1 // Copyright (c) 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6 #include <utility>
7
8 #include "net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h"
9 #include "net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h"
10 #include "net/third_party/quiche/src/quic/core/quic_utils.h"
11 #include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h"
12 #include "net/third_party/quiche/src/quic/core/tls_server_handshaker.h"
13 #include "net/third_party/quiche/src/quic/platform/api/quic_expect_bug.h"
14 #include "net/third_party/quiche/src/quic/platform/api/quic_test.h"
15 #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h"
16 #include "net/third_party/quiche/src/quic/test_tools/fake_proof_source.h"
17 #include "net/third_party/quiche/src/quic/test_tools/mock_quic_session_visitor.h"
18 #include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h"
19 #include "net/third_party/quiche/src/quic/tools/fake_proof_verifier.h"
20 #include "net/third_party/quiche/src/common/platform/api/quiche_arraysize.h"
21 #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h"
22
23 namespace quic {
24 namespace test {
25 namespace {
26
27 using ::testing::_;
28 using ::testing::ElementsAreArray;
29 using ::testing::Return;
30
31 class TestProofVerifier : public ProofVerifier {
32 public:
TestProofVerifier()33 TestProofVerifier()
34 : verifier_(crypto_test_utils::ProofVerifierForTesting()) {}
35
VerifyProof(const std::string & hostname,const uint16_t port,const std::string & server_config,QuicTransportVersion quic_version,quiche::QuicheStringPiece chlo_hash,const std::vector<std::string> & certs,const std::string & cert_sct,const std::string & signature,const ProofVerifyContext * context,std::string * error_details,std::unique_ptr<ProofVerifyDetails> * details,std::unique_ptr<ProofVerifierCallback> callback)36 QuicAsyncStatus VerifyProof(
37 const std::string& hostname,
38 const uint16_t port,
39 const std::string& server_config,
40 QuicTransportVersion quic_version,
41 quiche::QuicheStringPiece chlo_hash,
42 const std::vector<std::string>& certs,
43 const std::string& cert_sct,
44 const std::string& signature,
45 const ProofVerifyContext* context,
46 std::string* error_details,
47 std::unique_ptr<ProofVerifyDetails>* details,
48 std::unique_ptr<ProofVerifierCallback> callback) override {
49 return verifier_->VerifyProof(
50 hostname, port, server_config, quic_version, chlo_hash, certs, cert_sct,
51 signature, context, error_details, details, std::move(callback));
52 }
53
VerifyCertChain(const std::string & hostname,const std::vector<std::string> & certs,const std::string & ocsp_response,const std::string & cert_sct,const ProofVerifyContext * context,std::string * error_details,std::unique_ptr<ProofVerifyDetails> * details,std::unique_ptr<ProofVerifierCallback> callback)54 QuicAsyncStatus VerifyCertChain(
55 const std::string& hostname,
56 const std::vector<std::string>& certs,
57 const std::string& ocsp_response,
58 const std::string& cert_sct,
59 const ProofVerifyContext* context,
60 std::string* error_details,
61 std::unique_ptr<ProofVerifyDetails>* details,
62 std::unique_ptr<ProofVerifierCallback> callback) override {
63 if (!active_) {
64 return verifier_->VerifyCertChain(hostname, certs, ocsp_response,
65 cert_sct, context, error_details,
66 details, std::move(callback));
67 }
68 pending_ops_.push_back(std::make_unique<VerifyChainPendingOp>(
69 hostname, certs, ocsp_response, cert_sct, context, error_details,
70 details, std::move(callback), verifier_.get()));
71 return QUIC_PENDING;
72 }
73
CreateDefaultContext()74 std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override {
75 return nullptr;
76 }
77
Activate()78 void Activate() { active_ = true; }
79
NumPendingCallbacks() const80 size_t NumPendingCallbacks() const { return pending_ops_.size(); }
81
InvokePendingCallback(size_t n)82 void InvokePendingCallback(size_t n) {
83 CHECK(NumPendingCallbacks() > n);
84 pending_ops_[n]->Run();
85 auto it = pending_ops_.begin() + n;
86 pending_ops_.erase(it);
87 }
88
89 private:
90 // Implementation of ProofVerifierCallback that fails if the callback is ever
91 // run.
92 class FailingProofVerifierCallback : public ProofVerifierCallback {
93 public:
Run(bool,const std::string &,std::unique_ptr<ProofVerifyDetails> *)94 void Run(bool /*ok*/,
95 const std::string& /*error_details*/,
96 std::unique_ptr<ProofVerifyDetails>* /*details*/) override {
97 FAIL();
98 }
99 };
100
101 class VerifyChainPendingOp {
102 public:
VerifyChainPendingOp(const std::string & hostname,const std::vector<std::string> & certs,const std::string & ocsp_response,const std::string & cert_sct,const ProofVerifyContext * context,std::string * error_details,std::unique_ptr<ProofVerifyDetails> * details,std::unique_ptr<ProofVerifierCallback> callback,ProofVerifier * delegate)103 VerifyChainPendingOp(const std::string& hostname,
104 const std::vector<std::string>& certs,
105 const std::string& ocsp_response,
106 const std::string& cert_sct,
107 const ProofVerifyContext* context,
108 std::string* error_details,
109 std::unique_ptr<ProofVerifyDetails>* details,
110 std::unique_ptr<ProofVerifierCallback> callback,
111 ProofVerifier* delegate)
112 : hostname_(hostname),
113 certs_(certs),
114 ocsp_response_(ocsp_response),
115 cert_sct_(cert_sct),
116 context_(context),
117 error_details_(error_details),
118 details_(details),
119 callback_(std::move(callback)),
120 delegate_(delegate) {}
121
Run()122 void Run() {
123 // TestProofVerifier depends on crypto_test_utils::ProofVerifierForTesting
124 // running synchronously. It passes a FailingProofVerifierCallback and
125 // runs the original callback after asserting that the verification ran
126 // synchronously.
127 QuicAsyncStatus status = delegate_->VerifyCertChain(
128 hostname_, certs_, ocsp_response_, cert_sct_, context_,
129 error_details_, details_,
130 std::make_unique<FailingProofVerifierCallback>());
131 ASSERT_NE(status, QUIC_PENDING);
132 callback_->Run(status == QUIC_SUCCESS, *error_details_, details_);
133 }
134
135 private:
136 std::string hostname_;
137 std::vector<std::string> certs_;
138 std::string ocsp_response_;
139 std::string cert_sct_;
140 const ProofVerifyContext* context_;
141 std::string* error_details_;
142 std::unique_ptr<ProofVerifyDetails>* details_;
143 std::unique_ptr<ProofVerifierCallback> callback_;
144 ProofVerifier* delegate_;
145 };
146
147 std::unique_ptr<ProofVerifier> verifier_;
148 bool active_ = false;
149 std::vector<std::unique_ptr<VerifyChainPendingOp>> pending_ops_;
150 };
151
152 class TestQuicCryptoStream : public QuicCryptoStream {
153 public:
TestQuicCryptoStream(QuicSession * session)154 explicit TestQuicCryptoStream(QuicSession* session)
155 : QuicCryptoStream(session) {}
156
157 ~TestQuicCryptoStream() override = default;
158
159 virtual TlsHandshaker* handshaker() const = 0;
160
encryption_established() const161 bool encryption_established() const override {
162 return handshaker()->encryption_established();
163 }
164
one_rtt_keys_available() const165 bool one_rtt_keys_available() const override {
166 return handshaker()->one_rtt_keys_available();
167 }
168
crypto_negotiated_params() const169 const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
170 const override {
171 return handshaker()->crypto_negotiated_params();
172 }
173
crypto_message_parser()174 CryptoMessageParser* crypto_message_parser() override {
175 return handshaker()->crypto_message_parser();
176 }
177
WriteCryptoData(EncryptionLevel level,quiche::QuicheStringPiece data)178 void WriteCryptoData(EncryptionLevel level,
179 quiche::QuicheStringPiece data) override {
180 pending_writes_.push_back(std::make_pair(std::string(data), level));
181 }
182
OnPacketDecrypted(EncryptionLevel)183 void OnPacketDecrypted(EncryptionLevel /*level*/) override {}
OnOneRttPacketAcknowledged()184 void OnOneRttPacketAcknowledged() override {}
185
GetHandshakeState() const186 HandshakeState GetHandshakeState() const override {
187 return handshaker()->GetHandshakeState();
188 }
189
pending_writes()190 const std::vector<std::pair<std::string, EncryptionLevel>>& pending_writes() {
191 return pending_writes_;
192 }
193
194 // Sends the pending frames to |stream| and clears the array of pending
195 // writes.
SendCryptoMessagesToPeer(QuicCryptoStream * stream)196 void SendCryptoMessagesToPeer(QuicCryptoStream* stream) {
197 QUIC_LOG(INFO) << "Sending " << pending_writes_.size() << " frames";
198 // This is a minimal re-implementation of QuicCryptoStream::OnDataAvailable.
199 // It doesn't work to call QuicStream::OnStreamFrame because
200 // QuicCryptoStream::OnDataAvailable currently (as an implementation detail)
201 // relies on the QuicConnection to know the EncryptionLevel to pass into
202 // CryptoMessageParser::ProcessInput. Since the crypto messages in this test
203 // never reach the framer or connection and never get encrypted/decrypted,
204 // QuicCryptoStream::OnDataAvailable isn't able to call ProcessInput with
205 // the correct EncryptionLevel. Instead, that can be short-circuited by
206 // directly calling ProcessInput here.
207 for (size_t i = 0; i < pending_writes_.size(); ++i) {
208 if (!stream->crypto_message_parser()->ProcessInput(
209 pending_writes_[i].first, pending_writes_[i].second)) {
210 OnUnrecoverableError(stream->crypto_message_parser()->error(),
211 stream->crypto_message_parser()->error_detail());
212 break;
213 }
214 }
215 pending_writes_.clear();
216 }
217
218 private:
219 std::vector<std::pair<std::string, EncryptionLevel>> pending_writes_;
220 };
221
222 class MockProofHandler : public QuicCryptoClientStream::ProofHandler {
223 public:
224 MockProofHandler() = default;
~MockProofHandler()225 ~MockProofHandler() override {}
226
227 MOCK_METHOD1(OnProofValid, void(const QuicCryptoClientConfig::CachedState&));
228 MOCK_METHOD1(OnProofVerifyDetailsAvailable, void(const ProofVerifyDetails&));
229 };
230
231 class TestQuicCryptoClientStream : public TestQuicCryptoStream {
232 public:
TestQuicCryptoClientStream(QuicSession * session)233 explicit TestQuicCryptoClientStream(QuicSession* session)
234 : TestQuicCryptoClientStream(session,
235 QuicServerId("test.example.com", 443),
236 std::make_unique<TestProofVerifier>()) {}
237
TestQuicCryptoClientStream(QuicSession * session,const QuicServerId & server_id,std::unique_ptr<ProofVerifier> proof_verifier)238 TestQuicCryptoClientStream(QuicSession* session,
239 const QuicServerId& server_id,
240 std::unique_ptr<ProofVerifier> proof_verifier)
241 : TestQuicCryptoStream(session),
242 crypto_config_(std::move(proof_verifier),
243 /*session_cache*/ nullptr),
244 handshaker_(new TlsClientHandshaker(
245 server_id,
246 this,
247 session,
248 crypto_test_utils::ProofVerifyContextForTesting(),
249 &crypto_config_,
250 &proof_handler_)) {}
251
252 ~TestQuicCryptoClientStream() override = default;
253
handshaker() const254 TlsHandshaker* handshaker() const override { return handshaker_.get(); }
client_handshaker() const255 TlsClientHandshaker* client_handshaker() const { return handshaker_.get(); }
proof_handler()256 const MockProofHandler& proof_handler() { return proof_handler_; }
OnHandshakeDoneReceived()257 void OnHandshakeDoneReceived() override {}
258
CryptoConnect()259 bool CryptoConnect() { return handshaker_->CryptoConnect(); }
260
GetTestProofVerifier() const261 TestProofVerifier* GetTestProofVerifier() const {
262 return static_cast<TestProofVerifier*>(crypto_config_.proof_verifier());
263 }
264
265 private:
266 MockProofHandler proof_handler_;
267 QuicCryptoClientConfig crypto_config_;
268 std::unique_ptr<TlsClientHandshaker> handshaker_;
269 };
270
271 class TestTlsServerHandshaker : public TlsServerHandshaker {
272 public:
TestTlsServerHandshaker(QuicSession * session,SSL_CTX * ssl_ctx,ProofSource * proof_source,TestQuicCryptoStream * test_stream)273 TestTlsServerHandshaker(QuicSession* session,
274 SSL_CTX* ssl_ctx,
275 ProofSource* proof_source,
276 TestQuicCryptoStream* test_stream)
277 : TlsServerHandshaker(session, ssl_ctx, proof_source),
278 test_stream_(test_stream) {}
279
WriteCryptoData(EncryptionLevel level,quiche::QuicheStringPiece data)280 void WriteCryptoData(EncryptionLevel level,
281 quiche::QuicheStringPiece data) override {
282 test_stream_->WriteCryptoData(level, data);
283 }
284
285 private:
286 TestQuicCryptoStream* test_stream_;
287 };
288
289 class TestQuicCryptoServerStream : public TestQuicCryptoStream {
290 public:
TestQuicCryptoServerStream(QuicSession * session,FakeProofSource * proof_source)291 TestQuicCryptoServerStream(QuicSession* session,
292 FakeProofSource* proof_source)
293 : TestQuicCryptoStream(session),
294 proof_source_(proof_source),
295 ssl_ctx_(TlsServerConnection::CreateSslCtx()),
296 handshaker_(new TestTlsServerHandshaker(session,
297 ssl_ctx_.get(),
298 proof_source_,
299 this)) {}
300
301 ~TestQuicCryptoServerStream() override = default;
302
CancelOutstandingCallbacks()303 void CancelOutstandingCallbacks() {
304 handshaker_->CancelOutstandingCallbacks();
305 }
306
OnPacketDecrypted(EncryptionLevel level)307 void OnPacketDecrypted(EncryptionLevel level) override {
308 handshaker_->OnPacketDecrypted(level);
309 }
OnHandshakeDoneReceived()310 void OnHandshakeDoneReceived() override { DCHECK(false); }
311
handshaker() const312 TlsHandshaker* handshaker() const override { return handshaker_.get(); }
313
GetFakeProofSource() const314 FakeProofSource* GetFakeProofSource() const { return proof_source_; }
315
316 private:
317 FakeProofSource* proof_source_;
318 bssl::UniquePtr<SSL_CTX> ssl_ctx_;
319 std::unique_ptr<TlsServerHandshaker> handshaker_;
320 };
321
ExchangeHandshakeMessages(TestQuicCryptoStream * client,TestQuicCryptoServerStream * server)322 void ExchangeHandshakeMessages(TestQuicCryptoStream* client,
323 TestQuicCryptoServerStream* server) {
324 while (!client->pending_writes().empty() ||
325 !server->pending_writes().empty()) {
326 client->SendCryptoMessagesToPeer(server);
327 server->SendCryptoMessagesToPeer(client);
328 }
329 }
330
331 class TlsHandshakerTest : public QuicTestWithParam<ParsedQuicVersion> {
332 public:
TlsHandshakerTest()333 TlsHandshakerTest()
334 : version_(GetParam()),
335 client_conn_(new MockQuicConnection(&conn_helper_,
336 &alarm_factory_,
337 Perspective::IS_CLIENT,
338 {version_})),
339 server_conn_(new MockQuicConnection(&conn_helper_,
340 &alarm_factory_,
341 Perspective::IS_SERVER,
342 {version_})),
343 client_session_(client_conn_, /*create_mock_crypto_stream=*/false),
344 server_session_(server_conn_, /*create_mock_crypto_stream=*/false) {
345 client_stream_ = new TestQuicCryptoClientStream(&client_session_);
346 client_session_.SetCryptoStream(client_stream_);
347 server_stream_ =
348 new TestQuicCryptoServerStream(&server_session_, &proof_source_);
349 server_session_.SetCryptoStream(server_stream_);
350 client_session_.Initialize();
351 server_session_.Initialize();
352 EXPECT_FALSE(client_stream_->encryption_established());
353 EXPECT_FALSE(client_stream_->one_rtt_keys_available());
354 EXPECT_FALSE(server_stream_->encryption_established());
355 EXPECT_FALSE(server_stream_->one_rtt_keys_available());
356 const std::string default_alpn =
357 AlpnForVersion(client_session_.connection()->version());
358 ON_CALL(client_session_, GetAlpnsToOffer())
359 .WillByDefault(Return(std::vector<std::string>({default_alpn})));
360 ON_CALL(server_session_, SelectAlpn(_))
361 .WillByDefault(
362 [default_alpn](
__anondc75982b0202( const std::vector<quiche::QuicheStringPiece>& alpns) 363 const std::vector<quiche::QuicheStringPiece>& alpns) {
364 return std::find(alpns.begin(), alpns.end(), default_alpn);
365 });
366 }
367
ExpectHandshakeSuccessful()368 void ExpectHandshakeSuccessful() {
369 EXPECT_TRUE(client_stream_->one_rtt_keys_available());
370 EXPECT_TRUE(client_stream_->encryption_established());
371 EXPECT_TRUE(server_stream_->one_rtt_keys_available());
372 EXPECT_TRUE(server_stream_->encryption_established());
373 EXPECT_EQ(HANDSHAKE_COMPLETE, client_stream_->GetHandshakeState());
374 EXPECT_EQ(HANDSHAKE_CONFIRMED, server_stream_->GetHandshakeState());
375
376 const auto& client_crypto_params =
377 client_stream_->crypto_negotiated_params();
378 const auto& server_crypto_params =
379 server_stream_->crypto_negotiated_params();
380 // The TLS params should be filled in on the client.
381 EXPECT_NE(0, client_crypto_params.cipher_suite);
382 EXPECT_NE(0, client_crypto_params.key_exchange_group);
383 EXPECT_NE(0, client_crypto_params.peer_signature_algorithm);
384
385 // The cipher suite and key exchange group should match on the client and
386 // server.
387 EXPECT_EQ(client_crypto_params.cipher_suite,
388 server_crypto_params.cipher_suite);
389 EXPECT_EQ(client_crypto_params.key_exchange_group,
390 server_crypto_params.key_exchange_group);
391 // We don't support client certs on the server (yet), so the server
392 // shouldn't have a peer signature algorithm to report.
393 EXPECT_EQ(0, server_crypto_params.peer_signature_algorithm);
394 }
395
396 ParsedQuicVersion version_;
397 MockQuicConnectionHelper conn_helper_;
398 MockAlarmFactory alarm_factory_;
399 MockQuicConnection* client_conn_;
400 MockQuicConnection* server_conn_;
401 MockQuicSession client_session_;
402 MockQuicSession server_session_;
403
404 FakeProofSource proof_source_;
405 TestQuicCryptoClientStream* client_stream_;
406 TestQuicCryptoServerStream* server_stream_;
407 };
408
AllSupportedTlsVersions()409 std::vector<ParsedQuicVersion> AllSupportedTlsVersions() {
410 std::vector<ParsedQuicVersion> tls_versions;
411 for (const ParsedQuicVersion& version : AllSupportedVersions()) {
412 if (version.handshake_protocol == PROTOCOL_TLS1_3) {
413 tls_versions.push_back(version);
414 }
415 }
416 return tls_versions;
417 }
418
419 INSTANTIATE_TEST_SUITE_P(TlsHandshakerTests,
420 TlsHandshakerTest,
421 ::testing::ValuesIn(AllSupportedTlsVersions()),
422 ::testing::PrintToStringParamName());
423
TEST_P(TlsHandshakerTest,CryptoHandshake)424 TEST_P(TlsHandshakerTest, CryptoHandshake) {
425 EXPECT_FALSE(client_conn_->IsHandshakeComplete());
426 EXPECT_FALSE(server_conn_->IsHandshakeComplete());
427
428 EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0);
429 EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0);
430 EXPECT_CALL(client_stream_->proof_handler(), OnProofVerifyDetailsAvailable);
431 client_stream_->CryptoConnect();
432 ExchangeHandshakeMessages(client_stream_, server_stream_);
433
434 ExpectHandshakeSuccessful();
435 }
436
TEST_P(TlsHandshakerTest,HandshakeWithAsyncProofSource)437 TEST_P(TlsHandshakerTest, HandshakeWithAsyncProofSource) {
438 EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0);
439 EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0);
440 // Enable FakeProofSource to capture call to ComputeTlsSignature and run it
441 // asynchronously.
442 FakeProofSource* proof_source = server_stream_->GetFakeProofSource();
443 proof_source->Activate();
444
445 // Start handshake.
446 client_stream_->CryptoConnect();
447 ExchangeHandshakeMessages(client_stream_, server_stream_);
448
449 ASSERT_EQ(proof_source->NumPendingCallbacks(), 1);
450 proof_source->InvokePendingCallback(0);
451
452 ExchangeHandshakeMessages(client_stream_, server_stream_);
453
454 ExpectHandshakeSuccessful();
455 }
456
TEST_P(TlsHandshakerTest,CancelPendingProofSource)457 TEST_P(TlsHandshakerTest, CancelPendingProofSource) {
458 EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0);
459 EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0);
460 // Enable FakeProofSource to capture call to ComputeTlsSignature and run it
461 // asynchronously.
462 FakeProofSource* proof_source = server_stream_->GetFakeProofSource();
463 proof_source->Activate();
464
465 // Start handshake.
466 client_stream_->CryptoConnect();
467 ExchangeHandshakeMessages(client_stream_, server_stream_);
468
469 ASSERT_EQ(proof_source->NumPendingCallbacks(), 1);
470 server_stream_ = nullptr;
471
472 proof_source->InvokePendingCallback(0);
473 }
474
TEST_P(TlsHandshakerTest,HandshakeWithAsyncProofVerifier)475 TEST_P(TlsHandshakerTest, HandshakeWithAsyncProofVerifier) {
476 EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0);
477 EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0);
478 // Enable TestProofVerifier to capture call to VerifyCertChain and run it
479 // asynchronously.
480 TestProofVerifier* proof_verifier = client_stream_->GetTestProofVerifier();
481 proof_verifier->Activate();
482
483 EXPECT_CALL(client_stream_->proof_handler(), OnProofVerifyDetailsAvailable);
484
485 // Start handshake.
486 client_stream_->CryptoConnect();
487 ExchangeHandshakeMessages(client_stream_, server_stream_);
488
489 ASSERT_EQ(proof_verifier->NumPendingCallbacks(), 1u);
490 proof_verifier->InvokePendingCallback(0);
491
492 ExchangeHandshakeMessages(client_stream_, server_stream_);
493
494 ExpectHandshakeSuccessful();
495 }
496
TEST_P(TlsHandshakerTest,ClientSendsNoSNI)497 TEST_P(TlsHandshakerTest, ClientSendsNoSNI) {
498 // Create a new client stream (and handshaker) with an empty server hostname.
499 client_stream_ =
500 new TestQuicCryptoClientStream(&client_session_, QuicServerId("", 443),
501 std::make_unique<FakeProofVerifier>());
502 client_session_.SetCryptoStream(client_stream_);
503
504 EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0);
505 EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0);
506 EXPECT_CALL(client_stream_->proof_handler(), OnProofVerifyDetailsAvailable);
507 client_stream_->CryptoConnect();
508 ExchangeHandshakeMessages(client_stream_, server_stream_);
509
510 ExpectHandshakeSuccessful();
511 EXPECT_EQ(server_stream_->crypto_negotiated_params().sni, "");
512 }
513
TEST_P(TlsHandshakerTest,ServerExtractSNI)514 TEST_P(TlsHandshakerTest, ServerExtractSNI) {
515 EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0);
516 EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0);
517 EXPECT_CALL(client_stream_->proof_handler(), OnProofVerifyDetailsAvailable);
518 client_stream_->CryptoConnect();
519 ExchangeHandshakeMessages(client_stream_, server_stream_);
520 ExpectHandshakeSuccessful();
521
522 EXPECT_EQ(server_stream_->crypto_negotiated_params().sni, "test.example.com");
523 }
524
TEST_P(TlsHandshakerTest,ClientConnectionClosedOnTlsError)525 TEST_P(TlsHandshakerTest, ClientConnectionClosedOnTlsError) {
526 // Have client send ClientHello.
527 client_stream_->CryptoConnect();
528 EXPECT_CALL(*client_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED, _, _));
529
530 // Send a zero-length ServerHello from server to client.
531 char bogus_handshake_message[] = {
532 // Handshake struct (RFC 8446 appendix B.3)
533 2, // HandshakeType server_hello
534 0, 0, 0, // uint24 length
535 };
536 server_stream_->WriteCryptoData(
537 ENCRYPTION_INITIAL,
538 quiche::QuicheStringPiece(bogus_handshake_message,
539 QUICHE_ARRAYSIZE(bogus_handshake_message)));
540 server_stream_->SendCryptoMessagesToPeer(client_stream_);
541
542 EXPECT_FALSE(client_stream_->one_rtt_keys_available());
543 }
544
TEST_P(TlsHandshakerTest,ServerConnectionClosedOnTlsError)545 TEST_P(TlsHandshakerTest, ServerConnectionClosedOnTlsError) {
546 EXPECT_CALL(*server_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED, _, _));
547
548 // Send a zero-length ClientHello from client to server.
549 char bogus_handshake_message[] = {
550 // Handshake struct (RFC 8446 appendix B.3)
551 1, // HandshakeType client_hello
552 0, 0, 0, // uint24 length
553 };
554 client_stream_->WriteCryptoData(
555 ENCRYPTION_INITIAL,
556 quiche::QuicheStringPiece(bogus_handshake_message,
557 QUICHE_ARRAYSIZE(bogus_handshake_message)));
558 client_stream_->SendCryptoMessagesToPeer(server_stream_);
559
560 EXPECT_FALSE(server_stream_->one_rtt_keys_available());
561 }
562
TEST_P(TlsHandshakerTest,ClientNotSendingALPN)563 TEST_P(TlsHandshakerTest, ClientNotSendingALPN) {
564 client_stream_->client_handshaker()->AllowEmptyAlpnForTests();
565 EXPECT_CALL(client_session_, GetAlpnsToOffer())
566 .WillOnce(Return(std::vector<std::string>()));
567 EXPECT_CALL(*client_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED,
568 "Server did not select ALPN", _));
569 EXPECT_CALL(*server_conn_,
570 CloseConnection(QUIC_HANDSHAKE_FAILED,
571 "Server did not receive a known ALPN", _));
572 client_stream_->CryptoConnect();
573 ExchangeHandshakeMessages(client_stream_, server_stream_);
574
575 EXPECT_FALSE(client_stream_->one_rtt_keys_available());
576 EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available),
577 client_stream_->encryption_established());
578 EXPECT_FALSE(server_stream_->one_rtt_keys_available());
579 EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available),
580 server_stream_->encryption_established());
581 }
582
TEST_P(TlsHandshakerTest,ClientSendingBadALPN)583 TEST_P(TlsHandshakerTest, ClientSendingBadALPN) {
584 const std::string kTestBadClientAlpn = "bad-client-alpn";
585 EXPECT_CALL(client_session_, GetAlpnsToOffer())
586 .WillOnce(Return(std::vector<std::string>({kTestBadClientAlpn})));
587 EXPECT_CALL(*client_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED,
588 "Server did not select ALPN", _));
589 EXPECT_CALL(*server_conn_,
590 CloseConnection(QUIC_HANDSHAKE_FAILED,
591 "Server did not receive a known ALPN", _));
592 client_stream_->CryptoConnect();
593 ExchangeHandshakeMessages(client_stream_, server_stream_);
594
595 EXPECT_FALSE(client_stream_->one_rtt_keys_available());
596 EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available),
597 client_stream_->encryption_established());
598 EXPECT_FALSE(server_stream_->one_rtt_keys_available());
599 EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available),
600 server_stream_->encryption_established());
601 }
602
TEST_P(TlsHandshakerTest,ClientSendingTooManyALPNs)603 TEST_P(TlsHandshakerTest, ClientSendingTooManyALPNs) {
604 std::string long_alpn(250, 'A');
605 EXPECT_CALL(client_session_, GetAlpnsToOffer())
606 .WillOnce(Return(std::vector<std::string>({
607 long_alpn + "1",
608 long_alpn + "2",
609 long_alpn + "3",
610 long_alpn + "4",
611 long_alpn + "5",
612 long_alpn + "6",
613 long_alpn + "7",
614 long_alpn + "8",
615 })));
616 EXPECT_QUIC_BUG(client_stream_->CryptoConnect(), "Failed to set ALPN");
617 }
618
TEST_P(TlsHandshakerTest,ServerRequiresCustomALPN)619 TEST_P(TlsHandshakerTest, ServerRequiresCustomALPN) {
620 const std::string kTestAlpn = "An ALPN That Client Did Not Offer";
621 EXPECT_CALL(server_session_, SelectAlpn(_))
622 .WillOnce(
623 [kTestAlpn](const std::vector<quiche::QuicheStringPiece>& alpns) {
624 return std::find(alpns.cbegin(), alpns.cend(), kTestAlpn);
625 });
626 EXPECT_CALL(*client_conn_, CloseConnection(QUIC_HANDSHAKE_FAILED,
627 "Server did not select ALPN", _));
628 EXPECT_CALL(*server_conn_,
629 CloseConnection(QUIC_HANDSHAKE_FAILED,
630 "Server did not receive a known ALPN", _));
631 client_stream_->CryptoConnect();
632 ExchangeHandshakeMessages(client_stream_, server_stream_);
633
634 EXPECT_FALSE(client_stream_->one_rtt_keys_available());
635 EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available),
636 client_stream_->encryption_established());
637 EXPECT_FALSE(server_stream_->one_rtt_keys_available());
638 EXPECT_EQ(GetQuicRestartFlag(quic_send_settings_on_write_key_available),
639 server_stream_->encryption_established());
640 }
641
TEST_P(TlsHandshakerTest,CustomALPNNegotiation)642 TEST_P(TlsHandshakerTest, CustomALPNNegotiation) {
643 EXPECT_CALL(*client_conn_, CloseConnection(_, _, _)).Times(0);
644 EXPECT_CALL(*server_conn_, CloseConnection(_, _, _)).Times(0);
645
646 const std::string kTestAlpn = "A Custom ALPN Value";
647 const std::vector<std::string> kTestAlpns(
648 {"foo", "bar", kTestAlpn, "something else"});
649 EXPECT_CALL(client_session_, GetAlpnsToOffer())
650 .WillRepeatedly(Return(kTestAlpns));
651 EXPECT_CALL(server_session_, SelectAlpn(_))
652 .WillOnce([kTestAlpn, kTestAlpns](
653 const std::vector<quiche::QuicheStringPiece>& alpns) {
654 EXPECT_THAT(alpns, ElementsAreArray(kTestAlpns));
655 return std::find(alpns.cbegin(), alpns.cend(), kTestAlpn);
656 });
657 EXPECT_CALL(client_session_,
658 OnAlpnSelected(quiche::QuicheStringPiece(kTestAlpn)));
659 EXPECT_CALL(server_session_,
660 OnAlpnSelected(quiche::QuicheStringPiece(kTestAlpn)));
661 client_stream_->CryptoConnect();
662 ExchangeHandshakeMessages(client_stream_, server_stream_);
663
664 ExpectHandshakeSuccessful();
665 }
666
667 } // namespace
668 } // namespace test
669 } // namespace quic
670