| // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/quic/crypto/crypto_utils.h" |
| |
| #include "net/quic/test_tools/quic_test_utils.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| using std::string; |
| |
| namespace net { |
| namespace test { |
| namespace { |
| |
| TEST(CryptoUtilsTest, IsValidSNI) { |
| // IP as SNI. |
| EXPECT_FALSE(CryptoUtils::IsValidSNI("192.168.0.1")); |
| // SNI without any dot. |
| EXPECT_FALSE(CryptoUtils::IsValidSNI("somedomain")); |
| // Invalid RFC2396 hostname |
| // TODO(rtenneti): Support RFC2396 hostname. |
| // EXPECT_FALSE(CryptoUtils::IsValidSNI("some_domain.com")); |
| // An empty string must be invalid otherwise the QUIC client will try sending |
| // it. |
| EXPECT_FALSE(CryptoUtils::IsValidSNI("")); |
| |
| // Valid SNI |
| EXPECT_TRUE(CryptoUtils::IsValidSNI("test.google.com")); |
| } |
| |
| TEST(CryptoUtilsTest, NormalizeHostname) { |
| struct { |
| const char *input, *expected; |
| } tests[] = { |
| { |
| "www.google.com", "www.google.com", |
| }, |
| { |
| "WWW.GOOGLE.COM", "www.google.com", |
| }, |
| { |
| "www.google.com.", "www.google.com", |
| }, |
| { |
| "www.google.COM.", "www.google.com", |
| }, |
| { |
| "www.google.com..", "www.google.com", |
| }, |
| { |
| "www.google.com........", "www.google.com", |
| }, |
| }; |
| |
| for (size_t i = 0; i < arraysize(tests); ++i) { |
| char buf[256]; |
| snprintf(buf, sizeof(buf), "%s", tests[i].input); |
| EXPECT_EQ(string(tests[i].expected), CryptoUtils::NormalizeHostname(buf)); |
| } |
| } |
| |
| TEST(CryptoUtilsTest, TestExportKeyingMaterial) { |
| const struct TestVector { |
| // Input (strings of hexadecimal digits): |
| const char* subkey_secret; |
| const char* label; |
| const char* context; |
| size_t result_len; |
| |
| // Expected output (string of hexadecimal digits): |
| const char* expected; // Null if it should fail. |
| } test_vector[] = { |
| // Try a typical input |
| {"4823c1189ecc40fce888fbb4cf9ae6254f19ba12e6d9af54788f195a6f509ca3", |
| "e934f78d7a71dd85420fceeb8cea0317", |
| "b8d766b5d3c8aba0009c7ed3de553eba53b4de1030ea91383dcdf724cd8b7217", 32, |
| "a9979da0d5f1c1387d7cbe68f5c4163ddb445a03c4ad6ee72cb49d56726d679e"}, |
| // Don't let the label contain nulls |
| {"14fe51e082ffee7d1b4d8d4ab41f8c55", "3132333435363700", |
| "58585858585858585858585858585858", 16, nullptr}, |
| // Make sure nulls in the context are fine |
| {"d862c2e36b0a42f7827c67ebc8d44df7", "7a5b95e4e8378123", |
| "4142434445464700", 16, "12d418c6d0738a2e4d85b2d0170f76e1"}, |
| // ... and give a different result than without |
| {"d862c2e36b0a42f7827c67ebc8d44df7", "7a5b95e4e8378123", "41424344454647", |
| 16, "abfa1c479a6e3ffb98a11dee7d196408"}, |
| // Try weird lengths |
| {"d0ec8a34f6cc9a8c96", "49711798cc6251", |
| "933d4a2f30d22f089cfba842791116adc121e0", 23, |
| "c9a46ed0757bd1812f1f21b4d41e62125fec8364a21db7"}, |
| }; |
| |
| for (size_t i = 0; i < arraysize(test_vector); i++) { |
| // Decode the test vector. |
| string subkey_secret = QuicUtils::HexDecode(test_vector[i].subkey_secret); |
| string label = QuicUtils::HexDecode(test_vector[i].label); |
| string context = QuicUtils::HexDecode(test_vector[i].context); |
| size_t result_len = test_vector[i].result_len; |
| bool expect_ok = test_vector[i].expected != nullptr; |
| string expected; |
| if (expect_ok) { |
| expected = QuicUtils::HexDecode(test_vector[i].expected); |
| } |
| |
| string result; |
| bool ok = CryptoUtils::ExportKeyingMaterial(subkey_secret, label, context, |
| result_len, &result); |
| EXPECT_EQ(expect_ok, ok); |
| if (expect_ok) { |
| EXPECT_EQ(result_len, result.length()); |
| test::CompareCharArraysWithHexError("HKDF output", result.data(), |
| result.length(), expected.data(), |
| expected.length()); |
| } |
| } |
| } |
| |
| TEST(CryptoUtilsTest, HandshakeFailureReasonToString) { |
| EXPECT_STREQ("HANDSHAKE_OK", |
| CryptoUtils::HandshakeFailureReasonToString(HANDSHAKE_OK)); |
| EXPECT_STREQ("CLIENT_NONCE_UNKNOWN_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| CLIENT_NONCE_UNKNOWN_FAILURE)); |
| EXPECT_STREQ("CLIENT_NONCE_INVALID_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| CLIENT_NONCE_INVALID_FAILURE)); |
| EXPECT_STREQ("CLIENT_NONCE_NOT_UNIQUE_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| CLIENT_NONCE_NOT_UNIQUE_FAILURE)); |
| EXPECT_STREQ("CLIENT_NONCE_INVALID_ORBIT_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| CLIENT_NONCE_INVALID_ORBIT_FAILURE)); |
| EXPECT_STREQ("CLIENT_NONCE_INVALID_TIME_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| CLIENT_NONCE_INVALID_TIME_FAILURE)); |
| EXPECT_STREQ("CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT", |
| CryptoUtils::HandshakeFailureReasonToString( |
| CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT)); |
| EXPECT_STREQ("CLIENT_NONCE_STRIKE_REGISTER_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| CLIENT_NONCE_STRIKE_REGISTER_FAILURE)); |
| EXPECT_STREQ("SERVER_NONCE_DECRYPTION_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SERVER_NONCE_DECRYPTION_FAILURE)); |
| EXPECT_STREQ("SERVER_NONCE_INVALID_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SERVER_NONCE_INVALID_FAILURE)); |
| EXPECT_STREQ("SERVER_NONCE_NOT_UNIQUE_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SERVER_NONCE_NOT_UNIQUE_FAILURE)); |
| EXPECT_STREQ("SERVER_NONCE_INVALID_TIME_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SERVER_NONCE_INVALID_TIME_FAILURE)); |
| EXPECT_STREQ("SERVER_NONCE_REQUIRED_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SERVER_NONCE_REQUIRED_FAILURE)); |
| EXPECT_STREQ("SERVER_CONFIG_INCHOATE_HELLO_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SERVER_CONFIG_INCHOATE_HELLO_FAILURE)); |
| EXPECT_STREQ("SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE)); |
| EXPECT_STREQ("SOURCE_ADDRESS_TOKEN_INVALID_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SOURCE_ADDRESS_TOKEN_INVALID_FAILURE)); |
| EXPECT_STREQ("SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE)); |
| EXPECT_STREQ("SOURCE_ADDRESS_TOKEN_PARSE_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SOURCE_ADDRESS_TOKEN_PARSE_FAILURE)); |
| EXPECT_STREQ("SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE)); |
| EXPECT_STREQ("SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE)); |
| EXPECT_STREQ("SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE)); |
| EXPECT_STREQ("INVALID_EXPECTED_LEAF_CERTIFICATE", |
| CryptoUtils::HandshakeFailureReasonToString( |
| INVALID_EXPECTED_LEAF_CERTIFICATE)); |
| EXPECT_STREQ("MAX_FAILURE_REASON", |
| CryptoUtils::HandshakeFailureReasonToString(MAX_FAILURE_REASON)); |
| EXPECT_STREQ( |
| "INVALID_HANDSHAKE_FAILURE_REASON", |
| CryptoUtils::HandshakeFailureReasonToString( |
| static_cast<HandshakeFailureReason>(MAX_FAILURE_REASON + 1))); |
| } |
| |
| } // namespace |
| } // namespace test |
| } // namespace net |
