diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2020-01-08 22:03:44 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2020-01-09 21:40:00 +0300 |
commit | 6d8dd070c5a5eb5f9e4c0d798a1b51eb906e06a9 (patch) | |
tree | 9fa0dc46adecb5bb561f52c269722ef90324f09e /tests | |
parent | 615cae541ad592045e85e4b30b5bf35a48bf662b (diff) | |
download | gnutls-6d8dd070c5a5eb5f9e4c0d798a1b51eb906e06a9.tar.gz |
priority: add more GOST shortcuts
Add shortcuts for GOST ciphers, MACs and KXes. For now they contain only
one item, but this list will be expanded as support for GOST-CTR-ACPKM
ciphersuites will be added.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/tls12-cert-key-exchange.c | 6 | ||||
-rw-r--r-- | tests/tls12-server-kx-neg.c | 32 | ||||
-rw-r--r-- | tests/tls13-server-kx-neg.c | 24 |
3 files changed, 31 insertions, 31 deletions
diff --git a/tests/tls12-cert-key-exchange.c b/tests/tls12-cert-key-exchange.c index 1271bb3501..862fe85894 100644 --- a/tests/tls12-cert-key-exchange.c +++ b/tests/tls12-cert-key-exchange.c @@ -155,10 +155,10 @@ void doit(void) server_priority = "NORMAL:+CTYPE-ALL" ":+VKO-GOST-12" ":+GROUP-GOST-ALL" - ":+GOST28147-TC26Z-CNT" - ":+GOST28147-TC26Z-IMIT" + ":+CIPHER-GOST-ALL" + ":+MAC-GOST-ALL" ":+SIGN-GOST-ALL"; - const char *gost_client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL"; + const char *gost_client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL"; try_with_key("TLS 1.2 with gost12 256 no-cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_UNKNOWN, &server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); try_with_key("TLS 1.2 with gost12 256 ask cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_UNKNOWN, diff --git a/tests/tls12-server-kx-neg.c b/tests/tls12-server-kx-neg.c index 4ae49b226c..e3a2de363a 100644 --- a/tests/tls12-server-kx-neg.c +++ b/tests/tls12-server-kx-neg.c @@ -469,8 +469,8 @@ test_case_st tests[] = { .client_ret = GNUTLS_E_AGAIN, .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" }, { .name = "TLS 1.2 VKO-GOST-12 with cred but no cert", @@ -478,8 +478,8 @@ test_case_st tests[] = { .server_ret = GNUTLS_E_NO_CIPHER_SUITES, .have_cert_cred = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" }, { .name = "TLS 1.2 VKO-GOST-12 with cred but no GOST cert", @@ -489,8 +489,8 @@ test_case_st tests[] = { .have_rsa_sign_cert = 1, .have_rsa_decrypt_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" }, { .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-256 cert", @@ -499,8 +499,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_256_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" }, { .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-512 cert", @@ -509,8 +509,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_512_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" }, { .name = "TLS 1.2 VKO-GOST-12 with cred and multiple certs", @@ -523,8 +523,8 @@ test_case_st tests[] = { .have_gost12_256_cert = 1, .have_gost12_512_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" }, { .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-256 cert client lacking signature algs (like SChannel)", @@ -533,8 +533,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_256_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+VERS-TLS1.2:+SIGN-RSA-SHA256" + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+VERS-TLS1.2:+SIGN-RSA-SHA256" }, { .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-512 cert client lacking signature algs (like SChannel)", @@ -543,8 +543,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_512_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+VERS-TLS1.2:+SIGN-RSA-SHA256" + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+VERS-TLS1.2:+SIGN-RSA-SHA256" }, #endif }; diff --git a/tests/tls13-server-kx-neg.c b/tests/tls13-server-kx-neg.c index 91651a80a0..a4cca3faaf 100644 --- a/tests/tls13-server-kx-neg.c +++ b/tests/tls13-server-kx-neg.c @@ -232,8 +232,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_256_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION, - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", .exp_version = GNUTLS_TLS1_2, }, { @@ -243,8 +243,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_512_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION, - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", .exp_version = GNUTLS_TLS1_2, }, { @@ -254,8 +254,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_256_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, .exp_version = GNUTLS_TLS1_2, }, { @@ -265,8 +265,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_512_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, .exp_version = GNUTLS_TLS1_2, }, /* Ideally for the next two test cases we should fallback to TLS 1.2 + GOST @@ -278,8 +278,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_256_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION, - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, .exp_version = GNUTLS_TLS1_2, }, { @@ -289,8 +289,8 @@ test_case_st tests[] = { .have_cert_cred = 1, .have_gost12_512_cert = 1, .not_on_fips = 1, - .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION, - .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOST-ALL:"PVERSION, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, .exp_version = GNUTLS_TLS1_2, }, #endif |