Commit a92e710b authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add tests for client and server signature type 



Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
parent 54b7f2a5

test/ssl-tests/04-client_auth.conf

+1 −0
Original line number Diff line number Diff line
@@ -562,6 +562,7 @@ VerifyMode = Peer 
[test-18]

ExpectedClientCertType = RSA

ExpectedClientSignHash = SHA256

ExpectedClientSignType = RSA

ExpectedResult = Success

test/ssl-tests/04-client_auth.conf.in

+4 −1
Original line number Diff line number Diff line
@@ -34,10 +34,12 @@ sub generate_tests() { 
                $caalert = "UnknownCA";

            }

            my $clihash;

            my $clisigtype;

            my $clisigalgs;

            # TODO add TLSv1.3 versions

            # TODO(TLS1.3) add TLSv1.3 versions

            if ($protocol_name eq "TLSv1.2") {

                $clihash = "SHA256";

                $clisigtype = "RSA";

                $clisigalgs = "SHA256+RSA";

            }

            # Sanity-check simple handshake.
@@ -106,6 +108,7 @@ sub generate_tests() { 
                },

                test   => { "ExpectedResult" => "Success",

                            "ExpectedClientCertType" => "RSA",

                            "ExpectedClientSignType" => $clisigtype,

                            "ExpectedClientSignHash" => $clihash,

                },

            };

test/ssl-tests/20-cert-select.conf

+36 −1
Original line number Diff line number Diff line 
# Generated with generate_ssl_tests.pl



num_tests = 6

num_tests = 7



test-0 = 0-ECDSA CipherString Selection

test-1 = 1-RSA CipherString Selection
@@ -8,6 +8,7 @@ test-2 = 2-ECDSA CipherString Selection, no ECDSA certificate 
test-3 = 3-ECDSA Signature Algorithm Selection

test-4 = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate

test-5 = 5-RSA Signature Algorithm Selection

test-6 = 6-RSA-PSS Signature Algorithm Selection

# ===========================================================



[0-ECDSA CipherString Selection]
@@ -33,6 +34,7 @@ VerifyMode = Peer 
[test-0]

ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignType = EC





# ===========================================================
@@ -60,6 +62,7 @@ VerifyMode = Peer 
[test-1]

ExpectedResult = Success

ExpectedServerCertType = RSA

ExpectedServerSignType = RSA-PSS





# ===========================================================
@@ -112,6 +115,7 @@ VerifyMode = Peer 
ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignHash = SHA256

ExpectedServerSignType = EC





# ===========================================================
@@ -165,5 +169,36 @@ VerifyMode = Peer 
ExpectedResult = Success

ExpectedServerCertType = RSA

ExpectedServerSignHash = SHA256

ExpectedServerSignType = RSA





# ===========================================================



[6-RSA-PSS Signature Algorithm Selection]

ssl_conf = 6-RSA-PSS Signature Algorithm Selection-ssl



[6-RSA-PSS Signature Algorithm Selection-ssl]

server = 6-RSA-PSS Signature Algorithm Selection-server

client = 6-RSA-PSS Signature Algorithm Selection-client



[6-RSA-PSS Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[6-RSA-PSS Signature Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = RSA-PSS+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-6]

ExpectedResult = Success

ExpectedServerCertType = RSA

ExpectedServerSignHash = SHA256

ExpectedServerSignType = RSA-PSS

test/ssl-tests/20-cert-select.conf.in

+18 −1
Original line number Diff line number Diff line
@@ -15,7 +15,7 @@ my $dir_sep = $^O ne "VMS" ? "/" : ""; 
my $server = {

    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",

    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",

    # TODO: add test cases for TLSv1.3

    # TODO(TLS1.3): add test cases for TLSv1.3

    "MaxProtocol" => "TLSv1.2"

};
@@ -28,6 +28,7 @@ our @tests = ( 
        },

        test   => {

            "ExpectedServerCertType" =>, "P-256",

            "ExpectedServerSignType" =>, "EC",

            "ExpectedResult" => "Success"

        },

    },
@@ -39,6 +40,7 @@ our @tests = ( 
        },

        test   => {

            "ExpectedServerCertType" =>, "RSA",

            "ExpectedServerSignType" =>, "RSA-PSS",

            "ExpectedResult" => "Success"

        },

    },
@@ -61,6 +63,7 @@ our @tests = ( 
        test   => {

            "ExpectedServerCertType" => "P-256",

            "ExpectedServerSignHash" => "SHA256",

            "ExpectedServerSignType" => "EC",

            "ExpectedResult" => "Success"

        },

    },
@@ -83,6 +86,20 @@ our @tests = ( 
        test   => {

            "ExpectedServerCertType" => "RSA",

            "ExpectedServerSignHash" => "SHA256",

            "ExpectedServerSignType" => "RSA",

            "ExpectedResult" => "Success"

        },

    },

    {

        name => "RSA-PSS Signature Algorithm Selection",

        server => $server,

        client => {

            "SignatureAlgorithms" => "RSA-PSS+SHA256",

        },

        test   => {

            "ExpectedServerCertType" => "RSA",

            "ExpectedServerSignHash" => "SHA256",

            "ExpectedServerSignType" => "RSA-PSS",

            "ExpectedResult" => "Success"

        },

    }