net/quic/crypto/strike_register_test.cc - platform/external/chromium_org - Git at Google

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "net/quic/crypto/strike_register.h"

 #include <set>
 #include <string>

 #include "base/basictypes.h"
 #include "testing/gtest/include/gtest/gtest.h"

 namespace {

 using net::StrikeRegister;
 using std::set;
 using std::string;

 const uint8 kOrbit[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };

 // StrikeRegisterTests don't look at the random bytes so this function can
 // simply set the random bytes to 0.
 void SetNonce(uint8 nonce[32], unsigned time, const uint8 orbit[8]) {
   nonce[0] = time >> 24;
   nonce[1] = time >> 16;
   nonce[2] = time >> 8;
   nonce[3] = time;
   memcpy(nonce + 4, orbit, 8);
   memset(nonce + 12, 0, 20);
 }

 TEST(StrikeRegisterTest, SimpleHorizon) {
   // The set must reject values created on or before its own creation time.
   StrikeRegister set(10 /* max size */, 1000 /* current time */,
                      100 /* window secs */, kOrbit,
                      StrikeRegister::DENY_REQUESTS_AT_STARTUP);
   uint8 nonce[32];
   SetNonce(nonce, 999, kOrbit);
   ASSERT_FALSE(set.Insert(nonce, 1000));
   SetNonce(nonce, 1000, kOrbit);
   ASSERT_FALSE(set.Insert(nonce, 1000));
 }

 TEST(StrikeRegisterTest, NoStartupMode) {
   // Check that a strike register works immediately if NO_STARTUP_PERIOD_NEEDED
   // is specified.
   StrikeRegister set(10 /* max size */, 0 /* current time */,
                      100 /* window secs */, kOrbit,
                      StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
   uint8 nonce[32];
   SetNonce(nonce, 0, kOrbit);
   ASSERT_TRUE(set.Insert(nonce, 0));
   ASSERT_FALSE(set.Insert(nonce, 0));
 }

 TEST(StrikeRegisterTest, WindowFuture) {
   // The set must reject values outside the window.
   StrikeRegister set(10 /* max size */, 1000 /* current time */,
                      100 /* window secs */, kOrbit,
                      StrikeRegister::DENY_REQUESTS_AT_STARTUP);
   uint8 nonce[32];
   SetNonce(nonce, 1101, kOrbit);
   ASSERT_FALSE(set.Insert(nonce, 1000));
   SetNonce(nonce, 999, kOrbit);
   ASSERT_FALSE(set.Insert(nonce, 1100));
 }

 TEST(StrikeRegisterTest, BadOrbit) {
   // The set must reject values with the wrong orbit
   StrikeRegister set(10 /* max size */, 1000 /* current time */,
                      100 /* window secs */, kOrbit,
                      StrikeRegister::DENY_REQUESTS_AT_STARTUP);
   uint8 nonce[32];
   static const uint8 kBadOrbit[8] = { 0, 0, 0, 0, 1, 1, 1, 1 };
   SetNonce(nonce, 1101, kBadOrbit);
   ASSERT_FALSE(set.Insert(nonce, 1100));
 }

 TEST(StrikeRegisterTest, OneValue) {
   StrikeRegister set(10 /* max size */, 1000 /* current time */,
                      100 /* window secs */, kOrbit,
                      StrikeRegister::DENY_REQUESTS_AT_STARTUP);
   uint8 nonce[32];
   SetNonce(nonce, 1101, kOrbit);
   ASSERT_TRUE(set.Insert(nonce, 1100));
 }

 TEST(StrikeRegisterTest, RejectDuplicate) {
   // The set must reject values with the wrong orbit
   StrikeRegister set(10 /* max size */, 1000 /* current time */,
                      100 /* window secs */, kOrbit,
                      StrikeRegister::DENY_REQUESTS_AT_STARTUP);
   uint8 nonce[32];
   SetNonce(nonce, 1101, kOrbit);
   ASSERT_TRUE(set.Insert(nonce, 1100));
   ASSERT_FALSE(set.Insert(nonce, 1100));
 }

 TEST(StrikeRegisterTest, HorizonUpdating) {
   StrikeRegister set(5 /* max size */, 1000 /* current time */,
                      100 /* window secs */, kOrbit,
                      StrikeRegister::DENY_REQUESTS_AT_STARTUP);
   uint8 nonce[6][32];
   for (unsigned i = 0; i < 5; i++) {
     SetNonce(nonce[i], 1101, kOrbit);
     nonce[i][31] = i;
     ASSERT_TRUE(set.Insert(nonce[i], 1100));
   }

   // This should push the oldest value out and force the horizon to be updated.
   SetNonce(nonce[5], 1102, kOrbit);
   ASSERT_TRUE(set.Insert(nonce[5], 1100));

   // This should be behind the horizon now:
   SetNonce(nonce[5], 1101, kOrbit);
   nonce[5][31] = 10;
   ASSERT_FALSE(set.Insert(nonce[5], 1100));
 }

 TEST(StrikeRegisterTest, InsertMany) {
   StrikeRegister set(5000 /* max size */, 1000 /* current time */,
                      500 /* window secs */, kOrbit,
                      StrikeRegister::DENY_REQUESTS_AT_STARTUP);

   uint8 nonce[32];
   SetNonce(nonce, 1101, kOrbit);
   for (unsigned i = 0; i < 100000; i++) {
     SetNonce(nonce, 1101 + i/500, kOrbit);
     memcpy(nonce + 12, &i, sizeof(i));
     set.Insert(nonce, 1100);
   }
 }


 // For the following test we create a slow, but simple, version of a
 // StrikeRegister. The behaviour of this object is much easier to understand
 // than the fully fledged version. We then create a test to show, empirically,
 // that the two objects have identical behaviour.

 // A SlowStrikeRegister has the same public interface as a StrikeRegister, but
 // is much slower. Hopefully it is also more obviously correct and we can
 // empirically test that their behaviours are identical.
 class SlowStrikeRegister {
  public:
   SlowStrikeRegister(unsigned max_entries, uint32 current_time,
                      uint32 window_secs, const uint8 orbit[8])
       : max_entries_(max_entries),
         window_secs_(window_secs),
         creation_time_(current_time),
         horizon_(ExternalTimeToInternal(current_time + window_secs)) {
     memcpy(orbit_, orbit, sizeof(orbit_));
   }

   bool Insert(const uint8 nonce_bytes[32], const uint32 current_time_external) {
     const uint32 current_time = ExternalTimeToInternal(current_time_external);

     // Check to see if the orbit is correct.
     if (memcmp(nonce_bytes + 4, orbit_, sizeof(orbit_))) {
       return false;
     }
     const uint32 nonce_time =
         ExternalTimeToInternal(TimeFromBytes(nonce_bytes));
     // We have dropped one or more nonces with a time value of |horizon_|, so
     // we have to reject anything with a timestamp less than or equal to that.
     if (nonce_time <= horizon_) {
       return false;
     }

     // Check that the timestamp is in the current window.
     if ((current_time > window_secs_ &&
          nonce_time < (current_time - window_secs_)) ||
         nonce_time > (current_time + window_secs_)) {
       return false;
     }

     string nonce;
     nonce.reserve(32);
     nonce +=
         string(reinterpret_cast<const char*>(&nonce_time), sizeof(nonce_time));
     nonce +=
         string(reinterpret_cast<const char*>(nonce_bytes) + sizeof(nonce_time),
                32 - sizeof(nonce_time));

     set<string>::const_iterator it = nonces_.find(nonce);
     if (it != nonces_.end()) {
       return false;
     }

     if (nonces_.size() == max_entries_) {
       DropOldestEntry();
     }

     nonces_.insert(nonce);
     return true;
   }

  private:
   // TimeFromBytes returns a big-endian uint32 from |d|.
   static uint32 TimeFromBytes(const uint8 d[4]) {
     return static_cast<uint32>(d[0]) << 24 |
            static_cast<uint32>(d[1]) << 16 |
            static_cast<uint32>(d[2]) << 8 |
            static_cast<uint32>(d[3]);
   }

   uint32 ExternalTimeToInternal(uint32 external_time) {
     static const uint32 kCreationTimeFromInternalEpoch = 63115200.0;
     uint32 internal_epoch = 0;
     if (creation_time_ > kCreationTimeFromInternalEpoch) {
       internal_epoch = creation_time_ - kCreationTimeFromInternalEpoch;
     }

     return external_time - internal_epoch;
   }

   void DropOldestEntry() {
     set<string>::iterator oldest = nonces_.begin(), it;
     uint32 oldest_time =
         TimeFromBytes(reinterpret_cast<const uint8*>(oldest->data()));

     for (it = oldest; it != nonces_.end(); it++) {
       uint32 t = TimeFromBytes(reinterpret_cast<const uint8*>(it->data()));
       if (t < oldest_time ||
           (t == oldest_time && memcmp(it->data(), oldest->data(), 32) < 0)) {
         oldest_time = t;
         oldest = it;
       }
     }

     nonces_.erase(oldest);
     horizon_ = oldest_time;
   }

   const unsigned max_entries_;
   const unsigned window_secs_;
   const uint32 creation_time_;
   uint8 orbit_[8];
   uint32 horizon_;

   set<string> nonces_;
 };

 TEST(StrikeRegisterStressTest, Stress) {
   // Fixed seed gives reproducibility for this test.
   srand(42);
   unsigned max_entries = 64;
   uint32 current_time = 10000, window = 200;
   scoped_ptr<StrikeRegister> s1(
       new StrikeRegister(max_entries, current_time, window, kOrbit,
                          StrikeRegister::DENY_REQUESTS_AT_STARTUP));
   scoped_ptr<SlowStrikeRegister> s2(
       new SlowStrikeRegister(max_entries, current_time, window, kOrbit));
   uint64 i;

   // When making changes it's worth removing the limit on this test and running
   // it for a while. For the initial development an opt binary was left running
   // for 10 minutes.
   const uint64 kMaxIterations = 10000;
   for (i = 0; i < kMaxIterations; i++) {
     if (rand() % 1000 == 0) {
       // 0.1% chance of resetting the sets.
       max_entries = rand() % 300 + 2;
       current_time = rand() % 10000;
       window = rand() % 500;
       s1.reset(new StrikeRegister(max_entries, current_time, window, kOrbit,
                                   StrikeRegister::DENY_REQUESTS_AT_STARTUP));
       s2.reset(
           new SlowStrikeRegister(max_entries, current_time, window, kOrbit));
     }

     int32 time_delta = rand() % (window * 4);
     time_delta -= window * 2;
     const uint32 time = current_time + time_delta;
     if (time_delta < 0 && time > current_time) {
       continue;  // overflow
     }

     uint8 nonce[32];
     SetNonce(nonce, time, kOrbit);

     // There are 2048 possible nonce values:
     const uint32 v = rand() % 2048;
     nonce[30] = v >> 8;
     nonce[31] = v;

     const bool r2 = s2->Insert(nonce, time);
     const bool r1 = s1->Insert(nonce, time);

     if (r1 != r2) {
       break;
     }

     if (i % 10 == 0) {
       s1->Validate();
     }
   }

   if (i != kMaxIterations) {
     FAIL() << "Failed after " << i << " iterations";
   }
 }

 }  // anonymous namespace
	// Copyright (c) 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "net/quic/crypto/strike_register.h"

	#include <set>
	#include <string>

	#include "base/basictypes.h"
	#include "testing/gtest/include/gtest/gtest.h"

	namespace {

	using net::StrikeRegister;
	using std::set;
	using std::string;

	const uint8 kOrbit[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };

	// StrikeRegisterTests don't look at the random bytes so this function can
	// simply set the random bytes to 0.
	void SetNonce(uint8 nonce[32], unsigned time, const uint8 orbit[8]) {
	nonce[0] = time >> 24;
	nonce[1] = time >> 16;
	nonce[2] = time >> 8;
	nonce[3] = time;
	memcpy(nonce + 4, orbit, 8);
	memset(nonce + 12, 0, 20);
	}

	TEST(StrikeRegisterTest, SimpleHorizon) {
	// The set must reject values created on or before its own creation time.
	StrikeRegister set(10 /* max size /, 1000 / current time */,
	100 /* window secs */, kOrbit,
	StrikeRegister::DENY_REQUESTS_AT_STARTUP);
	uint8 nonce[32];
	SetNonce(nonce, 999, kOrbit);
	ASSERT_FALSE(set.Insert(nonce, 1000));
	SetNonce(nonce, 1000, kOrbit);
	ASSERT_FALSE(set.Insert(nonce, 1000));
	}

	TEST(StrikeRegisterTest, NoStartupMode) {
	// Check that a strike register works immediately if NO_STARTUP_PERIOD_NEEDED
	// is specified.
	StrikeRegister set(10 /* max size /, 0 / current time */,
	100 /* window secs */, kOrbit,
	StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
	uint8 nonce[32];
	SetNonce(nonce, 0, kOrbit);
	ASSERT_TRUE(set.Insert(nonce, 0));
	ASSERT_FALSE(set.Insert(nonce, 0));
	}

	TEST(StrikeRegisterTest, WindowFuture) {
	// The set must reject values outside the window.
	StrikeRegister set(10 /* max size /, 1000 / current time */,
	100 /* window secs */, kOrbit,
	StrikeRegister::DENY_REQUESTS_AT_STARTUP);
	uint8 nonce[32];
	SetNonce(nonce, 1101, kOrbit);
	ASSERT_FALSE(set.Insert(nonce, 1000));
	SetNonce(nonce, 999, kOrbit);
	ASSERT_FALSE(set.Insert(nonce, 1100));
	}

	TEST(StrikeRegisterTest, BadOrbit) {
	// The set must reject values with the wrong orbit
	StrikeRegister set(10 /* max size /, 1000 / current time */,
	100 /* window secs */, kOrbit,
	StrikeRegister::DENY_REQUESTS_AT_STARTUP);
	uint8 nonce[32];
	static const uint8 kBadOrbit[8] = { 0, 0, 0, 0, 1, 1, 1, 1 };
	SetNonce(nonce, 1101, kBadOrbit);
	ASSERT_FALSE(set.Insert(nonce, 1100));
	}

	TEST(StrikeRegisterTest, OneValue) {
	StrikeRegister set(10 /* max size /, 1000 / current time */,
	100 /* window secs */, kOrbit,
	StrikeRegister::DENY_REQUESTS_AT_STARTUP);
	uint8 nonce[32];
	SetNonce(nonce, 1101, kOrbit);
	ASSERT_TRUE(set.Insert(nonce, 1100));
	}

	TEST(StrikeRegisterTest, RejectDuplicate) {
	// The set must reject values with the wrong orbit
	StrikeRegister set(10 /* max size /, 1000 / current time */,
	100 /* window secs */, kOrbit,
	StrikeRegister::DENY_REQUESTS_AT_STARTUP);
	uint8 nonce[32];
	SetNonce(nonce, 1101, kOrbit);
	ASSERT_TRUE(set.Insert(nonce, 1100));
	ASSERT_FALSE(set.Insert(nonce, 1100));
	}

	TEST(StrikeRegisterTest, HorizonUpdating) {
	StrikeRegister set(5 /* max size /, 1000 / current time */,
	100 /* window secs */, kOrbit,
	StrikeRegister::DENY_REQUESTS_AT_STARTUP);
	uint8 nonce[6][32];
	for (unsigned i = 0; i < 5; i++) {
	SetNonce(nonce[i], 1101, kOrbit);
	nonce[i][31] = i;
	ASSERT_TRUE(set.Insert(nonce[i], 1100));
	}

	// This should push the oldest value out and force the horizon to be updated.
	SetNonce(nonce[5], 1102, kOrbit);
	ASSERT_TRUE(set.Insert(nonce[5], 1100));

	// This should be behind the horizon now:
	SetNonce(nonce[5], 1101, kOrbit);
	nonce[5][31] = 10;
	ASSERT_FALSE(set.Insert(nonce[5], 1100));
	}

	TEST(StrikeRegisterTest, InsertMany) {
	StrikeRegister set(5000 /* max size /, 1000 / current time */,
	500 /* window secs */, kOrbit,
	StrikeRegister::DENY_REQUESTS_AT_STARTUP);

	uint8 nonce[32];
	SetNonce(nonce, 1101, kOrbit);
	for (unsigned i = 0; i < 100000; i++) {
	SetNonce(nonce, 1101 + i/500, kOrbit);
	memcpy(nonce + 12, &i, sizeof(i));
	set.Insert(nonce, 1100);
	}
	}


	// For the following test we create a slow, but simple, version of a
	// StrikeRegister. The behaviour of this object is much easier to understand
	// than the fully fledged version. We then create a test to show, empirically,
	// that the two objects have identical behaviour.

	// A SlowStrikeRegister has the same public interface as a StrikeRegister, but
	// is much slower. Hopefully it is also more obviously correct and we can
	// empirically test that their behaviours are identical.
	class SlowStrikeRegister {
	public:
	SlowStrikeRegister(unsigned max_entries, uint32 current_time,
	uint32 window_secs, const uint8 orbit[8])
	: max_entries_(max_entries),
	window_secs_(window_secs),
	creation_time_(current_time),
	horizon_(ExternalTimeToInternal(current_time + window_secs)) {
	memcpy(orbit_, orbit, sizeof(orbit_));
	}

	bool Insert(const uint8 nonce_bytes[32], const uint32 current_time_external) {
	const uint32 current_time = ExternalTimeToInternal(current_time_external);

	// Check to see if the orbit is correct.
	if (memcmp(nonce_bytes + 4, orbit_, sizeof(orbit_))) {
	return false;
	}
	const uint32 nonce_time =
	ExternalTimeToInternal(TimeFromBytes(nonce_bytes));
	// We have dropped one or more nonces with a time value of \|horizon_\|, so
	// we have to reject anything with a timestamp less than or equal to that.
	if (nonce_time <= horizon_) {
	return false;
	}

	// Check that the timestamp is in the current window.
	if ((current_time > window_secs_ &&
	nonce_time < (current_time - window_secs_)) \|\|
	nonce_time > (current_time + window_secs_)) {
	return false;
	}

	string nonce;
	nonce.reserve(32);
	nonce +=
	string(reinterpret_cast<const char*>(&nonce_time), sizeof(nonce_time));
	nonce +=
	string(reinterpret_cast<const char*>(nonce_bytes) + sizeof(nonce_time),
	32 - sizeof(nonce_time));

	set<string>::const_iterator it = nonces_.find(nonce);
	if (it != nonces_.end()) {
	return false;
	}

	if (nonces_.size() == max_entries_) {
	DropOldestEntry();
	}

	nonces_.insert(nonce);
	return true;
	}

	private:
	// TimeFromBytes returns a big-endian uint32 from \|d\|.
	static uint32 TimeFromBytes(const uint8 d[4]) {
	return static_cast<uint32>(d[0]) << 24 \|
	static_cast<uint32>(d[1]) << 16 \|
	static_cast<uint32>(d[2]) << 8 \|
	static_cast<uint32>(d[3]);
	}

	uint32 ExternalTimeToInternal(uint32 external_time) {
	static const uint32 kCreationTimeFromInternalEpoch = 63115200.0;
	uint32 internal_epoch = 0;
	if (creation_time_ > kCreationTimeFromInternalEpoch) {
	internal_epoch = creation_time_ - kCreationTimeFromInternalEpoch;
	}

	return external_time - internal_epoch;
	}

	void DropOldestEntry() {
	set<string>::iterator oldest = nonces_.begin(), it;
	uint32 oldest_time =
	TimeFromBytes(reinterpret_cast<const uint8*>(oldest->data()));

	for (it = oldest; it != nonces_.end(); it++) {
	uint32 t = TimeFromBytes(reinterpret_cast<const uint8*>(it->data()));
	if (t < oldest_time \|\|
	(t == oldest_time && memcmp(it->data(), oldest->data(), 32) < 0)) {
	oldest_time = t;
	oldest = it;
	}
	}

	nonces_.erase(oldest);
	horizon_ = oldest_time;
	}

	const unsigned max_entries_;
	const unsigned window_secs_;
	const uint32 creation_time_;
	uint8 orbit_[8];
	uint32 horizon_;

	set<string> nonces_;
	};

	TEST(StrikeRegisterStressTest, Stress) {
	// Fixed seed gives reproducibility for this test.
	srand(42);
	unsigned max_entries = 64;
	uint32 current_time = 10000, window = 200;
	scoped_ptr<StrikeRegister> s1(
	new StrikeRegister(max_entries, current_time, window, kOrbit,
	StrikeRegister::DENY_REQUESTS_AT_STARTUP));
	scoped_ptr<SlowStrikeRegister> s2(
	new SlowStrikeRegister(max_entries, current_time, window, kOrbit));
	uint64 i;

	// When making changes it's worth removing the limit on this test and running
	// it for a while. For the initial development an opt binary was left running
	// for 10 minutes.
	const uint64 kMaxIterations = 10000;
	for (i = 0; i < kMaxIterations; i++) {
	if (rand() % 1000 == 0) {
	// 0.1% chance of resetting the sets.
	max_entries = rand() % 300 + 2;
	current_time = rand() % 10000;
	window = rand() % 500;
	s1.reset(new StrikeRegister(max_entries, current_time, window, kOrbit,
	StrikeRegister::DENY_REQUESTS_AT_STARTUP));
	s2.reset(
	new SlowStrikeRegister(max_entries, current_time, window, kOrbit));
	}

	int32 time_delta = rand() % (window * 4);
	time_delta -= window * 2;
	const uint32 time = current_time + time_delta;
	if (time_delta < 0 && time > current_time) {
	continue; // overflow
	}

	uint8 nonce[32];
	SetNonce(nonce, time, kOrbit);

	// There are 2048 possible nonce values:
	const uint32 v = rand() % 2048;
	nonce[30] = v >> 8;
	nonce[31] = v;

	const bool r2 = s2->Insert(nonce, time);
	const bool r1 = s1->Insert(nonce, time);

	if (r1 != r2) {
	break;
	}

	if (i % 10 == 0) {
	s1->Validate();
	}
	}

	if (i != kMaxIterations) {
	FAIL() << "Failed after " << i << " iterations";
	}
	}

	} // anonymous namespace