ch cb self-talk test

tests/unit/s2n_client_hello_get_supported_groups_test.c

@@ -13,6 +13,7 @@
 * permissions and limitations under the License.
 */
 
+#include "pq-crypto/s2n_pq.h"
 #include "s2n_test.h"
 #include "testlib/s2n_testlib.h"
 #include "tls/extensions/s2n_client_supported_groups.h"
@@ -29,11 +30,12 @@
 #define TEST_SUPPORTED_GROUPS_EXTENSION_SIZE (2 + TEST_SUPPORTED_GROUPS_LIST_SIZE)
 
 struct s2n_client_hello_context {
+    const struct s2n_kem_preferences *kem_preferences;
     const struct s2n_ecc_preferences *ecc_preferences;
     int invoked_count;
 };
 
-int s2n_client_hello_check_received_supported_groups(struct s2n_connection *conn, void *ctx)
+int s2n_check_received_supported_groups_cb(struct s2n_connection *conn, void *ctx)
 {
     EXPECT_NOT_NULL(ctx);
 
@@ -47,13 +49,24 @@ int s2n_client_hello_check_received_supported_groups(struct s2n_connection *conn
     uint16_t supported_groups_count = 0;
     EXPECT_SUCCESS(s2n_client_hello_get_supported_groups(client_hello, supported_groups,
             &supported_groups_count, s2n_array_len(supported_groups)));
-
     EXPECT_TRUE(supported_groups_count > 0);
-    EXPECT_EQUAL(supported_groups_count, context->ecc_preferences->count);
 
-    for (size_t i = 0; i < supported_groups_count; i++) {
+    uint16_t expected_groups_count = context->ecc_preferences->count;
+    if (s2n_connection_get_protocol_version(conn) >= S2N_TLS13 && s2n_pq_is_enabled()) {
+        expected_groups_count += context->kem_preferences->tls13_kem_group_count;
+    }
+    EXPECT_EQUAL(supported_groups_count, expected_groups_count);
+
+    size_t offset = 0;
+    for (size_t i = 0; i < context->kem_preferences->tls13_kem_group_count; i++) {
+        const struct s2n_kem_group *group = context->kem_preferences->tls13_kem_groups[i];
+        EXPECT_EQUAL(supported_groups[i], group->iana_id);
+        offset += 1;
+    }
+
+    for (size_t i = 0; i < context->ecc_preferences->count; i++) {
         const struct s2n_ecc_named_curve *curve = context->ecc_preferences->ecc_curves[i];
-        EXPECT_EQUAL(supported_groups[i], curve->iana_id);
+        EXPECT_EQUAL(supported_groups[offset + i], curve->iana_id);
     }
 
     return S2N_SUCCESS;
@@ -320,14 +333,22 @@ int main(int argc, char **argv)
      * This test also ensures that s2n_client_hello_get_supported_groups is usable from within the
      * client hello callback.
      */
-    char *security_policies[] = {"20170210", "20190801", "20210816", "test_all"};
+    char *security_policies[] = {"20170210", "20190801", "20210816", "PQ-TLS-1-3-2023-06-01", "test_all"};
     for (size_t i = 0; i < s2n_array_len(security_policies); i++) {
         DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free);
         EXPECT_NOT_NULL(config);
         EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, chain_and_key));
         EXPECT_SUCCESS(s2n_config_set_verification_ca_location(config, S2N_DEFAULT_TEST_CERT_CHAIN, NULL));
         EXPECT_SUCCESS(s2n_config_set_cipher_preferences(config, security_policies[i]));
 
+        struct s2n_client_hello_context context = {
+            .kem_preferences = config->security_policy->kem_preferences,
+            .ecc_preferences = config->security_policy->ecc_preferences,
+            .invoked_count = 0,
+        };
+        EXPECT_SUCCESS(s2n_config_set_client_hello_cb(config, s2n_check_received_supported_groups_cb,
+                &context));
+
         DEFER_CLEANUP(struct s2n_connection *server_conn = s2n_connection_new(S2N_SERVER), s2n_connection_ptr_free);
         EXPECT_NOT_NULL(server_conn);
         EXPECT_SUCCESS(s2n_connection_set_config(server_conn, config));
@@ -344,6 +365,8 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_connection_set_io_pair(server_conn, &io_pair));
 
         EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server_conn, client_conn));
+
+        EXPECT_EQUAL(context.invoked_count, 1);
     }
 
     END_TEST();