github.com/gocuntian/go@v0.0.0-20160610041250-fee02d270bf8/src/crypto/tls/conn_test.go (about) 1 // Copyright 2010 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import ( 8 "bytes" 9 "io" 10 "net" 11 "testing" 12 ) 13 14 func TestRoundUp(t *testing.T) { 15 if roundUp(0, 16) != 0 || 16 roundUp(1, 16) != 16 || 17 roundUp(15, 16) != 16 || 18 roundUp(16, 16) != 16 || 19 roundUp(17, 16) != 32 { 20 t.Error("roundUp broken") 21 } 22 } 23 24 var paddingTests = []struct { 25 in []byte 26 good bool 27 expectedLen int 28 }{ 29 {[]byte{1, 2, 3, 4, 0}, true, 4}, 30 {[]byte{1, 2, 3, 4, 0, 1}, false, 0}, 31 {[]byte{1, 2, 3, 4, 99, 99}, false, 0}, 32 {[]byte{1, 2, 3, 4, 1, 1}, true, 4}, 33 {[]byte{1, 2, 3, 2, 2, 2}, true, 3}, 34 {[]byte{1, 2, 3, 3, 3, 3}, true, 2}, 35 {[]byte{1, 2, 3, 4, 3, 3}, false, 0}, 36 {[]byte{1, 4, 4, 4, 4, 4}, true, 1}, 37 {[]byte{5, 5, 5, 5, 5, 5}, true, 0}, 38 {[]byte{6, 6, 6, 6, 6, 6}, false, 0}, 39 } 40 41 func TestRemovePadding(t *testing.T) { 42 for i, test := range paddingTests { 43 payload, good := removePadding(test.in) 44 expectedGood := byte(255) 45 if !test.good { 46 expectedGood = 0 47 } 48 if good != expectedGood { 49 t.Errorf("#%d: wrong validity, want:%d got:%d", i, expectedGood, good) 50 } 51 if good == 255 && len(payload) != test.expectedLen { 52 t.Errorf("#%d: got %d, want %d", i, len(payload), test.expectedLen) 53 } 54 } 55 } 56 57 var certExampleCom = `308201403081eda003020102020101300b06092a864886f70d010105301e311c301a060355040a131354657374696e67204365727469666963617465301e170d3131313030313138353835325a170d3132303933303138353835325a301e311c301a060355040a131354657374696e67204365727469666963617465305a300b06092a864886f70d010101034b003048024100bced6e32368599eeddf18796bfd03958a154f87e5b084f96e85136a56b886733592f493f0fc68b0d6b3551781cb95e13c5de458b28d6fb60d20a9129313261410203010001a31a301830160603551d11040f300d820b6578616d706c652e636f6d300b06092a864886f70d0101050341001a0b419d2c74474c6450654e5f10b32bf426ffdf55cad1c52602e7a9151513a3424c70f5960dcd682db0c33769cc1daa3fcdd3db10809d2392ed4a1bf50ced18` 58 59 var certWildcardExampleCom = `308201423081efa003020102020101300b06092a864886f70d010105301e311c301a060355040a131354657374696e67204365727469666963617465301e170d3131313030313139303034365a170d3132303933303139303034365a301e311c301a060355040a131354657374696e67204365727469666963617465305a300b06092a864886f70d010101034b003048024100bced6e32368599eeddf18796bfd03958a154f87e5b084f96e85136a56b886733592f493f0fc68b0d6b3551781cb95e13c5de458b28d6fb60d20a9129313261410203010001a31c301a30180603551d110411300f820d2a2e6578616d706c652e636f6d300b06092a864886f70d0101050341001676f0c9e7c33c1b656ed5a6476c4e2ee9ec8e62df7407accb1875272b2edd0a22096cb2c22598d11604104d604f810eb4b5987ca6bb319c7e6ce48725c54059` 60 61 var certFooExampleCom = `308201443081f1a003020102020101300b06092a864886f70d010105301e311c301a060355040a131354657374696e67204365727469666963617465301e170d3131313030313139303131345a170d3132303933303139303131345a301e311c301a060355040a131354657374696e67204365727469666963617465305a300b06092a864886f70d010101034b003048024100bced6e32368599eeddf18796bfd03958a154f87e5b084f96e85136a56b886733592f493f0fc68b0d6b3551781cb95e13c5de458b28d6fb60d20a9129313261410203010001a31e301c301a0603551d1104133011820f666f6f2e6578616d706c652e636f6d300b06092a864886f70d010105034100646a2a51f2aa2477add854b462cf5207ba16d3213ffb5d3d0eed473fbf09935019192d1d5b8ca6a2407b424cf04d97c4cd9197c83ecf81f0eab9464a1109d09f` 62 63 var certDoubleWildcardExampleCom = `308201443081f1a003020102020101300b06092a864886f70d010105301e311c301a060355040a131354657374696e67204365727469666963617465301e170d3131313030313139303134315a170d3132303933303139303134315a301e311c301a060355040a131354657374696e67204365727469666963617465305a300b06092a864886f70d010101034b003048024100bced6e32368599eeddf18796bfd03958a154f87e5b084f96e85136a56b886733592f493f0fc68b0d6b3551781cb95e13c5de458b28d6fb60d20a9129313261410203010001a31e301c301a0603551d1104133011820f2a2e2a2e6578616d706c652e636f6d300b06092a864886f70d0101050341001c3de267975f56ef57771c6218ef95ecc65102e57bd1defe6f7efea90d9b26cf40de5bd7ad75e46201c7f2a92aaa3e907451e9409f65e28ddb6db80d726290f6` 64 65 func TestCertificateSelection(t *testing.T) { 66 config := Config{ 67 Certificates: []Certificate{ 68 { 69 Certificate: [][]byte{fromHex(certExampleCom)}, 70 }, 71 { 72 Certificate: [][]byte{fromHex(certWildcardExampleCom)}, 73 }, 74 { 75 Certificate: [][]byte{fromHex(certFooExampleCom)}, 76 }, 77 { 78 Certificate: [][]byte{fromHex(certDoubleWildcardExampleCom)}, 79 }, 80 }, 81 } 82 83 config.BuildNameToCertificate() 84 85 pointerToIndex := func(c *Certificate) int { 86 for i := range config.Certificates { 87 if c == &config.Certificates[i] { 88 return i 89 } 90 } 91 return -1 92 } 93 94 certificateForName := func(name string) *Certificate { 95 clientHello := &ClientHelloInfo{ 96 ServerName: name, 97 } 98 if cert, err := config.getCertificate(clientHello); err != nil { 99 t.Errorf("unable to get certificate for name '%s': %s", name, err) 100 return nil 101 } else { 102 return cert 103 } 104 } 105 106 if n := pointerToIndex(certificateForName("example.com")); n != 0 { 107 t.Errorf("example.com returned certificate %d, not 0", n) 108 } 109 if n := pointerToIndex(certificateForName("bar.example.com")); n != 1 { 110 t.Errorf("bar.example.com returned certificate %d, not 1", n) 111 } 112 if n := pointerToIndex(certificateForName("foo.example.com")); n != 2 { 113 t.Errorf("foo.example.com returned certificate %d, not 2", n) 114 } 115 if n := pointerToIndex(certificateForName("foo.bar.example.com")); n != 3 { 116 t.Errorf("foo.bar.example.com returned certificate %d, not 3", n) 117 } 118 if n := pointerToIndex(certificateForName("foo.bar.baz.example.com")); n != 0 { 119 t.Errorf("foo.bar.baz.example.com returned certificate %d, not 0", n) 120 } 121 } 122 123 // Run with multiple crypto configs to test the logic for computing TLS record overheads. 124 func runDynamicRecordSizingTest(t *testing.T, config *Config) { 125 clientConn, serverConn := net.Pipe() 126 127 serverConfig := *config 128 serverConfig.DynamicRecordSizingDisabled = false 129 tlsConn := Server(serverConn, &serverConfig) 130 131 recordSizesChan := make(chan []int, 1) 132 go func() { 133 // This goroutine performs a TLS handshake over clientConn and 134 // then reads TLS records until EOF. It writes a slice that 135 // contains all the record sizes to recordSizesChan. 136 defer close(recordSizesChan) 137 defer clientConn.Close() 138 139 tlsConn := Client(clientConn, config) 140 if err := tlsConn.Handshake(); err != nil { 141 t.Errorf("Error from client handshake: %s", err) 142 return 143 } 144 145 var recordHeader [recordHeaderLen]byte 146 var record []byte 147 var recordSizes []int 148 149 for { 150 n, err := clientConn.Read(recordHeader[:]) 151 if err == io.EOF { 152 break 153 } 154 if err != nil || n != len(recordHeader) { 155 t.Errorf("Error from client read: %s", err) 156 return 157 } 158 159 length := int(recordHeader[3])<<8 | int(recordHeader[4]) 160 if len(record) < length { 161 record = make([]byte, length) 162 } 163 164 n, err = clientConn.Read(record[:length]) 165 if err != nil || n != length { 166 t.Errorf("Error from client read: %s", err) 167 return 168 } 169 170 // The last record will be a close_notify alert, which 171 // we don't wish to record. 172 if recordType(recordHeader[0]) == recordTypeApplicationData { 173 recordSizes = append(recordSizes, recordHeaderLen+length) 174 } 175 } 176 177 recordSizesChan <- recordSizes 178 }() 179 180 if err := tlsConn.Handshake(); err != nil { 181 t.Fatalf("Error from server handshake: %s", err) 182 } 183 184 // The server writes these plaintexts in order. 185 plaintext := bytes.Join([][]byte{ 186 bytes.Repeat([]byte("x"), recordSizeBoostThreshold), 187 bytes.Repeat([]byte("y"), maxPlaintext*2), 188 bytes.Repeat([]byte("z"), maxPlaintext), 189 }, nil) 190 191 if _, err := tlsConn.Write(plaintext); err != nil { 192 t.Fatalf("Error from server write: %s", err) 193 } 194 if err := tlsConn.Close(); err != nil { 195 t.Fatalf("Error from server close: %s", err) 196 } 197 198 recordSizes := <-recordSizesChan 199 if recordSizes == nil { 200 t.Fatalf("Client encountered an error") 201 } 202 203 // Drop the size of last record, which is likely to be truncated. 204 recordSizes = recordSizes[:len(recordSizes)-1] 205 206 // recordSizes should contain a series of records smaller than 207 // tcpMSSEstimate followed by some larger than maxPlaintext. 208 seenLargeRecord := false 209 for i, size := range recordSizes { 210 if !seenLargeRecord { 211 if size > (i+1)*tcpMSSEstimate { 212 t.Fatalf("Record #%d has size %d, which is too large too soon", i, size) 213 } 214 if size >= maxPlaintext { 215 seenLargeRecord = true 216 } 217 } else if size <= maxPlaintext { 218 t.Fatalf("Record #%d has size %d but should be full sized", i, size) 219 } 220 } 221 222 if !seenLargeRecord { 223 t.Fatalf("No large records observed") 224 } 225 } 226 227 func TestDynamicRecordSizingWithStreamCipher(t *testing.T) { 228 config := *testConfig 229 config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA} 230 runDynamicRecordSizingTest(t, &config) 231 } 232 233 func TestDynamicRecordSizingWithCBC(t *testing.T) { 234 config := *testConfig 235 config.CipherSuites = []uint16{TLS_RSA_WITH_AES_256_CBC_SHA} 236 runDynamicRecordSizingTest(t, &config) 237 } 238 239 func TestDynamicRecordSizingWithAEAD(t *testing.T) { 240 config := *testConfig 241 config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256} 242 runDynamicRecordSizingTest(t, &config) 243 }