| Index: net/quic/core/crypto/crypto_server_test.cc
|
| diff --git a/net/quic/core/crypto/crypto_server_test.cc b/net/quic/core/crypto/crypto_server_test.cc
|
| index 941e2fedd0b0c59afc63556f0ff6694561adc7bc..67cd077a9197baf60098379e40ffb67dcde1432b 100644
|
| --- a/net/quic/core/crypto/crypto_server_test.cc
|
| +++ b/net/quic/core/crypto/crypto_server_test.cc
|
| @@ -8,7 +8,6 @@
|
| #include <ostream>
|
| #include <vector>
|
|
|
| -#include "crypto/secure_hash.h"
|
| #include "net/quic/core/crypto/cert_compressor.h"
|
| #include "net/quic/core/crypto/common_cert_set.h"
|
| #include "net/quic/core/crypto/crypto_handshake.h"
|
| @@ -29,6 +28,7 @@
|
| #include "net/quic/test_tools/quic_crypto_server_config_peer.h"
|
| #include "net/quic/test_tools/quic_test_utils.h"
|
| #include "testing/gtest/include/gtest/gtest.h"
|
| +#include "third_party/boringssl/src/include/openssl/sha.h"
|
|
|
| using base::StringPiece;
|
| using std::string;
|
| @@ -107,7 +107,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
|
| client_address_(QuicIpAddress::Loopback4(), 1234),
|
| config_(QuicCryptoServerConfig::TESTING,
|
| rand_,
|
| - CryptoTestUtils::ProofSourceForTesting()),
|
| + crypto_test_utils::ProofSourceForTesting()),
|
| peer_(&config_),
|
| compressed_certs_cache_(
|
| QuicCompressedCertsCache::kQuicCompressedCertsCacheSize),
|
| @@ -149,19 +149,15 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
|
| pub_hex_ =
|
| "#" + QuicTextUtils::HexEncode(public_value, sizeof(public_value));
|
|
|
| - // clang-format off
|
| - CryptoHandshakeMessage client_hello = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "CSCT", "",
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage client_hello =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"CSCT", ""},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| ShouldSucceed(client_hello);
|
| // The message should be rejected because the source-address token is
|
| // missing.
|
| @@ -386,7 +382,7 @@ class CryptoServerTest : public ::testing::TestWithParam<TestParams> {
|
| }
|
|
|
| string XlctHexString() {
|
| - uint64_t xlct = CryptoTestUtils::LeafCertHashForTesting();
|
| + uint64_t xlct = crypto_test_utils::LeafCertHashForTesting();
|
| return "#" + QuicTextUtils::HexEncode(reinterpret_cast<char*>(&xlct),
|
| sizeof(xlct));
|
| }
|
| @@ -434,15 +430,11 @@ TEST_P(CryptoServerTest, BadSNI) {
|
| // clang-format on
|
|
|
| for (size_t i = 0; i < arraysize(kBadSNIs); i++) {
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "SNI", kBadSNIs[i],
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"SNI", kBadSNIs[i]},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| ShouldFailMentioning("SNI", msg);
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
|
| @@ -454,18 +446,14 @@ TEST_P(CryptoServerTest, DefaultCert) {
|
| // Check that the server replies with a default certificate when no SNI is
|
| // specified. The CHLO is constructed to generate a REJ with certs, so must
|
| // not contain a valid STK, and must include PDMD.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "PDMD", "X509",
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"PDMD", "X509"},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
|
|
| ShouldSucceed(msg);
|
| StringPiece cert, proof, cert_sct;
|
| @@ -483,19 +471,15 @@ TEST_P(CryptoServerTest, DefaultCert) {
|
| TEST_P(CryptoServerTest, RejectTooLarge) {
|
| // Check that the server replies with no certificate when a CHLO is
|
| // constructed with a PDMD but no SKT when the REJ would be too large.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "PDMD", "X509",
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"PDMD", "X509"},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
|
|
| // The REJ will be larger than the CHLO so no PROF or CRT will be sent.
|
| config_.set_chlo_multiplier(1);
|
| @@ -514,19 +498,15 @@ TEST_P(CryptoServerTest, RejectNotTooLarge) {
|
| // When the CHLO packet is large enough, ensure that a full REJ is sent.
|
| chlo_packet_size_ *= 2;
|
|
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "PDMD", "X509",
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"PDMD", "X509"},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
|
|
| // The REJ will be larger than the CHLO so no PROF or CRT will be sent.
|
| config_.set_chlo_multiplier(1);
|
| @@ -544,20 +524,16 @@ TEST_P(CryptoServerTest, RejectNotTooLarge) {
|
| TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) {
|
| // Check that the server replies with no certificate when a CHLO is
|
| // constructed with a PDMD but no SKT when the REJ would be too large.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PDMD", "X509",
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"#004b5453", srct_hex_},
|
| + {"PDMD", "X509"},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
|
|
| // The REJ will be larger than the CHLO so no PROF or CRT will be sent.
|
| config_.set_chlo_multiplier(1);
|
| @@ -575,13 +551,11 @@ TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) {
|
| }
|
|
|
| TEST_P(CryptoServerTest, TooSmall) {
|
| - // clang-format off
|
| - ShouldFailMentioning("too small", CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "VER\0", client_version_string_.c_str(),
|
| - nullptr));
|
| - // clang-format on
|
| + ShouldFailMentioning(
|
| + "too small",
|
| + crypto_test_utils::CreateCHLO(
|
| + {{"PDMD", "X509"}, {"VER\0", client_version_string_.c_str()}}));
|
| +
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
|
| CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
| @@ -599,14 +573,11 @@ TEST_P(CryptoServerTest, BadSourceAddressToken) {
|
| // clang-format on
|
|
|
| for (size_t i = 0; i < arraysize(kBadSourceAddressTokens); i++) {
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "STK", kBadSourceAddressTokens[i],
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize), nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"STK", kBadSourceAddressTokens[i]},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| ShouldSucceed(msg);
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
|
| @@ -625,37 +596,31 @@ TEST_P(CryptoServerTest, BadClientNonce) {
|
|
|
| for (size_t i = 0; i < arraysize(kBadNonces); i++) {
|
| // Invalid nonces should be ignored, in an inchoate CHLO.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "NONC", kBadNonces[i],
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| +
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"NONC", kBadNonces[i]},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| +
|
| ShouldSucceed(msg);
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
|
| CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
|
|
| // Invalid nonces should result in CLIENT_NONCE_INVALID_FAILURE.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg1 = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", kBadNonces[i],
|
| - "NONP", kBadNonces[i],
|
| - "XLCT", XlctHexString().c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg1 =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", kBadNonces[i]},
|
| + {"NONP", kBadNonces[i]},
|
| + {"XLCT", XlctHexString()},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
|
|
| ShouldSucceed(msg1);
|
|
|
| @@ -668,34 +633,26 @@ TEST_P(CryptoServerTest, BadClientNonce) {
|
|
|
| TEST_P(CryptoServerTest, NoClientNonce) {
|
| // No client nonces should result in INCHOATE_HELLO_FAILURE.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| +
|
| + CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
|
| + {{"PDMD", "X509"}, {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
|
|
| ShouldSucceed(msg);
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
|
| CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
|
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg1 = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "XLCT", XlctHexString().c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg1 =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"XLCT", XlctHexString()},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
|
|
| ShouldSucceed(msg1);
|
| CheckRejectTag();
|
| @@ -714,14 +671,9 @@ TEST_P(CryptoServerTest, DowngradeAttack) {
|
| string bad_version =
|
| QuicTagToString(QuicVersionToQuicTag(supported_versions_.back()));
|
|
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "VER\0", bad_version.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
|
| + {{"PDMD", "X509"}, {"VER\0", bad_version}}, kClientHelloMinimumSize);
|
| +
|
| ShouldFailMentioning("Downgrade", msg);
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| SERVER_CONFIG_INCHOATE_HELLO_FAILURE};
|
| @@ -730,20 +682,17 @@ TEST_P(CryptoServerTest, DowngradeAttack) {
|
|
|
| TEST_P(CryptoServerTest, CorruptServerConfig) {
|
| // This tests corrupted server config.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", (string(1, 'X') + scid_hex_).c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", (string(1, 'X') + scid_hex_)},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| +
|
| ShouldSucceed(msg);
|
| CheckRejectTag();
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| @@ -753,21 +702,18 @@ TEST_P(CryptoServerTest, CorruptServerConfig) {
|
|
|
| TEST_P(CryptoServerTest, CorruptSourceAddressToken) {
|
| // This tests corrupted source address token.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", (string(1, 'X') + srct_hex_).c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "XLCT", XlctHexString().c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
|
| + {{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", (string(1, 'X') + srct_hex_)},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"XLCT", XlctHexString()},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| +
|
| ShouldSucceed(msg);
|
| CheckRejectTag();
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| @@ -777,21 +723,18 @@ TEST_P(CryptoServerTest, CorruptSourceAddressToken) {
|
|
|
| TEST_P(CryptoServerTest, CorruptClientNonceAndSourceAddressToken) {
|
| // This test corrupts client nonce and source address token.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", (string(1, 'X') + srct_hex_).c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", (string(1, 'X') + nonce_hex_).c_str(),
|
| - "XLCT", XlctHexString().c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
|
| + {{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", (string(1, 'X') + srct_hex_)},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", (string(1, 'X') + nonce_hex_)},
|
| + {"XLCT", XlctHexString()},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| +
|
| ShouldSucceed(msg);
|
| CheckRejectTag();
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| @@ -801,23 +744,20 @@ TEST_P(CryptoServerTest, CorruptClientNonceAndSourceAddressToken) {
|
|
|
| TEST_P(CryptoServerTest, CorruptMultipleTags) {
|
| // This test corrupts client nonce, server nonce and source address token.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", (string(1, 'X') + srct_hex_).c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", (string(1, 'X') + nonce_hex_).c_str(),
|
| - "NONP", (string(1, 'X') + nonce_hex_).c_str(),
|
| - "SNO\0", (string(1, 'X') + nonce_hex_).c_str(),
|
| - "XLCT", XlctHexString().c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
|
| + {{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", (string(1, 'X') + srct_hex_)},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", (string(1, 'X') + nonce_hex_)},
|
| + {"NONP", (string(1, 'X') + nonce_hex_)},
|
| + {"SNO\0", (string(1, 'X') + nonce_hex_)},
|
| + {"XLCT", XlctHexString()},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| +
|
| ShouldSucceed(msg);
|
| CheckRejectTag();
|
|
|
| @@ -829,22 +769,18 @@ TEST_P(CryptoServerTest, CorruptMultipleTags) {
|
| TEST_P(CryptoServerTest, NoServerNonce) {
|
| // When no server nonce is present and no strike register is configured,
|
| // the CHLO should be rejected.
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "NONP", nonce_hex_.c_str(),
|
| - "XLCT", XlctHexString().c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"NONP", nonce_hex_},
|
| + {"XLCT", XlctHexString()},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
|
|
| ShouldSucceed(msg);
|
|
|
| @@ -856,22 +792,20 @@ TEST_P(CryptoServerTest, NoServerNonce) {
|
|
|
| TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) {
|
| client_address_ = QuicSocketAddress(QuicIpAddress::Loopback6(), 1234);
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "PDMD", "X509",
|
| - "SCID", kOldConfigId,
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "NONP", "123456789012345678901234567890",
|
| - "VER\0", client_version_string_.c_str(),
|
| - "XLCT", XlctHexString().c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| +
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"PDMD", "X509"},
|
| + {"SCID", kOldConfigId},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"NONP", "123456789012345678901234567890"},
|
| + {"VER\0", client_version_string_},
|
| + {"XLCT", XlctHexString()}},
|
| + kClientHelloMinimumSize);
|
| +
|
| ShouldSucceed(msg);
|
| // The message should be rejected because the source-address token is no
|
| // longer valid.
|
| @@ -900,9 +834,9 @@ TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) {
|
|
|
| // Check that the proof in the REJ message is valid.
|
| std::unique_ptr<ProofVerifier> proof_verifier(
|
| - CryptoTestUtils::ProofVerifierForTesting());
|
| + crypto_test_utils::ProofVerifierForTesting());
|
| std::unique_ptr<ProofVerifyContext> verify_context(
|
| - CryptoTestUtils::ProofVerifyContextForTesting());
|
| + crypto_test_utils::ProofVerifyContextForTesting());
|
| std::unique_ptr<ProofVerifyDetails> details;
|
| string error_details;
|
| std::unique_ptr<ProofVerifierCallback> callback(
|
| @@ -917,51 +851,44 @@ TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) {
|
| }
|
|
|
| TEST_P(CryptoServerTest, RejectInvalidXlct) {
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "XLCT", "#0102030405060708",
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"VER\0", client_version_string_},
|
| + {"XLCT", "#0102030405060708"}},
|
| + kClientHelloMinimumSize);
|
| +
|
| // If replay protection isn't disabled, then
|
| // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
|
| // and cause ProcessClientHello to exit early (and generate a REJ message).
|
| config_.set_replay_protection(false);
|
|
|
| ShouldSucceed(msg);
|
| - // clang-format off
|
| +
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| - INVALID_EXPECTED_LEAF_CERTIFICATE
|
| - };
|
| - // clang-format on
|
| + INVALID_EXPECTED_LEAF_CERTIFICATE};
|
| +
|
| CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons));
|
| }
|
|
|
| TEST_P(CryptoServerTest, ValidXlct) {
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "XLCT", XlctHexString().c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"VER\0", client_version_string_},
|
| + {"XLCT", XlctHexString()}},
|
| + kClientHelloMinimumSize);
|
| +
|
| // If replay protection isn't disabled, then
|
| // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
|
| // and cause ProcessClientHello to exit early (and generate a REJ message).
|
| @@ -972,21 +899,18 @@ TEST_P(CryptoServerTest, ValidXlct) {
|
| }
|
|
|
| TEST_P(CryptoServerTest, NonceInSHLO) {
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "XLCT", XlctHexString().c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"VER\0", client_version_string_},
|
| + {"XLCT", XlctHexString()}},
|
| + kClientHelloMinimumSize);
|
| +
|
| // If replay protection isn't disabled, then
|
| // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
|
| // and cause ProcessClientHello to exit early (and generate a REJ message).
|
| @@ -1003,19 +927,15 @@ TEST_P(CryptoServerTest, ProofSourceFailure) {
|
| // Install a ProofSource which will unconditionally fail
|
| peer_.ResetProofSource(std::unique_ptr<ProofSource>(new FailingProofSource));
|
|
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "PDMD", "X509",
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"PDMD", "X509"},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
|
|
| // Just ensure that we don't crash as occurred in b/33916924.
|
| ShouldFailMentioning("", msg);
|
| @@ -1030,9 +950,9 @@ TEST(CryptoServerConfigGenerationTest, Determinism) {
|
| MockClock clock;
|
|
|
| QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a,
|
| - CryptoTestUtils::ProofSourceForTesting());
|
| + crypto_test_utils::ProofSourceForTesting());
|
| QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b,
|
| - CryptoTestUtils::ProofSourceForTesting());
|
| + crypto_test_utils::ProofSourceForTesting());
|
| std::unique_ptr<CryptoHandshakeMessage> scfg_a(
|
| a.AddDefaultConfig(&rand_a, &clock, options));
|
| std::unique_ptr<CryptoHandshakeMessage> scfg_b(
|
| @@ -1050,10 +970,10 @@ TEST(CryptoServerConfigGenerationTest, SCIDVaries) {
|
| MockClock clock;
|
|
|
| QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a,
|
| - CryptoTestUtils::ProofSourceForTesting());
|
| + crypto_test_utils::ProofSourceForTesting());
|
| rand_b.ChangeValue();
|
| QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b,
|
| - CryptoTestUtils::ProofSourceForTesting());
|
| + crypto_test_utils::ProofSourceForTesting());
|
| std::unique_ptr<CryptoHandshakeMessage> scfg_a(
|
| a.AddDefaultConfig(&rand_a, &clock, options));
|
| std::unique_ptr<CryptoHandshakeMessage> scfg_b(
|
| @@ -1072,7 +992,7 @@ TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) {
|
| MockClock clock;
|
|
|
| QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a,
|
| - CryptoTestUtils::ProofSourceForTesting());
|
| + crypto_test_utils::ProofSourceForTesting());
|
| std::unique_ptr<CryptoHandshakeMessage> scfg(
|
| a.AddDefaultConfig(&rand_a, &clock, options));
|
|
|
| @@ -1085,14 +1005,13 @@ TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) {
|
| scfg->MarkDirty();
|
| const QuicData& serialized(scfg->GetSerialized());
|
|
|
| - std::unique_ptr<crypto::SecureHash> hash(
|
| - crypto::SecureHash::Create(crypto::SecureHash::SHA256));
|
| - hash->Update(serialized.data(), serialized.length());
|
| - uint8_t digest[16];
|
| - hash->Finish(digest, sizeof(digest));
|
| + uint8_t digest[SHA256_DIGEST_LENGTH];
|
| + SHA256(reinterpret_cast<const uint8_t*>(serialized.data()),
|
| + serialized.length(), digest);
|
|
|
| - ASSERT_EQ(scid.size(), sizeof(digest));
|
| - EXPECT_EQ(0, memcmp(digest, scid_str.c_str(), sizeof(digest)));
|
| + // scid is a SHA-256 hash, truncated to 16 bytes.
|
| + ASSERT_EQ(scid.size(), 16u);
|
| + EXPECT_EQ(0, memcmp(digest, scid_str.c_str(), scid.size()));
|
| }
|
|
|
| class CryptoServerTestNoConfig : public CryptoServerTest {
|
| @@ -1103,14 +1022,10 @@ class CryptoServerTestNoConfig : public CryptoServerTest {
|
| };
|
|
|
| TEST_P(CryptoServerTestNoConfig, DontCrash) {
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO(
|
| + {{"PDMD", "X509"}, {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| +
|
| ShouldFailMentioning("No config", msg);
|
|
|
| const HandshakeFailureReason kRejectReasons[] = {
|
| @@ -1129,21 +1044,18 @@ class CryptoServerTestOldVersion : public CryptoServerTest {
|
| };
|
|
|
| TEST_P(CryptoServerTestOldVersion, ServerIgnoresXlct) {
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "XLCT", "#0100000000000000",
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"VER\0", client_version_string_},
|
| + {"XLCT", "#0100000000000000"}},
|
| + kClientHelloMinimumSize);
|
| +
|
| // If replay protection isn't disabled, then
|
| // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
|
| // and cause ProcessClientHello to exit early (and generate a REJ message).
|
| @@ -1154,20 +1066,17 @@ TEST_P(CryptoServerTestOldVersion, ServerIgnoresXlct) {
|
| }
|
|
|
| TEST_P(CryptoServerTestOldVersion, XlctNotRequired) {
|
| - // clang-format off
|
| - CryptoHandshakeMessage msg = CryptoTestUtils::Message(
|
| - "CHLO",
|
| - "PDMD", "X509",
|
| - "AEAD", "AESG",
|
| - "KEXS", "C255",
|
| - "SCID", scid_hex_.c_str(),
|
| - "#004b5453", srct_hex_.c_str(),
|
| - "PUBS", pub_hex_.c_str(),
|
| - "NONC", nonce_hex_.c_str(),
|
| - "VER\0", client_version_string_.c_str(),
|
| - "$padding", static_cast<int>(kClientHelloMinimumSize),
|
| - nullptr);
|
| - // clang-format on
|
| + CryptoHandshakeMessage msg =
|
| + crypto_test_utils::CreateCHLO({{"PDMD", "X509"},
|
| + {"AEAD", "AESG"},
|
| + {"KEXS", "C255"},
|
| + {"SCID", scid_hex_},
|
| + {"#004b5453", srct_hex_},
|
| + {"PUBS", pub_hex_},
|
| + {"NONC", nonce_hex_},
|
| + {"VER\0", client_version_string_}},
|
| + kClientHelloMinimumSize);
|
| +
|
| // If replay protection isn't disabled, then
|
| // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false
|
| // and cause ProcessClientHello to exit early (and generate a REJ message).
|
|
|
Chromium Code Reviews
Issue 2681793002:
Landing Recent QUIC changes until 5:30 PM, Feb 3, 2017 UTC-5 (Closed)
