kris
/
tls-tris
1
0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
瀏覽代碼

Testing rework 

Goal of this PR is to rework testing script so that actual testing is
easy to extend and perform during development cycle.

* For interoperability testing I use python script and test framework,
  instead of complicated bsah scripts. Script itself is not yet perfect
  but it makes it much easier to extend tests and work with them during
  development time

* Makefile has been extended and now includes all steps needed to build
  the library and run tests. It's now possible to run any kind of tests
  without exporting environment variables.  Thanks to this change it is
  stupid-easy to run any kind of tests.

* There are 3 kinds of tests implemented in the library - unittests,
  interoperability tests and bogo. Travis has been changed and now
  dashbord will show only results for those 3 targets.
tls13
Henry D. Case 6 年之前
committed by Henry Dorsett Case
父節點
42d5f61fd6
當前提交
e5c37bded5
共有 10 個文件被更改,包括 366 次插入145 次删除
分割檢視
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -29
      .travis.yml
  2. +49
    -19
      README.md
  3. +67
    -9
      _dev/Makefile
  4. +0
    -7
      _dev/bogo.sh
  5. +2
    -0
      _dev/go.sh
  6. +0
    -71
      _dev/interop.sh
  7. +243
    -0
      _dev/interop_test_runner
  8. +0
    -1
      _dev/tris-localserver/Dockerfile
  9. +0
    -4
      _dev/tris-localserver/start.sh
  10. +0
    -5
      _dev/tris-testclient/build.sh

+ 5
- 29
.travis.yml 查看文件

@@ -8,39 +8,15 @@ go:
- 1.10.x

env:
# CLIAUTH is used for client authentication testing. If string contains letter:
# - "C" - tris client will be tested against $SERVER
# - "S" - tris server will be tested against $CLIENT
# - none of them, client authentication is not tested
- MODE=interop CLIENT=boring SERVER=boring CLIAUTH=NONE # Without client authentication
- MODE=interop CLIENT=boring SERVER=boring CLIAUTH=SC # Client authentication
- MODE=interop CLIENT=tstclnt SERVER=tstclnt
- MODE=interop CLIENT=picotls ZRTT=1
# - MODE=interop CLIENT=mint # does not support draft 22
- MODE=bogo
- MODE=gotest
- MODE=interop CLIENT=tstclnt ZRTT=1
- MODE=interop CLIENT=boring REVISION=origin/master
- MODE=interop CLIENT=tstclnt REVISION=default ZRTT=1
- TEST_SUITE=test-unit
- TEST_SUITE=test-bogo
- TEST_SUITE=test-interop

matrix:
fast_finish: true
allow_failures:
- env: MODE=interop CLIENT=boring REVISION=origin/master
- env: MODE=interop CLIENT=tstclnt REVISION=default ZRTT=1

install:
- if [ "$MODE" = "interop" ]; then ./_dev/tris-localserver/start.sh -d && docker ps -a; fi
- if [ "$MODE" = "interop" ]; then ./_dev/interop.sh INSTALL $CLIENT $REVISION; fi
- if [ -n "$SERVER" -a "$CLIENT" != "$SERVER" ]; then ./_dev/interop.sh INSTALL $SERVER $REVISION; fi
- if [ -n "$SERVER" ]; then ./_dev/interop.sh INSTALL-CLIENT; fi
- sudo pip install docker

script:
- if [ "$MODE" = "interop" ]; then ./_dev/interop.sh RUN $CLIENT $CLIAUTH; fi
- if [ "$MODE" = "interop" ] && [ "$ZRTT" = "1" ]; then ./_dev/interop.sh 0-RTT $CLIENT; fi
- if [ -n "$SERVER" ]; then ./_dev/interop.sh RUN-CLIENT $SERVER $CLIAUTH; fi
- if [ "$MODE" = "gotest" ]; then ./_dev/go.sh test -race crypto/tls; fi
- if [ "$MODE" = "bogo" ]; then ./_dev/bogo.sh; fi

after_script:
- if [ "$MODE" = "interop" ]; then docker ps -a; docker logs tris-localserver; fi
- make -f _dev/Makefile build-all && make -f _dev/Makefile "$TEST_SUITE"

+ 49
- 19
README.md 查看文件

@@ -20,47 +20,77 @@ tls-tris shouldn't be used as an external package. It is also impossible to ven
as `crypto/tls` because stdlib packages would import the standard one and mismatch.

So, to build with tls-tris, you need to use a custom GOROOT.

A script is provided that will take care of it for you: `./_dev/go.sh`.
Just use that instead of the `go` tool.

The script also transparently fetches the custom Cloudflare Go 1.9 compiler with the required backports.
The script also transparently fetches the custom Cloudflare Go 1.10 compiler with the required backports.

```
./_dev/go.sh build ./_dev/tris-localserver
TLSDEBUG=error ./tris-localserver -b 127.0.0.1:4443
```
## Development

## Debugging
### Dependencies

When the environment variable `TLSDEBUG` is set to `error`, Tris will print a hexdump of the Client Hello and a stack trace if an handshake error occurs. If the value is `short`, only the error and the first meaningful stack frame are printed.
Copy paste line bellow to install all required dependencies:

## Building Caddy
* ArchLinux:
```
pacman -S go docker gcc git make patch python2 python-docker rsync
```

* Debian:
```
./_dev/go.sh build github.com/mholt/caddy
apt-get install build-essential docker go patch python python-pip rsync
pip install setuptools
pip install docker
```

*Note: to get Caddy to use TLS 1.3 you'll have to apply the patch at `_dev/caddy/caddy.patch`.*
Similar dependencies can be found on any UNIX based system/distribution.

### Building

## Testing with BoringSSL/NSS/Mint/...
There are number of things that need to be setup before running tests. Most important step is to copy ``go env GOROOT`` directory to ``_dev`` and swap TLS implementation and recompile GO. Then for testing we use go implementation from ``_dev/GOROOT``.

```
./_dev/tris-localserver/start.sh --rm
make -f _dev/Makefile build-all
```

### Testing

We run 3 kinds of test:.

* Unit testing: <br/>``make -f _dev/Makefile test-unit``
* Testing against BoringSSL test suite: <br/>``make -f _dev/Makefile test-bogo``
* Compatibility testing (see below):<br/>``make -f _dev/Makefile test-compat``

To run all the tests in one go use:
```
docker build -t tls-tris:boring _dev/boring
docker run -i --rm tls-tris:boring $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver):443
make -f _dev/Makefile test
```

### Testing interoperability with 3rd party libraries

In order to ensure compatibility we are testing our implementation against BoringSSL, NSS and PicoTLS.

Makefile has a specific target for testing interoperability with external libraries. Following command can be used in order to run such test:

```
docker build -t tls-tris:tstclnt _dev/tstclnt
docker run -i --rm tls-tris:tstclnt $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver):443
make -f _dev/Makefile test-interop
```

The makefile target is just a wrapper and it executes ``_dev/interop_test_runner`` script written in python. The script implements interoperability tests using ``python unittest`` framework.

Script can be started from command line directly. For example:

```
docker build -t tls-tris:mint _dev/mint
docker run -i --rm tls-tris:mint $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver):443
> ./interop_test_runner -v InteropServer_NSS.test_zero_rtt
test_zero_rtt (__main__.InteropServer_NSS) ... ok

----------------------------------------------------------------------
Ran 1 test in 8.765s

OK
```

To build a specific revision, use `--build-arg REVISION=abcdef1234`.
### Debugging

When the environment variable `TLSDEBUG` is set to `error`, Tris will print a hexdump of the Client Hello and a stack trace if an handshake error occurs. If the value is `short`, only the error and the first meaningful stack frame are printed.

+ 67
- 9
_dev/Makefile 查看文件

@@ -7,6 +7,7 @@ BUILD_DIR ?= $(PRJ_DIR)/_dev/GOROOT

# Compiler
GO ?= go
DOCKER ?= docker

# Build environment
OS ?= $(shell $(GO) env GOHOSTOS)
@@ -18,12 +19,18 @@ GOROOT_LOCAL = $(BUILD_DIR)/$(OS_ARCH)
# Flag indicates wheter invoke "go install -race std". Supported only on amd64 with CGO enabled
INSTALL_RACE:= $(words $(filter $(ARCH)_$(shell go env CGO_ENABLED), amd64_1))

# TODO: I'm not sure why we would remove it at the end
# but I comment this code as tls.a is exactly what
# I try to build here
#GOROOT: GOROOT/$(OS_ARCH)/.ok_$(VER_OS_ARCH)
# rm -f GOROOT/$(OS_ARCH)/pkg/*/crypto/tls.a
# Test targets used for compatibility testing
TARGET_TEST_COMPAT=boring picotls tstclnt

# Some target-specific constants
BORINGSSL_REVISION=1530ef3e
BOGO_DOCKER_TRIS_LOCATION=/go/src/github.com/cloudflare/tls-tris

###############
#
# Build targets
#
##############################
$(BUILD_DIR)/$(OS_ARCH)/.ok_$(VER_OS_ARCH): clean

# Create clean directory structure
@@ -36,7 +43,7 @@ $(BUILD_DIR)/$(OS_ARCH)/.ok_$(VER_OS_ARCH): clean

# Swap TLS implementation
rm -r $(GOROOT_LOCAL)/src/crypto/tls/*
rsync -a $(PRJ_DIR)/ $(GOROOT_LOCAL)/src/crypto/tls/ --exclude=$(lastword $(subst /, ,$(DEV_DIR)))
rsync -rltgoD $(PRJ_DIR)/ $(GOROOT_LOCAL)/src/crypto/tls/ --exclude=$(lastword $(subst /, ,$(DEV_DIR)))

# Apply additional patches
for p in $(wildcard $(DEV_DIR)/patches/*); do patch -d "$(GOROOT_LOCAL)" -p1 < "$$p"; done
@@ -48,11 +55,62 @@ ifeq ($(INSTALL_RACE),1)
endif
@touch "$@"

build-test-%: $(BUILD_DIR)/$(OS_ARCH)/.ok_$(VER_OS_ARCH)
$(DOCKER) build $(BUILDARG) -t tls-tris:$* $(DEV_DIR)/$*
$(DOCKER) build $(BUILDARG) -t $(*)-localserver $(DEV_DIR)/$*

build-all: \
build-test-tris-client \
build-test-tris-server \
build-test-bogo \
$(addprefix build-test-,$(TARGET_TEST_COMPAT))

# Builds TRIS client
build-test-tris-client: $(BUILD_DIR)/$(OS_ARCH)/.ok_$(VER_OS_ARCH)
cd $(DEV_DIR)/tris-testclient; CGO_ENABLED=0 GOROOT="$(GOROOT_LOCAL)" $(GO) build -v -i .
$(DOCKER) build -t tris-testclient $(DEV_DIR)/tris-testclient

# Builds TRIS server
build-test-tris-server: $(BUILD_DIR)/$(OS_ARCH)/.ok_$(VER_OS_ARCH)
cd $(DEV_DIR)/tris-localserver; CGO_ENABLED=0 GOROOT="$(GOROOT_LOCAL)" $(GO) build -v -i .
$(DOCKER) build -t tris-localserver $(DEV_DIR)/tris-localserver

# BoringSSL specific stuff
build-test-boring: BUILDARG=--build-arg REVISION=$(BORINGSSL_REVISION)

# TODO: This probably doesn't work
build-caddy: $(BUILD_DIR)/$(OS_ARCH)/.ok_$(VER_OS_ARCH)
CGO_ENABLED=0 GOROOT="$(GOROOT_LOCAL)" $(GO) build github.com/mholt/caddy

###############
#
# Test targets
#
##############################
test: \
test-unit \
test-bogo \
test-interop

test-unit: $(BUILD_DIR)/$(OS_ARCH)/.ok_$(VER_OS_ARCH)
GOROOT="$(GOROOT_LOCAL)" $(GO) test -race crypto/tls

test-bogo:
$(DOCKER) run --rm -v $(PRJ_DIR):$(BOGO_DOCKER_TRIS_LOCATION) tls-tris:bogo

test-interop:
$(DEV_DIR)/interop_test_runner -v

###############
#
# Utils
#
##############################
clean:
rm -rf $(BUILD_DIR)/$(OS_ARCH)

clean-all:
clean-all: clean
rm -rf $(BUILD_DIR)

# PHONY targets
.PHONY: $(BUILD_DIR) clean
.PHONY: $(BUILD_DIR) clean build build-test test test-unit test-bogo test-compat

+ 0
- 7
_dev/bogo.sh 查看文件

@@ -1,7 +0,0 @@
#!/usr/bin/env bash
set -xeuo pipefail

BASEDIR=$(cd "$(dirname "$0")" && pwd)

docker build -t tls-tris:bogo _dev/bogo
docker run --rm -v $BASEDIR/..:/go/src/github.com/cloudflare/tls-tris tls-tris:bogo

+ 2
- 0
_dev/go.sh 查看文件

@@ -1,4 +1,6 @@
#!/usr/bin/env bash
#
# THIS FILE IS ONLY USED BY _dev/bogo. It will be removed in future
set -e

BASEDIR=$(cd "$(dirname "$0")" && pwd)


+ 0
- 71
_dev/interop.sh 查看文件

@@ -1,71 +0,0 @@
#!/usr/bin/env bash
set -xeo pipefail

if [ "$1" = "INSTALL" ]; then
# INSTALL <client> [<revision>]
if [ -n "${3:-}" ]; then
REVISION="--build-arg REVISION=$3"
else
REVISION=""
fi
docker build $REVISION -t tls-tris:$2 _dev/$2

elif [ "$1" = "RUN" ]; then
# RUN <client>
IP=$(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver)

docker run --rm tls-tris:$2 $IP:1443 | tee output.txt # RSA
grep "Hello TLS 1.3" output.txt | grep -v "resumed" | grep -v "0-RTT"
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep -v "0-RTT"

docker run --rm tls-tris:$2 $IP:2443 | tee output.txt # ECDSA
grep "Hello TLS 1.3" output.txt | grep -v "resumed" | grep -v "0-RTT"
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep -v "0-RTT"

if [[ $3 =~ .*S.* ]]; then
# Client auth - tris is a server
docker run --rm tls-tris:$2 $IP:6443 -key client_rsa.key -cert client_rsa.crt -debug 2>&1 | tee output.txt
grep "send_client_certificate_verify" output.txt # Checks if client cert was requested and sent
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep -v "0-RTT"
fi

elif [ "$1" = "0-RTT" ]; then
# 0-RTT <client>
IP=$(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver)

docker run --rm tls-tris:$2 $IP:3443 | tee output.txt # rejecting 0-RTT
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep -v "0-RTT"

docker run --rm tls-tris:$2 $IP:4443 | tee output.txt # accepting 0-RTT
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep "0-RTT"

docker run --rm tls-tris:$2 $IP:5443 | tee output.txt # confirming 0-RTT
grep "Hello TLS 1.3" output.txt | grep "resumed" | grep "0-RTT confirmed"

elif [ "$1" = "INSTALL-CLIENT" ]; then
cd "$(dirname "$0")/tris-testclient"
./build.sh

elif [ "$1" = "RUN-CLIENT" ]; then
# RUN-CLIENT <target-server>
cd "$(dirname "$0")/tris-testclient"

SERVERNAME="$2-localserver"
docker run --rm --detach --name "$SERVERNAME" \
--entrypoint /server.sh \
--expose 1443 --expose 2443 --expose 6443 \
tls-tris:$2
IP=$(docker inspect -f '{{ .NetworkSettings.IPAddress }}' "$SERVERNAME")
# Obtain information and stop server on exit
trap 'docker ps -a; docker logs "$SERVERNAME"; docker kill "$SERVERNAME"' EXIT

# RSA
docker run --rm tris-testclient -ecdsa=false $IP:1443
# ECDSA
docker run --rm tris-testclient -rsa=false $IP:2443

# Test client authentication if requested (tris is a client)
[[ $3 =~ .*C.* ]] && docker run --rm tris-testclient -rsa=false -cliauth $IP:6443; true

# TODO maybe check server logs for expected output?
fi

+ 243
- 0
_dev/interop_test_runner 查看文件

@@ -0,0 +1,243 @@
#!/usr/bin/env python2

import docker
import unittest
import re
import time

# Regex patterns used for testing

# Checks if TLS 1.3 was negotiated
RE_PATTERN_HELLO_TLS_13_NORESUME = "^.*Hello TLS 1.3 \(draft .*\) _o/$|^.*Hello TLS 1.3 _o/$"
# Checks if TLS 1.3 was resumed
RE_PATTERN_HELLO_TLS_13_RESUME = "Hello TLS 1.3 \(draft .*\) \[resumed\] _o/"
# Checks if 0-RTT was used and NOT confirmed
RE_PATTERN_HELLO_0RTT = "^.*Hello TLS 1.3 .*\[resumed\] \[0-RTT\] _o/$"
# Checks if 0-RTT was used and confirmed
RE_PATTERN_HELLO_0RTT_CONFIRMED = "^.*Hello TLS 1.3 .*\[resumed\] \[0-RTT confirmed\] _o/$"

class Docker(object):
''' Utility class used for starting/stoping servers and clients during tests'''
def __init__(self):
self.d = docker.from_env()

def get_ip(self, server):
tris_localserver_container = self.d.containers.get(server)
return tris_localserver_container.attrs['NetworkSettings']['IPAddress']

def run_client(self, image_name, cmd):
''' Runs client and returns tuple (status_code, logs) '''
c = self.d.containers.create(image=image_name, command=cmd)
c.start()
res = c.wait()
ret = c.logs()
c.remove()
return (res['StatusCode'], ret)

def run_server(self, image_name, cmd=None, ports=None, entrypoint=None):
''' Starts server and returns docker container '''
c = self.d.containers.create(image=image_name, detach=True, command=cmd, ports=ports, entrypoint=entrypoint)
c.start()
# TODO: maybe can be done better?
time.sleep(3)
return c

class RegexSelfTest(unittest.TestCase):
''' Ensures that those regexe's actually work '''

LINE_HELLO_TLS ="\nsomestuff\nHello TLS 1.3 _o/\nsomestuff"
LINE_HELLO_DRAFT_TLS="\nsomestuff\nHello TLS 1.3 (draft 22) _o/\nsomestuff"

LINE_HELLO_RESUMED ="\nsomestuff\nHello TLS 1.3 (draft 22) [resumed] _o/\nsomestuff"
LINE_HELLO_MIXED ="\nsomestuff\nHello TLS 1.3 (draft 22) _o/\nHello TLS 1.3 (draft 22) [resumed] _o/\nsomestuff"
LINE_HELLO_TLS_12 ="\nsomestuff\nHello TLS 1.2 (draft 22) [resumed] _o/\nsomestuff"
LINE_HELLO_TLS_13_0RTT="\nsomestuff\nHello TLS 1.3 (draft 22) [resumed] [0-RTT] _o/\nsomestuff"
LINE_HELLO_TLS_13_0RTT_CONFIRMED="\nsomestuff\nHello TLS 1.3 (draft 22) [resumed] [0-RTT confirmed] _o/\nsomestuff"

def test_regexes(self):
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_NORESUME, RegexSelfTest.LINE_HELLO_TLS, re.MULTILINE))
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_NORESUME, RegexSelfTest.LINE_HELLO_DRAFT_TLS, re.MULTILINE))
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_RESUME, RegexSelfTest.LINE_HELLO_RESUMED, re.MULTILINE))
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_0RTT, RegexSelfTest.LINE_HELLO_TLS_13_0RTT, re.MULTILINE))
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_0RTT_CONFIRMED, RegexSelfTest.LINE_HELLO_TLS_13_0RTT_CONFIRMED, re.MULTILINE))

# negative cases

# expects 1.3, but 1.2 received
self.assertIsNone(
re.search(RE_PATTERN_HELLO_TLS_13_NORESUME, RegexSelfTest.LINE_HELLO_TLS_12, re.MULTILINE))
# expects 0-RTT
self.assertIsNone(
re.search(RE_PATTERN_HELLO_TLS_13_RESUME, RegexSelfTest.LINE_HELLO_TLS_13_0RTT, re.MULTILINE))
# expectes 0-RTT confirmed
self.assertIsNone(
re.search(RE_PATTERN_HELLO_0RTT, RegexSelfTest.LINE_HELLO_TLS_13_0RTT_CONFIRMED, re.MULTILINE))
# expects resume without 0-RTT
self.assertIsNone(
re.search(RE_PATTERN_HELLO_TLS_13_RESUME, RegexSelfTest.LINE_HELLO_TLS_13_0RTT, re.MULTILINE))


class InteropServer(object):
''' Instantiates TRIS as a server '''

TRIS_SERVER_NAME = "tris-localserver"

@classmethod
def setUpClass(self):
self.d = Docker()
self.server = self.d.run_server(self.TRIS_SERVER_NAME)

@classmethod
def tearDownClass(self):
self.server.kill()
self.server.remove()

@property
def server_ip(self):
return self.d.get_ip(self.server.name)

# Mixins for testing server functionality

class ServerNominalMixin(object):
''' Nominal tests for TLS 1.3 - client tries to perform handshake with server '''
def test_rsa(self):
res = self.d.run_client(self.CLIENT_NAME, self.server_ip+":"+'1443')
self.assertTrue(res[0] == 0)
# Check there was TLS hello without resume
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_NORESUME, res[1], re.MULTILINE))
# Check there was TLS hello with resume
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_RESUME, res[1], re.MULTILINE))

def test_ecdsa(self):
res = self.d.run_client(self.CLIENT_NAME, self.server_ip+":"+'2443')
self.assertTrue(res[0] == 0)
# Check there was TLS hello without resume
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_NORESUME, res[1], re.MULTILINE))
# Check there was TLS hello with resume
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_RESUME, res[1], re.MULTILINE))

class ServerClientAuthMixin(object):
''' Client authentication testing '''
def test_client_auth(self):
args = ''.join([self.server_ip+':6443',' -key client_rsa.key -cert client_rsa.crt -debug'])
res = self.d.run_client(self.CLIENT_NAME, args)
self.assertEqual(res[0], 0)
# Check there was TLS hello without resume
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_NORESUME, res[1], re.MULTILINE))
# Check there was TLS hello with resume
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_RESUME, res[1], re.MULTILINE))

class ClientNominalMixin(object):

def test_rsa(self):
res = self.d.run_client(self.CLIENT_NAME, '-rsa=false '+self.server_ip+":2443")
self.assertEqual(res[0], 0)

def test_ecdsa(self):
res = self.d.run_client(self.CLIENT_NAME, '-ecdsa=false '+self.server_ip+":1443")
self.assertEqual(res[0], 0)

class ClientClientAuthMixin(object):
''' Client authentication testing - tris on client side '''

def test_client_auth(self):
res = self.d.run_client('tris-testclient', '-rsa=false -cliauth '+self.server_ip+":6443")
self.assertTrue(res[0] == 0)

class ServerZeroRttMixin(object):
''' Zero RTT testing '''

def test_zero_rtt(self):
# rejecting 0-RTT
res = self.d.run_client(self.CLIENT_NAME, self.server_ip+":3443")
self.assertEqual(res[0], 0)
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_TLS_13_RESUME, res[1], re.MULTILINE))
self.assertIsNone(
re.search(RE_PATTERN_HELLO_0RTT, res[1], re.MULTILINE))

# accepting 0-RTT
res = self.d.run_client(self.CLIENT_NAME, self.server_ip+":4443")
self.assertEqual(res[0], 0)
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_0RTT, res[1], re.MULTILINE))

# confirming 0-RTT
res = self.d.run_client(self.CLIENT_NAME, self.server_ip+":5443")
self.assertEqual(res[0], 0)
self.assertIsNotNone(
re.search(RE_PATTERN_HELLO_0RTT_CONFIRMED, res[1], re.MULTILINE))

class InteropClient(object):
''' Instantiates TRIS as a client '''

CLIENT_NAME = "tris-testclient"

@classmethod
def setUpClass(self):
self.d = Docker()
self.server = self.d.run_server(
self.SERVER_NAME,
ports={'1443/tcp': 1443, '2443/tcp': 2443, '6443/tcp': 6443},
entrypoint="/server.sh")

@classmethod
def tearDownClass(self):
self.server.kill()
self.server.remove()

@property
def server_ip(self):
return self.d.get_ip(self.server.name)

# Actual test definition

# TRIS as a server
class InteropServer_BoringSSL(
InteropServer,
ServerNominalMixin,
ServerClientAuthMixin,
unittest.TestCase
): CLIENT_NAME = "tls-tris:boring"

class InteropServer_PicoTLS(
InteropServer,
ServerNominalMixin,
ServerZeroRttMixin,
unittest.TestCase
): CLIENT_NAME = "tls-tris:picotls"

class InteropServer_NSS(
InteropServer,
ServerNominalMixin,
ServerZeroRttMixin,
unittest.TestCase
): CLIENT_NAME = "tls-tris:tstclnt"

# TRIS as a client
class InteropClient_BoringSSL(
InteropClient,
ClientNominalMixin,
ClientClientAuthMixin,
unittest.TestCase
): SERVER_NAME = "boring-localserver"

class InteropClient_NSS(
InteropClient,
ClientNominalMixin,
unittest.TestCase
): SERVER_NAME = "tstclnt-localserver"

if __name__ == '__main__':
unittest.main()

+ 0
- 1
_dev/tris-localserver/Dockerfile 查看文件

@@ -9,7 +9,6 @@ EXPOSE 4443
EXPOSE 5443
EXPOSE 6443

# GOOS=linux ../go.sh build -v -i .
ADD tris-localserver /
ADD runner.sh /



+ 0
- 4
_dev/tris-localserver/start.sh 查看文件

@@ -1,9 +1,5 @@
#! /bin/sh
set -e

cd "$(dirname $0)"

CGO_ENABLED=0 GOOS=linux ../go.sh build -v -i .
docker build -t tris-localserver .
exec docker run --name tris-localserver --env TLSDEBUG=error "$@" tris-localserver


+ 0
- 5
_dev/tris-testclient/build.sh 查看文件

@@ -1,5 +0,0 @@
#!/bin/sh
set -e
cd "$(dirname "$0")"
CGO_ENABLED=0 GOOS=linux ../go.sh build -v -i .
docker build -t tris-testclient .

Write Preview
Loading…
取消
儲存