test/ssl-tests/20-cert-select.conf.in

   1 # -*- mode: perl; -*-
   2
   3 ## SSL test configurations
   4
   5
   6 use strict;
   7 use warnings;
   8
   9 package ssltests;
  10 use OpenSSL::Test::Utils;
  11
  12 my $dir_sep = $^O ne "VMS" ? "/" : "";
  13
  14 my $server = {
  15     "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
  16     "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
  17     "MaxProtocol" => "TLSv1.2"
  18 };
  19
  20 our @tests = (
  21     {
  22         name => "ECDSA CipherString Selection",
  23         server => $server,
  24         client => {
  25             "CipherString" => "aECDSA",
  26         },
  27         test   => {
  28             "ExpectedServerCertType" =>, "P-256",
  29             "ExpectedServerSignType" =>, "EC",
  30             "ExpectedResult" => "Success"
  31         },
  32     },
  33     {
  34         name => "RSA CipherString Selection",
  35         server => $server,
  36         client => {
  37             "CipherString" => "aRSA",
  38         },
  39         test   => {
  40             "ExpectedServerCertType" =>, "RSA",
  41             "ExpectedServerSignType" =>, "RSA-PSS",
  42             "ExpectedResult" => "Success"
  43         },
  44     },
  45     {
  46         name => "ECDSA CipherString Selection, no ECDSA certificate",
  47         server => { },
  48         client => {
  49             "CipherString" => "aECDSA"
  50         },
  51         test   => {
  52             "ExpectedResult" => "ServerFail"
  53         },
  54     },
  55     {
  56         name => "ECDSA Signature Algorithm Selection",
  57         server => $server,
  58         client => {
  59             "SignatureAlgorithms" => "ECDSA+SHA256",
  60         },
  61         test   => {
  62             "ExpectedServerCertType" => "P-256",
  63             "ExpectedServerSignHash" => "SHA256",
  64             "ExpectedServerSignType" => "EC",
  65             "ExpectedResult" => "Success"
  66         },
  67     },
  68     {
  69         name => "ECDSA Signature Algorithm Selection SHA384",
  70         server => $server,
  71         client => {
  72             "SignatureAlgorithms" => "ECDSA+SHA384",
  73         },
  74         test   => {
  75             "ExpectedServerCertType" => "P-256",
  76             "ExpectedServerSignHash" => "SHA384",
  77             "ExpectedServerSignType" => "EC",
  78             "ExpectedResult" => "Success"
  79         },
  80     },
  81     {
  82         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
  83         server => { },
  84         client => {
  85             "SignatureAlgorithms" => "ECDSA+SHA256",
  86         },
  87         test   => {
  88             "ExpectedResult" => "ServerFail"
  89         },
  90     },
  91     {
  92         name => "RSA Signature Algorithm Selection",
  93         server => $server,
  94         client => {
  95             "SignatureAlgorithms" => "RSA+SHA256",
  96         },
  97         test   => {
  98             "ExpectedServerCertType" => "RSA",
  99             "ExpectedServerSignHash" => "SHA256",
 100             "ExpectedServerSignType" => "RSA",
 101             "ExpectedResult" => "Success"
 102         },
 103     },
 104     {
 105         name => "RSA-PSS Signature Algorithm Selection",
 106         server => $server,
 107         client => {
 108             "SignatureAlgorithms" => "RSA-PSS+SHA256",
 109         },
 110         test   => {
 111             "ExpectedServerCertType" => "RSA",
 112             "ExpectedServerSignHash" => "SHA256",
 113             "ExpectedServerSignType" => "RSA-PSS",
 114             "ExpectedResult" => "Success"
 115         },
 116     }
 117 );
 118
 119
 120 my $server_tls_1_3 = {
 121     "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
 122     "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
 123     "MinProtocol" => "TLSv1.3",
 124     "MaxProtocol" => "TLSv1.3"
 125 };
 126
 127 my @tests_tls_1_3 = (
 128     {
 129         name => "TLS 1.3 ECDSA Signature Algorithm Selection",
 130         server => $server_tls_1_3,
 131         client => {
 132             "SignatureAlgorithms" => "ECDSA+SHA256",
 133         },
 134         test   => {
 135             "ExpectedServerCertType" => "P-256",
 136             "ExpectedServerSignHash" => "SHA256",
 137             "ExpectedServerSignType" => "EC",
 138             "ExpectedResult" => "Success"
 139         },
 140     },
 141     {
 142         name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
 143         server => $server_tls_1_3,
 144         client => {
 145             "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
 146         },
 147         test   => {
 148             "ExpectedServerCertType" => "P-256",
 149             "ExpectedServerSignHash" => "SHA256",
 150             "ExpectedServerSignType" => "EC",
 151             "ExpectedResult" => "Success"
 152         },
 153     },
 154     {
 155         name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
 156         server => $server_tls_1_3,
 157         client => {
 158             "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
 159         },
 160         test   => {
 161             "ExpectedServerCertType" => "RSA",
 162             "ExpectedServerSignHash" => "SHA384",
 163             "ExpectedServerSignType" => "RSA-PSS",
 164             "ExpectedResult" => "Success"
 165         },
 166     },
 167     {
 168         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
 169         server => { },
 170         client => {
 171             "SignatureAlgorithms" => "ECDSA+SHA256",
 172         },
 173         test   => {
 174             "ExpectedResult" => "ServerFail"
 175         },
 176     },
 177     {
 178         name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
 179         server => $server_tls_1_3,
 180         client => {
 181             "SignatureAlgorithms" => "RSA+SHA256",
 182         },
 183         test   => {
 184             "ExpectedResult" => "ServerFail"
 185         },
 186     },
 187     {
 188         name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
 189         server => $server_tls_1_3,
 190         client => {
 191             "SignatureAlgorithms" => "RSA-PSS+SHA256",
 192         },
 193         test   => {
 194             "ExpectedServerCertType" => "RSA",
 195             "ExpectedServerSignHash" => "SHA256",
 196             "ExpectedServerSignType" => "RSA-PSS",
 197             "ExpectedResult" => "Success"
 198         },
 199     }
 200 );
 201
 202 push @tests, @tests_tls_1_3 unless disabled("tls1_3");