Make it possible to tell what curve was used on the server.
We don't actually have an API to let you know if the value is legal to
interpret as a curve ID. (This was kind of a poor API. Oh well.) Also add tests
for key_exchange_info. I've intentionally left server-side plain RSA missing
for now because the SSL_PRIVATE_KEY_METHOD abstraction only gives you bytes and
it's probably better to tweak this API instead.
(key_exchange_info also wasn't populated on the server, though due to a
rebasing error, that fix ended up in the parent CL. Oh well.)
Change-Id: I74a322c8ad03f25b02059da7568c9e1a78419069
Reviewed-on: https://boringssl-review.googlesource.com/6783
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 5600ec6..45bb0b7 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -4670,6 +4670,61 @@
}
}
+func addKeyExchangeInfoTests() {
+ testCases = append(testCases, testCase{
+ name: "KeyExchangeInfo-RSA-Client",
+ config: Config{
+ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
+ },
+ // key.pem is a 1024-bit RSA key.
+ flags: []string{"-expect-key-exchange-info", "1024"},
+ })
+ // TODO(davidben): key_exchange_info doesn't work for plain RSA on the
+ // server. Either fix this or change the API as it's not very useful in
+ // this case.
+
+ testCases = append(testCases, testCase{
+ name: "KeyExchangeInfo-DHE-Client",
+ config: Config{
+ CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
+ Bugs: ProtocolBugs{
+ // This is a 1234-bit prime number, generated
+ // with:
+ // openssl gendh 1234 | openssl asn1parse -i
+ DHGroupPrime: bigFromHex("0215C589A86BE450D1255A86D7A08877A70E124C11F0C75E476BA6A2186B1C830D4A132555973F2D5881D5F737BB800B7F417C01EC5960AEBF79478F8E0BBB6A021269BD10590C64C57F50AD8169D5488B56EE38DC5E02DA1A16ED3B5F41FEB2AD184B78A31F3A5B2BEC8441928343DA35DE3D4F89F0D4CEDE0034045084A0D1E6182E5EF7FCA325DD33CE81BE7FA87D43613E8FA7A1457099AB53"),
+ },
+ },
+ flags: []string{"-expect-key-exchange-info", "1234"},
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "KeyExchangeInfo-DHE-Server",
+ config: Config{
+ CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
+ },
+ // bssl_shim as a server configures a 2048-bit DHE group.
+ flags: []string{"-expect-key-exchange-info", "2048"},
+ })
+
+ testCases = append(testCases, testCase{
+ name: "KeyExchangeInfo-ECDHE-Client",
+ config: Config{
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ CurvePreferences: []CurveID{CurveX25519},
+ },
+ flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
+ })
+ testCases = append(testCases, testCase{
+ testType: serverTest,
+ name: "KeyExchangeInfo-ECDHE-Server",
+ config: Config{
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ CurvePreferences: []CurveID{CurveX25519},
+ },
+ flags: []string{"-expect-key-exchange-info", "29", "-enable-all-curves"},
+ })
+}
+
func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
defer wg.Done()
@@ -4768,6 +4823,7 @@
addCustomExtensionTests()
addRSAClientKeyExchangeTests()
addCurveTests()
+ addKeyExchangeInfoTests()
for _, async := range []bool{false, true} {
for _, splitHandshake := range []bool{false, true} {
for _, protocol := range []protocol{tls, dtls} {