Re-structure to share more common code
Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index 3b139b3..808fbed 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -125,10 +125,13 @@
def post_checks(self):
return []
+ def pre_cmd(self):
+ return []
-class OpenSSLServ(TLSProgram):
+
+class OpenSSLBase(TLSProgram):
"""
- Generate test commands for OpenSSL server.
+ Generate base test commands for OpenSSL.
"""
NAMED_GROUP = {
@@ -141,234 +144,9 @@
def cmd(self):
super().cmd()
- ret = ['$O_NEXT_SRV_NO_CERT']
+ ret = []
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
- ret += ['-accept $SRV_PORT']
-
- if self._ciphers:
- ciphersuites = ':'.join(self._ciphers)
- ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)]
-
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- signature_algorithms = ':'.join(signature_algorithms)
- ret += ["-sigalgs {signature_algorithms}".format(
- signature_algorithms=signature_algorithms)]
-
- if self._named_groups:
- named_groups = ':'.join(
- map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups))
- ret += ["-groups {named_groups}".format(named_groups=named_groups)]
-
- ret += ['-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache']
- if not self._compat_mode:
- ret += ['-no_middlebox']
-
- return ' '.join(ret)
-
- def pre_checks(self):
- return ["requires_openssl_tls1_3"]
-
- def post_checks(self):
- return ['-c "HTTP/1.0 200 ok"']
-
-
-class GnuTLSServ(TLSProgram):
- """
- Generate test commands for GnuTLS server.
- """
-
- CIPHER_SUITE = {
- 'TLS_AES_256_GCM_SHA384': [
- 'AES-256-GCM',
- 'SHA384',
- 'AEAD'],
- 'TLS_AES_128_GCM_SHA256': [
- 'AES-128-GCM',
- 'SHA256',
- 'AEAD'],
- 'TLS_CHACHA20_POLY1305_SHA256': [
- 'CHACHA20-POLY1305',
- 'SHA256',
- 'AEAD'],
- 'TLS_AES_128_CCM_SHA256': [
- 'AES-128-CCM',
- 'SHA256',
- 'AEAD'],
- 'TLS_AES_128_CCM_8_SHA256': [
- 'AES-128-CCM-8',
- 'SHA256',
- 'AEAD']}
-
- SIGNATURE_ALGORITHM = {
- 'ecdsa_secp256r1_sha256': ['SIGN-ECDSA-SECP256R1-SHA256'],
- 'ecdsa_secp521r1_sha512': ['SIGN-ECDSA-SECP521R1-SHA512'],
- 'ecdsa_secp384r1_sha384': ['SIGN-ECDSA-SECP384R1-SHA384'],
- 'rsa_pss_rsae_sha256': ['SIGN-RSA-PSS-RSAE-SHA256']}
-
- NAMED_GROUP = {
- 'secp256r1': ['GROUP-SECP256R1'],
- 'secp384r1': ['GROUP-SECP384R1'],
- 'secp521r1': ['GROUP-SECP521R1'],
- 'x25519': ['GROUP-X25519'],
- 'x448': ['GROUP-X448'],
- }
-
- def pre_checks(self):
- return ["requires_gnutls_tls1_3",
- "requires_gnutls_next_no_ticket",
- "requires_gnutls_next_disable_tls13_compat", ]
-
- def post_checks(self):
- return ['-c "HTTP/1.0 200 OK"']
-
- def cmd(self):
- super().cmd()
- ret = ['$G_NEXT_SRV_NO_CERT', '--http',
- '--disable-client-cert', '--debug=4']
-
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
- cert=cert, key=key)]
-
- priority_string_list = []
-
- def update_priority_string_list(items, map_table):
- for item in items:
- for i in map_table[item]:
- if i not in priority_string_list:
- yield i
-
- if self._ciphers:
- priority_string_list.extend(update_priority_string_list(
- self._ciphers, self.CIPHER_SUITE))
- else:
- priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL'])
-
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- priority_string_list.extend(update_priority_string_list(
- signature_algorithms, self.SIGNATURE_ALGORITHM))
- else:
- priority_string_list.append('SIGN-ALL')
-
-
- if self._named_groups:
- priority_string_list.extend(update_priority_string_list(
- self._named_groups, self.NAMED_GROUP))
- else:
- priority_string_list.append('GROUP-ALL')
-
- priority_string_list = ['NONE'] + \
- sorted(priority_string_list) + ['VERS-TLS1.3']
-
- priority_string = ':+'.join(priority_string_list)
- priority_string += ':%NO_TICKETS'
-
- if not self._compat_mode:
- priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
-
- ret += ['--priority={priority_string}'.format(
- priority_string=priority_string)]
- ret = ' '.join(ret)
- return ret
-
-
-class MbedTLSServ(TLSProgram):
- """
- Generate test commands for mbedTLS server.
- """
-
- CIPHER_SUITE = {
- 'TLS_AES_256_GCM_SHA384': 'TLS1-3-AES-256-GCM-SHA384',
- 'TLS_AES_128_GCM_SHA256': 'TLS1-3-AES-128-GCM-SHA256',
- 'TLS_CHACHA20_POLY1305_SHA256': 'TLS1-3-CHACHA20-POLY1305-SHA256',
- 'TLS_AES_128_CCM_SHA256': 'TLS1-3-AES-128-CCM-SHA256',
- 'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'}
-
- def cmd(self):
- super().cmd()
- ret = ['$P_SRV_NO_CERT']
- ret += ['server_addr=127.0.0.1', 'server_port=$SRV_PORT',
- 'debug_level=4', 'force_version=tls13']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)]
- ret += ['ca_file={cafile}'.format(
- cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
- if self._ciphers:
- ciphers = ','.join(
- map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers))
- ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)]
-
- if self._sig_algs + self._cert_sig_algs:
- ret += ['sig_algs={sig_algs}'.format(
- sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))]
-
- if self._named_groups:
- named_groups = ','.join(self._named_groups)
- ret += ["curves={named_groups}".format(named_groups=named_groups)]
-
- ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0']
- ret = ' '.join(ret)
- return ret
-
- def pre_checks(self):
- ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
- 'requires_config_enabled MBEDTLS_SSL_CLI_C',
- 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3']
-
- if self._compat_mode:
- ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
-
- if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
- ret.append(
- 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
- return ret
-
- def post_checks(self):
- check_strings = ["Protocol is TLSv1.3"]
- if self._ciphers:
- check_strings.append(
- "server hello, chosen ciphersuite: {} ( id={:04d} )".format(
- self.CIPHER_SUITE[self._ciphers[0]],
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]]))
- if self._sig_algs:
- check_strings.append(
- "received signature algorithm: 0x{:x}".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
-
- for named_group in self._named_groups:
- check_strings += ['got named group: {named_group}({iana_value:04x})'.format(
- named_group=named_group,
- iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
-
- check_strings.append("Verifying peer X.509 certificate... ok")
- return ['-s "{}"'.format(i) for i in check_strings]
-
-
-class OpenSSLCli(TLSProgram):
- """
- Generate test commands for OpenSSL client.
- """
-
- NAMED_GROUP = {
- 'secp256r1': 'P-256',
- 'secp384r1': 'P-384',
- 'secp521r1': 'P-521',
- 'x25519': 'X25519',
- 'x448': 'X448',
- }
-
- def cmd(self):
- super().cmd()
- ret = ['$O_NEXT_CLI_NO_CERT']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
-
- ret += ['-CAfile {cafile}'.format(
- cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
if self._ciphers:
ciphersuites = ':'.join(self._ciphers)
@@ -389,18 +167,42 @@
if not self._compat_mode:
ret += ['-no_middlebox']
+#return ' '.join(ret)
+ return ret
+
+ def pre_checks(self):
+ return ["requires_openssl_tls1_3"]
+
+ def post_checks(self):
+ return []
+
+
+class OpenSSLServ(OpenSSLBase):
+ """
+ Generate test commands for OpenSSL server.
+ """
+
+ def cmd(self):
+ ret = super().cmd()
+ ret += ['-accept $SRV_PORT']
+
+ ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache']
+
return ' '.join(ret)
def pre_checks(self):
return ["requires_openssl_tls1_3"]
def post_checks(self):
- return ['-s "HTTP/1.0 200 OK"']
+ return ['-c "HTTP/1.0 200 ok"']
+
+ def pre_cmd(self):
+ return '$O_NEXT_SRV_NO_CERT'
-class GnuTLSCli(TLSProgram):
+class GnuTLSBase(TLSProgram):
"""
- Generate test commands for GnuTLS client.
+ Generate base test commands for GnuTLS.
"""
CIPHER_SUITE = {
@@ -445,14 +247,11 @@
"requires_gnutls_next_disable_tls13_compat", ]
def post_checks(self):
- return ['-c "HTTP/1.0 200 OK"']
+ return []
def cmd(self):
super().cmd()
- ret = ['$G_NEXT_CLI_NO_CERT', '--debug=4']
- ret += ['localhost', '-p $SRV_PORT', '--single-key-share']
- ret += ['--x509cafile {cafile}'.format(
- cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
+ ret = []
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
@@ -497,13 +296,37 @@
ret += ['--priority={priority_string}'.format(
priority_string=priority_string)]
+#ret = ' '.join(ret)
+ return ret
+
+class GnuTLSServ(GnuTLSBase):
+ """
+ Generate test commands for GnuTLS server.
+ """
+
+ def pre_checks(self):
+ return ["requires_gnutls_tls1_3",
+ "requires_gnutls_next_no_ticket",
+ "requires_gnutls_next_disable_tls13_compat", ]
+
+ def post_checks(self):
+ return ['-c "HTTP/1.0 200 OK"']
+
+ def cmd(self):
+ ret = super().cmd()
+ ret += ['--http',
+ '--disable-client-cert', '--debug=4']
+
ret = ' '.join(ret)
return ret
+ def pre_cmd(self):
+ return '$G_NEXT_SRV_NO_CERT'
-class MbedTLSCli(TLSProgram):
+
+class MbedTLSBase(TLSProgram):
"""
- Generate test commands for mbedTLS client.
+ Generate base test commands for mbedTLS.
"""
CIPHER_SUITE = {
@@ -515,8 +338,7 @@
def cmd(self):
super().cmd()
- ret = ['$P_CLI']
- ret += ['server_addr=127.0.0.1', 'server_port=$SRV_PORT',
+ ret = ['server_addr=127.0.0.1', 'server_port=$SRV_PORT',
'debug_level=4']
ret += ['ca_file={cafile}'.format(
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
@@ -534,6 +356,38 @@
named_groups = ','.join(self._named_groups)
ret += ["curves={named_groups}".format(named_groups=named_groups)]
+#ret = ' '.join(ret)
+ return ret
+
+ def pre_checks(self):
+ ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
+ 'requires_config_enabled MBEDTLS_SSL_CLI_C',
+ 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3']
+
+ if self._compat_mode:
+ ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
+
+ if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
+ ret.append(
+ 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
+ return ret
+
+ def post_checks(self):
+ return []
+
+
+class MbedTLSServ(MbedTLSBase):
+ """
+ Generate test commands for mbedTLS server.
+ """
+
+ def cmd(self):
+ ret = super().cmd()
+ ret += ['force_version=tls13']
+ for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
+ ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)]
+
+ ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0']
ret = ' '.join(ret)
return ret
@@ -554,6 +408,107 @@
check_strings = ["Protocol is TLSv1.3"]
if self._ciphers:
check_strings.append(
+ "server hello, chosen ciphersuite: {} ( id={:04d} )".format(
+ self.CIPHER_SUITE[self._ciphers[0]],
+ CIPHER_SUITE_IANA_VALUE[self._ciphers[0]]))
+ if self._sig_algs:
+ check_strings.append(
+ "received signature algorithm: 0x{:x}".format(
+ SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
+
+ for named_group in self._named_groups:
+ check_strings += ['got named group: {named_group}({iana_value:04x})'.format(
+ named_group=named_group,
+ iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
+
+ check_strings.append("Verifying peer X.509 certificate... ok")
+ return ['-s "{}"'.format(i) for i in check_strings]
+
+ def pre_cmd(self):
+ return '$P_SRV_NO_CERT'
+
+
+class OpenSSLCli(OpenSSLBase):
+ """
+ Generate test commands for OpenSSL client.
+ """
+
+ def cmd(self):
+ ret = super().cmd()
+
+ ret += ['-CAfile {cafile}'.format(
+ cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
+
+ return ' '.join(ret)
+
+ def pre_checks(self):
+ return ["requires_openssl_tls1_3"]
+
+ def post_checks(self):
+ return ['-s "HTTP/1.0 200 OK"']
+
+ def pre_cmd(self):
+ return '$O_NEXT_CLI_NO_CERT'
+
+
+class GnuTLSCli(GnuTLSBase):
+ """
+ Generate test commands for GnuTLS client.
+ """
+
+ def pre_checks(self):
+ return ["requires_gnutls_tls1_3",
+ "requires_gnutls_next_no_ticket",
+ "requires_gnutls_next_disable_tls13_compat", ]
+
+ def post_checks(self):
+ return ['-c "HTTP/1.0 200 OK"']
+
+ def cmd(self):
+ ret = super().cmd()
+ ret += ['--debug=4']
+ ret += ['localhost', '-p $SRV_PORT', '--single-key-share']
+ ret += ['--x509cafile {cafile}'.format(
+ cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
+
+ ret = ' '.join(ret)
+ return ret
+
+ def pre_cmd(self):
+ return '$G_NEXT_CLI_NO_CERT'
+
+
+class MbedTLSCli(MbedTLSBase):
+ """
+ Generate test commands for mbedTLS client.
+ """
+
+ def cmd(self):
+ ret = super().cmd()
+
+ ret = ' '.join(ret)
+ return ret
+
+ def pre_cmd(self):
+ return '$P_CLI'
+
+ def pre_checks(self):
+ ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
+ 'requires_config_enabled MBEDTLS_SSL_CLI_C',
+ 'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3']
+
+ if self._compat_mode:
+ ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
+
+ if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
+ ret.append(
+ 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
+ return ret
+
+ def post_checks(self):
+ check_strings = ["Protocol is TLSv1.3"]
+ if self._ciphers:
+ check_strings.append(
"server hello, chosen ciphersuite: ( {:04x} ) - {}".format(
CIPHER_SUITE_IANA_VALUE[self._ciphers[0]],
self.CIPHER_SUITE[self._ciphers[0]]))
@@ -571,11 +526,9 @@
return ['-c "{}"'.format(i) for i in check_strings]
-SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ}
-CLIENT_CLASSES = {'mbedTLS': MbedTLSCli}
+SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ, 'mbedTLS': MbedTLSServ}
+CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli}
-SERVER_SERVER_CLASSES = {'mbedTLS': MbedTLSServ}
-SERVER_CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli}
def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None):
"""
@@ -593,35 +546,8 @@
signature_algorithm=sig_alg,
cert_sig_alg=sig_alg)
- cmd = ['run_test "{}"'.format(name), '"{}"'.format(
- server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
- cmd += server_object.post_checks()
- cmd += client_object.post_checks()
- cmd += ['-C "received HelloRetryRequest message"']
- prefix = ' \\\n' + (' '*9)
- cmd = prefix.join(cmd)
- return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
-
-
-def generate_server_side_compat_test(client=None, server=None, cipher=None,
- named_group=None, sig_alg=None):
- """
- Generate server side test case with `ssl-opt.sh` format.
- """
- name = 'TLS 1.3 server side {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format(
- client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group)
-
- server_object = SERVER_SERVER_CLASSES[server](ciphersuite=cipher,
- named_group=named_group,
- signature_algorithm=sig_alg,
- cert_sig_alg=sig_alg)
- client_object = SERVER_CLIENT_CLASSES[client](ciphersuite=cipher,
- named_group=named_group,
- signature_algorithm=sig_alg,
- cert_sig_alg=sig_alg)
-
- cmd = ['run_test "{}"'.format(name), '"{}"'.format(
- server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
+ cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(),
+ server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0']
cmd += server_object.post_checks()
cmd += client_object.post_checks()
cmd += ['-C "received HelloRetryRequest message"']
@@ -646,8 +572,8 @@
cert_sig_alg=cert_sig_alg)
client_object.add_named_groups(server_named_group)
- cmd = ['run_test "{}"'.format(name), '"{}"'.format(
- server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
+ cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(),
+ server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0']
cmd += server_object.post_checks()
cmd += client_object.post_checks()
cmd += ['-c "received HelloRetryRequest message"']
@@ -668,15 +594,15 @@
name = 'TLS 1.3 {client[0]}->{server[0]}: Server HRR {c_named_group} -> {s_named_group}'.format(
client=client, server=server, c_named_group=client_named_group,
s_named_group=server_named_group)
- server_object = SERVER_SERVER_CLASSES[server](named_group=server_named_group,
+ server_object = SERVER_CLASSES[server](named_group=server_named_group,
cert_sig_alg=cert_sig_alg)
- client_object = SERVER_CLIENT_CLASSES[client](named_group=client_named_group,
+ client_object = CLIENT_CLASSES[client](named_group=client_named_group,
cert_sig_alg=cert_sig_alg)
client_object.add_named_groups(server_named_group)
- cmd = ['run_test "{}"'.format(name), '"{}"'.format(
- server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
+ cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(),
+ server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0']
cmd += server_object.post_checks()
cmd += client_object.post_checks()
cmd += ['-s "HRR selected_group: {:s}"'.format(server_named_group)]
@@ -768,19 +694,11 @@
CIPHER_SUITE_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys(),
SIG_ALG_IANA_VALUE.keys()):
- yield generate_compat_test(client=client, server=server,
+ if(server == 'mbedTLS' or client == 'mbedTLS'):
+ yield generate_compat_test(client=client, server=server,
cipher=cipher, named_group=named_group,
sig_alg=sig_alg)
- for client, server, cipher, named_group, sig_alg in \
- itertools.product(SERVER_CLIENT_CLASSES.keys(),
- SERVER_SERVER_CLASSES.keys(),
- CIPHER_SUITE_IANA_VALUE.keys(),
- NAMED_GROUP_IANA_VALUE.keys(),
- SIG_ALG_IANA_VALUE.keys()):
- yield generate_server_side_compat_test(client=client, server=server,
- cipher=cipher, named_group=named_group,
- sig_alg=sig_alg)
# Generate Hello Retry Request compat test cases
for client, server, client_named_group, server_named_group in \
@@ -788,22 +706,25 @@
SERVER_CLASSES.keys(),
NAMED_GROUP_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys()):
- if client_named_group != server_named_group:
- yield generate_hrr_compat_test(client=client, server=server,
+ if(client == 'mbedTLS'):
+ if client_named_group != server_named_group:
+ yield generate_hrr_compat_test(client=client, server=server,
client_named_group=client_named_group,
server_named_group=server_named_group,
cert_sig_alg="ecdsa_secp256r1_sha256")
for client, server, client_named_group, server_named_group in \
- itertools.product(SERVER_CLIENT_CLASSES.keys(),
- SERVER_SERVER_CLASSES.keys(),
+ itertools.product(CLIENT_CLASSES.keys(),
+ SERVER_CLASSES.keys(),
NAMED_GROUP_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys()):
- if client_named_group != server_named_group:
- yield generate_server_hrr_compat_test(client=client, server=server,
- client_named_group=client_named_group,
- server_named_group=server_named_group,
- cert_sig_alg="ecdsa_secp256r1_sha256")
+ if(server == 'mbedTLS'):
+ if client_named_group != server_named_group:
+ yield generate_server_hrr_compat_test(client=client, server=server,
+ client_named_group=client_named_group,
+ server_named_group=server_named_group,
+ cert_sig_alg="ecdsa_secp256r1_sha256")
+
if args.generate_all_tls13_compat_tests:
if args.output: