| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <ostream> | 5 #include <ostream> |
| 6 #include <vector> | 6 #include <vector> |
| 7 | 7 |
| 8 #include "base/strings/string_number_conversions.h" | 8 #include "base/strings/string_number_conversions.h" |
| 9 #include "crypto/secure_hash.h" | 9 #include "crypto/secure_hash.h" |
| 10 #include "net/quic/crypto/cert_compressor.h" | 10 #include "net/quic/crypto/cert_compressor.h" |
| (...skipping 566 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 577 "$padding", static_cast<int>(kClientHelloMinimumSize), nullptr); | 577 "$padding", static_cast<int>(kClientHelloMinimumSize), nullptr); |
| 578 // clang-format on | 578 // clang-format on |
| 579 ShouldSucceed(msg); | 579 ShouldSucceed(msg); |
| 580 const HandshakeFailureReason kRejectReasons[] = { | 580 const HandshakeFailureReason kRejectReasons[] = { |
| 581 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 581 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 582 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 582 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 583 } | 583 } |
| 584 } | 584 } |
| 585 | 585 |
| 586 TEST_P(CryptoServerTest, BadClientNonce) { | 586 TEST_P(CryptoServerTest, BadClientNonce) { |
| 587 // Invalid nonces should be ignored. | |
| 588 // clang-format off | 587 // clang-format off |
| 589 static const char* const kBadNonces[] = { | 588 static const char* const kBadNonces[] = { |
| 590 "", | 589 "", |
| 591 "#0000", | 590 "#0000", |
| 592 "#0000000000000000000000000000000000000000", | 591 "#0000000000000000000000000000000000000000", |
| 593 }; | 592 }; |
| 594 // clang-format on | 593 // clang-format on |
| 595 | 594 |
| 596 for (size_t i = 0; i < arraysize(kBadNonces); i++) { | 595 for (size_t i = 0; i < arraysize(kBadNonces); i++) { |
| 596 // Invalid nonces should be ignored, in an inchoate CHLO. |
| 597 // clang-format off | 597 // clang-format off |
| 598 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 598 CryptoHandshakeMessage msg = CryptoTestUtils::Message( |
| 599 "CHLO", | 599 "CHLO", |
| 600 "NONC", kBadNonces[i], | 600 "NONC", kBadNonces[i], |
| 601 "VER\0", client_version_string_.c_str(), | 601 "VER\0", client_version_string_.c_str(), |
| 602 "$padding", static_cast<int>(kClientHelloMinimumSize), | 602 "$padding", static_cast<int>(kClientHelloMinimumSize), |
| 603 nullptr); | 603 nullptr); |
| 604 // clang-format on | 604 // clang-format on |
| 605 ShouldSucceed(msg); | 605 ShouldSucceed(msg); |
| 606 const HandshakeFailureReason kRejectReasons[] = { | 606 const HandshakeFailureReason kRejectReasons[] = { |
| 607 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 607 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 608 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 608 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 609 |
| 610 // Invalid nonces should result in CLIENT_NONCE_INVALID_FAILURE. |
| 611 // clang-format off |
| 612 CryptoHandshakeMessage msg1 = CryptoTestUtils::Message( |
| 613 "CHLO", |
| 614 "AEAD", "AESG", |
| 615 "KEXS", "C255", |
| 616 "SCID", scid_hex_.c_str(), |
| 617 "#004b5453", srct_hex_.c_str(), |
| 618 "PUBS", pub_hex_.c_str(), |
| 619 "NONC", kBadNonces[i], |
| 620 "NONP", kBadNonces[i], |
| 621 "XLCT", XlctHexString().c_str(), |
| 622 "VER\0", client_version_string_.c_str(), |
| 623 "$padding", static_cast<int>(kClientHelloMinimumSize), |
| 624 nullptr); |
| 625 // clang-format on |
| 626 |
| 627 ShouldSucceed(msg1); |
| 628 |
| 629 CheckRejectTag(); |
| 630 const HandshakeFailureReason kRejectReasons1[] = { |
| 631 CLIENT_NONCE_INVALID_FAILURE}; |
| 632 CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1)); |
| 609 } | 633 } |
| 610 } | 634 } |
| 611 | 635 |
| 612 TEST_P(CryptoServerTest, DowngradeAttack) { | 636 TEST_P(CryptoServerTest, DowngradeAttack) { |
| 613 if (supported_versions_.size() == 1) { | 637 if (supported_versions_.size() == 1) { |
| 614 // No downgrade attack is possible if the server only supports one version. | 638 // No downgrade attack is possible if the server only supports one version. |
| 615 return; | 639 return; |
| 616 } | 640 } |
| 617 // Set the client's preferred version to a supported version that | 641 // Set the client's preferred version to a supported version that |
| 618 // is not the "current" version (supported_versions_.front()). | 642 // is not the "current" version (supported_versions_.front()). |
| (...skipping 510 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1129 | 1153 |
| 1130 strike_register_client_->RunPendingVerifications(); | 1154 strike_register_client_->RunPendingVerifications(); |
| 1131 ASSERT_TRUE(called); | 1155 ASSERT_TRUE(called); |
| 1132 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); | 1156 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); |
| 1133 // The message should be rejected now. | 1157 // The message should be rejected now. |
| 1134 CheckRejectTag(); | 1158 CheckRejectTag(); |
| 1135 } | 1159 } |
| 1136 | 1160 |
| 1137 } // namespace test | 1161 } // namespace test |
| 1138 } // namespace net | 1162 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1810073002:
Log when client nonce is invalid. No functional change. Not flag protected. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@116973081