test/ssl-tests/20-cert-select.conf.in

   1 # -*- mode: perl; -*-
   2
   3 ## SSL test configurations
   4
   5
   6 use strict;
   7 use warnings;
   8
   9 package ssltests;
  10 use OpenSSL::Test::Utils;
  11
  12 my $server = {
  13     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
  14     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
  15     "MaxProtocol" => "TLSv1.2"
  16 };
  17
  18 our @tests = (
  19     {
  20         name => "ECDSA CipherString Selection",
  21         server => $server,
  22         client => {
  23             "CipherString" => "aECDSA",
  24         },
  25         test   => {
  26             "ExpectedServerCertType" =>, "P-256",
  27             "ExpectedServerSignType" =>, "EC",
  28             "ExpectedResult" => "Success"
  29         },
  30     },
  31     {
  32         name => "RSA CipherString Selection",
  33         server => $server,
  34         client => {
  35             "CipherString" => "aRSA",
  36         },
  37         test   => {
  38             "ExpectedServerCertType" =>, "RSA",
  39             "ExpectedServerSignType" =>, "RSA-PSS",
  40             "ExpectedResult" => "Success"
  41         },
  42     },
  43     {
  44         name => "ECDSA CipherString Selection, no ECDSA certificate",
  45         server => {
  46             "MaxProtocol" => "TLSv1.2"
  47         },
  48         client => {
  49             "CipherString" => "aECDSA"
  50         },
  51         test   => {
  52             "ExpectedResult" => "ServerFail"
  53         },
  54     },
  55     {
  56         name => "ECDSA Signature Algorithm Selection",
  57         server => $server,
  58         client => {
  59             "SignatureAlgorithms" => "ECDSA+SHA256",
  60         },
  61         test   => {
  62             "ExpectedServerCertType" => "P-256",
  63             "ExpectedServerSignHash" => "SHA256",
  64             "ExpectedServerSignType" => "EC",
  65             "ExpectedResult" => "Success"
  66         },
  67     },
  68     {
  69         name => "ECDSA Signature Algorithm Selection SHA384",
  70         server => $server,
  71         client => {
  72             "SignatureAlgorithms" => "ECDSA+SHA384",
  73         },
  74         test   => {
  75             "ExpectedServerCertType" => "P-256",
  76             "ExpectedServerSignHash" => "SHA384",
  77             "ExpectedServerSignType" => "EC",
  78             "ExpectedResult" => "Success"
  79         },
  80     },
  81     {
  82         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
  83         server => {
  84              "MaxProtocol" => "TLSv1.2"
  85         },
  86         client => {
  87             "SignatureAlgorithms" => "ECDSA+SHA256",
  88         },
  89         test   => {
  90             "ExpectedResult" => "ServerFail"
  91         },
  92     },
  93     {
  94         name => "RSA Signature Algorithm Selection",
  95         server => $server,
  96         client => {
  97             "SignatureAlgorithms" => "RSA+SHA256",
  98         },
  99         test   => {
 100             "ExpectedServerCertType" => "RSA",
 101             "ExpectedServerSignHash" => "SHA256",
 102             "ExpectedServerSignType" => "RSA",
 103             "ExpectedResult" => "Success"
 104         },
 105     },
 106     {
 107         name => "RSA-PSS Signature Algorithm Selection",
 108         server => $server,
 109         client => {
 110             "SignatureAlgorithms" => "RSA-PSS+SHA256",
 111         },
 112         test   => {
 113             "ExpectedServerCertType" => "RSA",
 114             "ExpectedServerSignHash" => "SHA256",
 115             "ExpectedServerSignType" => "RSA-PSS",
 116             "ExpectedResult" => "Success"
 117         },
 118     }
 119 );
 120
 121
 122 my $server_tls_1_3 = {
 123     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
 124     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
 125     "MinProtocol" => "TLSv1.3",
 126     "MaxProtocol" => "TLSv1.3"
 127 };
 128
 129 my $client_tls_1_3 = {
 130     "RSA.Certificate" => test_pem("ee-client-chain.pem"),
 131     "RSA.PrivateKey" => test_pem("ee-key.pem"),
 132     "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
 133     "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
 134     "MinProtocol" => "TLSv1.3",
 135     "MaxProtocol" => "TLSv1.3"
 136 };
 137
 138 my @tests_tls_1_3 = (
 139     {
 140         name => "TLS 1.3 ECDSA Signature Algorithm Selection",
 141         server => $server_tls_1_3,
 142         client => {
 143             "SignatureAlgorithms" => "ECDSA+SHA256",
 144         },
 145         test   => {
 146             "ExpectedServerCertType" => "P-256",
 147             "ExpectedServerSignHash" => "SHA256",
 148             "ExpectedServerSignType" => "EC",
 149             "ExpectedResult" => "Success"
 150         },
 151     },
 152     {
 153         name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
 154         server => $server_tls_1_3,
 155         client => {
 156             "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
 157         },
 158         test   => {
 159             "ExpectedServerCertType" => "P-256",
 160             "ExpectedServerSignHash" => "SHA256",
 161             "ExpectedServerSignType" => "EC",
 162             "ExpectedResult" => "Success"
 163         },
 164     },
 165     {
 166         name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
 167         server => $server_tls_1_3,
 168         client => {
 169             "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
 170         },
 171         test   => {
 172             "ExpectedServerCertType" => "RSA",
 173             "ExpectedServerSignHash" => "SHA384",
 174             "ExpectedServerSignType" => "RSA-PSS",
 175             "ExpectedResult" => "Success"
 176         },
 177     },
 178     {
 179         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
 180         server => {
 181             "MinProtocol" => "TLSv1.3",
 182             "MaxProtocol" => "TLSv1.3"
 183         },
 184         client => {
 185             "SignatureAlgorithms" => "ECDSA+SHA256",
 186         },
 187         test   => {
 188             "ExpectedResult" => "ServerFail"
 189         },
 190     },
 191     {
 192         name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
 193         server => $server_tls_1_3,
 194         client => {
 195             "SignatureAlgorithms" => "RSA+SHA256",
 196         },
 197         test   => {
 198             "ExpectedResult" => "ServerFail"
 199         },
 200     },
 201     {
 202         name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
 203         server => $server_tls_1_3,
 204         client => {
 205             "SignatureAlgorithms" => "RSA-PSS+SHA256",
 206         },
 207         test   => {
 208             "ExpectedServerCertType" => "RSA",
 209             "ExpectedServerSignHash" => "SHA256",
 210             "ExpectedServerSignType" => "RSA-PSS",
 211             "ExpectedResult" => "Success"
 212         },
 213     },
 214     {
 215         name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
 216         server => {
 217             "ClientSignatureAlgorithms" => "PSS+SHA256",
 218             "VerifyCAFile" => test_pem("root-cert.pem"),
 219             "VerifyMode" => "Require"
 220         },
 221         client => $client_tls_1_3,
 222         test   => {
 223             "ExpectedClientCertType" => "RSA",
 224             "ExpectedClientSignHash" => "SHA256",
 225             "ExpectedClientSignType" => "RSA-PSS",
 226             "ExpectedResult" => "Success"
 227         },
 228     },
 229     {
 230         name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
 231         server => {
 232             "ClientSignatureAlgorithms" => "ECDSA+SHA256",
 233             "VerifyCAFile" => test_pem("root-cert.pem"),
 234             "VerifyMode" => "Require"
 235         },
 236         client => $client_tls_1_3,
 237         test   => {
 238             "ExpectedClientCertType" => "P-256",
 239             "ExpectedClientSignHash" => "SHA256",
 240             "ExpectedClientSignType" => "EC",
 241             "ExpectedResult" => "Success"
 242         },
 243     },
 244 );
 245
 246 push @tests, @tests_tls_1_3 unless disabled("tls1_3");