search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libgo: update to go1.9
[official-gcc.git] / libgo / go / crypto / tls / handshake_server_test.go
blob63845c170d7804afc786bed99e01430b948708b5
1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 package tls
6
7 import (
8 "bytes"
9 "crypto/ecdsa"
10 "crypto/elliptic"
11 "crypto/rsa"
12 "encoding/hex"
13 "encoding/pem"
14 "errors"
15 "fmt"
16 "io"
17 "math/big"
18 "net"
19 "os"
20 "os/exec"
21 "path/filepath"
22 "strings"
23 "testing"
24 "time"
25 )
26
27 // zeroSource is an io.Reader that returns an unlimited number of zero bytes.
28 type zeroSource struct{}
29
30 func (zeroSource) Read(b []byte) (n int, err error) {
31 for i := range b {
32 b[i] = 0
33 }
34
35 return len(b), nil
36 }
37
38 var testConfig *Config
39
40 func allCipherSuites() []uint16 {
41 ids := make([]uint16, len(cipherSuites))
42 for i, suite := range cipherSuites {
43 ids[i] = suite.id
44 }
45
46 return ids
47 }
48
49 func init() {
50 testConfig = &Config{
51 Time: func() time.Time { return time.Unix(0, 0) },
52 Rand: zeroSource{},
53 Certificates: make([]Certificate, 2),
54 InsecureSkipVerify: true,
55 MinVersion: VersionSSL30,
56 MaxVersion: VersionTLS12,
57 CipherSuites: allCipherSuites(),
58 }
59 testConfig.Certificates[0].Certificate = [][]byte{testRSACertificate}
60 testConfig.Certificates[0].PrivateKey = testRSAPrivateKey
61 testConfig.Certificates[1].Certificate = [][]byte{testSNICertificate}
62 testConfig.Certificates[1].PrivateKey = testRSAPrivateKey
63 testConfig.BuildNameToCertificate()
64 }
65
66 func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) {
67 testClientHelloFailure(t, serverConfig, m, "")
68 }
69
70 func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessage, expectedSubStr string) {
71 // Create in-memory network connection,
72 // send message to server. Should return
73 // expected error.
74 c, s := net.Pipe()
75 go func() {
76 cli := Client(c, testConfig)
77 if ch, ok := m.(*clientHelloMsg); ok {
78 cli.vers = ch.vers
79 }
80 cli.writeRecord(recordTypeHandshake, m.marshal())
81 c.Close()
82 }()
83 hs := serverHandshakeState{
84 c: Server(s, serverConfig),
85 }
86 _, err := hs.readClientHello()
87 s.Close()
88 if len(expectedSubStr) == 0 {
89 if err != nil && err != io.EOF {
90 t.Errorf("Got error: %s; expected to succeed", err)
91 }
92 } else if err == nil || !strings.Contains(err.Error(), expectedSubStr) {
93 t.Errorf("Got error: %s; expected to match substring '%s'", err, expectedSubStr)
94 }
95 }
96
97 func TestSimpleError(t *testing.T) {
98 testClientHelloFailure(t, testConfig, &serverHelloDoneMsg{}, "unexpected handshake message")
99 }
100
101 var badProtocolVersions = []uint16{0x0000, 0x0005, 0x0100, 0x0105, 0x0200, 0x0205}
102
103 func TestRejectBadProtocolVersion(t *testing.T) {
104 for _, v := range badProtocolVersions {
105 testClientHelloFailure(t, testConfig, &clientHelloMsg{vers: v}, "unsupported, maximum protocol version")
106 }
107 }
108
109 func TestNoSuiteOverlap(t *testing.T) {
110 clientHello := &clientHelloMsg{
111 vers: VersionTLS10,
112 cipherSuites: []uint16{0xff00},
113 compressionMethods: []uint8{compressionNone},
114 }
115 testClientHelloFailure(t, testConfig, clientHello, "no cipher suite supported by both client and server")
116 }
117
118 func TestNoCompressionOverlap(t *testing.T) {
119 clientHello := &clientHelloMsg{
120 vers: VersionTLS10,
121 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
122 compressionMethods: []uint8{0xff},
123 }
124 testClientHelloFailure(t, testConfig, clientHello, "client does not support uncompressed connections")
125 }
126
127 func TestNoRC4ByDefault(t *testing.T) {
128 clientHello := &clientHelloMsg{
129 vers: VersionTLS10,
130 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
131 compressionMethods: []uint8{compressionNone},
132 }
133 serverConfig := testConfig.Clone()
134 // Reset the enabled cipher suites to nil in order to test the
135 // defaults.
136 serverConfig.CipherSuites = nil
137 testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server")
138 }
139
140 func TestRejectSNIWithTrailingDot(t *testing.T) {
141 testClientHelloFailure(t, testConfig, &clientHelloMsg{vers: VersionTLS12, serverName: "foo.com."}, "unexpected message")
142 }
143
144 func TestDontSelectECDSAWithRSAKey(t *testing.T) {
145 // Test that, even when both sides support an ECDSA cipher suite, it
146 // won't be selected if the server's private key doesn't support it.
147 clientHello := &clientHelloMsg{
148 vers: VersionTLS10,
149 cipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
150 compressionMethods: []uint8{compressionNone},
151 supportedCurves: []CurveID{CurveP256},
152 supportedPoints: []uint8{pointFormatUncompressed},
153 }
154 serverConfig := testConfig.Clone()
155 serverConfig.CipherSuites = clientHello.cipherSuites
156 serverConfig.Certificates = make([]Certificate, 1)
157 serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
158 serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
159 serverConfig.BuildNameToCertificate()
160 // First test that it *does* work when the server's key is ECDSA.
161 testClientHello(t, serverConfig, clientHello)
162
163 // Now test that switching to an RSA key causes the expected error (and
164 // not an internal error about a signing failure).
165 serverConfig.Certificates = testConfig.Certificates
166 testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server")
167 }
168
169 func TestDontSelectRSAWithECDSAKey(t *testing.T) {
170 // Test that, even when both sides support an RSA cipher suite, it
171 // won't be selected if the server's private key doesn't support it.
172 clientHello := &clientHelloMsg{
173 vers: VersionTLS10,
174 cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
175 compressionMethods: []uint8{compressionNone},
176 supportedCurves: []CurveID{CurveP256},
177 supportedPoints: []uint8{pointFormatUncompressed},
178 }
179 serverConfig := testConfig.Clone()
180 serverConfig.CipherSuites = clientHello.cipherSuites
181 // First test that it *does* work when the server's key is RSA.
182 testClientHello(t, serverConfig, clientHello)
183
184 // Now test that switching to an ECDSA key causes the expected error
185 // (and not an internal error about a signing failure).
186 serverConfig.Certificates = make([]Certificate, 1)
187 serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
188 serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
189 serverConfig.BuildNameToCertificate()
190 testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server")
191 }
192
193 func TestRenegotiationExtension(t *testing.T) {
194 clientHello := &clientHelloMsg{
195 vers: VersionTLS12,
196 compressionMethods: []uint8{compressionNone},
197 random: make([]byte, 32),
198 secureRenegotiationSupported: true,
199 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
200 }
201
202 var buf []byte
203 c, s := net.Pipe()
204
205 go func() {
206 cli := Client(c, testConfig)
207 cli.vers = clientHello.vers
208 cli.writeRecord(recordTypeHandshake, clientHello.marshal())
209
210 buf = make([]byte, 1024)
211 n, err := c.Read(buf)
212 if err != nil {
213 t.Errorf("Server read returned error: %s", err)
214 return
215 }
216 buf = buf[:n]
217 c.Close()
218 }()
219
220 Server(s, testConfig).Handshake()
221
222 if len(buf) < 5+4 {
223 t.Fatalf("Server returned short message of length %d", len(buf))
224 }
225 // buf contains a TLS record, with a 5 byte record header and a 4 byte
226 // handshake header. The length of the ServerHello is taken from the
227 // handshake header.
228 serverHelloLen := int(buf[6])<<16 | int(buf[7])<<8 | int(buf[8])
229
230 var serverHello serverHelloMsg
231 // unmarshal expects to be given the handshake header, but
232 // serverHelloLen doesn't include it.
233 if !serverHello.unmarshal(buf[5 : 9+serverHelloLen]) {
234 t.Fatalf("Failed to parse ServerHello")
235 }
236
237 if !serverHello.secureRenegotiationSupported {
238 t.Errorf("Secure renegotiation extension was not echoed.")
239 }
240 }
241
242 func TestTLS12OnlyCipherSuites(t *testing.T) {
243 // Test that a Server doesn't select a TLS 1.2-only cipher suite when
244 // the client negotiates TLS 1.1.
245 var zeros [32]byte
246
247 clientHello := &clientHelloMsg{
248 vers: VersionTLS11,
249 random: zeros[:],
250 cipherSuites: []uint16{
251 // The Server, by default, will use the client's
252 // preference order. So the GCM cipher suite
253 // will be selected unless it's excluded because
254 // of the version in this ClientHello.
255 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
256 TLS_RSA_WITH_RC4_128_SHA,
257 },
258 compressionMethods: []uint8{compressionNone},
259 supportedCurves: []CurveID{CurveP256, CurveP384, CurveP521},
260 supportedPoints: []uint8{pointFormatUncompressed},
261 }
262
263 c, s := net.Pipe()
264 var reply interface{}
265 var clientErr error
266 go func() {
267 cli := Client(c, testConfig)
268 cli.vers = clientHello.vers
269 cli.writeRecord(recordTypeHandshake, clientHello.marshal())
270 reply, clientErr = cli.readHandshake()
271 c.Close()
272 }()
273 config := testConfig.Clone()
274 config.CipherSuites = clientHello.cipherSuites
275 Server(s, config).Handshake()
276 s.Close()
277 if clientErr != nil {
278 t.Fatal(clientErr)
279 }
280 serverHello, ok := reply.(*serverHelloMsg)
281 if !ok {
282 t.Fatalf("didn't get ServerHello message in reply. Got %v\n", reply)
283 }
284 if s := serverHello.cipherSuite; s != TLS_RSA_WITH_RC4_128_SHA {
285 t.Fatalf("bad cipher suite from server: %x", s)
286 }
287 }
288
289 func TestAlertForwarding(t *testing.T) {
290 c, s := net.Pipe()
291 go func() {
292 Client(c, testConfig).sendAlert(alertUnknownCA)
293 c.Close()
294 }()
295
296 err := Server(s, testConfig).Handshake()
297 s.Close()
298 if e, ok := err.(*net.OpError); !ok || e.Err != error(alertUnknownCA) {
299 t.Errorf("Got error: %s; expected: %s", err, error(alertUnknownCA))
300 }
301 }
302
303 func TestClose(t *testing.T) {
304 c, s := net.Pipe()
305 go c.Close()
306
307 err := Server(s, testConfig).Handshake()
308 s.Close()
309 if err != io.EOF {
310 t.Errorf("Got error: %s; expected: %s", err, io.EOF)
311 }
312 }
313
314 func testHandshake(clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) {
315 c, s := net.Pipe()
316 done := make(chan bool)
317 go func() {
318 cli := Client(c, clientConfig)
319 cli.Handshake()
320 clientState = cli.ConnectionState()
321 c.Close()
322 done <- true
323 }()
324 server := Server(s, serverConfig)
325 err = server.Handshake()
326 if err == nil {
327 serverState = server.ConnectionState()
328 }
329 s.Close()
330 <-done
331 return
332 }
333
334 func TestVersion(t *testing.T) {
335 serverConfig := &Config{
336 Certificates: testConfig.Certificates,
337 MaxVersion: VersionTLS11,
338 }
339 clientConfig := &Config{
340 InsecureSkipVerify: true,
341 }
342 state, _, err := testHandshake(clientConfig, serverConfig)
343 if err != nil {
344 t.Fatalf("handshake failed: %s", err)
345 }
346 if state.Version != VersionTLS11 {
347 t.Fatalf("Incorrect version %x, should be %x", state.Version, VersionTLS11)
348 }
349 }
350
351 func TestCipherSuitePreference(t *testing.T) {
352 serverConfig := &Config{
353 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA},
354 Certificates: testConfig.Certificates,
355 MaxVersion: VersionTLS11,
356 }
357 clientConfig := &Config{
358 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA},
359 InsecureSkipVerify: true,
360 }
361 state, _, err := testHandshake(clientConfig, serverConfig)
362 if err != nil {
363 t.Fatalf("handshake failed: %s", err)
364 }
365 if state.CipherSuite != TLS_RSA_WITH_AES_128_CBC_SHA {
366 // By default the server should use the client's preference.
367 t.Fatalf("Client's preference was not used, got %x", state.CipherSuite)
368 }
369
370 serverConfig.PreferServerCipherSuites = true
371 state, _, err = testHandshake(clientConfig, serverConfig)
372 if err != nil {
373 t.Fatalf("handshake failed: %s", err)
374 }
375 if state.CipherSuite != TLS_RSA_WITH_RC4_128_SHA {
376 t.Fatalf("Server's preference was not used, got %x", state.CipherSuite)
377 }
378 }
379
380 func TestSCTHandshake(t *testing.T) {
381 expected := [][]byte{[]byte("certificate"), []byte("transparency")}
382 serverConfig := &Config{
383 Certificates: []Certificate{{
384 Certificate: [][]byte{testRSACertificate},
385 PrivateKey: testRSAPrivateKey,
386 SignedCertificateTimestamps: expected,
387 }},
388 }
389 clientConfig := &Config{
390 InsecureSkipVerify: true,
391 }
392 _, state, err := testHandshake(clientConfig, serverConfig)
393 if err != nil {
394 t.Fatalf("handshake failed: %s", err)
395 }
396 actual := state.SignedCertificateTimestamps
397 if len(actual) != len(expected) {
398 t.Fatalf("got %d scts, want %d", len(actual), len(expected))
399 }
400 for i, sct := range expected {
401 if !bytes.Equal(sct, actual[i]) {
402 t.Fatalf("SCT #%d was %x, but expected %x", i, actual[i], sct)
403 }
404 }
405 }
406
407 func TestCrossVersionResume(t *testing.T) {
408 serverConfig := &Config{
409 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
410 Certificates: testConfig.Certificates,
411 }
412 clientConfig := &Config{
413 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA},
414 InsecureSkipVerify: true,
415 ClientSessionCache: NewLRUClientSessionCache(1),
416 ServerName: "servername",
417 }
418
419 // Establish a session at TLS 1.1.
420 clientConfig.MaxVersion = VersionTLS11
421 _, _, err := testHandshake(clientConfig, serverConfig)
422 if err != nil {
423 t.Fatalf("handshake failed: %s", err)
424 }
425
426 // The client session cache now contains a TLS 1.1 session.
427 state, _, err := testHandshake(clientConfig, serverConfig)
428 if err != nil {
429 t.Fatalf("handshake failed: %s", err)
430 }
431 if !state.DidResume {
432 t.Fatalf("handshake did not resume at the same version")
433 }
434
435 // Test that the server will decline to resume at a lower version.
436 clientConfig.MaxVersion = VersionTLS10
437 state, _, err = testHandshake(clientConfig, serverConfig)
438 if err != nil {
439 t.Fatalf("handshake failed: %s", err)
440 }
441 if state.DidResume {
442 t.Fatalf("handshake resumed at a lower version")
443 }
444
445 // The client session cache now contains a TLS 1.0 session.
446 state, _, err = testHandshake(clientConfig, serverConfig)
447 if err != nil {
448 t.Fatalf("handshake failed: %s", err)
449 }
450 if !state.DidResume {
451 t.Fatalf("handshake did not resume at the same version")
452 }
453
454 // Test that the server will decline to resume at a higher version.
455 clientConfig.MaxVersion = VersionTLS11
456 state, _, err = testHandshake(clientConfig, serverConfig)
457 if err != nil {
458 t.Fatalf("handshake failed: %s", err)
459 }
460 if state.DidResume {
461 t.Fatalf("handshake resumed at a higher version")
462 }
463 }
464
465 // Note: see comment in handshake_test.go for details of how the reference
466 // tests work.
467
468 // serverTest represents a test of the TLS server handshake against a reference
469 // implementation.
470 type serverTest struct {
471 // name is a freeform string identifying the test and the file in which
472 // the expected results will be stored.
473 name string
474 // command, if not empty, contains a series of arguments for the
475 // command to run for the reference server.
476 command []string
477 // expectedPeerCerts contains a list of PEM blocks of expected
478 // certificates from the client.
479 expectedPeerCerts []string
480 // config, if not nil, contains a custom Config to use for this test.
481 config *Config
482 // expectHandshakeErrorIncluding, when not empty, contains a string
483 // that must be a substring of the error resulting from the handshake.
484 expectHandshakeErrorIncluding string
485 // validate, if not nil, is a function that will be called with the
486 // ConnectionState of the resulting connection. It returns false if the
487 // ConnectionState is unacceptable.
488 validate func(ConnectionState) error
489 }
490
491 var defaultClientCommand = []string{"openssl", "s_client", "-no_ticket"}
492
493 // connFromCommand starts opens a listening socket and starts the reference
494 // client to connect to it. It returns a recordingConn that wraps the resulting
495 // connection.
496 func (test *serverTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, err error) {
497 l, err := net.ListenTCP("tcp", &net.TCPAddr{
498 IP: net.IPv4(127, 0, 0, 1),
499 Port: 0,
500 })
501 if err != nil {
502 return nil, nil, err
503 }
504 defer l.Close()
505
506 port := l.Addr().(*net.TCPAddr).Port
507
508 var command []string
509 command = append(command, test.command...)
510 if len(command) == 0 {
511 command = defaultClientCommand
512 }
513 command = append(command, "-connect")
514 command = append(command, fmt.Sprintf("127.0.0.1:%d", port))
515 cmd := exec.Command(command[0], command[1:]...)
516 cmd.Stdin = nil
517 var output bytes.Buffer
518 cmd.Stdout = &output
519 cmd.Stderr = &output
520 if err := cmd.Start(); err != nil {
521 return nil, nil, err
522 }
523
524 connChan := make(chan interface{})
525 go func() {
526 tcpConn, err := l.Accept()
527 if err != nil {
528 connChan <- err
529 }
530 connChan <- tcpConn
531 }()
532
533 var tcpConn net.Conn
534 select {
535 case connOrError := <-connChan:
536 if err, ok := connOrError.(error); ok {
537 return nil, nil, err
538 }
539 tcpConn = connOrError.(net.Conn)
540 case <-time.After(2 * time.Second):
541 output.WriteTo(os.Stdout)
542 return nil, nil, errors.New("timed out waiting for connection from child process")
543 }
544
545 record := &recordingConn{
546 Conn: tcpConn,
547 }
548
549 return record, cmd, nil
550 }
551
552 func (test *serverTest) dataPath() string {
553 return filepath.Join("testdata", "Server-"+test.name)
554 }
555
556 func (test *serverTest) loadData() (flows [][]byte, err error) {
557 in, err := os.Open(test.dataPath())
558 if err != nil {
559 return nil, err
560 }
561 defer in.Close()
562 return parseTestData(in)
563 }
564
565 func (test *serverTest) run(t *testing.T, write bool) {
566 checkOpenSSLVersion(t)
567
568 var clientConn, serverConn net.Conn
569 var recordingConn *recordingConn
570 var childProcess *exec.Cmd
571
572 if write {
573 var err error
574 recordingConn, childProcess, err = test.connFromCommand()
575 if err != nil {
576 t.Fatalf("Failed to start subcommand: %s", err)
577 }
578 serverConn = recordingConn
579 } else {
580 clientConn, serverConn = net.Pipe()
581 }
582 config := test.config
583 if config == nil {
584 config = testConfig
585 }
586 server := Server(serverConn, config)
587 connStateChan := make(chan ConnectionState, 1)
588 go func() {
589 _, err := server.Write([]byte("hello, world\n"))
590 if len(test.expectHandshakeErrorIncluding) > 0 {
591 if err == nil {
592 t.Errorf("Error expected, but no error returned")
593 } else if s := err.Error(); !strings.Contains(s, test.expectHandshakeErrorIncluding) {
594 t.Errorf("Error expected containing '%s' but got '%s'", test.expectHandshakeErrorIncluding, s)
595 }
596 } else {
597 if err != nil {
598 t.Logf("Error from Server.Write: '%s'", err)
599 }
600 }
601 server.Close()
602 serverConn.Close()
603 connStateChan <- server.ConnectionState()
604 }()
605
606 if !write {
607 flows, err := test.loadData()
608 if err != nil {
609 t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath())
610 }
611 for i, b := range flows {
612 if i%2 == 0 {
613 clientConn.Write(b)
614 continue
615 }
616 bb := make([]byte, len(b))
617 n, err := io.ReadFull(clientConn, bb)
618 if err != nil {
619 t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b)
620 }
621 if !bytes.Equal(b, bb) {
622 t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b)
623 }
624 }
625 clientConn.Close()
626 }
627
628 connState := <-connStateChan
629 peerCerts := connState.PeerCertificates
630 if len(peerCerts) == len(test.expectedPeerCerts) {
631 for i, peerCert := range peerCerts {
632 block, _ := pem.Decode([]byte(test.expectedPeerCerts[i]))
633 if !bytes.Equal(block.Bytes, peerCert.Raw) {
634 t.Fatalf("%s: mismatch on peer cert %d", test.name, i+1)
635 }
636 }
637 } else {
638 t.Fatalf("%s: mismatch on peer list length: %d (wanted) != %d (got)", test.name, len(test.expectedPeerCerts), len(peerCerts))
639 }
640
641 if test.validate != nil {
642 if err := test.validate(connState); err != nil {
643 t.Fatalf("validate callback returned error: %s", err)
644 }
645 }
646
647 if write {
648 path := test.dataPath()
649 out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
650 if err != nil {
651 t.Fatalf("Failed to create output file: %s", err)
652 }
653 defer out.Close()
654 recordingConn.Close()
655 if len(recordingConn.flows) < 3 {
656 childProcess.Stdout.(*bytes.Buffer).WriteTo(os.Stdout)
657 if len(test.expectHandshakeErrorIncluding) == 0 {
658 t.Fatalf("Handshake failed")
659 }
660 }
661 recordingConn.WriteTo(out)
662 fmt.Printf("Wrote %s\n", path)
663 childProcess.Wait()
664 }
665 }
666
667 func runServerTestForVersion(t *testing.T, template *serverTest, prefix, option string) {
668 setParallel(t)
669 test := *template
670 test.name = prefix + test.name
671 if len(test.command) == 0 {
672 test.command = defaultClientCommand
673 }
674 test.command = append([]string(nil), test.command...)
675 test.command = append(test.command, option)
676 test.run(t, *update)
677 }
678
679 func runServerTestSSLv3(t *testing.T, template *serverTest) {
680 runServerTestForVersion(t, template, "SSLv3-", "-ssl3")
681 }
682
683 func runServerTestTLS10(t *testing.T, template *serverTest) {
684 runServerTestForVersion(t, template, "TLSv10-", "-tls1")
685 }
686
687 func runServerTestTLS11(t *testing.T, template *serverTest) {
688 runServerTestForVersion(t, template, "TLSv11-", "-tls1_1")
689 }
690
691 func runServerTestTLS12(t *testing.T, template *serverTest) {
692 runServerTestForVersion(t, template, "TLSv12-", "-tls1_2")
693 }
694
695 func TestHandshakeServerRSARC4(t *testing.T) {
696 test := &serverTest{
697 name: "RSA-RC4",
698 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA"},
699 }
700 runServerTestSSLv3(t, test)
701 runServerTestTLS10(t, test)
702 runServerTestTLS11(t, test)
703 runServerTestTLS12(t, test)
704 }
705
706 func TestHandshakeServerRSA3DES(t *testing.T) {
707 test := &serverTest{
708 name: "RSA-3DES",
709 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "DES-CBC3-SHA"},
710 }
711 runServerTestSSLv3(t, test)
712 runServerTestTLS10(t, test)
713 runServerTestTLS12(t, test)
714 }
715
716 func TestHandshakeServerRSAAES(t *testing.T) {
717 test := &serverTest{
718 name: "RSA-AES",
719 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"},
720 }
721 runServerTestSSLv3(t, test)
722 runServerTestTLS10(t, test)
723 runServerTestTLS12(t, test)
724 }
725
726 func TestHandshakeServerAESGCM(t *testing.T) {
727 test := &serverTest{
728 name: "RSA-AES-GCM",
729 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"},
730 }
731 runServerTestTLS12(t, test)
732 }
733
734 func TestHandshakeServerAES256GCMSHA384(t *testing.T) {
735 test := &serverTest{
736 name: "RSA-AES256-GCM-SHA384",
737 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES256-GCM-SHA384"},
738 }
739 runServerTestTLS12(t, test)
740 }
741
742 func TestHandshakeServerECDHEECDSAAES(t *testing.T) {
743 config := testConfig.Clone()
744 config.Certificates = make([]Certificate, 1)
745 config.Certificates[0].Certificate = [][]byte{testECDSACertificate}
746 config.Certificates[0].PrivateKey = testECDSAPrivateKey
747 config.BuildNameToCertificate()
748
749 test := &serverTest{
750 name: "ECDHE-ECDSA-AES",
751 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA"},
752 config: config,
753 }
754 runServerTestTLS10(t, test)
755 runServerTestTLS12(t, test)
756 }
757
758 func TestHandshakeServerX25519(t *testing.T) {
759 config := testConfig.Clone()
760 config.CurvePreferences = []CurveID{X25519}
761
762 test := &serverTest{
763 name: "X25519-ECDHE-RSA-AES-GCM",
764 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"},
765 config: config,
766 }
767 runServerTestTLS12(t, test)
768 }
769
770 func TestHandshakeServerALPN(t *testing.T) {
771 config := testConfig.Clone()
772 config.NextProtos = []string{"proto1", "proto2"}
773
774 test := &serverTest{
775 name: "ALPN",
776 // Note that this needs OpenSSL 1.0.2 because that is the first
777 // version that supports the -alpn flag.
778 command: []string{"openssl", "s_client", "-alpn", "proto2,proto1"},
779 config: config,
780 validate: func(state ConnectionState) error {
781 // The server's preferences should override the client.
782 if state.NegotiatedProtocol != "proto1" {
783 return fmt.Errorf("Got protocol %q, wanted proto1", state.NegotiatedProtocol)
784 }
785 return nil
786 },
787 }
788 runServerTestTLS12(t, test)
789 }
790
791 func TestHandshakeServerALPNNoMatch(t *testing.T) {
792 config := testConfig.Clone()
793 config.NextProtos = []string{"proto3"}
794
795 test := &serverTest{
796 name: "ALPN-NoMatch",
797 // Note that this needs OpenSSL 1.0.2 because that is the first
798 // version that supports the -alpn flag.
799 command: []string{"openssl", "s_client", "-alpn", "proto2,proto1"},
800 config: config,
801 validate: func(state ConnectionState) error {
802 // Rather than reject the connection, Go doesn't select
803 // a protocol when there is no overlap.
804 if state.NegotiatedProtocol != "" {
805 return fmt.Errorf("Got protocol %q, wanted ''", state.NegotiatedProtocol)
806 }
807 return nil
808 },
809 }
810 runServerTestTLS12(t, test)
811 }
812
813 // TestHandshakeServerSNI involves a client sending an SNI extension of
814 // "snitest.com", which happens to match the CN of testSNICertificate. The test
815 // verifies that the server correctly selects that certificate.
816 func TestHandshakeServerSNI(t *testing.T) {
817 test := &serverTest{
818 name: "SNI",
819 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"},
820 }
821 runServerTestTLS12(t, test)
822 }
823
824 // TestHandshakeServerSNICertForName is similar to TestHandshakeServerSNI, but
825 // tests the dynamic GetCertificate method
826 func TestHandshakeServerSNIGetCertificate(t *testing.T) {
827 config := testConfig.Clone()
828
829 // Replace the NameToCertificate map with a GetCertificate function
830 nameToCert := config.NameToCertificate
831 config.NameToCertificate = nil
832 config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
833 cert, _ := nameToCert[clientHello.ServerName]
834 return cert, nil
835 }
836 test := &serverTest{
837 name: "SNI-GetCertificate",
838 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"},
839 config: config,
840 }
841 runServerTestTLS12(t, test)
842 }
843
844 // TestHandshakeServerSNICertForNameNotFound is similar to
845 // TestHandshakeServerSNICertForName, but tests to make sure that when the
846 // GetCertificate method doesn't return a cert, we fall back to what's in
847 // the NameToCertificate map.
848 func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) {
849 config := testConfig.Clone()
850
851 config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
852 return nil, nil
853 }
854 test := &serverTest{
855 name: "SNI-GetCertificateNotFound",
856 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"},
857 config: config,
858 }
859 runServerTestTLS12(t, test)
860 }
861
862 // TestHandshakeServerSNICertForNameError tests to make sure that errors in
863 // GetCertificate result in a tls alert.
864 func TestHandshakeServerSNIGetCertificateError(t *testing.T) {
865 const errMsg = "TestHandshakeServerSNIGetCertificateError error"
866
867 serverConfig := testConfig.Clone()
868 serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
869 return nil, errors.New(errMsg)
870 }
871
872 clientHello := &clientHelloMsg{
873 vers: VersionTLS10,
874 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
875 compressionMethods: []uint8{compressionNone},
876 serverName: "test",
877 }
878 testClientHelloFailure(t, serverConfig, clientHello, errMsg)
879 }
880
881 // TestHandshakeServerEmptyCertificates tests that GetCertificates is called in
882 // the case that Certificates is empty, even without SNI.
883 func TestHandshakeServerEmptyCertificates(t *testing.T) {
884 const errMsg = "TestHandshakeServerEmptyCertificates error"
885
886 serverConfig := testConfig.Clone()
887 serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) {
888 return nil, errors.New(errMsg)
889 }
890 serverConfig.Certificates = nil
891
892 clientHello := &clientHelloMsg{
893 vers: VersionTLS10,
894 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
895 compressionMethods: []uint8{compressionNone},
896 }
897 testClientHelloFailure(t, serverConfig, clientHello, errMsg)
898
899 // With an empty Certificates and a nil GetCertificate, the server
900 // should always return a “no certificates” error.
901 serverConfig.GetCertificate = nil
902
903 clientHello = &clientHelloMsg{
904 vers: VersionTLS10,
905 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
906 compressionMethods: []uint8{compressionNone},
907 }
908 testClientHelloFailure(t, serverConfig, clientHello, "no certificates")
909 }
910
911 // TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with
912 // an RSA certificate and an ECDSA ciphersuite with an ECDSA certificate.
913 func TestCipherSuiteCertPreferenceECDSA(t *testing.T) {
914 config := testConfig.Clone()
915 config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}
916 config.PreferServerCipherSuites = true
917
918 test := &serverTest{
919 name: "CipherSuiteCertPreferenceRSA",
920 config: config,
921 }
922 runServerTestTLS12(t, test)
923
924 config = testConfig.Clone()
925 config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}
926 config.Certificates = []Certificate{
927 {
928 Certificate: [][]byte{testECDSACertificate},
929 PrivateKey: testECDSAPrivateKey,
930 },
931 }
932 config.BuildNameToCertificate()
933 config.PreferServerCipherSuites = true
934
935 test = &serverTest{
936 name: "CipherSuiteCertPreferenceECDSA",
937 config: config,
938 }
939 runServerTestTLS12(t, test)
940 }
941
942 func TestResumption(t *testing.T) {
943 sessionFilePath := tempFile("")
944 defer os.Remove(sessionFilePath)
945
946 test := &serverTest{
947 name: "IssueTicket",
948 command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_out", sessionFilePath},
949 }
950 runServerTestTLS12(t, test)
951
952 test = &serverTest{
953 name: "Resume",
954 command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_in", sessionFilePath},
955 }
956 runServerTestTLS12(t, test)
957 }
958
959 func TestResumptionDisabled(t *testing.T) {
960 sessionFilePath := tempFile("")
961 defer os.Remove(sessionFilePath)
962
963 config := testConfig.Clone()
964
965 test := &serverTest{
966 name: "IssueTicketPreDisable",
967 command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_out", sessionFilePath},
968 config: config,
969 }
970 runServerTestTLS12(t, test)
971
972 config.SessionTicketsDisabled = true
973
974 test = &serverTest{
975 name: "ResumeDisabled",
976 command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_in", sessionFilePath},
977 config: config,
978 }
979 runServerTestTLS12(t, test)
980
981 // One needs to manually confirm that the handshake in the golden data
982 // file for ResumeDisabled does not include a resumption handshake.
983 }
984
985 func TestFallbackSCSV(t *testing.T) {
986 serverConfig := Config{
987 Certificates: testConfig.Certificates,
988 }
989 test := &serverTest{
990 name: "FallbackSCSV",
991 config: &serverConfig,
992 // OpenSSL 1.0.1j is needed for the -fallback_scsv option.
993 command: []string{"openssl", "s_client", "-fallback_scsv"},
994 expectHandshakeErrorIncluding: "inappropriate protocol fallback",
995 }
996 runServerTestTLS11(t, test)
997 }
998
999 // clientCertificatePEM and clientKeyPEM were generated with generate_cert.go
1000 // Thus, they have no ExtKeyUsage fields and trigger an error when verification
1001 // is turned on.
1002
1003 const clientCertificatePEM = `
1004 -----BEGIN CERTIFICATE-----
1005 MIIB7zCCAVigAwIBAgIQXBnBiWWDVW/cC8m5k5/pvDANBgkqhkiG9w0BAQsFADAS
1006 MRAwDgYDVQQKEwdBY21lIENvMB4XDTE2MDgxNzIxNTIzMVoXDTE3MDgxNzIxNTIz
1007 MVowEjEQMA4GA1UEChMHQWNtZSBDbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
1008 gYEAum+qhr3Pv5/y71yUYHhv6BPy0ZZvzdkybiI3zkH5yl0prOEn2mGi7oHLEMff
1009 NFiVhuk9GeZcJ3NgyI14AvQdpJgJoxlwaTwlYmYqqyIjxXuFOE8uCXMyp70+m63K
1010 hAfmDzr/d8WdQYUAirab7rCkPy1MTOZCPrtRyN1IVPQMjkcCAwEAAaNGMEQwDgYD
1011 VR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAw
1012 DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOBgQBGq0Si+yhU+Fpn+GKU
1013 8ZqyGJ7ysd4dfm92lam6512oFmyc9wnTN+RLKzZ8Aa1B0jLYw9KT+RBrjpW5LBeK
1014 o0RIvFkTgxYEiKSBXCUNmAysEbEoVr4dzWFihAm/1oDGRY2CLLTYg5vbySK3KhIR
1015 e/oCO8HJ/+rJnahJ05XX1Q7lNQ==
1016 -----END CERTIFICATE-----`
1017
1018 const clientKeyPEM = `
1019 -----BEGIN RSA PRIVATE KEY-----
1020 MIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa
1021 YaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J
1022 czKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB
1023 AoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc
1024 qeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv
1025 PJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z
1026 9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY
1027 dkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ
1028 zbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w
1029 jUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ
1030 rWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr
1031 FhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU
1032 csPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6
1033 -----END RSA PRIVATE KEY-----`
1034
1035 const clientECDSACertificatePEM = `
1036 -----BEGIN CERTIFICATE-----
1037 MIIB/DCCAV4CCQCaMIRsJjXZFzAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
1038 EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
1039 eSBMdGQwHhcNMTIxMTE0MTMyNTUzWhcNMjIxMTEyMTMyNTUzWjBBMQswCQYDVQQG
1040 EwJBVTEMMAoGA1UECBMDTlNXMRAwDgYDVQQHEwdQeXJtb250MRIwEAYDVQQDEwlK
1041 b2VsIFNpbmcwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACVjJF1FMBexFe01MNv
1042 ja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd3kfDdq0Z9kUs
1043 jLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx+U56jb0JuK7q
1044 ixgnTy5w/hOWusPTQBbNZU6sER7m8TAJBgcqhkjOPQQBA4GMADCBiAJCAOAUxGBg
1045 C3JosDJdYUoCdFzCgbkWqD8pyDbHgf9stlvZcPE4O1BIKJTLCRpS8V3ujfK58PDa
1046 2RU6+b0DeoeiIzXsAkIBo9SKeDUcSpoj0gq+KxAxnZxfvuiRs9oa9V2jI/Umi0Vw
1047 jWVim34BmT0Y9hCaOGGbLlfk+syxis7iI6CH8OFnUes=
1048 -----END CERTIFICATE-----`
1049
1050 const clientECDSAKeyPEM = `
1051 -----BEGIN EC PARAMETERS-----
1052 BgUrgQQAIw==
1053 -----END EC PARAMETERS-----
1054 -----BEGIN EC PRIVATE KEY-----
1055 MIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBUP5xtRsEv4HJEtOpOGLELwO53SD78Ew8
1056 k+wLWoqizS3NpQyMtrU8JFdWfj+C57UNkOugBwYFK4EEACOhgYkDgYYABACVjJF1
1057 FMBexFe01MNvja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd
1058 3kfDdq0Z9kUsjLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx
1059 +U56jb0JuK7qixgnTy5w/hOWusPTQBbNZU6sER7m8Q==
1060 -----END EC PRIVATE KEY-----`
1061
1062 func TestClientAuth(t *testing.T) {
1063 setParallel(t)
1064 var certPath, keyPath, ecdsaCertPath, ecdsaKeyPath string
1065
1066 if *update {
1067 certPath = tempFile(clientCertificatePEM)
1068 defer os.Remove(certPath)
1069 keyPath = tempFile(clientKeyPEM)
1070 defer os.Remove(keyPath)
1071 ecdsaCertPath = tempFile(clientECDSACertificatePEM)
1072 defer os.Remove(ecdsaCertPath)
1073 ecdsaKeyPath = tempFile(clientECDSAKeyPEM)
1074 defer os.Remove(ecdsaKeyPath)
1075 }
1076
1077 config := testConfig.Clone()
1078 config.ClientAuth = RequestClientCert
1079
1080 test := &serverTest{
1081 name: "ClientAuthRequestedNotGiven",
1082 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"},
1083 config: config,
1084 }
1085 runServerTestTLS12(t, test)
1086
1087 test = &serverTest{
1088 name: "ClientAuthRequestedAndGiven",
1089 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-cert", certPath, "-key", keyPath},
1090 config: config,
1091 expectedPeerCerts: []string{clientCertificatePEM},
1092 }
1093 runServerTestTLS12(t, test)
1094
1095 test = &serverTest{
1096 name: "ClientAuthRequestedAndECDSAGiven",
1097 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-cert", ecdsaCertPath, "-key", ecdsaKeyPath},
1098 config: config,
1099 expectedPeerCerts: []string{clientECDSACertificatePEM},
1100 }
1101 runServerTestTLS12(t, test)
1102 }
1103
1104 func TestSNIGivenOnFailure(t *testing.T) {
1105 const expectedServerName = "test.testing"
1106
1107 clientHello := &clientHelloMsg{
1108 vers: VersionTLS10,
1109 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA},
1110 compressionMethods: []uint8{compressionNone},
1111 serverName: expectedServerName,
1112 }
1113
1114 serverConfig := testConfig.Clone()
1115 // Erase the server's cipher suites to ensure the handshake fails.
1116 serverConfig.CipherSuites = nil
1117
1118 c, s := net.Pipe()
1119 go func() {
1120 cli := Client(c, testConfig)
1121 cli.vers = clientHello.vers
1122 cli.writeRecord(recordTypeHandshake, clientHello.marshal())
1123 c.Close()
1124 }()
1125 hs := serverHandshakeState{
1126 c: Server(s, serverConfig),
1127 }
1128 _, err := hs.readClientHello()
1129 defer s.Close()
1130
1131 if err == nil {
1132 t.Error("No error reported from server")
1133 }
1134
1135 cs := hs.c.ConnectionState()
1136 if cs.HandshakeComplete {
1137 t.Error("Handshake registered as complete")
1138 }
1139
1140 if cs.ServerName != expectedServerName {
1141 t.Errorf("Expected ServerName of %q, but got %q", expectedServerName, cs.ServerName)
1142 }
1143 }
1144
1145 var getConfigForClientTests = []struct {
1146 setup func(config *Config)
1147 callback func(clientHello *ClientHelloInfo) (*Config, error)
1148 errorSubstring string
1149 verify func(config *Config) error
1150 }{
1151 {
1152 nil,
1153 func(clientHello *ClientHelloInfo) (*Config, error) {
1154 return nil, nil
1155 },
1156 "",
1157 nil,
1158 },
1159 {
1160 nil,
1161 func(clientHello *ClientHelloInfo) (*Config, error) {
1162 return nil, errors.New("should bubble up")
1163 },
1164 "should bubble up",
1165 nil,
1166 },
1167 {
1168 nil,
1169 func(clientHello *ClientHelloInfo) (*Config, error) {
1170 config := testConfig.Clone()
1171 // Setting a maximum version of TLS 1.1 should cause
1172 // the handshake to fail.
1173 config.MaxVersion = VersionTLS11
1174 return config, nil
1175 },
1176 "version 301 when expecting version 302",
1177 nil,
1178 },
1179 {
1180 func(config *Config) {
1181 for i := range config.SessionTicketKey {
1182 config.SessionTicketKey[i] = byte(i)
1183 }
1184 config.sessionTicketKeys = nil
1185 },
1186 func(clientHello *ClientHelloInfo) (*Config, error) {
1187 config := testConfig.Clone()
1188 for i := range config.SessionTicketKey {
1189 config.SessionTicketKey[i] = 0
1190 }
1191 config.sessionTicketKeys = nil
1192 return config, nil
1193 },
1194 "",
1195 func(config *Config) error {
1196 // The value of SessionTicketKey should have been
1197 // duplicated into the per-connection Config.
1198 for i := range config.SessionTicketKey {
1199 if b := config.SessionTicketKey[i]; b != byte(i) {
1200 return fmt.Errorf("SessionTicketKey was not duplicated from original Config: byte %d has value %d", i, b)
1201 }
1202 }
1203 return nil
1204 },
1205 },
1206 {
1207 func(config *Config) {
1208 var dummyKey [32]byte
1209 for i := range dummyKey {
1210 dummyKey[i] = byte(i)
1211 }
1212
1213 config.SetSessionTicketKeys([][32]byte{dummyKey})
1214 },
1215 func(clientHello *ClientHelloInfo) (*Config, error) {
1216 config := testConfig.Clone()
1217 config.sessionTicketKeys = nil
1218 return config, nil
1219 },
1220 "",
1221 func(config *Config) error {
1222 // The session ticket keys should have been duplicated
1223 // into the per-connection Config.
1224 if l := len(config.sessionTicketKeys); l != 1 {
1225 return fmt.Errorf("got len(sessionTicketKeys) == %d, wanted 1", l)
1226 }
1227 return nil
1228 },
1229 },
1230 }
1231
1232 func TestGetConfigForClient(t *testing.T) {
1233 serverConfig := testConfig.Clone()
1234 clientConfig := testConfig.Clone()
1235 clientConfig.MinVersion = VersionTLS12
1236
1237 for i, test := range getConfigForClientTests {
1238 if test.setup != nil {
1239 test.setup(serverConfig)
1240 }
1241
1242 var configReturned *Config
1243 serverConfig.GetConfigForClient = func(clientHello *ClientHelloInfo) (*Config, error) {
1244 config, err := test.callback(clientHello)
1245 configReturned = config
1246 return config, err
1247 }
1248 c, s := net.Pipe()
1249 done := make(chan error)
1250
1251 go func() {
1252 defer s.Close()
1253 done <- Server(s, serverConfig).Handshake()
1254 }()
1255
1256 clientErr := Client(c, clientConfig).Handshake()
1257 c.Close()
1258
1259 serverErr := <-done
1260
1261 if len(test.errorSubstring) == 0 {
1262 if serverErr != nil || clientErr != nil {
1263 t.Errorf("test[%d]: expected no error but got serverErr: %q, clientErr: %q", i, serverErr, clientErr)
1264 }
1265 if test.verify != nil {
1266 if err := test.verify(configReturned); err != nil {
1267 t.Errorf("test[%d]: verify returned error: %v", i, err)
1268 }
1269 }
1270 } else {
1271 if serverErr == nil {
1272 t.Errorf("test[%d]: expected error containing %q but got no error", i, test.errorSubstring)
1273 } else if !strings.Contains(serverErr.Error(), test.errorSubstring) {
1274 t.Errorf("test[%d]: expected error to contain %q but it was %q", i, test.errorSubstring, serverErr)
1275 }
1276 }
1277 }
1278 }
1279
1280 func bigFromString(s string) *big.Int {
1281 ret := new(big.Int)
1282 ret.SetString(s, 10)
1283 return ret
1284 }
1285
1286 func fromHex(s string) []byte {
1287 b, _ := hex.DecodeString(s)
1288 return b
1289 }
1290
1291 var testRSACertificate = fromHex("3082024b308201b4a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301a310b3009060355040a1302476f310b300906035504031302476f30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a38193308190300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b30190603551d1104123010820e6578616d706c652e676f6c616e67300d06092a864886f70d01010b0500038181009d30cc402b5b50a061cbbae55358e1ed8328a9581aa938a495a1ac315a1a84663d43d32dd90bf297dfd320643892243a00bccf9c7db74020015faad3166109a276fd13c3cce10c5ceeb18782f16c04ed73bbb343778d0c1cf10fa1d8408361c94c722b9daedb4606064df4c1b33ec0d1bd42d4dbfe3d1360845c21d33be9fae7")
1292
1293 var testRSACertificateIssuer = fromHex("3082021930820182a003020102020900ca5e4e811a965964300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100d667b378bb22f34143b6cd2008236abefaf2852adf3ab05e01329e2c14834f5105df3f3073f99dab5442d45ee5f8f57b0111c8cb682fbb719a86944eebfffef3406206d898b8c1b1887797c9c5006547bb8f00e694b7a063f10839f269f2c34fff7a1f4b21fbcd6bfdfb13ac792d1d11f277b5c5b48600992203059f2a8f8cc50203010001a35d305b300e0603551d0f0101ff040403020204301d0603551d250416301406082b0601050507030106082b06010505070302300f0603551d130101ff040530030101ff30190603551d0e041204104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b050003818100c1154b4bab5266221f293766ae4138899bd4c5e36b13cee670ceeaa4cbdf4f6679017e2fe649765af545749fe4249418a56bd38a04b81e261f5ce86b8d5c65413156a50d12449554748c59a30c515bc36a59d38bddf51173e899820b282e40aa78c806526fd184fb6b4cf186ec728edffa585440d2b3225325f7ab580e87dd76")
1294
1295 var testECDSACertificate = fromHex("3082020030820162020900b8bf2d47a0d2ebf4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3132313132323135303633325a170d3232313132303135303633325a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746430819b301006072a8648ce3d020106052b81040023038186000400c4a1edbe98f90b4873367ec316561122f23d53c33b4d213dcd6b75e6f6b0dc9adf26c1bcb287f072327cb3642f1c90bcea6823107efee325c0483a69e0286dd33700ef0462dd0da09c706283d881d36431aa9e9731bd96b068c09b23de76643f1a5c7fe9120e5858b65f70dd9bd8ead5d7f5d5ccb9b69f30665b669a20e227e5bffe3b300906072a8648ce3d040103818c0030818802420188a24febe245c5487d1bacf5ed989dae4770c05e1bb62fbdf1b64db76140d311a2ceee0b7e927eff769dc33b7ea53fcefa10e259ec472d7cacda4e970e15a06fd00242014dfcbe67139c2d050ebd3fa38c25c13313830d9406bbd4377af6ec7ac9862eddd711697f857c56defb31782be4c7780daecbbe9e4e3624317b6a0f399512078f2a")
1296
1297 var testSNICertificate = fromHex("0441883421114c81480804c430820237308201a0a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a3023310b3009060355040a1302476f311430120603550403130b736e69746573742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a3773075300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b0500038181007beeecff0230dbb2e7a334af65430b7116e09f327c3bbf918107fc9c66cb497493207ae9b4dbb045cb63d605ec1b5dd485bb69124d68fa298dc776699b47632fd6d73cab57042acb26f083c4087459bc5a3bb3ca4d878d7fe31016b7bc9a627438666566e3389bfaeebe6becc9a0093ceed18d0f9ac79d56f3a73f18188988ed")
1298
1299 var testRSAPrivateKey = &rsa.PrivateKey{
1300 PublicKey: rsa.PublicKey{
1301 N: bigFromString("153980389784927331788354528594524332344709972855165340650588877572729725338415474372475094155672066328274535240275856844648695200875763869073572078279316458648124537905600131008790701752441155668003033945258023841165089852359980273279085783159654751552359397986180318708491098942831252291841441726305535546071"),
1302 E: 65537,
1303 },
1304 D: bigFromString("7746362285745539358014631136245887418412633787074173796862711588221766398229333338511838891484974940633857861775630560092874987828057333663969469797013996401149696897591265769095952887917296740109742927689053276850469671231961384712725169432413343763989564437170644270643461665184965150423819594083121075825"),
1305 Primes: []*big.Int{
1306 bigFromString("13299275414352936908236095374926261633419699590839189494995965049151460173257838079863316944311313904000258169883815802963543635820059341150014695560313417"),
1307 bigFromString("11578103692682951732111718237224894755352163854919244905974423810539077224889290605729035287537520656160688625383765857517518932447378594964220731750802463"),
1308 },
1309 }
1310
1311 var testECDSAPrivateKey = &ecdsa.PrivateKey{
1312 PublicKey: ecdsa.PublicKey{
1313 Curve: elliptic.P521(),
1314 X: bigFromString("2636411247892461147287360222306590634450676461695221912739908880441342231985950069527906976759812296359387337367668045707086543273113073382714101597903639351"),
1315 Y: bigFromString("3204695818431246682253994090650952614555094516658732116404513121125038617915183037601737180082382202488628239201196033284060130040574800684774115478859677243"),
1316 },
1317 D: bigFromString("5477294338614160138026852784385529180817726002953041720191098180813046231640184669647735805135001309477695746518160084669446643325196003346204701381388769751"),
1318 }
Mirror of the offical gcc git repository hosted at gcc.gnu.org