7a08b764cc
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2667)
292 lines
8.4 KiB
Perl
292 lines
8.4 KiB
Perl
# -*- mode: perl; -*-
|
|
|
|
## SSL test configurations
|
|
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
package ssltests;
|
|
use OpenSSL::Test::Utils;
|
|
|
|
my $server = {
|
|
"ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
|
|
"ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
|
"MaxProtocol" => "TLSv1.2"
|
|
};
|
|
|
|
our @tests = (
|
|
{
|
|
name => "ECDSA CipherString Selection",
|
|
server => $server,
|
|
client => {
|
|
"CipherString" => "aECDSA",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" =>, "P-256",
|
|
"ExpectedServerSignType" =>, "EC",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "RSA CipherString Selection",
|
|
server => $server,
|
|
client => {
|
|
"CipherString" => "aRSA",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" =>, "RSA",
|
|
"ExpectedServerSignType" =>, "RSA-PSS",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "ECDSA CipherString Selection, no ECDSA certificate",
|
|
server => {
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
client => {
|
|
"CipherString" => "aECDSA"
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "ServerFail"
|
|
},
|
|
},
|
|
{
|
|
name => "ECDSA Signature Algorithm Selection",
|
|
server => $server,
|
|
client => {
|
|
"SignatureAlgorithms" => "ECDSA+SHA256",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" => "P-256",
|
|
"ExpectedServerSignHash" => "SHA256",
|
|
"ExpectedServerSignType" => "EC",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "ECDSA Signature Algorithm Selection SHA384",
|
|
server => $server,
|
|
client => {
|
|
"SignatureAlgorithms" => "ECDSA+SHA384",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" => "P-256",
|
|
"ExpectedServerSignHash" => "SHA384",
|
|
"ExpectedServerSignType" => "EC",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
|
|
server => {
|
|
"MaxProtocol" => "TLSv1.2"
|
|
},
|
|
client => {
|
|
"SignatureAlgorithms" => "ECDSA+SHA256",
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "ServerFail"
|
|
},
|
|
},
|
|
{
|
|
name => "RSA Signature Algorithm Selection",
|
|
server => $server,
|
|
client => {
|
|
"SignatureAlgorithms" => "RSA+SHA256",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" => "RSA",
|
|
"ExpectedServerSignHash" => "SHA256",
|
|
"ExpectedServerSignType" => "RSA",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "RSA-PSS Signature Algorithm Selection",
|
|
server => $server,
|
|
client => {
|
|
"SignatureAlgorithms" => "RSA-PSS+SHA256",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" => "RSA",
|
|
"ExpectedServerSignHash" => "SHA256",
|
|
"ExpectedServerSignType" => "RSA-PSS",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
}
|
|
);
|
|
|
|
|
|
my $server_tls_1_3 = {
|
|
"ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
|
|
"ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
|
|
"MinProtocol" => "TLSv1.3",
|
|
"MaxProtocol" => "TLSv1.3"
|
|
};
|
|
|
|
my $client_tls_1_3 = {
|
|
"RSA.Certificate" => test_pem("ee-client-chain.pem"),
|
|
"RSA.PrivateKey" => test_pem("ee-key.pem"),
|
|
"ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
|
|
"ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
|
|
"MinProtocol" => "TLSv1.3",
|
|
"MaxProtocol" => "TLSv1.3"
|
|
};
|
|
|
|
my @tests_tls_1_3 = (
|
|
{
|
|
name => "TLS 1.3 ECDSA Signature Algorithm Selection",
|
|
server => $server_tls_1_3,
|
|
client => {
|
|
"SignatureAlgorithms" => "ECDSA+SHA256",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" => "P-256",
|
|
"ExpectedServerSignHash" => "SHA256",
|
|
"ExpectedServerSignType" => "EC",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
|
|
server => $server_tls_1_3,
|
|
client => {
|
|
"SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" => "P-256",
|
|
"ExpectedServerSignHash" => "SHA256",
|
|
"ExpectedServerSignType" => "EC",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
|
|
server => $server_tls_1_3,
|
|
client => {
|
|
"SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" => "RSA",
|
|
"ExpectedServerSignHash" => "SHA384",
|
|
"ExpectedServerSignType" => "RSA-PSS",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
|
|
server => {
|
|
"MinProtocol" => "TLSv1.3",
|
|
"MaxProtocol" => "TLSv1.3"
|
|
},
|
|
client => {
|
|
"SignatureAlgorithms" => "ECDSA+SHA256",
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "ServerFail"
|
|
},
|
|
},
|
|
{
|
|
name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
|
|
server => $server_tls_1_3,
|
|
client => {
|
|
"SignatureAlgorithms" => "RSA+SHA256",
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "ServerFail"
|
|
},
|
|
},
|
|
{
|
|
name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
|
|
server => $server_tls_1_3,
|
|
client => {
|
|
"SignatureAlgorithms" => "RSA-PSS+SHA256",
|
|
},
|
|
test => {
|
|
"ExpectedServerCertType" => "RSA",
|
|
"ExpectedServerSignHash" => "SHA256",
|
|
"ExpectedServerSignType" => "RSA-PSS",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
|
|
server => {
|
|
"ClientSignatureAlgorithms" => "PSS+SHA256",
|
|
"VerifyCAFile" => test_pem("root-cert.pem"),
|
|
"VerifyMode" => "Require"
|
|
},
|
|
client => $client_tls_1_3,
|
|
test => {
|
|
"ExpectedClientCertType" => "RSA",
|
|
"ExpectedClientSignHash" => "SHA256",
|
|
"ExpectedClientSignType" => "RSA-PSS",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
{
|
|
name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
|
|
server => {
|
|
"ClientSignatureAlgorithms" => "ECDSA+SHA256",
|
|
"VerifyCAFile" => test_pem("root-cert.pem"),
|
|
"VerifyMode" => "Require"
|
|
},
|
|
client => $client_tls_1_3,
|
|
test => {
|
|
"ExpectedClientCertType" => "P-256",
|
|
"ExpectedClientSignHash" => "SHA256",
|
|
"ExpectedClientSignType" => "EC",
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
);
|
|
|
|
push @tests, @tests_tls_1_3 unless disabled("tls1_3");
|
|
|
|
my @tests_dsa_tls_1_2 = (
|
|
{
|
|
name => "TLS 1.2 DSA Certificate Test",
|
|
server => {
|
|
"DSA.Certificate" => test_pem("server-dsa-cert.pem"),
|
|
"DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
|
|
"DHParameters" => test_pem("dhp2048.pem"),
|
|
"MinProtocol" => "TLSv1.2",
|
|
"MaxProtocol" => "TLSv1.2",
|
|
"CipherString" => "ALL",
|
|
},
|
|
client => {
|
|
"SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
|
|
"CipherString" => "ALL",
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "Success"
|
|
},
|
|
},
|
|
);
|
|
|
|
my @tests_dsa_tls_1_3 = (
|
|
{
|
|
name => "TLS 1.3 DSA Certificate Test",
|
|
server => {
|
|
"DSA.Certificate" => test_pem("server-dsa-cert.pem"),
|
|
"DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
|
|
"MinProtocol" => "TLSv1.3",
|
|
"MaxProtocol" => "TLSv1.3",
|
|
"CipherString" => "ALL",
|
|
},
|
|
client => {
|
|
"SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256",
|
|
"CipherString" => "ALL",
|
|
},
|
|
test => {
|
|
"ExpectedResult" => "ServerFail"
|
|
},
|
|
},
|
|
);
|
|
|
|
if (!disabled("dsa")) {
|
|
push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
|
|
push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
|
|
}
|