Test all supported curves (including those off by default).

Change-Id: I54b2b354ab3d227305f829839e82e7ae7292fd7d Reviewed-on: https://boringssl-review.googlesource.com/6774 Reviewed-by: Adam Langley <agl@google.com>
2015-12-18 20:55:44 -05:00 · 2015-12-18 20:55:44 -05:00 · 8c2b3bf965
commit 8c2b3bf965
parent fc8251258d
4 changed files with 44 additions and 0 deletions
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@ -1237,6 +1237,15 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx,
      return false;
    }
  }
+  if (config->enable_all_curves) {
+    static const int kAllCurves[] = {
+        NID_secp224r1, NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1,
+    };
+    if (!SSL_set1_curves(ssl.get(), kAllCurves,
+                         sizeof(kAllCurves) / sizeof(kAllCurves[0]))) {
+      return false;
+    }
+  }

  int sock = Connect(config->port);
  if (sock == -1) {
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@ -4618,6 +4618,38 @@ func addRSAClientKeyExchangeTests() {
 	}
 }

+var testCurves = []struct {
+	name string
+	id   CurveID
+}{
+	{"P-224", CurveP224},
+	{"P-256", CurveP256},
+	{"P-384", CurveP384},
+	{"P-521", CurveP521},
+}
+
+func addCurveTests() {
+	for _, curve := range testCurves {
+		testCases = append(testCases, testCase{
+			name: "CurveTest-Client-" + curve.name,
+			config: Config{
+				CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+				CurvePreferences: []CurveID{curve.id},
+			},
+			flags: []string{"-enable-all-curves"},
+		})
+		testCases = append(testCases, testCase{
+			testType: serverTest,
+			name:     "CurveTest-Server-" + curve.name,
+			config: Config{
+				CipherSuites:     []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+				CurvePreferences: []CurveID{curve.id},
+			},
+			flags: []string{"-enable-all-curves"},
+		})
+	}
+}
+
 func worker(statusChan chan statusMsg, c chan *testCase, shimPath string, wg *sync.WaitGroup) {
 	defer wg.Done()

@ -4715,6 +4747,7 @@ func main() {
 	addTLSUniqueTests()
 	addCustomExtensionTests()
 	addRSAClientKeyExchangeTests()
+	addCurveTests()
 	for _, async := range []bool{false, true} {
 		for _, splitHandshake := range []bool{false, true} {
 			for _, protocol := range []protocol{tls, dtls} {
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@ -96,6 +96,7 @@ const Flag<bool> kBoolFlags[] = {
  { "-renegotiate-ignore", &TestConfig::renegotiate_ignore },
  { "-disable-npn", &TestConfig::disable_npn },
  { "-p384-only", &TestConfig::p384_only },
+  { "-enable-all-curves", &TestConfig::enable_all_curves },
  { "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime },
 };

--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@ -99,6 +99,7 @@ struct TestConfig {
  bool disable_npn = false;
  int expect_server_key_exchange_hash = 0;
  bool p384_only = false;
+  bool enable_all_curves = false;
  bool use_sparse_dh_prime = false;
 };