diff --git a/.circleci/config.yml b/.circleci/config.yml index 442f0e92..6b9ab14d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,19 +1,19 @@ version: 2.1 executors: - test-go114: - docker: - - image: "circleci/golang:1.14" - environment: - runrace: true test-go115: docker: - image: "circleci/golang:1.15" environment: runrace: true + test-go116: + docker: + - image: "circleci/golang:1.16" + environment: + runrace: true jobs: "test": &test - executor: test-go114 + executor: test-go115 working_directory: /go/src/github.com/lucas-clemente/quic-go steps: - checkout @@ -43,14 +43,14 @@ jobs: - run: name: "Run self integration tests with qlog" command: ginkgo -v -randomizeAllSpecs -trace integrationtests/self -- -qlog - go114: - <<: *test go115: <<: *test - executor: test-go115 + go116: + <<: *test + executor: test-go116 workflows: workflow: jobs: - - go114 - go115 + - go116 diff --git a/.github/workflows/cross-compile.yml b/.github/workflows/cross-compile.yml index f8c2eb7d..7905f37c 100644 --- a/.github/workflows/cross-compile.yml +++ b/.github/workflows/cross-compile.yml @@ -4,7 +4,7 @@ jobs: strategy: fail-fast: false matrix: - go: [ "1.14.x", "1.15.x", "1.16.0-rc1" ] + go: [ "1.15.x", "1.16.x" ] runs-on: ubuntu-latest name: "Cross Compilation (Go ${{matrix.go}})" steps: diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 0b5eb5bb..116a3548 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -5,9 +5,9 @@ jobs: strategy: fail-fast: false matrix: - go: [ "1.14.x", "1.15.x", "1.16.0-rc1" ] + go: [ "1.15.x", "1.16.x" ] runs-on: ubuntu-latest - name: Integration Tests, Go ${{ matrix.go }}) + name: Integration Tests (Go ${{ matrix.go }}) steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v2 diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 860626de..cf8c4047 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -7,7 +7,7 @@ jobs: fail-fast: false matrix: os: [ "ubuntu", "windows", "macos" ] - go: [ "1.14.x", "1.15.x", "1.16.0-rc1" ] + go: [ "1.15.x", "1.16.x" ] runs-on: ${{ matrix.os }}-latest name: Unit tests (${{ matrix.os}}, Go ${{ matrix.go }}) steps: diff --git a/.golangci.yml b/.golangci.yml index 089f935d..381ba3bf 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,7 +1,6 @@ run: skip-files: - - internal/handshake/client_session_state.go - - internal/handshake/unsafe_test.go + - internal/qtls/structs_equal_test.go linters-settings: depguard: diff --git a/go.mod b/go.mod index 226d91e1..bdb16756 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,8 @@ require ( github.com/francoispqt/gojay v1.2.13 github.com/golang/mock v1.4.4 github.com/marten-seemann/qpack v0.2.1 - github.com/marten-seemann/qtls v0.10.0 github.com/marten-seemann/qtls-go1-15 v0.1.1 - github.com/marten-seemann/qtls-go1-16 v0.1.0-rc.1 + github.com/marten-seemann/qtls-go1-16 v0.1.0 github.com/onsi/ginkgo v1.14.0 github.com/onsi/gomega v1.10.1 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 diff --git a/go.sum b/go.sum index 9f529be6..27ced0d5 100644 --- a/go.sum +++ b/go.sum @@ -35,8 +35,6 @@ github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200j github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.4.0 h1:Rd1kQnQu0Hq3qvJppYSG0HtP+f5LPPUiDswTLiEegLg= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -81,12 +79,10 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= -github.com/marten-seemann/qtls v0.10.0 h1:ECsuYUKalRL240rRD4Ri33ISb7kAQ3qGDlrrl55b2pc= -github.com/marten-seemann/qtls v0.10.0/go.mod h1:UvMd1oaYDACI99/oZUYLzMCkBXQVT0aGm99sJhbT8hs= github.com/marten-seemann/qtls-go1-15 v0.1.1 h1:LIH6K34bPVttyXnUWixk0bzH6/N07VxbSabxn5A5gZQ= github.com/marten-seemann/qtls-go1-15 v0.1.1/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= -github.com/marten-seemann/qtls-go1-16 v0.1.0-rc.1 h1:JCvEgXNTQjxa+vxOx5c8e84iRttJvyt+7Jo7GLgR7KI= -github.com/marten-seemann/qtls-go1-16 v0.1.0-rc.1/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= +github.com/marten-seemann/qtls-go1-16 v0.1.0 h1:g7GDnhM8kkJRX6oGDLt+fjEkmKS+f6wdLkFSFdxwRp0= +github.com/marten-seemann/qtls-go1-16 v0.1.0/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= @@ -200,7 +196,6 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201231184435-2d18734c6014 h1:joucsQqXmyBVxViHCPFjG3hx8JzIFSaym3l3MM/Jsdg= golang.org/x/sys v0.0.0-20201231184435-2d18734c6014/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2 h1:z99zHgr7hKfrUcX/KsoJk5FJfjTceCKIp96+biqP4To= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -258,7 +253,5 @@ grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJd honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/internal/qtls/go114.go b/internal/qtls/go114.go deleted file mode 100644 index 9b96551a..00000000 --- a/internal/qtls/go114.go +++ /dev/null @@ -1,186 +0,0 @@ -// +build !go1.15 -// +build !go1.16 - -package qtls - -import ( - "crypto" - "crypto/cipher" - "crypto/tls" - "net" - "unsafe" - - "github.com/marten-seemann/qtls" -) - -type ( - // Alert is a TLS alert - Alert = qtls.Alert - // A Certificate is qtls.Certificate. - Certificate = qtls.Certificate - // CertificateRequestInfo contains inforamtion about a certificate request. - CertificateRequestInfo = qtls.CertificateRequestInfo - // A CipherSuiteTLS13 is a cipher suite for TLS 1.3 - CipherSuiteTLS13 = qtls.CipherSuiteTLS13 - // ClientHelloInfo contains information about a ClientHello. - ClientHelloInfo = qtls.ClientHelloInfo - // ClientSessionCache is a cache used for session resumption. - ClientSessionCache = qtls.ClientSessionCache - // ClientSessionState is a state needed for session resumption. - ClientSessionState = qtls.ClientSessionState - // A Config is a qtls.Config. - Config = qtls.Config - // A Conn is a qtls.Conn. - Conn = qtls.Conn - // ConnectionState contains information about the state of the connection. - ConnectionState = qtls.ConnectionState - // EncryptionLevel is the encryption level of a message. - EncryptionLevel = qtls.EncryptionLevel - // Extension is a TLS extension - Extension = qtls.Extension - // RecordLayer is a qtls RecordLayer. - RecordLayer = qtls.RecordLayer -) - -type ExtraConfig struct { - // GetExtensions, if not nil, is called before a message that allows - // sending of extensions is sent. - // Currently only implemented for the ClientHello message (for the client) - // and for the EncryptedExtensions message (for the server). - // Only valid for TLS 1.3. - GetExtensions func(handshakeMessageType uint8) []Extension - - // ReceivedExtensions, if not nil, is called when a message that allows the - // inclusion of extensions is received. - // It is called with an empty slice of extensions, if the message didn't - // contain any extensions. - // Currently only implemented for the ClientHello message (sent by the - // client) and for the EncryptedExtensions message (sent by the server). - // Only valid for TLS 1.3. - ReceivedExtensions func(handshakeMessageType uint8, exts []Extension) - - // AlternativeRecordLayer is used by QUIC - AlternativeRecordLayer RecordLayer - - // Enforce the selection of a supported application protocol. - // Only works for TLS 1.3. - // If enabled, client and server have to agree on an application protocol. - // Otherwise, connection establishment fails. - EnforceNextProtoSelection bool - - // If MaxEarlyData is greater than 0, the client will be allowed to send early - // data when resuming a session. - // Requires the AlternativeRecordLayer to be set. - // - // It has no meaning on the client. - MaxEarlyData uint32 - - // The Accept0RTT callback is called when the client offers 0-RTT. - // The server then has to decide if it wants to accept or reject 0-RTT. - // It is only used for servers. - Accept0RTT func(appData []byte) bool - - // 0RTTRejected is called when the server rejectes 0-RTT. - // It is only used for clients. - Rejected0RTT func() - - // If set, the client will export the 0-RTT key when resuming a session that - // allows sending of early data. - // Requires the AlternativeRecordLayer to be set. - // - // It has no meaning to the server. - Enable0RTT bool - - // Is called when the client saves a session ticket to the session ticket. - // This gives the application the opportunity to save some data along with the ticket, - // which can be restored when the session ticket is used. - GetAppDataForSessionState func() []byte - - // Is called when the client uses a session ticket. - // Restores the application data that was saved earlier on GetAppDataForSessionTicket. - SetAppDataFromSessionState func([]byte) -} - -const ( - // EncryptionHandshake is the Handshake encryption level - EncryptionHandshake = qtls.EncryptionHandshake - // Encryption0RTT is the 0-RTT encryption level - Encryption0RTT = qtls.Encryption0RTT - // EncryptionApplication is the application data encryption level - EncryptionApplication = qtls.EncryptionApplication -) - -// CipherSuiteName gets the name of a cipher suite. -func CipherSuiteName(id uint16) string { - return qtls.CipherSuiteName(id) -} - -// HkdfExtract generates a pseudorandom key for use with Expand from an input secret and an optional independent salt. -func HkdfExtract(hash crypto.Hash, newSecret, currentSecret []byte) []byte { - return qtls.HkdfExtract(hash, newSecret, currentSecret) -} - -// HkdfExpandLabel HKDF expands a label -func HkdfExpandLabel(hash crypto.Hash, secret, hashValue []byte, label string, L int) []byte { - return qtls.HkdfExpandLabel(hash, secret, hashValue, label, L) -} - -// AEADAESGCMTLS13 creates a new AES-GCM AEAD for TLS 1.3 -func AEADAESGCMTLS13(key, fixedNonce []byte) cipher.AEAD { - return qtls.AEADAESGCMTLS13(key, fixedNonce) -} - -// Client returns a new TLS client side connection. -func Client(conn net.Conn, config *tls.Config, extraConfig *ExtraConfig) *Conn { - return qtls.Client(conn, tlsConfigToQtlsConfig(config, extraConfig)) -} - -// Server returns a new TLS server side connection. -func Server(conn net.Conn, config *tls.Config, extraConfig *ExtraConfig) *Conn { - return qtls.Server(conn, tlsConfigToQtlsConfig(config, extraConfig)) -} - -func GetConnectionState(conn *Conn) ConnectionState { - return conn.ConnectionState() -} - -// ToTLSConnectionState extracts the tls.ConnectionState -// Warning: Calling ExportKeyingMaterial won't work. -func ToTLSConnectionState(cs ConnectionState) tls.ConnectionState { - return tls.ConnectionState{ - Version: cs.Version, - HandshakeComplete: cs.HandshakeComplete, - DidResume: cs.DidResume, - CipherSuite: cs.CipherSuite, - NegotiatedProtocol: cs.NegotiatedProtocol, - NegotiatedProtocolIsMutual: cs.NegotiatedProtocolIsMutual, - ServerName: cs.ServerName, - PeerCertificates: cs.PeerCertificates, - VerifiedChains: cs.VerifiedChains, - SignedCertificateTimestamps: cs.SignedCertificateTimestamps, - OCSPResponse: cs.OCSPResponse, - TLSUnique: cs.TLSUnique, - } -} - -type cipherSuiteTLS13 struct { - ID uint16 - KeyLen int - AEAD func(key, fixedNonce []byte) cipher.AEAD - Hash crypto.Hash -} - -//go:linkname cipherSuiteTLS13ByID github.com/marten-seemann/qtls.cipherSuiteTLS13ByID -func cipherSuiteTLS13ByID(id uint16) *cipherSuiteTLS13 - -// CipherSuiteTLS13ByID gets a TLS 1.3 cipher suite. -func CipherSuiteTLS13ByID(id uint16) *CipherSuiteTLS13 { - val := cipherSuiteTLS13ByID(id) - cs := (*cipherSuiteTLS13)(unsafe.Pointer(val)) - return &qtls.CipherSuiteTLS13{ - ID: cs.ID, - KeyLen: cs.KeyLen, - AEAD: cs.AEAD, - Hash: cs.Hash, - } -} diff --git a/internal/qtls/go114_test.go b/internal/qtls/go114_test.go deleted file mode 100644 index 6f8616f6..00000000 --- a/internal/qtls/go114_test.go +++ /dev/null @@ -1,20 +0,0 @@ -// +build !go1.15 -// +build !go1.16 - -package qtls - -import ( - "crypto/tls" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("qtls wrapper", func() { - It("gets cipher suites", func() { - for _, id := range []uint16{tls.TLS_AES_128_GCM_SHA256, tls.TLS_AES_256_GCM_SHA384, tls.TLS_CHACHA20_POLY1305_SHA256} { - cs := CipherSuiteTLS13ByID(id) - Expect(cs.ID).To(Equal(id)) - } - }) -}) diff --git a/internal/qtls/qtls.go b/internal/qtls/qtls.go deleted file mode 100644 index b42b43fa..00000000 --- a/internal/qtls/qtls.go +++ /dev/null @@ -1,216 +0,0 @@ -// +build !go1.15 - -package qtls - -// This package uses unsafe to convert between: -// * Certificate and tls.Certificate -// * CertificateRequestInfo and tls.CertificateRequestInfo -// * ClientHelloInfo and tls.ClientHelloInfo -// * ConnectionState and tls.ConnectionState -// * ClientSessionState and tls.ClientSessionState -// We check in init() that this conversion actually is safe. - -import ( - "crypto/tls" - "net" - "unsafe" -) - -func init() { - if !structsEqual(&tls.Certificate{}, &Certificate{}) { - panic("Certificate not compatible with tls.Certificate") - } - if !structsEqual(&tls.CertificateRequestInfo{}, &CertificateRequestInfo{}) { - panic("CertificateRequestInfo not compatible with tls.CertificateRequestInfo") - } - if !structsEqual(&tls.ClientSessionState{}, &ClientSessionState{}) { - panic("ClientSessionState not compatible with tls.ClientSessionState") - } - if !structsEqual(&tls.ClientHelloInfo{}, &clientHelloInfo{}) { - panic("clientHelloInfo not compatible with tls.ClientHelloInfo") - } - if !structsEqual(&ClientHelloInfo{}, &qtlsClientHelloInfo{}) { - panic("qtlsClientHelloInfo not compatible with ClientHelloInfo") - } -} - -func tlsConfigToQtlsConfig(c *tls.Config, ec *ExtraConfig) *Config { - if c == nil { - c = &tls.Config{} - } - if ec == nil { - ec = &ExtraConfig{} - } - // Clone the config first. This executes the tls.Config.serverInit(). - // This sets the SessionTicketKey, if the user didn't supply one. - c = c.Clone() - // QUIC requires TLS 1.3 or newer - minVersion := c.MinVersion - if minVersion < tls.VersionTLS13 { - minVersion = tls.VersionTLS13 - } - maxVersion := c.MaxVersion - if maxVersion < tls.VersionTLS13 { - maxVersion = tls.VersionTLS13 - } - var getConfigForClient func(ch *ClientHelloInfo) (*Config, error) - if c.GetConfigForClient != nil { - getConfigForClient = func(ch *ClientHelloInfo) (*Config, error) { - tlsConf, err := c.GetConfigForClient(toTLSClientHelloInfo(ch)) - if err != nil { - return nil, err - } - if tlsConf == nil { - return nil, nil - } - return tlsConfigToQtlsConfig(tlsConf, ec), nil - } - } - var getCertificate func(ch *ClientHelloInfo) (*Certificate, error) - if c.GetCertificate != nil { - getCertificate = func(ch *ClientHelloInfo) (*Certificate, error) { - cert, err := c.GetCertificate(toTLSClientHelloInfo(ch)) - if err != nil { - return nil, err - } - if cert == nil { - return nil, nil - } - return (*Certificate)(cert), nil - } - } - var csc ClientSessionCache - if c.ClientSessionCache != nil { - csc = &clientSessionCache{c.ClientSessionCache} - } - conf := &Config{ - Rand: c.Rand, - Time: c.Time, - Certificates: *(*[]Certificate)(unsafe.Pointer(&c.Certificates)), - //nolint:staticcheck // NameToCertificate is deprecated, but we still need to copy it if the user sets it. - NameToCertificate: *(*map[string]*Certificate)(unsafe.Pointer(&c.NameToCertificate)), - GetCertificate: getCertificate, - GetClientCertificate: *(*func(*CertificateRequestInfo) (*Certificate, error))(unsafe.Pointer(&c.GetClientCertificate)), - GetConfigForClient: getConfigForClient, - VerifyPeerCertificate: c.VerifyPeerCertificate, - RootCAs: c.RootCAs, - NextProtos: c.NextProtos, - EnforceNextProtoSelection: true, - ServerName: c.ServerName, - ClientAuth: c.ClientAuth, - ClientCAs: c.ClientCAs, - InsecureSkipVerify: c.InsecureSkipVerify, - CipherSuites: c.CipherSuites, - PreferServerCipherSuites: c.PreferServerCipherSuites, - SessionTicketsDisabled: c.SessionTicketsDisabled, - //nolint:staticcheck // SessionTicketKey is deprecated, but we still need to copy it if the user sets it. - SessionTicketKey: c.SessionTicketKey, - ClientSessionCache: csc, - MinVersion: minVersion, - MaxVersion: maxVersion, - CurvePreferences: c.CurvePreferences, - DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled, - // no need to copy Renegotiation, it's not supported by TLS 1.3 - KeyLogWriter: c.KeyLogWriter, - AlternativeRecordLayer: ec.AlternativeRecordLayer, - GetExtensions: ec.GetExtensions, - ReceivedExtensions: ec.ReceivedExtensions, - Accept0RTT: ec.Accept0RTT, - Rejected0RTT: ec.Rejected0RTT, - GetAppDataForSessionState: ec.GetAppDataForSessionState, - SetAppDataFromSessionState: ec.SetAppDataFromSessionState, - Enable0RTT: ec.Enable0RTT, - MaxEarlyData: ec.MaxEarlyData, - } - return conf -} - -type clientSessionCache struct { - tls.ClientSessionCache -} - -var _ ClientSessionCache = &clientSessionCache{} - -func (c *clientSessionCache) Get(sessionKey string) (*ClientSessionState, bool) { - sess, ok := c.ClientSessionCache.Get(sessionKey) - if sess == nil { - return nil, ok - } - // ClientSessionState is identical to the tls.ClientSessionState. - // In order to allow users of quic-go to use a tls.Config, - // we need this workaround to use the ClientSessionCache. - // In unsafe.go we check that the two structs are actually identical. - return (*ClientSessionState)(unsafe.Pointer(sess)), ok -} - -func (c *clientSessionCache) Put(sessionKey string, cs *ClientSessionState) { - if cs == nil { - c.ClientSessionCache.Put(sessionKey, nil) - return - } - // ClientSessionState is identical to the tls.ClientSessionState. - // In order to allow users of quic-go to use a tls.Config, - // we need this workaround to use the ClientSessionCache. - // In unsafe.go we check that the two structs are actually identical. - c.ClientSessionCache.Put(sessionKey, (*tls.ClientSessionState)(unsafe.Pointer(cs))) -} - -type clientHelloInfo struct { - CipherSuites []uint16 - ServerName string - SupportedCurves []tls.CurveID - SupportedPoints []uint8 - SignatureSchemes []tls.SignatureScheme - SupportedProtos []string - SupportedVersions []uint16 - Conn net.Conn - - config *tls.Config -} - -type qtlsClientHelloInfo struct { - CipherSuites []uint16 - ServerName string - SupportedCurves []tls.CurveID - SupportedPoints []uint8 - SignatureSchemes []tls.SignatureScheme - SupportedProtos []string - SupportedVersions []uint16 - Conn net.Conn - - config *Config -} - -func toTLSClientHelloInfo(chi *ClientHelloInfo) *tls.ClientHelloInfo { - if chi == nil { - return nil - } - qtlsCHI := (*qtlsClientHelloInfo)(unsafe.Pointer(chi)) - var config *tls.Config - if qtlsCHI.config != nil { - config = qtlsConfigToTLSConfig(qtlsCHI.config) - } - return (*tls.ClientHelloInfo)(unsafe.Pointer(&clientHelloInfo{ - CipherSuites: chi.CipherSuites, - ServerName: chi.ServerName, - SupportedCurves: chi.SupportedCurves, - SupportedPoints: chi.SupportedPoints, - SignatureSchemes: chi.SignatureSchemes, - SupportedProtos: chi.SupportedProtos, - SupportedVersions: chi.SupportedVersions, - Conn: chi.Conn, - config: config, - })) -} - -// qtlsConfigToTLSConfig is used to transform a Config to a tls.Config. -// It is used to create the tls.Config in the ClientHelloInfo. -// It doesn't copy all values, but only those used by ClientHelloInfo.SupportsCertificate. -func qtlsConfigToTLSConfig(config *Config) *tls.Config { - return &tls.Config{ - MinVersion: config.MinVersion, - MaxVersion: config.MaxVersion, - CipherSuites: config.CipherSuites, - CurvePreferences: config.CurvePreferences, - } -} diff --git a/internal/qtls/qtls_test.go b/internal/qtls/qtls_test.go deleted file mode 100644 index 90b97c39..00000000 --- a/internal/qtls/qtls_test.go +++ /dev/null @@ -1,229 +0,0 @@ -// +build !go1.15 - -package qtls - -import ( - "crypto/tls" - "errors" - "net" - "unsafe" - - mocktls "github.com/lucas-clemente/quic-go/internal/mocks/tls" - - "github.com/marten-seemann/qtls" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Config", func() { - It("sets MinVersion and MaxVersion", func() { - tlsConf := &tls.Config{MinVersion: tls.VersionTLS11, MaxVersion: tls.VersionTLS12} - qtlsConf := tlsConfigToQtlsConfig(tlsConf, nil) - Expect(qtlsConf.MinVersion).To(BeEquivalentTo(tls.VersionTLS13)) - Expect(qtlsConf.MaxVersion).To(BeEquivalentTo(tls.VersionTLS13)) - }) - - It("works when called with a nil config", func() { - qtlsConf := tlsConfigToQtlsConfig(nil, nil) - Expect(qtlsConf).ToNot(BeNil()) - }) - - It("sets the setter and getter function for TLS extensions", func() { - var get, received bool - extraConfig := &ExtraConfig{ - GetExtensions: func(handshakeMessageType uint8) []Extension { get = true; return nil }, - ReceivedExtensions: func(handshakeMessageType uint8, exts []qtls.Extension) { received = true }, - } - qtlsConf := tlsConfigToQtlsConfig(&tls.Config{}, extraConfig) - qtlsConf.GetExtensions(10) - Expect(get).To(BeTrue()) - Expect(received).To(BeFalse()) - qtlsConf.ReceivedExtensions(10, nil) - Expect(received).To(BeTrue()) - }) - - It("sets the Accept0RTT callback", func() { - qtlsConf := tlsConfigToQtlsConfig(nil, &ExtraConfig{Accept0RTT: func([]byte) bool { return true }}) - Expect(qtlsConf.Accept0RTT).ToNot(BeNil()) - Expect(qtlsConf.Accept0RTT(nil)).To(BeTrue()) - }) - - It("sets the Rejected0RTT callback", func() { - var called bool - qtlsConf := tlsConfigToQtlsConfig(nil, &ExtraConfig{Rejected0RTT: func() { called = true }}) - Expect(qtlsConf.Rejected0RTT).ToNot(BeNil()) - qtlsConf.Rejected0RTT() - Expect(called).To(BeTrue()) - }) - - It("sets MaxEarlyData", func() { - qtlsConf := tlsConfigToQtlsConfig(nil, nil) - Expect(qtlsConf.MaxEarlyData).To(BeZero()) - qtlsConf = tlsConfigToQtlsConfig(nil, &ExtraConfig{MaxEarlyData: 1337}) - Expect(qtlsConf.MaxEarlyData).To(Equal(uint32(1337))) - }) - - It("enables 0-RTT", func() { - qtlsConf := tlsConfigToQtlsConfig(nil, nil) - Expect(qtlsConf.Enable0RTT).To(BeFalse()) - qtlsConf = tlsConfigToQtlsConfig(nil, &ExtraConfig{Enable0RTT: true}) - Expect(qtlsConf.Enable0RTT).To(BeTrue()) - }) - - It("initializes such that the session ticket key remains constant", func() { - tlsConf := &tls.Config{} - qtlsConf1 := tlsConfigToQtlsConfig(tlsConf, nil) - qtlsConf2 := tlsConfigToQtlsConfig(tlsConf, nil) - Expect(qtlsConf1.SessionTicketKey).ToNot(BeZero()) // should now contain a random value - Expect(qtlsConf1.SessionTicketKey).To(Equal(qtlsConf2.SessionTicketKey)) - }) - - Context("GetConfigForClient callback", func() { - It("doesn't set it if absent", func() { - qtlsConf := tlsConfigToQtlsConfig(nil, nil) - Expect(qtlsConf.GetConfigForClient).To(BeNil()) - }) - - It("returns a Config", func() { - tlsConf := &tls.Config{ - GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) { - return &tls.Config{ServerName: "foo.bar"}, nil - }, - } - var received bool - qtlsConf := tlsConfigToQtlsConfig(tlsConf, &ExtraConfig{ReceivedExtensions: func(uint8, []Extension) { received = true }}) - Expect(qtlsConf.GetConfigForClient).ToNot(BeNil()) - confForClient, err := qtlsConf.GetConfigForClient(nil) - Expect(err).ToNot(HaveOccurred()) - Expect(confForClient.ServerName).To(Equal("foo.bar")) - Expect(confForClient).ToNot(BeNil()) - Expect(confForClient.MinVersion).To(BeEquivalentTo(tls.VersionTLS13)) - Expect(confForClient.MaxVersion).To(BeEquivalentTo(tls.VersionTLS13)) - Expect(received).To(BeFalse()) - Expect(confForClient.ReceivedExtensions).ToNot(BeNil()) - confForClient.ReceivedExtensions(10, nil) - Expect(received).To(BeTrue()) - }) - - It("returns errors", func() { - testErr := errors.New("test") - tlsConf := &tls.Config{ - GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) { - return nil, testErr - }, - } - qtlsConf := tlsConfigToQtlsConfig(tlsConf, nil) - _, err := qtlsConf.GetConfigForClient(nil) - Expect(err).To(MatchError(testErr)) - }) - - It("returns nil when the callback returns nil", func() { - tlsConf := &tls.Config{ - GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) { - return nil, nil - }, - } - qtlsConf := tlsConfigToQtlsConfig(tlsConf, nil) - Expect(qtlsConf.GetConfigForClient(nil)).To(BeNil()) - }) - }) - - Context("GetCertificate callback", func() { - It("returns a certificate", func() { - tlsConf := &tls.Config{ - GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { - return &tls.Certificate{Certificate: [][]byte{[]byte("foo"), []byte("bar")}}, nil - }, - } - qtlsConf := tlsConfigToQtlsConfig(tlsConf, nil) - qtlsCert, err := qtlsConf.GetCertificate(nil) - Expect(err).ToNot(HaveOccurred()) - Expect(qtlsCert).ToNot(BeNil()) - Expect(qtlsCert.Certificate).To(Equal([][]byte{[]byte("foo"), []byte("bar")})) - }) - - It("doesn't set it if absent", func() { - qtlsConf := tlsConfigToQtlsConfig(&tls.Config{}, nil) - Expect(qtlsConf.GetCertificate).To(BeNil()) - }) - - It("returns errors", func() { - tlsConf := &tls.Config{ - GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { - return nil, errors.New("test") - }, - } - qtlsConf := tlsConfigToQtlsConfig(tlsConf, nil) - _, err := qtlsConf.GetCertificate(nil) - Expect(err).To(MatchError("test")) - }) - - It("returns nil when the callback returns nil", func() { - tlsConf := &tls.Config{ - GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) { - return nil, nil - }, - } - qtlsConf := tlsConfigToQtlsConfig(tlsConf, nil) - Expect(qtlsConf.GetCertificate(nil)).To(BeNil()) - }) - }) - - Context("ClientSessionCache", func() { - It("doesn't set if absent", func() { - qtlsConf := tlsConfigToQtlsConfig(&tls.Config{}, nil) - Expect(qtlsConf.ClientSessionCache).To(BeNil()) - }) - - It("puts a nil session state", func() { - csc := mocktls.NewMockClientSessionCache(mockCtrl) - tlsConf := &tls.Config{ClientSessionCache: csc} - qtlsConf := tlsConfigToQtlsConfig(tlsConf, nil) - // put something - csc.EXPECT().Put("foobar", nil) - qtlsConf.ClientSessionCache.Put("foobar", nil) - }) - }) -}) - -var _ = Describe("Config generation", func() { - It("converts a ClientHelloInfo to a tls.ClientHelloInfo", func() { - chi := &qtlsClientHelloInfo{ - CipherSuites: []uint16{1, 2, 3}, - ServerName: "foo.bar", - SupportedCurves: []tls.CurveID{4, 5, 6}, - SupportedPoints: []uint8{7, 8, 9}, - SignatureSchemes: []tls.SignatureScheme{10, 11, 12}, - SupportedProtos: []string{"foo", "bar"}, - SupportedVersions: []uint16{13, 14, 15}, - Conn: &net.UDPConn{}, - config: &Config{ - MinVersion: tls.VersionTLS10, - MaxVersion: tls.VersionTLS12, - CipherSuites: []uint16{16, 17, 18}, - CurvePreferences: []tls.CurveID{19, 20, 21}, - }, - } - tlsCHI := toTLSClientHelloInfo((*ClientHelloInfo)(unsafe.Pointer(chi))) - Expect(tlsCHI.CipherSuites).To(Equal([]uint16{1, 2, 3})) - Expect(tlsCHI.ServerName).To(Equal("foo.bar")) - Expect(tlsCHI.SupportedCurves).To(Equal([]tls.CurveID{4, 5, 6})) - Expect(tlsCHI.SupportedPoints).To(Equal([]uint8{7, 8, 9})) - Expect(tlsCHI.SignatureSchemes).To(Equal([]tls.SignatureScheme{10, 11, 12})) - Expect(tlsCHI.SupportedProtos).To(Equal([]string{"foo", "bar"})) - Expect(tlsCHI.SupportedVersions).To(Equal([]uint16{13, 14, 15})) - Expect(tlsCHI.Conn).To(Equal(&net.UDPConn{})) - c := (*clientHelloInfo)(unsafe.Pointer(tlsCHI)) - Expect(c.config.CipherSuites).To(Equal([]uint16{16, 17, 18})) - Expect(c.config.MinVersion).To(BeEquivalentTo(tls.VersionTLS10)) - Expect(c.config.MaxVersion).To(BeEquivalentTo(tls.VersionTLS12)) - Expect(c.config.CurvePreferences).To(Equal([]tls.CurveID{19, 20, 21})) - }) - - It("converts a ClientHelloInfo to a tls.ClientHelloInfo, if no config is set", func() { - chi := &qtlsClientHelloInfo{CipherSuites: []uint16{13, 37}} - tlsCHI := toTLSClientHelloInfo((*ClientHelloInfo)(unsafe.Pointer(chi))) - Expect(tlsCHI.CipherSuites).To(Equal([]uint16{13, 37})) - }) -}) diff --git a/internal/qtls/structs_equal.go b/internal/qtls/structs_equal.go index dd846372..7df0423a 100644 --- a/internal/qtls/structs_equal.go +++ b/internal/qtls/structs_equal.go @@ -1,5 +1,3 @@ -// +build !go1.15 - package qtls import "reflect" diff --git a/internal/qtls/structs_equal_test.go b/internal/qtls/structs_equal_test.go index ec570afb..2a2f46c2 100644 --- a/internal/qtls/structs_equal_test.go +++ b/internal/qtls/structs_equal_test.go @@ -1,5 +1,3 @@ -// +build !go1.15 - package qtls import ( diff --git a/interop/Dockerfile b/interop/Dockerfile index 380aad37..a5b6faf9 100644 --- a/interop/Dockerfile +++ b/interop/Dockerfile @@ -2,9 +2,9 @@ FROM martenseemann/quic-network-simulator-endpoint:latest AS builder RUN apt-get update && apt-get install -y wget tar git -RUN wget https://dl.google.com/go/go1.14.linux-amd64.tar.gz && \ - tar xfz go1.14.linux-amd64.tar.gz && \ - rm go1.14.linux-amd64.tar.gz +RUN wget https://dl.google.com/go/go1.16.linux-amd64.tar.gz && \ + tar xfz go1.16.linux-amd64.tar.gz && \ + rm go1.16.linux-amd64.tar.gz ENV PATH="/go/bin:${PATH}" diff --git a/stream.go b/stream.go index 03edae80..deeabb1e 100644 --- a/stream.go +++ b/stream.go @@ -1,6 +1,8 @@ package quic import ( + "net" + "os" "sync" "time" @@ -10,6 +12,15 @@ import ( "github.com/lucas-clemente/quic-go/internal/wire" ) +type deadlineError struct{} + +func (deadlineError) Error() string { return "deadline exceeded" } +func (deadlineError) Temporary() bool { return true } +func (deadlineError) Timeout() bool { return true } +func (deadlineError) Unwrap() error { return os.ErrDeadlineExceeded } + +var errDeadline net.Error = &deadlineError{} + // The streamSender is notified by the stream about various events. type streamSender interface { queueControlFrame(wire.Frame) diff --git a/stream_deadline_error.go b/stream_deadline_error.go deleted file mode 100644 index f7f97a34..00000000 --- a/stream_deadline_error.go +++ /dev/null @@ -1,11 +0,0 @@ -package quic - -import "net" - -type deadlineError struct{} - -func (deadlineError) Error() string { return "deadline exceeded" } -func (deadlineError) Temporary() bool { return true } -func (deadlineError) Timeout() bool { return true } - -var errDeadline net.Error = &deadlineError{} diff --git a/stream_deadline_error_go115.go b/stream_deadline_error_go115.go deleted file mode 100644 index db371b93..00000000 --- a/stream_deadline_error_go115.go +++ /dev/null @@ -1,9 +0,0 @@ -// +build go1.15 - -package quic - -import ( - "os" -) - -func (deadlineError) Unwrap() error { return os.ErrDeadlineExceeded } diff --git a/stream_deadline_error_test.go b/stream_deadline_error_test.go deleted file mode 100644 index a1f178a5..00000000 --- a/stream_deadline_error_test.go +++ /dev/null @@ -1,21 +0,0 @@ -// +build go1.15 - -package quic - -import ( - "errors" - "os" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Deadline Error", func() { - It("is a net.Error that wraps os.ErrDeadlineError", func() { - err := deadlineError{} - Expect(err.Temporary()).To(BeTrue()) - Expect(err.Timeout()).To(BeTrue()) - Expect(errors.Is(err, os.ErrDeadlineExceeded)).To(BeTrue()) - Expect(errors.Unwrap(err)).To(Equal(os.ErrDeadlineExceeded)) - }) -}) diff --git a/stream_test.go b/stream_test.go index 6b6572cd..c3d0f016 100644 --- a/stream_test.go +++ b/stream_test.go @@ -1,6 +1,7 @@ package quic import ( + "errors" "io" "os" "strconv" @@ -94,3 +95,13 @@ var _ = Describe("Stream", func() { }) }) }) + +var _ = Describe("Deadline Error", func() { + It("is a net.Error that wraps os.ErrDeadlineError", func() { + err := deadlineError{} + Expect(err.Temporary()).To(BeTrue()) + Expect(err.Timeout()).To(BeTrue()) + Expect(errors.Is(err, os.ErrDeadlineExceeded)).To(BeTrue()) + Expect(errors.Unwrap(err)).To(Equal(os.ErrDeadlineExceeded)) + }) +})