Google Git
Sign in
go / net / 603e3e63901aff21959a4e046f2c573d3643f3be^! / .
commit603e3e63901aff21959a4e046f2c573d3643f3be[log] [tgz]
authorDamien Neil <dneil@google.com>Mon Jun 03 08:24:18 2024 -0700
committerGopher Robot <gobot@golang.org>Mon Jun 03 16:01:40 2024 +0000
treee335ff686c8899b6fece12740c2a0dc0641b2af0
parent67e8d0c95dfddd8837d007806e29c9301cf46b2f [diff]
quic: disable X25519Kyber768Draft00 in tests

Enabling this bloats the TLS handshake so flights no longer
fit in a single datagram. Disable it in tests. Add a test
using the crypto/tls defaults, to ensure we do handshake
properly with them.

Fixes golang/go#67783

Change-Id: I521188e7b5a313e9289e726935e5b26994090b4a
Reviewed-on: https://go-review.googlesource.com/c/net/+/589855
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

diff --git a/quic/endpoint_test.go b/quic/endpoint_test.go
index d5f436e..3cba142 100644
--- a/quic/endpoint_test.go
+++ b/quic/endpoint_test.go

@@ -23,6 +23,12 @@
 	newLocalConnPair(t, &Config{}, &Config{})
 }
 
+func TestConnectDefaultTLSConfig(t *testing.T) {
+	serverConfig := newTestTLSConfigWithMoreDefaults(serverSide)
+	clientConfig := newTestTLSConfigWithMoreDefaults(clientSide)
+	newLocalConnPair(t, &Config{TLSConfig: serverConfig}, &Config{TLSConfig: clientConfig})
+}
+
 func TestStreamTransfer(t *testing.T) {
 	ctx := context.Background()
 	cli, srv := newLocalConnPair(t, &Config{}, &Config{})

diff --git a/quic/tlsconfig_test.go b/quic/tlsconfig_test.go
index 47bfb05..5ed9818 100644
--- a/quic/tlsconfig_test.go
+++ b/quic/tlsconfig_test.go

@@ -20,6 +20,13 @@
 			tls.TLS_CHACHA20_POLY1305_SHA256,
 		},
 		MinVersion: tls.VersionTLS13,
+		// Default key exchange mechanisms as of Go 1.23 minus X25519Kyber768Draft00,
+		// which bloats the client hello enough to spill into a second datagram.
+		// Tests were written with the assuption each flight in the handshake
+		// fits in one datagram, and it's simpler to keep that property.
+		CurvePreferences: []tls.CurveID{
+			tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521,
+		},
 	}
 	if side == serverSide {
 		config.Certificates = []tls.Certificate{testCert}
@@ -27,6 +34,18 @@
 	return config
 }
 
+// newTestTLSConfigWithMoreDefaults returns a *tls.Config for testing
+// which behaves more like a default, empty config.
+//
+// In particular, it uses the default curve preferences, which can increase
+// the size of the handshake.
+func newTestTLSConfigWithMoreDefaults(side connSide) *tls.Config {
+	config := newTestTLSConfig(side)
+	config.CipherSuites = nil
+	config.CurvePreferences = nil
+	return config
+}
+
 var testCert = func() tls.Certificate {
 	cert, err := tls.X509KeyPair(localhostCert, localhostKey)
 	if err != nil {