| CreatePairingRegistry(true);
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret,
|
| kTestPinBad, kTestPin, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
|
| + VerifyAccepted();
|
| }
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest,
|
| +TEST_P(NegotiatingPairingAuthenticatorTest,
|
| PairingSucceededInvalidSecretButPinOkay) {
|
| CreatePairingRegistry(true);
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false));
|
| ASSERT_NO_FATAL_FAILURE(RunAuthExchange());
|
| - VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224);
|
| + VerifyAccepted();
|
| }
|
|
|
| -TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) {
|
| +TEST_P(NegotiatingPairingAuthenticatorTest, PairingFailedInvalidSecretAndPin) {
|
| CreatePairingRegistry(true);
|
| ASSERT_NO_FATAL_FAILURE(InitAuthenticators(
|
| kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, false));
|
|
|
Chromium Code Reviews
Issue 1800823002:
Add Curve25519 version of pairing authenticators (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master