Bug 1725938 - Update tests for ECH-13. r=mt

* Add a new test helper function for creating an ECH Config/ * Update ECH Config tests to dynamically generate their configs. * Regenerate tests using fixed ClientHello configs for ECH-13. * Add test for recursive ECH Outer Extensions. * Add test for ECH Inner Extension with payload (should be empty). * Add test to ensure AAD covers both before and after ECH extension. Differential Revision: https://phabricator.services.mozilla.com/D130698
author: Dennis Jackson <djackson@mozilla.com> 2021-12-17 13:21:31 +0000
committer: Dennis Jackson <djackson@mozilla.com> 2021-12-17 13:21:31 +0000
commit: f3b237c055e5eafa680d70ad3c379885a3cec2be (patch)
tree: db03bac5998d2d8af74142c3ed24e7bcad3eecf3 /gtests/ssl_gtest
parent: 25d51dbcdfc6760321897cf98eca631b74aff93e (diff)
download: nss-hg-f3b237c055e5eafa680d70ad3c379885a3cec2be.tar.gz
1 files changed, 274 insertions, 207 deletions
diff --git a/gtests/ssl_gtest/tls_ech_unittest.cc b/gtests/ssl_gtest/tls_ech_unittest.cc
index 42a517ae3..5dd612d11 100644
--- a/gtests/ssl_gtest/tls_ech_unittest.cc
+++ b/gtests/ssl_gtest/tls_ech_unittest.cc
@@ -12,6 +12,7 @@
 #include "tls_agent.h"
 #include "tls_connect.h"
 #include "util.h"
+#include "tls13ech.h"
 
 namespace nss_test {
 
@@ -243,34 +244,44 @@ static void CheckCertVerifyPublicName(TlsAgent* agent) {
   }
 }
 
-static SECStatus AuthCompleteSuccess(TlsAgent* agent, PRBool, PRBool) {
-  CheckCertVerifyPublicName(agent);
-  return SECSuccess;
-}
-
 static SECStatus AuthCompleteFail(TlsAgent* agent, PRBool, PRBool) {
   CheckCertVerifyPublicName(agent);
   return SECFailure;
 }
 
-TEST_P(TlsAgentEchTest, DISABLED_EchConfigsSupportedYesNo) {
+// Given two EchConfigList structures, e.g. from GenerateEchConfig, construct
+// a single list containing all entries.
+static DataBuffer MakeEchConfigList(DataBuffer config1, DataBuffer config2) {
+  DataBuffer sizedConfigListBuffer;
+
+  sizedConfigListBuffer.Write(2, config1.data() + 2, config1.len() - 2);
+  sizedConfigListBuffer.Write(sizedConfigListBuffer.len(), config2.data() + 2,
+                              config2.len() - 2);
+  sizedConfigListBuffer.Write(0, sizedConfigListBuffer.len() - 2, 2);
+
+  PR_ASSERT(sizedConfigListBuffer.len() == config1.len() + config2.len() - 2);
+  return sizedConfigListBuffer;
+}
+
+TEST_P(TlsAgentEchTest, EchConfigsSupportedYesNo) {
   if (variant_ == ssl_variant_datagram) {
     GTEST_SKIP();
   }
-
+  ScopedSECKEYPublicKey pub;
+  ScopedSECKEYPrivateKey priv;
   // ECHConfig 2 cipher_suites are unsupported.
-  const std::string mixed =
-      "0088FE0A004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA"
-      "7783B6B457F756000800010003000100010064000B7075626C69632E6E616D650000FE0A"
-      "004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA7783B6B4"
-      "57F75600080001FFFFFFFF00010064000B7075626C69632E6E616D650000";
-  std::vector<uint8_t> config = hex_string_to_bytes(mixed);
-  DataBuffer echconfig(config.data(), config.size());
-
+  DataBuffer config1;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kSuiteAes,
+                                        kPublicName, 100, config1, pub, priv);
+  DataBuffer config2;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kBogusSuite,
+                                        kPublicName, 100, config2, pub, priv);
   EnsureInit();
   EXPECT_EQ(SECSuccess, SSL_EnableTls13GreaseEch(agent_->ssl_fd(),
                                                  PR_FALSE));  // Don't GREASE
-  InstallEchConfig(echconfig, 0);
+
+  DataBuffer sizedConfigListBuffer = MakeEchConfigList(config1, config2);
+  InstallEchConfig(sizedConfigListBuffer, 0);
   auto filter = MakeTlsFilter<TlsExtensionCapture>(
       agent_, ssl_tls13_encrypted_client_hello_xtn);
   agent_->Handshake();
@@ -278,24 +289,24 @@ TEST_P(TlsAgentEchTest, DISABLED_EchConfigsSupportedYesNo) {
   ASSERT_TRUE(filter->captured());
 }
 
-TEST_P(TlsAgentEchTest, DISABLED_EchConfigsSupportedNoYes) {
+TEST_P(TlsAgentEchTest, EchConfigsSupportedNoYes) {
   if (variant_ == ssl_variant_datagram) {
     GTEST_SKIP();
   }
-
+  ScopedSECKEYPublicKey pub;
+  ScopedSECKEYPrivateKey priv;
+  DataBuffer config2;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kSuiteAes,
+                                        kPublicName, 100, config2, pub, priv);
+  DataBuffer config1;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kBogusSuite,
+                                        kPublicName, 100, config1, pub, priv);
   // ECHConfig 1 cipher_suites are unsupported.
-  const std::string mixed =
-      "0088FE0A004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA"
-      "7783B6B457F75600080001FFFFFFFF00010064000B7075626C69632E6E616D650000FE0A"
-      "004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA7783B6B4"
-      "57F756000800010003000100010064000B7075626C69632E6E616D650000";
-  std::vector<uint8_t> config = hex_string_to_bytes(mixed);
-  DataBuffer echconfig(config.data(), config.size());
-
+  DataBuffer sizedConfigListBuffer = MakeEchConfigList(config1, config2);
   EnsureInit();
   EXPECT_EQ(SECSuccess, SSL_EnableTls13GreaseEch(agent_->ssl_fd(),
                                                  PR_FALSE));  // Don't GREASE
-  InstallEchConfig(echconfig, 0);
+  InstallEchConfig(sizedConfigListBuffer, 0);
   auto filter = MakeTlsFilter<TlsExtensionCapture>(
       agent_, ssl_tls13_encrypted_client_hello_xtn);
   agent_->Handshake();
@@ -308,19 +319,20 @@ TEST_P(TlsAgentEchTest, EchConfigsSupportedNoNo) {
     GTEST_SKIP();
   }
 
+  ScopedSECKEYPublicKey pub;
+  ScopedSECKEYPrivateKey priv;
+  DataBuffer config2;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kBogusSuite,
+                                        kPublicName, 100, config2, pub, priv);
+  DataBuffer config1;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kBogusSuite,
+                                        kPublicName, 100, config1, pub, priv);
   // ECHConfig 1 and 2 cipher_suites are unsupported.
-  const std::string unsupported =
-      "0088FE0A004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA"
-      "7783B6B457F75600080001FFFF0001FFFF0064000B7075626C69632E6E616D650000FE0A"
-      "004000002000203BB6D46C201B820F1AE4AFD4DEC304444156E4E04D1BF0FFDA7783B6B4"
-      "57F7560008FFFF0003FFFF00010064000B7075626C69632E6E616D650000";
-  std::vector<uint8_t> config = hex_string_to_bytes(unsupported);
-  DataBuffer echconfig(config.data(), config.size());
-
+  DataBuffer sizedConfigListBuffer = MakeEchConfigList(config1, config2);
   EnsureInit();
   EXPECT_EQ(SECSuccess, SSL_EnableTls13GreaseEch(agent_->ssl_fd(),
                                                  PR_FALSE));  // Don't GREASE
-  InstallEchConfig(echconfig, SEC_ERROR_INVALID_ARGS);
+  InstallEchConfig(sizedConfigListBuffer, SEC_ERROR_INVALID_ARGS);
   auto filter = MakeTlsFilter<TlsExtensionCapture>(
       agent_, ssl_tls13_encrypted_client_hello_xtn);
   agent_->Handshake();
@@ -639,174 +651,221 @@ TEST_F(TlsConnectStreamTls13Ech, EchFixedConfig) {
 // Test an encoded ClientHelloInner containing an extra extensionType
 // in outer_extensions, for which there is no corresponding (uncompressed)
 // extension in ClientHelloOuter.
-TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchOuterExtensionsReferencesMissing) {
+TEST_F(TlsConnectStreamTls13Ech, EchOuterExtensionsReferencesMissing) {
   // Construct this by prepending 0xabcd to ssl_tls13_outer_extensions_xtn.
   std::string ch =
-      "01000200030341a6813ccf3eefc2deb9c78f7627715ae343f5236e7224f454c723c93e0b"
-      "d875000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff"
+      "010001fc030390901d039ca83262d9115a5f98f43ddb2553241a8de5c46d9f118c4c29c2"
+      "64bc000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
       "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
-      "00200573a70286658ad4bc166d8f5f237f035714ba5ae4e838c077677ccb6d619813002b"
+      "00206df5f908d1c02320e246694c765d5ec1c0f7d7aef2b1b00b17c36331623d332d002b"
       "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
-      "020101001c00024001001500aa0000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
+      "020101001c00024001fe0d00f900000100034d00209a4f67b0744d1fba23aa4bacfadb2a"
+      "c706562dae04d80a83ae668a6f2dd6ef2700cfab1671182341df246d66c3aca873e8c714"
+      "bc2b1c3b576653609533c486df0bdcf63ab4e4e7d0b67fadf4e3504eec96f72e6778b15d"
+      "69c9a9594a041348a7130f67a1a7cac796a0e6d6fca505438355278a9a8fd55e44218441"
+      "9927a1e084ac7d7adeb2f0c19faafba430876bf0cdf4d195b2d06428b3de13120f65748a"
+      "468f8997a2c3bf1dd7f3996a0f2c70dea6c88149df182b3c3b78a8da8bb709a9ed9d77c6"
+      "5dc09accdfeb66c90db26b99a35052a8cbaf7bb9307a1e17d90a7aa9f768f5f446559d08"
+      "69bccc83eda9d2b347a00015004200000000000000000000000000000000000000000000"
       "000000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000";
+  ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
+                             SSL_ERROR_RX_MALFORMED_ECH_EXTENSION,
+                             SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+TEST_F(TlsConnectStreamTls13Ech, EchOuterExtensionsInsideInner) {
+  // Construct this by appending ssl_tls13_outer_extensions_xtn to the
+  // references in
+  // ssl_tls13_outer_extensions_xtn.
+  std::string ch =
+      "010001fc03035e2268bc7133079cd33eb088253393e561d80c5ee6f9a238aff022e1e10d"
+      "4c82000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
+      "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
+      "00200e071fd982854d50236ed0e4e7981460840f03d03fd84b44c409fe486203b252002b"
+      "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
+      "020101001c00024001fe0d00f900000100034d002099a032502ea4fd3c85b858ae1c59df"
+      "6a374f3698ed6bca188cf75c432c78cf5a00cf28dde32de7ade40abb16d550c1eec3dad4"
+      "a03c85efb95ec605837deae92a419285116e5cb8223ea53cff2b605e66f28e96d37e9b4e"
+      "3035fb1cfa125fa053d6770091b5731c9fb03e872a82991dfdd24ad8399fcc76db7fadba"
+      "029e064beb02c1282684a93e777bcefbca3dd143dfc225d2e65c80dbf3819ebda288e32c"
+      "3a1f8a27bb3aa9480dee2a4307073da3e15ee03dba386223d9399ad796af80c646f85406"
+      "282c34fd9406d25752087f08140e1be834e8a149f0bebfc2b3db16ccba83c37051e2e75d"
+      "e8a4e999ef385c74c96d0015004200000000000000000000000000000000000000000000"
       "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000fe0a0095000100034d00209c68779a77e4bac0e9f39c2974b1900de044ae1510bf"
-      "d34fb5120a2a9d039607006c76c4571099733157eb8614ef2ad6049372e9fdf740f8ad4f"
-      "d24723702c9104a38ecc366eea78b0285422b3f119fc057e2282433a74d8c56b2135c785"
-      "bd5d01f89b2dbb42aa9a609eb1c6dd89252fa04cf8fbc4097e9c85da1e3eeebc188bbe16"
-      "db1166f6df1a0c7c6e0dce71";
+      "0000000000000000";
   ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
                              SSL_ERROR_RX_MALFORMED_ECH_EXTENSION,
                              SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
-TEST_F(TlsConnectStreamTls13Ech,
-       DISABLED_EchOuterExtensionsDuplicateReference) {
+TEST_F(TlsConnectStreamTls13Ech, EchOuterExtensionsDuplicateReference) {
   // Construct this by altering tls13_ConstructInnerExtensionsFromOuter to have
-  // each extension inserted in the reference list twice.
+  // each extension inserted in the reference list twice and running the
+  // EchFixedConfig test.
   std::string ch =
-      "01000200030369b46d6cba0a22f27e00a5628ce5f6994c1e7a43d607f94240d5eb27eb"
-      "1f49e7000006130113031302010001d100000010000e00000b7075626c69632e6e616d"
-      "65ff01000100000a00140012001d001700180019010001010102010301040033002600"
-      "24001d002094db7cc55ed53e48fea26fde806eac58f7b7f77f1ceab1d0ab07501f3794"
-      "f61d002b0003020304000d001800160403050306030203080408050806040105010601"
-      "0201002d00020101001c00024001001500a00000000000000000000000000000000000"
-      "0000000000000000000000000000000000000000000000000000000000000000000000"
-      "0000000000000000000000000000000000000000000000000000000000000000000000"
-      "0000000000000000000000000000000000000000000000000000000000000000000000"
-      "0000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000fe0a009f000100034d00201318b6de21d1cc072bc26bce479673f771e3e5a733"
-      "c4d410b9d05ad5a1cdb7760076ea70b30ed792666bcf92ede1efcfb4858f4ac6e8d585"
-      "31fc61b258a7296582104cb20c528cf41c25634a55b32c47241a33518d534f338991d9"
-      "9d0a49895945e482dbd2b494d417cd628f7ed19fc09924517a1572d8f489d2fcfaead0"
-      "a0117adab128b3d94c9c2de029ff3bb993648bb8e71a897f1cf6";
+      "010001fc0303d8717df80286fcd8b4242ed846995c6473e290678231046bb1bfc7848460"
+      "b122000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
+      "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
+      "00206f21d5fdf7bf81943939a03656c1195ad347cec453bf7a16d0773ffef481d22f002b"
+      "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
+      "020101001c00024001fe0d011900000100034d002027eb9b641ba8ffc3a4028d00d1f5bd"
+      "e190736b1ea5a79513dee0a551cc6fe55200efc2ed6bf501f100896eb91221ce512c20c3"
+      "c5c110e7be6a5d340854ff5ac0175312631b021fd5a5c9841549989f415c4041a4b384b1"
+      "dba1d6b4182cc48904f993a15eab6bf7787b267ca65acef51c019508e0c9b382086a71d8"
+      "517cf19644d66d396efc066a4d37916d67b0e5fe08d52dd94d068dd85b9a245aaffac4ff"
+      "66d9a5221fd5805473bb7584eb7f218357c00aff890d2f2edf1c092c648c888b5cba1ca6"
+      "26817fda7765fcedfbc418b90b1841d878ed443593cafb61fa8fb708c53977615b45f545"
+      "2a8236cab3ec121cdc91a2de6a79437cae9d09e781339fddcac005ce62fd65d50e33faa2"
+      "2366955a0374001500220000000000000000000000000000000000000000000000000000"
+      "0000000000000000";
   ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
                              SSL_ERROR_RX_MALFORMED_ECH_EXTENSION,
                              SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
-TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchOuterExtensionsOutOfOrder) {
+TEST_F(TlsConnectStreamTls13Ech, EchOuterExtensionsOutOfOrder) {
   // Construct this by altering tls13_ConstructInnerExtensionsFromOuter to leave
   // a gap at the start and insert a 'late' extension there.
   std::string ch =
-      "010002000303227a0224693498ab1f9bca756d27c553abcb0a67baad3c7b559ab32b88"
-      "418bbd000006130113031302010001d100000010000e00000b7075626c69632e6e616d"
-      "65ff01000100000a00140012001d001700180019010001010102010301040033002600"
-      "24001d0020df340fea8734b753cc7e85001b12f0f88dd9a4316ed43a950eda67e6b458"
-      "7b3e002b0003020304000d001800160403050306030203080408050806040105010601"
-      "0201002d00020101001c00024001001500aa0000000000000000000000000000000000"
-      "0000000000000000000000000000000000000000000000000000000000000000000000"
-      "0000000000000000000000000000000000000000000000000000000000000000000000"
-      "0000000000000000000000000000000000000000000000000000000000000000000000"
-      "0000000000000000000000000000000000000000000000000000000000000000000000"
-      "00000000000000000000000000fe0a0095000100034d0020ba5ca0878f38f6ddcb0aed"
-      "b34192fb01c57be80069d01c3a6d07a7c1858cf508006c9441018d2ec0e6f726a1c0df"
-      "6a1d6f41730c638c242ddb0fe62bd357ca27ad836feac022cbb971aaf871d5eecfa21d"
-      "a4f34df2ce19f8e80522c0a46b7cdacd6f696ffb3b02d23116817f0fba459aa04609cd"
-      "3521629ac1af3525cd766bed413d56e12a3efb96376abad3ae6c";
+      "010001fc0303fabff6caf4d8b1eb1db5945c96badefec4b33188b97121e6a206e82b74bd"
+      "a855000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
+      "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
+      "00208fe970fc0c908f0c51734f18467e640df1d45a6ace2948b5c4bf73ee52ab3160002b"
+      "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
+      "020101001c00024001fe0d00f900000100034d00203339239f8925c3f9b89f4ced17c3b3"
+      "1c649299d7e10b3cdbc115de2a57d90d2200cf006e62866516380e8a16763bee5b2a75a8"
+      "74e8698c459f474d0e952c2fd3300bef1decd6f259b8ac2912684ef69b7a7be2520fbf15"
+      "5e0c3f88998789976ca1fbcaa40616fc513e3353540db091da76ca98007532974550d3da"
+      "aaddb799baf60adbc5800df30e187251427fe9de707d18a270352ee44f6eb37f0d8c72a1"
+      "5f9ffb5dd4bbb6045473c8d99b7a5c2c8cc59027f346cbe6ef240d5cf1919f58a998d427"
+      "0f8c882d03d22ec4df4079e15a639452ea4c24023f6bcad89566ce6a32b1dad6ddf6b436"
+      "3e6759bd48bed1b30a840015004200000000000000000000000000000000000000000000"
+      "000000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000";
   ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
                              SSL_ERROR_RX_MALFORMED_ECH_EXTENSION,
                              SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
 // Drop supported_versions from CHInner, make sure we don't negotiate 1.2+ECH.
-TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchVersion12Inner) {
+TEST_F(TlsConnectStreamTls13Ech, EchVersion12Inner) {
   // Construct this by removing ssl_tls13_supported_versions_xtn entirely.
   std::string ch =
-      "010002000303baf30ea25e5056b659a4d55233922c4ee261a04e6d84c8200713edca2f55"
-      "d434000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff"
+      "010001fc030338e9ebcde2b87ef779c4d9a9b9870aef3978130b254fbf168a92644c97c1"
+      "c5cb000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
       "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
-      "002081908a3cf3ed9ebf6d6b1f7082d77bb3bf8ff309c3c1255421720c4172548762002b"
+      "002081b3ea444fd631f9264e01276bcc1a6771aed3b5a8a396446467d1c820e52b25002b"
       "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
-      "020101001c00024001001500b30000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
+      "020101001c00024001fe0d00f900000100034d00205864042b43f4d4d544558fbcba410f"
+      "ebfb78ddfc5528672a7f7d9e70abc3eb6300cf6ff3271da628139bddc4a58ee92db26170"
+      "7310dee54d88c8a96a8d998b8608d5f10260b7e201e5dc8cafa13917a3fdfdf399082959"
+      "8adf3c291decf640f696e64c4e22bafb81565587c50dd829ccad68bd00babeaba7d8a7a5"
+      "400ad3200dbae674c549953ca6d3298ed751a9bc215a33be444fe908bf1c6f374cc139f9"
+      "98339f58b8fd3510a670e4102e3f7de21586ebd70c3fb1df8bb6b9e5dbc0db147dbac6d0"
+      "72dfc6cdf17ecee5c019c311b37ef9f5ceabb7edbdf87a4a04041c4d8b512a16517c5380"
+      "e8d4f6e3b2412b4a6c030015004200000000000000000000000000000000000000000000"
       "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000000000fe0a008c000100034d0020305bc263a664387b90a6975b2a"
-      "3aa1e4358e80a8ca0841237035d2475628582d006352a2b49912a61543dfa045c1429582"
-      "540c8c7019968867fde698eb37667f9aa9c23d02757492a4580fb027bbe4ba7615eea118"
-      "ad3bf7f02a88f8372cfa01888e7be0c55616f846e902bbdfc7edf56994d6398f5a965d9e"
-      "c4b1bc7afc580b28b0ac91d8";
-  ReplayChWithMalformedInner(ch, kTlsAlertProtocolVersion,
+      "0000000000000000";
+  ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
                              SSL_ERROR_UNSUPPORTED_VERSION,
-                             SSL_ERROR_PROTOCOL_VERSION_ALERT);
+                             SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
 // Use CHInner supported_versions to negotiate 1.2.
-TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchVersion12InnerSupportedVersions) {
+TEST_F(TlsConnectStreamTls13Ech, EchVersion12InnerSupportedVersions) {
   // Construct this by changing ssl_tls13_supported_versions_xtn to write
   // TLS 1.2 instead of TLS 1.3.
   std::string ch =
-      "0100020003036c4a7f6f6b5479a5c1f769c7b04c082ba40b514522d193df855df8bea933"
-      "b565000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff"
+      "010001fc0303f7146bdc88c399feb49c62b796db2f8b1330e25292a889edf7c65231d0be"
+      "b95f000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
       "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
-      "0020ee721b8fe89260f8987d0d21b628db136c6155793fa63f4f546b244ee5357761002b"
+      "0020d31f8eb204efba49dbdbf40bb046b1e0b90fa3f034260d60f351d4b15e614e7f002b"
       "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
-      "020101001c00024001001500ac0000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
+      "020101001c00024001fe0d00f900000100034d0020eaa25e92721e65fd405577bf2fd322"
+      "857e60f8766a595929fc404c9a01ef441200cf04992c693fbc8eac87726b336a11abc411"
+      "541ceff50d533d4cf4d6e1078479acb5446675b652f22d6db04daf0c3640ec2429ba4f51"
+      "99c00daa43e9a7d85bd6733041feeca0b38ee6ca07042c7e67d40cd3e236499f3f9d92ab"
+      "e4642e483c75d77c247b0228bc773c09551d15845c35663afd1805c5b3adb136ffa6d94f"
+      "b7cbfe93d5d33c894b2a6437ad9a2278d5863ed20db652a6084c9e95a8dfaf821d0b474a"
+      "7efc2839f110edb4a73376ecab629b26b1eea63304899c49a07157fbbee67c786686cb04"
+      "a53666a74e1e003aefc70015004200000000000000000000000000000000000000000000"
       "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "0000000000fe0a0093000100034d00205de27fe39481bfb370ee8441f12e28296bc5c8fe"
-      "b6a6198ddc6ab03b2d024638006a9e9f57c3f39c0ad1c3427549a77f301d01d718e09da4"
-      "5497df178c95fd598bf0c9098d68dfba80a05eeeabc84dc0bb3225cee4a74688d520c632"
-      "73612f98be847dea4f040a8d9b2b92bb4a44273d0cafafbfe1ee4ed69448bc243b4359c6"
-      "e1eb3971e125fbfb016245fa";
+      "0000000000000000";
   ReplayChWithMalformedInner(ch, kTlsAlertProtocolVersion,
                              SSL_ERROR_UNSUPPORTED_VERSION,
                              SSL_ERROR_PROTOCOL_VERSION_ALERT);
 }
 
-// Replay a CH for which CHInner lacks the required ech_is_inner extension.
-TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchInnerMissing) {
-  // Construct by omitting ssl_tls13_ech_is_inner_xtn.
+// Replay a CH for which CHInner lacks the required ech xtn of inner type
+TEST_F(TlsConnectStreamTls13Ech, EchInnerMissing) {
+  // Construct by omitting the ech inner extension
   std::string ch =
-      "010002000303912d293136b843248ffeecdde6ef0d5bc5d0adb4d356b985c2fcec8fe2b0"
-      "8f5d000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff"
+      "010001fc0303fa9cd9cf5b77bb4083f69a1d169d44b356faea0d6a0aee6d50412de6fef7"
+      "8d22000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
       "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
-      "00209222e6b0c672fd1e564fbca5889155e9126e3b006a8ff77ff61898dd56a08429002b"
+      "0020c329f1dde4d51b50f68c21053b545290b250af527b2832d3acf2c6af9b8b8d5c002b"
       "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
-      "020101001c00024001001500b00000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
+      "020101001c00024001fe0d00f900000100034d00207e2a0397b7d2776ae468057d630243"
+      "b01388cf80680b074323adf4091aba7b4c00cff4b649fb5b3a0719c1e085c7006a95eaad"
+      "32375b717a42d009c075e6246342fdc1e847c528495f90378ff5b4912da5190f7e8bfa1c"
+      "c9744b50e9e469cd7cd12bcb5f6534b7d617459d2efa4d796ad244567c49f1d22feb08a5"
+      "8e8ebdce059c28883dd69ca401e189f3ef438c3f0bf3d377e6727a1f6abf3a8a8cc149ee"
+      "60a1aa5ba4a50e99d2519216762558e9613a238bd630b5822f549575d9402f8da066aaef"
+      "2e0e6a7a04583b041925e0ef4575107c4436f9af26e561c0ab733cd88bee6a20e6414128"
+      "ea0ba1c73612bb62c1e90015004200000000000000000000000000000000000000000000"
       "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000fe0a008f000100034d0020e1bc83c066a251621c4b055779789a2c"
-      "6ac4b9a3850366b2ea0d32a8e041181c0066a4e9cc6912b8bc6c1b54a2c6c40428ab01a3"
-      "0e4621ec65320df2beff846a606618429c108fdfe24a6fad5053f53fb36082bf7d80d6f4"
-      "73131a3d6c04e182595606070ac4e0be078ada56456c02d37a2fee7cb17accd273cbd810"
-      "30ee0dbe139e51ba1d2a471f";
+      "0000000000000000";
   ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
                              SSL_ERROR_MISSING_ECH_EXTENSION,
                              SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
-// Replay a CH for which CHInner contains both an ECH and ech_is_inner
-// extension.
-TEST_F(TlsConnectStreamTls13Ech, DISABLED_InnerWithEchAndEchIsInner) {
-  // Construct by appending an empty ssl_tls13_encrypted_client_hello_xtn to
-  // CHInner.
+TEST_F(TlsConnectStreamTls13Ech, EchInnerWrongSize) {
+  // Construct by including ech inner with wrong size
   std::string ch =
-      "010002000303b690bc4090ecfd7ad167de639b1d1ea7682588ffefae1164179d370f6cd3"
-      "0864000006130113031302010001d100000010000e00000b7075626c69632e6e616d65ff"
+      "010001fc03035f8410dab9e49b0833d13390f3fe0b3c6321d842961c9cc46b59a0b5b8e1"
+      "4e0b000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
       "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
-      "00200c3c15b0e9884d5f593634a168b70a62ae18c8d69a68f8e29c826fbabcd99b22002b"
+      "0020526a56087d685e574accb0e87d6781bc553612479e56460fe6a497fa1cd74e2e002b"
       "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
-      "020101001c00024001001500a80000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "000000000000000000000000000000000000000000000000000000000000000000000000"
+      "020101001c00024001fe0d00f900000100034d00200d096bf6ac0c3bcb79d70677da0e0d"
+      "249b40bc5ba6b8727654619fe6567d0b0700cfd13e136d2d041e3cd993b252386d97e98d"
+      "c972d29d28e0281a210fa56156b95e4371a6610a0b3e65f1b842875fb456de9b9c0e03f8"
+      "aa4d1055057ac3e20e5fa45b837ccbb06ef3856c71f1f63e91b60bfb5f3415f26e9a0d3c"
+      "4d404d5d5aaa6dca8d57cf2e6b4aaf399fa7271b0c1eedbfdd85fbc9711b0446eb9c9535"
+      "a74f3e5a71e2e22dc8d89980f96233ec9b80fbe4f295ff7903bade407fc544c8d76df4fb"
+      "ce4b8d79cea0ff7e0b0736ecbeaf5a146a4f81a930e788ae144cf2219e90dc3594165a7e"
+      "2a0b64f6189a87a348840015004200000000000000000000000000000000000000000000"
       "000000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000";
+  ReplayChWithMalformedInner(ch, kTlsAlertDecodeError,
+                             SSL_ERROR_RX_MALFORMED_ESNI_EXTENSION,
+                             SSL_ERROR_DECODE_ERROR_ALERT);
+}
+
+TEST_F(TlsConnectStreamTls13Ech, InnerWithEchAndEchIsInner) {
+  // Construct by appending an empty ssl_tls13_encrypted_client_hello_xtn of
+  // type outer to
+  // CHInner.
+  std::string ch =
+      "010001fc0303527df5a8dbcf390c184c5274295283fdba78d05784170d8f3cb8c7d84747"
+      "afb5000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
+      "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
+      "002099461dcfcdc7804a0f34bf3ca49ac39776a7ef4d8edd30fab3599ff59b09f826002b"
+      "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
+      "020101001c00024001fe0d00f900000100034d00201da1341e8ba21ff90e025d2438d4e5"
+      "b4e8b376befc57cf8c9afb484e6f051b2f00cff747491b810705e5cc8d8a1302468000d9"
+      "8660d659d8382a6fc23ca1a582def728eabb363771328035565048213b1d725b20f757be"
+      "63d6956cd861aa9d33adcc913de2443695f70e130af96fd2b078dd662478a29bd17a4479"
+      "715c949b5fc118456d0243c9d1819cecd0f5fbd1c78dadd6fcd09abe41ca97a00c97efb3"
+      "894c9d4bab60dcd150b55608f6260723a08e112e39e6a43f645f85a08085054f27f269bc"
+      "1acb9ff5007b04eaef3414767666472e4e24c2a2953f5dc68aeb5207d556f1b872a810b6"
+      "686cf83a09db8b474df70015004200000000000000000000000000000000000000000000"
       "000000000000000000000000000000000000000000000000000000000000000000000000"
-      "00fe0a0097000100034d0020d46cc9042eff6efee046a5ff653d1b6a60cfd5786afef5ce"
-      "43300bc515ef5f09006ea6bf626854596df74b2d8f81a479a6d2fef13295a81e0571008a"
-      "12fc92f82170fdb899cd22ebadc33a3147c2801619f7621ffe8684c96918443e3fbe9b17"
-      "34fbf678ba0b2abad7ab6b018bccc1034b9537a5d399fdb9a5ccb92360bde4a94a2f2509"
-      "0e7313dd9254eae3603e1fee";
+      "0000000000000000";
   ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
-                             SSL_ERROR_RX_MALFORMED_CLIENT_HELLO,
+                             SSL_ERROR_RX_UNEXPECTED_EXTENSION,
                              SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
@@ -918,62 +977,71 @@ TEST_F(TlsConnectStreamTls13Ech, EchChPaddingChecked) {
   // tls13_GenPaddingClientHelloInner
   std::string ch =
       "010001fc03037473367a6eb6773391081b403908fc0c0026aac706889c59ca694d0c1188"
-      "c4b30000"
-      "06130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff01000100"
-      "000a0014"
-      "0012001d00170018001901000101010201030104003300260024001d0020f7d8ad5fea01"
-      "65e115e9"
-      "84e11c43f1d8f255bd8f772b893432d8d7721e91785a002b0003020304000d0018001604"
-      "03050306"
-      "0302030804080508060401050106010201002d00020101001c00024001fe0d00f9000001"
-      "00034d00"
-      "207e0ad8e83f8a9c89e1ae4fd65b809101e496bbb5f29ce20b299ce58937e2563300cff4"
-      "71a78758"
-      "5e15ae5aff5e4fee7ec988ba72f8a95db41e793568b0301d553251f0826dc0c3ff658e4e"
-      "029ef840"
-      "ae86fa80af4b11b53a33fab99887bf8df18bc87abbb1f578f7964848d91a2023cbe7609f"
-      "cc31bd72"
-      "1865009cad68c09e438d677f7c56af76e62c168bdb373bb88962471dacc4ddf654e435cd"
-      "903f6555"
+      "c4b3000006130113031302010001cd00000010000e00000b7075626c69632e6e616d65ff"
+      "01000100000a00140012001d00170018001901000101010201030104003300260024001d"
+      "0020f7d8ad5fea0165e115e984e11c43f1d8f255bd8f772b893432d8d7721e91785a002b"
+      "0003020304000d0018001604030503060302030804080508060401050106010201002d00"
+      "020101001c00024001fe0d00f900000100034d00207e0ad8e83f8a9c89e1ae4fd65b8091"
+      "01e496bbb5f29ce20b299ce58937e2563300cff471a787585e15ae5aff5e4fee7ec988ba"
+      "72f8a95db41e793568b0301d553251f0826dc0c3ff658e4e029ef840ae86fa80af4b11b5"
+      "3a33fab99887bf8df18bc87abbb1f578f7964848d91a2023cbe7609fcc31bd721865009c"
+      "ad68c09e438d677f7c56af76e62c168bdb373bb88962471dacc4ddf654e435cd903f6555"
       "4c9a93ffd2541cd7bce520e7215d15495184b781ca8c138cedd573fbdef1d40e5de82c33"
-      "5c9c4337"
-      "0102ecb0b66dd27efc719a9a54589b6e6b599b1b0146e121eae0ab5b2070c12f4f4f2b09"
-      "9808294a"
-      "459f00150042000000000000000000000000000000000000000000000000000000000000"
-      "00000000"
-      "0000000000000000000000000000000000000000000000000000000000000000";
+      "5c9c43370102ecb0b66dd27efc719a9a54589b6e6b599b1b0146e121eae0ab5b2070c12f"
+      "4f4f2b099808294a459f0015004200000000000000000000000000000000000000000000"
+      "000000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000";
   ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
                              SSL_ERROR_RX_MALFORMED_ECH_EXTENSION,
                              SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
-// Apply two ECHConfigs on the server. They are identical with the exception
-// of the public key: the first ECHConfig contains a public key for which we
-// lack the private value. Use an SSLInt function to zero all the config_ids
-// (client and server), then confirm that trial decryption works.
-TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchConfigsTrialDecrypt) {
+TEST_F(TlsConnectStreamTls13Ech, EchConfigList) {
   ScopedSECKEYPublicKey pub;
   ScopedSECKEYPrivateKey priv;
   EnsureTlsSetup();
-  ImportFixedEchKeypair(pub, priv);
 
-  const std::string two_configs_str =
-      "0080FE0A003C000020002011111111111111111111111111111111111111111111111111"
-      "111111111111110004000100010064000B7075626C69632E6E616D650000FE0A003C0000"
-      "2000208756E2580C07C1D2FFCB662F5FADC6D6FF13DA85ABD7ADFECF984AAA102C126900"
-      "04000100010064000B7075626C69632E6E616D650000";
-  const std::string second_config_str =
-      "0040FE0A003C00002000208756E2580C07C1D2FFCB662F5FADC6D6FF13DA85ABD7ADFECF"
-      "984AAA102C12690004000100010064000B7075626C69632E6E616D650000";
-  std::vector<uint8_t> two_configs = hex_string_to_bytes(two_configs_str);
-  std::vector<uint8_t> second_config = hex_string_to_bytes(second_config_str);
+  DataBuffer config1;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kSuiteAes,
+                                        kPublicName, 100, config1, pub, priv);
+  DataBuffer config2;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kSuiteAes,
+                                        kPublicName, 100, config2, pub, priv);
+  DataBuffer configList = MakeEchConfigList(config1, config2);
+  SECStatus rv =
+      SSL_SetServerEchConfigs(server_->ssl_fd(), pub.get(), priv.get(),
+                              configList.data(), configList.len());
+  printf("%u", rv);
+  ASSERT_EQ(rv, SECSuccess);
+}
+
+TEST_F(TlsConnectStreamTls13Ech, EchConfigsTrialDecrypt) {
+  // Apply two ECHConfigs on the server. They are identical with the exception
+  // of the public key: the first ECHConfig contains a public key for which we
+  // lack the private value. Use an SSLInt function to zero all the config_ids
+  // (client and server), then confirm that trial decryption works.
+  ScopedSECKEYPublicKey pub;
+  ScopedSECKEYPrivateKey priv;
+  EnsureTlsSetup();
+  ImportFixedEchKeypair(pub, priv);
+  ScopedSECKEYPublicKey pub2;
+  ScopedSECKEYPrivateKey priv2;
+  DataBuffer config2;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kSuiteAes,
+                                        kPublicName, 100, config2, pub, priv);
+  DataBuffer config1;
+  TlsConnectTestBase::GenerateEchConfig(HpkeDhKemX25519Sha256, kSuiteAes,
+                                        kPublicName, 100, config1, pub2, priv2);
+  // Zero the config id for both, only public key differs.
+  config2.Write(7, (uint32_t)0, 1);
+  config1.Write(7, (uint32_t)0, 1);
+  // Server only knows private key for conf2
+  DataBuffer configList = MakeEchConfigList(config1, config2);
   ASSERT_EQ(SECSuccess,
             SSL_SetServerEchConfigs(server_->ssl_fd(), pub.get(), priv.get(),
-                                    two_configs.data(), two_configs.size()));
-  ASSERT_EQ(SECSuccess,
-            SSL_SetClientEchConfigs(client_->ssl_fd(), second_config.data(),
-                                    second_config.size()));
-
+                                    configList.data(), configList.len()));
+  ASSERT_EQ(SECSuccess, SSL_SetClientEchConfigs(client_->ssl_fd(),
+                                                config2.data(), config2.len()));
   client_->ExpectEch();
   server_->ExpectEch();
   Connect();
@@ -982,12 +1050,8 @@ TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchConfigsTrialDecrypt) {
 TEST_F(TlsConnectStreamTls13Ech, EchAcceptBasic) {
   EnsureTlsSetup();
   SetupEch(client_, server_);
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
-
   auto c_filter_sni =
       MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn);
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
-
   Connect();
   ASSERT_TRUE(c_filter_sni->captured());
   CheckSniExtension(c_filter_sni->extension(), kPublicName);
@@ -996,7 +1060,6 @@ TEST_F(TlsConnectStreamTls13Ech, EchAcceptBasic) {
 TEST_F(TlsConnectStreamTls13, EchAcceptWithResume) {
   EnsureTlsSetup();
   SetupEch(client_, server_);
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   Connect();
   SendReceive();  // Need to read so that we absorb the session ticket.
@@ -1019,7 +1082,6 @@ TEST_F(TlsConnectStreamTls13, EchAcceptWithExternalPsk) {
   static const std::string kPskId = "testing123";
   EnsureTlsSetup();
   SetupEch(client_, server_);
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
 
   ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
   ASSERT_TRUE(!!slot);
@@ -1107,7 +1169,6 @@ TEST_F(TlsConnectStreamTls13, EchAcceptWithHrr) {
                                     echconfig.len()));
   client_->ExpectEch();
   server_->ExpectEch();
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
 
   size_t cb_called = 0;
   EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(
@@ -1126,7 +1187,6 @@ TEST_F(TlsConnectStreamTls13, EchAcceptWithHrr) {
                                     echconfig.data(), echconfig.len()));
   client_->ExpectEch();
   server_->ExpectEch();
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
   Handshake();
   ASSERT_TRUE(server_hrr_ech_xtn->captured());
   EXPECT_EQ(1U, cb_called);
@@ -1424,8 +1484,9 @@ TEST_F(TlsConnectStreamTls13Ech, EchClientRejectSpuriousHrrXtn) {
   size_t cb_called = 0;
   EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(
                             server_->ssl_fd(), RetryEchHello, &cb_called));
-  DataBuffer buff = DataBuffer(client_ech_xtn_capture->extension().data(),
-                               client_ech_xtn_capture->extension().len());
+
+  // Inject CH ECH Xtn into CH.
+  DataBuffer buff = DataBuffer(client_ech_xtn_capture->extension());
   auto client_ech_xtn = MakeTlsFilter<TlsExtensionAppender>(
       client_, kTlsHandshakeClientHello, ssl_tls13_encrypted_client_hello_xtn,
       buff);
@@ -1613,7 +1674,6 @@ TEST_F(TlsConnectStreamTls13Ech, EchRejectWithHrr) {
   size_t cb_called = 0;
   EXPECT_EQ(SECSuccess, SSL_HelloRetryRequestCallback(
                             server_->ssl_fd(), RetryEchHello, &cb_called));
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
   EXPECT_EQ(SECSuccess, SSL_EnableTls13GreaseEch(server_->ssl_fd(), PR_TRUE));
   auto server_hrr_ech_xtn = MakeTlsFilter<TlsExtensionCapture>(
       server_, ssl_tls13_encrypted_client_hello_xtn);
@@ -1636,8 +1696,7 @@ TEST_F(TlsConnectStreamTls13Ech, EchRejectWithHrr) {
 }
 
 // Server can't change its mind on ECH after HRR. We change the confirmation
-// value
-// and the server panics accordingly.
+// value and the server panics accordingly.
 TEST_F(TlsConnectStreamTls13Ech, EchHrrServerYN) {
   ScopedSECKEYPublicKey pub;
   ScopedSECKEYPrivateKey priv;
@@ -1703,7 +1762,6 @@ TEST_F(TlsConnectStreamTls13Ech, EchHrrServerGreaseChanges) {
   client_->Handshake();
   server_->Handshake();
   ASSERT_TRUE(server_hrr_ech_xtn_1->captured());
-  server_->Handshake();
   EXPECT_EQ(1U, cb_called);
 
   /* Run the connection again */
@@ -1859,7 +1917,6 @@ TEST_F(TlsConnectStreamTls13, EchZeroRttRejectSecond) {
 
   // Setup ECH only on the client.
   SetupEch(client_, server_, HpkeDhKemX25519Sha256, false, true, false);
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
 
   ExpectResumption(RESUME_NONE);
   ExpectAlert(client_, kTlsAlertEchRequired);
@@ -1944,7 +2001,6 @@ TEST_F(TlsConnectStreamTls13, EchRejectUnknownCriticalExtension) {
 TEST_F(TlsConnectStreamTls13, EchRejectAuthCertSuccessNoRetries) {
   EnsureTlsSetup();
   SetupEch(client_, server_, HpkeDhKemX25519Sha256, false, true, false);
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
   ExpectAlert(client_, kTlsAlertEchRequired);
   ConnectExpectFailOneSide(TlsAgent::CLIENT);
   client_->CheckErrorCode(SSL_ERROR_ECH_RETRY_WITHOUT_ECH);
@@ -1959,7 +2015,6 @@ TEST_F(TlsConnectStreamTls13, EchRejectAuthCertSuccessNoRetries) {
 TEST_F(TlsConnectStreamTls13, EchRejectSuppressClientCert) {
   EnsureTlsSetup();
   SetupEch(client_, server_, HpkeDhKemX25519Sha256, false, true, false);
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
   auto cert_capture =
@@ -2007,7 +2062,6 @@ TEST_F(TlsConnectStreamTls13, EchRejectAuthCertSuccessIncompatibleRetries) {
                                                        &server_rec.data()[2],
                                                        server_rec.len() - 2));
 
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
   ExpectAlert(client_, kTlsAlertEchRequired);
   ConnectExpectFailOneSide(TlsAgent::CLIENT);
   client_->CheckErrorCode(SSL_ERROR_ECH_RETRY_WITHOUT_ECH);
@@ -2120,7 +2174,6 @@ TEST_F(TlsConnectStreamTls13Ech, EchMismatchHpkeCiphersRetry) {
             SSL_SetClientEchConfigs(client_->ssl_fd(), client_rec.data(),
                                     client_rec.len()));
 
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
   ExpectAlert(client_, kTlsAlertEchRequired);
   ConnectExpectFailOneSide(TlsAgent::CLIENT);
   client_->CheckErrorCode(SSL_ERROR_ECH_RETRY_WITH_ECH);
@@ -2152,7 +2205,6 @@ TEST_F(TlsConnectStreamTls13Ech, EchMismatchKeysRetry) {
             SSL_SetClientEchConfigs(client_->ssl_fd(), client_rec.data(),
                                     client_rec.len()));
 
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
   client_->ExpectSendAlert(kTlsAlertEchRequired);
   ConnectExpectFailOneSide(TlsAgent::CLIENT);
   client_->CheckErrorCode(SSL_ERROR_ECH_RETRY_WITH_ECH);
@@ -2239,7 +2291,6 @@ TEST_F(TlsConnectStreamTls13, EchBadCiphertext) {
 TEST_F(TlsConnectStreamTls13, EchOuterBinding) {
   EnsureTlsSetup();
   SetupEch(client_, server_);
-  client_->SetAuthCertificateCallback(AuthCompleteSuccess);
   client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
                            SSL_LIBRARY_VERSION_TLS_1_3);
 
@@ -2252,6 +2303,22 @@ TEST_F(TlsConnectStreamTls13, EchOuterBinding) {
   ConnectExpectFail();
 }
 
+// Altering the CH after the Ech Xtn should also cause a failure.
+TEST_F(TlsConnectStreamTls13, EchOuterBindingAfterXtn) {
+  EnsureTlsSetup();
+  SetupEch(client_, server_);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+
+  static const uint8_t supported_vers_13[] = {0x02, 0x03, 0x04};
+  DataBuffer buf(supported_vers_13, sizeof(supported_vers_13));
+  MakeTlsFilter<TlsExtensionAppender>(client_, kTlsHandshakeClientHello, 5044,
+                                      buf);
+  client_->ExpectSendAlert(kTlsAlertBadRecordMac);
+  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
+  ConnectExpectFail();
+}
+
 // Test a bad (unknown) ECHCipherSuite.
 // Expect negotiation on outer, which fails due to the tampered transcript.
 TEST_F(TlsConnectStreamTls13, EchBadCiphersuite) {
author	Dennis Jackson <djackson@mozilla.com>	2021-12-17 13:21:31 +0000
committer	Dennis Jackson <djackson@mozilla.com>	2021-12-17 13:21:31 +0000
commit	f3b237c055e5eafa680d70ad3c379885a3cec2be (patch)
tree	db03bac5998d2d8af74142c3ed24e7bcad3eecf3 /gtests/ssl_gtest
parent	25d51dbcdfc6760321897cf98eca631b74aff93e (diff)
download	nss-hg-f3b237c055e5eafa680d70ad3c379885a3cec2be.tar.gz