Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(496)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/crypto/quic_crypto_server_config_test.cc

Issue 331143006: QUIC Crypto - return the reasons for reject message. Reject reason (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Used static_cast<uint32> per avd's comments Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/quic/crypto/quic_crypto_server_config.cc ('K') | « net/quic/crypto/quic_crypto_server_config.cc ('k') | net/quic/quic_flags.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/quic_crypto_server_config_test.cc
diff --git a/net/quic/crypto/quic_crypto_server_config_test.cc b/net/quic/crypto/quic_crypto_server_config_test.cc
index 069c5238478a8a83c5da2b39426f46fe7f48c559..22bfd2c6cc6c120c8e8d5ea0dc73aea6bd60221f 100644
--- a/net/quic/crypto/quic_crypto_server_config_test.cc
+++ b/net/quic/crypto/quic_crypto_server_config_test.cc
@@ -9,6 +9,7 @@
#include "base/stl_util.h"
#include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
#include "net/quic/crypto/crypto_handshake_message.h"
+#include "net/quic/crypto/crypto_secret_boxer.h"
#include "net/quic/crypto/crypto_server_config_protobuf.h"
#include "net/quic/crypto/quic_random.h"
#include "net/quic/crypto/strike_register_client.h"
@@ -58,14 +59,23 @@ class QuicCryptoServerConfigPeer {
*GetConfig(config_id), ip, rand, now);
}
- bool ValidateSourceAddressToken(string config_id,
- StringPiece srct,
- IPEndPoint ip,
- QuicWallTime now) {
+ HandshakeFailureReason ValidateSourceAddressToken(string config_id,
+ StringPiece srct,
+ IPEndPoint ip,
+ QuicWallTime now) {
return server_config_->ValidateSourceAddressToken(
*GetConfig(config_id), srct, ip, now);
}
+ string NewServerNonce(QuicRandom* rand, QuicWallTime now) const {
+ return server_config_->NewServerNonce(rand, now);
+ }
+
+ HandshakeFailureReason ValidateServerNonce(StringPiece token,
+ QuicWallTime now) {
+ return server_config_->ValidateServerNonce(token, now);
+ }
+
base::Lock* GetStrikeRegisterClientLock() {
return &server_config_->strike_register_client_lock_;
}
@@ -270,41 +280,84 @@ TEST(QuicCryptoServerConfigTest, SourceAddressTokens) {
const string token4 = peer.NewSourceAddressToken(kPrimary, ip4, rand, now);
const string token4d = peer.NewSourceAddressToken(kPrimary, ip4d, rand, now);
const string token6 = peer.NewSourceAddressToken(kPrimary, ip6, rand, now);
- EXPECT_TRUE(peer.ValidateSourceAddressToken(kPrimary, token4, ip4, now));
- EXPECT_TRUE(peer.ValidateSourceAddressToken(kPrimary, token4, ip4d, now));
- EXPECT_FALSE(peer.ValidateSourceAddressToken(kPrimary, token4, ip6, now));
- EXPECT_TRUE(peer.ValidateSourceAddressToken(kPrimary, token4d, ip4, now));
- EXPECT_TRUE(peer.ValidateSourceAddressToken(kPrimary, token4d, ip4d, now));
- EXPECT_FALSE(peer.ValidateSourceAddressToken(kPrimary, token4d, ip6, now));
- EXPECT_TRUE(peer.ValidateSourceAddressToken(kPrimary, token6, ip6, now));
+ EXPECT_EQ(HANDSHAKE_OK, peer.ValidateSourceAddressToken(
+ kPrimary, token4, ip4, now));
+ DCHECK_EQ(HANDSHAKE_OK, peer.ValidateSourceAddressToken(
+ kPrimary, token4, ip4d, now));
+ DCHECK_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+ peer.ValidateSourceAddressToken(kPrimary, token4, ip6, now));
+ DCHECK_EQ(HANDSHAKE_OK, peer.ValidateSourceAddressToken(
+ kPrimary, token4d, ip4, now));
+ DCHECK_EQ(HANDSHAKE_OK, peer.ValidateSourceAddressToken(
+ kPrimary, token4d, ip4d, now));
+ DCHECK_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+ peer.ValidateSourceAddressToken(kPrimary, token4d, ip6, now));
+ DCHECK_EQ(HANDSHAKE_OK, peer.ValidateSourceAddressToken(
+ kPrimary, token6, ip6, now));
// Override config generates configs that validate successfully.
const string override_token4 = peer.NewSourceAddressToken(
kOverride, ip4, rand, now);
const string override_token6 = peer.NewSourceAddressToken(
kOverride, ip6, rand, now);
- EXPECT_TRUE(peer.ValidateSourceAddressToken(
+ DCHECK_EQ(HANDSHAKE_OK, peer.ValidateSourceAddressToken(
kOverride, override_token4, ip4, now));
- EXPECT_FALSE(peer.ValidateSourceAddressToken(
- kOverride, override_token4, ip6, now));
- EXPECT_TRUE(peer.ValidateSourceAddressToken(
+ DCHECK_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE,
+ peer.ValidateSourceAddressToken(kOverride, override_token4, ip6,
+ now));
+ DCHECK_EQ(HANDSHAKE_OK, peer.ValidateSourceAddressToken(
kOverride, override_token6, ip6, now));
// Tokens generated by the primary config do not validate
// successfully against the override config, and vice versa.
- EXPECT_FALSE(peer.ValidateSourceAddressToken(kOverride, token4, ip4, now));
- EXPECT_FALSE(peer.ValidateSourceAddressToken(kOverride, token6, ip6, now));
- EXPECT_FALSE(peer.ValidateSourceAddressToken(
- kPrimary, override_token4, ip4, now));
- EXPECT_FALSE(peer.ValidateSourceAddressToken(
- kPrimary, override_token6, ip6, now));
+ DCHECK_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+ peer.ValidateSourceAddressToken(kOverride, token4, ip4, now));
+ DCHECK_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+ peer.ValidateSourceAddressToken(kOverride, token6, ip6, now));
+ DCHECK_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+ peer.ValidateSourceAddressToken(kPrimary, override_token4, ip4,
+ now));
+ DCHECK_EQ(SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE,
+ peer.ValidateSourceAddressToken(kPrimary, override_token6, ip6,
+ now));
// Validation fails after tokens expire.
now = original_time.Add(QuicTime::Delta::FromSeconds(86400 * 7));
- EXPECT_FALSE(peer.ValidateSourceAddressToken(kPrimary, token4, ip4, now));
+ DCHECK_EQ(SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE,
+ peer.ValidateSourceAddressToken(kPrimary, token4, ip4, now));
now = original_time.Subtract(QuicTime::Delta::FromSeconds(3600 * 2));
- EXPECT_FALSE(peer.ValidateSourceAddressToken(kPrimary, token4, ip4, now));
+ DCHECK_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE,
+ peer.ValidateSourceAddressToken(kPrimary, token4, ip4, now));
+}
+
+TEST(QuicCryptoServerConfigTest, ValidateServerNonce) {
+ QuicRandom* rand = QuicRandom::GetInstance();
+ QuicCryptoServerConfig server(QuicCryptoServerConfig::TESTING, rand);
+ QuicCryptoServerConfigPeer peer(&server);
+
+ StringPiece message("hello world");
+ const size_t key_size = CryptoSecretBoxer::GetKeySize();
+ scoped_ptr<uint8[]> key(new uint8[key_size]);
+ memset(key.get(), 0x11, key_size);
+
+ CryptoSecretBoxer boxer;
+ boxer.SetKey(StringPiece(reinterpret_cast<char*>(key.get()), key_size));
+ const string box = boxer.Box(rand, message);
+ MockClock clock;
+ QuicWallTime now = clock.WallNow();
+ const QuicWallTime original_time = now;
+ EXPECT_EQ(SERVER_NONCE_DECRYPTION_FAILURE,
+ peer.ValidateServerNonce(box, now));
+
+ string server_nonce = peer.NewServerNonce(rand, now);
+ EXPECT_EQ(HANDSHAKE_OK, peer.ValidateServerNonce(server_nonce, now));
+ EXPECT_EQ(SERVER_NONCE_NOT_UNIQUE_FAILURE,
+ peer.ValidateServerNonce(server_nonce, now));
+
+ now = original_time.Add(QuicTime::Delta::FromSeconds(1000 * 7));
+ server_nonce = peer.NewServerNonce(rand, now);
+ EXPECT_EQ(HANDSHAKE_OK, peer.ValidateServerNonce(server_nonce, now));
}
class CryptoServerConfigsTest : public ::testing::Test {
« net/quic/crypto/quic_crypto_server_config.cc ('K') | « net/quic/crypto/quic_crypto_server_config.cc ('k') | net/quic/quic_flags.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698