src/net/quic/crypto/quic_crypto_client_config_test.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/quic_crypto_client_config.h"
   6
   7 #include "net/quic/crypto/proof_verifier.h"
   8 #include "net/quic/quic_server_id.h"
   9 #include "net/quic/test_tools/mock_random.h"
  10 #include "net/quic/test_tools/quic_test_utils.h"
  11 #include "testing/gtest/include/gtest/gtest.h"
  12
  13 using std::string;
  14 using std::vector;
  15
  16 namespace net {
  17 namespace test {
  18 namespace {
  19
  20 class TestProofVerifyDetails : public ProofVerifyDetails {
  21   virtual ~TestProofVerifyDetails() {}
  22
  23   // ProofVerifyDetails implementation
  24   virtual ProofVerifyDetails* Clone() const OVERRIDE {
  25     return new TestProofVerifyDetails;
  26   }
  27 };
  28
  29 }  // namespace
  30
  31 TEST(QuicCryptoClientConfigTest, CachedState_IsEmpty) {
  32   QuicCryptoClientConfig::CachedState state;
  33   EXPECT_TRUE(state.IsEmpty());
  34 }
  35
  36 TEST(QuicCryptoClientConfigTest, CachedState_IsComplete) {
  37   QuicCryptoClientConfig::CachedState state;
  38   EXPECT_FALSE(state.IsComplete(QuicWallTime::FromUNIXSeconds(0)));
  39 }
  40
  41 TEST(QuicCryptoClientConfigTest, CachedState_GenerationCounter) {
  42   QuicCryptoClientConfig::CachedState state;
  43   EXPECT_EQ(0u, state.generation_counter());
  44   state.SetProofInvalid();
  45   EXPECT_EQ(1u, state.generation_counter());
  46 }
  47
  48 TEST(QuicCryptoClientConfigTest, CachedState_SetProofVerifyDetails) {
  49   QuicCryptoClientConfig::CachedState state;
  50   EXPECT_TRUE(state.proof_verify_details() == NULL);
  51   ProofVerifyDetails* details = new TestProofVerifyDetails;
  52   state.SetProofVerifyDetails(details);
  53   EXPECT_EQ(details, state.proof_verify_details());
  54 }
  55
  56 TEST(QuicCryptoClientConfigTest, CachedState_InitializeFrom) {
  57   QuicCryptoClientConfig::CachedState state;
  58   QuicCryptoClientConfig::CachedState other;
  59   state.set_source_address_token("TOKEN");
  60   // TODO(rch): Populate other fields of |state|.
  61   other.InitializeFrom(state);
  62   EXPECT_EQ(state.server_config(), other.server_config());
  63   EXPECT_EQ(state.source_address_token(), other.source_address_token());
  64   EXPECT_EQ(state.certs(), other.certs());
  65   EXPECT_EQ(1u, other.generation_counter());
  66 }
  67
  68 TEST(QuicCryptoClientConfigTest, InchoateChlo) {
  69   QuicCryptoClientConfig::CachedState state;
  70   QuicCryptoClientConfig config;
  71   QuicCryptoNegotiatedParameters params;
  72   CryptoHandshakeMessage msg;
  73   QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED);
  74   config.FillInchoateClientHello(server_id, QuicVersionMax(), &state,
  75                                  &params, &msg);
  76
  77   QuicTag cver;
  78   EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kVER, &cver));
  79   EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver);
  80 }
  81
  82 TEST(QuicCryptoClientConfigTest, PreferAesGcm) {
  83   QuicCryptoClientConfig config;
  84   config.SetDefaults();
  85   if (config.aead.size() > 1)
  86     EXPECT_NE(kAESG, config.aead[0]);
  87   config.PreferAesGcm();
  88   EXPECT_EQ(kAESG, config.aead[0]);
  89 }
  90
  91 TEST(QuicCryptoClientConfigTest, InchoateChloSecure) {
  92   QuicCryptoClientConfig::CachedState state;
  93   QuicCryptoClientConfig config;
  94   QuicCryptoNegotiatedParameters params;
  95   CryptoHandshakeMessage msg;
  96   QuicServerId server_id("www.google.com", 443, true, PRIVACY_MODE_DISABLED);
  97   config.FillInchoateClientHello(server_id, QuicVersionMax(), &state,
  98                                  &params, &msg);
  99
 100   QuicTag pdmd;
 101   EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd));
 102   EXPECT_EQ(kX509, pdmd);
 103 }
 104
 105 TEST(QuicCryptoClientConfigTest, InchoateChloSecureNoEcdsa) {
 106   QuicCryptoClientConfig::CachedState state;
 107   QuicCryptoClientConfig config;
 108   config.DisableEcdsa();
 109   QuicCryptoNegotiatedParameters params;
 110   CryptoHandshakeMessage msg;
 111   QuicServerId server_id("www.google.com", 443, true, PRIVACY_MODE_DISABLED);
 112   config.FillInchoateClientHello(server_id, QuicVersionMax(), &state,
 113                                  &params, &msg);
 114
 115   QuicTag pdmd;
 116   EXPECT_EQ(QUIC_NO_ERROR, msg.GetUint32(kPDMD, &pdmd));
 117   EXPECT_EQ(kX59R, pdmd);
 118 }
 119
 120 TEST(QuicCryptoClientConfigTest, FillClientHello) {
 121   QuicCryptoClientConfig::CachedState state;
 122   QuicCryptoClientConfig config;
 123   QuicCryptoNegotiatedParameters params;
 124   QuicConnectionId kConnectionId = 1234;
 125   string error_details;
 126   MockRandom rand;
 127   CryptoHandshakeMessage chlo;
 128   QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED);
 129   config.FillClientHello(server_id,
 130                          kConnectionId,
 131                          QuicVersionMax(),
 132                          &state,
 133                          QuicWallTime::Zero(),
 134                          &rand,
 135                          NULL,  // channel_id_key
 136                          &params,
 137                          &chlo,
 138                          &error_details);
 139
 140   // Verify that certain QuicTags have been set correctly in the CHLO.
 141   QuicTag cver;
 142   EXPECT_EQ(QUIC_NO_ERROR, chlo.GetUint32(kVER, &cver));
 143   EXPECT_EQ(QuicVersionToQuicTag(QuicVersionMax()), cver);
 144 }
 145
 146 TEST(QuicCryptoClientConfigTest, ProcessServerDowngradeAttack) {
 147   QuicVersionVector supported_versions = QuicSupportedVersions();
 148   if (supported_versions.size() == 1) {
 149     // No downgrade attack is possible if the client only supports one version.
 150     return;
 151   }
 152   QuicTagVector supported_version_tags;
 153   for (size_t i = supported_versions.size(); i > 0; --i) {
 154     supported_version_tags.push_back(
 155         QuicVersionToQuicTag(supported_versions[i - 1]));
 156   }
 157   CryptoHandshakeMessage msg;
 158   msg.set_tag(kSHLO);
 159   msg.SetVector(kVER, supported_version_tags);
 160
 161   QuicCryptoClientConfig::CachedState cached;
 162   QuicCryptoNegotiatedParameters out_params;
 163   string error;
 164   QuicCryptoClientConfig config;
 165   EXPECT_EQ(QUIC_VERSION_NEGOTIATION_MISMATCH,
 166             config.ProcessServerHello(msg, 0, supported_versions,
 167                                       &cached, &out_params, &error));
 168   EXPECT_EQ("Downgrade attack detected", error);
 169 }
 170
 171 TEST(QuicCryptoClientConfigTest, InitializeFrom) {
 172   QuicCryptoClientConfig config;
 173   QuicServerId canonical_server_id("www.google.com", 80, false,
 174                                    PRIVACY_MODE_DISABLED);
 175   QuicCryptoClientConfig::CachedState* state =
 176       config.LookupOrCreate(canonical_server_id);
 177   // TODO(rch): Populate other fields of |state|.
 178   state->set_source_address_token("TOKEN");
 179   state->SetProofValid();
 180
 181   QuicServerId other_server_id("mail.google.com", 80, false,
 182                                PRIVACY_MODE_DISABLED);
 183   config.InitializeFrom(other_server_id, canonical_server_id, &config);
 184   QuicCryptoClientConfig::CachedState* other =
 185       config.LookupOrCreate(other_server_id);
 186
 187   EXPECT_EQ(state->server_config(), other->server_config());
 188   EXPECT_EQ(state->source_address_token(), other->source_address_token());
 189   EXPECT_EQ(state->certs(), other->certs());
 190   EXPECT_EQ(1u, other->generation_counter());
 191 }
 192
 193 TEST(QuicCryptoClientConfigTest, Canonical) {
 194   QuicCryptoClientConfig config;
 195   config.AddCanonicalSuffix(".google.com");
 196   QuicServerId canonical_id1("www.google.com", 80, false,
 197                              PRIVACY_MODE_DISABLED);
 198   QuicServerId canonical_id2("mail.google.com", 80, false,
 199                              PRIVACY_MODE_DISABLED);
 200   QuicCryptoClientConfig::CachedState* state =
 201       config.LookupOrCreate(canonical_id1);
 202   // TODO(rch): Populate other fields of |state|.
 203   state->set_source_address_token("TOKEN");
 204   state->SetProofValid();
 205
 206   QuicCryptoClientConfig::CachedState* other =
 207       config.LookupOrCreate(canonical_id2);
 208
 209   EXPECT_TRUE(state->IsEmpty());
 210   EXPECT_EQ(state->server_config(), other->server_config());
 211   EXPECT_EQ(state->source_address_token(), other->source_address_token());
 212   EXPECT_EQ(state->certs(), other->certs());
 213   EXPECT_EQ(1u, other->generation_counter());
 214
 215   QuicServerId different_id("mail.google.org", 80, false,
 216                             PRIVACY_MODE_DISABLED);
 217   EXPECT_TRUE(config.LookupOrCreate(different_id)->IsEmpty());
 218 }
 219
 220 TEST(QuicCryptoClientConfigTest, CanonicalNotUsedIfNotValid) {
 221   QuicCryptoClientConfig config;
 222   config.AddCanonicalSuffix(".google.com");
 223   QuicServerId canonical_id1("www.google.com", 80, false,
 224                              PRIVACY_MODE_DISABLED);
 225   QuicServerId canonical_id2("mail.google.com", 80, false,
 226                              PRIVACY_MODE_DISABLED);
 227   QuicCryptoClientConfig::CachedState* state =
 228       config.LookupOrCreate(canonical_id1);
 229   // TODO(rch): Populate other fields of |state|.
 230   state->set_source_address_token("TOKEN");
 231
 232   // Do not set the proof as valid, and check that it is not used
 233   // as a canonical entry.
 234   EXPECT_TRUE(config.LookupOrCreate(canonical_id2)->IsEmpty());
 235 }
 236
 237 TEST(QuicCryptoClientConfigTest, ClearCachedStates) {
 238   QuicCryptoClientConfig config;
 239   QuicServerId server_id("www.google.com", 80, false, PRIVACY_MODE_DISABLED);
 240   QuicCryptoClientConfig::CachedState* state = config.LookupOrCreate(server_id);
 241   // TODO(rch): Populate other fields of |state|.
 242   vector<string> certs(1);
 243   certs[0] = "Hello Cert";
 244   state->SetProof(certs, "signature");
 245   state->set_source_address_token("TOKEN");
 246   state->SetProofValid();
 247   EXPECT_EQ(1u, state->generation_counter());
 248
 249   // Verify LookupOrCreate returns the same data.
 250   QuicCryptoClientConfig::CachedState* other = config.LookupOrCreate(server_id);
 251
 252   EXPECT_EQ(state, other);
 253   EXPECT_EQ(1u, other->generation_counter());
 254
 255   // Clear the cached states.
 256   config.ClearCachedStates();
 257
 258   // Verify LookupOrCreate doesn't have any data.
 259   QuicCryptoClientConfig::CachedState* cleared_cache =
 260       config.LookupOrCreate(server_id);
 261
 262   EXPECT_EQ(state, cleared_cache);
 263   EXPECT_FALSE(cleared_cache->proof_valid());
 264   EXPECT_TRUE(cleared_cache->server_config().empty());
 265   EXPECT_TRUE(cleared_cache->certs().empty());
 266   EXPECT_TRUE(cleared_cache->signature().empty());
 267   EXPECT_EQ(2u, cleared_cache->generation_counter());
 268 }
 269
 270 }  // namespace test
 271 }  // namespace net