net/quic/quic_crypto_server_stream_test.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/quic_crypto_server_stream.h"
   6
   7 #include <map>
   8 #include <vector>
   9
  10 #include "base/memory/scoped_ptr.h"
  11 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
  12 #include "net/quic/crypto/crypto_framer.h"
  13 #include "net/quic/crypto/crypto_handshake.h"
  14 #include "net/quic/crypto/crypto_protocol.h"
  15 #include "net/quic/crypto/crypto_utils.h"
  16 #include "net/quic/crypto/quic_crypto_server_config.h"
  17 #include "net/quic/crypto/quic_decrypter.h"
  18 #include "net/quic/crypto/quic_encrypter.h"
  19 #include "net/quic/crypto/quic_random.h"
  20 #include "net/quic/quic_crypto_client_stream.h"
  21 #include "net/quic/quic_protocol.h"
  22 #include "net/quic/quic_session.h"
  23 #include "net/quic/test_tools/crypto_test_utils.h"
  24 #include "net/quic/test_tools/delayed_verify_strike_register_client.h"
  25 #include "net/quic/test_tools/quic_test_utils.h"
  26 #include "testing/gmock/include/gmock/gmock.h"
  27 #include "testing/gtest/include/gtest/gtest.h"
  28
  29 namespace net {
  30 class QuicConnection;
  31 class ReliableQuicStream;
  32 }  // namespace net
  33
  34 using std::pair;
  35 using testing::_;
  36
  37 namespace net {
  38 namespace test {
  39
  40 class QuicCryptoServerConfigPeer {
  41  public:
  42   static string GetPrimaryOrbit(const QuicCryptoServerConfig& config) {
  43     base::AutoLock lock(config.configs_lock_);
  44     CHECK(config.primary_config_ != NULL);
  45     return string(reinterpret_cast<const char*>(config.primary_config_->orbit),
  46                   kOrbitSize);
  47   }
  48 };
  49
  50 namespace {
  51
  52 const char kServerHostname[] = "test.example.com";
  53 const uint16 kServerPort = 80;
  54
  55 class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
  56  public:
  57   QuicCryptoServerStreamTest()
  58       : connection_(new PacketSavingConnection(true)),
  59         session_(connection_, DefaultQuicConfig()),
  60         crypto_config_(QuicCryptoServerConfig::TESTING,
  61                        QuicRandom::GetInstance()),
  62         stream_(crypto_config_, &session_),
  63         strike_register_client_(NULL) {
  64     config_.SetDefaults();
  65     session_.config()->SetDefaults();
  66     session_.SetCryptoStream(&stream_);
  67     // We advance the clock initially because the default time is zero and the
  68     // strike register worries that we've just overflowed a uint32 time.
  69     connection_->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
  70     // TODO(wtc): replace this with ProofSourceForTesting() when Chromium has
  71     // a working ProofSourceForTesting().
  72     crypto_config_.SetProofSource(CryptoTestUtils::FakeProofSourceForTesting());
  73     crypto_config_.set_strike_register_no_startup_period();
  74
  75     CryptoTestUtils::SetupCryptoServerConfigForTest(
  76         connection_->clock(), connection_->random_generator(),
  77         session_.config(), &crypto_config_);
  78
  79     if (AsyncStrikeRegisterVerification()) {
  80       string orbit =
  81           QuicCryptoServerConfigPeer::GetPrimaryOrbit(crypto_config_);
  82       strike_register_client_ = new DelayedVerifyStrikeRegisterClient(
  83           10000,  // strike_register_max_entries
  84           static_cast<uint32>(connection_->clock()->WallNow().ToUNIXSeconds()),
  85           60,  // strike_register_window_secs
  86           reinterpret_cast<const uint8 *>(orbit.data()),
  87           StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
  88       strike_register_client_->StartDelayingVerification();
  89       crypto_config_.SetStrikeRegisterClient(strike_register_client_);
  90     }
  91   }
  92
  93   bool AsyncStrikeRegisterVerification() {
  94     return GetParam();
  95   }
  96
  97   void ConstructHandshakeMessage() {
  98     CryptoFramer framer;
  99     message_data_.reset(framer.ConstructHandshakeMessage(message_));
 100   }
 101
 102   int CompleteCryptoHandshake() {
 103     return CryptoTestUtils::HandshakeWithFakeClient(connection_, &stream_,
 104                                                     client_options_);
 105   }
 106
 107  protected:
 108   PacketSavingConnection* connection_;
 109   TestClientSession session_;
 110   QuicConfig config_;
 111   QuicCryptoServerConfig crypto_config_;
 112   QuicCryptoServerStream stream_;
 113   CryptoHandshakeMessage message_;
 114   scoped_ptr<QuicData> message_data_;
 115   CryptoTestUtils::FakeClientOptions client_options_;
 116   DelayedVerifyStrikeRegisterClient* strike_register_client_;
 117 };
 118
 119 INSTANTIATE_TEST_CASE_P(Tests, QuicCryptoServerStreamTest, testing::Bool());
 120
 121 TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected) {
 122   EXPECT_FALSE(stream_.encryption_established());
 123   EXPECT_FALSE(stream_.handshake_confirmed());
 124 }
 125
 126 TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
 127   // CompleteCryptoHandshake returns the number of client hellos sent. This
 128   // test should send:
 129   //   * One to get a source-address token and certificates.
 130   //   * One to complete the handshake.
 131   EXPECT_EQ(2, CompleteCryptoHandshake());
 132   EXPECT_TRUE(stream_.encryption_established());
 133   EXPECT_TRUE(stream_.handshake_confirmed());
 134 }
 135
 136 TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
 137   PacketSavingConnection* client_conn = new PacketSavingConnection(false);
 138   PacketSavingConnection* server_conn = new PacketSavingConnection(false);
 139   client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
 140   server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
 141
 142   QuicConfig client_config;
 143   client_config.SetDefaults();
 144   scoped_ptr<TestClientSession> client_session(
 145       new TestClientSession(client_conn, client_config));
 146   QuicCryptoClientConfig client_crypto_config;
 147   client_crypto_config.SetDefaults();
 148
 149   QuicServerId server_id(kServerHostname, kServerPort, false,
 150                          PRIVACY_MODE_DISABLED);
 151   scoped_ptr<QuicCryptoClientStream> client(new QuicCryptoClientStream(
 152       server_id, client_session.get(), NULL, &client_crypto_config));
 153   client_session->SetCryptoStream(client.get());
 154
 155   // Do a first handshake in order to prime the client config with the server's
 156   // information.
 157   CHECK(client->CryptoConnect());
 158   CHECK_EQ(1u, client_conn->packets_.size());
 159
 160   scoped_ptr<TestSession> server_session(new TestSession(server_conn, config_));
 161   scoped_ptr<QuicCryptoServerStream> server(
 162       new QuicCryptoServerStream(crypto_config_, server_session.get()));
 163   server_session->SetCryptoStream(server.get());
 164
 165   CryptoTestUtils::CommunicateHandshakeMessages(
 166       client_conn, client.get(), server_conn, server.get());
 167   EXPECT_EQ(2, client->num_sent_client_hellos());
 168
 169   // Now do another handshake, hopefully in 0-RTT.
 170   LOG(INFO) << "Resetting for 0-RTT handshake attempt";
 171
 172   client_conn = new PacketSavingConnection(false);
 173   server_conn = new PacketSavingConnection(false);
 174   // We need to advance time past the strike-server window so that it's
 175   // authoritative in this time span.
 176   client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
 177   server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
 178
 179   // This causes the client's nonce to be different and thus stops the
 180   // strike-register from rejecting the repeated nonce.
 181   reinterpret_cast<MockRandom*>(client_conn->random_generator())->ChangeValue();
 182   client_session.reset(new TestClientSession(client_conn, client_config));
 183   server_session.reset(new TestSession(server_conn, config_));
 184   client.reset(new QuicCryptoClientStream(
 185       server_id, client_session.get(), NULL, &client_crypto_config));
 186   client_session->SetCryptoStream(client.get());
 187
 188   server.reset(new QuicCryptoServerStream(crypto_config_,
 189                                           server_session.get()));
 190   server_session->SetCryptoStream(server.get());
 191
 192   CHECK(client->CryptoConnect());
 193
 194   if (AsyncStrikeRegisterVerification()) {
 195     EXPECT_FALSE(client->handshake_confirmed());
 196     EXPECT_FALSE(server->handshake_confirmed());
 197
 198     // Advance the handshake.  Expect that the server will be stuck
 199     // waiting for client nonce verification to complete.
 200     pair<size_t, size_t> messages_moved = CryptoTestUtils::AdvanceHandshake(
 201         client_conn, client.get(), 0, server_conn, server.get(), 0);
 202     EXPECT_EQ(1u, messages_moved.first);
 203     EXPECT_EQ(0u, messages_moved.second);
 204     EXPECT_EQ(1, strike_register_client_->PendingVerifications());
 205     EXPECT_FALSE(client->handshake_confirmed());
 206     EXPECT_FALSE(server->handshake_confirmed());
 207
 208     // The server handshake completes once the nonce verification completes.
 209     strike_register_client_->RunPendingVerifications();
 210     EXPECT_FALSE(client->handshake_confirmed());
 211     EXPECT_TRUE(server->handshake_confirmed());
 212
 213     messages_moved = CryptoTestUtils::AdvanceHandshake(
 214         client_conn, client.get(), messages_moved.first,
 215         server_conn, server.get(), messages_moved.second);
 216     EXPECT_EQ(1u, messages_moved.first);
 217     EXPECT_EQ(1u, messages_moved.second);
 218     EXPECT_TRUE(client->handshake_confirmed());
 219     EXPECT_TRUE(server->handshake_confirmed());
 220   } else {
 221     CryptoTestUtils::CommunicateHandshakeMessages(
 222         client_conn, client.get(), server_conn, server.get());
 223   }
 224
 225   EXPECT_EQ(1, client->num_sent_client_hellos());
 226 }
 227
 228 TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
 229   CompleteCryptoHandshake();
 230   EXPECT_CALL(*connection_, SendConnectionClose(
 231       QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE));
 232   message_.set_tag(kCHLO);
 233   ConstructHandshakeMessage();
 234   stream_.ProcessRawData(message_data_->data(), message_data_->length());
 235 }
 236
 237 TEST_P(QuicCryptoServerStreamTest, BadMessageType) {
 238   message_.set_tag(kSHLO);
 239   ConstructHandshakeMessage();
 240   EXPECT_CALL(*connection_, SendConnectionClose(
 241       QUIC_INVALID_CRYPTO_MESSAGE_TYPE));
 242   stream_.ProcessRawData(message_data_->data(), message_data_->length());
 243 }
 244
 245 TEST_P(QuicCryptoServerStreamTest, WithoutCertificates) {
 246   crypto_config_.SetProofSource(NULL);
 247   client_options_.dont_verify_certs = true;
 248
 249   // Only 2 client hellos need to be sent in the no-certs case: one to get the
 250   // source-address token and the second to finish.
 251   EXPECT_EQ(2, CompleteCryptoHandshake());
 252   EXPECT_TRUE(stream_.encryption_established());
 253   EXPECT_TRUE(stream_.handshake_confirmed());
 254 }
 255
 256 TEST_P(QuicCryptoServerStreamTest, ChannelID) {
 257   client_options_.channel_id_enabled = true;
 258   client_options_.channel_id_source_async = false;
 259   // CompleteCryptoHandshake verifies
 260   // stream_.crypto_negotiated_params().channel_id is correct.
 261   EXPECT_EQ(2, CompleteCryptoHandshake());
 262   EXPECT_TRUE(stream_.encryption_established());
 263   EXPECT_TRUE(stream_.handshake_confirmed());
 264 }
 265
 266 TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync) {
 267   client_options_.channel_id_enabled = true;
 268   client_options_.channel_id_source_async = true;
 269   // CompleteCryptoHandshake verifies
 270   // stream_.crypto_negotiated_params().channel_id is correct.
 271   EXPECT_EQ(2, CompleteCryptoHandshake());
 272   EXPECT_TRUE(stream_.encryption_established());
 273   EXPECT_TRUE(stream_.handshake_confirmed());
 274 }
 275
 276 }  // namespace
 277 }  // namespace test
 278 }  // namespace net