Test that client curve preferences are enforced. Change-Id: Idc8ac43bd59607641ac2ad0b7179b2f942c0b0ce Reviewed-on: https://boringssl-review.googlesource.com/4403 Reviewed-by: Adam Langley <agl@google.com>

commit: c574f4114da9c4b1a5fed3611bd4d414ea1850ec [log] [tgz]
author: David Benjamin <davidben@chromium.org> Mon Apr 20 11:13:01 2015 -0400
committer: Adam Langley <agl@google.com> Mon Apr 20 18:59:15 2015 +0000
tree: f9a7f190be54ba406e47ff9659d04e7c60379218
parent: 4b0afdd220ffccf66069413f29702dd22634d461 [diff]
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index df0db4d..abed611 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -97,6 +97,7 @@
 type CurveID uint16
 
 const (
+	CurveP224 CurveID = 21
 	CurveP256 CurveID = 23
 	CurveP384 CurveID = 24
 	CurveP521 CurveID = 25
@@ -687,6 +688,10 @@
 	// signature algorithm preferences to be ignored.
 	IgnorePeerSignatureAlgorithmPreferences bool
 
+	// IgnorePeerCurvePreferences, if true, causes the peer's curve
+	// preferences to be ignored.
+	IgnorePeerCurvePreferences bool
+
 	// SendWarningAlerts, if non-zero, causes every record to be prefaced by
 	// a warning alert.
 	SendWarningAlerts alert

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index 46e0fb0..e18cf22 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -215,6 +215,9 @@
 
 	supportedCurve := false
 	preferredCurves := config.curvePreferences()
+	if config.Bugs.IgnorePeerCurvePreferences {
+		hs.clientHello.supportedCurves = preferredCurves
+	}
 Curves:
 	for _, curve := range hs.clientHello.supportedCurves {
 		for _, supported := range preferredCurves {

diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index 5b88f0f..5e44b54 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go

@@ -234,6 +234,8 @@
 
 func curveForCurveID(id CurveID) (elliptic.Curve, bool) {
 	switch id {
+	case CurveP224:
+		return elliptic.P224(), true
 	case CurveP256:
 		return elliptic.P256(), true
 	case CurveP384:

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index ce0271f..8178def 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go

@@ -915,6 +915,20 @@
 		expectedError: ":WRONG_CIPHER_RETURNED:",
 	},
 	{
+		name: "UnsupportedCurve",
+		config: Config{
+			CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+			// BoringSSL implements P-224 but doesn't enable it by
+			// default.
+			CurvePreferences: []CurveID{CurveP224},
+			Bugs: ProtocolBugs{
+				IgnorePeerCurvePreferences: true,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":WRONG_CURVE:",
+	},
+	{
 		name: "SendWarningAlerts",
 		config: Config{
 			Bugs: ProtocolBugs{
commit	c574f4114da9c4b1a5fed3611bd4d414ea1850ec	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Mon Apr 20 11:13:01 2015 -0400
committer	Adam Langley <agl@google.com>	Mon Apr 20 18:59:15 2015 +0000
tree	f9a7f190be54ba406e47ff9659d04e7c60379218
parent	4b0afdd220ffccf66069413f29702dd22634d461 [diff]