net/quic/quic_crypto_server_stream_test.cc - platform/external/chromium_org - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "net/quic/quic_crypto_server_stream.h"

 #include <map>
 #include <vector>

 #include "base/memory/scoped_ptr.h"
 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
 #include "net/quic/crypto/crypto_framer.h"
 #include "net/quic/crypto/crypto_handshake.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/crypto_server_config.h"
 #include "net/quic/crypto/crypto_utils.h"
 #include "net/quic/crypto/quic_decrypter.h"
 #include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/crypto/quic_random.h"
 #include "net/quic/quic_crypto_client_stream.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_session.h"
 #include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"

 namespace net {
 class QuicConnection;
 class ReliableQuicStream;
 }  // namespace net

 using testing::_;

 namespace net {
 namespace test {
 namespace {

 class QuicCryptoServerStreamTest : public ::testing::Test {
  public:
   QuicCryptoServerStreamTest()
       : guid_(1),
         addr_(ParseIPLiteralToNumber("192.0.2.33", &ip_) ?
               ip_ : IPAddressNumber(), 1),
         connection_(new PacketSavingConnection(guid_, addr_, true)),
         session_(connection_, QuicConfig(), true),
         crypto_config_(QuicCryptoServerConfig::TESTING,
                        QuicRandom::GetInstance()),
         stream_(crypto_config_, &session_) {
     config_.SetDefaults();
     session_.config()->SetDefaults();
     session_.SetCryptoStream(&stream_);
     // We advance the clock initially because the default time is zero and the
     // strike register worries that we've just overflowed a uint32 time.
     connection_->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
     // TODO(rtenneti): Enable testing of ProofSource.
     // crypto_config_.SetProofSource(CryptoTestUtils::ProofSourceForTesting());

     CryptoTestUtils::SetupCryptoServerConfigForTest(
         connection_->clock(), connection_->random_generator(),
         session_.config(), &crypto_config_);
   }

   void ConstructHandshakeMessage() {
     CryptoFramer framer;
     message_data_.reset(framer.ConstructHandshakeMessage(message_));
   }

   int CompleteCryptoHandshake() {
     return CryptoTestUtils::HandshakeWithFakeClient(connection_, &stream_,
                                                     client_options_);
   }

  protected:
   IPAddressNumber ip_;
   QuicGuid guid_;
   IPEndPoint addr_;
   PacketSavingConnection* connection_;
   TestSession session_;
   QuicConfig config_;
   QuicCryptoServerConfig crypto_config_;
   QuicCryptoServerStream stream_;
   CryptoHandshakeMessage message_;
   scoped_ptr<QuicData> message_data_;
   CryptoTestUtils::FakeClientOptions client_options_;
 };

 TEST_F(QuicCryptoServerStreamTest, NotInitiallyConected) {
   if (!Aes128Gcm12Encrypter::IsSupported()) {
     LOG(INFO) << "AES GCM not supported. Test skipped.";
     return;
   }

   EXPECT_FALSE(stream_.encryption_established());
   EXPECT_FALSE(stream_.handshake_confirmed());
 }

 TEST_F(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
   if (!Aes128Gcm12Encrypter::IsSupported()) {
     LOG(INFO) << "AES GCM not supported. Test skipped.";
     return;
   }

   // CompleteCryptoHandshake returns the number of client hellos sent. This
   // test should send:
   //   * One to get a source-address token and certificates.
   //   * One to complete the handshake.
   EXPECT_EQ(2, CompleteCryptoHandshake());
   EXPECT_TRUE(stream_.encryption_established());
   EXPECT_TRUE(stream_.handshake_confirmed());
 }

 TEST_F(QuicCryptoServerStreamTest, ZeroRTT) {
   if (!Aes128Gcm12Encrypter::IsSupported()) {
     LOG(INFO) << "AES GCM not supported. Test skipped.";
     return;
   }

   QuicGuid guid(1);
   IPAddressNumber ip;
   ParseIPLiteralToNumber("127.0.0.1", &ip);
   IPEndPoint addr(ip, 0);
   PacketSavingConnection* client_conn =
       new PacketSavingConnection(guid, addr, false);
   PacketSavingConnection* server_conn =
       new PacketSavingConnection(guid, addr, false);
   client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
   server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));

   QuicConfig client_config;
   client_config.SetDefaults();
   scoped_ptr<TestSession> client_session(
       new TestSession(client_conn, client_config, false));
   QuicCryptoClientConfig client_crypto_config;
   client_crypto_config.SetDefaults();

   scoped_ptr<QuicCryptoClientStream> client(new QuicCryptoClientStream(
         "test.example.com", client_session.get(), &client_crypto_config));
   client_session->SetCryptoStream(client.get());

   // Do a first handshake in order to prime the client config with the server's
   // information.
   CHECK(client->CryptoConnect());
   CHECK_EQ(1u, client_conn->packets_.size());

   scoped_ptr<TestSession> server_session(
       new TestSession(server_conn, config_, true));
   scoped_ptr<QuicCryptoServerStream> server(
       new QuicCryptoServerStream(crypto_config_, server_session.get()));
   server_session->SetCryptoStream(server.get());

   CryptoTestUtils::CommunicateHandshakeMessages(
       client_conn, client.get(), server_conn, server.get());
   EXPECT_EQ(2, client->num_sent_client_hellos());

   // Now do another handshake, hopefully in 0-RTT.
   LOG(INFO) << "Resetting for 0-RTT handshake attempt";

   client_conn = new PacketSavingConnection(guid, addr, false);
   server_conn = new PacketSavingConnection(guid, addr, false);
   // We need to advance time past the strike-server window so that it's
   // authoritative in this time span.
   client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
   server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));

   // This causes the client's nonce to be different and thus stops the
   // strike-register from rejecting the repeated nonce.
   reinterpret_cast<MockRandom*>(client_conn->random_generator())->ChangeValue();
   client_session.reset(new TestSession(client_conn, client_config, false));
   server_session.reset(new TestSession(server_conn, config_, true));
   client.reset(new QuicCryptoClientStream(
         "test.example.com", client_session.get(), &client_crypto_config));
   client_session->SetCryptoStream(client.get());

   server.reset(new QuicCryptoServerStream(crypto_config_,
                                           server_session.get()));
   server_session->SetCryptoStream(server.get());

   CHECK(client->CryptoConnect());

   CryptoTestUtils::CommunicateHandshakeMessages(
       client_conn, client.get(), server_conn, server.get());
   EXPECT_EQ(1, client->num_sent_client_hellos());
 }

 TEST_F(QuicCryptoServerStreamTest, MessageAfterHandshake) {
   if (!Aes128Gcm12Encrypter::IsSupported()) {
     LOG(INFO) << "AES GCM not supported. Test skipped.";
     return;
   }

   CompleteCryptoHandshake();
   EXPECT_CALL(*connection_, SendConnectionClose(
       QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE));
   message_.set_tag(kCHLO);
   ConstructHandshakeMessage();
   stream_.ProcessData(message_data_->data(), message_data_->length());
 }

 TEST_F(QuicCryptoServerStreamTest, BadMessageType) {
   if (!Aes128Gcm12Encrypter::IsSupported()) {
     LOG(INFO) << "AES GCM not supported. Test skipped.";
     return;
   }

   message_.set_tag(kSHLO);
   ConstructHandshakeMessage();
   EXPECT_CALL(*connection_, SendConnectionClose(
       QUIC_INVALID_CRYPTO_MESSAGE_TYPE));
   stream_.ProcessData(message_data_->data(), message_data_->length());
 }

 TEST_F(QuicCryptoServerStreamTest, WithoutCertificates) {
   if (!Aes128Gcm12Encrypter::IsSupported()) {
     LOG(INFO) << "AES GCM not supported. Test skipped.";
     return;
   }

   crypto_config_.SetProofSource(NULL);
   client_options_.dont_verify_certs = true;

   // Only 2 client hellos need to be sent in the no-certs case: one to get the
   // source-address token and the second to finish.
   EXPECT_EQ(2, CompleteCryptoHandshake());
   EXPECT_TRUE(stream_.encryption_established());
   EXPECT_TRUE(stream_.handshake_confirmed());
 }

 TEST_F(QuicCryptoServerStreamTest, ChannelID) {
   if (!Aes128Gcm12Encrypter::IsSupported()) {
     LOG(INFO) << "AES GCM not supported. Test skipped.";
     return;
   }

   client_options_.channel_id_enabled = true;
   // TODO(rtenneti): Enable testing of ProofVerifier.
   // CompleteCryptoHandshake verifies
   // stream_.crypto_negotiated_params().channel_id is correct.
   EXPECT_EQ(2, CompleteCryptoHandshake());
   EXPECT_TRUE(stream_.encryption_established());
   EXPECT_TRUE(stream_.handshake_confirmed());
 }

 }  // namespace
 }  // namespace test
 }  // namespace net
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "net/quic/quic_crypto_server_stream.h"

	#include <map>
	#include <vector>

	#include "base/memory/scoped_ptr.h"
	#include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
	#include "net/quic/crypto/crypto_framer.h"
	#include "net/quic/crypto/crypto_handshake.h"
	#include "net/quic/crypto/crypto_protocol.h"
	#include "net/quic/crypto/crypto_server_config.h"
	#include "net/quic/crypto/crypto_utils.h"
	#include "net/quic/crypto/quic_decrypter.h"
	#include "net/quic/crypto/quic_encrypter.h"
	#include "net/quic/crypto/quic_random.h"
	#include "net/quic/quic_crypto_client_stream.h"
	#include "net/quic/quic_protocol.h"
	#include "net/quic/quic_session.h"
	#include "net/quic/test_tools/crypto_test_utils.h"
	#include "net/quic/test_tools/quic_test_utils.h"
	#include "testing/gmock/include/gmock/gmock.h"
	#include "testing/gtest/include/gtest/gtest.h"

	namespace net {
	class QuicConnection;
	class ReliableQuicStream;
	} // namespace net

	using testing::_;

	namespace net {
	namespace test {
	namespace {

	class QuicCryptoServerStreamTest : public ::testing::Test {
	public:
	QuicCryptoServerStreamTest()
	: guid_(1),
	addr_(ParseIPLiteralToNumber("192.0.2.33", &ip_) ?
	ip_ : IPAddressNumber(), 1),
	connection_(new PacketSavingConnection(guid_, addr_, true)),
	session_(connection_, QuicConfig(), true),
	crypto_config_(QuicCryptoServerConfig::TESTING,
	QuicRandom::GetInstance()),
	stream_(crypto_config_, &session_) {
	config_.SetDefaults();
	session_.config()->SetDefaults();
	session_.SetCryptoStream(&stream_);
	// We advance the clock initially because the default time is zero and the
	// strike register worries that we've just overflowed a uint32 time.
	connection_->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
	// TODO(rtenneti): Enable testing of ProofSource.
	// crypto_config_.SetProofSource(CryptoTestUtils::ProofSourceForTesting());

	CryptoTestUtils::SetupCryptoServerConfigForTest(
	connection_->clock(), connection_->random_generator(),
	session_.config(), &crypto_config_);
	}

	void ConstructHandshakeMessage() {
	CryptoFramer framer;
	message_data_.reset(framer.ConstructHandshakeMessage(message_));
	}

	int CompleteCryptoHandshake() {
	return CryptoTestUtils::HandshakeWithFakeClient(connection_, &stream_,
	client_options_);
	}

	protected:
	IPAddressNumber ip_;
	QuicGuid guid_;
	IPEndPoint addr_;
	PacketSavingConnection* connection_;
	TestSession session_;
	QuicConfig config_;
	QuicCryptoServerConfig crypto_config_;
	QuicCryptoServerStream stream_;
	CryptoHandshakeMessage message_;
	scoped_ptr<QuicData> message_data_;
	CryptoTestUtils::FakeClientOptions client_options_;
	};

	TEST_F(QuicCryptoServerStreamTest, NotInitiallyConected) {
	if (!Aes128Gcm12Encrypter::IsSupported()) {
	LOG(INFO) << "AES GCM not supported. Test skipped.";
	return;
	}

	EXPECT_FALSE(stream_.encryption_established());
	EXPECT_FALSE(stream_.handshake_confirmed());
	}

	TEST_F(QuicCryptoServerStreamTest, ConnectedAfterCHLO) {
	if (!Aes128Gcm12Encrypter::IsSupported()) {
	LOG(INFO) << "AES GCM not supported. Test skipped.";
	return;
	}

	// CompleteCryptoHandshake returns the number of client hellos sent. This
	// test should send:
	// * One to get a source-address token and certificates.
	// * One to complete the handshake.
	EXPECT_EQ(2, CompleteCryptoHandshake());
	EXPECT_TRUE(stream_.encryption_established());
	EXPECT_TRUE(stream_.handshake_confirmed());
	}

	TEST_F(QuicCryptoServerStreamTest, ZeroRTT) {
	if (!Aes128Gcm12Encrypter::IsSupported()) {
	LOG(INFO) << "AES GCM not supported. Test skipped.";
	return;
	}

	QuicGuid guid(1);
	IPAddressNumber ip;
	ParseIPLiteralToNumber("127.0.0.1", &ip);
	IPEndPoint addr(ip, 0);
	PacketSavingConnection* client_conn =
	new PacketSavingConnection(guid, addr, false);
	PacketSavingConnection* server_conn =
	new PacketSavingConnection(guid, addr, false);
	client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));
	server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(100000));

	QuicConfig client_config;
	client_config.SetDefaults();
	scoped_ptr<TestSession> client_session(
	new TestSession(client_conn, client_config, false));
	QuicCryptoClientConfig client_crypto_config;
	client_crypto_config.SetDefaults();

	scoped_ptr<QuicCryptoClientStream> client(new QuicCryptoClientStream(
	"test.example.com", client_session.get(), &client_crypto_config));
	client_session->SetCryptoStream(client.get());

	// Do a first handshake in order to prime the client config with the server's
	// information.
	CHECK(client->CryptoConnect());
	CHECK_EQ(1u, client_conn->packets_.size());

	scoped_ptr<TestSession> server_session(
	new TestSession(server_conn, config_, true));
	scoped_ptr<QuicCryptoServerStream> server(
	new QuicCryptoServerStream(crypto_config_, server_session.get()));
	server_session->SetCryptoStream(server.get());

	CryptoTestUtils::CommunicateHandshakeMessages(
	client_conn, client.get(), server_conn, server.get());
	EXPECT_EQ(2, client->num_sent_client_hellos());

	// Now do another handshake, hopefully in 0-RTT.
	LOG(INFO) << "Resetting for 0-RTT handshake attempt";

	client_conn = new PacketSavingConnection(guid, addr, false);
	server_conn = new PacketSavingConnection(guid, addr, false);
	// We need to advance time past the strike-server window so that it's
	// authoritative in this time span.
	client_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));
	server_conn->AdvanceTime(QuicTime::Delta::FromSeconds(102000));

	// This causes the client's nonce to be different and thus stops the
	// strike-register from rejecting the repeated nonce.
	reinterpret_cast<MockRandom*>(client_conn->random_generator())->ChangeValue();
	client_session.reset(new TestSession(client_conn, client_config, false));
	server_session.reset(new TestSession(server_conn, config_, true));
	client.reset(new QuicCryptoClientStream(
	"test.example.com", client_session.get(), &client_crypto_config));
	client_session->SetCryptoStream(client.get());

	server.reset(new QuicCryptoServerStream(crypto_config_,
	server_session.get()));
	server_session->SetCryptoStream(server.get());

	CHECK(client->CryptoConnect());

	CryptoTestUtils::CommunicateHandshakeMessages(
	client_conn, client.get(), server_conn, server.get());
	EXPECT_EQ(1, client->num_sent_client_hellos());
	}

	TEST_F(QuicCryptoServerStreamTest, MessageAfterHandshake) {
	if (!Aes128Gcm12Encrypter::IsSupported()) {
	LOG(INFO) << "AES GCM not supported. Test skipped.";
	return;
	}

	CompleteCryptoHandshake();
	EXPECT_CALL(*connection_, SendConnectionClose(
	QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE));
	message_.set_tag(kCHLO);
	ConstructHandshakeMessage();
	stream_.ProcessData(message_data_->data(), message_data_->length());
	}

	TEST_F(QuicCryptoServerStreamTest, BadMessageType) {
	if (!Aes128Gcm12Encrypter::IsSupported()) {
	LOG(INFO) << "AES GCM not supported. Test skipped.";
	return;
	}

	message_.set_tag(kSHLO);
	ConstructHandshakeMessage();
	EXPECT_CALL(*connection_, SendConnectionClose(
	QUIC_INVALID_CRYPTO_MESSAGE_TYPE));
	stream_.ProcessData(message_data_->data(), message_data_->length());
	}

	TEST_F(QuicCryptoServerStreamTest, WithoutCertificates) {
	if (!Aes128Gcm12Encrypter::IsSupported()) {
	LOG(INFO) << "AES GCM not supported. Test skipped.";
	return;
	}

	crypto_config_.SetProofSource(NULL);
	client_options_.dont_verify_certs = true;

	// Only 2 client hellos need to be sent in the no-certs case: one to get the
	// source-address token and the second to finish.
	EXPECT_EQ(2, CompleteCryptoHandshake());
	EXPECT_TRUE(stream_.encryption_established());
	EXPECT_TRUE(stream_.handshake_confirmed());
	}

	TEST_F(QuicCryptoServerStreamTest, ChannelID) {
	if (!Aes128Gcm12Encrypter::IsSupported()) {
	LOG(INFO) << "AES GCM not supported. Test skipped.";
	return;
	}

	client_options_.channel_id_enabled = true;
	// TODO(rtenneti): Enable testing of ProofVerifier.
	// CompleteCryptoHandshake verifies
	// stream_.crypto_negotiated_params().channel_id is correct.
	EXPECT_EQ(2, CompleteCryptoHandshake());
	EXPECT_TRUE(stream_.encryption_established());
	EXPECT_TRUE(stream_.handshake_confirmed());
	}

	} // namespace
	} // namespace test
	} // namespace net