Change ffdh testing strategy
- Full tests generated by script only for ffdhe2048 group
- Single G->m and m->G exchange test for each other group
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index b869e94..e66aefa 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -68,7 +68,6 @@
'x25519': 0x1d,
'x448': 0x1e,
'ffdhe2048': 0x100,
- 'ffdhe8192': 0x104,
}
@@ -149,7 +148,6 @@
'x25519': 'X25519',
'x448': 'X448',
'ffdhe2048': 'ffdhe2048',
- 'ffdhe8192': 'ffdhe8192',
}
def cmd(self):
@@ -180,16 +178,11 @@
ret = ["requires_openssl_tls1_3"]
# ffdh groups require at least openssl 3.0
- ffdh_groups = ['ffdhe2048', 'ffdhe8192']
+ ffdh_groups = ['ffdhe2048']
if any(x in ffdh_groups for x in self._named_groups):
ret = ["requires_openssl_tls1_3_with_ffdh"]
- # ffdhe8192 has very long keys and requires intensive computation.
- # The test may fail on CI when executor is just very loaded. Give a second chance.
- if 'ffdhe8192' in self._named_groups:
- ret.append('client_needs_more_time 2')
-
return ret
@@ -263,7 +256,6 @@
'x25519': ['GROUP-X25519'],
'x448': ['GROUP-X448'],
'ffdhe2048': ['GROUP-FFDHE2048'],
- 'ffdhe8192': ['GROUP-FFDHE8192'],
}
def pre_checks(self):
@@ -385,7 +377,7 @@
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
ec_groups = ['secp256r1', 'secp384r1', 'secp521r1', 'x25519', 'x448']
- ffdh_groups = ['ffdhe2048', 'ffdhe8192']
+ ffdh_groups = ['ffdhe2048']
if any(x in ec_groups for x in self._named_groups):
ret.append('requires_config_enabled PSA_WANT_ALG_ECDH')