| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <algorithm> | 5 #include <algorithm> |
| 6 #include <cstdint> | 6 #include <cstdint> |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <ostream> | 8 #include <ostream> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "crypto/secure_hash.h" | |
| 12 #include "net/quic/core/crypto/cert_compressor.h" | 11 #include "net/quic/core/crypto/cert_compressor.h" |
| 13 #include "net/quic/core/crypto/common_cert_set.h" | 12 #include "net/quic/core/crypto/common_cert_set.h" |
| 14 #include "net/quic/core/crypto/crypto_handshake.h" | 13 #include "net/quic/core/crypto/crypto_handshake.h" |
| 15 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" | 14 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" |
| 16 #include "net/quic/core/crypto/crypto_utils.h" | 15 #include "net/quic/core/crypto/crypto_utils.h" |
| 17 #include "net/quic/core/crypto/proof_source.h" | 16 #include "net/quic/core/crypto/proof_source.h" |
| 18 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 17 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 19 #include "net/quic/core/crypto/quic_random.h" | 18 #include "net/quic/core/crypto/quic_random.h" |
| 20 #include "net/quic/core/quic_flags.h" | 19 #include "net/quic/core/quic_flags.h" |
| 21 #include "net/quic/core/quic_socket_address_coder.h" | 20 #include "net/quic/core/quic_socket_address_coder.h" |
| 22 #include "net/quic/core/quic_utils.h" | 21 #include "net/quic/core/quic_utils.h" |
| 23 #include "net/quic/platform/api/quic_text_utils.h" | 22 #include "net/quic/platform/api/quic_text_utils.h" |
| 24 #include "net/quic/test_tools/crypto_test_utils.h" | 23 #include "net/quic/test_tools/crypto_test_utils.h" |
| 25 #include "net/quic/test_tools/delayed_verify_strike_register_client.h" | 24 #include "net/quic/test_tools/delayed_verify_strike_register_client.h" |
| 26 #include "net/quic/test_tools/failing_proof_source.h" | 25 #include "net/quic/test_tools/failing_proof_source.h" |
| 27 #include "net/quic/test_tools/mock_clock.h" | 26 #include "net/quic/test_tools/mock_clock.h" |
| 28 #include "net/quic/test_tools/mock_random.h" | 27 #include "net/quic/test_tools/mock_random.h" |
| 29 #include "net/quic/test_tools/quic_crypto_server_config_peer.h" | 28 #include "net/quic/test_tools/quic_crypto_server_config_peer.h" |
| 30 #include "net/quic/test_tools/quic_test_utils.h" | 29 #include "net/quic/test_tools/quic_test_utils.h" |
| 31 #include "testing/gtest/include/gtest/gtest.h" | 30 #include "testing/gtest/include/gtest/gtest.h" |
| 31 #include "third_party/boringssl/src/include/openssl/sha.h" |
| 32 | 32 |
| 33 using base::StringPiece; | 33 using base::StringPiece; |
| 34 using std::string; | 34 using std::string; |
| 35 | 35 |
| 36 namespace net { | 36 namespace net { |
| 37 namespace test { | 37 namespace test { |
| 38 | 38 |
| 39 namespace { | 39 namespace { |
| 40 | 40 |
| 41 class DummyProofVerifierCallback : public ProofVerifierCallback { | 41 class DummyProofVerifierCallback : public ProofVerifierCallback { |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 100 return params; | 100 return params; |
| 101 } | 101 } |
| 102 | 102 |
| 103 class CryptoServerTest : public ::testing::TestWithParam<TestParams> { | 103 class CryptoServerTest : public ::testing::TestWithParam<TestParams> { |
| 104 public: | 104 public: |
| 105 CryptoServerTest() | 105 CryptoServerTest() |
| 106 : rand_(QuicRandom::GetInstance()), | 106 : rand_(QuicRandom::GetInstance()), |
| 107 client_address_(QuicIpAddress::Loopback4(), 1234), | 107 client_address_(QuicIpAddress::Loopback4(), 1234), |
| 108 config_(QuicCryptoServerConfig::TESTING, | 108 config_(QuicCryptoServerConfig::TESTING, |
| 109 rand_, | 109 rand_, |
| 110 CryptoTestUtils::ProofSourceForTesting()), | 110 crypto_test_utils::ProofSourceForTesting()), |
| 111 peer_(&config_), | 111 peer_(&config_), |
| 112 compressed_certs_cache_( | 112 compressed_certs_cache_( |
| 113 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize), | 113 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize), |
| 114 params_(new QuicCryptoNegotiatedParameters), | 114 params_(new QuicCryptoNegotiatedParameters), |
| 115 signed_config_(new QuicSignedServerConfig), | 115 signed_config_(new QuicSignedServerConfig), |
| 116 chlo_packet_size_(kDefaultMaxPacketSize) { | 116 chlo_packet_size_(kDefaultMaxPacketSize) { |
| 117 supported_versions_ = GetParam().supported_versions; | 117 supported_versions_ = GetParam().supported_versions; |
| 118 config_.set_enable_serving_sct(true); | 118 config_.set_enable_serving_sct(true); |
| 119 | 119 |
| 120 client_version_ = supported_versions_.front(); | 120 client_version_ = supported_versions_.front(); |
| (...skipping 21 matching lines...) Expand all Loading... |
| 142 CHECK_EQ(sizeof(orbit_), orbit.size()); | 142 CHECK_EQ(sizeof(orbit_), orbit.size()); |
| 143 memcpy(orbit_, orbit.data(), orbit.size()); | 143 memcpy(orbit_, orbit.data(), orbit.size()); |
| 144 | 144 |
| 145 char public_value[32]; | 145 char public_value[32]; |
| 146 memset(public_value, 42, sizeof(public_value)); | 146 memset(public_value, 42, sizeof(public_value)); |
| 147 | 147 |
| 148 nonce_hex_ = "#" + QuicTextUtils::HexEncode(GenerateNonce()); | 148 nonce_hex_ = "#" + QuicTextUtils::HexEncode(GenerateNonce()); |
| 149 pub_hex_ = | 149 pub_hex_ = |
| 150 "#" + QuicTextUtils::HexEncode(public_value, sizeof(public_value)); | 150 "#" + QuicTextUtils::HexEncode(public_value, sizeof(public_value)); |
| 151 | 151 |
| 152 // clang-format off | 152 CryptoHandshakeMessage client_hello = |
| 153 CryptoHandshakeMessage client_hello = CryptoTestUtils::Message( | 153 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 154 "CHLO", | 154 {"AEAD", "AESG"}, |
| 155 "PDMD", "X509", | 155 {"KEXS", "C255"}, |
| 156 "AEAD", "AESG", | 156 {"PUBS", pub_hex_}, |
| 157 "KEXS", "C255", | 157 {"NONC", nonce_hex_}, |
| 158 "PUBS", pub_hex_.c_str(), | 158 {"CSCT", ""}, |
| 159 "NONC", nonce_hex_.c_str(), | 159 {"VER\0", client_version_string_}}, |
| 160 "CSCT", "", | 160 kClientHelloMinimumSize); |
| 161 "VER\0", client_version_string_.c_str(), | |
| 162 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 163 nullptr); | |
| 164 // clang-format on | |
| 165 ShouldSucceed(client_hello); | 161 ShouldSucceed(client_hello); |
| 166 // The message should be rejected because the source-address token is | 162 // The message should be rejected because the source-address token is |
| 167 // missing. | 163 // missing. |
| 168 CheckRejectTag(); | 164 CheckRejectTag(); |
| 169 const HandshakeFailureReason kRejectReasons[] = { | 165 const HandshakeFailureReason kRejectReasons[] = { |
| 170 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 166 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 171 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 167 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 172 CheckForServerDesignatedConnectionId(); | 168 CheckForServerDesignatedConnectionId(); |
| 173 | 169 |
| 174 StringPiece srct; | 170 StringPiece srct; |
| (...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 379 ASSERT_EQ(kREJ, out_.tag()) << QuicTagToString(out_.tag()); | 375 ASSERT_EQ(kREJ, out_.tag()) << QuicTagToString(out_.tag()); |
| 380 } | 376 } |
| 381 } | 377 } |
| 382 | 378 |
| 383 bool RejectsAreStateless() { | 379 bool RejectsAreStateless() { |
| 384 return GetParam().enable_stateless_rejects && | 380 return GetParam().enable_stateless_rejects && |
| 385 GetParam().use_stateless_rejects; | 381 GetParam().use_stateless_rejects; |
| 386 } | 382 } |
| 387 | 383 |
| 388 string XlctHexString() { | 384 string XlctHexString() { |
| 389 uint64_t xlct = CryptoTestUtils::LeafCertHashForTesting(); | 385 uint64_t xlct = crypto_test_utils::LeafCertHashForTesting(); |
| 390 return "#" + QuicTextUtils::HexEncode(reinterpret_cast<char*>(&xlct), | 386 return "#" + QuicTextUtils::HexEncode(reinterpret_cast<char*>(&xlct), |
| 391 sizeof(xlct)); | 387 sizeof(xlct)); |
| 392 } | 388 } |
| 393 | 389 |
| 394 protected: | 390 protected: |
| 395 QuicFlagSaver flags_; // Save/restore all QUIC flag values. | 391 QuicFlagSaver flags_; // Save/restore all QUIC flag values. |
| 396 QuicRandom* const rand_; | 392 QuicRandom* const rand_; |
| 397 MockRandom rand_for_id_generation_; | 393 MockRandom rand_for_id_generation_; |
| 398 MockClock clock_; | 394 MockClock clock_; |
| 399 QuicSocketAddress client_address_; | 395 QuicSocketAddress client_address_; |
| (...skipping 27 matching lines...) Expand all Loading... |
| 427 "", | 423 "", |
| 428 "foo", | 424 "foo", |
| 429 "#00", | 425 "#00", |
| 430 "#ff00", | 426 "#ff00", |
| 431 "127.0.0.1", | 427 "127.0.0.1", |
| 432 "ffee::1", | 428 "ffee::1", |
| 433 }; | 429 }; |
| 434 // clang-format on | 430 // clang-format on |
| 435 | 431 |
| 436 for (size_t i = 0; i < arraysize(kBadSNIs); i++) { | 432 for (size_t i = 0; i < arraysize(kBadSNIs); i++) { |
| 437 // clang-format off | 433 CryptoHandshakeMessage msg = |
| 438 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 434 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 439 "CHLO", | 435 {"SNI", kBadSNIs[i]}, |
| 440 "PDMD", "X509", | 436 {"VER\0", client_version_string_}}, |
| 441 "SNI", kBadSNIs[i], | 437 kClientHelloMinimumSize); |
| 442 "VER\0", client_version_string_.c_str(), | |
| 443 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 444 nullptr); | |
| 445 // clang-format on | |
| 446 ShouldFailMentioning("SNI", msg); | 438 ShouldFailMentioning("SNI", msg); |
| 447 const HandshakeFailureReason kRejectReasons[] = { | 439 const HandshakeFailureReason kRejectReasons[] = { |
| 448 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 440 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 449 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 441 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 450 } | 442 } |
| 451 } | 443 } |
| 452 | 444 |
| 453 TEST_P(CryptoServerTest, DefaultCert) { | 445 TEST_P(CryptoServerTest, DefaultCert) { |
| 454 // Check that the server replies with a default certificate when no SNI is | 446 // Check that the server replies with a default certificate when no SNI is |
| 455 // specified. The CHLO is constructed to generate a REJ with certs, so must | 447 // specified. The CHLO is constructed to generate a REJ with certs, so must |
| 456 // not contain a valid STK, and must include PDMD. | 448 // not contain a valid STK, and must include PDMD. |
| 457 // clang-format off | 449 CryptoHandshakeMessage msg = |
| 458 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 450 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"}, |
| 459 "CHLO", | 451 {"KEXS", "C255"}, |
| 460 "AEAD", "AESG", | 452 {"PUBS", pub_hex_}, |
| 461 "KEXS", "C255", | 453 {"NONC", nonce_hex_}, |
| 462 "PUBS", pub_hex_.c_str(), | 454 {"PDMD", "X509"}, |
| 463 "NONC", nonce_hex_.c_str(), | 455 {"VER\0", client_version_string_}}, |
| 464 "PDMD", "X509", | 456 kClientHelloMinimumSize); |
| 465 "VER\0", client_version_string_.c_str(), | |
| 466 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 467 nullptr); | |
| 468 // clang-format on | |
| 469 | 457 |
| 470 ShouldSucceed(msg); | 458 ShouldSucceed(msg); |
| 471 StringPiece cert, proof, cert_sct; | 459 StringPiece cert, proof, cert_sct; |
| 472 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); | 460 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 473 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); | 461 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); |
| 474 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); | 462 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); |
| 475 EXPECT_NE(0u, cert.size()); | 463 EXPECT_NE(0u, cert.size()); |
| 476 EXPECT_NE(0u, proof.size()); | 464 EXPECT_NE(0u, proof.size()); |
| 477 const HandshakeFailureReason kRejectReasons[] = { | 465 const HandshakeFailureReason kRejectReasons[] = { |
| 478 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 466 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 479 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 467 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 480 EXPECT_LT(0u, cert_sct.size()); | 468 EXPECT_LT(0u, cert_sct.size()); |
| 481 } | 469 } |
| 482 | 470 |
| 483 TEST_P(CryptoServerTest, RejectTooLarge) { | 471 TEST_P(CryptoServerTest, RejectTooLarge) { |
| 484 // Check that the server replies with no certificate when a CHLO is | 472 // Check that the server replies with no certificate when a CHLO is |
| 485 // constructed with a PDMD but no SKT when the REJ would be too large. | 473 // constructed with a PDMD but no SKT when the REJ would be too large. |
| 486 // clang-format off | 474 CryptoHandshakeMessage msg = |
| 487 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 475 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 488 "CHLO", | 476 {"AEAD", "AESG"}, |
| 489 "PDMD", "X509", | 477 {"KEXS", "C255"}, |
| 490 "AEAD", "AESG", | 478 {"PUBS", pub_hex_}, |
| 491 "KEXS", "C255", | 479 {"NONC", nonce_hex_}, |
| 492 "PUBS", pub_hex_.c_str(), | 480 {"PDMD", "X509"}, |
| 493 "NONC", nonce_hex_.c_str(), | 481 {"VER\0", client_version_string_}}, |
| 494 "PDMD", "X509", | 482 kClientHelloMinimumSize); |
| 495 "VER\0", client_version_string_.c_str(), | |
| 496 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 497 nullptr); | |
| 498 // clang-format on | |
| 499 | 483 |
| 500 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. | 484 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. |
| 501 config_.set_chlo_multiplier(1); | 485 config_.set_chlo_multiplier(1); |
| 502 | 486 |
| 503 ShouldSucceed(msg); | 487 ShouldSucceed(msg); |
| 504 StringPiece cert, proof, cert_sct; | 488 StringPiece cert, proof, cert_sct; |
| 505 EXPECT_FALSE(out_.GetStringPiece(kCertificateTag, &cert)); | 489 EXPECT_FALSE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 506 EXPECT_FALSE(out_.GetStringPiece(kPROF, &proof)); | 490 EXPECT_FALSE(out_.GetStringPiece(kPROF, &proof)); |
| 507 EXPECT_FALSE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); | 491 EXPECT_FALSE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); |
| 508 const HandshakeFailureReason kRejectReasons[] = { | 492 const HandshakeFailureReason kRejectReasons[] = { |
| 509 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 493 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 510 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 494 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 511 } | 495 } |
| 512 | 496 |
| 513 TEST_P(CryptoServerTest, RejectNotTooLarge) { | 497 TEST_P(CryptoServerTest, RejectNotTooLarge) { |
| 514 // When the CHLO packet is large enough, ensure that a full REJ is sent. | 498 // When the CHLO packet is large enough, ensure that a full REJ is sent. |
| 515 chlo_packet_size_ *= 2; | 499 chlo_packet_size_ *= 2; |
| 516 | 500 |
| 517 // clang-format off | 501 CryptoHandshakeMessage msg = |
| 518 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 502 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 519 "CHLO", | 503 {"AEAD", "AESG"}, |
| 520 "PDMD", "X509", | 504 {"KEXS", "C255"}, |
| 521 "AEAD", "AESG", | 505 {"PUBS", pub_hex_}, |
| 522 "KEXS", "C255", | 506 {"NONC", nonce_hex_}, |
| 523 "PUBS", pub_hex_.c_str(), | 507 {"PDMD", "X509"}, |
| 524 "NONC", nonce_hex_.c_str(), | 508 {"VER\0", client_version_string_}}, |
| 525 "PDMD", "X509", | 509 kClientHelloMinimumSize); |
| 526 "VER\0", client_version_string_.c_str(), | |
| 527 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 528 nullptr); | |
| 529 // clang-format on | |
| 530 | 510 |
| 531 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. | 511 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. |
| 532 config_.set_chlo_multiplier(1); | 512 config_.set_chlo_multiplier(1); |
| 533 | 513 |
| 534 ShouldSucceed(msg); | 514 ShouldSucceed(msg); |
| 535 StringPiece cert, proof, cert_sct; | 515 StringPiece cert, proof, cert_sct; |
| 536 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); | 516 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 537 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); | 517 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); |
| 538 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); | 518 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); |
| 539 const HandshakeFailureReason kRejectReasons[] = { | 519 const HandshakeFailureReason kRejectReasons[] = { |
| 540 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 520 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 541 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 521 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 542 } | 522 } |
| 543 | 523 |
| 544 TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) { | 524 TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) { |
| 545 // Check that the server replies with no certificate when a CHLO is | 525 // Check that the server replies with no certificate when a CHLO is |
| 546 // constructed with a PDMD but no SKT when the REJ would be too large. | 526 // constructed with a PDMD but no SKT when the REJ would be too large. |
| 547 // clang-format off | 527 CryptoHandshakeMessage msg = |
| 548 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 528 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 549 "CHLO", | 529 {"AEAD", "AESG"}, |
| 550 "PDMD", "X509", | 530 {"KEXS", "C255"}, |
| 551 "AEAD", "AESG", | 531 {"PUBS", pub_hex_}, |
| 552 "KEXS", "C255", | 532 {"NONC", nonce_hex_}, |
| 553 "PUBS", pub_hex_.c_str(), | 533 {"#004b5453", srct_hex_}, |
| 554 "NONC", nonce_hex_.c_str(), | 534 {"PDMD", "X509"}, |
| 555 "#004b5453", srct_hex_.c_str(), | 535 {"VER\0", client_version_string_}}, |
| 556 "PDMD", "X509", | 536 kClientHelloMinimumSize); |
| 557 "VER\0", client_version_string_.c_str(), | |
| 558 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 559 nullptr); | |
| 560 // clang-format on | |
| 561 | 537 |
| 562 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. | 538 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. |
| 563 config_.set_chlo_multiplier(1); | 539 config_.set_chlo_multiplier(1); |
| 564 | 540 |
| 565 ShouldSucceed(msg); | 541 ShouldSucceed(msg); |
| 566 StringPiece cert, proof, cert_sct; | 542 StringPiece cert, proof, cert_sct; |
| 567 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); | 543 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 568 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); | 544 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); |
| 569 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); | 545 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); |
| 570 EXPECT_NE(0u, cert.size()); | 546 EXPECT_NE(0u, cert.size()); |
| 571 EXPECT_NE(0u, proof.size()); | 547 EXPECT_NE(0u, proof.size()); |
| 572 const HandshakeFailureReason kRejectReasons[] = { | 548 const HandshakeFailureReason kRejectReasons[] = { |
| 573 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 549 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 574 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 550 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 575 } | 551 } |
| 576 | 552 |
| 577 TEST_P(CryptoServerTest, TooSmall) { | 553 TEST_P(CryptoServerTest, TooSmall) { |
| 578 // clang-format off | 554 ShouldFailMentioning( |
| 579 ShouldFailMentioning("too small", CryptoTestUtils::Message( | 555 "too small", |
| 580 "CHLO", | 556 crypto_test_utils::CreateCHLO( |
| 581 "PDMD", "X509", | 557 {{"PDMD", "X509"}, {"VER\0", client_version_string_.c_str()}})); |
| 582 "VER\0", client_version_string_.c_str(), | 558 |
| 583 nullptr)); | |
| 584 // clang-format on | |
| 585 const HandshakeFailureReason kRejectReasons[] = { | 559 const HandshakeFailureReason kRejectReasons[] = { |
| 586 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 560 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 587 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 561 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 588 } | 562 } |
| 589 | 563 |
| 590 TEST_P(CryptoServerTest, BadSourceAddressToken) { | 564 TEST_P(CryptoServerTest, BadSourceAddressToken) { |
| 591 // Invalid source-address tokens should be ignored. | 565 // Invalid source-address tokens should be ignored. |
| 592 // clang-format off | 566 // clang-format off |
| 593 static const char* const kBadSourceAddressTokens[] = { | 567 static const char* const kBadSourceAddressTokens[] = { |
| 594 "", | 568 "", |
| 595 "foo", | 569 "foo", |
| 596 "#0000", | 570 "#0000", |
| 597 "#0000000000000000000000000000000000000000", | 571 "#0000000000000000000000000000000000000000", |
| 598 }; | 572 }; |
| 599 // clang-format on | 573 // clang-format on |
| 600 | 574 |
| 601 for (size_t i = 0; i < arraysize(kBadSourceAddressTokens); i++) { | 575 for (size_t i = 0; i < arraysize(kBadSourceAddressTokens); i++) { |
| 602 // clang-format off | 576 CryptoHandshakeMessage msg = |
| 603 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 577 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 604 "CHLO", | 578 {"STK", kBadSourceAddressTokens[i]}, |
| 605 "PDMD", "X509", | 579 {"VER\0", client_version_string_}}, |
| 606 "STK", kBadSourceAddressTokens[i], | 580 kClientHelloMinimumSize); |
| 607 "VER\0", client_version_string_.c_str(), | |
| 608 "$padding", static_cast<int>(kClientHelloMinimumSize), nullptr); | |
| 609 // clang-format on | |
| 610 ShouldSucceed(msg); | 581 ShouldSucceed(msg); |
| 611 const HandshakeFailureReason kRejectReasons[] = { | 582 const HandshakeFailureReason kRejectReasons[] = { |
| 612 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 583 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 613 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 584 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 614 } | 585 } |
| 615 } | 586 } |
| 616 | 587 |
| 617 TEST_P(CryptoServerTest, BadClientNonce) { | 588 TEST_P(CryptoServerTest, BadClientNonce) { |
| 618 // clang-format off | 589 // clang-format off |
| 619 static const char* const kBadNonces[] = { | 590 static const char* const kBadNonces[] = { |
| 620 "", | 591 "", |
| 621 "#0000", | 592 "#0000", |
| 622 "#0000000000000000000000000000000000000000", | 593 "#0000000000000000000000000000000000000000", |
| 623 }; | 594 }; |
| 624 // clang-format on | 595 // clang-format on |
| 625 | 596 |
| 626 for (size_t i = 0; i < arraysize(kBadNonces); i++) { | 597 for (size_t i = 0; i < arraysize(kBadNonces); i++) { |
| 627 // Invalid nonces should be ignored, in an inchoate CHLO. | 598 // Invalid nonces should be ignored, in an inchoate CHLO. |
| 628 // clang-format off | 599 |
| 629 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 600 CryptoHandshakeMessage msg = |
| 630 "CHLO", | 601 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 631 "PDMD", "X509", | 602 {"NONC", kBadNonces[i]}, |
| 632 "NONC", kBadNonces[i], | 603 {"VER\0", client_version_string_}}, |
| 633 "VER\0", client_version_string_.c_str(), | 604 kClientHelloMinimumSize); |
| 634 "$padding", static_cast<int>(kClientHelloMinimumSize), | 605 |
| 635 nullptr); | |
| 636 // clang-format on | |
| 637 ShouldSucceed(msg); | 606 ShouldSucceed(msg); |
| 638 const HandshakeFailureReason kRejectReasons[] = { | 607 const HandshakeFailureReason kRejectReasons[] = { |
| 639 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 608 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 640 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 609 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 641 | 610 |
| 642 // Invalid nonces should result in CLIENT_NONCE_INVALID_FAILURE. | 611 // Invalid nonces should result in CLIENT_NONCE_INVALID_FAILURE. |
| 643 // clang-format off | 612 CryptoHandshakeMessage msg1 = |
| 644 CryptoHandshakeMessage msg1 = CryptoTestUtils::Message( | 613 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 645 "CHLO", | 614 {"AEAD", "AESG"}, |
| 646 "PDMD", "X509", | 615 {"KEXS", "C255"}, |
| 647 "AEAD", "AESG", | 616 {"SCID", scid_hex_}, |
| 648 "KEXS", "C255", | 617 {"#004b5453", srct_hex_}, |
| 649 "SCID", scid_hex_.c_str(), | 618 {"PUBS", pub_hex_}, |
| 650 "#004b5453", srct_hex_.c_str(), | 619 {"NONC", kBadNonces[i]}, |
| 651 "PUBS", pub_hex_.c_str(), | 620 {"NONP", kBadNonces[i]}, |
| 652 "NONC", kBadNonces[i], | 621 {"XLCT", XlctHexString()}, |
| 653 "NONP", kBadNonces[i], | 622 {"VER\0", client_version_string_}}, |
| 654 "XLCT", XlctHexString().c_str(), | 623 kClientHelloMinimumSize); |
| 655 "VER\0", client_version_string_.c_str(), | |
| 656 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 657 nullptr); | |
| 658 // clang-format on | |
| 659 | 624 |
| 660 ShouldSucceed(msg1); | 625 ShouldSucceed(msg1); |
| 661 | 626 |
| 662 CheckRejectTag(); | 627 CheckRejectTag(); |
| 663 const HandshakeFailureReason kRejectReasons1[] = { | 628 const HandshakeFailureReason kRejectReasons1[] = { |
| 664 CLIENT_NONCE_INVALID_FAILURE}; | 629 CLIENT_NONCE_INVALID_FAILURE}; |
| 665 CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1)); | 630 CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1)); |
| 666 } | 631 } |
| 667 } | 632 } |
| 668 | 633 |
| 669 TEST_P(CryptoServerTest, NoClientNonce) { | 634 TEST_P(CryptoServerTest, NoClientNonce) { |
| 670 // No client nonces should result in INCHOATE_HELLO_FAILURE. | 635 // No client nonces should result in INCHOATE_HELLO_FAILURE. |
| 671 // clang-format off | 636 |
| 672 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 637 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO( |
| 673 "CHLO", | 638 {{"PDMD", "X509"}, {"VER\0", client_version_string_}}, |
| 674 "PDMD", "X509", | 639 kClientHelloMinimumSize); |
| 675 "VER\0", client_version_string_.c_str(), | |
| 676 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 677 nullptr); | |
| 678 // clang-format on | |
| 679 | 640 |
| 680 ShouldSucceed(msg); | 641 ShouldSucceed(msg); |
| 681 const HandshakeFailureReason kRejectReasons[] = { | 642 const HandshakeFailureReason kRejectReasons[] = { |
| 682 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 643 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 683 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 644 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 684 | 645 |
| 685 // clang-format off | 646 CryptoHandshakeMessage msg1 = |
| 686 CryptoHandshakeMessage msg1 = CryptoTestUtils::Message( | 647 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 687 "CHLO", | 648 {"AEAD", "AESG"}, |
| 688 "PDMD", "X509", | 649 {"KEXS", "C255"}, |
| 689 "AEAD", "AESG", | 650 {"SCID", scid_hex_}, |
| 690 "KEXS", "C255", | 651 {"#004b5453", srct_hex_}, |
| 691 "SCID", scid_hex_.c_str(), | 652 {"PUBS", pub_hex_}, |
| 692 "#004b5453", srct_hex_.c_str(), | 653 {"XLCT", XlctHexString()}, |
| 693 "PUBS", pub_hex_.c_str(), | 654 {"VER\0", client_version_string_}}, |
| 694 "XLCT", XlctHexString().c_str(), | 655 kClientHelloMinimumSize); |
| 695 "VER\0", client_version_string_.c_str(), | |
| 696 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 697 nullptr); | |
| 698 // clang-format on | |
| 699 | 656 |
| 700 ShouldSucceed(msg1); | 657 ShouldSucceed(msg1); |
| 701 CheckRejectTag(); | 658 CheckRejectTag(); |
| 702 const HandshakeFailureReason kRejectReasons1[] = { | 659 const HandshakeFailureReason kRejectReasons1[] = { |
| 703 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 660 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 704 CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1)); | 661 CheckRejectReasons(kRejectReasons1, arraysize(kRejectReasons1)); |
| 705 } | 662 } |
| 706 | 663 |
| 707 TEST_P(CryptoServerTest, DowngradeAttack) { | 664 TEST_P(CryptoServerTest, DowngradeAttack) { |
| 708 if (supported_versions_.size() == 1) { | 665 if (supported_versions_.size() == 1) { |
| 709 // No downgrade attack is possible if the server only supports one version. | 666 // No downgrade attack is possible if the server only supports one version. |
| 710 return; | 667 return; |
| 711 } | 668 } |
| 712 // Set the client's preferred version to a supported version that | 669 // Set the client's preferred version to a supported version that |
| 713 // is not the "current" version (supported_versions_.front()). | 670 // is not the "current" version (supported_versions_.front()). |
| 714 string bad_version = | 671 string bad_version = |
| 715 QuicTagToString(QuicVersionToQuicTag(supported_versions_.back())); | 672 QuicTagToString(QuicVersionToQuicTag(supported_versions_.back())); |
| 716 | 673 |
| 717 // clang-format off | 674 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO( |
| 718 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 675 {{"PDMD", "X509"}, {"VER\0", bad_version}}, kClientHelloMinimumSize); |
| 719 "CHLO", | 676 |
| 720 "PDMD", "X509", | |
| 721 "VER\0", bad_version.c_str(), | |
| 722 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 723 nullptr); | |
| 724 // clang-format on | |
| 725 ShouldFailMentioning("Downgrade", msg); | 677 ShouldFailMentioning("Downgrade", msg); |
| 726 const HandshakeFailureReason kRejectReasons[] = { | 678 const HandshakeFailureReason kRejectReasons[] = { |
| 727 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 679 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 728 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 680 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 729 } | 681 } |
| 730 | 682 |
| 731 TEST_P(CryptoServerTest, CorruptServerConfig) { | 683 TEST_P(CryptoServerTest, CorruptServerConfig) { |
| 732 // This tests corrupted server config. | 684 // This tests corrupted server config. |
| 733 // clang-format off | 685 CryptoHandshakeMessage msg = |
| 734 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 686 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 735 "CHLO", | 687 {"AEAD", "AESG"}, |
| 736 "PDMD", "X509", | 688 {"KEXS", "C255"}, |
| 737 "AEAD", "AESG", | 689 {"SCID", (string(1, 'X') + scid_hex_)}, |
| 738 "KEXS", "C255", | 690 {"#004b5453", srct_hex_}, |
| 739 "SCID", (string(1, 'X') + scid_hex_).c_str(), | 691 {"PUBS", pub_hex_}, |
| 740 "#004b5453", srct_hex_.c_str(), | 692 {"NONC", nonce_hex_}, |
| 741 "PUBS", pub_hex_.c_str(), | 693 {"VER\0", client_version_string_}}, |
| 742 "NONC", nonce_hex_.c_str(), | 694 kClientHelloMinimumSize); |
| 743 "VER\0", client_version_string_.c_str(), | 695 |
| 744 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 745 nullptr); | |
| 746 // clang-format on | |
| 747 ShouldSucceed(msg); | 696 ShouldSucceed(msg); |
| 748 CheckRejectTag(); | 697 CheckRejectTag(); |
| 749 const HandshakeFailureReason kRejectReasons[] = { | 698 const HandshakeFailureReason kRejectReasons[] = { |
| 750 SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE}; | 699 SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE}; |
| 751 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 700 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 752 } | 701 } |
| 753 | 702 |
| 754 TEST_P(CryptoServerTest, CorruptSourceAddressToken) { | 703 TEST_P(CryptoServerTest, CorruptSourceAddressToken) { |
| 755 // This tests corrupted source address token. | 704 // This tests corrupted source address token. |
| 756 // clang-format off | 705 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO( |
| 757 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 706 {{"PDMD", "X509"}, |
| 758 "CHLO", | 707 {"AEAD", "AESG"}, |
| 759 "PDMD", "X509", | 708 {"KEXS", "C255"}, |
| 760 "AEAD", "AESG", | 709 {"SCID", scid_hex_}, |
| 761 "KEXS", "C255", | 710 {"#004b5453", (string(1, 'X') + srct_hex_)}, |
| 762 "SCID", scid_hex_.c_str(), | 711 {"PUBS", pub_hex_}, |
| 763 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), | 712 {"NONC", nonce_hex_}, |
| 764 "PUBS", pub_hex_.c_str(), | 713 {"XLCT", XlctHexString()}, |
| 765 "NONC", nonce_hex_.c_str(), | 714 {"VER\0", client_version_string_}}, |
| 766 "XLCT", XlctHexString().c_str(), | 715 kClientHelloMinimumSize); |
| 767 "VER\0", client_version_string_.c_str(), | 716 |
| 768 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 769 nullptr); | |
| 770 // clang-format on | |
| 771 ShouldSucceed(msg); | 717 ShouldSucceed(msg); |
| 772 CheckRejectTag(); | 718 CheckRejectTag(); |
| 773 const HandshakeFailureReason kRejectReasons[] = { | 719 const HandshakeFailureReason kRejectReasons[] = { |
| 774 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE}; | 720 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE}; |
| 775 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 721 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 776 } | 722 } |
| 777 | 723 |
| 778 TEST_P(CryptoServerTest, CorruptClientNonceAndSourceAddressToken) { | 724 TEST_P(CryptoServerTest, CorruptClientNonceAndSourceAddressToken) { |
| 779 // This test corrupts client nonce and source address token. | 725 // This test corrupts client nonce and source address token. |
| 780 // clang-format off | 726 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO( |
| 781 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 727 {{"PDMD", "X509"}, |
| 782 "CHLO", | 728 {"AEAD", "AESG"}, |
| 783 "PDMD", "X509", | 729 {"KEXS", "C255"}, |
| 784 "AEAD", "AESG", | 730 {"SCID", scid_hex_}, |
| 785 "KEXS", "C255", | 731 {"#004b5453", (string(1, 'X') + srct_hex_)}, |
| 786 "SCID", scid_hex_.c_str(), | 732 {"PUBS", pub_hex_}, |
| 787 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), | 733 {"NONC", (string(1, 'X') + nonce_hex_)}, |
| 788 "PUBS", pub_hex_.c_str(), | 734 {"XLCT", XlctHexString()}, |
| 789 "NONC", (string(1, 'X') + nonce_hex_).c_str(), | 735 {"VER\0", client_version_string_}}, |
| 790 "XLCT", XlctHexString().c_str(), | 736 kClientHelloMinimumSize); |
| 791 "VER\0", client_version_string_.c_str(), | 737 |
| 792 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 793 nullptr); | |
| 794 // clang-format on | |
| 795 ShouldSucceed(msg); | 738 ShouldSucceed(msg); |
| 796 CheckRejectTag(); | 739 CheckRejectTag(); |
| 797 const HandshakeFailureReason kRejectReasons[] = { | 740 const HandshakeFailureReason kRejectReasons[] = { |
| 798 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; | 741 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; |
| 799 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 742 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 800 } | 743 } |
| 801 | 744 |
| 802 TEST_P(CryptoServerTest, CorruptMultipleTags) { | 745 TEST_P(CryptoServerTest, CorruptMultipleTags) { |
| 803 // This test corrupts client nonce, server nonce and source address token. | 746 // This test corrupts client nonce, server nonce and source address token. |
| 804 // clang-format off | 747 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO( |
| 805 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 748 {{"PDMD", "X509"}, |
| 806 "CHLO", | 749 {"AEAD", "AESG"}, |
| 807 "PDMD", "X509", | 750 {"KEXS", "C255"}, |
| 808 "AEAD", "AESG", | 751 {"SCID", scid_hex_}, |
| 809 "KEXS", "C255", | 752 {"#004b5453", (string(1, 'X') + srct_hex_)}, |
| 810 "SCID", scid_hex_.c_str(), | 753 {"PUBS", pub_hex_}, |
| 811 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), | 754 {"NONC", (string(1, 'X') + nonce_hex_)}, |
| 812 "PUBS", pub_hex_.c_str(), | 755 {"NONP", (string(1, 'X') + nonce_hex_)}, |
| 813 "NONC", (string(1, 'X') + nonce_hex_).c_str(), | 756 {"SNO\0", (string(1, 'X') + nonce_hex_)}, |
| 814 "NONP", (string(1, 'X') + nonce_hex_).c_str(), | 757 {"XLCT", XlctHexString()}, |
| 815 "SNO\0", (string(1, 'X') + nonce_hex_).c_str(), | 758 {"VER\0", client_version_string_}}, |
| 816 "XLCT", XlctHexString().c_str(), | 759 kClientHelloMinimumSize); |
| 817 "VER\0", client_version_string_.c_str(), | 760 |
| 818 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 819 nullptr); | |
| 820 // clang-format on | |
| 821 ShouldSucceed(msg); | 761 ShouldSucceed(msg); |
| 822 CheckRejectTag(); | 762 CheckRejectTag(); |
| 823 | 763 |
| 824 const HandshakeFailureReason kRejectReasons[] = { | 764 const HandshakeFailureReason kRejectReasons[] = { |
| 825 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; | 765 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, CLIENT_NONCE_INVALID_FAILURE}; |
| 826 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 766 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 827 } | 767 } |
| 828 | 768 |
| 829 TEST_P(CryptoServerTest, NoServerNonce) { | 769 TEST_P(CryptoServerTest, NoServerNonce) { |
| 830 // When no server nonce is present and no strike register is configured, | 770 // When no server nonce is present and no strike register is configured, |
| 831 // the CHLO should be rejected. | 771 // the CHLO should be rejected. |
| 832 // clang-format off | 772 CryptoHandshakeMessage msg = |
| 833 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 773 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 834 "CHLO", | 774 {"AEAD", "AESG"}, |
| 835 "PDMD", "X509", | 775 {"KEXS", "C255"}, |
| 836 "AEAD", "AESG", | 776 {"SCID", scid_hex_}, |
| 837 "KEXS", "C255", | 777 {"#004b5453", srct_hex_}, |
| 838 "SCID", scid_hex_.c_str(), | 778 {"PUBS", pub_hex_}, |
| 839 "#004b5453", srct_hex_.c_str(), | 779 {"NONC", nonce_hex_}, |
| 840 "PUBS", pub_hex_.c_str(), | 780 {"NONP", nonce_hex_}, |
| 841 "NONC", nonce_hex_.c_str(), | 781 {"XLCT", XlctHexString()}, |
| 842 "NONP", nonce_hex_.c_str(), | 782 {"VER\0", client_version_string_}}, |
| 843 "XLCT", XlctHexString().c_str(), | 783 kClientHelloMinimumSize); |
| 844 "VER\0", client_version_string_.c_str(), | |
| 845 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 846 nullptr); | |
| 847 // clang-format on | |
| 848 | 784 |
| 849 ShouldSucceed(msg); | 785 ShouldSucceed(msg); |
| 850 | 786 |
| 851 // Even without a server nonce, this ClientHello should be accepted in | 787 // Even without a server nonce, this ClientHello should be accepted in |
| 852 // version 33. | 788 // version 33. |
| 853 ASSERT_EQ(kSHLO, out_.tag()); | 789 ASSERT_EQ(kSHLO, out_.tag()); |
| 854 CheckServerHello(out_); | 790 CheckServerHello(out_); |
| 855 } | 791 } |
| 856 | 792 |
| 857 TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { | 793 TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { |
| 858 client_address_ = QuicSocketAddress(QuicIpAddress::Loopback6(), 1234); | 794 client_address_ = QuicSocketAddress(QuicIpAddress::Loopback6(), 1234); |
| 859 // clang-format off | 795 |
| 860 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 796 CryptoHandshakeMessage msg = |
| 861 "CHLO", | 797 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"}, |
| 862 "AEAD", "AESG", | 798 {"KEXS", "C255"}, |
| 863 "KEXS", "C255", | 799 {"PDMD", "X509"}, |
| 864 "PDMD", "X509", | 800 {"SCID", kOldConfigId}, |
| 865 "SCID", kOldConfigId, | 801 {"#004b5453", srct_hex_}, |
| 866 "#004b5453", srct_hex_.c_str(), | 802 {"PUBS", pub_hex_}, |
| 867 "PUBS", pub_hex_.c_str(), | 803 {"NONC", nonce_hex_}, |
| 868 "NONC", nonce_hex_.c_str(), | 804 {"NONP", "123456789012345678901234567890"}, |
| 869 "NONP", "123456789012345678901234567890", | 805 {"VER\0", client_version_string_}, |
| 870 "VER\0", client_version_string_.c_str(), | 806 {"XLCT", XlctHexString()}}, |
| 871 "XLCT", XlctHexString().c_str(), | 807 kClientHelloMinimumSize); |
| 872 "$padding", static_cast<int>(kClientHelloMinimumSize), | 808 |
| 873 nullptr); | |
| 874 // clang-format on | |
| 875 ShouldSucceed(msg); | 809 ShouldSucceed(msg); |
| 876 // The message should be rejected because the source-address token is no | 810 // The message should be rejected because the source-address token is no |
| 877 // longer valid. | 811 // longer valid. |
| 878 CheckRejectTag(); | 812 CheckRejectTag(); |
| 879 const HandshakeFailureReason kRejectReasons[] = { | 813 const HandshakeFailureReason kRejectReasons[] = { |
| 880 SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE}; | 814 SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE}; |
| 881 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 815 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 882 | 816 |
| 883 StringPiece cert, proof, scfg_str; | 817 StringPiece cert, proof, scfg_str; |
| 884 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); | 818 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 885 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); | 819 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); |
| 886 EXPECT_TRUE(out_.GetStringPiece(kSCFG, &scfg_str)); | 820 EXPECT_TRUE(out_.GetStringPiece(kSCFG, &scfg_str)); |
| 887 std::unique_ptr<CryptoHandshakeMessage> scfg( | 821 std::unique_ptr<CryptoHandshakeMessage> scfg( |
| 888 CryptoFramer::ParseMessage(scfg_str)); | 822 CryptoFramer::ParseMessage(scfg_str)); |
| 889 StringPiece scid; | 823 StringPiece scid; |
| 890 EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); | 824 EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); |
| 891 EXPECT_NE(scid, kOldConfigId); | 825 EXPECT_NE(scid, kOldConfigId); |
| 892 | 826 |
| 893 // Get certs from compressed certs. | 827 // Get certs from compressed certs. |
| 894 const CommonCertSets* common_cert_sets(CommonCertSets::GetInstanceQUIC()); | 828 const CommonCertSets* common_cert_sets(CommonCertSets::GetInstanceQUIC()); |
| 895 std::vector<string> cached_certs; | 829 std::vector<string> cached_certs; |
| 896 | 830 |
| 897 std::vector<string> certs; | 831 std::vector<string> certs; |
| 898 ASSERT_TRUE(CertCompressor::DecompressChain(cert, cached_certs, | 832 ASSERT_TRUE(CertCompressor::DecompressChain(cert, cached_certs, |
| 899 common_cert_sets, &certs)); | 833 common_cert_sets, &certs)); |
| 900 | 834 |
| 901 // Check that the proof in the REJ message is valid. | 835 // Check that the proof in the REJ message is valid. |
| 902 std::unique_ptr<ProofVerifier> proof_verifier( | 836 std::unique_ptr<ProofVerifier> proof_verifier( |
| 903 CryptoTestUtils::ProofVerifierForTesting()); | 837 crypto_test_utils::ProofVerifierForTesting()); |
| 904 std::unique_ptr<ProofVerifyContext> verify_context( | 838 std::unique_ptr<ProofVerifyContext> verify_context( |
| 905 CryptoTestUtils::ProofVerifyContextForTesting()); | 839 crypto_test_utils::ProofVerifyContextForTesting()); |
| 906 std::unique_ptr<ProofVerifyDetails> details; | 840 std::unique_ptr<ProofVerifyDetails> details; |
| 907 string error_details; | 841 string error_details; |
| 908 std::unique_ptr<ProofVerifierCallback> callback( | 842 std::unique_ptr<ProofVerifierCallback> callback( |
| 909 new DummyProofVerifierCallback()); | 843 new DummyProofVerifierCallback()); |
| 910 string chlo_hash; | 844 string chlo_hash; |
| 911 CryptoUtils::HashHandshakeMessage(msg, &chlo_hash); | 845 CryptoUtils::HashHandshakeMessage(msg, &chlo_hash); |
| 912 EXPECT_EQ(QUIC_SUCCESS, | 846 EXPECT_EQ(QUIC_SUCCESS, |
| 913 proof_verifier->VerifyProof( | 847 proof_verifier->VerifyProof( |
| 914 "test.example.com", 443, scfg_str.as_string(), client_version_, | 848 "test.example.com", 443, scfg_str.as_string(), client_version_, |
| 915 chlo_hash, certs, "", proof.as_string(), verify_context.get(), | 849 chlo_hash, certs, "", proof.as_string(), verify_context.get(), |
| 916 &error_details, &details, std::move(callback))); | 850 &error_details, &details, std::move(callback))); |
| 917 } | 851 } |
| 918 | 852 |
| 919 TEST_P(CryptoServerTest, RejectInvalidXlct) { | 853 TEST_P(CryptoServerTest, RejectInvalidXlct) { |
| 920 // clang-format off | 854 CryptoHandshakeMessage msg = |
| 921 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 855 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 922 "CHLO", | 856 {"AEAD", "AESG"}, |
| 923 "PDMD", "X509", | 857 {"KEXS", "C255"}, |
| 924 "AEAD", "AESG", | 858 {"SCID", scid_hex_}, |
| 925 "KEXS", "C255", | 859 {"#004b5453", srct_hex_}, |
| 926 "SCID", scid_hex_.c_str(), | 860 {"PUBS", pub_hex_}, |
| 927 "#004b5453", srct_hex_.c_str(), | 861 {"NONC", nonce_hex_}, |
| 928 "PUBS", pub_hex_.c_str(), | 862 {"VER\0", client_version_string_}, |
| 929 "NONC", nonce_hex_.c_str(), | 863 {"XLCT", "#0102030405060708"}}, |
| 930 "VER\0", client_version_string_.c_str(), | 864 kClientHelloMinimumSize); |
| 931 "XLCT", "#0102030405060708", | 865 |
| 932 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 933 nullptr); | |
| 934 // clang-format on | |
| 935 // If replay protection isn't disabled, then | 866 // If replay protection isn't disabled, then |
| 936 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false | 867 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false |
| 937 // and cause ProcessClientHello to exit early (and generate a REJ message). | 868 // and cause ProcessClientHello to exit early (and generate a REJ message). |
| 938 config_.set_replay_protection(false); | 869 config_.set_replay_protection(false); |
| 939 | 870 |
| 940 ShouldSucceed(msg); | 871 ShouldSucceed(msg); |
| 941 // clang-format off | 872 |
| 942 const HandshakeFailureReason kRejectReasons[] = { | 873 const HandshakeFailureReason kRejectReasons[] = { |
| 943 INVALID_EXPECTED_LEAF_CERTIFICATE | 874 INVALID_EXPECTED_LEAF_CERTIFICATE}; |
| 944 }; | 875 |
| 945 // clang-format on | |
| 946 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 876 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 947 } | 877 } |
| 948 | 878 |
| 949 TEST_P(CryptoServerTest, ValidXlct) { | 879 TEST_P(CryptoServerTest, ValidXlct) { |
| 950 // clang-format off | 880 CryptoHandshakeMessage msg = |
| 951 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 881 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 952 "CHLO", | 882 {"AEAD", "AESG"}, |
| 953 "PDMD", "X509", | 883 {"KEXS", "C255"}, |
| 954 "AEAD", "AESG", | 884 {"SCID", scid_hex_}, |
| 955 "KEXS", "C255", | 885 {"#004b5453", srct_hex_}, |
| 956 "SCID", scid_hex_.c_str(), | 886 {"PUBS", pub_hex_}, |
| 957 "#004b5453", srct_hex_.c_str(), | 887 {"NONC", nonce_hex_}, |
| 958 "PUBS", pub_hex_.c_str(), | 888 {"VER\0", client_version_string_}, |
| 959 "NONC", nonce_hex_.c_str(), | 889 {"XLCT", XlctHexString()}}, |
| 960 "VER\0", client_version_string_.c_str(), | 890 kClientHelloMinimumSize); |
| 961 "XLCT", XlctHexString().c_str(), | 891 |
| 962 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 963 nullptr); | |
| 964 // clang-format on | |
| 965 // If replay protection isn't disabled, then | 892 // If replay protection isn't disabled, then |
| 966 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false | 893 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false |
| 967 // and cause ProcessClientHello to exit early (and generate a REJ message). | 894 // and cause ProcessClientHello to exit early (and generate a REJ message). |
| 968 config_.set_replay_protection(false); | 895 config_.set_replay_protection(false); |
| 969 | 896 |
| 970 ShouldSucceed(msg); | 897 ShouldSucceed(msg); |
| 971 EXPECT_EQ(kSHLO, out_.tag()); | 898 EXPECT_EQ(kSHLO, out_.tag()); |
| 972 } | 899 } |
| 973 | 900 |
| 974 TEST_P(CryptoServerTest, NonceInSHLO) { | 901 TEST_P(CryptoServerTest, NonceInSHLO) { |
| 975 // clang-format off | 902 CryptoHandshakeMessage msg = |
| 976 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 903 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 977 "CHLO", | 904 {"AEAD", "AESG"}, |
| 978 "PDMD", "X509", | 905 {"KEXS", "C255"}, |
| 979 "AEAD", "AESG", | 906 {"SCID", scid_hex_}, |
| 980 "KEXS", "C255", | 907 {"#004b5453", srct_hex_}, |
| 981 "SCID", scid_hex_.c_str(), | 908 {"PUBS", pub_hex_}, |
| 982 "#004b5453", srct_hex_.c_str(), | 909 {"NONC", nonce_hex_}, |
| 983 "PUBS", pub_hex_.c_str(), | 910 {"VER\0", client_version_string_}, |
| 984 "NONC", nonce_hex_.c_str(), | 911 {"XLCT", XlctHexString()}}, |
| 985 "VER\0", client_version_string_.c_str(), | 912 kClientHelloMinimumSize); |
| 986 "XLCT", XlctHexString().c_str(), | 913 |
| 987 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 988 nullptr); | |
| 989 // clang-format on | |
| 990 // If replay protection isn't disabled, then | 914 // If replay protection isn't disabled, then |
| 991 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false | 915 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false |
| 992 // and cause ProcessClientHello to exit early (and generate a REJ message). | 916 // and cause ProcessClientHello to exit early (and generate a REJ message). |
| 993 config_.set_replay_protection(false); | 917 config_.set_replay_protection(false); |
| 994 | 918 |
| 995 ShouldSucceed(msg); | 919 ShouldSucceed(msg); |
| 996 EXPECT_EQ(kSHLO, out_.tag()); | 920 EXPECT_EQ(kSHLO, out_.tag()); |
| 997 | 921 |
| 998 StringPiece nonce; | 922 StringPiece nonce; |
| 999 EXPECT_TRUE(out_.GetStringPiece(kServerNonceTag, &nonce)); | 923 EXPECT_TRUE(out_.GetStringPiece(kServerNonceTag, &nonce)); |
| 1000 } | 924 } |
| 1001 | 925 |
| 1002 TEST_P(CryptoServerTest, ProofSourceFailure) { | 926 TEST_P(CryptoServerTest, ProofSourceFailure) { |
| 1003 // Install a ProofSource which will unconditionally fail | 927 // Install a ProofSource which will unconditionally fail |
| 1004 peer_.ResetProofSource(std::unique_ptr<ProofSource>(new FailingProofSource)); | 928 peer_.ResetProofSource(std::unique_ptr<ProofSource>(new FailingProofSource)); |
| 1005 | 929 |
| 1006 // clang-format off | 930 CryptoHandshakeMessage msg = |
| 1007 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 931 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"}, |
| 1008 "CHLO", | 932 {"KEXS", "C255"}, |
| 1009 "AEAD", "AESG", | 933 {"SCID", scid_hex_}, |
| 1010 "KEXS", "C255", | 934 {"PUBS", pub_hex_}, |
| 1011 "SCID", scid_hex_.c_str(), | 935 {"NONC", nonce_hex_}, |
| 1012 "PUBS", pub_hex_.c_str(), | 936 {"PDMD", "X509"}, |
| 1013 "NONC", nonce_hex_.c_str(), | 937 {"VER\0", client_version_string_}}, |
| 1014 "PDMD", "X509", | 938 kClientHelloMinimumSize); |
| 1015 "VER\0", client_version_string_.c_str(), | |
| 1016 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 1017 nullptr); | |
| 1018 // clang-format on | |
| 1019 | 939 |
| 1020 // Just ensure that we don't crash as occurred in b/33916924. | 940 // Just ensure that we don't crash as occurred in b/33916924. |
| 1021 ShouldFailMentioning("", msg); | 941 ShouldFailMentioning("", msg); |
| 1022 } | 942 } |
| 1023 | 943 |
| 1024 TEST(CryptoServerConfigGenerationTest, Determinism) { | 944 TEST(CryptoServerConfigGenerationTest, Determinism) { |
| 1025 // Test that using a deterministic PRNG causes the server-config to be | 945 // Test that using a deterministic PRNG causes the server-config to be |
| 1026 // deterministic. | 946 // deterministic. |
| 1027 | 947 |
| 1028 MockRandom rand_a, rand_b; | 948 MockRandom rand_a, rand_b; |
| 1029 const QuicCryptoServerConfig::ConfigOptions options; | 949 const QuicCryptoServerConfig::ConfigOptions options; |
| 1030 MockClock clock; | 950 MockClock clock; |
| 1031 | 951 |
| 1032 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, | 952 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, |
| 1033 CryptoTestUtils::ProofSourceForTesting()); | 953 crypto_test_utils::ProofSourceForTesting()); |
| 1034 QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b, | 954 QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b, |
| 1035 CryptoTestUtils::ProofSourceForTesting()); | 955 crypto_test_utils::ProofSourceForTesting()); |
| 1036 std::unique_ptr<CryptoHandshakeMessage> scfg_a( | 956 std::unique_ptr<CryptoHandshakeMessage> scfg_a( |
| 1037 a.AddDefaultConfig(&rand_a, &clock, options)); | 957 a.AddDefaultConfig(&rand_a, &clock, options)); |
| 1038 std::unique_ptr<CryptoHandshakeMessage> scfg_b( | 958 std::unique_ptr<CryptoHandshakeMessage> scfg_b( |
| 1039 b.AddDefaultConfig(&rand_b, &clock, options)); | 959 b.AddDefaultConfig(&rand_b, &clock, options)); |
| 1040 | 960 |
| 1041 ASSERT_EQ(scfg_a->DebugString(), scfg_b->DebugString()); | 961 ASSERT_EQ(scfg_a->DebugString(), scfg_b->DebugString()); |
| 1042 } | 962 } |
| 1043 | 963 |
| 1044 TEST(CryptoServerConfigGenerationTest, SCIDVaries) { | 964 TEST(CryptoServerConfigGenerationTest, SCIDVaries) { |
| 1045 // This test ensures that the server config ID varies for different server | 965 // This test ensures that the server config ID varies for different server |
| 1046 // configs. | 966 // configs. |
| 1047 | 967 |
| 1048 MockRandom rand_a, rand_b; | 968 MockRandom rand_a, rand_b; |
| 1049 const QuicCryptoServerConfig::ConfigOptions options; | 969 const QuicCryptoServerConfig::ConfigOptions options; |
| 1050 MockClock clock; | 970 MockClock clock; |
| 1051 | 971 |
| 1052 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, | 972 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, |
| 1053 CryptoTestUtils::ProofSourceForTesting()); | 973 crypto_test_utils::ProofSourceForTesting()); |
| 1054 rand_b.ChangeValue(); | 974 rand_b.ChangeValue(); |
| 1055 QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b, | 975 QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b, |
| 1056 CryptoTestUtils::ProofSourceForTesting()); | 976 crypto_test_utils::ProofSourceForTesting()); |
| 1057 std::unique_ptr<CryptoHandshakeMessage> scfg_a( | 977 std::unique_ptr<CryptoHandshakeMessage> scfg_a( |
| 1058 a.AddDefaultConfig(&rand_a, &clock, options)); | 978 a.AddDefaultConfig(&rand_a, &clock, options)); |
| 1059 std::unique_ptr<CryptoHandshakeMessage> scfg_b( | 979 std::unique_ptr<CryptoHandshakeMessage> scfg_b( |
| 1060 b.AddDefaultConfig(&rand_b, &clock, options)); | 980 b.AddDefaultConfig(&rand_b, &clock, options)); |
| 1061 | 981 |
| 1062 StringPiece scid_a, scid_b; | 982 StringPiece scid_a, scid_b; |
| 1063 EXPECT_TRUE(scfg_a->GetStringPiece(kSCID, &scid_a)); | 983 EXPECT_TRUE(scfg_a->GetStringPiece(kSCID, &scid_a)); |
| 1064 EXPECT_TRUE(scfg_b->GetStringPiece(kSCID, &scid_b)); | 984 EXPECT_TRUE(scfg_b->GetStringPiece(kSCID, &scid_b)); |
| 1065 | 985 |
| 1066 EXPECT_NE(scid_a, scid_b); | 986 EXPECT_NE(scid_a, scid_b); |
| 1067 } | 987 } |
| 1068 | 988 |
| 1069 TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) { | 989 TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) { |
| 1070 MockRandom rand_a; | 990 MockRandom rand_a; |
| 1071 const QuicCryptoServerConfig::ConfigOptions options; | 991 const QuicCryptoServerConfig::ConfigOptions options; |
| 1072 MockClock clock; | 992 MockClock clock; |
| 1073 | 993 |
| 1074 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, | 994 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, |
| 1075 CryptoTestUtils::ProofSourceForTesting()); | 995 crypto_test_utils::ProofSourceForTesting()); |
| 1076 std::unique_ptr<CryptoHandshakeMessage> scfg( | 996 std::unique_ptr<CryptoHandshakeMessage> scfg( |
| 1077 a.AddDefaultConfig(&rand_a, &clock, options)); | 997 a.AddDefaultConfig(&rand_a, &clock, options)); |
| 1078 | 998 |
| 1079 StringPiece scid; | 999 StringPiece scid; |
| 1080 EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); | 1000 EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); |
| 1081 // Need to take a copy of |scid| has we're about to call |Erase|. | 1001 // Need to take a copy of |scid| has we're about to call |Erase|. |
| 1082 const string scid_str(scid.as_string()); | 1002 const string scid_str(scid.as_string()); |
| 1083 | 1003 |
| 1084 scfg->Erase(kSCID); | 1004 scfg->Erase(kSCID); |
| 1085 scfg->MarkDirty(); | 1005 scfg->MarkDirty(); |
| 1086 const QuicData& serialized(scfg->GetSerialized()); | 1006 const QuicData& serialized(scfg->GetSerialized()); |
| 1087 | 1007 |
| 1088 std::unique_ptr<crypto::SecureHash> hash( | 1008 uint8_t digest[SHA256_DIGEST_LENGTH]; |
| 1089 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); | 1009 SHA256(reinterpret_cast<const uint8_t*>(serialized.data()), |
| 1090 hash->Update(serialized.data(), serialized.length()); | 1010 serialized.length(), digest); |
| 1091 uint8_t digest[16]; | |
| 1092 hash->Finish(digest, sizeof(digest)); | |
| 1093 | 1011 |
| 1094 ASSERT_EQ(scid.size(), sizeof(digest)); | 1012 // scid is a SHA-256 hash, truncated to 16 bytes. |
| 1095 EXPECT_EQ(0, memcmp(digest, scid_str.c_str(), sizeof(digest))); | 1013 ASSERT_EQ(scid.size(), 16u); |
| 1014 EXPECT_EQ(0, memcmp(digest, scid_str.c_str(), scid.size())); |
| 1096 } | 1015 } |
| 1097 | 1016 |
| 1098 class CryptoServerTestNoConfig : public CryptoServerTest { | 1017 class CryptoServerTestNoConfig : public CryptoServerTest { |
| 1099 public: | 1018 public: |
| 1100 void SetUp() override { | 1019 void SetUp() override { |
| 1101 // Deliberately don't add a config so that we can test this situation. | 1020 // Deliberately don't add a config so that we can test this situation. |
| 1102 } | 1021 } |
| 1103 }; | 1022 }; |
| 1104 | 1023 |
| 1105 TEST_P(CryptoServerTestNoConfig, DontCrash) { | 1024 TEST_P(CryptoServerTestNoConfig, DontCrash) { |
| 1106 // clang-format off | 1025 CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO( |
| 1107 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 1026 {{"PDMD", "X509"}, {"VER\0", client_version_string_}}, |
| 1108 "CHLO", | 1027 kClientHelloMinimumSize); |
| 1109 "PDMD", "X509", | 1028 |
| 1110 "VER\0", client_version_string_.c_str(), | |
| 1111 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 1112 nullptr); | |
| 1113 // clang-format on | |
| 1114 ShouldFailMentioning("No config", msg); | 1029 ShouldFailMentioning("No config", msg); |
| 1115 | 1030 |
| 1116 const HandshakeFailureReason kRejectReasons[] = { | 1031 const HandshakeFailureReason kRejectReasons[] = { |
| 1117 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 1032 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 1118 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 1033 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 1119 } | 1034 } |
| 1120 | 1035 |
| 1121 class CryptoServerTestOldVersion : public CryptoServerTest { | 1036 class CryptoServerTestOldVersion : public CryptoServerTest { |
| 1122 public: | 1037 public: |
| 1123 void SetUp() override { | 1038 void SetUp() override { |
| 1124 client_version_ = supported_versions_.back(); | 1039 client_version_ = supported_versions_.back(); |
| 1125 client_version_string_ = | 1040 client_version_string_ = |
| 1126 QuicTagToString(QuicVersionToQuicTag(client_version_)); | 1041 QuicTagToString(QuicVersionToQuicTag(client_version_)); |
| 1127 CryptoServerTest::SetUp(); | 1042 CryptoServerTest::SetUp(); |
| 1128 } | 1043 } |
| 1129 }; | 1044 }; |
| 1130 | 1045 |
| 1131 TEST_P(CryptoServerTestOldVersion, ServerIgnoresXlct) { | 1046 TEST_P(CryptoServerTestOldVersion, ServerIgnoresXlct) { |
| 1132 // clang-format off | 1047 CryptoHandshakeMessage msg = |
| 1133 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 1048 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 1134 "CHLO", | 1049 {"AEAD", "AESG"}, |
| 1135 "PDMD", "X509", | 1050 {"KEXS", "C255"}, |
| 1136 "AEAD", "AESG", | 1051 {"SCID", scid_hex_}, |
| 1137 "KEXS", "C255", | 1052 {"#004b5453", srct_hex_}, |
| 1138 "SCID", scid_hex_.c_str(), | 1053 {"PUBS", pub_hex_}, |
| 1139 "#004b5453", srct_hex_.c_str(), | 1054 {"NONC", nonce_hex_}, |
| 1140 "PUBS", pub_hex_.c_str(), | 1055 {"VER\0", client_version_string_}, |
| 1141 "NONC", nonce_hex_.c_str(), | 1056 {"XLCT", "#0100000000000000"}}, |
| 1142 "VER\0", client_version_string_.c_str(), | 1057 kClientHelloMinimumSize); |
| 1143 "XLCT", "#0100000000000000", | 1058 |
| 1144 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 1145 nullptr); | |
| 1146 // clang-format on | |
| 1147 // If replay protection isn't disabled, then | 1059 // If replay protection isn't disabled, then |
| 1148 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false | 1060 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false |
| 1149 // and cause ProcessClientHello to exit early (and generate a REJ message). | 1061 // and cause ProcessClientHello to exit early (and generate a REJ message). |
| 1150 config_.set_replay_protection(false); | 1062 config_.set_replay_protection(false); |
| 1151 | 1063 |
| 1152 ShouldSucceed(msg); | 1064 ShouldSucceed(msg); |
| 1153 EXPECT_EQ(kSHLO, out_.tag()); | 1065 EXPECT_EQ(kSHLO, out_.tag()); |
| 1154 } | 1066 } |
| 1155 | 1067 |
| 1156 TEST_P(CryptoServerTestOldVersion, XlctNotRequired) { | 1068 TEST_P(CryptoServerTestOldVersion, XlctNotRequired) { |
| 1157 // clang-format off | 1069 CryptoHandshakeMessage msg = |
| 1158 CryptoHandshakeMessage msg = CryptoTestUtils::Message( | 1070 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 1159 "CHLO", | 1071 {"AEAD", "AESG"}, |
| 1160 "PDMD", "X509", | 1072 {"KEXS", "C255"}, |
| 1161 "AEAD", "AESG", | 1073 {"SCID", scid_hex_}, |
| 1162 "KEXS", "C255", | 1074 {"#004b5453", srct_hex_}, |
| 1163 "SCID", scid_hex_.c_str(), | 1075 {"PUBS", pub_hex_}, |
| 1164 "#004b5453", srct_hex_.c_str(), | 1076 {"NONC", nonce_hex_}, |
| 1165 "PUBS", pub_hex_.c_str(), | 1077 {"VER\0", client_version_string_}}, |
| 1166 "NONC", nonce_hex_.c_str(), | 1078 kClientHelloMinimumSize); |
| 1167 "VER\0", client_version_string_.c_str(), | 1079 |
| 1168 "$padding", static_cast<int>(kClientHelloMinimumSize), | |
| 1169 nullptr); | |
| 1170 // clang-format on | |
| 1171 // If replay protection isn't disabled, then | 1080 // If replay protection isn't disabled, then |
| 1172 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false | 1081 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false |
| 1173 // and cause ProcessClientHello to exit early (and generate a REJ message). | 1082 // and cause ProcessClientHello to exit early (and generate a REJ message). |
| 1174 config_.set_replay_protection(false); | 1083 config_.set_replay_protection(false); |
| 1175 | 1084 |
| 1176 ShouldSucceed(msg); | 1085 ShouldSucceed(msg); |
| 1177 EXPECT_EQ(kSHLO, out_.tag()); | 1086 EXPECT_EQ(kSHLO, out_.tag()); |
| 1178 } | 1087 } |
| 1179 | 1088 |
| 1180 } // namespace test | 1089 } // namespace test |
| 1181 } // namespace net | 1090 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2681793002:
Landing Recent QUIC changes until 5:30 PM, Feb 3, 2017 UTC-5 (Closed)
