| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <algorithm> | 5 #include <algorithm> |
| 6 #include <cstdint> | 6 #include <cstdint> |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <ostream> | 8 #include <ostream> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 const std::string& error_details, | 49 const std::string& error_details, |
| 50 std::unique_ptr<ProofVerifyDetails>* details) override { | 50 std::unique_ptr<ProofVerifyDetails>* details) override { |
| 51 // Do nothing | 51 // Do nothing |
| 52 } | 52 } |
| 53 }; | 53 }; |
| 54 | 54 |
| 55 const char kOldConfigId[] = "old-config-id"; | 55 const char kOldConfigId[] = "old-config-id"; |
| 56 | 56 |
| 57 } // namespace | 57 } // namespace |
| 58 | 58 |
| 59 // Run tests with both parities of | |
| 60 // FLAGS_use_early_return_when_verifying_chlo. | |
| 61 struct TestParams { | 59 struct TestParams { |
| 62 TestParams(bool use_early_return_when_verifying_chlo, | 60 TestParams(bool enable_stateless_rejects, |
| 63 bool enable_stateless_rejects, | |
| 64 bool use_stateless_rejects, | 61 bool use_stateless_rejects, |
| 65 QuicVersionVector supported_versions) | 62 QuicVersionVector supported_versions) |
| 66 : use_early_return_when_verifying_chlo( | 63 : enable_stateless_rejects(enable_stateless_rejects), |
| 67 use_early_return_when_verifying_chlo), | |
| 68 enable_stateless_rejects(enable_stateless_rejects), | |
| 69 use_stateless_rejects(use_stateless_rejects), | 64 use_stateless_rejects(use_stateless_rejects), |
| 70 supported_versions(supported_versions) {} | 65 supported_versions(supported_versions) {} |
| 71 | 66 |
| 72 friend ostream& operator<<(ostream& os, const TestParams& p) { | 67 friend ostream& operator<<(ostream& os, const TestParams& p) { |
| 73 os << "{ use_early_return_when_verifying_chlo: " | |
| 74 << p.use_early_return_when_verifying_chlo << std::endl; | |
| 75 os << " enable_stateless_rejects: " << p.enable_stateless_rejects | 68 os << " enable_stateless_rejects: " << p.enable_stateless_rejects |
| 76 << std::endl; | 69 << std::endl; |
| 77 os << " use_stateless_rejects: " << p.use_stateless_rejects << std::endl; | 70 os << " use_stateless_rejects: " << p.use_stateless_rejects << std::endl; |
| 78 os << " versions: " << QuicVersionVectorToString(p.supported_versions) | 71 os << " versions: " << QuicVersionVectorToString(p.supported_versions) |
| 79 << " }"; | 72 << " }"; |
| 80 return os; | 73 return os; |
| 81 } | 74 } |
| 82 | 75 |
| 83 bool use_early_return_when_verifying_chlo; | |
| 84 // This only enables the stateless reject feature via the feature-flag. | 76 // This only enables the stateless reject feature via the feature-flag. |
| 85 // It does not force the crypto server to emit stateless rejects. | 77 // It does not force the crypto server to emit stateless rejects. |
| 86 bool enable_stateless_rejects; | 78 bool enable_stateless_rejects; |
| 87 // If true, this forces the server to send a stateless reject when | 79 // If true, this forces the server to send a stateless reject when |
| 88 // rejecting messages. This should be a no-op if | 80 // rejecting messages. This should be a no-op if |
| 89 // enable_stateless_rejects is false. | 81 // enable_stateless_rejects is false. |
| 90 bool use_stateless_rejects; | 82 bool use_stateless_rejects; |
| 91 // Versions supported by client and server. | 83 // Versions supported by client and server. |
| 92 QuicVersionVector supported_versions; | 84 QuicVersionVector supported_versions; |
| 93 }; | 85 }; |
| 94 | 86 |
| 95 // Constructs various test permutations. | 87 // Constructs various test permutations. |
| 96 vector<TestParams> GetTestParams() { | 88 vector<TestParams> GetTestParams() { |
| 97 vector<TestParams> params; | 89 vector<TestParams> params; |
| 98 static const bool kTrueFalse[] = {true, false}; | 90 static const bool kTrueFalse[] = {true, false}; |
| 99 for (bool use_early_return : kTrueFalse) { | 91 for (bool enable_stateless_rejects : kTrueFalse) { |
| 100 for (bool enable_stateless_rejects : kTrueFalse) { | 92 for (bool use_stateless_rejects : kTrueFalse) { |
| 101 for (bool use_stateless_rejects : kTrueFalse) { | 93 // Start with all versions, remove highest on each iteration. |
| 102 // Start with all versions, remove highest on each iteration. | 94 QuicVersionVector supported_versions = QuicSupportedVersions(); |
| 103 QuicVersionVector supported_versions = QuicSupportedVersions(); | 95 while (!supported_versions.empty()) { |
| 104 while (!supported_versions.empty()) { | 96 params.push_back(TestParams(enable_stateless_rejects, |
| 105 params.push_back( | 97 use_stateless_rejects, supported_versions)); |
| 106 TestParams(use_early_return, enable_stateless_rejects, | 98 supported_versions.erase(supported_versions.begin()); |
| 107 use_stateless_rejects, supported_versions)); | |
| 108 supported_versions.erase(supported_versions.begin()); | |
| 109 } | |
| 110 } | 99 } |
| 111 } | 100 } |
| 112 } | 101 } |
| 113 return params; | 102 return params; |
| 114 } | 103 } |
| 115 | 104 |
| 116 class CryptoServerTest : public ::testing::TestWithParam<TestParams> { | 105 class CryptoServerTest : public ::testing::TestWithParam<TestParams> { |
| 117 public: | 106 public: |
| 118 CryptoServerTest() | 107 CryptoServerTest() |
| 119 : rand_(QuicRandom::GetInstance()), | 108 : rand_(QuicRandom::GetInstance()), |
| 120 client_address_(Loopback4(), 1234), | 109 client_address_(Loopback4(), 1234), |
| 121 config_(QuicCryptoServerConfig::TESTING, | 110 config_(QuicCryptoServerConfig::TESTING, |
| 122 rand_, | 111 rand_, |
| 123 CryptoTestUtils::ProofSourceForTesting()), | 112 CryptoTestUtils::ProofSourceForTesting()), |
| 124 compressed_certs_cache_( | 113 compressed_certs_cache_( |
| 125 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize) { | 114 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize) { |
| 126 supported_versions_ = GetParam().supported_versions; | 115 supported_versions_ = GetParam().supported_versions; |
| 127 config_.set_enable_serving_sct(true); | 116 config_.set_enable_serving_sct(true); |
| 128 | 117 |
| 129 client_version_ = supported_versions_.front(); | 118 client_version_ = supported_versions_.front(); |
| 130 client_version_string_ = | 119 client_version_string_ = |
| 131 QuicUtils::TagToString(QuicVersionToQuicTag(client_version_)); | 120 QuicUtils::TagToString(QuicVersionToQuicTag(client_version_)); |
| 132 | 121 |
| 133 FLAGS_use_early_return_when_verifying_chlo = | |
| 134 GetParam().use_early_return_when_verifying_chlo; | |
| 135 FLAGS_enable_quic_stateless_reject_support = | 122 FLAGS_enable_quic_stateless_reject_support = |
| 136 GetParam().enable_stateless_rejects; | 123 GetParam().enable_stateless_rejects; |
| 137 use_stateless_rejects_ = GetParam().use_stateless_rejects; | 124 use_stateless_rejects_ = GetParam().use_stateless_rejects; |
| 138 } | 125 } |
| 139 | 126 |
| 140 void SetUp() override { | 127 void SetUp() override { |
| 141 QuicCryptoServerConfig::ConfigOptions old_config_options; | 128 QuicCryptoServerConfig::ConfigOptions old_config_options; |
| 142 old_config_options.id = kOldConfigId; | 129 old_config_options.id = kOldConfigId; |
| 143 delete config_.AddDefaultConfig(rand_, &clock_, old_config_options); | 130 delete config_.AddDefaultConfig(rand_, &clock_, old_config_options); |
| 144 clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(1000)); | 131 clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(1000)); |
| (...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 320 void CheckRejectReasons( | 307 void CheckRejectReasons( |
| 321 const HandshakeFailureReason* expected_handshake_failures, | 308 const HandshakeFailureReason* expected_handshake_failures, |
| 322 size_t expected_count) { | 309 size_t expected_count) { |
| 323 const uint32_t* reject_reasons; | 310 const uint32_t* reject_reasons; |
| 324 size_t num_reject_reasons; | 311 size_t num_reject_reasons; |
| 325 static_assert(sizeof(QuicTag) == sizeof(uint32_t), "header out of sync"); | 312 static_assert(sizeof(QuicTag) == sizeof(uint32_t), "header out of sync"); |
| 326 QuicErrorCode error_code = | 313 QuicErrorCode error_code = |
| 327 out_.GetTaglist(kRREJ, &reject_reasons, &num_reject_reasons); | 314 out_.GetTaglist(kRREJ, &reject_reasons, &num_reject_reasons); |
| 328 ASSERT_EQ(QUIC_NO_ERROR, error_code); | 315 ASSERT_EQ(QUIC_NO_ERROR, error_code); |
| 329 | 316 |
| 330 if (FLAGS_use_early_return_when_verifying_chlo) { | 317 EXPECT_EQ(expected_count, num_reject_reasons); |
| 331 EXPECT_EQ(1u, num_reject_reasons); | |
| 332 } else { | |
| 333 EXPECT_EQ(expected_count, num_reject_reasons); | |
| 334 } | |
| 335 for (size_t i = 0; i < num_reject_reasons; ++i) { | 318 for (size_t i = 0; i < num_reject_reasons; ++i) { |
| 336 EXPECT_EQ(expected_handshake_failures[i], reject_reasons[i]); | 319 EXPECT_EQ(expected_handshake_failures[i], reject_reasons[i]); |
| 337 } | 320 } |
| 338 } | 321 } |
| 339 | 322 |
| 340 // If the server is rejecting statelessly, make sure it contains a | 323 // If the server is rejecting statelessly, make sure it contains a |
| 341 // server-designated connection id. Once the check is complete, | 324 // server-designated connection id. Once the check is complete, |
| 342 // allow the random id-generator to move to the next value. | 325 // allow the random id-generator to move to the next value. |
| 343 void CheckForServerDesignatedConnectionId() { | 326 void CheckForServerDesignatedConnectionId() { |
| 344 QuicConnectionId server_designated_connection_id; | 327 QuicConnectionId server_designated_connection_id; |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 389 CryptoHandshakeMessage out_; | 372 CryptoHandshakeMessage out_; |
| 390 uint8_t orbit_[kOrbitSize]; | 373 uint8_t orbit_[kOrbitSize]; |
| 391 bool use_stateless_rejects_; | 374 bool use_stateless_rejects_; |
| 392 | 375 |
| 393 // These strings contain hex escaped values from the server suitable for using | 376 // These strings contain hex escaped values from the server suitable for using |
| 394 // when constructing client hello messages. | 377 // when constructing client hello messages. |
| 395 string nonce_hex_, pub_hex_, srct_hex_, scid_hex_; | 378 string nonce_hex_, pub_hex_, srct_hex_, scid_hex_; |
| 396 std::unique_ptr<CryptoHandshakeMessage> server_config_; | 379 std::unique_ptr<CryptoHandshakeMessage> server_config_; |
| 397 }; | 380 }; |
| 398 | 381 |
| 399 // Run all CryptoServerTest with both values of | |
| 400 // FLAGS_use_early_return_when_verifying_chlo. | |
| 401 INSTANTIATE_TEST_CASE_P(CryptoServerTests, | 382 INSTANTIATE_TEST_CASE_P(CryptoServerTests, |
| 402 CryptoServerTest, | 383 CryptoServerTest, |
| 403 ::testing::ValuesIn(GetTestParams())); | 384 ::testing::ValuesIn(GetTestParams())); |
| 404 | 385 |
| 405 TEST_P(CryptoServerTest, BadSNI) { | 386 TEST_P(CryptoServerTest, BadSNI) { |
| 406 // clang-format off | 387 // clang-format off |
| 407 static const char* const kBadSNIs[] = { | 388 static const char* const kBadSNIs[] = { |
| 408 "", | 389 "", |
| 409 "foo", | 390 "foo", |
| 410 "#00", | 391 "#00", |
| (...skipping 764 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1175 | 1156 |
| 1176 strike_register_client_->RunPendingVerifications(); | 1157 strike_register_client_->RunPendingVerifications(); |
| 1177 ASSERT_TRUE(called); | 1158 ASSERT_TRUE(called); |
| 1178 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); | 1159 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); |
| 1179 // The message should be rejected now. | 1160 // The message should be rejected now. |
| 1180 CheckRejectTag(); | 1161 CheckRejectTag(); |
| 1181 } | 1162 } |
| 1182 | 1163 |
| 1183 } // namespace test | 1164 } // namespace test |
| 1184 } // namespace net | 1165 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2060723002:
deprecating gfe2_reloadable_flag_use_early_return_when_verifying_chlo (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@124302573