Dev testtls

azure-pipelines.yml

@@ -21,6 +21,8 @@ steps:
   - script: go test -v ./sm4/... --bench=. -cover
   - script: go test -v ./utils/... --bench=. -cover
   - script: go test -v ./internal/... --bench=. -cover
+  - script: go test -v -tags=single_cert ./tls/testtls/tls-single-cert/tls-single-cert_test.go
+  - script: go test -v ./tls/testtls/tls-double-cert/tls-double-cert_test.go
   # TODO: this lib has error
   #- script: go test -v ./x509/... --bench=. -cover
   # TODO: this lib testing hang up

tls/gm_handshake_client.go

@@ -320,7 +320,7 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error {
 		certRequested = true
 		hs.finishedHash.Write(certReq.marshal())
 
-		if chainToSend, err = hs.getCertificate(certReq); err != nil || chainToSend.Certificate == nil {
+		if chainToSend, err = hs.getCertificate(certReq); err != nil {
 			c.sendAlert(alertInternalError)
 			return err
 		}

tls/gm_handshake_client_double.go

@@ -313,7 +313,7 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error {
 		certRequested = true
 		hs.finishedHash.Write(certReq.marshal())
 
-		if chainToSend, err = hs.getCertificate(certReq); err != nil || chainToSend.Certificate == nil {
+		if chainToSend, err = hs.getCertificate(certReq); err != nil {
 			c.sendAlert(alertInternalError)
 			return err
 		}

tls/testtls/asserts/sm2-cert/ca.crt

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmDCCAj6gAwIBAgIJAKsqJz5wdG3pMAoGCCqBHM9VAYN1MIGhMQswCQYDVQQG
+EwJDTjELMAkGA1UECAwCR0QxDjAMBgNVBAcMBUx1b2h1MRMwEQYDVQQKDApHaG9z
+dCBMVEQuMRQwEgYDVQQLDAtzZWxmIHNtMiBjYTEpMCcGA1UEAwwgbG9jYWxob3N0
+LDEyNy4wLjAuMSwxMC42LjIyOC4yNDcxHzAdBgkqhkiG9w0BCQEWEDg3NzAyMDkw
+N0BxcS5jb20wHhcNMjEwMTA4MDc1MTExWhcNMzEwMTA2MDc1MTExWjCBoTELMAkG
+A1UEBhMCQ04xCzAJBgNVBAgMAkdEMQ4wDAYDVQQHDAVMdW9odTETMBEGA1UECgwK
+R2hvc3QgTFRELjEUMBIGA1UECwwLc2VsZiBzbTIgY2ExKTAnBgNVBAMMIGxvY2Fs
+aG9zdCwxMjcuMC4wLjEsMTAuNi4yMjguMjQ3MR8wHQYJKoZIhvcNAQkBFhA4Nzcw
+MjA5MDdAcXEuY29tMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEocskaRODzNi7
+stP+q8hQ7j+SA3y0A0XrRHlszK2o8y4ucMDxOKR3tXIKIHez1RSD2JPtJPLwX1Q2
+yjbgNfcWiqNdMFswHQYDVR0OBBYEFFFAQnDNiDkxNFtkTAR5aH7mOT1DMB8GA1Ud
+IwQYMBaAFFFAQnDNiDkxNFtkTAR5aH7mOT1DMAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMAoGCCqBHM9VAYN1A0gAMEUCIQC2hfINFWIJJPjTLV8AzdhABqrGCMYx
+OqtI/CE7ga7aeQIgIg1FBsfW6wZmMcNr2vAZ4WQ9hu0ovH+uveL5d6FvrXE=
+-----END CERTIFICATE-----

tls/testtls/asserts/sm2-cert/ca.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgfFTmGP5uhGmimoNa
+eLsGJeIpS1EvRQMnw/8EqISWgFqhRANCAAShyyRpE4PM2Luy0/6ryFDuP5IDfLQD
+RetEeWzMrajzLi5wwPE4pHe1cgogd7PVFIPYk+0k8vBfVDbKNuA19xaK
+-----END PRIVATE KEY-----

tls/testtls/asserts/sm2-cert/client.crt

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICizCCAjKgAwIBAgIJAJUMxIKQKAjxMAoGCCqBHM9VAYN1MIGhMQswCQYDVQQG
+EwJDTjELMAkGA1UECAwCR0QxDjAMBgNVBAcMBUx1b2h1MRMwEQYDVQQKDApHaG9z
+dCBMVEQuMRQwEgYDVQQLDAtzZWxmIHNtMiBjYTEpMCcGA1UEAwwgbG9jYWxob3N0
+LDEyNy4wLjAuMSwxMC42LjIyOC4yNDcxHzAdBgkqhkiG9w0BCQEWEDg3NzAyMDkw
+N0BxcS5jb20wHhcNMjEwMTA4MDc1NzAyWhcNMzEwMTA2MDc1NzAyWjCBpTELMAkG
+A1UEBhMCQ04xCzAJBgNVBAgMAkdEMQ4wDAYDVQQHDAVMdW9odTETMBEGA1UECgwK
+R2hvc3QgTFRELjEYMBYGA1UECwwPdGVzdCBTTTIgY2xpZW50MSkwJwYDVQQDDCBs
+b2NhbGhvc3QsMTI3LjAuMC4xLDEwLjYuMjI4LjI0NzEfMB0GCSqGSIb3DQEJARYQ
+ODc3MDIwOTA3QHFxLmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPX2f0SN
+5sWRnrFHTpjYLZ7FWdPuebvaMl3wPu10e81m8GSS1cfkNkywzY+hAg+BGN36YzJC
+rUC2cFmWbU/GzaujTTBLMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgbAMDEGA1UdEQQq
+MCiCCWxvY2FsaG9zdIIPd3d3LmV4YW1wbGUuY29thwR/AAABhwQKBuT3MAoGCCqB
+HM9VAYN1A0cAMEQCIBkyUzAmvRfr9eu5DXhnUqv/phqsQ6YKQQXah4VT79SlAiBv
+Tnv5HrQmyodbzlAkFoHsPYWmJ1MZ4d1LWNwlValXTw==
+-----END CERTIFICATE-----

tls/testtls/asserts/sm2-cert/client.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgQcdwt82tejD8TfSP
+5/KCeqnCbfgaa2i/HBinjpiyinShRANCAAT19n9EjebFkZ6xR06Y2C2exVnT7nm7
+2jJd8D7tdHvNZvBkktXH5DZMsM2PoQIPgRjd+mMyQq1AtnBZlm1Pxs2r
+-----END PRIVATE KEY-----

tls/testtls/asserts/sm2-cert/server.crt

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICjTCCAjKgAwIBAgIJAJUMxIKQKAjwMAoGCCqBHM9VAYN1MIGhMQswCQYDVQQG
+EwJDTjELMAkGA1UECAwCR0QxDjAMBgNVBAcMBUx1b2h1MRMwEQYDVQQKDApHaG9z
+dCBMVEQuMRQwEgYDVQQLDAtzZWxmIHNtMiBjYTEpMCcGA1UEAwwgbG9jYWxob3N0
+LDEyNy4wLjAuMSwxMC42LjIyOC4yNDcxHzAdBgkqhkiG9w0BCQEWEDg3NzAyMDkw
+N0BxcS5jb20wHhcNMjEwMTA4MDc1MzI2WhcNMzEwMTA2MDc1MzI2WjCBpTELMAkG
+A1UEBhMCQ04xCzAJBgNVBAgMAkdEMQ4wDAYDVQQHDAVMdW9odTETMBEGA1UECgwK
+R2hvc3QgTFRELjEYMBYGA1UECwwPdGVzdCBTTTIgc2VydmVyMSkwJwYDVQQDDCBs
+b2NhbGhvc3QsMTI3LjAuMC4xLDEwLjYuMjI4LjI0NzEfMB0GCSqGSIb3DQEJARYQ
+ODc3MDIwOTA3QHFxLmNvbTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABCARGkdq
+cPb+LsgzdHiomAgm4hVGBBXrzTvNz3Aj4qXx5v76ILz9wlc/RyrUEZ98DonTD93l
+MKI/0YHaPAraAYijTTBLMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgbAMDEGA1UdEQQq
+MCiCCWxvY2FsaG9zdIIPd3d3LmV4YW1wbGUuY29thwR/AAABhwQKBuT3MAoGCCqB
+HM9VAYN1A0kAMEYCIQDtCd5f3FG7QtGRtE2GYUAnyTGQXpP7ktFuQunax4kEmQIh
+AMBbD/6itquu3ryg/IvtkOQPLX9zQBK0vl0Z/G46u9ux
+-----END CERTIFICATE-----

tls/testtls/asserts/sm2-cert/server.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgFhpPBBnsAStWk38U
+PZXfSy3ooYPlp+k0abnTjCwykjKhRANCAAQgERpHanD2/i7IM3R4qJgIJuIVRgQV
+6807zc9wI+Kl8eb++iC8/cJXP0cq1BGffA6J0w/d5TCiP9GB2jwK2gGI
+-----END PRIVATE KEY-----

tls/testtls/asserts/sm2-double-cert/CA.crt

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWzCCAgCgAwIBAgIJAILix2ZGxRBLMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
+EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl
+aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT
+UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy
+MjAwMjQzMDJaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
+B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
+FTATBgNVBAsMDFNPUkIgb2YgVEFTUzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTBZ
+MBMGByqGSM49AgEGCCqBHM9VAYItA0IABJ4uySAukcBihh14/ada2Gm282G0KxZ0
+lnKL2bDwgfGC6BLVmmfZVe64Yi0+qDlqa1ew1REQBRtgK5144WngfWWjXTBbMB0G
+A1UdDgQWBBTkAQ5kQqitTZchpKZlXsZVdKbOcDAfBgNVHSMEGDAWgBTkAQ5kQqit
+TZchpKZlXsZVdKbOcDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzP
+VQGDdQNJADBGAiEAnMAJq++PNyE9eBnPbsK5jb5rIWdF2MXhNZBm7pE5OAACIQCt
+UxfT4oi7FO8aYoLeX5bCIzwcFeGO33IJZ9CN4vXxbg==
+-----END CERTIFICATE-----

tls/testtls/asserts/sm2-double-cert/CE.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICGzCCAcGgAwIBAgIJANwIELtod96iMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
+EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl
+aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT
+UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy
+MjAwMjQzMDJaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
+B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
+FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRY2xpZW50IHNpZ24gKFNN
+MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAS0KSePCA5PuS3YBgtORbZLYGNd
+Q5AbCJJL4/URDiZrrRI9Ih9n72FMlcYK9WbwrZIrWgEupP/JqSiJjk2rwdeMoxow
+GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDODAKBggqgRzPVQGDdQNIADBFAiA4p9Vg
+1MTmqlBXQBjX0hx0C95pwJKJa0Hob68j8cIZFwIhAMND00VsxMuAggU1dNpS3t/j
+yTHe2XSlOpTwvyTXvQaV
+-----END CERTIFICATE-----

tls/testtls/asserts/sm2-double-cert/CE.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgptf/oaiTIt/sJ6VD
+zpE6kv2a5CCuIion0ZYyjFdVRQ6hRANCAAS0KSePCA5PuS3YBgtORbZLYGNdQ5Ab
+CJJL4/URDiZrrRI9Ih9n72FMlcYK9WbwrZIrWgEupP/JqSiJjk2rwdeM
+-----END PRIVATE KEY-----

tls/testtls/asserts/sm2-double-cert/CS.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHDCCAcGgAwIBAgIJANwIELtod96hMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
+EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl
+aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT
+UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy
+MjAwMjQzMDJaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
+B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
+FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRY2xpZW50IHNpZ24gKFNN
+MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAARP6AVDkIRYM+2HOX4TTRuoZ/uI
+PD0FqKjuIq/bxh+7OD5P2b8/mb562UQ270OR81iHt3jk+L8J8qm5lrT+5qpsoxow
+GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNJADBGAiEAz4EA
+CQEWkBzKsvzEzt+u/30WA0iuUVAjBN5Ca5Ar25oCIQDRTQGBMb3A/qWlrtlfS5ff
+j4t7YkGGOVpiuCEgyaIpsQ==
+-----END CERTIFICATE-----

tls/testtls/asserts/sm2-double-cert/CS.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgnXmZdW9d8UmIjq13
+0jWR3ZFNGXSNe+kqn0pEn4kLJVShRANCAARP6AVDkIRYM+2HOX4TTRuoZ/uIPD0F
+qKjuIq/bxh+7OD5P2b8/mb562UQ270OR81iHt3jk+L8J8qm5lrT+5qps
+-----END PRIVATE KEY-----

tls/testtls/asserts/sm2-double-cert/SE.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICGjCCAcCgAwIBAgIJANwIELtod96gMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
+EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl
+aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT
+UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy
+MjAwMjQzMDJaMIGFMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
+B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
+FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEZMBcGA1UEAwwQc2VydmVyIGVuYyAoU00y
+KTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABJMN0lJB3cCuwhxcv7YXui6qhHKg
+WsXzP+Tt+/GarY4Eq2Vku4jrjEELnliKKpLUf1B9OFcxUeX6DvN0HqfCLQyjGjAY
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgM4MAoGCCqBHM9VAYN1A0gAMEUCIEuHK3jD
+hRByrwNsHUQHQZykWYbvyRaNhqqC+wRPSe85AiEArbzMe23S7u0ZKdDsbACQdYun
+9e0vrR6IkRkoZfRqlMI=
+-----END CERTIFICATE-----

tls/testtls/asserts/sm2-double-cert/SE.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg7nHT72XH1BGWhPj1
+ACsSzidahaBVLItk9f7LYubyFgOhRANCAASTDdJSQd3ArsIcXL+2F7ouqoRyoFrF
+8z/k7fvxmq2OBKtlZLuI64xBC55YiiqS1H9QfThXMVHl+g7zdB6nwi0M
+-----END PRIVATE KEY-----

tls/testtls/asserts/sm2-double-cert/SS.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICGzCCAcGgAwIBAgIJANwIELtod96fMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
+EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl
+aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT
+UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDExMTEwMjQzMDJaFw0yNDEy
+MjAwMjQzMDJaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
+B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
+FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRc2VydmVyIHNpZ24gKFNN
+MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAARbyYnV/Z4LzRMaFn9YSnarqfsu
+X8GE15xqApL+bjluqsvsFwWWLS1J0NWxPdHn+3hNehlB/2Ae2Ze2kpyyonCSoxow
+GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiBoT5qV
+s7tpYVSdHUfNkFSBHmI4zNSs6+RyKi/pVAUIvgIhAJm2VZ62wbUC4IkfpATTM9W2
+BkzEaNLlHK/hq3IiJfjo
+-----END CERTIFICATE-----

tls/testtls/asserts/sm2-double-cert/SS.key

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgMHgTzjoT9Db7IMif
+TImlZILlsf40g/R0Gl2vhSJvnm+hRANCAARbyYnV/Z4LzRMaFn9YSnarqfsuX8GE
+15xqApL+bjluqsvsFwWWLS1J0NWxPdHn+3hNehlB/2Ae2Ze2kpyyonCS
+-----END PRIVATE KEY-----

tls/testtls/tls-double-cert/client.go

@@ -0,0 +1,63 @@
+package main
+
+import (
+	"fmt"
+	"github.com/Hyperledger-TWGC/ccs-gm/tls"
+	"github.com/Hyperledger-TWGC/ccs-gm/x509"
+	"io/ioutil"
+	"log"
+)
+
+func main() {
+	const address = "127.0.0.1:6443"
+	const caFile = "../asserts/sm2-double-cert/CA.crt"
+	const signCertFile = "../asserts/sm2-double-cert/CS.crt"
+	const signKeyFile = "../asserts/sm2-double-cert/CS.key"
+	const encCertFile = "../asserts/sm2-double-cert/CE.crt"
+	const encKeyFile = "../asserts/sm2-double-cert/CE.key"
+
+	clientRun(address, caFile, signCertFile, signKeyFile, encCertFile, encKeyFile)
+}
+
+func clientRun(address, caFile, signCertFile, signKeyFile, encCertFile, encKeyFile string) {
+	signCert, err := tls.LoadX509KeyPair(signCertFile, signKeyFile)
+	if err != nil {
+		log.Fatalf("Failed to load LoadX509KeyPair: %v", err)
+	}
+	encCert, err := tls.LoadX509KeyPair(encCertFile, encKeyFile)
+	if err != nil {
+		log.Fatalf("Failed to load LoadX509KeyPair: %v", err)
+	}
+	certBytes, err := ioutil.ReadFile(caFile)
+	if err != nil {
+		log.Fatalf("Failed to read certificate file: %v", err)
+	}
+	clientCertPool := x509.NewCertPool()
+	ok := clientCertPool.AppendCertsFromPEM(certBytes)
+	if !ok {
+		log.Fatalln("Failed to parse root certificate")
+	}
+	conf := &tls.Config{
+		RootCAs:            clientCertPool,
+		Certificates:       []tls.Certificate{signCert, encCert},
+		InsecureSkipVerify: true,
+		GMSupport:          &tls.GMSupport{},
+	}
+	conn, err := tls.Dial("tcp", address, conf)
+	if err != nil {
+		log.Fatalf("Cannot to connect: %v", err)
+	} else {
+		log.Printf("Connecting to %s\n", address)
+	}
+	defer conn.Close()
+	n, err := conn.Write([]byte("client hello\n"))
+	if err != nil {
+		log.Fatalf("Failed to write num: %v, err:%v", n, err)
+	}
+	buf := make([]byte, 100)
+	n, err = conn.Read(buf)
+	if err != nil {
+		log.Fatalf("Failed to read num: %v, err:%v", n, err)
+	}
+	fmt.Printf("Receive server message: %s\n", string(buf[:n]))
+}

tls/testtls/tls-double-cert/server.go

@@ -0,0 +1,81 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"github.com/Hyperledger-TWGC/ccs-gm/tls"
+	"github.com/Hyperledger-TWGC/ccs-gm/x509"
+	"io/ioutil"
+	"log"
+	"net"
+)
+
+func main() {
+	const address = "127.0.0.1:6443"
+	const caFile = "../asserts/sm2-double-cert/CA.crt"
+	const signCertFile = "../asserts/sm2-double-cert/SS.crt"
+	const signKeyFile = "../asserts/sm2-double-cert/SS.key"
+	const encCertFile = "../asserts/sm2-double-cert/SE.crt"
+	const encKeyFile = "../asserts/sm2-double-cert/SE.key"
+
+	serverRun(address, caFile, signCertFile, signKeyFile, encCertFile, encKeyFile)
+}
+
+func serverRun(address, caFile, signCertFile, signKeyFile, encCertFile, encKeyFile string) {
+	signCert, err := tls.LoadX509KeyPair(signCertFile, signKeyFile)
+	if err != nil {
+		log.Fatalf("Failed to load LoadX509KeyPair: %v", err)
+	}
+	encCert, err := tls.LoadX509KeyPair(encCertFile, encKeyFile)
+	if err != nil {
+		log.Fatalf("Failed to load LoadX509KeyPair: %v", err)
+	}
+
+	certBytes, err := ioutil.ReadFile(caFile)
+	if err != nil {
+		log.Fatalf("Failed to read certificate file: %v", err)
+	}
+	clientCertPool := x509.NewCertPool()
+	ok := clientCertPool.AppendCertsFromPEM(certBytes)
+	if !ok {
+		log.Fatalln("Failed to parse root certificate")
+	}
+	config := &tls.Config{
+		Certificates: []tls.Certificate{signCert, encCert},
+		ClientAuth:   tls.RequireAndVerifyClientCert,
+		ClientCAs:    clientCertPool,
+		GMSupport:    &tls.GMSupport{},
+	}
+	ln, err := tls.Listen("tcp", address, config)
+	if err != nil {
+		log.Fatalf("Failed to listen: %v", err)
+	} else {
+		log.Println("Starting server...")
+	}
+	defer ln.Close()
+	for {
+		conn, err := ln.Accept()
+		if err != nil {
+			log.Println(err)
+			continue
+		}
+		go handleConn(conn)
+	}
+}
+
+func handleConn(conn net.Conn) {
+	defer conn.Close()
+	r := bufio.NewReader(conn)
+	for {
+		msg, err := r.ReadString('\n')
+		if err != nil {
+			log.Println(err)
+			return
+		}
+		fmt.Printf("Receive client message:%s\n", msg)
+		n, err := conn.Write([]byte("server hello\n"))
+		if err != nil {
+			log.Fatalf("Failed to Write num: %v, err: %v", n, err)
+		}
+	}
+}