From ca7f685323298ca5e832fafecbab19803e647766 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 11 Apr 2012 12:55:57 -0400 Subject: [PATCH] crypto/tls: update how we create testing scripts. crypto/tls is tested, in part, by replaying recorded TLS connections and checking that the bytes sent by the Go code haven't changed. Previously we used GnuTLS's debug output and extracted the bytes of the TLS connection using a Python script. That wasn't great, and I think GnuTLS removed that level of debugging in a more current release. This change records the connection with Go code and adds a test for ECDHE-AES clients generating using this method. R=golang-dev, rsc CC=golang-dev https://golang.org/cl/5988048 --- handshake_client_test.go | 218 +++++++++++++++++++++++++++++++--- handshake_server_test.go | 126 ++++++++++++++++---- parse-gnutls-cli-debug-log.py | 57 --------- 3 files changed, 301 insertions(+), 100 deletions(-) delete mode 100644 parse-gnutls-cli-debug-log.py diff --git a/handshake_client_test.go b/handshake_client_test.go index 8c56daa..e127049 100644 --- a/handshake_client_test.go +++ b/handshake_client_test.go @@ -9,6 +9,7 @@ import ( "flag" "io" "net" + "os" "testing" ) @@ -39,7 +40,15 @@ func testClientScript(t *testing.T, name string, clientScript [][]byte, config * } func TestHandshakeClientRC4(t *testing.T) { - testClientScript(t, "RC4", rc4ClientScript, testConfig) + var config = *testConfig + config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA} + testClientScript(t, "RC4", rc4ClientScript, &config) +} + +func TestHandshakeClientECDHEAES(t *testing.T) { + var config = *testConfig + config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA} + testClientScript(t, "ECDHE-AES", ecdheAESClientScript, &config) } var connect = flag.Bool("connect", false, "connect to a TLS server on :10443") @@ -49,25 +58,33 @@ func TestRunClient(t *testing.T) { return } - testConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA} - - conn, err := Dial("tcp", "127.0.0.1:10443", testConfig) + tcpConn, err := net.Dial("tcp", "127.0.0.1:10443") if err != nil { t.Fatal(err) } + record := &recordingConn{ + Conn: tcpConn, + } + + config := GetTestConfig() + conn := Client(record, config) + if err := conn.Handshake(); err != nil { + t.Fatalf("error from TLS handshake: %s", err) + } + conn.Write([]byte("hello\n")) conn.Close() + + record.WriteTo(os.Stdout) } // Script of interaction with gnutls implementation. // The values for this test are obtained by building and running in client mode: -// % go test -run "TestRunClient" -connect -// and then: -// % gnutls-serv -p 10443 --debug 100 --x509keyfile key.pem --x509certfile cert.pem -a > /tmp/log 2>&1 -// % python parse-gnutls-cli-debug-log.py < /tmp/log +// % go test -test.run "TestRunClient" -connect +// The recorded bytes are written to stdout. // -// Where key.pem is: +// The server private key is: // -----BEGIN RSA PRIVATE KEY----- // MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD // TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu @@ -78,17 +95,20 @@ func TestRunClient(t *testing.T) { // vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= // -----END RSA PRIVATE KEY----- // -// and cert.pem is: +// and certificate is: // -----BEGIN CERTIFICATE----- -// MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV -// BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD -// VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa -// Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 -// YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT -// DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7 -// tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q -// sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO -// 19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3 +// MIICKzCCAdWgAwIBAgIJALE1E2URIMWSMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +// BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +// aWRnaXRzIFB0eSBMdGQwHhcNMTIwNDA2MTcxMDEzWhcNMTUwNDA2MTcxMDEzWjBF +// MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +// ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+z +// w4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/ +// 7tdkuD8Ey2//Kv7+ue0CAwEAAaOBpzCBpDAdBgNVHQ4EFgQUeKaXmmO1xaGlM7oi +// fCNuWxt6zCswdQYDVR0jBG4wbIAUeKaXmmO1xaGlM7oifCNuWxt6zCuhSaRHMEUx +// CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRl +// cm5ldCBXaWRnaXRzIFB0eSBMdGSCCQCxNRNlESDFkjAMBgNVHRMEBTADAQH/MA0G +// CSqGSIb3DQEBBQUAA0EAhTZAc8G7GtrUWZ8tonAxRnTsg26oyDxRrzms7EC86CJG +// HZnWRiok1IsFCEv7NRFukrt3uuQSu/TIXpyBqJdgTA== // -----END CERTIFICATE----- var rc4ClientScript = [][]byte{ { @@ -210,3 +230,163 @@ var rc4ClientScript = [][]byte{ 0x59, 0xac, 0xc6, 0xb5, 0x56, 0x55, 0x96, }, } + +var ecdheAESClientScript = [][]byte{ + { + 0x16, 0x03, 0x01, 0x00, 0x4a, 0x01, 0x00, 0x00, + 0x46, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xc0, 0x13, + 0x01, 0x00, 0x00, 0x1b, 0x00, 0x05, 0x00, 0x05, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, + 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, + 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + }, + { + 0x16, 0x03, 0x01, 0x00, 0x54, 0x02, 0x00, 0x00, + 0x50, 0x03, 0x01, 0x4f, 0x7f, 0x24, 0x25, 0x10, + 0xa8, 0x9d, 0xb1, 0x33, 0xd6, 0x53, 0x81, 0xce, + 0xb0, 0x69, 0xed, 0x1b, 0x9c, 0x5e, 0x40, 0x3a, + 0x4d, 0x06, 0xbc, 0xc7, 0x84, 0x51, 0x5a, 0x30, + 0x40, 0x50, 0x48, 0x20, 0xcd, 0x91, 0x80, 0x08, + 0xff, 0x82, 0x38, 0xc6, 0x03, 0x2d, 0x45, 0x4c, + 0x91, 0xbb, 0xcc, 0x27, 0x3d, 0x58, 0xff, 0x0d, + 0x26, 0x34, 0x7b, 0x48, 0x7a, 0xce, 0x25, 0x20, + 0x90, 0x0f, 0x35, 0x9f, 0xc0, 0x13, 0x00, 0x00, + 0x08, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, + 0x02, 0x16, 0x03, 0x01, 0x02, 0x39, 0x0b, 0x00, + 0x02, 0x35, 0x00, 0x02, 0x32, 0x00, 0x02, 0x2f, + 0x30, 0x82, 0x02, 0x2b, 0x30, 0x82, 0x01, 0xd5, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, + 0xb1, 0x35, 0x13, 0x65, 0x11, 0x20, 0xc5, 0x92, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, + 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, + 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, + 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, + 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x32, 0x30, 0x34, 0x30, 0x36, + 0x31, 0x37, 0x31, 0x30, 0x31, 0x33, 0x5a, 0x17, + 0x0d, 0x31, 0x35, 0x30, 0x34, 0x30, 0x36, 0x31, + 0x37, 0x31, 0x30, 0x31, 0x33, 0x5a, 0x30, 0x45, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, + 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, + 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, + 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, + 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, 0x5c, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, + 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0x9f, 0xb3, + 0xc3, 0x84, 0x27, 0x95, 0xff, 0x12, 0x31, 0x52, + 0x0f, 0x15, 0xef, 0x46, 0x11, 0xc4, 0xad, 0x80, + 0xe6, 0x36, 0x5b, 0x0f, 0xdd, 0x80, 0xd7, 0x61, + 0x8d, 0xe0, 0xfc, 0x72, 0x45, 0x09, 0x34, 0xfe, + 0x55, 0x66, 0x45, 0x43, 0x4c, 0x68, 0x97, 0x6a, + 0xfe, 0xa8, 0xa0, 0xa5, 0xdf, 0x5f, 0x78, 0xff, + 0xee, 0xd7, 0x64, 0xb8, 0x3f, 0x04, 0xcb, 0x6f, + 0xff, 0x2a, 0xfe, 0xfe, 0xb9, 0xed, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x81, 0xa7, 0x30, 0x81, + 0xa4, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x78, 0xa6, 0x97, 0x9a, + 0x63, 0xb5, 0xc5, 0xa1, 0xa5, 0x33, 0xba, 0x22, + 0x7c, 0x23, 0x6e, 0x5b, 0x1b, 0x7a, 0xcc, 0x2b, + 0x30, 0x75, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, + 0x6e, 0x30, 0x6c, 0x80, 0x14, 0x78, 0xa6, 0x97, + 0x9a, 0x63, 0xb5, 0xc5, 0xa1, 0xa5, 0x33, 0xba, + 0x22, 0x7c, 0x23, 0x6e, 0x5b, 0x1b, 0x7a, 0xcc, + 0x2b, 0xa1, 0x49, 0xa4, 0x47, 0x30, 0x45, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 0x53, + 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, + 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x13, 0x18, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, + 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, + 0x20, 0x4c, 0x74, 0x64, 0x82, 0x09, 0x00, 0xb1, + 0x35, 0x13, 0x65, 0x11, 0x20, 0xc5, 0x92, 0x30, + 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0x85, + 0x36, 0x40, 0x73, 0xc1, 0xbb, 0x1a, 0xda, 0xd4, + 0x59, 0x9f, 0x2d, 0xa2, 0x70, 0x31, 0x46, 0x74, + 0xec, 0x83, 0x6e, 0xa8, 0xc8, 0x3c, 0x51, 0xaf, + 0x39, 0xac, 0xec, 0x40, 0xbc, 0xe8, 0x22, 0x46, + 0x1d, 0x99, 0xd6, 0x46, 0x2a, 0x24, 0xd4, 0x8b, + 0x05, 0x08, 0x4b, 0xfb, 0x35, 0x11, 0x6e, 0x92, + 0xbb, 0x77, 0xba, 0xe4, 0x12, 0xbb, 0xf4, 0xc8, + 0x5e, 0x9c, 0x81, 0xa8, 0x97, 0x60, 0x4c, 0x16, + 0x03, 0x01, 0x00, 0x8b, 0x0c, 0x00, 0x00, 0x87, + 0x03, 0x00, 0x17, 0x41, 0x04, 0x0b, 0xe5, 0x39, + 0xde, 0x17, 0x7a, 0xaf, 0x96, 0xd5, 0x16, 0x01, + 0xa8, 0x06, 0x80, 0x98, 0x75, 0x52, 0x56, 0x92, + 0x15, 0xf9, 0x8d, 0xc0, 0x98, 0x62, 0xed, 0x54, + 0xb7, 0xef, 0x03, 0x11, 0x34, 0x82, 0x65, 0xd1, + 0xde, 0x25, 0x15, 0x4c, 0xf3, 0xdf, 0x4d, 0xbd, + 0x6c, 0xed, 0x3d, 0xd6, 0x04, 0xcc, 0xd1, 0xf7, + 0x6d, 0x32, 0xb1, 0x1c, 0x59, 0xca, 0xfb, 0xbc, + 0x61, 0xeb, 0x4b, 0xe6, 0x00, 0x00, 0x40, 0x3e, + 0xe6, 0x23, 0x54, 0x61, 0x3f, 0x63, 0x16, 0xeb, + 0x5c, 0xc3, 0xba, 0x8a, 0x19, 0x13, 0x60, 0x9f, + 0x23, 0xbf, 0x36, 0x1a, 0x32, 0x7a, 0xae, 0x34, + 0x7f, 0x2f, 0x89, 0x85, 0xe1, 0x0e, 0x93, 0xd7, + 0xf0, 0xab, 0xa1, 0x0d, 0x54, 0x95, 0x79, 0x0b, + 0xb4, 0xf1, 0x1c, 0x1d, 0x0f, 0x8c, 0x16, 0xec, + 0x82, 0x60, 0xee, 0xa3, 0x71, 0x2f, 0xaf, 0x3e, + 0xf1, 0xbd, 0xb5, 0x1b, 0x7f, 0xe0, 0xd2, 0x16, + 0x03, 0x01, 0x00, 0x04, 0x0e, 0x00, 0x00, 0x00, + }, + { + 0x16, 0x03, 0x01, 0x00, 0x46, 0x10, 0x00, 0x00, + 0x42, 0x41, 0x04, 0x1e, 0x18, 0x37, 0xef, 0x0d, + 0x19, 0x51, 0x88, 0x35, 0x75, 0x71, 0xb5, 0xe5, + 0x54, 0x5b, 0x12, 0x2e, 0x8f, 0x09, 0x67, 0xfd, + 0xa7, 0x24, 0x20, 0x3e, 0xb2, 0x56, 0x1c, 0xce, + 0x97, 0x28, 0x5e, 0xf8, 0x2b, 0x2d, 0x4f, 0x9e, + 0xf1, 0x07, 0x9f, 0x6c, 0x4b, 0x5b, 0x83, 0x56, + 0xe2, 0x32, 0x42, 0xe9, 0x58, 0xb6, 0xd7, 0x49, + 0xa6, 0xb5, 0x68, 0x1a, 0x41, 0x03, 0x56, 0x6b, + 0xdc, 0x5a, 0x89, 0x14, 0x03, 0x01, 0x00, 0x01, + 0x01, 0x16, 0x03, 0x01, 0x00, 0x30, 0x09, 0xac, + 0xbe, 0x94, 0x75, 0x4d, 0x73, 0x45, 0xbd, 0xa8, + 0x0c, 0xe3, 0x5f, 0x72, 0x0b, 0x40, 0x4f, 0xd0, + 0xd2, 0xcb, 0x16, 0x50, 0xfe, 0xdd, 0x1a, 0x33, + 0x5c, 0x18, 0x37, 0x98, 0x42, 0xfc, 0x25, 0x42, + 0x33, 0xce, 0x60, 0xcf, 0x8e, 0x95, 0x6e, 0x48, + 0xed, 0x00, 0x35, 0x50, 0x26, 0x7f, + }, + { + 0x14, 0x03, 0x01, 0x00, 0x01, 0x01, 0x16, 0x03, + 0x01, 0x00, 0x30, 0xf6, 0x6a, 0xdb, 0x83, 0xd4, + 0x3c, 0x77, 0x52, 0xad, 0xc0, 0x0f, 0x3a, 0x2c, + 0x42, 0xb9, 0x60, 0x4b, 0xb2, 0xf6, 0x84, 0xfd, + 0x4e, 0x96, 0xfc, 0x15, 0xe7, 0x94, 0x25, 0xb0, + 0x59, 0x9f, 0xdd, 0xb6, 0x58, 0x03, 0x13, 0x8d, + 0xeb, 0xb0, 0xad, 0x30, 0x31, 0x58, 0x6c, 0xa0, + 0x8f, 0x57, 0x50, + }, + { + 0x17, 0x03, 0x01, 0x00, 0x20, 0xab, 0x64, 0x3d, + 0x79, 0x69, 0x3e, 0xba, 0xc4, 0x24, 0x7b, 0xe5, + 0xe5, 0x23, 0x66, 0x6f, 0x32, 0xdf, 0x50, 0x7c, + 0x06, 0x2a, 0x02, 0x82, 0x79, 0x40, 0xdb, 0xb1, + 0x04, 0xc0, 0x2b, 0xdc, 0x3a, 0x15, 0x03, 0x01, + 0x00, 0x20, 0xf8, 0xad, 0xca, 0xd7, 0x96, 0xf0, + 0xd6, 0xa3, 0x62, 0xe1, 0x03, 0x44, 0xdb, 0xd0, + 0xc9, 0x63, 0x3e, 0x1b, 0x70, 0x41, 0x57, 0x0c, + 0xd8, 0x8e, 0x71, 0x49, 0x68, 0xe3, 0x04, 0x53, + 0x5a, 0xbe, + }, +} diff --git a/handshake_server_test.go b/handshake_server_test.go index 08a0ccb..baca4f3 100644 --- a/handshake_server_test.go +++ b/handshake_server_test.go @@ -11,12 +11,15 @@ import ( "encoding/hex" "encoding/pem" "flag" + "fmt" "io" "log" "math/big" "net" + "os" "strconv" "strings" + "sync" "testing" "time" ) @@ -79,7 +82,6 @@ func TestRejectBadProtocolVersion(t *testing.T) { func TestNoSuiteOverlap(t *testing.T) { clientHello := &clientHelloMsg{nil, 0x0301, nil, nil, []uint16{0xff00}, []uint8{0}, false, "", false, nil, nil} testClientHelloFailure(t, clientHello, alertHandshakeFailure) - } func TestNoCompressionOverlap(t *testing.T) { @@ -193,55 +195,133 @@ func TestClientAuth(t *testing.T) { } } +// recordingConn is a net.Conn that records the traffic that passes through it. +// WriteTo can be used to produce Go code that contains the recorded traffic. +type recordingConn struct { + net.Conn + lock sync.Mutex + flows [][]byte + currentlyReading bool +} + +func (r *recordingConn) Read(b []byte) (n int, err error) { + if n, err = r.Conn.Read(b); n == 0 { + return + } + b = b[:n] + + r.lock.Lock() + defer r.lock.Unlock() + + if l := len(r.flows); l == 0 || !r.currentlyReading { + buf := make([]byte, len(b)) + copy(buf, b) + r.flows = append(r.flows, buf) + } else { + r.flows[l-1] = append(r.flows[l-1], b[:n]...) + } + r.currentlyReading = true + return +} + +func (r *recordingConn) Write(b []byte) (n int, err error) { + if n, err = r.Conn.Write(b); n == 0 { + return + } + b = b[:n] + + r.lock.Lock() + defer r.lock.Unlock() + + if l := len(r.flows); l == 0 || r.currentlyReading { + buf := make([]byte, len(b)) + copy(buf, b) + r.flows = append(r.flows, buf) + } else { + r.flows[l-1] = append(r.flows[l-1], b[:n]...) + } + r.currentlyReading = false + return +} + +// WriteTo writes Go source code to w that contains the recorded traffic. +func (r *recordingConn) WriteTo(w io.Writer) { + fmt.Fprintf(w, "var changeMe = [][]byte {\n") + for _, buf := range r.flows { + fmt.Fprintf(w, "\t{") + for i, b := range buf { + if i%8 == 0 { + fmt.Fprintf(w, "\n\t\t") + } + fmt.Fprintf(w, "0x%02x, ", b) + } + fmt.Fprintf(w, "\n\t},\n") + } + fmt.Fprintf(w, "}\n") +} + var serve = flag.Bool("serve", false, "run a TLS server on :10443") var testCipherSuites = flag.String("ciphersuites", "0x"+strconv.FormatInt(int64(TLS_RSA_WITH_RC4_128_SHA), 16), "cipher suites to accept in serving mode") var testClientAuth = flag.Int("clientauth", 0, "value for tls.Config.ClientAuth") -func TestRunServer(t *testing.T) { - if !*serve { - return - } - +func GetTestConfig() *Config { + var config = *testConfig suites := strings.Split(*testCipherSuites, ",") - testConfig.CipherSuites = make([]uint16, len(suites)) + config.CipherSuites = make([]uint16, len(suites)) for i := range suites { suite, err := strconv.ParseUint(suites[i], 0, 64) if err != nil { panic(err) } - testConfig.CipherSuites[i] = uint16(suite) + config.CipherSuites[i] = uint16(suite) } - testConfig.ClientAuth = ClientAuthType(*testClientAuth) + config.ClientAuth = ClientAuthType(*testClientAuth) + return &config +} - l, err := Listen("tcp", ":10443", testConfig) +func TestRunServer(t *testing.T) { + if !*serve { + return + } + + config := GetTestConfig() + + const addr = ":10443" + l, err := net.Listen("tcp", addr) if err != nil { t.Fatal(err) } + log.Printf("Now listening for connections on %s", addr) for { - c, err := l.Accept() + tcpConn, err := l.Accept() if err != nil { + log.Printf("error accepting connection: %s", err) + break + } + + record := &recordingConn{ + Conn: tcpConn, + } + + conn := Server(record, config) + if err := conn.Handshake(); err != nil { log.Printf("error from TLS handshake: %s", err) break } - _, err = c.Write([]byte("hello, world\n")) + _, err = conn.Write([]byte("hello, world\n")) if err != nil { - log.Printf("error from TLS: %s", err) + log.Printf("error from Write: %s", err) continue } - st := c.(*Conn).ConnectionState() - if len(st.PeerCertificates) > 0 { - log.Print("Handling request from client ", st.PeerCertificates[0].Subject.CommonName) - } else { - log.Print("Handling request from anon client") - } + conn.Close() - c.Close() + record.WriteTo(os.Stdout) } } @@ -284,10 +364,8 @@ func loadPEMCert(in string) *x509.Certificate { // Script of interaction with gnutls implementation. // The values for this test are obtained by building and running in server mode: -// % go test -run "TestRunServer" -serve -// and then: -// % gnutls-cli --insecure --debug 100 -p 10443 localhost > /tmp/log 2>&1 -// % python parse-gnutls-cli-debug-log.py < /tmp/log +// % go test -test.run "TestRunServer" -serve +// The recorded bytes are written to stdout. var rc4ServerScript = [][]byte{ { 0x16, 0x03, 0x02, 0x00, 0x7a, 0x01, 0x00, 0x00, diff --git a/parse-gnutls-cli-debug-log.py b/parse-gnutls-cli-debug-log.py deleted file mode 100644 index 5692bd3..0000000 --- a/parse-gnutls-cli-debug-log.py +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright 2010 The Go Authors. All rights reserved. -# Use of this source code is governed by a BSD-style -# license that can be found in the LICENSE file. - -# This code is used to parse the debug log from gnutls-cli and generate a -# script of the handshake. This script is included in handshake_server_test.go. -# See the comments there for details. - -import sys - -blocks = [] - -READ = 1 -WRITE = 2 - -currentBlockType = 0 -currentBlock = [] -for line in sys.stdin.readlines(): - line = line[:-1] - if line.startswith("|<7>| WRITE: "): - if currentBlockType != WRITE: - if len(currentBlock) > 0: - blocks.append(currentBlock) - currentBlock = [] - currentBlockType = WRITE - elif line.startswith("|<7>| READ: "): - if currentBlockType != READ: - if len(currentBlock) > 0: - blocks.append(currentBlock) - currentBlock = [] - currentBlockType = READ - elif line.startswith("|<7>| 0"): - line = line[13:] - line = line.strip() - bs = line.split() - for b in bs: - currentBlock.append(int(b, 16)) - elif line.startswith("|<7>| RB-PEEK: Read 1 bytes"): - currentBlock = currentBlock[:-1] - -if len(currentBlock) > 0: - blocks.append(currentBlock) - -for block in blocks: - sys.stdout.write("\t{\n") - - i = 0 - for b in block: - if i % 8 == 0: - sys.stdout.write("\t\t") - sys.stdout.write("0x%02x," % b) - if i % 8 == 7: - sys.stdout.write("\n") - else: - sys.stdout.write(" ") - i += 1 - sys.stdout.write("\n\t},\n\n")