Port SRP tests to the new test framework

Also add negative tests for password mismatch.

Reviewed-by: Richard Levitte <levitte@openssl.org>

2 files changed, 247 insertions, 0 deletions

diff --git a/test/ssl-tests/23-srp.conf b/test/ssl-tests/23-srp.conf
new file mode 100644
index 0000000000..6ae49e6814
--- /dev/null
+++ b/test/ssl-tests/23-srp.conf
@@ -0,0 +1,144 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 4
+
+test-0 = 0-srp
+test-1 = 1-srp-bad-password
+test-2 = 2-srp-auth
+test-3 = 3-srp-auth-bad-password
+# ===========================================================
+
+[0-srp]
+ssl_conf = 0-srp-ssl
+
+[0-srp-ssl]
+server = 0-srp-server
+client = 0-srp-client
+
+[0-srp-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = SRP
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-srp-client]
+CipherString = SRP
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+server = 0-srp-server-extra
+client = 0-srp-client-extra
+
+[0-srp-server-extra]
+SRPPassword = password
+SRPUser = user
+
+[0-srp-client-extra]
+SRPPassword = password
+SRPUser = user
+
+
+# ===========================================================
+
+[1-srp-bad-password]
+ssl_conf = 1-srp-bad-password-ssl
+
+[1-srp-bad-password-ssl]
+server = 1-srp-bad-password-server
+client = 1-srp-bad-password-client
+
+[1-srp-bad-password-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = SRP
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-srp-bad-password-client]
+CipherString = SRP
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = ServerFail
+server = 1-srp-bad-password-server-extra
+client = 1-srp-bad-password-client-extra
+
+[1-srp-bad-password-server-extra]
+SRPPassword = password
+SRPUser = user
+
+[1-srp-bad-password-client-extra]
+SRPPassword = passw0rd
+SRPUser = user
+
+
+# ===========================================================
+
+[2-srp-auth]
+ssl_conf = 2-srp-auth-ssl
+
+[2-srp-auth-ssl]
+server = 2-srp-auth-server
+client = 2-srp-auth-client
+
+[2-srp-auth-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = aSRP
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-srp-auth-client]
+CipherString = aSRP
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+server = 2-srp-auth-server-extra
+client = 2-srp-auth-client-extra
+
+[2-srp-auth-server-extra]
+SRPPassword = password
+SRPUser = user
+
+[2-srp-auth-client-extra]
+SRPPassword = password
+SRPUser = user
+
+
+# ===========================================================
+
+[3-srp-auth-bad-password]
+ssl_conf = 3-srp-auth-bad-password-ssl
+
+[3-srp-auth-bad-password-ssl]
+server = 3-srp-auth-bad-password-server
+client = 3-srp-auth-bad-password-client
+
+[3-srp-auth-bad-password-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = aSRP
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-srp-auth-bad-password-client]
+CipherString = aSRP
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = ServerFail
+server = 3-srp-auth-bad-password-server-extra
+client = 3-srp-auth-bad-password-client-extra
+
+[3-srp-auth-bad-password-server-extra]
+SRPPassword = password
+SRPUser = user
+
+[3-srp-auth-bad-password-client-extra]
+SRPPassword = passw0rd
+SRPUser = user
+
+
diff --git a/test/ssl-tests/23-srp.conf.in b/test/ssl-tests/23-srp.conf.in
new file mode 100644
index 0000000000..b7601fc3e5
--- /dev/null
+++ b/test/ssl-tests/23-srp.conf.in
@@ -0,0 +1,103 @@
+# -*- mode: perl; -*-
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+package ssltests;
+
+# SRP is only supported up to TLSv1.2
+
+our @tests = (
+    {
+	name => "srp",
+	server => {
+	    "CipherString" => "SRP",
+	    extra => {
+	       	"SRPUser" => "user",
+		"SRPPassword" => "password",
+	    },
+        },
+	client => {
+	    "CipherString" => "SRP",
+	    "MaxProtocol" => "TLSv1.2",
+	    extra => {
+	        "SRPUser" => "user",
+		"SRPPassword" => "password",
+	    },
+	},
+	test => {
+	    "ExpectedResult" => "Success"
+	},
+    },
+    {
+	name => "srp-bad-password",
+	server => {
+	    "CipherString" => "SRP",
+	    extra => {
+	       	"SRPUser" => "user",
+		"SRPPassword" => "password",
+	    },
+        },
+	client => {
+	    "CipherString" => "SRP",
+	    "MaxProtocol" => "TLSv1.2",
+	    extra => {
+	        "SRPUser" => "user",
+		"SRPPassword" => "passw0rd",
+	    },
+	},
+	test => {
+	    # Server fails first with bad client Finished.
+	    "ExpectedResult" => "ServerFail"
+	},
+    },
+    {
+	name => "srp-auth",
+	server => {
+	    "CipherString" => "aSRP",
+	    extra => {
+	       	"SRPUser" => "user",
+		"SRPPassword" => "password",
+	    },
+        },
+	client => {
+	    "CipherString" => "aSRP",
+	    "MaxProtocol" => "TLSv1.2",
+	    extra => {
+	        "SRPUser" => "user",
+		"SRPPassword" => "password",
+	    },
+	},
+	test => {
+	    "ExpectedResult" => "Success"
+	},
+    },
+    {
+	name => "srp-auth-bad-password",
+	server => {
+	    "CipherString" => "aSRP",
+	    extra => {
+	       	"SRPUser" => "user",
+		"SRPPassword" => "password",
+	    },
+        },
+	client => {
+	    "CipherString" => "aSRP",
+	    "MaxProtocol" => "TLSv1.2",
+	    extra => {
+	        "SRPUser" => "user",
+		"SRPPassword" => "passw0rd",
+	    },
+	},
+	test => {
+	    # Server fails first with bad client Finished.
+	    "ExpectedResult" => "ServerFail"
+	},
+    },
+);
\ No newline at end of file