From 9f577cddf917a61ea808947f428eaf183e84a081 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 24 Feb 2017 15:47:54 +0000 Subject: [PATCH] Add Suite B tests Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2738) --- test/ssl-tests/20-cert-select.conf | 82 +++++++++++++++++++++++---- test/ssl-tests/20-cert-select.conf.in | 38 +++++++++++++ 2 files changed, 110 insertions(+), 10 deletions(-) diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index 1598dadc6b..290bb878f1 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 9 +num_tests = 11 test-0 = 0-ECDSA CipherString Selection test-1 = 1-RSA CipherString Selection @@ -10,7 +10,9 @@ test-4 = 4-ECDSA Signature Algorithm Selection SHA384 test-5 = 5-ECDSA Signature Algorithm Selection, no ECDSA certificate test-6 = 6-RSA Signature Algorithm Selection test-7 = 7-RSA-PSS Signature Algorithm Selection -test-8 = 8-TLS 1.2 DSA Certificate Test +test-8 = 8-Suite B P-256 Hash Algorithm Selection +test-9 = 9-Suite B P-384 Hash Algorithm Selection +test-10 = 10-TLS 1.2 DSA Certificate Test # =========================================================== [0-ECDSA CipherString Selection] @@ -238,14 +240,74 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[8-TLS 1.2 DSA Certificate Test] -ssl_conf = 8-TLS 1.2 DSA Certificate Test-ssl +[8-Suite B P-256 Hash Algorithm Selection] +ssl_conf = 8-Suite B P-256 Hash Algorithm Selection-ssl -[8-TLS 1.2 DSA Certificate Test-ssl] -server = 8-TLS 1.2 DSA Certificate Test-server -client = 8-TLS 1.2 DSA Certificate Test-client +[8-Suite B P-256 Hash Algorithm Selection-ssl] +server = 8-Suite B P-256 Hash Algorithm Selection-server +client = 8-Suite B P-256 Hash Algorithm Selection-client -[8-TLS 1.2 DSA Certificate Test-server] +[8-Suite B P-256 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[8-Suite B P-256 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-8] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[9-Suite B P-384 Hash Algorithm Selection] +ssl_conf = 9-Suite B P-384 Hash Algorithm Selection-ssl + +[9-Suite B P-384 Hash Algorithm Selection-ssl] +server = 9-Suite B P-384 Hash Algorithm Selection-server +client = 9-Suite B P-384 Hash Algorithm Selection-client + +[9-Suite B P-384 Hash Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = SUITEB128 +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[9-Suite B P-384 Hash Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem +VerifyMode = Peer + +[test-9] +ExpectedResult = Success +ExpectedServerCertType = P-384 +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = EC + + +# =========================================================== + +[10-TLS 1.2 DSA Certificate Test] +ssl_conf = 10-TLS 1.2 DSA Certificate Test-ssl + +[10-TLS 1.2 DSA Certificate Test-ssl] +server = 10-TLS 1.2 DSA Certificate Test-server +client = 10-TLS 1.2 DSA Certificate Test-client + +[10-TLS 1.2 DSA Certificate Test-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = ALL DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem @@ -255,13 +317,13 @@ MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-TLS 1.2 DSA Certificate Test-client] +[10-TLS 1.2 DSA Certificate Test-client] CipherString = ALL SignatureAlgorithms = DSA+SHA256:DSA+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-8] +[test-10] ExpectedResult = Success diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index 7edfed6bd6..e33b3d60f7 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -115,6 +115,44 @@ our @tests = ( "ExpectedServerSignType" => "RSA-PSS", "ExpectedResult" => "Success" }, + }, + { + name => "Suite B P-256 Hash Algorithm Selection", + server => { + "ECDSA.Certificate" => test_pem("p256-server-cert.pem"), + "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"), + "MaxProtocol" => "TLSv1.2", + "CipherString" => "SUITEB128" + }, + client => { + "VerifyCAFile" => test_pem("p384-root.pem"), + "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256" + }, + test => { + "ExpectedServerCertType" => "P-256", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, + }, + { + name => "Suite B P-384 Hash Algorithm Selection", + server => { + "ECDSA.Certificate" => test_pem("p384-server-cert.pem"), + "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"), + "MaxProtocol" => "TLSv1.2", + "CipherString" => "SUITEB128" + }, + client => { + "VerifyCAFile" => test_pem("p384-root.pem"), + "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384" + }, + test => { + "ExpectedServerCertType" => "P-384", + "ExpectedServerSignHash" => "SHA384", + "ExpectedServerSignType" => "EC", + "ExpectedResult" => "Success" + }, } ); -- 2.34.1