mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: support QUIC as a transport

Browse source 
Add a QUICConn type for use by QUIC implementations.

A QUICConn provides unencrypted handshake bytes and connection
secrets to the QUIC layer, and receives handshake bytes.

For #44886

Change-Id: I859dda4cc6d466a1df2fb863a69d3a2a069110d5
Reviewed-on: https://go-review.googlesource.com/c/go/+/493655
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Marten Seemann <martenseemann@gmail.com>
This commit is contained in:
Damien Neil 2022-10-14 10:48:42 -07:00
parent 32e60edd6d
commit b7691e8126
11 changed files with 1077 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

430
quic_test.go Normal file
View file

@ -0,0 +1,430 @@
// Copyright 2023 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package tls
import (
"context"
"errors"
"reflect"
"testing"
)
type testQUICConn struct {
t *testing.T
conn *QUICConn
readSecret map[QUICEncryptionLevel]suiteSecret
writeSecret map[QUICEncryptionLevel]suiteSecret
gotParams []byte
complete bool
}
func newTestQUICClient(t *testing.T, config *Config) *testQUICConn {
q := &testQUICConn{t: t}
q.conn = QUICClient(&QUICConfig{
TLSConfig: config,
})
t.Cleanup(func() {
q.conn.Close()
})
return q
}
func newTestQUICServer(t *testing.T, config *Config) *testQUICConn {
q := &testQUICConn{t: t}
q.conn = QUICServer(&QUICConfig{
TLSConfig: config,
})
t.Cleanup(func() {
q.conn.Close()
})
return q
}
type suiteSecret struct {
suite uint16
secret []byte
}
func (q *testQUICConn) setReadSecret(level QUICEncryptionLevel, suite uint16, secret []byte) {
if _, ok := q.writeSecret[level]; !ok {
q.t.Errorf("SetReadSecret for level %v called before SetWriteSecret", level)
}
if level == QUICEncryptionLevelApplication && !q.complete {
q.t.Errorf("SetReadSecret for level %v called before HandshakeComplete", level)
}
if _, ok := q.readSecret[level]; ok {
q.t.Errorf("SetReadSecret for level %v called twice", level)
}
if q.readSecret == nil {
q.readSecret = map[QUICEncryptionLevel]suiteSecret{}
}
switch level {
case QUICEncryptionLevelHandshake, QUICEncryptionLevelApplication:
q.readSecret[level] = suiteSecret{suite, secret}
default:
q.t.Errorf("SetReadSecret for unexpected level %v", level)
}
}
func (q *testQUICConn) setWriteSecret(level QUICEncryptionLevel, suite uint16, secret []byte) {
if _, ok := q.writeSecret[level]; ok {
q.t.Errorf("SetWriteSecret for level %v called twice", level)
}
if q.writeSecret == nil {
q.writeSecret = map[QUICEncryptionLevel]suiteSecret{}
}
switch level {
case QUICEncryptionLevelHandshake, QUICEncryptionLevelApplication:
q.writeSecret[level] = suiteSecret{suite, secret}
default:
q.t.Errorf("SetWriteSecret for unexpected level %v", level)
}
}
var errTransportParametersRequired = errors.New("transport parameters required")
func runTestQUICConnection(ctx context.Context, a, b *testQUICConn, onHandleCryptoData func()) error {
for _, c := range []*testQUICConn{a, b} {
if !c.conn.conn.quic.started {
if err := c.conn.Start(ctx); err != nil {
return err
}
}
}
idleCount := 0
for {
e := a.conn.NextEvent()
switch e.Kind {
case QUICNoEvent:
idleCount++
if idleCount == 2 {
if !a.complete || !b.complete {
return errors.New("handshake incomplete")
}
return nil
}
a, b = b, a
case QUICSetReadSecret:
a.setReadSecret(e.Level, e.Suite, e.Data)
case QUICSetWriteSecret:
a.setWriteSecret(e.Level, e.Suite, e.Data)
case QUICWriteData:
if err := b.conn.HandleData(e.Level, e.Data); err != nil {
return err
}
case QUICTransportParameters:
a.gotParams = e.Data
if a.gotParams == nil {
a.gotParams = []byte{}
}
case QUICTransportParametersRequired:
return errTransportParametersRequired
case QUICHandshakeDone:
a.complete = true
}
if e.Kind != QUICNoEvent {
idleCount = 0
}
}
}
func TestQUICConnection(t *testing.T) {
config := testConfig.Clone()
config.MinVersion = VersionTLS13
cli := newTestQUICClient(t, config)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, config)
srv.conn.SetTransportParameters(nil)
if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
t.Fatalf("error during connection handshake: %v", err)
}
if _, ok := cli.readSecret[QUICEncryptionLevelHandshake]; !ok {
t.Errorf("client has no Handshake secret")
}
if _, ok := cli.readSecret[QUICEncryptionLevelApplication]; !ok {
t.Errorf("client has no Application secret")
}
if _, ok := srv.readSecret[QUICEncryptionLevelHandshake]; !ok {
t.Errorf("server has no Handshake secret")
}
if _, ok := srv.readSecret[QUICEncryptionLevelApplication]; !ok {
t.Errorf("server has no Application secret")
}
for _, level := range []QUICEncryptionLevel{QUICEncryptionLevelHandshake, QUICEncryptionLevelApplication} {
if _, ok := cli.readSecret[level]; !ok {
t.Errorf("client has no %v read secret", level)
}
if _, ok := srv.readSecret[level]; !ok {
t.Errorf("server has no %v read secret", level)
}
if !reflect.DeepEqual(cli.readSecret[level], srv.writeSecret[level]) {
t.Errorf("client read secret does not match server write secret for level %v", level)
}
if !reflect.DeepEqual(cli.writeSecret[level], srv.readSecret[level]) {
t.Errorf("client write secret does not match server read secret for level %v", level)
}
}
}
func TestQUICSessionResumption(t *testing.T) {
clientConfig := testConfig.Clone()
clientConfig.MinVersion = VersionTLS13
clientConfig.ClientSessionCache = NewLRUClientSessionCache(1)
clientConfig.ServerName = "example.go.dev"
serverConfig := testConfig.Clone()
serverConfig.MinVersion = VersionTLS13
cli := newTestQUICClient(t, clientConfig)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, serverConfig)
srv.conn.SetTransportParameters(nil)
if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
t.Fatalf("error during first connection handshake: %v", err)
}
if cli.conn.ConnectionState().DidResume {
t.Errorf("first connection unexpectedly used session resumption")
}
cli2 := newTestQUICClient(t, clientConfig)
cli2.conn.SetTransportParameters(nil)
srv2 := newTestQUICServer(t, serverConfig)
srv2.conn.SetTransportParameters(nil)
if err := runTestQUICConnection(context.Background(), cli2, srv2, nil); err != nil {
t.Fatalf("error during second connection handshake: %v", err)
}
if !cli2.conn.ConnectionState().DidResume {
t.Errorf("second connection did not use session resumption")
}
}
func TestQUICPostHandshakeClientAuthentication(t *testing.T) {
// RFC 9001, Section 4.4.
config := testConfig.Clone()
config.MinVersion = VersionTLS13
cli := newTestQUICClient(t, config)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, config)
srv.conn.SetTransportParameters(nil)
if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
t.Fatalf("error during connection handshake: %v", err)
}
certReq := new(certificateRequestMsgTLS13)
certReq.ocspStapling = true
certReq.scts = true
certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
certReqBytes, err := certReq.marshal()
if err != nil {
t.Fatal(err)
}
if err := cli.conn.HandleData(QUICEncryptionLevelApplication, append([]byte{
byte(typeCertificateRequest),
byte(0), byte(0), byte(len(certReqBytes)),
}, certReqBytes...)); err == nil {
t.Fatalf("post-handshake authentication request: got no error, want one")
}
}
func TestQUICPostHandshakeKeyUpdate(t *testing.T) {
// RFC 9001, Section 6.
config := testConfig.Clone()
config.MinVersion = VersionTLS13
cli := newTestQUICClient(t, config)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, config)
srv.conn.SetTransportParameters(nil)
if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
t.Fatalf("error during connection handshake: %v", err)
}
keyUpdate := new(keyUpdateMsg)
keyUpdateBytes, err := keyUpdate.marshal()
if err != nil {
t.Fatal(err)
}
if err := cli.conn.HandleData(QUICEncryptionLevelApplication, append([]byte{
byte(typeKeyUpdate),
byte(0), byte(0), byte(len(keyUpdateBytes)),
}, keyUpdateBytes...)); !errors.Is(err, alertUnexpectedMessage) {
t.Fatalf("key update request: got error %v, want alertUnexpectedMessage", err)
}
}
func TestQUICHandshakeError(t *testing.T) {
clientConfig := testConfig.Clone()
clientConfig.MinVersion = VersionTLS13
clientConfig.InsecureSkipVerify = false
clientConfig.ServerName = "name"
serverConfig := testConfig.Clone()
serverConfig.MinVersion = VersionTLS13
cli := newTestQUICClient(t, clientConfig)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, serverConfig)
srv.conn.SetTransportParameters(nil)
err := runTestQUICConnection(context.Background(), cli, srv, nil)
if !errors.Is(err, AlertError(alertBadCertificate)) {
t.Errorf("connection handshake terminated with error %q, want alertBadCertificate", err)
}
var e *CertificateVerificationError
if !errors.As(err, &e) {
t.Errorf("connection handshake terminated with error %q, want CertificateVerificationError", err)
}
}
// Test that QUICConn.ConnectionState can be used during the handshake,
// and that it reports the application protocol as soon as it has been
// negotiated.
func TestQUICConnectionState(t *testing.T) {
config := testConfig.Clone()
config.MinVersion = VersionTLS13
config.NextProtos = []string{"h3"}
cli := newTestQUICClient(t, config)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, config)
srv.conn.SetTransportParameters(nil)
onHandleCryptoData := func() {
cliCS := cli.conn.ConnectionState()
cliWantALPN := ""
if _, ok := cli.readSecret[QUICEncryptionLevelApplication]; ok {
cliWantALPN = "h3"
}
if want, got := cliCS.NegotiatedProtocol, cliWantALPN; want != got {
t.Errorf("cli.ConnectionState().NegotiatedProtocol = %q, want %q", want, got)
}
srvCS := srv.conn.ConnectionState()
srvWantALPN := ""
if _, ok := srv.readSecret[QUICEncryptionLevelHandshake]; ok {
srvWantALPN = "h3"
}
if want, got := srvCS.NegotiatedProtocol, srvWantALPN; want != got {
t.Errorf("srv.ConnectionState().NegotiatedProtocol = %q, want %q", want, got)
}
}
if err := runTestQUICConnection(context.Background(), cli, srv, onHandleCryptoData); err != nil {
t.Fatalf("error during connection handshake: %v", err)
}
}
func TestQUICStartContextPropagation(t *testing.T) {
const key = "key"
const value = "value"
ctx := context.WithValue(context.Background(), key, value)
config := testConfig.Clone()
config.MinVersion = VersionTLS13
calls := 0
config.GetConfigForClient = func(info *ClientHelloInfo) (*Config, error) {
calls++
got, _ := info.Context().Value(key).(string)
if got != value {
t.Errorf("GetConfigForClient context key %q has value %q, want %q", key, got, value)
}
return nil, nil
}
cli := newTestQUICClient(t, config)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, config)
srv.conn.SetTransportParameters(nil)
if err := runTestQUICConnection(ctx, cli, srv, nil); err != nil {
t.Fatalf("error during connection handshake: %v", err)
}
if calls != 1 {
t.Errorf("GetConfigForClient called %v times, want 1", calls)
}
}
func TestQUICDelayedTransportParameters(t *testing.T) {
clientConfig := testConfig.Clone()
clientConfig.MinVersion = VersionTLS13
clientConfig.ClientSessionCache = NewLRUClientSessionCache(1)
clientConfig.ServerName = "example.go.dev"
serverConfig := testConfig.Clone()
serverConfig.MinVersion = VersionTLS13
cliParams := "client params"
srvParams := "server params"
cli := newTestQUICClient(t, clientConfig)
srv := newTestQUICServer(t, serverConfig)
if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != errTransportParametersRequired {
t.Fatalf("handshake with no client parameters: %v; want errTransportParametersRequired", err)
}
cli.conn.SetTransportParameters([]byte(cliParams))
if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != errTransportParametersRequired {
t.Fatalf("handshake with no server parameters: %v; want errTransportParametersRequired", err)
}
srv.conn.SetTransportParameters([]byte(srvParams))
if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
t.Fatalf("error during connection handshake: %v", err)
}
if got, want := string(cli.gotParams), srvParams; got != want {
t.Errorf("client got transport params: %q, want %q", got, want)
}
if got, want := string(srv.gotParams), cliParams; got != want {
t.Errorf("server got transport params: %q, want %q", got, want)
}
}
func TestQUICEmptyTransportParameters(t *testing.T) {
config := testConfig.Clone()
config.MinVersion = VersionTLS13
cli := newTestQUICClient(t, config)
cli.conn.SetTransportParameters(nil)
srv := newTestQUICServer(t, config)
srv.conn.SetTransportParameters(nil)
if err := runTestQUICConnection(context.Background(), cli, srv, nil); err != nil {
t.Fatalf("error during connection handshake: %v", err)
}
if cli.gotParams == nil {
t.Errorf("client did not get transport params")
}
if srv.gotParams == nil {
t.Errorf("server did not get transport params")
}
if len(cli.gotParams) != 0 {
t.Errorf("client got transport params: %v, want empty", cli.gotParams)
}
if len(srv.gotParams) != 0 {
t.Errorf("server got transport params: %v, want empty", srv.gotParams)
}
}
func TestQUICCanceledWaitingForData(t *testing.T) {
config := testConfig.Clone()
config.MinVersion = VersionTLS13
cli := newTestQUICClient(t, config)
cli.conn.SetTransportParameters(nil)
cli.conn.Start(context.Background())
for cli.conn.NextEvent().Kind != QUICNoEvent {
}
err := cli.conn.Close()
if !errors.Is(err, alertCloseNotify) {
t.Errorf("conn.Close() = %v, want alertCloseNotify", err)
}
}
func TestQUICCanceledWaitingForTransportParams(t *testing.T) {
config := testConfig.Clone()
config.MinVersion = VersionTLS13
cli := newTestQUICClient(t, config)
cli.conn.Start(context.Background())
for cli.conn.NextEvent().Kind != QUICTransportParametersRequired {
}
err := cli.conn.Close()
if !errors.Is(err, alertCloseNotify) {
t.Errorf("conn.Close() = %v, want alertCloseNotify", err)
}
}