diff --git a/handshake_client_test.go b/handshake_client_test.go index 8c56daa..e127049 100644 --- a/handshake_client_test.go +++ b/handshake_client_test.go @@ -9,6 +9,7 @@ import ( "flag" "io" "net" + "os" "testing" ) @@ -39,7 +40,15 @@ func testClientScript(t *testing.T, name string, clientScript [][]byte, config * } func TestHandshakeClientRC4(t *testing.T) { - testClientScript(t, "RC4", rc4ClientScript, testConfig) + var config = *testConfig + config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA} + testClientScript(t, "RC4", rc4ClientScript, &config) +} + +func TestHandshakeClientECDHEAES(t *testing.T) { + var config = *testConfig + config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA} + testClientScript(t, "ECDHE-AES", ecdheAESClientScript, &config) } var connect = flag.Bool("connect", false, "connect to a TLS server on :10443") @@ -49,25 +58,33 @@ func TestRunClient(t *testing.T) { return } - testConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA} - - conn, err := Dial("tcp", "127.0.0.1:10443", testConfig) + tcpConn, err := net.Dial("tcp", "127.0.0.1:10443") if err != nil { t.Fatal(err) } + record := &recordingConn{ + Conn: tcpConn, + } + + config := GetTestConfig() + conn := Client(record, config) + if err := conn.Handshake(); err != nil { + t.Fatalf("error from TLS handshake: %s", err) + } + conn.Write([]byte("hello\n")) conn.Close() + + record.WriteTo(os.Stdout) } // Script of interaction with gnutls implementation. // The values for this test are obtained by building and running in client mode: -// % go test -run "TestRunClient" -connect -// and then: -// % gnutls-serv -p 10443 --debug 100 --x509keyfile key.pem --x509certfile cert.pem -a > /tmp/log 2>&1 -// % python parse-gnutls-cli-debug-log.py < /tmp/log +// % go test -test.run "TestRunClient" -connect +// The recorded bytes are written to stdout. // -// Where key.pem is: +// The server private key is: // -----BEGIN RSA PRIVATE KEY----- // MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD // TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu @@ -78,17 +95,20 @@ func TestRunClient(t *testing.T) { // vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= // -----END RSA PRIVATE KEY----- // -// and cert.pem is: +// and certificate is: // -----BEGIN CERTIFICATE----- -// MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV -// BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD -// VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa -// Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 -// YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT -// DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7 -// tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q -// sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO -// 19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3 +// MIICKzCCAdWgAwIBAgIJALE1E2URIMWSMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +// BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +// aWRnaXRzIFB0eSBMdGQwHhcNMTIwNDA2MTcxMDEzWhcNMTUwNDA2MTcxMDEzWjBF +// MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +// ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+z +// w4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/ +// 7tdkuD8Ey2//Kv7+ue0CAwEAAaOBpzCBpDAdBgNVHQ4EFgQUeKaXmmO1xaGlM7oi +// fCNuWxt6zCswdQYDVR0jBG4wbIAUeKaXmmO1xaGlM7oifCNuWxt6zCuhSaRHMEUx +// CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRl +// cm5ldCBXaWRnaXRzIFB0eSBMdGSCCQCxNRNlESDFkjAMBgNVHRMEBTADAQH/MA0G +// CSqGSIb3DQEBBQUAA0EAhTZAc8G7GtrUWZ8tonAxRnTsg26oyDxRrzms7EC86CJG +// HZnWRiok1IsFCEv7NRFukrt3uuQSu/TIXpyBqJdgTA== // -----END CERTIFICATE----- var rc4ClientScript = [][]byte{ { @@ -210,3 +230,163 @@ var rc4ClientScript = [][]byte{ 0x59, 0xac, 0xc6, 0xb5, 0x56, 0x55, 0x96, }, } + +var ecdheAESClientScript = [][]byte{ + { + 0x16, 0x03, 0x01, 0x00, 0x4a, 0x01, 0x00, 0x00, + 0x46, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xc0, 0x13, + 0x01, 0x00, 0x00, 0x1b, 0x00, 0x05, 0x00, 0x05, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, + 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, + 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + }, + { + 0x16, 0x03, 0x01, 0x00, 0x54, 0x02, 0x00, 0x00, + 0x50, 0x03, 0x01, 0x4f, 0x7f, 0x24, 0x25, 0x10, + 0xa8, 0x9d, 0xb1, 0x33, 0xd6, 0x53, 0x81, 0xce, + 0xb0, 0x69, 0xed, 0x1b, 0x9c, 0x5e, 0x40, 0x3a, + 0x4d, 0x06, 0xbc, 0xc7, 0x84, 0x51, 0x5a, 0x30, + 0x40, 0x50, 0x48, 0x20, 0xcd, 0x91, 0x80, 0x08, + 0xff, 0x82, 0x38, 0xc6, 0x03, 0x2d, 0x45, 0x4c, + 0x91, 0xbb, 0xcc, 0x27, 0x3d, 0x58, 0xff, 0x0d, + 0x26, 0x34, 0x7b, 0x48, 0x7a, 0xce, 0x25, 0x20, + 0x90, 0x0f, 0x35, 0x9f, 0xc0, 0x13, 0x00, 0x00, + 0x08, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, + 0x02, 0x16, 0x03, 0x01, 0x02, 0x39, 0x0b, 0x00, + 0x02, 0x35, 0x00, 0x02, 0x32, 0x00, 0x02, 0x2f, + 0x30, 0x82, 0x02, 0x2b, 0x30, 0x82, 0x01, 0xd5, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, + 0xb1, 0x35, 0x13, 0x65, 0x11, 0x20, 0xc5, 0x92, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, + 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, + 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, + 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, + 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x32, 0x30, 0x34, 0x30, 0x36, + 0x31, 0x37, 0x31, 0x30, 0x31, 0x33, 0x5a, 0x17, + 0x0d, 0x31, 0x35, 0x30, 0x34, 0x30, 0x36, 0x31, + 0x37, 0x31, 0x30, 0x31, 0x33, 0x5a, 0x30, 0x45, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, + 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, + 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, + 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, + 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x5c, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, + 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0x9f, 0xb3, + 0xc3, 0x84, 0x27, 0x95, 0xff, 0x12, 0x31, 0x52, + 0x0f, 0x15, 0xef, 0x46, 0x11, 0xc4, 0xad, 0x80, + 0xe6, 0x36, 0x5b, 0x0f, 0xdd, 0x80, 0xd7, 0x61, + 0x8d, 0xe0, 0xfc, 0x72, 0x45, 0x09, 0x34, 0xfe, + 0x55, 0x66, 0x45, 0x43, 0x4c, 0x68, 0x97, 0x6a, + 0xfe, 0xa8, 0xa0, 0xa5, 0xdf, 0x5f, 0x78, 0xff, + 0xee, 0xd7, 0x64, 0xb8, 0x3f, 0x04, 0xcb, 0x6f, + 0xff, 0x2a, 0xfe, 0xfe, 0xb9, 0xed, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x81, 0xa7, 0x30, 0x81, + 0xa4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x78, 0xa6, 0x97, 0x9a, + 0x63, 0xb5, 0xc5, 0xa1, 0xa5, 0x33, 0xba, 0x22, + 0x7c, 0x23, 0x6e, 0x5b, 0x1b, 0x7a, 0xcc, 0x2b, + 0x30, 0x75, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, + 0x6e, 0x30, 0x6c, 0x80, 0x14, 0x78, 0xa6, 0x97, + 0x9a, 0x63, 0xb5, 0xc5, 0xa1, 0xa5, 0x33, 0xba, + 0x22, 0x7c, 0x23, 0x6e, 0x5b, 0x1b, 0x7a, 0xcc, + 0x2b, 0xa1, 0x49, 0xa4, 0x47, 0x30, 0x45, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53, + 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, + 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, + 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, + 0x20, 0x4c, 0x74, 0x64, 0x82, 0x09, 0x00, 0xb1, + 0x35, 0x13, 0x65, 0x11, 0x20, 0xc5, 0x92, 0x30, + 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0x85, + 0x36, 0x40, 0x73, 0xc1, 0xbb, 0x1a, 0xda, 0xd4, + 0x59, 0x9f, 0x2d, 0xa2, 0x70, 0x31, 0x46, 0x74, + 0xec, 0x83, 0x6e, 0xa8, 0xc8, 0x3c, 0x51, 0xaf, + 0x39, 0xac, 0xec, 0x40, 0xbc, 0xe8, 0x22, 0x46, + 0x1d, 0x99, 0xd6, 0x46, 0x2a, 0x24, 0xd4, 0x8b, + 0x05, 0x08, 0x4b, 0xfb, 0x35, 0x11, 0x6e, 0x92, + 0xbb, 0x77, 0xba, 0xe4, 0x12, 0xbb, 0xf4, 0xc8, + 0x5e, 0x9c, 0x81, 0xa8, 0x97, 0x60, 0x4c, 0x16, + 0x03, 0x01, 0x00, 0x8b, 0x0c, 0x00, 0x00, 0x87, + 0x03, 0x00, 0x17, 0x41, 0x04, 0x0b, 0xe5, 0x39, + 0xde, 0x17, 0x7a, 0xaf, 0x96, 0xd5, 0x16, 0x01, + 0xa8, 0x06, 0x80, 0x98, 0x75, 0x52, 0x56, 0x92, + 0x15, 0xf9, 0x8d, 0xc0, 0x98, 0x62, 0xed, 0x54, + 0xb7, 0xef, 0x03, 0x11, 0x34, 0x82, 0x65, 0xd1, + 0xde, 0x25, 0x15, 0x4c, 0xf3, 0xdf, 0x4d, 0xbd, + 0x6c, 0xed, 0x3d, 0xd6, 0x04, 0xcc, 0xd1, 0xf7, + 0x6d, 0x32, 0xb1, 0x1c, 0x59, 0xca, 0xfb, 0xbc, + 0x61, 0xeb, 0x4b, 0xe6, 0x00, 0x00, 0x40, 0x3e, + 0xe6, 0x23, 0x54, 0x61, 0x3f, 0x63, 0x16, 0xeb, + 0x5c, 0xc3, 0xba, 0x8a, 0x19, 0x13, 0x60, 0x9f, + 0x23, 0xbf, 0x36, 0x1a, 0x32, 0x7a, 0xae, 0x34, + 0x7f, 0x2f, 0x89, 0x85, 0xe1, 0x0e, 0x93, 0xd7, + 0xf0, 0xab, 0xa1, 0x0d, 0x54, 0x95, 0x79, 0x0b, + 0xb4, 0xf1, 0x1c, 0x1d, 0x0f, 0x8c, 0x16, 0xec, + 0x82, 0x60, 0xee, 0xa3, 0x71, 0x2f, 0xaf, 0x3e, + 0xf1, 0xbd, 0xb5, 0x1b, 0x7f, 0xe0, 0xd2, 0x16, + 0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, 0x00, 0x00, + }, + { + 0x16, 0x03, 0x01, 0x00, 0x46, 0x10, 0x00, 0x00, + 0x42, 0x41, 0x04, 0x1e, 0x18, 0x37, 0xef, 0x0d, + 0x19, 0x51, 0x88, 0x35, 0x75, 0x71, 0xb5, 0xe5, + 0x54, 0x5b, 0x12, 0x2e, 0x8f, 0x09, 0x67, 0xfd, + 0xa7, 0x24, 0x20, 0x3e, 0xb2, 0x56, 0x1c, 0xce, + 0x97, 0x28, 0x5e, 0xf8, 0x2b, 0x2d, 0x4f, 0x9e, + 0xf1, 0x07, 0x9f, 0x6c, 0x4b, 0x5b, 0x83, 0x56, + 0xe2, 0x32, 0x42, 0xe9, 0x58, 0xb6, 0xd7, 0x49, + 0xa6, 0xb5, 0x68, 0x1a, 0x41, 0x03, 0x56, 0x6b, + 0xdc, 0x5a, 0x89, 0x14, 0x03, 0x01, 0x00, 0x01, + 0x01, 0x16, 0x03, 0x01, 0x00, 0x30, 0x09, 0xac, + 0xbe, 0x94, 0x75, 0x4d, 0x73, 0x45, 0xbd, 0xa8, + 0x0c, 0xe3, 0x5f, 0x72, 0x0b, 0x40, 0x4f, 0xd0, + 0xd2, 0xcb, 0x16, 0x50, 0xfe, 0xdd, 0x1a, 0x33, + 0x5c, 0x18, 0x37, 0x98, 0x42, 0xfc, 0x25, 0x42, + 0x33, 0xce, 0x60, 0xcf, 0x8e, 0x95, 0x6e, 0x48, + 0xed, 0x00, 0x35, 0x50, 0x26, 0x7f, + }, + { + 0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03, + 0x01, 0x00, 0x30, 0xf6, 0x6a, 0xdb, 0x83, 0xd4, + 0x3c, 0x77, 0x52, 0xad, 0xc0, 0x0f, 0x3a, 0x2c, + 0x42, 0xb9, 0x60, 0x4b, 0xb2, 0xf6, 0x84, 0xfd, + 0x4e, 0x96, 0xfc, 0x15, 0xe7, 0x94, 0x25, 0xb0, + 0x59, 0x9f, 0xdd, 0xb6, 0x58, 0x03, 0x13, 0x8d, + 0xeb, 0xb0, 0xad, 0x30, 0x31, 0x58, 0x6c, 0xa0, + 0x8f, 0x57, 0x50, + }, + { + 0x17, 0x03, 0x01, 0x00, 0x20, 0xab, 0x64, 0x3d, + 0x79, 0x69, 0x3e, 0xba, 0xc4, 0x24, 0x7b, 0xe5, + 0xe5, 0x23, 0x66, 0x6f, 0x32, 0xdf, 0x50, 0x7c, + 0x06, 0x2a, 0x02, 0x82, 0x79, 0x40, 0xdb, 0xb1, + 0x04, 0xc0, 0x2b, 0xdc, 0x3a, 0x15, 0x03, 0x01, + 0x00, 0x20, 0xf8, 0xad, 0xca, 0xd7, 0x96, 0xf0, + 0xd6, 0xa3, 0x62, 0xe1, 0x03, 0x44, 0xdb, 0xd0, + 0xc9, 0x63, 0x3e, 0x1b, 0x70, 0x41, 0x57, 0x0c, + 0xd8, 0x8e, 0x71, 0x49, 0x68, 0xe3, 0x04, 0x53, + 0x5a, 0xbe, + }, +} diff --git a/handshake_server_test.go b/handshake_server_test.go index 08a0ccb..baca4f3 100644 --- a/handshake_server_test.go +++ b/handshake_server_test.go @@ -11,12 +11,15 @@ import ( "encoding/hex" "encoding/pem" "flag" + "fmt" "io" "log" "math/big" "net" + "os" "strconv" "strings" + "sync" "testing" "time" ) @@ -79,7 +82,6 @@ func TestRejectBadProtocolVersion(t *testing.T) { func TestNoSuiteOverlap(t *testing.T) { clientHello := &clientHelloMsg{nil, 0x0301, nil, nil, []uint16{0xff00}, []uint8{0}, false, "", false, nil, nil} testClientHelloFailure(t, clientHello, alertHandshakeFailure) - } func TestNoCompressionOverlap(t *testing.T) { @@ -193,55 +195,133 @@ func TestClientAuth(t *testing.T) { } } +// recordingConn is a net.Conn that records the traffic that passes through it. +// WriteTo can be used to produce Go code that contains the recorded traffic. +type recordingConn struct { + net.Conn + lock sync.Mutex + flows [][]byte + currentlyReading bool +} + +func (r *recordingConn) Read(b []byte) (n int, err error) { + if n, err = r.Conn.Read(b); n == 0 { + return + } + b = b[:n] + + r.lock.Lock() + defer r.lock.Unlock() + + if l := len(r.flows); l == 0 || !r.currentlyReading { + buf := make([]byte, len(b)) + copy(buf, b) + r.flows = append(r.flows, buf) + } else { + r.flows[l-1] = append(r.flows[l-1], b[:n]...) + } + r.currentlyReading = true + return +} + +func (r *recordingConn) Write(b []byte) (n int, err error) { + if n, err = r.Conn.Write(b); n == 0 { + return + } + b = b[:n] + + r.lock.Lock() + defer r.lock.Unlock() + + if l := len(r.flows); l == 0 || r.currentlyReading { + buf := make([]byte, len(b)) + copy(buf, b) + r.flows = append(r.flows, buf) + } else { + r.flows[l-1] = append(r.flows[l-1], b[:n]...) + } + r.currentlyReading = false + return +} + +// WriteTo writes Go source code to w that contains the recorded traffic. +func (r *recordingConn) WriteTo(w io.Writer) { + fmt.Fprintf(w, "var changeMe = [][]byte {\n") + for _, buf := range r.flows { + fmt.Fprintf(w, "\t{") + for i, b := range buf { + if i%8 == 0 { + fmt.Fprintf(w, "\n\t\t") + } + fmt.Fprintf(w, "0x%02x, ", b) + } + fmt.Fprintf(w, "\n\t},\n") + } + fmt.Fprintf(w, "}\n") +} + var serve = flag.Bool("serve", false, "run a TLS server on :10443") var testCipherSuites = flag.String("ciphersuites", "0x"+strconv.FormatInt(int64(TLS_RSA_WITH_RC4_128_SHA), 16), "cipher suites to accept in serving mode") var testClientAuth = flag.Int("clientauth", 0, "value for tls.Config.ClientAuth") -func TestRunServer(t *testing.T) { - if !*serve { - return - } - +func GetTestConfig() *Config { + var config = *testConfig suites := strings.Split(*testCipherSuites, ",") - testConfig.CipherSuites = make([]uint16, len(suites)) + config.CipherSuites = make([]uint16, len(suites)) for i := range suites { suite, err := strconv.ParseUint(suites[i], 0, 64) if err != nil { panic(err) } - testConfig.CipherSuites[i] = uint16(suite) + config.CipherSuites[i] = uint16(suite) } - testConfig.ClientAuth = ClientAuthType(*testClientAuth) + config.ClientAuth = ClientAuthType(*testClientAuth) + return &config +} - l, err := Listen("tcp", ":10443", testConfig) +func TestRunServer(t *testing.T) { + if !*serve { + return + } + + config := GetTestConfig() + + const addr = ":10443" + l, err := net.Listen("tcp", addr) if err != nil { t.Fatal(err) } + log.Printf("Now listening for connections on %s", addr) for { - c, err := l.Accept() + tcpConn, err := l.Accept() if err != nil { + log.Printf("error accepting connection: %s", err) + break + } + + record := &recordingConn{ + Conn: tcpConn, + } + + conn := Server(record, config) + if err := conn.Handshake(); err != nil { log.Printf("error from TLS handshake: %s", err) break } - _, err = c.Write([]byte("hello, world\n")) + _, err = conn.Write([]byte("hello, world\n")) if err != nil { - log.Printf("error from TLS: %s", err) + log.Printf("error from Write: %s", err) continue } - st := c.(*Conn).ConnectionState() - if len(st.PeerCertificates) > 0 { - log.Print("Handling request from client ", st.PeerCertificates[0].Subject.CommonName) - } else { - log.Print("Handling request from anon client") - } + conn.Close() - c.Close() + record.WriteTo(os.Stdout) } } @@ -284,10 +364,8 @@ func loadPEMCert(in string) *x509.Certificate { // Script of interaction with gnutls implementation. // The values for this test are obtained by building and running in server mode: -// % go test -run "TestRunServer" -serve -// and then: -// % gnutls-cli --insecure --debug 100 -p 10443 localhost > /tmp/log 2>&1 -// % python parse-gnutls-cli-debug-log.py < /tmp/log +// % go test -test.run "TestRunServer" -serve +// The recorded bytes are written to stdout. var rc4ServerScript = [][]byte{ { 0x16, 0x03, 0x02, 0x00, 0x7a, 0x01, 0x00, 0x00, diff --git a/parse-gnutls-cli-debug-log.py b/parse-gnutls-cli-debug-log.py deleted file mode 100644 index 5692bd3..0000000 --- a/parse-gnutls-cli-debug-log.py +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright 2010 The Go Authors. All rights reserved. -# Use of this source code is governed by a BSD-style -# license that can be found in the LICENSE file. - -# This code is used to parse the debug log from gnutls-cli and generate a -# script of the handshake. This script is included in handshake_server_test.go. -# See the comments there for details. - -import sys - -blocks = [] - -READ = 1 -WRITE = 2 - -currentBlockType = 0 -currentBlock = [] -for line in sys.stdin.readlines(): - line = line[:-1] - if line.startswith("|<7>| WRITE: "): - if currentBlockType != WRITE: - if len(currentBlock) > 0: - blocks.append(currentBlock) - currentBlock = [] - currentBlockType = WRITE - elif line.startswith("|<7>| READ: "): - if currentBlockType != READ: - if len(currentBlock) > 0: - blocks.append(currentBlock) - currentBlock = [] - currentBlockType = READ - elif line.startswith("|<7>| 0"): - line = line[13:] - line = line.strip() - bs = line.split() - for b in bs: - currentBlock.append(int(b, 16)) - elif line.startswith("|<7>| RB-PEEK: Read 1 bytes"): - currentBlock = currentBlock[:-1] - -if len(currentBlock) > 0: - blocks.append(currentBlock) - -for block in blocks: - sys.stdout.write("\t{\n") - - i = 0 - for b in block: - if i % 8 == 0: - sys.stdout.write("\t\t") - sys.stdout.write("0x%02x," % b) - if i % 8 == 7: - sys.stdout.write("\n") - else: - sys.stdout.write(" ") - i += 1 - sys.stdout.write("\n\t},\n\n")