search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / net / quic / quic_crypto_server_stream_test.cc
blob5eb4e452a963e6b6d203131cdb69db10c64df389
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/quic_crypto_server_stream.h"
6
7 #include <map>
8 #include <vector>
9
10 #include "base/memory/scoped_ptr.h"
11 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
12 #include "net/quic/crypto/crypto_framer.h"
13 #include "net/quic/crypto/crypto_handshake.h"
14 #include "net/quic/crypto/crypto_protocol.h"
15 #include "net/quic/crypto/crypto_utils.h"
16 #include "net/quic/crypto/quic_crypto_server_config.h"
17 #include "net/quic/crypto/quic_decrypter.h"
18 #include "net/quic/crypto/quic_encrypter.h"
19 #include "net/quic/crypto/quic_random.h"
20 #include "net/quic/quic_crypto_client_stream.h"
21 #include "net/quic/quic_flags.h"
22 #include "net/quic/quic_protocol.h"
23 #include "net/quic/quic_session.h"
24 #include "net/quic/test_tools/crypto_test_utils.h"
25 #include "net/quic/test_tools/delayed_verify_strike_register_client.h"
26 #include "net/quic/test_tools/quic_test_utils.h"
27 #include "testing/gmock/include/gmock/gmock.h"
28 #include "testing/gtest/include/gtest/gtest.h"
29
30 namespace net {
31 class QuicConnection;
32 class ReliableQuicStream;
33 } // namespace net
34
35 using std::pair;
36 using std::string;
37 using testing::_;
38
39 namespace net {
40 namespace test {
41
42 class QuicCryptoServerConfigPeer {
43 public:
44 static string GetPrimaryOrbit(const QuicCryptoServerConfig& config) {
45 base::AutoLock lock(config.configs_lock_);
46 CHECK(config.primary_config_.get() != nullptr);
47 return string(reinterpret_cast<const char*>(config.primary_config_->orbit),
48 kOrbitSize);
49 }
50 };
51
52 class QuicCryptoServerStreamPeer {
53 public:
54 static bool DoesPeerSupportStatelessRejects(
55 const CryptoHandshakeMessage& message) {
56 return net::QuicCryptoServerStream::DoesPeerSupportStatelessRejects(
57 message);
58 }
59 };
60
61 namespace {
62
63 const char kServerHostname[] = "test.example.com";
64 const uint16 kServerPort = 80;
65
66 class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
67 public:
68 QuicCryptoServerStreamTest()
69 : server_crypto_config_(QuicCryptoServerConfig::TESTING,
70 QuicRandom::GetInstance()),
71 server_id_(kServerHostname, kServerPort, false, PRIVACY_MODE_DISABLED) {
72 #if defined(USE_OPENSSL)
73 server_crypto_config_.SetProofSource(
74 CryptoTestUtils::ProofSourceForTesting());
75 #else
76 // TODO(rch): Implement a NSS proof source.
77 server_crypto_config_.SetProofSource(
78 CryptoTestUtils::FakeProofSourceForTesting());
79 #endif
80 server_crypto_config_.set_strike_register_no_startup_period();
81
82 InitializeServer();
83
84 if (AsyncStrikeRegisterVerification()) {
85 string orbit =
86 QuicCryptoServerConfigPeer::GetPrimaryOrbit(server_crypto_config_);
87 strike_register_client_ = new DelayedVerifyStrikeRegisterClient(
88 10000, // strike_register_max_entries
89 static_cast<uint32>(
90 server_connection_->clock()->WallNow().ToUNIXSeconds()),
91 60, // strike_register_window_secs
92 reinterpret_cast<const uint8*>(orbit.data()),
93 StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
94 strike_register_client_->StartDelayingVerification();
95 server_crypto_config_.SetStrikeRegisterClient(strike_register_client_);
96 }
97 }
98
99 // Initializes the crypto server stream state for testing. May be
100 // called multiple times.
101 void InitializeServer() {
102 TestQuicSpdyServerSession* server_session = nullptr;
103 CreateServerSessionForTest(server_id_, QuicTime::Delta::FromSeconds(100000),
104 &server_crypto_config_, &server_connection_,
105 &server_session);
106 CHECK(server_session);
107 server_session_.reset(server_session);
108 CryptoTestUtils::SetupCryptoServerConfigForTest(
109 server_connection_->clock(), server_connection_->random_generator(),
110 server_session_->config(), &server_crypto_config_);
111 }
112
113 QuicCryptoServerStream* server_stream() {
114 return server_session_->GetCryptoStream();
115 }
116
117 QuicCryptoClientStream* client_stream() {
118 return client_session_->GetCryptoStream();
119 }
120
121 // Initializes a fake client, and all its associated state, for
122 // testing. May be called multiple times.
123 void InitializeFakeClient(bool supports_stateless_rejects) {
124 TestQuicSpdyClientSession* client_session = nullptr;
125 CreateClientSessionForTest(server_id_, supports_stateless_rejects,
126 QuicTime::Delta::FromSeconds(100000),
127 &client_crypto_config_, &client_connection_,
128 &client_session);
129 CHECK(client_session);
130 client_session_.reset(client_session);
131 }
132
133 bool AsyncStrikeRegisterVerification() {
134 return GetParam();
135 }
136
137 void ConstructHandshakeMessage() {
138 CryptoFramer framer;
139 message_data_.reset(framer.ConstructHandshakeMessage(message_));
140 }
141
142 int CompleteCryptoHandshake() {
143 CHECK(server_connection_);
144 CHECK(server_session_ != nullptr);
145 return CryptoTestUtils::HandshakeWithFakeClient(
146 server_connection_, server_stream(), client_options_);
147 }
148
149 // Performs a single round of handshake message-exchange between the
150 // client and server.
151 void AdvanceHandshakeWithFakeClient() {
152 CHECK(server_connection_);
153 CHECK(client_session_ != nullptr);
154
155 EXPECT_CALL(*client_session_, OnProofValid(_)).Times(testing::AnyNumber());
156 client_stream()->CryptoConnect();
157 CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 0,
158 server_connection_, server_stream(), 0);
159 }
160
161 protected:
162 // Server state
163 PacketSavingConnection* server_connection_;
164 scoped_ptr<TestQuicSpdyServerSession> server_session_;
165 QuicCryptoServerConfig server_crypto_config_;
166 QuicServerId server_id_;
167
168 // Client state
169 PacketSavingConnection* client_connection_;
170 QuicCryptoClientConfig client_crypto_config_;
171 scoped_ptr<TestQuicSpdyClientSession> client_session_;
172
173 CryptoHandshakeMessage message_;
174 scoped_ptr<QuicData> message_data_;
175 CryptoTestUtils::FakeClientOptions client_options_;
176 DelayedVerifyStrikeRegisterClient* strike_register_client_;
177 };
178
179 INSTANTIATE_TEST_CASE_P(Tests, QuicCryptoServerStreamTest, testing::Bool());
180
181 TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected) {
182 EXPECT_FALSE(server_stream()->encryption_established());
183 EXPECT_FALSE(server_stream()->handshake_confirmed());
184 }
185
186 TEST_P(QuicCryptoServerStreamTest, NotInitiallySendingStatelessRejects) {
187 EXPECT_FALSE(server_stream()->use_stateless_rejects_if_peer_supported());
188 EXPECT_FALSE(server_stream()->peer_supports_stateless_rejects());
189 }
190
191 TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
192 // CompleteCryptoHandshake returns the number of client hellos sent. This
193 // test should send:
194 // * One to get a source-address token and certificates.
195 // * One to complete the handshake.
196 EXPECT_EQ(2, CompleteCryptoHandshake());
197 EXPECT_TRUE(server_stream()->encryption_established());
198 EXPECT_TRUE(server_stream()->handshake_confirmed());
199 }
200
201 TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO) {
202 ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
203 true);
204 server_stream()->set_use_stateless_rejects_if_peer_supported(true);
205
206 InitializeFakeClient(/* supports_stateless_rejects= */ true);
207 AdvanceHandshakeWithFakeClient();
208
209 // Check the server to make the sure the handshake did not succeed.
210 EXPECT_FALSE(server_stream()->encryption_established());
211 EXPECT_FALSE(server_stream()->handshake_confirmed());
212
213 // Check the client state to make sure that it received a server-designated
214 // connection id.
215 QuicCryptoClientConfig::CachedState* client_state =
216 client_crypto_config_.LookupOrCreate(server_id_);
217
218 ASSERT_TRUE(client_state->has_server_nonce());
219 ASSERT_FALSE(client_state->GetNextServerNonce().empty());
220 ASSERT_FALSE(client_state->has_server_nonce());
221
222 ASSERT_TRUE(client_state->has_server_designated_connection_id());
223 const QuicConnectionId server_designated_connection_id =
224 client_state->GetNextServerDesignatedConnectionId();
225 const QuicConnectionId expected_id =
226 reinterpret_cast<MockRandom*>(server_connection_->random_generator())
227 ->RandUint64();
228 EXPECT_EQ(expected_id, server_designated_connection_id);
229 EXPECT_FALSE(client_state->has_server_designated_connection_id());
230 ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
231 }
232
233 TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake) {
234 ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
235 true);
236 server_stream()->set_use_stateless_rejects_if_peer_supported(true);
237
238 InitializeFakeClient(/* supports_stateless_rejects= */ true);
239 AdvanceHandshakeWithFakeClient();
240
241 // On the first round, encryption will not be established.
242 EXPECT_FALSE(server_stream()->encryption_established());
243 EXPECT_FALSE(server_stream()->handshake_confirmed());
244 EXPECT_EQ(1, server_stream()->num_handshake_messages());
245 EXPECT_EQ(0, server_stream()->num_handshake_messages_with_server_nonces());
246
247 // Now check the client state.
248 QuicCryptoClientConfig::CachedState* client_state =
249 client_crypto_config_.LookupOrCreate(server_id_);
250
251 ASSERT_TRUE(client_state->has_server_designated_connection_id());
252 const QuicConnectionId server_designated_connection_id =
253 client_state->GetNextServerDesignatedConnectionId();
254 const QuicConnectionId expected_id =
255 reinterpret_cast<MockRandom*>(server_connection_->random_generator())
256 ->RandUint64();
257 EXPECT_EQ(expected_id, server_designated_connection_id);
258 EXPECT_FALSE(client_state->has_server_designated_connection_id());
259 ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
260
261 // Now create new client and server streams with the existing config
262 // and try the handshake again (0-RTT handshake).
263 InitializeServer();
264 server_stream()->set_use_stateless_rejects_if_peer_supported(true);
265
266 InitializeFakeClient(/* supports_stateless_rejects= */ true);
267
268 client_stream()->CryptoConnect();
269
270 // In the stateless case, the second handshake contains a server-nonce, so the
271 // AsyncStrikeRegisterVerification() case will still succeed (unlike a 0-RTT
272 // handshake).
273 AdvanceHandshakeWithFakeClient();
274
275 // On the second round, encryption will be established.
276 EXPECT_TRUE(server_stream()->encryption_established());
277 EXPECT_TRUE(server_stream()->handshake_confirmed());
278 EXPECT_EQ(2, server_stream()->num_handshake_messages());
279 EXPECT_EQ(1, server_stream()->num_handshake_messages_with_server_nonces());
280 }
281
282 TEST_P(QuicCryptoServerStreamTest, NoStatelessRejectIfNoClientSupport) {
283 ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
284 true);
285 server_stream()->set_use_stateless_rejects_if_peer_supported(true);
286
287 // The server is configured to use stateless rejects, but the client does not
288 // support it.
289 InitializeFakeClient(/* supports_stateless_rejects= */ false);
290 AdvanceHandshakeWithFakeClient();
291
292 // Check the server to make the sure the handshake did not succeed.
293 EXPECT_FALSE(server_stream()->encryption_established());
294 EXPECT_FALSE(server_stream()->handshake_confirmed());
295
296 // Check the client state to make sure that it did not receive a
297 // server-designated connection id.
298 QuicCryptoClientConfig::CachedState* client_state =
299 client_crypto_config_.LookupOrCreate(server_id_);
300
301 ASSERT_FALSE(client_state->has_server_designated_connection_id());
302 ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
303 }
304
305 TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
306 InitializeFakeClient(/* supports_stateless_rejects= */ false);
307
308 // Do a first handshake in order to prime the client config with the server's
309 // information.
310 AdvanceHandshakeWithFakeClient();
311
312 // Now do another handshake, hopefully in 0-RTT.
313 DVLOG(1) << "Resetting for 0-RTT handshake attempt";
314 InitializeFakeClient(/* supports_stateless_rejects= */ false);
315 InitializeServer();
316
317 client_stream()->CryptoConnect();
318
319 if (AsyncStrikeRegisterVerification()) {
320 EXPECT_FALSE(client_stream()->handshake_confirmed());
321 EXPECT_FALSE(server_stream()->handshake_confirmed());
322
323 // Advance the handshake. Expect that the server will be stuck waiting for
324 // client nonce verification to complete.
325 pair<size_t, size_t> messages_moved = CryptoTestUtils::AdvanceHandshake(
326 client_connection_, client_stream(), 0, server_connection_,
327 server_stream(), 0);
328 EXPECT_EQ(1u, messages_moved.first);
329 EXPECT_EQ(0u, messages_moved.second);
330 EXPECT_EQ(1, strike_register_client_->PendingVerifications());
331 EXPECT_FALSE(client_stream()->handshake_confirmed());
332 EXPECT_FALSE(server_stream()->handshake_confirmed());
333
334 // The server handshake completes once the nonce verification completes.
335 strike_register_client_->RunPendingVerifications();
336 EXPECT_FALSE(client_stream()->handshake_confirmed());
337 EXPECT_TRUE(server_stream()->handshake_confirmed());
338
339 messages_moved = CryptoTestUtils::AdvanceHandshake(
340 client_connection_, client_stream(), messages_moved.first,
341 server_connection_, server_stream(), messages_moved.second);
342 EXPECT_EQ(1u, messages_moved.first);
343 EXPECT_EQ(1u, messages_moved.second);
344 EXPECT_TRUE(client_stream()->handshake_confirmed());
345 EXPECT_TRUE(server_stream()->handshake_confirmed());
346 } else {
347 CryptoTestUtils::CommunicateHandshakeMessages(
348 client_connection_, client_stream(), server_connection_,
349 server_stream());
350 }
351
352 EXPECT_EQ(1, client_stream()->num_sent_client_hellos());
353 }
354
355 TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
356 CompleteCryptoHandshake();
357 EXPECT_CALL(
358 *server_connection_,
359 SendConnectionClose(QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE));
360 message_.set_tag(kCHLO);
361 ConstructHandshakeMessage();
362 server_stream()->OnStreamFrame(
363 QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0,
364 message_data_->AsStringPiece()));
365 }
366
367 TEST_P(QuicCryptoServerStreamTest, BadMessageType) {
368 message_.set_tag(kSHLO);
369 ConstructHandshakeMessage();
370 EXPECT_CALL(*server_connection_,
371 SendConnectionClose(QUIC_INVALID_CRYPTO_MESSAGE_TYPE));
372 server_stream()->OnStreamFrame(
373 QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0,
374 message_data_->AsStringPiece()));
375 }
376
377 TEST_P(QuicCryptoServerStreamTest, WithoutCertificates) {
378 server_crypto_config_.SetProofSource(nullptr);
379 client_options_.dont_verify_certs = true;
380
381 // Only 2 client hellos need to be sent in the no-certs case: one to get the
382 // source-address token and the second to finish.
383 EXPECT_EQ(2, CompleteCryptoHandshake());
384 EXPECT_TRUE(server_stream()->encryption_established());
385 EXPECT_TRUE(server_stream()->handshake_confirmed());
386 }
387
388 TEST_P(QuicCryptoServerStreamTest, ChannelID) {
389 client_options_.channel_id_enabled = true;
390 client_options_.channel_id_source_async = false;
391 // CompleteCryptoHandshake verifies
392 // server_stream()->crypto_negotiated_params().channel_id is correct.
393 EXPECT_EQ(2, CompleteCryptoHandshake());
394 EXPECT_TRUE(server_stream()->encryption_established());
395 EXPECT_TRUE(server_stream()->handshake_confirmed());
396 }
397
398 TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync) {
399 client_options_.channel_id_enabled = true;
400 client_options_.channel_id_source_async = true;
401 // CompleteCryptoHandshake verifies
402 // server_stream()->crypto_negotiated_params().channel_id is correct.
403 EXPECT_EQ(2, CompleteCryptoHandshake());
404 EXPECT_TRUE(server_stream()->encryption_established());
405 EXPECT_TRUE(server_stream()->handshake_confirmed());
406 }
407
408 TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) {
409 // An attempt to send a SCUP before completing handshake should fail.
410 server_stream()->SendServerConfigUpdate(nullptr);
411 EXPECT_EQ(0, server_stream()->num_server_config_update_messages_sent());
412 }
413
414 TEST_P(QuicCryptoServerStreamTest, DoesPeerSupportStatelessRejects) {
415 ConstructHandshakeMessage();
416 QuicConfig stateless_reject_config = DefaultQuicConfigStatelessRejects();
417 stateless_reject_config.ToHandshakeMessage(&message_);
418 EXPECT_TRUE(
419 QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_));
420
421 message_.Clear();
422 QuicConfig stateful_reject_config = DefaultQuicConfig();
423 stateful_reject_config.ToHandshakeMessage(&message_);
424 EXPECT_FALSE(
425 QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_));
426 }
427
428 } // namespace
429 } // namespace test
430 } // namespace net