|
26 | 26 | ] |
27 | 27 |
|
28 | 28 | EXPECTED_RESULTS = { |
29 | | - # The tuple keys have the form (client_{cipher, kem_group}, server_{cipher, kem_group}) |
| 29 | + # The tuple keys have the form: |
| 30 | + # (client_{cipher, kem_group}, server_{cipher, kem_group}): {"cipher": {expected_cipher}, "kem_group": {expected_kem_group}} |
30 | 31 | (Ciphers.PQ_TLS_1_0_2023_01, Ciphers.PQ_TLS_1_0_2023_01): |
31 | 32 | {"cipher": "TLS_AES_256_GCM_SHA384", |
32 | | - "kem": None, "kem_group": "_kyber-512-r3"}, |
| 33 | + "kem_group": "_kyber-512-r3"}, |
33 | 34 | (KemGroups.P384_KYBER768R3, Ciphers.PQ_TLS_1_3_2023_06_01): |
34 | | - {"cipher": "AES256_GCM_SHA384", "kem": None, |
35 | | - "kem_group": "secp384r1_kyber-768-r3"}, |
| 35 | + {"cipher": "AES256_GCM_SHA384", |
| 36 | + "kem_group": "secp384r1_kyber-768-r3"}, |
36 | 37 | (KemGroups.P521_KYBER1024R3, Ciphers.PQ_TLS_1_3_2023_06_01): |
37 | | - {"cipher": "AES256_GCM_SHA384", "kem": None, |
38 | | - "kem_group": "secp521r1_kyber-1024-r3"}, |
| 38 | + {"cipher": "AES256_GCM_SHA384", |
| 39 | + "kem_group": "secp521r1_kyber-1024-r3"}, |
39 | 40 | (Ciphers.PQ_TLS_1_3_2023_06_01, KemGroups.X25519Kyber768Draft00): |
40 | 41 | {"cipher": "TLS_AES_256_GCM_SHA384", |
41 | | - "kem": None, |
42 | 42 | "kem_group": "X25519Kyber768Draft00"}, |
43 | 43 | (Ciphers.PQ_TLS_1_3_2023_06_01, KemGroups.SecP256r1Kyber768Draft00): |
44 | 44 | {"cipher": "TLS_AES_256_GCM_SHA384", |
45 | | - "kem": None, |
46 | 45 | "kem_group": "SecP256r1Kyber768Draft00"}, |
47 | 46 | (Ciphers.PQ_TLS_1_3_2023_06_01, Ciphers.PQ_TLS_1_3_2023_06_01): |
48 | 47 | {"cipher": "TLS_AES_256_GCM_SHA384", |
49 | | - "kem": None, |
50 | 48 | "kem_group": "SecP256r1Kyber768Draft00"}, |
51 | 49 | (Ciphers.PQ_TLS_1_3_2023_06_01, Ciphers.KMS_TLS_1_0_2018_10): |
52 | 50 | {"cipher": "ECDHE-RSA-AES256-GCM-SHA384", |
53 | | - "kem": None, |
54 | 51 | "kem_group": None}, |
55 | 52 | (Ciphers.KMS_TLS_1_0_2018_10, Ciphers.PQ_TLS_1_3_2023_06_01): |
56 | 53 | {"cipher": "ECDHE-RSA-AES128-GCM-SHA256", |
57 | | - "kem": None, |
58 | 54 | "kem_group": None}, |
59 | 55 | (Ciphers.KMS_TLS_1_0_2018_10, Ciphers.KMS_TLS_1_0_2018_10): |
60 | 56 | {"cipher": "ECDHE-RSA-AES256-GCM-SHA384", |
61 | | - "kem": None, |
62 | 57 | "kem_group": None}, |
63 | 58 | } |
64 | 59 |
|
@@ -95,16 +90,12 @@ def assert_s2n_negotiation_parameters(s2n_results, expected_result): |
95 | 90 | if expected_result is not None: |
96 | 91 | assert to_bytes( |
97 | 92 | ("Cipher negotiated: " + expected_result['cipher'])) in s2n_results.stdout |
98 | | - if expected_result['kem']: |
99 | | - assert to_bytes( |
100 | | - ("KEM: " + expected_result['kem'])) in s2n_results.stdout |
101 | | - assert to_bytes(PQ_ENABLED_FLAG) in s2n_results.stdout |
102 | 93 | if expected_result['kem_group']: |
103 | 94 | # Purposefully leave off the "KEM Group: " prefix in order to perform partial matches |
104 | 95 | # without specifying the curve. |
105 | 96 | assert to_bytes(expected_result['kem_group']) in s2n_results.stdout |
106 | 97 | assert to_bytes(PQ_ENABLED_FLAG) in s2n_results.stdout |
107 | | - if not expected_result['kem'] and not expected_result['kem_group']: |
| 98 | + if not expected_result['kem_group']: |
108 | 99 | assert to_bytes(PQ_ENABLED_FLAG) not in s2n_results.stdout |
109 | 100 | assert to_bytes("Curve:") in s2n_results.stdout |
110 | 101 |
|
@@ -161,7 +152,7 @@ def test_s2nc_to_s2nd_pq_handshake(managed_process, protocol, certificate, clien |
161 | 152 | # If PQ is not enabled in s2n, we expect classic handshakes to be negotiated. |
162 | 153 | # Leave the expected cipher blank, as there are multiple possibilities - the |
163 | 154 | # important thing is that kem and kem_group are NONE. |
164 | | - expected_result = {"cipher": "", "kem": None, "kem_group": None} |
| 155 | + expected_result = {"cipher": "", "kem_group": None} |
165 | 156 |
|
166 | 157 | # Client and server are both s2n; can make meaningful assertions about negotiation for both |
167 | 158 | for results in client.get_results(): |
|
0 commit comments