wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add TLS tests for RSA-PSS Restricted certificates

Browse source 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
This commit is contained in:
Matt Caswell 2019-08-08 11:41:18 +01:00
parent 39d9ea5e50
commit 20946b9465
2 changed files with 569 additions and 367 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

870
test/ssl-tests/20-cert-select.conf
View file

File diff suppressed because it is too large Load diff

66
test/ssl-tests/20-cert-select.conf.in
View file

@ -36,6 +36,12 @@ my $server_pss_only = {
"PrivateKey" => test_pem("server-pss-key.pem"), "PrivateKey" => test_pem("server-pss-key.pem"),
}; };
my $server_pss_restrict_only = {
"Certificate" => test_pem("server-pss-restrict-cert.pem"),
"PrivateKey" => test_pem("server-pss-restrict-key.pem"),
};
my $server_rsa_all = { my $server_rsa_all = {
"PSS.Certificate" => test_pem("server-pss-cert.pem"), "PSS.Certificate" => test_pem("server-pss-cert.pem"),
"PSS.PrivateKey" => test_pem("server-pss-key.pem"), "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
@ -379,6 +385,19 @@ our @tests = (
"ExpectedResult" => "Success" "ExpectedResult" => "Success"
}, },
}, },
{
name => "Only RSA-PSS Certificate Valid Signature Algorithms",
server => $server_pss_only,
client => {
"SignatureAlgorithms" => "rsa_pss_pss_sha512",
},
test => {
"ExpectedServerCertType" => "RSA-PSS",
"ExpectedServerSignHash" => "SHA512",
"ExpectedServerSignType" => "RSA-PSS",
"ExpectedResult" => "Success"
},
},
{ {
name => "RSA-PSS Certificate, no PSS signature algorithms", name => "RSA-PSS Certificate, no PSS signature algorithms",
server => $server_pss_only, server => $server_pss_only,
@ -389,6 +408,53 @@ our @tests = (
"ExpectedResult" => "ServerFail" "ExpectedResult" => "ServerFail"
}, },
}, },
{
name => "Only RSA-PSS Restricted Certificate",
server => $server_pss_restrict_only,
client => {},
test => {
"ExpectedServerCertType" => "RSA-PSS",
"ExpectedServerSignHash" => "SHA256",
"ExpectedServerSignType" => "RSA-PSS",
"ExpectedResult" => "Success"
},
},
{
name => "RSA-PSS Restricted Certificate Valid Signature Algorithms",
server => $server_pss_restrict_only,
client => {
"SignatureAlgorithms" => "rsa_pss_pss_sha256:rsa_pss_pss_sha512",
},
test => {
"ExpectedServerCertType" => "RSA-PSS",
"ExpectedServerSignHash" => "SHA256",
"ExpectedServerSignType" => "RSA-PSS",
"ExpectedResult" => "Success"
},
},
{
name => "RSA-PSS Restricted Cert client prefers invalid Signature Algorithm",
server => $server_pss_restrict_only,
client => {
"SignatureAlgorithms" => "rsa_pss_pss_sha512:rsa_pss_pss_sha256",
},
test => {
"ExpectedServerCertType" => "RSA-PSS",
"ExpectedServerSignHash" => "SHA256",
"ExpectedServerSignType" => "RSA-PSS",
"ExpectedResult" => "Success"
},
},
{
name => "RSA-PSS Restricted Certificate Invalid Signature Algorithms",
server => $server_pss_restrict_only,
client => {
"SignatureAlgorithms" => "rsa_pss_pss_sha512",
},
test => {
"ExpectedResult" => "ServerFail"
},
},
{ {
name => "RSA key exchange with all RSA certificate types", name => "RSA key exchange with all RSA certificate types",
server => $server_rsa_all, server => $server_rsa_all,