Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(629)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/crypto_server_test.cc

Issue 1785613005: Deprecate FLAG_require_strike_register_or_server_nonce (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@115890504
Patch Set: Deleted flag definition Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/quic/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <ostream> 5 #include <ostream>
6 #include <vector> 6 #include <vector>
7 7
8 #include "base/strings/string_number_conversions.h" 8 #include "base/strings/string_number_conversions.h"
9 #include "crypto/secure_hash.h" 9 #include "crypto/secure_hash.h"
10 #include "net/quic/crypto/cert_compressor.h" 10 #include "net/quic/crypto/cert_compressor.h"
(...skipping 708 matching lines...) Expand 10 before | Expand all | Expand 10 after
719 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE, 719 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE,
720 SERVER_NONCE_DECRYPTION_FAILURE}; 720 SERVER_NONCE_DECRYPTION_FAILURE};
721 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 721 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
722 } else { 722 } else {
723 const HandshakeFailureReason kRejectReasons[] = { 723 const HandshakeFailureReason kRejectReasons[] = {
724 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; 724 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE};
725 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 725 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
726 }; 726 };
727 } 727 }
728 728
729 TEST_P(CryptoServerTest, ReplayProtection) {
730 if (client_version_ > QUIC_VERSION_30) {
731 return;
732 }
733 FLAGS_require_strike_register_or_server_nonce = false;
734 // This tests that disabling replay protection works.
735 // clang-format off
736 CryptoHandshakeMessage msg = CryptoTestUtils::Message(
737 "CHLO",
738 "AEAD", "AESG",
739 "KEXS", "C255",
740 "SCID", scid_hex_.c_str(),
741 "#004b5453", srct_hex_.c_str(),
742 "PUBS", pub_hex_.c_str(),
743 "NONC", nonce_hex_.c_str(),
744 "XLCT", XlctHexString().c_str(),
745 "VER\0", client_version_string_.c_str(),
746 "$padding", static_cast<int>(kClientHelloMinimumSize),
747 nullptr);
748 // clang-format on
749 ShouldSucceed(msg);
750 // The message should be rejected because the strike-register is still
751 // quiescent.
752 CheckRejectTag();
753
754 const HandshakeFailureReason kRejectReasons[] = {
755 CLIENT_NONCE_INVALID_TIME_FAILURE};
756 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
757
758 config_.set_replay_protection(false);
759
760 ShouldSucceed(msg);
761 // The message should be accepted now.
762 ASSERT_EQ(kSHLO, out_.tag());
763 CheckServerHello(out_);
764
765 ShouldSucceed(msg);
766 // The message should accepted twice when replay protection is off.
767 ASSERT_EQ(kSHLO, out_.tag());
768 CheckServerHello(out_);
769 }
770
771 TEST_P(CryptoServerTest, NoServerNonce) { 729 TEST_P(CryptoServerTest, NoServerNonce) {
772 FLAGS_require_strike_register_or_server_nonce = true;
773 // When no server nonce is present and no strike register is configured, 730 // When no server nonce is present and no strike register is configured,
774 // the CHLO should be rejected. 731 // the CHLO should be rejected.
775 // clang-format off 732 // clang-format off
776 CryptoHandshakeMessage msg = CryptoTestUtils::Message( 733 CryptoHandshakeMessage msg = CryptoTestUtils::Message(
777 "CHLO", 734 "CHLO",
778 "AEAD", "AESG", 735 "AEAD", "AESG",
779 "KEXS", "C255", 736 "KEXS", "C255",
780 "SCID", scid_hex_.c_str(), 737 "SCID", scid_hex_.c_str(),
781 "#004b5453", srct_hex_.c_str(), 738 "#004b5453", srct_hex_.c_str(),
782 "PUBS", pub_hex_.c_str(), 739 "PUBS", pub_hex_.c_str(),
(...skipping 377 matching lines...) Expand 10 before | Expand all | Expand 10 after
1160 1117
1161 strike_register_client_->RunPendingVerifications(); 1118 strike_register_client_->RunPendingVerifications();
1162 ASSERT_TRUE(called); 1119 ASSERT_TRUE(called);
1163 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); 1120 EXPECT_EQ(0, strike_register_client_->PendingVerifications());
1164 // The message should be rejected now. 1121 // The message should be rejected now.
1165 CheckRejectTag(); 1122 CheckRejectTag();
1166 } 1123 }
1167 1124
1168 } // namespace test 1125 } // namespace test
1169 } // namespace net 1126 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/quic/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698