refactor: move i/e/i/tlsx in i/e/netx

internal/engine/netx/quicdialer/saver.go

@@ -6,7 +6,7 @@ import (
 	"time"
 
 	"github.com/lucas-clemente/quic-go"
-	"github.com/ooni/probe-cli/v3/internal/engine/internal/tlsx"
+	"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx"
 	"github.com/ooni/probe-cli/v3/internal/engine/netx/trace"
 )
 

internal/engine/netx/tlsdialer/logging.go

@@ -6,7 +6,7 @@ import (
 	"net"
 	"time"
 
-	"github.com/ooni/probe-cli/v3/internal/engine/internal/tlsx"
+	"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx"
 )
 
 // Logger is the logger assumed by this package

internal/engine/netx/tlsdialer/saver.go

@@ -6,7 +6,7 @@ import (
 	"net"
 	"time"
 
-	"github.com/ooni/probe-cli/v3/internal/engine/internal/tlsx"
+	"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx"
 	"github.com/ooni/probe-cli/v3/internal/engine/netx/trace"
 )
 

internal/engine/netx/tlsx/tlsx.go

@@ -0,0 +1,63 @@
+// Package tlsx contains TLS extensions
+package tlsx
+
+import (
+	"crypto/tls"
+	"fmt"
+)
+
+var (
+	tlsVersionString = map[uint16]string{
+		tls.VersionSSL30: "SSLv3",
+		tls.VersionTLS10: "TLSv1",
+		tls.VersionTLS11: "TLSv1.1",
+		tls.VersionTLS12: "TLSv1.2",
+		tls.VersionTLS13: "TLSv1.3",
+		0:                "", // guarantee correct behaviour
+	}
+
+	tlsCipherSuiteString = map[uint16]string{
+		tls.TLS_RSA_WITH_RC4_128_SHA:                "TLS_RSA_WITH_RC4_128_SHA",
+		tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA:           "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+		tls.TLS_RSA_WITH_AES_128_CBC_SHA:            "TLS_RSA_WITH_AES_128_CBC_SHA",
+		tls.TLS_RSA_WITH_AES_256_CBC_SHA:            "TLS_RSA_WITH_AES_256_CBC_SHA",
+		tls.TLS_RSA_WITH_AES_128_CBC_SHA256:         "TLS_RSA_WITH_AES_128_CBC_SHA256",
+		tls.TLS_RSA_WITH_AES_128_GCM_SHA256:         "TLS_RSA_WITH_AES_128_GCM_SHA256",
+		tls.TLS_RSA_WITH_AES_256_GCM_SHA384:         "TLS_RSA_WITH_AES_256_GCM_SHA384",
+		tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+		tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA:          "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+		tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:     "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+		tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:   "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:   "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:   "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305:    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:  "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+		tls.TLS_AES_128_GCM_SHA256:                  "TLS_AES_128_GCM_SHA256",
+		tls.TLS_AES_256_GCM_SHA384:                  "TLS_AES_256_GCM_SHA384",
+		tls.TLS_CHACHA20_POLY1305_SHA256:            "TLS_CHACHA20_POLY1305_SHA256",
+		0:                                           "", // guarantee correct behaviour
+	}
+)
+
+// VersionString returns a TLS version string.
+func VersionString(value uint16) string {
+	if str, found := tlsVersionString[value]; found {
+		return str
+	}
+	return fmt.Sprintf("TLS_VERSION_UNKNOWN_%d", value)
+}
+
+// CipherSuiteString returns the TLS cipher suite as a string.
+func CipherSuiteString(value uint16) string {
+	if str, found := tlsCipherSuiteString[value]; found {
+		return str
+	}
+	return fmt.Sprintf("TLS_CIPHER_SUITE_UNKNOWN_%d", value)
+}

internal/engine/netx/tlsx/tlsx_test.go

@@ -0,0 +1,30 @@
+package tlsx
+
+import (
+	"crypto/tls"
+	"testing"
+)
+
+func TestVersionString(t *testing.T) {
+	if VersionString(tls.VersionTLS13) != "TLSv1.3" {
+		t.Fatal("not working for existing version")
+	}
+	if VersionString(1) != "TLS_VERSION_UNKNOWN_1" {
+		t.Fatal("not working for nonexisting version")
+	}
+	if VersionString(0) != "" {
+		t.Fatal("not working for zero version")
+	}
+}
+
+func TestCipherSuite(t *testing.T) {
+	if CipherSuiteString(tls.TLS_AES_128_GCM_SHA256) != "TLS_AES_128_GCM_SHA256" {
+		t.Fatal("not working for existing cipher suite")
+	}
+	if CipherSuiteString(1) != "TLS_CIPHER_SUITE_UNKNOWN_1" {
+		t.Fatal("not working for nonexisting cipher suite")
+	}
+	if CipherSuiteString(0) != "" {
+		t.Fatal("not working for zero cipher suite")
+	}
+}