diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-01-25 11:39:07 +0100 |
---|---|---|
committer | Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com> | 2016-01-25 15:20:42 +0000 |
commit | 6c91641271e536ffaa88a1dff5127e42ee99a91e (patch) | |
tree | 703d9dd49602377ddc90cbf886aad37913f2496b /chromium/net/quic/quic_crypto_server_stream_test.cc | |
parent | b145b7fafd36f0c260d6a768c81fc14e32578099 (diff) | |
download | qtwebengine-chromium-6c91641271e536ffaa88a1dff5127e42ee99a91e.tar.gz |
BASELINE: Update Chromium to 49.0.2623.23
Also adds missing printing sources.
Change-Id: I3726b8f0c7d6751c9fc846096c571fadca7108cd
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
Diffstat (limited to 'chromium/net/quic/quic_crypto_server_stream_test.cc')
-rw-r--r-- | chromium/net/quic/quic_crypto_server_stream_test.cc | 209 |
1 files changed, 148 insertions, 61 deletions
diff --git a/chromium/net/quic/quic_crypto_server_stream_test.cc b/chromium/net/quic/quic_crypto_server_stream_test.cc index 7a205137f06..f783bef5fe7 100644 --- a/chromium/net/quic/quic_crypto_server_stream_test.cc +++ b/chromium/net/quic/quic_crypto_server_stream_test.cc @@ -8,6 +8,7 @@ #include <vector> #include "base/memory/scoped_ptr.h" +#include "base/stl_util.h" #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" #include "net/quic/crypto/crypto_framer.h" #include "net/quic/crypto/crypto_handshake.h" @@ -61,24 +62,21 @@ class QuicCryptoServerStreamPeer { namespace { const char kServerHostname[] = "test.example.com"; -const uint16 kServerPort = 443; +const uint16_t kServerPort = 443; class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> { public: QuicCryptoServerStreamTest() : server_crypto_config_(QuicCryptoServerConfig::TESTING, - QuicRandom::GetInstance()), - server_id_(kServerHostname, kServerPort, true, PRIVACY_MODE_DISABLED) { -#if defined(USE_OPENSSL) - server_crypto_config_.SetProofSource( - CryptoTestUtils::ProofSourceForTesting()); -#else - // TODO(rch): Implement a NSS proof source. - server_crypto_config_.SetProofSource( - CryptoTestUtils::FakeProofSourceForTesting()); -#endif + QuicRandom::GetInstance(), + CryptoTestUtils::ProofSourceForTesting()), + server_id_(kServerHostname, kServerPort, PRIVACY_MODE_DISABLED), + client_crypto_config_(CryptoTestUtils::ProofVerifierForTesting()) { + FLAGS_enable_quic_stateless_reject_support = false; server_crypto_config_.set_strike_register_no_startup_period(); + } + void Initialize() { InitializeServer(); if (AsyncStrikeRegisterVerification()) { @@ -86,28 +84,41 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> { QuicCryptoServerConfigPeer::GetPrimaryOrbit(server_crypto_config_); strike_register_client_ = new DelayedVerifyStrikeRegisterClient( 10000, // strike_register_max_entries - static_cast<uint32>( + static_cast<uint32_t>( server_connection_->clock()->WallNow().ToUNIXSeconds()), 60, // strike_register_window_secs - reinterpret_cast<const uint8*>(orbit.data()), + reinterpret_cast<const uint8_t*>(orbit.data()), StrikeRegister::NO_STARTUP_PERIOD_NEEDED); strike_register_client_->StartDelayingVerification(); server_crypto_config_.SetStrikeRegisterClient(strike_register_client_); } } + ~QuicCryptoServerStreamTest() override { + // Ensure that anything that might reference |helpers_| is destroyed before + // |helpers_| is destroyed. + server_session_.reset(); + client_session_.reset(); + STLDeleteElements(&helpers_); + } + // Initializes the crypto server stream state for testing. May be // called multiple times. void InitializeServer() { TestQuicSpdyServerSession* server_session = nullptr; + helpers_.push_back(new MockConnectionHelper); + CreateServerSessionForTest(server_id_, QuicTime::Delta::FromSeconds(100000), + supported_versions_, helpers_.back(), &server_crypto_config_, &server_connection_, &server_session); CHECK(server_session); server_session_.reset(server_session); + CryptoTestUtils::FakeServerOptions options; + options.token_binding_enabled = true; CryptoTestUtils::SetupCryptoServerConfigForTest( server_connection_->clock(), server_connection_->random_generator(), - server_session_->config(), &server_crypto_config_); + server_session_->config(), &server_crypto_config_, options); } QuicCryptoServerStream* server_stream() { @@ -122,25 +133,21 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> { // testing. May be called multiple times. void InitializeFakeClient(bool supports_stateless_rejects) { TestQuicSpdyClientSession* client_session = nullptr; + helpers_.push_back(new MockConnectionHelper); CreateClientSessionForTest(server_id_, supports_stateless_rejects, QuicTime::Delta::FromSeconds(100000), - &client_crypto_config_, &client_connection_, - &client_session); + supported_versions_, + + helpers_.back(), &client_crypto_config_, + &client_connection_, &client_session); CHECK(client_session); client_session_.reset(client_session); - if (!client_options_.dont_verify_certs) { -#if defined(USE_OPENSSL) - client_crypto_config_.SetProofVerifier( - CryptoTestUtils::ProofVerifierForTesting()); -#else - // TODO(rch): Implement a NSS proof source. - client_crypto_config_.SetProofVerifier( - CryptoTestUtils::FakeProofVerifierForTesting()); -#endif - } } bool AsyncStrikeRegisterVerification() { + if (server_connection_->version() > QUIC_VERSION_30) { + return false; + } return GetParam(); } @@ -153,7 +160,8 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> { CHECK(server_connection_); CHECK(server_session_ != nullptr); return CryptoTestUtils::HandshakeWithFakeClient( - server_connection_, server_stream(), server_id_, client_options_); + helpers_.back(), server_connection_, server_stream(), server_id_, + client_options_); } // Performs a single round of handshake message-exchange between the @@ -169,6 +177,11 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> { } protected: + // Every connection gets its own MockConnectionHelper, tracked separately + // from the server and client state so their lifetimes persist through the + // whole test. + std::vector<MockConnectionHelper*> helpers_; + // Server state PacketSavingConnection* server_connection_; scoped_ptr<TestQuicSpdyServerSession> server_session_; @@ -184,18 +197,23 @@ class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> { scoped_ptr<QuicData> message_data_; CryptoTestUtils::FakeClientOptions client_options_; DelayedVerifyStrikeRegisterClient* strike_register_client_; + + // Which QUIC versions the client and server support. + QuicVersionVector supported_versions_ = QuicSupportedVersions(); }; INSTANTIATE_TEST_CASE_P(Tests, QuicCryptoServerStreamTest, testing::Bool()); TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected) { + Initialize(); EXPECT_FALSE(server_stream()->encryption_established()); EXPECT_FALSE(server_stream()->handshake_confirmed()); } TEST_P(QuicCryptoServerStreamTest, NotInitiallySendingStatelessRejects) { - EXPECT_FALSE(server_stream()->use_stateless_rejects_if_peer_supported()); - EXPECT_FALSE(server_stream()->peer_supports_stateless_rejects()); + Initialize(); + EXPECT_FALSE(server_stream()->UseStatelessRejectsIfPeerSupported()); + EXPECT_FALSE(server_stream()->PeerSupportsStatelessRejects()); } TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) { @@ -203,6 +221,7 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) { // test should send: // * One to get a source-address token and certificates. // * One to complete the handshake. + Initialize(); EXPECT_EQ(2, CompleteCryptoHandshake()); EXPECT_TRUE(server_stream()->encryption_established()); EXPECT_TRUE(server_stream()->handshake_confirmed()); @@ -211,7 +230,7 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) { TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO) { ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support, true); - server_stream()->set_use_stateless_rejects_if_peer_supported(true); + Initialize(); InitializeFakeClient(/* supports_stateless_rejects= */ true); AdvanceHandshakeWithFakeClient(); @@ -233,17 +252,17 @@ TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO) { const QuicConnectionId server_designated_connection_id = client_state->GetNextServerDesignatedConnectionId(); const QuicConnectionId expected_id = - reinterpret_cast<MockRandom*>(server_connection_->random_generator()) - ->RandUint64(); + server_connection_->random_generator()->RandUint64(); EXPECT_EQ(expected_id, server_designated_connection_id); EXPECT_FALSE(client_state->has_server_designated_connection_id()); ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0))); + EXPECT_FALSE(server_connection_->connected()); } TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) { ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support, true); - server_stream()->set_use_stateless_rejects_if_peer_supported(true); + Initialize(); InitializeFakeClient(/* supports_stateless_rejects= */ true); AdvanceHandshakeWithFakeClient(); @@ -251,8 +270,8 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) { // On the first round, encryption will not be established. EXPECT_FALSE(server_stream()->encryption_established()); EXPECT_FALSE(server_stream()->handshake_confirmed()); - EXPECT_EQ(1, server_stream()->num_handshake_messages()); - EXPECT_EQ(0, server_stream()->num_handshake_messages_with_server_nonces()); + EXPECT_EQ(1, server_stream()->NumHandshakeMessages()); + EXPECT_EQ(0, server_stream()->NumHandshakeMessagesWithServerNonces()); // Now check the client state. QuicCryptoClientConfig::CachedState* client_state = @@ -262,8 +281,7 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) { const QuicConnectionId server_designated_connection_id = client_state->GetNextServerDesignatedConnectionId(); const QuicConnectionId expected_id = - reinterpret_cast<MockRandom*>(server_connection_->random_generator()) - ->RandUint64(); + server_connection_->random_generator()->RandUint64(); EXPECT_EQ(expected_id, server_designated_connection_id); EXPECT_FALSE(client_state->has_server_designated_connection_id()); ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0))); @@ -271,7 +289,6 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) { // Now create new client and server streams with the existing config // and try the handshake again (0-RTT handshake). InitializeServer(); - server_stream()->set_use_stateless_rejects_if_peer_supported(true); InitializeFakeClient(/* supports_stateless_rejects= */ true); @@ -285,14 +302,14 @@ TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) { // On the second round, encryption will be established. EXPECT_TRUE(server_stream()->encryption_established()); EXPECT_TRUE(server_stream()->handshake_confirmed()); - EXPECT_EQ(2, server_stream()->num_handshake_messages()); - EXPECT_EQ(1, server_stream()->num_handshake_messages_with_server_nonces()); + EXPECT_EQ(2, server_stream()->NumHandshakeMessages()); + EXPECT_EQ(1, server_stream()->NumHandshakeMessagesWithServerNonces()); } TEST_P(QuicCryptoServerStreamTest, NoStatelessRejectIfNoClientSupport) { ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support, true); - server_stream()->set_use_stateless_rejects_if_peer_supported(true); + Initialize(); // The server is configured to use stateless rejects, but the client does not // support it. @@ -313,6 +330,7 @@ TEST_P(QuicCryptoServerStreamTest, NoStatelessRejectIfNoClientSupport) { } TEST_P(QuicCryptoServerStreamTest, ZeroRTT) { + Initialize(); InitializeFakeClient(/* supports_stateless_rejects= */ false); // Do a first handshake in order to prime the client config with the server's @@ -359,15 +377,21 @@ TEST_P(QuicCryptoServerStreamTest, ZeroRTT) { server_stream()); } - EXPECT_EQ(1, client_stream()->num_sent_client_hellos()); + if (FLAGS_require_strike_register_or_server_nonce && + !AsyncStrikeRegisterVerification()) { + EXPECT_EQ(2, client_stream()->num_sent_client_hellos()); + } else { + EXPECT_EQ(1, client_stream()->num_sent_client_hellos()); + } } TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) { FLAGS_quic_require_fix = false; + Initialize(); CompleteCryptoHandshake(); - EXPECT_CALL( - *server_connection_, - SendConnectionClose(QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE)); + EXPECT_CALL(*server_connection_, + SendConnectionCloseWithDetails( + QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE, _)); message_.set_tag(kCHLO); ConstructHandshakeMessage(); server_stream()->OnStreamFrame( @@ -377,29 +401,20 @@ TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) { TEST_P(QuicCryptoServerStreamTest, BadMessageType) { FLAGS_quic_require_fix = false; + Initialize(); + message_.set_tag(kSHLO); ConstructHandshakeMessage(); - EXPECT_CALL(*server_connection_, - SendConnectionClose(QUIC_INVALID_CRYPTO_MESSAGE_TYPE)); + EXPECT_CALL(*server_connection_, SendConnectionCloseWithDetails( + QUIC_INVALID_CRYPTO_MESSAGE_TYPE, _)); server_stream()->OnStreamFrame( QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0, message_data_->AsStringPiece())); } -TEST_P(QuicCryptoServerStreamTest, WithoutCertificates) { - server_crypto_config_.SetProofSource(nullptr); - server_id_ = - QuicServerId(kServerHostname, kServerPort, false, PRIVACY_MODE_DISABLED); - client_options_.dont_verify_certs = true; - - // Only 2 client hellos need to be sent in the no-certs case: one to get the - // source-address token and the second to finish. - EXPECT_EQ(2, CompleteCryptoHandshake()); - EXPECT_TRUE(server_stream()->encryption_established()); - EXPECT_TRUE(server_stream()->handshake_confirmed()); -} - TEST_P(QuicCryptoServerStreamTest, ChannelID) { + Initialize(); + client_options_.channel_id_enabled = true; client_options_.channel_id_source_async = false; // CompleteCryptoHandshake verifies @@ -410,6 +425,8 @@ TEST_P(QuicCryptoServerStreamTest, ChannelID) { } TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync) { + Initialize(); + client_options_.channel_id_enabled = true; client_options_.channel_id_source_async = true; // CompleteCryptoHandshake verifies @@ -421,11 +438,15 @@ TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync) { TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) { // An attempt to send a SCUP before completing handshake should fail. + Initialize(); + server_stream()->SendServerConfigUpdate(nullptr); - EXPECT_EQ(0, server_stream()->num_server_config_update_messages_sent()); + EXPECT_EQ(0, server_stream()->NumServerConfigUpdateMessagesSent()); } TEST_P(QuicCryptoServerStreamTest, DoesPeerSupportStatelessRejects) { + Initialize(); + ConstructHandshakeMessage(); QuicConfig stateless_reject_config = DefaultQuicConfigStatelessRejects(); stateless_reject_config.ToHandshakeMessage(&message_); @@ -439,6 +460,72 @@ TEST_P(QuicCryptoServerStreamTest, DoesPeerSupportStatelessRejects) { QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_)); } +TEST_P(QuicCryptoServerStreamTest, TokenBindingNegotiated) { + Initialize(); + + client_options_.token_binding_enabled = true; + CompleteCryptoHandshake(); + EXPECT_EQ( + kP256, + server_stream()->crypto_negotiated_params().token_binding_key_param); + EXPECT_TRUE(server_stream()->encryption_established()); + EXPECT_TRUE(server_stream()->handshake_confirmed()); +} + +TEST_P(QuicCryptoServerStreamTest, NoTokenBindingWithoutClientSupport) { + Initialize(); + + CompleteCryptoHandshake(); + EXPECT_EQ( + 0u, server_stream()->crypto_negotiated_params().token_binding_key_param); + EXPECT_TRUE(server_stream()->encryption_established()); + EXPECT_TRUE(server_stream()->handshake_confirmed()); +} + +TEST_P(QuicCryptoServerStreamTest, CancelRPCBeforeVerificationCompletes) { + // Tests that the client can close the connection while the remote strike + // register verification RPC is still pending. + ValueRestore<bool> old_flag(&FLAGS_quic_set_client_hello_cb_nullptr, true); + + // Set version to QUIC_VERSION_25 as QUIC_VERSION_26 and later don't support + // asynchronous strike register RPCs. + supported_versions_ = {QUIC_VERSION_25}; + Initialize(); + if (!AsyncStrikeRegisterVerification()) { + return; + } + InitializeFakeClient(/* supports_stateless_rejects= */ false); + + // Do a first handshake in order to prime the client config with the server's + // information. + AdvanceHandshakeWithFakeClient(); + + // Now start another handshake, this time the server will attempt to verify + // the client's nonce with the strike registers. + InitializeFakeClient(/* supports_stateless_rejects= */ false); + InitializeServer(); + client_stream()->CryptoConnect(); + EXPECT_FALSE(client_stream()->handshake_confirmed()); + EXPECT_FALSE(server_stream()->handshake_confirmed()); + + // Advance the handshake. Expect that the server will be stuck waiting for + // client nonce verification to complete. + CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 0, + server_connection_, server_stream(), 0); + EXPECT_EQ(1, strike_register_client_->PendingVerifications()); + EXPECT_FALSE(client_stream()->handshake_confirmed()); + EXPECT_FALSE(server_stream()->handshake_confirmed()); + + // While waiting for the asynchronous verification to complete, the client + // decides to close the connection. + server_session_->connection()->CloseConnection(QUIC_NO_ERROR, + /*from_peer=*/true); + + // The outstanding nonce verification RPC now completes. + strike_register_client_->RunPendingVerifications(); +} + } // namespace + } // namespace test } // namespace net |