crypto/tls: implement X25519Kyber768Draft00

Forced the testConfig CurvePreferences to exclude X25519Kyber768Draft00 to avoid bloating the transcripts, but I manually tested it and the tests all update and pass successfully, causing 7436 insertions(+), 3251 deletions(-). Fixes #67061 Change-Id: If6f13bca561835777ab0889a490487b7c2366c3c Reviewed-on: https://go-review.googlesource.com/c/go/+/586656 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2025-04-03 20:17:36 +03:00 · 2024-05-18 20:15:38 +02:00 · 2024-05-18 20:15:38 +02:00 · a81de4f2e0
commit a81de4f2e0
parent 7e8209f81c
16 changed files with 493 additions and 102 deletions
--- a/tls_test.go
+++ b/tls_test.go
@ -18,6 +18,7 @@ import (
 	"net"
 	"os"
 	"reflect"
+	"slices"
 	"sort"
 	"strings"
 	"testing"
@ -1805,3 +1806,135 @@ func testVerifyCertificates(t *testing.T, version uint16) {
 		})
 	}
 }
+
+func TestHandshakeKyber(t *testing.T) {
+	if x25519Kyber768Draft00.String() != "X25519Kyber768Draft00" {
+		t.Fatalf("unexpected CurveID string: %v", x25519Kyber768Draft00.String())
+	}
+
+	var tests = []struct {
+		name                string
+		clientConfig        func(*Config)
+		serverConfig        func(*Config)
+		preparation         func(*testing.T)
+		expectClientSupport bool
+		expectKyber         bool
+		expectHRR           bool
+	}{
+		{
+			name:                "Default",
+			expectClientSupport: true,
+			expectKyber:         true,
+			expectHRR:           false,
+		},
+		{
+			name: "ClientCurvePreferences",
+			clientConfig: func(config *Config) {
+				config.CurvePreferences = []CurveID{X25519}
+			},
+			expectClientSupport: false,
+		},
+		{
+			name: "ServerCurvePreferencesX25519",
+			serverConfig: func(config *Config) {
+				config.CurvePreferences = []CurveID{X25519}
+			},
+			expectClientSupport: true,
+			expectKyber:         false,
+			expectHRR:           false,
+		},
+		{
+			name: "ServerCurvePreferencesHRR",
+			serverConfig: func(config *Config) {
+				config.CurvePreferences = []CurveID{CurveP256}
+			},
+			expectClientSupport: true,
+			expectKyber:         false,
+			expectHRR:           true,
+		},
+		{
+			name: "ClientTLSv12",
+			clientConfig: func(config *Config) {
+				config.MaxVersion = VersionTLS12
+			},
+			expectClientSupport: false,
+		},
+		{
+			name: "ServerTLSv12",
+			serverConfig: func(config *Config) {
+				config.MaxVersion = VersionTLS12
+			},
+			expectClientSupport: true,
+			expectKyber:         false,
+		},
+		{
+			name: "GODEBUG",
+			preparation: func(t *testing.T) {
+				t.Setenv("GODEBUG", "tlskyber=0")
+			},
+			expectClientSupport: false,
+		},
+	}
+
+	baseConfig := testConfig.Clone()
+	baseConfig.CurvePreferences = nil
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			if test.preparation != nil {
+				test.preparation(t)
+			} else {
+				t.Parallel()
+			}
+			serverConfig := baseConfig.Clone()
+			if test.serverConfig != nil {
+				test.serverConfig(serverConfig)
+			}
+			serverConfig.GetConfigForClient = func(hello *ClientHelloInfo) (*Config, error) {
+				if !test.expectClientSupport && slices.Contains(hello.SupportedCurves, x25519Kyber768Draft00) {
+					return nil, errors.New("client supports Kyber768Draft00")
+				} else if test.expectClientSupport && !slices.Contains(hello.SupportedCurves, x25519Kyber768Draft00) {
+					return nil, errors.New("client does not support Kyber768Draft00")
+				}
+				return nil, nil
+			}
+			clientConfig := baseConfig.Clone()
+			if test.clientConfig != nil {
+				test.clientConfig(clientConfig)
+			}
+			ss, cs, err := testHandshake(t, clientConfig, serverConfig)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if test.expectKyber {
+				if ss.testingOnlyCurveID != x25519Kyber768Draft00 {
+					t.Errorf("got CurveID %v (server), expected %v", ss.testingOnlyCurveID, x25519Kyber768Draft00)
+				}
+				if cs.testingOnlyCurveID != x25519Kyber768Draft00 {
+					t.Errorf("got CurveID %v (client), expected %v", cs.testingOnlyCurveID, x25519Kyber768Draft00)
+				}
+			} else {
+				if ss.testingOnlyCurveID == x25519Kyber768Draft00 {
+					t.Errorf("got CurveID %v (server), expected not Kyber", ss.testingOnlyCurveID)
+				}
+				if cs.testingOnlyCurveID == x25519Kyber768Draft00 {
+					t.Errorf("got CurveID %v (client), expected not Kyber", cs.testingOnlyCurveID)
+				}
+			}
+			if test.expectHRR {
+				if !ss.testingOnlyDidHRR {
+					t.Error("server did not use HRR")
+				}
+				if !cs.testingOnlyDidHRR {
+					t.Error("client did not use HRR")
+				}
+			} else {
+				if ss.testingOnlyDidHRR {
+					t.Error("server used HRR")
+				}
+				if cs.testingOnlyDidHRR {
+					t.Error("client used HRR")
+				}
+			}
+		})
+	}
+}