Merge pull request #1084 from cuonglm/feature/remove-pre-go1.8-code

lib: support TLS 1.3 by default

js/modules/k6/http/http.go

@@ -41,11 +41,13 @@ const (
 // ErrJarForbiddenInInitContext is used when a cookie jar was made in the init context
 var ErrJarForbiddenInInitContext = common.NewInitContextError("Making cookie jars in the init context is not supported")
 
+//nolint: golint
 type HTTP struct {
 	SSL_3_0                            string `js:"SSL_3_0"`
 	TLS_1_0                            string `js:"TLS_1_0"`
 	TLS_1_1                            string `js:"TLS_1_1"`
 	TLS_1_2                            string `js:"TLS_1_2"`
+	TLS_1_3                            string `js:"TLS_1_3"`
 	OCSP_STATUS_GOOD                   string `js:"OCSP_STATUS_GOOD"`
 	OCSP_STATUS_REVOKED                string `js:"OCSP_STATUS_REVOKED"`
 	OCSP_STATUS_SERVER_FAILED          string `js:"OCSP_STATUS_SERVER_FAILED"`
@@ -69,6 +71,7 @@ func New() *HTTP {
 		TLS_1_0:                            netext.TLS_1_0,
 		TLS_1_1:                            netext.TLS_1_1,
 		TLS_1_2:                            netext.TLS_1_2,
+		TLS_1_3:                            netext.TLS_1_3,
 		OCSP_STATUS_GOOD:                   netext.OCSP_STATUS_GOOD,
 		OCSP_STATUS_REVOKED:                netext.OCSP_STATUS_REVOKED,
 		OCSP_STATUS_SERVER_FAILED:          netext.OCSP_STATUS_SERVER_FAILED,

js/modules/k6/http/request_test.go

@@ -1171,7 +1171,7 @@ func TestSystemTags(t *testing.T) {
 		{"group", httpGet, ""},
 		{"vu", httpGet, "0"},
 		{"iter", httpGet, "0"},
-		{"tls_version", httpsGet, "tls1.2"},
+		{"tls_version", httpsGet, expectedTLSVersion},
 		{"ocsp_status", httpsGet, "unknown"},
 		{
 			"error",
@@ -1186,6 +1186,7 @@ func TestSystemTags(t *testing.T) {
 	}
 
 	state.Options.Throw = null.BoolFrom(false)
+	state.Options.Apply(lib.Options{TLSVersion: &lib.TLSVersions{Max: lib.TLSVersion13}})
 
 	for num, tc := range testedSystemTags {
 		t.Run(fmt.Sprintf("TC %d with only %s", num, tc.tag), func(t *testing.T) {

js/modules/k6/http/tls_go_1_11_test.go

@@ -0,0 +1,25 @@
+// +build !go1.12
+
+/*
+ *
+ * k6 - a next-generation load testing tool
+ * Copyright (C) 2019 Load Impact
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package http
+
+const expectedTLSVersion = "tls1.2"

js/modules/k6/http/tls_go_1_12_test.go

@@ -0,0 +1,25 @@
+// +build go1.12
+
+/*
+ *
+ * k6 - a next-generation load testing tool
+ * Copyright (C) 2019 Load Impact
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package http
+
+const expectedTLSVersion = "tls1.3"

js/modules/k6/http/tls_test.go

@@ -0,0 +1,56 @@
+// +build go1.12
+
+/*
+ *
+ * k6 - a next-generation load testing tool
+ * Copyright (C) 2019 Load Impact
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package http
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/loadimpact/k6/js/common"
+	"github.com/loadimpact/k6/lib"
+	"github.com/stretchr/testify/assert"
+	null "gopkg.in/guregu/null.v3"
+)
+
+func TestTLS13Support(t *testing.T) {
+	tb, state, _, rt, _ := newRuntime(t)
+	defer tb.Cleanup()
+
+	tb.Mux.HandleFunc("/tls-version", http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+		ver := req.TLS.Version
+		fmt.Fprint(resp, lib.SupportedTLSVersionsToString[lib.TLSVersion(ver)])
+	}))
+
+	// We don't expect any failed requests
+	state.Options.Throw = null.BoolFrom(true)
+	state.Options.Apply(lib.Options{TLSVersion: &lib.TLSVersions{Max: lib.TLSVersion13}})
+
+	_, err := common.RunString(rt, tb.Replacer.Replace(`
+		let resp = http.get("HTTPSBIN_URL/tls-version");
+		if (resp.body != "tls1.3") {
+			throw new Error("unexpected tls version: " + resp.body);
+		}
+	`))
+	assert.NoError(t, err)
+}

lib/netext/tls.go

@@ -7,6 +7,7 @@ import (
 	"golang.org/x/crypto/ocsp"
 )
 
+//nolint: golint
 const (
 	OCSP_STATUS_GOOD                   = "good"
 	OCSP_STATUS_REVOKED                = "revoked"
@@ -26,6 +27,7 @@ const (
 	TLS_1_0                            = "tls1.0"
 	TLS_1_1                            = "tls1.1"
 	TLS_1_2                            = "tls1.2"
+	TLS_1_3                            = "tls1.3"
 )
 
 type TLSInfo struct {
@@ -52,6 +54,8 @@ func ParseTLSConnState(tlsState *tls.ConnectionState) (TLSInfo, OCSP) {
 		tlsInfo.Version = TLS_1_1
 	case tls.VersionTLS12:
 		tlsInfo.Version = TLS_1_2
+	case lib.TLSVersion13:
+		tlsInfo.Version = TLS_1_3
 	}
 
 	tlsInfo.CipherSuite = lib.SupportedTLSCipherSuitesToString[tlsState.CipherSuite]

lib/options.go

@@ -143,6 +143,10 @@ func (v *TLSVersions) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+func (v *TLSVersions) isTLS13() bool {
+	return v.Min == TLSVersion13 || v.Max == TLSVersion13
+}
+
 // A list of TLS cipher suites.
 // Marshals and unmarshals from a list of names, eg. "TLS_ECDHE_RSA_WITH_RC4_128_SHA".
 // BUG: This currently doesn't marshal back to JSON properly!!
@@ -421,6 +425,9 @@ func (o Options) Apply(opts Options) Options {
 	}
 	if opts.TLSVersion != nil {
 		o.TLSVersion = opts.TLSVersion
+		if o.TLSVersion.isTLS13() {
+			enableTLS13()
+		}
 	}
 	if opts.TLSAuth != nil {
 		o.TLSAuth = opts.TLSAuth

lib/options_tls_go1_12.go

@@ -0,0 +1,43 @@
+// +build !go1.13
+
+/*
+ *
+ * k6 - a next-generation load testing tool
+ * Copyright (C) 2019 Load Impact
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package lib
+
+import (
+	"os"
+	"sync"
+)
+
+//nolint: gochecknoglobals
+var once sync.Once
+
+// TLS 1.3 is available only on an opt-in basis in pre go1.13.
+// To enable it, set the GODEBUG environment variable to contains "tls13=1".
+//
+// Note that this function must be called before any usage of TLS.
+func enableTLS13() {
+	once.Do(func() {
+		if err := os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1"); err != nil {
+			panic(err)
+		}
+	})
+}

lib/options_tls_go1_13.go

@@ -0,0 +1,26 @@
+// +build go1.13
+
+/*
+ *
+ * k6 - a next-generation load testing tool
+ * Copyright (C) 2019 Load Impact
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package lib
+
+// TLS 1.3 is supported by default from go1.13, do nothing here.
+func enableTLS13() {}

lib/tls13_version_go1_11.go

@@ -0,0 +1,34 @@
+// +build !go1.12
+
+/*
+ *
+ * k6 - a next-generation load testing tool
+ * Copyright (C) 2019 Load Impact
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package lib
+
+// TLSVersion13 represents tls1.3 version supports.
+const TLSVersion13 = 0x0304
+
+// TLS 1.3 cipher suites.
+//nolint: golint
+const (
+	TLS13_CIPHER_SUITE_TLS_AES_128_GCM_SHA256       = 0x1301
+	TLS13_CIPHER_SUITE_TLS_AES_256_GCM_SHA384       = 0x1302
+	TLS13_CIPHER_SUITE_TLS_CHACHA20_POLY1305_SHA256 = 0x1303
+)

lib/tls13_version_go1_12.go

@@ -0,0 +1,36 @@
+// +build go1.12
+
+/*
+ *
+ * k6 - a next-generation load testing tool
+ * Copyright (C) 2019 Load Impact
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package lib
+
+import "crypto/tls"
+
+// TLSVersion13 represents tls1.3 version supports.
+const TLSVersion13 = tls.VersionTLS13
+
+// TLS 1.3 cipher suites.
+//nolint: golint
+const (
+	TLS13_CIPHER_SUITE_TLS_AES_128_GCM_SHA256       = tls.TLS_AES_128_GCM_SHA256
+	TLS13_CIPHER_SUITE_TLS_AES_256_GCM_SHA384       = tls.TLS_AES_256_GCM_SHA384
+	TLS13_CIPHER_SUITE_TLS_CHACHA20_POLY1305_SHA256 = tls.TLS_CHACHA20_POLY1305_SHA256
+)