Landing Recent QUIC changes until Mon Nov 14 04:43:50 2016 +0000

net/quic/core/quic_crypto_server_stream_test.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/core/quic_crypto_server_stream.h"
 
 #include <map>
 #include <memory>
 #include <vector>
 
 #include "base/memory/ptr_util.h"
 #include "net/quic/core/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/quic/core/crypto/crypto_framer.h"
 #include "net/quic/core/crypto/crypto_handshake.h"
 #include "net/quic/core/crypto/crypto_protocol.h"
 #include "net/quic/core/crypto/crypto_utils.h"
 #include "net/quic/core/crypto/quic_crypto_server_config.h"
 #include "net/quic/core/crypto/quic_decrypter.h"
 #include "net/quic/core/crypto/quic_encrypter.h"
 #include "net/quic/core/crypto/quic_random.h"
 #include "net/quic/core/quic_crypto_client_stream.h"
 #include "net/quic/core/quic_flags.h"
 #include "net/quic/core/quic_protocol.h"
 #include "net/quic/core/quic_session.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
-#include "net/quic/test_tools/delayed_verify_strike_register_client.h"
 #include "net/quic/test_tools/quic_crypto_server_config_peer.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace net {
 class QuicConnection;
 class QuicStream;
 }  // namespace net
 
@@ skipping 24 matching lines @@
 
   explicit QuicCryptoServerStreamTest(std::unique_ptr<ProofSource> proof_source)
       : server_crypto_config_(QuicCryptoServerConfig::TESTING,
                               QuicRandom::GetInstance(),
                               std::move(proof_source)),
         server_compressed_certs_cache_(
             QuicCompressedCertsCache::kQuicCompressedCertsCacheSize),
         server_id_(kServerHostname, kServerPort, PRIVACY_MODE_DISABLED),
         client_crypto_config_(CryptoTestUtils::ProofVerifierForTesting()) {
     FLAGS_enable_quic_stateless_reject_support = false;
-    server_crypto_config_.set_strike_register_no_startup_period();
   }
 
-  void Initialize() {
-    InitializeServer();
-
-    if (AsyncStrikeRegisterVerification()) {
-      QuicCryptoServerConfigPeer peer(&server_crypto_config_);
-      strike_register_client_ = new DelayedVerifyStrikeRegisterClient(
-          10000,  // strike_register_max_entries
-          static_cast<uint32_t>(
-              server_connection_->clock()->WallNow().ToUNIXSeconds()),
-          60,  // strike_register_window_secs
-          peer.GetPrimaryConfig()->orbit,
-          StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
-      strike_register_client_->StartDelayingVerification();
-      server_crypto_config_.SetStrikeRegisterClient(strike_register_client_);
-    }
-  }
+  void Initialize() { InitializeServer(); }
 
   ~QuicCryptoServerStreamTest() override {
     // Ensure that anything that might reference |helpers_| is destroyed before
     // |helpers_| is destroyed.
     server_session_.reset();
     client_session_.reset();
     helpers_.clear();
     alarm_factories_.clear();
   }
 
@@ skipping 33 matching lines @@
     alarm_factories_.push_back(base::MakeUnique<MockAlarmFactory>());
     CreateClientSessionForTest(
         server_id_, supports_stateless_rejects,
         QuicTime::Delta::FromSeconds(100000), supported_versions_,
         helpers_.back().get(), alarm_factories_.back().get(),
         &client_crypto_config_, &client_connection_, &client_session);
     CHECK(client_session);
     client_session_.reset(client_session);
   }
 
-  bool AsyncStrikeRegisterVerification() {
-    if (server_connection_->version() > QUIC_VERSION_32) {
-      return false;
-    }
-    return GetParam();
-  }
-
   void ConstructHandshakeMessage() {
     CryptoFramer framer;
     message_data_.reset(framer.ConstructHandshakeMessage(message_));
   }
 
   int CompleteCryptoHandshake() {
     CHECK(server_connection_);
     CHECK(server_session_ != nullptr);
     return CryptoTestUtils::HandshakeWithFakeClient(
         helpers_.back().get(), alarm_factories_.back().get(),
@@ skipping 29 matching lines @@
   QuicServerId server_id_;
 
   // Client state.
   PacketSavingConnection* client_connection_;
   QuicCryptoClientConfig client_crypto_config_;
   std::unique_ptr<TestQuicSpdyClientSession> client_session_;
 
   CryptoHandshakeMessage message_;
   std::unique_ptr<QuicData> message_data_;
   CryptoTestUtils::FakeClientOptions client_options_;
-  DelayedVerifyStrikeRegisterClient* strike_register_client_;
 
   // Which QUIC versions the client and server support.
   QuicVersionVector supported_versions_ = AllSupportedVersions();
 };
 
 INSTANTIATE_TEST_CASE_P(Tests, QuicCryptoServerStreamTest, testing::Bool());
 
 TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected) {
   Initialize();
   EXPECT_FALSE(server_stream()->encryption_established());
@@ skipping 97 matching lines @@
       server_connection_->random_generator()->RandUint64();
   EXPECT_EQ(expected_id, server_designated_connection_id);
   EXPECT_FALSE(client_state->has_server_designated_connection_id());
   ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
 
   // Now create new client and server streams with the existing config
   // and try the handshake again (0-RTT handshake).
   InitializeServer();
 
   InitializeFakeClient(/* supports_stateless_rejects= */ true);
-
   // In the stateless case, the second handshake contains a server-nonce, so the
   // AsyncStrikeRegisterVerification() case will still succeed (unlike a 0-RTT
   // handshake).
   AdvanceHandshakeWithFakeClient();
 
   // On the second round, encryption will be established.
   EXPECT_TRUE(server_stream()->encryption_established());
   EXPECT_TRUE(server_stream()->handshake_confirmed());
   EXPECT_EQ(1, server_stream()->NumHandshakeMessages());
   EXPECT_EQ(1, server_stream()->NumHandshakeMessagesWithServerNonces());
@@ skipping 30 matching lines @@
   // information.
   AdvanceHandshakeWithFakeClient();
 
   // Now do another handshake, hopefully in 0-RTT.
   DVLOG(1) << "Resetting for 0-RTT handshake attempt";
   InitializeFakeClient(/* supports_stateless_rejects= */ false);
   InitializeServer();
 
   client_stream()->CryptoConnect();
 
-  if (AsyncStrikeRegisterVerification()) {
-    EXPECT_FALSE(client_stream()->handshake_confirmed());
-    EXPECT_FALSE(server_stream()->handshake_confirmed());
-
-    // Advance the handshake.  Expect that the server will be stuck waiting for
-    // client nonce verification to complete.
-    std::pair<size_t, size_t> messages_moved =
-        CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(),
-                                          0, server_connection_,
-                                          server_stream(), 0);
-    EXPECT_EQ(1u, messages_moved.first);
-    EXPECT_EQ(0u, messages_moved.second);
-    EXPECT_EQ(1, strike_register_client_->PendingVerifications());
-    EXPECT_FALSE(client_stream()->handshake_confirmed());
-    EXPECT_FALSE(server_stream()->handshake_confirmed());
-
-    // The server handshake completes once the nonce verification completes.
-    strike_register_client_->RunPendingVerifications();
-    EXPECT_FALSE(client_stream()->handshake_confirmed());
-    EXPECT_TRUE(server_stream()->handshake_confirmed());
-
-    messages_moved = CryptoTestUtils::AdvanceHandshake(
-        client_connection_, client_stream(), messages_moved.first,
-        server_connection_, server_stream(), messages_moved.second);
-    EXPECT_EQ(1u, messages_moved.first);
-    EXPECT_EQ(1u, messages_moved.second);
-    EXPECT_TRUE(client_stream()->handshake_confirmed());
-    EXPECT_TRUE(server_stream()->handshake_confirmed());
-  } else {
-    CryptoTestUtils::CommunicateHandshakeMessages(
-        client_connection_, client_stream(), server_connection_,
-        server_stream());
-  }
+  CryptoTestUtils::CommunicateHandshakeMessages(
+      client_connection_, client_stream(), server_connection_, server_stream());
 
   EXPECT_EQ(1, client_stream()->num_sent_client_hellos());
 }
 
 TEST_P(QuicCryptoServerStreamTest, FailByPolicy) {
   Initialize();
   InitializeFakeClient(/* supports_stateless_rejects= */ false);
 
   EXPECT_CALL(*server_session_->helper(), CanAcceptClientHello(_, _, _))
       .WillOnce(testing::Return(false));
@@ skipping 115 matching lines @@
 TEST_P(QuicCryptoServerStreamTest, NoTokenBindingWithoutClientSupport) {
   Initialize();
 
   CompleteCryptoHandshake();
   EXPECT_EQ(
       0u, server_stream()->crypto_negotiated_params().token_binding_key_param);
   EXPECT_TRUE(server_stream()->encryption_established());
   EXPECT_TRUE(server_stream()->handshake_confirmed());
 }
 
-TEST_P(QuicCryptoServerStreamTest, CancelRPCBeforeVerificationCompletes) {
-  FLAGS_quic_require_handshake_confirmation_pre33 = false;
-  // Tests that the client can close the connection while the remote strike
-  // register verification RPC is still pending.
-
-  // Set version to QUIC_VERSION_32 as QUIC_VERSION_33 and later don't support
-  // asynchronous strike register RPCs.
-  supported_versions_ = {QUIC_VERSION_32};
-  Initialize();
-  if (!AsyncStrikeRegisterVerification()) {
-    return;
-  }
-  InitializeFakeClient(/* supports_stateless_rejects= */ false);
-
-  // Do a first handshake in order to prime the client config with the server's
-  // information.
-  AdvanceHandshakeWithFakeClient();
-
-  // Now start another handshake, this time the server will attempt to verify
-  // the client's nonce with the strike registers.
-  InitializeFakeClient(/* supports_stateless_rejects= */ false);
-  InitializeServer();
-  client_stream()->CryptoConnect();
-  EXPECT_FALSE(client_stream()->handshake_confirmed());
-  EXPECT_FALSE(server_stream()->handshake_confirmed());
-
-  // Advance the handshake.  Expect that the server will be stuck waiting for
-  // client nonce verification to complete.
-  CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 0,
-                                    server_connection_, server_stream(), 0);
-  EXPECT_EQ(1, strike_register_client_->PendingVerifications());
-  EXPECT_FALSE(client_stream()->handshake_confirmed());
-  EXPECT_FALSE(server_stream()->handshake_confirmed());
-
-  // While waiting for the asynchronous verification to complete, the client
-  // decides to close the connection.
-  server_session_->connection()->CloseConnection(
-      QUIC_NO_ERROR, "", ConnectionCloseBehavior::SILENT_CLOSE);
-
-  // The outstanding nonce verification RPC now completes.
-  strike_register_client_->RunPendingVerifications();
-}
-
 class FailingProofSource : public ProofSource {
  public:
   bool GetProof(const IPAddress& server_ip,
                 const string& hostname,
                 const string& server_config,
                 QuicVersion quic_version,
                 StringPiece chlo_hash,
                 const QuicTagVector& connection_options,
                 scoped_refptr<ProofSource::Chain>* out_chain,
-                string* out_signature,
-                string* out_leaf_cert_sct) override {
+                QuicCryptoProof* out_proof) override {
     return false;
   }
 
   void GetProof(const IPAddress& server_ip,
                 const string& hostname,
                 const string& server_config,
                 QuicVersion quic_version,
                 StringPiece chlo_hash,
                 const QuicTagVector& connection_options,
                 std::unique_ptr<Callback> callback) override {
-    callback->Run(false, nullptr, "", "", nullptr);
+    callback->Run(false, nullptr, QuicCryptoProof(), nullptr);
   }
 };
 
 class QuicCryptoServerStreamTestWithFailingProofSource
     : public QuicCryptoServerStreamTest {
  public:
   QuicCryptoServerStreamTestWithFailingProofSource()
       : QuicCryptoServerStreamTest(
             std::unique_ptr<FailingProofSource>(new FailingProofSource)) {}
 };
 
 INSTANTIATE_TEST_CASE_P(MoreTests,
                         QuicCryptoServerStreamTestWithFailingProofSource,
                         testing::Bool());
 
 TEST_P(QuicCryptoServerStreamTestWithFailingProofSource, Test) {
   Initialize();
   InitializeFakeClient(/* supports_stateless_rejects= */ false);
 
   // Regression test for b/31521252, in which a crash would happen here.
   AdvanceHandshakeWithFakeClient();
   EXPECT_FALSE(server_stream()->encryption_established());
   EXPECT_FALSE(server_stream()->handshake_confirmed());
 }
 
 }  // namespace
 
 }  // namespace test
 }  // namespace net