OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/test_tools/crypto_test_utils.h" | 5 #include "net/quic/test_tools/crypto_test_utils.h" |
6 | 6 |
7 #include <openssl/bn.h> | 7 #include <openssl/bn.h> |
8 #include <openssl/ec.h> | 8 #include <openssl/ec.h> |
9 #include <openssl/ecdsa.h> | 9 #include <openssl/ecdsa.h> |
10 #include <openssl/evp.h> | 10 #include <openssl/evp.h> |
(...skipping 257 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
268 | 268 |
269 CryptoTestUtils::FakeClientOptions::FakeClientOptions() | 269 CryptoTestUtils::FakeClientOptions::FakeClientOptions() |
270 : channel_id_enabled(false), channel_id_source_async(false) {} | 270 : channel_id_enabled(false), channel_id_source_async(false) {} |
271 | 271 |
272 CryptoTestUtils::FakeClientOptions::~FakeClientOptions() {} | 272 CryptoTestUtils::FakeClientOptions::~FakeClientOptions() {} |
273 | 273 |
274 namespace { | 274 namespace { |
275 // This class is used by GenerateFullCHLO() to extract SCID and STK from | 275 // This class is used by GenerateFullCHLO() to extract SCID and STK from |
276 // REJ/SREJ and to construct a full CHLO with these fields and given inchoate | 276 // REJ/SREJ and to construct a full CHLO with these fields and given inchoate |
277 // CHLO. | 277 // CHLO. |
278 class FullChloGenerator : public ValidateClientHelloResultCallback { | 278 class FullChloGenerator { |
279 public: | 279 public: |
280 FullChloGenerator(QuicCryptoServerConfig* crypto_config, | 280 FullChloGenerator(QuicCryptoServerConfig* crypto_config, |
281 IPAddress server_ip, | 281 IPAddress server_ip, |
282 IPEndPoint client_addr, | 282 IPEndPoint client_addr, |
283 const QuicClock* clock, | 283 const QuicClock* clock, |
284 QuicCryptoProof* proof, | 284 QuicCryptoProof* proof, |
285 QuicCompressedCertsCache* compressed_certs_cache, | 285 QuicCompressedCertsCache* compressed_certs_cache, |
286 CryptoHandshakeMessage* out) | 286 CryptoHandshakeMessage* out) |
287 : crypto_config_(crypto_config), | 287 : crypto_config_(crypto_config), |
288 server_ip_(server_ip), | 288 server_ip_(server_ip), |
289 client_addr_(client_addr), | 289 client_addr_(client_addr), |
290 clock_(clock), | 290 clock_(clock), |
291 proof_(proof), | 291 proof_(proof), |
292 compressed_certs_cache_(compressed_certs_cache), | 292 compressed_certs_cache_(compressed_certs_cache), |
293 out_(out) {} | 293 out_(out) {} |
294 | 294 |
295 void Run(scoped_refptr<ValidateClientHelloResultCallback::Result> result, | 295 class ValidateClientHelloCallback : public ValidateClientHelloResultCallback { |
296 std::unique_ptr<ProofSource::Details> /* details */) override { | 296 public: |
297 QuicCryptoNegotiatedParameters params; | 297 explicit ValidateClientHelloCallback(FullChloGenerator* generator) |
298 string error_details; | 298 : generator_(generator) {} |
299 DiversificationNonce diversification_nonce; | 299 void Run(scoped_refptr<ValidateClientHelloResultCallback::Result> result, |
300 CryptoHandshakeMessage rej; | 300 std::unique_ptr<ProofSource::Details> /* details */) override { |
| 301 generator_->ValidateClientHelloDone(std::move(result)); |
| 302 } |
| 303 |
| 304 private: |
| 305 FullChloGenerator* generator_; |
| 306 }; |
| 307 |
| 308 std::unique_ptr<ValidateClientHelloCallback> |
| 309 GetValidateClientHelloCallback() { |
| 310 return std::unique_ptr<ValidateClientHelloCallback>( |
| 311 new ValidateClientHelloCallback(this)); |
| 312 } |
| 313 |
| 314 private: |
| 315 void ValidateClientHelloDone( |
| 316 scoped_refptr<ValidateClientHelloResultCallback::Result> result) { |
| 317 result_ = result; |
301 crypto_config_->ProcessClientHello( | 318 crypto_config_->ProcessClientHello( |
302 result, /*reject_only=*/false, /*connection_id=*/1, server_ip_, | 319 result_, /*reject_only=*/false, /*connection_id=*/1, server_ip_, |
303 client_addr_, AllSupportedVersions().front(), AllSupportedVersions(), | 320 client_addr_, AllSupportedVersions().front(), AllSupportedVersions(), |
304 /*use_stateless_rejects=*/true, /*server_designated_connection_id=*/0, | 321 /*use_stateless_rejects=*/true, /*server_designated_connection_id=*/0, |
305 clock_, QuicRandom::GetInstance(), compressed_certs_cache_, ¶ms, | 322 clock_, QuicRandom::GetInstance(), compressed_certs_cache_, ¶ms_, |
306 proof_, /*total_framing_overhead=*/50, kDefaultMaxPacketSize, &rej, | 323 proof_, /*total_framing_overhead=*/50, kDefaultMaxPacketSize, |
307 &diversification_nonce, &error_details); | 324 GetProcessClientHelloCallback()); |
| 325 } |
| 326 |
| 327 class ProcessClientHelloCallback : public ProcessClientHelloResultCallback { |
| 328 public: |
| 329 explicit ProcessClientHelloCallback(FullChloGenerator* generator) |
| 330 : generator_(generator) {} |
| 331 void Run( |
| 332 QuicErrorCode error, |
| 333 const string& error_details, |
| 334 std::unique_ptr<CryptoHandshakeMessage> message, |
| 335 std::unique_ptr<DiversificationNonce> diversification_nonce) override { |
| 336 generator_->ProcessClientHelloDone(std::move(message)); |
| 337 } |
| 338 |
| 339 private: |
| 340 FullChloGenerator* generator_; |
| 341 }; |
| 342 |
| 343 std::unique_ptr<ProcessClientHelloCallback> GetProcessClientHelloCallback() { |
| 344 return std::unique_ptr<ProcessClientHelloCallback>( |
| 345 new ProcessClientHelloCallback(this)); |
| 346 } |
| 347 |
| 348 void ProcessClientHelloDone(std::unique_ptr<CryptoHandshakeMessage> rej) { |
308 // Verify output is a REJ or SREJ. | 349 // Verify output is a REJ or SREJ. |
309 EXPECT_THAT(rej.tag(), | 350 EXPECT_THAT(rej->tag(), |
310 testing::AnyOf(testing::Eq(kSREJ), testing::Eq(kREJ))); | 351 testing::AnyOf(testing::Eq(kSREJ), testing::Eq(kREJ))); |
311 | 352 |
312 VLOG(1) << "Extract valid STK and SCID from\n" << rej.DebugString(); | 353 VLOG(1) << "Extract valid STK and SCID from\n" << rej->DebugString(); |
313 StringPiece srct; | 354 StringPiece srct; |
314 ASSERT_TRUE(rej.GetStringPiece(kSourceAddressTokenTag, &srct)); | 355 ASSERT_TRUE(rej->GetStringPiece(kSourceAddressTokenTag, &srct)); |
315 | 356 |
316 StringPiece scfg; | 357 StringPiece scfg; |
317 ASSERT_TRUE(rej.GetStringPiece(kSCFG, &scfg)); | 358 ASSERT_TRUE(rej->GetStringPiece(kSCFG, &scfg)); |
318 std::unique_ptr<CryptoHandshakeMessage> server_config( | 359 std::unique_ptr<CryptoHandshakeMessage> server_config( |
319 CryptoFramer::ParseMessage(scfg)); | 360 CryptoFramer::ParseMessage(scfg)); |
320 | 361 |
321 StringPiece scid; | 362 StringPiece scid; |
322 ASSERT_TRUE(server_config->GetStringPiece(kSCID, &scid)); | 363 ASSERT_TRUE(server_config->GetStringPiece(kSCID, &scid)); |
323 | 364 |
324 *out_ = result->client_hello; | 365 *out_ = result_->client_hello; |
325 out_->SetStringPiece(kSCID, scid); | 366 out_->SetStringPiece(kSCID, scid); |
326 out_->SetStringPiece(kSourceAddressTokenTag, srct); | 367 out_->SetStringPiece(kSourceAddressTokenTag, srct); |
327 uint64_t xlct = CryptoTestUtils::LeafCertHashForTesting(); | 368 uint64_t xlct = CryptoTestUtils::LeafCertHashForTesting(); |
328 out_->SetValue(kXLCT, xlct); | 369 out_->SetValue(kXLCT, xlct); |
329 } | 370 } |
330 | 371 |
331 protected: | 372 protected: |
332 QuicCryptoServerConfig* crypto_config_; | 373 QuicCryptoServerConfig* crypto_config_; |
333 IPAddress server_ip_; | 374 IPAddress server_ip_; |
334 IPEndPoint client_addr_; | 375 IPEndPoint client_addr_; |
335 const QuicClock* clock_; | 376 const QuicClock* clock_; |
336 QuicCryptoProof* proof_; | 377 QuicCryptoProof* proof_; |
337 QuicCompressedCertsCache* compressed_certs_cache_; | 378 QuicCompressedCertsCache* compressed_certs_cache_; |
338 CryptoHandshakeMessage* out_; | 379 CryptoHandshakeMessage* out_; |
| 380 |
| 381 QuicCryptoNegotiatedParameters params_; |
| 382 scoped_refptr<ValidateClientHelloResultCallback::Result> result_; |
339 }; | 383 }; |
| 384 |
340 } // namespace | 385 } // namespace |
341 | 386 |
342 // static | 387 // static |
343 int CryptoTestUtils::HandshakeWithFakeServer( | 388 int CryptoTestUtils::HandshakeWithFakeServer( |
344 QuicConfig* server_quic_config, | 389 QuicConfig* server_quic_config, |
345 MockQuicConnectionHelper* helper, | 390 MockQuicConnectionHelper* helper, |
346 MockAlarmFactory* alarm_factory, | 391 MockAlarmFactory* alarm_factory, |
347 PacketSavingConnection* client_conn, | 392 PacketSavingConnection* client_conn, |
348 QuicCryptoClientStream* client, | 393 QuicCryptoClientStream* client, |
349 const FakeServerOptions& options) { | 394 const FakeServerOptions& options) { |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
405 | 450 |
406 EXPECT_CALL(client_session, OnProofValid(testing::_)) | 451 EXPECT_CALL(client_session, OnProofValid(testing::_)) |
407 .Times(testing::AnyNumber()); | 452 .Times(testing::AnyNumber()); |
408 client_session.GetCryptoStream()->CryptoConnect(); | 453 client_session.GetCryptoStream()->CryptoConnect(); |
409 CHECK_EQ(1u, client_conn->encrypted_packets_.size()); | 454 CHECK_EQ(1u, client_conn->encrypted_packets_.size()); |
410 | 455 |
411 CommunicateHandshakeMessagesAndRunCallbacks( | 456 CommunicateHandshakeMessagesAndRunCallbacks( |
412 client_conn, client_session.GetCryptoStream(), server_conn, server, | 457 client_conn, client_session.GetCryptoStream(), server_conn, server, |
413 async_channel_id_source); | 458 async_channel_id_source); |
414 | 459 |
415 CompareClientAndServerKeys(client_session.GetCryptoStream(), server); | 460 if (server->handshake_confirmed() && server->encryption_established()) { |
| 461 CompareClientAndServerKeys(client_session.GetCryptoStream(), server); |
416 | 462 |
417 if (options.channel_id_enabled) { | 463 if (options.channel_id_enabled) { |
418 std::unique_ptr<ChannelIDKey> channel_id_key; | 464 std::unique_ptr<ChannelIDKey> channel_id_key; |
419 QuicAsyncStatus status = crypto_config.channel_id_source()->GetChannelIDKey( | 465 QuicAsyncStatus status = |
420 server_id.host(), &channel_id_key, nullptr); | 466 crypto_config.channel_id_source()->GetChannelIDKey( |
421 EXPECT_EQ(QUIC_SUCCESS, status); | 467 server_id.host(), &channel_id_key, nullptr); |
422 EXPECT_EQ(channel_id_key->SerializeKey(), | 468 EXPECT_EQ(QUIC_SUCCESS, status); |
423 server->crypto_negotiated_params().channel_id); | 469 EXPECT_EQ(channel_id_key->SerializeKey(), |
424 EXPECT_EQ( | 470 server->crypto_negotiated_params().channel_id); |
425 options.channel_id_source_async, | 471 EXPECT_EQ( |
426 client_session.GetCryptoStream()->WasChannelIDSourceCallbackRun()); | 472 options.channel_id_source_async, |
| 473 client_session.GetCryptoStream()->WasChannelIDSourceCallbackRun()); |
| 474 } |
427 } | 475 } |
428 | 476 |
429 return client_session.GetCryptoStream()->num_sent_client_hellos(); | 477 return client_session.GetCryptoStream()->num_sent_client_hellos(); |
430 } | 478 } |
431 | 479 |
432 // static | 480 // static |
433 void CryptoTestUtils::SetupCryptoServerConfigForTest( | 481 void CryptoTestUtils::SetupCryptoServerConfigForTest( |
434 const QuicClock* clock, | 482 const QuicClock* clock, |
435 QuicRandom* rand, | 483 QuicRandom* rand, |
436 QuicConfig* config, | 484 QuicConfig* config, |
(...skipping 520 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
957 const CryptoHandshakeMessage& inchoate_chlo, | 1005 const CryptoHandshakeMessage& inchoate_chlo, |
958 QuicCryptoServerConfig* crypto_config, | 1006 QuicCryptoServerConfig* crypto_config, |
959 IPAddress server_ip, | 1007 IPAddress server_ip, |
960 IPEndPoint client_addr, | 1008 IPEndPoint client_addr, |
961 QuicVersion version, | 1009 QuicVersion version, |
962 const QuicClock* clock, | 1010 const QuicClock* clock, |
963 QuicCryptoProof* proof, | 1011 QuicCryptoProof* proof, |
964 QuicCompressedCertsCache* compressed_certs_cache, | 1012 QuicCompressedCertsCache* compressed_certs_cache, |
965 CryptoHandshakeMessage* out) { | 1013 CryptoHandshakeMessage* out) { |
966 // Pass a inchoate CHLO. | 1014 // Pass a inchoate CHLO. |
| 1015 FullChloGenerator generator(crypto_config, server_ip, client_addr, clock, |
| 1016 proof, compressed_certs_cache, out); |
967 crypto_config->ValidateClientHello( | 1017 crypto_config->ValidateClientHello( |
968 inchoate_chlo, client_addr.address(), server_ip, version, clock, proof, | 1018 inchoate_chlo, client_addr.address(), server_ip, version, clock, proof, |
969 std::unique_ptr<FullChloGenerator>( | 1019 generator.GetValidateClientHelloCallback()); |
970 new FullChloGenerator(crypto_config, server_ip, client_addr, clock, | |
971 proof, compressed_certs_cache, out))); | |
972 } | 1020 } |
973 | 1021 |
974 } // namespace test | 1022 } // namespace test |
975 } // namespace net | 1023 } // namespace net |
OLD | NEW |