Flag-protected. Add stateless reject support to crypto streams.

net/quic/quic_crypto_server_stream_test.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/quic_crypto_server_stream.h"
 
 #include <map>
 #include <vector>
 
 #include "base/memory/scoped_ptr.h"
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/quic/crypto/crypto_framer.h"
 #include "net/quic/crypto/crypto_handshake.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/crypto_utils.h"
 #include "net/quic/crypto/quic_crypto_server_config.h"
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/crypto/quic_random.h"
 #include "net/quic/quic_crypto_client_stream.h"
+#include "net/quic/quic_flags.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_session.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/delayed_verify_strike_register_client.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 class QuicConnection;
@@ skipping 10 matching lines @@
 class QuicCryptoServerConfigPeer {
  public:
   static string GetPrimaryOrbit(const QuicCryptoServerConfig& config) {
     base::AutoLock lock(config.configs_lock_);
     CHECK(config.primary_config_.get() != nullptr);
     return string(reinterpret_cast<const char*>(config.primary_config_->orbit),
                   kOrbitSize);
   }
 };
 
+class QuicCryptoServerStreamPeer {
+ public:
+  static bool DoesPeerSupportStatelessRejects(
+      const CryptoHandshakeMessage& message) {
+    return net::QuicCryptoServerStream::DoesPeerSupportStatelessRejects(
+        message);
+  }
+};
+
 namespace {
 
 const char kServerHostname[] = "test.example.com";
 const uint16 kServerPort = 80;
 
 class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
  public:
   QuicCryptoServerStreamTest()
-      : connection_(new PacketSavingConnection(Perspective::IS_SERVER)),
-        session_(connection_, DefaultQuicConfig()),
-        crypto_config_(QuicCryptoServerConfig::TESTING,
-                       QuicRandom::GetInstance()),
-        stream_(&crypto_config_, &session_),
-        strike_register_client_(nullptr) {
-    session_.SetCryptoStream(&stream_);
-    // We advance the clock initially because the default time is zero and the
-    // strike register worries that we've just overflowed a uint32 time.
-    connection_->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
+      : server_crypto_config_(QuicCryptoServerConfig::TESTING,
+                              QuicRandom::GetInstance()),
+        server_id_(kServerHostname, kServerPort, false, PRIVACY_MODE_DISABLED) {
     // TODO(wtc): replace this with ProofSourceForTesting() when Chromium has
     // a working ProofSourceForTesting().
-    crypto_config_.SetProofSource(CryptoTestUtils::FakeProofSourceForTesting());
-    crypto_config_.set_strike_register_no_startup_period();
+    server_crypto_config_.SetProofSource(
+        CryptoTestUtils::FakeProofSourceForTesting());
+    server_crypto_config_.set_strike_register_no_startup_period();
 
-    CryptoTestUtils::SetupCryptoServerConfigForTest(
-        connection_->clock(), connection_->random_generator(),
-        session_.config(), &crypto_config_);
+    InitializeServer();
 
     if (AsyncStrikeRegisterVerification()) {
       string orbit =
-          QuicCryptoServerConfigPeer::GetPrimaryOrbit(crypto_config_);
+          QuicCryptoServerConfigPeer::GetPrimaryOrbit(server_crypto_config_);
       strike_register_client_ = new DelayedVerifyStrikeRegisterClient(
           10000,  // strike_register_max_entries
-          static_cast<uint32>(connection_->clock()->WallNow().ToUNIXSeconds()),
+          static_cast<uint32>(
+              server_connection_->clock()->WallNow().ToUNIXSeconds()),
           60,  // strike_register_window_secs
-          reinterpret_cast<const uint8 *>(orbit.data()),
+          reinterpret_cast<const uint8*>(orbit.data()),
           StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
       strike_register_client_->StartDelayingVerification();
-      crypto_config_.SetStrikeRegisterClient(strike_register_client_);
+      server_crypto_config_.SetStrikeRegisterClient(strike_register_client_);
     }
   }
 
+  // Initializes the crypto server stream state for testing.  May be
+  // called multiple times.
+  void InitializeServer() {
+    TestServerSession* server_session = nullptr;
+    QuicCryptoServerStream* server_stream = nullptr;
+    SetupCryptoServerStreamForTest(server_id_,
+                                   QuicTime::Delta::FromSeconds(100000),
+                                   &server_crypto_config_, &server_connection_,
+                                   &server_session, &server_stream);
+    CHECK(server_session);
+    CHECK(server_stream);
+    server_session_.reset(server_session);
+    server_stream_.reset(server_stream);
+    CryptoTestUtils::SetupCryptoServerConfigForTest(
+        server_connection_->clock(), server_connection_->random_generator(),
+        server_session_->config(), &server_crypto_config_);
+  }
+
+  // Initializes a fake client, and all its associated state, for
+  // testing.  May be called multiple times.
+  void InitializeFakeClient(bool supports_stateless_rejects) {
+    TestClientSession* client_session = nullptr;
+    QuicCryptoClientStream* client_stream = nullptr;
+    SetupCryptoClientStreamForTest(server_id_, supports_stateless_rejects,
+                                   QuicTime::Delta::FromSeconds(100000),
+                                   &client_crypto_config_, &client_connection_,
+                                   &client_session, &client_stream);
+    CHECK(client_session);
+    CHECK(client_stream);
+    client_session_.reset(client_session);
+    client_stream_.reset(client_stream);
+  }
+
   bool AsyncStrikeRegisterVerification() {
     return GetParam();
   }
 
   void ConstructHandshakeMessage() {
     CryptoFramer framer;
     message_data_.reset(framer.ConstructHandshakeMessage(message_));
   }
 
   int CompleteCryptoHandshake() {
-    return CryptoTestUtils::HandshakeWithFakeClient(connection_, &stream_,
-                                                    client_options_);
+    CHECK(server_connection_);
+    CHECK(server_stream_ != nullptr);
+    return CryptoTestUtils::HandshakeWithFakeClient(
+        server_connection_, server_stream_.get(), client_options_);
+  }
+
+  // Performs a single round of handshake message-exchange between the
+  // client and server.
+  void AdvanceHandshakeWithFakeClient() {
+    CHECK(server_connection_);
+    CHECK(server_stream_ != nullptr);
+    CHECK(client_session_ != nullptr);
+    CHECK(client_stream_ != nullptr);
+
+    EXPECT_CALL(*client_session_, OnProofValid(_)).Times(testing::AnyNumber());
+    client_stream_->CryptoConnect();
+    CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream_.get(),
+                                      0, server_connection_,
+                                      server_stream_.get(), 0);
   }
 
  protected:
-  PacketSavingConnection* connection_;
-  TestClientSession session_;
-  QuicConfig config_;
-  QuicCryptoServerConfig crypto_config_;
-  QuicCryptoServerStream stream_;
+  // Server state
+  PacketSavingConnection* server_connection_;
+  scoped_ptr<TestServerSession> server_session_;
+  QuicCryptoServerConfig server_crypto_config_;
+  scoped_ptr<QuicCryptoServerStream> server_stream_;
+  QuicServerId server_id_;
+
+  // Client state
+  PacketSavingConnection* client_connection_;
+  QuicCryptoClientConfig client_crypto_config_;
+  scoped_ptr<TestClientSession> client_session_;
+  scoped_ptr<QuicCryptoClientStream> client_stream_;
+
   CryptoHandshakeMessage message_;
   scoped_ptr<QuicData> message_data_;
   CryptoTestUtils::FakeClientOptions client_options_;
   DelayedVerifyStrikeRegisterClient* strike_register_client_;
 };
 
 INSTANTIATE_TEST_CASE_P(Tests, QuicCryptoServerStreamTest, testing::Bool());
 
 TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected) {
-  EXPECT_FALSE(stream_.encryption_established());
-  EXPECT_FALSE(stream_.handshake_confirmed());
+  EXPECT_FALSE(server_stream_->encryption_established());
+  EXPECT_FALSE(server_stream_->handshake_confirmed());
+}
+
+TEST_P(QuicCryptoServerStreamTest, NotInitiallySendingStatelessRejects) {
+  EXPECT_FALSE(server_stream_->use_stateless_rejects_if_peer_supported());
+  EXPECT_FALSE(server_stream_->peer_supports_stateless_rejects());
 }
 
 TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
   // CompleteCryptoHandshake returns the number of client hellos sent. This
   // test should send:
   //   * One to get a source-address token and certificates.
   //   * One to complete the handshake.
   EXPECT_EQ(2, CompleteCryptoHandshake());
-  EXPECT_TRUE(stream_.encryption_established());
-  EXPECT_TRUE(stream_.handshake_confirmed());
-}
-
-TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
-  PacketSavingConnection* client_conn =
-      new PacketSavingConnection(Perspective::IS_CLIENT);
-  PacketSavingConnection* server_conn =
-      new PacketSavingConnection(Perspective::IS_SERVER);
-  client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
-  server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
-
-  QuicConfig client_config;
-  scoped_ptr<TestClientSession> client_session(
-      new TestClientSession(client_conn, client_config));
-  QuicCryptoClientConfig client_crypto_config;
-
-  QuicServerId server_id(kServerHostname, kServerPort, false,
-                         PRIVACY_MODE_DISABLED);
-  scoped_ptr<QuicCryptoClientStream> client(new QuicCryptoClientStream(
-      server_id, client_session.get(), nullptr, &client_crypto_config));
-  client_session->SetCryptoStream(client.get());
-
-  // Do a first handshake in order to prime the client config with the server's
-  // information.
-  client->CryptoConnect();
-  CHECK_EQ(1u, client_conn->encrypted_packets_.size());
-
-  scoped_ptr<TestSession> server_session(new TestSession(server_conn, config_));
-  scoped_ptr<QuicCryptoServerStream> server(
-      new QuicCryptoServerStream(&crypto_config_, server_session.get()));
-  server_session->SetCryptoStream(server.get());
-
-  CryptoTestUtils::CommunicateHandshakeMessages(
-      client_conn, client.get(), server_conn, server.get());
-  EXPECT_EQ(2, client->num_sent_client_hellos());
-
-  // Now do another handshake, hopefully in 0-RTT.
-  LOG(INFO) << "Resetting for 0-RTT handshake attempt";
-
-  client_conn = new PacketSavingConnection(Perspective::IS_CLIENT);
-  server_conn = new PacketSavingConnection(Perspective::IS_SERVER);
-  // We need to advance time past the strike-server window so that it's
-  // authoritative in this time span.
-  client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
-  server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
-
-  // This causes the client's nonce to be different and thus stops the
-  // strike-register from rejecting the repeated nonce.
-  reinterpret_cast<MockRandom*>(client_conn->random_generator())->ChangeValue();
-  client_session.reset(new TestClientSession(client_conn, client_config));
-  server_session.reset(new TestSession(server_conn, config_));
-  client.reset(new QuicCryptoClientStream(server_id, client_session.get(),
-                                          nullptr, &client_crypto_config));
-  client_session->SetCryptoStream(client.get());
-
-  server.reset(new QuicCryptoServerStream(&crypto_config_,
-                                          server_session.get()));
-  server_session->SetCryptoStream(server.get());
-
-  client->CryptoConnect();
-
+  EXPECT_TRUE(server_stream_->encryption_established());
+  EXPECT_TRUE(server_stream_->handshake_confirmed());
+}
+
+TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO) {
+  ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
+                              true);
+  server_stream_->set_use_stateless_rejects_if_peer_supported(true);
+
+  InitializeFakeClient(/* supports_stateless_rejects= */ true);
+  AdvanceHandshakeWithFakeClient();
+
+  // Check the server to make the sure the handshake did not succeed.
+  EXPECT_FALSE(server_stream_->encryption_established());
+  EXPECT_FALSE(server_stream_->handshake_confirmed());
+
+  // Check the client state to make sure that it received a
+  // server-designated connection id.
+  QuicCryptoClientConfig::CachedState* client_state =
+      client_crypto_config_.LookupOrCreate(server_id_);
+
+  ASSERT_TRUE(client_state->has_server_designated_connection_id());
+  const QuicConnectionId server_designated_connection_id =
+      client_state->GetNextServerDesignatedConnectionId();
+  const QuicConnectionId expected_id =
+      reinterpret_cast<MockRandom*>(server_connection_->random_generator())
+          ->RandUint64();
+  EXPECT_EQ(expected_id, server_designated_connection_id);
+  EXPECT_FALSE(client_state->has_server_designated_connection_id());
+  ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
+}
+
+TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) {
+  ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
+                              true);
+  server_stream_->set_use_stateless_rejects_if_peer_supported(true);
+
+  InitializeFakeClient(/* supports_stateless_rejects= */ true);
+  AdvanceHandshakeWithFakeClient();
+
+  // On the first round, encryption will not be established.
+  EXPECT_FALSE(server_stream_->encryption_established());
+  EXPECT_FALSE(server_stream_->handshake_confirmed());
+
+  // Now check the client state.
+  QuicCryptoClientConfig::CachedState* client_state =
+      client_crypto_config_.LookupOrCreate(server_id_);
+
+  ASSERT_TRUE(client_state->has_server_designated_connection_id());
+  const QuicConnectionId server_designated_connection_id =
+      client_state->GetNextServerDesignatedConnectionId();
+  const QuicConnectionId expected_id =
+      reinterpret_cast<MockRandom*>(server_connection_->random_generator())
+          ->RandUint64();
+  EXPECT_EQ(expected_id, server_designated_connection_id);
+  EXPECT_FALSE(client_state->has_server_designated_connection_id());
+  ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
+
+  // Now create new client and server streams with the existing config
+  // and try the handshake again (0-RTT handshake).
+  InitializeServer();
+  server_stream_->set_use_stateless_rejects_if_peer_supported(true);
+
+  InitializeFakeClient(/* supports_stateless_rejects= */ true);
+
+  client_stream_->CryptoConnect();
   if (AsyncStrikeRegisterVerification()) {
-    EXPECT_FALSE(client->handshake_confirmed());
-    EXPECT_FALSE(server->handshake_confirmed());
+    EXPECT_FALSE(client_stream_->handshake_confirmed());
+    EXPECT_FALSE(server_stream_->handshake_confirmed());
 
     // Advance the handshake.  Expect that the server will be stuck
     // waiting for client nonce verification to complete.
     pair<size_t, size_t> messages_moved = CryptoTestUtils::AdvanceHandshake(
-        client_conn, client.get(), 0, server_conn, server.get(), 0);
+        client_connection_, client_stream_.get(), 0, server_connection_,
+        server_stream_.get(), 0);
     EXPECT_EQ(1u, messages_moved.first);
     EXPECT_EQ(0u, messages_moved.second);
     EXPECT_EQ(1, strike_register_client_->PendingVerifications());
-    EXPECT_FALSE(client->handshake_confirmed());
-    EXPECT_FALSE(server->handshake_confirmed());
+    EXPECT_FALSE(client_stream_->handshake_confirmed());
+    EXPECT_FALSE(server_stream_->handshake_confirmed());
 
     // The server handshake completes once the nonce verification completes.
     strike_register_client_->RunPendingVerifications();
-    EXPECT_FALSE(client->handshake_confirmed());
-    EXPECT_TRUE(server->handshake_confirmed());
+    EXPECT_FALSE(client_stream_->handshake_confirmed());
+    EXPECT_TRUE(server_stream_->handshake_confirmed());
 
     messages_moved = CryptoTestUtils::AdvanceHandshake(
-        client_conn, client.get(), messages_moved.first,
-        server_conn, server.get(), messages_moved.second);
+        client_connection_, client_stream_.get(), messages_moved.first,
+        server_connection_, server_stream_.get(), messages_moved.second);
     EXPECT_EQ(1u, messages_moved.first);
     EXPECT_EQ(1u, messages_moved.second);
-    EXPECT_TRUE(client->handshake_confirmed());
-    EXPECT_TRUE(server->handshake_confirmed());
+  } else {
+    AdvanceHandshakeWithFakeClient();
+  }
+
+  // On the second round, encryption will be established.
+  EXPECT_TRUE(server_stream_->encryption_established());
+  EXPECT_TRUE(server_stream_->handshake_confirmed());
+}
+
+TEST_P(QuicCryptoServerStreamTest, NoStatelessRejectIfNoClientSupport) {
+  ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
+                              true);
+  server_stream_->set_use_stateless_rejects_if_peer_supported(true);
+
+  // The server is configured to use stateless rejects, but the client
+  // does not support it.
+  InitializeFakeClient(/* supports_stateless_rejects= */ false);
+  AdvanceHandshakeWithFakeClient();
+
+  // Check the server to make the sure the handshake did not succeed.
+  EXPECT_FALSE(server_stream_->encryption_established());
+  EXPECT_FALSE(server_stream_->handshake_confirmed());
+
+  // Check the client state to make sure that it did not receive a
+  // server-designated connection id.
+  QuicCryptoClientConfig::CachedState* client_state =
+      client_crypto_config_.LookupOrCreate(server_id_);
+
+  ASSERT_FALSE(client_state->has_server_designated_connection_id());
+  ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
+}
+
+TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
+  InitializeFakeClient(/* supports_stateless_rejects= */ false);
+
+  // Do a first handshake in order to prime the client config with the server's
+  // information.
+  AdvanceHandshakeWithFakeClient();
+
+  // Now do another handshake, hopefully in 0-RTT.
+  DVLOG(1) << "Resetting for 0-RTT handshake attempt";
+  InitializeFakeClient(/* supports_stateless_rejects= */ false);
+  InitializeServer();
+
+  client_stream_->CryptoConnect();
+
+  if (AsyncStrikeRegisterVerification()) {
+    EXPECT_FALSE(client_stream_->handshake_confirmed());
+    EXPECT_FALSE(server_stream_->handshake_confirmed());
+
+    // Advance the handshake.  Expect that the server will be stuck
+    // waiting for client nonce verification to complete.
+    pair<size_t, size_t> messages_moved = CryptoTestUtils::AdvanceHandshake(
+        client_connection_, client_stream_.get(), 0, server_connection_,
+        server_stream_.get(), 0);
+    EXPECT_EQ(1u, messages_moved.first);
+    EXPECT_EQ(0u, messages_moved.second);
+    EXPECT_EQ(1, strike_register_client_->PendingVerifications());
+    EXPECT_FALSE(client_stream_->handshake_confirmed());
+    EXPECT_FALSE(server_stream_->handshake_confirmed());
+
+    // The server handshake completes once the nonce verification completes.
+    strike_register_client_->RunPendingVerifications();
+    EXPECT_FALSE(client_stream_->handshake_confirmed());
+    EXPECT_TRUE(server_stream_->handshake_confirmed());
+
+    messages_moved = CryptoTestUtils::AdvanceHandshake(
+        client_connection_, client_stream_.get(), messages_moved.first,
+        server_connection_, server_stream_.get(), messages_moved.second);
+    EXPECT_EQ(1u, messages_moved.first);
+    EXPECT_EQ(1u, messages_moved.second);
+    EXPECT_TRUE(client_stream_->handshake_confirmed());
+    EXPECT_TRUE(server_stream_->handshake_confirmed());
   } else {
     CryptoTestUtils::CommunicateHandshakeMessages(
-        client_conn, client.get(), server_conn, server.get());
+        client_connection_, client_stream_.get(), server_connection_,
+        server_stream_.get());
   }
 
-  EXPECT_EQ(1, client->num_sent_client_hellos());
+  EXPECT_EQ(1, client_stream_->num_sent_client_hellos());
 }
 
 TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
   CompleteCryptoHandshake();
-  EXPECT_CALL(*connection_, SendConnectionClose(
-      QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE));
+  EXPECT_CALL(
+      *server_connection_,
+      SendConnectionClose(QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE));
   message_.set_tag(kCHLO);
   ConstructHandshakeMessage();
-  stream_.ProcessRawData(message_data_->data(), message_data_->length());
+  server_stream_->ProcessRawData(message_data_->data(),
+                                 message_data_->length());
 }
 
 TEST_P(QuicCryptoServerStreamTest, BadMessageType) {
   message_.set_tag(kSHLO);
   ConstructHandshakeMessage();
-  EXPECT_CALL(*connection_, SendConnectionClose(
-      QUIC_INVALID_CRYPTO_MESSAGE_TYPE));
-  stream_.ProcessRawData(message_data_->data(), message_data_->length());
+  EXPECT_CALL(*server_connection_,
+              SendConnectionClose(QUIC_INVALID_CRYPTO_MESSAGE_TYPE));
+  server_stream_->ProcessRawData(message_data_->data(),
+                                 message_data_->length());
 }
 
 TEST_P(QuicCryptoServerStreamTest, WithoutCertificates) {
-  crypto_config_.SetProofSource(nullptr);
+  server_crypto_config_.SetProofSource(nullptr);
   client_options_.dont_verify_certs = true;
 
   // Only 2 client hellos need to be sent in the no-certs case: one to get the
   // source-address token and the second to finish.
   EXPECT_EQ(2, CompleteCryptoHandshake());
-  EXPECT_TRUE(stream_.encryption_established());
-  EXPECT_TRUE(stream_.handshake_confirmed());
+  EXPECT_TRUE(server_stream_->encryption_established());
+  EXPECT_TRUE(server_stream_->handshake_confirmed());
 }
 
 TEST_P(QuicCryptoServerStreamTest, ChannelID) {
   client_options_.channel_id_enabled = true;
   client_options_.channel_id_source_async = false;
   // CompleteCryptoHandshake verifies
-  // stream_.crypto_negotiated_params().channel_id is correct.
-  EXPECT_EQ(2, CompleteCryptoHandshake());
-  EXPECT_TRUE(stream_.encryption_established());
-  EXPECT_TRUE(stream_.handshake_confirmed());
+  // server_stream_->crypto_negotiated_params().channel_id is correct.
+  EXPECT_EQ(2, CompleteCryptoHandshake());
+  EXPECT_TRUE(server_stream_->encryption_established());
+  EXPECT_TRUE(server_stream_->handshake_confirmed());
 }
 
 TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync) {
   client_options_.channel_id_enabled = true;
   client_options_.channel_id_source_async = true;
   // CompleteCryptoHandshake verifies
-  // stream_.crypto_negotiated_params().channel_id is correct.
-  EXPECT_EQ(2, CompleteCryptoHandshake());
-  EXPECT_TRUE(stream_.encryption_established());
-  EXPECT_TRUE(stream_.handshake_confirmed());
+  // server_stream_->crypto_negotiated_params().channel_id is correct.
+  EXPECT_EQ(2, CompleteCryptoHandshake());
+  EXPECT_TRUE(server_stream_->encryption_established());
+  EXPECT_TRUE(server_stream_->handshake_confirmed());
 }
 
 TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) {
   // An attempt to send a SCUP before completing handshake should fail.
-  stream_.SendServerConfigUpdate(nullptr);
-  EXPECT_EQ(0, stream_.num_server_config_update_messages_sent());
+  server_stream_->SendServerConfigUpdate(nullptr);
+  EXPECT_EQ(0, server_stream_->num_server_config_update_messages_sent());
+}
+
+TEST_P(QuicCryptoServerStreamTest, DoesPeerSupportStatelessRejects) {
+  ConstructHandshakeMessage();
+  QuicConfig stateless_reject_config = DefaultQuicConfigStatelessRejects();
+  stateless_reject_config.ToHandshakeMessage(&message_);
+  EXPECT_TRUE(
+      QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_));
+
+  message_.Clear();
+  QuicConfig stateful_reject_config = DefaultQuicConfig();
+  stateful_reject_config.ToHandshakeMessage(&message_);
+  EXPECT_FALSE(
+      QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_));
 }
 
 }  // namespace
 }  // namespace test
 }  // namespace net