add DSA cert tests
[openssl.git] / test / ssl-tests / 20-cert-select.conf.in
1 # -*- mode: perl; -*-
2
3 ## SSL test configurations
4
5
6 use strict;
7 use warnings;
8
9 package ssltests;
10 use OpenSSL::Test::Utils;
11
12 my $server = {
13     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
14     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
15     "MaxProtocol" => "TLSv1.2"
16 };
17
18 our @tests = (
19     {
20         name => "ECDSA CipherString Selection",
21         server => $server,
22         client => {
23             "CipherString" => "aECDSA",
24         },
25         test   => {
26             "ExpectedServerCertType" =>, "P-256",
27             "ExpectedServerSignType" =>, "EC",
28             "ExpectedResult" => "Success"
29         },
30     },
31     {
32         name => "RSA CipherString Selection",
33         server => $server,
34         client => {
35             "CipherString" => "aRSA",
36         },
37         test   => {
38             "ExpectedServerCertType" =>, "RSA",
39             "ExpectedServerSignType" =>, "RSA-PSS",
40             "ExpectedResult" => "Success"
41         },
42     },
43     {
44         name => "ECDSA CipherString Selection, no ECDSA certificate",
45         server => {
46             "MaxProtocol" => "TLSv1.2"
47         },
48         client => {
49             "CipherString" => "aECDSA"
50         },
51         test   => {
52             "ExpectedResult" => "ServerFail"
53         },
54     },
55     {
56         name => "ECDSA Signature Algorithm Selection",
57         server => $server,
58         client => {
59             "SignatureAlgorithms" => "ECDSA+SHA256",
60         },
61         test   => {
62             "ExpectedServerCertType" => "P-256",
63             "ExpectedServerSignHash" => "SHA256",
64             "ExpectedServerSignType" => "EC",
65             "ExpectedResult" => "Success"
66         },
67     },
68     {
69         name => "ECDSA Signature Algorithm Selection SHA384",
70         server => $server,
71         client => {
72             "SignatureAlgorithms" => "ECDSA+SHA384",
73         },
74         test   => {
75             "ExpectedServerCertType" => "P-256",
76             "ExpectedServerSignHash" => "SHA384",
77             "ExpectedServerSignType" => "EC",
78             "ExpectedResult" => "Success"
79         },
80     },
81     {
82         name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
83         server => {
84              "MaxProtocol" => "TLSv1.2"
85         },
86         client => {
87             "SignatureAlgorithms" => "ECDSA+SHA256",
88         },
89         test   => {
90             "ExpectedResult" => "ServerFail"
91         },
92     },
93     {
94         name => "RSA Signature Algorithm Selection",
95         server => $server,
96         client => {
97             "SignatureAlgorithms" => "RSA+SHA256",
98         },
99         test   => {
100             "ExpectedServerCertType" => "RSA",
101             "ExpectedServerSignHash" => "SHA256",
102             "ExpectedServerSignType" => "RSA",
103             "ExpectedResult" => "Success"
104         },
105     },
106     {
107         name => "RSA-PSS Signature Algorithm Selection",
108         server => $server,
109         client => {
110             "SignatureAlgorithms" => "RSA-PSS+SHA256",
111         },
112         test   => {
113             "ExpectedServerCertType" => "RSA",
114             "ExpectedServerSignHash" => "SHA256",
115             "ExpectedServerSignType" => "RSA-PSS",
116             "ExpectedResult" => "Success"
117         },
118     }
119 );
120
121
122 my $server_tls_1_3 = {
123     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
124     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
125     "MinProtocol" => "TLSv1.3",
126     "MaxProtocol" => "TLSv1.3"
127 };
128
129 my $client_tls_1_3 = {
130     "RSA.Certificate" => test_pem("ee-client-chain.pem"),
131     "RSA.PrivateKey" => test_pem("ee-key.pem"),
132     "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
133     "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
134     "MinProtocol" => "TLSv1.3",
135     "MaxProtocol" => "TLSv1.3"
136 };
137
138 my @tests_tls_1_3 = (
139     {
140         name => "TLS 1.3 ECDSA Signature Algorithm Selection",
141         server => $server_tls_1_3,
142         client => {
143             "SignatureAlgorithms" => "ECDSA+SHA256",
144         },
145         test   => {
146             "ExpectedServerCertType" => "P-256",
147             "ExpectedServerSignHash" => "SHA256",
148             "ExpectedServerSignType" => "EC",
149             "ExpectedResult" => "Success"
150         },
151     },
152     {
153         name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
154         server => $server_tls_1_3,
155         client => {
156             "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
157         },
158         test   => {
159             "ExpectedServerCertType" => "P-256",
160             "ExpectedServerSignHash" => "SHA256",
161             "ExpectedServerSignType" => "EC",
162             "ExpectedResult" => "Success"
163         },
164     },
165     {
166         name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
167         server => $server_tls_1_3,
168         client => {
169             "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
170         },
171         test   => {
172             "ExpectedServerCertType" => "RSA",
173             "ExpectedServerSignHash" => "SHA384",
174             "ExpectedServerSignType" => "RSA-PSS",
175             "ExpectedResult" => "Success"
176         },
177     },
178     {
179         name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
180         server => {
181             "MinProtocol" => "TLSv1.3",
182             "MaxProtocol" => "TLSv1.3"
183         },
184         client => {
185             "SignatureAlgorithms" => "ECDSA+SHA256",
186         },
187         test   => {
188             "ExpectedResult" => "ServerFail"
189         },
190     },
191     {
192         name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
193         server => $server_tls_1_3,
194         client => {
195             "SignatureAlgorithms" => "RSA+SHA256",
196         },
197         test   => {
198             "ExpectedResult" => "ServerFail"
199         },
200     },
201     {
202         name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
203         server => $server_tls_1_3,
204         client => {
205             "SignatureAlgorithms" => "RSA-PSS+SHA256",
206         },
207         test   => {
208             "ExpectedServerCertType" => "RSA",
209             "ExpectedServerSignHash" => "SHA256",
210             "ExpectedServerSignType" => "RSA-PSS",
211             "ExpectedResult" => "Success"
212         },
213     },
214     {
215         name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
216         server => {
217             "ClientSignatureAlgorithms" => "PSS+SHA256",
218             "VerifyCAFile" => test_pem("root-cert.pem"),
219             "VerifyMode" => "Require"
220         },
221         client => $client_tls_1_3,
222         test   => {
223             "ExpectedClientCertType" => "RSA",
224             "ExpectedClientSignHash" => "SHA256",
225             "ExpectedClientSignType" => "RSA-PSS",
226             "ExpectedResult" => "Success"
227         },
228     },
229     {
230         name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
231         server => {
232             "ClientSignatureAlgorithms" => "ECDSA+SHA256",
233             "VerifyCAFile" => test_pem("root-cert.pem"),
234             "VerifyMode" => "Require"
235         },
236         client => $client_tls_1_3,
237         test   => {
238             "ExpectedClientCertType" => "P-256",
239             "ExpectedClientSignHash" => "SHA256",
240             "ExpectedClientSignType" => "EC",
241             "ExpectedResult" => "Success"
242         },
243     },
244 );
245
246 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
247
248 my @tests_dsa_tls_1_2 = (
249     {
250         name => "TLS 1.2 DSA Certificate Test",
251         server => {
252             "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
253             "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
254             "DHParameters" => test_pem("dhp2048.pem"),
255             "MinProtocol" => "TLSv1.2",
256             "MaxProtocol" => "TLSv1.2",
257             "CipherString" => "ALL",
258         },
259         client => {
260             "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
261             "CipherString" => "ALL",
262         },
263         test   => {
264             "ExpectedResult" => "Success"
265         },
266     },
267 );
268
269 my @tests_dsa_tls_1_3 = (
270     {
271         name => "TLS 1.3 DSA Certificate Test",
272         server => {
273             "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
274             "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
275             "MinProtocol" => "TLSv1.3",
276             "MaxProtocol" => "TLSv1.3",
277             "CipherString" => "ALL",
278         },
279         client => {
280             "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256",
281             "CipherString" => "ALL",
282         },
283         test   => {
284             "ExpectedResult" => "ServerFail"
285         },
286     },
287 );
288
289 if (!disabled("dsa")) {
290     push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
291     push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
292 }