diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-06-15 00:34:20 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-06-21 14:11:01 +0100 |
| commit | fbe1af9dfe021610e32d29e9c1c81eb5ce38e0ac (patch) | |
| tree | 3d4f0d89c10162e4c710f6b015ae1525c1e33f11 | |
| parent | 60bbed3ff6716e8f1358396acc772908a758a0a0 (diff) | |
Add Ed25519 TLS 1.3 and 1.2 tests
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
| -rw-r--r-- | test/ssl-tests/20-cert-select.conf.in | 71 |
1 files changed, 70 insertions, 1 deletions
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index 5937f9ad4e..90bc5a23c8 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -12,6 +12,8 @@ use OpenSSL::Test::Utils; my $server = { "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"), "MaxProtocol" => "TLSv1.2" }; @@ -33,6 +35,23 @@ our @tests = ( }, }, { + name => "Ed25519 CipherString and Signature Algorithm Selection", + server => $server, + client => { + "CipherString" => "aECDSA", + "MaxProtocol" => "TLSv1.2", + "SignatureAlgorithms" => "ed25519:ECDSA+SHA256", + "RequestCAFile" => test_pem("root-cert.pem"), + }, + test => { + "ExpectedServerCertType" =>, "Ed25519", + "ExpectedServerSignType" =>, "Ed25519", + # Note: certificate_authorities not sent for TLS < 1.3 + "ExpectedServerCANames" =>, "empty", + "ExpectedResult" => "Success" + }, + }, + { name => "RSA CipherString Selection", server => $server, client => { @@ -189,13 +208,33 @@ our @tests = ( "ExpectedServerSignType" => "EC", "ExpectedResult" => "Success" }, - } + }, + { + name => "TLS 1.2 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.2", + "MaxProtocol" => "TLSv1.2" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, ); my $server_tls_1_3 = { "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"), + "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"), "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3" }; @@ -314,6 +353,18 @@ my @tests_tls_1_3 = ( }, }, { + name => "TLS 1.3 Ed25519 Signature Algorithm Selection", + server => $server_tls_1_3, + client => { + "SignatureAlgorithms" => "ed25519", + }, + test => { + "ExpectedServerCertType" => "Ed25519", + "ExpectedServerSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection", server => { "ClientSignatureAlgorithms" => "PSS+SHA256", @@ -362,6 +413,24 @@ my @tests_tls_1_3 = ( }, }, { + name => "TLS 1.3 Ed25519 Client Auth", + server => { + "VerifyCAFile" => test_pem("root-cert.pem"), + "VerifyMode" => "Require" + }, + client => { + "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"), + "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"), + "MinProtocol" => "TLSv1.3", + "MaxProtocol" => "TLSv1.3" + }, + test => { + "ExpectedClientCertType" => "Ed25519", + "ExpectedClientSignType" => "Ed25519", + "ExpectedResult" => "Success" + }, + }, + { name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms", server => { "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256", |