diff --git a/.circleci/config.yml b/.circleci/config.yml index d21b6b24..94697a35 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,7 +5,13 @@ executors: - image: "circleci/golang:1.14" environment: runrace: true - + test-go115: + docker: + - image: "circleci/golang:1.15" + environment: + runrace: true + GODEBUG: x509ignoreCN=0 + jobs: "test": &test executor: test-go114 @@ -40,8 +46,12 @@ jobs: command: ginkgo -v -randomizeAllSpecs -trace integrationtests/self -- -qlog -metrics go114: <<: *test + go115: + <<: *test + executor: test-go115 workflows: workflow: jobs: - go114 + - go115 diff --git a/.travis.yml b/.travis.yml index 98add497..8340f8d2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,7 @@ language: go go: - "1.14.x" + - "1.15.x" # first part of the GOARCH workaround # setting the GOARCH directly doesn't work, since the value will be overwritten later @@ -12,6 +13,7 @@ go: env: global: - TIMESCALE_FACTOR=20 + - GODEBUG=x509ignoreCN=0 matrix: - TRAVIS_GOARCH=amd64 TESTMODE=unit - TRAVIS_GOARCH=amd64 TESTMODE=integration diff --git a/go.mod b/go.mod index 141c950d..5951e730 100644 --- a/go.mod +++ b/go.mod @@ -6,10 +6,11 @@ require ( github.com/cheekybits/genny v1.0.0 github.com/francoispqt/gojay v1.2.13 github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9 // indirect - github.com/golang/mock v1.4.0 + github.com/golang/mock v1.4.4 github.com/golang/protobuf v1.4.2 github.com/marten-seemann/qpack v0.2.0 github.com/marten-seemann/qtls v0.10.0 + github.com/marten-seemann/qtls-go1-15 v0.1.0 github.com/onsi/ginkgo v1.14.0 github.com/onsi/gomega v1.10.1 go.opencensus.io v0.22.2 diff --git a/go.sum b/go.sum index da41e68c..e54114a1 100644 --- a/go.sum +++ b/go.sum @@ -41,6 +41,8 @@ github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.4.0 h1:Rd1kQnQu0Hq3qvJppYSG0HtP+f5LPPUiDswTLiEegLg= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -85,6 +87,8 @@ github.com/marten-seemann/qpack v0.2.0 h1:/r1rhZoOmgxVKBqPNnYilZBDEyw+6OUHCbBzA5 github.com/marten-seemann/qpack v0.2.0/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= github.com/marten-seemann/qtls v0.10.0 h1:ECsuYUKalRL240rRD4Ri33ISb7kAQ3qGDlrrl55b2pc= github.com/marten-seemann/qtls v0.10.0/go.mod h1:UvMd1oaYDACI99/oZUYLzMCkBXQVT0aGm99sJhbT8hs= +github.com/marten-seemann/qtls-go1-15 v0.1.0 h1:i/YPXVxz8q9umso/5y474CNcHmTpA+5DH+mFPjx6PZg= +github.com/marten-seemann/qtls-go1-15 v0.1.0/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= diff --git a/integrationtests/self/handshake_test.go b/integrationtests/self/handshake_test.go index bacee08f..699b70a7 100644 --- a/integrationtests/self/handshake_test.go +++ b/integrationtests/self/handshake_test.go @@ -371,7 +371,6 @@ var _ = Describe("Handshake tests", func() { Expect(err).ToNot(HaveOccurred()) cs := sess.ConnectionState() Expect(cs.NegotiatedProtocol).To(Equal(alpn)) - Expect(cs.NegotiatedProtocolIsMutual).To(BeTrue()) close(done) }() @@ -384,7 +383,6 @@ var _ = Describe("Handshake tests", func() { defer sess.CloseWithError(0, "") cs := sess.ConnectionState() Expect(cs.NegotiatedProtocol).To(Equal(alpn)) - Expect(cs.NegotiatedProtocolIsMutual).To(BeTrue()) Eventually(done).Should(BeClosed()) Expect(ln.Close()).To(Succeed()) }) diff --git a/internal/qtls/interface.go b/internal/qtls/go114.go similarity index 99% rename from internal/qtls/interface.go rename to internal/qtls/go114.go index e0f3747f..79ad6f0b 100644 --- a/internal/qtls/interface.go +++ b/internal/qtls/go114.go @@ -1,3 +1,5 @@ +// +build !go1.15 + package qtls import ( diff --git a/internal/qtls/go114_test.go b/internal/qtls/go114_test.go new file mode 100644 index 00000000..8942a988 --- /dev/null +++ b/internal/qtls/go114_test.go @@ -0,0 +1,19 @@ +// +build !go1.15 + +package qtls + +import ( + "crypto/tls" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("qtls wrapper", func() { + It("gets cipher suites", func() { + for _, id := range []uint16{tls.TLS_AES_128_GCM_SHA256, tls.TLS_AES_256_GCM_SHA384, tls.TLS_CHACHA20_POLY1305_SHA256} { + cs := CipherSuiteTLS13ByID(id) + Expect(cs.ID).To(Equal(id)) + } + }) +}) diff --git a/internal/qtls/go115.go b/internal/qtls/go115.go new file mode 100644 index 00000000..a64728c7 --- /dev/null +++ b/internal/qtls/go115.go @@ -0,0 +1,108 @@ +// +build go1.15 + +package qtls + +import ( + "crypto" + "crypto/cipher" + "net" + "unsafe" + + qtls "github.com/marten-seemann/qtls-go1-15" +) + +type ( + // Alert is a TLS alert + Alert = qtls.Alert + // A Certificate is qtls.Certificate. + Certificate = qtls.Certificate + // CertificateRequestInfo contains inforamtion about a certificate request. + CertificateRequestInfo = qtls.CertificateRequestInfo + // A CipherSuiteTLS13 is a cipher suite for TLS 1.3 + CipherSuiteTLS13 = qtls.CipherSuiteTLS13 + // ClientHelloInfo contains information about a ClientHello. + ClientHelloInfo = qtls.ClientHelloInfo + // ClientSessionCache is a cache used for session resumption. + ClientSessionCache = qtls.ClientSessionCache + // ClientSessionState is a state needed for session resumption. + ClientSessionState = qtls.ClientSessionState + // A Config is a qtls.Config. + Config = qtls.Config + // A Conn is a qtls.Conn. + Conn = qtls.Conn + // ConnectionState contains information about the state of the connection. + ConnectionState = qtls.ConnectionStateWith0RTT + // EncryptionLevel is the encryption level of a message. + EncryptionLevel = qtls.EncryptionLevel + // Extension is a TLS extension + Extension = qtls.Extension + // ExtraConfig is the qtls.ExtraConfig + ExtraConfig = qtls.ExtraConfig + // RecordLayer is a qtls RecordLayer. + RecordLayer = qtls.RecordLayer +) + +const ( + // EncryptionHandshake is the Handshake encryption level + EncryptionHandshake = qtls.EncryptionHandshake + // Encryption0RTT is the 0-RTT encryption level + Encryption0RTT = qtls.Encryption0RTT + // EncryptionApplication is the application data encryption level + EncryptionApplication = qtls.EncryptionApplication +) + +// CipherSuiteName gets the name of a cipher suite. +func CipherSuiteName(id uint16) string { + return qtls.CipherSuiteName(id) +} + +// HkdfExtract generates a pseudorandom key for use with Expand from an input secret and an optional independent salt. +func HkdfExtract(hash crypto.Hash, newSecret, currentSecret []byte) []byte { + return qtls.HkdfExtract(hash, newSecret, currentSecret) +} + +// HkdfExpandLabel HKDF expands a label +func HkdfExpandLabel(hash crypto.Hash, secret, hashValue []byte, label string, L int) []byte { + return qtls.HkdfExpandLabel(hash, secret, hashValue, label, L) +} + +// AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3 +func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD { + return qtls.AEADAESGCMTLS13(key, fixedNonce) +} + +// Client returns a new TLS client side connection. +func Client(conn net.Conn, config *Config, extraConfig *ExtraConfig) *Conn { + return qtls.Client(conn, config, extraConfig) +} + +// Server returns a new TLS server side connection. +func Server(conn net.Conn, config *Config, extraConfig *ExtraConfig) *Conn { + return qtls.Server(conn, config, extraConfig) +} + +func GetConnectionState(conn *Conn) ConnectionState { + return conn.ConnectionStateWith0RTT() +} + +type cipherSuiteTLS13 struct { + ID uint16 + KeyLen int + AEAD func(key, fixedNonce []byte) cipher.AEAD + Hash crypto.Hash +} + +//go:linkname cipherSuiteTLS13ByID github.com/marten-seemann/qtls-go1-15.cipherSuiteTLS13ByID +func cipherSuiteTLS13ByID(id uint16) *cipherSuiteTLS13 + +// CipherSuiteTLS13ByID gets a TLS 1.3 cipher suite. +func CipherSuiteTLS13ByID(id uint16) *CipherSuiteTLS13 { + val := cipherSuiteTLS13ByID(id) + cs := (*cipherSuiteTLS13)(unsafe.Pointer(val)) + return &qtls.CipherSuiteTLS13{ + ID: cs.ID, + KeyLen: cs.KeyLen, + AEAD: cs.AEAD, + Hash: cs.Hash, + } +} diff --git a/internal/qtls/go115_test.go b/internal/qtls/go115_test.go new file mode 100644 index 00000000..d5abc550 --- /dev/null +++ b/internal/qtls/go115_test.go @@ -0,0 +1,19 @@ +// +build go1.15 + +package qtls + +import ( + "crypto/tls" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("qtls wrapper", func() { + It("gets cipher suites", func() { + for _, id := range []uint16{tls.TLS_AES_128_GCM_SHA256, tls.TLS_AES_256_GCM_SHA384, tls.TLS_CHACHA20_POLY1305_SHA256} { + cs := CipherSuiteTLS13ByID(id) + Expect(cs.ID).To(Equal(id)) + } + }) +}) diff --git a/internal/qtls/qtls.go b/internal/qtls/qtls.go index c281c37e..b42b43fa 100644 --- a/internal/qtls/qtls.go +++ b/internal/qtls/qtls.go @@ -1,3 +1,5 @@ +// +build !go1.15 + package qtls // This package uses unsafe to convert between: diff --git a/internal/qtls/qtls_test.go b/internal/qtls/qtls_test.go index 0bdd4052..90b97c39 100644 --- a/internal/qtls/qtls_test.go +++ b/internal/qtls/qtls_test.go @@ -1,3 +1,5 @@ +// +build !go1.15 + package qtls import ( diff --git a/internal/qtls/structs_equal.go b/internal/qtls/structs_equal.go index 7df0423a..dd846372 100644 --- a/internal/qtls/structs_equal.go +++ b/internal/qtls/structs_equal.go @@ -1,3 +1,5 @@ +// +build !go1.15 + package qtls import "reflect" diff --git a/internal/qtls/structs_equal_test.go b/internal/qtls/structs_equal_test.go index 2a2f46c2..ec570afb 100644 --- a/internal/qtls/structs_equal_test.go +++ b/internal/qtls/structs_equal_test.go @@ -1,3 +1,5 @@ +// +build !go1.15 + package qtls import (