diff options
-rw-r--r-- | tests/tls13-server-kx-neg.c | 72 |
1 files changed, 71 insertions, 1 deletions
diff --git a/tests/tls13-server-kx-neg.c b/tests/tls13-server-kx-neg.c index 1b52fb56a1..0c8a20979c 100644 --- a/tests/tls13-server-kx-neg.c +++ b/tests/tls13-server-kx-neg.c @@ -223,7 +223,77 @@ test_case_st tests[] = { .server_prio = "NORMAL:-KX-ALL:+SRP:"PVERSION, .client_prio = "NORMAL:-KX-ALL:+SRP:"PVERSION, .exp_version = GNUTLS_TLS1_2, - } + }, +#ifdef ENABLE_GOST + { + .name = "TLS 1.3 server, TLS 1.2 client VKO-GOST-12 with cred and GOST-256 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_256_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:" "-VERS-ALL:+VERS-TLS1.2", + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 server, TLS 1.2 client VKO-GOST-12 with cred and GOST-512 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_512_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:" "-VERS-ALL:+VERS-TLS1.2", + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.2 server TLS 1.3 client VKO-GOST-12 with cred and GOST-256 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_256_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:" "-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.2 server TLS 1.3 client with cred and GOST-512 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_512_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:" "-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + /* Ideally for the next two test cases we should fallback to TLS 1.2 + GOST + * but this is unsuppored for now */ + { + .name = "TLS 1.3 server and client VKO-GOST-12 with cred and GOST-256 cert", + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = GNUTLS_E_AGAIN, + .have_cert_cred = 1, + .have_gost12_256_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 server and client VKO-GOST-12 with cred and GOST-512 cert", + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = GNUTLS_E_AGAIN, + .have_cert_cred = 1, + .have_gost12_512_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, +#endif }; void doit(void) |