From b558340da83e2fadc14ac25eb95d3bbac5c973a6 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Thu, 8 Feb 2018 05:21:34 -0500
Subject: Use enums for TLS key exchange group params

---
 src/tests/data/tls-policy/bsi.txt      | 41 +++++++++++++++++-----------------
 src/tests/data/tls-policy/compat.txt   |  3 +--
 src/tests/data/tls-policy/datagram.txt |  2 +-
 src/tests/data/tls-policy/default.txt  |  3 +--
 src/tests/data/tls-policy/strict.txt   |  3 +--
 src/tests/data/tls-policy/suiteb.txt   |  4 +---
 src/tests/test_tls.cpp                 | 11 ++++-----
 src/tests/unit_tls.cpp                 | 19 +++++++++++-----
 8 files changed, 44 insertions(+), 42 deletions(-)

(limited to 'src/tests')

diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt
index 9879b87f5..c62777472 100644
--- a/src/tests/data/tls-policy/bsi.txt
+++ b/src/tests/data/tls-policy/bsi.txt
@@ -1,23 +1,22 @@
-allow_tls10=false
-allow_tls11=false
-allow_tls12=true
-allow_dtls10=false
-allow_dtls12=false
+allow_tls10 = false
+allow_tls11 = false
+allow_tls12 = true
+allow_dtls10 = false
+allow_dtls12 = false
 
-ciphers=AES-256/GCM AES-128/GCM AES-256 AES-128
-signature_hashes=SHA-384 SHA-256
-macs=AEAD SHA-384 SHA-256
-key_exchange_methods=ECDH DH PSK ECDHE_PSK DHE_PSK 
-signature_methods=ECDSA RSA DSA
-ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1
-groups=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/8192 ffdhe/ietf/6144 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048
-minimum_dh_group_size=2000
-minimum_dsa_group_size=2000
-minimum_ecdh_group_size=250
-minimum_ecdsa_group_size=250
-minimum_rsa_bits=2000
+ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128
+signature_hashes = SHA-384 SHA-256
+macs = AEAD SHA-384 SHA-256
+key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK
+signature_methods = ECDSA RSA DSA
+key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/8192 ffdhe/ietf/6144 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048
+minimum_dh_group_size = 2000
+minimum_dsa_group_size = 2000
+minimum_ecdh_group_size = 250
+minimum_ecdsa_group_size = 250
+minimum_rsa_bits = 2000
 
-allow_insecure_renegotiation=false
-allow_server_initiated_renegotiation=true
-server_uses_own_ciphersuite_preferences=true
-negotiate_encrypt_then_mac=true
+allow_insecure_renegotiation = false
+allow_server_initiated_renegotiation = true
+server_uses_own_ciphersuite_preferences = true
+negotiate_encrypt_then_mac = true
diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt
index 473453ab0..cd419e91a 100644
--- a/src/tests/data/tls-policy/compat.txt
+++ b/src/tests/data/tls-policy/compat.txt
@@ -14,7 +14,7 @@ macs = AEAD SHA-256 SHA-384 SHA-1
 signature_hashes = SHA-512 SHA-384 SHA-256 SHA-1
 signature_methods = ECDSA RSA IMPLICIT
 key_exchange_methods = CECPQ1 ECDH DH RSA
-ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1
+key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_client_initiated_renegotiation = true
@@ -23,7 +23,6 @@ hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
-dh_group = modp/ietf/1024
 minimum_dh_group_size = 1024
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 1024
diff --git a/src/tests/data/tls-policy/datagram.txt b/src/tests/data/tls-policy/datagram.txt
index 6a9819aff..d6071a906 100644
--- a/src/tests/data/tls-policy/datagram.txt
+++ b/src/tests/data/tls-policy/datagram.txt
@@ -8,7 +8,7 @@ macs = AEAD
 signature_hashes = SHA-512 SHA-384 SHA-256
 signature_methods = ECDSA RSA
 key_exchange_methods = CECPQ1 ECDH DH
-ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1
+key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_server_initiated_renegotiation = false
diff --git a/src/tests/data/tls-policy/default.txt b/src/tests/data/tls-policy/default.txt
index c96f91d96..0cf3dbbf8 100644
--- a/src/tests/data/tls-policy/default.txt
+++ b/src/tests/data/tls-policy/default.txt
@@ -8,7 +8,7 @@ macs = AEAD SHA-256 SHA-384 SHA-1
 signature_hashes = SHA-512 SHA-384 SHA-256
 signature_methods = ECDSA RSA
 key_exchange_methods = CECPQ1 ECDH DH
-ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1
+key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_server_initiated_renegotiation = false
@@ -16,7 +16,6 @@ hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
-dh_group = modp/ietf/2048
 minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
diff --git a/src/tests/data/tls-policy/strict.txt b/src/tests/data/tls-policy/strict.txt
index f59aaf271..7cb55bb83 100644
--- a/src/tests/data/tls-policy/strict.txt
+++ b/src/tests/data/tls-policy/strict.txt
@@ -8,7 +8,7 @@ macs = AEAD
 signature_hashes = SHA-512 SHA-384
 signature_methods = ECDSA RSA
 key_exchange_methods = CECPQ1 ECDH
-ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1
+key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_server_initiated_renegotiation = false
@@ -16,7 +16,6 @@ hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
-dh_group = modp/ietf/2048
 minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
diff --git a/src/tests/data/tls-policy/suiteb.txt b/src/tests/data/tls-policy/suiteb.txt
index 7c0b3e7d8..90ef68f4a 100644
--- a/src/tests/data/tls-policy/suiteb.txt
+++ b/src/tests/data/tls-policy/suiteb.txt
@@ -8,7 +8,7 @@ macs = AEAD
 signature_hashes = SHA-256
 signature_methods = ECDSA
 key_exchange_methods = ECDH
-ecc_curves = secp256r1
+key_exchange_groups = secp256r1
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_server_initiated_renegotiation = false
@@ -16,8 +16,6 @@ hide_unknown_users = false
 server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
-dh_group = modp/ietf/2048
-groups = secp256r1
 minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp
index 4762653ac..728c13735 100644
--- a/src/tests/test_tls.cpp
+++ b/src/tests/test_tls.cpp
@@ -108,7 +108,7 @@ class Test_TLS_Alert_Strings : public Test
 
 BOTAN_REGISTER_TEST("tls_alert_strings", Test_TLS_Alert_Strings);
 
-class Test_TLS_Policy_Test : public Test
+class Test_TLS_Policy_Text : public Test
    {
    public:
       std::vector<Test::Result> run() override
@@ -119,9 +119,10 @@ class Test_TLS_Policy_Test : public Test
 
          for(std::string policy : policies)
             {
-            result.test_eq("Values for TLS " + policy + " policy",
-                           tls_policy_string(policy),
-                           read_tls_policy(policy));
+            const std::string from_policy_obj = tls_policy_string(policy);
+            const std::string from_file = read_tls_policy(policy);
+
+            result.test_eq("Values for TLS " + policy + " policy", from_file, from_policy_obj);
             }
 
          return {result};
@@ -174,7 +175,7 @@ class Test_TLS_Policy_Test : public Test
          }
    };
 
-BOTAN_REGISTER_TEST("tls_policy_test", Test_TLS_Policy_Test);
+BOTAN_REGISTER_TEST("tls_policy_text", Test_TLS_Policy_Text);
 
 class Test_TLS_Ciphersuites : public Test
    {
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index 0a5739c3d..186822d2f 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -686,13 +686,20 @@ class TLS_Unit_Tests final : public Test
          {
          Botan::RandomNumberGenerator& rng = Test::rng();
 
-         for(auto const& version : versions)
+         try
             {
-            TLS_Handshake_Test test(
-               version.to_string() + " " + test_descr,
-               version, creds, policy, policy, rng, client_ses, server_ses, client_auth);
-            test.go();
-            results.push_back(test.results());
+            for(auto const& version : versions)
+               {
+               TLS_Handshake_Test test(
+                  version.to_string() + " " + test_descr,
+                  version, creds, policy, policy, rng, client_ses, server_ses, client_auth);
+               test.go();
+               results.push_back(test.results());
+               }
+            }
+         catch(std::exception& e)
+            {
+            results.push_back(Test::Result::Failure(test_descr, e.what()));
             }
          }
 
-- 
cgit v1.2.3