mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

sync: merge changes from go 1.24.0

Browse source
This commit is contained in:
Mingye Chen 2025-03-01 00:13:08 -07:00
commit a99feacec2
50 changed files with 2505 additions and 2734 deletions
Download patch file Download diff file Expand all files Collapse all files

157
handshake_server_test.go
View file

@ -23,11 +23,15 @@ import (
"runtime"
"slices"
"strings"
"sync/atomic"
"testing"
"time"
"github.com/refraction-networking/utls/internal/fips140tls"
)
func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) {
t.Helper()
testClientHelloFailure(t, serverConfig, m, "")
}
@ -52,12 +56,13 @@ func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessa
}()
ctx := context.Background()
conn := Server(s, serverConfig)
ch, err := conn.readClientHello(ctx)
ch, ech, err := conn.readClientHello(ctx)
if conn.vers == VersionTLS13 {
hs := serverHandshakeStateTLS13{
c: conn,
ctx: ctx,
clientHello: ch,
echContext: ech,
}
if err == nil {
err = hs.processClientHello()
@ -116,7 +121,7 @@ func TestRejectBadProtocolVersion(t *testing.T) {
func TestNoSuiteOverlap(t *testing.T) {
clientHello := &clientHelloMsg{
vers: VersionTLS10,
vers: VersionTLS12,
random: make([]byte, 32),
cipherSuites: []uint16{0xff00},
compressionMethods: []uint8{compressionNone},
@ -126,9 +131,9 @@ func TestNoSuiteOverlap(t *testing.T) {
func TestNoCompressionOverlap(t *testing.T) {
clientHello := &clientHelloMsg{
vers: VersionTLS10,
vers: VersionTLS12,
random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
compressionMethods: []uint8{0xff},
}
testClientHelloFailure(t, testConfig, clientHello, "client does not support uncompressed connections")
@ -136,7 +141,7 @@ func TestNoCompressionOverlap(t *testing.T) {
func TestNoRC4ByDefault(t *testing.T) {
clientHello := &clientHelloMsg{
vers: VersionTLS10,
vers: VersionTLS12,
random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
compressionMethods: []uint8{compressionNone},
@ -160,9 +165,9 @@ func TestDontSelectECDSAWithRSAKey(t *testing.T) {
// Test that, even when both sides support an ECDSA cipher suite, it
// won't be selected if the server's private key doesn't support it.
clientHello := &clientHelloMsg{
vers: VersionTLS10,
vers: VersionTLS12,
random: make([]byte, 32),
cipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
cipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
compressionMethods: []uint8{compressionNone},
supportedCurves: []CurveID{CurveP256},
supportedPoints: []uint8{pointFormatUncompressed},
@ -186,9 +191,9 @@ func TestDontSelectRSAWithECDSAKey(t *testing.T) {
// Test that, even when both sides support an RSA cipher suite, it
// won't be selected if the server's private key doesn't support it.
clientHello := &clientHelloMsg{
vers: VersionTLS10,
vers: VersionTLS12,
random: make([]byte, 32),
cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
compressionMethods: []uint8{compressionNone},
supportedCurves: []CurveID{CurveP256},
supportedPoints: []uint8{pointFormatUncompressed},
@ -208,6 +213,8 @@ func TestDontSelectRSAWithECDSAKey(t *testing.T) {
}
func TestRenegotiationExtension(t *testing.T) {
skipFIPS(t) // #70505
clientHello := &clientHelloMsg{
vers: VersionTLS12,
compressionMethods: []uint8{compressionNone},
@ -260,6 +267,8 @@ func TestRenegotiationExtension(t *testing.T) {
}
func TestTLS12OnlyCipherSuites(t *testing.T) {
skipFIPS(t) // No TLS 1.1 in FIPS mode.
// Test that a Server doesn't select a TLS 1.2-only cipher suite when
// the client negotiates TLS 1.1.
clientHello := &clientHelloMsg{
@ -321,13 +330,18 @@ func TestTLSPointFormats(t *testing.T) {
supportedPoints []uint8
wantSupportedPoints bool
}{
{"ECC", []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, []CurveID{CurveP256}, []uint8{pointFormatUncompressed}, true},
{"ECC without ec_point_format", []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, []CurveID{CurveP256}, nil, false},
{"ECC with extra values", []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, []CurveID{CurveP256}, []uint8{13, 37, pointFormatUncompressed, 42}, true},
{"ECC", []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, []CurveID{CurveP256}, []uint8{pointFormatUncompressed}, true},
{"ECC without ec_point_format", []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, []CurveID{CurveP256}, nil, false},
{"ECC with extra values", []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, []CurveID{CurveP256}, []uint8{13, 37, pointFormatUncompressed, 42}, true},
{"RSA", []uint16{TLS_RSA_WITH_AES_256_GCM_SHA384}, nil, nil, false},
{"RSA with ec_point_format", []uint16{TLS_RSA_WITH_AES_256_GCM_SHA384}, nil, []uint8{pointFormatUncompressed}, false},
}
for _, tt := range tests {
// The RSA subtests should be enabled for FIPS 140 required mode: #70505
if strings.HasPrefix(tt.name, "RSA") && fips140tls.Required() {
t.Logf("skipping in FIPS mode.")
continue
}
t.Run(tt.name, func(t *testing.T) {
clientHello := &clientHelloMsg{
vers: VersionTLS12,
@ -341,7 +355,9 @@ func TestTLSPointFormats(t *testing.T) {
c, s := localPipe(t)
replyChan := make(chan any)
go func() {
cli := Client(c, testConfig)
clientConfig := testConfig.Clone()
clientConfig.Certificates = []Certificate{{Certificate: [][]byte{testRSA2048Certificate}, PrivateKey: testRSA2048PrivateKey}}
cli := Client(c, clientConfig)
cli.vers = clientHello.vers
if _, err := cli.writeHandshakeRecord(clientHello, nil); err != nil {
testFatal(t, err)
@ -354,9 +370,10 @@ func TestTLSPointFormats(t *testing.T) {
replyChan <- reply
}
}()
config := testConfig.Clone()
config.CipherSuites = clientHello.cipherSuites
Server(s, config).Handshake()
serverConfig := testConfig.Clone()
serverConfig.Certificates = []Certificate{{Certificate: [][]byte{testRSA2048Certificate}, PrivateKey: testRSA2048PrivateKey}}
serverConfig.CipherSuites = clientHello.cipherSuites
Server(s, serverConfig).Handshake()
s.Close()
reply := <-replyChan
if err, ok := reply.(error); ok {
@ -431,6 +448,8 @@ func TestVersion(t *testing.T) {
}
func TestCipherSuitePreference(t *testing.T) {
skipFIPS(t) // No RC4 or CHACHA20_POLY1305 in FIPS mode.
serverConfig := &Config{
CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
@ -499,16 +518,17 @@ func TestCrossVersionResume(t *testing.T) {
func testCrossVersionResume(t *testing.T, version uint16) {
serverConfig := &Config{
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
Certificates: testConfig.Certificates,
Time: testTime,
}
clientConfig := &Config{
CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
InsecureSkipVerify: true,
ClientSessionCache: NewLRUClientSessionCache(1),
ServerName: "servername",
MinVersion: VersionTLS12,
Time: testTime, // [uTLS]
Time: testTime,
}
// Establish a session at TLS 1.3.
@ -922,22 +942,6 @@ func TestHandshakeServerKeySharePreference(t *testing.T) {
runServerTestTLS13(t, test)
}
// TestHandshakeServerUnsupportedKeyShare tests a client that sends a key share
// that's not in the supported groups list.
func TestHandshakeServerUnsupportedKeyShare(t *testing.T) {
pk, _ := ecdh.X25519().GenerateKey(rand.Reader)
clientHello := &clientHelloMsg{
vers: VersionTLS12,
random: make([]byte, 32),
supportedVersions: []uint16{VersionTLS13},
cipherSuites: []uint16{TLS_CHACHA20_POLY1305_SHA256},
compressionMethods: []uint8{compressionNone},
keyShares: []keyShare{{group: X25519, data: pk.PublicKey().Bytes()}},
supportedCurves: []CurveID{CurveP256},
}
testClientHelloFailure(t, testConfig, clientHello, "client sent key share for group it does not support")
}
func TestHandshakeServerALPN(t *testing.T) {
config := testConfig.Clone()
config.NextProtos = []string{"proto1", "proto2"}
@ -1067,6 +1071,65 @@ func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) {
runServerTestTLS12(t, test)
}
// TestHandshakeServerGetCertificateExtensions tests to make sure that the
// Extensions passed to GetCertificate match what we expect based on the
// clientHelloMsg
func TestHandshakeServerGetCertificateExtensions(t *testing.T) {
const errMsg = "TestHandshakeServerGetCertificateExtensions error"
// ensure the test condition inside our GetCertificate callback
// is actually invoked
var called atomic.Int32
testVersions := []uint16{VersionTLS12, VersionTLS13}
for _, vers := range testVersions {
t.Run(fmt.Sprintf("TLS version %04x", vers), func(t *testing.T) {
pk, _ := ecdh.P256().GenerateKey(rand.Reader)
clientHello := &clientHelloMsg{
vers: vers,
random: make([]byte, 32),
cipherSuites: []uint16{TLS_AES_128_GCM_SHA256},
compressionMethods: []uint8{compressionNone},
serverName: "test",
keyShares: []keyShare{{group: CurveP256, data: pk.PublicKey().Bytes()}},
supportedCurves: []CurveID{CurveP256},
supportedSignatureAlgorithms: []SignatureScheme{ECDSAWithP256AndSHA256},
}
// the clientHelloMsg initialized just above is serialized with
// two extensions: server_name(0) and application_layer_protocol_negotiation(16)
expectedExtensions := []uint16{
extensionServerName,
extensionSupportedCurves,
extensionSignatureAlgorithms,
extensionKeyShare,
}
if vers == VersionTLS13 {
clientHello.supportedVersions = []uint16{VersionTLS13}
expectedExtensions = append(expectedExtensions, extensionSupportedVersions)
}
// Go's TLS client presents extensions in the ClientHello sorted by extension ID
slices.Sort(expectedExtensions)
serverConfig := testConfig.Clone()
serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
if !slices.Equal(expectedExtensions, clientHello.Extensions) {
t.Errorf("expected extensions on ClientHelloInfo (%v) to match clientHelloMsg (%v)", expectedExtensions, clientHello.Extensions)
}
called.Add(1)
return nil, errors.New(errMsg)
}
testClientHelloFailure(t, serverConfig, clientHello, errMsg)
})
}
if int(called.Load()) != len(testVersions) {
t.Error("expected our GetCertificate test to be called twice")
}
}
// TestHandshakeServerSNIGetCertificateError tests to make sure that errors in
// GetCertificate result in a tls alert.
func TestHandshakeServerSNIGetCertificateError(t *testing.T) {
@ -1078,9 +1141,9 @@ func TestHandshakeServerSNIGetCertificateError(t *testing.T) {
}
clientHello := &clientHelloMsg{
vers: VersionTLS10,
vers: VersionTLS12,
random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
compressionMethods: []uint8{compressionNone},
serverName: "test",
}
@ -1099,9 +1162,9 @@ func TestHandshakeServerEmptyCertificates(t *testing.T) {
serverConfig.Certificates = nil
clientHello := &clientHelloMsg{
vers: VersionTLS10,
vers: VersionTLS12,
random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
compressionMethods: []uint8{compressionNone},
}
testClientHelloFailure(t, serverConfig, clientHello, errMsg)
@ -1111,9 +1174,9 @@ func TestHandshakeServerEmptyCertificates(t *testing.T) {
serverConfig.GetCertificate = nil
clientHello = &clientHelloMsg{
vers: VersionTLS10,
vers: VersionTLS12,
random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
compressionMethods: []uint8{compressionNone},
}
testClientHelloFailure(t, serverConfig, clientHello, "no certificates")
@ -1436,9 +1499,9 @@ func TestSNIGivenOnFailure(t *testing.T) {
const expectedServerName = "test.testing"
clientHello := &clientHelloMsg{
vers: VersionTLS10,
vers: VersionTLS12,
random: make([]byte, 32),
cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
compressionMethods: []uint8{compressionNone},
serverName: expectedServerName,
}
@ -1458,7 +1521,7 @@ func TestSNIGivenOnFailure(t *testing.T) {
}()
conn := Server(s, serverConfig)
ctx := context.Background()
ch, err := conn.readClientHello(ctx)
ch, _, err := conn.readClientHello(ctx)
hs := serverHandshakeState{
c: conn,
ctx: ctx,
@ -1694,7 +1757,7 @@ T+E0J8wlH24pgwQHzy7Ko2qLwn1b5PW8ecrlvP1g
func TestMultipleCertificates(t *testing.T) {
clientConfig := testConfig.Clone()
clientConfig.CipherSuites = []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}
clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}
clientConfig.MaxVersion = VersionTLS12
serverConfig := testConfig.Clone()
@ -1716,6 +1779,8 @@ func TestMultipleCertificates(t *testing.T) {
}
func TestAESCipherReordering(t *testing.T) {
skipFIPS(t) // No CHACHA20_POLY1305 for FIPS.
currentAESSupport := hasAESGCMHardwareSupport
defer func() { hasAESGCMHardwareSupport = currentAESSupport }()
@ -1859,6 +1924,8 @@ func TestAESCipherReordering(t *testing.T) {
}
func TestAESCipherReorderingTLS13(t *testing.T) {
skipFIPS(t) // No CHACHA20_POLY1305 for FIPS.
currentAESSupport := hasAESGCMHardwareSupport
defer func() { hasAESGCMHardwareSupport = currentAESSupport }()