tests: pkcs11/tls-neg-pkcs11-key: updated for softhsm with PKCS#11 support

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c
index ca166001304ca3fe067d9244cb2eb1f73d426265..c85d8789dfe3c42373104c4be1d24d23b0dfc623 100644 (file)
--- a/tests/pkcs11/tls-neg-pkcs11-key.c
+++ b/tests/pkcs11/tls-neg-pkcs11-key.c
@@ -247,45 +247,52 @@ typedef struct test_st {
 } test_st;
 
 static const test_st tests[] = {
-       {.name = "ecc key",
+       {.name = "tls1.2: ecc key",
         .pk = GNUTLS_PK_ECDSA,
-        .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA",
+        .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2",
         .cert = &server_ca3_localhost_ecc_cert,
         .key = &server_ca3_ecc_key,
         .exp_kx = GNUTLS_KX_ECDHE_ECDSA
        },
-       {.name = "rsa-sign key",
+       {.name = "tls1.2: rsa-sign key",
         .pk = GNUTLS_PK_RSA,
-        .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA",
+        .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2",
         .cert = &server_ca3_localhost_cert,
         .key = &server_ca3_key,
         .exp_kx = GNUTLS_KX_ECDHE_RSA
        },
-       {.name = "rsa-sign key with rsa-pss sigs prioritized",
+       {.name = "tls1.2: rsa-sign key with rsa-pss sigs prioritized",
         .pk = GNUTLS_PK_RSA,
-        .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512",
+        .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:-VERS-TLS-ALL:+VERS-TLS1.2",
         .cert = &server_ca3_localhost_cert,
         .key = &server_ca3_key,
         .exp_kx = GNUTLS_KX_ECDHE_RSA
        },
-       {.name = "rsa-pss-sign key",
+       {.name = "tls1.2: rsa-pss-sign key",
         .pk = GNUTLS_PK_RSA_PSS,
-        .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA",
+        .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2",
         .cert = &server_ca3_rsa_pss2_cert,
         .key = &server_ca3_rsa_pss2_key,
         .exp_kx = GNUTLS_KX_ECDHE_RSA,
         .requires_pkcs11_pss = 1,
-        .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES
        },
-       {.name = "rsa-pss cert, rsa-sign key", /* we expect the server to refuse negotiating */
+       {.name = "tls1.2: rsa-pss cert, rsa-sign key",
         .pk = GNUTLS_PK_RSA,
-        .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA",
+        .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2",
+        .cert = &server_ca3_rsa_pss_cert,
+        .key = &server_ca3_rsa_pss_key,
+        .exp_kx = GNUTLS_KX_ECDHE_RSA,
+        .requires_pkcs11_pss = 1,
+       },
+       {.name = "tls1.2: rsa-pss cert, rsa-sign key no PSS signatures",
+        .pk = GNUTLS_PK_RSA,
+        .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2:-SIGN-RSA-PSS-SHA256:-SIGN-RSA-PSS-SHA384:-SIGN-RSA-PSS-SHA512",
         .cert = &server_ca3_rsa_pss_cert,
         .key = &server_ca3_rsa_pss_key,
         .exp_kx = GNUTLS_KX_ECDHE_RSA,
         .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES
        },
-       {.name = "ed25519 cert, ed25519 key", /* we cannot import that key */
+       {.name = "tls1.2: ed25519 cert, ed25519 key", /* we cannot import that key */
         .pk = GNUTLS_PK_EDDSA_ED25519,
         .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA",
         .cert = &server_ca3_eddsa_cert,