1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <ostream> 6 #include <vector> 7 8 #include "base/basictypes.h" 9 #include "base/strings/string_number_conversions.h" 10 #include "crypto/secure_hash.h" 11 #include "net/quic/crypto/crypto_utils.h" 12 #include "net/quic/crypto/quic_crypto_server_config.h" 13 #include "net/quic/crypto/quic_random.h" 14 #include "net/quic/quic_flags.h" 15 #include "net/quic/quic_socket_address_coder.h" 16 #include "net/quic/quic_utils.h" 17 #include "net/quic/test_tools/crypto_test_utils.h" 18 #include "net/quic/test_tools/delayed_verify_strike_register_client.h" 19 #include "net/quic/test_tools/mock_clock.h" 20 #include "net/quic/test_tools/mock_random.h" 21 #include "net/quic/test_tools/quic_test_utils.h" 22 #include "testing/gtest/include/gtest/gtest.h" 23 24 using base::StringPiece; 25 using std::ostream; 26 using std::string; 27 using std::vector; 28 29 namespace net { 30 namespace test { 31 32 class QuicCryptoServerConfigPeer { 33 public: 34 explicit QuicCryptoServerConfigPeer(QuicCryptoServerConfig* server_config) 35 : server_config_(server_config) {} 36 37 base::Lock* GetStrikeRegisterClientLock() { 38 return &server_config_->strike_register_client_lock_; 39 } 40 41 private: 42 QuicCryptoServerConfig* server_config_; 43 }; 44 45 // Run tests with combinations of 46 // {FLAGS_use_early_return_when_verifying_chlo, 47 // FLAGS_send_quic_crypto_reject_reason}. 48 struct TestParams { 49 TestParams(bool use_early_return_when_verifying_chlo, 50 bool send_quic_crypto_reject_reason) 51 : use_early_return_when_verifying_chlo( 52 use_early_return_when_verifying_chlo), 53 send_quic_crypto_reject_reason(send_quic_crypto_reject_reason) { 54 } 55 56 friend ostream& operator<<(ostream& os, const TestParams& p) { 57 os << "{ use_early_return_when_verifying_chlo: " 58 << p.use_early_return_when_verifying_chlo 59 << " send_quic_crypto_reject_reason: " 60 << p.send_quic_crypto_reject_reason << " }"; 61 return os; 62 } 63 64 bool use_early_return_when_verifying_chlo; 65 bool send_quic_crypto_reject_reason; 66 }; 67 68 // Constructs various test permutations. 69 vector<TestParams> GetTestParams() { 70 vector<TestParams> params; 71 params.push_back(TestParams(false, false)); 72 params.push_back(TestParams(false, true)); 73 params.push_back(TestParams(true, false)); 74 params.push_back(TestParams(true, true)); 75 return params; 76 } 77 78 class CryptoServerTest : public ::testing::TestWithParam<TestParams> { 79 public: 80 CryptoServerTest() 81 : rand_(QuicRandom::GetInstance()), 82 client_address_(Loopback4(), 1234), 83 config_(QuicCryptoServerConfig::TESTING, rand_) { 84 config_.SetProofSource(CryptoTestUtils::ProofSourceForTesting()); 85 supported_versions_ = QuicSupportedVersions(); 86 client_version_ = QuicUtils::TagToString( 87 QuicVersionToQuicTag(supported_versions_.front())); 88 89 FLAGS_use_early_return_when_verifying_chlo = 90 GetParam().use_early_return_when_verifying_chlo; 91 FLAGS_send_quic_crypto_reject_reason = 92 GetParam().send_quic_crypto_reject_reason; 93 } 94 95 virtual void SetUp() { 96 scoped_ptr<CryptoHandshakeMessage> msg( 97 config_.AddDefaultConfig(rand_, &clock_, 98 config_options_)); 99 100 StringPiece orbit; 101 CHECK(msg->GetStringPiece(kORBT, &orbit)); 102 CHECK_EQ(sizeof(orbit_), orbit.size()); 103 memcpy(orbit_, orbit.data(), orbit.size()); 104 105 char public_value[32]; 106 memset(public_value, 42, sizeof(public_value)); 107 108 const string nonce_str = GenerateNonce(); 109 nonce_hex_ = "#" + base::HexEncode(nonce_str.data(), nonce_str.size()); 110 pub_hex_ = "#" + base::HexEncode(public_value, sizeof(public_value)); 111 112 CryptoHandshakeMessage client_hello = CryptoTestUtils::Message( 113 "CHLO", 114 "AEAD", "AESG", 115 "KEXS", "C255", 116 "PUBS", pub_hex_.c_str(), 117 "NONC", nonce_hex_.c_str(), 118 "VER\0", client_version_.data(), 119 "$padding", static_cast<int>(kClientHelloMinimumSize), 120 NULL); 121 ShouldSucceed(client_hello); 122 // The message should be rejected because the source-address token is 123 // missing. 124 ASSERT_EQ(kREJ, out_.tag()); 125 const HandshakeFailureReason kRejectReasons[] = { 126 SERVER_CONFIG_INCHOATE_HELLO_FAILURE 127 }; 128 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 129 130 StringPiece srct; 131 ASSERT_TRUE(out_.GetStringPiece(kSourceAddressTokenTag, &srct)); 132 srct_hex_ = "#" + base::HexEncode(srct.data(), srct.size()); 133 134 StringPiece scfg; 135 ASSERT_TRUE(out_.GetStringPiece(kSCFG, &scfg)); 136 server_config_.reset(CryptoFramer::ParseMessage(scfg)); 137 138 StringPiece scid; 139 ASSERT_TRUE(server_config_->GetStringPiece(kSCID, &scid)); 140 scid_hex_ = "#" + base::HexEncode(scid.data(), scid.size()); 141 } 142 143 // Helper used to accept the result of ValidateClientHello and pass 144 // it on to ProcessClientHello. 145 class ValidateCallback : public ValidateClientHelloResultCallback { 146 public: 147 ValidateCallback(CryptoServerTest* test, 148 bool should_succeed, 149 const char* error_substr, 150 bool* called) 151 : test_(test), 152 should_succeed_(should_succeed), 153 error_substr_(error_substr), 154 called_(called) { 155 *called_ = false; 156 } 157 158 virtual void RunImpl(const CryptoHandshakeMessage& client_hello, 159 const Result& result) OVERRIDE { 160 { 161 // Ensure that the strike register client lock is not held. 162 QuicCryptoServerConfigPeer peer(&test_->config_); 163 base::Lock* m = peer.GetStrikeRegisterClientLock(); 164 // In Chromium, we will dead lock if the lock is held by the current 165 // thread. Chromium doesn't have AssertNotHeld API call. 166 // m->AssertNotHeld(); 167 base::AutoLock lock(*m); 168 } 169 ASSERT_FALSE(*called_); 170 test_->ProcessValidationResult( 171 client_hello, result, should_succeed_, error_substr_); 172 *called_ = true; 173 } 174 175 private: 176 CryptoServerTest* test_; 177 bool should_succeed_; 178 const char* error_substr_; 179 bool* called_; 180 }; 181 182 void CheckServerHello(const CryptoHandshakeMessage& server_hello) { 183 const QuicTag* versions; 184 size_t num_versions; 185 server_hello.GetTaglist(kVER, &versions, &num_versions); 186 ASSERT_EQ(QuicSupportedVersions().size(), num_versions); 187 for (size_t i = 0; i < num_versions; ++i) { 188 EXPECT_EQ(QuicVersionToQuicTag(QuicSupportedVersions()[i]), versions[i]); 189 } 190 191 StringPiece address; 192 ASSERT_TRUE(server_hello.GetStringPiece(kCADR, &address)); 193 QuicSocketAddressCoder decoder; 194 ASSERT_TRUE(decoder.Decode(address.data(), address.size())); 195 EXPECT_EQ(client_address_.address(), decoder.ip()); 196 EXPECT_EQ(client_address_.port(), decoder.port()); 197 } 198 199 void ShouldSucceed(const CryptoHandshakeMessage& message) { 200 bool called = false; 201 RunValidate(message, new ValidateCallback(this, true, "", &called)); 202 EXPECT_TRUE(called); 203 } 204 205 void RunValidate( 206 const CryptoHandshakeMessage& message, 207 ValidateClientHelloResultCallback* cb) { 208 config_.ValidateClientHello(message, client_address_, &clock_, cb); 209 } 210 211 void ShouldFailMentioning(const char* error_substr, 212 const CryptoHandshakeMessage& message) { 213 bool called = false; 214 ShouldFailMentioning(error_substr, message, &called); 215 EXPECT_TRUE(called); 216 } 217 218 void ShouldFailMentioning(const char* error_substr, 219 const CryptoHandshakeMessage& message, 220 bool* called) { 221 config_.ValidateClientHello( 222 message, client_address_, &clock_, 223 new ValidateCallback(this, false, error_substr, called)); 224 } 225 226 void ProcessValidationResult(const CryptoHandshakeMessage& message, 227 const ValidateCallback::Result& result, 228 bool should_succeed, 229 const char* error_substr) { 230 string error_details; 231 QuicErrorCode error = config_.ProcessClientHello( 232 result, 1 /* ConnectionId */, client_address_, 233 supported_versions_.front(), supported_versions_, &clock_, rand_, 234 ¶ms_, &out_, &error_details); 235 236 if (should_succeed) { 237 ASSERT_EQ(error, QUIC_NO_ERROR) 238 << "Message failed with error " << error_details << ": " 239 << message.DebugString(); 240 } else { 241 ASSERT_NE(error, QUIC_NO_ERROR) 242 << "Message didn't fail: " << message.DebugString(); 243 244 EXPECT_TRUE(error_details.find(error_substr) != string::npos) 245 << error_substr << " not in " << error_details; 246 } 247 } 248 249 CryptoHandshakeMessage InchoateClientHello(const char* message_tag, ...) { 250 va_list ap; 251 va_start(ap, message_tag); 252 253 CryptoHandshakeMessage message = 254 CryptoTestUtils::BuildMessage(message_tag, ap); 255 va_end(ap); 256 257 message.SetStringPiece(kPAD, string(kClientHelloMinimumSize, '-')); 258 return message; 259 } 260 261 string GenerateNonce() { 262 string nonce; 263 CryptoUtils::GenerateNonce( 264 clock_.WallNow(), rand_, 265 StringPiece(reinterpret_cast<const char*>(orbit_), sizeof(orbit_)), 266 &nonce); 267 return nonce; 268 } 269 270 void CheckRejectReasons( 271 const HandshakeFailureReason* expected_handshake_failures, 272 size_t expected_count) { 273 const QuicTag* reject_reason_tags; 274 size_t num_reject_reasons; 275 QuicErrorCode error_code = out_.GetTaglist(kRREJ, &reject_reason_tags, 276 &num_reject_reasons); 277 if (!FLAGS_send_quic_crypto_reject_reason) { 278 ASSERT_EQ(QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND, error_code); 279 return; 280 } 281 ASSERT_EQ(QUIC_NO_ERROR, error_code); 282 283 if (FLAGS_use_early_return_when_verifying_chlo) { 284 EXPECT_EQ(1u, num_reject_reasons); 285 } else { 286 EXPECT_EQ(expected_count, num_reject_reasons); 287 } 288 for (size_t i = 0; i < num_reject_reasons; ++i) { 289 EXPECT_EQ(expected_handshake_failures[i], reject_reason_tags[i]); 290 } 291 } 292 293 protected: 294 QuicRandom* const rand_; 295 MockClock clock_; 296 const IPEndPoint client_address_; 297 QuicVersionVector supported_versions_; 298 string client_version_; 299 QuicCryptoServerConfig config_; 300 QuicCryptoServerConfig::ConfigOptions config_options_; 301 QuicCryptoNegotiatedParameters params_; 302 CryptoHandshakeMessage out_; 303 uint8 orbit_[kOrbitSize]; 304 305 // These strings contain hex escaped values from the server suitable for 306 // passing to |InchoateClientHello| when constructing client hello messages. 307 string nonce_hex_, pub_hex_, srct_hex_, scid_hex_; 308 scoped_ptr<CryptoHandshakeMessage> server_config_; 309 }; 310 311 // Run all CryptoServerTest with all combinations of 312 // FLAGS_use_early_return_when_verifying_chlo and 313 // FLAGS_send_quic_crypto_reject_reason. 314 INSTANTIATE_TEST_CASE_P(CryptoServerTests, 315 CryptoServerTest, 316 ::testing::ValuesIn(GetTestParams())); 317 318 TEST_P(CryptoServerTest, BadSNI) { 319 static const char* kBadSNIs[] = { 320 "", 321 "foo", 322 "#00", 323 "#ff00", 324 "127.0.0.1", 325 "ffee::1", 326 }; 327 328 string client_version = QuicUtils::TagToString( 329 QuicVersionToQuicTag(supported_versions_.front())); 330 331 for (size_t i = 0; i < arraysize(kBadSNIs); i++) { 332 ShouldFailMentioning("SNI", InchoateClientHello( 333 "CHLO", 334 "SNI", kBadSNIs[i], 335 "VER\0", client_version.data(), 336 NULL)); 337 const HandshakeFailureReason kRejectReasons[] = { 338 SERVER_CONFIG_INCHOATE_HELLO_FAILURE 339 }; 340 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 341 } 342 } 343 344 // TODO(rtenneti): Enable the DefaultCert test after implementing ProofSource. 345 TEST_F(CryptoServerTest, DISABLED_DefaultCert) { 346 // Check that the server replies with a default certificate when no SNI is 347 // specified. 348 ShouldSucceed(InchoateClientHello( 349 "CHLO", 350 "AEAD", "AESG", 351 "KEXS", "C255", 352 "SCID", scid_hex_.c_str(), 353 "#004b5453", srct_hex_.c_str(), 354 "PUBS", pub_hex_.c_str(), 355 "NONC", nonce_hex_.c_str(), 356 "$padding", static_cast<int>(kClientHelloMinimumSize), 357 "PDMD", "X509", 358 "VER\0", client_version_.data(), 359 NULL)); 360 361 StringPiece cert, proof; 362 EXPECT_TRUE(out_.GetStringPiece(kCertificateTag, &cert)); 363 EXPECT_TRUE(out_.GetStringPiece(kPROF, &proof)); 364 EXPECT_NE(0u, cert.size()); 365 EXPECT_NE(0u, proof.size()); 366 const HandshakeFailureReason kRejectReasons[] = { 367 CLIENT_NONCE_UNKNOWN_FAILURE 368 }; 369 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 370 } 371 372 TEST_P(CryptoServerTest, TooSmall) { 373 ShouldFailMentioning("too small", CryptoTestUtils::Message( 374 "CHLO", 375 "VER\0", client_version_.data(), 376 NULL)); 377 const HandshakeFailureReason kRejectReasons[] = { 378 SERVER_CONFIG_INCHOATE_HELLO_FAILURE 379 }; 380 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 381 } 382 383 TEST_P(CryptoServerTest, BadSourceAddressToken) { 384 // Invalid source-address tokens should be ignored. 385 static const char* kBadSourceAddressTokens[] = { 386 "", 387 "foo", 388 "#0000", 389 "#0000000000000000000000000000000000000000", 390 }; 391 392 for (size_t i = 0; i < arraysize(kBadSourceAddressTokens); i++) { 393 ShouldSucceed(InchoateClientHello( 394 "CHLO", 395 "STK", kBadSourceAddressTokens[i], 396 "VER\0", client_version_.data(), 397 NULL)); 398 const HandshakeFailureReason kRejectReasons[] = { 399 SERVER_CONFIG_INCHOATE_HELLO_FAILURE 400 }; 401 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 402 } 403 } 404 405 TEST_P(CryptoServerTest, BadClientNonce) { 406 // Invalid nonces should be ignored. 407 static const char* kBadNonces[] = { 408 "", 409 "#0000", 410 "#0000000000000000000000000000000000000000", 411 }; 412 413 for (size_t i = 0; i < arraysize(kBadNonces); i++) { 414 ShouldSucceed(InchoateClientHello( 415 "CHLO", 416 "NONC", kBadNonces[i], 417 "VER\0", client_version_.data(), 418 NULL)); 419 const HandshakeFailureReason kRejectReasons[] = { 420 SERVER_CONFIG_INCHOATE_HELLO_FAILURE 421 }; 422 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 423 } 424 } 425 426 TEST_P(CryptoServerTest, DowngradeAttack) { 427 if (supported_versions_.size() == 1) { 428 // No downgrade attack is possible if the server only supports one version. 429 return; 430 } 431 // Set the client's preferred version to a supported version that 432 // is not the "current" version (supported_versions_.front()). 433 string bad_version = QuicUtils::TagToString( 434 QuicVersionToQuicTag(supported_versions_.back())); 435 436 ShouldFailMentioning("Downgrade", InchoateClientHello( 437 "CHLO", 438 "VER\0", bad_version.data(), 439 NULL)); 440 const HandshakeFailureReason kRejectReasons[] = { 441 SERVER_CONFIG_INCHOATE_HELLO_FAILURE 442 }; 443 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 444 } 445 446 TEST_P(CryptoServerTest, CorruptServerConfig) { 447 // This tests corrupted server config. 448 CryptoHandshakeMessage msg = CryptoTestUtils::Message( 449 "CHLO", 450 "AEAD", "AESG", 451 "KEXS", "C255", 452 "SCID", (string(1, 'X') + scid_hex_).c_str(), 453 "#004b5453", srct_hex_.c_str(), 454 "PUBS", pub_hex_.c_str(), 455 "NONC", nonce_hex_.c_str(), 456 "VER\0", client_version_.data(), 457 "$padding", static_cast<int>(kClientHelloMinimumSize), 458 NULL); 459 ShouldSucceed(msg); 460 ASSERT_EQ(kREJ, out_.tag()); 461 const HandshakeFailureReason kRejectReasons[] = { 462 SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE 463 }; 464 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 465 } 466 467 TEST_P(CryptoServerTest, CorruptSourceAddressToken) { 468 // This tests corrupted source address token. 469 CryptoHandshakeMessage msg = CryptoTestUtils::Message( 470 "CHLO", 471 "AEAD", "AESG", 472 "KEXS", "C255", 473 "SCID", scid_hex_.c_str(), 474 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), 475 "PUBS", pub_hex_.c_str(), 476 "NONC", nonce_hex_.c_str(), 477 "VER\0", client_version_.data(), 478 "$padding", static_cast<int>(kClientHelloMinimumSize), 479 NULL); 480 ShouldSucceed(msg); 481 ASSERT_EQ(kREJ, out_.tag()); 482 const HandshakeFailureReason kRejectReasons[] = { 483 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE 484 }; 485 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 486 } 487 488 TEST_P(CryptoServerTest, CorruptClientNonceAndSourceAddressToken) { 489 // This test corrupts client nonce and source address token. 490 CryptoHandshakeMessage msg = CryptoTestUtils::Message( 491 "CHLO", 492 "AEAD", "AESG", 493 "KEXS", "C255", 494 "SCID", scid_hex_.c_str(), 495 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), 496 "PUBS", pub_hex_.c_str(), 497 "NONC", (string(1, 'X') + nonce_hex_).c_str(), 498 "VER\0", client_version_.data(), 499 "$padding", static_cast<int>(kClientHelloMinimumSize), 500 NULL); 501 ShouldSucceed(msg); 502 ASSERT_EQ(kREJ, out_.tag()); 503 const HandshakeFailureReason kRejectReasons[] = { 504 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, 505 CLIENT_NONCE_INVALID_FAILURE 506 }; 507 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 508 } 509 510 TEST_P(CryptoServerTest, CorruptMultipleTags) { 511 // This test corrupts client nonce, server nonce and source address token. 512 CryptoHandshakeMessage msg = CryptoTestUtils::Message( 513 "CHLO", 514 "AEAD", "AESG", 515 "KEXS", "C255", 516 "SCID", scid_hex_.c_str(), 517 "#004b5453", (string(1, 'X') + srct_hex_).c_str(), 518 "PUBS", pub_hex_.c_str(), 519 "NONC", (string(1, 'X') + nonce_hex_).c_str(), 520 "SNO\0", (string(1, 'X') + nonce_hex_).c_str(), 521 "VER\0", client_version_.data(), 522 "$padding", static_cast<int>(kClientHelloMinimumSize), 523 NULL); 524 ShouldSucceed(msg); 525 ASSERT_EQ(kREJ, out_.tag()); 526 const HandshakeFailureReason kRejectReasons[] = { 527 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE, 528 CLIENT_NONCE_INVALID_FAILURE, 529 SERVER_NONCE_DECRYPTION_FAILURE, 530 }; 531 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 532 } 533 534 TEST_P(CryptoServerTest, ReplayProtection) { 535 // This tests that disabling replay protection works. 536 CryptoHandshakeMessage msg = CryptoTestUtils::Message( 537 "CHLO", 538 "AEAD", "AESG", 539 "KEXS", "C255", 540 "SCID", scid_hex_.c_str(), 541 "#004b5453", srct_hex_.c_str(), 542 "PUBS", pub_hex_.c_str(), 543 "NONC", nonce_hex_.c_str(), 544 "VER\0", client_version_.data(), 545 "$padding", static_cast<int>(kClientHelloMinimumSize), 546 NULL); 547 ShouldSucceed(msg); 548 // The message should be rejected because the strike-register is still 549 // quiescent. 550 ASSERT_EQ(kREJ, out_.tag()); 551 552 const HandshakeFailureReason kRejectReasons[] = { 553 CLIENT_NONCE_UNKNOWN_FAILURE 554 }; 555 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 556 557 config_.set_replay_protection(false); 558 559 ShouldSucceed(msg); 560 // The message should be accepted now. 561 ASSERT_EQ(kSHLO, out_.tag()); 562 CheckServerHello(out_); 563 564 ShouldSucceed(msg); 565 // The message should accepted twice when replay protection is off. 566 ASSERT_EQ(kSHLO, out_.tag()); 567 CheckServerHello(out_); 568 } 569 570 TEST(CryptoServerConfigGenerationTest, Determinism) { 571 // Test that using a deterministic PRNG causes the server-config to be 572 // deterministic. 573 574 MockRandom rand_a, rand_b; 575 const QuicCryptoServerConfig::ConfigOptions options; 576 MockClock clock; 577 578 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a); 579 QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b); 580 scoped_ptr<CryptoHandshakeMessage> scfg_a( 581 a.AddDefaultConfig(&rand_a, &clock, options)); 582 scoped_ptr<CryptoHandshakeMessage> scfg_b( 583 b.AddDefaultConfig(&rand_b, &clock, options)); 584 585 ASSERT_EQ(scfg_a->DebugString(), scfg_b->DebugString()); 586 } 587 588 TEST(CryptoServerConfigGenerationTest, SCIDVaries) { 589 // This test ensures that the server config ID varies for different server 590 // configs. 591 592 MockRandom rand_a, rand_b; 593 const QuicCryptoServerConfig::ConfigOptions options; 594 MockClock clock; 595 596 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a); 597 rand_b.ChangeValue(); 598 QuicCryptoServerConfig b(QuicCryptoServerConfig::TESTING, &rand_b); 599 scoped_ptr<CryptoHandshakeMessage> scfg_a( 600 a.AddDefaultConfig(&rand_a, &clock, options)); 601 scoped_ptr<CryptoHandshakeMessage> scfg_b( 602 b.AddDefaultConfig(&rand_b, &clock, options)); 603 604 StringPiece scid_a, scid_b; 605 EXPECT_TRUE(scfg_a->GetStringPiece(kSCID, &scid_a)); 606 EXPECT_TRUE(scfg_b->GetStringPiece(kSCID, &scid_b)); 607 608 EXPECT_NE(scid_a, scid_b); 609 } 610 611 612 TEST(CryptoServerConfigGenerationTest, SCIDIsHashOfServerConfig) { 613 MockRandom rand_a; 614 const QuicCryptoServerConfig::ConfigOptions options; 615 MockClock clock; 616 617 QuicCryptoServerConfig a(QuicCryptoServerConfig::TESTING, &rand_a); 618 scoped_ptr<CryptoHandshakeMessage> scfg( 619 a.AddDefaultConfig(&rand_a, &clock, options)); 620 621 StringPiece scid; 622 EXPECT_TRUE(scfg->GetStringPiece(kSCID, &scid)); 623 // Need to take a copy of |scid| has we're about to call |Erase|. 624 const string scid_str(scid.as_string()); 625 626 scfg->Erase(kSCID); 627 scfg->MarkDirty(); 628 const QuicData& serialized(scfg->GetSerialized()); 629 630 scoped_ptr<crypto::SecureHash> hash( 631 crypto::SecureHash::Create(crypto::SecureHash::SHA256)); 632 hash->Update(serialized.data(), serialized.length()); 633 uint8 digest[16]; 634 hash->Finish(digest, sizeof(digest)); 635 636 ASSERT_EQ(scid.size(), sizeof(digest)); 637 EXPECT_EQ(0, memcmp(digest, scid_str.data(), sizeof(digest))); 638 } 639 640 class CryptoServerTestNoConfig : public CryptoServerTest { 641 public: 642 virtual void SetUp() { 643 // Deliberately don't add a config so that we can test this situation. 644 } 645 }; 646 647 TEST_P(CryptoServerTestNoConfig, DontCrash) { 648 ShouldFailMentioning("No config", InchoateClientHello( 649 "CHLO", 650 "VER\0", client_version_.data(), 651 NULL)); 652 653 const HandshakeFailureReason kRejectReasons[] = { 654 CLIENT_NONCE_UNKNOWN_FAILURE 655 }; 656 CheckRejectReasons(kRejectReasons, arraysize(kRejectReasons)); 657 } 658 659 class AsyncStrikeServerVerificationTest : public CryptoServerTest { 660 protected: 661 AsyncStrikeServerVerificationTest() { 662 } 663 664 virtual void SetUp() { 665 const string kOrbit = "12345678"; 666 config_options_.orbit = kOrbit; 667 strike_register_client_ = new DelayedVerifyStrikeRegisterClient( 668 10000, // strike_register_max_entries 669 static_cast<uint32>(clock_.WallNow().ToUNIXSeconds()), 670 60, // strike_register_window_secs 671 reinterpret_cast<const uint8 *>(kOrbit.data()), 672 StrikeRegister::NO_STARTUP_PERIOD_NEEDED); 673 config_.SetStrikeRegisterClient(strike_register_client_); 674 CryptoServerTest::SetUp(); 675 strike_register_client_->StartDelayingVerification(); 676 } 677 678 DelayedVerifyStrikeRegisterClient* strike_register_client_; 679 }; 680 681 TEST_P(AsyncStrikeServerVerificationTest, AsyncReplayProtection) { 682 // This tests async validation with a strike register works. 683 CryptoHandshakeMessage msg = CryptoTestUtils::Message( 684 "CHLO", 685 "AEAD", "AESG", 686 "KEXS", "C255", 687 "SCID", scid_hex_.c_str(), 688 "#004b5453", srct_hex_.c_str(), 689 "PUBS", pub_hex_.c_str(), 690 "NONC", nonce_hex_.c_str(), 691 "VER\0", client_version_.data(), 692 "$padding", static_cast<int>(kClientHelloMinimumSize), 693 NULL); 694 695 // Clear the message tag. 696 out_.set_tag(0); 697 698 bool called = false; 699 RunValidate(msg, new ValidateCallback(this, true, "", &called)); 700 // The verification request was queued. 701 ASSERT_FALSE(called); 702 EXPECT_EQ(0u, out_.tag()); 703 EXPECT_EQ(1, strike_register_client_->PendingVerifications()); 704 705 // Continue processing the verification request. 706 strike_register_client_->RunPendingVerifications(); 707 ASSERT_TRUE(called); 708 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); 709 // The message should be accepted now. 710 EXPECT_EQ(kSHLO, out_.tag()); 711 712 // Rejected if replayed. 713 RunValidate(msg, new ValidateCallback(this, true, "", &called)); 714 // The verification request was queued. 715 ASSERT_FALSE(called); 716 EXPECT_EQ(1, strike_register_client_->PendingVerifications()); 717 718 strike_register_client_->RunPendingVerifications(); 719 ASSERT_TRUE(called); 720 EXPECT_EQ(0, strike_register_client_->PendingVerifications()); 721 // The message should be rejected now. 722 EXPECT_EQ(kREJ, out_.tag()); 723 } 724 725 } // namespace test 726 } // namespace net 727
