From 478fdf19778f9fa58ccf7bf293c41916e10288c0 Mon Sep 17 00:00:00 2001 From: Clide Stefani Date: Tue, 25 Jun 2024 15:52:32 -0400 Subject: [PATCH] crypto/tls: add support for additional alpn flags to bogo_shim_test The existing implementation of bogo_shim_test does not support tests that use the -expect-advertised-alpn flag or the -select-alpn flag. This change allows bogo_shim_test to receive and enforce these flags. Support for these flags is added in the same change because these flags are set together. Updates #51434 Change-Id: Ia37f9e7403d4a43e6da68c16039a4bcb56ebd032 Reviewed-on: https://go-review.googlesource.com/c/go/+/595655 Auto-Submit: Filippo Valsorda Reviewed-by: Carlos Amedee Reviewed-by: Russell Webb Reviewed-by: Clide Stefani LUCI-TryBot-Result: Go LUCI Auto-Submit: Roland Shoemaker Reviewed-by: Roland Shoemaker --- bogo_shim_test.go | 44 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/bogo_shim_test.go b/bogo_shim_test.go index ce01852..ff836d9 100644 --- a/bogo_shim_test.go +++ b/bogo_shim_test.go @@ -17,9 +17,12 @@ import ( "os/exec" "path/filepath" "runtime" + "slices" "strconv" "strings" "testing" + + "golang.org/x/crypto/cryptobyte" ) var ( @@ -77,10 +80,12 @@ var ( _ = flag.Bool("expect-ticket-supports-early-data", false, "") onResumeShimWritesFirst = flag.Bool("on-resume-shim-writes-first", false, "") - advertiseALPN = flag.String("advertise-alpn", "", "") - expectALPN = flag.String("expect-alpn", "", "") - rejectALPN = flag.Bool("reject-alpn", false, "") - declineALPN = flag.Bool("decline-alpn", false, "") + advertiseALPN = flag.String("advertise-alpn", "", "") + expectALPN = flag.String("expect-alpn", "", "") + rejectALPN = flag.Bool("reject-alpn", false, "") + declineALPN = flag.Bool("decline-alpn", false, "") + expectAdvertisedALPN = flag.String("expect-advertised-alpn", "", "") + selectALPN = flag.String("select-alpn", "", "") hostName = flag.String("host-name", "", "") @@ -118,6 +123,29 @@ func bogoShim() { MaxVersion: uint16(*maxVersion), ClientSessionCache: NewLRUClientSessionCache(0), + + GetConfigForClient: func(chi *ClientHelloInfo) (*Config, error) { + + if *expectAdvertisedALPN != "" { + + s := cryptobyte.String(*expectAdvertisedALPN) + + var expectedALPNs []string + + for !s.Empty() { + var alpn cryptobyte.String + if !s.ReadUint8LengthPrefixed(&alpn) { + return nil, fmt.Errorf("unexpected error while parsing arguments for -expect-advertised-alpn") + } + expectedALPNs = append(expectedALPNs, string(alpn)) + } + + if !slices.Equal(chi.SupportedProtos, expectedALPNs) { + return nil, fmt.Errorf("unexpected ALPN: got %q, want %q", chi.SupportedProtos, expectedALPNs) + } + } + return nil, nil + }, } if *noTLS1 { @@ -160,6 +188,9 @@ func bogoShim() { if *declineALPN { cfg.NextProtos = []string{} } + if *selectALPN != "" { + cfg.NextProtos = []string{*selectALPN} + } if *hostName != "" { cfg.ServerName = *hostName @@ -288,6 +319,11 @@ func bogoShim() { if *expectALPN != "" && cs.NegotiatedProtocol != *expectALPN { log.Fatalf("unexpected protocol negotiated: want %q, got %q", *expectALPN, cs.NegotiatedProtocol) } + + if *selectALPN != "" && cs.NegotiatedProtocol != *selectALPN { + log.Fatalf("unexpected protocol negotiated: want %q, got %q", *selectALPN, cs.NegotiatedProtocol) + } + if *expectVersion != 0 && cs.Version != uint16(*expectVersion) { log.Fatalf("expected ssl version %q, got %q", uint16(*expectVersion), cs.Version) }