Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(656)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/core/crypto/crypto_server_test.cc

Issue 2678973002: Replace va_arg version of crypto_test_utils::Message with a more modern vector argument version. (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/quic/test_tools/crypto_test_utils.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <algorithm> 5 #include <algorithm>
6 #include <cstdint> 6 #include <cstdint>
7 #include <memory> 7 #include <memory>
8 #include <ostream> 8 #include <ostream>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after
142 CHECK_EQ(sizeof(orbit_), orbit.size()); 142 CHECK_EQ(sizeof(orbit_), orbit.size());
143 memcpy(orbit_, orbit.data(), orbit.size()); 143 memcpy(orbit_, orbit.data(), orbit.size());
144 144
145 char public_value[32]; 145 char public_value[32];
146 memset(public_value, 42, sizeof(public_value)); 146 memset(public_value, 42, sizeof(public_value));
147 147
148 nonce_hex_ = "#" + QuicTextUtils::HexEncode(GenerateNonce()); 148 nonce_hex_ = "#" + QuicTextUtils::HexEncode(GenerateNonce());
149 pub_hex_ = 149 pub_hex_ =
150 "#" + QuicTextUtils::HexEncode(public_value, sizeof(public_value)); 150 "#" + QuicTextUtils::HexEncode(public_value, sizeof(public_value));
151 151
152 // clang-format off 152 CryptoHandshakeMessage client_hello =
153 CryptoHandshakeMessage client_hello = crypto_test_utils::Message( 153 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
154 "CHLO", 154 {"AEAD", "AESG"},
155 "PDMD", "X509", 155 {"KEXS", "C255"},
156 "AEAD", "AESG", 156 {"PUBS", pub_hex_},
157 "KEXS", "C255", 157 {"NONC", nonce_hex_},
158 "PUBS", pub_hex_.c_str(), 158 {"CSCT", ""},
159 "NONC", nonce_hex_.c_str(), 159 {"VER\0", client_version_string_}},
160 "CSCT", "", 160 kClientHelloMinimumSize);
161 "VER\0", client_version_string_.c_str(),
162 "$padding", static_cast<int>(kClientHelloMinimumSize),
163 nullptr);
164 // clang-format on
165 ShouldSucceed(client_hello); 161 ShouldSucceed(client_hello);
166 // The message should be rejected because the source-address token is 162 // The message should be rejected because the source-address token is
167 // missing. 163 // missing.
168 CheckRejectTag(); 164 CheckRejectTag();
169 const HandshakeFailureReason kRejectReasons[] = { 165 const HandshakeFailureReason kRejectReasons[] = {
170 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 166 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
171 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 167 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
172 CheckForServerDesignatedConnectionId(); 168 CheckForServerDesignatedConnectionId();
173 169
174 StringPiece srct; 170 StringPiece srct;
(...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after
427 "", 423 "",
428 "foo", 424 "foo",
429 "#00", 425 "#00",
430 "#ff00", 426 "#ff00",
431 "127.0.0.1", 427 "127.0.0.1",
432 "ffee::1", 428 "ffee::1",
433 }; 429 };
434 // clang-format on 430 // clang-format on
435 431
436 for (size_t i = 0; i < arraysize(kBadSNIs); i++) { 432 for (size_t i = 0; i < arraysize(kBadSNIs); i++) {
437 // clang-format off 433 CryptoHandshakeMessage msg =
438 CryptoHandshakeMessage msg = crypto_test_utils::Message( 434 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
439 "CHLO", 435 {"SNI", kBadSNIs[i]},
440 "PDMD", "X509", 436 {"VER\0", client_version_string_}},
441 "SNI", kBadSNIs[i], 437 kClientHelloMinimumSize);
442 "VER\0", client_version_string_.c_str(),
443 "$padding", static_cast<int>(kClientHelloMinimumSize),
444 nullptr);
445 // clang-format on
446 ShouldFailMentioning("SNI", msg); 438 ShouldFailMentioning("SNI", msg);
447 const HandshakeFailureReason kRejectReasons[] = { 439 const HandshakeFailureReason kRejectReasons[] = {
448 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 440 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
449 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 441 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
450 } 442 }
451 } 443 }
452 444
453 TEST_P(CryptoServerTest, DefaultCert) { 445 TEST_P(CryptoServerTest, DefaultCert) {
454 // Check that the server replies with a default certificate when no SNI is 446 // Check that the server replies with a default certificate when no SNI is
455 // specified. The CHLO is constructed to generate a REJ with certs, so must 447 // specified. The CHLO is constructed to generate a REJ with certs, so must
456 // not contain a valid STK, and must include PDMD. 448 // not contain a valid STK, and must include PDMD.
457 // clang-format off 449 CryptoHandshakeMessage msg =
458 CryptoHandshakeMessage msg = crypto_test_utils::Message( 450 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"},
459 "CHLO", 451 {"KEXS", "C255"},
460 "AEAD", "AESG", 452 {"PUBS", pub_hex_},
461 "KEXS", "C255", 453 {"NONC", nonce_hex_},
462 "PUBS", pub_hex_.c_str(), 454 {"PDMD", "X509"},
463 "NONC", nonce_hex_.c_str(), 455 {"VER\0", client_version_string_}},
464 "PDMD", "X509", 456 kClientHelloMinimumSize);
465 "VER\0", client_version_string_.c_str(),
466 "$padding", static_cast<int>(kClientHelloMinimumSize),
467 nullptr);
468 // clang-format on
469 457
470 ShouldSucceed(msg); 458 ShouldSucceed(msg);
471 StringPiece cert, proof, cert_sct; 459 StringPiece cert, proof, cert_sct;
472 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); 460 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));
473 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); 461 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof));
474 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); 462 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct));
475 EXPECT_NE(0u, cert.size()); 463 EXPECT_NE(0u, cert.size());
476 EXPECT_NE(0u, proof.size()); 464 EXPECT_NE(0u, proof.size());
477 const HandshakeFailureReason kRejectReasons[] = { 465 const HandshakeFailureReason kRejectReasons[] = {
478 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 466 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
479 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 467 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
480 EXPECT_LT(0u, cert_sct.size()); 468 EXPECT_LT(0u, cert_sct.size());
481 } 469 }
482 470
483 TEST_P(CryptoServerTest, RejectTooLarge) { 471 TEST_P(CryptoServerTest, RejectTooLarge) {
484 // Check that the server replies with no certificate when a CHLO is 472 // Check that the server replies with no certificate when a CHLO is
485 // constructed with a PDMD but no SKT when the REJ would be too large. 473 // constructed with a PDMD but no SKT when the REJ would be too large.
486 // clang-format off 474 CryptoHandshakeMessage msg =
487 CryptoHandshakeMessage msg = crypto_test_utils::Message( 475 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
488 "CHLO", 476 {"AEAD", "AESG"},
489 "PDMD", "X509", 477 {"KEXS", "C255"},
490 "AEAD", "AESG", 478 {"PUBS", pub_hex_},
491 "KEXS", "C255", 479 {"NONC", nonce_hex_},
492 "PUBS", pub_hex_.c_str(), 480 {"PDMD", "X509"},
493 "NONC", nonce_hex_.c_str(), 481 {"VER\0", client_version_string_}},
494 "PDMD", "X509", 482 kClientHelloMinimumSize);
495 "VER\0", client_version_string_.c_str(),
496 "$padding", static_cast<int>(kClientHelloMinimumSize),
497 nullptr);
498 // clang-format on
499 483
500 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. 484 // The REJ will be larger than the CHLO so no PROF or CRT will be sent.
501 config_.set_chlo_multiplier(1); 485 config_.set_chlo_multiplier(1);
502 486
503 ShouldSucceed(msg); 487 ShouldSucceed(msg);
504 StringPiece cert, proof, cert_sct; 488 StringPiece cert, proof, cert_sct;
505 EXPECT_FALSE(out_.GetStringPiece(kCertificateTag, &cert)); 489 EXPECT_FALSE(out_.GetStringPiece(kCertificateTag, &cert));
506 EXPECT_FALSE(out_.GetStringPiece(kPROF, &proof)); 490 EXPECT_FALSE(out_.GetStringPiece(kPROF, &proof));
507 EXPECT_FALSE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); 491 EXPECT_FALSE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct));
508 const HandshakeFailureReason kRejectReasons[] = { 492 const HandshakeFailureReason kRejectReasons[] = {
509 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 493 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
510 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 494 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
511 } 495 }
512 496
513 TEST_P(CryptoServerTest, RejectNotTooLarge) { 497 TEST_P(CryptoServerTest, RejectNotTooLarge) {
514 // When the CHLO packet is large enough, ensure that a full REJ is sent. 498 // When the CHLO packet is large enough, ensure that a full REJ is sent.
515 chlo_packet_size_ *= 2; 499 chlo_packet_size_ *= 2;
516 500
517 // clang-format off 501 CryptoHandshakeMessage msg =
518 CryptoHandshakeMessage msg = crypto_test_utils::Message( 502 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
519 "CHLO", 503 {"AEAD", "AESG"},
520 "PDMD", "X509", 504 {"KEXS", "C255"},
521 "AEAD", "AESG", 505 {"PUBS", pub_hex_},
522 "KEXS", "C255", 506 {"NONC", nonce_hex_},
523 "PUBS", pub_hex_.c_str(), 507 {"PDMD", "X509"},
524 "NONC", nonce_hex_.c_str(), 508 {"VER\0", client_version_string_}},
525 "PDMD", "X509", 509 kClientHelloMinimumSize);
526 "VER\0", client_version_string_.c_str(),
527 "$padding", static_cast<int>(kClientHelloMinimumSize),
528 nullptr);
529 // clang-format on
530 510
531 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. 511 // The REJ will be larger than the CHLO so no PROF or CRT will be sent.
532 config_.set_chlo_multiplier(1); 512 config_.set_chlo_multiplier(1);
533 513
534 ShouldSucceed(msg); 514 ShouldSucceed(msg);
535 StringPiece cert, proof, cert_sct; 515 StringPiece cert, proof, cert_sct;
536 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); 516 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));
537 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); 517 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof));
538 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); 518 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct));
539 const HandshakeFailureReason kRejectReasons[] = { 519 const HandshakeFailureReason kRejectReasons[] = {
540 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 520 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
541 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 521 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
542 } 522 }
543 523
544 TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) { 524 TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) {
545 // Check that the server replies with no certificate when a CHLO is 525 // Check that the server replies with no certificate when a CHLO is
546 // constructed with a PDMD but no SKT when the REJ would be too large. 526 // constructed with a PDMD but no SKT when the REJ would be too large.
547 // clang-format off 527 CryptoHandshakeMessage msg =
548 CryptoHandshakeMessage msg = crypto_test_utils::Message( 528 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
549 "CHLO", 529 {"AEAD", "AESG"},
550 "PDMD", "X509", 530 {"KEXS", "C255"},
551 "AEAD", "AESG", 531 {"PUBS", pub_hex_},
552 "KEXS", "C255", 532 {"NONC", nonce_hex_},
553 "PUBS", pub_hex_.c_str(), 533 {"#004b5453", srct_hex_},
554 "NONC", nonce_hex_.c_str(), 534 {"PDMD", "X509"},
555 "#004b5453", srct_hex_.c_str(), 535 {"VER\0", client_version_string_}},
556 "PDMD", "X509", 536 kClientHelloMinimumSize);
557 "VER\0", client_version_string_.c_str(),
558 "$padding", static_cast<int>(kClientHelloMinimumSize),
559 nullptr);
560 // clang-format on
561 537
562 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. 538 // The REJ will be larger than the CHLO so no PROF or CRT will be sent.
563 config_.set_chlo_multiplier(1); 539 config_.set_chlo_multiplier(1);
564 540
565 ShouldSucceed(msg); 541 ShouldSucceed(msg);
566 StringPiece cert, proof, cert_sct; 542 StringPiece cert, proof, cert_sct;
567 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); 543 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));
568 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); 544 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof));
569 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); 545 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct));
570 EXPECT_NE(0u, cert.size()); 546 EXPECT_NE(0u, cert.size());
571 EXPECT_NE(0u, proof.size()); 547 EXPECT_NE(0u, proof.size());
572 const HandshakeFailureReason kRejectReasons[] = { 548 const HandshakeFailureReason kRejectReasons[] = {
573 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 549 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
574 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 550 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
575 } 551 }
576 552
577 TEST_P(CryptoServerTest, TooSmall) { 553 TEST_P(CryptoServerTest, TooSmall) {
578 // clang-format off 554 ShouldFailMentioning(
579 ShouldFailMentioning("too small", crypto_test_utils::Message( 555 "too small",
580 "CHLO", 556 crypto_test_utils::CreateCHLO(
581 "PDMD", "X509", 557 {{"PDMD", "X509"}, {"VER\0", client_version_string_.c_str()}}));
582 "VER\0", client_version_string_.c_str(), 558
583 nullptr));
584 // clang-format on
585 const HandshakeFailureReason kRejectReasons[] = { 559 const HandshakeFailureReason kRejectReasons[] = {
586 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 560 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
587 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 561 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
588 } 562 }
589 563
590 TEST_P(CryptoServerTest, BadSourceAddressToken) { 564 TEST_P(CryptoServerTest, BadSourceAddressToken) {
591 // Invalid source-address tokens should be ignored. 565 // Invalid source-address tokens should be ignored.
592 // clang-format off 566 // clang-format off
593 static const char* const kBadSourceAddressTokens[] = { 567 static const char* const kBadSourceAddressTokens[] = {
594 "", 568 "",
595 "foo", 569 "foo",
596 "#0000", 570 "#0000",
597 "#0000000000000000000000000000000000000000", 571 "#0000000000000000000000000000000000000000",
598 }; 572 };
599 // clang-format on 573 // clang-format on
600 574
601 for (size_t i = 0; i < arraysize(kBadSourceAddressTokens); i++) { 575 for (size_t i = 0; i < arraysize(kBadSourceAddressTokens); i++) {
602 // clang-format off 576 CryptoHandshakeMessage msg =
603 CryptoHandshakeMessage msg = crypto_test_utils::Message( 577 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
604 "CHLO", 578 {"STK", kBadSourceAddressTokens[i]},
605 "PDMD", "X509", 579 {"VER\0", client_version_string_}},
606 "STK", kBadSourceAddressTokens[i], 580 kClientHelloMinimumSize);
607 "VER\0", client_version_string_.c_str(),
608 "$padding", static_cast<int>(kClientHelloMinimumSize), nullptr);
609 // clang-format on
610 ShouldSucceed(msg); 581 ShouldSucceed(msg);
611 const HandshakeFailureReason kRejectReasons[] = { 582 const HandshakeFailureReason kRejectReasons[] = {
612 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 583 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
613 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 584 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
614 } 585 }
615 } 586 }
616 587
617 TEST_P(CryptoServerTest, BadClientNonce) { 588 TEST_P(CryptoServerTest, BadClientNonce) {
618 // clang-format off 589 // clang-format off
619 static const char* const kBadNonces[] = { 590 static const char* const kBadNonces[] = {
620 "", 591 "",
621 "#0000", 592 "#0000",
622 "#0000000000000000000000000000000000000000", 593 "#0000000000000000000000000000000000000000",
623 }; 594 };
624 // clang-format on 595 // clang-format on
625 596
626 for (size_t i = 0; i < arraysize(kBadNonces); i++) { 597 for (size_t i = 0; i < arraysize(kBadNonces); i++) {
627 // Invalid nonces should be ignored, in an inchoate CHLO. 598 // Invalid nonces should be ignored, in an inchoate CHLO.
628 // clang-format off 599
629 CryptoHandshakeMessage msg = crypto_test_utils::Message( 600 CryptoHandshakeMessage msg =
630 "CHLO", 601 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
631 "PDMD", "X509", 602 {"NONC", kBadNonces[i]},
632 "NONC", kBadNonces[i], 603 {"VER\0", client_version_string_}},
633 "VER\0", client_version_string_.c_str(), 604 kClientHelloMinimumSize);
634 "$padding", static_cast<int>(kClientHelloMinimumSize), 605
635 nullptr);
636 // clang-format on
637 ShouldSucceed(msg); 606 ShouldSucceed(msg);
638 const HandshakeFailureReason kRejectReasons[] = { 607 const HandshakeFailureReason kRejectReasons[] = {
639 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 608 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
640 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 609 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
641 610
642 // Invalid nonces should result in CLIENT_NONCE_INVALID_FAILURE. 611 // Invalid nonces should result in CLIENT_NONCE_INVALID_FAILURE.
643 // clang-format off 612 CryptoHandshakeMessage msg1 =
644 CryptoHandshakeMessage msg1 = crypto_test_utils::Message( 613 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
645 "CHLO", 614 {"AEAD", "AESG"},
646 "PDMD", "X509", 615 {"KEXS", "C255"},
647 "AEAD", "AESG", 616 {"SCID", scid_hex_},
648 "KEXS", "C255", 617 {"#004b5453", srct_hex_},
649 "SCID", scid_hex_.c_str(), 618 {"PUBS", pub_hex_},
650 "#004b5453", srct_hex_.c_str(), 619 {"NONC", kBadNonces[i]},
651 "PUBS", pub_hex_.c_str(), 620 {"NONP", kBadNonces[i]},
652 "NONC", kBadNonces[i], 621 {"XLCT", XlctHexString()},
653 "NONP", kBadNonces[i], 622 {"VER\0", client_version_string_}},
654 "XLCT", XlctHexString().c_str(), 623 kClientHelloMinimumSize);
655 "VER\0", client_version_string_.c_str(),
656 "$padding", static_cast<int>(kClientHelloMinimumSize),
657 nullptr);
658 // clang-format on
659 624
660 ShouldSucceed(msg1); 625 ShouldSucceed(msg1);
661 626
662 CheckRejectTag(); 627 CheckRejectTag();
663 const HandshakeFailureReason kRejectReasons1[] = { 628 const HandshakeFailureReason kRejectReasons1[] = {
664 CLIENT_NONCE_INVALID_FAILURE}; 629 CLIENT_NONCE_INVALID_FAILURE};
665 CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1)); 630 CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1));
666 } 631 }
667 } 632 }
668 633
669 TEST_P(CryptoServerTest, NoClientNonce) { 634 TEST_P(CryptoServerTest, NoClientNonce) {
670 // No client nonces should result in INCHOATE_HELLO_FAILURE. 635 // No client nonces should result in INCHOATE_HELLO_FAILURE.
671 // clang-format off 636
672 CryptoHandshakeMessage msg = crypto_test_utils::Message( 637 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
673 "CHLO", 638 {{"PDMD", "X509"}, {"VER\0", client_version_string_}},
674 "PDMD", "X509", 639 kClientHelloMinimumSize);
675 "VER\0", client_version_string_.c_str(),
676 "$padding", static_cast<int>(kClientHelloMinimumSize),
677 nullptr);
678 // clang-format on
679 640
680 ShouldSucceed(msg); 641 ShouldSucceed(msg);
681 const HandshakeFailureReason kRejectReasons[] = { 642 const HandshakeFailureReason kRejectReasons[] = {
682 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 643 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
683 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 644 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
684 645
685 // clang-format off 646 CryptoHandshakeMessage msg1 =
686 CryptoHandshakeMessage msg1 = crypto_test_utils::Message( 647 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
687 "CHLO", 648 {"AEAD", "AESG"},
688 "PDMD", "X509", 649 {"KEXS", "C255"},
689 "AEAD", "AESG", 650 {"SCID", scid_hex_},
690 "KEXS", "C255", 651 {"#004b5453", srct_hex_},
691 "SCID", scid_hex_.c_str(), 652 {"PUBS", pub_hex_},
692 "#004b5453", srct_hex_.c_str(), 653 {"XLCT", XlctHexString()},
693 "PUBS", pub_hex_.c_str(), 654 {"VER\0", client_version_string_}},
694 "XLCT", XlctHexString().c_str(), 655 kClientHelloMinimumSize);
695 "VER\0", client_version_string_.c_str(),
696 "$padding", static_cast<int>(kClientHelloMinimumSize),
697 nullptr);
698 // clang-format on
699 656
700 ShouldSucceed(msg1); 657 ShouldSucceed(msg1);
701 CheckRejectTag(); 658 CheckRejectTag();
702 const HandshakeFailureReason kRejectReasons1[] = { 659 const HandshakeFailureReason kRejectReasons1[] = {
703 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 660 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
704 CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1)); 661 CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1));
705 } 662 }
706 663
707 TEST_P(CryptoServerTest, DowngradeAttack) { 664 TEST_P(CryptoServerTest, DowngradeAttack) {
708 if (supported_versions_.size() == 1) { 665 if (supported_versions_.size() == 1) {
709 // No downgrade attack is possible if the server only supports one version. 666 // No downgrade attack is possible if the server only supports one version.
710 return; 667 return;
711 } 668 }
712 // Set the client's preferred version to a supported version that 669 // Set the client's preferred version to a supported version that
713 // is not the "current" version (supported_versions_.front()). 670 // is not the "current" version (supported_versions_.front()).
714 string bad_version = 671 string bad_version =
715 QuicTagToString(QuicVersionToQuicTag(supported_versions_.back())); 672 QuicTagToString(QuicVersionToQuicTag(supported_versions_.back()));
716 673
717 // clang-format off 674 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
718 CryptoHandshakeMessage msg = crypto_test_utils::Message( 675 {{"PDMD", "X509"}, {"VER\0", bad_version}}, kClientHelloMinimumSize);
719 "CHLO", 676
720 "PDMD", "X509",
721 "VER\0", bad_version.c_str(),
722 "$padding", static_cast<int>(kClientHelloMinimumSize),
723 nullptr);
724 // clang-format on
725 ShouldFailMentioning("Downgrade", msg); 677 ShouldFailMentioning("Downgrade", msg);
726 const HandshakeFailureReason kRejectReasons[] = { 678 const HandshakeFailureReason kRejectReasons[] = {
727 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 679 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
728 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 680 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
729 } 681 }
730 682
731 TEST_P(CryptoServerTest, CorruptServerConfig) { 683 TEST_P(CryptoServerTest, CorruptServerConfig) {
732 // This tests corrupted server config. 684 // This tests corrupted server config.
733 // clang-format off 685 CryptoHandshakeMessage msg =
734 CryptoHandshakeMessage msg = crypto_test_utils::Message( 686 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
735 "CHLO", 687 {"AEAD", "AESG"},
736 "PDMD", "X509", 688 {"KEXS", "C255"},
737 "AEAD", "AESG", 689 {"SCID", (string(1, 'X') + scid_hex_)},
738 "KEXS", "C255", 690 {"#004b5453", srct_hex_},
739 "SCID", (string(1, 'X') + scid_hex_).c_str(), 691 {"PUBS", pub_hex_},
740 "#004b5453", srct_hex_.c_str(), 692 {"NONC", nonce_hex_},
741 "PUBS", pub_hex_.c_str(), 693 {"VER\0", client_version_string_}},
742 "NONC", nonce_hex_.c_str(), 694 kClientHelloMinimumSize);
743 "VER\0", client_version_string_.c_str(), 695
744 "$padding", static_cast<int>(kClientHelloMinimumSize),
745 nullptr);
746 // clang-format on
747 ShouldSucceed(msg); 696 ShouldSucceed(msg);
748 CheckRejectTag(); 697 CheckRejectTag();
749 const HandshakeFailureReason kRejectReasons[] = { 698 const HandshakeFailureReason kRejectReasons[] = {
750 SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE}; 699 SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE};
751 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 700 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
752 } 701 }
753 702
754 TEST_P(CryptoServerTest, CorruptSourceAddressToken) { 703 TEST_P(CryptoServerTest, CorruptSourceAddressToken) {
755 // This tests corrupted source address token. 704 // This tests corrupted source address token.
756 // clang-format off 705 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
757 CryptoHandshakeMessage msg = crypto_test_utils::Message( 706 {{"PDMD", "X509"},
758 "CHLO", 707 {"AEAD", "AESG"},
759 "PDMD", "X509", 708 {"KEXS", "C255"},
760 "AEAD", "AESG", 709 {"SCID", scid_hex_},
761 "KEXS", "C255", 710 {"#004b5453", (string(1, 'X') + srct_hex_)},
762 "SCID", scid_hex_.c_str(), 711 {"PUBS", pub_hex_},
763 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), 712 {"NONC", nonce_hex_},
764 "PUBS", pub_hex_.c_str(), 713 {"XLCT", XlctHexString()},
765 "NONC", nonce_hex_.c_str(), 714 {"VER\0", client_version_string_}},
766 "XLCT", XlctHexString().c_str(), 715 kClientHelloMinimumSize);
767 "VER\0", client_version_string_.c_str(), 716
768 "$padding", static_cast<int>(kClientHelloMinimumSize),
769 nullptr);
770 // clang-format on
771 ShouldSucceed(msg); 717 ShouldSucceed(msg);
772 CheckRejectTag(); 718 CheckRejectTag();
773 const HandshakeFailureReason kRejectReasons[] = { 719 const HandshakeFailureReason kRejectReasons[] = {
774 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE}; 720 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE};
775 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 721 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
776 } 722 }
777 723
778 TEST_P(CryptoServerTest, CorruptClientNonceAndSourceAddressToken) { 724 TEST_P(CryptoServerTest, CorruptClientNonceAndSourceAddressToken) {
779 // This test corrupts client nonce and source address token. 725 // This test corrupts client nonce and source address token.
780 // clang-format off 726 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
781 CryptoHandshakeMessage msg = crypto_test_utils::Message( 727 {{"PDMD", "X509"},
782 "CHLO", 728 {"AEAD", "AESG"},
783 "PDMD", "X509", 729 {"KEXS", "C255"},
784 "AEAD", "AESG", 730 {"SCID", scid_hex_},
785 "KEXS", "C255", 731 {"#004b5453", (string(1, 'X') + srct_hex_)},
786 "SCID", scid_hex_.c_str(), 732 {"PUBS", pub_hex_},
787 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), 733 {"NONC", (string(1, 'X') + nonce_hex_)},
788 "PUBS", pub_hex_.c_str(), 734 {"XLCT", XlctHexString()},
789 "NONC", (string(1, 'X') + nonce_hex_).c_str(), 735 {"VER\0", client_version_string_}},
790 "XLCT", XlctHexString().c_str(), 736 kClientHelloMinimumSize);
791 "VER\0", client_version_string_.c_str(), 737
792 "$padding", static_cast<int>(kClientHelloMinimumSize),
793 nullptr);
794 // clang-format on
795 ShouldSucceed(msg); 738 ShouldSucceed(msg);
796 CheckRejectTag(); 739 CheckRejectTag();
797 const HandshakeFailureReason kRejectReasons[] = { 740 const HandshakeFailureReason kRejectReasons[] = {
798 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; 741 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE};
799 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 742 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
800 } 743 }
801 744
802 TEST_P(CryptoServerTest, CorruptMultipleTags) { 745 TEST_P(CryptoServerTest, CorruptMultipleTags) {
803 // This test corrupts client nonce, server nonce and source address token. 746 // This test corrupts client nonce, server nonce and source address token.
804 // clang-format off 747 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
805 CryptoHandshakeMessage msg = crypto_test_utils::Message( 748 {{"PDMD", "X509"},
806 "CHLO", 749 {"AEAD", "AESG"},
807 "PDMD", "X509", 750 {"KEXS", "C255"},
808 "AEAD", "AESG", 751 {"SCID", scid_hex_},
809 "KEXS", "C255", 752 {"#004b5453", (string(1, 'X') + srct_hex_)},
810 "SCID", scid_hex_.c_str(), 753 {"PUBS", pub_hex_},
811 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), 754 {"NONC", (string(1, 'X') + nonce_hex_)},
812 "PUBS", pub_hex_.c_str(), 755 {"NONP", (string(1, 'X') + nonce_hex_)},
813 "NONC", (string(1, 'X') + nonce_hex_).c_str(), 756 {"SNO\0", (string(1, 'X') + nonce_hex_)},
814 "NONP", (string(1, 'X') + nonce_hex_).c_str(), 757 {"XLCT", XlctHexString()},
815 "SNO\0", (string(1, 'X') + nonce_hex_).c_str(), 758 {"VER\0", client_version_string_}},
816 "XLCT", XlctHexString().c_str(), 759 kClientHelloMinimumSize);
817 "VER\0", client_version_string_.c_str(), 760
818 "$padding", static_cast<int>(kClientHelloMinimumSize),
819 nullptr);
820 // clang-format on
821 ShouldSucceed(msg); 761 ShouldSucceed(msg);
822 CheckRejectTag(); 762 CheckRejectTag();
823 763
824 const HandshakeFailureReason kRejectReasons[] = { 764 const HandshakeFailureReason kRejectReasons[] = {
825 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; 765 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE};
826 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 766 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
827 } 767 }
828 768
829 TEST_P(CryptoServerTest, NoServerNonce) { 769 TEST_P(CryptoServerTest, NoServerNonce) {
830 // When no server nonce is present and no strike register is configured, 770 // When no server nonce is present and no strike register is configured,
831 // the CHLO should be rejected. 771 // the CHLO should be rejected.
832 // clang-format off 772 CryptoHandshakeMessage msg =
833 CryptoHandshakeMessage msg = crypto_test_utils::Message( 773 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
834 "CHLO", 774 {"AEAD", "AESG"},
835 "PDMD", "X509", 775 {"KEXS", "C255"},
836 "AEAD", "AESG", 776 {"SCID", scid_hex_},
837 "KEXS", "C255", 777 {"#004b5453", srct_hex_},
838 "SCID", scid_hex_.c_str(), 778 {"PUBS", pub_hex_},
839 "#004b5453", srct_hex_.c_str(), 779 {"NONC", nonce_hex_},
840 "PUBS", pub_hex_.c_str(), 780 {"NONP", nonce_hex_},
841 "NONC", nonce_hex_.c_str(), 781 {"XLCT", XlctHexString()},
842 "NONP", nonce_hex_.c_str(), 782 {"VER\0", client_version_string_}},
843 "XLCT", XlctHexString().c_str(), 783 kClientHelloMinimumSize);
844 "VER\0", client_version_string_.c_str(),
845 "$padding", static_cast<int>(kClientHelloMinimumSize),
846 nullptr);
847 // clang-format on
848 784
849 ShouldSucceed(msg); 785 ShouldSucceed(msg);
850 786
851 // Even without a server nonce, this ClientHello should be accepted in 787 // Even without a server nonce, this ClientHello should be accepted in
852 // version 33. 788 // version 33.
853 ASSERT_EQ(kSHLO, out_.tag()); 789 ASSERT_EQ(kSHLO, out_.tag());
854 CheckServerHello(out_); 790 CheckServerHello(out_);
855 } 791 }
856 792
857 TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { 793 TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) {
858 client_address_ = QuicSocketAddress(QuicIpAddress::Loopback6(), 1234); 794 client_address_ = QuicSocketAddress(QuicIpAddress::Loopback6(), 1234);
859 // clang-format off 795
860 CryptoHandshakeMessage msg = crypto_test_utils::Message( 796 CryptoHandshakeMessage msg =
861 "CHLO", 797 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"},
862 "AEAD", "AESG", 798 {"KEXS", "C255"},
863 "KEXS", "C255", 799 {"PDMD", "X509"},
864 "PDMD", "X509", 800 {"SCID", kOldConfigId},
865 "SCID", kOldConfigId, 801 {"#004b5453", srct_hex_},
866 "#004b5453", srct_hex_.c_str(), 802 {"PUBS", pub_hex_},
867 "PUBS", pub_hex_.c_str(), 803 {"NONC", nonce_hex_},
868 "NONC", nonce_hex_.c_str(), 804 {"NONP", "123456789012345678901234567890"},
869 "NONP", "123456789012345678901234567890", 805 {"VER\0", client_version_string_},
870 "VER\0", client_version_string_.c_str(), 806 {"XLCT", XlctHexString()}},
871 "XLCT", XlctHexString().c_str(), 807 kClientHelloMinimumSize);
872 "$padding", static_cast<int>(kClientHelloMinimumSize), 808
873 nullptr);
874 // clang-format on
875 ShouldSucceed(msg); 809 ShouldSucceed(msg);
876 // The message should be rejected because the source-address token is no 810 // The message should be rejected because the source-address token is no
877 // longer valid. 811 // longer valid.
878 CheckRejectTag(); 812 CheckRejectTag();
879 const HandshakeFailureReason kRejectReasons[] = { 813 const HandshakeFailureReason kRejectReasons[] = {
880 SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE}; 814 SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE};
881 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 815 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
882 816
883 StringPiece cert, proof, scfg_str; 817 StringPiece cert, proof, scfg_str;
884 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); 818 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert));
(...skipping 25 matching lines...) Expand all
910 string chlo_hash; 844 string chlo_hash;
911 CryptoUtils::HashHandshakeMessage(msg, &chlo_hash); 845 CryptoUtils::HashHandshakeMessage(msg, &chlo_hash);
912 EXPECT_EQ(QUIC_SUCCESS, 846 EXPECT_EQ(QUIC_SUCCESS,
913 proof_verifier->VerifyProof( 847 proof_verifier->VerifyProof(
914 "test.example.com", 443, scfg_str.as_string(), client_version_, 848 "test.example.com", 443, scfg_str.as_string(), client_version_,
915 chlo_hash, certs, "", proof.as_string(), verify_context.get(), 849 chlo_hash, certs, "", proof.as_string(), verify_context.get(),
916 &error_details, &details, std::move(callback))); 850 &error_details, &details, std::move(callback)));
917 } 851 }
918 852
919 TEST_P(CryptoServerTest, RejectInvalidXlct) { 853 TEST_P(CryptoServerTest, RejectInvalidXlct) {
920 // clang-format off 854 CryptoHandshakeMessage msg =
921 CryptoHandshakeMessage msg = crypto_test_utils::Message( 855 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
922 "CHLO", 856 {"AEAD", "AESG"},
923 "PDMD", "X509", 857 {"KEXS", "C255"},
924 "AEAD", "AESG", 858 {"SCID", scid_hex_},
925 "KEXS", "C255", 859 {"#004b5453", srct_hex_},
926 "SCID", scid_hex_.c_str(), 860 {"PUBS", pub_hex_},
927 "#004b5453", srct_hex_.c_str(), 861 {"NONC", nonce_hex_},
928 "PUBS", pub_hex_.c_str(), 862 {"VER\0", client_version_string_},
929 "NONC", nonce_hex_.c_str(), 863 {"XLCT", "#0102030405060708"}},
930 "VER\0", client_version_string_.c_str(), 864 kClientHelloMinimumSize);
931 "XLCT", "#0102030405060708", 865
932 "$padding", static_cast<int>(kClientHelloMinimumSize),
933 nullptr);
934 // clang-format on
935 // If replay protection isn't disabled, then 866 // If replay protection isn't disabled, then
936 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false 867 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
937 // and cause ProcessClientHello to exit early (and generate a REJ message). 868 // and cause ProcessClientHello to exit early (and generate a REJ message).
938 config_.set_replay_protection(false); 869 config_.set_replay_protection(false);
939 870
940 ShouldSucceed(msg); 871 ShouldSucceed(msg);
941 // clang-format off 872
942 const HandshakeFailureReason kRejectReasons[] = { 873 const HandshakeFailureReason kRejectReasons[] = {
943 INVALID_EXPECTED_LEAF_CERTIFICATE 874 INVALID_EXPECTED_LEAF_CERTIFICATE};
944 }; 875
945 // clang-format on
946 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 876 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
947 } 877 }
948 878
949 TEST_P(CryptoServerTest, ValidXlct) { 879 TEST_P(CryptoServerTest, ValidXlct) {
950 // clang-format off 880 CryptoHandshakeMessage msg =
951 CryptoHandshakeMessage msg = crypto_test_utils::Message( 881 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
952 "CHLO", 882 {"AEAD", "AESG"},
953 "PDMD", "X509", 883 {"KEXS", "C255"},
954 "AEAD", "AESG", 884 {"SCID", scid_hex_},
955 "KEXS", "C255", 885 {"#004b5453", srct_hex_},
956 "SCID", scid_hex_.c_str(), 886 {"PUBS", pub_hex_},
957 "#004b5453", srct_hex_.c_str(), 887 {"NONC", nonce_hex_},
958 "PUBS", pub_hex_.c_str(), 888 {"VER\0", client_version_string_},
959 "NONC", nonce_hex_.c_str(), 889 {"XLCT", XlctHexString()}},
960 "VER\0", client_version_string_.c_str(), 890 kClientHelloMinimumSize);
961 "XLCT", XlctHexString().c_str(), 891
962 "$padding", static_cast<int>(kClientHelloMinimumSize),
963 nullptr);
964 // clang-format on
965 // If replay protection isn't disabled, then 892 // If replay protection isn't disabled, then
966 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false 893 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
967 // and cause ProcessClientHello to exit early (and generate a REJ message). 894 // and cause ProcessClientHello to exit early (and generate a REJ message).
968 config_.set_replay_protection(false); 895 config_.set_replay_protection(false);
969 896
970 ShouldSucceed(msg); 897 ShouldSucceed(msg);
971 EXPECT_EQ(kSHLO, out_.tag()); 898 EXPECT_EQ(kSHLO, out_.tag());
972 } 899 }
973 900
974 TEST_P(CryptoServerTest, NonceInSHLO) { 901 TEST_P(CryptoServerTest, NonceInSHLO) {
975 // clang-format off 902 CryptoHandshakeMessage msg =
976 CryptoHandshakeMessage msg = crypto_test_utils::Message( 903 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
977 "CHLO", 904 {"AEAD", "AESG"},
978 "PDMD", "X509", 905 {"KEXS", "C255"},
979 "AEAD", "AESG", 906 {"SCID", scid_hex_},
980 "KEXS", "C255", 907 {"#004b5453", srct_hex_},
981 "SCID", scid_hex_.c_str(), 908 {"PUBS", pub_hex_},
982 "#004b5453", srct_hex_.c_str(), 909 {"NONC", nonce_hex_},
983 "PUBS", pub_hex_.c_str(), 910 {"VER\0", client_version_string_},
984 "NONC", nonce_hex_.c_str(), 911 {"XLCT", XlctHexString()}},
985 "VER\0", client_version_string_.c_str(), 912 kClientHelloMinimumSize);
986 "XLCT", XlctHexString().c_str(), 913
987 "$padding", static_cast<int>(kClientHelloMinimumSize),
988 nullptr);
989 // clang-format on
990 // If replay protection isn't disabled, then 914 // If replay protection isn't disabled, then
991 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false 915 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
992 // and cause ProcessClientHello to exit early (and generate a REJ message). 916 // and cause ProcessClientHello to exit early (and generate a REJ message).
993 config_.set_replay_protection(false); 917 config_.set_replay_protection(false);
994 918
995 ShouldSucceed(msg); 919 ShouldSucceed(msg);
996 EXPECT_EQ(kSHLO, out_.tag()); 920 EXPECT_EQ(kSHLO, out_.tag());
997 921
998 StringPiece nonce; 922 StringPiece nonce;
999 EXPECT_TRUE(out_.GetStringPiece(kServerNonceTag, &nonce)); 923 EXPECT_TRUE(out_.GetStringPiece(kServerNonceTag, &nonce));
1000 } 924 }
1001 925
1002 TEST_P(CryptoServerTest, ProofSourceFailure) { 926 TEST_P(CryptoServerTest, ProofSourceFailure) {
1003 // Install a ProofSource which will unconditionally fail 927 // Install a ProofSource which will unconditionally fail
1004 peer_.ResetProofSource(std::unique_ptr<ProofSource>(new FailingProofSource)); 928 peer_.ResetProofSource(std::unique_ptr<ProofSource>(new FailingProofSource));
1005 929
1006 // clang-format off 930 CryptoHandshakeMessage msg =
1007 CryptoHandshakeMessage msg = crypto_test_utils::Message( 931 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"},
1008 "CHLO", 932 {"KEXS", "C255"},
1009 "AEAD", "AESG", 933 {"SCID", scid_hex_},
1010 "KEXS", "C255", 934 {"PUBS", pub_hex_},
1011 "SCID", scid_hex_.c_str(), 935 {"NONC", nonce_hex_},
1012 "PUBS", pub_hex_.c_str(), 936 {"PDMD", "X509"},
1013 "NONC", nonce_hex_.c_str(), 937 {"VER\0", client_version_string_}},
1014 "PDMD", "X509", 938 kClientHelloMinimumSize);
1015 "VER\0", client_version_string_.c_str(),
1016 "$padding", static_cast<int>(kClientHelloMinimumSize),
1017 nullptr);
1018 // clang-format on
1019 939
1020 // Just ensure that we don't crash as occurred in b/33916924. 940 // Just ensure that we don't crash as occurred in b/33916924.
1021 ShouldFailMentioning("", msg); 941 ShouldFailMentioning("", msg);
1022 } 942 }
1023 943
1024 TEST(CryptoServerConfigGenerationTest, Determinism) { 944 TEST(CryptoServerConfigGenerationTest, Determinism) {
1025 // Test that using a deterministic PRNG causes the server-config to be 945 // Test that using a deterministic PRNG causes the server-config to be
1026 // deterministic. 946 // deterministic.
1027 947
1028 MockRandom rand_a, rand_b; 948 MockRandom rand_a, rand_b;
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
1095 } 1015 }
1096 1016
1097 class CryptoServerTestNoConfig : public CryptoServerTest { 1017 class CryptoServerTestNoConfig : public CryptoServerTest {
1098 public: 1018 public:
1099 void SetUp() override { 1019 void SetUp() override {
1100 // Deliberately don't add a config so that we can test this situation. 1020 // Deliberately don't add a config so that we can test this situation.
1101 } 1021 }
1102 }; 1022 };
1103 1023
1104 TEST_P(CryptoServerTestNoConfig, DontCrash) { 1024 TEST_P(CryptoServerTestNoConfig, DontCrash) {
1105 // clang-format off 1025 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
1106 CryptoHandshakeMessage msg = crypto_test_utils::Message( 1026 {{"PDMD", "X509"}, {"VER\0", client_version_string_}},
1107 "CHLO", 1027 kClientHelloMinimumSize);
1108 "PDMD", "X509", 1028
1109 "VER\0", client_version_string_.c_str(),
1110 "$padding", static_cast<int>(kClientHelloMinimumSize),
1111 nullptr);
1112 // clang-format on
1113 ShouldFailMentioning("No config", msg); 1029 ShouldFailMentioning("No config", msg);
1114 1030
1115 const HandshakeFailureReason kRejectReasons[] = { 1031 const HandshakeFailureReason kRejectReasons[] = {
1116 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; 1032 SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
1117 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 1033 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
1118 } 1034 }
1119 1035
1120 class CryptoServerTestOldVersion : public CryptoServerTest { 1036 class CryptoServerTestOldVersion : public CryptoServerTest {
1121 public: 1037 public:
1122 void SetUp() override { 1038 void SetUp() override {
1123 client_version_ = supported_versions_.back(); 1039 client_version_ = supported_versions_.back();
1124 client_version_string_ = 1040 client_version_string_ =
1125 QuicTagToString(QuicVersionToQuicTag(client_version_)); 1041 QuicTagToString(QuicVersionToQuicTag(client_version_));
1126 CryptoServerTest::SetUp(); 1042 CryptoServerTest::SetUp();
1127 } 1043 }
1128 }; 1044 };
1129 1045
1130 TEST_P(CryptoServerTestOldVersion, ServerIgnoresXlct) { 1046 TEST_P(CryptoServerTestOldVersion, ServerIgnoresXlct) {
1131 // clang-format off 1047 CryptoHandshakeMessage msg =
1132 CryptoHandshakeMessage msg = crypto_test_utils::Message( 1048 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
1133 "CHLO", 1049 {"AEAD", "AESG"},
1134 "PDMD", "X509", 1050 {"KEXS", "C255"},
1135 "AEAD", "AESG", 1051 {"SCID", scid_hex_},
1136 "KEXS", "C255", 1052 {"#004b5453", srct_hex_},
1137 "SCID", scid_hex_.c_str(), 1053 {"PUBS", pub_hex_},
1138 "#004b5453", srct_hex_.c_str(), 1054 {"NONC", nonce_hex_},
1139 "PUBS", pub_hex_.c_str(), 1055 {"VER\0", client_version_string_},
1140 "NONC", nonce_hex_.c_str(), 1056 {"XLCT", "#0100000000000000"}},
1141 "VER\0", client_version_string_.c_str(), 1057 kClientHelloMinimumSize);
1142 "XLCT", "#0100000000000000", 1058
1143 "$padding", static_cast<int>(kClientHelloMinimumSize),
1144 nullptr);
1145 // clang-format on
1146 // If replay protection isn't disabled, then 1059 // If replay protection isn't disabled, then
1147 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false 1060 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
1148 // and cause ProcessClientHello to exit early (and generate a REJ message). 1061 // and cause ProcessClientHello to exit early (and generate a REJ message).
1149 config_.set_replay_protection(false); 1062 config_.set_replay_protection(false);
1150 1063
1151 ShouldSucceed(msg); 1064 ShouldSucceed(msg);
1152 EXPECT_EQ(kSHLO, out_.tag()); 1065 EXPECT_EQ(kSHLO, out_.tag());
1153 } 1066 }
1154 1067
1155 TEST_P(CryptoServerTestOldVersion, XlctNotRequired) { 1068 TEST_P(CryptoServerTestOldVersion, XlctNotRequired) {
1156 // clang-format off 1069 CryptoHandshakeMessage msg =
1157 CryptoHandshakeMessage msg = crypto_test_utils::Message( 1070 crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
1158 "CHLO", 1071 {"AEAD", "AESG"},
1159 "PDMD", "X509", 1072 {"KEXS", "C255"},
1160 "AEAD", "AESG", 1073 {"SCID", scid_hex_},
1161 "KEXS", "C255", 1074 {"#004b5453", srct_hex_},
1162 "SCID", scid_hex_.c_str(), 1075 {"PUBS", pub_hex_},
1163 "#004b5453", srct_hex_.c_str(), 1076 {"NONC", nonce_hex_},
1164 "PUBS", pub_hex_.c_str(), 1077 {"VER\0", client_version_string_}},
1165 "NONC", nonce_hex_.c_str(), 1078 kClientHelloMinimumSize);
1166 "VER\0", client_version_string_.c_str(), 1079
1167 "$padding", static_cast<int>(kClientHelloMinimumSize),
1168 nullptr);
1169 // clang-format on
1170 // If replay protection isn't disabled, then 1080 // If replay protection isn't disabled, then
1171 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false 1081 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
1172 // and cause ProcessClientHello to exit early (and generate a REJ message). 1082 // and cause ProcessClientHello to exit early (and generate a REJ message).
1173 config_.set_replay_protection(false); 1083 config_.set_replay_protection(false);
1174 1084
1175 ShouldSucceed(msg); 1085 ShouldSucceed(msg);
1176 EXPECT_EQ(kSHLO, out_.tag()); 1086 EXPECT_EQ(kSHLO, out_.tag());
1177 } 1087 }
1178 1088
1179 } // namespace test 1089 } // namespace test
1180 } // namespace net 1090 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/quic/test_tools/crypto_test_utils.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698