Mercurial > hg > nginx-tests
comparison quic_ciphers.t @ 1911:2c5ae1e75db4
Tests: tests for TLSv1.3 ciphers in QUIC connections.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 13 Jun 2023 18:43:10 +0400 |
| parents | |
| children | f61d1b4ac638 |
comparison
equal
deleted
inserted
replaced
| 1910:e0b53fbdb5cf | 1911:2c5ae1e75db4 |
|---|---|
| 1 #!/usr/bin/perl | |
| 2 | |
| 3 # (C) Sergey Kandaurov | |
| 4 # (C) Nginx, Inc. | |
| 5 | |
| 6 # Tests for various TLSv1.3 ciphers in QUIC. | |
| 7 | |
| 8 ############################################################################### | |
| 9 | |
| 10 use warnings; | |
| 11 use strict; | |
| 12 | |
| 13 use Test::More; | |
| 14 | |
| 15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
| 16 | |
| 17 use lib 'lib'; | |
| 18 use Test::Nginx; | |
| 19 use Test::Nginx::HTTP3; | |
| 20 | |
| 21 ############################################################################### | |
| 22 | |
| 23 select STDERR; $| = 1; | |
| 24 select STDOUT; $| = 1; | |
| 25 | |
| 26 my $t = Test::Nginx->new()->has(qw/http http_v3 cryptx/) | |
| 27 ->has_daemon('openssl')->plan(5); | |
| 28 | |
| 29 $t->write_file_expand('nginx.conf', <<'EOF'); | |
| 30 | |
| 31 %%TEST_GLOBALS%% | |
| 32 | |
| 33 daemon off; | |
| 34 | |
| 35 events { | |
| 36 } | |
| 37 | |
| 38 http { | |
| 39 %%TEST_GLOBALS_HTTP%% | |
| 40 | |
| 41 ssl_certificate_key localhost.key; | |
| 42 ssl_certificate localhost.crt; | |
| 43 | |
| 44 server { | |
| 45 listen 127.0.0.1:%%PORT_8980_UDP%% quic; | |
| 46 server_name localhost; | |
| 47 | |
| 48 location / { | |
| 49 add_header x-cipher $ssl_cipher; | |
| 50 add_header x-ciphers $ssl_ciphers; | |
| 51 } | |
| 52 } | |
| 53 } | |
| 54 | |
| 55 EOF | |
| 56 | |
| 57 $t->write_file('openssl.conf', <<EOF); | |
| 58 [ req ] | |
| 59 default_bits = 2048 | |
| 60 encrypt_key = no | |
| 61 distinguished_name = req_distinguished_name | |
| 62 [ req_distinguished_name ] | |
| 63 EOF | |
| 64 | |
| 65 my $d = $t->testdir(); | |
| 66 | |
| 67 foreach my $name ('localhost') { | |
| 68 system('openssl req -x509 -new ' | |
| 69 . "-config $d/openssl.conf -subj /CN=$name/ " | |
| 70 . "-out $d/$name.crt -keyout $d/$name.key " | |
| 71 . ">>$d/openssl.out 2>&1") == 0 | |
| 72 or die "Can't create certificate for $name: $!\n"; | |
| 73 } | |
| 74 | |
| 75 $t->write_file('index.html', ''); | |
| 76 $t->run(); | |
| 77 | |
| 78 ############################################################################### | |
| 79 | |
| 80 my ($s, $sid, $frames, $frame); | |
| 81 | |
| 82 is(get("\x13\x01"), 'TLS_AES_128_GCM_SHA256', 'TLS_AES_128_GCM_SHA256'); | |
| 83 is(get("\x13\x02"), 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384'); | |
| 84 is(get("\x13\x03"), 'TLS_CHACHA20_POLY1305_SHA256', | |
| 85 'TLS_CHACHA20_POLY1305_SHA256'); | |
| 86 | |
| 87 # TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 | |
| 88 | |
| 89 is(get("\x13\x02\x13\x01"), 'TLS_AES_256_GCM_SHA384', 'ciphers many'); | |
| 90 | |
| 91 TODO: { | |
| 92 local $TODO = 'CCM cipher disabled'; | |
| 93 | |
| 94 is(get("\x13\x04\x13\x01"), 'TLS_AES_128_CCM_SHA256', 'TLS_AES_128_CCM_SHA256'); | |
| 95 | |
| 96 } | |
| 97 | |
| 98 ############################################################################### | |
| 99 | |
| 100 sub get { | |
| 101 my ($ciphers) = @_; | |
| 102 my $s = Test::Nginx::HTTP3->new(8980, ciphers => $ciphers); | |
| 103 my $frames = $s->read(all => [{ sid => $s->new_stream(), fin => 1 }]); | |
| 104 | |
| 105 ($frame) = grep { $_->{type} eq "HEADERS" } @$frames; | |
| 106 return $frame->{headers}->{'x-cipher'}; | |
| 107 } | |
| 108 | |
| 109 ############################################################################### |