summaryrefslogtreecommitdiff
path: root/tests/tls13-cipher-neg.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/tls13-cipher-neg.c')
-rw-r--r--tests/tls13-cipher-neg.c240
1 files changed, 140 insertions, 100 deletions
diff --git a/tests/tls13-cipher-neg.c b/tests/tls13-cipher-neg.c
index 16a8883d80..f9be6f530c 100644
--- a/tests/tls13-cipher-neg.c
+++ b/tests/tls13-cipher-neg.c
@@ -20,7 +20,7 @@
*/
#ifdef HAVE_CONFIG_H
-#include <config.h>
+# include <config.h>
#endif
/* This program tests the ciphersuite negotiation for various key exchange
@@ -45,117 +45,157 @@
test_case_st tests[] = {
{
- .name = "server TLS 1.3: NULL (server - exp fallback)",
- .not_on_fips = 1,
- .cipher = GNUTLS_CIPHER_NULL,
- .server_prio = SPRIO":+VERS-TLS1.2:-CIPHER-ALL:+NULL:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
- .client_prio = CPRIO":+VERS-TLS1.2:+NULL:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
- .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)",
- },
+ .name = "server TLS 1.3: NULL (server - exp fallback)",
+ .not_on_fips = 1,
+ .cipher = GNUTLS_CIPHER_NULL,
+ .server_prio =
+ SPRIO
+ ":+VERS-TLS1.2:-CIPHER-ALL:+NULL:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
+ .client_prio =
+ CPRIO
+ ":+VERS-TLS1.2:+NULL:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
+ .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)",
+ },
{
- .name = "client TLS 1.3: NULL (client)",
- .not_on_fips = 1,
- .cipher = GNUTLS_CIPHER_NULL,
- .server_prio = SPRIO":+VERS-TLS1.2:+NULL:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
- .client_prio = CPRIO":-CIPHER-ALL:+NULL:+CIPHER-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
- .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)",
- },
+ .name = "client TLS 1.3: NULL (client)",
+ .not_on_fips = 1,
+ .cipher = GNUTLS_CIPHER_NULL,
+ .server_prio =
+ SPRIO
+ ":+VERS-TLS1.2:+NULL:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
+ .client_prio =
+ CPRIO
+ ":-CIPHER-ALL:+NULL:+CIPHER-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
+ .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)",
+ },
{
- .name = "server TLS 1.3: AES-128-GCM with SECP256R1 (server)",
- .cipher = GNUTLS_CIPHER_AES_128_GCM,
- .group = GNUTLS_GROUP_SECP256R1,
- .server_prio = SPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
- .client_prio = CPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
- .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
- },
+ .name = "server TLS 1.3: AES-128-GCM with SECP256R1 (server)",
+ .cipher = GNUTLS_CIPHER_AES_128_GCM,
+ .group = GNUTLS_GROUP_SECP256R1,
+ .server_prio =
+ SPRIO
+ ":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
+ .client_prio =
+ CPRIO
+ ":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
+ .desc =
+ "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
+ },
{
- .name = "both TLS 1.3: AES-128-GCM with X25519 (server)",
- .cipher = GNUTLS_CIPHER_AES_128_GCM,
- .group = GNUTLS_GROUP_X25519,
- .server_prio = SPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-X25519:+GROUP-ALL",
- .client_prio = CPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1:+GROUP-ALL",
- .desc = "(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
- },
+ .name = "both TLS 1.3: AES-128-GCM with X25519 (server)",
+ .cipher = GNUTLS_CIPHER_AES_128_GCM,
+ .group = GNUTLS_GROUP_X25519,
+ .server_prio =
+ SPRIO
+ ":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-X25519:+GROUP-ALL",
+ .client_prio =
+ CPRIO
+ ":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1:+GROUP-ALL",
+ .desc = "(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
+ },
{
- .name = "client TLS 1.3: AES-128-GCM with SECP256R1 (client)",
- .cipher = GNUTLS_CIPHER_AES_128_GCM,
- .group = GNUTLS_GROUP_SECP256R1,
- .server_prio = SPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
- .client_prio = CPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
- .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
- },
+ .name = "client TLS 1.3: AES-128-GCM with SECP256R1 (client)",
+ .cipher = GNUTLS_CIPHER_AES_128_GCM,
+ .group = GNUTLS_GROUP_SECP256R1,
+ .server_prio =
+ SPRIO
+ ":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
+ .client_prio =
+ CPRIO
+ ":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
+ .desc =
+ "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
+ },
{
- .name = "both TLS 1.3: AES-128-GCM with X25519 (client)",
- .cipher = GNUTLS_CIPHER_AES_128_GCM,
- .group = GNUTLS_GROUP_X25519,
- .server_prio = SPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1:+GROUP-ALL",
- .client_prio = CPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-ALL",
- .desc = "(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
- },
+ .name = "both TLS 1.3: AES-128-GCM with X25519 (client)",
+ .cipher = GNUTLS_CIPHER_AES_128_GCM,
+ .group = GNUTLS_GROUP_X25519,
+ .server_prio =
+ SPRIO
+ ":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1:+GROUP-ALL",
+ .client_prio =
+ CPRIO
+ ":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-ALL",
+ .desc = "(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
+ },
{
- .name = "server TLS 1.3: AES-128-CCM and FFDHE2048 (server)",
- .cipher = GNUTLS_CIPHER_AES_128_CCM,
- .group = GNUTLS_GROUP_FFDHE2048,
- .server_prio = SPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
- .client_prio = CPRIO":+AES-128-CCM",
- .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
- },
+ .name = "server TLS 1.3: AES-128-CCM and FFDHE2048 (server)",
+ .cipher = GNUTLS_CIPHER_AES_128_CCM,
+ .group = GNUTLS_GROUP_FFDHE2048,
+ .server_prio =
+ SPRIO
+ ":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
+ .client_prio = CPRIO ":+AES-128-CCM",
+ .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
+ },
{
- .name = "both TLS 1.3: AES-128-CCM and FFDHE 2048 (server)",
- .cipher = GNUTLS_CIPHER_AES_128_CCM,
- .group = GNUTLS_GROUP_FFDHE2048,
- .server_prio = SPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
- .client_prio = CPRIO":+AES-128-CCM:+VERS-TLS1.3",
- .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
- },
+ .name = "both TLS 1.3: AES-128-CCM and FFDHE 2048 (server)",
+ .cipher = GNUTLS_CIPHER_AES_128_CCM,
+ .group = GNUTLS_GROUP_FFDHE2048,
+ .server_prio =
+ SPRIO
+ ":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
+ .client_prio = CPRIO ":+AES-128-CCM:+VERS-TLS1.3",
+ .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
+ },
{
- .name = "client TLS 1.3: AES-128-CCM and FFDHE 2048 (client)",
- .cipher = GNUTLS_CIPHER_AES_128_CCM,
- .group = GNUTLS_GROUP_FFDHE2048,
- .server_prio = SPRIO":+AES-128-CCM",
- .client_prio = CPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
- .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
- },
+ .name = "client TLS 1.3: AES-128-CCM and FFDHE 2048 (client)",
+ .cipher = GNUTLS_CIPHER_AES_128_CCM,
+ .group = GNUTLS_GROUP_FFDHE2048,
+ .server_prio = SPRIO ":+AES-128-CCM",
+ .client_prio =
+ CPRIO
+ ":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
+ .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
+ },
{
- .name = "both TLS 1.3: AES-128-CCM and FFDHE 2048 (client)",
- .cipher = GNUTLS_CIPHER_AES_128_CCM,
- .group = GNUTLS_GROUP_FFDHE2048,
- .server_prio = SPRIO":+AES-128-CCM:+VERS-TLS1.3",
- .client_prio = CPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
- .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
- },
+ .name = "both TLS 1.3: AES-128-CCM and FFDHE 2048 (client)",
+ .cipher = GNUTLS_CIPHER_AES_128_CCM,
+ .group = GNUTLS_GROUP_FFDHE2048,
+ .server_prio = SPRIO ":+AES-128-CCM:+VERS-TLS1.3",
+ .client_prio =
+ CPRIO
+ ":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
+ .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
+ },
{
- .name = "server TLS 1.3: CHACHA20-POLY (server)",
- .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
- .not_on_fips = 1,
- .server_prio = SPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:%SERVER_PRECEDENCE",
- .client_prio = CPRIO":+CHACHA20-POLY1305",
- .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
- },
+ .name = "server TLS 1.3: CHACHA20-POLY (server)",
+ .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
+ .not_on_fips = 1,
+ .server_prio =
+ SPRIO ":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:%SERVER_PRECEDENCE",
+ .client_prio = CPRIO ":+CHACHA20-POLY1305",
+ .desc =
+ "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
+ },
{
- .name = "both TLS 1.3: CHACHA20-POLY (server)",
- .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
- .not_on_fips = 1,
- .server_prio = SPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:%SERVER_PRECEDENCE",
- .client_prio = CPRIO":+CHACHA20-POLY1305:+VERS-TLS1.3",
- .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
- },
+ .name = "both TLS 1.3: CHACHA20-POLY (server)",
+ .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
+ .not_on_fips = 1,
+ .server_prio =
+ SPRIO ":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:%SERVER_PRECEDENCE",
+ .client_prio = CPRIO ":+CHACHA20-POLY1305:+VERS-TLS1.3",
+ .desc =
+ "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
+ },
{
- .name = "client TLS 1.3: CHACHA20-POLY (client)",
- .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
- .not_on_fips = 1,
- .server_prio = SPRIO":+CHACHA20-POLY1305",
- .client_prio = CPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL",
- .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
- },
+ .name = "client TLS 1.3: CHACHA20-POLY (client)",
+ .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
+ .not_on_fips = 1,
+ .server_prio = SPRIO ":+CHACHA20-POLY1305",
+ .client_prio = CPRIO ":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL",
+ .desc =
+ "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
+ },
{
- .name = "both TLS 1.3: CHACHA20-POLY (client)",
- .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
- .not_on_fips = 1,
- .server_prio = SPRIO":+CHACHA20-POLY1305",
- .client_prio = CPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL",
- .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
- }
+ .name = "both TLS 1.3: CHACHA20-POLY (client)",
+ .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
+ .not_on_fips = 1,
+ .server_prio = SPRIO ":+CHACHA20-POLY1305",
+ .client_prio = CPRIO ":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL",
+ .desc =
+ "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
+ }
};
void doit(void)
@@ -163,7 +203,7 @@ void doit(void)
unsigned i;
global_init();
- for (i=0;i<sizeof(tests)/sizeof(tests[0]);i++) {
+ for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
try(&tests[i]);
}
View Lorry Controller Status