test/ssl-tests/20-cert-select.conf.in

   1 # -*- mode: perl; -*-
   2
   3 ## SSL test configurations
   4
   5
   6 use strict;
   7 use warnings;
   8
   9 package ssltests;
  10 use OpenSSL::Test::Utils;
  11
  12 my $dir_sep = $^O ne "VMS" ? "/" : "";
  13
  14 my $server = {
  15     "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
  16     "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
  17     "MaxProtocol" => "TLSv1.2"
  18 };
  19
  20 our @tests = (
  21     {
  22         name => "ECDSA CipherString Selection",
  23         server => $server,
  24         client => {
  25             "CipherString" => "aECDSA",
  26         },
  27         test   => {
  28             "ExpectedServerCertType" =>, "P-256",
  29             "ExpectedServerSignType" =>, "EC",
  30             "ExpectedResult" => "Success"
  31         },
  32     },
  33     {
  34         name => "RSA CipherString Selection",
  35         server => $server,
  36         client => {
  37             "CipherString" => "aRSA",
  38         },
  39         test   => {
  40             "ExpectedServerCertType" =>, "RSA",
  41             "ExpectedServerSignType" =>, "RSA-PSS",
  42             "ExpectedResult" => "Success"
  43         },
  44     },
  45     {
  46         name => "ECDSA CipherString Selection, no ECDSA certificate",
  47         server => {
  48             "MaxProtocol" => "TLSv1.2"
  49         },
  50         client => {
  51             "CipherString" => "aECDSA"
  52         },
  53         test   => {
  54             "ExpectedResult" => "ServerFail"
  55         },
  56     },
  57     {
  58         name => "ECDSA Signature Algorithm Selection",
  59         server => $server,
  60         client => {
  61             "SignatureAlgorithms" => "ECDSA+SHA256",
  62         },
  63         test   => {
  64             "ExpectedServerCertType" => "P-256",
  65             "ExpectedServerSignHash" => "SHA256",
  66             "ExpectedServerSignType" => "EC",
  67             "ExpectedResult" => "Success"
  68         },
  69     },
  70     {
  71         name => "ECDSA Signature Algorithm Selection SHA384",
  72         server => $server,
  73         client => {
  74             "SignatureAlgorithms" => "ECDSA+SHA384",
  75         },
  76         test   => {
  77             "ExpectedServerCertType" => "P-256",
  78             "ExpectedServerSignHash" => "SHA384",
  79             "ExpectedServerSignType" => "EC",
  80             "ExpectedResult" => "Success"
  81         },
  82     },
  83     {
  84         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
  85         server => {
  86              "MaxProtocol" => "TLSv1.2"
  87         },
  88         client => {
  89             "SignatureAlgorithms" => "ECDSA+SHA256",
  90         },
  91         test   => {
  92             "ExpectedResult" => "ServerFail"
  93         },
  94     },
  95     {
  96         name => "RSA Signature Algorithm Selection",
  97         server => $server,
  98         client => {
  99             "SignatureAlgorithms" => "RSA+SHA256",
 100         },
 101         test   => {
 102             "ExpectedServerCertType" => "RSA",
 103             "ExpectedServerSignHash" => "SHA256",
 104             "ExpectedServerSignType" => "RSA",
 105             "ExpectedResult" => "Success"
 106         },
 107     },
 108     {
 109         name => "RSA-PSS Signature Algorithm Selection",
 110         server => $server,
 111         client => {
 112             "SignatureAlgorithms" => "RSA-PSS+SHA256",
 113         },
 114         test   => {
 115             "ExpectedServerCertType" => "RSA",
 116             "ExpectedServerSignHash" => "SHA256",
 117             "ExpectedServerSignType" => "RSA-PSS",
 118             "ExpectedResult" => "Success"
 119         },
 120     }
 121 );
 122
 123
 124 my $server_tls_1_3 = {
 125     "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
 126     "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
 127     "MinProtocol" => "TLSv1.3",
 128     "MaxProtocol" => "TLSv1.3"
 129 };
 130
 131 my @tests_tls_1_3 = (
 132     {
 133         name => "TLS 1.3 ECDSA Signature Algorithm Selection",
 134         server => $server_tls_1_3,
 135         client => {
 136             "SignatureAlgorithms" => "ECDSA+SHA256",
 137         },
 138         test   => {
 139             "ExpectedServerCertType" => "P-256",
 140             "ExpectedServerSignHash" => "SHA256",
 141             "ExpectedServerSignType" => "EC",
 142             "ExpectedResult" => "Success"
 143         },
 144     },
 145     {
 146         name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
 147         server => $server_tls_1_3,
 148         client => {
 149             "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
 150         },
 151         test   => {
 152             "ExpectedServerCertType" => "P-256",
 153             "ExpectedServerSignHash" => "SHA256",
 154             "ExpectedServerSignType" => "EC",
 155             "ExpectedResult" => "Success"
 156         },
 157     },
 158     {
 159         name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
 160         server => $server_tls_1_3,
 161         client => {
 162             "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
 163         },
 164         test   => {
 165             "ExpectedServerCertType" => "RSA",
 166             "ExpectedServerSignHash" => "SHA384",
 167             "ExpectedServerSignType" => "RSA-PSS",
 168             "ExpectedResult" => "Success"
 169         },
 170     },
 171     {
 172         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
 173         server => {
 174             "MinProtocol" => "TLSv1.3",
 175             "MaxProtocol" => "TLSv1.3"
 176         },
 177         client => {
 178             "SignatureAlgorithms" => "ECDSA+SHA256",
 179         },
 180         test   => {
 181             "ExpectedResult" => "ServerFail"
 182         },
 183     },
 184     {
 185         name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
 186         server => $server_tls_1_3,
 187         client => {
 188             "SignatureAlgorithms" => "RSA+SHA256",
 189         },
 190         test   => {
 191             "ExpectedResult" => "ServerFail"
 192         },
 193     },
 194     {
 195         name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
 196         server => $server_tls_1_3,
 197         client => {
 198             "SignatureAlgorithms" => "RSA-PSS+SHA256",
 199         },
 200         test   => {
 201             "ExpectedServerCertType" => "RSA",
 202             "ExpectedServerSignHash" => "SHA256",
 203             "ExpectedServerSignType" => "RSA-PSS",
 204             "ExpectedResult" => "Success"
 205         },
 206     }
 207 );
 208
 209 push @tests, @tests_tls_1_3 unless disabled("tls1_3");