From fbe1af9dfe021610e32d29e9c1c81eb5ce38e0ac Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 15 Jun 2017 00:34:20 +0100 Subject: [PATCH] Add Ed25519 TLS 1.3 and 1.2 tests Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3585) --- test/ssl-tests/20-cert-select.conf.in | 71 ++++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index 5937f9ad4e..90bc5a23c8 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -12,6 +12,8 @@ use OpenSSL::Test::Utils; my $server = { "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"), "MaxProtocol" => "TLSv1.2" }; @@ -32,6 +34,23 @@ our @tests = ( "ExpectedResult" => "Success" }, }, + { + name => "Ed25519 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ed25519:ECDSA+SHA256", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "Ed25519", + "ExpectedServerSignType" =>, "Ed25519", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, { name => "RSA CipherString Selection", server => $server, @@ -189,13 +208,33 @@ our @tests = ( "ExpectedServerSignType" => "EC", "ExpectedResult" => "Success" }, - } + }, + { + name => "TLS 1.2 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, ); my $server_tls_1_3 = { "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"), "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3" }; @@ -313,6 +352,18 @@ my @tests_tls_1_3 = ( "ExpectedResult" => "Success" }, }, + { + name => "TLS 1.3 Ed25519 Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ed25519", + }, + test => { + "ExpectedServerCertType" => "Ed25519", + "ExpectedServerSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, { name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection", server => { @@ -361,6 +412,24 @@ my @tests_tls_1_3 = ( "ExpectedResult" => "Success" }, }, + { + name => "TLS 1.3 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, { name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms", server => {