Skip to content

Commit 24003a0

Browse files
rushilmehrakornelski
rushilmehra
authored and
kornelski
committed
Clean up ECH tests
1 parent 5af8291 commit 24003a0

File tree

1 file changed

+14
-21
lines changed

1 file changed

+14
-21
lines changed

boring/src/ssl/test/ech.rs

Lines changed: 14 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
use crate::hpke::HpkeKey;
22
use crate::ssl::ech::SslEchKeys;
3-
use crate::ssl::test::Server;
3+
use crate::ssl::test::server::{ClientSslBuilder, Server};
44
use crate::ssl::HandshakeError;
55

66
// For future reference, these configs are generated by building the bssl tool (the binary is built
@@ -15,12 +15,11 @@ static ECH_KEY: &[u8] = include_bytes!("../../../test/echkey");
1515
static ECH_CONFIG_2: &[u8] = include_bytes!("../../../test/echconfig-2");
1616
static ECH_KEY_2: &[u8] = include_bytes!("../../../test/echkey-2");
1717

18-
#[test]
19-
fn ech() {
18+
fn bootstrap_ech(config: &[u8], key: &[u8], list: &[u8]) -> (Server, ClientSslBuilder) {
2019
let server = {
21-
let key = HpkeKey::dhkem_p256_sha256(ECH_KEY).unwrap();
20+
let key = HpkeKey::dhkem_p256_sha256(key).unwrap();
2221
let mut ech_keys = SslEchKeys::new().unwrap();
23-
ech_keys.add_key(true, ECH_CONFIG, key).unwrap();
22+
ech_keys.add_key(true, config, key).unwrap();
2423

2524
let mut builder = Server::builder();
2625
builder.ctx().set_ech_keys(ech_keys).unwrap();
@@ -29,35 +28,29 @@ fn ech() {
2928
};
3029

3130
let mut client = server.client_with_root_ca().build().builder();
32-
client.ssl().set_ech_config_list(ECH_CONFIG_LIST).unwrap();
31+
client.ssl().set_ech_config_list(list).unwrap();
3332
client.ssl().set_hostname("foobar.com").unwrap();
3433

34+
(server, client)
35+
}
36+
37+
#[test]
38+
fn ech() {
39+
let (_server, client) = bootstrap_ech(ECH_CONFIG, ECH_KEY, ECH_CONFIG_LIST);
40+
3541
let ssl_stream = client.connect();
3642
assert!(ssl_stream.ssl().ech_accepted())
3743
}
3844

3945
#[test]
4046
fn ech_rejection() {
41-
let server = {
42-
let key = HpkeKey::dhkem_p256_sha256(ECH_KEY_2).unwrap();
43-
let mut ech_keys = SslEchKeys::new().unwrap();
44-
ech_keys.add_key(true, ECH_CONFIG_2, key).unwrap();
45-
46-
let mut builder = Server::builder();
47-
builder.ctx().set_ech_keys(ech_keys).unwrap();
48-
49-
builder.build()
50-
};
51-
52-
let mut client = server.client_with_root_ca().build().builder();
5347
// Server is initialized using `ECH_CONFIG_2`, so using `ECH_CONFIG_LIST` instead of
5448
// `ECH_CONFIG_LIST_2` should trigger rejection.
55-
client.ssl().set_ech_config_list(ECH_CONFIG_LIST).unwrap();
56-
client.ssl().set_hostname("foobar.com").unwrap();
49+
let (_server, client) = bootstrap_ech(ECH_CONFIG_2, ECH_KEY_2, ECH_CONFIG_LIST);
50+
5751
let HandshakeError::Failure(failed_ssl_stream) = client.connect_err() else {
5852
panic!("wrong HandshakeError failure variant!");
5953
};
60-
6154
assert_eq!(
6255
failed_ssl_stream.ssl().get_ech_name_override(),
6356
Some(b"ech.com".to_vec().as_ref())

0 commit comments

Comments
 (0)