We started redesigning GpuMemoryBuffer interface to handle multiple buffers [0].
[chromium-blink-merge.git] / net / quic / crypto / quic_crypto_client_config_test.cc
blob21f4bd3350089050384fd93f38cee2b3f820cc81
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/crypto/quic_crypto_client_config.h"
7 #include "net/quic/crypto/proof_verifier.h"
8 #include "net/quic/quic_server_id.h"
9 #include "net/quic/test_tools/mock_random.h"
10 #include "net/quic/test_tools/quic_test_utils.h"
11 #include "testing/gtest/include/gtest/gtest.h"
13 using std::string;
14 using std::vector;
16 namespace net {
17 namespace test {
18 namespace {
20 class TestProofVerifyDetails : public ProofVerifyDetails {
21 ~TestProofVerifyDetails() override {}
23 // ProofVerifyDetails implementation
24 ProofVerifyDetails* Clone() const override {
25 return new TestProofVerifyDetails;
29 } // namespace
31 TEST(QuicCryptoClientConfigTest, CachedState_IsEmpty) {
32 QuicCryptoClientConfig::CachedState state;
33 EXPECT_TRUE(state.IsEmpty());
36 TEST(QuicCryptoClientConfigTest, CachedState_IsComplete) {
37 QuicCryptoClientConfig::CachedState state;
38 EXPECT_FALSE(state.IsComplete(QuicWallTime::FromUNIXSeconds(0)));
41 TEST(QuicCryptoClientConfigTest, CachedState_GenerationCounter) {
42 QuicCryptoClientConfig::CachedState state;
43 EXPECT_EQ(0u, state.generation_counter());
44 state.SetProofInvalid();
45 EXPECT_EQ(1u, state.generation_counter());
48 TEST(QuicCryptoClientConfigTest, CachedState_SetProofVerifyDetails) {
49 QuicCryptoClientConfig::CachedState state;
50 EXPECT_TRUE(state.proof_verify_details() == nullptr);
51 ProofVerifyDetails* details = new TestProofVerifyDetails;
52 state.SetProofVerifyDetails(details);
53 EXPECT_EQ(details, state.proof_verify_details());
56 TEST(QuicCryptoClientConfigTest, CachedState_InitializeFrom) {
57 QuicCryptoClientConfig::CachedState state;
58 QuicCryptoClientConfig::CachedState other;
59 state.set_source_address_token("TOKEN");
60 // TODO(rch): Populate other fields of |state|.
61 other.InitializeFrom(state);
62 EXPECT_EQ(state.server_config(), other.server_config());
63 EXPECT_EQ(state.source_address_token(), other.source_address_token());
64 EXPECT_EQ(state.certs(), other.certs());
65 EXPECT_EQ(1u, other.generation_counter());
68 TEST(QuicCryptoClientConfigTest, InchoateChlo) {
69 QuicCryptoClientConfig::CachedState state;
70 QuicCryptoClientConfig config;
71 QuicCryptoNegotiatedParameters params;
72 CryptoHandshakeMessage msg;
73 QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED);
74 config.FillInchoateClientHello(server_id, QuicVersionMax(), &state,
75 &params, &msg);
77 QuicTag cver;
78 EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kVER, &cver));
79 EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver);
82 TEST(QuicCryptoClientConfigTest, PreferAesGcm) {
83 QuicCryptoClientConfig config;
84 if (config.aead.size() > 1)
85 EXPECT_NE(kAESG, config.aead[0]);
86 config.PreferAesGcm();
87 EXPECT_EQ(kAESG, config.aead[0]);
90 TEST(QuicCryptoClientConfigTest, InchoateChloSecure) {
91 QuicCryptoClientConfig::CachedState state;
92 QuicCryptoClientConfig config;
93 QuicCryptoNegotiatedParameters params;
94 CryptoHandshakeMessage msg;
95 QuicServerId server_id("www.google.com", 443, true, PRIVACY_MODE_DISABLED);
96 config.FillInchoateClientHello(server_id, QuicVersionMax(), &state,
97 &params, &msg);
99 QuicTag pdmd;
100 EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd));
101 EXPECT_EQ(kX509, pdmd);
104 TEST(QuicCryptoClientConfigTest, InchoateChloSecureNoEcdsa) {
105 QuicCryptoClientConfig::CachedState state;
106 QuicCryptoClientConfig config;
107 config.DisableEcdsa();
108 QuicCryptoNegotiatedParameters params;
109 CryptoHandshakeMessage msg;
110 QuicServerId server_id("www.google.com", 443, true, PRIVACY_MODE_DISABLED);
111 config.FillInchoateClientHello(server_id, QuicVersionMax(), &state,
112 &params, &msg);
114 QuicTag pdmd;
115 EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd));
116 EXPECT_EQ(kX59R, pdmd);
119 TEST(QuicCryptoClientConfigTest, FillClientHello) {
120 QuicCryptoClientConfig::CachedState state;
121 QuicCryptoClientConfig config;
122 QuicCryptoNegotiatedParameters params;
123 QuicConnectionId kConnectionId = 1234;
124 string error_details;
125 MockRandom rand;
126 CryptoHandshakeMessage chlo;
127 QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED);
128 config.FillClientHello(server_id,
129 kConnectionId,
130 QuicVersionMax(),
131 &state,
132 QuicWallTime::Zero(),
133 &rand,
134 nullptr, // channel_id_key
135 &params,
136 &chlo,
137 &error_details);
139 // Verify that certain QuicTags have been set correctly in the CHLO.
140 QuicTag cver;
141 EXPECT_EQ(QUIC_NO_ERROR, chlo.GetUint32(kVER, &cver));
142 EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver);
145 TEST(QuicCryptoClientConfigTest, ProcessServerDowngradeAttack) {
146 QuicVersionVector supported_versions = QuicSupportedVersions();
147 if (supported_versions.size() == 1) {
148 // No downgrade attack is possible if the client only supports one version.
149 return;
151 QuicTagVector supported_version_tags;
152 for (size_t i = supported_versions.size(); i > 0; --i) {
153 supported_version_tags.push_back(
154 QuicVersionToQuicTag(supported_versions[i - 1]));
156 CryptoHandshakeMessage msg;
157 msg.set_tag(kSHLO);
158 msg.SetVector(kVER, supported_version_tags);
160 QuicCryptoClientConfig::CachedState cached;
161 QuicCryptoNegotiatedParameters out_params;
162 string error;
163 QuicCryptoClientConfig config;
164 EXPECT_EQ(QUIC_VERSION_NEGOTIATION_MISMATCH,
165 config.ProcessServerHello(msg, 0, supported_versions,
166 &cached, &out_params, &error));
167 EXPECT_EQ("Downgrade attack detected", error);
170 TEST(QuicCryptoClientConfigTest, InitializeFrom) {
171 QuicCryptoClientConfig config;
172 QuicServerId canonical_server_id("www.google.com", 80, false,
173 PRIVACY_MODE_DISABLED);
174 QuicCryptoClientConfig::CachedState* state =
175 config.LookupOrCreate(canonical_server_id);
176 // TODO(rch): Populate other fields of |state|.
177 state->set_source_address_token("TOKEN");
178 state->SetProofValid();
180 QuicServerId other_server_id("mail.google.com", 80, false,
181 PRIVACY_MODE_DISABLED);
182 config.InitializeFrom(other_server_id, canonical_server_id, &config);
183 QuicCryptoClientConfig::CachedState* other =
184 config.LookupOrCreate(other_server_id);
186 EXPECT_EQ(state->server_config(), other->server_config());
187 EXPECT_EQ(state->source_address_token(), other->source_address_token());
188 EXPECT_EQ(state->certs(), other->certs());
189 EXPECT_EQ(1u, other->generation_counter());
192 TEST(QuicCryptoClientConfigTest, Canonical) {
193 QuicCryptoClientConfig config;
194 config.AddCanonicalSuffix(".google.com");
195 QuicServerId canonical_id1("www.google.com", 80, false,
196 PRIVACY_MODE_DISABLED);
197 QuicServerId canonical_id2("mail.google.com", 80, false,
198 PRIVACY_MODE_DISABLED);
199 QuicCryptoClientConfig::CachedState* state =
200 config.LookupOrCreate(canonical_id1);
201 // TODO(rch): Populate other fields of |state|.
202 state->set_source_address_token("TOKEN");
203 state->SetProofValid();
205 QuicCryptoClientConfig::CachedState* other =
206 config.LookupOrCreate(canonical_id2);
208 EXPECT_TRUE(state->IsEmpty());
209 EXPECT_EQ(state->server_config(), other->server_config());
210 EXPECT_EQ(state->source_address_token(), other->source_address_token());
211 EXPECT_EQ(state->certs(), other->certs());
212 EXPECT_EQ(1u, other->generation_counter());
214 QuicServerId different_id("mail.google.org", 80, false,
215 PRIVACY_MODE_DISABLED);
216 EXPECT_TRUE(config.LookupOrCreate(different_id)->IsEmpty());
219 TEST(QuicCryptoClientConfigTest, CanonicalNotUsedIfNotValid) {
220 QuicCryptoClientConfig config;
221 config.AddCanonicalSuffix(".google.com");
222 QuicServerId canonical_id1("www.google.com", 80, false,
223 PRIVACY_MODE_DISABLED);
224 QuicServerId canonical_id2("mail.google.com", 80, false,
225 PRIVACY_MODE_DISABLED);
226 QuicCryptoClientConfig::CachedState* state =
227 config.LookupOrCreate(canonical_id1);
228 // TODO(rch): Populate other fields of |state|.
229 state->set_source_address_token("TOKEN");
231 // Do not set the proof as valid, and check that it is not used
232 // as a canonical entry.
233 EXPECT_TRUE(config.LookupOrCreate(canonical_id2)->IsEmpty());
236 TEST(QuicCryptoClientConfigTest, ClearCachedStates) {
237 QuicCryptoClientConfig config;
238 QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED);
239 QuicCryptoClientConfig::CachedState* state = config.LookupOrCreate(server_id);
240 // TODO(rch): Populate other fields of |state|.
241 vector<string> certs(1);
242 certs[0] = "Hello Cert";
243 state->SetProof(certs, "signature");
244 state->set_source_address_token("TOKEN");
245 state->SetProofValid();
246 EXPECT_EQ(1u, state->generation_counter());
248 // Verify LookupOrCreate returns the same data.
249 QuicCryptoClientConfig::CachedState* other = config.LookupOrCreate(server_id);
251 EXPECT_EQ(state, other);
252 EXPECT_EQ(1u, other->generation_counter());
254 // Clear the cached states.
255 config.ClearCachedStates();
257 // Verify LookupOrCreate doesn't have any data.
258 QuicCryptoClientConfig::CachedState* cleared_cache =
259 config.LookupOrCreate(server_id);
261 EXPECT_EQ(state, cleared_cache);
262 EXPECT_FALSE(cleared_cache->proof_valid());
263 EXPECT_TRUE(cleared_cache->server_config().empty());
264 EXPECT_TRUE(cleared_cache->certs().empty());
265 EXPECT_TRUE(cleared_cache->signature().empty());
266 EXPECT_EQ(2u, cleared_cache->generation_counter());
269 } // namespace test
270 } // namespace net