We started redesigning GpuMemoryBuffer interface to handle multiple buffers [0].
[chromium-blink-merge.git] / net / quic / quic_crypto_server_stream_test.cc
blob2cc8e2930925d162990f144c0c38ca28b09a1d47
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/quic_crypto_server_stream.h"
7 #include <map>
8 #include <vector>
10 #include "base/memory/scoped_ptr.h"
11 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
12 #include "net/quic/crypto/crypto_framer.h"
13 #include "net/quic/crypto/crypto_handshake.h"
14 #include "net/quic/crypto/crypto_protocol.h"
15 #include "net/quic/crypto/crypto_utils.h"
16 #include "net/quic/crypto/quic_crypto_server_config.h"
17 #include "net/quic/crypto/quic_decrypter.h"
18 #include "net/quic/crypto/quic_encrypter.h"
19 #include "net/quic/crypto/quic_random.h"
20 #include "net/quic/quic_crypto_client_stream.h"
21 #include "net/quic/quic_protocol.h"
22 #include "net/quic/quic_session.h"
23 #include "net/quic/test_tools/crypto_test_utils.h"
24 #include "net/quic/test_tools/delayed_verify_strike_register_client.h"
25 #include "net/quic/test_tools/quic_test_utils.h"
26 #include "testing/gmock/include/gmock/gmock.h"
27 #include "testing/gtest/include/gtest/gtest.h"
29 namespace net {
30 class QuicConnection;
31 class ReliableQuicStream;
32 } // namespace net
34 using std::pair;
35 using std::string;
36 using testing::_;
38 namespace net {
39 namespace test {
41 class QuicCryptoServerConfigPeer {
42 public:
43 static string GetPrimaryOrbit(const QuicCryptoServerConfig& config) {
44 base::AutoLock lock(config.configs_lock_);
45 CHECK(config.primary_config_.get() != nullptr);
46 return string(reinterpret_cast<const char*>(config.primary_config_->orbit),
47 kOrbitSize);
51 namespace {
53 const char kServerHostname[] = "test.example.com";
54 const uint16 kServerPort = 80;
56 class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
57 public:
58 QuicCryptoServerStreamTest()
59 : connection_(new PacketSavingConnection(Perspective::IS_SERVER)),
60 session_(connection_, DefaultQuicConfig()),
61 crypto_config_(QuicCryptoServerConfig::TESTING,
62 QuicRandom::GetInstance()),
63 stream_(&crypto_config_, &session_),
64 strike_register_client_(nullptr) {
65 session_.SetCryptoStream(&stream_);
66 // We advance the clock initially because the default time is zero and the
67 // strike register worries that we've just overflowed a uint32 time.
68 connection_->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
69 // TODO(wtc): replace this with ProofSourceForTesting() when Chromium has
70 // a working ProofSourceForTesting().
71 crypto_config_.SetProofSource(CryptoTestUtils::FakeProofSourceForTesting());
72 crypto_config_.set_strike_register_no_startup_period();
74 CryptoTestUtils::SetupCryptoServerConfigForTest(
75 connection_->clock(), connection_->random_generator(),
76 session_.config(), &crypto_config_);
78 if (AsyncStrikeRegisterVerification()) {
79 string orbit =
80 QuicCryptoServerConfigPeer::GetPrimaryOrbit(crypto_config_);
81 strike_register_client_ = new DelayedVerifyStrikeRegisterClient(
82 10000, // strike_register_max_entries
83 static_cast<uint32>(connection_->clock()->WallNow().ToUNIXSeconds()),
84 60, // strike_register_window_secs
85 reinterpret_cast<const uint8 *>(orbit.data()),
86 StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
87 strike_register_client_->StartDelayingVerification();
88 crypto_config_.SetStrikeRegisterClient(strike_register_client_);
92 bool AsyncStrikeRegisterVerification() {
93 return GetParam();
96 void ConstructHandshakeMessage() {
97 CryptoFramer framer;
98 message_data_.reset(framer.ConstructHandshakeMessage(message_));
101 int CompleteCryptoHandshake() {
102 return CryptoTestUtils::HandshakeWithFakeClient(connection_, &stream_,
103 client_options_);
106 protected:
107 PacketSavingConnection* connection_;
108 TestClientSession session_;
109 QuicConfig config_;
110 QuicCryptoServerConfig crypto_config_;
111 QuicCryptoServerStream stream_;
112 CryptoHandshakeMessage message_;
113 scoped_ptr<QuicData> message_data_;
114 CryptoTestUtils::FakeClientOptions client_options_;
115 DelayedVerifyStrikeRegisterClient* strike_register_client_;
118 INSTANTIATE_TEST_CASE_P(Tests, QuicCryptoServerStreamTest, testing::Bool());
120 TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected) {
121 EXPECT_FALSE(stream_.encryption_established());
122 EXPECT_FALSE(stream_.handshake_confirmed());
125 TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
126 // CompleteCryptoHandshake returns the number of client hellos sent. This
127 // test should send:
128 // * One to get a source-address token and certificates.
129 // * One to complete the handshake.
130 EXPECT_EQ(2, CompleteCryptoHandshake());
131 EXPECT_TRUE(stream_.encryption_established());
132 EXPECT_TRUE(stream_.handshake_confirmed());
135 TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
136 PacketSavingConnection* client_conn =
137 new PacketSavingConnection(Perspective::IS_CLIENT);
138 PacketSavingConnection* server_conn =
139 new PacketSavingConnection(Perspective::IS_SERVER);
140 client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
141 server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
143 QuicConfig client_config;
144 scoped_ptr<TestClientSession> client_session(
145 new TestClientSession(client_conn, client_config));
146 QuicCryptoClientConfig client_crypto_config;
148 QuicServerId server_id(kServerHostname, kServerPort, false,
149 PRIVACY_MODE_DISABLED);
150 scoped_ptr<QuicCryptoClientStream> client(new QuicCryptoClientStream(
151 server_id, client_session.get(), nullptr, &client_crypto_config));
152 client_session->SetCryptoStream(client.get());
154 // Do a first handshake in order to prime the client config with the server's
155 // information.
156 client->CryptoConnect();
157 CHECK_EQ(1u, client_conn->encrypted_packets_.size());
159 scoped_ptr<TestSession> server_session(new TestSession(server_conn, config_));
160 scoped_ptr<QuicCryptoServerStream> server(
161 new QuicCryptoServerStream(&crypto_config_, server_session.get()));
162 server_session->SetCryptoStream(server.get());
164 CryptoTestUtils::CommunicateHandshakeMessages(
165 client_conn, client.get(), server_conn, server.get());
166 EXPECT_EQ(2, client->num_sent_client_hellos());
168 // Now do another handshake, hopefully in 0-RTT.
169 LOG(INFO) << "Resetting for 0-RTT handshake attempt";
171 client_conn = new PacketSavingConnection(Perspective::IS_CLIENT);
172 server_conn = new PacketSavingConnection(Perspective::IS_SERVER);
173 // We need to advance time past the strike-server window so that it's
174 // authoritative in this time span.
175 client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
176 server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
178 // This causes the client's nonce to be different and thus stops the
179 // strike-register from rejecting the repeated nonce.
180 reinterpret_cast<MockRandom*>(client_conn->random_generator())->ChangeValue();
181 client_session.reset(new TestClientSession(client_conn, client_config));
182 server_session.reset(new TestSession(server_conn, config_));
183 client.reset(new QuicCryptoClientStream(server_id, client_session.get(),
184 nullptr, &client_crypto_config));
185 client_session->SetCryptoStream(client.get());
187 server.reset(new QuicCryptoServerStream(&crypto_config_,
188 server_session.get()));
189 server_session->SetCryptoStream(server.get());
191 client->CryptoConnect();
193 if (AsyncStrikeRegisterVerification()) {
194 EXPECT_FALSE(client->handshake_confirmed());
195 EXPECT_FALSE(server->handshake_confirmed());
197 // Advance the handshake. Expect that the server will be stuck
198 // waiting for client nonce verification to complete.
199 pair<size_t, size_t> messages_moved = CryptoTestUtils::AdvanceHandshake(
200 client_conn, client.get(), 0, server_conn, server.get(), 0);
201 EXPECT_EQ(1u, messages_moved.first);
202 EXPECT_EQ(0u, messages_moved.second);
203 EXPECT_EQ(1, strike_register_client_->PendingVerifications());
204 EXPECT_FALSE(client->handshake_confirmed());
205 EXPECT_FALSE(server->handshake_confirmed());
207 // The server handshake completes once the nonce verification completes.
208 strike_register_client_->RunPendingVerifications();
209 EXPECT_FALSE(client->handshake_confirmed());
210 EXPECT_TRUE(server->handshake_confirmed());
212 messages_moved = CryptoTestUtils::AdvanceHandshake(
213 client_conn, client.get(), messages_moved.first,
214 server_conn, server.get(), messages_moved.second);
215 EXPECT_EQ(1u, messages_moved.first);
216 EXPECT_EQ(1u, messages_moved.second);
217 EXPECT_TRUE(client->handshake_confirmed());
218 EXPECT_TRUE(server->handshake_confirmed());
219 } else {
220 CryptoTestUtils::CommunicateHandshakeMessages(
221 client_conn, client.get(), server_conn, server.get());
224 EXPECT_EQ(1, client->num_sent_client_hellos());
227 TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
228 CompleteCryptoHandshake();
229 EXPECT_CALL(*connection_, SendConnectionClose(
230 QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE));
231 message_.set_tag(kCHLO);
232 ConstructHandshakeMessage();
233 stream_.ProcessRawData(message_data_->data(), message_data_->length());
236 TEST_P(QuicCryptoServerStreamTest, BadMessageType) {
237 message_.set_tag(kSHLO);
238 ConstructHandshakeMessage();
239 EXPECT_CALL(*connection_, SendConnectionClose(
240 QUIC_INVALID_CRYPTO_MESSAGE_TYPE));
241 stream_.ProcessRawData(message_data_->data(), message_data_->length());
244 TEST_P(QuicCryptoServerStreamTest, WithoutCertificates) {
245 crypto_config_.SetProofSource(nullptr);
246 client_options_.dont_verify_certs = true;
248 // Only 2 client hellos need to be sent in the no-certs case: one to get the
249 // source-address token and the second to finish.
250 EXPECT_EQ(2, CompleteCryptoHandshake());
251 EXPECT_TRUE(stream_.encryption_established());
252 EXPECT_TRUE(stream_.handshake_confirmed());
255 TEST_P(QuicCryptoServerStreamTest, ChannelID) {
256 client_options_.channel_id_enabled = true;
257 client_options_.channel_id_source_async = false;
258 // CompleteCryptoHandshake verifies
259 // stream_.crypto_negotiated_params().channel_id is correct.
260 EXPECT_EQ(2, CompleteCryptoHandshake());
261 EXPECT_TRUE(stream_.encryption_established());
262 EXPECT_TRUE(stream_.handshake_confirmed());
265 TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync) {
266 client_options_.channel_id_enabled = true;
267 client_options_.channel_id_source_async = true;
268 // CompleteCryptoHandshake verifies
269 // stream_.crypto_negotiated_params().channel_id is correct.
270 EXPECT_EQ(2, CompleteCryptoHandshake());
271 EXPECT_TRUE(stream_.encryption_established());
272 EXPECT_TRUE(stream_.handshake_confirmed());
275 TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) {
276 // An attempt to send a SCUP before completing handshake should fail.
277 stream_.SendServerConfigUpdate(nullptr);
278 EXPECT_EQ(0, stream_.num_server_config_update_messages_sent());
281 } // namespace
282 } // namespace test
283 } // namespace net