mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
Add no-parrot and setClientRandom tests
This commit is contained in:
Sergey Frolov
parent
3aa7191ad5
commit
c66e042136
37 changed files with 2111 additions and 1111 deletions
394
u_conn_test.go
394
u_conn_test.go
|
|
@ -16,14 +16,6 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
/*
|
||||
TODO:
|
||||
Reuse examples in tests?
|
||||
Add tests for randomized and no parrot
|
||||
Add session ticket tests
|
||||
Add set client random tests
|
||||
*/
|
||||
|
||||
func TestUTLSMarshalNoOp(t *testing.T) {
|
||||
// we rely on
|
||||
str := "We rely on clientHelloMsg.marshal() not doing anything if clientHelloMsg.raw is set"
|
||||
|
|
@ -38,173 +30,6 @@ func TestUTLSMarshalNoOp(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func runUTLSClientTestForVersion(t *testing.T, template *clientTest, prefix, option string, helloID ClientHelloID) {
|
||||
test := *template
|
||||
test.name = prefix + test.name
|
||||
if len(test.command) == 0 {
|
||||
test.command = defaultClientCommand
|
||||
}
|
||||
test.command = append([]string(nil), test.command...)
|
||||
test.command = append(test.command, option)
|
||||
test.runUTLS(t, *update, helloID)
|
||||
}
|
||||
|
||||
func runUTLSClientTestTLS12(t *testing.T, template *clientTest, helloID ClientHelloID) {
|
||||
runUTLSClientTestForVersion(t, template, "TLSv12-", "-tls1_2", helloID)
|
||||
}
|
||||
|
||||
func (test *clientTest) runUTLS(t *testing.T, write bool, helloID ClientHelloID) {
|
||||
checkOpenSSLVersion(t)
|
||||
|
||||
var clientConn, serverConn net.Conn
|
||||
var recordingConn *recordingConn
|
||||
var childProcess *exec.Cmd
|
||||
var stdin opensslInput
|
||||
var stdout *opensslOutputSink
|
||||
|
||||
if write {
|
||||
var err error
|
||||
recordingConn, childProcess, stdin, stdout, err = test.connFromCommand()
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to start subcommand: %s", err)
|
||||
}
|
||||
clientConn = recordingConn
|
||||
} else {
|
||||
clientConn, serverConn = net.Pipe()
|
||||
}
|
||||
|
||||
config := test.config
|
||||
if config == nil {
|
||||
t.Error("Explicit config is mandatory")
|
||||
return
|
||||
}
|
||||
client := UClient(clientConn, config, helloID)
|
||||
|
||||
doneChan := make(chan bool)
|
||||
go func() {
|
||||
defer func() { doneChan <- true }()
|
||||
defer clientConn.Close()
|
||||
defer client.Close()
|
||||
|
||||
err := client.Handshake()
|
||||
if err != nil {
|
||||
t.Errorf("Client.Handshake() failed: %s", err)
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := client.Write([]byte("hello\n")); err != nil {
|
||||
t.Errorf("Client.Write failed: %s", err)
|
||||
return
|
||||
}
|
||||
|
||||
for i := 1; i <= test.numRenegotiations; i++ {
|
||||
// The initial handshake will generate a
|
||||
// handshakeComplete signal which needs to be quashed.
|
||||
if i == 1 && write {
|
||||
<-stdout.handshakeComplete
|
||||
}
|
||||
|
||||
// OpenSSL will try to interleave application data and
|
||||
// a renegotiation if we send both concurrently.
|
||||
// Therefore: ask OpensSSL to start a renegotiation, run
|
||||
// a goroutine to call client.Read and thus process the
|
||||
// renegotiation request, watch for OpenSSL's stdout to
|
||||
// indicate that the handshake is complete and,
|
||||
// finally, have OpenSSL write something to cause
|
||||
// client.Read to complete.
|
||||
if write {
|
||||
stdin <- opensslRenegotiate
|
||||
}
|
||||
|
||||
signalChan := make(chan struct{})
|
||||
|
||||
go func() {
|
||||
defer func() { signalChan <- struct{}{} }()
|
||||
|
||||
buf := make([]byte, 256)
|
||||
n, err := client.Read(buf)
|
||||
|
||||
if test.checkRenegotiationError != nil {
|
||||
newErr := test.checkRenegotiationError(i, err)
|
||||
if err != nil && newErr == nil {
|
||||
return
|
||||
}
|
||||
err = newErr
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
t.Errorf("Client.Read failed after renegotiation #%d: %s", i, err)
|
||||
return
|
||||
}
|
||||
|
||||
buf = buf[:n]
|
||||
if !bytes.Equal([]byte(opensslSentinel), buf) {
|
||||
t.Errorf("Client.Read returned %q, but wanted %q", string(buf), opensslSentinel)
|
||||
}
|
||||
|
||||
if expected := i + 1; client.handshakes != expected {
|
||||
t.Errorf("client should have recorded %d handshakes, but believes that %d have occurred", expected, client.handshakes)
|
||||
}
|
||||
}()
|
||||
|
||||
if write && test.renegotiationExpectedToFail != i {
|
||||
<-stdout.handshakeComplete
|
||||
stdin <- opensslSendSentinel
|
||||
}
|
||||
<-signalChan
|
||||
}
|
||||
|
||||
if test.validate != nil {
|
||||
if err := test.validate(client.ConnectionState()); err != nil {
|
||||
t.Errorf("validate callback returned error: %s", err)
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
if !write {
|
||||
flows, err := test.loadData()
|
||||
if err != nil {
|
||||
t.Fatalf("%s: failed to load data from %s: %v", test.name, test.dataPath(), err)
|
||||
}
|
||||
for i, b := range flows {
|
||||
if i%2 == 1 {
|
||||
serverConn.Write(b)
|
||||
continue
|
||||
}
|
||||
bb := make([]byte, len(b))
|
||||
_, err := io.ReadFull(serverConn, bb)
|
||||
if err != nil {
|
||||
t.Fatalf("%s #%d: %s", test.name, i, err)
|
||||
}
|
||||
if !bytes.Equal(b, bb) {
|
||||
t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i, bb, b)
|
||||
}
|
||||
}
|
||||
serverConn.Close()
|
||||
}
|
||||
|
||||
<-doneChan
|
||||
|
||||
if write {
|
||||
path := test.dataPath()
|
||||
out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create output file: %s", err)
|
||||
}
|
||||
defer out.Close()
|
||||
recordingConn.Close()
|
||||
close(stdin)
|
||||
childProcess.Process.Kill()
|
||||
childProcess.Wait()
|
||||
if len(recordingConn.flows) < 3 {
|
||||
os.Stdout.Write(childProcess.Stdout.(*opensslOutputSink).all)
|
||||
t.Fatalf("Client connection didn't work")
|
||||
}
|
||||
recordingConn.WriteTo(out)
|
||||
fmt.Printf("Wrote %s\n", path)
|
||||
}
|
||||
}
|
||||
|
||||
func TestUTLSHandshakeClientParrotAndroid_5_1(t *testing.T) {
|
||||
helloID := HelloAndroid_5_1_Browser
|
||||
|
||||
|
|
@ -222,6 +47,22 @@ func TestUTLSHandshakeClientParrotAndroid_5_1(t *testing.T) {
|
|||
testUTLSHandshakeClientRSA_AES128_GCM_SHA256(t, helloID)
|
||||
}
|
||||
|
||||
func TestUTLSHandshakeClientParrotGolang(t *testing.T) {
|
||||
helloID := HelloGolang
|
||||
|
||||
testUTLSHandshakeClientECDHE_ECDSA_WITH_CHACHA20_POLY1305(t, helloID)
|
||||
testUTLSHandshakeClientECDHE_RSA_WITH_CHACHA20_POLY1305(t, helloID)
|
||||
|
||||
testUTLSHandshakeClientECDHE_RSA_AES128_GCM_SHA256(t, helloID)
|
||||
testUTLSHandshakeClientECDHE_ECDSA_AES128_GCM_SHA256(t, helloID)
|
||||
testUTLSHandshakeClientECDHE_RSA_AES256_CBC_SHA(t, helloID)
|
||||
testUTLSHandshakeClientECDHE_ECDSA_AES256_CBC_SHA(t, helloID)
|
||||
testUTLSHandshakeClientECDHE_RSA_AES128_CBC_SHA(t, helloID)
|
||||
testUTLSHandshakeClientECDHE_ECDSA_AES128_CBC_SHA(t, helloID)
|
||||
|
||||
testUTLSHandshakeClientRSA_AES128_GCM_SHA256(t, helloID)
|
||||
}
|
||||
|
||||
func TestUTLSHandshakeClientParrotAndroid_6_0(t *testing.T) {
|
||||
helloID := HelloAndroid_6_0_Browser
|
||||
// TODO: EC tests below are disabled because latest version of reference OpenSSL doesn't support p256 nor p384
|
||||
|
|
@ -279,9 +120,31 @@ func TestUTLSHandshakeClientParrotFirefox_55(t *testing.T) {
|
|||
testUTLSHandshakeClientECDHE_RSA_AES128_CBC_SHA(t, helloID)
|
||||
}
|
||||
|
||||
func TestUTLSHandshakeClientParrotChrome_58_setclienthello(t *testing.T) {
|
||||
helloID := HelloChrome_58
|
||||
config := getUTLSTestConfig()
|
||||
|
||||
opensslCipherName := "ECDHE-RSA-AES128-GCM-SHA256"
|
||||
test := &clientTest{
|
||||
name: "UTLS-setclienthello-" + opensslCipherName + "-" + helloID.Str(),
|
||||
command: []string{"openssl", "s_server", "-cipher", opensslCipherName},
|
||||
config: config,
|
||||
}
|
||||
|
||||
runUTLSClientTestTLS12(t, test, helloID)
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
HELPER FUNCTIONS BELOW
|
||||
*
|
||||
*/
|
||||
|
||||
func getUTLSTestConfig() *Config {
|
||||
testUTLSConfig := &Config{
|
||||
Time: func() time.Time { return time.Unix(0, 0) },
|
||||
Time: func() time.Time {
|
||||
return time.Unix(0, 0)
|
||||
},
|
||||
Rand: zeroSource{},
|
||||
InsecureSkipVerify: true,
|
||||
MinVersion: VersionSSL30,
|
||||
|
|
@ -437,3 +300,182 @@ func testUTLSHandshakeClientECDHE_ECDSA_WITH_CHACHA20_POLY1305(t *testing.T, hel
|
|||
|
||||
runUTLSClientTestTLS12(t, test, helloID)
|
||||
}
|
||||
|
||||
func runUTLSClientTestForVersion(t *testing.T, template *clientTest, prefix, option string, helloID ClientHelloID) {
|
||||
test := *template
|
||||
test.name = prefix + test.name
|
||||
if len(test.command) == 0 {
|
||||
test.command = defaultClientCommand
|
||||
}
|
||||
test.command = append([]string(nil), test.command...)
|
||||
test.command = append(test.command, option)
|
||||
test.runUTLS(t, *update, helloID)
|
||||
}
|
||||
|
||||
func runUTLSClientTestTLS12(t *testing.T, template *clientTest, helloID ClientHelloID) {
|
||||
runUTLSClientTestForVersion(t, template, "TLSv12-", "-tls1_2", helloID)
|
||||
}
|
||||
|
||||
func (test *clientTest) runUTLS(t *testing.T, write bool, helloID ClientHelloID) {
|
||||
checkOpenSSLVersion(t)
|
||||
|
||||
var clientConn, serverConn net.Conn
|
||||
var recordingConn *recordingConn
|
||||
var childProcess *exec.Cmd
|
||||
var stdin opensslInput
|
||||
var stdout *opensslOutputSink
|
||||
|
||||
if write {
|
||||
var err error
|
||||
recordingConn, childProcess, stdin, stdout, err = test.connFromCommand()
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to start subcommand: %s", err)
|
||||
}
|
||||
clientConn = recordingConn
|
||||
} else {
|
||||
clientConn, serverConn = net.Pipe()
|
||||
}
|
||||
|
||||
config := test.config
|
||||
if config == nil {
|
||||
t.Error("Explicit config is mandatory")
|
||||
return
|
||||
}
|
||||
client := UClient(clientConn, config, helloID)
|
||||
if strings.HasPrefix(test.name, "TLSv12-UTLS-setclienthello-") {
|
||||
// TODO: fix this name hack if we ever decide to use non-standard testing object
|
||||
err := client.SetClientRandom([]byte("Custom ClientRandom h^xbw8bf0sn3"))
|
||||
if err != nil {
|
||||
t.Errorf("Client.SetClientRandom() failed: %s", err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
doneChan := make(chan bool)
|
||||
go func() {
|
||||
defer func() {
|
||||
doneChan <- true
|
||||
}()
|
||||
defer clientConn.Close()
|
||||
defer client.Close()
|
||||
|
||||
err := client.Handshake()
|
||||
if err != nil {
|
||||
t.Errorf("Client.Handshake() failed: %s", err)
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := client.Write([]byte("hello\n")); err != nil {
|
||||
t.Errorf("Client.Write failed: %s", err)
|
||||
return
|
||||
}
|
||||
|
||||
for i := 1; i <= test.numRenegotiations; i++ {
|
||||
// The initial handshake will generate a
|
||||
// handshakeComplete signal which needs to be quashed.
|
||||
if i == 1 && write {
|
||||
<-stdout.handshakeComplete
|
||||
}
|
||||
|
||||
// OpenSSL will try to interleave application data and
|
||||
// a renegotiation if we send both concurrently.
|
||||
// Therefore: ask OpensSSL to start a renegotiation, run
|
||||
// a goroutine to call client.Read and thus process the
|
||||
// renegotiation request, watch for OpenSSL's stdout to
|
||||
// indicate that the handshake is complete and,
|
||||
// finally, have OpenSSL write something to cause
|
||||
// client.Read to complete.
|
||||
if write {
|
||||
stdin <- opensslRenegotiate
|
||||
}
|
||||
|
||||
signalChan := make(chan struct{})
|
||||
|
||||
go func() {
|
||||
defer func() {
|
||||
signalChan <- struct{}{}
|
||||
}()
|
||||
|
||||
buf := make([]byte, 256)
|
||||
n, err := client.Read(buf)
|
||||
|
||||
if test.checkRenegotiationError != nil {
|
||||
newErr := test.checkRenegotiationError(i, err)
|
||||
if err != nil && newErr == nil {
|
||||
return
|
||||
}
|
||||
err = newErr
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
t.Errorf("Client.Read failed after renegotiation #%d: %s", i, err)
|
||||
return
|
||||
}
|
||||
|
||||
buf = buf[:n]
|
||||
if !bytes.Equal([]byte(opensslSentinel), buf) {
|
||||
t.Errorf("Client.Read returned %q, but wanted %q", string(buf), opensslSentinel)
|
||||
}
|
||||
|
||||
if expected := i + 1; client.handshakes != expected {
|
||||
t.Errorf("client should have recorded %d handshakes, but believes that %d have occurred", expected, client.handshakes)
|
||||
}
|
||||
}()
|
||||
|
||||
if write && test.renegotiationExpectedToFail != i {
|
||||
<-stdout.handshakeComplete
|
||||
stdin <- opensslSendSentinel
|
||||
}
|
||||
<-signalChan
|
||||
}
|
||||
|
||||
if test.validate != nil {
|
||||
if err := test.validate(client.ConnectionState()); err != nil {
|
||||
t.Errorf("validate callback returned error: %s", err)
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
if !write {
|
||||
flows, err := test.loadData()
|
||||
if err != nil {
|
||||
t.Fatalf("%s: failed to load data from %s: %v", test.name, test.dataPath(), err)
|
||||
}
|
||||
for i, b := range flows {
|
||||
if i%2 == 1 {
|
||||
serverConn.Write(b)
|
||||
continue
|
||||
}
|
||||
bb := make([]byte, len(b))
|
||||
_, err := io.ReadFull(serverConn, bb)
|
||||
if err != nil {
|
||||
t.Fatalf("%s #%d: %s", test.name, i, err)
|
||||
}
|
||||
if !bytes.Equal(b, bb) {
|
||||
t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i, bb, b)
|
||||
}
|
||||
}
|
||||
serverConn.Close()
|
||||
}
|
||||
|
||||
<-doneChan
|
||||
|
||||
if write {
|
||||
path := test.dataPath()
|
||||
out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to create output file: %s", err)
|
||||
}
|
||||
defer out.Close()
|
||||
recordingConn.Close()
|
||||
close(stdin)
|
||||
childProcess.Process.Kill()
|
||||
childProcess.Wait()
|
||||
if len(recordingConn.flows) < 3 {
|
||||
os.Stdout.Write(childProcess.Stdout.(*opensslOutputSink).all)
|
||||
t.Fatalf("Client connection didn't work")
|
||||
}
|
||||
recordingConn.WriteTo(out)
|
||||
fmt.Printf("Wrote %s\n", path)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue