| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <algorithm> | 5 #include <algorithm> |
| 6 #include <cstdint> | 6 #include <cstdint> |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <ostream> | 8 #include <ostream> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "net/quic/core/crypto/cert_compressor.h" | 11 #include "net/quic/core/crypto/cert_compressor.h" |
| 12 #include "net/quic/core/crypto/common_cert_set.h" | 12 #include "net/quic/core/crypto/common_cert_set.h" |
| 13 #include "net/quic/core/crypto/crypto_handshake.h" | 13 #include "net/quic/core/crypto/crypto_handshake.h" |
| 14 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" | 14 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" |
| 15 #include "net/quic/core/crypto/crypto_utils.h" | 15 #include "net/quic/core/crypto/crypto_utils.h" |
| 16 #include "net/quic/core/crypto/proof_source.h" | 16 #include "net/quic/core/crypto/proof_source.h" |
| 17 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 17 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
| 18 #include "net/quic/core/crypto/quic_random.h" | 18 #include "net/quic/core/crypto/quic_random.h" |
| 19 #include "net/quic/core/quic_flags.h" | 19 #include "net/quic/core/quic_flags.h" |
| 20 #include "net/quic/core/quic_socket_address_coder.h" | 20 #include "net/quic/core/quic_socket_address_coder.h" |
| 21 #include "net/quic/core/quic_utils.h" | 21 #include "net/quic/core/quic_utils.h" |
| 22 #include "net/quic/platform/api/quic_string_piece.h" |
| 22 #include "net/quic/platform/api/quic_text_utils.h" | 23 #include "net/quic/platform/api/quic_text_utils.h" |
| 23 #include "net/quic/test_tools/crypto_test_utils.h" | 24 #include "net/quic/test_tools/crypto_test_utils.h" |
| 24 #include "net/quic/test_tools/delayed_verify_strike_register_client.h" | 25 #include "net/quic/test_tools/delayed_verify_strike_register_client.h" |
| 25 #include "net/quic/test_tools/failing_proof_source.h" | 26 #include "net/quic/test_tools/failing_proof_source.h" |
| 26 #include "net/quic/test_tools/mock_clock.h" | 27 #include "net/quic/test_tools/mock_clock.h" |
| 27 #include "net/quic/test_tools/mock_random.h" | 28 #include "net/quic/test_tools/mock_random.h" |
| 28 #include "net/quic/test_tools/quic_crypto_server_config_peer.h" | 29 #include "net/quic/test_tools/quic_crypto_server_config_peer.h" |
| 29 #include "net/quic/test_tools/quic_test_utils.h" | 30 #include "net/quic/test_tools/quic_test_utils.h" |
| 30 #include "testing/gtest/include/gtest/gtest.h" | 31 #include "testing/gtest/include/gtest/gtest.h" |
| 31 #include "third_party/boringssl/src/include/openssl/sha.h" | 32 #include "third_party/boringssl/src/include/openssl/sha.h" |
| 32 | 33 |
| 33 using base::StringPiece; | |
| 34 using std::string; | 34 using std::string; |
| 35 | 35 |
| 36 namespace net { | 36 namespace net { |
| 37 namespace test { | 37 namespace test { |
| 38 | 38 |
| 39 namespace { | 39 namespace { |
| 40 | 40 |
| 41 class DummyProofVerifierCallback : public ProofVerifierCallback { | 41 class DummyProofVerifierCallback : public ProofVerifierCallback { |
| 42 public: | 42 public: |
| 43 DummyProofVerifierCallback() {} | 43 DummyProofVerifierCallback() {} |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 130 QuicCryptoServerConfig::ConfigOptions old_config_options; | 130 QuicCryptoServerConfig::ConfigOptions old_config_options; |
| 131 old_config_options.id = kOldConfigId; | 131 old_config_options.id = kOldConfigId; |
| 132 delete config_.AddDefaultConfig(rand_, &clock_, old_config_options); | 132 delete config_.AddDefaultConfig(rand_, &clock_, old_config_options); |
| 133 clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(1000)); | 133 clock_.AdvanceTime(QuicTime::Delta::FromMilliseconds(1000)); |
| 134 std::unique_ptr<QuicServerConfigProtobuf> primary_config( | 134 std::unique_ptr<QuicServerConfigProtobuf> primary_config( |
| 135 config_.GenerateConfig(rand_, &clock_, config_options_)); | 135 config_.GenerateConfig(rand_, &clock_, config_options_)); |
| 136 primary_config->set_primary_time(clock_.WallNow().ToUNIXSeconds()); | 136 primary_config->set_primary_time(clock_.WallNow().ToUNIXSeconds()); |
| 137 std::unique_ptr<CryptoHandshakeMessage> msg( | 137 std::unique_ptr<CryptoHandshakeMessage> msg( |
| 138 config_.AddConfig(std::move(primary_config), clock_.WallNow())); | 138 config_.AddConfig(std::move(primary_config), clock_.WallNow())); |
| 139 | 139 |
| 140 StringPiece orbit; | 140 QuicStringPiece orbit; |
| 141 CHECK(msg->GetStringPiece(kORBT, &orbit)); | 141 CHECK(msg->GetStringPiece(kORBT, &orbit)); |
| 142 CHECK_EQ(sizeof(orbit_), orbit.size()); | 142 CHECK_EQ(sizeof(orbit_), orbit.size()); |
| 143 memcpy(orbit_, orbit.data(), orbit.size()); | 143 memcpy(orbit_, orbit.data(), orbit.size()); |
| 144 | 144 |
| 145 char public_value[32]; | 145 char public_value[32]; |
| 146 memset(public_value, 42, sizeof(public_value)); | 146 memset(public_value, 42, sizeof(public_value)); |
| 147 | 147 |
| 148 nonce_hex_ = "#" + QuicTextUtils::HexEncode(GenerateNonce()); | 148 nonce_hex_ = "#" + QuicTextUtils::HexEncode(GenerateNonce()); |
| 149 pub_hex_ = | 149 pub_hex_ = |
| 150 "#" + QuicTextUtils::HexEncode(public_value, sizeof(public_value)); | 150 "#" + QuicTextUtils::HexEncode(public_value, sizeof(public_value)); |
| 151 | 151 |
| 152 CryptoHandshakeMessage client_hello = | 152 CryptoHandshakeMessage client_hello = |
| 153 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, | 153 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 154 {"AEAD", "AESG"}, | 154 {"AEAD", "AESG"}, |
| 155 {"KEXS", "C255"}, | 155 {"KEXS", "C255"}, |
| 156 {"PUBS", pub_hex_}, | 156 {"PUBS", pub_hex_}, |
| 157 {"NONC", nonce_hex_}, | 157 {"NONC", nonce_hex_}, |
| 158 {"CSCT", ""}, | 158 {"CSCT", ""}, |
| 159 {"VER\0", client_version_string_}}, | 159 {"VER\0", client_version_string_}}, |
| 160 kClientHelloMinimumSize); | 160 kClientHelloMinimumSize); |
| 161 ShouldSucceed(client_hello); | 161 ShouldSucceed(client_hello); |
| 162 // The message should be rejected because the source-address token is | 162 // The message should be rejected because the source-address token is |
| 163 // missing. | 163 // missing. |
| 164 CheckRejectTag(); | 164 CheckRejectTag(); |
| 165 const HandshakeFailureReason kRejectReasons[] = { | 165 const HandshakeFailureReason kRejectReasons[] = { |
| 166 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 166 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 167 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 167 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 168 CheckForServerDesignatedConnectionId(); | 168 CheckForServerDesignatedConnectionId(); |
| 169 | 169 |
| 170 StringPiece srct; | 170 QuicStringPiece srct; |
| 171 ASSERT_TRUE(out_.GetStringPiece(kSourceAddressTokenTag, &srct)); | 171 ASSERT_TRUE(out_.GetStringPiece(kSourceAddressTokenTag, &srct)); |
| 172 srct_hex_ = "#" + QuicTextUtils::HexEncode(srct); | 172 srct_hex_ = "#" + QuicTextUtils::HexEncode(srct); |
| 173 | 173 |
| 174 StringPiece scfg; | 174 QuicStringPiece scfg; |
| 175 ASSERT_TRUE(out_.GetStringPiece(kSCFG, &scfg)); | 175 ASSERT_TRUE(out_.GetStringPiece(kSCFG, &scfg)); |
| 176 server_config_ = CryptoFramer::ParseMessage(scfg); | 176 server_config_ = CryptoFramer::ParseMessage(scfg); |
| 177 | 177 |
| 178 StringPiece scid; | 178 QuicStringPiece scid; |
| 179 ASSERT_TRUE(server_config_->GetStringPiece(kSCID, &scid)); | 179 ASSERT_TRUE(server_config_->GetStringPiece(kSCID, &scid)); |
| 180 scid_hex_ = "#" + QuicTextUtils::HexEncode(scid); | 180 scid_hex_ = "#" + QuicTextUtils::HexEncode(scid); |
| 181 | 181 |
| 182 signed_config_ = QuicReferenceCountedPointer<QuicSignedServerConfig>( | 182 signed_config_ = QuicReferenceCountedPointer<QuicSignedServerConfig>( |
| 183 new QuicSignedServerConfig()); | 183 new QuicSignedServerConfig()); |
| 184 DCHECK(signed_config_->chain.get() == nullptr); | 184 DCHECK(signed_config_->chain.get() == nullptr); |
| 185 } | 185 } |
| 186 | 186 |
| 187 // Helper used to accept the result of ValidateClientHello and pass | 187 // Helper used to accept the result of ValidateClientHello and pass |
| 188 // it on to ProcessClientHello. | 188 // it on to ProcessClientHello. |
| (...skipping 27 matching lines...) Expand all Loading... |
| 216 | 216 |
| 217 void CheckServerHello(const CryptoHandshakeMessage& server_hello) { | 217 void CheckServerHello(const CryptoHandshakeMessage& server_hello) { |
| 218 const QuicTag* versions; | 218 const QuicTag* versions; |
| 219 size_t num_versions; | 219 size_t num_versions; |
| 220 server_hello.GetTaglist(kVER, &versions, &num_versions); | 220 server_hello.GetTaglist(kVER, &versions, &num_versions); |
| 221 ASSERT_EQ(supported_versions_.size(), num_versions); | 221 ASSERT_EQ(supported_versions_.size(), num_versions); |
| 222 for (size_t i = 0; i < num_versions; ++i) { | 222 for (size_t i = 0; i < num_versions; ++i) { |
| 223 EXPECT_EQ(QuicVersionToQuicTag(supported_versions_[i]), versions[i]); | 223 EXPECT_EQ(QuicVersionToQuicTag(supported_versions_[i]), versions[i]); |
| 224 } | 224 } |
| 225 | 225 |
| 226 StringPiece address; | 226 QuicStringPiece address; |
| 227 ASSERT_TRUE(server_hello.GetStringPiece(kCADR, &address)); | 227 ASSERT_TRUE(server_hello.GetStringPiece(kCADR, &address)); |
| 228 QuicSocketAddressCoder decoder; | 228 QuicSocketAddressCoder decoder; |
| 229 ASSERT_TRUE(decoder.Decode(address.data(), address.size())); | 229 ASSERT_TRUE(decoder.Decode(address.data(), address.size())); |
| 230 EXPECT_EQ(client_address_.host(), decoder.ip()); | 230 EXPECT_EQ(client_address_.host(), decoder.ip()); |
| 231 EXPECT_EQ(client_address_.port(), decoder.port()); | 231 EXPECT_EQ(client_address_.port(), decoder.port()); |
| 232 } | 232 } |
| 233 | 233 |
| 234 void ShouldSucceed(const CryptoHandshakeMessage& message) { | 234 void ShouldSucceed(const CryptoHandshakeMessage& message) { |
| 235 bool called = false; | 235 bool called = false; |
| 236 QuicSocketAddress server_address; | 236 QuicSocketAddress server_address; |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 323 /*total_framing_overhead=*/50, chlo_packet_size_, | 323 /*total_framing_overhead=*/50, chlo_packet_size_, |
| 324 std::unique_ptr<ProcessCallback>(new ProcessCallback( | 324 std::unique_ptr<ProcessCallback>(new ProcessCallback( |
| 325 result, should_succeed, error_substr, &called, &out_))); | 325 result, should_succeed, error_substr, &called, &out_))); |
| 326 EXPECT_TRUE(called); | 326 EXPECT_TRUE(called); |
| 327 } | 327 } |
| 328 | 328 |
| 329 string GenerateNonce() { | 329 string GenerateNonce() { |
| 330 string nonce; | 330 string nonce; |
| 331 CryptoUtils::GenerateNonce( | 331 CryptoUtils::GenerateNonce( |
| 332 clock_.WallNow(), rand_, | 332 clock_.WallNow(), rand_, |
| 333 StringPiece(reinterpret_cast<const char*>(orbit_), sizeof(orbit_)), | 333 QuicStringPiece(reinterpret_cast<const char*>(orbit_), sizeof(orbit_)), |
| 334 &nonce); | 334 &nonce); |
| 335 return nonce; | 335 return nonce; |
| 336 } | 336 } |
| 337 | 337 |
| 338 void CheckRejectReasons( | 338 void CheckRejectReasons( |
| 339 const HandshakeFailureReason* expected_handshake_failures, | 339 const HandshakeFailureReason* expected_handshake_failures, |
| 340 size_t expected_count) { | 340 size_t expected_count) { |
| 341 const uint32_t* reject_reasons; | 341 const uint32_t* reject_reasons; |
| 342 size_t num_reject_reasons; | 342 size_t num_reject_reasons; |
| 343 static_assert(sizeof(QuicTag) == sizeof(uint32_t), "header out of sync"); | 343 static_assert(sizeof(QuicTag) == sizeof(uint32_t), "header out of sync"); |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 449 CryptoHandshakeMessage msg = | 449 CryptoHandshakeMessage msg = |
| 450 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"}, | 450 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"}, |
| 451 {"KEXS", "C255"}, | 451 {"KEXS", "C255"}, |
| 452 {"PUBS", pub_hex_}, | 452 {"PUBS", pub_hex_}, |
| 453 {"NONC", nonce_hex_}, | 453 {"NONC", nonce_hex_}, |
| 454 {"PDMD", "X509"}, | 454 {"PDMD", "X509"}, |
| 455 {"VER\0", client_version_string_}}, | 455 {"VER\0", client_version_string_}}, |
| 456 kClientHelloMinimumSize); | 456 kClientHelloMinimumSize); |
| 457 | 457 |
| 458 ShouldSucceed(msg); | 458 ShouldSucceed(msg); |
| 459 StringPiece cert, proof, cert_sct; | 459 QuicStringPiece cert, proof, cert_sct; |
| 460 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); | 460 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 461 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); | 461 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); |
| 462 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); | 462 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); |
| 463 EXPECT_NE(0u, cert.size()); | 463 EXPECT_NE(0u, cert.size()); |
| 464 EXPECT_NE(0u, proof.size()); | 464 EXPECT_NE(0u, proof.size()); |
| 465 const HandshakeFailureReason kRejectReasons[] = { | 465 const HandshakeFailureReason kRejectReasons[] = { |
| 466 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 466 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 467 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 467 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 468 EXPECT_LT(0u, cert_sct.size()); | 468 EXPECT_LT(0u, cert_sct.size()); |
| 469 } | 469 } |
| 470 | 470 |
| 471 TEST_P(CryptoServerTest, RejectTooLarge) { | 471 TEST_P(CryptoServerTest, RejectTooLarge) { |
| 472 // Check that the server replies with no certificate when a CHLO is | 472 // Check that the server replies with no certificate when a CHLO is |
| 473 // constructed with a PDMD but no SKT when the REJ would be too large. | 473 // constructed with a PDMD but no SKT when the REJ would be too large. |
| 474 CryptoHandshakeMessage msg = | 474 CryptoHandshakeMessage msg = |
| 475 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, | 475 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 476 {"AEAD", "AESG"}, | 476 {"AEAD", "AESG"}, |
| 477 {"KEXS", "C255"}, | 477 {"KEXS", "C255"}, |
| 478 {"PUBS", pub_hex_}, | 478 {"PUBS", pub_hex_}, |
| 479 {"NONC", nonce_hex_}, | 479 {"NONC", nonce_hex_}, |
| 480 {"PDMD", "X509"}, | 480 {"PDMD", "X509"}, |
| 481 {"VER\0", client_version_string_}}, | 481 {"VER\0", client_version_string_}}, |
| 482 kClientHelloMinimumSize); | 482 kClientHelloMinimumSize); |
| 483 | 483 |
| 484 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. | 484 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. |
| 485 config_.set_chlo_multiplier(1); | 485 config_.set_chlo_multiplier(1); |
| 486 | 486 |
| 487 ShouldSucceed(msg); | 487 ShouldSucceed(msg); |
| 488 StringPiece cert, proof, cert_sct; | 488 QuicStringPiece cert, proof, cert_sct; |
| 489 EXPECT_FALSE(out_.GetStringPiece(kCertificateTag, &cert)); | 489 EXPECT_FALSE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 490 EXPECT_FALSE(out_.GetStringPiece(kPROF, &proof)); | 490 EXPECT_FALSE(out_.GetStringPiece(kPROF, &proof)); |
| 491 EXPECT_FALSE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); | 491 EXPECT_FALSE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); |
| 492 const HandshakeFailureReason kRejectReasons[] = { | 492 const HandshakeFailureReason kRejectReasons[] = { |
| 493 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 493 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 494 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 494 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 495 } | 495 } |
| 496 | 496 |
| 497 TEST_P(CryptoServerTest, RejectNotTooLarge) { | 497 TEST_P(CryptoServerTest, RejectNotTooLarge) { |
| 498 // When the CHLO packet is large enough, ensure that a full REJ is sent. | 498 // When the CHLO packet is large enough, ensure that a full REJ is sent. |
| 499 chlo_packet_size_ *= 2; | 499 chlo_packet_size_ *= 2; |
| 500 | 500 |
| 501 CryptoHandshakeMessage msg = | 501 CryptoHandshakeMessage msg = |
| 502 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, | 502 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 503 {"AEAD", "AESG"}, | 503 {"AEAD", "AESG"}, |
| 504 {"KEXS", "C255"}, | 504 {"KEXS", "C255"}, |
| 505 {"PUBS", pub_hex_}, | 505 {"PUBS", pub_hex_}, |
| 506 {"NONC", nonce_hex_}, | 506 {"NONC", nonce_hex_}, |
| 507 {"PDMD", "X509"}, | 507 {"PDMD", "X509"}, |
| 508 {"VER\0", client_version_string_}}, | 508 {"VER\0", client_version_string_}}, |
| 509 kClientHelloMinimumSize); | 509 kClientHelloMinimumSize); |
| 510 | 510 |
| 511 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. | 511 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. |
| 512 config_.set_chlo_multiplier(1); | 512 config_.set_chlo_multiplier(1); |
| 513 | 513 |
| 514 ShouldSucceed(msg); | 514 ShouldSucceed(msg); |
| 515 StringPiece cert, proof, cert_sct; | 515 QuicStringPiece cert, proof, cert_sct; |
| 516 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); | 516 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 517 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); | 517 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); |
| 518 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); | 518 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); |
| 519 const HandshakeFailureReason kRejectReasons[] = { | 519 const HandshakeFailureReason kRejectReasons[] = { |
| 520 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 520 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 521 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 521 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 522 } | 522 } |
| 523 | 523 |
| 524 TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) { | 524 TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) { |
| 525 // Check that the server replies with no certificate when a CHLO is | 525 // Check that the server replies with no certificate when a CHLO is |
| 526 // constructed with a PDMD but no SKT when the REJ would be too large. | 526 // constructed with a PDMD but no SKT when the REJ would be too large. |
| 527 CryptoHandshakeMessage msg = | 527 CryptoHandshakeMessage msg = |
| 528 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, | 528 crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, |
| 529 {"AEAD", "AESG"}, | 529 {"AEAD", "AESG"}, |
| 530 {"KEXS", "C255"}, | 530 {"KEXS", "C255"}, |
| 531 {"PUBS", pub_hex_}, | 531 {"PUBS", pub_hex_}, |
| 532 {"NONC", nonce_hex_}, | 532 {"NONC", nonce_hex_}, |
| 533 {"#004b5453", srct_hex_}, | 533 {"#004b5453", srct_hex_}, |
| 534 {"PDMD", "X509"}, | 534 {"PDMD", "X509"}, |
| 535 {"VER\0", client_version_string_}}, | 535 {"VER\0", client_version_string_}}, |
| 536 kClientHelloMinimumSize); | 536 kClientHelloMinimumSize); |
| 537 | 537 |
| 538 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. | 538 // The REJ will be larger than the CHLO so no PROF or CRT will be sent. |
| 539 config_.set_chlo_multiplier(1); | 539 config_.set_chlo_multiplier(1); |
| 540 | 540 |
| 541 ShouldSucceed(msg); | 541 ShouldSucceed(msg); |
| 542 StringPiece cert, proof, cert_sct; | 542 QuicStringPiece cert, proof, cert_sct; |
| 543 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); | 543 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 544 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); | 544 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); |
| 545 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); | 545 EXPECT_TRUE(out_.GetStringPiece(kCertificateSCTTag, &cert_sct)); |
| 546 EXPECT_NE(0u, cert.size()); | 546 EXPECT_NE(0u, cert.size()); |
| 547 EXPECT_NE(0u, proof.size()); | 547 EXPECT_NE(0u, proof.size()); |
| 548 const HandshakeFailureReason kRejectReasons[] = { | 548 const HandshakeFailureReason kRejectReasons[] = { |
| 549 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; | 549 SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; |
| 550 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 550 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 551 } | 551 } |
| 552 | 552 |
| (...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 807 kClientHelloMinimumSize); | 807 kClientHelloMinimumSize); |
| 808 | 808 |
| 809 ShouldSucceed(msg); | 809 ShouldSucceed(msg); |
| 810 // The message should be rejected because the source-address token is no | 810 // The message should be rejected because the source-address token is no |
| 811 // longer valid. | 811 // longer valid. |
| 812 CheckRejectTag(); | 812 CheckRejectTag(); |
| 813 const HandshakeFailureReason kRejectReasons[] = { | 813 const HandshakeFailureReason kRejectReasons[] = { |
| 814 SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE}; | 814 SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE}; |
| 815 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); | 815 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); |
| 816 | 816 |
| 817 StringPiece cert, proof, scfg_str; | 817 QuicStringPiece cert, proof, scfg_str; |
| 818 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); | 818 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); |
| 819 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); | 819 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); |
| 820 EXPECT_TRUE(out_.GetStringPiece(kSCFG, &scfg_str)); | 820 EXPECT_TRUE(out_.GetStringPiece(kSCFG, &scfg_str)); |
| 821 std::unique_ptr<CryptoHandshakeMessage> scfg( | 821 std::unique_ptr<CryptoHandshakeMessage> scfg( |
| 822 CryptoFramer::ParseMessage(scfg_str)); | 822 CryptoFramer::ParseMessage(scfg_str)); |
| 823 StringPiece scid; | 823 QuicStringPiece scid; |
| 824 EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); | 824 EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); |
| 825 EXPECT_NE(scid, kOldConfigId); | 825 EXPECT_NE(scid, kOldConfigId); |
| 826 | 826 |
| 827 // Get certs from compressed certs. | 827 // Get certs from compressed certs. |
| 828 const CommonCertSets* common_cert_sets(CommonCertSets::GetInstanceQUIC()); | 828 const CommonCertSets* common_cert_sets(CommonCertSets::GetInstanceQUIC()); |
| 829 std::vector<string> cached_certs; | 829 std::vector<string> cached_certs; |
| 830 | 830 |
| 831 std::vector<string> certs; | 831 std::vector<string> certs; |
| 832 ASSERT_TRUE(CertCompressor::DecompressChain(cert, cached_certs, | 832 ASSERT_TRUE(CertCompressor::DecompressChain(cert, cached_certs, |
| 833 common_cert_sets, &certs)); | 833 common_cert_sets, &certs)); |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 912 kClientHelloMinimumSize); | 912 kClientHelloMinimumSize); |
| 913 | 913 |
| 914 // If replay protection isn't disabled, then | 914 // If replay protection isn't disabled, then |
| 915 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false | 915 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false |
| 916 // and cause ProcessClientHello to exit early (and generate a REJ message). | 916 // and cause ProcessClientHello to exit early (and generate a REJ message). |
| 917 config_.set_replay_protection(false); | 917 config_.set_replay_protection(false); |
| 918 | 918 |
| 919 ShouldSucceed(msg); | 919 ShouldSucceed(msg); |
| 920 EXPECT_EQ(kSHLO, out_.tag()); | 920 EXPECT_EQ(kSHLO, out_.tag()); |
| 921 | 921 |
| 922 StringPiece nonce; | 922 QuicStringPiece nonce; |
| 923 EXPECT_TRUE(out_.GetStringPiece(kServerNonceTag, &nonce)); | 923 EXPECT_TRUE(out_.GetStringPiece(kServerNonceTag, &nonce)); |
| 924 } | 924 } |
| 925 | 925 |
| 926 TEST_P(CryptoServerTest, ProofSourceFailure) { | 926 TEST_P(CryptoServerTest, ProofSourceFailure) { |
| 927 // Install a ProofSource which will unconditionally fail | 927 // Install a ProofSource which will unconditionally fail |
| 928 peer_.ResetProofSource(std::unique_ptr<ProofSource>(new FailingProofSource)); | 928 peer_.ResetProofSource(std::unique_ptr<ProofSource>(new FailingProofSource)); |
| 929 | 929 |
| 930 CryptoHandshakeMessage msg = | 930 CryptoHandshakeMessage msg = |
| 931 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"}, | 931 crypto_test_utils::CreateCHLO({{"AEAD", "AESG"}, |
| 932 {"KEXS", "C255"}, | 932 {"KEXS", "C255"}, |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 972 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, | 972 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, |
| 973 crypto_test_utils::ProofSourceForTesting()); | 973 crypto_test_utils::ProofSourceForTesting()); |
| 974 rand_b.ChangeValue(); | 974 rand_b.ChangeValue(); |
| 975 QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b, | 975 QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b, |
| 976 crypto_test_utils::ProofSourceForTesting()); | 976 crypto_test_utils::ProofSourceForTesting()); |
| 977 std::unique_ptr<CryptoHandshakeMessage> scfg_a( | 977 std::unique_ptr<CryptoHandshakeMessage> scfg_a( |
| 978 a.AddDefaultConfig(&rand_a, &clock, options)); | 978 a.AddDefaultConfig(&rand_a, &clock, options)); |
| 979 std::unique_ptr<CryptoHandshakeMessage> scfg_b( | 979 std::unique_ptr<CryptoHandshakeMessage> scfg_b( |
| 980 b.AddDefaultConfig(&rand_b, &clock, options)); | 980 b.AddDefaultConfig(&rand_b, &clock, options)); |
| 981 | 981 |
| 982 StringPiece scid_a, scid_b; | 982 QuicStringPiece scid_a, scid_b; |
| 983 EXPECT_TRUE(scfg_a->GetStringPiece(kSCID, &scid_a)); | 983 EXPECT_TRUE(scfg_a->GetStringPiece(kSCID, &scid_a)); |
| 984 EXPECT_TRUE(scfg_b->GetStringPiece(kSCID, &scid_b)); | 984 EXPECT_TRUE(scfg_b->GetStringPiece(kSCID, &scid_b)); |
| 985 | 985 |
| 986 EXPECT_NE(scid_a, scid_b); | 986 EXPECT_NE(scid_a, scid_b); |
| 987 } | 987 } |
| 988 | 988 |
| 989 TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) { | 989 TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) { |
| 990 MockRandom rand_a; | 990 MockRandom rand_a; |
| 991 const QuicCryptoServerConfig::ConfigOptions options; | 991 const QuicCryptoServerConfig::ConfigOptions options; |
| 992 MockClock clock; | 992 MockClock clock; |
| 993 | 993 |
| 994 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, | 994 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a, |
| 995 crypto_test_utils::ProofSourceForTesting()); | 995 crypto_test_utils::ProofSourceForTesting()); |
| 996 std::unique_ptr<CryptoHandshakeMessage> scfg( | 996 std::unique_ptr<CryptoHandshakeMessage> scfg( |
| 997 a.AddDefaultConfig(&rand_a, &clock, options)); | 997 a.AddDefaultConfig(&rand_a, &clock, options)); |
| 998 | 998 |
| 999 StringPiece scid; | 999 QuicStringPiece scid; |
| 1000 EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); | 1000 EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); |
| 1001 // Need to take a copy of |scid| has we're about to call |Erase|. | 1001 // Need to take a copy of |scid| has we're about to call |Erase|. |
| 1002 const string scid_str(scid.as_string()); | 1002 const string scid_str(scid.as_string()); |
| 1003 | 1003 |
| 1004 scfg->Erase(kSCID); | 1004 scfg->Erase(kSCID); |
| 1005 scfg->MarkDirty(); | 1005 scfg->MarkDirty(); |
| 1006 const QuicData& serialized(scfg->GetSerialized()); | 1006 const QuicData& serialized(scfg->GetSerialized()); |
| 1007 | 1007 |
| 1008 uint8_t digest[SHA256_DIGEST_LENGTH]; | 1008 uint8_t digest[SHA256_DIGEST_LENGTH]; |
| 1009 SHA256(reinterpret_cast<const uint8_t*>(serialized.data()), | 1009 SHA256(reinterpret_cast<const uint8_t*>(serialized.data()), |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1081 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false | 1081 // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false |
| 1082 // and cause ProcessClientHello to exit early (and generate a REJ message). | 1082 // and cause ProcessClientHello to exit early (and generate a REJ message). |
| 1083 config_.set_replay_protection(false); | 1083 config_.set_replay_protection(false); |
| 1084 | 1084 |
| 1085 ShouldSucceed(msg); | 1085 ShouldSucceed(msg); |
| 1086 EXPECT_EQ(kSHLO, out_.tag()); | 1086 EXPECT_EQ(kSHLO, out_.tag()); |
| 1087 } | 1087 } |
| 1088 | 1088 |
| 1089 } // namespace test | 1089 } // namespace test |
| 1090 } // namespace net | 1090 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2740453006:
Add QuicStringPiece which is actually StringPiece. (Closed)
