net/quic/crypto/crypto_server_test.cc - Issue 1404053002: relnote: Disables strike register lookups when talking QUIC_VERSION_27

Side by Side Diff: net/quic/crypto/crypto_server_test.cc

Issue 1404053002: relnote: Disables strike register lookups when talking QUIC_VERSION_27 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@Remove_unused_supported_versions_103964623

Patch Set: Fix crypto tests Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <ostream>	5 #include <ostream>

6 #include <vector>	6 #include <vector>

7	7

8 #include "base/basictypes.h"	8 #include "base/basictypes.h"

9 #include "base/strings/string_number_conversions.h"	9 #include "base/strings/string_number_conversions.h"

10 #include "crypto/secure_hash.h"	10 #include "crypto/secure_hash.h"

(...skipping 386 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
397 const HandshakeFailureReason kRejectReasons[] = {	397 const HandshakeFailureReason kRejectReasons[] = {

398 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};	398 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};

399 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));	399 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));

400 }	400 }

401 }	401 }

402	402

403 // TODO(rtenneti): Enable the DefaultCert test after implementing ProofSource.	403 // TODO(rtenneti): Enable the DefaultCert test after implementing ProofSource.

404 // See http://crbug.com/514472.	404 // See http://crbug.com/514472.

405 TEST_P(CryptoServerTest, DefaultCert) {	405 TEST_P(CryptoServerTest, DefaultCert) {

406 // Check that the server replies with a default certificate when no SNI is	406 // Check that the server replies with a default certificate when no SNI is

407 // specified.	407 // specified. The CHLO is constructed to generate a REJ with certs, so must

	408 // not contain a valid STK, and must include PDMD.

408 // clang-format off	409 // clang-format off

409 CryptoHandshakeMessage msg = CryptoTestUtils::Message(	410 CryptoHandshakeMessage msg = CryptoTestUtils::Message(

410 "CHLO",	411 "CHLO",

411 "AEAD", "AESG",	412 "AEAD", "AESG",

412 "KEXS", "C255",	413 "KEXS", "C255",

413 "SCID", scid_hex_.c_str(),

414 "#004b5453", srct_hex_.c_str(),

415 "PUBS", pub_hex_.c_str(),	414 "PUBS", pub_hex_.c_str(),

416 "NONC", nonce_hex_.c_str(),	415 "NONC", nonce_hex_.c_str(),

417 "PDMD", "X509",	416 "PDMD", "X509",

418 "XLCT", XlctHexString().c_str(),

419 "VER\0", client_version_string_.c_str(),	417 "VER\0", client_version_string_.c_str(),

420 "$padding", static_cast<int>(kClientHelloMinimumSize),	418 "$padding", static_cast<int>(kClientHelloMinimumSize),

421 nullptr);	419 nullptr);

422 // clang-format on	420 // clang-format on

423	421

424 ShouldSucceed(msg);	422 ShouldSucceed(msg);

425 StringPiece cert, proof;	423 if (client_version_ <= QUIC_VERSION_26) {

426 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));	424 // TODO(rtenneti): Enable cert tests for QUIC_VERSION_27 and above.

427 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof));	425 StringPiece cert, proof;

428 EXPECT_NE(0u, cert.size());	426 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));

429 EXPECT_NE(0u, proof.size());	427 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof));

430 const HandshakeFailureReason kRejectReasons[] = {	428 EXPECT_NE(0u, cert.size());

431 CLIENT_NONCE_INVALID_TIME_FAILURE};	429 EXPECT_NE(0u, proof.size());

432 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));	430 const HandshakeFailureReason kRejectReasons[] = {

	431 CLIENT_NONCE_INVALID_TIME_FAILURE};

	432 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));

	433 } else {

	434 const HandshakeFailureReason kRejectReasons[] = {

	435 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};

	436 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));

	437 }

433 }	438 }

434	439

435 TEST_P(CryptoServerTest, TooSmall) {	440 TEST_P(CryptoServerTest, TooSmall) {

436 // clang-format off	441 // clang-format off

437 ShouldFailMentioning("too small", CryptoTestUtils::Message(	442 ShouldFailMentioning("too small", CryptoTestUtils::Message(

438 "CHLO",	443 "CHLO",

439 "VER\0", client_version_string_.c_str(),	444 "VER\0", client_version_string_.c_str(),

440 nullptr));	445 nullptr));

441 // clang-format on	446 // clang-format on

442 const HandshakeFailureReason kRejectReasons[] = {	447 const HandshakeFailureReason kRejectReasons[] = {

(...skipping 156 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
599 "PUBS", pub_hex_.c_str(),	604 "PUBS", pub_hex_.c_str(),

600 "NONC", (string(1, 'X') + nonce_hex_).c_str(),	605 "NONC", (string(1, 'X') + nonce_hex_).c_str(),

601 "SNO\0", (string(1, 'X') + nonce_hex_).c_str(),	606 "SNO\0", (string(1, 'X') + nonce_hex_).c_str(),

602 "XLCT", XlctHexString().c_str(),	607 "XLCT", XlctHexString().c_str(),

603 "VER\0", client_version_string_.c_str(),	608 "VER\0", client_version_string_.c_str(),

604 "$padding", static_cast<int>(kClientHelloMinimumSize),	609 "$padding", static_cast<int>(kClientHelloMinimumSize),

605 nullptr);	610 nullptr);

606 // clang-format on	611 // clang-format on

607 ShouldSucceed(msg);	612 ShouldSucceed(msg);

608 CheckRejectTag();	613 CheckRejectTag();

609 const HandshakeFailureReason kRejectReasons[] = {	614

610 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE,	615 if (client_version_ <= QUIC_VERSION_26) {

611 SERVER_NONCE_DECRYPTION_FAILURE,	616 const HandshakeFailureReason kRejectReasons[] = {

	617 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE,

	618 SERVER_NONCE_DECRYPTION_FAILURE};

	619 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));

	620 } else {

	621 const HandshakeFailureReason kRejectReasons[] = {

	622 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE};

	623 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));

612 };	624 };

613 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));

614 }	625 }

615	626

616 TEST_P(CryptoServerTest, ReplayProtection) {	627 TEST_P(CryptoServerTest, ReplayProtection) {

	628 if (client_version_ > QUIC_VERSION_26) {

	629 return;

	630 }

617 // This tests that disabling replay protection works.	631 // This tests that disabling replay protection works.

618 // clang-format off	632 // clang-format off

619 CryptoHandshakeMessage msg = CryptoTestUtils::Message(	633 CryptoHandshakeMessage msg = CryptoTestUtils::Message(

620 "CHLO",	634 "CHLO",

621 "AEAD", "AESG",	635 "AEAD", "AESG",

622 "KEXS", "C255",	636 "KEXS", "C255",

623 "SCID", scid_hex_.c_str(),	637 "SCID", scid_hex_.c_str(),

624 "#004b5453", srct_hex_.c_str(),	638 "#004b5453", srct_hex_.c_str(),

625 "PUBS", pub_hex_.c_str(),	639 "PUBS", pub_hex_.c_str(),

626 "NONC", nonce_hex_.c_str(),	640 "NONC", nonce_hex_.c_str(),

(...skipping 329 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
956	970

957 strike_register_client_->RunPendingVerifications();	971 strike_register_client_->RunPendingVerifications();

958 ASSERT_TRUE(called);	972 ASSERT_TRUE(called);

959 EXPECT_EQ(0, strike_register_client_->PendingVerifications());	973 EXPECT_EQ(0, strike_register_client_->PendingVerifications());

960 // The message should be rejected now.	974 // The message should be rejected now.

961 CheckRejectTag();	975 CheckRejectTag();

962 }	976 }

963	977

964 } // namespace test	978 } // namespace test

965 } // namespace net	979 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | net/quic/crypto/quic_crypto_server_config.cc » ('j') | net/quic/quic_flags.cc » ('J')