mirror of https://github.com/ctz/rustls
tests: move existing RSA test data to RSA 2048
This prepares for a change where we will generate RSA certificate chains for three modulus sizes. The existing certificates are left as-is, meaning the rsa-2048 intermediate and CA are using RSA 3072 and 4096 respectively. This will be fixed in subsequent commits with a switch to new tooling.
This commit is contained in:
Daniel McCarney
parent
bf5b0734c7
commit
277b4a607c
|
|
@ -311,13 +311,13 @@ fn all_benchmarks_params() -> Vec<BenchmarkParams> {
|
|||
] {
|
||||
for (key_type, suite_name, version, name) in [
|
||||
(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
&rustls::version::TLS12,
|
||||
"1.2_rsa_aes",
|
||||
),
|
||||
(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS13_AES_128_GCM_SHA256,
|
||||
&rustls::version::TLS13,
|
||||
"1.3_rsa_aes",
|
||||
|
|
@ -335,7 +335,7 @@ fn all_benchmarks_params() -> Vec<BenchmarkParams> {
|
|||
"1.3_ecdsap384_aes",
|
||||
),
|
||||
(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
|
||||
&rustls::version::TLS13,
|
||||
"1.3_rsa_chacha",
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ use rustls::pki_types::{CertificateDer, PrivateKeyDer};
|
|||
|
||||
#[derive(PartialEq, Clone, Copy, Debug)]
|
||||
pub enum KeyType {
|
||||
Rsa,
|
||||
Rsa2048,
|
||||
EcdsaP256,
|
||||
EcdsaP384,
|
||||
}
|
||||
|
|
@ -12,7 +12,7 @@ pub enum KeyType {
|
|||
impl KeyType {
|
||||
pub(crate) fn path_for(&self, part: &str) -> String {
|
||||
match self {
|
||||
Self::Rsa => format!("../test-ca/rsa/{}", part),
|
||||
Self::Rsa2048 => format!("../test-ca/rsa-2048/{}", part),
|
||||
Self::EcdsaP256 => format!("../test-ca/ecdsa-p256/{}", part),
|
||||
Self::EcdsaP384 => format!("../test-ca/ecdsa-p384/{}", part),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -225,7 +225,7 @@ fn server_config_with_ffdhe_kx(protocol: &'static SupportedProtocolVersion) -> S
|
|||
.unwrap()
|
||||
}
|
||||
|
||||
const CERT_CHAIN_FILE: &str = "../test-ca/rsa/end.fullchain";
|
||||
const PRIV_KEY_FILE: &str = "../test-ca/rsa/end.key";
|
||||
const CA_FILE: &str = "../test-ca/rsa/ca.der";
|
||||
const CA_PEM_FILE: &str = "../test-ca/rsa/ca.cert";
|
||||
const CERT_CHAIN_FILE: &str = "../test-ca/rsa-2048/end.fullchain";
|
||||
const PRIV_KEY_FILE: &str = "../test-ca/rsa-2048/end.key";
|
||||
const CA_FILE: &str = "../test-ca/rsa-2048/ca.der";
|
||||
const CA_PEM_FILE: &str = "../test-ca/rsa-2048/ca.cert";
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ use rustls::ServerConnection;
|
|||
use test_utils::*;
|
||||
|
||||
fn bench_ewouldblock(c: &mut Bencher) {
|
||||
let server_config = make_server_config(KeyType::Rsa);
|
||||
let server_config = make_server_config(KeyType::Rsa2048);
|
||||
let mut server = ServerConnection::new(Arc::new(server_config)).unwrap();
|
||||
let mut read_ewouldblock = FailsReads::new(io::ErrorKind::WouldBlock);
|
||||
c.iter(|| server.read_tls(&mut read_ewouldblock));
|
||||
|
|
|
|||
|
|
@ -143,7 +143,7 @@ impl ResumptionParam {
|
|||
// copied from tests/api.rs
|
||||
#[derive(PartialEq, Clone, Copy, Debug)]
|
||||
enum KeyType {
|
||||
Rsa,
|
||||
Rsa2048,
|
||||
EcdsaP256,
|
||||
EcdsaP384,
|
||||
Ed25519,
|
||||
|
|
@ -172,7 +172,7 @@ impl BenchmarkParam {
|
|||
static ALL_BENCHMARKS: &[BenchmarkParam] = &[
|
||||
#[cfg(all(feature = "tls12", not(feature = "fips")))]
|
||||
BenchmarkParam::new(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
&rustls::version::TLS12,
|
||||
),
|
||||
|
|
@ -184,13 +184,13 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[
|
|||
),
|
||||
#[cfg(feature = "tls12")]
|
||||
BenchmarkParam::new(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
&rustls::version::TLS12,
|
||||
),
|
||||
#[cfg(feature = "tls12")]
|
||||
BenchmarkParam::new(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
&rustls::version::TLS12,
|
||||
),
|
||||
|
|
@ -208,17 +208,17 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[
|
|||
),
|
||||
#[cfg(not(feature = "fips"))]
|
||||
BenchmarkParam::new(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
cipher_suite::TLS13_CHACHA20_POLY1305_SHA256,
|
||||
&rustls::version::TLS13,
|
||||
),
|
||||
BenchmarkParam::new(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
cipher_suite::TLS13_AES_256_GCM_SHA384,
|
||||
&rustls::version::TLS13,
|
||||
),
|
||||
BenchmarkParam::new(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
cipher_suite::TLS13_AES_128_GCM_SHA256,
|
||||
&rustls::version::TLS13,
|
||||
),
|
||||
|
|
@ -237,7 +237,7 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[
|
|||
impl KeyType {
|
||||
fn path_for(&self, part: &str) -> String {
|
||||
match self {
|
||||
Self::Rsa => format!("test-ca/rsa/{}", part),
|
||||
Self::Rsa2048 => format!("test-ca/rsa-2048/{}", part),
|
||||
Self::EcdsaP256 => format!("test-ca/ecdsa-p256/{}", part),
|
||||
Self::EcdsaP384 => format!("test-ca/ecdsa-p384/{}", part),
|
||||
Self::Ed25519 => format!("test-ca/eddsa/{}", part),
|
||||
|
|
|
|||
|
|
@ -432,7 +432,7 @@ test_for_each_provider! {
|
|||
fn test_crls() -> Vec<CertificateRevocationListDer<'static>> {
|
||||
load_crls(&[
|
||||
include_bytes!("../../../test-ca/ecdsa-p256/client.revoked.crl.pem").as_slice(),
|
||||
include_bytes!("../../../test-ca/rsa/client.revoked.crl.pem").as_slice(),
|
||||
include_bytes!("../../../test-ca/rsa-2048/client.revoked.crl.pem").as_slice(),
|
||||
])
|
||||
}
|
||||
|
||||
|
|
@ -449,7 +449,7 @@ test_for_each_provider! {
|
|||
fn test_roots() -> Arc<RootCertStore> {
|
||||
load_roots(&[
|
||||
include_bytes!("../../../test-ca/ecdsa-p256/ca.der").as_slice(),
|
||||
include_bytes!("../../../test-ca/rsa/ca.der").as_slice(),
|
||||
include_bytes!("../../../test-ca/rsa-2048/ca.der").as_slice(),
|
||||
])
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -305,7 +305,7 @@ test_for_each_provider! {
|
|||
fn test_crls() -> Vec<CertificateRevocationListDer<'static>> {
|
||||
load_crls(&[
|
||||
include_bytes!("../../../test-ca/ecdsa-p256/client.revoked.crl.pem").as_slice(),
|
||||
include_bytes!("../../../test-ca/rsa/client.revoked.crl.pem").as_slice(),
|
||||
include_bytes!("../../../test-ca/rsa-2048/client.revoked.crl.pem").as_slice(),
|
||||
])
|
||||
}
|
||||
|
||||
|
|
@ -322,7 +322,7 @@ test_for_each_provider! {
|
|||
fn test_roots() -> Arc<RootCertStore> {
|
||||
load_roots(&[
|
||||
include_bytes!("../../../test-ca/ecdsa-p256/ca.der").as_slice(),
|
||||
include_bytes!("../../../test-ca/rsa/ca.der").as_slice(),
|
||||
include_bytes!("../../../test-ca/rsa-2048/ca.der").as_slice(),
|
||||
])
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -55,13 +55,13 @@ fn alpn_test_error(
|
|||
agreed: Option<&[u8]>,
|
||||
expected_error: Option<ErrorFromPeer>,
|
||||
) {
|
||||
let mut server_config = make_server_config(KeyType::Rsa);
|
||||
let mut server_config = make_server_config(KeyType::Rsa2048);
|
||||
server_config.alpn_protocols = server_protos;
|
||||
|
||||
let server_config = Arc::new(server_config);
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
let mut client_config = make_client_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let mut client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
client_config
|
||||
.alpn_protocols
|
||||
.clone_from(&client_protos);
|
||||
|
|
@ -133,8 +133,8 @@ fn version_test(
|
|||
server_versions
|
||||
};
|
||||
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa, client_versions);
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa, server_versions);
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa2048, client_versions);
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa2048, server_versions);
|
||||
|
||||
println!(
|
||||
"version {:?} {:?} -> {:?}",
|
||||
|
|
@ -357,10 +357,10 @@ fn config_builder_for_server_with_time() {
|
|||
|
||||
#[test]
|
||||
fn buffered_client_data_sent() {
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa));
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa2048));
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
let (mut client, mut server) =
|
||||
make_pair_for_arc_configs(&Arc::new(client_config), &server_config);
|
||||
|
||||
|
|
@ -376,10 +376,10 @@ fn buffered_client_data_sent() {
|
|||
|
||||
#[test]
|
||||
fn buffered_server_data_sent() {
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa));
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa2048));
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
let (mut client, mut server) =
|
||||
make_pair_for_arc_configs(&Arc::new(client_config), &server_config);
|
||||
|
||||
|
|
@ -395,10 +395,10 @@ fn buffered_server_data_sent() {
|
|||
|
||||
#[test]
|
||||
fn buffered_both_data_sent() {
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa));
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa2048));
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
let (mut client, mut server) =
|
||||
make_pair_for_arc_configs(&Arc::new(client_config), &server_config);
|
||||
|
||||
|
|
@ -551,7 +551,7 @@ fn test_config_builders_debug() {
|
|||
/// certificate and not being given one.
|
||||
#[test]
|
||||
fn server_allow_any_anonymous_or_authenticated_client() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
for client_cert_chain in [None, Some(kt.get_client_chain())] {
|
||||
let client_auth_roots = get_client_root_store(kt);
|
||||
let client_auth = webpki_client_verifier_builder(client_auth_roots.clone())
|
||||
|
|
@ -588,7 +588,7 @@ fn check_read_and_close(reader: &mut dyn io::Read, expect: &[u8]) {
|
|||
|
||||
#[test]
|
||||
fn server_close_notify() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let server_config = Arc::new(make_server_config_with_mandatory_client_auth(kt));
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
|
|
@ -627,7 +627,7 @@ fn server_close_notify() {
|
|||
|
||||
#[test]
|
||||
fn client_close_notify() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let server_config = Arc::new(make_server_config_with_mandatory_client_auth(kt));
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
|
|
@ -666,7 +666,7 @@ fn client_close_notify() {
|
|||
|
||||
#[test]
|
||||
fn server_closes_uncleanly() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let server_config = Arc::new(make_server_config(kt));
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
|
|
@ -711,7 +711,7 @@ fn server_closes_uncleanly() {
|
|||
|
||||
#[test]
|
||||
fn client_closes_uncleanly() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let server_config = Arc::new(make_server_config(kt));
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
|
|
@ -756,7 +756,7 @@ fn client_closes_uncleanly() {
|
|||
|
||||
#[test]
|
||||
fn test_tls13_valid_early_plaintext_alert() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
// Perform the start of a TLS 1.3 handshake, sending a client hello to the server.
|
||||
// The client will not have written a CCS or any encrypted messages to the server yet.
|
||||
|
|
@ -785,7 +785,7 @@ fn test_tls13_valid_early_plaintext_alert() {
|
|||
|
||||
#[test]
|
||||
fn test_tls13_too_short_early_plaintext_alert() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
// Perform the start of a TLS 1.3 handshake, sending a client hello to the server.
|
||||
// The client will not have written a CCS or any encrypted messages to the server yet.
|
||||
|
|
@ -808,7 +808,7 @@ fn test_tls13_too_short_early_plaintext_alert() {
|
|||
|
||||
#[test]
|
||||
fn test_tls13_late_plaintext_alert() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
// Complete a bi-directional TLS1.3 handshake. After this point no plaintext messages
|
||||
// should occur.
|
||||
|
|
@ -1085,7 +1085,7 @@ fn check_sigalgs_reduced_by_ciphersuite(
|
|||
#[test]
|
||||
fn server_cert_resolve_reduces_sigalgs_for_rsa_ciphersuite() {
|
||||
check_sigalgs_reduced_by_ciphersuite(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
vec![
|
||||
SignatureScheme::RSA_PSS_SHA512,
|
||||
|
|
@ -1365,8 +1365,8 @@ fn client_check_server_certificate_helper_api() {
|
|||
let chain = kt.get_chain();
|
||||
let correct_roots = get_client_root_store(*kt);
|
||||
let incorrect_roots = get_client_root_store(match kt {
|
||||
KeyType::Rsa => KeyType::EcdsaP256,
|
||||
_ => KeyType::Rsa,
|
||||
KeyType::Rsa2048 => KeyType::EcdsaP256,
|
||||
_ => KeyType::Rsa2048,
|
||||
});
|
||||
// Using the correct trust anchors, we should verify without error.
|
||||
assert!(verify_server_cert_signed_by_trust_anchor(
|
||||
|
|
@ -1713,7 +1713,7 @@ fn client_optional_auth_client_revocation_works() {
|
|||
|
||||
#[test]
|
||||
fn client_error_is_sticky() {
|
||||
let (mut client, _) = make_pair(KeyType::Rsa);
|
||||
let (mut client, _) = make_pair(KeyType::Rsa2048);
|
||||
client
|
||||
.read_tls(&mut b"\x16\x03\x03\x00\x08\x0f\x00\x00\x04junk".as_ref())
|
||||
.unwrap();
|
||||
|
|
@ -1725,7 +1725,7 @@ fn client_error_is_sticky() {
|
|||
|
||||
#[test]
|
||||
fn server_error_is_sticky() {
|
||||
let (_, mut server) = make_pair(KeyType::Rsa);
|
||||
let (_, mut server) = make_pair(KeyType::Rsa2048);
|
||||
server
|
||||
.read_tls(&mut b"\x16\x03\x03\x00\x08\x0f\x00\x00\x04junk".as_ref())
|
||||
.unwrap();
|
||||
|
|
@ -1737,20 +1737,20 @@ fn server_error_is_sticky() {
|
|||
|
||||
#[test]
|
||||
fn server_flush_does_nothing() {
|
||||
let (_, mut server) = make_pair(KeyType::Rsa);
|
||||
let (_, mut server) = make_pair(KeyType::Rsa2048);
|
||||
assert!(matches!(server.writer().flush(), Ok(())));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn client_flush_does_nothing() {
|
||||
let (mut client, _) = make_pair(KeyType::Rsa);
|
||||
let (mut client, _) = make_pair(KeyType::Rsa2048);
|
||||
assert!(matches!(client.writer().flush(), Ok(())));
|
||||
}
|
||||
|
||||
#[allow(clippy::no_effect)]
|
||||
#[test]
|
||||
fn server_is_send_and_sync() {
|
||||
let (_, server) = make_pair(KeyType::Rsa);
|
||||
let (_, server) = make_pair(KeyType::Rsa2048);
|
||||
&server as &dyn Send;
|
||||
&server as &dyn Sync;
|
||||
}
|
||||
|
|
@ -1758,14 +1758,14 @@ fn server_is_send_and_sync() {
|
|||
#[allow(clippy::no_effect)]
|
||||
#[test]
|
||||
fn client_is_send_and_sync() {
|
||||
let (client, _) = make_pair(KeyType::Rsa);
|
||||
let (client, _) = make_pair(KeyType::Rsa2048);
|
||||
&client as &dyn Send;
|
||||
&client as &dyn Sync;
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn server_respects_buffer_limit_pre_handshake() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
server.set_buffer_limit(Some(32));
|
||||
|
||||
|
|
@ -1793,7 +1793,7 @@ fn server_respects_buffer_limit_pre_handshake() {
|
|||
|
||||
#[test]
|
||||
fn server_respects_buffer_limit_pre_handshake_with_vectored_write() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
server.set_buffer_limit(Some(32));
|
||||
|
||||
|
|
@ -1817,7 +1817,7 @@ fn server_respects_buffer_limit_pre_handshake_with_vectored_write() {
|
|||
|
||||
#[test]
|
||||
fn server_respects_buffer_limit_post_handshake() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
// this test will vary in behaviour depending on the default suites
|
||||
do_handshake(&mut client, &mut server);
|
||||
|
|
@ -1846,7 +1846,7 @@ fn server_respects_buffer_limit_post_handshake() {
|
|||
|
||||
#[test]
|
||||
fn client_respects_buffer_limit_pre_handshake() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
client.set_buffer_limit(Some(32));
|
||||
|
||||
|
|
@ -1874,7 +1874,7 @@ fn client_respects_buffer_limit_pre_handshake() {
|
|||
|
||||
#[test]
|
||||
fn client_respects_buffer_limit_pre_handshake_with_vectored_write() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
client.set_buffer_limit(Some(32));
|
||||
|
||||
|
|
@ -1898,7 +1898,7 @@ fn client_respects_buffer_limit_pre_handshake_with_vectored_write() {
|
|||
|
||||
#[test]
|
||||
fn client_respects_buffer_limit_post_handshake() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
do_handshake(&mut client, &mut server);
|
||||
client.set_buffer_limit(Some(48));
|
||||
|
|
@ -2049,21 +2049,21 @@ where
|
|||
|
||||
#[test]
|
||||
fn server_read_returns_wouldblock_when_no_data() {
|
||||
let (_, mut server) = make_pair(KeyType::Rsa);
|
||||
let (_, mut server) = make_pair(KeyType::Rsa2048);
|
||||
assert!(matches!(server.reader().read(&mut [0u8; 1]),
|
||||
Err(err) if err.kind() == io::ErrorKind::WouldBlock));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn client_read_returns_wouldblock_when_no_data() {
|
||||
let (mut client, _) = make_pair(KeyType::Rsa);
|
||||
let (mut client, _) = make_pair(KeyType::Rsa2048);
|
||||
assert!(matches!(client.reader().read(&mut [0u8; 1]),
|
||||
Err(err) if err.kind() == io::ErrorKind::WouldBlock));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn new_server_returns_initial_io_state() {
|
||||
let (_, mut server) = make_pair(KeyType::Rsa);
|
||||
let (_, mut server) = make_pair(KeyType::Rsa2048);
|
||||
let io_state = server.process_new_packets().unwrap();
|
||||
println!("IoState is Debug {:?}", io_state);
|
||||
assert_eq!(io_state.plaintext_bytes_to_read(), 0);
|
||||
|
|
@ -2073,7 +2073,7 @@ fn new_server_returns_initial_io_state() {
|
|||
|
||||
#[test]
|
||||
fn new_client_returns_initial_io_state() {
|
||||
let (mut client, _) = make_pair(KeyType::Rsa);
|
||||
let (mut client, _) = make_pair(KeyType::Rsa2048);
|
||||
let io_state = client.process_new_packets().unwrap();
|
||||
println!("IoState is Debug {:?}", io_state);
|
||||
assert_eq!(io_state.plaintext_bytes_to_read(), 0);
|
||||
|
|
@ -2083,7 +2083,7 @@ fn new_client_returns_initial_io_state() {
|
|||
|
||||
#[test]
|
||||
fn client_complete_io_for_handshake() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
assert!(client.is_handshaking());
|
||||
let (rdlen, wrlen) = client
|
||||
|
|
@ -2096,7 +2096,7 @@ fn client_complete_io_for_handshake() {
|
|||
|
||||
#[test]
|
||||
fn buffered_client_complete_io_for_handshake() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
assert!(client.is_handshaking());
|
||||
let (rdlen, wrlen) = client
|
||||
|
|
@ -2109,7 +2109,7 @@ fn buffered_client_complete_io_for_handshake() {
|
|||
|
||||
#[test]
|
||||
fn client_complete_io_for_handshake_eof() {
|
||||
let (mut client, _) = make_pair(KeyType::Rsa);
|
||||
let (mut client, _) = make_pair(KeyType::Rsa2048);
|
||||
let mut input = io::Cursor::new(Vec::new());
|
||||
|
||||
assert!(client.is_handshaking());
|
||||
|
|
@ -2215,7 +2215,7 @@ fn server_complete_io_for_handshake() {
|
|||
|
||||
#[test]
|
||||
fn server_complete_io_for_handshake_eof() {
|
||||
let (_, mut server) = make_pair(KeyType::Rsa);
|
||||
let (_, mut server) = make_pair(KeyType::Rsa2048);
|
||||
let mut input = io::Cursor::new(Vec::new());
|
||||
|
||||
assert!(server.is_handshaking());
|
||||
|
|
@ -2409,7 +2409,7 @@ fn test_server_stream_read(stream_kind: StreamKind, read_kind: ReadKind) {
|
|||
|
||||
#[test]
|
||||
fn test_client_write_and_vectored_write_equivalence() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
do_handshake(&mut client, &mut server);
|
||||
|
||||
const N: usize = 1000;
|
||||
|
|
@ -2464,7 +2464,7 @@ impl io::Write for FailsWrites {
|
|||
|
||||
#[test]
|
||||
fn stream_write_reports_underlying_io_error_before_plaintext_processed() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
do_handshake(&mut client, &mut server);
|
||||
|
||||
let mut pipe = FailsWrites {
|
||||
|
|
@ -2484,7 +2484,7 @@ fn stream_write_reports_underlying_io_error_before_plaintext_processed() {
|
|||
|
||||
#[test]
|
||||
fn stream_write_swallows_underlying_io_error_after_plaintext_processed() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
do_handshake(&mut client, &mut server);
|
||||
|
||||
let mut pipe = FailsWrites {
|
||||
|
|
@ -2501,7 +2501,7 @@ fn stream_write_swallows_underlying_io_error_after_plaintext_processed() {
|
|||
}
|
||||
|
||||
fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let client_provider = CryptoProvider {
|
||||
cipher_suites: vec![cipher_suite::TLS13_CHACHA20_POLY1305_SHA256],
|
||||
..provider::default_provider()
|
||||
|
|
@ -2619,23 +2619,23 @@ fn server_streamowned_handshake_error() {
|
|||
|
||||
#[test]
|
||||
fn server_config_is_clone() {
|
||||
let _ = make_server_config(KeyType::Rsa);
|
||||
let _ = make_server_config(KeyType::Rsa2048);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn client_config_is_clone() {
|
||||
let _ = make_client_config(KeyType::Rsa);
|
||||
let _ = make_client_config(KeyType::Rsa2048);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn client_connection_is_debug() {
|
||||
let (client, _) = make_pair(KeyType::Rsa);
|
||||
let (client, _) = make_pair(KeyType::Rsa2048);
|
||||
println!("{:?}", client);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn server_connection_is_debug() {
|
||||
let (_, server) = make_pair(KeyType::Rsa);
|
||||
let (_, server) = make_pair(KeyType::Rsa2048);
|
||||
println!("{:?}", server);
|
||||
}
|
||||
|
||||
|
|
@ -2659,7 +2659,7 @@ fn server_complete_io_for_handshake_ending_with_alert() {
|
|||
|
||||
#[test]
|
||||
fn server_exposes_offered_sni() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
let client_config = make_client_config_with_versions(kt, &[version]);
|
||||
let mut client = ClientConnection::new(
|
||||
|
|
@ -2678,7 +2678,7 @@ fn server_exposes_offered_sni() {
|
|||
#[test]
|
||||
fn server_exposes_offered_sni_smashed_to_lowercase() {
|
||||
// webpki actually does this for us in its DnsName type
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
let client_config = make_client_config_with_versions(kt, &[version]);
|
||||
let mut client = ClientConnection::new(
|
||||
|
|
@ -2696,7 +2696,7 @@ fn server_exposes_offered_sni_smashed_to_lowercase() {
|
|||
|
||||
#[test]
|
||||
fn server_exposes_offered_sni_even_if_resolver_fails() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let resolver = rustls::server::ResolvesServerCertUsingSni::new();
|
||||
|
||||
let mut server_config = make_server_config(kt);
|
||||
|
|
@ -2724,7 +2724,7 @@ fn server_exposes_offered_sni_even_if_resolver_fails() {
|
|||
|
||||
#[test]
|
||||
fn sni_resolver_works() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let mut resolver = rustls::server::ResolvesServerCertUsingSni::new();
|
||||
let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap();
|
||||
let signing_key: Arc<dyn sign::SigningKey> = Arc::new(signing_key);
|
||||
|
|
@ -2762,7 +2762,7 @@ fn sni_resolver_works() {
|
|||
|
||||
#[test]
|
||||
fn sni_resolver_rejects_wrong_names() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let mut resolver = rustls::server::ResolvesServerCertUsingSni::new();
|
||||
let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap();
|
||||
let signing_key: Arc<dyn sign::SigningKey> = Arc::new(signing_key);
|
||||
|
|
@ -2792,7 +2792,7 @@ fn sni_resolver_rejects_wrong_names() {
|
|||
|
||||
#[test]
|
||||
fn sni_resolver_lower_cases_configured_names() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let mut resolver = rustls::server::ResolvesServerCertUsingSni::new();
|
||||
let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap();
|
||||
let signing_key: Arc<dyn sign::SigningKey> = Arc::new(signing_key);
|
||||
|
|
@ -2819,7 +2819,7 @@ fn sni_resolver_lower_cases_configured_names() {
|
|||
#[test]
|
||||
fn sni_resolver_lower_cases_queried_names() {
|
||||
// actually, the handshake parser does this, but the effect is the same.
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let mut resolver = rustls::server::ResolvesServerCertUsingSni::new();
|
||||
let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap();
|
||||
let signing_key: Arc<dyn sign::SigningKey> = Arc::new(signing_key);
|
||||
|
|
@ -2845,7 +2845,7 @@ fn sni_resolver_lower_cases_queried_names() {
|
|||
|
||||
#[test]
|
||||
fn sni_resolver_rejects_bad_certs() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let mut resolver = rustls::server::ResolvesServerCertUsingSni::new();
|
||||
let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap();
|
||||
let signing_key: Arc<dyn sign::SigningKey> = Arc::new(signing_key);
|
||||
|
|
@ -3010,12 +3010,12 @@ fn test_ciphersuites() -> Vec<(
|
|||
let mut v = vec![
|
||||
(
|
||||
&rustls::version::TLS13,
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS13_AES_256_GCM_SHA384,
|
||||
),
|
||||
(
|
||||
&rustls::version::TLS13,
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS13_AES_128_GCM_SHA256,
|
||||
),
|
||||
#[cfg(feature = "tls12")]
|
||||
|
|
@ -3033,13 +3033,13 @@ fn test_ciphersuites() -> Vec<(
|
|||
#[cfg(feature = "tls12")]
|
||||
(
|
||||
&rustls::version::TLS12,
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
),
|
||||
#[cfg(feature = "tls12")]
|
||||
(
|
||||
&rustls::version::TLS12,
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
),
|
||||
];
|
||||
|
|
@ -3048,7 +3048,7 @@ fn test_ciphersuites() -> Vec<(
|
|||
v.extend_from_slice(&[
|
||||
(
|
||||
&rustls::version::TLS13,
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
|
||||
),
|
||||
#[cfg(feature = "tls12")]
|
||||
|
|
@ -3060,7 +3060,7 @@ fn test_ciphersuites() -> Vec<(
|
|||
#[cfg(feature = "tls12")]
|
||||
(
|
||||
&rustls::version::TLS12,
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
),
|
||||
]);
|
||||
|
|
@ -3217,7 +3217,7 @@ fn key_log_for_tls12() {
|
|||
let client_key_log = Arc::new(KeyLogToVec::new("client"));
|
||||
let server_key_log = Arc::new(KeyLogToVec::new("server"));
|
||||
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let mut client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS12]);
|
||||
client_config.key_log = client_key_log.clone();
|
||||
let client_config = Arc::new(client_config);
|
||||
|
|
@ -3253,7 +3253,7 @@ fn key_log_for_tls13() {
|
|||
let client_key_log = Arc::new(KeyLogToVec::new("client"));
|
||||
let server_key_log = Arc::new(KeyLogToVec::new("server"));
|
||||
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let mut client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]);
|
||||
client_config.key_log = client_key_log.clone();
|
||||
let client_config = Arc::new(client_config);
|
||||
|
|
@ -3325,7 +3325,7 @@ fn key_log_for_tls13() {
|
|||
|
||||
#[test]
|
||||
fn vectored_write_for_server_appdata() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
do_handshake(&mut client, &mut server);
|
||||
|
||||
server
|
||||
|
|
@ -3350,7 +3350,7 @@ fn vectored_write_for_server_appdata() {
|
|||
|
||||
#[test]
|
||||
fn vectored_write_for_client_appdata() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
do_handshake(&mut client, &mut server);
|
||||
|
||||
client
|
||||
|
|
@ -3375,10 +3375,10 @@ fn vectored_write_for_client_appdata() {
|
|||
|
||||
#[test]
|
||||
fn vectored_write_for_server_handshake_with_half_rtt_data() {
|
||||
let mut server_config = make_server_config(KeyType::Rsa);
|
||||
let mut server_config = make_server_config(KeyType::Rsa2048);
|
||||
server_config.send_half_rtt_data = true;
|
||||
let (mut client, mut server) =
|
||||
make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa), server_config);
|
||||
make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa2048), server_config);
|
||||
|
||||
server
|
||||
.writer()
|
||||
|
|
@ -3418,7 +3418,7 @@ fn vectored_write_for_server_handshake_with_half_rtt_data() {
|
|||
|
||||
fn check_half_rtt_does_not_work(server_config: ServerConfig) {
|
||||
let (mut client, mut server) =
|
||||
make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa), server_config);
|
||||
make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa2048), server_config);
|
||||
|
||||
server
|
||||
.writer()
|
||||
|
|
@ -3462,21 +3462,21 @@ fn check_half_rtt_does_not_work(server_config: ServerConfig) {
|
|||
|
||||
#[test]
|
||||
fn vectored_write_for_server_handshake_no_half_rtt_with_client_auth() {
|
||||
let mut server_config = make_server_config_with_mandatory_client_auth(KeyType::Rsa);
|
||||
let mut server_config = make_server_config_with_mandatory_client_auth(KeyType::Rsa2048);
|
||||
server_config.send_half_rtt_data = true; // ask even though it will be ignored
|
||||
check_half_rtt_does_not_work(server_config);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn vectored_write_for_server_handshake_no_half_rtt_by_default() {
|
||||
let server_config = make_server_config(KeyType::Rsa);
|
||||
let server_config = make_server_config(KeyType::Rsa2048);
|
||||
assert!(!server_config.send_half_rtt_data);
|
||||
check_half_rtt_does_not_work(server_config);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn vectored_write_for_client_handshake() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
client
|
||||
.writer()
|
||||
|
|
@ -3513,7 +3513,7 @@ fn vectored_write_for_client_handshake() {
|
|||
|
||||
#[test]
|
||||
fn vectored_write_with_slow_client() {
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
|
||||
client.set_buffer_limit(Some(32));
|
||||
|
||||
|
|
@ -3734,7 +3734,7 @@ impl rustls::client::ClientSessionStore for ClientStorage {
|
|||
|
||||
#[test]
|
||||
fn tls13_stateful_resumption() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]);
|
||||
let client_config = Arc::new(client_config);
|
||||
|
||||
|
|
@ -3789,7 +3789,7 @@ fn tls13_stateful_resumption() {
|
|||
|
||||
#[test]
|
||||
fn tls13_stateless_resumption() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]);
|
||||
let client_config = Arc::new(client_config);
|
||||
|
||||
|
|
@ -3845,12 +3845,12 @@ fn tls13_stateless_resumption() {
|
|||
|
||||
#[test]
|
||||
fn early_data_not_available() {
|
||||
let (mut client, _) = make_pair(KeyType::Rsa);
|
||||
let (mut client, _) = make_pair(KeyType::Rsa2048);
|
||||
assert!(client.early_data().is_none());
|
||||
}
|
||||
|
||||
fn early_data_configs() -> (Arc<ClientConfig>, Arc<ServerConfig>) {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let mut client_config = make_client_config(kt);
|
||||
client_config.enable_early_data = true;
|
||||
client_config.resumption = Resumption::store(Arc::new(ClientStorage::new()));
|
||||
|
|
@ -3905,7 +3905,7 @@ fn early_data_is_available_on_resumption() {
|
|||
|
||||
#[test]
|
||||
fn early_data_not_available_on_server_before_client_hello() {
|
||||
let mut server = ServerConnection::new(Arc::new(make_server_config(KeyType::Rsa))).unwrap();
|
||||
let mut server = ServerConnection::new(Arc::new(make_server_config(KeyType::Rsa2048))).unwrap();
|
||||
assert!(server.early_data().is_none());
|
||||
}
|
||||
|
||||
|
|
@ -4004,7 +4004,7 @@ mod test_quic {
|
|||
&& equal_packet_keys(x.remote.packet.as_ref(), y.local.packet.as_ref())
|
||||
}
|
||||
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let mut client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]);
|
||||
client_config.enable_early_data = true;
|
||||
let client_config = Arc::new(client_config);
|
||||
|
|
@ -4627,7 +4627,7 @@ mod test_quic {
|
|||
fn test_fragmented_append() {
|
||||
// Create a QUIC client connection.
|
||||
let client_config =
|
||||
make_client_config_with_versions(KeyType::Rsa, &[&rustls::version::TLS13]);
|
||||
make_client_config_with_versions(KeyType::Rsa2048, &[&rustls::version::TLS13]);
|
||||
let client_config = Arc::new(client_config);
|
||||
let mut client = quic::ClientConnection::new(
|
||||
Arc::clone(&client_config),
|
||||
|
|
@ -4702,8 +4702,8 @@ fn test_client_does_not_offer_sha1() {
|
|||
#[test]
|
||||
fn test_client_config_keyshare() {
|
||||
let kx_groups = vec![provider::kx_group::SECP384R1];
|
||||
let client_config = make_client_config_with_kx_groups(KeyType::Rsa, kx_groups.clone());
|
||||
let server_config = make_server_config_with_kx_groups(KeyType::Rsa, kx_groups);
|
||||
let client_config = make_client_config_with_kx_groups(KeyType::Rsa2048, kx_groups.clone());
|
||||
let server_config = make_server_config_with_kx_groups(KeyType::Rsa2048, kx_groups);
|
||||
let (mut client, mut server) = make_pair_for_configs(client_config, server_config);
|
||||
do_handshake_until_error(&mut client, &mut server).unwrap();
|
||||
}
|
||||
|
|
@ -4711,9 +4711,9 @@ fn test_client_config_keyshare() {
|
|||
#[test]
|
||||
fn test_client_config_keyshare_mismatch() {
|
||||
let client_config =
|
||||
make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::SECP384R1]);
|
||||
make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::SECP384R1]);
|
||||
let server_config =
|
||||
make_server_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]);
|
||||
make_server_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]);
|
||||
let (mut client, mut server) = make_pair_for_configs(client_config, server_config);
|
||||
assert!(do_handshake_until_error(&mut client, &mut server).is_err());
|
||||
}
|
||||
|
|
@ -4723,7 +4723,7 @@ fn test_client_config_keyshare_mismatch() {
|
|||
fn test_client_sends_helloretryrequest() {
|
||||
// client sends a secp384r1 key share
|
||||
let mut client_config = make_client_config_with_kx_groups(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
vec![provider::kx_group::SECP384R1, provider::kx_group::X25519],
|
||||
);
|
||||
|
||||
|
|
@ -4732,7 +4732,7 @@ fn test_client_sends_helloretryrequest() {
|
|||
|
||||
// but server only accepts x25519, so a HRR is required
|
||||
let server_config =
|
||||
make_server_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]);
|
||||
make_server_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]);
|
||||
|
||||
let (mut client, mut server) = make_pair_for_configs(client_config, server_config);
|
||||
|
||||
|
|
@ -4861,12 +4861,12 @@ fn test_client_rejects_hrr_with_varied_session_id() {
|
|||
|
||||
// client prefers a secp384r1 key share, server only accepts x25519
|
||||
let client_config = make_client_config_with_kx_groups(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
vec![provider::kx_group::SECP384R1, provider::kx_group::X25519],
|
||||
);
|
||||
|
||||
let server_config =
|
||||
make_server_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]);
|
||||
make_server_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]);
|
||||
|
||||
let (client, server) = make_pair_for_configs(client_config, server_config);
|
||||
let (mut client, mut server) = (client.into(), server.into());
|
||||
|
|
@ -4898,16 +4898,16 @@ fn test_client_attempts_to_use_unsupported_kx_group() {
|
|||
// first, client sends a x25519 and server agrees. x25519 is inserted
|
||||
// into kx group cache.
|
||||
let mut client_config_1 =
|
||||
make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]);
|
||||
make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]);
|
||||
client_config_1.resumption = Resumption::store(shared_storage.clone());
|
||||
|
||||
// second, client only supports secp-384 and so kx group cache
|
||||
// contains an unusable value.
|
||||
let mut client_config_2 =
|
||||
make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::SECP384R1]);
|
||||
make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::SECP384R1]);
|
||||
client_config_2.resumption = Resumption::store(shared_storage.clone());
|
||||
|
||||
let server_config = make_server_config(KeyType::Rsa);
|
||||
let server_config = make_server_config(KeyType::Rsa2048);
|
||||
|
||||
// first handshake
|
||||
let (mut client_1, mut server) = make_pair_for_configs(client_config_1, server_config.clone());
|
||||
|
|
@ -4951,18 +4951,18 @@ fn test_client_sends_share_for_less_preferred_group() {
|
|||
// first, client sends a secp384r1 share and server agrees. secp384r1 is inserted
|
||||
// into kx group cache.
|
||||
let mut client_config_1 =
|
||||
make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::SECP384R1]);
|
||||
make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::SECP384R1]);
|
||||
client_config_1.resumption = Resumption::store(shared_storage.clone());
|
||||
|
||||
// second, client supports (x25519, secp384r1) and so kx group cache
|
||||
// contains a supported but less-preferred group.
|
||||
let mut client_config_2 = make_client_config_with_kx_groups(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
vec![provider::kx_group::X25519, provider::kx_group::SECP384R1],
|
||||
);
|
||||
client_config_2.resumption = Resumption::store(shared_storage.clone());
|
||||
|
||||
let server_config = make_server_config(KeyType::Rsa);
|
||||
let server_config = make_server_config(KeyType::Rsa2048);
|
||||
|
||||
// first handshake
|
||||
let (mut client_1, mut server) = make_pair_for_configs(client_config_1, server_config.clone());
|
||||
|
|
@ -5030,11 +5030,11 @@ fn test_client_sends_share_for_less_preferred_group() {
|
|||
fn test_tls13_client_resumption_does_not_reuse_tickets() {
|
||||
let shared_storage = Arc::new(ClientStorage::new());
|
||||
|
||||
let mut client_config = make_client_config(KeyType::Rsa);
|
||||
let mut client_config = make_client_config(KeyType::Rsa2048);
|
||||
client_config.resumption = Resumption::store(shared_storage.clone());
|
||||
let client_config = Arc::new(client_config);
|
||||
|
||||
let mut server_config = make_server_config(KeyType::Rsa);
|
||||
let mut server_config = make_server_config(KeyType::Rsa2048);
|
||||
server_config.send_tls13_tickets = 5;
|
||||
let server_config = Arc::new(server_config);
|
||||
|
||||
|
|
@ -5126,11 +5126,11 @@ fn test_client_mtu_reduction() {
|
|||
|
||||
#[test]
|
||||
fn test_server_mtu_reduction() {
|
||||
let mut server_config = make_server_config(KeyType::Rsa);
|
||||
let mut server_config = make_server_config(KeyType::Rsa2048);
|
||||
server_config.max_fragment_size = Some(64);
|
||||
server_config.send_half_rtt_data = true;
|
||||
let (mut client, mut server) =
|
||||
make_pair_for_configs(make_client_config(KeyType::Rsa), server_config);
|
||||
make_pair_for_configs(make_client_config(KeyType::Rsa2048), server_config);
|
||||
|
||||
let big_data = [0u8; 2048];
|
||||
server
|
||||
|
|
@ -5253,7 +5253,7 @@ fn test_server_rejects_duplicate_sni_names() {
|
|||
)
|
||||
}
|
||||
|
||||
let (client, server) = make_pair(KeyType::Rsa);
|
||||
let (client, server) = make_pair(KeyType::Rsa2048);
|
||||
let (mut client, mut server) = (client.into(), server.into());
|
||||
transfer_altered(&mut client, duplicate_sni_payload, &mut server);
|
||||
assert_eq!(
|
||||
|
|
@ -5274,7 +5274,7 @@ fn test_server_rejects_empty_sni_extension() {
|
|||
)
|
||||
}
|
||||
|
||||
let (client, server) = make_pair(KeyType::Rsa);
|
||||
let (client, server) = make_pair(KeyType::Rsa2048);
|
||||
let (mut client, mut server) = (client.into(), server.into());
|
||||
transfer_altered(&mut client, empty_sni_payload, &mut server);
|
||||
assert_eq!(
|
||||
|
|
@ -5305,7 +5305,7 @@ fn test_server_rejects_clients_without_any_kx_groups() {
|
|||
Altered::InPlace
|
||||
}
|
||||
|
||||
let (client, server) = make_pair(KeyType::Rsa);
|
||||
let (client, server) = make_pair(KeyType::Rsa2048);
|
||||
let (mut client, mut server) = (client.into(), server.into());
|
||||
transfer_altered(&mut client, delete_kx_groups, &mut server);
|
||||
assert_eq!(
|
||||
|
|
@ -5320,9 +5320,9 @@ fn test_server_rejects_clients_without_any_kx_groups() {
|
|||
fn test_server_rejects_clients_without_any_kx_group_overlap() {
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
let (mut client, mut server) = make_pair_for_configs(
|
||||
make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]),
|
||||
make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]),
|
||||
finish_server_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
ServerConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
kx_groups: vec![provider::kx_group::SECP384R1],
|
||||
|
|
@ -5359,7 +5359,7 @@ fn test_client_rejects_illegal_tls13_ccs() {
|
|||
Altered::InPlace
|
||||
}
|
||||
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa);
|
||||
let (mut client, mut server) = make_pair(KeyType::Rsa2048);
|
||||
transfer(&mut client, &mut server);
|
||||
server.process_new_packets().unwrap();
|
||||
|
||||
|
|
@ -5377,7 +5377,7 @@ fn test_client_rejects_illegal_tls13_ccs() {
|
|||
#[cfg(feature = "tls12")]
|
||||
#[test]
|
||||
fn test_client_rejects_no_extended_master_secret_extension_when_require_ems_or_fips() {
|
||||
let key_type = KeyType::Rsa;
|
||||
let key_type = KeyType::Rsa2048;
|
||||
let mut client_config = make_client_config(key_type);
|
||||
if provider_is_fips() {
|
||||
assert!(client_config.require_ems);
|
||||
|
|
@ -5405,7 +5405,7 @@ fn test_client_rejects_no_extended_master_secret_extension_when_require_ems_or_f
|
|||
#[cfg(feature = "tls12")]
|
||||
#[test]
|
||||
fn test_server_rejects_no_extended_master_secret_extension_when_require_ems_or_fips() {
|
||||
let key_type = KeyType::Rsa;
|
||||
let key_type = KeyType::Rsa2048;
|
||||
let client_config = make_client_config(key_type);
|
||||
let mut server_config = finish_server_config(
|
||||
key_type,
|
||||
|
|
@ -5718,7 +5718,7 @@ fn test_secret_extraction_enabled() {
|
|||
// and secrets are stored/extracted differently, so we want to test them both.
|
||||
// We support 3 different AEAD algorithms (AES-128-GCM mode, AES-256-GCM, and
|
||||
// Chacha20Poly1305), so that's 2*3 = 6 combinations to test.
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
for suite in [
|
||||
cipher_suite::TLS13_AES_128_GCM_SHA256,
|
||||
cipher_suite::TLS13_AES_256_GCM_SHA384,
|
||||
|
|
@ -5795,7 +5795,7 @@ fn test_secret_extraction_enabled() {
|
|||
#[test]
|
||||
fn test_secret_extract_produces_correct_variant() {
|
||||
fn check(suite: SupportedCipherSuite, f: impl Fn(ConnectionTrafficSecrets) -> bool) {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
|
||||
let provider: Arc<CryptoProvider> = CryptoProvider {
|
||||
cipher_suites: vec![suite],
|
||||
|
|
@ -5866,7 +5866,7 @@ fn test_secret_extract_produces_correct_variant() {
|
|||
#[cfg(feature = "tls12")]
|
||||
#[test]
|
||||
fn test_secret_extraction_disabled_or_too_early() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
let provider = Arc::new(CryptoProvider {
|
||||
cipher_suites: vec![cipher_suite::TLS13_AES_128_GCM_SHA256],
|
||||
..provider::default_provider()
|
||||
|
|
@ -5923,7 +5923,7 @@ fn test_secret_extraction_disabled_or_too_early() {
|
|||
|
||||
#[test]
|
||||
fn test_received_plaintext_backpressure() {
|
||||
let kt = KeyType::Rsa;
|
||||
let kt = KeyType::Rsa2048;
|
||||
|
||||
let server_config = Arc::new(
|
||||
ServerConfig::builder_with_provider(
|
||||
|
|
@ -6019,7 +6019,7 @@ fn test_debug_server_name_from_string() {
|
|||
#[test]
|
||||
fn test_explicit_provider_selection() {
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(
|
||||
rustls::crypto::ring::default_provider().into(),
|
||||
)
|
||||
|
|
@ -6027,7 +6027,7 @@ fn test_explicit_provider_selection() {
|
|||
.unwrap(),
|
||||
);
|
||||
let server_config = finish_server_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ServerConfig::builder_with_provider(
|
||||
rustls::crypto::aws_lc_rs::default_provider().into(),
|
||||
)
|
||||
|
|
@ -6073,7 +6073,7 @@ fn test_client_construction_fails_if_random_source_fails_in_first_request() {
|
|||
};
|
||||
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
secure_random: &FAULTY_RANDOM,
|
||||
|
|
@ -6098,7 +6098,7 @@ fn test_client_construction_fails_if_random_source_fails_in_second_request() {
|
|||
};
|
||||
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
secure_random: &FAULTY_RANDOM,
|
||||
|
|
@ -6126,7 +6126,7 @@ fn test_client_construction_requires_66_bytes_of_random_material() {
|
|||
};
|
||||
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
secure_random: &FAULTY_RANDOM,
|
||||
|
|
@ -6163,11 +6163,11 @@ fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message
|
|||
}
|
||||
|
||||
let mut client_config =
|
||||
make_client_config_with_versions(KeyType::Rsa, &[&rustls::version::TLS12]);
|
||||
make_client_config_with_versions(KeyType::Rsa2048, &[&rustls::version::TLS12]);
|
||||
let storage = Arc::new(ClientStorage::new());
|
||||
client_config.resumption = Resumption::store(storage.clone());
|
||||
let client_config = Arc::new(client_config);
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa));
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa2048));
|
||||
|
||||
// successful handshake to allow resumption
|
||||
let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config);
|
||||
|
|
@ -6202,12 +6202,12 @@ fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message
|
|||
|
||||
#[test]
|
||||
fn test_client_fips_service_indicator() {
|
||||
assert_eq!(make_client_config(KeyType::Rsa).fips(), provider_is_fips());
|
||||
assert_eq!(make_client_config(KeyType::Rsa2048).fips(), provider_is_fips());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_server_fips_service_indicator() {
|
||||
assert_eq!(make_server_config(KeyType::Rsa).fips(), provider_is_fips());
|
||||
assert_eq!(make_server_config(KeyType::Rsa2048).fips(), provider_is_fips());
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
|
@ -6216,7 +6216,7 @@ fn test_client_fips_service_indicator_includes_require_ems() {
|
|||
return;
|
||||
}
|
||||
|
||||
let mut client_config = make_client_config(KeyType::Rsa);
|
||||
let mut client_config = make_client_config(KeyType::Rsa2048);
|
||||
assert!(client_config.fips());
|
||||
client_config.require_ems = false;
|
||||
assert!(!client_config.fips());
|
||||
|
|
@ -6228,7 +6228,7 @@ fn test_server_fips_service_indicator_includes_require_ems() {
|
|||
return;
|
||||
}
|
||||
|
||||
let mut server_config = make_server_config(KeyType::Rsa);
|
||||
let mut server_config = make_server_config(KeyType::Rsa2048);
|
||||
assert!(server_config.fips());
|
||||
server_config.require_ems = false;
|
||||
assert!(!server_config.fips());
|
||||
|
|
|
|||
|
|
@ -53,13 +53,13 @@ fn ffdhe_ciphersuite() {
|
|||
|
||||
for (expected_protocol, expected_cipher_suite) in test_cases {
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into())
|
||||
.with_protocol_versions(&[expected_protocol])
|
||||
.unwrap(),
|
||||
);
|
||||
let server_config = finish_server_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into())
|
||||
.with_safe_default_protocol_versions()
|
||||
.unwrap(),
|
||||
|
|
@ -90,13 +90,13 @@ fn server_picks_ffdhe_group_when_clienthello_has_no_ffdhe_group_in_groups_ext()
|
|||
}
|
||||
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into())
|
||||
.with_protocol_versions(&[&rustls::version::TLS12])
|
||||
.unwrap(),
|
||||
);
|
||||
let server_config = finish_server_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into())
|
||||
.with_protocol_versions(&[&rustls::version::TLS12])
|
||||
.unwrap(),
|
||||
|
|
@ -122,13 +122,13 @@ fn server_picks_ffdhe_group_when_clienthello_has_no_groups_ext() {
|
|||
}
|
||||
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into())
|
||||
.with_protocol_versions(&[&rustls::version::TLS12])
|
||||
.unwrap(),
|
||||
);
|
||||
let server_config = finish_server_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into())
|
||||
.with_safe_default_protocol_versions()
|
||||
.unwrap(),
|
||||
|
|
@ -145,7 +145,7 @@ fn server_avoids_dhe_cipher_suites_when_client_has_no_known_dhe_in_groups_ext()
|
|||
use rustls::{CipherSuite, NamedGroup};
|
||||
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
cipher_suites: vec![
|
||||
|
|
@ -165,7 +165,7 @@ fn server_avoids_dhe_cipher_suites_when_client_has_no_known_dhe_in_groups_ext()
|
|||
);
|
||||
|
||||
let server_config = finish_server_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ServerConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
cipher_suites: vec![
|
||||
|
|
@ -207,13 +207,13 @@ fn server_accepts_client_with_no_ecpoints_extension_and_only_ffdhe_cipher_suites
|
|||
}
|
||||
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into())
|
||||
.with_protocol_versions(&[&rustls::version::TLS12])
|
||||
.unwrap(),
|
||||
);
|
||||
let server_config = finish_server_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into())
|
||||
.with_safe_default_protocol_versions()
|
||||
.unwrap(),
|
||||
|
|
@ -228,7 +228,7 @@ fn server_accepts_client_with_no_ecpoints_extension_and_only_ffdhe_cipher_suites
|
|||
#[test]
|
||||
fn server_avoids_cipher_suite_with_no_common_kx_groups() {
|
||||
let server_config = finish_server_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ServerConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
cipher_suites: vec![
|
||||
|
|
@ -307,7 +307,7 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() {
|
|||
|
||||
for (client_kx_groups, protocol_version, expected_cipher_suite) in test_cases {
|
||||
let client_config = finish_client_config(
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
rustls::ClientConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
cipher_suites: vec![
|
||||
|
|
|
|||
|
|
@ -126,27 +126,27 @@ embed_files! {
|
|||
(EDDSA_INTER_KEY, "eddsa", "inter.key");
|
||||
(EDDSA_INTER_REQ, "eddsa", "inter.req");
|
||||
|
||||
(RSA_CA_CERT, "rsa", "ca.cert");
|
||||
(RSA_CA_DER, "rsa", "ca.der");
|
||||
(RSA_CA_KEY, "rsa", "ca.key");
|
||||
(RSA_CLIENT_CERT, "rsa", "client.cert");
|
||||
(RSA_CLIENT_CHAIN, "rsa", "client.chain");
|
||||
(RSA_CLIENT_FULLCHAIN, "rsa", "client.fullchain");
|
||||
(RSA_CLIENT_KEY, "rsa", "client.key");
|
||||
(RSA_CLIENT_REQ, "rsa", "client.req");
|
||||
(RSA_CLIENT_RSA, "rsa", "client.rsa");
|
||||
(RSA_END_CRL_PEM, "rsa", "end.revoked.crl.pem");
|
||||
(RSA_CLIENT_CRL_PEM, "rsa", "client.revoked.crl.pem");
|
||||
(RSA_INTERMEDIATE_CRL_PEM, "rsa", "inter.revoked.crl.pem");
|
||||
(RSA_END_CERT, "rsa", "end.cert");
|
||||
(RSA_END_CHAIN, "rsa", "end.chain");
|
||||
(RSA_END_FULLCHAIN, "rsa", "end.fullchain");
|
||||
(RSA_END_KEY, "rsa", "end.key");
|
||||
(RSA_END_REQ, "rsa", "end.req");
|
||||
(RSA_END_RSA, "rsa", "end.rsa");
|
||||
(RSA_INTER_CERT, "rsa", "inter.cert");
|
||||
(RSA_INTER_KEY, "rsa", "inter.key");
|
||||
(RSA_INTER_REQ, "rsa", "inter.req");
|
||||
(RSA_2048_CA_CERT, "rsa-2048", "ca.cert");
|
||||
(RSA_2048_CA_DER, "rsa-2048", "ca.der");
|
||||
(RSA_2048_CA_KEY, "rsa-2048", "ca.key");
|
||||
(RSA_2048_CLIENT_CERT, "rsa-2048", "client.cert");
|
||||
(RSA_2048_CLIENT_CHAIN, "rsa-2048", "client.chain");
|
||||
(RSA_2048_CLIENT_FULLCHAIN, "rsa-2048", "client.fullchain");
|
||||
(RSA_2048_CLIENT_KEY, "rsa-2048", "client.key");
|
||||
(RSA_2048_CLIENT_REQ, "rsa-2048", "client.req");
|
||||
(RSA_2048_CLIENT, "rsa-2048", "client.rsa");
|
||||
(RSA_2048_END_CRL_PEM, "rsa-2048", "end.revoked.crl.pem");
|
||||
(RSA_2048_CLIENT_CRL_PEM, "rsa-2048", "client.revoked.crl.pem");
|
||||
(RSA_2048_INTERMEDIATE_CRL_PEM, "rsa-2048", "inter.revoked.crl.pem");
|
||||
(RSA_2048_END_CERT, "rsa-2048", "end.cert");
|
||||
(RSA_2048_END_CHAIN, "rsa-2048", "end.chain");
|
||||
(RSA_2048_END_FULLCHAIN, "rsa-2048", "end.fullchain");
|
||||
(RSA_2048_END_KEY, "rsa-2048", "end.key");
|
||||
(RSA_2048_END_REQ, "rsa-2048", "end.req");
|
||||
(RSA_2048_END, "rsa-2048", "end.rsa");
|
||||
(RSA_2048_INTER_CERT, "rsa-2048", "inter.cert");
|
||||
(RSA_2048_INTER_KEY, "rsa-2048", "inter.key");
|
||||
(RSA_2048_INTER_REQ, "rsa-2048", "inter.req");
|
||||
}
|
||||
|
||||
pub fn transfer(
|
||||
|
|
@ -243,7 +243,7 @@ where
|
|||
|
||||
#[derive(Clone, Copy, Debug, PartialEq)]
|
||||
pub enum KeyType {
|
||||
Rsa,
|
||||
Rsa2048,
|
||||
EcdsaP256,
|
||||
EcdsaP384,
|
||||
EcdsaP521,
|
||||
|
|
@ -251,7 +251,7 @@ pub enum KeyType {
|
|||
}
|
||||
|
||||
pub static ALL_KEY_TYPES: &[KeyType] = &[
|
||||
KeyType::Rsa,
|
||||
KeyType::Rsa2048,
|
||||
KeyType::EcdsaP256,
|
||||
KeyType::EcdsaP384,
|
||||
#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
|
||||
|
|
@ -262,7 +262,7 @@ pub static ALL_KEY_TYPES: &[KeyType] = &[
|
|||
impl KeyType {
|
||||
fn bytes_for(&self, part: &str) -> &'static [u8] {
|
||||
match self {
|
||||
Self::Rsa => bytes_for("rsa", part),
|
||||
Self::Rsa2048 => bytes_for("rsa-2048", part),
|
||||
Self::EcdsaP256 => bytes_for("ecdsa-p256", part),
|
||||
Self::EcdsaP384 => bytes_for("ecdsa-p384", part),
|
||||
Self::EcdsaP521 => bytes_for("ecdsa-p521", part),
|
||||
|
|
@ -325,7 +325,7 @@ impl KeyType {
|
|||
|
||||
pub fn ca_distinguished_name(&self) -> &'static [u8] {
|
||||
match self {
|
||||
KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..],
|
||||
KeyType::Rsa2048 => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..],
|
||||
KeyType::EcdsaP256 => {
|
||||
&b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p256 CA"[..]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -68,11 +68,11 @@ use common::{
|
|||
#[test]
|
||||
fn exercise_key_log_file_for_client() {
|
||||
super::serialized(|| {
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa));
|
||||
let server_config = Arc::new(make_server_config(KeyType::Rsa2048));
|
||||
env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt");
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
let mut client_config = make_client_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let mut client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
client_config.key_log = Arc::new(rustls::KeyLogFile::new());
|
||||
|
||||
let (mut client, mut server) =
|
||||
|
|
@ -90,7 +90,7 @@ fn exercise_key_log_file_for_client() {
|
|||
#[test]
|
||||
fn exercise_key_log_file_for_server() {
|
||||
super::serialized(|| {
|
||||
let mut server_config = make_server_config(KeyType::Rsa);
|
||||
let mut server_config = make_server_config(KeyType::Rsa2048);
|
||||
|
||||
env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt");
|
||||
server_config.key_log = Arc::new(rustls::KeyLogFile::new());
|
||||
|
|
@ -98,7 +98,7 @@ fn exercise_key_log_file_for_server() {
|
|||
let server_config = Arc::new(server_config);
|
||||
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
let (mut client, mut server) =
|
||||
make_pair_for_arc_configs(&Arc::new(client_config), &server_config);
|
||||
|
||||
|
|
|
|||
|
|
@ -41,14 +41,14 @@ fn test_explicit_choice_required() {
|
|||
CryptoProvider::get_default().expect("provider missing");
|
||||
|
||||
// does not panic
|
||||
finish_client_config(KeyType::Rsa, ClientConfig::builder());
|
||||
finish_client_config(KeyType::Rsa2048, ClientConfig::builder());
|
||||
}
|
||||
|
||||
fn test_ring_used_as_implicit_provider() {
|
||||
assert!(CryptoProvider::get_default().is_none());
|
||||
|
||||
// implicitly installs ring provider
|
||||
finish_client_config(KeyType::Rsa, ClientConfig::builder());
|
||||
finish_client_config(KeyType::Rsa2048, ClientConfig::builder());
|
||||
|
||||
assert!(format!(
|
||||
"{:?}",
|
||||
|
|
@ -61,7 +61,7 @@ fn test_aws_lc_rs_used_as_implicit_provider() {
|
|||
assert!(CryptoProvider::get_default().is_none());
|
||||
|
||||
// implicitly installs aws-lc-rs provider
|
||||
finish_client_config(KeyType::Rsa, ClientConfig::builder());
|
||||
finish_client_config(KeyType::Rsa2048, ClientConfig::builder());
|
||||
|
||||
assert!(format!(
|
||||
"{:?}",
|
||||
|
|
|
|||
|
|
@ -111,8 +111,8 @@ fn tls13_handshake() {
|
|||
}
|
||||
|
||||
fn handshake(version: &'static rustls::SupportedProtocolVersion) -> Outcome {
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa);
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa2048);
|
||||
|
||||
run(
|
||||
Arc::new(client_config),
|
||||
|
|
@ -127,8 +127,8 @@ fn app_data_client_to_server() {
|
|||
let expected: &[_] = b"hello";
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
eprintln!("{version:?}");
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa);
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa2048);
|
||||
|
||||
let mut client_actions = Actions {
|
||||
app_data_to_send: Some(expected),
|
||||
|
|
@ -159,8 +159,8 @@ fn app_data_server_to_client() {
|
|||
let expected: &[_] = b"hello";
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
eprintln!("{version:?}");
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa);
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa2048);
|
||||
|
||||
let mut server_actions = Actions {
|
||||
app_data_to_send: Some(expected),
|
||||
|
|
@ -190,11 +190,11 @@ fn app_data_server_to_client() {
|
|||
fn early_data() {
|
||||
let expected: &[_] = b"hello";
|
||||
|
||||
let mut server_config = make_server_config(KeyType::Rsa);
|
||||
let mut server_config = make_server_config(KeyType::Rsa2048);
|
||||
server_config.max_early_data_size = 128;
|
||||
let server_config = Arc::new(server_config);
|
||||
|
||||
let mut client_config = make_client_config_with_versions(KeyType::Rsa, &[&TLS13]);
|
||||
let mut client_config = make_client_config_with_versions(KeyType::Rsa2048, &[&TLS13]);
|
||||
client_config.enable_early_data = true;
|
||||
let client_config = Arc::new(client_config);
|
||||
|
||||
|
|
@ -409,8 +409,8 @@ fn run(
|
|||
fn close_notify_client_to_server() {
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
eprintln!("{version:?}");
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa);
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa2048);
|
||||
|
||||
let mut client_actions = Actions {
|
||||
send_close_notify: true,
|
||||
|
|
@ -433,8 +433,8 @@ fn close_notify_client_to_server() {
|
|||
fn close_notify_server_to_client() {
|
||||
for version in rustls::ALL_VERSIONS {
|
||||
eprintln!("{version:?}");
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa);
|
||||
let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
let client_config = make_client_config(KeyType::Rsa2048);
|
||||
|
||||
let mut server_actions = Actions {
|
||||
send_close_notify: true,
|
||||
|
|
@ -807,8 +807,8 @@ impl Buffer {
|
|||
fn make_connection_pair(
|
||||
version: &'static rustls::SupportedProtocolVersion,
|
||||
) -> (UnbufferedClientConnection, UnbufferedServerConnection) {
|
||||
let server_config = make_server_config(KeyType::Rsa);
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]);
|
||||
let server_config = make_server_config(KeyType::Rsa2048);
|
||||
let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]);
|
||||
|
||||
let client =
|
||||
UnbufferedClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap();
|
||||
|
|
|
|||
Loading…
Reference in New Issue