Add TLS 1.3 certificate selection tests.
[openssl.git] / test / ssl-tests / 20-cert-select.conf.in
1 # -*- mode: perl; -*-
2
3 ## SSL test configurations
4
5
6 use strict;
7 use warnings;
8
9 package ssltests;
10 use OpenSSL::Test::Utils;
11
12 my $dir_sep = $^O ne "VMS" ? "/" : "";
13
14 my $server = {
15     "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
16     "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
17     "MaxProtocol" => "TLSv1.2"
18 };
19
20 our @tests = (
21     {
22         name => "ECDSA CipherString Selection",
23         server => $server,
24         client => {
25             "CipherString" => "aECDSA",
26         },
27         test   => {
28             "ExpectedServerCertType" =>, "P-256",
29             "ExpectedServerSignType" =>, "EC",
30             "ExpectedResult" => "Success"
31         },
32     },
33     {
34         name => "RSA CipherString Selection",
35         server => $server,
36         client => {
37             "CipherString" => "aRSA",
38         },
39         test   => {
40             "ExpectedServerCertType" =>, "RSA",
41             "ExpectedServerSignType" =>, "RSA-PSS",
42             "ExpectedResult" => "Success"
43         },
44     },
45     {
46         name => "ECDSA CipherString Selection, no ECDSA certificate",
47         server => { },
48         client => {
49             "CipherString" => "aECDSA"
50         },
51         test   => {
52             "ExpectedResult" => "ServerFail"
53         },
54     },
55     {
56         name => "ECDSA Signature Algorithm Selection",
57         server => $server,
58         client => {
59             "SignatureAlgorithms" => "ECDSA+SHA256",
60         },
61         test   => {
62             "ExpectedServerCertType" => "P-256",
63             "ExpectedServerSignHash" => "SHA256",
64             "ExpectedServerSignType" => "EC",
65             "ExpectedResult" => "Success"
66         },
67     },
68     {
69         name => "ECDSA Signature Algorithm Selection SHA384",
70         server => $server,
71         client => {
72             "SignatureAlgorithms" => "ECDSA+SHA384",
73         },
74         test   => {
75             "ExpectedServerCertType" => "P-256",
76             "ExpectedServerSignHash" => "SHA384",
77             "ExpectedServerSignType" => "EC",
78             "ExpectedResult" => "Success"
79         },
80     },
81     {
82         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
83         server => { },
84         client => {
85             "SignatureAlgorithms" => "ECDSA+SHA256",
86         },
87         test   => {
88             "ExpectedResult" => "ServerFail"
89         },
90     },
91     {
92         name => "RSA Signature Algorithm Selection",
93         server => $server,
94         client => {
95             "SignatureAlgorithms" => "RSA+SHA256",
96         },
97         test   => {
98             "ExpectedServerCertType" => "RSA",
99             "ExpectedServerSignHash" => "SHA256",
100             "ExpectedServerSignType" => "RSA",
101             "ExpectedResult" => "Success"
102         },
103     },
104     {
105         name => "RSA-PSS Signature Algorithm Selection",
106         server => $server,
107         client => {
108             "SignatureAlgorithms" => "RSA-PSS+SHA256",
109         },
110         test   => {
111             "ExpectedServerCertType" => "RSA",
112             "ExpectedServerSignHash" => "SHA256",
113             "ExpectedServerSignType" => "RSA-PSS",
114             "ExpectedResult" => "Success"
115         },
116     }
117 );
118
119
120 my $server_tls_1_3 = {
121     "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
122     "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
123     "MinProtocol" => "TLSv1.3",
124     "MaxProtocol" => "TLSv1.3"
125 };
126
127 my @tests_tls_1_3 = (
128     {
129         name => "TLS 1.3 ECDSA Signature Algorithm Selection",
130         server => $server_tls_1_3,
131         client => {
132             "SignatureAlgorithms" => "ECDSA+SHA256",
133         },
134         test   => {
135             "ExpectedServerCertType" => "P-256",
136             "ExpectedServerSignHash" => "SHA256",
137             "ExpectedServerSignType" => "EC",
138             "ExpectedResult" => "Success"
139         },
140     },
141     {
142         name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
143         server => $server_tls_1_3,
144         client => {
145             "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
146         },
147         test   => {
148             "ExpectedServerCertType" => "P-256",
149             "ExpectedServerSignHash" => "SHA256",
150             "ExpectedServerSignType" => "EC",
151             "ExpectedResult" => "Success"
152         },
153     },
154     {
155         name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
156         server => $server_tls_1_3,
157         client => {
158             "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
159         },
160         test   => {
161             "ExpectedServerCertType" => "RSA",
162             "ExpectedServerSignHash" => "SHA384",
163             "ExpectedServerSignType" => "RSA-PSS",
164             "ExpectedResult" => "Success"
165         },
166     },
167     {
168         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
169         server => { },
170         client => {
171             "SignatureAlgorithms" => "ECDSA+SHA256",
172         },
173         test   => {
174             "ExpectedResult" => "ServerFail"
175         },
176     },
177     {
178         name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
179         server => $server_tls_1_3,
180         client => {
181             "SignatureAlgorithms" => "RSA+SHA256",
182         },
183         test   => {
184             "ExpectedResult" => "ServerFail"
185         },
186     },
187     {
188         name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
189         server => $server_tls_1_3,
190         client => {
191             "SignatureAlgorithms" => "RSA-PSS+SHA256",
192         },
193         test   => {
194             "ExpectedServerCertType" => "RSA",
195             "ExpectedServerSignHash" => "SHA256",
196             "ExpectedServerSignType" => "RSA-PSS",
197             "ExpectedResult" => "Success"
198         },
199     }
200 );
201
202 push @tests, @tests_tls_1_3 unless disabled("tls1_3");