Commit c749308f authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add tests for SHA1 and EC point compression 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2739)
parent 095a982b

test/ssl-tests/20-cert-select.conf

+117 −55
Original line number Diff line number Diff line 
# Generated with generate_ssl_tests.pl



num_tests = 11

num_tests = 13



test-0 = 0-ECDSA CipherString Selection

test-1 = 1-RSA CipherString Selection

test-2 = 2-ECDSA CipherString Selection, no ECDSA certificate

test-3 = 3-ECDSA Signature Algorithm Selection

test-4 = 4-ECDSA Signature Algorithm Selection SHA384

test-5 = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate

test-6 = 6-RSA Signature Algorithm Selection

test-7 = 7-RSA-PSS Signature Algorithm Selection

test-8 = 8-Suite B P-256 Hash Algorithm Selection

test-9 = 9-Suite B P-384 Hash Algorithm Selection

test-10 = 10-TLS 1.2 DSA Certificate Test

test-5 = 5-ECDSA Signature Algorithm Selection SHA1

test-6 = 6-ECDSA Signature Algorithm Selection compressed point

test-7 = 7-ECDSA Signature Algorithm Selection, no ECDSA certificate

test-8 = 8-RSA Signature Algorithm Selection

test-9 = 9-RSA-PSS Signature Algorithm Selection

test-10 = 10-Suite B P-256 Hash Algorithm Selection

test-11 = 11-Suite B P-384 Hash Algorithm Selection

test-12 = 12-TLS 1.2 DSA Certificate Test

# ===========================================================



[0-ECDSA CipherString Selection]
@@ -155,39 +157,99 @@ ExpectedServerSignType = EC 


# ===========================================================



[5-ECDSA Signature Algorithm Selection, no ECDSA certificate]

ssl_conf = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl

[5-ECDSA Signature Algorithm Selection SHA1]

ssl_conf = 5-ECDSA Signature Algorithm Selection SHA1-ssl



[5-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]

server = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate-server

client = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate-client

[5-ECDSA Signature Algorithm Selection SHA1-ssl]

server = 5-ECDSA Signature Algorithm Selection SHA1-server

client = 5-ECDSA Signature Algorithm Selection SHA1-client



[5-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]

[5-ECDSA Signature Algorithm Selection SHA1-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[5-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]

[5-ECDSA Signature Algorithm Selection SHA1-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA256

SignatureAlgorithms = ECDSA+SHA1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-5]

ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignHash = SHA1

ExpectedServerSignType = EC





# ===========================================================



[6-ECDSA Signature Algorithm Selection compressed point]

ssl_conf = 6-ECDSA Signature Algorithm Selection compressed point-ssl



[6-ECDSA Signature Algorithm Selection compressed point-ssl]

server = 6-ECDSA Signature Algorithm Selection compressed point-server

client = 6-ECDSA Signature Algorithm Selection compressed point-client



[6-ECDSA Signature Algorithm Selection compressed point-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem

ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[6-ECDSA Signature Algorithm Selection compressed point-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-6]

ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignHash = SHA256

ExpectedServerSignType = EC





# ===========================================================



[7-ECDSA Signature Algorithm Selection, no ECDSA certificate]

ssl_conf = 7-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl



[7-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]

server = 7-ECDSA Signature Algorithm Selection, no ECDSA certificate-server

client = 7-ECDSA Signature Algorithm Selection, no ECDSA certificate-client



[7-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[7-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-7]

ExpectedResult = ServerFail





# ===========================================================



[6-RSA Signature Algorithm Selection]

ssl_conf = 6-RSA Signature Algorithm Selection-ssl

[8-RSA Signature Algorithm Selection]

ssl_conf = 8-RSA Signature Algorithm Selection-ssl



[6-RSA Signature Algorithm Selection-ssl]

server = 6-RSA Signature Algorithm Selection-server

client = 6-RSA Signature Algorithm Selection-client

[8-RSA Signature Algorithm Selection-ssl]

server = 8-RSA Signature Algorithm Selection-server

client = 8-RSA Signature Algorithm Selection-client



[6-RSA Signature Algorithm Selection-server]

[8-RSA Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
@@ -195,13 +257,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 
MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[6-RSA Signature Algorithm Selection-client]

[8-RSA Signature Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = RSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-6]

[test-8]

ExpectedResult = Success

ExpectedServerCertType = RSA

ExpectedServerSignHash = SHA256
@@ -210,14 +272,14 @@ ExpectedServerSignType = RSA 


# ===========================================================



[7-RSA-PSS Signature Algorithm Selection]

ssl_conf = 7-RSA-PSS Signature Algorithm Selection-ssl

[9-RSA-PSS Signature Algorithm Selection]

ssl_conf = 9-RSA-PSS Signature Algorithm Selection-ssl



[7-RSA-PSS Signature Algorithm Selection-ssl]

server = 7-RSA-PSS Signature Algorithm Selection-server

client = 7-RSA-PSS Signature Algorithm Selection-client

[9-RSA-PSS Signature Algorithm Selection-ssl]

server = 9-RSA-PSS Signature Algorithm Selection-server

client = 9-RSA-PSS Signature Algorithm Selection-client



[7-RSA-PSS Signature Algorithm Selection-server]

[9-RSA-PSS Signature Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = DEFAULT

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
@@ -225,13 +287,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 
MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[7-RSA-PSS Signature Algorithm Selection-client]

[9-RSA-PSS Signature Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = RSA-PSS+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-7]

[test-9]

ExpectedResult = Success

ExpectedServerCertType = RSA

ExpectedServerSignHash = SHA256
@@ -240,14 +302,14 @@ ExpectedServerSignType = RSA-PSS 


# ===========================================================



[8-Suite B P-256 Hash Algorithm Selection]

ssl_conf = 8-Suite B P-256 Hash Algorithm Selection-ssl

[10-Suite B P-256 Hash Algorithm Selection]

ssl_conf = 10-Suite B P-256 Hash Algorithm Selection-ssl



[8-Suite B P-256 Hash Algorithm Selection-ssl]

server = 8-Suite B P-256 Hash Algorithm Selection-server

client = 8-Suite B P-256 Hash Algorithm Selection-client

[10-Suite B P-256 Hash Algorithm Selection-ssl]

server = 10-Suite B P-256 Hash Algorithm Selection-server

client = 10-Suite B P-256 Hash Algorithm Selection-client



[8-Suite B P-256 Hash Algorithm Selection-server]

[10-Suite B P-256 Hash Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = SUITEB128

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
@@ -255,13 +317,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem 
MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[8-Suite B P-256 Hash Algorithm Selection-client]

[10-Suite B P-256 Hash Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem

VerifyMode = Peer



[test-8]

[test-10]

ExpectedResult = Success

ExpectedServerCertType = P-256

ExpectedServerSignHash = SHA256
@@ -270,14 +332,14 @@ ExpectedServerSignType = EC 


# ===========================================================



[9-Suite B P-384 Hash Algorithm Selection]

ssl_conf = 9-Suite B P-384 Hash Algorithm Selection-ssl

[11-Suite B P-384 Hash Algorithm Selection]

ssl_conf = 11-Suite B P-384 Hash Algorithm Selection-ssl



[9-Suite B P-384 Hash Algorithm Selection-ssl]

server = 9-Suite B P-384 Hash Algorithm Selection-server

client = 9-Suite B P-384 Hash Algorithm Selection-client

[11-Suite B P-384 Hash Algorithm Selection-ssl]

server = 11-Suite B P-384 Hash Algorithm Selection-server

client = 11-Suite B P-384 Hash Algorithm Selection-client



[9-Suite B P-384 Hash Algorithm Selection-server]

[11-Suite B P-384 Hash Algorithm Selection-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = SUITEB128

ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
@@ -285,13 +347,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem 
MaxProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[9-Suite B P-384 Hash Algorithm Selection-client]

[11-Suite B P-384 Hash Algorithm Selection-client]

CipherString = DEFAULT

SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem

VerifyMode = Peer



[test-9]

[test-11]

ExpectedResult = Success

ExpectedServerCertType = P-384

ExpectedServerSignHash = SHA384
@@ -300,14 +362,14 @@ ExpectedServerSignType = EC 


# ===========================================================



[10-TLS 1.2 DSA Certificate Test]

ssl_conf = 10-TLS 1.2 DSA Certificate Test-ssl

[12-TLS 1.2 DSA Certificate Test]

ssl_conf = 12-TLS 1.2 DSA Certificate Test-ssl



[10-TLS 1.2 DSA Certificate Test-ssl]

server = 10-TLS 1.2 DSA Certificate Test-server

client = 10-TLS 1.2 DSA Certificate Test-client

[12-TLS 1.2 DSA Certificate Test-ssl]

server = 12-TLS 1.2 DSA Certificate Test-server

client = 12-TLS 1.2 DSA Certificate Test-client



[10-TLS 1.2 DSA Certificate Test-server]

[12-TLS 1.2 DSA Certificate Test-server]

Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem

CipherString = ALL

DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
@@ -317,13 +379,13 @@ MaxProtocol = TLSv1.2 
MinProtocol = TLSv1.2

PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem



[10-TLS 1.2 DSA Certificate Test-client]

[12-TLS 1.2 DSA Certificate Test-client]

CipherString = ALL

SignatureAlgorithms = DSA+SHA256:DSA+SHA1

VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem

VerifyMode = Peer



[test-10]

[test-12]

ExpectedResult = Success

test/ssl-tests/20-cert-select.conf.in

+55 −0
Original line number Diff line number Diff line
@@ -78,6 +78,36 @@ our @tests = ( 
            "ExpectedResult" => "Success"

        },

    },

    {

        name => "ECDSA Signature Algorithm Selection SHA1",

        server => $server,

        client => {

            "SignatureAlgorithms" => "ECDSA+SHA1",

        },

        test   => {

            "ExpectedServerCertType" => "P-256",

            "ExpectedServerSignHash" => "SHA1",

            "ExpectedServerSignType" => "EC",

            "ExpectedResult" => "Success"

        },

    },

    {

        name => "ECDSA Signature Algorithm Selection compressed point",

        server => {

            "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),

            "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),

            "MaxProtocol" => "TLSv1.2"

        },

        client => {

            "SignatureAlgorithms" => "ECDSA+SHA256",

        },

        test   => {

            "ExpectedServerCertType" => "P-256",

            "ExpectedServerSignHash" => "SHA256",

            "ExpectedServerSignType" => "EC",

            "ExpectedResult" => "Success"

        },

    },

    {

        name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",

        server => {
@@ -187,6 +217,31 @@ my @tests_tls_1_3 = ( 
            "ExpectedResult" => "Success"

        },

    },

    {

        name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point",

        server => {

            "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),

            "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),

            "MinProtocol" => "TLSv1.3",

            "MaxProtocol" => "TLSv1.3"

        },

        client => {

            "SignatureAlgorithms" => "ECDSA+SHA256",

        },

        test   => {

            "ExpectedResult" => "ServerFail"

        },

    },

    {

        name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",

        server => $server_tls_1_3,

        client => {

            "SignatureAlgorithms" => "ECDSA+SHA1",

        },

        test   => {

            "ExpectedResult" => "ServerFail"

        },

    },

    {

        name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",

        server => $server_tls_1_3,