| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131 |
- package fake_test
-
- import (
- "bytes"
- "crypto/hmac"
- "crypto/rand"
- "crypto/sha256"
- "testing"
-
- "github.com/9seconds/mtg/v2/mtglib"
- "github.com/9seconds/mtg/v2/mtglib/internal/tls"
- "github.com/9seconds/mtg/v2/mtglib/internal/tls/fake"
- "github.com/stretchr/testify/suite"
- )
-
- type SendServerHelloTestSuite struct {
- suite.Suite
-
- hello *fake.ClientHello
- buf *bytes.Buffer
- secret mtglib.Secret
- }
-
- func (suite *SendServerHelloTestSuite) SetupTest() {
- suite.hello = &fake.ClientHello{
- CipherSuite: 4867,
- SessionID: make([]byte, 32),
- }
-
- _, err := rand.Read(suite.hello.SessionID)
- suite.NoError(err)
-
- _, err = rand.Read(suite.hello.Random[:])
- suite.NoError(err)
-
- suite.buf = &bytes.Buffer{}
- suite.secret = mtglib.GenerateSecret("google.com")
- }
-
- func (suite *SendServerHelloTestSuite) TestRecordStructure() {
- noise, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
- suite.NoError(err)
-
- var rec bytes.Buffer
-
- recordType, _, err := tls.ReadRecord(suite.buf, &rec)
- suite.NoError(err)
- suite.Equal(byte(tls.TypeHandshake), recordType)
-
- rec.Reset()
-
- recordType, _, err = tls.ReadRecord(suite.buf, &rec)
- suite.NoError(err)
- suite.Equal(byte(tls.TypeChangeCipherSpec), recordType)
-
- suite.Empty(suite.buf.Bytes())
-
- noiseBuf := bytes.NewReader(noise)
- rec.Reset()
-
- recordType, _, err = tls.ReadRecord(noiseBuf, &rec)
- suite.NoError(err)
- suite.Equal(byte(tls.TypeApplicationData), recordType)
- suite.Zero(noiseBuf.Len())
- }
-
- func (suite *SendServerHelloTestSuite) TestHMAC() {
- noise, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
- suite.NoError(err)
-
- packet := make([]byte, suite.buf.Len())
- copy(packet, suite.buf.Bytes())
-
- random := make([]byte, fake.RandomLen)
- copy(random, packet[fake.RandomOffset:])
- copy(packet[fake.RandomOffset:], make([]byte, fake.RandomLen))
-
- mac := hmac.New(sha256.New, suite.secret.Key[:])
- mac.Write(suite.hello.Random[:])
- mac.Write(packet)
- mac.Write(noise)
-
- suite.Equal(random, mac.Sum(nil))
- }
-
- func (suite *SendServerHelloTestSuite) TestHandshakePayload() {
- _, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
- suite.NoError(err)
-
- packet := suite.buf.Bytes()
-
- // TLS record header: type(1) + version(2) + length(2)
- suite.Equal(byte(tls.TypeHandshake), packet[0])
- suite.Equal([]byte{3, 3}, packet[1:3])
-
- // Handshake header: type(1) + uint24_length(3)
- suite.Equal(byte(fake.TypeHandshakeServer), packet[5])
-
- // ServerHello version
- suite.Equal([]byte{3, 3}, packet[9:11])
-
- // Session ID
- sessionIDOffset := fake.RandomOffset + fake.RandomLen
- suite.Equal(byte(len(suite.hello.SessionID)), packet[sessionIDOffset])
- suite.Equal(suite.hello.SessionID, packet[sessionIDOffset+1:sessionIDOffset+1+len(suite.hello.SessionID)])
- }
-
- func (suite *SendServerHelloTestSuite) TestChangeCipherSpec() {
- _, err := fake.SendServerHello(suite.buf, suite.secret.Key[:], suite.hello)
- suite.NoError(err)
-
- // Skip first record
- var rec bytes.Buffer
-
- _, _, err = tls.ReadRecord(suite.buf, &rec)
- suite.NoError(err)
-
- // Read ChangeCipherSpec record
- rec.Reset()
-
- recordType, length, err := tls.ReadRecord(suite.buf, &rec)
- suite.NoError(err)
- suite.Equal(byte(tls.TypeChangeCipherSpec), recordType)
- suite.Equal(int64(1), length)
- suite.Equal([]byte{fake.ChangeCipherValue}, rec.Bytes())
- }
-
- func TestSendServerHello(t *testing.T) {
- t.Parallel()
- suite.Run(t, &SendServerHelloTestSuite{})
- }
|
