| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/quic/crypto/quic_crypto_client_config.h" | |
| 6 | |
| 7 #include "net/quic/crypto/proof_verifier.h" | |
| 8 #include "net/quic/quic_server_id.h" | |
| 9 #include "net/quic/test_tools/mock_random.h" | |
| 10 #include "net/quic/test_tools/quic_test_utils.h" | |
| 11 #include "testing/gtest/include/gtest/gtest.h" | |
| 12 | |
| 13 using std::string; | |
| 14 using std::vector; | |
| 15 | |
| 16 namespace net { | |
| 17 namespace test { | |
| 18 namespace { | |
| 19 | |
| 20 class TestProofVerifyDetails : public ProofVerifyDetails { | |
| 21 ~TestProofVerifyDetails() override {} | |
| 22 | |
| 23 // ProofVerifyDetails implementation | |
| 24 ProofVerifyDetails* Clone() const override { | |
| 25 return new TestProofVerifyDetails; | |
| 26 } | |
| 27 }; | |
| 28 | |
| 29 } // namespace | |
| 30 | |
| 31 TEST(QuicCryptoClientConfigTest, CachedState_IsEmpty) { | |
| 32 QuicCryptoClientConfig::CachedState state; | |
| 33 EXPECT_TRUE(state.IsEmpty()); | |
| 34 } | |
| 35 | |
| 36 TEST(QuicCryptoClientConfigTest, CachedState_IsComplete) { | |
| 37 QuicCryptoClientConfig::CachedState state; | |
| 38 EXPECT_FALSE(state.IsComplete(QuicWallTime::FromUNIXSeconds(0))); | |
| 39 } | |
| 40 | |
| 41 TEST(QuicCryptoClientConfigTest, CachedState_GenerationCounter) { | |
| 42 QuicCryptoClientConfig::CachedState state; | |
| 43 EXPECT_EQ(0u, state.generation_counter()); | |
| 44 state.SetProofInvalid(); | |
| 45 EXPECT_EQ(1u, state.generation_counter()); | |
| 46 } | |
| 47 | |
| 48 TEST(QuicCryptoClientConfigTest, CachedState_SetProofVerifyDetails) { | |
| 49 QuicCryptoClientConfig::CachedState state; | |
| 50 EXPECT_TRUE(state.proof_verify_details() == nullptr); | |
| 51 ProofVerifyDetails* details = new TestProofVerifyDetails; | |
| 52 state.SetProofVerifyDetails(details); | |
| 53 EXPECT_EQ(details, state.proof_verify_details()); | |
| 54 } | |
| 55 | |
| 56 TEST(QuicCryptoClientConfigTest, CachedState_InitializeFrom) { | |
| 57 QuicCryptoClientConfig::CachedState state; | |
| 58 QuicCryptoClientConfig::CachedState other; | |
| 59 state.set_source_address_token("TOKEN"); | |
| 60 // TODO(rch): Populate other fields of |state|. | |
| 61 other.InitializeFrom(state); | |
| 62 EXPECT_EQ(state.server_config(), other.server_config()); | |
| 63 EXPECT_EQ(state.source_address_token(), other.source_address_token()); | |
| 64 EXPECT_EQ(state.certs(), other.certs()); | |
| 65 EXPECT_EQ(1u, other.generation_counter()); | |
| 66 } | |
| 67 | |
| 68 TEST(QuicCryptoClientConfigTest, InchoateChlo) { | |
| 69 QuicCryptoClientConfig::CachedState state; | |
| 70 QuicCryptoClientConfig config; | |
| 71 QuicCryptoNegotiatedParameters params; | |
| 72 CryptoHandshakeMessage msg; | |
| 73 QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED); | |
| 74 config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, | |
| 75 ¶ms, &msg); | |
| 76 | |
| 77 QuicTag cver; | |
| 78 EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kVER, &cver)); | |
| 79 EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver); | |
| 80 } | |
| 81 | |
| 82 TEST(QuicCryptoClientConfigTest, PreferAesGcm) { | |
| 83 QuicCryptoClientConfig config; | |
| 84 if (config.aead.size() > 1) | |
| 85 EXPECT_NE(kAESG, config.aead[0]); | |
| 86 config.PreferAesGcm(); | |
| 87 EXPECT_EQ(kAESG, config.aead[0]); | |
| 88 } | |
| 89 | |
| 90 TEST(QuicCryptoClientConfigTest, InchoateChloSecure) { | |
| 91 QuicCryptoClientConfig::CachedState state; | |
| 92 QuicCryptoClientConfig config; | |
| 93 QuicCryptoNegotiatedParameters params; | |
| 94 CryptoHandshakeMessage msg; | |
| 95 QuicServerId server_id("www.google.com", 443, true, PRIVACY_MODE_DISABLED); | |
| 96 config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, | |
| 97 ¶ms, &msg); | |
| 98 | |
| 99 QuicTag pdmd; | |
| 100 EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd)); | |
| 101 EXPECT_EQ(kX509, pdmd); | |
| 102 } | |
| 103 | |
| 104 TEST(QuicCryptoClientConfigTest, InchoateChloSecureNoEcdsa) { | |
| 105 QuicCryptoClientConfig::CachedState state; | |
| 106 QuicCryptoClientConfig config; | |
| 107 config.DisableEcdsa(); | |
| 108 QuicCryptoNegotiatedParameters params; | |
| 109 CryptoHandshakeMessage msg; | |
| 110 QuicServerId server_id("www.google.com", 443, true, PRIVACY_MODE_DISABLED); | |
| 111 config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, | |
| 112 ¶ms, &msg); | |
| 113 | |
| 114 QuicTag pdmd; | |
| 115 EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd)); | |
| 116 EXPECT_EQ(kX59R, pdmd); | |
| 117 } | |
| 118 | |
| 119 TEST(QuicCryptoClientConfigTest, FillClientHello) { | |
| 120 QuicCryptoClientConfig::CachedState state; | |
| 121 QuicCryptoClientConfig config; | |
| 122 QuicCryptoNegotiatedParameters params; | |
| 123 QuicConnectionId kConnectionId = 1234; | |
| 124 string error_details; | |
| 125 MockRandom rand; | |
| 126 CryptoHandshakeMessage chlo; | |
| 127 QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED); | |
| 128 config.FillClientHello(server_id, | |
| 129 kConnectionId, | |
| 130 QuicVersionMax(), | |
| 131 &state, | |
| 132 QuicWallTime::Zero(), | |
| 133 &rand, | |
| 134 nullptr, // channel_id_key | |
| 135 ¶ms, | |
| 136 &chlo, | |
| 137 &error_details); | |
| 138 | |
| 139 // Verify that certain QuicTags have been set correctly in the CHLO. | |
| 140 QuicTag cver; | |
| 141 EXPECT_EQ(QUIC_NO_ERROR, chlo.GetUint32(kVER, &cver)); | |
| 142 EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver); | |
| 143 } | |
| 144 | |
| 145 TEST(QuicCryptoClientConfigTest, ProcessServerDowngradeAttack) { | |
| 146 QuicVersionVector supported_versions = QuicSupportedVersions(); | |
| 147 if (supported_versions.size() == 1) { | |
| 148 // No downgrade attack is possible if the client only supports one version. | |
| 149 return; | |
| 150 } | |
| 151 QuicTagVector supported_version_tags; | |
| 152 for (size_t i = supported_versions.size(); i > 0; --i) { | |
| 153 supported_version_tags.push_back( | |
| 154 QuicVersionToQuicTag(supported_versions[i - 1])); | |
| 155 } | |
| 156 CryptoHandshakeMessage msg; | |
| 157 msg.set_tag(kSHLO); | |
| 158 msg.SetVector(kVER, supported_version_tags); | |
| 159 | |
| 160 QuicCryptoClientConfig::CachedState cached; | |
| 161 QuicCryptoNegotiatedParameters out_params; | |
| 162 string error; | |
| 163 QuicCryptoClientConfig config; | |
| 164 EXPECT_EQ(QUIC_VERSION_NEGOTIATION_MISMATCH, | |
| 165 config.ProcessServerHello(msg, 0, supported_versions, | |
| 166 &cached, &out_params, &error)); | |
| 167 EXPECT_EQ("Downgrade attack detected", error); | |
| 168 } | |
| 169 | |
| 170 TEST(QuicCryptoClientConfigTest, InitializeFrom) { | |
| 171 QuicCryptoClientConfig config; | |
| 172 QuicServerId canonical_server_id("www.google.com", 80, false, | |
| 173 PRIVACY_MODE_DISABLED); | |
| 174 QuicCryptoClientConfig::CachedState* state = | |
| 175 config.LookupOrCreate(canonical_server_id); | |
| 176 // TODO(rch): Populate other fields of |state|. | |
| 177 state->set_source_address_token("TOKEN"); | |
| 178 state->SetProofValid(); | |
| 179 | |
| 180 QuicServerId other_server_id("mail.google.com", 80, false, | |
| 181 PRIVACY_MODE_DISABLED); | |
| 182 config.InitializeFrom(other_server_id, canonical_server_id, &config); | |
| 183 QuicCryptoClientConfig::CachedState* other = | |
| 184 config.LookupOrCreate(other_server_id); | |
| 185 | |
| 186 EXPECT_EQ(state->server_config(), other->server_config()); | |
| 187 EXPECT_EQ(state->source_address_token(), other->source_address_token()); | |
| 188 EXPECT_EQ(state->certs(), other->certs()); | |
| 189 EXPECT_EQ(1u, other->generation_counter()); | |
| 190 } | |
| 191 | |
| 192 TEST(QuicCryptoClientConfigTest, Canonical) { | |
| 193 QuicCryptoClientConfig config; | |
| 194 config.AddCanonicalSuffix(".google.com"); | |
| 195 QuicServerId canonical_id1("www.google.com", 80, false, | |
| 196 PRIVACY_MODE_DISABLED); | |
| 197 QuicServerId canonical_id2("mail.google.com", 80, false, | |
| 198 PRIVACY_MODE_DISABLED); | |
| 199 QuicCryptoClientConfig::CachedState* state = | |
| 200 config.LookupOrCreate(canonical_id1); | |
| 201 // TODO(rch): Populate other fields of |state|. | |
| 202 state->set_source_address_token("TOKEN"); | |
| 203 state->SetProofValid(); | |
| 204 | |
| 205 QuicCryptoClientConfig::CachedState* other = | |
| 206 config.LookupOrCreate(canonical_id2); | |
| 207 | |
| 208 EXPECT_TRUE(state->IsEmpty()); | |
| 209 EXPECT_EQ(state->server_config(), other->server_config()); | |
| 210 EXPECT_EQ(state->source_address_token(), other->source_address_token()); | |
| 211 EXPECT_EQ(state->certs(), other->certs()); | |
| 212 EXPECT_EQ(1u, other->generation_counter()); | |
| 213 | |
| 214 QuicServerId different_id("mail.google.org", 80, false, | |
| 215 PRIVACY_MODE_DISABLED); | |
| 216 EXPECT_TRUE(config.LookupOrCreate(different_id)->IsEmpty()); | |
| 217 } | |
| 218 | |
| 219 TEST(QuicCryptoClientConfigTest, CanonicalNotUsedIfNotValid) { | |
| 220 QuicCryptoClientConfig config; | |
| 221 config.AddCanonicalSuffix(".google.com"); | |
| 222 QuicServerId canonical_id1("www.google.com", 80, false, | |
| 223 PRIVACY_MODE_DISABLED); | |
| 224 QuicServerId canonical_id2("mail.google.com", 80, false, | |
| 225 PRIVACY_MODE_DISABLED); | |
| 226 QuicCryptoClientConfig::CachedState* state = | |
| 227 config.LookupOrCreate(canonical_id1); | |
| 228 // TODO(rch): Populate other fields of |state|. | |
| 229 state->set_source_address_token("TOKEN"); | |
| 230 | |
| 231 // Do not set the proof as valid, and check that it is not used | |
| 232 // as a canonical entry. | |
| 233 EXPECT_TRUE(config.LookupOrCreate(canonical_id2)->IsEmpty()); | |
| 234 } | |
| 235 | |
| 236 TEST(QuicCryptoClientConfigTest, ClearCachedStates) { | |
| 237 QuicCryptoClientConfig config; | |
| 238 QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED); | |
| 239 QuicCryptoClientConfig::CachedState* state = config.LookupOrCreate(server_id); | |
| 240 // TODO(rch): Populate other fields of |state|. | |
| 241 vector<string> certs(1); | |
| 242 certs[0] = "Hello Cert"; | |
| 243 state->SetProof(certs, "signature"); | |
| 244 state->set_source_address_token("TOKEN"); | |
| 245 state->SetProofValid(); | |
| 246 EXPECT_EQ(1u, state->generation_counter()); | |
| 247 | |
| 248 // Verify LookupOrCreate returns the same data. | |
| 249 QuicCryptoClientConfig::CachedState* other = config.LookupOrCreate(server_id); | |
| 250 | |
| 251 EXPECT_EQ(state, other); | |
| 252 EXPECT_EQ(1u, other->generation_counter()); | |
| 253 | |
| 254 // Clear the cached states. | |
| 255 config.ClearCachedStates(); | |
| 256 | |
| 257 // Verify LookupOrCreate doesn't have any data. | |
| 258 QuicCryptoClientConfig::CachedState* cleared_cache = | |
| 259 config.LookupOrCreate(server_id); | |
| 260 | |
| 261 EXPECT_EQ(state, cleared_cache); | |
| 262 EXPECT_FALSE(cleared_cache->proof_valid()); | |
| 263 EXPECT_TRUE(cleared_cache->server_config().empty()); | |
| 264 EXPECT_TRUE(cleared_cache->certs().empty()); | |
| 265 EXPECT_TRUE(cleared_cache->signature().empty()); | |
| 266 EXPECT_EQ(2u, cleared_cache->generation_counter()); | |
| 267 } | |
| 268 | |
| 269 } // namespace test | |
| 270 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master