blob: 92cfab1f3e065b3b38d26632bdb88bb47e28cd8e [file] [log] [blame] [edit]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/third_party/quiche/src/quic/core/quic_crypto_client_handshaker.h"
#include "net/third_party/quiche/src/quic/core/proto/crypto_server_config.pb.h"
#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h"
#include "net/third_party/quiche/src/quic/core/tls_server_handshaker.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_test.h"
#include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h"
namespace quic {
namespace {
using ::testing::Test;
class TestProofHandler : public QuicCryptoClientStream::ProofHandler {
public:
~TestProofHandler() override {}
void OnProofValid(
const QuicCryptoClientConfig::CachedState& cached) override {}
void OnProofVerifyDetailsAvailable(
const ProofVerifyDetails& verify_details) override {}
};
class InsecureProofVerifier : public ProofVerifier {
public:
InsecureProofVerifier() {}
~InsecureProofVerifier() override {}
// ProofVerifier override.
QuicAsyncStatus VerifyProof(
const std::string& hostname,
const uint16_t port,
const std::string& server_config,
QuicTransportVersion transport_version,
QuicStringPiece chlo_hash,
const std::vector<std::string>& certs,
const std::string& cert_sct,
const std::string& signature,
const ProofVerifyContext* context,
std::string* error_details,
std::unique_ptr<ProofVerifyDetails>* verify_details,
std::unique_ptr<ProofVerifierCallback> callback) override {
return QUIC_SUCCESS;
}
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
const ProofVerifyContext* context,
std::string* error_details,
std::unique_ptr<ProofVerifyDetails>* details,
std::unique_ptr<ProofVerifierCallback> callback) override {
return QUIC_SUCCESS;
}
std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override {
return nullptr;
}
};
class DummyProofSource : public ProofSource {
public:
DummyProofSource() {}
~DummyProofSource() override {}
// ProofSource override.
void GetProof(const QuicSocketAddress& server_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
QuicStringPiece chlo_hash,
std::unique_ptr<Callback> callback) override {
QuicReferenceCountedPointer<ProofSource::Chain> chain =
GetCertChain(server_address, hostname);
QuicCryptoProof proof;
proof.signature = "Dummy signature";
proof.leaf_cert_scts = "Dummy timestamp";
callback->Run(true, chain, proof, nullptr /* details */);
}
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
const std::string& hostname) override {
std::vector<std::string> certs;
certs.push_back("Dummy cert");
return QuicReferenceCountedPointer<ProofSource::Chain>(
new ProofSource::Chain(certs));
}
void ComputeTlsSignature(
const QuicSocketAddress& server_address,
const std::string& hostname,
uint16_t signature_algorithm,
QuicStringPiece in,
std::unique_ptr<SignatureCallback> callback) override {
callback->Run(true, "Dummy signature");
}
};
class Handshaker : public QuicCryptoClientHandshaker {
public:
Handshaker(const QuicServerId& server_id,
QuicCryptoClientStream* stream,
QuicSession* session,
std::unique_ptr<ProofVerifyContext> verify_context,
QuicCryptoClientConfig* crypto_config,
QuicCryptoClientStream::ProofHandler* proof_handler)
: QuicCryptoClientHandshaker(server_id,
stream,
session,
std::move(verify_context),
crypto_config,
proof_handler) {}
void DoSendCHLOTest(QuicCryptoClientConfig::CachedState* cached) {
QuicCryptoClientHandshaker::DoSendCHLO(cached);
}
};
class QuicCryptoClientHandshakerTest : public Test {
protected:
QuicCryptoClientHandshakerTest()
: proof_handler_(),
helper_(),
alarm_factory_(),
server_id_("host", 123),
connection_(new test::MockQuicConnection(&helper_,
&alarm_factory_,
Perspective::IS_CLIENT)),
session_(connection_, false),
crypto_client_config_(QuicMakeUnique<InsecureProofVerifier>(),
quic::TlsClientHandshaker::CreateSslCtx()),
client_stream_(new QuicCryptoClientStream(server_id_,
&session_,
nullptr,
&crypto_client_config_,
&proof_handler_)),
handshaker_(server_id_,
client_stream_,
&session_,
nullptr,
&crypto_client_config_,
&proof_handler_),
state_() {
// Session takes the ownership of the client stream! (but handshaker also
// takes a reference to it, but doesn't take the ownership).
session_.SetCryptoStream(client_stream_);
session_.Initialize();
}
void InitializeServerParametersToEnableFullHello() {
QuicCryptoServerConfig::ConfigOptions options;
QuicServerConfigProtobuf config = QuicCryptoServerConfig::GenerateConfig(
helper_.GetRandomGenerator(), helper_.GetClock(), options);
state_.Initialize(
config.config(), "sourcetoken", std::vector<std::string>{"Dummy cert"},
"", "chlo_hash", "signature", helper_.GetClock()->WallNow(),
helper_.GetClock()->WallNow().Add(QuicTime::Delta::FromSeconds(30)));
state_.SetProofValid();
}
TestProofHandler proof_handler_;
test::MockQuicConnectionHelper helper_;
test::MockAlarmFactory alarm_factory_;
QuicServerId server_id_;
// Session takes the ownership of the connection.
test::MockQuicConnection* connection_;
test::MockQuicSession session_;
QuicCryptoClientConfig crypto_client_config_;
QuicCryptoClientStream* client_stream_;
Handshaker handshaker_;
QuicCryptoClientConfig::CachedState state_;
};
TEST_F(QuicCryptoClientHandshakerTest, TestSendFullPaddingInInchoateHello) {
handshaker_.DoSendCHLOTest(&state_);
EXPECT_TRUE(connection_->fully_pad_during_crypto_handshake());
}
TEST_F(QuicCryptoClientHandshakerTest, TestDisabledPaddingInInchoateHello) {
crypto_client_config_.set_pad_inchoate_hello(false);
handshaker_.DoSendCHLOTest(&state_);
EXPECT_FALSE(connection_->fully_pad_during_crypto_handshake());
}
TEST_F(QuicCryptoClientHandshakerTest,
TestPaddingInFullHelloEvenIfInchoateDisabled) {
// Disable inchoate, but full hello should still be padded.
crypto_client_config_.set_pad_inchoate_hello(false);
InitializeServerParametersToEnableFullHello();
handshaker_.DoSendCHLOTest(&state_);
EXPECT_TRUE(connection_->fully_pad_during_crypto_handshake());
}
TEST_F(QuicCryptoClientHandshakerTest, TestNoPaddingInFullHelloWhenDisabled) {
crypto_client_config_.set_pad_full_hello(false);
InitializeServerParametersToEnableFullHello();
handshaker_.DoSendCHLOTest(&state_);
EXPECT_FALSE(connection_->fully_pad_during_crypto_handshake());
}
} // namespace
} // namespace quic