Test that client curve preferences are enforced.
Change-Id: Idc8ac43bd59607641ac2ad0b7179b2f942c0b0ce
Reviewed-on: https://boringssl-review.googlesource.com/4403
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index df0db4d..abed611 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -97,6 +97,7 @@
type CurveID uint16
const (
+ CurveP224 CurveID = 21
CurveP256 CurveID = 23
CurveP384 CurveID = 24
CurveP521 CurveID = 25
@@ -687,6 +688,10 @@
// signature algorithm preferences to be ignored.
IgnorePeerSignatureAlgorithmPreferences bool
+ // IgnorePeerCurvePreferences, if true, causes the peer's curve
+ // preferences to be ignored.
+ IgnorePeerCurvePreferences bool
+
// SendWarningAlerts, if non-zero, causes every record to be prefaced by
// a warning alert.
SendWarningAlerts alert
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 46e0fb0..e18cf22 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -215,6 +215,9 @@
supportedCurve := false
preferredCurves := config.curvePreferences()
+ if config.Bugs.IgnorePeerCurvePreferences {
+ hs.clientHello.supportedCurves = preferredCurves
+ }
Curves:
for _, curve := range hs.clientHello.supportedCurves {
for _, supported := range preferredCurves {
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index 5b88f0f..5e44b54 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -234,6 +234,8 @@
func curveForCurveID(id CurveID) (elliptic.Curve, bool) {
switch id {
+ case CurveP224:
+ return elliptic.P224(), true
case CurveP256:
return elliptic.P256(), true
case CurveP384:
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index ce0271f..8178def 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -915,6 +915,20 @@
expectedError: ":WRONG_CIPHER_RETURNED:",
},
{
+ name: "UnsupportedCurve",
+ config: Config{
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ // BoringSSL implements P-224 but doesn't enable it by
+ // default.
+ CurvePreferences: []CurveID{CurveP224},
+ Bugs: ProtocolBugs{
+ IgnorePeerCurvePreferences: true,
+ },
+ },
+ shouldFail: true,
+ expectedError: ":WRONG_CURVE:",
+ },
+ {
name: "SendWarningAlerts",
config: Config{
Bugs: ProtocolBugs{