Inicio Explorar Ayuda
Iniciar sesión
txlyre
/
3x-ui
espejo de https://github.com/MHSanaei/3x-ui
1
0
Fork 0
Archivos Incidencias 0 Wiki
Árbol: d882d6aa74
Ramas Etiquetas
3x-ui
/
internal
/
web
/
runtime
/
tls_client_property_test.go

tls_client_property_test.go 2.1 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. package runtime
    2. 

  2. 

  3. import (
    4. 

  4. 	"bytes"
    5. 

  5. 	"crypto/sha256"
    6. 

  6. 	"encoding/base64"
    7. 

  7. 	"encoding/hex"
    8. 

  8. 	"strings"
    9. 

  9. 	"testing"
    10. 

  10. 

  11. 	"pgregory.net/rapid"
    12. 

  12. )
    13. 

  13. 

  14. func insertColons(h string) string {
    15. 

  15. 	var b strings.Builder
    16. 

  16. 	for i := 0; i < len(h); i += 2 {
    17. 

  17. 		if i > 0 {
    18. 

  18. 			b.WriteByte(':')
    19. 

  19. 		}
    20. 

  20. 		b.WriteString(h[i : i+2])
    21. 

  21. 	}
    22. 

  22. 	return b.String()
    23. 

  23. }
    24. 

  24. 

  25. // TestProp_DecodeCertPin_FormatAgnostic asserts that for ANY 32-byte pin, every
    26. 

  26. // accepted encoding (hex lower/upper, openssl colon-hex, base64 std/raw/url) decodes
    27. 

  27. // back to the same bytes. Generalizes the fixed-input TestDecodeCertPin so a mutant
    28. 

  28. // that breaks one decoding path is caught across the whole input space.
    29. 

  29. func TestProp_DecodeCertPin_FormatAgnostic(t *testing.T) {
    30. 

  30. 	rapid.Check(t, func(t *rapid.T) {
    31. 

  31. 		raw := rapid.SliceOfN(rapid.Byte(), sha256.Size, sha256.Size).Draw(t, "raw")
    32. 

  32. 		hx := hex.EncodeToString(raw)
    33. 

  33. 		forms := []string{
    34. 

  34. 			hx,
    35. 

  35. 			strings.ToUpper(hx),
    36. 

  36. 			insertColons(hx),
    37. 

  37. 			base64.StdEncoding.EncodeToString(raw),
    38. 

  38. 			base64.RawStdEncoding.EncodeToString(raw),
    39. 

  39. 			base64.URLEncoding.EncodeToString(raw),
    40. 

  40. 			base64.RawURLEncoding.EncodeToString(raw),
    41. 

  41. 		}
    42. 

  42. 		for _, f := range forms {
    43. 

  43. 			got, err := DecodeCertPin(f)
    44. 

  44. 			if err != nil {
    45. 

  45. 				t.Fatalf("DecodeCertPin(%q) errored: %v", f, err)
    46. 

  46. 			}
    47. 

  47. 			if !bytes.Equal(got, raw) {
    48. 

  48. 				t.Fatalf("DecodeCertPin(%q) = %x, want %x", f, got, raw)
    49. 

  49. 			}
    50. 

  50. 		}
    51. 

  51. 	})
    52. 

  52. }
    53. 

  53. 

  54. // FuzzDecodeCertPin asserts the security-load-bearing decoder never panics, never
    55. 

  55. // returns a non-32-byte slice with a nil error, and never returns bytes alongside an
    56. 

  56. // error. Seeded from the known-good/known-bad cases.
    57. 

  57. func FuzzDecodeCertPin(f *testing.F) {
    58. 

  58. 	seed := sha256.Sum256([]byte("seed"))
    59. 

  59. 	f.Add(hex.EncodeToString(seed[:]))
    60. 

  60. 	f.Add(base64.StdEncoding.EncodeToString(seed[:]))
    61. 

  61. 	f.Add(insertColons(hex.EncodeToString(seed[:])))
    62. 

  62. 	f.Add("")
    63. 

  63. 	f.Add("not-a-pin")
    64. 

  64. 	f.Fuzz(func(t *testing.T, s string) {
    65. 

  65. 		got, err := DecodeCertPin(s)
    66. 

  66. 		if err == nil && len(got) != sha256.Size {
    67. 

  67. 			t.Fatalf("DecodeCertPin(%q): nil error but %d bytes, want %d", s, len(got), sha256.Size)
    68. 

  68. 		}
    69. 

  69. 		if err != nil && got != nil {
    70. 

  70. 			t.Fatalf("DecodeCertPin(%q): error %v but returned bytes %x", s, err, got)
    71. 

  71. 		}
    72. 

  72. 	})
    73. 

  73. }
    74.