github.com/Carcraftz/utls@v0.0.0-20220413235215-6b7c52fd78b6/tls_test.go (about) 1 // Copyright 2012 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import ( 8 "bytes" 9 "crypto/x509" 10 "encoding/json" 11 "errors" 12 "fmt" 13 "io" 14 "io/ioutil" 15 "math" 16 "net" 17 "os" 18 "reflect" 19 "strings" 20 "sync" 21 "testing" 22 "time" 23 24 "gitlab.com/yawning/utls.git/testenv" 25 ) 26 27 var rsaCertPEM = `-----BEGIN CERTIFICATE----- 28 MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 29 BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 30 aWRnaXRzIFB0eSBMdGQwHhcNMTIwOTEyMjE1MjAyWhcNMTUwOTEyMjE1MjAyWjBF 31 MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 32 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLJ 33 hPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wok/4xIA+ui35/MmNa 34 rtNuC+BdZ1tMuVCPFZcCAwEAAaNQME4wHQYDVR0OBBYEFJvKs8RfJaXTH08W+SGv 35 zQyKn0H8MB8GA1UdIwQYMBaAFJvKs8RfJaXTH08W+SGvzQyKn0H8MAwGA1UdEwQF 36 MAMBAf8wDQYJKoZIhvcNAQEFBQADQQBJlffJHybjDGxRMqaRmDhX0+6v02TUKZsW 37 r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V 38 -----END CERTIFICATE----- 39 ` 40 41 var rsaKeyPEM = `-----BEGIN RSA PRIVATE KEY----- 42 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo 43 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G 44 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N 45 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW 46 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T 47 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi 48 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== 49 -----END RSA PRIVATE KEY----- 50 ` 51 52 // keyPEM is the same as rsaKeyPEM, but declares itself as just 53 // "PRIVATE KEY", not "RSA PRIVATE KEY". https://golang.org/issue/4477 54 var keyPEM = `-----BEGIN PRIVATE KEY----- 55 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo 56 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G 57 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N 58 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW 59 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T 60 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi 61 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== 62 -----END PRIVATE KEY----- 63 ` 64 65 var ecdsaCertPEM = `-----BEGIN CERTIFICATE----- 66 MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw 67 EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 68 eSBMdGQwHhcNMTIxMTE0MTI0MDQ4WhcNMTUxMTE0MTI0MDQ4WjBFMQswCQYDVQQG 69 EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk 70 Z2l0cyBQdHkgTHRkMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBY9+my9OoeSUR 71 lDQdV/x8LsOuLilthhiS1Tz4aGDHIPwC1mlvnf7fg5lecYpMCrLLhauAc1UJXcgl 72 01xoLuzgtAEAgv2P/jgytzRSpUYvgLBt1UA0leLYBy6mQQbrNEuqT3INapKIcUv8 73 XxYP0xMEUksLPq6Ca+CRSqTtrd/23uTnapkwCQYHKoZIzj0EAQOBigAwgYYCQXJo 74 A7Sl2nLVf+4Iu/tAX/IF4MavARKC4PPHK3zfuGfPR3oCCcsAoz3kAzOeijvd0iXb 75 H5jBImIxPL4WxQNiBTexAkF8D1EtpYuWdlVQ80/h/f4pBcGiXPqX5h2PQSQY7hP1 76 +jwM1FGS4fREIOvlBYr/SzzQRtwrvrzGYxDEDbsC0ZGRnA== 77 -----END CERTIFICATE----- 78 ` 79 80 var ecdsaKeyPEM = `-----BEGIN EC PARAMETERS----- 81 BgUrgQQAIw== 82 -----END EC PARAMETERS----- 83 -----BEGIN EC PRIVATE KEY----- 84 MIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0 85 NwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL 86 06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz 87 VQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q 88 kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ== 89 -----END EC PRIVATE KEY----- 90 ` 91 92 var keyPairTests = []struct { 93 algo string 94 cert string 95 key string 96 }{ 97 {"ECDSA", ecdsaCertPEM, ecdsaKeyPEM}, 98 {"RSA", rsaCertPEM, rsaKeyPEM}, 99 {"RSA-untyped", rsaCertPEM, keyPEM}, // golang.org/issue/4477 100 } 101 102 func TestX509KeyPair(t *testing.T) { 103 t.Parallel() 104 var pem []byte 105 for _, test := range keyPairTests { 106 pem = []byte(test.cert + test.key) 107 if _, err := X509KeyPair(pem, pem); err != nil { 108 t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err) 109 } 110 pem = []byte(test.key + test.cert) 111 if _, err := X509KeyPair(pem, pem); err != nil { 112 t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err) 113 } 114 } 115 } 116 117 func TestX509KeyPairErrors(t *testing.T) { 118 _, err := X509KeyPair([]byte(rsaKeyPEM), []byte(rsaCertPEM)) 119 if err == nil { 120 t.Fatalf("X509KeyPair didn't return an error when arguments were switched") 121 } 122 if subStr := "been switched"; !strings.Contains(err.Error(), subStr) { 123 t.Fatalf("Expected %q in the error when switching arguments to X509KeyPair, but the error was %q", subStr, err) 124 } 125 126 _, err = X509KeyPair([]byte(rsaCertPEM), []byte(rsaCertPEM)) 127 if err == nil { 128 t.Fatalf("X509KeyPair didn't return an error when both arguments were certificates") 129 } 130 if subStr := "certificate"; !strings.Contains(err.Error(), subStr) { 131 t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were certificates, but the error was %q", subStr, err) 132 } 133 134 const nonsensePEM = ` 135 -----BEGIN NONSENSE----- 136 Zm9vZm9vZm9v 137 -----END NONSENSE----- 138 ` 139 140 _, err = X509KeyPair([]byte(nonsensePEM), []byte(nonsensePEM)) 141 if err == nil { 142 t.Fatalf("X509KeyPair didn't return an error when both arguments were nonsense") 143 } 144 if subStr := "NONSENSE"; !strings.Contains(err.Error(), subStr) { 145 t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were nonsense, but the error was %q", subStr, err) 146 } 147 } 148 149 func TestX509MixedKeyPair(t *testing.T) { 150 if _, err := X509KeyPair([]byte(rsaCertPEM), []byte(ecdsaKeyPEM)); err == nil { 151 t.Error("Load of RSA certificate succeeded with ECDSA private key") 152 } 153 if _, err := X509KeyPair([]byte(ecdsaCertPEM), []byte(rsaKeyPEM)); err == nil { 154 t.Error("Load of ECDSA certificate succeeded with RSA private key") 155 } 156 } 157 158 func newLocalListener(t testing.TB) net.Listener { 159 ln, err := net.Listen("tcp", "127.0.0.1:0") 160 if err != nil { 161 ln, err = net.Listen("tcp6", "[::1]:0") 162 } 163 if err != nil { 164 t.Fatal(err) 165 } 166 return ln 167 } 168 169 func TestDialTimeout(t *testing.T) { 170 if testing.Short() { 171 t.Skip("skipping in short mode") 172 } 173 listener := newLocalListener(t) 174 175 addr := listener.Addr().String() 176 defer listener.Close() 177 178 complete := make(chan bool) 179 defer close(complete) 180 181 go func() { 182 conn, err := listener.Accept() 183 if err != nil { 184 t.Error(err) 185 return 186 } 187 <-complete 188 conn.Close() 189 }() 190 191 dialer := &net.Dialer{ 192 Timeout: 10 * time.Millisecond, 193 } 194 195 var err error 196 if _, err = DialWithDialer(dialer, "tcp", addr, nil); err == nil { 197 t.Fatal("DialWithTimeout completed successfully") 198 } 199 200 if !isTimeoutError(err) { 201 t.Errorf("resulting error not a timeout: %v\nType %T: %#v", err, err, err) 202 } 203 } 204 205 func isTimeoutError(err error) bool { 206 if ne, ok := err.(net.Error); ok { 207 return ne.Timeout() 208 } 209 return false 210 } 211 212 // tests that Conn.Read returns (non-zero, io.EOF) instead of 213 // (non-zero, nil) when a Close (alertCloseNotify) is sitting right 214 // behind the application data in the buffer. 215 func TestConnReadNonzeroAndEOF(t *testing.T) { 216 // This test is racy: it assumes that after a write to a 217 // localhost TCP connection, the peer TCP connection can 218 // immediately read it. Because it's racy, we skip this test 219 // in short mode, and then retry it several times with an 220 // increasing sleep in between our final write (via srv.Close 221 // below) and the following read. 222 if testing.Short() { 223 t.Skip("skipping in short mode") 224 } 225 var err error 226 for delay := time.Millisecond; delay <= 64*time.Millisecond; delay *= 2 { 227 if err = testConnReadNonzeroAndEOF(t, delay); err == nil { 228 return 229 } 230 } 231 t.Error(err) 232 } 233 234 func testConnReadNonzeroAndEOF(t *testing.T, delay time.Duration) error { 235 ln := newLocalListener(t) 236 defer ln.Close() 237 238 srvCh := make(chan *Conn, 1) 239 var serr error 240 go func() { 241 sconn, err := ln.Accept() 242 if err != nil { 243 serr = err 244 srvCh <- nil 245 return 246 } 247 serverConfig := testConfig.Clone() 248 srv := Server(sconn, serverConfig) 249 if err := srv.Handshake(); err != nil { 250 serr = fmt.Errorf("handshake: %v", err) 251 srvCh <- nil 252 return 253 } 254 srvCh <- srv 255 }() 256 257 clientConfig := testConfig.Clone() 258 // In TLS 1.3, alerts are encrypted and disguised as application data, so 259 // the opportunistic peek won't work. 260 clientConfig.MaxVersion = VersionTLS12 261 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 262 if err != nil { 263 t.Fatal(err) 264 } 265 defer conn.Close() 266 267 srv := <-srvCh 268 if srv == nil { 269 return serr 270 } 271 272 buf := make([]byte, 6) 273 274 srv.Write([]byte("foobar")) 275 n, err := conn.Read(buf) 276 if n != 6 || err != nil || string(buf) != "foobar" { 277 return fmt.Errorf("Read = %d, %v, data %q; want 6, nil, foobar", n, err, buf) 278 } 279 280 srv.Write([]byte("abcdef")) 281 srv.Close() 282 time.Sleep(delay) 283 n, err = conn.Read(buf) 284 if n != 6 || string(buf) != "abcdef" { 285 return fmt.Errorf("Read = %d, buf= %q; want 6, abcdef", n, buf) 286 } 287 if err != io.EOF { 288 return fmt.Errorf("Second Read error = %v; want io.EOF", err) 289 } 290 return nil 291 } 292 293 func TestTLSUniqueMatches(t *testing.T) { 294 ln := newLocalListener(t) 295 defer ln.Close() 296 297 serverTLSUniques := make(chan []byte) 298 go func() { 299 for i := 0; i < 2; i++ { 300 sconn, err := ln.Accept() 301 if err != nil { 302 t.Error(err) 303 return 304 } 305 serverConfig := testConfig.Clone() 306 serverConfig.MaxVersion = VersionTLS12 // TLSUnique is not defined in TLS 1.3 307 srv := Server(sconn, serverConfig) 308 if err := srv.Handshake(); err != nil { 309 t.Error(err) 310 return 311 } 312 serverTLSUniques <- srv.ConnectionState().TLSUnique 313 } 314 }() 315 316 clientConfig := testConfig.Clone() 317 clientConfig.ClientSessionCache = NewLRUClientSessionCache(1) 318 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 319 if err != nil { 320 t.Fatal(err) 321 } 322 if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) { 323 t.Error("client and server channel bindings differ") 324 } 325 conn.Close() 326 327 conn, err = Dial("tcp", ln.Addr().String(), clientConfig) 328 if err != nil { 329 t.Fatal(err) 330 } 331 defer conn.Close() 332 if !conn.ConnectionState().DidResume { 333 t.Error("second session did not use resumption") 334 } 335 if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) { 336 t.Error("client and server channel bindings differ when session resumption is used") 337 } 338 } 339 340 func TestVerifyHostname(t *testing.T) { 341 testenv.MustHaveExternalNetwork(t) 342 343 c, err := Dial("tcp", "www.google.com:https", nil) 344 if err != nil { 345 t.Fatal(err) 346 } 347 if err := c.VerifyHostname("www.google.com"); err != nil { 348 t.Fatalf("verify www.google.com: %v", err) 349 } 350 if err := c.VerifyHostname("www.yahoo.com"); err == nil { 351 t.Fatalf("verify www.yahoo.com succeeded") 352 } 353 354 c, err = Dial("tcp", "www.google.com:https", &Config{InsecureSkipVerify: true}) 355 if err != nil { 356 t.Fatal(err) 357 } 358 if err := c.VerifyHostname("www.google.com"); err == nil { 359 t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true") 360 } 361 } 362 363 func TestConnCloseBreakingWrite(t *testing.T) { 364 ln := newLocalListener(t) 365 defer ln.Close() 366 367 srvCh := make(chan *Conn, 1) 368 var serr error 369 var sconn net.Conn 370 go func() { 371 var err error 372 sconn, err = ln.Accept() 373 if err != nil { 374 serr = err 375 srvCh <- nil 376 return 377 } 378 serverConfig := testConfig.Clone() 379 srv := Server(sconn, serverConfig) 380 if err := srv.Handshake(); err != nil { 381 serr = fmt.Errorf("handshake: %v", err) 382 srvCh <- nil 383 return 384 } 385 srvCh <- srv 386 }() 387 388 cconn, err := net.Dial("tcp", ln.Addr().String()) 389 if err != nil { 390 t.Fatal(err) 391 } 392 defer cconn.Close() 393 394 conn := &changeImplConn{ 395 Conn: cconn, 396 } 397 398 clientConfig := testConfig.Clone() 399 tconn := Client(conn, clientConfig) 400 if err := tconn.Handshake(); err != nil { 401 t.Fatal(err) 402 } 403 404 srv := <-srvCh 405 if srv == nil { 406 t.Fatal(serr) 407 } 408 defer sconn.Close() 409 410 connClosed := make(chan struct{}) 411 conn.closeFunc = func() error { 412 close(connClosed) 413 return nil 414 } 415 416 inWrite := make(chan bool, 1) 417 var errConnClosed = errors.New("conn closed for test") 418 conn.writeFunc = func(p []byte) (n int, err error) { 419 inWrite <- true 420 <-connClosed 421 return 0, errConnClosed 422 } 423 424 closeReturned := make(chan bool, 1) 425 go func() { 426 <-inWrite 427 tconn.Close() // test that this doesn't block forever. 428 closeReturned <- true 429 }() 430 431 _, err = tconn.Write([]byte("foo")) 432 if err != errConnClosed { 433 t.Errorf("Write error = %v; want errConnClosed", err) 434 } 435 436 <-closeReturned 437 if err := tconn.Close(); err != errClosed { 438 t.Errorf("Close error = %v; want errClosed", err) 439 } 440 } 441 442 func TestConnCloseWrite(t *testing.T) { 443 ln := newLocalListener(t) 444 defer ln.Close() 445 446 clientDoneChan := make(chan struct{}) 447 448 serverCloseWrite := func() error { 449 sconn, err := ln.Accept() 450 if err != nil { 451 return fmt.Errorf("accept: %v", err) 452 } 453 defer sconn.Close() 454 455 serverConfig := testConfig.Clone() 456 srv := Server(sconn, serverConfig) 457 if err := srv.Handshake(); err != nil { 458 return fmt.Errorf("handshake: %v", err) 459 } 460 defer srv.Close() 461 462 data, err := ioutil.ReadAll(srv) 463 if err != nil { 464 return err 465 } 466 if len(data) > 0 { 467 return fmt.Errorf("Read data = %q; want nothing", data) 468 } 469 470 if err := srv.CloseWrite(); err != nil { 471 return fmt.Errorf("server CloseWrite: %v", err) 472 } 473 474 // Wait for clientCloseWrite to finish, so we know we 475 // tested the CloseWrite before we defer the 476 // sconn.Close above, which would also cause the 477 // client to unblock like CloseWrite. 478 <-clientDoneChan 479 return nil 480 } 481 482 clientCloseWrite := func() error { 483 defer close(clientDoneChan) 484 485 clientConfig := testConfig.Clone() 486 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 487 if err != nil { 488 return err 489 } 490 if err := conn.Handshake(); err != nil { 491 return err 492 } 493 defer conn.Close() 494 495 if err := conn.CloseWrite(); err != nil { 496 return fmt.Errorf("client CloseWrite: %v", err) 497 } 498 499 if _, err := conn.Write([]byte{0}); err != errShutdown { 500 return fmt.Errorf("CloseWrite error = %v; want errShutdown", err) 501 } 502 503 data, err := ioutil.ReadAll(conn) 504 if err != nil { 505 return err 506 } 507 if len(data) > 0 { 508 return fmt.Errorf("Read data = %q; want nothing", data) 509 } 510 return nil 511 } 512 513 errChan := make(chan error, 2) 514 515 go func() { errChan <- serverCloseWrite() }() 516 go func() { errChan <- clientCloseWrite() }() 517 518 for i := 0; i < 2; i++ { 519 select { 520 case err := <-errChan: 521 if err != nil { 522 t.Fatal(err) 523 } 524 case <-time.After(10 * time.Second): 525 t.Fatal("deadlock") 526 } 527 } 528 529 // Also test CloseWrite being called before the handshake is 530 // finished: 531 { 532 ln2 := newLocalListener(t) 533 defer ln2.Close() 534 535 netConn, err := net.Dial("tcp", ln2.Addr().String()) 536 if err != nil { 537 t.Fatal(err) 538 } 539 defer netConn.Close() 540 conn := Client(netConn, testConfig.Clone()) 541 542 if err := conn.CloseWrite(); err != errEarlyCloseWrite { 543 t.Errorf("CloseWrite error = %v; want errEarlyCloseWrite", err) 544 } 545 } 546 } 547 548 func TestWarningAlertFlood(t *testing.T) { 549 ln := newLocalListener(t) 550 defer ln.Close() 551 552 server := func() error { 553 sconn, err := ln.Accept() 554 if err != nil { 555 return fmt.Errorf("accept: %v", err) 556 } 557 defer sconn.Close() 558 559 serverConfig := testConfig.Clone() 560 srv := Server(sconn, serverConfig) 561 if err := srv.Handshake(); err != nil { 562 return fmt.Errorf("handshake: %v", err) 563 } 564 defer srv.Close() 565 566 _, err = ioutil.ReadAll(srv) 567 if err == nil { 568 return errors.New("unexpected lack of error from server") 569 } 570 const expected = "too many ignored" 571 if str := err.Error(); !strings.Contains(str, expected) { 572 return fmt.Errorf("expected error containing %q, but saw: %s", expected, str) 573 } 574 575 return nil 576 } 577 578 errChan := make(chan error, 1) 579 go func() { errChan <- server() }() 580 581 clientConfig := testConfig.Clone() 582 clientConfig.MaxVersion = VersionTLS12 // there are no warning alerts in TLS 1.3 583 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 584 if err != nil { 585 t.Fatal(err) 586 } 587 defer conn.Close() 588 if err := conn.Handshake(); err != nil { 589 t.Fatal(err) 590 } 591 592 for i := 0; i < maxUselessRecords+1; i++ { 593 conn.sendAlert(alertNoRenegotiation) 594 } 595 596 if err := <-errChan; err != nil { 597 t.Fatal(err) 598 } 599 } 600 601 func TestCloneFuncFields(t *testing.T) { 602 const expectedCount = 5 603 called := 0 604 605 c1 := Config{ 606 Time: func() time.Time { 607 called |= 1 << 0 608 return time.Time{} 609 }, 610 GetCertificate: func(*ClientHelloInfo) (*Certificate, error) { 611 called |= 1 << 1 612 return nil, nil 613 }, 614 GetClientCertificate: func(*CertificateRequestInfo) (*Certificate, error) { 615 called |= 1 << 2 616 return nil, nil 617 }, 618 GetConfigForClient: func(*ClientHelloInfo) (*Config, error) { 619 called |= 1 << 3 620 return nil, nil 621 }, 622 VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { 623 called |= 1 << 4 624 return nil 625 }, 626 } 627 628 c2 := c1.Clone() 629 630 c2.Time() 631 c2.GetCertificate(nil) 632 c2.GetClientCertificate(nil) 633 c2.GetConfigForClient(nil) 634 c2.VerifyPeerCertificate(nil, nil) 635 636 if called != (1<<expectedCount)-1 { 637 t.Fatalf("expected %d calls but saw calls %b", expectedCount, called) 638 } 639 } 640 641 func TestCloneNonFuncFields(t *testing.T) { 642 var c1 Config 643 v := reflect.ValueOf(&c1).Elem() 644 645 typ := v.Type() 646 for i := 0; i < typ.NumField(); i++ { 647 f := v.Field(i) 648 if !f.CanSet() { 649 // unexported field; not cloned. 650 continue 651 } 652 653 // testing/quick can't handle functions or interfaces and so 654 // isn't used here. 655 switch fn := typ.Field(i).Name; fn { 656 case "Rand": 657 f.Set(reflect.ValueOf(io.Reader(os.Stdin))) 658 case "Time", "GetCertificate", "GetConfigForClient", "VerifyPeerCertificate", "GetClientCertificate": 659 // DeepEqual can't compare functions. If you add a 660 // function field to this list, you must also change 661 // TestCloneFuncFields to ensure that the func field is 662 // cloned. 663 case "Certificates": 664 f.Set(reflect.ValueOf([]Certificate{ 665 {Certificate: [][]byte{{'b'}}}, 666 })) 667 case "NameToCertificate": 668 f.Set(reflect.ValueOf(map[string]*Certificate{"a": nil})) 669 case "RootCAs", "ClientCAs": 670 f.Set(reflect.ValueOf(x509.NewCertPool())) 671 case "ClientSessionCache": 672 f.Set(reflect.ValueOf(NewLRUClientSessionCache(10))) 673 case "KeyLogWriter": 674 f.Set(reflect.ValueOf(io.Writer(os.Stdout))) 675 case "NextProtos": 676 f.Set(reflect.ValueOf([]string{"a", "b"})) 677 case "ServerName": 678 f.Set(reflect.ValueOf("b")) 679 case "ClientAuth": 680 f.Set(reflect.ValueOf(VerifyClientCertIfGiven)) 681 case "InsecureSkipVerify", "SessionTicketsDisabled", "DynamicRecordSizingDisabled", "PreferServerCipherSuites": 682 f.Set(reflect.ValueOf(true)) 683 case "MinVersion", "MaxVersion": 684 f.Set(reflect.ValueOf(uint16(VersionTLS12))) 685 case "SessionTicketKey": 686 f.Set(reflect.ValueOf([32]byte{})) 687 case "CipherSuites": 688 f.Set(reflect.ValueOf([]uint16{1, 2})) 689 case "CurvePreferences": 690 f.Set(reflect.ValueOf([]CurveID{CurveP256})) 691 case "Renegotiation": 692 f.Set(reflect.ValueOf(RenegotiateOnceAsClient)) 693 default: 694 t.Errorf("all fields must be accounted for, but saw unknown field %q", fn) 695 } 696 } 697 698 c2 := c1.Clone() 699 // DeepEqual also compares unexported fields, thus c2 needs to have run 700 // serverInit in order to be DeepEqual to c1. Cloning it and discarding 701 // the result is sufficient. 702 c2.Clone() 703 704 if !reflect.DeepEqual(&c1, c2) { 705 t.Errorf("clone failed to copy a field") 706 } 707 } 708 709 // changeImplConn is a net.Conn which can change its Write and Close 710 // methods. 711 type changeImplConn struct { 712 net.Conn 713 writeFunc func([]byte) (int, error) 714 closeFunc func() error 715 } 716 717 func (w *changeImplConn) Write(p []byte) (n int, err error) { 718 if w.writeFunc != nil { 719 return w.writeFunc(p) 720 } 721 return w.Conn.Write(p) 722 } 723 724 func (w *changeImplConn) Close() error { 725 if w.closeFunc != nil { 726 return w.closeFunc() 727 } 728 return w.Conn.Close() 729 } 730 731 func throughput(b *testing.B, version uint16, totalBytes int64, dynamicRecordSizingDisabled bool) { 732 ln := newLocalListener(b) 733 defer ln.Close() 734 735 N := b.N 736 737 // Less than 64KB because Windows appears to use a TCP rwin < 64KB. 738 // See Issue #15899. 739 const bufsize = 32 << 10 740 741 go func() { 742 buf := make([]byte, bufsize) 743 for i := 0; i < N; i++ { 744 sconn, err := ln.Accept() 745 if err != nil { 746 // panic rather than synchronize to avoid benchmark overhead 747 // (cannot call b.Fatal in goroutine) 748 panic(fmt.Errorf("accept: %v", err)) 749 } 750 serverConfig := testConfig.Clone() 751 serverConfig.CipherSuites = nil // the defaults may prefer faster ciphers 752 serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 753 srv := Server(sconn, serverConfig) 754 if err := srv.Handshake(); err != nil { 755 panic(fmt.Errorf("handshake: %v", err)) 756 } 757 if _, err := io.CopyBuffer(srv, srv, buf); err != nil { 758 panic(fmt.Errorf("copy buffer: %v", err)) 759 } 760 } 761 }() 762 763 b.SetBytes(totalBytes) 764 clientConfig := testConfig.Clone() 765 clientConfig.CipherSuites = nil // the defaults may prefer faster ciphers 766 clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 767 clientConfig.MaxVersion = version 768 769 buf := make([]byte, bufsize) 770 chunks := int(math.Ceil(float64(totalBytes) / float64(len(buf)))) 771 for i := 0; i < N; i++ { 772 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 773 if err != nil { 774 b.Fatal(err) 775 } 776 for j := 0; j < chunks; j++ { 777 _, err := conn.Write(buf) 778 if err != nil { 779 b.Fatal(err) 780 } 781 _, err = io.ReadFull(conn, buf) 782 if err != nil { 783 b.Fatal(err) 784 } 785 } 786 conn.Close() 787 } 788 } 789 790 func BenchmarkThroughput(b *testing.B) { 791 for _, mode := range []string{"Max", "Dynamic"} { 792 for size := 1; size <= 64; size <<= 1 { 793 name := fmt.Sprintf("%sPacket/%dMB", mode, size) 794 b.Run(name, func(b *testing.B) { 795 b.Run("TLSv12", func(b *testing.B) { 796 throughput(b, VersionTLS12, int64(size<<20), mode == "Max") 797 }) 798 b.Run("TLSv13", func(b *testing.B) { 799 throughput(b, VersionTLS13, int64(size<<20), mode == "Max") 800 }) 801 }) 802 } 803 } 804 } 805 806 type slowConn struct { 807 net.Conn 808 bps int 809 } 810 811 func (c *slowConn) Write(p []byte) (int, error) { 812 if c.bps == 0 { 813 panic("too slow") 814 } 815 t0 := time.Now() 816 wrote := 0 817 for wrote < len(p) { 818 time.Sleep(100 * time.Microsecond) 819 allowed := int(time.Since(t0).Seconds()*float64(c.bps)) / 8 820 if allowed > len(p) { 821 allowed = len(p) 822 } 823 if wrote < allowed { 824 n, err := c.Conn.Write(p[wrote:allowed]) 825 wrote += n 826 if err != nil { 827 return wrote, err 828 } 829 } 830 } 831 return len(p), nil 832 } 833 834 func latency(b *testing.B, version uint16, bps int, dynamicRecordSizingDisabled bool) { 835 ln := newLocalListener(b) 836 defer ln.Close() 837 838 N := b.N 839 840 go func() { 841 for i := 0; i < N; i++ { 842 sconn, err := ln.Accept() 843 if err != nil { 844 // panic rather than synchronize to avoid benchmark overhead 845 // (cannot call b.Fatal in goroutine) 846 panic(fmt.Errorf("accept: %v", err)) 847 } 848 serverConfig := testConfig.Clone() 849 serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 850 srv := Server(&slowConn{sconn, bps}, serverConfig) 851 if err := srv.Handshake(); err != nil { 852 panic(fmt.Errorf("handshake: %v", err)) 853 } 854 io.Copy(srv, srv) 855 } 856 }() 857 858 clientConfig := testConfig.Clone() 859 clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 860 clientConfig.MaxVersion = version 861 862 buf := make([]byte, 16384) 863 peek := make([]byte, 1) 864 865 for i := 0; i < N; i++ { 866 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 867 if err != nil { 868 b.Fatal(err) 869 } 870 // make sure we're connected and previous connection has stopped 871 if _, err := conn.Write(buf[:1]); err != nil { 872 b.Fatal(err) 873 } 874 if _, err := io.ReadFull(conn, peek); err != nil { 875 b.Fatal(err) 876 } 877 if _, err := conn.Write(buf); err != nil { 878 b.Fatal(err) 879 } 880 if _, err = io.ReadFull(conn, peek); err != nil { 881 b.Fatal(err) 882 } 883 conn.Close() 884 } 885 } 886 887 func BenchmarkLatency(b *testing.B) { 888 for _, mode := range []string{"Max", "Dynamic"} { 889 for _, kbps := range []int{200, 500, 1000, 2000, 5000} { 890 name := fmt.Sprintf("%sPacket/%dkbps", mode, kbps) 891 b.Run(name, func(b *testing.B) { 892 b.Run("TLSv12", func(b *testing.B) { 893 latency(b, VersionTLS12, kbps*1000, mode == "Max") 894 }) 895 b.Run("TLSv13", func(b *testing.B) { 896 latency(b, VersionTLS13, kbps*1000, mode == "Max") 897 }) 898 }) 899 } 900 } 901 } 902 903 func TestConnectionStateMarshal(t *testing.T) { 904 cs := &ConnectionState{} 905 _, err := json.Marshal(cs) 906 if err != nil { 907 t.Errorf("json.Marshal failed on ConnectionState: %v", err) 908 } 909 } 910 911 func TestConnectionState(t *testing.T) { 912 issuer, err := x509.ParseCertificate(testRSACertificateIssuer) 913 if err != nil { 914 panic(err) 915 } 916 rootCAs := x509.NewCertPool() 917 rootCAs.AddCert(issuer) 918 919 now := func() time.Time { return time.Unix(1476984729, 0) } 920 921 const alpnProtocol = "golang" 922 const serverName = "example.golang" 923 var scts = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")} 924 var ocsp = []byte("dummy ocsp") 925 926 for _, v := range []uint16{VersionTLS12, VersionTLS13} { 927 var name string 928 switch v { 929 case VersionTLS12: 930 name = "TLSv12" 931 case VersionTLS13: 932 name = "TLSv13" 933 } 934 t.Run(name, func(t *testing.T) { 935 config := &Config{ 936 Time: now, 937 Rand: zeroSource{}, 938 Certificates: make([]Certificate, 1), 939 MaxVersion: v, 940 RootCAs: rootCAs, 941 ClientCAs: rootCAs, 942 ClientAuth: RequireAndVerifyClientCert, 943 NextProtos: []string{alpnProtocol}, 944 ServerName: serverName, 945 } 946 config.Certificates[0].Certificate = [][]byte{testRSACertificate} 947 config.Certificates[0].PrivateKey = testRSAPrivateKey 948 config.Certificates[0].SignedCertificateTimestamps = scts 949 config.Certificates[0].OCSPStaple = ocsp 950 951 ss, cs, err := testHandshake(t, config, config) 952 if err != nil { 953 t.Fatalf("Handshake failed: %v", err) 954 } 955 956 if ss.Version != v || cs.Version != v { 957 t.Errorf("Got versions %x (server) and %x (client), expected %x", ss.Version, cs.Version, v) 958 } 959 960 if !ss.HandshakeComplete || !cs.HandshakeComplete { 961 t.Errorf("Got HandshakeComplete %v (server) and %v (client), expected true", ss.HandshakeComplete, cs.HandshakeComplete) 962 } 963 964 if ss.DidResume || cs.DidResume { 965 t.Errorf("Got DidResume %v (server) and %v (client), expected false", ss.DidResume, cs.DidResume) 966 } 967 968 if ss.CipherSuite == 0 || cs.CipherSuite == 0 { 969 t.Errorf("Got invalid cipher suite: %v (server) and %v (client)", ss.CipherSuite, cs.CipherSuite) 970 } 971 972 if ss.NegotiatedProtocol != alpnProtocol || cs.NegotiatedProtocol != alpnProtocol { 973 t.Errorf("Got negotiated protocol %q (server) and %q (client), expected %q", ss.NegotiatedProtocol, cs.NegotiatedProtocol, alpnProtocol) 974 } 975 976 if !cs.NegotiatedProtocolIsMutual { 977 t.Errorf("Got false NegotiatedProtocolIsMutual on the client side") 978 } 979 // NegotiatedProtocolIsMutual on the server side is unspecified. 980 981 if ss.ServerName != serverName { 982 t.Errorf("Got server name %q, expected %q", ss.ServerName, serverName) 983 } 984 if cs.ServerName != "" { 985 t.Errorf("Got unexpected server name on the client side") 986 } 987 988 if len(ss.PeerCertificates) != 1 || len(cs.PeerCertificates) != 1 { 989 t.Errorf("Got %d (server) and %d (client) peer certificates, expected %d", len(ss.PeerCertificates), len(cs.PeerCertificates), 1) 990 } 991 992 if len(ss.VerifiedChains) != 1 || len(cs.VerifiedChains) != 1 { 993 t.Errorf("Got %d (server) and %d (client) verified chains, expected %d", len(ss.VerifiedChains), len(cs.VerifiedChains), 1) 994 } else if len(ss.VerifiedChains[0]) != 2 || len(cs.VerifiedChains[0]) != 2 { 995 t.Errorf("Got %d (server) and %d (client) long verified chain, expected %d", len(ss.VerifiedChains[0]), len(cs.VerifiedChains[0]), 2) 996 } 997 998 if len(cs.SignedCertificateTimestamps) != 2 { 999 t.Errorf("Got %d SCTs, expected %d", len(cs.SignedCertificateTimestamps), 2) 1000 } 1001 if !bytes.Equal(cs.OCSPResponse, ocsp) { 1002 t.Errorf("Got OCSPs %x, expected %x", cs.OCSPResponse, ocsp) 1003 } 1004 // Only TLS 1.3 supports OCSP and SCTs on client certs. 1005 if v == VersionTLS13 { 1006 if len(ss.SignedCertificateTimestamps) != 2 { 1007 t.Errorf("Got %d client SCTs, expected %d", len(ss.SignedCertificateTimestamps), 2) 1008 } 1009 if !bytes.Equal(ss.OCSPResponse, ocsp) { 1010 t.Errorf("Got client OCSPs %x, expected %x", ss.OCSPResponse, ocsp) 1011 } 1012 } 1013 1014 if v == VersionTLS13 { 1015 if ss.TLSUnique != nil || cs.TLSUnique != nil { 1016 t.Errorf("Got TLSUnique %x (server) and %x (client), expected nil in TLS 1.3", ss.TLSUnique, cs.TLSUnique) 1017 } 1018 } else { 1019 if ss.TLSUnique == nil || cs.TLSUnique == nil { 1020 t.Errorf("Got TLSUnique %x (server) and %x (client), expected non-nil", ss.TLSUnique, cs.TLSUnique) 1021 } 1022 } 1023 }) 1024 } 1025 } 1026 1027 // TestEscapeRoute tests that the library will still work if support for TLS 1.3 1028 // is dropped later in the Go 1.12 cycle. 1029 func TestEscapeRoute(t *testing.T) { 1030 defer func(savedSupportedVersions []uint16) { 1031 supportedVersions = savedSupportedVersions 1032 }(supportedVersions) 1033 supportedVersions = []uint16{ 1034 VersionTLS12, 1035 VersionTLS11, 1036 VersionTLS10, 1037 VersionSSL30, 1038 } 1039 1040 expectVersion(t, testConfig, testConfig, VersionTLS12) 1041 } 1042 1043 func expectVersion(t *testing.T, clientConfig, serverConfig *Config, v uint16) { 1044 ss, cs, err := testHandshake(t, clientConfig, serverConfig) 1045 if err != nil { 1046 t.Fatalf("Handshake failed: %v", err) 1047 } 1048 if ss.Version != v { 1049 t.Errorf("Server negotiated version %x, expected %x", cs.Version, v) 1050 } 1051 if cs.Version != v { 1052 t.Errorf("Client negotiated version %x, expected %x", cs.Version, v) 1053 } 1054 } 1055 1056 // TestTLS13Switch checks the behavior of GODEBUG=tls13=[0|1]. See Issue 30055. 1057 func TestTLS13Switch(t *testing.T) { 1058 defer func(savedGODEBUG string) { 1059 os.Setenv("GODEBUG", savedGODEBUG) 1060 }(os.Getenv("GODEBUG")) 1061 1062 os.Setenv("GODEBUG", "tls13=0") 1063 tls13Support.Once = sync.Once{} // reset the cache 1064 1065 tls12Config := testConfig.Clone() 1066 tls12Config.MaxVersion = VersionTLS12 1067 expectVersion(t, testConfig, testConfig, VersionTLS12) 1068 expectVersion(t, tls12Config, testConfig, VersionTLS12) 1069 expectVersion(t, testConfig, tls12Config, VersionTLS12) 1070 expectVersion(t, tls12Config, tls12Config, VersionTLS12) 1071 1072 os.Setenv("GODEBUG", "tls13=1") 1073 tls13Support.Once = sync.Once{} // reset the cache 1074 1075 expectVersion(t, testConfig, testConfig, VersionTLS13) 1076 expectVersion(t, tls12Config, testConfig, VersionTLS12) 1077 expectVersion(t, testConfig, tls12Config, VersionTLS12) 1078 expectVersion(t, tls12Config, tls12Config, VersionTLS12) 1079 } 1080 1081 // Issue 28744: Ensure that we don't modify memory 1082 // that Config doesn't own such as Certificates. 1083 func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) { 1084 c0 := Certificate{ 1085 Certificate: [][]byte{testRSACertificate}, 1086 PrivateKey: testRSAPrivateKey, 1087 } 1088 c1 := Certificate{ 1089 Certificate: [][]byte{testSNICertificate}, 1090 PrivateKey: testRSAPrivateKey, 1091 } 1092 config := testConfig.Clone() 1093 config.Certificates = []Certificate{c0, c1} 1094 1095 config.BuildNameToCertificate() 1096 got := config.Certificates 1097 want := []Certificate{c0, c1} 1098 if !reflect.DeepEqual(got, want) { 1099 t.Fatalf("Certificates were mutated by BuildNameToCertificate\nGot: %#v\nWant: %#v\n", got, want) 1100 } 1101 }