diff options
| -rw-r--r-- | Cargo.lock | 1 | ||||
| -rw-r--r-- | mullvad-masque-proxy/Cargo.toml | 3 | ||||
| -rw-r--r-- | mullvad-masque-proxy/tests/proxy.rs | 111 | ||||
| -rw-r--r-- | mullvad-masque-proxy/tests/test.crt | 22 | ||||
| -rw-r--r-- | mullvad-masque-proxy/tests/test.key | 28 |
5 files changed, 164 insertions, 1 deletions
diff --git a/Cargo.lock b/Cargo.lock index b29f46eebc..8a377950dd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2871,6 +2871,7 @@ dependencies = [ name = "mullvad-masque-proxy" version = "0.1.0" dependencies = [ + "anyhow", "bytes", "clap", "h3", diff --git a/mullvad-masque-proxy/Cargo.toml b/mullvad-masque-proxy/Cargo.toml index e6307eb3f4..27b1a9ca1f 100644 --- a/mullvad-masque-proxy/Cargo.toml +++ b/mullvad-masque-proxy/Cargo.toml @@ -21,7 +21,8 @@ rustls-pemfile = "2.1.3" bytes = "1" [dev-dependencies] -tokio = { workspace = true, features = [ "macros", "io-util", "rt-multi-thread" ] } +anyhow = { workspace = true } +tokio = { workspace = true, features = ["fs", "macros", "io-util", "rt-multi-thread"] } clap = { workspace = true } rand = "0.8.5" diff --git a/mullvad-masque-proxy/tests/proxy.rs b/mullvad-masque-proxy/tests/proxy.rs new file mode 100644 index 0000000000..6825f7d75d --- /dev/null +++ b/mullvad-masque-proxy/tests/proxy.rs @@ -0,0 +1,111 @@ +use std::net::SocketAddr; +use std::sync::Arc; + +use anyhow::Context; +use bytes::BytesMut; +use tokio::fs; + +use mullvad_masque_proxy::client; +use mullvad_masque_proxy::server; +use tokio::net::UdpSocket; + +/// Set up a MASQUE proxy and test that it can be used to communicate with some UDP destination +#[tokio::test] +async fn test_server_and_client_forwarding() -> anyhow::Result<()> { + const MAXIMUM_PACKET_SIZE: u16 = 1700; + const HOST: &str = "test.test"; + + let any_localhost_addr: SocketAddr = "127.0.0.1:0".parse().unwrap(); + + // Set up destination UDP server + let target_udp_server = UdpSocket::bind(any_localhost_addr).await?; + let target_udp_addr = target_udp_server + .local_addr() + .context("Retrieve dest UDP server addr")?; + + // Set up MASQUE server + let server_tls_config = load_server_test_cert().await?; + let server = server::Server::bind( + any_localhost_addr, + Default::default(), + Arc::new(server_tls_config), + MAXIMUM_PACKET_SIZE, + ) + .context("Failed to start MASQUE server")?; + + let masque_server_addr = server.local_addr()?; + + tokio::spawn(server.run()); + + // Set up MASQUE client + let local_socket = UdpSocket::bind(any_localhost_addr) + .await + .context("Failed to bind address")?; + let masque_client_addr = local_socket.local_addr().unwrap(); + + let client = client::Client::connect_with_tls_config( + local_socket, + masque_server_addr, + // Local QUIC address + any_localhost_addr, + target_udp_addr, + HOST, + client::default_tls_config(), + MAXIMUM_PACKET_SIZE, + ) + .await + .context("Failed to start MASQUE client")?; + + tokio::spawn(client.run()); + + // Connect to local UDP socket + let proxy_client = UdpSocket::bind(any_localhost_addr).await?; + proxy_client + .connect(masque_client_addr) + .await + .context("Failed to connect to local UDP server")?; + + // Proxy client -> destination + let mut rx_buf = BytesMut::with_capacity(128); + proxy_client.send(b"abc").await?; + let (_, proxy_addr) = target_udp_server + .recv_buf_from(&mut rx_buf) + .await + .context("Expected to receive message")?; + assert_eq!(&*rx_buf, b"abc", "Expected to receive message from client"); + + // Destination -> proxy client + let mut rx_buf = BytesMut::with_capacity(128); + target_udp_server.send_to(b"def", proxy_addr).await?; + proxy_client + .recv_buf(&mut rx_buf) + .await + .context("Expected to receive message")?; + assert_eq!(&*rx_buf, b"def", "Expected to receive message from server"); + + Ok(()) +} + +async fn load_server_test_cert() -> anyhow::Result<rustls::ServerConfig> { + let key = fs::read("tests/test.key").await.context("Read test key")?; + let key = rustls_pemfile::private_key(&mut &*key)?.context("Invalid test key")?; + + let cert_chain = fs::read("tests/test.crt") + .await + .context("Read test certificate")?; + let cert_chain = rustls_pemfile::certs(&mut &*cert_chain) + .collect::<Result<_, _>>() + .context("Invalid test certificate")?; + + let mut tls_config = rustls::ServerConfig::builder_with_provider(Arc::new( + rustls::crypto::ring::default_provider(), + )) + .with_protocol_versions(&[&rustls::version::TLS13])? + .with_no_client_auth() + .with_single_cert(cert_chain, key)?; + + tls_config.max_early_data_size = u32::MAX; + tls_config.alpn_protocols = vec![b"h3".into()]; + + Ok(tls_config) +} diff --git a/mullvad-masque-proxy/tests/test.crt b/mullvad-masque-proxy/tests/test.crt new file mode 100644 index 0000000000..2cc992fd24 --- /dev/null +++ b/mullvad-masque-proxy/tests/test.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkzCCAnugAwIBAgIUC2y+OPgQ2HbWRXTZwjvZOFlGRcIwDQYJKoZIhvcNAQEL +BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJdGVzdC50ZXN0MB4X +DTI1MDQwMzExNDUxNVoXDTI1MDUwMzExNDUxNVowWTELMAkGA1UEBhMCQVUxEzAR +BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDESMBAGA1UEAwwJdGVzdC50ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAufg598upax+qDkcQCvy4Gv9RSD04JMMnYIa6wgGSZcKuur4r9FRr +b+pnmiwwoZPlmtE5GUnvVVXB+UGr889IatQ00HxfTr8A/McHh/bSg43uEVnLBWDy +S9ULW6gJX6xwCvZINRCyw6B6eEBOs2T1MCsaA2/x4ba0lYT8lT9ApRCZE1HFh/Mb +c1/N/VUaTTxtsE/mhg8sYc2ig1EcZMDy/b7pPUz83oUa4zHruqNQUb2bFQ0TrcKY +C456aJXCb6t5rWiUJmByzjFOwVGokE550km1q7dpv3yjK5Z023O2jnBVfpVCeEAA +mnsPQAgqFpuXXTHPqBvuyzHzjsWkZN5wXwIDAQABo1MwUTAdBgNVHQ4EFgQUEEaP +f5wUEnKp5WZTiMdoydTPq5kwHwYDVR0jBBgwFoAUEEaPf5wUEnKp5WZTiMdoydTP +q5kwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAPrJfHriKFeLn +hV9lrH+EN/Q62q1ZIxQagDadcBjhfMALfsD2nr5ENL3uVvFz+XrB9pVrMlfBTnx/ ++rbzlzfTpIgKHXsICnXQbY8cvA54JyXysHf9jP3yvZP4vlCjTYX8JuWlykm4StMZ +suPWyCYprCfJd0n8T2heFyWl6Q9MeyrQolpkrhhR6JuifH/ySc4dl3yWEMrX7lEe +435llV5WolhiyQ060tKFfgrfPu245DO7Mci9QmafKGK4WSYil95Cwy1uYevVtiNa +oZQ9mjWJJvVab17qTe9lWukMHFDr7qCxtwTWxynDhWvLrvlPP/2DKo0nEGZU/cVV +ozh88D0xZw== +-----END CERTIFICATE----- diff --git a/mullvad-masque-proxy/tests/test.key b/mullvad-masque-proxy/tests/test.key new file mode 100644 index 0000000000..aff1bc2dae --- /dev/null +++ b/mullvad-masque-proxy/tests/test.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC5+Dn3y6lrH6oO +RxAK/Lga/1FIPTgkwydghrrCAZJlwq66viv0VGtv6meaLDChk+Wa0TkZSe9VVcH5 +Qavzz0hq1DTQfF9OvwD8xweH9tKDje4RWcsFYPJL1QtbqAlfrHAK9kg1ELLDoHp4 +QE6zZPUwKxoDb/HhtrSVhPyVP0ClEJkTUcWH8xtzX839VRpNPG2wT+aGDyxhzaKD +URxkwPL9vuk9TPzehRrjMeu6o1BRvZsVDROtwpgLjnpolcJvq3mtaJQmYHLOMU7B +UaiQTnnSSbWrt2m/fKMrlnTbc7aOcFV+lUJ4QACaew9ACCoWm5ddMc+oG+7LMfOO +xaRk3nBfAgMBAAECggEAI/G5ao6fuUfOe6H6lNUR1I4CrN7ASkK6Cqsfz720CR0e +3pNBNaFXfrMkwSTHZYOLfmfwDFZA/xJrQn0R+jbXPWa0qpNPbI34Z+MkLoBjYe/9 +0razSd/aFRQhdN6+qRJQOZ4uiKsoki0jXri3PW9HAL9j8MQjUUgaEUg59bLbEMwX +IR98n+aKLSFBJeeUKE5tvLPt9yvegNI1/6nELT7My3SnIOMlVN9njQq8wqqIch2X +ky7NwlfsCZ1hF1sD8xCUBloUo/LKfCxWm+2Kt0YQ0/lYfwp8WzFXt4XAL50AKW+A +QrzVpNMwIp/k/FeKcMF/6rbz3iqQTKW2RrK9rX08WQKBgQDbluIh36xLbSFDjLNx +j9dCiiCI3cQZVBc7FTfStc9/k4O1NBq5YkUZlCJzjbFsxakdRcb4O2Kwf/v8sBq3 +C9PmoJVV/gqzJQ8TjLJF0MPNPzynm7B0YAD4RXUODRymkqFyHBa3uXT7WG6CmdEa +Ggh8y5xlKZ2c19J6WpQi6EwM8wKBgQDYzkD/7ad5ttSdVUXNr57Oe9JONwUDUPT6 +UaCthUAbeeKM6JeSZ658DikKALMDZ73grncjSQgLPtOSvo/LQxda+AG515ZZ7J5T +Nauj44UYFz22Ck7guZCq5tQQVx4YUlBRtM7El9oOvYLjBaLTl9lmmCeQGj4+ugl2 +FU/qDGh55QKBgAlARQyaSL7wvQsEfXbWUYJLIW3CsgVDJqtljHGDGVfNlinnJQ0U +V8bpF754hLYJacOC8gv5LII1Eh+mJ6n4hJfdwgzaZAcCE62GKuiIEAewl1SUWY29 +kazj+Dd8U+2slcKh7k8VMBl6s0UrR8TqvdrMFS2p4CsAaKyg7ka+NJ4DAoGAMZy5 +KRekLGkXLE24JIJcr9mL3ZQflIuxE5scTrjgW6k/m4kaLkmFlyPSZlSUomHaBJFH ++A4dRh2BYuIym4vly05XbsSTxk4sSNROS7mj2khvOboQJMKyBTm/K2IUI/KqKJhc +fIZXQupBClxez1a/TAfjfclTlx0RTzE/UUq3mbUCgYBGqeq9cgs9qxt0WS0+Un3o +/cgGXLknk4IsVclMgPPiDhujTs3I/dJu94zwY3dch906k5KKctYX7cS3YUhAMzBX +e2DYRq/Z1JC9OXCr7HLTF60IjFx7KlGRL/Kmx1Dd98IZmhS2RSE+dJPovlsYqZ1n +dGHHcZoEs4iiPe6m+umVyw== +-----END PRIVATE KEY----- |