src/net/quic/crypto/quic_crypto_client_config_test.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/quic_crypto_client_config.h"
   6
   7 #include "net/quic/crypto/proof_verifier.h"
   8 #include "net/quic/quic_server_id.h"
   9 #include "net/quic/test_tools/mock_random.h"
  10 #include "net/quic/test_tools/quic_test_utils.h"
  11 #include "testing/gtest/include/gtest/gtest.h"
  12
  13 using std::string;
  14 using std::vector;
  15
  16 namespace net {
  17 namespace test {
  18
  19 TEST(QuicCryptoClientConfigTest, CachedState_IsEmpty) {
  20   QuicCryptoClientConfig::CachedState state;
  21   EXPECT_TRUE(state.IsEmpty());
  22 }
  23
  24 TEST(QuicCryptoClientConfigTest, CachedState_IsComplete) {
  25   QuicCryptoClientConfig::CachedState state;
  26   EXPECT_FALSE(state.IsComplete(QuicWallTime::FromUNIXSeconds(0)));
  27 }
  28
  29 TEST(QuicCryptoClientConfigTest, CachedState_GenerationCounter) {
  30   QuicCryptoClientConfig::CachedState state;
  31   EXPECT_EQ(0u, state.generation_counter());
  32   state.SetProofInvalid();
  33   EXPECT_EQ(1u, state.generation_counter());
  34 }
  35
  36 TEST(QuicCryptoClientConfigTest, CachedState_SetProofVerifyDetails) {
  37   QuicCryptoClientConfig::CachedState state;
  38   EXPECT_TRUE(state.proof_verify_details() == NULL);
  39   ProofVerifyDetails* details = new ProofVerifyDetails;
  40   state.SetProofVerifyDetails(details);
  41   EXPECT_EQ(details, state.proof_verify_details());
  42 }
  43
  44 TEST(QuicCryptoClientConfigTest, CachedState_InitializeFrom) {
  45   QuicCryptoClientConfig::CachedState state;
  46   QuicCryptoClientConfig::CachedState other;
  47   state.set_source_address_token("TOKEN");
  48   // TODO(rch): Populate other fields of |state|.
  49   other.InitializeFrom(state);
  50   EXPECT_EQ(state.server_config(), other.server_config());
  51   EXPECT_EQ(state.source_address_token(), other.source_address_token());
  52   EXPECT_EQ(state.certs(), other.certs());
  53   EXPECT_EQ(1u, other.generation_counter());
  54 }
  55
  56 TEST(QuicCryptoClientConfigTest, InchoateChlo) {
  57   QuicCryptoClientConfig::CachedState state;
  58   QuicCryptoClientConfig config;
  59   QuicCryptoNegotiatedParameters params;
  60   CryptoHandshakeMessage msg;
  61   QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED);
  62   config.FillInchoateClientHello(server_id, QuicVersionMax(), &state,
  63                                  &params, &msg);
  64
  65   QuicTag cver;
  66   EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kVER, &cver));
  67   EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver);
  68 }
  69
  70 TEST(QuicCryptoClientConfigTest, PreferAesGcm) {
  71   QuicCryptoClientConfig config;
  72   config.SetDefaults();
  73   if (config.aead.size() > 1)
  74     EXPECT_NE(kAESG, config.aead[0]);
  75   config.PreferAesGcm();
  76   EXPECT_EQ(kAESG, config.aead[0]);
  77 }
  78
  79 TEST(QuicCryptoClientConfigTest, InchoateChloSecure) {
  80   QuicCryptoClientConfig::CachedState state;
  81   QuicCryptoClientConfig config;
  82   QuicCryptoNegotiatedParameters params;
  83   CryptoHandshakeMessage msg;
  84   QuicServerId server_id("www.google.com", 443, true, PRIVACY_MODE_DISABLED);
  85   config.FillInchoateClientHello(server_id, QuicVersionMax(), &state,
  86                                  &params, &msg);
  87
  88   QuicTag pdmd;
  89   EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd));
  90   EXPECT_EQ(kX509, pdmd);
  91 }
  92
  93 TEST(QuicCryptoClientConfigTest, InchoateChloSecureNoEcdsa) {
  94   QuicCryptoClientConfig::CachedState state;
  95   QuicCryptoClientConfig config;
  96   config.DisableEcdsa();
  97   QuicCryptoNegotiatedParameters params;
  98   CryptoHandshakeMessage msg;
  99   QuicServerId server_id("www.google.com", 443, true, PRIVACY_MODE_DISABLED);
 100   config.FillInchoateClientHello(server_id, QuicVersionMax(), &state,
 101                                  &params, &msg);
 102
 103   QuicTag pdmd;
 104   EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd));
 105   EXPECT_EQ(kX59R, pdmd);
 106 }
 107
 108 TEST(QuicCryptoClientConfigTest, FillClientHello) {
 109   QuicCryptoClientConfig::CachedState state;
 110   QuicCryptoClientConfig config;
 111   QuicCryptoNegotiatedParameters params;
 112   QuicConnectionId kConnectionId = 1234;
 113   uint32 kInitialFlowControlWindow = 5678;
 114   string error_details;
 115   MockRandom rand;
 116   CryptoHandshakeMessage chlo;
 117   QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED);
 118   config.FillClientHello(server_id,
 119                          kConnectionId,
 120                          QuicVersionMax(),
 121                          kInitialFlowControlWindow,
 122                          &state,
 123                          QuicWallTime::Zero(),
 124                          &rand,
 125                          &params,
 126                          &chlo,
 127                          &error_details);
 128
 129   // Verify that certain QuicTags have been set correctly in the CHLO.
 130   QuicTag cver;
 131   EXPECT_EQ(QUIC_NO_ERROR, chlo.GetUint32(kVER, &cver));
 132   EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver);
 133
 134   QuicTag ifcw;
 135   EXPECT_EQ(QUIC_NO_ERROR, chlo.GetUint32(kIFCW, &ifcw));
 136   EXPECT_EQ(kInitialFlowControlWindow, ifcw);
 137 }
 138
 139 TEST(QuicCryptoClientConfigTest, ProcessServerDowngradeAttack) {
 140   QuicVersionVector supported_versions = QuicSupportedVersions();
 141   if (supported_versions.size() == 1) {
 142     // No downgrade attack is possible if the client only supports one version.
 143     return;
 144   }
 145   QuicTagVector supported_version_tags;
 146   for (size_t i = supported_versions.size(); i > 0; --i) {
 147     supported_version_tags.push_back(
 148         QuicVersionToQuicTag(supported_versions[i - 1]));
 149   }
 150   CryptoHandshakeMessage msg;
 151   msg.set_tag(kSHLO);
 152   msg.SetVector(kVER, supported_version_tags);
 153
 154   QuicCryptoClientConfig::CachedState cached;
 155   QuicCryptoNegotiatedParameters out_params;
 156   string error;
 157   QuicCryptoClientConfig config;
 158   EXPECT_EQ(QUIC_VERSION_NEGOTIATION_MISMATCH,
 159             config.ProcessServerHello(msg, 0, supported_versions,
 160                                       &cached, &out_params, &error));
 161   EXPECT_EQ("Downgrade attack detected", error);
 162 }
 163
 164 TEST(QuicCryptoClientConfigTest, InitializeFrom) {
 165   QuicCryptoClientConfig config;
 166   QuicServerId canonical_server_id("www.google.com", 80, false,
 167                                    PRIVACY_MODE_DISABLED);
 168   QuicCryptoClientConfig::CachedState* state =
 169       config.LookupOrCreate(canonical_server_id);
 170   // TODO(rch): Populate other fields of |state|.
 171   state->set_source_address_token("TOKEN");
 172   state->SetProofValid();
 173
 174   QuicServerId other_server_id("mail.google.com", 80, false,
 175                                PRIVACY_MODE_DISABLED);
 176   config.InitializeFrom(other_server_id, canonical_server_id, &config);
 177   QuicCryptoClientConfig::CachedState* other =
 178       config.LookupOrCreate(other_server_id);
 179
 180   EXPECT_EQ(state->server_config(), other->server_config());
 181   EXPECT_EQ(state->source_address_token(), other->source_address_token());
 182   EXPECT_EQ(state->certs(), other->certs());
 183   EXPECT_EQ(1u, other->generation_counter());
 184 }
 185
 186 TEST(QuicCryptoClientConfigTest, Canonical) {
 187   QuicCryptoClientConfig config;
 188   config.AddCanonicalSuffix(".google.com");
 189   QuicServerId canonical_id1("www.google.com", 80, false,
 190                              PRIVACY_MODE_DISABLED);
 191   QuicServerId canonical_id2("mail.google.com", 80, false,
 192                              PRIVACY_MODE_DISABLED);
 193   QuicCryptoClientConfig::CachedState* state =
 194       config.LookupOrCreate(canonical_id1);
 195   // TODO(rch): Populate other fields of |state|.
 196   state->set_source_address_token("TOKEN");
 197   state->SetProofValid();
 198
 199   QuicCryptoClientConfig::CachedState* other =
 200       config.LookupOrCreate(canonical_id2);
 201
 202   EXPECT_TRUE(state->IsEmpty());
 203   EXPECT_EQ(state->server_config(), other->server_config());
 204   EXPECT_EQ(state->source_address_token(), other->source_address_token());
 205   EXPECT_EQ(state->certs(), other->certs());
 206   EXPECT_EQ(1u, other->generation_counter());
 207
 208   QuicServerId different_id("mail.google.org", 80, false,
 209                             PRIVACY_MODE_DISABLED);
 210   EXPECT_TRUE(config.LookupOrCreate(different_id)->IsEmpty());
 211 }
 212
 213 TEST(QuicCryptoClientConfigTest, CanonicalNotUsedIfNotValid) {
 214   QuicCryptoClientConfig config;
 215   config.AddCanonicalSuffix(".google.com");
 216   QuicServerId canonical_id1("www.google.com", 80, false,
 217                              PRIVACY_MODE_DISABLED);
 218   QuicServerId canonical_id2("mail.google.com", 80, false,
 219                              PRIVACY_MODE_DISABLED);
 220   QuicCryptoClientConfig::CachedState* state =
 221       config.LookupOrCreate(canonical_id1);
 222   // TODO(rch): Populate other fields of |state|.
 223   state->set_source_address_token("TOKEN");
 224
 225   // Do not set the proof as valid, and check that it is not used
 226   // as a canonical entry.
 227   EXPECT_TRUE(config.LookupOrCreate(canonical_id2)->IsEmpty());
 228 }
 229
 230 TEST(QuicCryptoClientConfigTest, ClearCachedStates) {
 231   QuicCryptoClientConfig config;
 232   QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED);
 233   QuicCryptoClientConfig::CachedState* state = config.LookupOrCreate(server_id);
 234   // TODO(rch): Populate other fields of |state|.
 235   vector<string> certs(1);
 236   certs[0] = "Hello Cert";
 237   state->SetProof(certs, "signature");
 238   state->set_source_address_token("TOKEN");
 239   state->SetProofValid();
 240   EXPECT_EQ(1u, state->generation_counter());
 241
 242   // Verify LookupOrCreate returns the same data.
 243   QuicCryptoClientConfig::CachedState* other = config.LookupOrCreate(server_id);
 244
 245   EXPECT_EQ(state, other);
 246   EXPECT_EQ(1u, other->generation_counter());
 247
 248   // Clear the cached states.
 249   config.ClearCachedStates();
 250
 251   // Verify LookupOrCreate doesn't have any data.
 252   QuicCryptoClientConfig::CachedState* cleared_cache =
 253       config.LookupOrCreate(server_id);
 254
 255   EXPECT_EQ(state, cleared_cache);
 256   EXPECT_FALSE(cleared_cache->proof_valid());
 257   EXPECT_TRUE(cleared_cache->server_config().empty());
 258   EXPECT_TRUE(cleared_cache->certs().empty());
 259   EXPECT_TRUE(cleared_cache->signature().empty());
 260   EXPECT_EQ(2u, cleared_cache->generation_counter());
 261 }
 262
 263 }  // namespace test
 264 }  // namespace net