-
-
Notifications
You must be signed in to change notification settings - Fork 405
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add test for post-quantum key exchange #2020
base: main
Are you sure you want to change the base?
Add test for post-quantum key exchange #2020
Conversation
a6cc784
to
efb41ef
Compare
#2027 gets this test passing. |
efb41ef
to
140d753
Compare
I've rebased and split into 2 tests, one for the |
d8de272
to
9bda11a
Compare
The freebsd job seems to failed because |
Why does this PR change the build requirements? Can you change the job to install |
68e16a2
to
cb5aec9
Compare
That's because I used a "private" feature hack to work around this, like they do, for instance, in the |
cb5aec9
to
0bbb08a
Compare
0bbb08a
to
10e49bd
Compare
I've discovered a new corner case with RUST_LOG=trace cargo t --test post_quantum -F __rustls-post-quantum-test -- --show-output Edit: Note that the MTU of the loopback must me changed locally to make this work (that's explain why the test pass in the CI) sudo ifconfig lo mtu 1460 |
10e49bd
to
b35549f
Compare
Fixed the new case in #2046. |
b35549f
to
254defe
Compare
Thanks again for the fixes, I can confirm it works also on my computer |
702ae6b
to
1e7e50c
Compare
Thanks! |
1e7e50c
to
35b463c
Compare
@Ralith ping? |
This PR adds a test for post-quantum key exchange. For now the test is failing to demonstrate the presence of a bug (https://github.com/quinn-rs/quinn/actions/runs/11549717021/job/32143264498?pr=2020). I will then propose a fix.
Note that I added a commit that exposed the key exchange group, like this was done for cipher in #2001
With post-quantum, the
key_share
extension of the TLS client hello gets really big (1222 bytes) so the client hello gets fragmented into 2 separated CRYPTO frames, each one into its own QUIC packet. A padding frame is added to the second packet and all packets are inside the same UDP datagram thanks to GSO.When the QUIC server endpoint tries to respond, it panics, giving this backtrace:
Backtrace