| OLD | NEW |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <ostream> | 5 #include <ostream> |
| 6 #include <vector> | 6 #include <vector> |
| 7 | 7 |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "crypto/secure_hash.h" | 9 #include "crypto/secure_hash.h" |
| 10 #include "net/quic/crypto/cert_compressor.h" | 10 #include "net/quic/crypto/cert_compressor.h" |
| (...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 352 ASSERT_EQ(QUIC_NO_ERROR, | 352 ASSERT_EQ(QUIC_NO_ERROR, |
| 353 out_.GetUint64(kRCID, &server_designated_connection_id)); | 353 out_.GetUint64(kRCID, &server_designated_connection_id)); |
| 354 EXPECT_EQ(rand_for_id_generation_.RandUint64(), | 354 EXPECT_EQ(rand_for_id_generation_.RandUint64(), |
| 355 server_designated_connection_id); | 355 server_designated_connection_id); |
| 356 } | 356 } |
| 357 rand_for_id_generation_.ChangeValue(); | 357 rand_for_id_generation_.ChangeValue(); |
| 358 } | 358 } |
| 359 | 359 |
| 360 void CheckRejectTag() { | 360 void CheckRejectTag() { |
| 361 if (RejectsAreStateless()) { | 361 if (RejectsAreStateless()) { |
| 362 ASSERT_EQ(kSREJ, out_.tag()); | 362 ASSERT_EQ(kSREJ, out_.tag()) << QuicUtils::TagToString(out_.tag()); |
| 363 } else { | 363 } else { |
| 364 ASSERT_EQ(kREJ, out_.tag()); | 364 ASSERT_EQ(kREJ, out_.tag()) << QuicUtils::TagToString(out_.tag()); |
| 365 } | 365 } |
| 366 } | 366 } |
| 367 | 367 |
| 368 bool RejectsAreStateless() { | 368 bool RejectsAreStateless() { |
| 369 return GetParam().enable_stateless_rejects && | 369 return GetParam().enable_stateless_rejects && |
| 370 GetParam().use_stateless_rejects; | 370 GetParam().use_stateless_rejects; |
| 371 } | 371 } |
| 372 | 372 |
| 373 string XlctHexString() { | 373 string XlctHexString() { |
| 374 const vector<string>* certs; | 374 const vector<string>* certs; |
| (...skipping 379 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 754 const HandshakeFailureReason kRejectReasons[] = { | 754 const HandshakeFailureReason kRejectReasons[] = { |
| 755 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; | 755 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; |
| 756 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 756 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 757 }; | 757 }; |
| 758 } | 758 } |
| 759 | 759 |
| 760 TEST_P(CryptoServerTest, ReplayProtection) { | 760 TEST_P(CryptoServerTest, ReplayProtection) { |
| 761 if (client_version_ > QUIC_VERSION_30) { | 761 if (client_version_ > QUIC_VERSION_30) { |
| 762 return; | 762 return; |
| 763 } | 763 } |
| 764 FLAGS_require_strike_register_or_server_nonce = false; |
| 764 // This tests that disabling replay protection works. | 765 // This tests that disabling replay protection works. |
| 765 // clang-format off | 766 // clang-format off |
| 766 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 767 CryptoHandshakeMessage msg = CryptoTestUtils::Message( |
| 767 "CHLO", | 768 "CHLO", |
| 768 "AEAD", "AESG", | 769 "AEAD", "AESG", |
| 769 "KEXS", "C255", | 770 "KEXS", "C255", |
| 770 "SCID", scid_hex_.c_str(), | 771 "SCID", scid_hex_.c_str(), |
| 771 "#004b5453", srct_hex_.c_str(), | 772 "#004b5453", srct_hex_.c_str(), |
| 772 "PUBS", pub_hex_.c_str(), | 773 "PUBS", pub_hex_.c_str(), |
| 773 "NONC", nonce_hex_.c_str(), | 774 "NONC", nonce_hex_.c_str(), |
| (...skipping 17 matching lines...) Expand all Loading... |
| 791 // The message should be accepted now. | 792 // The message should be accepted now. |
| 792 ASSERT_EQ(kSHLO, out_.tag()); | 793 ASSERT_EQ(kSHLO, out_.tag()); |
| 793 CheckServerHello(out_); | 794 CheckServerHello(out_); |
| 794 | 795 |
| 795 ShouldSucceed(msg); | 796 ShouldSucceed(msg); |
| 796 // The message should accepted twice when replay protection is off. | 797 // The message should accepted twice when replay protection is off. |
| 797 ASSERT_EQ(kSHLO, out_.tag()); | 798 ASSERT_EQ(kSHLO, out_.tag()); |
| 798 CheckServerHello(out_); | 799 CheckServerHello(out_); |
| 799 } | 800 } |
| 800 | 801 |
| 802 TEST_P(CryptoServerTest, NoServerNonce) { |
| 803 FLAGS_require_strike_register_or_server_nonce = true; |
| 804 // When no server nonce is present and no strike register is configured, |
| 805 // the CHLO should be rejected. |
| 806 // clang-format off |
| 807 CryptoHandshakeMessage msg = CryptoTestUtils::Message( |
| 808 "CHLO", |
| 809 "AEAD", "AESG", |
| 810 "KEXS", "C255", |
| 811 "SCID", scid_hex_.c_str(), |
| 812 "#004b5453", srct_hex_.c_str(), |
| 813 "PUBS", pub_hex_.c_str(), |
| 814 "NONC", nonce_hex_.c_str(), |
| 815 "XLCT", XlctHexString().c_str(), |
| 816 "VER\0", client_version_string_.c_str(), |
| 817 "$padding", static_cast<int>(kClientHelloMinimumSize), |
| 818 nullptr); |
| 819 // clang-format on |
| 820 |
| 821 ShouldSucceed(msg); |
| 822 |
| 823 CheckRejectTag(); |
| 824 const HandshakeFailureReason kRejectReasons[] = { |
| 825 SERVER_NONCE_REQUIRED_FAILURE}; |
| 826 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 827 } |
| 828 |
| 801 TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { | 829 TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { |
| 802 ValueRestore<bool> old_flag(&FLAGS_quic_use_primary_config_for_proof, true); | 830 ValueRestore<bool> old_flag(&FLAGS_quic_use_primary_config_for_proof, true); |
| 803 client_address_ = IPEndPoint(Loopback6(), 1234); | 831 client_address_ = IPEndPoint(Loopback6(), 1234); |
| 804 // clang-format off | 832 // clang-format off |
| 805 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 833 CryptoHandshakeMessage msg = CryptoTestUtils::Message( |
| 806 "CHLO", | 834 "CHLO", |
| 807 "AEAD", "AESG", | 835 "AEAD", "AESG", |
| 808 "KEXS", "C255", | 836 "KEXS", "C255", |
| 809 "PDMD", "X509", | 837 "PDMD", "X509", |
| 810 "SCID", kOldConfigId, | 838 "SCID", kOldConfigId, |
| (...skipping 353 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1164 | 1192 |
| 1165 strike_register_client_->RunPendingVerifications(); | 1193 strike_register_client_->RunPendingVerifications(); |
| 1166 ASSERT_TRUE(called); | 1194 ASSERT_TRUE(called); |
| 1167 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); | 1195 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); |
| 1168 // The message should be rejected now. | 1196 // The message should be rejected now. |
| 1169 CheckRejectTag(); | 1197 CheckRejectTag(); |
| 1170 } | 1198 } |
| 1171 | 1199 |
| 1172 } // namespace test | 1200 } // namespace test |
| 1173 } // namespace net | 1201 } // namespace net |
| OLD | NEW |