From 603e3e63901aff21959a4e046f2c573d3643f3be Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Mon, 3 Jun 2024 08:24:18 -0700
Subject: [PATCH] quic: disable X25519Kyber768Draft00 in tests

Enabling this bloats the TLS handshake so flights no longer
fit in a single datagram. Disable it in tests. Add a test
using the crypto/tls defaults, to ensure we do handshake
properly with them.

Fixes golang/go#67783

Change-Id: I521188e7b5a313e9289e726935e5b26994090b4a
Reviewed-on: https://go-review.googlesource.com/c/net/+/589855
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
 quic/endpoint_test.go  |  6 ++++++
 quic/tlsconfig_test.go | 19 +++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/quic/endpoint_test.go b/quic/endpoint_test.go
index d5f436e6d..3cba1423e 100644
--- a/quic/endpoint_test.go
+++ b/quic/endpoint_test.go
@@ -23,6 +23,12 @@ func TestConnect(t *testing.T) {
 	newLocalConnPair(t, &Config{}, &Config{})
 }
 
+func TestConnectDefaultTLSConfig(t *testing.T) {
+	serverConfig := newTestTLSConfigWithMoreDefaults(serverSide)
+	clientConfig := newTestTLSConfigWithMoreDefaults(clientSide)
+	newLocalConnPair(t, &Config{TLSConfig: serverConfig}, &Config{TLSConfig: clientConfig})
+}
+
 func TestStreamTransfer(t *testing.T) {
 	ctx := context.Background()
 	cli, srv := newLocalConnPair(t, &Config{}, &Config{})
diff --git a/quic/tlsconfig_test.go b/quic/tlsconfig_test.go
index 47bfb0598..5ed9818d5 100644
--- a/quic/tlsconfig_test.go
+++ b/quic/tlsconfig_test.go
@@ -20,6 +20,13 @@ func newTestTLSConfig(side connSide) *tls.Config {
 			tls.TLS_CHACHA20_POLY1305_SHA256,
 		},
 		MinVersion: tls.VersionTLS13,
+		// Default key exchange mechanisms as of Go 1.23 minus X25519Kyber768Draft00,
+		// which bloats the client hello enough to spill into a second datagram.
+		// Tests were written with the assuption each flight in the handshake
+		// fits in one datagram, and it's simpler to keep that property.
+		CurvePreferences: []tls.CurveID{
+			tls.X25519, tls.CurveP256, tls.CurveP384, tls.CurveP521,
+		},
 	}
 	if side == serverSide {
 		config.Certificates = []tls.Certificate{testCert}
@@ -27,6 +34,18 @@ func newTestTLSConfig(side connSide) *tls.Config {
 	return config
 }
 
+// newTestTLSConfigWithMoreDefaults returns a *tls.Config for testing
+// which behaves more like a default, empty config.
+//
+// In particular, it uses the default curve preferences, which can increase
+// the size of the handshake.
+func newTestTLSConfigWithMoreDefaults(side connSide) *tls.Config {
+	config := newTestTLSConfig(side)
+	config.CipherSuites = nil
+	config.CurvePreferences = nil
+	return config
+}
+
 var testCert = func() tls.Certificate {
 	cert, err := tls.X509KeyPair(localhostCert, localhostKey)
 	if err != nil {