OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
6 | 6 |
7 #include <stdarg.h> | 7 #include <stdarg.h> |
8 | 8 |
9 #include <memory> | 9 #include <memory> |
10 | 10 |
11 #include "net/quic/core/crypto/aes_128_gcm_12_encrypter.h" | |
12 #include "net/quic/core/crypto/cert_compressor.h" | 11 #include "net/quic/core/crypto/cert_compressor.h" |
13 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h" | 12 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h" |
14 #include "net/quic/core/crypto/crypto_handshake_message.h" | 13 #include "net/quic/core/crypto/crypto_handshake_message.h" |
15 #include "net/quic/core/crypto/crypto_secret_boxer.h" | 14 #include "net/quic/core/crypto/crypto_secret_boxer.h" |
16 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" | 15 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" |
17 #include "net/quic/core/crypto/quic_random.h" | 16 #include "net/quic/core/crypto/quic_random.h" |
18 #include "net/quic/core/quic_flags.h" | |
19 #include "net/quic/core/quic_time.h" | 17 #include "net/quic/core/quic_time.h" |
20 #include "net/quic/platform/api/quic_socket_address.h" | 18 #include "net/quic/platform/api/quic_socket_address.h" |
21 #include "net/quic/test_tools/crypto_test_utils.h" | 19 #include "net/quic/test_tools/crypto_test_utils.h" |
22 #include "net/quic/test_tools/mock_clock.h" | 20 #include "net/quic/test_tools/mock_clock.h" |
23 #include "net/quic/test_tools/quic_crypto_server_config_peer.h" | 21 #include "net/quic/test_tools/quic_crypto_server_config_peer.h" |
24 #include "net/quic/test_tools/quic_test_utils.h" | |
25 #include "testing/gmock/include/gmock/gmock.h" | |
26 #include "testing/gtest/include/gtest/gtest.h" | 22 #include "testing/gtest/include/gtest/gtest.h" |
27 | 23 |
28 using base::StringPiece; | 24 using base::StringPiece; |
29 using std::string; | 25 using std::string; |
30 | 26 |
31 namespace net { | 27 namespace net { |
32 namespace test { | 28 namespace test { |
33 | 29 |
34 TEST(QuicCryptoServerConfigTest, ServerConfig) { | 30 TEST(QuicCryptoServerConfigTest, ServerConfig) { |
35 QuicRandom* rand = QuicRandom::GetInstance(); | 31 QuicRandom* rand = QuicRandom::GetInstance(); |
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
203 QuicRandom* rand_ = QuicRandom::GetInstance(); | 199 QuicRandom* rand_ = QuicRandom::GetInstance(); |
204 QuicCryptoServerConfig server_; | 200 QuicCryptoServerConfig server_; |
205 QuicCryptoServerConfigPeer peer_; | 201 QuicCryptoServerConfigPeer peer_; |
206 // Stores the primary config. | 202 // Stores the primary config. |
207 std::unique_ptr<CryptoHandshakeMessage> primary_config_; | 203 std::unique_ptr<CryptoHandshakeMessage> primary_config_; |
208 std::unique_ptr<QuicServerConfigProtobuf> override_config_protobuf_; | 204 std::unique_ptr<QuicServerConfigProtobuf> override_config_protobuf_; |
209 }; | 205 }; |
210 | 206 |
211 // Test basic behavior of source address tokens including being specific | 207 // Test basic behavior of source address tokens including being specific |
212 // to a single IP address and server config. | 208 // to a single IP address and server config. |
213 TEST_F(SourceAddressTokenTest, NewSourceAddressToken) { | 209 TEST_F(SourceAddressTokenTest, SourceAddressToken) { |
214 // Primary config generates configs that validate successfully. | 210 // Primary config generates configs that validate successfully. |
215 const string token4 = NewSourceAddressToken(kPrimary, ip4_); | 211 const string token4 = NewSourceAddressToken(kPrimary, ip4_); |
216 const string token4d = NewSourceAddressToken(kPrimary, ip4_dual_); | 212 const string token4d = NewSourceAddressToken(kPrimary, ip4_dual_); |
217 const string token6 = NewSourceAddressToken(kPrimary, ip6_); | 213 const string token6 = NewSourceAddressToken(kPrimary, ip6_); |
218 EXPECT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4, ip4_)); | 214 EXPECT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4, ip4_)); |
219 ASSERT_EQ(HANDSHAKE_OK, | 215 ASSERT_EQ(HANDSHAKE_OK, |
220 ValidateSourceAddressTokens(kPrimary, token4, ip4_dual_)); | 216 ValidateSourceAddressTokens(kPrimary, token4, ip4_dual_)); |
221 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE, | 217 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE, |
222 ValidateSourceAddressTokens(kPrimary, token4, ip6_)); | 218 ValidateSourceAddressTokens(kPrimary, token4, ip6_)); |
223 ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4d, ip4_)); | 219 ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token4d, ip4_)); |
224 ASSERT_EQ(HANDSHAKE_OK, | 220 ASSERT_EQ(HANDSHAKE_OK, |
225 ValidateSourceAddressTokens(kPrimary, token4d, ip4_dual_)); | 221 ValidateSourceAddressTokens(kPrimary, token4d, ip4_dual_)); |
226 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE, | 222 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE, |
227 ValidateSourceAddressTokens(kPrimary, token4d, ip6_)); | 223 ValidateSourceAddressTokens(kPrimary, token4d, ip6_)); |
228 ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token6, ip6_)); | 224 ASSERT_EQ(HANDSHAKE_OK, ValidateSourceAddressTokens(kPrimary, token6, ip6_)); |
229 } | 225 } |
230 | 226 |
231 TEST_F(SourceAddressTokenTest, NewSourceAddressTokenExpiration) { | 227 TEST_F(SourceAddressTokenTest, SourceAddressTokenExpiration) { |
232 const string token = NewSourceAddressToken(kPrimary, ip4_); | 228 const string token = NewSourceAddressToken(kPrimary, ip4_); |
233 | 229 |
234 // Validation fails if the token is from the future. | 230 // Validation fails if the token is from the future. |
235 clock_.AdvanceTime(QuicTime::Delta::FromSeconds(-3600 * 2)); | 231 clock_.AdvanceTime(QuicTime::Delta::FromSeconds(-3600 * 2)); |
236 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE, | 232 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE, |
237 ValidateSourceAddressTokens(kPrimary, token, ip4_)); | 233 ValidateSourceAddressTokens(kPrimary, token, ip4_)); |
238 | 234 |
239 // Validation fails after tokens expire. | 235 // Validation fails after tokens expire. |
240 clock_.AdvanceTime(QuicTime::Delta::FromSeconds(86400 * 7)); | 236 clock_.AdvanceTime(QuicTime::Delta::FromSeconds(86400 * 7)); |
241 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE, | 237 ASSERT_EQ(SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE, |
242 ValidateSourceAddressTokens(kPrimary, token, ip4_)); | 238 ValidateSourceAddressTokens(kPrimary, token, ip4_)); |
243 } | 239 } |
244 | 240 |
245 TEST_F(SourceAddressTokenTest, NewSourceAddressTokenWithNetworkParams) { | 241 TEST_F(SourceAddressTokenTest, SourceAddressTokenWithNetworkParams) { |
246 // Make sure that if the source address token contains CachedNetworkParameters | 242 // Make sure that if the source address token contains CachedNetworkParameters |
247 // that this gets written to ValidateSourceAddressToken output argument. | 243 // that this gets written to ValidateSourceAddressToken output argument. |
248 CachedNetworkParameters cached_network_params_input; | 244 CachedNetworkParameters cached_network_params_input; |
249 cached_network_params_input.set_bandwidth_estimate_bytes_per_second(1234); | 245 cached_network_params_input.set_bandwidth_estimate_bytes_per_second(1234); |
250 const string token4_with_cached_network_params = | 246 const string token4_with_cached_network_params = |
251 NewSourceAddressToken(kPrimary, ip4_, &cached_network_params_input); | 247 NewSourceAddressToken(kPrimary, ip4_, &cached_network_params_input); |
252 | 248 |
253 CachedNetworkParameters cached_network_params_output; | 249 CachedNetworkParameters cached_network_params_output; |
254 EXPECT_NE(cached_network_params_output.SerializeAsString(), | 250 EXPECT_NE(cached_network_params_output.SerializeAsString(), |
255 cached_network_params_input.SerializeAsString()); | 251 cached_network_params_input.SerializeAsString()); |
(...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
458 TEST_F(CryptoServerConfigsTest, InvalidConfigs) { | 454 TEST_F(CryptoServerConfigsTest, InvalidConfigs) { |
459 // Ensure that invalid configs don't change anything. | 455 // Ensure that invalid configs don't change anything. |
460 SetConfigs("a", 800, 1, "b", 900, 1, "c", 1100, 1, nullptr); | 456 SetConfigs("a", 800, 1, "b", 900, 1, "c", 1100, 1, nullptr); |
461 test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr); | 457 test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr); |
462 SetConfigs("a", 800, 1, "c", 1100, 1, "INVALID1", 1000, 1, nullptr); | 458 SetConfigs("a", 800, 1, "c", 1100, 1, "INVALID1", 1000, 1, nullptr); |
463 test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr); | 459 test_peer_.CheckConfigs("a", false, "b", true, "c", false, nullptr); |
464 } | 460 } |
465 | 461 |
466 } // namespace test | 462 } // namespace test |
467 } // namespace net | 463 } // namespace net |
OLD | NEW |