Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(812)

Unified Diff: external_tests/ssl_gtest/ssl_dhe_unittest.cc

Issue 307060043: Named group preferences
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | external_tests/ssl_gtest/ssl_ecdh_unittest.cc » ('j') | external_tests/ssl_gtest/tls_agent.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: external_tests/ssl_gtest/ssl_dhe_unittest.cc
===================================================================
--- a/external_tests/ssl_gtest/ssl_dhe_unittest.cc
+++ b/external_tests/ssl_gtest/ssl_dhe_unittest.cc
@@ -21,62 +21,16 @@
namespace nss_test {
TEST_P(TlsConnectGeneric, ConnectDhe) {
EnableOnlyDheCiphers();
Connect();
CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
}
-// Track groups and make sure that there are no duplicates.
-class CheckDuplicateGroup {
- public:
- void AddAndCheckGroup(uint16_t group) {
- EXPECT_EQ(groups_.end(), groups_.find(group))
- << "Group " << group << " should not be duplicated";
- groups_.insert(group);
- }
-
- private:
- std::set<uint16_t> groups_;
-};
-
-// Check the group of each of the supported groups
-static void CheckGroups(const DataBuffer& groups,
- std::function<void(uint16_t)> check_group) {
- CheckDuplicateGroup group_set;
- uint32_t tmp;
- EXPECT_TRUE(groups.Read(0, 2, &tmp));
- EXPECT_EQ(groups.len() - 2, static_cast<size_t>(tmp));
- for (size_t i = 2; i < groups.len(); i += 2) {
- EXPECT_TRUE(groups.Read(i, 2, &tmp));
- uint16_t group = static_cast<uint16_t>(tmp);
- group_set.AddAndCheckGroup(group);
- check_group(group);
- }
-}
-
-// Check the group of each of the shares
-static void CheckShares(const DataBuffer& shares,
- std::function<void(uint16_t)> check_group) {
- CheckDuplicateGroup group_set;
- uint32_t tmp;
- EXPECT_TRUE(shares.Read(0, 2, &tmp));
- EXPECT_EQ(shares.len() - 2, static_cast<size_t>(tmp));
- size_t i;
- for (i = 2; i < shares.len(); i += 4 + tmp) {
- ASSERT_TRUE(shares.Read(i, 2, &tmp));
- uint16_t group = static_cast<uint16_t>(tmp);
- group_set.AddAndCheckGroup(group);
- check_group(group);
- ASSERT_TRUE(shares.Read(i + 2, 2, &tmp));
- }
- EXPECT_EQ(shares.len(), i);
-}
-
TEST_P(TlsConnectTls13, SharesForBothEcdheAndDhe) {
EnsureTlsSetup();
client_->DisableAllCiphers();
client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
client_->EnableCiphersByKeyExchange(ssl_kea_dh);
auto groups_capture = new TlsExtensionCapture(ssl_supported_groups_xtn);
auto shares_capture = new TlsExtensionCapture(ssl_tls13_key_share_xtn);
@@ -502,32 +456,53 @@ TEST_P(TlsConnectGenericPre13, WeakDHGro
EXPECT_EQ(SECSuccess,
SSL_EnableWeakDHEPrimeGroup(server_->ssl_fd(), PR_TRUE));
Connect();
}
TEST_P(TlsConnectGeneric, Ffdhe3072) {
EnableOnlyDheCiphers();
- client_->ConfigNamedGroup(ssl_grp_ffdhe_2048, false);
+ SSLNamedGroup groups[] = {ssl_grp_ffdhe_3072};
+ client_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
Connect();
}
TEST_P(TlsConnectGenericPre13, PreferredFfdhe) {
EnableOnlyDheCiphers();
static const SSLDHEGroupType groups[] = {ssl_ff_dhe_3072_group,
ssl_ff_dhe_2048_group};
EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), groups,
PR_ARRAY_SIZE(groups)));
Connect();
CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign, 3072);
}
+TEST_P(TlsConnectGenericPre13, MismatchDHE) {
+ EnableOnlyDheCiphers();
+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+ SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+ static const SSLDHEGroupType serverGroups[] = {ssl_ff_dhe_3072_group};
+ EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), serverGroups,
+ PR_ARRAY_SIZE(serverGroups)));
+ static const SSLDHEGroupType clientGroups[] = {ssl_ff_dhe_2048_group};
+ EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(client_->ssl_fd(), clientGroups,
+ PR_ARRAY_SIZE(clientGroups)));
+
+ ConnectExpectFail();
+ server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+ if (mode_ == DGRAM) {
+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
ekr-rietveld 2016/09/12 17:06:16 Why do these produce different codes?
+ } else {
+ client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT);
+ }
+}
+
TEST_P(TlsConnectTls13, ResumeFfdhe) {
EnableOnlyDheCiphers();
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
Connect();
SendReceive(); // Need to read so that we absorb the session ticket.
CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
Reset();
« no previous file with comments | « no previous file | external_tests/ssl_gtest/ssl_ecdh_unittest.cc » ('j') | external_tests/ssl_gtest/tls_agent.h » ('J')

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b