// Copyright (c) 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <algorithm> #include <cstdint> #include <memory> #include <ostream> #include <string> #include <utility> #include <vector> #include "absl/base/macros.h" #include "absl/strings/escaping.h" #include "absl/strings/match.h" #include "absl/strings/str_cat.h" #include "absl/strings/string_view.h" #include "openssl/sha.h" #include "quiche/quic/core/crypto/cert_compressor.h" #include "quiche/quic/core/crypto/crypto_handshake.h" #include "quiche/quic/core/crypto/crypto_utils.h" #include "quiche/quic/core/crypto/proof_source.h" #include "quiche/quic/core/crypto/quic_crypto_server_config.h" #include "quiche/quic/core/crypto/quic_random.h" #include "quiche/quic/core/proto/crypto_server_config_proto.h" #include "quiche/quic/core/quic_socket_address_coder.h" #include "quiche/quic/core/quic_utils.h" #include "quiche/quic/platform/api/quic_flags.h" #include "quiche/quic/platform/api/quic_test.h" #include "quiche/quic/test_tools/crypto_test_utils.h" #include "quiche/quic/test_tools/failing_proof_source.h" #include "quiche/quic/test_tools/mock_clock.h" #include "quiche/quic/test_tools/mock_random.h" #include "quiche/quic/test_tools/quic_crypto_server_config_peer.h" #include "quiche/quic/test_tools/quic_test_utils.h" #include "quiche/common/quiche_endian.h" namespace quic { namespace test { namespace { class DummyProofVerifierCallback : public ProofVerifierCallback { … }; const char kOldConfigId[] = …; } // namespace struct TestParams { … }; // Used by ::testing::PrintToStringParamName(). std::string PrintToString(const TestParams& p) { … } // Constructs various test permutations. std::vector<TestParams> GetTestParams() { … } class CryptoServerTest : public QuicTestWithParam<TestParams> { … }; INSTANTIATE_TEST_SUITE_P(…); TEST_P(CryptoServerTest, BadSNI) { … } TEST_P(CryptoServerTest, DefaultCert) { … } TEST_P(CryptoServerTest, RejectTooLarge) { … } TEST_P(CryptoServerTest, RejectNotTooLarge) { … } TEST_P(CryptoServerTest, RejectTooLargeButValidSTK) { … } TEST_P(CryptoServerTest, BadSourceAddressToken) { … } TEST_P(CryptoServerTest, BadClientNonce) { … } TEST_P(CryptoServerTest, NoClientNonce) { … } TEST_P(CryptoServerTest, DowngradeAttack) { … } TEST_P(CryptoServerTest, CorruptServerConfig) { … } TEST_P(CryptoServerTest, CorruptSourceAddressToken) { … } TEST_P(CryptoServerTest, CorruptSourceAddressTokenIsStillAccepted) { … } TEST_P(CryptoServerTest, CorruptClientNonceAndSourceAddressToken) { … } TEST_P(CryptoServerTest, CorruptMultipleTags) { … } TEST_P(CryptoServerTest, NoServerNonce) { … } TEST_P(CryptoServerTest, ProofForSuppliedServerConfig) { … } TEST_P(CryptoServerTest, RejectInvalidXlct) { … } TEST_P(CryptoServerTest, ValidXlct) { … } TEST_P(CryptoServerTest, NonceInSHLO) { … } TEST_P(CryptoServerTest, ProofSourceFailure) { … } // Regression test for crbug.com/723604 // For 2RTT, if the first CHLO from the client contains hashes of cached // certs (stored in CCRT tag) but the second CHLO does not, then the second REJ // from the server should not contain hashes of cached certs. TEST_P(CryptoServerTest, TwoRttServerDropCachedCerts) { … } class CryptoServerConfigGenerationTest : public QuicTest { … }; TEST_F(CryptoServerConfigGenerationTest, Determinism) { … } TEST_F(CryptoServerConfigGenerationTest, SCIDVaries) { … } TEST_F(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) { … } // Those tests were declared incorrectly and thus never ran in first place. // TODO(b/147891553): figure out if we should fix or delete those. #if 0 class CryptoServerTestNoConfig : public CryptoServerTest { public: void SetUp() override { // Deliberately don't add a config so that we can test this situation. } }; INSTANTIATE_TEST_SUITE_P(CryptoServerTestsNoConfig, CryptoServerTestNoConfig, ::testing::ValuesIn(GetTestParams()), ::testing::PrintToStringParamName()); TEST_P(CryptoServerTestNoConfig, DontCrash) { CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO( {{"PDMD", "X509"}, {"VER\0", client_version_string_}}, kClientHelloMinimumSize); ShouldFailMentioning("No config", msg); const HandshakeFailureReason kRejectReasons[] = { SERVER_CONFIG_INCHOATE_HELLO_FAILURE}; CheckRejectReasons(kRejectReasons, ABSL_ARRAYSIZE(kRejectReasons)); } class CryptoServerTestOldVersion : public CryptoServerTest { public: void SetUp() override { client_version_ = supported_versions_.back(); client_version_string_ = ParsedQuicVersionToString(client_version_); CryptoServerTest::SetUp(); } }; INSTANTIATE_TEST_SUITE_P(CryptoServerTestsOldVersion, CryptoServerTestOldVersion, ::testing::ValuesIn(GetTestParams()), ::testing::PrintToStringParamName()); TEST_P(CryptoServerTestOldVersion, ServerIgnoresXlct) { CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, {"AEAD", "AESG"}, {"KEXS", "C255"}, {"SCID", scid_hex_}, {"#004b5453", srct_hex_}, {"PUBS", pub_hex_}, {"NONC", nonce_hex_}, {"VER\0", client_version_string_}, {"XLCT", "#0100000000000000"}}, kClientHelloMinimumSize); // If replay protection isn't disabled, then // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false // and cause ProcessClientHello to exit early (and generate a REJ message). config_.set_replay_protection(false); ShouldSucceed(msg); EXPECT_EQ(kSHLO, out_.tag()); } TEST_P(CryptoServerTestOldVersion, XlctNotRequired) { CryptoHandshakeMessage msg = crypto_test_utils::CreateCHLO({{"PDMD", "X509"}, {"AEAD", "AESG"}, {"KEXS", "C255"}, {"SCID", scid_hex_}, {"#004b5453", srct_hex_}, {"PUBS", pub_hex_}, {"NONC", nonce_hex_}, {"VER\0", client_version_string_}}, kClientHelloMinimumSize); // If replay protection isn't disabled, then // QuicCryptoServerConfig::EvaluateClientHello will leave info.unique as false // and cause ProcessClientHello to exit early (and generate a REJ message). config_.set_replay_protection(false); ShouldSucceed(msg); EXPECT_EQ(kSHLO, out_.tag()); } #endif // 0 } // namespace test } // namespace quic
Codebase Browser
chromium