Landing Recent QUIC changes until 2016-03-15 16:26 UTC

net/quic/crypto/crypto_server_test.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <ostream>
 #include <vector>
 
 #include "base/strings/string_number_conversions.h"
 #include "crypto/secure_hash.h"
 #include "net/quic/crypto/cert_compressor.h"
@@ skipping 111 matching lines @@
   return params;
 }
 
 class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
  public:
   CryptoServerTest()
       : rand_(QuicRandom::GetInstance()),
         client_address_(Loopback4(), 1234),
         config_(QuicCryptoServerConfig::TESTING,
                 rand_,
-                CryptoTestUtils::ProofSourceForTesting()) {
+                CryptoTestUtils::ProofSourceForTesting()),
+        compressed_certs_cache_(
+            QuicCompressedCertsCache::kQuicCompressedCertsCacheSize) {
     supported_versions_ = GetParam().supported_versions;
     config_.set_enable_serving_sct(true);
 
     client_version_ = supported_versions_.front();
     client_version_string_ =
         QuicUtils::TagToString(QuicVersionToQuicTag(client_version_));
 
     FLAGS_use_early_return_when_verifying_chlo =
         GetParam().use_early_return_when_verifying_chlo;
     FLAGS_enable_quic_stateless_reject_support =
@@ skipping 148 matching lines @@
                                bool should_succeed,
                                const char* error_substr) {
     IPAddress server_ip;
     string error_details;
     QuicConnectionId server_designated_connection_id =
         rand_for_id_generation_.RandUint64();
     QuicErrorCode error = config_.ProcessClientHello(
         result, 1 /* ConnectionId */, server_ip, client_address_,
         supported_versions_.front(), supported_versions_,
         use_stateless_rejects_, server_designated_connection_id, &clock_, rand_,
-        &params_, &crypto_proof_, &out_, &error_details);
+        &compressed_certs_cache_, &params_, &crypto_proof_, &out_,
+        &error_details);
 
     if (should_succeed) {
       ASSERT_EQ(error, QUIC_NO_ERROR) << "Message failed with error "
                                       << error_details << ": "
                                       << message.DebugString();
     } else {
       ASSERT_NE(error, QUIC_NO_ERROR) << "Message didn't fail: "
                                       << message.DebugString();
 
       EXPECT_TRUE(error_details.find(error_substr) != string::npos)
@@ skipping 82 matching lines @@
 
  protected:
   QuicRandom* const rand_;
   MockRandom rand_for_id_generation_;
   MockClock clock_;
   IPEndPoint client_address_;
   QuicVersionVector supported_versions_;
   QuicVersion client_version_;
   string client_version_string_;
   QuicCryptoServerConfig config_;
+  QuicCompressedCertsCache compressed_certs_cache_;
   QuicCryptoServerConfig::ConfigOptions config_options_;
   QuicCryptoNegotiatedParameters params_;
   QuicCryptoProof crypto_proof_;
   CryptoHandshakeMessage out_;
   uint8_t orbit_[kOrbitSize];
   bool use_stateless_rejects_;
 
   // These strings contain hex escaped values from the server suitable for using
   // when constructing client hello messages.
   string nonce_hex_, pub_hex_, srct_hex_, scid_hex_;
@@ skipping 159 matching lines @@
         "$padding", static_cast<int>(kClientHelloMinimumSize), nullptr);
     // clang-format on
     ShouldSucceed(msg);
     const HandshakeFailureReason kRejectReasons[] = {
         SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
     CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
   }
 }
 
 TEST_P(CryptoServerTest, BadClientNonce) {
-  // Invalid nonces should be ignored.
   // clang-format off
   static const char* const kBadNonces[] = {
     "",
     "#0000",
     "#0000000000000000000000000000000000000000",
   };
   // clang-format on
 
   for (size_t i = 0; i < arraysize(kBadNonces); i++) {
+    // Invalid nonces should be ignored, in an inchoate CHLO.
     // clang-format off
     CryptoHandshakeMessage msg = CryptoTestUtils::Message(
         "CHLO",
         "NONC", kBadNonces[i],
         "VER\0", client_version_string_.c_str(),
         "$padding", static_cast<int>(kClientHelloMinimumSize),
         nullptr);
     // clang-format on
     ShouldSucceed(msg);
     const HandshakeFailureReason kRejectReasons[] = {
         SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
     CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
+
+    // Invalid nonces should result in CLIENT_NONCE_INVALID_FAILURE.
+    // clang-format off
+    CryptoHandshakeMessage msg1 = CryptoTestUtils::Message(
+        "CHLO",
+        "AEAD", "AESG",
+        "KEXS", "C255",
+        "SCID", scid_hex_.c_str(),
+        "#004b5453", srct_hex_.c_str(),
+        "PUBS", pub_hex_.c_str(),
+        "NONC", kBadNonces[i],
+        "NONP", kBadNonces[i],
+        "XLCT", XlctHexString().c_str(),
+        "VER\0", client_version_string_.c_str(),
+        "$padding", static_cast<int>(kClientHelloMinimumSize),
+        nullptr);
+    // clang-format on
+
+    ShouldSucceed(msg1);
+
+    CheckRejectTag();
+    const HandshakeFailureReason kRejectReasons1[] = {
+        CLIENT_NONCE_INVALID_FAILURE};
+    CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1));
   }
 }
 
 TEST_P(CryptoServerTest, DowngradeAttack) {
   if (supported_versions_.size() == 1) {
     // No downgrade attack is possible if the server only supports one version.
     return;
   }
   // Set the client's preferred version to a supported version that
   // is not the "current" version (supported_versions_.front()).
@@ skipping 510 matching lines @@
 
   strike_register_client_->RunPendingVerifications();
   ASSERT_TRUE(called);
   EXPECT_EQ(0, strike_register_client_->PendingVerifications());
   // The message should be rejected now.
   CheckRejectTag();
 }
 
 }  // namespace test
 }  // namespace net