proxygen
AeadCookieCipherTest.cpp
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-present, Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under the BSD-style license found in the
6  * LICENSE file in the root directory of this source tree.
7  */
8 
9 #include <gmock/gmock.h>
10 #include <gtest/gtest.h>
11 
12 #include <fizz/server/CookieTypes.h>
13 
14 #include <fizz/crypto/test/TestUtil.h>
15 #include <fizz/protocol/test/TestMessages.h>
16 
17 using namespace fizz::test;
18 using namespace folly;
19 using namespace testing;
20 
21 static constexpr StringPiece secret{
22  "c44ed3fb98c179579036d201735f43af20a856470b9c527fe07f01f3a2a0bde9"};
23 
24 static constexpr StringPiece retry{
25  "1603030099020000950303cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c00130100006d002b00020304002c0063006144444444444444444444444444444444444444444444444444444444444444440000000099d67e4a6c0776e1b52119d2d06dc27c9d40d131856e077b6ef9901c652910a92a703a91fc04d90e1700ce9d4247fd0bf575aed4482be227d61a7b725d"};
26 
27 static constexpr StringPiece retryGroup{
28  "16030300a10200009d0303cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c001301000075002b00020304003300020017002c0065006344444444444444444444444444444444444444444444444444444444444444440000000099d67e4a6d07414a08e5e0be2f66b9982a741909c185f48630afa8abd44c5dab460001c8948e4cdd0b74af9a53ed5665c295eed49d1862d4967c0ed002780b"};
29 
30 static constexpr StringPiece testCookie{
31  "444444444444444444444444444444444444444444444444444444444444444400000000e5c57e4a6c07762b1c4fcbc41e05abbc7f964506ce11cec423060f95f3a263df93e8e573f6abcf0e1700ce9d42df8b8fdf63535b8e3c6bed8f919a4ef5"};
32 
33 static constexpr StringPiece testCookieGroup{
34  "444444444444444444444444444444444444444444444444444444444444444400000000e5c57e4a6d07414a082f49d0fd7077f043b4fbdf55b2bff9f910e5544bc5cb203576b8504b6c46721d74af9a53ed5602983e52a143aeb7854637e22261263c"};
35 
36 namespace fizz {
37 namespace server {
38 namespace test {
39 
40 class AeadCookieCipherTest : public Test {
41  public:
42  void SetUp() override {
43  context_ = std::make_shared<FizzServerContext>();
44  context_->setSupportedVersions({ProtocolVersion::tls_1_3});
45  cipher_ = std::make_shared<AES128CookieCipher>();
46  cipher_->setContext(context_.get());
47 
48  auto s = toIOBuf(secret);
49  std::vector<ByteRange> cookieSecrets{{s->coalesce()}};
50  EXPECT_TRUE(cipher_->setCookieSecrets(std::move(cookieSecrets)));
51  }
52 
53  protected:
54  Buf getClientHello(Buf cookie) {
55  auto chlo = TestMessages::clientHello();
56 
57  if (cookie) {
58  Cookie c;
59  c.cookie = std::move(cookie);
60  chlo.extensions.push_back(encodeExtension(std::move(c)));
61  }
62 
63  return PlaintextWriteRecordLayer()
64  .writeInitialClientHello(encodeHandshake(std::move(chlo)))
65  .data;
66  }
67 
68  std::shared_ptr<FizzServerContext> context_;
69  std::shared_ptr<AES128CookieCipher> cipher_;
70 };
71 
72 TEST_F(AeadCookieCipherTest, TestGetRetry) {
73  useMockRandom();
74  auto res = cipher_->getTokenOrRetry(
75  getClientHello(nullptr), IOBuf::copyBuffer("test"));
76  auto msg = std::move(boost::get<StatelessHelloRetryRequest>(res));
77  EXPECT_EQ(hexlify(msg.data->coalesce()), retry);
78 }
79 
80 TEST_F(AeadCookieCipherTest, TestGetRetryGroup) {
81  useMockRandom();
82  context_->setSupportedGroups({NamedGroup::secp256r1});
83  auto res = cipher_->getTokenOrRetry(
84  getClientHello(nullptr), IOBuf::copyBuffer("test"));
85  auto msg = std::move(boost::get<StatelessHelloRetryRequest>(res));
86  EXPECT_EQ(hexlify(msg.data->coalesce()), retryGroup);
87 }
88 
89 TEST_F(AeadCookieCipherTest, TestGetToken) {
90  auto res = cipher_->getTokenOrRetry(
91  getClientHello(toIOBuf(testCookie)), IOBuf::copyBuffer("xx"));
92  auto token = std::move(boost::get<AppToken>(res));
93  EXPECT_TRUE(IOBufEqualTo()(token.token, IOBuf::copyBuffer("test")));
94 }
95 
96 TEST_F(AeadCookieCipherTest, TestGetJunk) {
97  EXPECT_THROW(
98  cipher_->getTokenOrRetry(
99  IOBuf::copyBuffer("junk"), IOBuf::copyBuffer("test")),
100  std::runtime_error);
101 }
102 
103 TEST_F(AeadCookieCipherTest, TestGetPartial) {
104  auto trimmed = getClientHello(toIOBuf(testCookie));
105  trimmed->coalesce();
106  trimmed->trimEnd(1);
107  EXPECT_THROW(
108  cipher_->getTokenOrRetry(std::move(trimmed), IOBuf::copyBuffer("test")),
109  std::runtime_error);
110 }
111 
112 TEST_F(AeadCookieCipherTest, TestDecrypt) {
113  auto state = cipher_->decrypt(toIOBuf(testCookie));
114  EXPECT_TRUE(state.hasValue());
115  EXPECT_TRUE(IOBufEqualTo()(state->appToken, IOBuf::copyBuffer("test")));
116  EXPECT_FALSE(state->group.hasValue());
117 }
118 
119 TEST_F(AeadCookieCipherTest, TestDecryptGroup) {
120  auto state = cipher_->decrypt(toIOBuf(testCookieGroup));
121  EXPECT_TRUE(state.hasValue());
122  EXPECT_TRUE(IOBufEqualTo()(state->appToken, IOBuf::copyBuffer("test")));
123  EXPECT_EQ(*state->group, NamedGroup::secp256r1);
124 }
125 
126 TEST_F(AeadCookieCipherTest, TestDecryptMultipleSecrets) {
127  auto s = toIOBuf(secret);
128  auto s1 = RandomGenerator<32>().generateRandom();
129  auto s2 = RandomGenerator<32>().generateRandom();
130  std::vector<ByteRange> cookieSecrets{{range(s1), range(s2), s->coalesce()}};
131  EXPECT_TRUE(cipher_->setCookieSecrets(std::move(cookieSecrets)));
132 
133  auto state = cipher_->decrypt(toIOBuf(testCookie));
134  EXPECT_TRUE(state.hasValue());
135  EXPECT_TRUE(IOBufEqualTo()(state->appToken, IOBuf::copyBuffer("test")));
136  EXPECT_FALSE(state->group.hasValue());
137 }
138 
139 TEST_F(AeadCookieCipherTest, TestDecryptFailed) {
140  auto s1 = RandomGenerator<32>().generateRandom();
141  auto s2 = RandomGenerator<32>().generateRandom();
142  std::vector<ByteRange> cookieSecrets{{range(s1), range(s2)}};
143  EXPECT_TRUE(cipher_->setCookieSecrets(std::move(cookieSecrets)));
144 
145  auto state = cipher_->decrypt(toIOBuf(testCookie));
146  EXPECT_FALSE(state.hasValue());
147 }
148 } // namespace test
149 } // namespace server
150 } // namespace fizz
fizz::encodeHandshake
Buf encodeHandshake(T &&handshakeMsg)
Definition: Types-inl.h:515
retry
static constexpr StringPiece retry
Definition: AeadCookieCipherTest.cpp:24
EXPECT_THROW
#define EXPECT_THROW(statement, expected_exception)
Definition: gtest.h:1843
chlo
static const std::string chlo
Definition: HandshakeTypesTest.cpp:23
EXPECT_EQ
#define EXPECT_EQ(val1, val2)
Definition: gtest.h:1922
fizz::server::test::AeadCookieCipherTest::cipher_
std::shared_ptr< AES128CookieCipher > cipher_
Definition: AeadCookieCipherTest.cpp:69
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
fizz::PlaintextWriteRecordLayer::writeInitialClientHello
virtual TLSContent writeInitialClientHello(Buf encodedClientHello) const
Definition: PlaintextRecordLayer.cpp:105
folly
—— Concurrent Priority Queue Implementation ——
Definition: AtomicBitSet.h:29
testCookieGroup
static constexpr StringPiece testCookieGroup
Definition: AeadCookieCipherTest.cpp:33
fizz::sm::getClientHello
static ClientHello getClientHello(const Factory &, const Random &random, const std::vector< CipherSuite > &supportedCiphers, const std::vector< ProtocolVersion > &supportedVersions, const std::vector< NamedGroup > &supportedGroups, const std::map< NamedGroup, std::unique_ptr< KeyExchange >> &shares, const std::vector< SignatureScheme > &supportedSigSchemes, const std::vector< PskKeyExchangeMode > &supportedPskModes, const folly::Optional< std::string > &hostname, const std::vector< std::string > &supportedAlpns, const std::vector< CertificateCompressionAlgorithm > &compressionAlgos, const Optional< EarlyDataParams > &earlyDataParams, const Buf &legacySessionId, ClientExtensions *extensions, Buf cookie=nullptr)
Definition: ClientProtocol.cpp:333
fizz::test::useMockRandom
void useMockRandom()
Definition: TestUtil.cpp:69
folly::gen::range
Gen range(Value begin, Value end)
Definition: Base.h:467
testCookie
static constexpr StringPiece testCookie
Definition: AeadCookieCipherTest.cpp:30
fizz::test::toIOBuf
std::unique_ptr< folly::IOBuf > toIOBuf(std::string hexData, size_t headroom, size_t tailroom)
Definition: TestUtil.cpp:24
fizz
Definition: Actions.h:16
retryGroup
static constexpr StringPiece retryGroup
Definition: AeadCookieCipherTest.cpp:27
fizz::server::test::AeadCookieCipherTest::context_
std::shared_ptr< FizzServerContext > context_
Definition: AeadCookieCipherTest.cpp:68
EXPECT_TRUE
#define EXPECT_TRUE(condition)
Definition: gtest.h:1859
fizz::test::TEST_F
TEST_F(RSAPSSTest, TestSignVerify)
Definition: RSAPSSSignatureTest.cpp:38
fizz::Buf
std::unique_ptr< folly::IOBuf > Buf
Definition: Types.h:22
s
static set< string > s
Definition: StringKeyedBenchmark.cpp:48
secret
static constexpr StringPiece secret
Definition: AeadCookieCipherTest.cpp:21
EXPECT_FALSE
#define EXPECT_FALSE(condition)
Definition: gtest.h:1862
fizz::encodeExtension
Extension encodeExtension(const TokenBindingParameters &params)
Definition: Types.cpp:113
folly::hexlify
bool hexlify(const InputString &input, OutputString &output, bool append_output)
Definition: String-inl.h:596
folly::IOBuf::copyBuffer
static std::unique_ptr< IOBuf > copyBuffer(const void *buf, std::size_t size, std::size_t headroom=0, std::size_t minTailroom=0)
Definition: IOBuf.h:1587
c
char c
Definition: OptionalTest.cpp:53
fizz::test::TestMessages::clientHello
static ClientHello clientHello()
Definition: TestMessages.h:26
state
state
Definition: http_parser.c:272