"PrivateKey" => test_pem("server-pss-key.pem"),
};
+my $server_pss_restrict_only = {
+ "Certificate" => test_pem("server-pss-restrict-cert.pem"),
+ "PrivateKey" => test_pem("server-pss-restrict-key.pem"),
+};
+
+
my $server_rsa_all = {
"PSS.Certificate" => test_pem("server-pss-cert.pem"),
"PSS.PrivateKey" => test_pem("server-pss-key.pem"),
"ExpectedResult" => "Success"
},
},
+ {
+ name => "Only RSA-PSS Certificate Valid Signature Algorithms",
+ server => $server_pss_only,
+ client => {
+ "SignatureAlgorithms" => "rsa_pss_pss_sha512",
+ },
+ test => {
+ "ExpectedServerCertType" => "RSA-PSS",
+ "ExpectedServerSignHash" => "SHA512",
+ "ExpectedServerSignType" => "RSA-PSS",
+ "ExpectedResult" => "Success"
+ },
+ },
{
name => "RSA-PSS Certificate, no PSS signature algorithms",
server => $server_pss_only,
"ExpectedResult" => "ServerFail"
},
},
+ {
+ name => "Only RSA-PSS Restricted Certificate",
+ server => $server_pss_restrict_only,
+ client => {},
+ test => {
+ "ExpectedServerCertType" => "RSA-PSS",
+ "ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "RSA-PSS",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "RSA-PSS Restricted Certificate Valid Signature Algorithms",
+ server => $server_pss_restrict_only,
+ client => {
+ "SignatureAlgorithms" => "rsa_pss_pss_sha256:rsa_pss_pss_sha512",
+ },
+ test => {
+ "ExpectedServerCertType" => "RSA-PSS",
+ "ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "RSA-PSS",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "RSA-PSS Restricted Cert client prefers invalid Signature Algorithm",
+ server => $server_pss_restrict_only,
+ client => {
+ "SignatureAlgorithms" => "rsa_pss_pss_sha512:rsa_pss_pss_sha256",
+ },
+ test => {
+ "ExpectedServerCertType" => "RSA-PSS",
+ "ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "RSA-PSS",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "RSA-PSS Restricted Certificate Invalid Signature Algorithms",
+ server => $server_pss_restrict_only,
+ client => {
+ "SignatureAlgorithms" => "rsa_pss_pss_sha512",
+ },
+ test => {
+ "ExpectedResult" => "ServerFail"
+ },
+ },
{
name => "RSA key exchange with all RSA certificate types",
server => $server_rsa_all,