Alternative TLS implementation in Go
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

287 lines
10 KiB

  1. // Copyright 2010 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package tls
  5. import (
  6. "bytes"
  7. "io"
  8. "net"
  9. "testing"
  10. )
  11. func TestRoundUp(t *testing.T) {
  12. if roundUp(0, 16) != 0 ||
  13. roundUp(1, 16) != 16 ||
  14. roundUp(15, 16) != 16 ||
  15. roundUp(16, 16) != 16 ||
  16. roundUp(17, 16) != 32 {
  17. t.Error("roundUp broken")
  18. }
  19. }
  20. // will be initialized with {0, 255, 255, ..., 255}
  21. var padding255Bad = [256]byte{}
  22. // will be initialized with {255, 255, 255, ..., 255}
  23. var padding255Good = [256]byte{255}
  24. var paddingTests = []struct {
  25. in []byte
  26. good bool
  27. expectedLen int
  28. }{
  29. {[]byte{1, 2, 3, 4, 0}, true, 4},
  30. {[]byte{1, 2, 3, 4, 0, 1}, false, 0},
  31. {[]byte{1, 2, 3, 4, 99, 99}, false, 0},
  32. {[]byte{1, 2, 3, 4, 1, 1}, true, 4},
  33. {[]byte{1, 2, 3, 2, 2, 2}, true, 3},
  34. {[]byte{1, 2, 3, 3, 3, 3}, true, 2},
  35. {[]byte{1, 2, 3, 4, 3, 3}, false, 0},
  36. {[]byte{1, 4, 4, 4, 4, 4}, true, 1},
  37. {[]byte{5, 5, 5, 5, 5, 5}, true, 0},
  38. {[]byte{6, 6, 6, 6, 6, 6}, false, 0},
  39. {padding255Bad[:], false, 0},
  40. {padding255Good[:], true, 0},
  41. }
  42. func TestRemovePadding(t *testing.T) {
  43. for i := 1; i < len(padding255Bad); i++ {
  44. padding255Bad[i] = 255
  45. padding255Good[i] = 255
  46. }
  47. for i, test := range paddingTests {
  48. paddingLen, good := extractPadding(test.in)
  49. expectedGood := byte(255)
  50. if !test.good {
  51. expectedGood = 0
  52. }
  53. if good != expectedGood {
  54. t.Errorf("#%d: wrong validity, want:%d got:%d", i, expectedGood, good)
  55. }
  56. if good == 255 && len(test.in)-paddingLen != test.expectedLen {
  57. t.Errorf("#%d: got %d, want %d", i, len(test.in)-paddingLen, test.expectedLen)
  58. }
  59. }
  60. }
  61. var certExampleCom = `308201713082011ba003020102021005a75ddf21014d5f417083b7a010ba2e300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343135335a170d3137303831373231343135335a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100b37f0fdd67e715bf532046ac34acbd8fdc4dabe2b598588f3f58b1f12e6219a16cbfe54d2b4b665396013589262360b6721efa27d546854f17cc9aeec6751db10203010001a34d304b300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff0402300030160603551d11040f300d820b6578616d706c652e636f6d300d06092a864886f70d01010b050003410059fc487866d3d855503c8e064ca32aac5e9babcece89ec597f8b2b24c17867f4a5d3b4ece06e795bfc5448ccbd2ffca1b3433171ebf3557a4737b020565350a0`
  62. var certWildcardExampleCom = `308201743082011ea003020102021100a7aa6297c9416a4633af8bec2958c607300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343231395a170d3137303831373231343231395a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100b105afc859a711ee864114e7d2d46c2dcbe392d3506249f6c2285b0eb342cc4bf2d803677c61c0abde443f084745c1a6d62080e5664ef2cc8f50ad8a0ab8870b0203010001a34f304d300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff0402300030180603551d110411300f820d2a2e6578616d706c652e636f6d300d06092a864886f70d01010b0500034100af26088584d266e3f6566360cf862c7fecc441484b098b107439543144a2b93f20781988281e108c6d7656934e56950e1e5f2bcf38796b814ccb729445856c34`
  63. var certFooExampleCom = `308201753082011fa00302010202101bbdb6070b0aeffc49008cde74deef29300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343234345a170d3137303831373231343234345a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100f00ac69d8ca2829f26216c7b50f1d4bbabad58d447706476cd89a2f3e1859943748aa42c15eedc93ac7c49e40d3b05ed645cb6b81c4efba60d961f44211a54eb0203010001a351304f300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301a0603551d1104133011820f666f6f2e6578616d706c652e636f6d300d06092a864886f70d01010b0500034100a0957fca6d1e0f1ef4b247348c7a8ca092c29c9c0ecc1898ea6b8065d23af6d922a410dd2335a0ea15edd1394cef9f62c9e876a21e35250a0b4fe1ddceba0f36`
  64. var certDoubleWildcardExampleCom = `308201753082011fa003020102021039d262d8538db8ffba30d204e02ddeb5300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343331335a170d3137303831373231343331335a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100abb6bd84b8b9be3fb9415d00f22b4ddcaec7c99855b9d818c09003e084578430e5cfd2e35faa3561f036d496aa43a9ca6e6cf23c72a763c04ae324004f6cbdbb0203010001a351304f300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301a0603551d1104133011820f2a2e2a2e6578616d706c652e636f6d300d06092a864886f70d01010b05000341004837521004a5b6bc7ad5d6c0dae60bb7ee0fa5e4825be35e2bb6ef07ee29396ca30ceb289431bcfd363888ba2207139933ac7c6369fa8810c819b2e2966abb4b`
  65. func TestCertificateSelection(t *testing.T) {
  66. config := Config{
  67. Certificates: []Certificate{
  68. {
  69. Certificate: [][]byte{fromHex(certExampleCom)},
  70. },
  71. {
  72. Certificate: [][]byte{fromHex(certWildcardExampleCom)},
  73. },
  74. {
  75. Certificate: [][]byte{fromHex(certFooExampleCom)},
  76. },
  77. {
  78. Certificate: [][]byte{fromHex(certDoubleWildcardExampleCom)},
  79. },
  80. },
  81. }
  82. config.BuildNameToCertificate()
  83. pointerToIndex := func(c *Certificate) int {
  84. for i := range config.Certificates {
  85. if c == &config.Certificates[i] {
  86. return i
  87. }
  88. }
  89. return -1
  90. }
  91. certificateForName := func(name string) *Certificate {
  92. clientHello := &ClientHelloInfo{
  93. ServerName: name,
  94. }
  95. if cert, err := config.getCertificate(clientHello); err != nil {
  96. t.Errorf("unable to get certificate for name '%s': %s", name, err)
  97. return nil
  98. } else {
  99. return cert
  100. }
  101. }
  102. if n := pointerToIndex(certificateForName("example.com")); n != 0 {
  103. t.Errorf("example.com returned certificate %d, not 0", n)
  104. }
  105. if n := pointerToIndex(certificateForName("bar.example.com")); n != 1 {
  106. t.Errorf("bar.example.com returned certificate %d, not 1", n)
  107. }
  108. if n := pointerToIndex(certificateForName("foo.example.com")); n != 2 {
  109. t.Errorf("foo.example.com returned certificate %d, not 2", n)
  110. }
  111. if n := pointerToIndex(certificateForName("foo.bar.example.com")); n != 3 {
  112. t.Errorf("foo.bar.example.com returned certificate %d, not 3", n)
  113. }
  114. if n := pointerToIndex(certificateForName("foo.bar.baz.example.com")); n != 0 {
  115. t.Errorf("foo.bar.baz.example.com returned certificate %d, not 0", n)
  116. }
  117. }
  118. // Run with multiple crypto configs to test the logic for computing TLS record overheads.
  119. func runDynamicRecordSizingTest(t *testing.T, config *Config) {
  120. clientConn, serverConn := net.Pipe()
  121. serverConfig := config.Clone()
  122. serverConfig.DynamicRecordSizingDisabled = false
  123. tlsConn := Server(serverConn, serverConfig)
  124. recordSizesChan := make(chan []int, 1)
  125. go func() {
  126. // This goroutine performs a TLS handshake over clientConn and
  127. // then reads TLS records until EOF. It writes a slice that
  128. // contains all the record sizes to recordSizesChan.
  129. defer close(recordSizesChan)
  130. defer clientConn.Close()
  131. tlsConn := Client(clientConn, config)
  132. if err := tlsConn.Handshake(); err != nil {
  133. t.Errorf("Error from client handshake: %v", err)
  134. return
  135. }
  136. var recordHeader [recordHeaderLen]byte
  137. var record []byte
  138. var recordSizes []int
  139. for {
  140. n, err := io.ReadFull(clientConn, recordHeader[:])
  141. if err == io.EOF {
  142. break
  143. }
  144. if err != nil || n != len(recordHeader) {
  145. t.Errorf("io.ReadFull = %d, %v", n, err)
  146. return
  147. }
  148. length := int(recordHeader[3])<<8 | int(recordHeader[4])
  149. if len(record) < length {
  150. record = make([]byte, length)
  151. }
  152. n, err = io.ReadFull(clientConn, record[:length])
  153. if err != nil || n != length {
  154. t.Errorf("io.ReadFull = %d, %v", n, err)
  155. return
  156. }
  157. // The last record will be a close_notify alert, which
  158. // we don't wish to record.
  159. if recordType(recordHeader[0]) == recordTypeApplicationData {
  160. recordSizes = append(recordSizes, recordHeaderLen+length)
  161. }
  162. }
  163. recordSizesChan <- recordSizes
  164. }()
  165. if err := tlsConn.Handshake(); err != nil {
  166. t.Fatalf("Error from server handshake: %s", err)
  167. }
  168. // The server writes these plaintexts in order.
  169. plaintext := bytes.Join([][]byte{
  170. bytes.Repeat([]byte("x"), recordSizeBoostThreshold),
  171. bytes.Repeat([]byte("y"), maxPlaintext*2),
  172. bytes.Repeat([]byte("z"), maxPlaintext),
  173. }, nil)
  174. if _, err := tlsConn.Write(plaintext); err != nil {
  175. t.Fatalf("Error from server write: %s", err)
  176. }
  177. if err := tlsConn.Close(); err != nil {
  178. t.Fatalf("Error from server close: %s", err)
  179. }
  180. recordSizes := <-recordSizesChan
  181. if recordSizes == nil {
  182. t.Fatalf("Client encountered an error")
  183. }
  184. // Drop the size of last record, which is likely to be truncated.
  185. recordSizes = recordSizes[:len(recordSizes)-1]
  186. // recordSizes should contain a series of records smaller than
  187. // tcpMSSEstimate followed by some larger than maxPlaintext.
  188. seenLargeRecord := false
  189. for i, size := range recordSizes {
  190. if !seenLargeRecord {
  191. if size > (i+1)*tcpMSSEstimate {
  192. t.Fatalf("Record #%d has size %d, which is too large too soon", i, size)
  193. }
  194. if size >= maxPlaintext {
  195. seenLargeRecord = true
  196. }
  197. } else if size <= maxPlaintext {
  198. t.Fatalf("Record #%d has size %d but should be full sized", i, size)
  199. }
  200. }
  201. if !seenLargeRecord {
  202. t.Fatalf("No large records observed")
  203. }
  204. }
  205. func TestDynamicRecordSizingWithStreamCipher(t *testing.T) {
  206. config := testConfig.Clone()
  207. config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA}
  208. runDynamicRecordSizingTest(t, config)
  209. }
  210. func TestDynamicRecordSizingWithCBC(t *testing.T) {
  211. config := testConfig.Clone()
  212. config.CipherSuites = []uint16{TLS_RSA_WITH_AES_256_CBC_SHA}
  213. runDynamicRecordSizingTest(t, config)
  214. }
  215. func TestDynamicRecordSizingWithAEAD(t *testing.T) {
  216. config := testConfig.Clone()
  217. config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
  218. runDynamicRecordSizingTest(t, config)
  219. }
  220. // hairpinConn is a net.Conn that makes a “hairpin” call when closed, back into
  221. // the tls.Conn which is calling it.
  222. type hairpinConn struct {
  223. net.Conn
  224. tlsConn *Conn
  225. }
  226. func (conn *hairpinConn) Close() error {
  227. conn.tlsConn.ConnectionState()
  228. return nil
  229. }
  230. func TestHairpinInClose(t *testing.T) {
  231. // This tests that the underlying net.Conn can call back into the
  232. // tls.Conn when being closed without deadlocking.
  233. client, server := net.Pipe()
  234. defer server.Close()
  235. defer client.Close()
  236. conn := &hairpinConn{client, nil}
  237. tlsConn := Server(conn, &Config{
  238. GetCertificate: func(*ClientHelloInfo) (*Certificate, error) {
  239. panic("unreachable")
  240. },
  241. })
  242. conn.tlsConn = tlsConn
  243. // This call should not deadlock.
  244. tlsConn.Close()
  245. }