| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdarg.h> | 7 #include <stdarg.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 | 10 |
| 11 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
| 12 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" | 12 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" |
| 13 #include "net/quic/crypto/cert_compressor.h" | 13 #include "net/quic/crypto/cert_compressor.h" |
| 14 #include "net/quic/crypto/chacha20_poly1305_rfc7539_encrypter.h" | 14 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" |
| 15 #include "net/quic/crypto/crypto_handshake_message.h" | 15 #include "net/quic/crypto/crypto_handshake_message.h" |
| 16 #include "net/quic/crypto/crypto_secret_boxer.h" | 16 #include "net/quic/crypto/crypto_secret_boxer.h" |
| 17 #include "net/quic/crypto/crypto_server_config_protobuf.h" | 17 #include "net/quic/crypto/crypto_server_config_protobuf.h" |
| 18 #include "net/quic/crypto/quic_random.h" | 18 #include "net/quic/crypto/quic_random.h" |
| 19 #include "net/quic/crypto/strike_register_client.h" | 19 #include "net/quic/crypto/strike_register_client.h" |
| 20 #include "net/quic/quic_flags.h" | 20 #include "net/quic/quic_flags.h" |
| 21 #include "net/quic/quic_time.h" | 21 #include "net/quic/quic_time.h" |
| 22 #include "net/quic/test_tools/crypto_test_utils.h" | 22 #include "net/quic/test_tools/crypto_test_utils.h" |
| 23 #include "net/quic/test_tools/mock_clock.h" | 23 #include "net/quic/test_tools/mock_clock.h" |
| 24 #include "net/quic/test_tools/quic_test_utils.h" | 24 #include "net/quic/test_tools/quic_test_utils.h" |
| (...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 239 std::unique_ptr<CryptoHandshakeMessage> message(server.AddDefaultConfig( | 239 std::unique_ptr<CryptoHandshakeMessage> message(server.AddDefaultConfig( |
| 240 rand, &clock, QuicCryptoServerConfig::ConfigOptions())); | 240 rand, &clock, QuicCryptoServerConfig::ConfigOptions())); |
| 241 | 241 |
| 242 // The default configuration should have AES-GCM and at least one ChaCha20 | 242 // The default configuration should have AES-GCM and at least one ChaCha20 |
| 243 // cipher. | 243 // cipher. |
| 244 const QuicTag* aead_tags; | 244 const QuicTag* aead_tags; |
| 245 size_t aead_len; | 245 size_t aead_len; |
| 246 ASSERT_EQ(QUIC_NO_ERROR, message->GetTaglist(kAEAD, &aead_tags, &aead_len)); | 246 ASSERT_EQ(QUIC_NO_ERROR, message->GetTaglist(kAEAD, &aead_tags, &aead_len)); |
| 247 vector<QuicTag> aead(aead_tags, aead_tags + aead_len); | 247 vector<QuicTag> aead(aead_tags, aead_tags + aead_len); |
| 248 EXPECT_THAT(aead, ::testing::Contains(kAESG)); | 248 EXPECT_THAT(aead, ::testing::Contains(kAESG)); |
| 249 if (ChaCha20Poly1305Rfc7539Encrypter::IsSupported()) { | 249 EXPECT_LE(1u, aead.size()); |
| 250 EXPECT_LE(2u, aead.size()); | |
| 251 } else { | |
| 252 EXPECT_LE(1u, aead.size()); | |
| 253 } | |
| 254 } | 250 } |
| 255 | 251 |
| 256 TEST(QuicCryptoServerConfigTest, ServerConfigDisableChaCha) { | 252 TEST(QuicCryptoServerConfigTest, ServerConfigDisableChaCha) { |
| 257 ValueRestore<bool> old_flag( | 253 ValueRestore<bool> old_flag( |
| 258 &FLAGS_quic_crypto_server_config_default_has_chacha20, false); | 254 &FLAGS_quic_crypto_server_config_default_has_chacha20, false); |
| 259 QuicRandom* rand = QuicRandom::GetInstance(); | 255 QuicRandom* rand = QuicRandom::GetInstance(); |
| 260 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand, | 256 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand, |
| 261 CryptoTestUtils::ProofSourceForTesting()); | 257 CryptoTestUtils::ProofSourceForTesting()); |
| 262 MockClock clock; | 258 MockClock clock; |
| 263 | 259 |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 297 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand, | 293 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand, |
| 298 CryptoTestUtils::ProofSourceForTesting()); | 294 CryptoTestUtils::ProofSourceForTesting()); |
| 299 QuicCryptoServerConfigPeer peer(&server); | 295 QuicCryptoServerConfigPeer peer(&server); |
| 300 | 296 |
| 301 vector<string> certs = {"testcert"}; | 297 vector<string> certs = {"testcert"}; |
| 302 scoped_refptr<ProofSource::Chain> chain(new ProofSource::Chain(certs)); | 298 scoped_refptr<ProofSource::Chain> chain(new ProofSource::Chain(certs)); |
| 303 | 299 |
| 304 string compressed = | 300 string compressed = |
| 305 peer.CompressChain(&compressed_certs_cache, chain, "", "", nullptr); | 301 peer.CompressChain(&compressed_certs_cache, chain, "", "", nullptr); |
| 306 | 302 |
| 307 if (FLAGS_quic_use_cached_compressed_certs) { | 303 EXPECT_EQ(compressed_certs_cache.Size(), 1u); |
| 308 EXPECT_EQ(compressed_certs_cache.Size(), 1u); | |
| 309 } else { | |
| 310 EXPECT_EQ(compressed_certs_cache.Size(), 0u); | |
| 311 } | |
| 312 } | 304 } |
| 313 | 305 |
| 314 TEST(QuicCryptoServerConfigTest, CompressSameCertsTwice) { | 306 TEST(QuicCryptoServerConfigTest, CompressSameCertsTwice) { |
| 315 QuicCompressedCertsCache compressed_certs_cache( | 307 QuicCompressedCertsCache compressed_certs_cache( |
| 316 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize); | 308 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize); |
| 317 | 309 |
| 318 QuicRandom* rand = QuicRandom::GetInstance(); | 310 QuicRandom* rand = QuicRandom::GetInstance(); |
| 319 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand, | 311 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand, |
| 320 CryptoTestUtils::ProofSourceForTesting()); | 312 CryptoTestUtils::ProofSourceForTesting()); |
| 321 QuicCryptoServerConfigPeer peer(&server); | 313 QuicCryptoServerConfigPeer peer(&server); |
| 322 | 314 |
| 323 // Compress the certs for the first time. | 315 // Compress the certs for the first time. |
| 324 vector<string> certs = {"testcert"}; | 316 vector<string> certs = {"testcert"}; |
| 325 scoped_refptr<ProofSource::Chain> chain(new ProofSource::Chain(certs)); | 317 scoped_refptr<ProofSource::Chain> chain(new ProofSource::Chain(certs)); |
| 326 string common_certs = ""; | 318 string common_certs = ""; |
| 327 string cached_certs = ""; | 319 string cached_certs = ""; |
| 328 | 320 |
| 329 string compressed = peer.CompressChain(&compressed_certs_cache, chain, | 321 string compressed = peer.CompressChain(&compressed_certs_cache, chain, |
| 330 common_certs, cached_certs, nullptr); | 322 common_certs, cached_certs, nullptr); |
| 331 if (FLAGS_quic_use_cached_compressed_certs) { | 323 EXPECT_EQ(compressed_certs_cache.Size(), 1u); |
| 332 EXPECT_EQ(compressed_certs_cache.Size(), 1u); | |
| 333 } | |
| 334 | 324 |
| 335 // Compress the same certs, should use cache if available. | 325 // Compress the same certs, should use cache if available. |
| 336 string compressed2 = peer.CompressChain(&compressed_certs_cache, chain, | 326 string compressed2 = peer.CompressChain(&compressed_certs_cache, chain, |
| 337 common_certs, cached_certs, nullptr); | 327 common_certs, cached_certs, nullptr); |
| 338 EXPECT_EQ(compressed, compressed2); | 328 EXPECT_EQ(compressed, compressed2); |
| 339 if (FLAGS_quic_use_cached_compressed_certs) { | 329 EXPECT_EQ(compressed_certs_cache.Size(), 1u); |
| 340 EXPECT_EQ(compressed_certs_cache.Size(), 1u); | |
| 341 } | |
| 342 } | 330 } |
| 343 | 331 |
| 344 TEST(QuicCryptoServerConfigTest, CompressDifferentCerts) { | 332 TEST(QuicCryptoServerConfigTest, CompressDifferentCerts) { |
| 345 // This test compresses a set of similar but not identical certs. Cache if | 333 // This test compresses a set of similar but not identical certs. Cache if |
| 346 // used should return cache miss and add all the compressed certs. | 334 // used should return cache miss and add all the compressed certs. |
| 347 QuicCompressedCertsCache compressed_certs_cache( | 335 QuicCompressedCertsCache compressed_certs_cache( |
| 348 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize); | 336 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize); |
| 349 | 337 |
| 350 QuicRandom* rand = QuicRandom::GetInstance(); | 338 QuicRandom* rand = QuicRandom::GetInstance(); |
| 351 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand, | 339 QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand, |
| 352 CryptoTestUtils::ProofSourceForTesting()); | 340 CryptoTestUtils::ProofSourceForTesting()); |
| 353 QuicCryptoServerConfigPeer peer(&server); | 341 QuicCryptoServerConfigPeer peer(&server); |
| 354 | 342 |
| 355 vector<string> certs = {"testcert"}; | 343 vector<string> certs = {"testcert"}; |
| 356 scoped_refptr<ProofSource::Chain> chain(new ProofSource::Chain(certs)); | 344 scoped_refptr<ProofSource::Chain> chain(new ProofSource::Chain(certs)); |
| 357 string common_certs = ""; | 345 string common_certs = ""; |
| 358 string cached_certs = ""; | 346 string cached_certs = ""; |
| 359 | 347 |
| 360 string compressed = peer.CompressChain(&compressed_certs_cache, chain, | 348 string compressed = peer.CompressChain(&compressed_certs_cache, chain, |
| 361 common_certs, cached_certs, nullptr); | 349 common_certs, cached_certs, nullptr); |
| 362 if (FLAGS_quic_use_cached_compressed_certs) { | 350 EXPECT_EQ(compressed_certs_cache.Size(), 1u); |
| 363 EXPECT_EQ(compressed_certs_cache.Size(), 1u); | |
| 364 } | |
| 365 | 351 |
| 366 // Compress a similar certs which only differs in the chain. | 352 // Compress a similar certs which only differs in the chain. |
| 367 scoped_refptr<ProofSource::Chain> chain2(new ProofSource::Chain(certs)); | 353 scoped_refptr<ProofSource::Chain> chain2(new ProofSource::Chain(certs)); |
| 368 | 354 |
| 369 string compressed2 = peer.CompressChain(&compressed_certs_cache, chain2, | 355 string compressed2 = peer.CompressChain(&compressed_certs_cache, chain2, |
| 370 common_certs, cached_certs, nullptr); | 356 common_certs, cached_certs, nullptr); |
| 371 if (FLAGS_quic_use_cached_compressed_certs) { | 357 EXPECT_EQ(compressed_certs_cache.Size(), 2u); |
| 372 EXPECT_EQ(compressed_certs_cache.Size(), 2u); | |
| 373 } | |
| 374 | 358 |
| 375 // Compress a similar certs which only differs in common certs field. | 359 // Compress a similar certs which only differs in common certs field. |
| 376 static const uint64_t set_hash = 42; | 360 static const uint64_t set_hash = 42; |
| 377 std::unique_ptr<CommonCertSets> common_sets( | 361 std::unique_ptr<CommonCertSets> common_sets( |
| 378 CryptoTestUtils::MockCommonCertSets(certs[0], set_hash, 1)); | 362 CryptoTestUtils::MockCommonCertSets(certs[0], set_hash, 1)); |
| 379 StringPiece different_common_certs(reinterpret_cast<const char*>(&set_hash), | 363 StringPiece different_common_certs(reinterpret_cast<const char*>(&set_hash), |
| 380 sizeof(set_hash)); | 364 sizeof(set_hash)); |
| 381 string compressed3 = peer.CompressChain(&compressed_certs_cache, chain, | 365 string compressed3 = peer.CompressChain(&compressed_certs_cache, chain, |
| 382 different_common_certs.as_string(), | 366 different_common_certs.as_string(), |
| 383 cached_certs, common_sets.get()); | 367 cached_certs, common_sets.get()); |
| 384 if (FLAGS_quic_use_cached_compressed_certs) { | 368 EXPECT_EQ(compressed_certs_cache.Size(), 3u); |
| 385 EXPECT_EQ(compressed_certs_cache.Size(), 3u); | |
| 386 } | |
| 387 } | 369 } |
| 388 | 370 |
| 389 class SourceAddressTokenTest : public ::testing::Test { | 371 class SourceAddressTokenTest : public ::testing::Test { |
| 390 public: | 372 public: |
| 391 SourceAddressTokenTest() | 373 SourceAddressTokenTest() |
| 392 : ip4_(Loopback4()), | 374 : ip4_(Loopback4()), |
| 393 ip4_dual_(ConvertIPv4ToIPv4MappedIPv6(ip4_)), | 375 ip4_dual_(ConvertIPv4ToIPv4MappedIPv6(ip4_)), |
| 394 ip6_(Loopback6()), | 376 ip6_(Loopback6()), |
| 395 original_time_(QuicWallTime::Zero()), | 377 original_time_(QuicWallTime::Zero()), |
| 396 rand_(QuicRandom::GetInstance()), | 378 rand_(QuicRandom::GetInstance()), |
| (...skipping 379 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 776 TEST_F(CryptoServerConfigsTest, InvalidConfigs) { | 758 TEST_F(CryptoServerConfigsTest, InvalidConfigs) { |
| 777 // Ensure that invalid configs don't change anything. | 759 // Ensure that invalid configs don't change anything. |
| 778 SetConfigs("a", 800, 1, "b", 900, 1, "c", 1100, 1, nullptr); | 760 SetConfigs("a", 800, 1, "b", 900, 1, "c", 1100, 1, nullptr); |
| 779 test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr); | 761 test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr); |
| 780 SetConfigs("a", 800, 1, "c", 1100, 1, "INVALID1", 1000, 1, nullptr); | 762 SetConfigs("a", 800, 1, "c", 1100, 1, "INVALID1", 1000, 1, nullptr); |
| 781 test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr); | 763 test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr); |
| 782 } | 764 } |
| 783 | 765 |
| 784 } // namespace test | 766 } // namespace test |
| 785 } // namespace net | 767 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1918953003:
Landing Recent QUIC changes until 4/22/2016 14:55 UTC (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master