Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(83)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 245490043: Add explicit DHE and RSA skip tests

Can't Edit
Can't Publish+Mail
Start Review
Created:
10 years, 2 months ago by ekr-rietveld
Modified:
10 years, 2 months ago
Reviewers:
mt
Visibility:
Public.

Description

Add explicit DHE and RSA skip tests

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+31 lines, -1 line) Patch
M external_tests/ssl_gtest/ssl_skip_unittest.cc View 1 chunk +7 lines, -1 line 0 comments Download
M external_tests/ssl_gtest/tls_agent.h View 1 chunk +1 line, -0 lines 0 comments Download
M external_tests/ssl_gtest/tls_agent.cc View 1 chunk +18 lines, -0 lines 0 comments Download
M external_tests/ssl_gtest/tls_connect.h View 1 chunk +1 line, -0 lines 0 comments Download
M external_tests/ssl_gtest/tls_connect.cc View 1 chunk +4 lines, -0 lines 0 comments Download

Messages

Total messages: 2
ekr-rietveld
PTAL
10 years, 2 months ago (2015-06-22 19:04:39 UTC) #1
mt
10 years, 2 months ago (2015-06-22 19:09:48 UTC) #2 
r+
On Jun 22, 2015 12:04 PM, <ekr-webrtc@rtfm.com> wrote:

> Reviewers: mt,
>
> Message:
> PTAL
>
> Description:
> Add explicit DHE and RSA skip tests
>
> Please review this at https://codereview.appspot.com/245490043/
>
> Affected files (+31, -1 lines):
>   M external_tests/ssl_gtest/ssl_skip_unittest.cc
>   M external_tests/ssl_gtest/tls_agent.h
>   M external_tests/ssl_gtest/tls_agent.cc
>   M external_tests/ssl_gtest/tls_connect.h
>   M external_tests/ssl_gtest/tls_connect.cc
>
>
> Index: external_tests/ssl_gtest/ssl_skip_unittest.cc
> ===================================================================
> --- a/external_tests/ssl_gtest/ssl_skip_unittest.cc
> +++ b/external_tests/ssl_gtest/ssl_skip_unittest.cc
> @@ -103,21 +103,27 @@ class TlsSkipTest
>        server_->SetPacketFilter(filter);
>      }
>      ConnectExpectFail();
>      EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
>      EXPECT_EQ(alert, alert_recorder->description());
>    }
>  };
>
> -TEST_P(TlsSkipTest, SkipCertificate) {
> +TEST_P(TlsSkipTest, SkipCertificateRsa) {
> +  DisableDheCiphers();
>    ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate));
>    client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
>  }
>
> +TEST_P(TlsSkipTest, SkipCertificateDhe) {
> +  ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate));
> +  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
> +}
> +
>  TEST_P(TlsSkipTest, SkipCertificateEcdhe) {
>    EnableSomeEcdheCiphers();
>    ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate));
>    client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
>  }
>
>  TEST_P(TlsSkipTest, SkipCertificateEcdsa) {
>    ResetEcdsa();
> Index: external_tests/ssl_gtest/tls_agent.cc
> ===================================================================
> --- a/external_tests/ssl_gtest/tls_agent.cc
> +++ b/external_tests/ssl_gtest/tls_agent.cc
> @@ -88,16 +88,34 @@ void TlsAgent::EnableSomeEcdheCiphers()
>                                     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA};
>
>    for (size_t i = 0; i < PR_ARRAY_SIZE(EcdheCiphers); ++i) {
>      SECStatus rv = SSL_CipherPrefSet(ssl_fd_, EcdheCiphers[i], PR_TRUE);
>      EXPECT_EQ(SECSuccess, rv);
>    }
>  }
>
> +
> +void TlsAgent::DisableDheCiphers() {
> +  EXPECT_TRUE(EnsureTlsSetup());
> +
> +  for (size_t i=0; i < SSL_NumImplementedCiphers; ++i) {
> +    SSLCipherSuiteInfo csinfo;
> +
> +    SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i],
> +                                          &csinfo, sizeof(csinfo));
> +    ASSERT_EQ(SECSuccess, rv);
> +
> +    if (csinfo.keaType == ssl_kea_dh) {
> +      rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i],
> PR_FALSE);
> +      EXPECT_EQ(SECSuccess, rv);
> +    }
> +  }
> +}
> +
>  void TlsAgent::SetSessionTicketsEnabled(bool en) {
>    EXPECT_TRUE(EnsureTlsSetup());
>
>    SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_SESSION_TICKETS,
>                                 en ? PR_TRUE : PR_FALSE);
>    EXPECT_EQ(SECSuccess, rv);
>  }
>
> Index: external_tests/ssl_gtest/tls_agent.h
> ===================================================================
> --- a/external_tests/ssl_gtest/tls_agent.h
> +++ b/external_tests/ssl_gtest/tls_agent.h
> @@ -80,16 +80,17 @@ class TlsAgent : public PollTarget {
>
>    void StartConnect();
>    void CheckKEAType(SSLKEAType type) const;
>    void CheckAuthType(SSLAuthType type) const;
>    void CheckVersion(uint16_t version) const;
>
>    void Handshake();
>    void EnableSomeEcdheCiphers();
> +  void DisableDheCiphers();
>    bool EnsureTlsSetup();
>
>    void ConfigureSessionCache(SessionResumptionMode mode);
>    void SetSessionTicketsEnabled(bool en);
>    void SetSessionCacheEnabled(bool en);
>    void SetVersionRange(uint16_t minver, uint16_t maxver);
>    void EnableAlpn(const uint8_t* val, size_t len);
>    void CheckAlpn(SSLNextProtoState expected_state,
> Index: external_tests/ssl_gtest/tls_connect.cc
> ===================================================================
> --- a/external_tests/ssl_gtest/tls_connect.cc
> +++ b/external_tests/ssl_gtest/tls_connect.cc
> @@ -171,16 +171,20 @@ void TlsConnectTestBase::ConnectExpectFa
>    ASSERT_EQ(TlsAgent::ERROR, server_->state());
>  }
>
>  void TlsConnectTestBase::EnableSomeEcdheCiphers() {
>    client_->EnableSomeEcdheCiphers();
>    server_->EnableSomeEcdheCiphers();
>  }
>
> +void TlsConnectTestBase::DisableDheCiphers() {
> +  client_->DisableDheCiphers();
> +  server_->DisableDheCiphers();
> +}
>
>  void TlsConnectTestBase::ConfigureSessionCache(SessionResumptionMode
> client,
>                                                 SessionResumptionMode
> server) {
>    client_->ConfigureSessionCache(client);
>    server_->ConfigureSessionCache(server);
>  }
>
>  void TlsConnectTestBase::CheckResumption(SessionResumptionMode expected) {
> Index: external_tests/ssl_gtest/tls_connect.h
> ===================================================================
> --- a/external_tests/ssl_gtest/tls_connect.h
> +++ b/external_tests/ssl_gtest/tls_connect.h
> @@ -50,16 +50,17 @@ class TlsConnectTestBase : public ::test
>    // Run the handshake.
>    void Handshake();
>    // Connect and check that it works.
>    void Connect();
>    // Connect and expect it to fail.
>    void ConnectExpectFail();
>
>    void EnableSomeEcdheCiphers();
> +  void DisableDheCiphers();
>    void ConfigureSessionCache(SessionResumptionMode client,
>                               SessionResumptionMode server);
>    void CheckResumption(SessionResumptionMode expected);
>    void EnableAlpn();
>    void EnableSrtp();
>    void CheckSrtp();
>   protected:
>
>
>
>
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b