|
26 | 26 | ] |
27 | 27 |
|
28 | 28 | EXPECTED_RESULTS = { |
29 | | - # The tuple keys have the form (client_{cipher, kem_group}, server_{cipher, kem_group}) |
30 | 29 | (Ciphers.PQ_TLS_1_0_2023_01, Ciphers.PQ_TLS_1_0_2023_01): |
31 | 30 | {"cipher": "TLS_AES_256_GCM_SHA384", |
32 | | - "kem": None, "kem_group": "_kyber-512-r3"}, |
| 31 | + "kem_group": "_kyber-512-r3"}, |
33 | 32 | (KemGroups.P384_KYBER768R3, Ciphers.PQ_TLS_1_3_2023_06_01): |
34 | | - {"cipher": "AES256_GCM_SHA384", "kem": None, |
35 | | - "kem_group": "secp384r1_kyber-768-r3"}, |
| 33 | + {"cipher": "AES256_GCM_SHA384", |
| 34 | + "kem_group": "secp384r1_kyber-768-r3"}, |
36 | 35 | (KemGroups.P521_KYBER1024R3, Ciphers.PQ_TLS_1_3_2023_06_01): |
37 | | - {"cipher": "AES256_GCM_SHA384", "kem": None, |
38 | | - "kem_group": "secp521r1_kyber-1024-r3"}, |
| 36 | + {"cipher": "AES256_GCM_SHA384", |
| 37 | + "kem_group": "secp521r1_kyber-1024-r3"}, |
39 | 38 | (Ciphers.PQ_TLS_1_3_2023_06_01, KemGroups.X25519Kyber768Draft00): |
40 | 39 | {"cipher": "TLS_AES_256_GCM_SHA384", |
41 | | - "kem": None, |
42 | 40 | "kem_group": "X25519Kyber768Draft00"}, |
43 | 41 | (Ciphers.PQ_TLS_1_3_2023_06_01, KemGroups.SecP256r1Kyber768Draft00): |
44 | 42 | {"cipher": "TLS_AES_256_GCM_SHA384", |
45 | | - "kem": None, |
46 | 43 | "kem_group": "SecP256r1Kyber768Draft00"}, |
47 | 44 | (Ciphers.PQ_TLS_1_3_2023_06_01, Ciphers.PQ_TLS_1_3_2023_06_01): |
48 | 45 | {"cipher": "TLS_AES_256_GCM_SHA384", |
49 | | - "kem": None, |
50 | 46 | "kem_group": "SecP256r1Kyber768Draft00"}, |
51 | 47 | (Ciphers.PQ_TLS_1_3_2023_06_01, Ciphers.KMS_TLS_1_0_2018_10): |
52 | 48 | {"cipher": "ECDHE-RSA-AES256-GCM-SHA384", |
53 | | - "kem": None, |
54 | 49 | "kem_group": None}, |
55 | 50 | (Ciphers.KMS_TLS_1_0_2018_10, Ciphers.PQ_TLS_1_3_2023_06_01): |
56 | 51 | {"cipher": "ECDHE-RSA-AES128-GCM-SHA256", |
57 | | - "kem": None, |
58 | 52 | "kem_group": None}, |
59 | 53 | (Ciphers.KMS_TLS_1_0_2018_10, Ciphers.KMS_TLS_1_0_2018_10): |
60 | 54 | {"cipher": "ECDHE-RSA-AES256-GCM-SHA384", |
61 | | - "kem": None, |
62 | 55 | "kem_group": None}, |
63 | 56 | } |
64 | 57 |
|
@@ -95,16 +88,12 @@ def assert_s2n_negotiation_parameters(s2n_results, expected_result): |
95 | 88 | if expected_result is not None: |
96 | 89 | assert to_bytes( |
97 | 90 | ("Cipher negotiated: " + expected_result['cipher'])) in s2n_results.stdout |
98 | | - if expected_result['kem']: |
99 | | - assert to_bytes( |
100 | | - ("KEM: " + expected_result['kem'])) in s2n_results.stdout |
101 | | - assert to_bytes(PQ_ENABLED_FLAG) in s2n_results.stdout |
102 | 91 | if expected_result['kem_group']: |
103 | 92 | # Purposefully leave off the "KEM Group: " prefix in order to perform partial matches |
104 | 93 | # without specifying the curve. |
105 | 94 | assert to_bytes(expected_result['kem_group']) in s2n_results.stdout |
106 | 95 | assert to_bytes(PQ_ENABLED_FLAG) in s2n_results.stdout |
107 | | - if not expected_result['kem'] and not expected_result['kem_group']: |
| 96 | + if not expected_result['kem_group']: |
108 | 97 | assert to_bytes(PQ_ENABLED_FLAG) not in s2n_results.stdout |
109 | 98 | assert to_bytes("Curve:") in s2n_results.stdout |
110 | 99 |
|
@@ -161,7 +150,7 @@ def test_s2nc_to_s2nd_pq_handshake(managed_process, protocol, certificate, clien |
161 | 150 | # If PQ is not enabled in s2n, we expect classic handshakes to be negotiated. |
162 | 151 | # Leave the expected cipher blank, as there are multiple possibilities - the |
163 | 152 | # important thing is that kem and kem_group are NONE. |
164 | | - expected_result = {"cipher": "", "kem": None, "kem_group": None} |
| 153 | + expected_result = {"cipher": "", "kem_group": None} |
165 | 154 |
|
166 | 155 | # Client and server are both s2n; can make meaningful assertions about negotiation for both |
167 | 156 | for results in client.get_results(): |
|
0 commit comments