github.com/megatontech/mynoteforgo@v0.0.0-20200507084910-5d0c6ea6e890/源码/crypto/tls/tls_test.go (about) 1 // Copyright 2012 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import ( 8 "bytes" 9 "crypto/x509" 10 "encoding/json" 11 "errors" 12 "fmt" 13 "internal/testenv" 14 "io" 15 "io/ioutil" 16 "math" 17 "net" 18 "os" 19 "reflect" 20 "strings" 21 "sync" 22 "testing" 23 "time" 24 ) 25 26 var savedSupportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithmsTLS12 27 28 func init() { 29 // TLS 1.3 is opt-in for Go 1.12, and RSA-PSS is disabled in TLS 1.2, but we 30 // want to run most tests with both enabled. TestTLS13Switch below and the 31 // "PSS-Disabled" recordings test the disabled behavior. See Issue 30055. 32 tls13Support.Do(func() {}) // defuse the sync.Once 33 tls13Support.cached = true 34 supportedSignatureAlgorithmsTLS12 = supportedSignatureAlgorithms 35 } 36 37 var rsaCertPEM = `-----BEGIN CERTIFICATE----- 38 MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV 39 BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX 40 aWRnaXRzIFB0eSBMdGQwHhcNMTIwOTEyMjE1MjAyWhcNMTUwOTEyMjE1MjAyWjBF 41 MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 42 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLJ 43 hPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wok/4xIA+ui35/MmNa 44 rtNuC+BdZ1tMuVCPFZcCAwEAAaNQME4wHQYDVR0OBBYEFJvKs8RfJaXTH08W+SGv 45 zQyKn0H8MB8GA1UdIwQYMBaAFJvKs8RfJaXTH08W+SGvzQyKn0H8MAwGA1UdEwQF 46 MAMBAf8wDQYJKoZIhvcNAQEFBQADQQBJlffJHybjDGxRMqaRmDhX0+6v02TUKZsW 47 r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V 48 -----END CERTIFICATE----- 49 ` 50 51 var rsaKeyPEM = `-----BEGIN RSA PRIVATE KEY----- 52 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo 53 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G 54 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N 55 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW 56 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T 57 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi 58 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== 59 -----END RSA PRIVATE KEY----- 60 ` 61 62 // keyPEM is the same as rsaKeyPEM, but declares itself as just 63 // "PRIVATE KEY", not "RSA PRIVATE KEY". https://golang.org/issue/4477 64 var keyPEM = `-----BEGIN PRIVATE KEY----- 65 MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo 66 k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G 67 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N 68 MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW 69 SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T 70 xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi 71 D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== 72 -----END PRIVATE KEY----- 73 ` 74 75 var ecdsaCertPEM = `-----BEGIN CERTIFICATE----- 76 MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw 77 EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 78 eSBMdGQwHhcNMTIxMTE0MTI0MDQ4WhcNMTUxMTE0MTI0MDQ4WjBFMQswCQYDVQQG 79 EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk 80 Z2l0cyBQdHkgTHRkMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBY9+my9OoeSUR 81 lDQdV/x8LsOuLilthhiS1Tz4aGDHIPwC1mlvnf7fg5lecYpMCrLLhauAc1UJXcgl 82 01xoLuzgtAEAgv2P/jgytzRSpUYvgLBt1UA0leLYBy6mQQbrNEuqT3INapKIcUv8 83 XxYP0xMEUksLPq6Ca+CRSqTtrd/23uTnapkwCQYHKoZIzj0EAQOBigAwgYYCQXJo 84 A7Sl2nLVf+4Iu/tAX/IF4MavARKC4PPHK3zfuGfPR3oCCcsAoz3kAzOeijvd0iXb 85 H5jBImIxPL4WxQNiBTexAkF8D1EtpYuWdlVQ80/h/f4pBcGiXPqX5h2PQSQY7hP1 86 +jwM1FGS4fREIOvlBYr/SzzQRtwrvrzGYxDEDbsC0ZGRnA== 87 -----END CERTIFICATE----- 88 ` 89 90 var ecdsaKeyPEM = `-----BEGIN EC PARAMETERS----- 91 BgUrgQQAIw== 92 -----END EC PARAMETERS----- 93 -----BEGIN EC PRIVATE KEY----- 94 MIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0 95 NwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL 96 06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz 97 VQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q 98 kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ== 99 -----END EC PRIVATE KEY----- 100 ` 101 102 var keyPairTests = []struct { 103 algo string 104 cert string 105 key string 106 }{ 107 {"ECDSA", ecdsaCertPEM, ecdsaKeyPEM}, 108 {"RSA", rsaCertPEM, rsaKeyPEM}, 109 {"RSA-untyped", rsaCertPEM, keyPEM}, // golang.org/issue/4477 110 } 111 112 func TestX509KeyPair(t *testing.T) { 113 t.Parallel() 114 var pem []byte 115 for _, test := range keyPairTests { 116 pem = []byte(test.cert + test.key) 117 if _, err := X509KeyPair(pem, pem); err != nil { 118 t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err) 119 } 120 pem = []byte(test.key + test.cert) 121 if _, err := X509KeyPair(pem, pem); err != nil { 122 t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err) 123 } 124 } 125 } 126 127 func TestX509KeyPairErrors(t *testing.T) { 128 _, err := X509KeyPair([]byte(rsaKeyPEM), []byte(rsaCertPEM)) 129 if err == nil { 130 t.Fatalf("X509KeyPair didn't return an error when arguments were switched") 131 } 132 if subStr := "been switched"; !strings.Contains(err.Error(), subStr) { 133 t.Fatalf("Expected %q in the error when switching arguments to X509KeyPair, but the error was %q", subStr, err) 134 } 135 136 _, err = X509KeyPair([]byte(rsaCertPEM), []byte(rsaCertPEM)) 137 if err == nil { 138 t.Fatalf("X509KeyPair didn't return an error when both arguments were certificates") 139 } 140 if subStr := "certificate"; !strings.Contains(err.Error(), subStr) { 141 t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were certificates, but the error was %q", subStr, err) 142 } 143 144 const nonsensePEM = ` 145 -----BEGIN NONSENSE----- 146 Zm9vZm9vZm9v 147 -----END NONSENSE----- 148 ` 149 150 _, err = X509KeyPair([]byte(nonsensePEM), []byte(nonsensePEM)) 151 if err == nil { 152 t.Fatalf("X509KeyPair didn't return an error when both arguments were nonsense") 153 } 154 if subStr := "NONSENSE"; !strings.Contains(err.Error(), subStr) { 155 t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were nonsense, but the error was %q", subStr, err) 156 } 157 } 158 159 func TestX509MixedKeyPair(t *testing.T) { 160 if _, err := X509KeyPair([]byte(rsaCertPEM), []byte(ecdsaKeyPEM)); err == nil { 161 t.Error("Load of RSA certificate succeeded with ECDSA private key") 162 } 163 if _, err := X509KeyPair([]byte(ecdsaCertPEM), []byte(rsaKeyPEM)); err == nil { 164 t.Error("Load of ECDSA certificate succeeded with RSA private key") 165 } 166 } 167 168 func newLocalListener(t testing.TB) net.Listener { 169 ln, err := net.Listen("tcp", "127.0.0.1:0") 170 if err != nil { 171 ln, err = net.Listen("tcp6", "[::1]:0") 172 } 173 if err != nil { 174 t.Fatal(err) 175 } 176 return ln 177 } 178 179 func TestDialTimeout(t *testing.T) { 180 if testing.Short() { 181 t.Skip("skipping in short mode") 182 } 183 listener := newLocalListener(t) 184 185 addr := listener.Addr().String() 186 defer listener.Close() 187 188 complete := make(chan bool) 189 defer close(complete) 190 191 go func() { 192 conn, err := listener.Accept() 193 if err != nil { 194 t.Error(err) 195 return 196 } 197 <-complete 198 conn.Close() 199 }() 200 201 dialer := &net.Dialer{ 202 Timeout: 10 * time.Millisecond, 203 } 204 205 var err error 206 if _, err = DialWithDialer(dialer, "tcp", addr, nil); err == nil { 207 t.Fatal("DialWithTimeout completed successfully") 208 } 209 210 if !isTimeoutError(err) { 211 t.Errorf("resulting error not a timeout: %v\nType %T: %#v", err, err, err) 212 } 213 } 214 215 func isTimeoutError(err error) bool { 216 if ne, ok := err.(net.Error); ok { 217 return ne.Timeout() 218 } 219 return false 220 } 221 222 // tests that Conn.Read returns (non-zero, io.EOF) instead of 223 // (non-zero, nil) when a Close (alertCloseNotify) is sitting right 224 // behind the application data in the buffer. 225 func TestConnReadNonzeroAndEOF(t *testing.T) { 226 // This test is racy: it assumes that after a write to a 227 // localhost TCP connection, the peer TCP connection can 228 // immediately read it. Because it's racy, we skip this test 229 // in short mode, and then retry it several times with an 230 // increasing sleep in between our final write (via srv.Close 231 // below) and the following read. 232 if testing.Short() { 233 t.Skip("skipping in short mode") 234 } 235 var err error 236 for delay := time.Millisecond; delay <= 64*time.Millisecond; delay *= 2 { 237 if err = testConnReadNonzeroAndEOF(t, delay); err == nil { 238 return 239 } 240 } 241 t.Error(err) 242 } 243 244 func testConnReadNonzeroAndEOF(t *testing.T, delay time.Duration) error { 245 ln := newLocalListener(t) 246 defer ln.Close() 247 248 srvCh := make(chan *Conn, 1) 249 var serr error 250 go func() { 251 sconn, err := ln.Accept() 252 if err != nil { 253 serr = err 254 srvCh <- nil 255 return 256 } 257 serverConfig := testConfig.Clone() 258 srv := Server(sconn, serverConfig) 259 if err := srv.Handshake(); err != nil { 260 serr = fmt.Errorf("handshake: %v", err) 261 srvCh <- nil 262 return 263 } 264 srvCh <- srv 265 }() 266 267 clientConfig := testConfig.Clone() 268 // In TLS 1.3, alerts are encrypted and disguised as application data, so 269 // the opportunistic peek won't work. 270 clientConfig.MaxVersion = VersionTLS12 271 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 272 if err != nil { 273 t.Fatal(err) 274 } 275 defer conn.Close() 276 277 srv := <-srvCh 278 if srv == nil { 279 return serr 280 } 281 282 buf := make([]byte, 6) 283 284 srv.Write([]byte("foobar")) 285 n, err := conn.Read(buf) 286 if n != 6 || err != nil || string(buf) != "foobar" { 287 return fmt.Errorf("Read = %d, %v, data %q; want 6, nil, foobar", n, err, buf) 288 } 289 290 srv.Write([]byte("abcdef")) 291 srv.Close() 292 time.Sleep(delay) 293 n, err = conn.Read(buf) 294 if n != 6 || string(buf) != "abcdef" { 295 return fmt.Errorf("Read = %d, buf= %q; want 6, abcdef", n, buf) 296 } 297 if err != io.EOF { 298 return fmt.Errorf("Second Read error = %v; want io.EOF", err) 299 } 300 return nil 301 } 302 303 func TestTLSUniqueMatches(t *testing.T) { 304 ln := newLocalListener(t) 305 defer ln.Close() 306 307 serverTLSUniques := make(chan []byte) 308 go func() { 309 for i := 0; i < 2; i++ { 310 sconn, err := ln.Accept() 311 if err != nil { 312 t.Error(err) 313 return 314 } 315 serverConfig := testConfig.Clone() 316 serverConfig.MaxVersion = VersionTLS12 // TLSUnique is not defined in TLS 1.3 317 srv := Server(sconn, serverConfig) 318 if err := srv.Handshake(); err != nil { 319 t.Error(err) 320 return 321 } 322 serverTLSUniques <- srv.ConnectionState().TLSUnique 323 } 324 }() 325 326 clientConfig := testConfig.Clone() 327 clientConfig.ClientSessionCache = NewLRUClientSessionCache(1) 328 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 329 if err != nil { 330 t.Fatal(err) 331 } 332 if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) { 333 t.Error("client and server channel bindings differ") 334 } 335 conn.Close() 336 337 conn, err = Dial("tcp", ln.Addr().String(), clientConfig) 338 if err != nil { 339 t.Fatal(err) 340 } 341 defer conn.Close() 342 if !conn.ConnectionState().DidResume { 343 t.Error("second session did not use resumption") 344 } 345 if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) { 346 t.Error("client and server channel bindings differ when session resumption is used") 347 } 348 } 349 350 func TestVerifyHostname(t *testing.T) { 351 testenv.MustHaveExternalNetwork(t) 352 353 c, err := Dial("tcp", "www.google.com:https", nil) 354 if err != nil { 355 t.Fatal(err) 356 } 357 if err := c.VerifyHostname("www.google.com"); err != nil { 358 t.Fatalf("verify www.google.com: %v", err) 359 } 360 if err := c.VerifyHostname("www.yahoo.com"); err == nil { 361 t.Fatalf("verify www.yahoo.com succeeded") 362 } 363 364 c, err = Dial("tcp", "www.google.com:https", &Config{InsecureSkipVerify: true}) 365 if err != nil { 366 t.Fatal(err) 367 } 368 if err := c.VerifyHostname("www.google.com"); err == nil { 369 t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true") 370 } 371 } 372 373 func TestVerifyHostnameResumed(t *testing.T) { 374 t.Run("TLSv12", func(t *testing.T) { testVerifyHostnameResumed(t, VersionTLS12) }) 375 t.Run("TLSv13", func(t *testing.T) { testVerifyHostnameResumed(t, VersionTLS13) }) 376 } 377 378 func testVerifyHostnameResumed(t *testing.T, version uint16) { 379 testenv.MustHaveExternalNetwork(t) 380 381 config := &Config{ 382 MaxVersion: version, 383 ClientSessionCache: NewLRUClientSessionCache(32), 384 } 385 for i := 0; i < 2; i++ { 386 c, err := Dial("tcp", "mail.google.com:https", config) 387 if err != nil { 388 t.Fatalf("Dial #%d: %v", i, err) 389 } 390 cs := c.ConnectionState() 391 if i > 0 && !cs.DidResume { 392 t.Fatalf("Subsequent connection unexpectedly didn't resume") 393 } 394 if cs.Version != version { 395 t.Fatalf("Unexpectedly negotiated version %x", cs.Version) 396 } 397 if cs.VerifiedChains == nil { 398 t.Fatalf("Dial #%d: cs.VerifiedChains == nil", i) 399 } 400 if err := c.VerifyHostname("mail.google.com"); err != nil { 401 t.Fatalf("verify mail.google.com #%d: %v", i, err) 402 } 403 // Give the client a chance to read the server session tickets. 404 c.SetReadDeadline(time.Now().Add(500 * time.Millisecond)) 405 if _, err := c.Read(make([]byte, 1)); err != nil { 406 if err, ok := err.(net.Error); !ok || !err.Timeout() { 407 t.Fatal(err) 408 } 409 } 410 c.Close() 411 } 412 } 413 414 func TestConnCloseBreakingWrite(t *testing.T) { 415 ln := newLocalListener(t) 416 defer ln.Close() 417 418 srvCh := make(chan *Conn, 1) 419 var serr error 420 var sconn net.Conn 421 go func() { 422 var err error 423 sconn, err = ln.Accept() 424 if err != nil { 425 serr = err 426 srvCh <- nil 427 return 428 } 429 serverConfig := testConfig.Clone() 430 srv := Server(sconn, serverConfig) 431 if err := srv.Handshake(); err != nil { 432 serr = fmt.Errorf("handshake: %v", err) 433 srvCh <- nil 434 return 435 } 436 srvCh <- srv 437 }() 438 439 cconn, err := net.Dial("tcp", ln.Addr().String()) 440 if err != nil { 441 t.Fatal(err) 442 } 443 defer cconn.Close() 444 445 conn := &changeImplConn{ 446 Conn: cconn, 447 } 448 449 clientConfig := testConfig.Clone() 450 tconn := Client(conn, clientConfig) 451 if err := tconn.Handshake(); err != nil { 452 t.Fatal(err) 453 } 454 455 srv := <-srvCh 456 if srv == nil { 457 t.Fatal(serr) 458 } 459 defer sconn.Close() 460 461 connClosed := make(chan struct{}) 462 conn.closeFunc = func() error { 463 close(connClosed) 464 return nil 465 } 466 467 inWrite := make(chan bool, 1) 468 var errConnClosed = errors.New("conn closed for test") 469 conn.writeFunc = func(p []byte) (n int, err error) { 470 inWrite <- true 471 <-connClosed 472 return 0, errConnClosed 473 } 474 475 closeReturned := make(chan bool, 1) 476 go func() { 477 <-inWrite 478 tconn.Close() // test that this doesn't block forever. 479 closeReturned <- true 480 }() 481 482 _, err = tconn.Write([]byte("foo")) 483 if err != errConnClosed { 484 t.Errorf("Write error = %v; want errConnClosed", err) 485 } 486 487 <-closeReturned 488 if err := tconn.Close(); err != errClosed { 489 t.Errorf("Close error = %v; want errClosed", err) 490 } 491 } 492 493 func TestConnCloseWrite(t *testing.T) { 494 ln := newLocalListener(t) 495 defer ln.Close() 496 497 clientDoneChan := make(chan struct{}) 498 499 serverCloseWrite := func() error { 500 sconn, err := ln.Accept() 501 if err != nil { 502 return fmt.Errorf("accept: %v", err) 503 } 504 defer sconn.Close() 505 506 serverConfig := testConfig.Clone() 507 srv := Server(sconn, serverConfig) 508 if err := srv.Handshake(); err != nil { 509 return fmt.Errorf("handshake: %v", err) 510 } 511 defer srv.Close() 512 513 data, err := ioutil.ReadAll(srv) 514 if err != nil { 515 return err 516 } 517 if len(data) > 0 { 518 return fmt.Errorf("Read data = %q; want nothing", data) 519 } 520 521 if err := srv.CloseWrite(); err != nil { 522 return fmt.Errorf("server CloseWrite: %v", err) 523 } 524 525 // Wait for clientCloseWrite to finish, so we know we 526 // tested the CloseWrite before we defer the 527 // sconn.Close above, which would also cause the 528 // client to unblock like CloseWrite. 529 <-clientDoneChan 530 return nil 531 } 532 533 clientCloseWrite := func() error { 534 defer close(clientDoneChan) 535 536 clientConfig := testConfig.Clone() 537 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 538 if err != nil { 539 return err 540 } 541 if err := conn.Handshake(); err != nil { 542 return err 543 } 544 defer conn.Close() 545 546 if err := conn.CloseWrite(); err != nil { 547 return fmt.Errorf("client CloseWrite: %v", err) 548 } 549 550 if _, err := conn.Write([]byte{0}); err != errShutdown { 551 return fmt.Errorf("CloseWrite error = %v; want errShutdown", err) 552 } 553 554 data, err := ioutil.ReadAll(conn) 555 if err != nil { 556 return err 557 } 558 if len(data) > 0 { 559 return fmt.Errorf("Read data = %q; want nothing", data) 560 } 561 return nil 562 } 563 564 errChan := make(chan error, 2) 565 566 go func() { errChan <- serverCloseWrite() }() 567 go func() { errChan <- clientCloseWrite() }() 568 569 for i := 0; i < 2; i++ { 570 select { 571 case err := <-errChan: 572 if err != nil { 573 t.Fatal(err) 574 } 575 case <-time.After(10 * time.Second): 576 t.Fatal("deadlock") 577 } 578 } 579 580 // Also test CloseWrite being called before the handshake is 581 // finished: 582 { 583 ln2 := newLocalListener(t) 584 defer ln2.Close() 585 586 netConn, err := net.Dial("tcp", ln2.Addr().String()) 587 if err != nil { 588 t.Fatal(err) 589 } 590 defer netConn.Close() 591 conn := Client(netConn, testConfig.Clone()) 592 593 if err := conn.CloseWrite(); err != errEarlyCloseWrite { 594 t.Errorf("CloseWrite error = %v; want errEarlyCloseWrite", err) 595 } 596 } 597 } 598 599 func TestWarningAlertFlood(t *testing.T) { 600 ln := newLocalListener(t) 601 defer ln.Close() 602 603 server := func() error { 604 sconn, err := ln.Accept() 605 if err != nil { 606 return fmt.Errorf("accept: %v", err) 607 } 608 defer sconn.Close() 609 610 serverConfig := testConfig.Clone() 611 srv := Server(sconn, serverConfig) 612 if err := srv.Handshake(); err != nil { 613 return fmt.Errorf("handshake: %v", err) 614 } 615 defer srv.Close() 616 617 _, err = ioutil.ReadAll(srv) 618 if err == nil { 619 return errors.New("unexpected lack of error from server") 620 } 621 const expected = "too many ignored" 622 if str := err.Error(); !strings.Contains(str, expected) { 623 return fmt.Errorf("expected error containing %q, but saw: %s", expected, str) 624 } 625 626 return nil 627 } 628 629 errChan := make(chan error, 1) 630 go func() { errChan <- server() }() 631 632 clientConfig := testConfig.Clone() 633 clientConfig.MaxVersion = VersionTLS12 // there are no warning alerts in TLS 1.3 634 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 635 if err != nil { 636 t.Fatal(err) 637 } 638 defer conn.Close() 639 if err := conn.Handshake(); err != nil { 640 t.Fatal(err) 641 } 642 643 for i := 0; i < maxUselessRecords+1; i++ { 644 conn.sendAlert(alertNoRenegotiation) 645 } 646 647 if err := <-errChan; err != nil { 648 t.Fatal(err) 649 } 650 } 651 652 func TestCloneFuncFields(t *testing.T) { 653 const expectedCount = 5 654 called := 0 655 656 c1 := Config{ 657 Time: func() time.Time { 658 called |= 1 << 0 659 return time.Time{} 660 }, 661 GetCertificate: func(*ClientHelloInfo) (*Certificate, error) { 662 called |= 1 << 1 663 return nil, nil 664 }, 665 GetClientCertificate: func(*CertificateRequestInfo) (*Certificate, error) { 666 called |= 1 << 2 667 return nil, nil 668 }, 669 GetConfigForClient: func(*ClientHelloInfo) (*Config, error) { 670 called |= 1 << 3 671 return nil, nil 672 }, 673 VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { 674 called |= 1 << 4 675 return nil 676 }, 677 } 678 679 c2 := c1.Clone() 680 681 c2.Time() 682 c2.GetCertificate(nil) 683 c2.GetClientCertificate(nil) 684 c2.GetConfigForClient(nil) 685 c2.VerifyPeerCertificate(nil, nil) 686 687 if called != (1<<expectedCount)-1 { 688 t.Fatalf("expected %d calls but saw calls %b", expectedCount, called) 689 } 690 } 691 692 func TestCloneNonFuncFields(t *testing.T) { 693 var c1 Config 694 v := reflect.ValueOf(&c1).Elem() 695 696 typ := v.Type() 697 for i := 0; i < typ.NumField(); i++ { 698 f := v.Field(i) 699 if !f.CanSet() { 700 // unexported field; not cloned. 701 continue 702 } 703 704 // testing/quick can't handle functions or interfaces and so 705 // isn't used here. 706 switch fn := typ.Field(i).Name; fn { 707 case "Rand": 708 f.Set(reflect.ValueOf(io.Reader(os.Stdin))) 709 case "Time", "GetCertificate", "GetConfigForClient", "VerifyPeerCertificate", "GetClientCertificate": 710 // DeepEqual can't compare functions. If you add a 711 // function field to this list, you must also change 712 // TestCloneFuncFields to ensure that the func field is 713 // cloned. 714 case "Certificates": 715 f.Set(reflect.ValueOf([]Certificate{ 716 {Certificate: [][]byte{{'b'}}}, 717 })) 718 case "NameToCertificate": 719 f.Set(reflect.ValueOf(map[string]*Certificate{"a": nil})) 720 case "RootCAs", "ClientCAs": 721 f.Set(reflect.ValueOf(x509.NewCertPool())) 722 case "ClientSessionCache": 723 f.Set(reflect.ValueOf(NewLRUClientSessionCache(10))) 724 case "KeyLogWriter": 725 f.Set(reflect.ValueOf(io.Writer(os.Stdout))) 726 case "NextProtos": 727 f.Set(reflect.ValueOf([]string{"a", "b"})) 728 case "ServerName": 729 f.Set(reflect.ValueOf("b")) 730 case "ClientAuth": 731 f.Set(reflect.ValueOf(VerifyClientCertIfGiven)) 732 case "InsecureSkipVerify", "SessionTicketsDisabled", "DynamicRecordSizingDisabled", "PreferServerCipherSuites": 733 f.Set(reflect.ValueOf(true)) 734 case "MinVersion", "MaxVersion": 735 f.Set(reflect.ValueOf(uint16(VersionTLS12))) 736 case "SessionTicketKey": 737 f.Set(reflect.ValueOf([32]byte{})) 738 case "CipherSuites": 739 f.Set(reflect.ValueOf([]uint16{1, 2})) 740 case "CurvePreferences": 741 f.Set(reflect.ValueOf([]CurveID{CurveP256})) 742 case "Renegotiation": 743 f.Set(reflect.ValueOf(RenegotiateOnceAsClient)) 744 default: 745 t.Errorf("all fields must be accounted for, but saw unknown field %q", fn) 746 } 747 } 748 749 c2 := c1.Clone() 750 // DeepEqual also compares unexported fields, thus c2 needs to have run 751 // serverInit in order to be DeepEqual to c1. Cloning it and discarding 752 // the result is sufficient. 753 c2.Clone() 754 755 if !reflect.DeepEqual(&c1, c2) { 756 t.Errorf("clone failed to copy a field") 757 } 758 } 759 760 // changeImplConn is a net.Conn which can change its Write and Close 761 // methods. 762 type changeImplConn struct { 763 net.Conn 764 writeFunc func([]byte) (int, error) 765 closeFunc func() error 766 } 767 768 func (w *changeImplConn) Write(p []byte) (n int, err error) { 769 if w.writeFunc != nil { 770 return w.writeFunc(p) 771 } 772 return w.Conn.Write(p) 773 } 774 775 func (w *changeImplConn) Close() error { 776 if w.closeFunc != nil { 777 return w.closeFunc() 778 } 779 return w.Conn.Close() 780 } 781 782 func throughput(b *testing.B, version uint16, totalBytes int64, dynamicRecordSizingDisabled bool) { 783 ln := newLocalListener(b) 784 defer ln.Close() 785 786 N := b.N 787 788 // Less than 64KB because Windows appears to use a TCP rwin < 64KB. 789 // See Issue #15899. 790 const bufsize = 32 << 10 791 792 go func() { 793 buf := make([]byte, bufsize) 794 for i := 0; i < N; i++ { 795 sconn, err := ln.Accept() 796 if err != nil { 797 // panic rather than synchronize to avoid benchmark overhead 798 // (cannot call b.Fatal in goroutine) 799 panic(fmt.Errorf("accept: %v", err)) 800 } 801 serverConfig := testConfig.Clone() 802 serverConfig.CipherSuites = nil // the defaults may prefer faster ciphers 803 serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 804 srv := Server(sconn, serverConfig) 805 if err := srv.Handshake(); err != nil { 806 panic(fmt.Errorf("handshake: %v", err)) 807 } 808 if _, err := io.CopyBuffer(srv, srv, buf); err != nil { 809 panic(fmt.Errorf("copy buffer: %v", err)) 810 } 811 } 812 }() 813 814 b.SetBytes(totalBytes) 815 clientConfig := testConfig.Clone() 816 clientConfig.CipherSuites = nil // the defaults may prefer faster ciphers 817 clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 818 clientConfig.MaxVersion = version 819 820 buf := make([]byte, bufsize) 821 chunks := int(math.Ceil(float64(totalBytes) / float64(len(buf)))) 822 for i := 0; i < N; i++ { 823 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 824 if err != nil { 825 b.Fatal(err) 826 } 827 for j := 0; j < chunks; j++ { 828 _, err := conn.Write(buf) 829 if err != nil { 830 b.Fatal(err) 831 } 832 _, err = io.ReadFull(conn, buf) 833 if err != nil { 834 b.Fatal(err) 835 } 836 } 837 conn.Close() 838 } 839 } 840 841 func BenchmarkThroughput(b *testing.B) { 842 for _, mode := range []string{"Max", "Dynamic"} { 843 for size := 1; size <= 64; size <<= 1 { 844 name := fmt.Sprintf("%sPacket/%dMB", mode, size) 845 b.Run(name, func(b *testing.B) { 846 b.Run("TLSv12", func(b *testing.B) { 847 throughput(b, VersionTLS12, int64(size<<20), mode == "Max") 848 }) 849 b.Run("TLSv13", func(b *testing.B) { 850 throughput(b, VersionTLS13, int64(size<<20), mode == "Max") 851 }) 852 }) 853 } 854 } 855 } 856 857 type slowConn struct { 858 net.Conn 859 bps int 860 } 861 862 func (c *slowConn) Write(p []byte) (int, error) { 863 if c.bps == 0 { 864 panic("too slow") 865 } 866 t0 := time.Now() 867 wrote := 0 868 for wrote < len(p) { 869 time.Sleep(100 * time.Microsecond) 870 allowed := int(time.Since(t0).Seconds()*float64(c.bps)) / 8 871 if allowed > len(p) { 872 allowed = len(p) 873 } 874 if wrote < allowed { 875 n, err := c.Conn.Write(p[wrote:allowed]) 876 wrote += n 877 if err != nil { 878 return wrote, err 879 } 880 } 881 } 882 return len(p), nil 883 } 884 885 func latency(b *testing.B, version uint16, bps int, dynamicRecordSizingDisabled bool) { 886 ln := newLocalListener(b) 887 defer ln.Close() 888 889 N := b.N 890 891 go func() { 892 for i := 0; i < N; i++ { 893 sconn, err := ln.Accept() 894 if err != nil { 895 // panic rather than synchronize to avoid benchmark overhead 896 // (cannot call b.Fatal in goroutine) 897 panic(fmt.Errorf("accept: %v", err)) 898 } 899 serverConfig := testConfig.Clone() 900 serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 901 srv := Server(&slowConn{sconn, bps}, serverConfig) 902 if err := srv.Handshake(); err != nil { 903 panic(fmt.Errorf("handshake: %v", err)) 904 } 905 io.Copy(srv, srv) 906 } 907 }() 908 909 clientConfig := testConfig.Clone() 910 clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled 911 clientConfig.MaxVersion = version 912 913 buf := make([]byte, 16384) 914 peek := make([]byte, 1) 915 916 for i := 0; i < N; i++ { 917 conn, err := Dial("tcp", ln.Addr().String(), clientConfig) 918 if err != nil { 919 b.Fatal(err) 920 } 921 // make sure we're connected and previous connection has stopped 922 if _, err := conn.Write(buf[:1]); err != nil { 923 b.Fatal(err) 924 } 925 if _, err := io.ReadFull(conn, peek); err != nil { 926 b.Fatal(err) 927 } 928 if _, err := conn.Write(buf); err != nil { 929 b.Fatal(err) 930 } 931 if _, err = io.ReadFull(conn, peek); err != nil { 932 b.Fatal(err) 933 } 934 conn.Close() 935 } 936 } 937 938 func BenchmarkLatency(b *testing.B) { 939 for _, mode := range []string{"Max", "Dynamic"} { 940 for _, kbps := range []int{200, 500, 1000, 2000, 5000} { 941 name := fmt.Sprintf("%sPacket/%dkbps", mode, kbps) 942 b.Run(name, func(b *testing.B) { 943 b.Run("TLSv12", func(b *testing.B) { 944 latency(b, VersionTLS12, kbps*1000, mode == "Max") 945 }) 946 b.Run("TLSv13", func(b *testing.B) { 947 latency(b, VersionTLS13, kbps*1000, mode == "Max") 948 }) 949 }) 950 } 951 } 952 } 953 954 func TestConnectionStateMarshal(t *testing.T) { 955 cs := &ConnectionState{} 956 _, err := json.Marshal(cs) 957 if err != nil { 958 t.Errorf("json.Marshal failed on ConnectionState: %v", err) 959 } 960 } 961 962 func TestConnectionState(t *testing.T) { 963 issuer, err := x509.ParseCertificate(testRSACertificateIssuer) 964 if err != nil { 965 panic(err) 966 } 967 rootCAs := x509.NewCertPool() 968 rootCAs.AddCert(issuer) 969 970 now := func() time.Time { return time.Unix(1476984729, 0) } 971 972 const alpnProtocol = "golang" 973 const serverName = "example.golang" 974 var scts = [][]byte{[]byte("dummy sct 1"), []byte("dummy sct 2")} 975 var ocsp = []byte("dummy ocsp") 976 977 for _, v := range []uint16{VersionTLS12, VersionTLS13} { 978 var name string 979 switch v { 980 case VersionTLS12: 981 name = "TLSv12" 982 case VersionTLS13: 983 name = "TLSv13" 984 } 985 t.Run(name, func(t *testing.T) { 986 config := &Config{ 987 Time: now, 988 Rand: zeroSource{}, 989 Certificates: make([]Certificate, 1), 990 MaxVersion: v, 991 RootCAs: rootCAs, 992 ClientCAs: rootCAs, 993 ClientAuth: RequireAndVerifyClientCert, 994 NextProtos: []string{alpnProtocol}, 995 ServerName: serverName, 996 } 997 config.Certificates[0].Certificate = [][]byte{testRSACertificate} 998 config.Certificates[0].PrivateKey = testRSAPrivateKey 999 config.Certificates[0].SignedCertificateTimestamps = scts 1000 config.Certificates[0].OCSPStaple = ocsp 1001 1002 ss, cs, err := testHandshake(t, config, config) 1003 if err != nil { 1004 t.Fatalf("Handshake failed: %v", err) 1005 } 1006 1007 if ss.Version != v || cs.Version != v { 1008 t.Errorf("Got versions %x (server) and %x (client), expected %x", ss.Version, cs.Version, v) 1009 } 1010 1011 if !ss.HandshakeComplete || !cs.HandshakeComplete { 1012 t.Errorf("Got HandshakeComplete %v (server) and %v (client), expected true", ss.HandshakeComplete, cs.HandshakeComplete) 1013 } 1014 1015 if ss.DidResume || cs.DidResume { 1016 t.Errorf("Got DidResume %v (server) and %v (client), expected false", ss.DidResume, cs.DidResume) 1017 } 1018 1019 if ss.CipherSuite == 0 || cs.CipherSuite == 0 { 1020 t.Errorf("Got invalid cipher suite: %v (server) and %v (client)", ss.CipherSuite, cs.CipherSuite) 1021 } 1022 1023 if ss.NegotiatedProtocol != alpnProtocol || cs.NegotiatedProtocol != alpnProtocol { 1024 t.Errorf("Got negotiated protocol %q (server) and %q (client), expected %q", ss.NegotiatedProtocol, cs.NegotiatedProtocol, alpnProtocol) 1025 } 1026 1027 if !cs.NegotiatedProtocolIsMutual { 1028 t.Errorf("Got false NegotiatedProtocolIsMutual on the client side") 1029 } 1030 // NegotiatedProtocolIsMutual on the server side is unspecified. 1031 1032 if ss.ServerName != serverName { 1033 t.Errorf("Got server name %q, expected %q", ss.ServerName, serverName) 1034 } 1035 if cs.ServerName != "" { 1036 t.Errorf("Got unexpected server name on the client side") 1037 } 1038 1039 if len(ss.PeerCertificates) != 1 || len(cs.PeerCertificates) != 1 { 1040 t.Errorf("Got %d (server) and %d (client) peer certificates, expected %d", len(ss.PeerCertificates), len(cs.PeerCertificates), 1) 1041 } 1042 1043 if len(ss.VerifiedChains) != 1 || len(cs.VerifiedChains) != 1 { 1044 t.Errorf("Got %d (server) and %d (client) verified chains, expected %d", len(ss.VerifiedChains), len(cs.VerifiedChains), 1) 1045 } else if len(ss.VerifiedChains[0]) != 2 || len(cs.VerifiedChains[0]) != 2 { 1046 t.Errorf("Got %d (server) and %d (client) long verified chain, expected %d", len(ss.VerifiedChains[0]), len(cs.VerifiedChains[0]), 2) 1047 } 1048 1049 if len(cs.SignedCertificateTimestamps) != 2 { 1050 t.Errorf("Got %d SCTs, expected %d", len(cs.SignedCertificateTimestamps), 2) 1051 } 1052 if !bytes.Equal(cs.OCSPResponse, ocsp) { 1053 t.Errorf("Got OCSPs %x, expected %x", cs.OCSPResponse, ocsp) 1054 } 1055 // Only TLS 1.3 supports OCSP and SCTs on client certs. 1056 if v == VersionTLS13 { 1057 if len(ss.SignedCertificateTimestamps) != 2 { 1058 t.Errorf("Got %d client SCTs, expected %d", len(ss.SignedCertificateTimestamps), 2) 1059 } 1060 if !bytes.Equal(ss.OCSPResponse, ocsp) { 1061 t.Errorf("Got client OCSPs %x, expected %x", ss.OCSPResponse, ocsp) 1062 } 1063 } 1064 1065 if v == VersionTLS13 { 1066 if ss.TLSUnique != nil || cs.TLSUnique != nil { 1067 t.Errorf("Got TLSUnique %x (server) and %x (client), expected nil in TLS 1.3", ss.TLSUnique, cs.TLSUnique) 1068 } 1069 } else { 1070 if ss.TLSUnique == nil || cs.TLSUnique == nil { 1071 t.Errorf("Got TLSUnique %x (server) and %x (client), expected non-nil", ss.TLSUnique, cs.TLSUnique) 1072 } 1073 } 1074 }) 1075 } 1076 } 1077 1078 // TestEscapeRoute tests that the library will still work if support for TLS 1.3 1079 // is dropped later in the Go 1.12 cycle. 1080 func TestEscapeRoute(t *testing.T) { 1081 defer func(savedSupportedVersions []uint16) { 1082 supportedVersions = savedSupportedVersions 1083 }(supportedVersions) 1084 supportedVersions = []uint16{ 1085 VersionTLS12, 1086 VersionTLS11, 1087 VersionTLS10, 1088 VersionSSL30, 1089 } 1090 1091 expectVersion(t, testConfig, testConfig, VersionTLS12) 1092 } 1093 1094 func expectVersion(t *testing.T, clientConfig, serverConfig *Config, v uint16) { 1095 ss, cs, err := testHandshake(t, clientConfig, serverConfig) 1096 if err != nil { 1097 t.Fatalf("Handshake failed: %v", err) 1098 } 1099 if ss.Version != v { 1100 t.Errorf("Server negotiated version %x, expected %x", cs.Version, v) 1101 } 1102 if cs.Version != v { 1103 t.Errorf("Client negotiated version %x, expected %x", cs.Version, v) 1104 } 1105 } 1106 1107 // TestTLS13Switch checks the behavior of GODEBUG=tls13=[0|1]. See Issue 30055. 1108 func TestTLS13Switch(t *testing.T) { 1109 defer func(savedGODEBUG string) { 1110 os.Setenv("GODEBUG", savedGODEBUG) 1111 }(os.Getenv("GODEBUG")) 1112 1113 os.Setenv("GODEBUG", "tls13=0") 1114 tls13Support.Once = sync.Once{} // reset the cache 1115 1116 tls12Config := testConfig.Clone() 1117 tls12Config.MaxVersion = VersionTLS12 1118 expectVersion(t, testConfig, testConfig, VersionTLS12) 1119 expectVersion(t, tls12Config, testConfig, VersionTLS12) 1120 expectVersion(t, testConfig, tls12Config, VersionTLS12) 1121 expectVersion(t, tls12Config, tls12Config, VersionTLS12) 1122 1123 os.Setenv("GODEBUG", "tls13=1") 1124 tls13Support.Once = sync.Once{} // reset the cache 1125 1126 expectVersion(t, testConfig, testConfig, VersionTLS13) 1127 expectVersion(t, tls12Config, testConfig, VersionTLS12) 1128 expectVersion(t, testConfig, tls12Config, VersionTLS12) 1129 expectVersion(t, tls12Config, tls12Config, VersionTLS12) 1130 } 1131 1132 // Issue 28744: Ensure that we don't modify memory 1133 // that Config doesn't own such as Certificates. 1134 func TestBuildNameToCertificate_doesntModifyCertificates(t *testing.T) { 1135 c0 := Certificate{ 1136 Certificate: [][]byte{testRSACertificate}, 1137 PrivateKey: testRSAPrivateKey, 1138 } 1139 c1 := Certificate{ 1140 Certificate: [][]byte{testSNICertificate}, 1141 PrivateKey: testRSAPrivateKey, 1142 } 1143 config := testConfig.Clone() 1144 config.Certificates = []Certificate{c0, c1} 1145 1146 config.BuildNameToCertificate() 1147 got := config.Certificates 1148 want := []Certificate{c0, c1} 1149 if !reflect.DeepEqual(got, want) { 1150 t.Fatalf("Certificates were mutated by BuildNameToCertificate\nGot: %#v\nWant: %#v\n", got, want) 1151 } 1152 }