Google Git
Sign in
chromium / chromium / src / 8de438314c523c2488dd7839eb3ce58a12b5a696 / . / net / quic / quic_stream_factory_fuzzer.cc
blob: 0d9ce44e12cbdb118cfef09e6a1b2c3c390de73f [file] [log] [blame]
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]1// Copyright 2017 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
Ryan Hamiltona3ee93a72018-08-01 22:03:08[diff] [blame]5#include "net/quic/quic_stream_factory.h"
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]6
7#include "base/test/fuzzed_data_provider.h"
8
9#include "net/base/test_completion_callback.h"
Ryan Sleevi8a9c9c12018-05-09 02:36:23[diff] [blame]10#include "net/cert/ct_policy_enforcer.h"
Ryan Sleevi987d2d92017-12-19 19:22:14[diff] [blame]11#include "net/cert/do_nothing_ct_verifier.h"
12#include "net/cert/mock_cert_verifier.h"
Ryan Hamiltone3e592e2017-11-16 04:49:09[diff] [blame]13#include "net/cert/x509_certificate.h"
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]14#include "net/dns/fuzzed_host_resolver.h"
15#include "net/http/http_server_properties_impl.h"
16#include "net/http/transport_security_state.h"
Ryan Hamiltona3ee93a72018-08-01 22:03:08[diff] [blame]17#include "net/quic/mock_crypto_client_stream_factory.h"
18#include "net/quic/quic_http_stream.h"
19#include "net/quic/test_task_runner.h"
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]20#include "net/socket/fuzzed_datagram_client_socket.h"
21#include "net/socket/fuzzed_socket_factory.h"
Paul Jensen8e3c5d32018-02-19 17:06:33[diff] [blame]22#include "net/socket/socket_tag.h"
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]23#include "net/ssl/channel_id_service.h"
24#include "net/ssl/default_channel_id_store.h"
Ryan Sleevi987d2d92017-12-19 19:22:14[diff] [blame]25#include "net/ssl/ssl_config_service_defaults.h"
Ryan Hamilton0a9f01462017-11-14 01:27:30[diff] [blame]26#include "net/test/gtest_util.h"
Ryan Hamilton56b10c5d2018-05-11 13:40:16[diff] [blame]27#include "net/third_party/quic/test_tools/mock_clock.h"
28#include "net/third_party/quic/test_tools/mock_random.h"
Ramin Halavatia1256c82018-02-21 06:18:21[diff] [blame]29#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]30
31namespace net {
32
33namespace {
34
Ryan Hamiltone3e592e2017-11-16 04:49:09[diff] [blame]35const char kCertData[] = {
36#include "net/data/ssl/certificates/wildcard.inc"
37};
38
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]39} // namespace
40
41namespace test {
42
43const char kServerHostName[] = "www.example.org";
44const int kServerPort = 443;
45const char kUrl[] = "https://www.example.org/";
46// TODO(nedwilliamson): Add POST here after testing
47// whether that can lead blocking while waiting for
48// the callbacks.
49const char kMethod[] = "GET";
50const size_t kBufferSize = 4096;
51const int kCertVerifyFlags = 0;
52
53// Static initialization for persistent factory data
54struct Env {
55 Env() : host_port_pair(kServerHostName, kServerPort), random_generator(0) {
Ryan Hamilton8d9ee76e2018-05-29 23:52:52[diff] [blame]56 clock.AdvanceTime(quic::QuicTime::Delta::FromSeconds(1));
Ryan Sleevib8449e02018-07-15 04:31:07[diff] [blame]57 ssl_config_service = std::make_unique<SSLConfigServiceDefaults>();
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]58 crypto_client_stream_factory.set_use_mock_crypter(true);
Ryan Sleevi987d2d92017-12-19 19:22:14[diff] [blame]59 cert_verifier = std::make_unique<MockCertVerifier>();
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]60 channel_id_service =
61 std::make_unique<ChannelIDService>(new DefaultChannelIDStore(nullptr));
Ryan Sleevi987d2d92017-12-19 19:22:14[diff] [blame]62 cert_transparency_verifier = std::make_unique<DoNothingCTVerifier>();
Ryan Hamilton0a9f01462017-11-14 01:27:30[diff] [blame]63 verify_details.cert_verify_result.verified_cert =
Ryan Hamiltone3e592e2017-11-16 04:49:09[diff] [blame]64 X509Certificate::CreateFromBytes(kCertData, arraysize(kCertData));
65 CHECK(verify_details.cert_verify_result.verified_cert);
Ryan Hamilton0a9f01462017-11-14 01:27:30[diff] [blame]66 verify_details.cert_verify_result.is_issued_by_known_root = true;
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]67 }
68
Ryan Hamilton8d9ee76e2018-05-29 23:52:52[diff] [blame]69 quic::MockClock clock;
Ryan Sleevib8449e02018-07-15 04:31:07[diff] [blame]70 std::unique_ptr<SSLConfigService> ssl_config_service;
Ryan Hamilton0a9f01462017-11-14 01:27:30[diff] [blame]71 ProofVerifyDetailsChromium verify_details;
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]72 MockCryptoClientStreamFactory crypto_client_stream_factory;
73 HostPortPair host_port_pair;
Ryan Hamilton8d9ee76e2018-05-29 23:52:52[diff] [blame]74 quic::test::MockRandom random_generator;
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]75 NetLogWithSource net_log;
76 std::unique_ptr<CertVerifier> cert_verifier;
77 std::unique_ptr<ChannelIDService> channel_id_service;
78 TransportSecurityState transport_security_state;
Ryan Hamilton8d9ee76e2018-05-29 23:52:52[diff] [blame]79 quic::QuicTagVector connection_options;
80 quic::QuicTagVector client_connection_options;
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]81 std::unique_ptr<CTVerifier> cert_transparency_verifier;
Ryan Sleevi8a9c9c12018-05-09 02:36:23[diff] [blame]82 DefaultCTPolicyEnforcer ct_policy_enforcer;
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]83};
84
85static struct Env* env = new Env();
86
87extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
88 base::FuzzedDataProvider data_provider(data, size);
89
90 FuzzedHostResolver host_resolver(HostResolver::Options(), nullptr,
91 &data_provider);
92 FuzzedSocketFactory socket_factory(&data_provider);
93
94 // Initialize this on each loop since some options mutate this.
95 HttpServerPropertiesImpl http_server_properties;
96
Ned Williamson1000a492017-11-09 20:40:14[diff] [blame]97 bool store_server_configs_in_properties = data_provider.ConsumeBool();
Jana Iyengar903dec22017-11-28 00:44:23[diff] [blame]98 bool close_sessions_on_ip_change = data_provider.ConsumeBool();
Ned Williamson1000a492017-11-09 20:40:14[diff] [blame]99 bool mark_quic_broken_when_network_blackholes = data_provider.ConsumeBool();
Ned Williamson1000a492017-11-09 20:40:14[diff] [blame]100 bool allow_server_migration = data_provider.ConsumeBool();
101 bool race_cert_verification = data_provider.ConsumeBool();
102 bool estimate_initial_rtt = data_provider.ConsumeBool();
Yixin Wang079ad542018-01-11 04:06:05[diff] [blame]103 bool headers_include_h2_stream_dependency = data_provider.ConsumeBool();
Ned Williamson1000a492017-11-09 20:40:14[diff] [blame]104 bool enable_token_binding = data_provider.ConsumeBool();
Nick Harper1e5757d42018-05-02 23:08:57[diff] [blame]105 bool enable_channel_id = data_provider.ConsumeBool();
kapishnikov7f8dd1e122018-01-24 06:10:49[diff] [blame]106 bool enable_socket_recv_optimization = data_provider.ConsumeBool();
Ned Williamson1000a492017-11-09 20:40:14[diff] [blame]107
Ryan Hamilton0a9f01462017-11-14 01:27:30[diff] [blame]108 env->crypto_client_stream_factory.AddProofVerifyDetails(&env->verify_details);
109
Zhongyi Shi63574b7f2018-06-01 20:22:25[diff] [blame]110 bool goaway_sessions_on_ip_change = false;
Zhongyi Shif4683a32017-12-01 00:03:28[diff] [blame]111 bool migrate_sessions_early_v2 = false;
Zhongyi Shi56e44b22017-12-02 00:06:33[diff] [blame]112 bool migrate_sessions_on_network_change_v2 = false;
Zhongyi Shi8de43832018-08-15 23:40:00[diff] [blame^]113 bool retry_on_alternate_network_before_handshake = false;
Renjiea5722ccf2018-08-10 00:18:49[diff] [blame]114 bool go_away_on_path_degrading = false;
Zhongyi Shif4683a32017-12-01 00:03:28[diff] [blame]115
Zhongyi Shi56e44b22017-12-02 00:06:33[diff] [blame]116 if (!close_sessions_on_ip_change) {
Zhongyi Shi63574b7f2018-06-01 20:22:25[diff] [blame]117 goaway_sessions_on_ip_change = data_provider.ConsumeBool();
118 if (!goaway_sessions_on_ip_change) {
119 migrate_sessions_on_network_change_v2 = data_provider.ConsumeBool();
120 if (migrate_sessions_on_network_change_v2) {
121 migrate_sessions_early_v2 = data_provider.ConsumeBool();
Zhongyi Shi8de43832018-08-15 23:40:00[diff] [blame^]122 retry_on_alternate_network_before_handshake =
123 data_provider.ConsumeBool();
Zhongyi Shi63574b7f2018-06-01 20:22:25[diff] [blame]124 }
Zhongyi Shi56e44b22017-12-02 00:06:33[diff] [blame]125 }
Zhongyi Shif4683a32017-12-01 00:03:28[diff] [blame]126 }
Ned Williamson1000a492017-11-09 20:40:14[diff] [blame]127
Renjiea5722ccf2018-08-10 00:18:49[diff] [blame]128 if (!migrate_sessions_early_v2)
129 go_away_on_path_degrading = data_provider.ConsumeBool();
130
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]131 std::unique_ptr<QuicStreamFactory> factory =
132 std::make_unique<QuicStreamFactory>(
133 env->net_log.net_log(), &host_resolver, env->ssl_config_service.get(),
134 &socket_factory, &http_server_properties, env->cert_verifier.get(),
135 &env->ct_policy_enforcer, env->channel_id_service.get(),
136 &env->transport_security_state, env->cert_transparency_verifier.get(),
137 nullptr, &env->crypto_client_stream_factory, &env->random_generator,
Ryan Hamilton8d9ee76e2018-05-29 23:52:52[diff] [blame]138 &env->clock, quic::kDefaultMaxPacketSize, std::string(),
Jana Iyengar903dec22017-11-28 00:44:23[diff] [blame]139 store_server_configs_in_properties, close_sessions_on_ip_change,
Zhongyi Shi63574b7f2018-06-01 20:22:25[diff] [blame]140 goaway_sessions_on_ip_change,
Ned Williamson1000a492017-11-09 20:40:14[diff] [blame]141 mark_quic_broken_when_network_blackholes,
Ryan Hamilton8d9ee76e2018-05-29 23:52:52[diff] [blame]142 kIdleConnectionTimeoutSeconds, quic::kPingTimeoutSecs,
143 quic::kMaxTimeForCryptoHandshakeSecs, quic::kInitialIdleTimeoutSecs,
Zhongyi Shi6ec9d232018-05-18 02:20:39[diff] [blame]144 migrate_sessions_on_network_change_v2, migrate_sessions_early_v2,
Zhongyi Shi8de43832018-08-15 23:40:00[diff] [blame^]145 retry_on_alternate_network_before_handshake,
Renjiea5722ccf2018-08-10 00:18:49[diff] [blame]146 go_away_on_path_degrading,
Zhongyi Shi73f23ca872017-12-13 18:37:13[diff] [blame]147 base::TimeDelta::FromSeconds(kMaxTimeOnNonDefaultNetworkSecs),
Zhongyi Shiee760762018-08-01 00:54:29[diff] [blame]148 kMaxMigrationsToNonDefaultNetworkOnWriteError,
Zhongyi Shi8b1e43f2017-12-13 20:46:30[diff] [blame]149 kMaxMigrationsToNonDefaultNetworkOnPathDegrading,
Zhongyi Shi73f23ca872017-12-13 18:37:13[diff] [blame]150 allow_server_migration, race_cert_verification, estimate_initial_rtt,
Yixin Wang079ad542018-01-11 04:06:05[diff] [blame]151 headers_include_h2_stream_dependency, env->connection_options,
kapishnikov7f8dd1e122018-01-24 06:10:49[diff] [blame]152 env->client_connection_options, enable_token_binding,
Nick Harper1e5757d42018-05-02 23:08:57[diff] [blame]153 enable_channel_id, enable_socket_recv_optimization);
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]154
155 QuicStreamRequest request(factory.get());
156 TestCompletionCallback callback;
157 NetErrorDetails net_error_details;
Ryan Hamilton8d9ee76e2018-05-29 23:52:52[diff] [blame]158 request.Request(
159 env->host_port_pair,
160 data_provider.PickValueInArray(quic::kSupportedTransportVersions),
161 PRIVACY_MODE_DISABLED, DEFAULT_PRIORITY, SocketTag(), kCertVerifyFlags,
162 GURL(kUrl), env->net_log, &net_error_details, callback.callback());
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]163
164 callback.WaitForResult();
Yixin Wang7891a39d2017-11-08 20:59:24[diff] [blame]165 std::unique_ptr<QuicChromiumClientSession::Handle> session =
166 request.ReleaseSessionHandle();
167 if (!session)
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]168 return 0;
Yixin Wang7891a39d2017-11-08 20:59:24[diff] [blame]169 std::unique_ptr<HttpStream> stream(new QuicHttpStream(std::move(session)));
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]170
171 HttpRequestInfo request_info;
172 request_info.method = kMethod;
173 request_info.url = GURL(kUrl);
Ramin Halavatia1256c82018-02-21 06:18:21[diff] [blame]174 request_info.traffic_annotation =
175 MutableNetworkTrafficAnnotationTag(TRAFFIC_ANNOTATION_FOR_TESTS);
Steven Valdezb4ff0412018-01-18 22:39:27[diff] [blame]176 stream->InitializeStream(&request_info, true, DEFAULT_PRIORITY, env->net_log,
Bence Békya25e3f72018-02-13 21:13:39[diff] [blame]177 CompletionOnceCallback());
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]178
179 HttpResponseInfo response;
180 HttpRequestHeaders request_headers;
181 if (OK !=
182 stream->SendRequest(request_headers, &response, callback.callback()))
183 return 0;
184
185 // TODO(nedwilliamson): attempt connection migration here
Nick Harper7ac20cc2018-05-08 18:06:04[diff] [blame]186 int rv = stream->ReadResponseHeaders(callback.callback());
187 if (rv != OK && rv != ERR_IO_PENDING) {
188 return 0;
189 }
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]190 callback.WaitForResult();
191
192 scoped_refptr<net::IOBuffer> buffer = new net::IOBuffer(kBufferSize);
Nick Harper7ac20cc2018-05-08 18:06:04[diff] [blame]193 rv = stream->ReadResponseBody(buffer.get(), kBufferSize, callback.callback());
Ned Williamson3d55bbb2017-11-07 22:58:13[diff] [blame]194 if (rv == ERR_IO_PENDING)
195 callback.WaitForResult();
196
197 return 0;
198}
199
200} // namespace test
201} // namespace net