btls/boring/src/ssl/test/ech.rs at 6fbd27d92b52df35a229053ac9e26eb52d18de0f · 0x676e67/btls · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
use crate::hpke::HpkeKey;
use crate::ssl::ech::SslEchKeys;
use crate::ssl::test::server::{ClientSslBuilder, Server};
use crate::ssl::HandshakeError;

// For future reference, these configs are generated by building the bssl tool (the binary is built
// alongside boringssl) and running the following command:
//
// ./bssl generate-ech -out-ech-config-list ./list -out-ech-config ./config -out-private-key ./key
// -public-name ech.com -config-id 1
static ECH_CONFIG_LIST: &[u8] = include_bytes!("../../../test/echconfiglist");
static ECH_CONFIG: &[u8] = include_bytes!("../../../test/echconfig");
static ECH_KEY: &[u8] = include_bytes!("../../../test/echkey");

static ECH_CONFIG_2: &[u8] = include_bytes!("../../../test/echconfig-2");
static ECH_KEY_2: &[u8] = include_bytes!("../../../test/echkey-2");

fn bootstrap_ech(config: &[u8], key: &[u8], list: &[u8]) -> (Server, ClientSslBuilder) {
    let server = {
        let key = HpkeKey::dhkem_p256_sha256(key).unwrap();
        let mut ech_keys_builder = SslEchKeys::builder().unwrap();
        ech_keys_builder.add_key(true, config, key).unwrap();
        let ech_keys = ech_keys_builder.build();

        let mut builder = Server::builder();
        builder.ctx().set_ech_keys(&ech_keys).unwrap();

        builder.build()
    };

    let mut client = server.client_with_root_ca().build().builder();
    client.ssl().set_ech_config_list(list).unwrap();
    client.ssl().set_hostname("foobar.com").unwrap();

    (server, client)
}

#[test]
fn ech() {
    let (_server, client) = bootstrap_ech(ECH_CONFIG, ECH_KEY, ECH_CONFIG_LIST);

    let ssl_stream = client.connect();
    assert!(ssl_stream.ssl().ech_accepted())
}

#[test]
fn ech_rejection() {
    // Server is initialized using `ECH_CONFIG_2`, so using `ECH_CONFIG_LIST` instead of
    // `ECH_CONFIG_LIST_2` should trigger rejection.
    let (_server, client) = bootstrap_ech(ECH_CONFIG_2, ECH_KEY_2, ECH_CONFIG_LIST);

    let HandshakeError::Failure(failed_ssl_stream) = client.connect_err() else {
        panic!("wrong HandshakeError failure variant!");
    };
    assert_eq!(
        failed_ssl_stream.ssl().get_ech_name_override(),
        Some(b"ech.com".to_vec().as_ref())
    );
    assert!(failed_ssl_stream.ssl().get_ech_retry_configs().is_some());
    assert!(!failed_ssl_stream.ssl().ech_accepted())
}

#[test]
fn ech_grease() {
    let server = Server::builder().build();

    let mut client = server.client_with_root_ca().build().builder();
    // Verified with a pcap locally that the ECH extension gets sent due to GREASE
    client.ssl().set_enable_ech_grease(true);

    let ssl_stream = client.connect();
    assert!(!ssl_stream.ssl().ech_accepted())
}