1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import ( 8 "bytes" 9 "crypto/ecdsa" 10 "crypto/elliptic" 11 "crypto/rsa" 12 "encoding/hex" 13 "encoding/pem" 14 "errors" 15 "fmt" 16 "io" 17 "math/big" 18 "net" 19 "os" 20 "os/exec" 21 "path/filepath" 22 "strings" 23 "testing" 24 "time" 25 ) 26 27 // zeroSource is an io.Reader that returns an unlimited number of zero bytes. 28 type zeroSource struct{} 29 30 func (zeroSource) Read(b []byte) (n int, err error) { 31 for i := range b { 32 b[i] = 0 33 } 34 35 return len(b), nil 36 } 37 38 var testConfig *Config 39 40 func allCipherSuites() []uint16 { 41 ids := make([]uint16, len(cipherSuites)) 42 for i, suite := range cipherSuites { 43 ids[i] = suite.id 44 } 45 46 return ids 47 } 48 49 func init() { 50 testConfig = &Config{ 51 Time: func() time.Time { return time.Unix(0, 0) }, 52 Rand: zeroSource{}, 53 Certificates: make([]Certificate, 2), 54 InsecureSkipVerify: true, 55 MinVersion: VersionSSL30, 56 MaxVersion: VersionTLS12, 57 CipherSuites: allCipherSuites(), 58 } 59 testConfig.Certificates[0].Certificate = [][]byte{testRSACertificate} 60 testConfig.Certificates[0].PrivateKey = testRSAPrivateKey 61 testConfig.Certificates[1].Certificate = [][]byte{testSNICertificate} 62 testConfig.Certificates[1].PrivateKey = testRSAPrivateKey 63 testConfig.BuildNameToCertificate() 64 } 65 66 func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) { 67 testClientHelloFailure(t, serverConfig, m, "") 68 } 69 70 func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessage, expectedSubStr string) { 71 // Create in-memory network connection, 72 // send message to server. Should return 73 // expected error. 74 c, s := net.Pipe() 75 go func() { 76 cli := Client(c, testConfig) 77 if ch, ok := m.(*clientHelloMsg); ok { 78 cli.vers = ch.vers 79 } 80 cli.writeRecord(recordTypeHandshake, m.marshal()) 81 c.Close() 82 }() 83 err := Server(s, serverConfig).Handshake() 84 s.Close() 85 if len(expectedSubStr) == 0 { 86 if err != nil && err != io.EOF { 87 t.Errorf("Got error: %s; expected to succeed", err, expectedSubStr) 88 } 89 } else if err == nil || !strings.Contains(err.Error(), expectedSubStr) { 90 t.Errorf("Got error: %s; expected to match substring '%s'", err, expectedSubStr) 91 } 92 } 93 94 func TestSimpleError(t *testing.T) { 95 testClientHelloFailure(t, testConfig, &serverHelloDoneMsg{}, "unexpected handshake message") 96 } 97 98 var badProtocolVersions = []uint16{0x0000, 0x0005, 0x0100, 0x0105, 0x0200, 0x0205} 99 100 func TestRejectBadProtocolVersion(t *testing.T) { 101 for _, v := range badProtocolVersions { 102 testClientHelloFailure(t, testConfig, &clientHelloMsg{vers: v}, "unsupported, maximum protocol version") 103 } 104 } 105 106 func TestNoSuiteOverlap(t *testing.T) { 107 clientHello := &clientHelloMsg{ 108 vers: 0x0301, 109 cipherSuites: []uint16{0xff00}, 110 compressionMethods: []uint8{0}, 111 } 112 testClientHelloFailure(t, testConfig, clientHello, "no cipher suite supported by both client and server") 113 } 114 115 func TestNoCompressionOverlap(t *testing.T) { 116 clientHello := &clientHelloMsg{ 117 vers: 0x0301, 118 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, 119 compressionMethods: []uint8{0xff}, 120 } 121 testClientHelloFailure(t, testConfig, clientHello, "client does not support uncompressed connections") 122 } 123 124 func TestNoRC4ByDefault(t *testing.T) { 125 clientHello := &clientHelloMsg{ 126 vers: 0x0301, 127 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, 128 compressionMethods: []uint8{0}, 129 } 130 serverConfig := *testConfig 131 // Reset the enabled cipher suites to nil in order to test the 132 // defaults. 133 serverConfig.CipherSuites = nil 134 testClientHelloFailure(t, &serverConfig, clientHello, "no cipher suite supported by both client and server") 135 } 136 137 func TestDontSelectECDSAWithRSAKey(t *testing.T) { 138 // Test that, even when both sides support an ECDSA cipher suite, it 139 // won't be selected if the server's private key doesn't support it. 140 clientHello := &clientHelloMsg{ 141 vers: 0x0301, 142 cipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, 143 compressionMethods: []uint8{0}, 144 supportedCurves: []CurveID{CurveP256}, 145 supportedPoints: []uint8{pointFormatUncompressed}, 146 } 147 serverConfig := *testConfig 148 serverConfig.CipherSuites = clientHello.cipherSuites 149 serverConfig.Certificates = make([]Certificate, 1) 150 serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate} 151 serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey 152 serverConfig.BuildNameToCertificate() 153 // First test that it *does* work when the server's key is ECDSA. 154 testClientHello(t, &serverConfig, clientHello) 155 156 // Now test that switching to an RSA key causes the expected error (and 157 // not an internal error about a signing failure). 158 serverConfig.Certificates = testConfig.Certificates 159 testClientHelloFailure(t, &serverConfig, clientHello, "no cipher suite supported by both client and server") 160 } 161 162 func TestDontSelectRSAWithECDSAKey(t *testing.T) { 163 // Test that, even when both sides support an RSA cipher suite, it 164 // won't be selected if the server's private key doesn't support it. 165 clientHello := &clientHelloMsg{ 166 vers: 0x0301, 167 cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, 168 compressionMethods: []uint8{0}, 169 supportedCurves: []CurveID{CurveP256}, 170 supportedPoints: []uint8{pointFormatUncompressed}, 171 } 172 serverConfig := *testConfig 173 serverConfig.CipherSuites = clientHello.cipherSuites 174 // First test that it *does* work when the server's key is RSA. 175 testClientHello(t, &serverConfig, clientHello) 176 177 // Now test that switching to an ECDSA key causes the expected error 178 // (and not an internal error about a signing failure). 179 serverConfig.Certificates = make([]Certificate, 1) 180 serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate} 181 serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey 182 serverConfig.BuildNameToCertificate() 183 testClientHelloFailure(t, &serverConfig, clientHello, "no cipher suite supported by both client and server") 184 } 185 186 func TestRenegotiationExtension(t *testing.T) { 187 clientHello := &clientHelloMsg{ 188 vers: VersionTLS12, 189 compressionMethods: []uint8{compressionNone}, 190 random: make([]byte, 32), 191 secureRenegotiation: true, 192 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, 193 } 194 195 var buf []byte 196 c, s := net.Pipe() 197 198 go func() { 199 cli := Client(c, testConfig) 200 cli.vers = clientHello.vers 201 cli.writeRecord(recordTypeHandshake, clientHello.marshal()) 202 203 buf = make([]byte, 1024) 204 n, err := c.Read(buf) 205 if err != nil { 206 t.Fatalf("Server read returned error: %s", err) 207 } 208 buf = buf[:n] 209 c.Close() 210 }() 211 212 Server(s, testConfig).Handshake() 213 214 if len(buf) < 5+4 { 215 t.Fatalf("Server returned short message of length %d", len(buf)) 216 } 217 // buf contains a TLS record, with a 5 byte record header and a 4 byte 218 // handshake header. The length of the ServerHello is taken from the 219 // handshake header. 220 serverHelloLen := int(buf[6])<<16 | int(buf[7])<<8 | int(buf[8]) 221 222 var serverHello serverHelloMsg 223 // unmarshal expects to be given the handshake header, but 224 // serverHelloLen doesn't include it. 225 if !serverHello.unmarshal(buf[5 : 9+serverHelloLen]) { 226 t.Fatalf("Failed to parse ServerHello") 227 } 228 229 if !serverHello.secureRenegotiation { 230 t.Errorf("Secure renegotiation extension was not echoed.") 231 } 232 } 233 234 func TestTLS12OnlyCipherSuites(t *testing.T) { 235 // Test that a Server doesn't select a TLS 1.2-only cipher suite when 236 // the client negotiates TLS 1.1. 237 var zeros [32]byte 238 239 clientHello := &clientHelloMsg{ 240 vers: VersionTLS11, 241 random: zeros[:], 242 cipherSuites: []uint16{ 243 // The Server, by default, will use the client's 244 // preference order. So the GCM cipher suite 245 // will be selected unless it's excluded because 246 // of the version in this ClientHello. 247 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 248 TLS_RSA_WITH_RC4_128_SHA, 249 }, 250 compressionMethods: []uint8{compressionNone}, 251 supportedCurves: []CurveID{CurveP256, CurveP384, CurveP521}, 252 supportedPoints: []uint8{pointFormatUncompressed}, 253 } 254 255 c, s := net.Pipe() 256 var reply interface{} 257 var clientErr error 258 go func() { 259 cli := Client(c, testConfig) 260 cli.vers = clientHello.vers 261 cli.writeRecord(recordTypeHandshake, clientHello.marshal()) 262 reply, clientErr = cli.readHandshake() 263 c.Close() 264 }() 265 config := *testConfig 266 config.CipherSuites = clientHello.cipherSuites 267 Server(s, &config).Handshake() 268 s.Close() 269 if clientErr != nil { 270 t.Fatal(clientErr) 271 } 272 serverHello, ok := reply.(*serverHelloMsg) 273 if !ok { 274 t.Fatalf("didn't get ServerHello message in reply. Got %v\n", reply) 275 } 276 if s := serverHello.cipherSuite; s != TLS_RSA_WITH_RC4_128_SHA { 277 t.Fatalf("bad cipher suite from server: %x", s) 278 } 279 } 280 281 func TestAlertForwarding(t *testing.T) { 282 c, s := net.Pipe() 283 go func() { 284 Client(c, testConfig).sendAlert(alertUnknownCA) 285 c.Close() 286 }() 287 288 err := Server(s, testConfig).Handshake() 289 s.Close() 290 if e, ok := err.(*net.OpError); !ok || e.Err != error(alertUnknownCA) { 291 t.Errorf("Got error: %s; expected: %s", err, error(alertUnknownCA)) 292 } 293 } 294 295 func TestClose(t *testing.T) { 296 c, s := net.Pipe() 297 go c.Close() 298 299 err := Server(s, testConfig).Handshake() 300 s.Close() 301 if err != io.EOF { 302 t.Errorf("Got error: %s; expected: %s", err, io.EOF) 303 } 304 } 305 306 func testHandshake(clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) { 307 c, s := net.Pipe() 308 done := make(chan bool) 309 go func() { 310 cli := Client(c, clientConfig) 311 cli.Handshake() 312 clientState = cli.ConnectionState() 313 c.Close() 314 done <- true 315 }() 316 server := Server(s, serverConfig) 317 err = server.Handshake() 318 if err == nil { 319 serverState = server.ConnectionState() 320 } 321 s.Close() 322 <-done 323 return 324 } 325 326 func TestVersion(t *testing.T) { 327 serverConfig := &Config{ 328 Certificates: testConfig.Certificates, 329 MaxVersion: VersionTLS11, 330 } 331 clientConfig := &Config{ 332 InsecureSkipVerify: true, 333 } 334 state, _, err := testHandshake(clientConfig, serverConfig) 335 if err != nil { 336 t.Fatalf("handshake failed: %s", err) 337 } 338 if state.Version != VersionTLS11 { 339 t.Fatalf("Incorrect version %x, should be %x", state.Version, VersionTLS11) 340 } 341 } 342 343 func TestCipherSuitePreference(t *testing.T) { 344 serverConfig := &Config{ 345 CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, 346 Certificates: testConfig.Certificates, 347 MaxVersion: VersionTLS11, 348 } 349 clientConfig := &Config{ 350 CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, 351 InsecureSkipVerify: true, 352 } 353 state, _, err := testHandshake(clientConfig, serverConfig) 354 if err != nil { 355 t.Fatalf("handshake failed: %s", err) 356 } 357 if state.CipherSuite != TLS_RSA_WITH_AES_128_CBC_SHA { 358 // By default the server should use the client's preference. 359 t.Fatalf("Client's preference was not used, got %x", state.CipherSuite) 360 } 361 362 serverConfig.PreferServerCipherSuites = true 363 state, _, err = testHandshake(clientConfig, serverConfig) 364 if err != nil { 365 t.Fatalf("handshake failed: %s", err) 366 } 367 if state.CipherSuite != TLS_RSA_WITH_RC4_128_SHA { 368 t.Fatalf("Server's preference was not used, got %x", state.CipherSuite) 369 } 370 } 371 372 func TestSCTHandshake(t *testing.T) { 373 expected := [][]byte{[]byte("certificate"), []byte("transparency")} 374 serverConfig := &Config{ 375 Certificates: []Certificate{{ 376 Certificate: [][]byte{testRSACertificate}, 377 PrivateKey: testRSAPrivateKey, 378 SignedCertificateTimestamps: expected, 379 }}, 380 } 381 clientConfig := &Config{ 382 InsecureSkipVerify: true, 383 } 384 _, state, err := testHandshake(clientConfig, serverConfig) 385 if err != nil { 386 t.Fatalf("handshake failed: %s", err) 387 } 388 actual := state.SignedCertificateTimestamps 389 if len(actual) != len(expected) { 390 t.Fatalf("got %d scts, want %d", len(actual), len(expected)) 391 } 392 for i, sct := range expected { 393 if !bytes.Equal(sct, actual[i]) { 394 t.Fatalf("SCT #%d was %x, but expected %x", i, actual[i], sct) 395 } 396 } 397 } 398 399 // Note: see comment in handshake_test.go for details of how the reference 400 // tests work. 401 402 // serverTest represents a test of the TLS server handshake against a reference 403 // implementation. 404 type serverTest struct { 405 // name is a freeform string identifying the test and the file in which 406 // the expected results will be stored. 407 name string 408 // command, if not empty, contains a series of arguments for the 409 // command to run for the reference server. 410 command []string 411 // expectedPeerCerts contains a list of PEM blocks of expected 412 // certificates from the client. 413 expectedPeerCerts []string 414 // config, if not nil, contains a custom Config to use for this test. 415 config *Config 416 // expectHandshakeErrorIncluding, when not empty, contains a string 417 // that must be a substring of the error resulting from the handshake. 418 expectHandshakeErrorIncluding string 419 // validate, if not nil, is a function that will be called with the 420 // ConnectionState of the resulting connection. It returns false if the 421 // ConnectionState is unacceptable. 422 validate func(ConnectionState) error 423 } 424 425 var defaultClientCommand = []string{"openssl", "s_client", "-no_ticket"} 426 427 // connFromCommand starts opens a listening socket and starts the reference 428 // client to connect to it. It returns a recordingConn that wraps the resulting 429 // connection. 430 func (test *serverTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, err error) { 431 l, err := net.ListenTCP("tcp", &net.TCPAddr{ 432 IP: net.IPv4(127, 0, 0, 1), 433 Port: 0, 434 }) 435 if err != nil { 436 return nil, nil, err 437 } 438 defer l.Close() 439 440 port := l.Addr().(*net.TCPAddr).Port 441 442 var command []string 443 command = append(command, test.command...) 444 if len(command) == 0 { 445 command = defaultClientCommand 446 } 447 command = append(command, "-connect") 448 command = append(command, fmt.Sprintf("127.0.0.1:%d", port)) 449 cmd := exec.Command(command[0], command[1:]...) 450 cmd.Stdin = nil 451 var output bytes.Buffer 452 cmd.Stdout = &output 453 cmd.Stderr = &output 454 if err := cmd.Start(); err != nil { 455 return nil, nil, err 456 } 457 458 connChan := make(chan interface{}) 459 go func() { 460 tcpConn, err := l.Accept() 461 if err != nil { 462 connChan <- err 463 } 464 connChan <- tcpConn 465 }() 466 467 var tcpConn net.Conn 468 select { 469 case connOrError := <-connChan: 470 if err, ok := connOrError.(error); ok { 471 return nil, nil, err 472 } 473 tcpConn = connOrError.(net.Conn) 474 case <-time.After(2 * time.Second): 475 output.WriteTo(os.Stdout) 476 return nil, nil, errors.New("timed out waiting for connection from child process") 477 } 478 479 record := &recordingConn{ 480 Conn: tcpConn, 481 } 482 483 return record, cmd, nil 484 } 485 486 func (test *serverTest) dataPath() string { 487 return filepath.Join("testdata", "Server-"+test.name) 488 } 489 490 func (test *serverTest) loadData() (flows [][]byte, err error) { 491 in, err := os.Open(test.dataPath()) 492 if err != nil { 493 return nil, err 494 } 495 defer in.Close() 496 return parseTestData(in) 497 } 498 499 func (test *serverTest) run(t *testing.T, write bool) { 500 var clientConn, serverConn net.Conn 501 var recordingConn *recordingConn 502 var childProcess *exec.Cmd 503 504 if write { 505 var err error 506 recordingConn, childProcess, err = test.connFromCommand() 507 if err != nil { 508 t.Fatalf("Failed to start subcommand: %s", err) 509 } 510 serverConn = recordingConn 511 } else { 512 clientConn, serverConn = net.Pipe() 513 } 514 config := test.config 515 if config == nil { 516 config = testConfig 517 } 518 server := Server(serverConn, config) 519 connStateChan := make(chan ConnectionState, 1) 520 go func() { 521 var err error 522 if _, err = server.Write([]byte("hello, world\n")); err != nil { 523 t.Logf("Error from Server.Write: %s", err) 524 } 525 if len(test.expectHandshakeErrorIncluding) > 0 { 526 if err == nil { 527 t.Errorf("Error expected, but no error returned") 528 } else if s := err.Error(); !strings.Contains(s, test.expectHandshakeErrorIncluding) { 529 t.Errorf("Error expected containing '%s' but got '%s'", test.expectHandshakeErrorIncluding, s) 530 } 531 } 532 server.Close() 533 serverConn.Close() 534 connStateChan <- server.ConnectionState() 535 }() 536 537 if !write { 538 flows, err := test.loadData() 539 if err != nil { 540 t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath()) 541 } 542 for i, b := range flows { 543 if i%2 == 0 { 544 clientConn.Write(b) 545 continue 546 } 547 bb := make([]byte, len(b)) 548 n, err := io.ReadFull(clientConn, bb) 549 if err != nil { 550 t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b) 551 } 552 if !bytes.Equal(b, bb) { 553 t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b) 554 } 555 } 556 clientConn.Close() 557 } 558 559 connState := <-connStateChan 560 peerCerts := connState.PeerCertificates 561 if len(peerCerts) == len(test.expectedPeerCerts) { 562 for i, peerCert := range peerCerts { 563 block, _ := pem.Decode([]byte(test.expectedPeerCerts[i])) 564 if !bytes.Equal(block.Bytes, peerCert.Raw) { 565 t.Fatalf("%s: mismatch on peer cert %d", test.name, i+1) 566 } 567 } 568 } else { 569 t.Fatalf("%s: mismatch on peer list length: %d (wanted) != %d (got)", test.name, len(test.expectedPeerCerts), len(peerCerts)) 570 } 571 572 if test.validate != nil { 573 if err := test.validate(connState); err != nil { 574 t.Fatalf("validate callback returned error: %s", err) 575 } 576 } 577 578 if write { 579 path := test.dataPath() 580 out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) 581 if err != nil { 582 t.Fatalf("Failed to create output file: %s", err) 583 } 584 defer out.Close() 585 recordingConn.Close() 586 if len(recordingConn.flows) < 3 { 587 childProcess.Stdout.(*bytes.Buffer).WriteTo(os.Stdout) 588 if len(test.expectHandshakeErrorIncluding) == 0 { 589 t.Fatalf("Handshake failed") 590 } 591 } 592 recordingConn.WriteTo(out) 593 fmt.Printf("Wrote %s\n", path) 594 childProcess.Wait() 595 } 596 } 597 598 func runServerTestForVersion(t *testing.T, template *serverTest, prefix, option string) { 599 test := *template 600 test.name = prefix + test.name 601 if len(test.command) == 0 { 602 test.command = defaultClientCommand 603 } 604 test.command = append([]string(nil), test.command...) 605 test.command = append(test.command, option) 606 test.run(t, *update) 607 } 608 609 func runServerTestSSLv3(t *testing.T, template *serverTest) { 610 runServerTestForVersion(t, template, "SSLv3-", "-ssl3") 611 } 612 613 func runServerTestTLS10(t *testing.T, template *serverTest) { 614 runServerTestForVersion(t, template, "TLSv10-", "-tls1") 615 } 616 617 func runServerTestTLS11(t *testing.T, template *serverTest) { 618 runServerTestForVersion(t, template, "TLSv11-", "-tls1_1") 619 } 620 621 func runServerTestTLS12(t *testing.T, template *serverTest) { 622 runServerTestForVersion(t, template, "TLSv12-", "-tls1_2") 623 } 624 625 func TestHandshakeServerRSARC4(t *testing.T) { 626 test := &serverTest{ 627 name: "RSA-RC4", 628 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA"}, 629 } 630 runServerTestSSLv3(t, test) 631 runServerTestTLS10(t, test) 632 runServerTestTLS11(t, test) 633 runServerTestTLS12(t, test) 634 } 635 636 func TestHandshakeServerRSA3DES(t *testing.T) { 637 test := &serverTest{ 638 name: "RSA-3DES", 639 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "DES-CBC3-SHA"}, 640 } 641 runServerTestSSLv3(t, test) 642 runServerTestTLS10(t, test) 643 runServerTestTLS12(t, test) 644 } 645 646 func TestHandshakeServerRSAAES(t *testing.T) { 647 test := &serverTest{ 648 name: "RSA-AES", 649 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"}, 650 } 651 runServerTestSSLv3(t, test) 652 runServerTestTLS10(t, test) 653 runServerTestTLS12(t, test) 654 } 655 656 func TestHandshakeServerAESGCM(t *testing.T) { 657 test := &serverTest{ 658 name: "RSA-AES-GCM", 659 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"}, 660 } 661 runServerTestTLS12(t, test) 662 } 663 664 func TestHandshakeServerAES256GCMSHA384(t *testing.T) { 665 test := &serverTest{ 666 name: "RSA-AES256-GCM-SHA384", 667 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES256-GCM-SHA384"}, 668 } 669 runServerTestTLS12(t, test) 670 } 671 672 func TestHandshakeServerECDHEECDSAAES(t *testing.T) { 673 config := *testConfig 674 config.Certificates = make([]Certificate, 1) 675 config.Certificates[0].Certificate = [][]byte{testECDSACertificate} 676 config.Certificates[0].PrivateKey = testECDSAPrivateKey 677 config.BuildNameToCertificate() 678 679 test := &serverTest{ 680 name: "ECDHE-ECDSA-AES", 681 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA"}, 682 config: &config, 683 } 684 runServerTestTLS10(t, test) 685 runServerTestTLS12(t, test) 686 } 687 688 func TestHandshakeServerALPN(t *testing.T) { 689 config := *testConfig 690 config.NextProtos = []string{"proto1", "proto2"} 691 692 test := &serverTest{ 693 name: "ALPN", 694 // Note that this needs OpenSSL 1.0.2 because that is the first 695 // version that supports the -alpn flag. 696 command: []string{"openssl", "s_client", "-alpn", "proto2,proto1"}, 697 config: &config, 698 validate: func(state ConnectionState) error { 699 // The server's preferences should override the client. 700 if state.NegotiatedProtocol != "proto1" { 701 return fmt.Errorf("Got protocol %q, wanted proto1", state.NegotiatedProtocol) 702 } 703 return nil 704 }, 705 } 706 runServerTestTLS12(t, test) 707 } 708 709 func TestHandshakeServerALPNNoMatch(t *testing.T) { 710 config := *testConfig 711 config.NextProtos = []string{"proto3"} 712 713 test := &serverTest{ 714 name: "ALPN-NoMatch", 715 // Note that this needs OpenSSL 1.0.2 because that is the first 716 // version that supports the -alpn flag. 717 command: []string{"openssl", "s_client", "-alpn", "proto2,proto1"}, 718 config: &config, 719 validate: func(state ConnectionState) error { 720 // Rather than reject the connection, Go doesn't select 721 // a protocol when there is no overlap. 722 if state.NegotiatedProtocol != "" { 723 return fmt.Errorf("Got protocol %q, wanted ''", state.NegotiatedProtocol) 724 } 725 return nil 726 }, 727 } 728 runServerTestTLS12(t, test) 729 } 730 731 // TestHandshakeServerSNI involves a client sending an SNI extension of 732 // "snitest.com", which happens to match the CN of testSNICertificate. The test 733 // verifies that the server correctly selects that certificate. 734 func TestHandshakeServerSNI(t *testing.T) { 735 test := &serverTest{ 736 name: "SNI", 737 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, 738 } 739 runServerTestTLS12(t, test) 740 } 741 742 // TestHandshakeServerSNICertForName is similar to TestHandshakeServerSNI, but 743 // tests the dynamic GetCertificate method 744 func TestHandshakeServerSNIGetCertificate(t *testing.T) { 745 config := *testConfig 746 747 // Replace the NameToCertificate map with a GetCertificate function 748 nameToCert := config.NameToCertificate 749 config.NameToCertificate = nil 750 config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { 751 cert, _ := nameToCert[clientHello.ServerName] 752 return cert, nil 753 } 754 test := &serverTest{ 755 name: "SNI-GetCertificate", 756 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, 757 config: &config, 758 } 759 runServerTestTLS12(t, test) 760 } 761 762 // TestHandshakeServerSNICertForNameNotFound is similar to 763 // TestHandshakeServerSNICertForName, but tests to make sure that when the 764 // GetCertificate method doesn't return a cert, we fall back to what's in 765 // the NameToCertificate map. 766 func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) { 767 config := *testConfig 768 769 config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { 770 return nil, nil 771 } 772 test := &serverTest{ 773 name: "SNI-GetCertificateNotFound", 774 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, 775 config: &config, 776 } 777 runServerTestTLS12(t, test) 778 } 779 780 // TestHandshakeServerSNICertForNameError tests to make sure that errors in 781 // GetCertificate result in a tls alert. 782 func TestHandshakeServerSNIGetCertificateError(t *testing.T) { 783 const errMsg = "TestHandshakeServerSNIGetCertificateError error" 784 785 serverConfig := *testConfig 786 serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { 787 return nil, errors.New(errMsg) 788 } 789 790 clientHello := &clientHelloMsg{ 791 vers: 0x0301, 792 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, 793 compressionMethods: []uint8{0}, 794 serverName: "test", 795 } 796 testClientHelloFailure(t, &serverConfig, clientHello, errMsg) 797 } 798 799 // TestHandshakeServerEmptyCertificates tests that GetCertificates is called in 800 // the case that Certificates is empty, even without SNI. 801 func TestHandshakeServerEmptyCertificates(t *testing.T) { 802 const errMsg = "TestHandshakeServerEmptyCertificates error" 803 804 serverConfig := *testConfig 805 serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { 806 return nil, errors.New(errMsg) 807 } 808 serverConfig.Certificates = nil 809 810 clientHello := &clientHelloMsg{ 811 vers: 0x0301, 812 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, 813 compressionMethods: []uint8{0}, 814 } 815 testClientHelloFailure(t, &serverConfig, clientHello, errMsg) 816 817 // With an empty Certificates and a nil GetCertificate, the server 818 // should always return a no certificates error. 819 serverConfig.GetCertificate = nil 820 821 clientHello = &clientHelloMsg{ 822 vers: 0x0301, 823 cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, 824 compressionMethods: []uint8{0}, 825 } 826 testClientHelloFailure(t, &serverConfig, clientHello, "no certificates") 827 } 828 829 // TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with 830 // an RSA certificate and an ECDSA ciphersuite with an ECDSA certificate. 831 func TestCipherSuiteCertPreferenceECDSA(t *testing.T) { 832 config := *testConfig 833 config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA} 834 config.PreferServerCipherSuites = true 835 836 test := &serverTest{ 837 name: "CipherSuiteCertPreferenceRSA", 838 config: &config, 839 } 840 runServerTestTLS12(t, test) 841 842 config = *testConfig 843 config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA} 844 config.Certificates = []Certificate{ 845 { 846 Certificate: [][]byte{testECDSACertificate}, 847 PrivateKey: testECDSAPrivateKey, 848 }, 849 } 850 config.BuildNameToCertificate() 851 config.PreferServerCipherSuites = true 852 853 test = &serverTest{ 854 name: "CipherSuiteCertPreferenceECDSA", 855 config: &config, 856 } 857 runServerTestTLS12(t, test) 858 } 859 860 func TestResumption(t *testing.T) { 861 sessionFilePath := tempFile("") 862 defer os.Remove(sessionFilePath) 863 864 test := &serverTest{ 865 name: "IssueTicket", 866 command: []string{"openssl", "s_client", "-cipher", "RC4-SHA", "-sess_out", sessionFilePath}, 867 } 868 runServerTestTLS12(t, test) 869 870 test = &serverTest{ 871 name: "Resume", 872 command: []string{"openssl", "s_client", "-cipher", "RC4-SHA", "-sess_in", sessionFilePath}, 873 } 874 runServerTestTLS12(t, test) 875 } 876 877 func TestResumptionDisabled(t *testing.T) { 878 sessionFilePath := tempFile("") 879 defer os.Remove(sessionFilePath) 880 881 config := *testConfig 882 883 test := &serverTest{ 884 name: "IssueTicketPreDisable", 885 command: []string{"openssl", "s_client", "-cipher", "RC4-SHA", "-sess_out", sessionFilePath}, 886 config: &config, 887 } 888 runServerTestTLS12(t, test) 889 890 config.SessionTicketsDisabled = true 891 892 test = &serverTest{ 893 name: "ResumeDisabled", 894 command: []string{"openssl", "s_client", "-cipher", "RC4-SHA", "-sess_in", sessionFilePath}, 895 config: &config, 896 } 897 runServerTestTLS12(t, test) 898 899 // One needs to manually confirm that the handshake in the golden data 900 // file for ResumeDisabled does not include a resumption handshake. 901 } 902 903 func TestFallbackSCSV(t *testing.T) { 904 serverConfig := &Config{ 905 Certificates: testConfig.Certificates, 906 } 907 test := &serverTest{ 908 name: "FallbackSCSV", 909 config: serverConfig, 910 // OpenSSL 1.0.1j is needed for the -fallback_scsv option. 911 command: []string{"openssl", "s_client", "-fallback_scsv"}, 912 expectHandshakeErrorIncluding: "inappropriate protocol fallback", 913 } 914 runServerTestTLS11(t, test) 915 } 916 917 // cert.pem and key.pem were generated with generate_cert.go 918 // Thus, they have no ExtKeyUsage fields and trigger an error 919 // when verification is turned on. 920 921 const clientCertificatePEM = ` 922 -----BEGIN CERTIFICATE----- 923 MIIB7TCCAVigAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD 924 bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTExMTIwODA3NTUxMloXDTEyMTIwNzA4 925 MDAxMlowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGc 926 MAsGCSqGSIb3DQEBAQOBjAAwgYgCgYBO0Hsx44Jk2VnAwoekXh6LczPHY1PfZpIG 927 hPZk1Y/kNqcdK+izIDZFI7Xjla7t4PUgnI2V339aEu+H5Fto5OkOdOwEin/ekyfE 928 ARl6vfLcPRSr0FTKIQzQTW6HLlzF0rtNS0/Otiz3fojsfNcCkXSmHgwa2uNKWi7e 929 E5xMQIhZkwIDAQABozIwMDAOBgNVHQ8BAf8EBAMCAKAwDQYDVR0OBAYEBAECAwQw 930 DwYDVR0jBAgwBoAEAQIDBDALBgkqhkiG9w0BAQUDgYEANh+zegx1yW43RmEr1b3A 931 p0vMRpqBWHyFeSnIyMZn3TJWRSt1tukkqVCavh9a+hoV2cxVlXIWg7nCto/9iIw4 932 hB2rXZIxE0/9gzvGnfERYraL7KtnvshksBFQRlgXa5kc0x38BvEO5ZaoDPl4ILdE 933 GFGNEH5PlGffo05wc46QkYU= 934 -----END CERTIFICATE-----` 935 936 const clientKeyPEM = ` 937 -----BEGIN RSA PRIVATE KEY----- 938 MIICWgIBAAKBgE7QezHjgmTZWcDCh6ReHotzM8djU99mkgaE9mTVj+Q2px0r6LMg 939 NkUjteOVru3g9SCcjZXff1oS74fkW2jk6Q507ASKf96TJ8QBGXq98tw9FKvQVMoh 940 DNBNbocuXMXSu01LT862LPd+iOx81wKRdKYeDBra40paLt4TnExAiFmTAgMBAAEC 941 gYBxvXd8yNteFTns8A/2yomEMC4yeosJJSpp1CsN3BJ7g8/qTnrVPxBy+RU+qr63 942 t2WquaOu/cr5P8iEsa6lk20tf8pjKLNXeX0b1RTzK8rJLbS7nGzP3tvOhL096VtQ 943 dAo4ROEaro0TzYpHmpciSvxVIeEIAAdFDObDJPKqcJAxyQJBAJizfYgK8Gzx9fsx 944 hxp+VteCbVPg2euASH5Yv3K5LukRdKoSzHE2grUVQgN/LafC0eZibRanxHegYSr7 945 7qaswKUCQQCEIWor/X4XTMdVj3Oj+vpiw75y/S9gh682+myZL+d/02IEkwnB098P 946 RkKVpenBHyrGg0oeN5La7URILWKj7CPXAkBKo6F+d+phNjwIFoN1Xb/RA32w/D1I 947 saG9sF+UEhRt9AxUfW/U/tIQ9V0ZHHcSg1XaCM5Nvp934brdKdvTOKnJAkBD5h/3 948 Rybatlvg/fzBEaJFyq09zhngkxlZOUtBVTqzl17RVvY2orgH02U4HbCHy4phxOn7 949 qTdQRYlHRftgnWK1AkANibn9PRYJ7mJyJ9Dyj2QeNcSkSTzrt0tPvUMf4+meJymN 950 1Ntu5+S1DLLzfxlaljWG6ylW6DNxujCyuXIV2rvA 951 -----END RSA PRIVATE KEY-----` 952 953 const clientECDSACertificatePEM = ` 954 -----BEGIN CERTIFICATE----- 955 MIIB/DCCAV4CCQCaMIRsJjXZFzAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw 956 EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 957 eSBMdGQwHhcNMTIxMTE0MTMyNTUzWhcNMjIxMTEyMTMyNTUzWjBBMQswCQYDVQQG 958 EwJBVTEMMAoGA1UECBMDTlNXMRAwDgYDVQQHEwdQeXJtb250MRIwEAYDVQQDEwlK 959 b2VsIFNpbmcwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACVjJF1FMBexFe01MNv 960 ja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd3kfDdq0Z9kUs 961 jLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx+U56jb0JuK7q 962 ixgnTy5w/hOWusPTQBbNZU6sER7m8TAJBgcqhkjOPQQBA4GMADCBiAJCAOAUxGBg 963 C3JosDJdYUoCdFzCgbkWqD8pyDbHgf9stlvZcPE4O1BIKJTLCRpS8V3ujfK58PDa 964 2RU6+b0DeoeiIzXsAkIBo9SKeDUcSpoj0gq+KxAxnZxfvuiRs9oa9V2jI/Umi0Vw 965 jWVim34BmT0Y9hCaOGGbLlfk+syxis7iI6CH8OFnUes= 966 -----END CERTIFICATE-----` 967 968 const clientECDSAKeyPEM = ` 969 -----BEGIN EC PARAMETERS----- 970 BgUrgQQAIw== 971 -----END EC PARAMETERS----- 972 -----BEGIN EC PRIVATE KEY----- 973 MIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBUP5xtRsEv4HJEtOpOGLELwO53SD78Ew8 974 k+wLWoqizS3NpQyMtrU8JFdWfj+C57UNkOugBwYFK4EEACOhgYkDgYYABACVjJF1 975 FMBexFe01MNvja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd 976 3kfDdq0Z9kUsjLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx 977 +U56jb0JuK7qixgnTy5w/hOWusPTQBbNZU6sER7m8Q== 978 -----END EC PRIVATE KEY-----` 979 980 func TestClientAuth(t *testing.T) { 981 var certPath, keyPath, ecdsaCertPath, ecdsaKeyPath string 982 983 if *update { 984 certPath = tempFile(clientCertificatePEM) 985 defer os.Remove(certPath) 986 keyPath = tempFile(clientKeyPEM) 987 defer os.Remove(keyPath) 988 ecdsaCertPath = tempFile(clientECDSACertificatePEM) 989 defer os.Remove(ecdsaCertPath) 990 ecdsaKeyPath = tempFile(clientECDSAKeyPEM) 991 defer os.Remove(ecdsaKeyPath) 992 } 993 994 config := *testConfig 995 config.ClientAuth = RequestClientCert 996 997 test := &serverTest{ 998 name: "ClientAuthRequestedNotGiven", 999 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA"}, 1000 config: &config, 1001 } 1002 runServerTestTLS12(t, test) 1003 1004 test = &serverTest{ 1005 name: "ClientAuthRequestedAndGiven", 1006 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA", "-cert", certPath, "-key", keyPath}, 1007 config: &config, 1008 expectedPeerCerts: []string{clientCertificatePEM}, 1009 } 1010 runServerTestTLS12(t, test) 1011 1012 test = &serverTest{ 1013 name: "ClientAuthRequestedAndECDSAGiven", 1014 command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA", "-cert", ecdsaCertPath, "-key", ecdsaKeyPath}, 1015 config: &config, 1016 expectedPeerCerts: []string{clientECDSACertificatePEM}, 1017 } 1018 runServerTestTLS12(t, test) 1019 } 1020 1021 func bigFromString(s string) *big.Int { 1022 ret := new(big.Int) 1023 ret.SetString(s, 10) 1024 return ret 1025 } 1026 1027 func fromHex(s string) []byte { 1028 b, _ := hex.DecodeString(s) 1029 return b 1030 } 1031 1032 var testRSACertificate = fromHex("30820263308201cca003020102020900a273000c8100cbf3300d06092a864886f70d01010b0500302b31173015060355040a130e476f6f676c652054455354494e473110300e06035504031307476f20526f6f74301e170d3135303130313030303030305a170d3235303130313030303030305a302631173015060355040a130e476f6f676c652054455354494e47310b300906035504031302476f30819f300d06092a864886f70d010101050003818d0030818902818100af8788f6201b95656c14ab4405af3b4514e3b76dfd00634d957ffe6a623586c04af9187cf6aa255e7a64316600baf48e92afc76bd876d4f35f41cb6e5615971b97c13c123921663d2b16d1bcdb1cc0a7dab7caadbadacbd52150ecde8dabd16b814b8902f3c4bec16c89b14484bd21d1047d9d164df98215f6effad60947f2fb0203010001a38193308190300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e0412041012508d896f1bd1dc544d6ecb695e06f4301b0603551d23041430128010bf3db6a966f2b840cfeab40378481a4130190603551d1104123010820e6578616d706c652e676f6c616e67300d06092a864886f70d01010b050003818100927caf91551218965931a64840d52dd5eebb02a0f5c21e7c9bb3307d3cdc76da4f3dc0faae2d33246b037b1b67591121b511bc77b9d9e06ea82d2e35fa645f223e63106bbeff14866d0df01531a814381e3b84872ccb98ed5176b9b14fdddb9b84048640fa51ddbab48debe346de46b94f86c7f9a4c24134acccf6eab0ab3918") 1033 1034 var testRSACertificateIssuer = fromHex("3082024d308201b6a003020102020827326bd913b7c43d300d06092a864886f70d01010b0500302b31173015060355040a130e476f6f676c652054455354494e473110300e06035504031307476f20526f6f74301e170d3135303130313030303030305a170d3235303130313030303030305a302b31173015060355040a130e476f6f676c652054455354494e473110300e06035504031307476f20526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100f0429a7b9f66a222c8453800452db355b34c4409fee09af2510a6589bfa35bdb4d453200d1de24338d6d5e5a91cc8301628445d6eb4e675927b9c1ea5c0f676acfb0f708ce4f19827e321c1898bf86df9823d5f0b05df2b6779888eff8abbc7f41c6e7d2667386a579b8cbaad3f6fd597cd7c4b187911a425aed1b555c1965190203010001a37a3078300e0603551d0f0101ff040403020204301d0603551d250416301406082b0601050507030106082b06010505070302300f0603551d130101ff040530030101ff30190603551d0e04120410bf3db6a966f2b840cfeab40378481a41301b0603551d23041430128010bf3db6a966f2b840cfeab40378481a41300d06092a864886f70d01010b050003818100586e68c1219ed4f5782b7cfd53cf1a55750a98781b2023f8694bb831fff6d7d4aad1f0ac782b1ec787f00a8956bdd06b4a1063444fcafe955c07d679163a730802c568886a2cf8a3c2ab41176957131c4b9e077ebd7ffbb91fdad8b08b932e9aeefac04923ffdc0aa145563f7f061995317400203578f350e3e566deb29dec5e") 1035 1036 var testECDSACertificate = fromHex("3082020030820162020900b8bf2d47a0d2ebf4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3132313132323135303633325a170d3232313132303135303633325a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746430819b301006072a8648ce3d020106052b81040023038186000400c4a1edbe98f90b4873367ec316561122f23d53c33b4d213dcd6b75e6f6b0dc9adf26c1bcb287f072327cb3642f1c90bcea6823107efee325c0483a69e0286dd33700ef0462dd0da09c706283d881d36431aa9e9731bd96b068c09b23de76643f1a5c7fe9120e5858b65f70dd9bd8ead5d7f5d5ccb9b69f30665b669a20e227e5bffe3b300906072a8648ce3d040103818c0030818802420188a24febe245c5487d1bacf5ed989dae4770c05e1bb62fbdf1b64db76140d311a2ceee0b7e927eff769dc33b7ea53fcefa10e259ec472d7cacda4e970e15a06fd00242014dfcbe67139c2d050ebd3fa38c25c13313830d9406bbd4377af6ec7ac9862eddd711697f857c56defb31782be4c7780daecbbe9e4e3624317b6a0f399512078f2a") 1037 1038 var testSNICertificate = fromHex("308201f23082015da003020102020100300b06092a864886f70d01010530283110300e060355040a130741636d6520436f311430120603550403130b736e69746573742e636f6d301e170d3132303431313137343033355a170d3133303431313137343533355a30283110300e060355040a130741636d6520436f311430120603550403130b736e69746573742e636f6d30819d300b06092a864886f70d01010103818d0030818902818100bb79d6f517b5e5bf4610d0dc69bee62b07435ad0032d8a7a4385b71452e7a5654c2c78b8238cb5b482e5de1f953b7e62a52ca533d6fe125c7a56fcf506bffa587b263fb5cd04d3d0c921964ac7f4549f5abfef427100fe1899077f7e887d7df10439c4a22edb51c97ce3c04c3b326601cfafb11db8719a1ddbdb896baeda2d790203010001a3323030300e0603551d0f0101ff0404030200a0300d0603551d0e0406040401020304300f0603551d2304083006800401020304300b06092a864886f70d0101050381810089c6455f1c1f5ef8eb1ab174ee2439059f5c4259bb1a8d86cdb1d056f56a717da40e95ab90f59e8deaf627c157995094db0802266eb34fc6842dea8a4b68d9c1389103ab84fb9e1f85d9b5d23ff2312c8670fbb540148245a4ebafe264d90c8a4cf4f85b0fac12ac2fc4a3154bad52462868af96c62c6525d652b6e31845bdcc") 1039 1040 var testRSAPrivateKey = &rsa.PrivateKey{ 1041 PublicKey: rsa.PublicKey{ 1042 N: bigFromString("123260960069105588390096594560395120585636206567569540256061833976822892593755073841963170165000086278069699238754008398039246547214989242849418349143232951701395321381739566687846006911427966669790845430647688107009232778985142860108863460556510585049041936029324503323373417214453307648498561956908810892027L"), 1043 E: 65537, 1044 }, 1045 D: bigFromString("73196363031103823625826315929954946106043759818067219550565550066527203472294428548476778865091068522665312037075674791871635825938217363523103946045078950060973913307430314113074463630778799389010335923241901501086246276485964417618981733827707048660375428006201525399194575538037883519254056917253456403553L"), 1046 Primes: []*big.Int{ 1047 bigFromString("11157426355495284553529769521954035649776033703833034489026848970480272318436419662860715175517581249375929775774910501512841707465207184924996975125010787L"), 1048 bigFromString("11047436580963564307160117670964629323534448585520694947919342920137706075617545637058809770319843170934495909554506529982972972247390145716507031692656521L"), 1049 }, 1050 } 1051 1052 var testECDSAPrivateKey = &ecdsa.PrivateKey{ 1053 PublicKey: ecdsa.PublicKey{ 1054 Curve: elliptic.P521(), 1055 X: bigFromString("2636411247892461147287360222306590634450676461695221912739908880441342231985950069527906976759812296359387337367668045707086543273113073382714101597903639351"), 1056 Y: bigFromString("3204695818431246682253994090650952614555094516658732116404513121125038617915183037601737180082382202488628239201196033284060130040574800684774115478859677243"), 1057 }, 1058 D: bigFromString("5477294338614160138026852784385529180817726002953041720191098180813046231640184669647735805135001309477695746518160084669446643325196003346204701381388769751"), 1059 } 1060
