| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/quic_crypto_server_stream.h" | 5 #include "net/quic/quic_crypto_server_stream.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 67 const uint16 kServerPort = 443; | 67 const uint16 kServerPort = 443; |
| 68 | 68 |
| 69 class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> { | 69 class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> { |
| 70 public: | 70 public: |
| 71 QuicCryptoServerStreamTest() | 71 QuicCryptoServerStreamTest() |
| 72 : server_crypto_config_(QuicCryptoServerConfig::TESTING, | 72 : server_crypto_config_(QuicCryptoServerConfig::TESTING, |
| 73 QuicRandom::GetInstance(), | 73 QuicRandom::GetInstance(), |
| 74 CryptoTestUtils::ProofSourceForTesting()), | 74 CryptoTestUtils::ProofSourceForTesting()), |
| 75 server_id_(kServerHostname, kServerPort, PRIVACY_MODE_DISABLED), | 75 server_id_(kServerHostname, kServerPort, PRIVACY_MODE_DISABLED), |
| 76 client_crypto_config_(CryptoTestUtils::ProofVerifierForTesting()) { | 76 client_crypto_config_(CryptoTestUtils::ProofVerifierForTesting()) { |
| 77 FLAGS_enable_quic_stateless_reject_support = false; |
| 77 server_crypto_config_.set_strike_register_no_startup_period(); | 78 server_crypto_config_.set_strike_register_no_startup_period(); |
| 78 | 79 |
| 79 InitializeServer(); | 80 InitializeServer(); |
| 80 | 81 |
| 81 if (AsyncStrikeRegisterVerification()) { | 82 if (AsyncStrikeRegisterVerification()) { |
| 82 string orbit = | 83 string orbit = |
| 83 QuicCryptoServerConfigPeer::GetPrimaryOrbit(server_crypto_config_); | 84 QuicCryptoServerConfigPeer::GetPrimaryOrbit(server_crypto_config_); |
| 84 strike_register_client_ = new DelayedVerifyStrikeRegisterClient( | 85 strike_register_client_ = new DelayedVerifyStrikeRegisterClient( |
| 85 10000, // strike_register_max_entries | 86 10000, // strike_register_max_entries |
| 86 static_cast<uint32>( | 87 static_cast<uint32>( |
| 87 server_connection_->clock()->WallNow().ToUNIXSeconds()), | 88 server_connection_->clock()->WallNow().ToUNIXSeconds()), |
| 88 60, // strike_register_window_secs | 89 60, // strike_register_window_secs |
| 89 reinterpret_cast<const uint8*>(orbit.data()), | 90 reinterpret_cast<const uint8*>(orbit.data()), |
| 90 StrikeRegister::NO_STARTUP_PERIOD_NEEDED); | 91 StrikeRegister::NO_STARTUP_PERIOD_NEEDED); |
| 91 strike_register_client_->StartDelayingVerification(); | 92 strike_register_client_->StartDelayingVerification(); |
| 92 server_crypto_config_.SetStrikeRegisterClient(strike_register_client_); | 93 server_crypto_config_.SetStrikeRegisterClient(strike_register_client_); |
| 93 } | 94 } |
| 94 } | 95 } |
| 95 | 96 |
| 96 ~QuicCryptoServerStreamTest() override { STLDeleteElements(&helpers_); } | 97 ~QuicCryptoServerStreamTest() override { STLDeleteElements(&helpers_); } |
| 97 | 98 |
| 98 // Initializes the crypto server stream state for testing. May be | 99 // Initializes the crypto server stream state for testing. May be |
| 99 // called multiple times. | 100 // called multiple times. |
| 100 void InitializeServer() { | 101 void InitializeServer() { |
| 101 TestQuicSpdyServerSession* server_session = nullptr; | 102 TestQuicSpdyServerSession* server_session = nullptr; |
| 102 helpers_.push_back(new MockHelper); | 103 helpers_.push_back(new MockConnectionHelper); |
| 104 |
| 103 CreateServerSessionForTest(server_id_, QuicTime::Delta::FromSeconds(100000), | 105 CreateServerSessionForTest(server_id_, QuicTime::Delta::FromSeconds(100000), |
| 104 helpers_.back(), &server_crypto_config_, | 106 helpers_.back(), &server_crypto_config_, |
| 105 &server_connection_, &server_session); | 107 &server_connection_, &server_session); |
| 106 CHECK(server_session); | 108 CHECK(server_session); |
| 107 server_session_.reset(server_session); | 109 server_session_.reset(server_session); |
| 108 CryptoTestUtils::SetupCryptoServerConfigForTest( | 110 CryptoTestUtils::SetupCryptoServerConfigForTest( |
| 109 server_connection_->clock(), server_connection_->random_generator(), | 111 server_connection_->clock(), server_connection_->random_generator(), |
| 110 server_session_->config(), &server_crypto_config_); | 112 server_session_->config(), &server_crypto_config_); |
| 111 } | 113 } |
| 112 | 114 |
| 113 QuicCryptoServerStream* server_stream() { | 115 QuicCryptoServerStream* server_stream() { |
| 114 return server_session_->GetCryptoStream(); | 116 return server_session_->GetCryptoStream(); |
| 115 } | 117 } |
| 116 | 118 |
| 117 QuicCryptoClientStream* client_stream() { | 119 QuicCryptoClientStream* client_stream() { |
| 118 return client_session_->GetCryptoStream(); | 120 return client_session_->GetCryptoStream(); |
| 119 } | 121 } |
| 120 | 122 |
| 121 // Initializes a fake client, and all its associated state, for | 123 // Initializes a fake client, and all its associated state, for |
| 122 // testing. May be called multiple times. | 124 // testing. May be called multiple times. |
| 123 void InitializeFakeClient(bool supports_stateless_rejects) { | 125 void InitializeFakeClient(bool supports_stateless_rejects) { |
| 124 TestQuicSpdyClientSession* client_session = nullptr; | 126 TestQuicSpdyClientSession* client_session = nullptr; |
| 125 helpers_.push_back(new MockHelper); | 127 helpers_.push_back(new MockConnectionHelper); |
| 126 CreateClientSessionForTest(server_id_, supports_stateless_rejects, | 128 CreateClientSessionForTest(server_id_, supports_stateless_rejects, |
| 127 QuicTime::Delta::FromSeconds(100000), | 129 QuicTime::Delta::FromSeconds(100000), |
| 128 helpers_.back(), &client_crypto_config_, | 130 helpers_.back(), &client_crypto_config_, |
| 129 &client_connection_, &client_session); | 131 &client_connection_, &client_session); |
| 130 CHECK(client_session); | 132 CHECK(client_session); |
| 131 client_session_.reset(client_session); | 133 client_session_.reset(client_session); |
| 132 } | 134 } |
| 133 | 135 |
| 134 bool AsyncStrikeRegisterVerification() { | 136 bool AsyncStrikeRegisterVerification() { |
| 135 if (server_connection_->version() > QUIC_VERSION_26) { | 137 if (server_connection_->version() > QUIC_VERSION_26) { |
| (...skipping 21 matching lines...) Expand all Loading... |
| 157 CHECK(server_connection_); | 159 CHECK(server_connection_); |
| 158 CHECK(client_session_ != nullptr); | 160 CHECK(client_session_ != nullptr); |
| 159 | 161 |
| 160 EXPECT_CALL(*client_session_, OnProofValid(_)).Times(testing::AnyNumber()); | 162 EXPECT_CALL(*client_session_, OnProofValid(_)).Times(testing::AnyNumber()); |
| 161 client_stream()->CryptoConnect(); | 163 client_stream()->CryptoConnect(); |
| 162 CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 0, | 164 CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 0, |
| 163 server_connection_, server_stream(), 0); | 165 server_connection_, server_stream(), 0); |
| 164 } | 166 } |
| 165 | 167 |
| 166 protected: | 168 protected: |
| 167 // Every connection gets its own MockHelper, tracked separately from the | 169 // Every connection gets its own MockConnectionHelper, tracked separately |
| 168 // server and client state so their lifetimes persist through the whole test. | 170 // from the server and client state so their lifetimes persist through the |
| 169 std::vector<MockHelper*> helpers_; | 171 // whole test. |
| 172 std::vector<MockConnectionHelper*> helpers_; |
| 170 | 173 |
| 171 // Server state | 174 // Server state |
| 172 PacketSavingConnection* server_connection_; | 175 PacketSavingConnection* server_connection_; |
| 173 scoped_ptr<TestQuicSpdyServerSession> server_session_; | 176 scoped_ptr<TestQuicSpdyServerSession> server_session_; |
| 174 QuicCryptoServerConfig server_crypto_config_; | 177 QuicCryptoServerConfig server_crypto_config_; |
| 175 QuicServerId server_id_; | 178 QuicServerId server_id_; |
| 176 | 179 |
| 177 // Client state | 180 // Client state |
| 178 PacketSavingConnection* client_connection_; | 181 PacketSavingConnection* client_connection_; |
| 179 QuicCryptoClientConfig client_crypto_config_; | 182 QuicCryptoClientConfig client_crypto_config_; |
| (...skipping 23 matching lines...) Expand all Loading... |
| 203 // * One to get a source-address token and certificates. | 206 // * One to get a source-address token and certificates. |
| 204 // * One to complete the handshake. | 207 // * One to complete the handshake. |
| 205 EXPECT_EQ(2, CompleteCryptoHandshake()); | 208 EXPECT_EQ(2, CompleteCryptoHandshake()); |
| 206 EXPECT_TRUE(server_stream()->encryption_established()); | 209 EXPECT_TRUE(server_stream()->encryption_established()); |
| 207 EXPECT_TRUE(server_stream()->handshake_confirmed()); | 210 EXPECT_TRUE(server_stream()->handshake_confirmed()); |
| 208 } | 211 } |
| 209 | 212 |
| 210 TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO) { | 213 TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO) { |
| 211 ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support, | 214 ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support, |
| 212 true); | 215 true); |
| 213 server_stream()->set_use_stateless_rejects_if_peer_supported(true); | 216 InitializeServer(); |
| 214 | 217 |
| 215 InitializeFakeClient(/* supports_stateless_rejects= */ true); | 218 InitializeFakeClient(/* supports_stateless_rejects= */ true); |
| 216 AdvanceHandshakeWithFakeClient(); | 219 AdvanceHandshakeWithFakeClient(); |
| 217 | 220 |
| 218 // Check the server to make the sure the handshake did not succeed. | 221 // Check the server to make the sure the handshake did not succeed. |
| 219 EXPECT_FALSE(server_stream()->encryption_established()); | 222 EXPECT_FALSE(server_stream()->encryption_established()); |
| 220 EXPECT_FALSE(server_stream()->handshake_confirmed()); | 223 EXPECT_FALSE(server_stream()->handshake_confirmed()); |
| 221 | 224 |
| 222 // Check the client state to make sure that it received a server-designated | 225 // Check the client state to make sure that it received a server-designated |
| 223 // connection id. | 226 // connection id. |
| (...skipping 11 matching lines...) Expand all Loading... |
| 235 server_connection_->random_generator()->RandUint64(); | 238 server_connection_->random_generator()->RandUint64(); |
| 236 EXPECT_EQ(expected_id, server_designated_connection_id); | 239 EXPECT_EQ(expected_id, server_designated_connection_id); |
| 237 EXPECT_FALSE(client_state->has_server_designated_connection_id()); | 240 EXPECT_FALSE(client_state->has_server_designated_connection_id()); |
| 238 ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0))); | 241 ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0))); |
| 239 EXPECT_FALSE(server_connection_->connected()); | 242 EXPECT_FALSE(server_connection_->connected()); |
| 240 } | 243 } |
| 241 | 244 |
| 242 TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) { | 245 TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) { |
| 243 ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support, | 246 ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support, |
| 244 true); | 247 true); |
| 245 server_stream()->set_use_stateless_rejects_if_peer_supported(true); | 248 InitializeServer(); |
| 246 | 249 |
| 247 InitializeFakeClient(/* supports_stateless_rejects= */ true); | 250 InitializeFakeClient(/* supports_stateless_rejects= */ true); |
| 248 AdvanceHandshakeWithFakeClient(); | 251 AdvanceHandshakeWithFakeClient(); |
| 249 | 252 |
| 250 // On the first round, encryption will not be established. | 253 // On the first round, encryption will not be established. |
| 251 EXPECT_FALSE(server_stream()->encryption_established()); | 254 EXPECT_FALSE(server_stream()->encryption_established()); |
| 252 EXPECT_FALSE(server_stream()->handshake_confirmed()); | 255 EXPECT_FALSE(server_stream()->handshake_confirmed()); |
| 253 EXPECT_EQ(1, server_stream()->num_handshake_messages()); | 256 EXPECT_EQ(1, server_stream()->num_handshake_messages()); |
| 254 EXPECT_EQ(0, server_stream()->num_handshake_messages_with_server_nonces()); | 257 EXPECT_EQ(0, server_stream()->num_handshake_messages_with_server_nonces()); |
| 255 | 258 |
| 256 // Now check the client state. | 259 // Now check the client state. |
| 257 QuicCryptoClientConfig::CachedState* client_state = | 260 QuicCryptoClientConfig::CachedState* client_state = |
| 258 client_crypto_config_.LookupOrCreate(server_id_); | 261 client_crypto_config_.LookupOrCreate(server_id_); |
| 259 | 262 |
| 260 ASSERT_TRUE(client_state->has_server_designated_connection_id()); | 263 ASSERT_TRUE(client_state->has_server_designated_connection_id()); |
| 261 const QuicConnectionId server_designated_connection_id = | 264 const QuicConnectionId server_designated_connection_id = |
| 262 client_state->GetNextServerDesignatedConnectionId(); | 265 client_state->GetNextServerDesignatedConnectionId(); |
| 263 const QuicConnectionId expected_id = | 266 const QuicConnectionId expected_id = |
| 264 server_connection_->random_generator()->RandUint64(); | 267 server_connection_->random_generator()->RandUint64(); |
| 265 EXPECT_EQ(expected_id, server_designated_connection_id); | 268 EXPECT_EQ(expected_id, server_designated_connection_id); |
| 266 EXPECT_FALSE(client_state->has_server_designated_connection_id()); | 269 EXPECT_FALSE(client_state->has_server_designated_connection_id()); |
| 267 ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0))); | 270 ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0))); |
| 268 | 271 |
| 269 // Now create new client and server streams with the existing config | 272 // Now create new client and server streams with the existing config |
| 270 // and try the handshake again (0-RTT handshake). | 273 // and try the handshake again (0-RTT handshake). |
| 271 InitializeServer(); | 274 InitializeServer(); |
| 272 server_stream()->set_use_stateless_rejects_if_peer_supported(true); | |
| 273 | 275 |
| 274 InitializeFakeClient(/* supports_stateless_rejects= */ true); | 276 InitializeFakeClient(/* supports_stateless_rejects= */ true); |
| 275 | 277 |
| 276 client_stream()->CryptoConnect(); | 278 client_stream()->CryptoConnect(); |
| 277 | 279 |
| 278 // In the stateless case, the second handshake contains a server-nonce, so the | 280 // In the stateless case, the second handshake contains a server-nonce, so the |
| 279 // AsyncStrikeRegisterVerification() case will still succeed (unlike a 0-RTT | 281 // AsyncStrikeRegisterVerification() case will still succeed (unlike a 0-RTT |
| 280 // handshake). | 282 // handshake). |
| 281 AdvanceHandshakeWithFakeClient(); | 283 AdvanceHandshakeWithFakeClient(); |
| 282 | 284 |
| 283 // On the second round, encryption will be established. | 285 // On the second round, encryption will be established. |
| 284 EXPECT_TRUE(server_stream()->encryption_established()); | 286 EXPECT_TRUE(server_stream()->encryption_established()); |
| 285 EXPECT_TRUE(server_stream()->handshake_confirmed()); | 287 EXPECT_TRUE(server_stream()->handshake_confirmed()); |
| 286 EXPECT_EQ(2, server_stream()->num_handshake_messages()); | 288 EXPECT_EQ(2, server_stream()->num_handshake_messages()); |
| 287 EXPECT_EQ(1, server_stream()->num_handshake_messages_with_server_nonces()); | 289 EXPECT_EQ(1, server_stream()->num_handshake_messages_with_server_nonces()); |
| 288 } | 290 } |
| 289 | 291 |
| 290 TEST_P(QuicCryptoServerStreamTest, NoStatelessRejectIfNoClientSupport) { | 292 TEST_P(QuicCryptoServerStreamTest, NoStatelessRejectIfNoClientSupport) { |
| 291 ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support, | 293 ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support, |
| 292 true); | 294 true); |
| 293 server_stream()->set_use_stateless_rejects_if_peer_supported(true); | 295 InitializeServer(); |
| 294 | 296 |
| 295 // The server is configured to use stateless rejects, but the client does not | 297 // The server is configured to use stateless rejects, but the client does not |
| 296 // support it. | 298 // support it. |
| 297 InitializeFakeClient(/* supports_stateless_rejects= */ false); | 299 InitializeFakeClient(/* supports_stateless_rejects= */ false); |
| 298 AdvanceHandshakeWithFakeClient(); | 300 AdvanceHandshakeWithFakeClient(); |
| 299 | 301 |
| 300 // Check the server to make the sure the handshake did not succeed. | 302 // Check the server to make the sure the handshake did not succeed. |
| 301 EXPECT_FALSE(server_stream()->encryption_established()); | 303 EXPECT_FALSE(server_stream()->encryption_established()); |
| 302 EXPECT_FALSE(server_stream()->handshake_confirmed()); | 304 EXPECT_FALSE(server_stream()->handshake_confirmed()); |
| 303 | 305 |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 421 EXPECT_FALSE( | 423 EXPECT_FALSE( |
| 422 QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_)); | 424 QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_)); |
| 423 } | 425 } |
| 424 | 426 |
| 425 } // namespace | 427 } // namespace |
| 426 | 428 |
| 427 #endif | 429 #endif |
| 428 | 430 |
| 429 } // namespace test | 431 } // namespace test |
| 430 } // namespace net | 432 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1421853006:
Landing Recent QUIC changes until: Fri Oct 30 22:23:58 2015 +0000 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master