[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [meek/utls_2] Additional utls tests.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [meek/utls_2] Additional utls tests.
From: dcf@xxxxxxxxxxxxxx
Date: Thu, 7 Feb 2019 01:45:37 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 06 Feb 2019 20:45:54 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: David Fifield <david@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 9da4bcbabb46e32ae953003ee6ac63bd29a552f0
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date:   Wed Feb 6 18:24:40 2019 -0700

    Additional utls tests.
---
 meek-client/utls_test.go | 70 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/meek-client/utls_test.go b/meek-client/utls_test.go
index 8607604..2eb72af 100644
--- a/meek-client/utls_test.go
+++ b/meek-client/utls_test.go
@@ -46,6 +46,29 @@ func TestCopyPublicFieldsHTTPTransport(t *testing.T) {
 	}
 }
 
+// Test that the name lookup of NewUTLSRoundTripper is case-insensitive.
+func TestNewUTLSRoundTripperCase(t *testing.T) {
+	mixed, err := NewUTLSRoundTripper("HelloFirefox_Auto", nil, nil)
+	if err != nil {
+		t.Fatalf("error on %q: %v", "HelloFirefox_Auto", err)
+	}
+	upper, err := NewUTLSRoundTripper("HELLOFIREFOX_AUTO", nil, nil)
+	if err != nil {
+		t.Fatalf("error on %q: %v", "HELLOFIREFOX_AUTO", err)
+	}
+	lower, err := NewUTLSRoundTripper("hellofirefox_auto", nil, nil)
+	if err != nil {
+		t.Fatalf("error on %q: %v", "hellofirefox_auto", err)
+	}
+	if mixed.(*UTLSRoundTripper).clientHelloID != upper.(*UTLSRoundTripper).clientHelloID ||
+		upper.(*UTLSRoundTripper).clientHelloID != lower.(*UTLSRoundTripper).clientHelloID {
+		t.Fatalf("mismatch %p %p %p",
+			mixed.(*UTLSRoundTripper).clientHelloID,
+			upper.(*UTLSRoundTripper).clientHelloID,
+			lower.(*UTLSRoundTripper).clientHelloID)
+	}
+}
+
 // Return a byte slice which is the ClientHello sent when rt does a RoundTrip.
 // Opens a temporary listener on an ephemeral port on localhost. The host you
 // provide can be an IP address like "127.0.0.1" or a name like "localhost", but
@@ -100,6 +123,53 @@ func clientHelloResultingFromRoundTrip(t *testing.T, host string, rt *UTLSRoundT
 	return <-ch, nil
 }
 
+// Test that a uTLS RoundTripper actually does something to the TLS Client
+// Hello. We don't check all the ClientHelloIDs; this is just a guard against a
+// catastrophic incompatibility or something else that makes uTLS stop working.
+func TestUTLSClientHello(t *testing.T) {
+	// We use HelloIOS_11_1 because its lengthy ALPN means we will not
+	// confuse it with a native Go fingerprint, and lack of GREASE means we
+	// do not have to account for many variations.
+	rt, err := NewUTLSRoundTripper("HelloIOS_11_1", &utls.Config{InsecureSkipVerify: true, ServerName: "localhost"}, nil)
+	if err != nil {
+		panic(err)
+	}
+
+	buf, err := clientHelloResultingFromRoundTrip(t, "127.0.0.1", rt.(*UTLSRoundTripper))
+	// A poor man's regexp matching because the regexp package only works on
+	// UTF-8â??encoded strings, not arbitrary byte slices. Every byte matches
+	// itself, except '.' which matches anything. NB '.' and '\x2e' are the
+	// same.
+	pattern := "" +
+		// Handshake, Client Hello, TLS 1.2, Client Random
+		"\x16\x03\x01\x01\x01\x01\x00\x00\xfd\x03\x03................................" +
+		// Session ID
+		"\x20................................" +
+		// Ciphersuites and compression methods
+		"\x00\x28\xc0\x2c\xc0\x2b\xc0\x24\xc0\x23\xc0\x0a\xc0\x09\xcc\xa9\xc0\x30\xc0\x2f\xc0\x28\xc0\x27\xc0\x14\xc0\x13\xcc\xa8\x00\x9d\x00\x9c\x00\x3d\x00\x3c\x00\x35\x00\x2f\x01\x00" +
+		// Extensions
+		"\x00\x8c\xff\x01\x00\x01\x00" +
+		"\x00\x00\x00\x0e\x00\x0c\x00\x00\x09localhost" +
+		"\x00\x17\x00\x00" +
+		"\x00\x0d\x00\x14\x00\x12\x04\x03\x08\x04\x04\x01\x05\x03\x08\x05\x05\x01\x08\x06\x06\x01\x02\x01" +
+		"\x00\x05\x00\x05\x01\x00\x00\x00\x00" +
+		"\x33\x74\x00\x00" +
+		"\x00\x12\x00\x00" +
+		"\x00\x10\x00\x30\x00\x2e\x02\x68\x32\x05\x68\x32\x2d\x31\x36\x05\x68\x32\x2d\x31\x35\x05\x68\x32\x2d\x31\x34\x08\x73\x70\x64\x79\x2f\x33\x2e\x31\x06\x73\x70\x64\x79\x2f\x33\x08\x68\x74\x74\x70\x2f\x31\x2e\x31" +
+		"\x00\x0b\x00\x02\x01\x00" +
+		"\x00\x0a\x00\x0a\x00\x08\x00\x1d\x00\x17\x00\x18\x00\x19"
+	if len(buf) != len(pattern) {
+		t.Errorf("fingerprint was not as expected: %+q", buf)
+	}
+	for i := 0; i < len(pattern); i++ {
+		a := buf[i]
+		b := pattern[i]
+		if b != '.' && a != b {
+			t.Fatalf("fingerprint mismatch a position %v: %+q", i, buf)
+		}
+	}
+}
+
 func TestUTLSServerName(t *testing.T) {
 	const clientHelloIDName = "HelloFirefox_63"

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [meek/webextension] Change --invisible to --headless in the firefox command.
Next by Author: [tor-commits] [meek/utls_2] Update meek-client.1 with uTLS proxy support.
Previous by thread: [tor-commits] [meek/utls_2] Don't panic in test goroutines.
Next by thread: [tor-commits] [meek/utls_2] Reminder to update the man page with utls updates.
Index(es):
- Author
- Thread