Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(515)

Unified Diff: net/quic/crypto/quic_crypto_client_config_test.cc

Issue 2193073003: Move shared files in net/quic/ into net/quic/core/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: io_thread_unittest.cc Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/crypto/quic_crypto_client_config.cc ('k') | net/quic/crypto/quic_crypto_server_config.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/quic_crypto_client_config_test.cc
diff --git a/net/quic/crypto/quic_crypto_client_config_test.cc b/net/quic/crypto/quic_crypto_client_config_test.cc
deleted file mode 100644
index 0f6a96f9c67440311fbcc9f824004a2d705a7a96..0000000000000000000000000000000000000000
--- a/net/quic/crypto/quic_crypto_client_config_test.cc
+++ /dev/null
@@ -1,458 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/quic_crypto_client_config.h"
-
-#include "net/quic/crypto/proof_verifier.h"
-#include "net/quic/quic_server_id.h"
-#include "net/quic/test_tools/crypto_test_utils.h"
-#include "net/quic/test_tools/mock_random.h"
-#include "net/quic/test_tools/quic_test_utils.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-using std::string;
-using std::vector;
-
-namespace net {
-namespace test {
-namespace {
-
-class TestProofVerifyDetails : public ProofVerifyDetails {
- ~TestProofVerifyDetails() override {}
-
- // ProofVerifyDetails implementation
- ProofVerifyDetails* Clone() const override {
- return new TestProofVerifyDetails;
- }
-};
-
-} // namespace
-
-TEST(QuicCryptoClientConfigTest, CachedState_IsEmpty) {
- QuicCryptoClientConfig::CachedState state;
- EXPECT_TRUE(state.IsEmpty());
-}
-
-TEST(QuicCryptoClientConfigTest, CachedState_IsComplete) {
- QuicCryptoClientConfig::CachedState state;
- EXPECT_FALSE(state.IsComplete(QuicWallTime::FromUNIXSeconds(0)));
-}
-
-TEST(QuicCryptoClientConfigTest, CachedState_GenerationCounter) {
- QuicCryptoClientConfig::CachedState state;
- EXPECT_EQ(0u, state.generation_counter());
- state.SetProofInvalid();
- EXPECT_EQ(1u, state.generation_counter());
-}
-
-TEST(QuicCryptoClientConfigTest, CachedState_SetProofVerifyDetails) {
- QuicCryptoClientConfig::CachedState state;
- EXPECT_TRUE(state.proof_verify_details() == nullptr);
- ProofVerifyDetails* details = new TestProofVerifyDetails;
- state.SetProofVerifyDetails(details);
- EXPECT_EQ(details, state.proof_verify_details());
-}
-
-TEST(QuicCryptoClientConfigTest, CachedState_ServerDesignatedConnectionId) {
- QuicCryptoClientConfig::CachedState state;
- EXPECT_FALSE(state.has_server_designated_connection_id());
-
- QuicConnectionId connection_id = 1234;
- state.add_server_designated_connection_id(connection_id);
- EXPECT_TRUE(state.has_server_designated_connection_id());
- EXPECT_EQ(connection_id, state.GetNextServerDesignatedConnectionId());
- EXPECT_FALSE(state.has_server_designated_connection_id());
-
- // Allow the ID to be set multiple times. It's unusual that this would
- // happen, but not impossible.
- ++connection_id;
- state.add_server_designated_connection_id(connection_id);
- EXPECT_TRUE(state.has_server_designated_connection_id());
- EXPECT_EQ(connection_id, state.GetNextServerDesignatedConnectionId());
- ++connection_id;
- state.add_server_designated_connection_id(connection_id);
- EXPECT_EQ(connection_id, state.GetNextServerDesignatedConnectionId());
- EXPECT_FALSE(state.has_server_designated_connection_id());
-
- // Test FIFO behavior.
- const QuicConnectionId first_cid = 0xdeadbeef;
- const QuicConnectionId second_cid = 0xfeedbead;
- state.add_server_designated_connection_id(first_cid);
- state.add_server_designated_connection_id(second_cid);
- EXPECT_TRUE(state.has_server_designated_connection_id());
- EXPECT_EQ(first_cid, state.GetNextServerDesignatedConnectionId());
- EXPECT_EQ(second_cid, state.GetNextServerDesignatedConnectionId());
-}
-
-TEST(QuicCryptoClientConfigTest, CachedState_ServerIdConsumedBeforeSet) {
- QuicCryptoClientConfig::CachedState state;
- EXPECT_FALSE(state.has_server_designated_connection_id());
-#if GTEST_HAS_DEATH_TEST && !defined(NDEBUG)
- EXPECT_DEBUG_DEATH(state.GetNextServerDesignatedConnectionId(),
- "Attempting to consume a connection id "
- "that was never designated.");
-#endif // GTEST_HAS_DEATH_TEST && !defined(NDEBUG)
-}
-
-TEST(QuicCryptoClientConfigTest, CachedState_ServerNonce) {
- QuicCryptoClientConfig::CachedState state;
- EXPECT_FALSE(state.has_server_nonce());
-
- string server_nonce = "nonce_1";
- state.add_server_nonce(server_nonce);
- EXPECT_TRUE(state.has_server_nonce());
- EXPECT_EQ(server_nonce, state.GetNextServerNonce());
- EXPECT_FALSE(state.has_server_nonce());
-
- // Allow the ID to be set multiple times. It's unusual that this would
- // happen, but not impossible.
- server_nonce = "nonce_2";
- state.add_server_nonce(server_nonce);
- EXPECT_TRUE(state.has_server_nonce());
- EXPECT_EQ(server_nonce, state.GetNextServerNonce());
- server_nonce = "nonce_3";
- state.add_server_nonce(server_nonce);
- EXPECT_EQ(server_nonce, state.GetNextServerNonce());
- EXPECT_FALSE(state.has_server_nonce());
-
- // Test FIFO behavior.
- const string first_nonce = "first_nonce";
- const string second_nonce = "second_nonce";
- state.add_server_nonce(first_nonce);
- state.add_server_nonce(second_nonce);
- EXPECT_TRUE(state.has_server_nonce());
- EXPECT_EQ(first_nonce, state.GetNextServerNonce());
- EXPECT_EQ(second_nonce, state.GetNextServerNonce());
-}
-
-TEST(QuicCryptoClientConfigTest, CachedState_ServerNonceConsumedBeforeSet) {
- QuicCryptoClientConfig::CachedState state;
- EXPECT_FALSE(state.has_server_nonce());
-#if GTEST_HAS_DEATH_TEST && !defined(NDEBUG)
- EXPECT_DEBUG_DEATH(state.GetNextServerNonce(),
- "Attempting to consume a server nonce "
- "that was never designated.");
-#endif // GTEST_HAS_DEATH_TEST && !defined(NDEBUG)
-}
-
-TEST(QuicCryptoClientConfigTest, CachedState_InitializeFrom) {
- QuicCryptoClientConfig::CachedState state;
- QuicCryptoClientConfig::CachedState other;
- state.set_source_address_token("TOKEN");
- // TODO(rch): Populate other fields of |state|.
- other.InitializeFrom(state);
- EXPECT_EQ(state.server_config(), other.server_config());
- EXPECT_EQ(state.source_address_token(), other.source_address_token());
- EXPECT_EQ(state.certs(), other.certs());
- EXPECT_EQ(1u, other.generation_counter());
- EXPECT_FALSE(state.has_server_designated_connection_id());
- EXPECT_FALSE(state.has_server_nonce());
-}
-
-TEST(QuicCryptoClientConfigTest, InchoateChlo) {
- QuicCryptoClientConfig::CachedState state;
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- QuicCryptoNegotiatedParameters params;
- CryptoHandshakeMessage msg;
- QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
- MockRandom rand;
- config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand,
- /* demand_x509_proof= */ true, &params, &msg);
-
- QuicTag cver;
- EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kVER, &cver));
- EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver);
- StringPiece proof_nonce;
- EXPECT_TRUE(msg.GetStringPiece(kNONP, &proof_nonce));
- EXPECT_EQ(string(32, 'r'), proof_nonce);
-}
-
-TEST(QuicCryptoClientConfigTest, PreferAesGcm) {
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- if (config.aead.size() > 1)
- EXPECT_NE(kAESG, config.aead[0]);
- config.PreferAesGcm();
- EXPECT_EQ(kAESG, config.aead[0]);
-}
-
-TEST(QuicCryptoClientConfigTest, InchoateChloSecure) {
- QuicCryptoClientConfig::CachedState state;
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- QuicCryptoNegotiatedParameters params;
- CryptoHandshakeMessage msg;
- QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
- MockRandom rand;
- config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand,
- /* demand_x509_proof= */ true, &params, &msg);
-
- QuicTag pdmd;
- EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd));
- EXPECT_EQ(kX509, pdmd);
- StringPiece scid;
- EXPECT_FALSE(msg.GetStringPiece(kSCID, &scid));
-}
-
-TEST(QuicCryptoClientConfigTest, InchoateChloSecureWithSCID) {
- QuicCryptoClientConfig::CachedState state;
- CryptoHandshakeMessage scfg;
- scfg.set_tag(kSCFG);
- uint64_t future = 1;
- scfg.SetValue(kEXPY, future);
- scfg.SetStringPiece(kSCID, "12345678");
- string details;
- state.SetServerConfig(scfg.GetSerialized().AsStringPiece(),
- QuicWallTime::FromUNIXSeconds(0), &details);
-
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- QuicCryptoNegotiatedParameters params;
- CryptoHandshakeMessage msg;
- QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
- MockRandom rand;
- config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand,
- /* demand_x509_proof= */ true, &params, &msg);
-
- StringPiece scid;
- EXPECT_TRUE(msg.GetStringPiece(kSCID, &scid));
- EXPECT_EQ("12345678", scid);
-}
-
-TEST(QuicCryptoClientConfigTest, InchoateChloSecureNoEcdsa) {
- QuicCryptoClientConfig::CachedState state;
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- config.DisableEcdsa();
- QuicCryptoNegotiatedParameters params;
- CryptoHandshakeMessage msg;
- QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
- MockRandom rand;
- config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand,
- /* demand_x509_proof= */ true, &params, &msg);
-
- QuicTag pdmd;
- EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd));
- EXPECT_EQ(kX59R, pdmd);
-}
-
-TEST(QuicCryptoClientConfigTest, FillClientHello) {
- QuicCryptoClientConfig::CachedState state;
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- QuicCryptoNegotiatedParameters params;
- QuicConnectionId kConnectionId = 1234;
- string error_details;
- MockRandom rand;
- CryptoHandshakeMessage chlo;
- QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
- config.FillClientHello(server_id, kConnectionId, QuicVersionMax(),
- QuicVersionMax(), &state, QuicWallTime::Zero(), &rand,
- nullptr, // channel_id_key
- &params, &chlo, &error_details);
-
- // Verify that certain QuicTags have been set correctly in the CHLO.
- QuicTag cver;
- EXPECT_EQ(QUIC_NO_ERROR, chlo.GetUint32(kVER, &cver));
- EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver);
-}
-
-TEST(QuicCryptoClientConfigTest, ProcessServerDowngradeAttack) {
- QuicVersionVector supported_versions = QuicSupportedVersions();
- if (supported_versions.size() == 1) {
- // No downgrade attack is possible if the client only supports one version.
- return;
- }
- QuicTagVector supported_version_tags;
- for (size_t i = supported_versions.size(); i > 0; --i) {
- supported_version_tags.push_back(
- QuicVersionToQuicTag(supported_versions[i - 1]));
- }
- CryptoHandshakeMessage msg;
- msg.set_tag(kSHLO);
- msg.SetVector(kVER, supported_version_tags);
-
- QuicCryptoClientConfig::CachedState cached;
- QuicCryptoNegotiatedParameters out_params;
- string error;
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- EXPECT_EQ(QUIC_VERSION_NEGOTIATION_MISMATCH,
- config.ProcessServerHello(msg, 0, supported_versions.front(),
- supported_versions, &cached, &out_params,
- &error));
- EXPECT_EQ("Downgrade attack detected", error);
-}
-
-TEST(QuicCryptoClientConfigTest, InitializeFrom) {
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- QuicServerId canonical_server_id("www.google.com", 443,
- PRIVACY_MODE_DISABLED);
- QuicCryptoClientConfig::CachedState* state =
- config.LookupOrCreate(canonical_server_id);
- // TODO(rch): Populate other fields of |state|.
- state->set_source_address_token("TOKEN");
- state->SetProofValid();
-
- QuicServerId other_server_id("mail.google.com", 443, PRIVACY_MODE_DISABLED);
- config.InitializeFrom(other_server_id, canonical_server_id, &config);
- QuicCryptoClientConfig::CachedState* other =
- config.LookupOrCreate(other_server_id);
-
- EXPECT_EQ(state->server_config(), other->server_config());
- EXPECT_EQ(state->source_address_token(), other->source_address_token());
- EXPECT_EQ(state->certs(), other->certs());
- EXPECT_EQ(1u, other->generation_counter());
-}
-
-TEST(QuicCryptoClientConfigTest, Canonical) {
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- config.AddCanonicalSuffix(".google.com");
- QuicServerId canonical_id1("www.google.com", 443, PRIVACY_MODE_DISABLED);
- QuicServerId canonical_id2("mail.google.com", 443, PRIVACY_MODE_DISABLED);
- QuicCryptoClientConfig::CachedState* state =
- config.LookupOrCreate(canonical_id1);
- // TODO(rch): Populate other fields of |state|.
- state->set_source_address_token("TOKEN");
- state->SetProofValid();
-
- QuicCryptoClientConfig::CachedState* other =
- config.LookupOrCreate(canonical_id2);
-
- EXPECT_TRUE(state->IsEmpty());
- EXPECT_EQ(state->server_config(), other->server_config());
- EXPECT_EQ(state->source_address_token(), other->source_address_token());
- EXPECT_EQ(state->certs(), other->certs());
- EXPECT_EQ(1u, other->generation_counter());
-
- QuicServerId different_id("mail.google.org", 443, PRIVACY_MODE_DISABLED);
- EXPECT_TRUE(config.LookupOrCreate(different_id)->IsEmpty());
-}
-
-TEST(QuicCryptoClientConfigTest, CanonicalNotUsedIfNotValid) {
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- config.AddCanonicalSuffix(".google.com");
- QuicServerId canonical_id1("www.google.com", 443, PRIVACY_MODE_DISABLED);
- QuicServerId canonical_id2("mail.google.com", 443, PRIVACY_MODE_DISABLED);
- QuicCryptoClientConfig::CachedState* state =
- config.LookupOrCreate(canonical_id1);
- // TODO(rch): Populate other fields of |state|.
- state->set_source_address_token("TOKEN");
-
- // Do not set the proof as valid, and check that it is not used
- // as a canonical entry.
- EXPECT_TRUE(config.LookupOrCreate(canonical_id2)->IsEmpty());
-}
-
-TEST(QuicCryptoClientConfigTest, ClearCachedStates) {
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- QuicServerId server_id("www.google.com", 443, PRIVACY_MODE_DISABLED);
- QuicCryptoClientConfig::CachedState* state = config.LookupOrCreate(server_id);
- // TODO(rch): Populate other fields of |state|.
- vector<string> certs(1);
- certs[0] = "Hello Cert";
- state->SetProof(certs, "cert_sct", "chlo_hash", "signature");
- state->set_source_address_token("TOKEN");
- state->SetProofValid();
- EXPECT_EQ(1u, state->generation_counter());
-
- // Verify LookupOrCreate returns the same data.
- QuicCryptoClientConfig::CachedState* other = config.LookupOrCreate(server_id);
-
- EXPECT_EQ(state, other);
- EXPECT_EQ(1u, other->generation_counter());
-
- // Clear the cached states.
- config.ClearCachedStates();
-
- // Verify LookupOrCreate doesn't have any data.
- QuicCryptoClientConfig::CachedState* cleared_cache =
- config.LookupOrCreate(server_id);
-
- EXPECT_EQ(state, cleared_cache);
- EXPECT_FALSE(cleared_cache->proof_valid());
- EXPECT_TRUE(cleared_cache->server_config().empty());
- EXPECT_TRUE(cleared_cache->certs().empty());
- EXPECT_TRUE(cleared_cache->cert_sct().empty());
- EXPECT_TRUE(cleared_cache->signature().empty());
- EXPECT_EQ(2u, cleared_cache->generation_counter());
-}
-
-TEST(QuicCryptoClientConfigTest, ProcessReject) {
- CryptoHandshakeMessage rej;
- CryptoTestUtils::FillInDummyReject(&rej, /* stateless */ false);
-
- // Now process the rejection.
- QuicCryptoClientConfig::CachedState cached;
- QuicCryptoNegotiatedParameters out_params;
- string error;
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- EXPECT_EQ(QUIC_NO_ERROR,
- config.ProcessRejection(rej, QuicWallTime::FromUNIXSeconds(0),
- QuicSupportedVersions().front(), "",
- &cached, &out_params, &error));
- EXPECT_FALSE(cached.has_server_designated_connection_id());
- EXPECT_FALSE(cached.has_server_nonce());
-}
-
-TEST(QuicCryptoClientConfigTest, ProcessStatelessReject) {
- // Create a dummy reject message and mark it as stateless.
- CryptoHandshakeMessage rej;
- CryptoTestUtils::FillInDummyReject(&rej, /* stateless */ true);
- const QuicConnectionId kConnectionId = 0xdeadbeef;
- const string server_nonce = "SERVER_NONCE";
- rej.SetValue(kRCID, kConnectionId);
- rej.SetStringPiece(kServerNonceTag, server_nonce);
-
- // Now process the rejection.
- QuicCryptoClientConfig::CachedState cached;
- QuicCryptoNegotiatedParameters out_params;
- string error;
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- EXPECT_EQ(QUIC_NO_ERROR,
- config.ProcessRejection(rej, QuicWallTime::FromUNIXSeconds(0),
- QuicSupportedVersions().front(), "",
- &cached, &out_params, &error));
- EXPECT_TRUE(cached.has_server_designated_connection_id());
- EXPECT_EQ(kConnectionId, cached.GetNextServerDesignatedConnectionId());
- EXPECT_EQ(server_nonce, cached.GetNextServerNonce());
-}
-
-TEST(QuicCryptoClientConfigTest, BadlyFormattedStatelessReject) {
- // Create a dummy reject message and mark it as stateless. Do not
- // add an server-designated connection-id.
- CryptoHandshakeMessage rej;
- CryptoTestUtils::FillInDummyReject(&rej, /* stateless */ true);
-
- // Now process the rejection.
- QuicCryptoClientConfig::CachedState cached;
- QuicCryptoNegotiatedParameters out_params;
- string error;
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- EXPECT_EQ(QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND,
- config.ProcessRejection(rej, QuicWallTime::FromUNIXSeconds(0),
- QuicSupportedVersions().front(), "",
- &cached, &out_params, &error));
- EXPECT_FALSE(cached.has_server_designated_connection_id());
- EXPECT_EQ("Missing kRCID", error);
-}
-
-TEST(QuicCryptoClientConfigTest, ServerNonceinSHLO) {
- // Test that the server must include a nonce in the SHLO.
- CryptoHandshakeMessage msg;
- msg.set_tag(kSHLO);
- // Choose the latest version.
- QuicVersionVector supported_versions;
- QuicVersion version = QuicSupportedVersions().front();
- supported_versions.push_back(version);
- QuicTagVector versions;
- versions.push_back(QuicVersionToQuicTag(version));
- msg.SetVector(kVER, versions);
-
- QuicCryptoClientConfig config(CryptoTestUtils::ProofVerifierForTesting());
- QuicCryptoClientConfig::CachedState cached;
- QuicCryptoNegotiatedParameters out_params;
- string error_details;
- EXPECT_EQ(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
- config.ProcessServerHello(msg, 0, version, supported_versions,
- &cached, &out_params, &error_details));
- EXPECT_EQ("server hello missing server nonce", error_details);
-}
-
-} // namespace test
-} // namespace net
« no previous file with comments | « net/quic/crypto/quic_crypto_client_config.cc ('k') | net/quic/crypto/quic_crypto_server_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698