mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
9a45e56dc1
Signing with RSA-PSS can uncover faulty crypto.Signer implementations,
and it can fail for (broken) small keys. We'll have to take that
breakage eventually, but it would be nice for it to be opt-out at first.
TLS 1.3 requires RSA-PSS and is opt-out in Go 1.13. Instead of making a
TLS 1.3 opt-out influence a TLS 1.2 behavior, let's wait to add RSA-PSS
to TLS 1.2 until TLS 1.3 is on without opt-out.
Note that since the Client Hello is sent before a protocol version is
selected, we have to advertise RSA-PSS there to support TLS 1.3.
That means that we still support RSA-PSS on the client in TLS 1.2 for
verifying server certificates, which is fine, as all issues arise on the
signing side. We have to be careful not to pick (or consider available)
RSA-PSS on the client for client certificates, though.
We'd expect tests to change only in TLS 1.2:
* the server won't pick PSS to sign the key exchange
(Server-TLSv12-* w/ RSA, TestHandshakeServerRSAPSS);
* the server won't advertise PSS in CertificateRequest
(Server-TLSv12-ClientAuthRequested*, TestClientAuth);
* and the client won't pick PSS for its CertificateVerify
(Client-TLSv12-ClientCert-RSA-*, TestHandshakeClientCertRSAPSS,
Client-TLSv12-Renegotiate* because "R" requests a client cert).
Client-TLSv13-ClientCert-RSA-RSAPSS was updated because of a fix in the test.
This effectively reverts 88343530720a52c96b21f2bd5488c8fb607605d7.
Testing was made more complex by the undocumented semantics of OpenSSL's
-[client_]sigalgs (see openssl/openssl#9172).
Updates #32425
Change-Id: Iaddeb2df1f5c75cd090cc8321df2ac8e8e7db349
Reviewed-on: https://go-review.googlesource.com/c/go/+/182339
Reviewed-by: Adam Langley <agl@golang.org>
270 lines
6.7 KiB
Go
270 lines
6.7 KiB
Go
// Copyright 2013 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package tls
|
|
|
|
import (
|
|
"bufio"
|
|
"encoding/hex"
|
|
"errors"
|
|
"flag"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"net"
|
|
"os"
|
|
"os/exec"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
"testing"
|
|
)
|
|
|
|
// TLS reference tests run a connection against a reference implementation
|
|
// (OpenSSL) of TLS and record the bytes of the resulting connection. The Go
|
|
// code, during a test, is configured with deterministic randomness and so the
|
|
// reference test can be reproduced exactly in the future.
|
|
//
|
|
// In order to save everyone who wishes to run the tests from needing the
|
|
// reference implementation installed, the reference connections are saved in
|
|
// files in the testdata directory. Thus running the tests involves nothing
|
|
// external, but creating and updating them requires the reference
|
|
// implementation.
|
|
//
|
|
// Tests can be updated by running them with the -update flag. This will cause
|
|
// the test files to be regenerated. Generally one should combine the -update
|
|
// flag with -test.run to updated a specific test. Since the reference
|
|
// implementation will always generate fresh random numbers, large parts of
|
|
// the reference connection will always change.
|
|
|
|
var (
|
|
update = flag.Bool("update", false, "update golden files on disk")
|
|
fast = flag.Bool("fast", false, "impose a quick, possibly flaky timeout on recorded tests")
|
|
|
|
opensslVersionTestOnce sync.Once
|
|
opensslVersionTestErr error
|
|
)
|
|
|
|
func checkOpenSSLVersion(t *testing.T) {
|
|
opensslVersionTestOnce.Do(testOpenSSLVersion)
|
|
if opensslVersionTestErr != nil {
|
|
t.Fatal(opensslVersionTestErr)
|
|
}
|
|
}
|
|
|
|
func testOpenSSLVersion() {
|
|
// This test ensures that the version of OpenSSL looks reasonable
|
|
// before updating the test data.
|
|
|
|
if !*update {
|
|
return
|
|
}
|
|
|
|
openssl := exec.Command("openssl", "version")
|
|
output, err := openssl.CombinedOutput()
|
|
if err != nil {
|
|
opensslVersionTestErr = err
|
|
return
|
|
}
|
|
|
|
version := string(output)
|
|
if strings.HasPrefix(version, "OpenSSL 1.1.1") {
|
|
return
|
|
}
|
|
|
|
println("***********************************************")
|
|
println("")
|
|
println("You need to build OpenSSL 1.1.1 from source in order")
|
|
println("to update the test data.")
|
|
println("")
|
|
println("Configure it with:")
|
|
println("./Configure enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method")
|
|
println("and then add the apps/ directory at the front of your PATH.")
|
|
println("***********************************************")
|
|
|
|
opensslVersionTestErr = errors.New("version of OpenSSL does not appear to be suitable for updating test data")
|
|
}
|
|
|
|
// recordingConn is a net.Conn that records the traffic that passes through it.
|
|
// WriteTo can be used to produce output that can be later be loaded with
|
|
// ParseTestData.
|
|
type recordingConn struct {
|
|
net.Conn
|
|
sync.Mutex
|
|
flows [][]byte
|
|
reading bool
|
|
}
|
|
|
|
func (r *recordingConn) Read(b []byte) (n int, err error) {
|
|
if n, err = r.Conn.Read(b); n == 0 {
|
|
return
|
|
}
|
|
b = b[:n]
|
|
|
|
r.Lock()
|
|
defer r.Unlock()
|
|
|
|
if l := len(r.flows); l == 0 || !r.reading {
|
|
buf := make([]byte, len(b))
|
|
copy(buf, b)
|
|
r.flows = append(r.flows, buf)
|
|
} else {
|
|
r.flows[l-1] = append(r.flows[l-1], b[:n]...)
|
|
}
|
|
r.reading = true
|
|
return
|
|
}
|
|
|
|
func (r *recordingConn) Write(b []byte) (n int, err error) {
|
|
if n, err = r.Conn.Write(b); n == 0 {
|
|
return
|
|
}
|
|
b = b[:n]
|
|
|
|
r.Lock()
|
|
defer r.Unlock()
|
|
|
|
if l := len(r.flows); l == 0 || r.reading {
|
|
buf := make([]byte, len(b))
|
|
copy(buf, b)
|
|
r.flows = append(r.flows, buf)
|
|
} else {
|
|
r.flows[l-1] = append(r.flows[l-1], b[:n]...)
|
|
}
|
|
r.reading = false
|
|
return
|
|
}
|
|
|
|
// WriteTo writes Go source code to w that contains the recorded traffic.
|
|
func (r *recordingConn) WriteTo(w io.Writer) (int64, error) {
|
|
// TLS always starts with a client to server flow.
|
|
clientToServer := true
|
|
var written int64
|
|
for i, flow := range r.flows {
|
|
source, dest := "client", "server"
|
|
if !clientToServer {
|
|
source, dest = dest, source
|
|
}
|
|
n, err := fmt.Fprintf(w, ">>> Flow %d (%s to %s)\n", i+1, source, dest)
|
|
written += int64(n)
|
|
if err != nil {
|
|
return written, err
|
|
}
|
|
dumper := hex.Dumper(w)
|
|
n, err = dumper.Write(flow)
|
|
written += int64(n)
|
|
if err != nil {
|
|
return written, err
|
|
}
|
|
err = dumper.Close()
|
|
if err != nil {
|
|
return written, err
|
|
}
|
|
clientToServer = !clientToServer
|
|
}
|
|
return written, nil
|
|
}
|
|
|
|
func parseTestData(r io.Reader) (flows [][]byte, err error) {
|
|
var currentFlow []byte
|
|
|
|
scanner := bufio.NewScanner(r)
|
|
for scanner.Scan() {
|
|
line := scanner.Text()
|
|
// If the line starts with ">>> " then it marks the beginning
|
|
// of a new flow.
|
|
if strings.HasPrefix(line, ">>> ") {
|
|
if len(currentFlow) > 0 || len(flows) > 0 {
|
|
flows = append(flows, currentFlow)
|
|
currentFlow = nil
|
|
}
|
|
continue
|
|
}
|
|
|
|
// Otherwise the line is a line of hex dump that looks like:
|
|
// 00000170 fc f5 06 bf (...) |.....X{&?......!|
|
|
// (Some bytes have been omitted from the middle section.)
|
|
|
|
if i := strings.IndexByte(line, ' '); i >= 0 {
|
|
line = line[i:]
|
|
} else {
|
|
return nil, errors.New("invalid test data")
|
|
}
|
|
|
|
if i := strings.IndexByte(line, '|'); i >= 0 {
|
|
line = line[:i]
|
|
} else {
|
|
return nil, errors.New("invalid test data")
|
|
}
|
|
|
|
hexBytes := strings.Fields(line)
|
|
for _, hexByte := range hexBytes {
|
|
val, err := strconv.ParseUint(hexByte, 16, 8)
|
|
if err != nil {
|
|
return nil, errors.New("invalid hex byte in test data: " + err.Error())
|
|
}
|
|
currentFlow = append(currentFlow, byte(val))
|
|
}
|
|
}
|
|
|
|
if len(currentFlow) > 0 {
|
|
flows = append(flows, currentFlow)
|
|
}
|
|
|
|
return flows, nil
|
|
}
|
|
|
|
// tempFile creates a temp file containing contents and returns its path.
|
|
func tempFile(contents string) string {
|
|
file, err := ioutil.TempFile("", "go-tls-test")
|
|
if err != nil {
|
|
panic("failed to create temp file: " + err.Error())
|
|
}
|
|
path := file.Name()
|
|
file.WriteString(contents)
|
|
file.Close()
|
|
return path
|
|
}
|
|
|
|
// localListener is set up by TestMain and used by localPipe to create Conn
|
|
// pairs like net.Pipe, but connected by an actual buffered TCP connection.
|
|
var localListener struct {
|
|
sync.Mutex
|
|
net.Listener
|
|
}
|
|
|
|
func localPipe(t testing.TB) (net.Conn, net.Conn) {
|
|
localListener.Lock()
|
|
defer localListener.Unlock()
|
|
c := make(chan net.Conn)
|
|
go func() {
|
|
conn, err := localListener.Accept()
|
|
if err != nil {
|
|
t.Errorf("Failed to accept local connection: %v", err)
|
|
}
|
|
c <- conn
|
|
}()
|
|
addr := localListener.Addr()
|
|
c1, err := net.Dial(addr.Network(), addr.String())
|
|
if err != nil {
|
|
t.Fatalf("Failed to dial local connection: %v", err)
|
|
}
|
|
c2 := <-c
|
|
return c1, c2
|
|
}
|
|
|
|
func TestMain(m *testing.M) {
|
|
l, err := net.Listen("tcp", "127.0.0.1:0")
|
|
if err != nil {
|
|
l, err = net.Listen("tcp6", "[::1]:0")
|
|
}
|
|
if err != nil {
|
|
fmt.Fprintf(os.Stderr, "Failed to open local listener: %v", err)
|
|
os.Exit(1)
|
|
}
|
|
localListener.Listener = l
|
|
exitCode := m.Run()
|
|
localListener.Close()
|
|
os.Exit(exitCode)
|
|
}
|