OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <algorithm> | 5 #include <algorithm> |
6 #include <cstdint> | 6 #include <cstdint> |
7 #include <memory> | 7 #include <memory> |
8 #include <ostream> | 8 #include <ostream> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "crypto/secure_hash.h" | 11 #include "crypto/secure_hash.h" |
12 #include "net/quic/core/crypto/cert_compressor.h" | 12 #include "net/quic/core/crypto/cert_compressor.h" |
13 #include "net/quic/core/crypto/common_cert_set.h" | 13 #include "net/quic/core/crypto/common_cert_set.h" |
14 #include "net/quic/core/crypto/crypto_handshake.h" | 14 #include "net/quic/core/crypto/crypto_handshake.h" |
15 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" | 15 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" |
16 #include "net/quic/core/crypto/crypto_utils.h" | 16 #include "net/quic/core/crypto/crypto_utils.h" |
17 #include "net/quic/core/crypto/proof_source.h" | 17 #include "net/quic/core/crypto/proof_source.h" |
18 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 18 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
19 #include "net/quic/core/crypto/quic_random.h" | 19 #include "net/quic/core/crypto/quic_random.h" |
20 #include "net/quic/core/quic_flags.h" | 20 #include "net/quic/core/quic_flags.h" |
21 #include "net/quic/core/quic_socket_address_coder.h" | 21 #include "net/quic/core/quic_socket_address_coder.h" |
22 #include "net/quic/core/quic_utils.h" | 22 #include "net/quic/core/quic_utils.h" |
23 #include "net/quic/platform/api/quic_text_utils.h" | 23 #include "net/quic/platform/api/quic_text_utils.h" |
24 #include "net/quic/test_tools/crypto_test_utils.h" | 24 #include "net/quic/test_tools/crypto_test_utils.h" |
25 #include "net/quic/test_tools/delayed_verify_strike_register_client.h" | 25 #include "net/quic/test_tools/delayed_verify_strike_register_client.h" |
| 26 #include "net/quic/test_tools/failing_proof_source.h" |
26 #include "net/quic/test_tools/mock_clock.h" | 27 #include "net/quic/test_tools/mock_clock.h" |
27 #include "net/quic/test_tools/mock_random.h" | 28 #include "net/quic/test_tools/mock_random.h" |
28 #include "net/quic/test_tools/quic_crypto_server_config_peer.h" | 29 #include "net/quic/test_tools/quic_crypto_server_config_peer.h" |
29 #include "net/quic/test_tools/quic_test_utils.h" | 30 #include "net/quic/test_tools/quic_test_utils.h" |
30 #include "testing/gtest/include/gtest/gtest.h" | 31 #include "testing/gtest/include/gtest/gtest.h" |
31 | 32 |
32 using base::StringPiece; | 33 using base::StringPiece; |
33 using std::string; | 34 using std::string; |
34 | 35 |
35 namespace net { | 36 namespace net { |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
100 } | 101 } |
101 | 102 |
102 class CryptoServerTest : public ::testing::TestWithParam<TestParams> { | 103 class CryptoServerTest : public ::testing::TestWithParam<TestParams> { |
103 public: | 104 public: |
104 CryptoServerTest() | 105 CryptoServerTest() |
105 : rand_(QuicRandom::GetInstance()), | 106 : rand_(QuicRandom::GetInstance()), |
106 client_address_(QuicIpAddress::Loopback4(), 1234), | 107 client_address_(QuicIpAddress::Loopback4(), 1234), |
107 config_(QuicCryptoServerConfig::TESTING, | 108 config_(QuicCryptoServerConfig::TESTING, |
108 rand_, | 109 rand_, |
109 CryptoTestUtils::ProofSourceForTesting()), | 110 CryptoTestUtils::ProofSourceForTesting()), |
| 111 peer_(&config_), |
110 compressed_certs_cache_( | 112 compressed_certs_cache_( |
111 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize), | 113 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize), |
112 params_(new QuicCryptoNegotiatedParameters), | 114 params_(new QuicCryptoNegotiatedParameters), |
113 signed_config_(new QuicSignedServerConfig), | 115 signed_config_(new QuicSignedServerConfig), |
114 chlo_packet_size_(kDefaultMaxPacketSize) { | 116 chlo_packet_size_(kDefaultMaxPacketSize) { |
115 supported_versions_ = GetParam().supported_versions; | 117 supported_versions_ = GetParam().supported_versions; |
116 config_.set_enable_serving_sct(true); | 118 config_.set_enable_serving_sct(true); |
117 | 119 |
118 client_version_ = supported_versions_.front(); | 120 client_version_ = supported_versions_.front(); |
119 client_version_string_ = | 121 client_version_string_ = |
(...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
392 protected: | 394 protected: |
393 QuicFlagSaver flags_; // Save/restore all QUIC flag values. | 395 QuicFlagSaver flags_; // Save/restore all QUIC flag values. |
394 QuicRandom* const rand_; | 396 QuicRandom* const rand_; |
395 MockRandom rand_for_id_generation_; | 397 MockRandom rand_for_id_generation_; |
396 MockClock clock_; | 398 MockClock clock_; |
397 QuicSocketAddress client_address_; | 399 QuicSocketAddress client_address_; |
398 QuicVersionVector supported_versions_; | 400 QuicVersionVector supported_versions_; |
399 QuicVersion client_version_; | 401 QuicVersion client_version_; |
400 string client_version_string_; | 402 string client_version_string_; |
401 QuicCryptoServerConfig config_; | 403 QuicCryptoServerConfig config_; |
| 404 QuicCryptoServerConfigPeer peer_; |
402 QuicCompressedCertsCache compressed_certs_cache_; | 405 QuicCompressedCertsCache compressed_certs_cache_; |
403 QuicCryptoServerConfig::ConfigOptions config_options_; | 406 QuicCryptoServerConfig::ConfigOptions config_options_; |
404 QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params_; | 407 QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params_; |
405 QuicReferenceCountedPointer<QuicSignedServerConfig> signed_config_; | 408 QuicReferenceCountedPointer<QuicSignedServerConfig> signed_config_; |
406 CryptoHandshakeMessage out_; | 409 CryptoHandshakeMessage out_; |
407 uint8_t orbit_[kOrbitSize]; | 410 uint8_t orbit_[kOrbitSize]; |
408 bool use_stateless_rejects_; | 411 bool use_stateless_rejects_; |
409 size_t chlo_packet_size_; | 412 size_t chlo_packet_size_; |
410 | 413 |
411 // These strings contain hex escaped values from the server suitable for using | 414 // These strings contain hex escaped values from the server suitable for using |
(...skipping 577 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
989 // and cause ProcessClientHello to exit early (and generate a REJ message). | 992 // and cause ProcessClientHello to exit early (and generate a REJ message). |
990 config_.set_replay_protection(false); | 993 config_.set_replay_protection(false); |
991 | 994 |
992 ShouldSucceed(msg); | 995 ShouldSucceed(msg); |
993 EXPECT_EQ(kSHLO, out_.tag()); | 996 EXPECT_EQ(kSHLO, out_.tag()); |
994 | 997 |
995 StringPiece nonce; | 998 StringPiece nonce; |
996 EXPECT_TRUE(out_.GetStringPiece(kServerNonceTag, &nonce)); | 999 EXPECT_TRUE(out_.GetStringPiece(kServerNonceTag, &nonce)); |
997 } | 1000 } |
998 | 1001 |
| 1002 TEST_P(CryptoServerTest, ProofSourceFailure) { |
| 1003 // Install a ProofSource which will unconditionally fail |
| 1004 peer_.ResetProofSource(std::unique_ptr<ProofSource>(new FailingProofSource)); |
| 1005 |
| 1006 // clang-format off |
| 1007 CryptoHandshakeMessage msg = CryptoTestUtils::Message( |
| 1008 "CHLO", |
| 1009 "AEAD", "AESG", |
| 1010 "KEXS", "C255", |
| 1011 "SCID", scid_hex_.c_str(), |
| 1012 "PUBS", pub_hex_.c_str(), |
| 1013 "NONC", nonce_hex_.c_str(), |
| 1014 "PDMD", "X509", |
| 1015 "VER\0", client_version_string_.c_str(), |
| 1016 "$padding", static_cast<int>(kClientHelloMinimumSize), |
| 1017 nullptr); |
| 1018 // clang-format on |
| 1019 |
| 1020 // Just ensure that we don't crash as occurred in b/33916924. |
| 1021 ShouldFailMentioning("", msg); |
| 1022 } |
| 1023 |
999 TEST(CryptoServerConfigGenerationTest, Determinism) { | 1024 TEST(CryptoServerConfigGenerationTest, Determinism) { |
1000 // Test that using a deterministic PRNG causes the server-config to be | 1025 // Test that using a deterministic PRNG causes the server-config to be |
1001 // deterministic. | 1026 // deterministic. |
1002 | 1027 |
1003 MockRandom rand_a, rand_b; | 1028 MockRandom rand_a, rand_b; |
1004 const QuicCryptoServerConfig::ConfigOptions options; | 1029 const QuicCryptoServerConfig::ConfigOptions options; |
1005 MockClock clock; | 1030 MockClock clock; |
1006 | 1031 |
1007 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, | 1032 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, |
1008 CryptoTestUtils::ProofSourceForTesting()); | 1033 CryptoTestUtils::ProofSourceForTesting()); |
(...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1147 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false | 1172 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false |
1148 // and cause ProcessClientHello to exit early (and generate a REJ message). | 1173 // and cause ProcessClientHello to exit early (and generate a REJ message). |
1149 config_.set_replay_protection(false); | 1174 config_.set_replay_protection(false); |
1150 | 1175 |
1151 ShouldSucceed(msg); | 1176 ShouldSucceed(msg); |
1152 EXPECT_EQ(kSHLO, out_.tag()); | 1177 EXPECT_EQ(kSHLO, out_.tag()); |
1153 } | 1178 } |
1154 | 1179 |
1155 } // namespace test | 1180 } // namespace test |
1156 } // namespace net | 1181 } // namespace net |
OLD | NEW |