diff options
| author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2017-09-23 21:37:38 +0300 |
|---|---|---|
| committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-12-18 23:42:47 +0300 |
| commit | a4b37828ebcc0c84b35b4efe5bea712769203818 (patch) | |
| tree | bedcf4b62023baeeff2ef87baa2b1f4abd5b6c5f /tests | |
| parent | 502d555bbc2ac85a9d3120515d08bb411097b4de (diff) | |
| download | gnutls-a4b37828ebcc0c84b35b4efe5bea712769203818.tar.gz | |
tests: add tests for KX-GOST-VKO using different key variants
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/tls12-cert-key-exchange.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/tests/tls12-cert-key-exchange.c b/tests/tls12-cert-key-exchange.c index d8563c0943..1b3d77fbf1 100644 --- a/tests/tls12-cert-key-exchange.c +++ b/tests/tls12-cert-key-exchange.c @@ -150,5 +150,32 @@ void doit(void) GNUTLS_E_AGAIN, GNUTLS_E_KEY_USAGE_VIOLATION, &rawpk_public_key2, &rawpk_private_key2, 0, &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT); +#ifdef ENABLE_GOST + if (!gnutls_fips140_mode_enabled()) { + server_priority = "NORMAL:+CTYPE-ALL" + ":+VKO-GOST-12" + ":+GROUP-GOST-ALL" + ":+GOST28147-TC26Z-CNT" + ":+GOST28147-TC26Z-IMIT" + ":+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001"; + const char *gost_client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001"; + try_with_key("TLS 1.2 with gost12 256 no-cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with gost12 256 ask cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, NULL, NULL, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.2 with gost12 256 use cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_GOST_256, + &server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, &cligost12_256_ca3_cert, &cligost12_256_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.2 with gost12 512 no-cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_512, GNUTLS_SIGN_UNKNOWN, + &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with gost12 512 ask cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_512, GNUTLS_SIGN_UNKNOWN, + &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, NULL, NULL, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.2 with gost12 512 use cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_512, GNUTLS_SIGN_GOST_512, + &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, &cligost12_512_ca3_cert, &cligost12_512_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.2 with gost12 512 use cli-cert gost12 256 (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_512, GNUTLS_SIGN_GOST_256, + &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, &cligost12_256_ca3_cert, &cligost12_256_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + server_priority = NULL; + } +#endif + gnutls_global_deinit(); } |