OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <ostream> | 5 #include <ostream> |
6 #include <vector> | 6 #include <vector> |
7 | 7 |
8 #include "base/basictypes.h" | |
9 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
10 #include "crypto/secure_hash.h" | 9 #include "crypto/secure_hash.h" |
11 #include "net/quic/crypto/cert_compressor.h" | 10 #include "net/quic/crypto/cert_compressor.h" |
12 #include "net/quic/crypto/common_cert_set.h" | 11 #include "net/quic/crypto/common_cert_set.h" |
13 #include "net/quic/crypto/crypto_handshake.h" | 12 #include "net/quic/crypto/crypto_handshake.h" |
14 #include "net/quic/crypto/crypto_server_config_protobuf.h" | 13 #include "net/quic/crypto/crypto_server_config_protobuf.h" |
15 #include "net/quic/crypto/crypto_utils.h" | 14 #include "net/quic/crypto/crypto_utils.h" |
16 #include "net/quic/crypto/proof_source.h" | 15 #include "net/quic/crypto/proof_source.h" |
17 #include "net/quic/crypto/quic_crypto_server_config.h" | 16 #include "net/quic/crypto/quic_crypto_server_config.h" |
18 #include "net/quic/crypto/quic_random.h" | 17 #include "net/quic/crypto/quic_random.h" |
(...skipping 298 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
317 CryptoUtils::GenerateNonce( | 316 CryptoUtils::GenerateNonce( |
318 clock_.WallNow(), rand_, | 317 clock_.WallNow(), rand_, |
319 StringPiece(reinterpret_cast<const char*>(orbit_), sizeof(orbit_)), | 318 StringPiece(reinterpret_cast<const char*>(orbit_), sizeof(orbit_)), |
320 &nonce); | 319 &nonce); |
321 return nonce; | 320 return nonce; |
322 } | 321 } |
323 | 322 |
324 void CheckRejectReasons( | 323 void CheckRejectReasons( |
325 const HandshakeFailureReason* expected_handshake_failures, | 324 const HandshakeFailureReason* expected_handshake_failures, |
326 size_t expected_count) { | 325 size_t expected_count) { |
327 const uint32* reject_reasons; | 326 const uint32_t* reject_reasons; |
328 size_t num_reject_reasons; | 327 size_t num_reject_reasons; |
329 static_assert(sizeof(QuicTag) == sizeof(uint32), "header_out_of_sync"); | 328 static_assert(sizeof(QuicTag) == sizeof(uint32_t), "header_out_of_sync"); |
330 QuicErrorCode error_code = | 329 QuicErrorCode error_code = |
331 out_.GetTaglist(kRREJ, &reject_reasons, &num_reject_reasons); | 330 out_.GetTaglist(kRREJ, &reject_reasons, &num_reject_reasons); |
332 ASSERT_EQ(QUIC_NO_ERROR, error_code); | 331 ASSERT_EQ(QUIC_NO_ERROR, error_code); |
333 | 332 |
334 if (FLAGS_use_early_return_when_verifying_chlo) { | 333 if (FLAGS_use_early_return_when_verifying_chlo) { |
335 EXPECT_EQ(1u, num_reject_reasons); | 334 EXPECT_EQ(1u, num_reject_reasons); |
336 } else { | 335 } else { |
337 EXPECT_EQ(expected_count, num_reject_reasons); | 336 EXPECT_EQ(expected_count, num_reject_reasons); |
338 } | 337 } |
339 for (size_t i = 0; i < num_reject_reasons; ++i) { | 338 for (size_t i = 0; i < num_reject_reasons; ++i) { |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
378 string cert_sct; | 377 string cert_sct; |
379 scoped_ptr<ProofSource> proof_source( | 378 scoped_ptr<ProofSource> proof_source( |
380 CryptoTestUtils::ProofSourceForTesting()); | 379 CryptoTestUtils::ProofSourceForTesting()); |
381 if (!proof_source->GetProof(server_ip, "", "", false, &certs, &sig, | 380 if (!proof_source->GetProof(server_ip, "", "", false, &certs, &sig, |
382 &cert_sct) || | 381 &cert_sct) || |
383 certs->empty()) { | 382 certs->empty()) { |
384 return "#0100000000000000"; | 383 return "#0100000000000000"; |
385 } | 384 } |
386 | 385 |
387 std::ostringstream xlct_stream; | 386 std::ostringstream xlct_stream; |
388 uint64 xlct = | 387 uint64_t xlct = |
389 QuicUtils::FNV1a_64_Hash(certs->at(0).c_str(), certs->at(0).length()); | 388 QuicUtils::FNV1a_64_Hash(certs->at(0).c_str(), certs->at(0).length()); |
390 return "#" + base::HexEncode(reinterpret_cast<char*>(&xlct), sizeof(xlct)); | 389 return "#" + base::HexEncode(reinterpret_cast<char*>(&xlct), sizeof(xlct)); |
391 } | 390 } |
392 | 391 |
393 protected: | 392 protected: |
394 QuicRandom* const rand_; | 393 QuicRandom* const rand_; |
395 MockRandom rand_for_id_generation_; | 394 MockRandom rand_for_id_generation_; |
396 MockClock clock_; | 395 MockClock clock_; |
397 IPEndPoint client_address_; | 396 IPEndPoint client_address_; |
398 QuicVersionVector supported_versions_; | 397 QuicVersionVector supported_versions_; |
399 QuicVersion client_version_; | 398 QuicVersion client_version_; |
400 string client_version_string_; | 399 string client_version_string_; |
401 QuicCryptoServerConfig config_; | 400 QuicCryptoServerConfig config_; |
402 QuicCryptoServerConfig::ConfigOptions config_options_; | 401 QuicCryptoServerConfig::ConfigOptions config_options_; |
403 QuicCryptoNegotiatedParameters params_; | 402 QuicCryptoNegotiatedParameters params_; |
404 QuicCryptoProof crypto_proof_; | 403 QuicCryptoProof crypto_proof_; |
405 CryptoHandshakeMessage out_; | 404 CryptoHandshakeMessage out_; |
406 uint8 orbit_[kOrbitSize]; | 405 uint8_t orbit_[kOrbitSize]; |
407 bool use_stateless_rejects_; | 406 bool use_stateless_rejects_; |
408 | 407 |
409 // These strings contain hex escaped values from the server suitable for using | 408 // These strings contain hex escaped values from the server suitable for using |
410 // when constructing client hello messages. | 409 // when constructing client hello messages. |
411 string nonce_hex_, pub_hex_, srct_hex_, scid_hex_; | 410 string nonce_hex_, pub_hex_, srct_hex_, scid_hex_; |
412 scoped_ptr<CryptoHandshakeMessage> server_config_; | 411 scoped_ptr<CryptoHandshakeMessage> server_config_; |
413 }; | 412 }; |
414 | 413 |
415 // Run all CryptoServerTest with both values of | 414 // Run all CryptoServerTest with both values of |
416 // FLAGS_use_early_return_when_verifying_chlo. | 415 // FLAGS_use_early_return_when_verifying_chlo. |
(...skipping 588 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1005 // Need to take a copy of |scid| has we're about to call |Erase|. | 1004 // Need to take a copy of |scid| has we're about to call |Erase|. |
1006 const string scid_str(scid.as_string()); | 1005 const string scid_str(scid.as_string()); |
1007 | 1006 |
1008 scfg->Erase(kSCID); | 1007 scfg->Erase(kSCID); |
1009 scfg->MarkDirty(); | 1008 scfg->MarkDirty(); |
1010 const QuicData& serialized(scfg->GetSerialized()); | 1009 const QuicData& serialized(scfg->GetSerialized()); |
1011 | 1010 |
1012 scoped_ptr<crypto::SecureHash> hash( | 1011 scoped_ptr<crypto::SecureHash> hash( |
1013 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); | 1012 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); |
1014 hash->Update(serialized.data(), serialized.length()); | 1013 hash->Update(serialized.data(), serialized.length()); |
1015 uint8 digest[16]; | 1014 uint8_t digest[16]; |
1016 hash->Finish(digest, sizeof(digest)); | 1015 hash->Finish(digest, sizeof(digest)); |
1017 | 1016 |
1018 ASSERT_EQ(scid.size(), sizeof(digest)); | 1017 ASSERT_EQ(scid.size(), sizeof(digest)); |
1019 EXPECT_EQ(0, memcmp(digest, scid_str.c_str(), sizeof(digest))); | 1018 EXPECT_EQ(0, memcmp(digest, scid_str.c_str(), sizeof(digest))); |
1020 } | 1019 } |
1021 | 1020 |
1022 class CryptoServerTestNoConfig : public CryptoServerTest { | 1021 class CryptoServerTestNoConfig : public CryptoServerTest { |
1023 public: | 1022 public: |
1024 void SetUp() override { | 1023 void SetUp() override { |
1025 // Deliberately don't add a config so that we can test this situation. | 1024 // Deliberately don't add a config so that we can test this situation. |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1100 | 1099 |
1101 class AsyncStrikeServerVerificationTest : public CryptoServerTest { | 1100 class AsyncStrikeServerVerificationTest : public CryptoServerTest { |
1102 protected: | 1101 protected: |
1103 AsyncStrikeServerVerificationTest() {} | 1102 AsyncStrikeServerVerificationTest() {} |
1104 | 1103 |
1105 void SetUp() override { | 1104 void SetUp() override { |
1106 const string kOrbit = "12345678"; | 1105 const string kOrbit = "12345678"; |
1107 config_options_.orbit = kOrbit; | 1106 config_options_.orbit = kOrbit; |
1108 strike_register_client_ = new DelayedVerifyStrikeRegisterClient( | 1107 strike_register_client_ = new DelayedVerifyStrikeRegisterClient( |
1109 10000, // strike_register_max_entries | 1108 10000, // strike_register_max_entries |
1110 static_cast<uint32>(clock_.WallNow().ToUNIXSeconds()), | 1109 static_cast<uint32_t>(clock_.WallNow().ToUNIXSeconds()), |
1111 60, // strike_register_window_secs | 1110 60, // strike_register_window_secs |
1112 reinterpret_cast<const uint8*>(kOrbit.c_str()), | 1111 reinterpret_cast<const uint8_t*>(kOrbit.c_str()), |
1113 StrikeRegister::NO_STARTUP_PERIOD_NEEDED); | 1112 StrikeRegister::NO_STARTUP_PERIOD_NEEDED); |
1114 config_.SetStrikeRegisterClient(strike_register_client_); | 1113 config_.SetStrikeRegisterClient(strike_register_client_); |
1115 CryptoServerTest::SetUp(); | 1114 CryptoServerTest::SetUp(); |
1116 strike_register_client_->StartDelayingVerification(); | 1115 strike_register_client_->StartDelayingVerification(); |
1117 } | 1116 } |
1118 | 1117 |
1119 DelayedVerifyStrikeRegisterClient* strike_register_client_; | 1118 DelayedVerifyStrikeRegisterClient* strike_register_client_; |
1120 }; | 1119 }; |
1121 | 1120 |
1122 TEST_P(AsyncStrikeServerVerificationTest, AsyncReplayProtection) { | 1121 TEST_P(AsyncStrikeServerVerificationTest, AsyncReplayProtection) { |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1165 | 1164 |
1166 strike_register_client_->RunPendingVerifications(); | 1165 strike_register_client_->RunPendingVerifications(); |
1167 ASSERT_TRUE(called); | 1166 ASSERT_TRUE(called); |
1168 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); | 1167 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); |
1169 // The message should be rejected now. | 1168 // The message should be rejected now. |
1170 CheckRejectTag(); | 1169 CheckRejectTag(); |
1171 } | 1170 } |
1172 | 1171 |
1173 } // namespace test | 1172 } // namespace test |
1174 } // namespace net | 1173 } // namespace net |
OLD | NEW |