diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab4beed..33e63b8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,8 +36,8 @@ jobs: - name: run tests run: | source ~/.bashrc - ./test.sh - ./test_server.sh + ./test_macos.sh + ./test_server_macos.sh # thanks to https://github.com/docker/build-push-action/issues/225 create-container: diff --git a/install_macos.sh b/install_macos.sh index 7a6b622..8df3441 100755 --- a/install_macos.sh +++ b/install_macos.sh @@ -2,8 +2,7 @@ cd `dirname $0` -brew install openssl brew install jq -echo 'PATH=/usr/local/opt/openssl/bin:$PATH' >> ~/.bashrc +brew install curl ./install_zig.sh \ No newline at end of file diff --git a/install_zig.sh b/install_zig.sh index d467d4d..dc5ad05 100755 --- a/install_zig.sh +++ b/install_zig.sh @@ -4,12 +4,21 @@ set -eux # Thanks to https://stackoverflow.com/questions/3466166/how-to-check-if-running-in-cygwin-mac-or-linux unames=$(uname -s) +arch=$(uname -m) case "$unames" in - Linux*) HOST_ARCH="x86_64-linux";; - Darwin*) HOST_ARCH="x86_64-macos";; + Linux*) OS="linux";; + Darwin*) OS="macos";; *) echo "Unknown HOST_ARCH=$(uname -s)"; exit 1;; esac +case "$arch" in + x86_64*) ARCH="x86_64";; + arm64*) ARCH="aarch64";; + *) echo "Unknown $arch"; exit 1;; +esac + +HOST_ARCH="$ARCH-$OS" + ZIG_VERSION=0.13.0 ZIG_VERSIONS=$(curl https://ziglang.org/download/index.json) diff --git a/test.sh b/test.sh index 12af37c..b35e7eb 100755 --- a/test.sh +++ b/test.sh @@ -40,7 +40,7 @@ do echo "Testing $GROUP-$SUITE(with cert $CERT_ALGO)." # Run openssl server - openssl s_server -tls1_3 -accept 8443 -cert cert.pem -key key.pem -www -ciphersuites $SUITE -groups $GROUP & + openssl s_server -tls1_3 -accept 8443 -cert cert.pem -key key.pem -www -cipher $SUITE -groups $GROUP & set +e diff --git a/test_macos.sh b/test_macos.sh new file mode 100755 index 0000000..69ee1e2 --- /dev/null +++ b/test_macos.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +TEST_CERT_ALGORITHM=( + "prime256v1 sha256" + "secp384r1 sha384" +) + +TEST_CIPHER_SUITES=( + "TLS_AES_128_GCM_SHA256" + "TLS_AES_256_GCM_SHA384" + "TLS_CHACHA20_POLY1305_SHA256" +) + +TEST_GROUPS=( + "X25519" + "P-256" +) + +# force to use LibreSSL +OPENSSL="/usr/bin/openssl" + +set -eux + +TMP_FIFO="/tmp/tls13-zig" +rm -rf $TMP_FIFO + +mkfifo $TMP_FIFO + +cd $(dirname $0) + +for CERT_ALGO in "${TEST_CERT_ALGORITHM[@]}" +do + + # Generate testing certificate + set -- $CERT_ALGO + $OPENSSL req -x509 -nodes -days 365 -subj '/C=JP/ST=Kyoto/L=Kyoto/CN=localhost' -newkey ec:<(openssl ecparam -name $1) -nodes -$2 -keyout key.pem -out cert.pem + $OPENSSL x509 -text -noout -in cert.pem + + for GROUP in "${TEST_GROUPS[@]}" + do + for SUITE in "${TEST_CIPHER_SUITES[@]}" + do + echo "Testing $GROUP-$SUITE(with cert $CERT_ALGO)." + + # Run openssl server + $OPENSSL s_server -tls1_3 -accept 8443 -cert cert.pem -key key.pem -www -cipher $SUITE -groups $GROUP & + + set +e + + # Let's test! + NUM_OF_OK=`zig test src/main_test.zig --test-filter 'e2e with early_data' 2>&1 | grep "HTTP/1.0 200 ok" | wc -l` + if [ $? -ne 0 ]; then + echo "failed." + pkill -SIGKILL openssl + exit 1 + fi + + # LibreSSL does not send New Session Ticket. + # The second test must fail + if [ $NUM_OF_OK -ne 1 ]; then + echo "failed. NUM_OF_OK is not 1." + pkill -SIGKILL openssl + exit 1 + fi + echo "OK." + + set -e + + pkill -SIGKILL openssl + + sleep 1 + done + done +done + +rm -rf $TMP_FIFO diff --git a/test_server.sh b/test_server.sh index e805fb7..b66667f 100755 --- a/test_server.sh +++ b/test_server.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -eux +set -eux -o pipefail function cleanup() { set +e @@ -14,15 +14,6 @@ cd $(dirname $0) cd test -# macos uses libressl as an alias for openssl. -# libressl does not have dh parameter x448. -unames=$(uname -s) -case "$unames" in - Linux*) DH_X448="x448:";; - Darwin*) DH_X448="";; - *) echo "Unknown HOST_ARCH=$(uname -s)"; exit 1;; -esac - # Generate testing certificate ./gen_cert.sh @@ -42,63 +33,20 @@ until nc -z localhost 8443; do sleep 1; done echo "READY" curl https://localhost:8443 --tlsv1.3 --insecure | grep tls13-zig -if [ $? -eq 0 ]; then - echo "OK" -else - echo "FAILED" -fi # Testing Hello Retry Request -echo "GET / " | openssl s_client -groups ${DH_X448}X25519 -servername localhost -connect localhost:8443 -ign_eof | grep tls13-zig -if [ $? -eq 0 ]; then - echo "OK" -else - echo "FAILED" -fi - -echo "GET / " | openssl s_client -groups ${DH_X448}secp256r1 -servername localhost -connect localhost:8443 -ign_eof | grep tls13-zig -if [ $? -eq 0 ]; then - echo "OK" -else - echo "FAILED" -fi +echo "GET / " | openssl s_client -groups x448:X25519 -servername localhost -connect localhost:8443 -ign_eof | grep tls13-zig +echo "GET / " | openssl s_client -groups x448:secp256r1 -servername localhost -connect localhost:8443 -ign_eof | grep tls13-zig # Testing Resumption echo "GET / " | openssl s_client -servername localhost -connect localhost:8443 -ign_eof -sess_out sess.pem | grep tls13-zig -if [ $? -eq 0 ]; then - echo "OK" -else - echo "FAILED" -fi - echo "GET / " | openssl s_client -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem | grep tls13-zig -if [ $? -eq 0 ]; then - echo "OK" -else - echo "FAILED" -fi # Testing Resumption with Hello Retry Request -echo "GET / " | openssl s_client -groups ${DH_X448}X25519 -servername localhost -connect localhost:8443 -ign_eof -sess_out sess.pem | grep tls13-zig -if [ $? -eq 0 ]; then - echo "OK" -else - echo "FAILED" -fi - -echo "GET / " | openssl s_client -groups ${DH_X448}X25519 -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem | grep tls13-zig -if [ $? -eq 0 ]; then - echo "OK" -else - echo "FAILED" -fi +echo "GET / " | openssl s_client -groups x448:X25519 -servername localhost -connect localhost:8443 -ign_eof -sess_out sess.pem | grep tls13-zig +echo "GET / " | openssl s_client -groups x448:X25519 -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem | grep tls13-zig # Testing 0-RTT Data echo "GET / " > early_data.txt RESULT=$(openssl s_client -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem -early_data early_data.txt) echo $RESULT | grep "Early data was accepted.*tls13-zig" > /dev/null -if [ $? -eq 0 ]; then - echo "OK" -else - echo "FAILED" -fi \ No newline at end of file diff --git a/test_server_macos.sh b/test_server_macos.sh new file mode 100755 index 0000000..340a0b3 --- /dev/null +++ b/test_server_macos.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +set -eux -o pipefail + +# force to use brew's curl +CURL="/opt/homebrew/opt/curl/bin/curl" + +# force to use LibreSSL +OPENSSL="/usr/bin/openssl" + +function cleanup() { + set +e + kill $ZIG_SERVER_PID + echo "exit" +} + +trap cleanup EXIT + +cd $(dirname $0) + +cd test + +# macos uses libressl as an alias for openssl. +# libressl does not have dh parameter x448. +unames=$(uname -s) +case "$unames" in + Linux*) DH_X448="x448:";; + Darwin*) DH_X448="";; + *) echo "Unknown HOST_ARCH=$(uname -s)"; exit 1;; +esac + +# Generate testing certificate +./gen_cert.sh + +cd ../ + +# Checking memory leak +until nc -z localhost 8443; do sleep 1; done && curl https://localhost:8443 --insecure & +zig test src/main_test_server.zig --test-filter 'e2e server' +echo "Memory leak check passed" + +zig run src/main_test_server.zig & +ZIG_SERVER_PID=$! + +# wait for server becoming ready +until nc -z localhost 8443; do sleep 1; done + +echo "READY" + +$CURL https://localhost:8443 --tlsv1.3 --insecure | grep tls13-zig + +# Testing Resumption +echo "GET / " | $OPENSSL s_client -servername localhost -connect localhost:8443 -ign_eof -sess_out sess.pem | grep tls13-zig +echo "GET / " | $OPENSSL s_client -servername localhost -connect localhost:8443 -ign_eof -sess_in sess.pem | grep tls13-zig