package mint import ( "bytes" "encoding/hex" "testing" ) var ( // Extension test cases extValidIn = Extension{ ExtensionType: ExtensionType(0x000a), ExtensionData: []byte{0xf0, 0xf1, 0xf2, 0xf3, 0xf4}, } extEmptyIn = Extension{ ExtensionType: ExtensionType(0x000a), ExtensionData: []byte{}, } extTooLongIn = Extension{ ExtensionType: ExtensionType(0x000a), ExtensionData: bytes.Repeat([]byte{0}, maxExtensionDataLen+1), } extValidHex = "000a0005f0f1f2f3f4" extEmptyHex = "000a0000" extNoHeaderHex = "000a00" extNoDataHex = "000a000af0f1f2" // Extension list test cases extHalfLengthPlus = Extension{ ExtensionType: ExtensionType(0x000a), ExtensionData: bytes.Repeat([]byte{0}, (maxExtensionDataLen/2)+1), } extListValidIn = ExtensionList{extValidIn, extEmptyIn} extListSingleTooLongIn = ExtensionList{extTooLongIn, extEmptyIn} extListTooLongIn = ExtensionList{extHalfLengthPlus, extHalfLengthPlus} extListValidHex = "000d000a0005f0f1f2f3f4000a0000" // supported_groups x 2 (not really valid) extListEmptyHex = "0000" extListNoHeaderHex = "00" extListOverflowOuterHex = "0020000a0005f0f1f2f3f4000a0005f0f1f2f3f4" extListOverflowInnerHex = "0012000a0005f0f1f2f3f4000a0010f0f1f2f3f4" // Add/Find test cases keyShareServerRaw = unhex(keyShareServerHex) keyShareClientRaw = unhex(keyShareClientHex) keyShareInvalidRaw = unhex(keyShareInvalidHex) extListKeyShareIn = ExtensionList{ Extension{ ExtensionType: ExtensionTypeKeyShare, ExtensionData: keyShareServerRaw, }, } extListKeyShareClientIn = ExtensionList{ Extension{ ExtensionType: ExtensionTypeKeyShare, ExtensionData: keyShareClientRaw, }, } extListInvalidIn = ExtensionList{ Extension{ ExtensionType: ExtensionTypeKeyShare, ExtensionData: keyShareInvalidRaw, }, } // KeyShare test cases len256 = keyExchangeSizeFromNamedGroup(P256) len521 = keyExchangeSizeFromNamedGroup(P521) p256 = bytes.Repeat([]byte{0}, len256) p521 = bytes.Repeat([]byte{0}, len521) keyShareClientIn = &KeyShareExtension{ HandshakeType: HandshakeTypeClientHello, Shares: []KeyShareEntry{ {Group: P256, KeyExchange: p256}, {Group: P521, KeyExchange: p521}, }, } keyShareHelloRetryIn = &KeyShareExtension{ HandshakeType: HandshakeTypeHelloRetryRequest, SelectedGroup: P256, } keyShareServerIn = &KeyShareExtension{ HandshakeType: HandshakeTypeServerHello, Shares: []KeyShareEntry{ {Group: P256, KeyExchange: p256}, }, } keyShareInvalidIn = &KeyShareExtension{ HandshakeType: HandshakeTypeServerHello, Shares: []KeyShareEntry{ {Group: P256, KeyExchange: []byte{0}}, }, } keyShareClientHex = "00ce" + "00170041" + hex.EncodeToString(p256) + "00190085" + hex.EncodeToString(p521) keyShareHelloRetryHex = "0017" keyShareServerHex = "00170041" + hex.EncodeToString(p256) keyShareInvalidHex = "0006001700020000" // PSK test cases pskClientHex = "000a" + "00040102030405060708" + "0021" + "20" + "A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0" pskClientUnbalancedHex = "0014" + "00040102030405060708" + "00040102030405060708" + "0021" + "20" + "A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0" pskServerHex = "0002" pskClientIn = &PreSharedKeyExtension{ HandshakeType: HandshakeTypeClientHello, Identities: []PSKIdentity{ { Identity: []byte{0x01, 0x02, 0x03, 0x04}, ObfuscatedTicketAge: 0x05060708, }, }, Binders: []PSKBinderEntry{ { Binder: bytes.Repeat([]byte{0xA0}, 32), }, }, } pskServerIn = &PreSharedKeyExtension{ HandshakeType: HandshakeTypeServerHello, SelectedIdentity: 2, } pskInvalidIn = &PreSharedKeyExtension{ HandshakeType: HandshakeTypeHelloRetryRequest, } // SNI test cases (pre-declared so that we can take references in the test case) serverNameRaw = "example.com" serverNameIn = ServerNameExtension(serverNameRaw) // SupportedVersions text cases supportedVersionsClientIn = &SupportedVersionsExtension{ HandshakeType: HandshakeTypeClientHello, Versions: []uint16{0x0300, 0x0304}, } supportedVersionsServerIn = &SupportedVersionsExtension{ HandshakeType: HandshakeTypeServerHello, Versions: []uint16{0x0300}, } supportedVersionsClientHex = "0403000304" supportedVersionsServerHex = "0300" ) var validExtensionTestCases = map[ExtensionType]struct { blank ExtensionBody unmarshaled ExtensionBody marshaledHex string }{ // ServerName ExtensionTypeServerName: { blank: new(ServerNameExtension), unmarshaled: &serverNameIn, marshaledHex: "000e00000b6578616d706c652e636f6d", }, // SupportedGroups ExtensionTypeSupportedGroups: { blank: &SupportedGroupsExtension{}, unmarshaled: &SupportedGroupsExtension{ Groups: []NamedGroup{P256, P384}, }, marshaledHex: "000400170018", }, // SignatureAlgorithms ExtensionTypeSignatureAlgorithms: { blank: &SignatureAlgorithmsExtension{}, unmarshaled: &SignatureAlgorithmsExtension{ Algorithms: []SignatureScheme{ RSA_PSS_SHA256, ECDSA_P256_SHA256, }, }, marshaledHex: "000408040403", }, // ALPN ExtensionTypeALPN: { blank: &ALPNExtension{}, unmarshaled: &ALPNExtension{ Protocols: []string{"http/1.1", "h2"}, }, marshaledHex: "000c08687474702f312e31026832", }, // Omitted: KeyShare (depends on HandshakeType) // Omitted: PreSharedKey (depends on HandshakeType) // Omitted: SupportedVersions (depends on HandshakeType) // EarlyData ExtensionTypeEarlyData: { blank: &EarlyDataExtension{}, unmarshaled: &EarlyDataExtension{}, marshaledHex: "", }, // Cookie ExtensionTypeCookie: { blank: &CookieExtension{}, unmarshaled: &CookieExtension{ Cookie: []byte{0x01, 0x02, 0x03, 0x04}, }, marshaledHex: "000401020304", }, // PskKeyExchangeModes ExtensionTypePSKKeyExchangeModes: { blank: &PSKKeyExchangeModesExtension{}, unmarshaled: &PSKKeyExchangeModesExtension{ KEModes: []PSKKeyExchangeMode{ PSKModeKE, PSKModeDHEKE, }, }, marshaledHex: "020001", }, // TicketEarlyDataInfo ExtensionTypeTicketEarlyDataInfo: { blank: &TicketEarlyDataInfoExtension{}, unmarshaled: &TicketEarlyDataInfoExtension{ MaxEarlyDataSize: 0x01020304, }, marshaledHex: "01020304", }, } func TestExtensionBodyMarshalUnmarshal(t *testing.T) { for extType, test := range validExtensionTestCases { marshaled := unhex(test.marshaledHex) // Test extension type assertEquals(t, test.unmarshaled.Type(), extType) // Test successful marshal out, err := test.unmarshaled.Marshal() assertNotError(t, err, "Failed to marshal valid extension") assertByteEquals(t, out, marshaled) // Test successful unmarshal read, err := test.blank.Unmarshal(marshaled) assertNotError(t, err, "Failed to unmarshal valid extension") assertDeepEquals(t, test.blank, test.unmarshaled) assertEquals(t, read, len(marshaled)) } } func TestExtensionMarshalUnmarshal(t *testing.T) { extValid := unhex(extValidHex) extEmpty := unhex(extEmptyHex) extNoHeader := unhex(extNoHeaderHex) extNoData := unhex(extNoDataHex) // Test successful marshal out, err := extValidIn.Marshal() assertNotError(t, err, "Failed to marshal valid extension") assertByteEquals(t, out, extValid) // Test marshal failure on extension data too long out, err = extTooLongIn.Marshal() assertError(t, err, "Marshaled an extension with too much data") // Test successful unmarshal var ext Extension extLen, err := ext.Unmarshal(extValid) assertNotError(t, err, "Failed to unmarshal valid extension") assertEquals(t, extLen, len(extValid)) assertEquals(t, ext.ExtensionType, extValidIn.ExtensionType) assertByteEquals(t, ext.ExtensionData, extValidIn.ExtensionData) // Test successful unmarshal of the empty extension extLen, err = ext.Unmarshal(extEmpty) assertNotError(t, err, "Failed to unmarshal valid extension") assertEquals(t, extLen, len(extEmpty)) assertEquals(t, ext.ExtensionType, extValidIn.ExtensionType) assertEquals(t, len(ext.ExtensionData), 0) // Test unmarshal failure on no header extLen, err = ext.Unmarshal(extNoHeader) assertError(t, err, "Unmarshaled an extension with no header") assertEquals(t, extLen, 0) // Test unmarshal failure on too little data extLen, err = ext.Unmarshal(extNoData) assertError(t, err, "Unmarshaled an extension with insufficient data") assertEquals(t, extLen, 0) } func TestExtensionListMarshalUnmarshal(t *testing.T) { extListValid := unhex(extListValidHex) extListEmpty := unhex(extListEmptyHex) extListNoHeader := unhex(extListNoHeaderHex) extListOverflowOuter := unhex(extListOverflowOuterHex) extListOverflowInner := unhex(extListOverflowInnerHex) // Test successful marshal out, err := extListValidIn.Marshal() assertNotError(t, err, "Failed to marshal valid extension list") assertByteEquals(t, out, extListValid) // Test marshal failiure on a single extension too long out, err = extListSingleTooLongIn.Marshal() assertError(t, err, "Marshaled an extension list with a too-long extension") // Test marshal failure on extensions data too long out, err = extListTooLongIn.Marshal() assertError(t, err, "Marshaled an extension list that's too long") // Test successful unmarshal var extList ExtensionList extLen, err := extList.Unmarshal(extListValid) assertNotError(t, err, "Failed to unmarshal a valid extension list") assertEquals(t, extLen, len(extListValid)) assertDeepEquals(t, extList, extListValidIn) // Test successful marshal of the empty list extLen, err = extList.Unmarshal(extListEmpty) assertNotError(t, err, "Failed to unmarshal a valid extension list") assertEquals(t, extLen, len(extListEmpty)) assertDeepEquals(t, extList, ExtensionList{}) // Test unmarshal failure on no header extLen, err = extList.Unmarshal(extListNoHeader) assertError(t, err, "Unmarshaled a list with no header") // Test unmarshal failure on incorrect outer length extLen, err = extList.Unmarshal(extListOverflowOuter) assertError(t, err, "Unmarshaled a list a too-long outer length") // Test unmarhsal failure on incorrect inner length extLen, err = extList.Unmarshal(extListOverflowInner) assertError(t, err, "Unmarshaled a list a too-long inner length") } func TestExtensionAdd(t *testing.T) { // Test successful add el := ExtensionList{} err := el.Add(keyShareServerIn) assertNotError(t, err, "Failed to add valid extension") assertDeepEquals(t, el, extListKeyShareIn) // Test successful add to a nil list var elp *ExtensionList err = elp.Add(keyShareServerIn) assertNotError(t, err, "Failed to add valid extension") // Test successful replace err = el.Add(keyShareClientIn) assertNotError(t, err, "Failed to replace extension") assertDeepEquals(t, el, extListKeyShareClientIn) // Test add failure on marshal failure el = ExtensionList{} err = el.Add(keyShareInvalidIn) assertError(t, err, "Added an invalid extension") } func TestExtensionFind(t *testing.T) { // Test successful find ks := KeyShareExtension{HandshakeType: HandshakeTypeServerHello} found, err := extListKeyShareIn.Find(&ks) assertNotError(t, err, "Failed to parse valid extension") assert(t, found, "Failed to find a valid extension") // Test find failure on absent extension var sg SupportedGroupsExtension found, err = extListKeyShareIn.Find(&sg) assertNotError(t, err, "Error on missing extension") assert(t, !found, "Found an extension that's not present") // Test find failure on unmarshal failure found, err = extListInvalidIn.Find(&ks) assert(t, found, "Didn't found an extension that's not valid") assertError(t, err, "Parsed an invalid extension") } func TestExtensionParse(t *testing.T) { // Parse cases validExtensions := ExtensionList{ Extension{ ExtensionType: ExtensionTypeKeyShare, ExtensionData: keyShareClientRaw, }, Extension{ ExtensionType: ExtensionTypeSupportedVersions, ExtensionData: unhex(supportedVersionsClientHex), }, } // In template ks := &KeyShareExtension{HandshakeType: HandshakeTypeClientHello} sv := &SupportedVersionsExtension{HandshakeType: HandshakeTypeClientHello} extensionsIn := []ExtensionBody{ks, sv} found, err := validExtensions.Parse(extensionsIn) assertNotError(t, err, "Failed to parse valid extensions") assert(t, found[ExtensionTypeKeyShare], "Failed to find key share") assert(t, found[ExtensionTypeSupportedVersions], "Failed to find supported versions") // Now a version with an error sv.HandshakeType = HandshakeTypeServerHello found, err = validExtensions.Parse(extensionsIn) assertError(t, err, "Parsed bogus extension") assertEquals(t, len(found), 0) sv.HandshakeType = HandshakeTypeClientHello // Two copies. dupExtensions := append(validExtensions, Extension{ ExtensionType: ExtensionTypeSupportedVersions, ExtensionData: unhex(supportedVersionsClientHex), }, ) found, err = dupExtensions.Parse(extensionsIn) assertError(t, err, "Parsed duplicate extension") assertEquals(t, len(found), 0) } func TestServerNameMarshalUnmarshal(t *testing.T) { serverNameHex := validExtensionTestCases[ExtensionTypeServerName].marshaledHex serverName := unhex(serverNameHex) // Test unmarshal failure on underlying unmarshal failure var sni ServerNameExtension _, err := sni.Unmarshal(serverName[:1]) assertError(t, err, "Unmarshaled a truncated ServerName") // Test unmarshal failure on a name that is not a host_name serverName[2]++ _, err = sni.Unmarshal(serverName) assertError(t, err, "Unmarshaled a ServerName that was not a host_name") serverName[2]-- } func TestSupportedVersionsMarshalUnmarshal(t *testing.T) { supportedVersionsClient := unhex(supportedVersionsClientHex) supportedVersionsServer := unhex(supportedVersionsServerHex) // Test extension type assertEquals(t, SupportedVersionsExtension{}.Type(), ExtensionTypeSupportedVersions) // Test successful marshal (client side) out, err := supportedVersionsClientIn.Marshal() assertNotError(t, err, "Failed to marshal valid SupportedVersions (client)") assertByteEquals(t, out, supportedVersionsClient) // Test successful marshal (server side) out, err = supportedVersionsServerIn.Marshal() assertNotError(t, err, "Failed to marshal valid SupportedVersions (server)") assertByteEquals(t, out, supportedVersionsServer) // Test marshal failure on an unsupported handshake type supportedVersionsServerIn.HandshakeType = HandshakeTypeCertificate out, err = supportedVersionsServerIn.Marshal() assertError(t, err, "Marshaled key an unsupported handshake type") supportedVersionsServerIn.HandshakeType = HandshakeTypeServerHello // Test successful unmarshal (client) sv := SupportedVersionsExtension{HandshakeType: HandshakeTypeClientHello} read, err := sv.Unmarshal(supportedVersionsClient) assertNotError(t, err, "Failed to unmarshal valid SupportedVersions (client)") assertDeepEquals(t, &sv, supportedVersionsClientIn) assertEquals(t, read, len(supportedVersionsClient)) // Test successful unmarshal (server) sv = SupportedVersionsExtension{HandshakeType: HandshakeTypeServerHello} read, err = sv.Unmarshal(supportedVersionsServer) assertNotError(t, err, "Failed to unmarshal valid SupportedVersions (server)") assertDeepEquals(t, &sv, supportedVersionsServerIn) assertEquals(t, read, len(supportedVersionsServer)) // Test unmarshal failure on underlying unmarshal failure (client) sv = SupportedVersionsExtension{HandshakeType: HandshakeTypeClientHello} read, err = sv.Unmarshal(supportedVersionsClient[:1]) assertError(t, err, "Unmarshaled a SupportedVersions without a length") // Test unmarshal failure on underlying unmarshal failure (server) sv = SupportedVersionsExtension{HandshakeType: HandshakeTypeServerHello} read, err = sv.Unmarshal(supportedVersionsServer[:1]) assertError(t, err, "Unmarshaled a SupportedVersions that's too short") } func TestKeyShareMarshalUnmarshal(t *testing.T) { keyShareClient := unhex(keyShareClientHex) keyShareHelloRetry := unhex(keyShareHelloRetryHex) keyShareServer := unhex(keyShareServerHex) keyShareInvalid := unhex(keyShareInvalidHex) // Test extension type assertEquals(t, KeyShareExtension{}.Type(), ExtensionTypeKeyShare) // Test successful marshal (client side) out, err := keyShareClientIn.Marshal() assertNotError(t, err, "Failed to marshal valid KeyShare (client)") assertByteEquals(t, out, keyShareClient) // Test successful marshal (hello retry) out, err = keyShareHelloRetryIn.Marshal() assertNotError(t, err, "Failed to marshal valid KeyShare (hello retry)") assertByteEquals(t, out, keyShareHelloRetry) // Test successful marshal (server side) out, err = keyShareServerIn.Marshal() assertNotError(t, err, "Failed to marshal valid KeyShare (server)") assertByteEquals(t, out, keyShareServer) // Test marshal failure on HRR trying to send shares keyShareClientIn.HandshakeType = HandshakeTypeHelloRetryRequest out, err = keyShareClientIn.Marshal() assertError(t, err, "Marshaled key shares for hello retry request") keyShareClientIn.HandshakeType = HandshakeTypeClientHello // Test marshal failure on server trying to send multiple keyShareClientIn.HandshakeType = HandshakeTypeServerHello out, err = keyShareClientIn.Marshal() assertError(t, err, "Marshaled multiple key shares for server") keyShareClientIn.HandshakeType = HandshakeTypeClientHello // Test marshal failure on an incorrect key share size (server) out, err = keyShareInvalidIn.Marshal() assertError(t, err, "Marshaled a server key share with a wrong-size key") // Test marshal failure on an incorrect key share size (client) keyShareInvalidIn.HandshakeType = HandshakeTypeClientHello out, err = keyShareInvalidIn.Marshal() assertError(t, err, "Marshaled key shares for hello retry request") keyShareInvalidIn.HandshakeType = HandshakeTypeServerHello // Test marshal failure on an unsupported handshake type keyShareInvalidIn.HandshakeType = HandshakeTypeCertificate out, err = keyShareInvalidIn.Marshal() assertError(t, err, "Marshaled key an unsupported handshake type") keyShareInvalidIn.HandshakeType = HandshakeTypeServerHello // Test successful unmarshal (client) ks := KeyShareExtension{HandshakeType: HandshakeTypeClientHello} read, err := ks.Unmarshal(keyShareClient) assertNotError(t, err, "Failed to unmarshal valid KeyShare (client)") assertDeepEquals(t, &ks, keyShareClientIn) assertEquals(t, read, len(keyShareClient)) // Test successful unmarshal (hello retry) ks = KeyShareExtension{HandshakeType: HandshakeTypeHelloRetryRequest} read, err = ks.Unmarshal(keyShareHelloRetry) assertNotError(t, err, "Failed to unmarshal valid KeyShare (hello retry)") assertDeepEquals(t, &ks, keyShareHelloRetryIn) assertEquals(t, read, len(keyShareHelloRetry)) // Test successful unmarshal (server) ks = KeyShareExtension{HandshakeType: HandshakeTypeServerHello} read, err = ks.Unmarshal(keyShareServer) assertNotError(t, err, "Failed to unmarshal valid KeyShare (server)") assertDeepEquals(t, &ks, keyShareServerIn) assertEquals(t, read, len(keyShareServer)) // Test unmarshal failure on underlying unmarshal failure (client) ks = KeyShareExtension{HandshakeType: HandshakeTypeClientHello} read, err = ks.Unmarshal(keyShareClient[:1]) assertError(t, err, "Unmarshaled a KeyShare without a length") // Test unmarshal failure on underlying unmarshal failure (hello retry) ks = KeyShareExtension{HandshakeType: HandshakeTypeHelloRetryRequest} read, err = ks.Unmarshal(keyShareHelloRetry[:1]) assertError(t, err, "Unmarshaled a KeyShare without a length") // Test unmarshal failure on underlying unmarshal failure (server) ks = KeyShareExtension{HandshakeType: HandshakeTypeServerHello} read, err = ks.Unmarshal(keyShareServer[:1]) assertError(t, err, "Unmarshaled a KeyShare without a length") // Test unmarshal failure on an incorrect key share size ks = KeyShareExtension{HandshakeType: HandshakeTypeClientHello} read, err = ks.Unmarshal(keyShareInvalid) assertError(t, err, "Unmarshaled a key share with a wrong-size key") // Test unmarshal failure on an unsupported handshake type ks = KeyShareExtension{HandshakeType: HandshakeTypeCertificate} read, err = ks.Unmarshal(keyShareInvalid) assertError(t, err, "Unmarshaled a key share with an unsupported handshake type") } func TestPreSharedKeyMarshalUnmarshal(t *testing.T) { pskClient := unhex(pskClientHex) pskClientUnbalanced := unhex(pskClientUnbalancedHex) pskServer := unhex(pskServerHex) // Test extension type assertEquals(t, PreSharedKeyExtension{}.Type(), ExtensionTypePreSharedKey) // Test successful marshal (client side) out, err := pskClientIn.Marshal() assertNotError(t, err, "Failed to marshal valid KeyShare (client)") assertByteEquals(t, out, pskClient) // Test successful marshal (server side) out, err = pskServerIn.Marshal() assertNotError(t, err, "Failed to marshal valid KeyShare (server)") assertByteEquals(t, out, pskServer) // Test marshal failure on server trying to send multiple pskServerIn.Identities = pskClientIn.Identities out, err = pskServerIn.Marshal() assertError(t, err, "Marshaled multiple key shares for server") pskServerIn.Identities = nil // Test marshal failure on unsupported handshake type out, err = pskInvalidIn.Marshal() assertError(t, err, "Marshaled PSK for unsupported handshake type") // Test successful unmarshal (client side) psk := PreSharedKeyExtension{HandshakeType: HandshakeTypeClientHello} read, err := psk.Unmarshal(pskClient) assertNotError(t, err, "Failed to unmarshal valid KeyShare (client)") assertDeepEquals(t, &psk, pskClientIn) assertEquals(t, read, len(pskClient)) // Test successful unmarshal (server side) psk = PreSharedKeyExtension{HandshakeType: HandshakeTypeServerHello} read, err = psk.Unmarshal(pskServer) assertNotError(t, err, "Failed to unmarshal valid KeyShare (server)") assertDeepEquals(t, &psk, pskServerIn) assertEquals(t, read, len(pskServer)) // Test unmarshal failure on underlying unmarshal failure (client) psk = PreSharedKeyExtension{HandshakeType: HandshakeTypeClientHello} read, err = psk.Unmarshal(pskClient[:1]) assertError(t, err, "Unmarshaled a KeyShare without a length") // Test unmarshal failure on underlying unmarshal failure (server) psk = PreSharedKeyExtension{HandshakeType: HandshakeTypeServerHello} read, err = psk.Unmarshal(pskClient[:1]) assertError(t, err, "Unmarshaled a KeyShare without a length") // Test unmarshal failure on unsupported handshake type psk = PreSharedKeyExtension{HandshakeType: HandshakeTypeCertificate} read, err = psk.Unmarshal(pskClient) assertError(t, err, "Unmarshaled a KeyShare with an unsupported handshake type") // Test unmarshal failure on unbalanced identities/binders lengths (client) psk = PreSharedKeyExtension{HandshakeType: HandshakeTypeClientHello} read, err = psk.Unmarshal(pskClientUnbalanced) assertError(t, err, "Unmarshaled a KeyShare unbalanced lengths") // Test finding an identity that is present id := []byte{1, 2, 3, 4} binder, found := pskClientIn.HasIdentity(id) assert(t, found, "Failed to find present identity") assertByteEquals(t, binder, bytes.Repeat([]byte{0xA0}, 32)) // Test finding an identity that is not present id = []byte{1, 2, 4, 3} _, found = pskClientIn.HasIdentity(id) assert(t, !found, "Found a not-present identity") } func TestALPNMarshalUnmarshal(t *testing.T) { alpnHex := validExtensionTestCases[ExtensionTypeALPN].marshaledHex alpn := unhex(alpnHex) // Test unmarshal failure on underlying unmarshal failure ext := &ALPNExtension{} _, err := ext.Unmarshal(alpn[:1]) assertError(t, err, "Unmarshaled a ALPN extension with a too-long interior length") }