summaryrefslogtreecommitdiff
path: root/chromium/net/quic/quic_crypto_server_stream_test.cc
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@theqtcompany.com>2016-01-25 11:39:07 +0100
committerOswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>2016-01-25 15:20:42 +0000
commit6c91641271e536ffaa88a1dff5127e42ee99a91e (patch)
tree703d9dd49602377ddc90cbf886aad37913f2496b /chromium/net/quic/quic_crypto_server_stream_test.cc
parentb145b7fafd36f0c260d6a768c81fc14e32578099 (diff)
downloadqtwebengine-chromium-6c91641271e536ffaa88a1dff5127e42ee99a91e.tar.gz
BASELINE: Update Chromium to 49.0.2623.23
Also adds missing printing sources. Change-Id: I3726b8f0c7d6751c9fc846096c571fadca7108cd Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Diffstat (limited to 'chromium/net/quic/quic_crypto_server_stream_test.cc')
-rw-r--r--chromium/net/quic/quic_crypto_server_stream_test.cc209
1 files changed, 148 insertions, 61 deletions
diff --git a/chromium/net/quic/quic_crypto_server_stream_test.cc b/chromium/net/quic/quic_crypto_server_stream_test.cc
index 7a205137f06..f783bef5fe7 100644
--- a/chromium/net/quic/quic_crypto_server_stream_test.cc
+++ b/chromium/net/quic/quic_crypto_server_stream_test.cc
@@ -8,6 +8,7 @@
#include <vector>
#include "base/memory/scoped_ptr.h"
+#include "base/stl_util.h"
#include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
#include "net/quic/crypto/crypto_framer.h"
#include "net/quic/crypto/crypto_handshake.h"
@@ -61,24 +62,21 @@ class QuicCryptoServerStreamPeer {
namespace {
const char kServerHostname[] = "test.example.com";
-const uint16 kServerPort = 443;
+const uint16_t kServerPort = 443;
class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
public:
QuicCryptoServerStreamTest()
: server_crypto_config_(QuicCryptoServerConfig::TESTING,
- QuicRandom::GetInstance()),
- server_id_(kServerHostname, kServerPort, true, PRIVACY_MODE_DISABLED) {
-#if defined(USE_OPENSSL)
- server_crypto_config_.SetProofSource(
- CryptoTestUtils::ProofSourceForTesting());
-#else
- // TODO(rch): Implement a NSS proof source.
- server_crypto_config_.SetProofSource(
- CryptoTestUtils::FakeProofSourceForTesting());
-#endif
+ QuicRandom::GetInstance(),
+ CryptoTestUtils::ProofSourceForTesting()),
+ server_id_(kServerHostname, kServerPort, PRIVACY_MODE_DISABLED),
+ client_crypto_config_(CryptoTestUtils::ProofVerifierForTesting()) {
+ FLAGS_enable_quic_stateless_reject_support = false;
server_crypto_config_.set_strike_register_no_startup_period();
+ }
+ void Initialize() {
InitializeServer();
if (AsyncStrikeRegisterVerification()) {
@@ -86,28 +84,41 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
QuicCryptoServerConfigPeer::GetPrimaryOrbit(server_crypto_config_);
strike_register_client_ = new DelayedVerifyStrikeRegisterClient(
10000, // strike_register_max_entries
- static_cast<uint32>(
+ static_cast<uint32_t>(
server_connection_->clock()->WallNow().ToUNIXSeconds()),
60, // strike_register_window_secs
- reinterpret_cast<const uint8*>(orbit.data()),
+ reinterpret_cast<const uint8_t*>(orbit.data()),
StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
strike_register_client_->StartDelayingVerification();
server_crypto_config_.SetStrikeRegisterClient(strike_register_client_);
}
}
+ ~QuicCryptoServerStreamTest() override {
+ // Ensure that anything that might reference |helpers_| is destroyed before
+ // |helpers_| is destroyed.
+ server_session_.reset();
+ client_session_.reset();
+ STLDeleteElements(&helpers_);
+ }
+
// Initializes the crypto server stream state for testing. May be
// called multiple times.
void InitializeServer() {
TestQuicSpdyServerSession* server_session = nullptr;
+ helpers_.push_back(new MockConnectionHelper);
+
CreateServerSessionForTest(server_id_, QuicTime::Delta::FromSeconds(100000),
+ supported_versions_, helpers_.back(),
&server_crypto_config_, &server_connection_,
&server_session);
CHECK(server_session);
server_session_.reset(server_session);
+ CryptoTestUtils::FakeServerOptions options;
+ options.token_binding_enabled = true;
CryptoTestUtils::SetupCryptoServerConfigForTest(
server_connection_->clock(), server_connection_->random_generator(),
- server_session_->config(), &server_crypto_config_);
+ server_session_->config(), &server_crypto_config_, options);
}
QuicCryptoServerStream* server_stream() {
@@ -122,25 +133,21 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
// testing. May be called multiple times.
void InitializeFakeClient(bool supports_stateless_rejects) {
TestQuicSpdyClientSession* client_session = nullptr;
+ helpers_.push_back(new MockConnectionHelper);
CreateClientSessionForTest(server_id_, supports_stateless_rejects,
QuicTime::Delta::FromSeconds(100000),
- &client_crypto_config_, &client_connection_,
- &client_session);
+ supported_versions_,
+
+ helpers_.back(), &client_crypto_config_,
+ &client_connection_, &client_session);
CHECK(client_session);
client_session_.reset(client_session);
- if (!client_options_.dont_verify_certs) {
-#if defined(USE_OPENSSL)
- client_crypto_config_.SetProofVerifier(
- CryptoTestUtils::ProofVerifierForTesting());
-#else
- // TODO(rch): Implement a NSS proof source.
- client_crypto_config_.SetProofVerifier(
- CryptoTestUtils::FakeProofVerifierForTesting());
-#endif
- }
}
bool AsyncStrikeRegisterVerification() {
+ if (server_connection_->version() > QUIC_VERSION_30) {
+ return false;
+ }
return GetParam();
}
@@ -153,7 +160,8 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
CHECK(server_connection_);
CHECK(server_session_ != nullptr);
return CryptoTestUtils::HandshakeWithFakeClient(
- server_connection_, server_stream(), server_id_, client_options_);
+ helpers_.back(), server_connection_, server_stream(), server_id_,
+ client_options_);
}
// Performs a single round of handshake message-exchange between the
@@ -169,6 +177,11 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
}
protected:
+ // Every connection gets its own MockConnectionHelper, tracked separately
+ // from the server and client state so their lifetimes persist through the
+ // whole test.
+ std::vector<MockConnectionHelper*> helpers_;
+
// Server state
PacketSavingConnection* server_connection_;
scoped_ptr<TestQuicSpdyServerSession> server_session_;
@@ -184,18 +197,23 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
scoped_ptr<QuicData> message_data_;
CryptoTestUtils::FakeClientOptions client_options_;
DelayedVerifyStrikeRegisterClient* strike_register_client_;
+
+ // Which QUIC versions the client and server support.
+ QuicVersionVector supported_versions_ = QuicSupportedVersions();
};
INSTANTIATE_TEST_CASE_P(Tests, QuicCryptoServerStreamTest, testing::Bool());
TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected) {
+ Initialize();
EXPECT_FALSE(server_stream()->encryption_established());
EXPECT_FALSE(server_stream()->handshake_confirmed());
}
TEST_P(QuicCryptoServerStreamTest, NotInitiallySendingStatelessRejects) {
- EXPECT_FALSE(server_stream()->use_stateless_rejects_if_peer_supported());
- EXPECT_FALSE(server_stream()->peer_supports_stateless_rejects());
+ Initialize();
+ EXPECT_FALSE(server_stream()->UseStatelessRejectsIfPeerSupported());
+ EXPECT_FALSE(server_stream()->PeerSupportsStatelessRejects());
}
TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
@@ -203,6 +221,7 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
// test should send:
// * One to get a source-address token and certificates.
// * One to complete the handshake.
+ Initialize();
EXPECT_EQ(2, CompleteCryptoHandshake());
EXPECT_TRUE(server_stream()->encryption_established());
EXPECT_TRUE(server_stream()->handshake_confirmed());
@@ -211,7 +230,7 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO) {
ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
true);
- server_stream()->set_use_stateless_rejects_if_peer_supported(true);
+ Initialize();
InitializeFakeClient(/* supports_stateless_rejects= */ true);
AdvanceHandshakeWithFakeClient();
@@ -233,17 +252,17 @@ TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO) {
const QuicConnectionId server_designated_connection_id =
client_state->GetNextServerDesignatedConnectionId();
const QuicConnectionId expected_id =
- reinterpret_cast<MockRandom*>(server_connection_->random_generator())
- ->RandUint64();
+ server_connection_->random_generator()->RandUint64();
EXPECT_EQ(expected_id, server_designated_connection_id);
EXPECT_FALSE(client_state->has_server_designated_connection_id());
ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
+ EXPECT_FALSE(server_connection_->connected());
}
TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) {
ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
true);
- server_stream()->set_use_stateless_rejects_if_peer_supported(true);
+ Initialize();
InitializeFakeClient(/* supports_stateless_rejects= */ true);
AdvanceHandshakeWithFakeClient();
@@ -251,8 +270,8 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) {
// On the first round, encryption will not be established.
EXPECT_FALSE(server_stream()->encryption_established());
EXPECT_FALSE(server_stream()->handshake_confirmed());
- EXPECT_EQ(1, server_stream()->num_handshake_messages());
- EXPECT_EQ(0, server_stream()->num_handshake_messages_with_server_nonces());
+ EXPECT_EQ(1, server_stream()->NumHandshakeMessages());
+ EXPECT_EQ(0, server_stream()->NumHandshakeMessagesWithServerNonces());
// Now check the client state.
QuicCryptoClientConfig::CachedState* client_state =
@@ -262,8 +281,7 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) {
const QuicConnectionId server_designated_connection_id =
client_state->GetNextServerDesignatedConnectionId();
const QuicConnectionId expected_id =
- reinterpret_cast<MockRandom*>(server_connection_->random_generator())
- ->RandUint64();
+ server_connection_->random_generator()->RandUint64();
EXPECT_EQ(expected_id, server_designated_connection_id);
EXPECT_FALSE(client_state->has_server_designated_connection_id());
ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
@@ -271,7 +289,6 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) {
// Now create new client and server streams with the existing config
// and try the handshake again (0-RTT handshake).
InitializeServer();
- server_stream()->set_use_stateless_rejects_if_peer_supported(true);
InitializeFakeClient(/* supports_stateless_rejects= */ true);
@@ -285,14 +302,14 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) {
// On the second round, encryption will be established.
EXPECT_TRUE(server_stream()->encryption_established());
EXPECT_TRUE(server_stream()->handshake_confirmed());
- EXPECT_EQ(2, server_stream()->num_handshake_messages());
- EXPECT_EQ(1, server_stream()->num_handshake_messages_with_server_nonces());
+ EXPECT_EQ(2, server_stream()->NumHandshakeMessages());
+ EXPECT_EQ(1, server_stream()->NumHandshakeMessagesWithServerNonces());
}
TEST_P(QuicCryptoServerStreamTest, NoStatelessRejectIfNoClientSupport) {
ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
true);
- server_stream()->set_use_stateless_rejects_if_peer_supported(true);
+ Initialize();
// The server is configured to use stateless rejects, but the client does not
// support it.
@@ -313,6 +330,7 @@ TEST_P(QuicCryptoServerStreamTest, NoStatelessRejectIfNoClientSupport) {
}
TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
+ Initialize();
InitializeFakeClient(/* supports_stateless_rejects= */ false);
// Do a first handshake in order to prime the client config with the server's
@@ -359,15 +377,21 @@ TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
server_stream());
}
- EXPECT_EQ(1, client_stream()->num_sent_client_hellos());
+ if (FLAGS_require_strike_register_or_server_nonce &&
+ !AsyncStrikeRegisterVerification()) {
+ EXPECT_EQ(2, client_stream()->num_sent_client_hellos());
+ } else {
+ EXPECT_EQ(1, client_stream()->num_sent_client_hellos());
+ }
}
TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
FLAGS_quic_require_fix = false;
+ Initialize();
CompleteCryptoHandshake();
- EXPECT_CALL(
- *server_connection_,
- SendConnectionClose(QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE));
+ EXPECT_CALL(*server_connection_,
+ SendConnectionCloseWithDetails(
+ QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE, _));
message_.set_tag(kCHLO);
ConstructHandshakeMessage();
server_stream()->OnStreamFrame(
@@ -377,29 +401,20 @@ TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
TEST_P(QuicCryptoServerStreamTest, BadMessageType) {
FLAGS_quic_require_fix = false;
+ Initialize();
+
message_.set_tag(kSHLO);
ConstructHandshakeMessage();
- EXPECT_CALL(*server_connection_,
- SendConnectionClose(QUIC_INVALID_CRYPTO_MESSAGE_TYPE));
+ EXPECT_CALL(*server_connection_, SendConnectionCloseWithDetails(
+ QUIC_INVALID_CRYPTO_MESSAGE_TYPE, _));
server_stream()->OnStreamFrame(
QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0,
message_data_->AsStringPiece()));
}
-TEST_P(QuicCryptoServerStreamTest, WithoutCertificates) {
- server_crypto_config_.SetProofSource(nullptr);
- server_id_ =
- QuicServerId(kServerHostname, kServerPort, false, PRIVACY_MODE_DISABLED);
- client_options_.dont_verify_certs = true;
-
- // Only 2 client hellos need to be sent in the no-certs case: one to get the
- // source-address token and the second to finish.
- EXPECT_EQ(2, CompleteCryptoHandshake());
- EXPECT_TRUE(server_stream()->encryption_established());
- EXPECT_TRUE(server_stream()->handshake_confirmed());
-}
-
TEST_P(QuicCryptoServerStreamTest, ChannelID) {
+ Initialize();
+
client_options_.channel_id_enabled = true;
client_options_.channel_id_source_async = false;
// CompleteCryptoHandshake verifies
@@ -410,6 +425,8 @@ TEST_P(QuicCryptoServerStreamTest, ChannelID) {
}
TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync) {
+ Initialize();
+
client_options_.channel_id_enabled = true;
client_options_.channel_id_source_async = true;
// CompleteCryptoHandshake verifies
@@ -421,11 +438,15 @@ TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync) {
TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) {
// An attempt to send a SCUP before completing handshake should fail.
+ Initialize();
+
server_stream()->SendServerConfigUpdate(nullptr);
- EXPECT_EQ(0, server_stream()->num_server_config_update_messages_sent());
+ EXPECT_EQ(0, server_stream()->NumServerConfigUpdateMessagesSent());
}
TEST_P(QuicCryptoServerStreamTest, DoesPeerSupportStatelessRejects) {
+ Initialize();
+
ConstructHandshakeMessage();
QuicConfig stateless_reject_config = DefaultQuicConfigStatelessRejects();
stateless_reject_config.ToHandshakeMessage(&message_);
@@ -439,6 +460,72 @@ TEST_P(QuicCryptoServerStreamTest, DoesPeerSupportStatelessRejects) {
QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_));
}
+TEST_P(QuicCryptoServerStreamTest, TokenBindingNegotiated) {
+ Initialize();
+
+ client_options_.token_binding_enabled = true;
+ CompleteCryptoHandshake();
+ EXPECT_EQ(
+ kP256,
+ server_stream()->crypto_negotiated_params().token_binding_key_param);
+ EXPECT_TRUE(server_stream()->encryption_established());
+ EXPECT_TRUE(server_stream()->handshake_confirmed());
+}
+
+TEST_P(QuicCryptoServerStreamTest, NoTokenBindingWithoutClientSupport) {
+ Initialize();
+
+ CompleteCryptoHandshake();
+ EXPECT_EQ(
+ 0u, server_stream()->crypto_negotiated_params().token_binding_key_param);
+ EXPECT_TRUE(server_stream()->encryption_established());
+ EXPECT_TRUE(server_stream()->handshake_confirmed());
+}
+
+TEST_P(QuicCryptoServerStreamTest, CancelRPCBeforeVerificationCompletes) {
+ // Tests that the client can close the connection while the remote strike
+ // register verification RPC is still pending.
+ ValueRestore<bool> old_flag(&FLAGS_quic_set_client_hello_cb_nullptr, true);
+
+ // Set version to QUIC_VERSION_25 as QUIC_VERSION_26 and later don't support
+ // asynchronous strike register RPCs.
+ supported_versions_ = {QUIC_VERSION_25};
+ Initialize();
+ if (!AsyncStrikeRegisterVerification()) {
+ return;
+ }
+ InitializeFakeClient(/* supports_stateless_rejects= */ false);
+
+ // Do a first handshake in order to prime the client config with the server's
+ // information.
+ AdvanceHandshakeWithFakeClient();
+
+ // Now start another handshake, this time the server will attempt to verify
+ // the client's nonce with the strike registers.
+ InitializeFakeClient(/* supports_stateless_rejects= */ false);
+ InitializeServer();
+ client_stream()->CryptoConnect();
+ EXPECT_FALSE(client_stream()->handshake_confirmed());
+ EXPECT_FALSE(server_stream()->handshake_confirmed());
+
+ // Advance the handshake. Expect that the server will be stuck waiting for
+ // client nonce verification to complete.
+ CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 0,
+ server_connection_, server_stream(), 0);
+ EXPECT_EQ(1, strike_register_client_->PendingVerifications());
+ EXPECT_FALSE(client_stream()->handshake_confirmed());
+ EXPECT_FALSE(server_stream()->handshake_confirmed());
+
+ // While waiting for the asynchronous verification to complete, the client
+ // decides to close the connection.
+ server_session_->connection()->CloseConnection(QUIC_NO_ERROR,
+ /*from_peer=*/true);
+
+ // The outstanding nonce verification RPC now completes.
+ strike_register_client_->RunPendingVerifications();
+}
+
} // namespace
+
} // namespace test
} // namespace net
View Lorry Controller Status