Index: external_tests/ssl_gtest/ssl_dhe_unittest.cc |
=================================================================== |
--- a/external_tests/ssl_gtest/ssl_dhe_unittest.cc |
+++ b/external_tests/ssl_gtest/ssl_dhe_unittest.cc |
@@ -21,62 +21,16 @@ |
namespace nss_test { |
TEST_P(TlsConnectGeneric, ConnectDhe) { |
EnableOnlyDheCiphers(); |
Connect(); |
CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign); |
} |
-// Track groups and make sure that there are no duplicates. |
-class CheckDuplicateGroup { |
- public: |
- void AddAndCheckGroup(uint16_t group) { |
- EXPECT_EQ(groups_.end(), groups_.find(group)) |
- << "Group " << group << " should not be duplicated"; |
- groups_.insert(group); |
- } |
- |
- private: |
- std::set<uint16_t> groups_; |
-}; |
- |
-// Check the group of each of the supported groups |
-static void CheckGroups(const DataBuffer& groups, |
- std::function<void(uint16_t)> check_group) { |
- CheckDuplicateGroup group_set; |
- uint32_t tmp; |
- EXPECT_TRUE(groups.Read(0, 2, &tmp)); |
- EXPECT_EQ(groups.len() - 2, static_cast<size_t>(tmp)); |
- for (size_t i = 2; i < groups.len(); i += 2) { |
- EXPECT_TRUE(groups.Read(i, 2, &tmp)); |
- uint16_t group = static_cast<uint16_t>(tmp); |
- group_set.AddAndCheckGroup(group); |
- check_group(group); |
- } |
-} |
- |
-// Check the group of each of the shares |
-static void CheckShares(const DataBuffer& shares, |
- std::function<void(uint16_t)> check_group) { |
- CheckDuplicateGroup group_set; |
- uint32_t tmp; |
- EXPECT_TRUE(shares.Read(0, 2, &tmp)); |
- EXPECT_EQ(shares.len() - 2, static_cast<size_t>(tmp)); |
- size_t i; |
- for (i = 2; i < shares.len(); i += 4 + tmp) { |
- ASSERT_TRUE(shares.Read(i, 2, &tmp)); |
- uint16_t group = static_cast<uint16_t>(tmp); |
- group_set.AddAndCheckGroup(group); |
- check_group(group); |
- ASSERT_TRUE(shares.Read(i + 2, 2, &tmp)); |
- } |
- EXPECT_EQ(shares.len(), i); |
-} |
- |
TEST_P(TlsConnectTls13, SharesForBothEcdheAndDhe) { |
EnsureTlsSetup(); |
client_->DisableAllCiphers(); |
client_->EnableCiphersByKeyExchange(ssl_kea_ecdh); |
client_->EnableCiphersByKeyExchange(ssl_kea_dh); |
auto groups_capture = new TlsExtensionCapture(ssl_supported_groups_xtn); |
auto shares_capture = new TlsExtensionCapture(ssl_tls13_key_share_xtn); |
@@ -502,32 +456,53 @@ TEST_P(TlsConnectGenericPre13, WeakDHGro |
EXPECT_EQ(SECSuccess, |
SSL_EnableWeakDHEPrimeGroup(server_->ssl_fd(), PR_TRUE)); |
Connect(); |
} |
TEST_P(TlsConnectGeneric, Ffdhe3072) { |
EnableOnlyDheCiphers(); |
- client_->ConfigNamedGroup(ssl_grp_ffdhe_2048, false); |
+ SSLNamedGroup groups[] = {ssl_grp_ffdhe_3072}; |
+ client_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups)); |
Connect(); |
} |
TEST_P(TlsConnectGenericPre13, PreferredFfdhe) { |
EnableOnlyDheCiphers(); |
static const SSLDHEGroupType groups[] = {ssl_ff_dhe_3072_group, |
ssl_ff_dhe_2048_group}; |
EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), groups, |
PR_ARRAY_SIZE(groups))); |
Connect(); |
CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign, 3072); |
} |
+TEST_P(TlsConnectGenericPre13, MismatchDHE) { |
+ EnableOnlyDheCiphers(); |
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), |
+ SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE)); |
+ static const SSLDHEGroupType serverGroups[] = {ssl_ff_dhe_3072_group}; |
+ EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), serverGroups, |
+ PR_ARRAY_SIZE(serverGroups))); |
+ static const SSLDHEGroupType clientGroups[] = {ssl_ff_dhe_2048_group}; |
+ EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(client_->ssl_fd(), clientGroups, |
+ PR_ARRAY_SIZE(clientGroups))); |
+ |
+ ConnectExpectFail(); |
+ server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); |
+ if (mode_ == DGRAM) { |
+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); |
ekr-rietveld
2016/09/12 17:06:16
Why do these produce different codes?
|
+ } else { |
+ client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT); |
+ } |
+} |
+ |
TEST_P(TlsConnectTls13, ResumeFfdhe) { |
EnableOnlyDheCiphers(); |
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); |
Connect(); |
SendReceive(); // Need to read so that we absorb the session ticket. |
CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign); |
Reset(); |