blob: 5e0ca6e3d87c000c7d1bbaeb1b90827624351dfa [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h"
#include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h"
#include "net/third_party/quiche/src/quic/core/quic_server_id.h"
#include "net/third_party/quiche/src/quic/core/quic_types.h"
#include "net/third_party/quiche/src/quic/core/quic_utils.h"
#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_endian.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_string.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_test.h"
#include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h"
#include "net/third_party/quiche/src/quic/test_tools/mock_random.h"
#include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h"
using testing::StartsWith;
namespace quic {
namespace test {
namespace {
class TestProofVerifyDetails : public ProofVerifyDetails {
~TestProofVerifyDetails() override {}
// ProofVerifyDetails implementation
ProofVerifyDetails* Clone() const override {
return new TestProofVerifyDetails;
}
};
class OneServerIdFilter : public QuicCryptoClientConfig::ServerIdFilter {
public:
explicit OneServerIdFilter(const QuicServerId* server_id)
: server_id_(*server_id) {}
bool Matches(const QuicServerId& server_id) const override {
return server_id == server_id_;
}
private:
const QuicServerId server_id_;
};
class AllServerIdsFilter : public QuicCryptoClientConfig::ServerIdFilter {
public:
bool Matches(const QuicServerId& server_id) const override { return true; }
};
} // namespace
class QuicCryptoClientConfigTest : public QuicTest {};
TEST_F(QuicCryptoClientConfigTest, CachedState_IsEmpty) {
QuicCryptoClientConfig::CachedState state;
EXPECT_TRUE(state.IsEmpty());
}
TEST_F(QuicCryptoClientConfigTest, CachedState_IsComplete) {
QuicCryptoClientConfig::CachedState state;
EXPECT_FALSE(state.IsComplete(QuicWallTime::FromUNIXSeconds(0)));
}
TEST_F(QuicCryptoClientConfigTest, CachedState_GenerationCounter) {
QuicCryptoClientConfig::CachedState state;
EXPECT_EQ(0u, state.generation_counter());
state.SetProofInvalid();
EXPECT_EQ(1u, state.generation_counter());
}
TEST_F(QuicCryptoClientConfigTest, CachedState_SetProofVerifyDetails) {
QuicCryptoClientConfig::CachedState state;
EXPECT_TRUE(state.proof_verify_details() == nullptr);
ProofVerifyDetails* details = new TestProofVerifyDetails;
state.SetProofVerifyDetails(details);
EXPECT_EQ(details, state.proof_verify_details());
}
TEST_F(QuicCryptoClientConfigTest, CachedState_ServerDesignatedConnectionId) {
QuicCryptoClientConfig::CachedState state;
EXPECT_FALSE(state.has_server_designated_connection_id());
uint64_t conn_id = 1234;
QuicConnectionId connection_id = TestConnectionId(conn_id);
state.add_server_designated_connection_id(connection_id);
EXPECT_TRUE(state.has_server_designated_connection_id());
EXPECT_EQ(connection_id, state.GetNextServerDesignatedConnectionId());
EXPECT_FALSE(state.has_server_designated_connection_id());
// Allow the ID to be set multiple times. It's unusual that this would
// happen, but not impossible.
connection_id = TestConnectionId(++conn_id);
state.add_server_designated_connection_id(connection_id);
EXPECT_TRUE(state.has_server_designated_connection_id());
EXPECT_EQ(connection_id, state.GetNextServerDesignatedConnectionId());
connection_id = TestConnectionId(++conn_id);
state.add_server_designated_connection_id(connection_id);
EXPECT_EQ(connection_id, state.GetNextServerDesignatedConnectionId());
EXPECT_FALSE(state.has_server_designated_connection_id());
// Test FIFO behavior.
const QuicConnectionId first_cid = TestConnectionId(0xdeadbeef);
const QuicConnectionId second_cid = TestConnectionId(0xfeedbead);
state.add_server_designated_connection_id(first_cid);
state.add_server_designated_connection_id(second_cid);
EXPECT_TRUE(state.has_server_designated_connection_id());
EXPECT_EQ(first_cid, state.GetNextServerDesignatedConnectionId());
EXPECT_EQ(second_cid, state.GetNextServerDesignatedConnectionId());
}
TEST_F(QuicCryptoClientConfigTest, CachedState_ServerIdConsumedBeforeSet) {
QuicCryptoClientConfig::CachedState state;
EXPECT_FALSE(state.has_server_designated_connection_id());
#if GTEST_HAS_DEATH_TEST && !defined(NDEBUG)
EXPECT_DEBUG_DEATH(state.GetNextServerDesignatedConnectionId(),
"Attempting to consume a connection id "
"that was never designated.");
#endif // GTEST_HAS_DEATH_TEST && !defined(NDEBUG)
}
TEST_F(QuicCryptoClientConfigTest, CachedState_ServerNonce) {
QuicCryptoClientConfig::CachedState state;
EXPECT_FALSE(state.has_server_nonce());
QuicString server_nonce = "nonce_1";
state.add_server_nonce(server_nonce);
EXPECT_TRUE(state.has_server_nonce());
EXPECT_EQ(server_nonce, state.GetNextServerNonce());
EXPECT_FALSE(state.has_server_nonce());
// Allow the ID to be set multiple times. It's unusual that this would
// happen, but not impossible.
server_nonce = "nonce_2";
state.add_server_nonce(server_nonce);
EXPECT_TRUE(state.has_server_nonce());
EXPECT_EQ(server_nonce, state.GetNextServerNonce());
server_nonce = "nonce_3";
state.add_server_nonce(server_nonce);
EXPECT_EQ(server_nonce, state.GetNextServerNonce());
EXPECT_FALSE(state.has_server_nonce());
// Test FIFO behavior.
const QuicString first_nonce = "first_nonce";
const QuicString second_nonce = "second_nonce";
state.add_server_nonce(first_nonce);
state.add_server_nonce(second_nonce);
EXPECT_TRUE(state.has_server_nonce());
EXPECT_EQ(first_nonce, state.GetNextServerNonce());
EXPECT_EQ(second_nonce, state.GetNextServerNonce());
}
TEST_F(QuicCryptoClientConfigTest, CachedState_ServerNonceConsumedBeforeSet) {
QuicCryptoClientConfig::CachedState state;
EXPECT_FALSE(state.has_server_nonce());
#if GTEST_HAS_DEATH_TEST && !defined(NDEBUG)
EXPECT_DEBUG_DEATH(state.GetNextServerNonce(),
"Attempting to consume a server nonce "
"that was never designated.");
#endif // GTEST_HAS_DEATH_TEST && !defined(NDEBUG)
}
TEST_F(QuicCryptoClientConfigTest, CachedState_InitializeFrom) {
QuicCryptoClientConfig::CachedState state;
QuicCryptoClientConfig::CachedState other;
state.set_source_address_token("TOKEN");
// TODO(rch): Populate other fields of |state|.
other.InitializeFrom(state);
EXPECT_EQ(state.server_config(), other.server_config());
EXPECT_EQ(state.source_address_token(), other.source_address_token());
EXPECT_EQ(state.certs(), other.certs());
EXPECT_EQ(1u, other.generation_counter());
EXPECT_FALSE(state.has_server_designated_connection_id());
EXPECT_FALSE(state.has_server_nonce());
}
TEST_F(QuicCryptoClientConfigTest, InchoateChlo) {
QuicCryptoClientConfig::CachedState state;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
config.set_user_agent_id("quic-tester");
config.set_alpn("hq");
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params(
new QuicCryptoNegotiatedParameters);
CryptoHandshakeMessage msg;
QuicServerId server_id("www.google.com", 443, false);
MockRandom rand;
config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand,
/* demand_x509_proof= */ true, params, &msg);
QuicVersionLabel cver;
EXPECT_EQ(QUIC_NO_ERROR, msg.GetVersionLabel(kVER, &cver));
EXPECT_EQ(CreateQuicVersionLabel(QuicVersionMax()), cver);
QuicStringPiece proof_nonce;
EXPECT_TRUE(msg.GetStringPiece(kNONP, &proof_nonce));
EXPECT_EQ(QuicString(32, 'r'), proof_nonce);
QuicStringPiece user_agent_id;
EXPECT_TRUE(msg.GetStringPiece(kUAID, &user_agent_id));
EXPECT_EQ("quic-tester", user_agent_id);
QuicStringPiece alpn;
EXPECT_TRUE(msg.GetStringPiece(kALPN, &alpn));
EXPECT_EQ("hq", alpn);
EXPECT_EQ(msg.minimum_size(), 1024u);
}
TEST_F(QuicCryptoClientConfigTest, InchoateChloIsNotPadded) {
QuicCryptoClientConfig::CachedState state;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
config.set_pad_inchoate_hello(false);
config.set_user_agent_id("quic-tester");
config.set_alpn("hq");
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params(
new QuicCryptoNegotiatedParameters);
CryptoHandshakeMessage msg;
QuicServerId server_id("www.google.com", 443, false);
MockRandom rand;
config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand,
/* demand_x509_proof= */ true, params, &msg);
EXPECT_EQ(msg.minimum_size(), 1u);
}
// Make sure AES-GCM is the preferred encryption algorithm if it has hardware
// acceleration.
TEST_F(QuicCryptoClientConfigTest, PreferAesGcm) {
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
if (EVP_has_aes_hardware() == 1) {
EXPECT_EQ(kAESG, config.aead[0]);
} else {
EXPECT_EQ(kCC20, config.aead[0]);
}
}
TEST_F(QuicCryptoClientConfigTest, InchoateChloSecure) {
QuicCryptoClientConfig::CachedState state;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params(
new QuicCryptoNegotiatedParameters);
CryptoHandshakeMessage msg;
QuicServerId server_id("www.google.com", 443, false);
MockRandom rand;
config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand,
/* demand_x509_proof= */ true, params, &msg);
QuicTag pdmd;
EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd));
EXPECT_EQ(kX509, pdmd);
QuicStringPiece scid;
EXPECT_FALSE(msg.GetStringPiece(kSCID, &scid));
}
TEST_F(QuicCryptoClientConfigTest, InchoateChloSecureWithSCIDNoEXPY) {
// Test that a config with no EXPY is still valid when a non-zero
// expiry time is passed in.
QuicCryptoClientConfig::CachedState state;
CryptoHandshakeMessage scfg;
scfg.set_tag(kSCFG);
scfg.SetStringPiece(kSCID, "12345678");
QuicString details;
QuicWallTime now = QuicWallTime::FromUNIXSeconds(1);
QuicWallTime expiry = QuicWallTime::FromUNIXSeconds(2);
state.SetServerConfig(scfg.GetSerialized().AsStringPiece(), now, expiry,
&details);
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params(
new QuicCryptoNegotiatedParameters);
CryptoHandshakeMessage msg;
QuicServerId server_id("www.google.com", 443, false);
MockRandom rand;
config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand,
/* demand_x509_proof= */ true, params, &msg);
QuicStringPiece scid;
EXPECT_TRUE(msg.GetStringPiece(kSCID, &scid));
EXPECT_EQ("12345678", scid);
}
TEST_F(QuicCryptoClientConfigTest, InchoateChloSecureWithSCID) {
QuicCryptoClientConfig::CachedState state;
CryptoHandshakeMessage scfg;
scfg.set_tag(kSCFG);
uint64_t future = 1;
scfg.SetValue(kEXPY, future);
scfg.SetStringPiece(kSCID, "12345678");
QuicString details;
state.SetServerConfig(scfg.GetSerialized().AsStringPiece(),
QuicWallTime::FromUNIXSeconds(1),
QuicWallTime::FromUNIXSeconds(0), &details);
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params(
new QuicCryptoNegotiatedParameters);
CryptoHandshakeMessage msg;
QuicServerId server_id("www.google.com", 443, false);
MockRandom rand;
config.FillInchoateClientHello(server_id, QuicVersionMax(), &state, &rand,
/* demand_x509_proof= */ true, params, &msg);
QuicStringPiece scid;
EXPECT_TRUE(msg.GetStringPiece(kSCID, &scid));
EXPECT_EQ("12345678", scid);
}
TEST_F(QuicCryptoClientConfigTest, FillClientHello) {
QuicCryptoClientConfig::CachedState state;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params(
new QuicCryptoNegotiatedParameters);
QuicConnectionId kConnectionId = TestConnectionId(1234);
QuicString error_details;
MockRandom rand;
CryptoHandshakeMessage chlo;
QuicServerId server_id("www.google.com", 443, false);
config.FillClientHello(server_id, kConnectionId, QuicVersionMax(), &state,
QuicWallTime::Zero(), &rand,
nullptr, // channel_id_key
params, &chlo, &error_details);
// Verify that the version label has been set correctly in the CHLO.
QuicVersionLabel cver;
EXPECT_EQ(QUIC_NO_ERROR, chlo.GetVersionLabel(kVER, &cver));
EXPECT_EQ(CreateQuicVersionLabel(QuicVersionMax()), cver);
}
TEST_F(QuicCryptoClientConfigTest, FillClientHelloNoPadding) {
QuicCryptoClientConfig::CachedState state;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
config.set_pad_full_hello(false);
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params(
new QuicCryptoNegotiatedParameters);
QuicConnectionId kConnectionId = TestConnectionId(1234);
QuicString error_details;
MockRandom rand;
CryptoHandshakeMessage chlo;
QuicServerId server_id("www.google.com", 443, false);
config.FillClientHello(server_id, kConnectionId, QuicVersionMax(), &state,
QuicWallTime::Zero(), &rand,
nullptr, // channel_id_key
params, &chlo, &error_details);
// Verify that the version label has been set correctly in the CHLO.
QuicVersionLabel cver;
EXPECT_EQ(QUIC_NO_ERROR, chlo.GetVersionLabel(kVER, &cver));
EXPECT_EQ(CreateQuicVersionLabel(QuicVersionMax()), cver);
EXPECT_EQ(chlo.minimum_size(), 1u);
}
TEST_F(QuicCryptoClientConfigTest, ProcessServerDowngradeAttack) {
ParsedQuicVersionVector supported_versions = AllSupportedVersions();
if (supported_versions.size() == 1) {
// No downgrade attack is possible if the client only supports one version.
return;
}
ParsedQuicVersionVector supported_version_vector;
for (size_t i = supported_versions.size(); i > 0; --i) {
supported_version_vector.push_back(supported_versions[i - 1]);
}
CryptoHandshakeMessage msg;
msg.set_tag(kSHLO);
msg.SetVersionVector(kVER, supported_version_vector);
QuicCryptoClientConfig::CachedState cached;
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params(
new QuicCryptoNegotiatedParameters);
QuicString error;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
EXPECT_EQ(QUIC_VERSION_NEGOTIATION_MISMATCH,
config.ProcessServerHello(
msg, EmptyQuicConnectionId(), supported_versions.front(),
supported_versions, &cached, out_params, &error));
EXPECT_THAT(error, StartsWith("Downgrade attack detected: ServerVersions"));
}
TEST_F(QuicCryptoClientConfigTest, InitializeFrom) {
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
QuicServerId canonical_server_id("www.google.com", 443, false);
QuicCryptoClientConfig::CachedState* state =
config.LookupOrCreate(canonical_server_id);
// TODO(rch): Populate other fields of |state|.
state->set_source_address_token("TOKEN");
state->SetProofValid();
QuicServerId other_server_id("mail.google.com", 443, false);
config.InitializeFrom(other_server_id, canonical_server_id, &config);
QuicCryptoClientConfig::CachedState* other =
config.LookupOrCreate(other_server_id);
EXPECT_EQ(state->server_config(), other->server_config());
EXPECT_EQ(state->source_address_token(), other->source_address_token());
EXPECT_EQ(state->certs(), other->certs());
EXPECT_EQ(1u, other->generation_counter());
}
TEST_F(QuicCryptoClientConfigTest, Canonical) {
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
config.AddCanonicalSuffix(".google.com");
QuicServerId canonical_id1("www.google.com", 443, false);
QuicServerId canonical_id2("mail.google.com", 443, false);
QuicCryptoClientConfig::CachedState* state =
config.LookupOrCreate(canonical_id1);
// TODO(rch): Populate other fields of |state|.
state->set_source_address_token("TOKEN");
state->SetProofValid();
QuicCryptoClientConfig::CachedState* other =
config.LookupOrCreate(canonical_id2);
EXPECT_TRUE(state->IsEmpty());
EXPECT_EQ(state->server_config(), other->server_config());
EXPECT_EQ(state->source_address_token(), other->source_address_token());
EXPECT_EQ(state->certs(), other->certs());
EXPECT_EQ(1u, other->generation_counter());
QuicServerId different_id("mail.google.org", 443, false);
EXPECT_TRUE(config.LookupOrCreate(different_id)->IsEmpty());
}
TEST_F(QuicCryptoClientConfigTest, CanonicalNotUsedIfNotValid) {
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
config.AddCanonicalSuffix(".google.com");
QuicServerId canonical_id1("www.google.com", 443, false);
QuicServerId canonical_id2("mail.google.com", 443, false);
QuicCryptoClientConfig::CachedState* state =
config.LookupOrCreate(canonical_id1);
// TODO(rch): Populate other fields of |state|.
state->set_source_address_token("TOKEN");
// Do not set the proof as valid, and check that it is not used
// as a canonical entry.
EXPECT_TRUE(config.LookupOrCreate(canonical_id2)->IsEmpty());
}
TEST_F(QuicCryptoClientConfigTest, ClearCachedStates) {
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
// Create two states on different origins.
struct TestCase {
TestCase(const QuicString& host, QuicCryptoClientConfig* config)
: server_id(host, 443, false),
state(config->LookupOrCreate(server_id)) {
// TODO(rch): Populate other fields of |state|.
CryptoHandshakeMessage scfg;
scfg.set_tag(kSCFG);
uint64_t future = 1;
scfg.SetValue(kEXPY, future);
scfg.SetStringPiece(kSCID, "12345678");
QuicString details;
state->SetServerConfig(scfg.GetSerialized().AsStringPiece(),
QuicWallTime::FromUNIXSeconds(0),
QuicWallTime::FromUNIXSeconds(future), &details);
std::vector<QuicString> certs(1);
certs[0] = "Hello Cert for " + host;
state->SetProof(certs, "cert_sct", "chlo_hash", "signature");
state->set_source_address_token("TOKEN");
state->SetProofValid();
// The generation counter starts at 2, because proof has been once
// invalidated in SetServerConfig().
EXPECT_EQ(2u, state->generation_counter());
}
QuicServerId server_id;
QuicCryptoClientConfig::CachedState* state;
} test_cases[] = {TestCase("www.google.com", &config),
TestCase("www.example.com", &config)};
// Verify LookupOrCreate returns the same data.
for (const TestCase& test_case : test_cases) {
QuicCryptoClientConfig::CachedState* other =
config.LookupOrCreate(test_case.server_id);
EXPECT_EQ(test_case.state, other);
EXPECT_EQ(2u, other->generation_counter());
}
// Clear the cached state for www.google.com.
OneServerIdFilter google_com_filter(&test_cases[0].server_id);
config.ClearCachedStates(google_com_filter);
// Verify LookupOrCreate doesn't have any data for google.com.
QuicCryptoClientConfig::CachedState* cleared_cache =
config.LookupOrCreate(test_cases[0].server_id);
EXPECT_EQ(test_cases[0].state, cleared_cache);
EXPECT_FALSE(cleared_cache->proof_valid());
EXPECT_TRUE(cleared_cache->server_config().empty());
EXPECT_TRUE(cleared_cache->certs().empty());
EXPECT_TRUE(cleared_cache->cert_sct().empty());
EXPECT_TRUE(cleared_cache->signature().empty());
EXPECT_EQ(3u, cleared_cache->generation_counter());
// But it still does for www.example.com.
QuicCryptoClientConfig::CachedState* existing_cache =
config.LookupOrCreate(test_cases[1].server_id);
EXPECT_EQ(test_cases[1].state, existing_cache);
EXPECT_TRUE(existing_cache->proof_valid());
EXPECT_FALSE(existing_cache->server_config().empty());
EXPECT_FALSE(existing_cache->certs().empty());
EXPECT_FALSE(existing_cache->cert_sct().empty());
EXPECT_FALSE(existing_cache->signature().empty());
EXPECT_EQ(2u, existing_cache->generation_counter());
// Clear all cached states.
AllServerIdsFilter all_server_ids;
config.ClearCachedStates(all_server_ids);
// The data for www.example.com should now be cleared as well.
cleared_cache = config.LookupOrCreate(test_cases[1].server_id);
EXPECT_EQ(test_cases[1].state, cleared_cache);
EXPECT_FALSE(cleared_cache->proof_valid());
EXPECT_TRUE(cleared_cache->server_config().empty());
EXPECT_TRUE(cleared_cache->certs().empty());
EXPECT_TRUE(cleared_cache->cert_sct().empty());
EXPECT_TRUE(cleared_cache->signature().empty());
EXPECT_EQ(3u, cleared_cache->generation_counter());
}
TEST_F(QuicCryptoClientConfigTest, ProcessReject) {
CryptoHandshakeMessage rej;
crypto_test_utils::FillInDummyReject(&rej, /* stateless */ false);
// Now process the rejection.
QuicCryptoClientConfig::CachedState cached;
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params(
new QuicCryptoNegotiatedParameters);
QuicString error;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
EXPECT_EQ(QUIC_NO_ERROR,
config.ProcessRejection(rej, QuicWallTime::FromUNIXSeconds(0),
AllSupportedTransportVersions().front(), "",
&cached, out_params, &error));
EXPECT_FALSE(cached.has_server_designated_connection_id());
EXPECT_FALSE(cached.has_server_nonce());
}
TEST_F(QuicCryptoClientConfigTest, ProcessRejectWithLongTTL) {
CryptoHandshakeMessage rej;
crypto_test_utils::FillInDummyReject(&rej, /* stateless */ false);
QuicTime::Delta one_week = QuicTime::Delta::FromSeconds(kNumSecondsPerWeek);
int64_t long_ttl = 3 * one_week.ToSeconds();
rej.SetValue(kSTTL, long_ttl);
// Now process the rejection.
QuicCryptoClientConfig::CachedState cached;
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params(
new QuicCryptoNegotiatedParameters);
QuicString error;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
EXPECT_EQ(QUIC_NO_ERROR,
config.ProcessRejection(rej, QuicWallTime::FromUNIXSeconds(0),
AllSupportedTransportVersions().front(), "",
&cached, out_params, &error));
cached.SetProofValid();
EXPECT_FALSE(cached.IsComplete(QuicWallTime::FromUNIXSeconds(long_ttl)));
EXPECT_FALSE(
cached.IsComplete(QuicWallTime::FromUNIXSeconds(one_week.ToSeconds())));
EXPECT_TRUE(cached.IsComplete(
QuicWallTime::FromUNIXSeconds(one_week.ToSeconds() - 1)));
}
TEST_F(QuicCryptoClientConfigTest, ProcessStatelessReject) {
// Create a dummy reject message and mark it as stateless.
CryptoHandshakeMessage rej;
crypto_test_utils::FillInDummyReject(&rej, /* stateless */ true);
const QuicConnectionId kConnectionId = TestConnectionId(0xdeadbeef);
const QuicString server_nonce = "SERVER_NONCE";
const uint64_t kConnectionId64 = TestConnectionIdToUInt64(kConnectionId);
rej.SetValue(kRCID, kConnectionId64);
rej.SetStringPiece(kServerNonceTag, server_nonce);
// Now process the rejection.
QuicCryptoClientConfig::CachedState cached;
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params(
new QuicCryptoNegotiatedParameters);
QuicString error;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
EXPECT_EQ(QUIC_NO_ERROR,
config.ProcessRejection(rej, QuicWallTime::FromUNIXSeconds(0),
AllSupportedTransportVersions().front(), "",
&cached, out_params, &error));
EXPECT_TRUE(cached.has_server_designated_connection_id());
EXPECT_EQ(TestConnectionId(QuicEndian::NetToHost64(
TestConnectionIdToUInt64(kConnectionId))),
cached.GetNextServerDesignatedConnectionId());
EXPECT_EQ(server_nonce, cached.GetNextServerNonce());
}
TEST_F(QuicCryptoClientConfigTest, BadlyFormattedStatelessReject) {
// Create a dummy reject message and mark it as stateless. Do not
// add an server-designated connection-id.
CryptoHandshakeMessage rej;
crypto_test_utils::FillInDummyReject(&rej, /* stateless */ true);
// Now process the rejection.
QuicCryptoClientConfig::CachedState cached;
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params(
new QuicCryptoNegotiatedParameters);
QuicString error;
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
EXPECT_EQ(QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND,
config.ProcessRejection(rej, QuicWallTime::FromUNIXSeconds(0),
AllSupportedTransportVersions().front(), "",
&cached, out_params, &error));
EXPECT_FALSE(cached.has_server_designated_connection_id());
EXPECT_EQ("Missing kRCID", error);
}
TEST_F(QuicCryptoClientConfigTest, ServerNonceinSHLO) {
// Test that the server must include a nonce in the SHLO.
CryptoHandshakeMessage msg;
msg.set_tag(kSHLO);
// Choose the latest version.
ParsedQuicVersionVector supported_versions;
ParsedQuicVersion version = AllSupportedVersions().front();
supported_versions.push_back(version);
msg.SetVersionVector(kVER, supported_versions);
QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
TlsClientHandshaker::CreateSslCtx());
QuicCryptoClientConfig::CachedState cached;
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> out_params(
new QuicCryptoNegotiatedParameters);
QuicString error_details;
EXPECT_EQ(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
config.ProcessServerHello(msg, EmptyQuicConnectionId(), version,
supported_versions, &cached, out_params,
&error_details));
EXPECT_EQ("server hello missing server nonce", error_details);
}
} // namespace test
} // namespace quic