syncthing/lib/tlsutil/tlsutil_test.go
Jakob Borg 8519a24ba6
cmd/*, lib/tlsutil: Refactor TLS stuff (fixes #5256) (#5276)
This changes the TLS and certificate handling in a few ways:

- We always use TLS 1.2, both for sync connections (as previously) and
  the GUI/REST/discovery stuff. This is a tightening of the requirements
  on the GUI. AS far as I can tell from caniusethis.com every browser from
  2013 and forward supports TLS 1.2, so I think we should be fine.

- We always greate ECDSA certificates. Previously we'd create
  ECDSA-with-RSA certificates for sync connections and pure RSA
  certificates for the web stuff. The new default is more modern and the
  same everywhere. These certificates are OK in TLS 1.2.

- We use the Go CPU detection stuff to choose the cipher suites to use,
  indirectly. The TLS package uses CPU capabilities probing to select
  either AES-GCM (fast if we have AES-NI) or ChaCha20 (faster if we
  don't). These CPU detection things aren't exported though, so the tlsutil
  package now does a quick TLS handshake with itself as part of init().
  If the chosen cipher suite was AES-GCM we prioritize that, otherwise we
  prefer ChaCha20. Some might call this ugly. I think it's awesome.
2018-10-21 14:17:50 +09:00

159 lines
4.1 KiB
Go

// Copyright (C) 2016 The Syncthing Authors.
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
// You can obtain one at https://mozilla.org/MPL/2.0/.
// The existence of this file means we get 0% test coverage rather than no
// test coverage at all. Remove when implementing an actual test.
package tlsutil
import (
"bytes"
"crypto/tls"
"io"
"net"
"testing"
"time"
)
func TestUnionedConnection(t *testing.T) {
cases := []struct {
data []byte
isTLS bool
}{
{[]byte{0}, false},
{[]byte{0x16}, true},
{[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0}, false},
{[]byte{0x16, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0}, true},
}
for i, tc := range cases {
fc := &fakeAccepter{tc.data}
dl := DowngradingListener{fc, nil}
conn, isTLS, err := dl.AcceptNoWrapTLS()
if err != nil {
t.Fatalf("%d: %v", i, err)
}
if conn == nil {
t.Fatalf("%d: unexpected nil conn", i)
}
if isTLS != tc.isTLS {
t.Errorf("%d: isTLS=%v, expected %v", i, isTLS, tc.isTLS)
}
// Read all the data, check it's the same
var bs []byte
buf := make([]byte, 128)
for {
n, err := conn.Read(buf)
if err == io.EOF {
break
}
if err != nil {
t.Fatalf("%d: read error: %v", i, err)
}
if len(bs) == 0 {
// first read; should return just one byte
if n != 1 {
t.Errorf("%d: first read returned %d bytes, not 1", i, n)
}
// Check that we've nilled out the "first" thing
if conn.(*UnionedConnection).first != nil {
t.Errorf("%d: expected first read to clear out the `first` attribute", i)
}
}
bs = append(bs, buf[:n]...)
}
if !bytes.Equal(bs, tc.data) {
t.Errorf("%d: got wrong data", i)
}
t.Logf("%d: %v, %x", i, isTLS, bs)
}
}
func TestCheckCipherSuites(t *testing.T) {
// This is the set of cipher suites we expect - only the order should
// differ.
allSuites := []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
}
suites := buildCipherSuites()
if len(suites) != len(allSuites) {
t.Fatal("should get a list representing all suites")
}
// Check that the returned list of suites doesn't contain anything
// unexpecteds and is free from duplicates.
seen := make(map[uint16]struct{})
nextSuite:
for _, s0 := range suites {
if _, ok := seen[s0]; ok {
t.Fatal("duplicate suite", s0)
}
for _, s1 := range allSuites {
if s0 == s1 {
seen[s0] = struct{}{}
continue nextSuite
}
}
t.Fatal("got unknown suite", s0)
}
}
type fakeAccepter struct {
data []byte
}
func (f *fakeAccepter) Accept() (net.Conn, error) {
return &fakeConn{f.data}, nil
}
func (f *fakeAccepter) Addr() net.Addr { return nil }
func (f *fakeAccepter) Close() error { return nil }
type fakeConn struct {
data []byte
}
func (f *fakeConn) Read(b []byte) (int, error) {
if len(f.data) == 0 {
return 0, io.EOF
}
n := copy(b, f.data)
f.data = f.data[n:]
return n, nil
}
func (f *fakeConn) Write(b []byte) (int, error) {
return len(b), nil
}
func (f *fakeConn) Close() error { return nil }
func (f *fakeConn) LocalAddr() net.Addr { return nil }
func (f *fakeConn) RemoteAddr() net.Addr { return nil }
func (f *fakeConn) SetDeadline(time.Time) error { return nil }
func (f *fakeConn) SetReadDeadline(time.Time) error { return nil }
func (f *fakeConn) SetWriteDeadline(time.Time) error { return nil }