Source file src/golang.org/x/net/quic/tlsconfig_test.go

Documentation: golang.org/x/net/quic

     1  // Copyright 2023 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  //go:build go1.21
     6  
     7  package quic
     8  
     9  import (
    10  	"crypto/tls"
    11  	"strings"
    12  )
    13  
    14  func newTestTLSConfig(side connSide) *tls.Config {
    15  	config := &tls.Config{
    16  		InsecureSkipVerify: true,
    17  		CipherSuites: []uint16{
    18  			tls.TLS_AES_128_GCM_SHA256,
    19  			tls.TLS_AES_256_GCM_SHA384,
    20  			tls.TLS_CHACHA20_POLY1305_SHA256,
    21  		},
    22  		MinVersion: tls.VersionTLS13,
    23  		// Default key exchange mechanisms as of Go 1.23 minus X25519Kyber768Draft00,
    24  		// which bloats the client hello enough to spill into a second datagram.
    25  		// Tests were written with the assuption each flight in the handshake
    26  		// fits in one datagram, and it's simpler to keep that property.
    27  		CurvePreferences: []tls.CurveID{
    28  			tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521,
    29  		},
    30  	}
    31  	if side == serverSide {
    32  		config.Certificates = []tls.Certificate{testCert}
    33  	}
    34  	return config
    35  }
    36  
    37  // newTestTLSConfigWithMoreDefaults returns a *tls.Config for testing
    38  // which behaves more like a default, empty config.
    39  //
    40  // In particular, it uses the default curve preferences, which can increase
    41  // the size of the handshake.
    42  func newTestTLSConfigWithMoreDefaults(side connSide) *tls.Config {
    43  	config := newTestTLSConfig(side)
    44  	config.CipherSuites = nil
    45  	config.CurvePreferences = nil
    46  	return config
    47  }
    48  
    49  var testCert = func() tls.Certificate {
    50  	cert, err := tls.X509KeyPair(localhostCert, localhostKey)
    51  	if err != nil {
    52  		panic(err)
    53  	}
    54  	return cert
    55  }()
    56  
    57  // localhostCert is a PEM-encoded TLS cert with SAN IPs
    58  // "127.0.0.1" and "[::1]", expiring at Jan 29 16:00:00 2084 GMT.
    59  // generated from src/crypto/tls:
    60  // go run generate_cert.go  --ecdsa-curve P256 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
    61  var localhostCert = []byte(`-----BEGIN CERTIFICATE-----
    62  MIIBrDCCAVKgAwIBAgIPCvPhO+Hfv+NW76kWxULUMAoGCCqGSM49BAMCMBIxEDAO
    63  BgNVBAoTB0FjbWUgQ28wIBcNNzAwMTAxMDAwMDAwWhgPMjA4NDAxMjkxNjAwMDBa
    64  MBIxEDAOBgNVBAoTB0FjbWUgQ28wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARh
    65  WRF8p8X9scgW7JjqAwI9nYV8jtkdhqAXG9gyEgnaFNN5Ze9l3Tp1R9yCDBMNsGms
    66  PyfMPe5Jrha/LmjgR1G9o4GIMIGFMA4GA1UdDwEB/wQEAwIChDATBgNVHSUEDDAK
    67  BggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSOJri/wLQxq6oC
    68  Y6ZImms/STbTljAuBgNVHREEJzAlggtleGFtcGxlLmNvbYcEfwAAAYcQAAAAAAAA
    69  AAAAAAAAAAAAATAKBggqhkjOPQQDAgNIADBFAiBUguxsW6TGhixBAdORmVNnkx40
    70  HjkKwncMSDbUaeL9jQIhAJwQ8zV9JpQvYpsiDuMmqCuW35XXil3cQ6Drz82c+fvE
    71  -----END CERTIFICATE-----`)
    72  
    73  // localhostKey is the private key for localhostCert.
    74  var localhostKey = []byte(testingKey(`-----BEGIN TESTING KEY-----
    75  MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgY1B1eL/Bbwf/MDcs
    76  rnvvWhFNr1aGmJJR59PdCN9lVVqhRANCAARhWRF8p8X9scgW7JjqAwI9nYV8jtkd
    77  hqAXG9gyEgnaFNN5Ze9l3Tp1R9yCDBMNsGmsPyfMPe5Jrha/LmjgR1G9
    78  -----END TESTING KEY-----`))
    79  
    80  // testingKey helps keep security scanners from getting excited about a private key in this file.
    81  func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }
    82  

View as plain text