Commit fbe1af9d authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add Ed25519 TLS 1.3 and 1.2 tests 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
parent 60bbed3f

test/ssl-tests/20-cert-select.conf.in

+70 −1
Original line number Diff line number Diff line
@@ -12,6 +12,8 @@ use OpenSSL::Test::Utils; 
my $server = {

    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),

    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),

    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),

    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),

    "MaxProtocol" => "TLSv1.2"

};
@@ -32,6 +34,23 @@ our @tests = ( 
            "ExpectedResult" => "Success"

        },

    },

    {

        name => "Ed25519 CipherString and Signature Algorithm Selection",

        server => $server,

        client => {

            "CipherString" => "aECDSA",

            "MaxProtocol" => "TLSv1.2",

            "SignatureAlgorithms" => "ed25519:ECDSA+SHA256",

            "RequestCAFile" => test_pem("root-cert.pem"),

        },

        test   => {

            "ExpectedServerCertType" =>, "Ed25519",

            "ExpectedServerSignType" =>, "Ed25519",

            # Note: certificate_authorities not sent for TLS < 1.3

            "ExpectedServerCANames" =>, "empty",

            "ExpectedResult" => "Success"

        },

    },

    {

        name => "RSA CipherString Selection",

        server => $server,
@@ -189,13 +208,33 @@ our @tests = ( 
            "ExpectedServerSignType" => "EC",

            "ExpectedResult" => "Success"

        },

    }

    },

    {

        name => "TLS 1.2 Ed25519 Client Auth",

        server => {

            "VerifyCAFile" => test_pem("root-cert.pem"),

            "VerifyMode" => "Require"

        },

        client => {

            "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),

            "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),

            "MinProtocol" => "TLSv1.2",

            "MaxProtocol" => "TLSv1.2"

        },

        test   => {

            "ExpectedClientCertType" => "Ed25519",

            "ExpectedClientSignType" => "Ed25519",

            "ExpectedResult" => "Success"

        },

    },

);





my $server_tls_1_3 = {

    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),

    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),

    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),

    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),

    "MinProtocol" => "TLSv1.3",

    "MaxProtocol" => "TLSv1.3"

};
@@ -313,6 +352,18 @@ my @tests_tls_1_3 = ( 
            "ExpectedResult" => "Success"

        },

    },

    {

        name => "TLS 1.3 Ed25519 Signature Algorithm Selection",

        server => $server_tls_1_3,

        client => {

            "SignatureAlgorithms" => "ed25519",

        },

        test   => {

            "ExpectedServerCertType" => "Ed25519",

            "ExpectedServerSignType" => "Ed25519",

            "ExpectedResult" => "Success"

        },

    },

    {

        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",

        server => {
@@ -361,6 +412,24 @@ my @tests_tls_1_3 = ( 
            "ExpectedResult" => "Success"

        },

    },

    {

        name => "TLS 1.3 Ed25519 Client Auth",

        server => {

            "VerifyCAFile" => test_pem("root-cert.pem"),

            "VerifyMode" => "Require"

        },

        client => {

            "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),

            "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),

            "MinProtocol" => "TLSv1.3",

            "MaxProtocol" => "TLSv1.3"

        },

        test   => {

            "ExpectedClientCertType" => "Ed25519",

            "ExpectedClientSignType" => "Ed25519",

            "ExpectedResult" => "Success"

        },

    },

    {

        name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",

        server => {