OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <ostream> | 5 #include <ostream> |
6 #include <vector> | 6 #include <vector> |
7 | 7 |
8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
9 #include "crypto/secure_hash.h" | 9 #include "crypto/secure_hash.h" |
10 #include "net/quic/crypto/cert_compressor.h" | 10 #include "net/quic/crypto/cert_compressor.h" |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 ASSERT_TRUE(out_.GetStringPiece(kSourceAddressTokenTag, &srct)); | 192 ASSERT_TRUE(out_.GetStringPiece(kSourceAddressTokenTag, &srct)); |
193 srct_hex_ = "#" + base::HexEncode(srct.data(), srct.size()); | 193 srct_hex_ = "#" + base::HexEncode(srct.data(), srct.size()); |
194 | 194 |
195 StringPiece scfg; | 195 StringPiece scfg; |
196 ASSERT_TRUE(out_.GetStringPiece(kSCFG, &scfg)); | 196 ASSERT_TRUE(out_.GetStringPiece(kSCFG, &scfg)); |
197 server_config_.reset(CryptoFramer::ParseMessage(scfg)); | 197 server_config_.reset(CryptoFramer::ParseMessage(scfg)); |
198 | 198 |
199 StringPiece scid; | 199 StringPiece scid; |
200 ASSERT_TRUE(server_config_->GetStringPiece(kSCID, &scid)); | 200 ASSERT_TRUE(server_config_->GetStringPiece(kSCID, &scid)); |
201 scid_hex_ = "#" + base::HexEncode(scid.data(), scid.size()); | 201 scid_hex_ = "#" + base::HexEncode(scid.data(), scid.size()); |
| 202 crypto_proof_ = QuicCryptoProof(); |
| 203 DCHECK(crypto_proof_.chain.get() == nullptr); |
202 } | 204 } |
203 | 205 |
204 // Helper used to accept the result of ValidateClientHello and pass | 206 // Helper used to accept the result of ValidateClientHello and pass |
205 // it on to ProcessClientHello. | 207 // it on to ProcessClientHello. |
206 class ValidateCallback : public ValidateClientHelloResultCallback { | 208 class ValidateCallback : public ValidateClientHelloResultCallback { |
207 public: | 209 public: |
208 ValidateCallback(CryptoServerTest* test, | 210 ValidateCallback(CryptoServerTest* test, |
209 bool should_succeed, | 211 bool should_succeed, |
210 const char* error_substr, | 212 const char* error_substr, |
211 bool* called) | 213 bool* called) |
(...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
370 GetParam().use_stateless_rejects; | 372 GetParam().use_stateless_rejects; |
371 } | 373 } |
372 | 374 |
373 string XlctHexString() { | 375 string XlctHexString() { |
374 scoped_refptr<ProofSource::Chain> chain; | 376 scoped_refptr<ProofSource::Chain> chain; |
375 IPAddress server_ip; | 377 IPAddress server_ip; |
376 string sig; | 378 string sig; |
377 string cert_sct; | 379 string cert_sct; |
378 scoped_ptr<ProofSource> proof_source( | 380 scoped_ptr<ProofSource> proof_source( |
379 CryptoTestUtils::ProofSourceForTesting()); | 381 CryptoTestUtils::ProofSourceForTesting()); |
380 if (!proof_source->GetProof(server_ip, "", "", false, &chain, &sig, | 382 if (!proof_source->GetProof(server_ip, "", "", client_version_, "", false, |
381 &cert_sct) || | 383 &chain, &sig, &cert_sct) || |
382 chain->certs.empty()) { | 384 chain->certs.empty()) { |
383 return "#0100000000000000"; | 385 return "#0100000000000000"; |
384 } | 386 } |
385 | 387 |
386 std::ostringstream xlct_stream; | 388 std::ostringstream xlct_stream; |
387 uint64_t xlct = QuicUtils::FNV1a_64_Hash(chain->certs.at(0).c_str(), | 389 uint64_t xlct = QuicUtils::FNV1a_64_Hash(chain->certs.at(0).c_str(), |
388 chain->certs.at(0).length()); | 390 chain->certs.at(0).length()); |
389 | 391 |
390 return "#" + base::HexEncode(reinterpret_cast<char*>(&xlct), sizeof(xlct)); | 392 return "#" + base::HexEncode(reinterpret_cast<char*>(&xlct), sizeof(xlct)); |
391 } | 393 } |
(...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
730 // This test corrupts client nonce, server nonce and source address token. | 732 // This test corrupts client nonce, server nonce and source address token. |
731 // clang-format off | 733 // clang-format off |
732 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 734 CryptoHandshakeMessage msg = CryptoTestUtils::Message( |
733 "CHLO", | 735 "CHLO", |
734 "AEAD", "AESG", | 736 "AEAD", "AESG", |
735 "KEXS", "C255", | 737 "KEXS", "C255", |
736 "SCID", scid_hex_.c_str(), | 738 "SCID", scid_hex_.c_str(), |
737 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), | 739 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), |
738 "PUBS", pub_hex_.c_str(), | 740 "PUBS", pub_hex_.c_str(), |
739 "NONC", (string(1, 'X') + nonce_hex_).c_str(), | 741 "NONC", (string(1, 'X') + nonce_hex_).c_str(), |
| 742 "NONP", (string(1, 'X') + nonce_hex_).c_str(), |
740 "SNO\0", (string(1, 'X') + nonce_hex_).c_str(), | 743 "SNO\0", (string(1, 'X') + nonce_hex_).c_str(), |
741 "XLCT", XlctHexString().c_str(), | 744 "XLCT", XlctHexString().c_str(), |
742 "VER\0", client_version_string_.c_str(), | 745 "VER\0", client_version_string_.c_str(), |
743 "$padding", static_cast<int>(kClientHelloMinimumSize), | 746 "$padding", static_cast<int>(kClientHelloMinimumSize), |
744 nullptr); | 747 nullptr); |
745 // clang-format on | 748 // clang-format on |
746 ShouldSucceed(msg); | 749 ShouldSucceed(msg); |
747 CheckRejectTag(); | 750 CheckRejectTag(); |
748 | 751 |
749 if (client_version_ <= QUIC_VERSION_30) { | 752 if (client_version_ <= QUIC_VERSION_31) { |
750 const HandshakeFailureReason kRejectReasons[] = { | 753 const HandshakeFailureReason kRejectReasons[] = { |
751 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE, | 754 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE, |
752 SERVER_NONCE_DECRYPTION_FAILURE}; | 755 SERVER_NONCE_DECRYPTION_FAILURE}; |
753 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 756 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
754 } else { | 757 } else { |
755 const HandshakeFailureReason kRejectReasons[] = { | 758 const HandshakeFailureReason kRejectReasons[] = { |
756 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; | 759 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; |
757 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 760 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
758 }; | 761 }; |
759 } | 762 } |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
806 // the CHLO should be rejected. | 809 // the CHLO should be rejected. |
807 // clang-format off | 810 // clang-format off |
808 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 811 CryptoHandshakeMessage msg = CryptoTestUtils::Message( |
809 "CHLO", | 812 "CHLO", |
810 "AEAD", "AESG", | 813 "AEAD", "AESG", |
811 "KEXS", "C255", | 814 "KEXS", "C255", |
812 "SCID", scid_hex_.c_str(), | 815 "SCID", scid_hex_.c_str(), |
813 "#004b5453", srct_hex_.c_str(), | 816 "#004b5453", srct_hex_.c_str(), |
814 "PUBS", pub_hex_.c_str(), | 817 "PUBS", pub_hex_.c_str(), |
815 "NONC", nonce_hex_.c_str(), | 818 "NONC", nonce_hex_.c_str(), |
| 819 "NONP", nonce_hex_.c_str(), |
816 "XLCT", XlctHexString().c_str(), | 820 "XLCT", XlctHexString().c_str(), |
817 "VER\0", client_version_string_.c_str(), | 821 "VER\0", client_version_string_.c_str(), |
818 "$padding", static_cast<int>(kClientHelloMinimumSize), | 822 "$padding", static_cast<int>(kClientHelloMinimumSize), |
819 nullptr); | 823 nullptr); |
820 // clang-format on | 824 // clang-format on |
821 | 825 |
822 ShouldSucceed(msg); | 826 ShouldSucceed(msg); |
823 | 827 |
824 CheckRejectTag(); | 828 CheckRejectTag(); |
825 const HandshakeFailureReason kRejectReasons[] = { | 829 const HandshakeFailureReason kRejectReasons[] = { |
826 SERVER_NONCE_REQUIRED_FAILURE}; | 830 SERVER_NONCE_REQUIRED_FAILURE}; |
827 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 831 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
828 } | 832 } |
829 | 833 |
830 TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { | 834 TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { |
831 client_address_ = IPEndPoint(Loopback6(), 1234); | 835 client_address_ = IPEndPoint(Loopback6(), 1234); |
832 // clang-format off | 836 // clang-format off |
833 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 837 CryptoHandshakeMessage msg = CryptoTestUtils::Message( |
834 "CHLO", | 838 "CHLO", |
835 "AEAD", "AESG", | 839 "AEAD", "AESG", |
836 "KEXS", "C255", | 840 "KEXS", "C255", |
837 "PDMD", "X509", | 841 "PDMD", "X509", |
838 "SCID", kOldConfigId, | 842 "SCID", kOldConfigId, |
839 "#004b5453", srct_hex_.c_str(), | 843 "#004b5453", srct_hex_.c_str(), |
840 "PUBS", pub_hex_.c_str(), | 844 "PUBS", pub_hex_.c_str(), |
841 "NONC", nonce_hex_.c_str(), | 845 "NONC", nonce_hex_.c_str(), |
| 846 "NONP", "123456789012345678901234567890", |
842 "VER\0", client_version_string_.c_str(), | 847 "VER\0", client_version_string_.c_str(), |
843 "XLCT", XlctHexString().c_str(), | 848 "XLCT", XlctHexString().c_str(), |
844 "$padding", static_cast<int>(kClientHelloMinimumSize), | 849 "$padding", static_cast<int>(kClientHelloMinimumSize), |
845 nullptr); | 850 nullptr); |
846 // clang-format on | 851 // clang-format on |
847 ShouldSucceed(msg); | 852 ShouldSucceed(msg); |
848 // The message should be rejected because the source-address token is no | 853 // The message should be rejected because the source-address token is no |
849 // longer valid. | 854 // longer valid. |
850 CheckRejectTag(); | 855 CheckRejectTag(); |
851 const HandshakeFailureReason kRejectReasons[] = { | 856 const HandshakeFailureReason kRejectReasons[] = { |
(...skipping 18 matching lines...) Expand all Loading... |
870 common_cert_sets, &certs)); | 875 common_cert_sets, &certs)); |
871 | 876 |
872 // Check that the proof in the REJ message is valid. | 877 // Check that the proof in the REJ message is valid. |
873 scoped_ptr<ProofVerifier> proof_verifier( | 878 scoped_ptr<ProofVerifier> proof_verifier( |
874 CryptoTestUtils::ProofVerifierForTesting()); | 879 CryptoTestUtils::ProofVerifierForTesting()); |
875 scoped_ptr<ProofVerifyContext> verify_context( | 880 scoped_ptr<ProofVerifyContext> verify_context( |
876 CryptoTestUtils::ProofVerifyContextForTesting()); | 881 CryptoTestUtils::ProofVerifyContextForTesting()); |
877 scoped_ptr<ProofVerifyDetails> details; | 882 scoped_ptr<ProofVerifyDetails> details; |
878 string error_details; | 883 string error_details; |
879 DummyProofVerifierCallback callback; | 884 DummyProofVerifierCallback callback; |
880 EXPECT_EQ(QUIC_SUCCESS, proof_verifier->VerifyProof( | 885 string chlo_hash; |
881 "test.example.com", scfg_str.as_string(), certs, | 886 CryptoUtils::HashHandshakeMessage(msg, &chlo_hash); |
882 "", proof.as_string(), verify_context.get(), | 887 EXPECT_EQ(QUIC_SUCCESS, |
883 &error_details, &details, &callback)); | 888 proof_verifier->VerifyProof( |
| 889 "test.example.com", scfg_str.as_string(), client_version_, |
| 890 chlo_hash, certs, "", proof.as_string(), verify_context.get(), |
| 891 &error_details, &details, &callback)); |
884 } | 892 } |
885 | 893 |
886 TEST_P(CryptoServerTest, RejectInvalidXlct) { | 894 TEST_P(CryptoServerTest, RejectInvalidXlct) { |
887 if (client_version_ <= QUIC_VERSION_25) { | 895 if (client_version_ <= QUIC_VERSION_25) { |
888 // XLCT tag introduced in QUIC_VERSION_26. | 896 // XLCT tag introduced in QUIC_VERSION_26. |
889 return; | 897 return; |
890 } | 898 } |
891 // clang-format off | 899 // clang-format off |
892 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 900 CryptoHandshakeMessage msg = CryptoTestUtils::Message( |
893 "CHLO", | 901 "CHLO", |
(...skipping 298 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1192 | 1200 |
1193 strike_register_client_->RunPendingVerifications(); | 1201 strike_register_client_->RunPendingVerifications(); |
1194 ASSERT_TRUE(called); | 1202 ASSERT_TRUE(called); |
1195 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); | 1203 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); |
1196 // The message should be rejected now. | 1204 // The message should be rejected now. |
1197 CheckRejectTag(); | 1205 CheckRejectTag(); |
1198 } | 1206 } |
1199 | 1207 |
1200 } // namespace test | 1208 } // namespace test |
1201 } // namespace net | 1209 } // namespace net |
OLD | NEW |