| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_QUIC_TEST_TOOLS_CRYPTO_TEST_UTILS_H_ | 5 #ifndef NET_QUIC_TEST_TOOLS_CRYPTO_TEST_UTILS_H_ |
| 6 #define NET_QUIC_TEST_TOOLS_CRYPTO_TEST_UTILS_H_ | 6 #define NET_QUIC_TEST_TOOLS_CRYPTO_TEST_UTILS_H_ |
| 7 | 7 |
| 8 #include <cstdarg> | 8 #include <cstdarg> |
| 9 #include <cstddef> | 9 #include <cstddef> |
| 10 #include <cstdint> | 10 #include <cstdint> |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 class QuicCryptoServerConfig; | 31 class QuicCryptoServerConfig; |
| 32 class QuicCryptoServerStream; | 32 class QuicCryptoServerStream; |
| 33 class QuicCryptoStream; | 33 class QuicCryptoStream; |
| 34 class QuicRandom; | 34 class QuicRandom; |
| 35 class QuicServerId; | 35 class QuicServerId; |
| 36 | 36 |
| 37 namespace test { | 37 namespace test { |
| 38 | 38 |
| 39 class PacketSavingConnection; | 39 class PacketSavingConnection; |
| 40 | 40 |
| 41 class CryptoTestUtils { | 41 namespace crypto_test_utils { |
| 42 |
| 43 // An interface for a source of callbacks. This is used for invoking |
| 44 // callbacks asynchronously. |
| 45 // |
| 46 // Call the RunPendingCallbacks method regularly to run the callbacks from |
| 47 // this source. |
| 48 class CallbackSource { |
| 42 public: | 49 public: |
| 43 // An interface for a source of callbacks. This is used for invoking | 50 virtual ~CallbackSource() {} |
| 44 // callbacks asynchronously. | 51 |
| 45 // | 52 // Runs pending callbacks from this source. If there is no pending |
| 46 // Call the RunPendingCallbacks method regularly to run the callbacks from | 53 // callback, does nothing. |
| 47 // this source. | 54 virtual void RunPendingCallbacks() = 0; |
| 48 class CallbackSource { | 55 }; |
| 49 public: | 56 |
| 50 virtual ~CallbackSource() {} | 57 // FakeServerOptions bundles together a number of options for configuring the |
| 51 | 58 // server in HandshakeWithFakeServer. |
| 52 // Runs pending callbacks from this source. If there is no pending | 59 struct FakeServerOptions { |
| 53 // callback, does nothing. | 60 FakeServerOptions(); |
| 54 virtual void RunPendingCallbacks() = 0; | 61 ~FakeServerOptions(); |
| 55 }; | 62 |
| 56 | 63 // The Token Binding params that the server supports and will negotiate. |
| 57 // FakeServerOptions bundles together a number of options for configuring the | 64 QuicTagVector token_binding_params; |
| 58 // server in HandshakeWithFakeServer. | 65 }; |
| 59 struct FakeServerOptions { | 66 |
| 60 FakeServerOptions(); | 67 // FakeClientOptions bundles together a number of options for configuring |
| 61 ~FakeServerOptions(); | 68 // HandshakeWithFakeClient. |
| 62 | 69 struct FakeClientOptions { |
| 63 // The Token Binding params that the server supports and will negotiate. | 70 FakeClientOptions(); |
| 64 QuicTagVector token_binding_params; | 71 ~FakeClientOptions(); |
| 65 }; | 72 |
| 66 | 73 // If channel_id_enabled is true then the client will attempt to send a |
| 67 // FakeClientOptions bundles together a number of options for configuring | 74 // ChannelID. |
| 68 // HandshakeWithFakeClient. | 75 bool channel_id_enabled; |
| 69 struct FakeClientOptions { | 76 |
| 70 FakeClientOptions(); | 77 // If channel_id_source_async is true then the client will use an async |
| 71 ~FakeClientOptions(); | 78 // ChannelIDSource for testing. Ignored if channel_id_enabled is false. |
| 72 | 79 bool channel_id_source_async; |
| 73 // If channel_id_enabled is true then the client will attempt to send a | 80 |
| 74 // ChannelID. | 81 // The Token Binding params that the client supports and will negotiate. |
| 75 bool channel_id_enabled; | 82 QuicTagVector token_binding_params; |
| 76 | 83 }; |
| 77 // If channel_id_source_async is true then the client will use an async | 84 |
| 78 // ChannelIDSource for testing. Ignored if channel_id_enabled is false. | 85 // returns: the number of client hellos that the client sent. |
| 79 bool channel_id_source_async; | 86 int HandshakeWithFakeServer(QuicConfig* server_quic_config, |
| 80 | 87 MockQuicConnectionHelper* helper, |
| 81 // The Token Binding params that the client supports and will negotiate. | 88 MockAlarmFactory* alarm_factory, |
| 82 QuicTagVector token_binding_params; | 89 PacketSavingConnection* client_conn, |
| 83 }; | 90 QuicCryptoClientStream* client, |
| 84 | 91 const FakeServerOptions& options); |
| 85 // returns: the number of client hellos that the client sent. | 92 |
| 86 static int HandshakeWithFakeServer(QuicConfig* server_quic_config, | 93 // returns: the number of client hellos that the client sent. |
| 87 MockQuicConnectionHelper* helper, | 94 int HandshakeWithFakeClient(MockQuicConnectionHelper* helper, |
| 88 MockAlarmFactory* alarm_factory, | 95 MockAlarmFactory* alarm_factory, |
| 89 PacketSavingConnection* client_conn, | 96 PacketSavingConnection* server_conn, |
| 90 QuicCryptoClientStream* client, | 97 QuicCryptoServerStream* server, |
| 91 const FakeServerOptions& options); | 98 const QuicServerId& server_id, |
| 92 | 99 const FakeClientOptions& options); |
| 93 // returns: the number of client hellos that the client sent. | 100 |
| 94 static int HandshakeWithFakeClient(MockQuicConnectionHelper* helper, | 101 // SetupCryptoServerConfigForTest configures |crypto_config| |
| 95 MockAlarmFactory* alarm_factory, | 102 // with sensible defaults for testing. |
| 96 PacketSavingConnection* server_conn, | 103 void SetupCryptoServerConfigForTest(const QuicClock* clock, |
| 97 QuicCryptoServerStream* server, | 104 QuicRandom* rand, |
| 98 const QuicServerId& server_id, | 105 QuicCryptoServerConfig* crypto_config, |
| 99 const FakeClientOptions& options); | 106 const FakeServerOptions& options); |
| 100 | 107 |
| 101 // SetupCryptoServerConfigForTest configures |crypto_config| | 108 // CommunicateHandshakeMessages moves messages from |client| to |server| and |
| 102 // with sensible defaults for testing. | 109 // back until |clients|'s handshake has completed. |
| 103 static void SetupCryptoServerConfigForTest( | 110 void CommunicateHandshakeMessages(PacketSavingConnection* client_conn, |
| 104 const QuicClock* clock, | 111 QuicCryptoStream* client, |
| 105 QuicRandom* rand, | 112 PacketSavingConnection* server_conn, |
| 106 QuicCryptoServerConfig* crypto_config, | 113 QuicCryptoStream* server); |
| 107 const FakeServerOptions& options); | 114 |
| 108 | 115 // CommunicateHandshakeMessagesAndRunCallbacks moves messages from |client| |
| 109 // CommunicateHandshakeMessages moves messages from |client| to |server| and | 116 // to |server| and back until |client|'s handshake has completed. If |
| 110 // back until |clients|'s handshake has completed. | 117 // |callback_source| is not nullptr, |
| 111 static void CommunicateHandshakeMessages(PacketSavingConnection* client_conn, | 118 // CommunicateHandshakeMessagesAndRunCallbacks also runs callbacks from |
| 119 // |callback_source| between processing messages. |
| 120 void CommunicateHandshakeMessagesAndRunCallbacks( |
| 121 PacketSavingConnection* client_conn, |
| 122 QuicCryptoStream* client, |
| 123 PacketSavingConnection* server_conn, |
| 124 QuicCryptoStream* server, |
| 125 CallbackSource* callback_source); |
| 126 |
| 127 // AdvanceHandshake attempts to moves messages from |client| to |server| and |
| 128 // |server| to |client|. Returns the number of messages moved. |
| 129 std::pair<size_t, size_t> AdvanceHandshake(PacketSavingConnection* client_conn, |
| 112 QuicCryptoStream* client, | 130 QuicCryptoStream* client, |
| 131 size_t client_i, |
| 113 PacketSavingConnection* server_conn, | 132 PacketSavingConnection* server_conn, |
| 114 QuicCryptoStream* server); | 133 QuicCryptoStream* server, |
| 115 | 134 size_t server_i); |
| 116 // CommunicateHandshakeMessagesAndRunCallbacks moves messages from |client| | 135 |
| 117 // to |server| and back until |client|'s handshake has completed. If | 136 // Returns the value for the tag |tag| in the tag value map of |message|. |
| 118 // |callback_source| is not nullptr, | 137 std::string GetValueForTag(const CryptoHandshakeMessage& message, QuicTag tag); |
| 119 // CommunicateHandshakeMessagesAndRunCallbacks also runs callbacks from | 138 |
| 120 // |callback_source| between processing messages. | 139 // Returns a new |ProofSource| that serves up test certificates. |
| 121 static void CommunicateHandshakeMessagesAndRunCallbacks( | 140 std::unique_ptr<ProofSource> ProofSourceForTesting(); |
| 122 PacketSavingConnection* client_conn, | 141 |
| 123 QuicCryptoStream* client, | 142 // Identical to |ProofSourceForTesting|, with the addition of setting |
| 124 PacketSavingConnection* server_conn, | 143 // the |emit_expect_ct_header| field on the test certificates |
| 125 QuicCryptoStream* server, | 144 // to be the value of |send_expect_ct_header|. |
| 126 CallbackSource* callback_source); | 145 std::unique_ptr<ProofSource> ProofSourceForTesting(bool send_expect_ct_header); |
| 127 | 146 |
| 128 // AdvanceHandshake attempts to moves messages from |client| to |server| and | 147 // Identical to |ProofSourceForTesting| but permitting the caller to specify |
| 129 // |server| to |client|. Returns the number of messages moved. | 148 // the certs that will be loaded. |
| 130 static std::pair<size_t, size_t> AdvanceHandshake( | 149 std::unique_ptr<ProofSource> ProofSourceForTesting( |
| 131 PacketSavingConnection* client_conn, | 150 const std::vector<std::string>& certs); |
| 132 QuicCryptoStream* client, | 151 |
| 133 size_t client_i, | 152 // Returns a new |ProofVerifier| that uses the QUIC testing root CA. |
| 134 PacketSavingConnection* server_conn, | 153 std::unique_ptr<ProofVerifier> ProofVerifierForTesting(); |
| 135 QuicCryptoStream* server, | 154 |
| 136 size_t server_i); | 155 // Returns a hash of the leaf test certificate. |
| 137 | 156 uint64_t LeafCertHashForTesting(); |
| 138 // Returns the value for the tag |tag| in the tag value map of |message|. | 157 |
| 139 static std::string GetValueForTag(const CryptoHandshakeMessage& message, | 158 // Returns a |ProofVerifyContext| that must be used with the verifier |
| 140 QuicTag tag); | 159 // returned by |ProofVerifierForTesting|. |
| 141 | 160 ProofVerifyContext* ProofVerifyContextForTesting(); |
| 142 // Returns a new |ProofSource| that serves up test certificates. | 161 |
| 143 static std::unique_ptr<ProofSource> ProofSourceForTesting(); | 162 // MockCommonCertSets returns a CommonCertSets that contains a single set with |
| 144 | 163 // hash |hash|, consisting of the certificate |cert| at index |index|. |
| 145 // Identical to |ProofSourceForTesting|, with the addition of setting | 164 CommonCertSets* MockCommonCertSets(base::StringPiece cert, |
| 146 // the |emit_expect_ct_header| field on the test certificates | 165 uint64_t hash, |
| 147 // to be the value of |send_expect_ct_header|. | 166 uint32_t index); |
| 148 static std::unique_ptr<ProofSource> ProofSourceForTesting( | 167 |
| 149 bool send_expect_ct_header); | 168 // Creates a minimal dummy reject message that will pass the client-config |
| 150 | 169 // validation tests. This will include a server config, but no certs, proof |
| 151 // Returns a new |ProofVerifier| that uses the QUIC testing root CA. | 170 // source address token, or server nonce. |
| 152 static std::unique_ptr<ProofVerifier> ProofVerifierForTesting(); | 171 void FillInDummyReject(CryptoHandshakeMessage* rej, bool reject_is_stateless); |
| 153 | 172 |
| 154 // Returns a hash of the leaf test certificate. | 173 // ParseTag returns a QuicTag from parsing |tagstr|. |tagstr| may either be |
| 155 static uint64_t LeafCertHashForTesting(); | 174 // in the format "EXMP" (i.e. ASCII format), or "#11223344" (an explicit hex |
| 156 | 175 // format). It CHECK fails if there's a parse error. |
| 157 // Returns a |ProofVerifyContext| that must be used with the verifier | 176 QuicTag ParseTag(const char* tagstr); |
| 158 // returned by |ProofVerifierForTesting|. | 177 |
| 159 static ProofVerifyContext* ProofVerifyContextForTesting(); | 178 // Message constructs a handshake message from a variable number of |
| 160 | 179 // arguments. |message_tag| is passed to |ParseTag| and used as the tag of |
| 161 // MockCommonCertSets returns a CommonCertSets that contains a single set with | 180 // the resulting message. The arguments are taken in pairs and nullptr |
| 162 // hash |hash|, consisting of the certificate |cert| at index |index|. | 181 // terminated. The first of each pair is the tag of a tag/value and is given |
| 163 static CommonCertSets* MockCommonCertSets(base::StringPiece cert, | 182 // as an argument to |ParseTag|. The second is the value of the tag/value |
| 164 uint64_t hash, | 183 // pair and is either a hex dump, preceeded by a '#', or a raw value. |
| 165 uint32_t index); | 184 // |
| 166 | 185 // Message( |
| 167 // Creates a minimal dummy reject message that will pass the client-config | 186 // "CHLO", |
| 168 // validation tests. This will include a server config, but no certs, proof | 187 // "NOCE", "#11223344", |
| 169 // source address token, or server nonce. | 188 // "SNI", "www.example.com", |
| 170 static void FillInDummyReject(CryptoHandshakeMessage* rej, | 189 // nullptr); |
| 171 bool reject_is_stateless); | 190 CryptoHandshakeMessage Message(const char* message_tag, ...); |
| 172 | 191 |
| 173 // ParseTag returns a QuicTag from parsing |tagstr|. |tagstr| may either be | 192 // ChannelIDSourceForTesting returns a ChannelIDSource that generates keys |
| 174 // in the format "EXMP" (i.e. ASCII format), or "#11223344" (an explicit hex | 193 // deterministically based on the hostname given in the GetChannelIDKey call. |
| 175 // format). It CHECK fails if there's a parse error. | 194 // This ChannelIDSource works in synchronous mode, i.e., its GetChannelIDKey |
| 176 static QuicTag ParseTag(const char* tagstr); | 195 // method never returns QUIC_PENDING. |
| 177 | 196 ChannelIDSource* ChannelIDSourceForTesting(); |
| 178 // Message constructs a handshake message from a variable number of | 197 |
| 179 // arguments. |message_tag| is passed to |ParseTag| and used as the tag of | 198 // MovePackets parses crypto handshake messages from packet number |
| 180 // the resulting message. The arguments are taken in pairs and nullptr | 199 // |*inout_packet_index| through to the last packet (or until a packet fails |
| 181 // terminated. The first of each pair is the tag of a tag/value and is given | 200 // to decrypt) and has |dest_stream| process them. |*inout_packet_index| is |
| 182 // as an argument to |ParseTag|. The second is the value of the tag/value | 201 // updated with an index one greater than the last packet processed. |
| 183 // pair and is either a hex dump, preceeded by a '#', or a raw value. | 202 void MovePackets(PacketSavingConnection* source_conn, |
| 184 // | 203 size_t* inout_packet_index, |
| 185 // Message( | 204 QuicCryptoStream* dest_stream, |
| 186 // "CHLO", | 205 PacketSavingConnection* dest_conn, |
| 187 // "NOCE", "#11223344", | 206 Perspective dest_perspective); |
| 188 // "SNI", "www.example.com", | 207 |
| 189 // nullptr); | 208 // Return an inchoate CHLO with some basic tag value pairs. |
| 190 static CryptoHandshakeMessage Message(const char* message_tag, ...); | 209 CryptoHandshakeMessage GenerateDefaultInchoateCHLO( |
| 191 | 210 const QuicClock* clock, |
| 192 // ChannelIDSourceForTesting returns a ChannelIDSource that generates keys | 211 QuicVersion version, |
| 193 // deterministically based on the hostname given in the GetChannelIDKey call. | 212 QuicCryptoServerConfig* crypto_config); |
| 194 // This ChannelIDSource works in synchronous mode, i.e., its GetChannelIDKey | 213 |
| 195 // method never returns QUIC_PENDING. | 214 // Takes a inchoate CHLO, returns a full CHLO in |out| which can pass |
| 196 static ChannelIDSource* ChannelIDSourceForTesting(); | 215 // |crypto_config|'s validation. |
| 197 | 216 void GenerateFullCHLO( |
| 198 // MovePackets parses crypto handshake messages from packet number | 217 const CryptoHandshakeMessage& inchoate_chlo, |
| 199 // |*inout_packet_index| through to the last packet (or until a packet fails | 218 QuicCryptoServerConfig* crypto_config, |
| 200 // to decrypt) and has |dest_stream| process them. |*inout_packet_index| is | 219 QuicSocketAddress server_addr, |
| 201 // updated with an index one greater than the last packet processed. | 220 QuicSocketAddress client_addr, |
| 202 static void MovePackets(PacketSavingConnection* source_conn, | 221 QuicVersion version, |
| 203 size_t* inout_packet_index, | 222 const QuicClock* clock, |
| 204 QuicCryptoStream* dest_stream, | 223 QuicReferenceCountedPointer<QuicSignedServerConfig> signed_config, |
| 205 PacketSavingConnection* dest_conn, | 224 QuicCompressedCertsCache* compressed_certs_cache, |
| 206 Perspective dest_perspective); | 225 CryptoHandshakeMessage* out); |
| 207 | 226 |
| 208 // Return an inchoate CHLO with some basic tag value pairs. | 227 void CompareClientAndServerKeys(QuicCryptoClientStream* client, |
| 209 static CryptoHandshakeMessage GenerateDefaultInchoateCHLO( | 228 QuicCryptoServerStream* server); |
| 210 const QuicClock* clock, | 229 |
| 211 QuicVersion version, | 230 // Return a CHLO nonce in hexadecimal. |
| 212 QuicCryptoServerConfig* crypto_config); | 231 std::string GenerateClientNonceHex(const QuicClock* clock, |
| 213 | 232 QuicCryptoServerConfig* crypto_config); |
| 214 // Takes a inchoate CHLO, returns a full CHLO in |out| which can pass | 233 |
| 215 // |crypto_config|'s validation. | 234 // Return a CHLO PUBS in hexadecimal. |
| 216 static void GenerateFullCHLO( | 235 std::string GenerateClientPublicValuesHex(); |
| 217 const CryptoHandshakeMessage& inchoate_chlo, | 236 |
| 218 QuicCryptoServerConfig* crypto_config, | 237 } // namespace crypto_test_utils |
| 219 QuicSocketAddress server_addr, | |
| 220 QuicSocketAddress client_addr, | |
| 221 QuicVersion version, | |
| 222 const QuicClock* clock, | |
| 223 QuicReferenceCountedPointer<QuicSignedServerConfig> signed_config, | |
| 224 QuicCompressedCertsCache* compressed_certs_cache, | |
| 225 CryptoHandshakeMessage* out); | |
| 226 | |
| 227 private: | |
| 228 static void CompareClientAndServerKeys(QuicCryptoClientStream* client, | |
| 229 QuicCryptoServerStream* server); | |
| 230 | |
| 231 // Return a CHLO nonce in hexadecimal. | |
| 232 static std::string GenerateClientNonceHex( | |
| 233 const QuicClock* clock, | |
| 234 QuicCryptoServerConfig* crypto_config); | |
| 235 | |
| 236 // Return a CHLO PUBS in hexadecimal. | |
| 237 static std::string GenerateClientPublicValuesHex(); | |
| 238 | |
| 239 DISALLOW_COPY_AND_ASSIGN(CryptoTestUtils); | |
| 240 }; | |
| 241 | 238 |
| 242 } // namespace test | 239 } // namespace test |
| 243 | 240 |
| 244 } // namespace net | 241 } // namespace net |
| 245 | 242 |
| 246 #endif // NET_QUIC_TEST_TOOLS_CRYPTO_TEST_UTILS_H_ | 243 #endif // NET_QUIC_TEST_TOOLS_CRYPTO_TEST_UTILS_H_ |
| OLD | NEW |