Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bogo: implement most client-side ECH tests
Getting bogo test coverage working for ECH requires taking a (temporary) dev-dep. on the provider-example crate so we can use the Rust Crypto HPKE provider. This in turn means that we now have two Rustls versions in tree, the src crate and the older version being used by the provider example by way of hickory-dns. This will fall away when proper HPKE support is implemented with one/both built-in crypto providers but in the meantime requires some small adjustments in CI and the runme script. In general the scope of a proper HPKE impl will be much less invasive than implementing ECH so we can use this hack for now and revisit shortly. The bogo shim also requires some updates to support new command line flags. Additionally in order to be able to assert some details in errors (e.g. that an ECH required err contained expected retry configs) we have to pipe the `Options` struct deeper into the client/server processing logic. Beyond these changes, it's worth discussing the ignored tests: First and foremost, we're ignoring all of the ECH bogo tests when running w/ aws-lc-rs as the crypto provider. I'm not sure why yet, but there's a panic from the HKDF code with that provider. This needs to be investigated. There are also 5 tests ignored when testing w/ ring that need further investigation. I think they're bugs in our impl: "TLS-ECH-Client-EarlyData": This is a TODO; we generate an unexpected bad MAC error. "TLS-ECH-Client-Reject-HelloRetryRequest": This is a TODO; we end up with no retry configs in our error when there should be some. "TLS-ECH-Client-Reject-ResumeInnerSession-TLS13": This is a TODO; we reject ECH when the test expects to get an unexpected extension error. "TLS-ECH-GREASE-Client-TLS13-HelloRetryRequest" "TLS-ECH-Client-GREASE-IgnoreHRRExtension": These are a TODO; these both give an unexpected extension change error (the ECH ext). I think it's a bug with GREASE + HRR? We also ignore a handful of other tests, but not because I think we have any bugs. They're either not applicable, or need upstream bogo fixes. "TLS-ECH-Server*": We ignore all the TLS-ECH-Server tests. We haven't implemented server side ECH yet "TLS-ECH-Client-ExpectECHOuterExtensions" "TLS-ECH-Client-CompressSupportedVersions": These rely on extension compression between inner/outer hellos. NYI. "TLS-ECH-Client-SelectECHConfig" "TLS-ECH-Client-NoSupportedConfigs" These are meant to test unsupported configs are handled correctly: we happen to support the HPKE ciphersuites that make them "unsupported". There's a fix for this upstream we can take later. "TLS-ECH-Client-SkipInvalidPublicName*": Our name validation allows underscores in names. We also don't fallback to GREASE when there are no valid ECH configs. "TLS-ECH-Client-NoSupportedConfigs-GREASE": We don't fallback to GREASE for no ECH configs. "TLS-ECH-Client-TLS12-RejectRetryConfigs" "TLS-ECH-Client-Reject-NoClientCertificate-TLS12" "TLS-ECH-Client-Reject-TLS12" "TLS-ECH-Client-Reject-ResumeInnerSession-TLS12" "TLS-ECH-GREASE-Client-TLS12-RejectRetryConfigs" "TLS-ECH-Client-Reject-EarlyDataRejected-TLS12" "TLS-ECH-Client-Reject-NoClientCertificate-TLS12-Async" We never offer/support TLS 1.2 when using ECH. There's no fallback to plaintext or GREASE for a server that won't support TLS 1.3
- Loading branch information