internal/quic/cmd/interop: test ChaCha20 on server

The QUIC interop test suite confirms support for ChaCha20. Go's TLS
implementation doesn't allow configuring ciphersuites for TLS 1.3, so we
cannot force the client hello to offer only ChaCha20 as the test
requires.

When acting as a server, we still cannot control which ciphersuites we
offer, but we can make the binary choice of whether we respond to the
client hello (which includes its offer of ciphersuites).

Use that to implement the server side of the ChaCha20 interop test. This
tells a more complete story of our level of ChaCha20 support: it works
when negotiated.

Fixes golang/go#75912

Change-Id: I1d8d08e4f4b8eb89bf11e9e4ae1aaa5c0709a530
Reviewed-on: https://go-review.googlesource.com/c/net/+/712120
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Damien Neil <dneil@google.com>

internal/quic/cmd/interop/main.go

@@ -84,7 +84,17 @@ func main() {
 		// "[...] offer only ChaCha20 as a ciphersuite."
 		//
 		// crypto/tls does not support configuring TLS 1.3 ciphersuites,
-		// so we can't support this test.
+		// so we can't support this test on the client.
+		if *listen != "" && len(urls) == 0 {
+			config.TLSConfig.GetConfigForClient = func(hello *tls.ClientHelloInfo) (*tls.Config, error) {
+				if len(hello.CipherSuites) == 1 && hello.CipherSuites[0] == tls.TLS_CHACHA20_POLY1305_SHA256 {
+					return nil, nil
+				}
+				return nil, fmt.Errorf("this test requires the client to offer only ChaCha20")
+			}
+			basicTest(ctx, config, urls)
+			return
+		}
 	case "transfer":
 		// "The client should use small initial flow control windows
 		// for both stream- and connection-level flow control