net/quic/quic_crypto_server_stream_test.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/quic_crypto_server_stream.h"
   6
   7 #include <map>
   8 #include <vector>
   9
  10 #include "base/memory/scoped_ptr.h"
  11 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
  12 #include "net/quic/crypto/crypto_framer.h"
  13 #include "net/quic/crypto/crypto_handshake.h"
  14 #include "net/quic/crypto/crypto_protocol.h"
  15 #include "net/quic/crypto/crypto_utils.h"
  16 #include "net/quic/crypto/quic_crypto_server_config.h"
  17 #include "net/quic/crypto/quic_decrypter.h"
  18 #include "net/quic/crypto/quic_encrypter.h"
  19 #include "net/quic/crypto/quic_random.h"
  20 #include "net/quic/quic_crypto_client_stream.h"
  21 #include "net/quic/quic_protocol.h"
  22 #include "net/quic/quic_session.h"
  23 #include "net/quic/test_tools/crypto_test_utils.h"
  24 #include "net/quic/test_tools/delayed_verify_strike_register_client.h"
  25 #include "net/quic/test_tools/quic_test_utils.h"
  26 #include "testing/gmock/include/gmock/gmock.h"
  27 #include "testing/gtest/include/gtest/gtest.h"
  28
  29 namespace net {
  30 class QuicConnection;
  31 class ReliableQuicStream;
  32 }  // namespace net
  33
  34 using std::pair;
  35 using testing::_;
  36
  37 namespace net {
  38 namespace test {
  39
  40 class QuicCryptoServerConfigPeer {
  41  public:
  42   static string GetPrimaryOrbit(const QuicCryptoServerConfig& config) {
  43     base::AutoLock lock(config.configs_lock_);
  44     CHECK(config.primary_config_.get() != nullptr);
  45     return string(reinterpret_cast<const char*>(config.primary_config_->orbit),
  46                   kOrbitSize);
  47   }
  48 };
  49
  50 namespace {
  51
  52 const char kServerHostname[] = "test.example.com";
  53 const uint16 kServerPort = 80;
  54
  55 class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
  56  public:
  57   QuicCryptoServerStreamTest()
  58       : connection_(new PacketSavingConnection(true)),
  59         session_(connection_, DefaultQuicConfig()),
  60         crypto_config_(QuicCryptoServerConfig::TESTING,
  61                        QuicRandom::GetInstance()),
  62         stream_(crypto_config_, &session_),
  63         strike_register_client_(nullptr) {
  64     session_.SetCryptoStream(&stream_);
  65     // We advance the clock initially because the default time is zero and the
  66     // strike register worries that we've just overflowed a uint32 time.
  67     connection_->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
  68     // TODO(wtc): replace this with ProofSourceForTesting() when Chromium has
  69     // a working ProofSourceForTesting().
  70     crypto_config_.SetProofSource(CryptoTestUtils::FakeProofSourceForTesting());
  71     crypto_config_.set_strike_register_no_startup_period();
  72
  73     CryptoTestUtils::SetupCryptoServerConfigForTest(
  74         connection_->clock(), connection_->random_generator(),
  75         session_.config(), &crypto_config_);
  76
  77     if (AsyncStrikeRegisterVerification()) {
  78       string orbit =
  79           QuicCryptoServerConfigPeer::GetPrimaryOrbit(crypto_config_);
  80       strike_register_client_ = new DelayedVerifyStrikeRegisterClient(
  81           10000,  // strike_register_max_entries
  82           static_cast<uint32>(connection_->clock()->WallNow().ToUNIXSeconds()),
  83           60,  // strike_register_window_secs
  84           reinterpret_cast<const uint8 *>(orbit.data()),
  85           StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
  86       strike_register_client_->StartDelayingVerification();
  87       crypto_config_.SetStrikeRegisterClient(strike_register_client_);
  88     }
  89   }
  90
  91   bool AsyncStrikeRegisterVerification() {
  92     return GetParam();
  93   }
  94
  95   void ConstructHandshakeMessage() {
  96     CryptoFramer framer;
  97     message_data_.reset(framer.ConstructHandshakeMessage(message_));
  98   }
  99
 100   int CompleteCryptoHandshake() {
 101     return CryptoTestUtils::HandshakeWithFakeClient(connection_, &stream_,
 102                                                     client_options_);
 103   }
 104
 105  protected:
 106   PacketSavingConnection* connection_;
 107   TestClientSession session_;
 108   QuicConfig config_;
 109   QuicCryptoServerConfig crypto_config_;
 110   QuicCryptoServerStream stream_;
 111   CryptoHandshakeMessage message_;
 112   scoped_ptr<QuicData> message_data_;
 113   CryptoTestUtils::FakeClientOptions client_options_;
 114   DelayedVerifyStrikeRegisterClient* strike_register_client_;
 115 };
 116
 117 INSTANTIATE_TEST_CASE_P(Tests, QuicCryptoServerStreamTest, testing::Bool());
 118
 119 TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected) {
 120   EXPECT_FALSE(stream_.encryption_established());
 121   EXPECT_FALSE(stream_.handshake_confirmed());
 122 }
 123
 124 TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
 125   // CompleteCryptoHandshake returns the number of client hellos sent. This
 126   // test should send:
 127   //   * One to get a source-address token and certificates.
 128   //   * One to complete the handshake.
 129   EXPECT_EQ(2, CompleteCryptoHandshake());
 130   EXPECT_TRUE(stream_.encryption_established());
 131   EXPECT_TRUE(stream_.handshake_confirmed());
 132 }
 133
 134 TEST_P(QuicCryptoServerStreamTest, ZeroRTT) {
 135   PacketSavingConnection* client_conn = new PacketSavingConnection(false);
 136   PacketSavingConnection* server_conn = new PacketSavingConnection(false);
 137   client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
 138   server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
 139
 140   QuicConfig client_config;
 141   scoped_ptr<TestClientSession> client_session(
 142       new TestClientSession(client_conn, client_config));
 143   QuicCryptoClientConfig client_crypto_config;
 144
 145   QuicServerId server_id(kServerHostname, kServerPort, false,
 146                          PRIVACY_MODE_DISABLED);
 147   scoped_ptr<QuicCryptoClientStream> client(new QuicCryptoClientStream(
 148       server_id, client_session.get(), nullptr, &client_crypto_config));
 149   client_session->SetCryptoStream(client.get());
 150
 151   // Do a first handshake in order to prime the client config with the server's
 152   // information.
 153   CHECK(client->CryptoConnect());
 154   CHECK_EQ(1u, client_conn->packets_.size());
 155
 156   scoped_ptr<TestSession> server_session(new TestSession(server_conn, config_));
 157   scoped_ptr<QuicCryptoServerStream> server(
 158       new QuicCryptoServerStream(crypto_config_, server_session.get()));
 159   server_session->SetCryptoStream(server.get());
 160
 161   CryptoTestUtils::CommunicateHandshakeMessages(
 162       client_conn, client.get(), server_conn, server.get());
 163   EXPECT_EQ(2, client->num_sent_client_hellos());
 164
 165   // Now do another handshake, hopefully in 0-RTT.
 166   LOG(INFO) << "Resetting for 0-RTT handshake attempt";
 167
 168   client_conn = new PacketSavingConnection(false);
 169   server_conn = new PacketSavingConnection(false);
 170   // We need to advance time past the strike-server window so that it's
 171   // authoritative in this time span.
 172   client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
 173   server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
 174
 175   // This causes the client's nonce to be different and thus stops the
 176   // strike-register from rejecting the repeated nonce.
 177   reinterpret_cast<MockRandom*>(client_conn->random_generator())->ChangeValue();
 178   client_session.reset(new TestClientSession(client_conn, client_config));
 179   server_session.reset(new TestSession(server_conn, config_));
 180   client.reset(new QuicCryptoClientStream(server_id, client_session.get(),
 181                                           nullptr, &client_crypto_config));
 182   client_session->SetCryptoStream(client.get());
 183
 184   server.reset(new QuicCryptoServerStream(crypto_config_,
 185                                           server_session.get()));
 186   server_session->SetCryptoStream(server.get());
 187
 188   CHECK(client->CryptoConnect());
 189
 190   if (AsyncStrikeRegisterVerification()) {
 191     EXPECT_FALSE(client->handshake_confirmed());
 192     EXPECT_FALSE(server->handshake_confirmed());
 193
 194     // Advance the handshake.  Expect that the server will be stuck
 195     // waiting for client nonce verification to complete.
 196     pair<size_t, size_t> messages_moved = CryptoTestUtils::AdvanceHandshake(
 197         client_conn, client.get(), 0, server_conn, server.get(), 0);
 198     EXPECT_EQ(1u, messages_moved.first);
 199     EXPECT_EQ(0u, messages_moved.second);
 200     EXPECT_EQ(1, strike_register_client_->PendingVerifications());
 201     EXPECT_FALSE(client->handshake_confirmed());
 202     EXPECT_FALSE(server->handshake_confirmed());
 203
 204     // The server handshake completes once the nonce verification completes.
 205     strike_register_client_->RunPendingVerifications();
 206     EXPECT_FALSE(client->handshake_confirmed());
 207     EXPECT_TRUE(server->handshake_confirmed());
 208
 209     messages_moved = CryptoTestUtils::AdvanceHandshake(
 210         client_conn, client.get(), messages_moved.first,
 211         server_conn, server.get(), messages_moved.second);
 212     EXPECT_EQ(1u, messages_moved.first);
 213     EXPECT_EQ(1u, messages_moved.second);
 214     EXPECT_TRUE(client->handshake_confirmed());
 215     EXPECT_TRUE(server->handshake_confirmed());
 216   } else {
 217     CryptoTestUtils::CommunicateHandshakeMessages(
 218         client_conn, client.get(), server_conn, server.get());
 219   }
 220
 221   EXPECT_EQ(1, client->num_sent_client_hellos());
 222 }
 223
 224 TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake) {
 225   CompleteCryptoHandshake();
 226   EXPECT_CALL(*connection_, SendConnectionClose(
 227       QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE));
 228   message_.set_tag(kCHLO);
 229   ConstructHandshakeMessage();
 230   stream_.ProcessRawData(message_data_->data(), message_data_->length());
 231 }
 232
 233 TEST_P(QuicCryptoServerStreamTest, BadMessageType) {
 234   message_.set_tag(kSHLO);
 235   ConstructHandshakeMessage();
 236   EXPECT_CALL(*connection_, SendConnectionClose(
 237       QUIC_INVALID_CRYPTO_MESSAGE_TYPE));
 238   stream_.ProcessRawData(message_data_->data(), message_data_->length());
 239 }
 240
 241 TEST_P(QuicCryptoServerStreamTest, WithoutCertificates) {
 242   crypto_config_.SetProofSource(nullptr);
 243   client_options_.dont_verify_certs = true;
 244
 245   // Only 2 client hellos need to be sent in the no-certs case: one to get the
 246   // source-address token and the second to finish.
 247   EXPECT_EQ(2, CompleteCryptoHandshake());
 248   EXPECT_TRUE(stream_.encryption_established());
 249   EXPECT_TRUE(stream_.handshake_confirmed());
 250 }
 251
 252 TEST_P(QuicCryptoServerStreamTest, ChannelID) {
 253   client_options_.channel_id_enabled = true;
 254   client_options_.channel_id_source_async = false;
 255   // CompleteCryptoHandshake verifies
 256   // stream_.crypto_negotiated_params().channel_id is correct.
 257   EXPECT_EQ(2, CompleteCryptoHandshake());
 258   EXPECT_TRUE(stream_.encryption_established());
 259   EXPECT_TRUE(stream_.handshake_confirmed());
 260 }
 261
 262 TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync) {
 263   client_options_.channel_id_enabled = true;
 264   client_options_.channel_id_source_async = true;
 265   // CompleteCryptoHandshake verifies
 266   // stream_.crypto_negotiated_params().channel_id is correct.
 267   EXPECT_EQ(2, CompleteCryptoHandshake());
 268   EXPECT_TRUE(stream_.encryption_established());
 269   EXPECT_TRUE(stream_.handshake_confirmed());
 270 }
 271
 272 TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete) {
 273   // An attempt to send a SCUP before completing handshake should fail.
 274   stream_.SendServerConfigUpdate(nullptr);
 275   EXPECT_EQ(0, stream_.num_server_config_update_messages_sent());
 276 }
 277
 278 }  // namespace
 279 }  // namespace test
 280 }  // namespace net