Add Ed25519 TLS 1.3 and 1.2 tests

[openssl.git] / test / ssl-tests / 20-cert-select.conf.in
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in

index 5937f9ad4ecc7a632bdb2c47cba9218e182c45ef..90bc5a23c8e3219803380ea31f6fd13a7a7457d7 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -12,6 +12,8 @@ use OpenSSL::Test::Utils;
  my $server = {
      "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
      "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),
      "MaxProtocol" => "TLSv1.2"
  };
  
@@ -32,6 +34,23 @@ our @tests = (
              "ExpectedResult" => "Success"
          },
      },
+    {
+        name => "Ed25519 CipherString and Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ed25519:ECDSA+SHA256",
+            "RequestCAFile" => test_pem("root-cert.pem"),
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "Ed25519",
+            "ExpectedServerSignType" =>, "Ed25519",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
      {
          name => "RSA CipherString Selection",
          server => $server,
@@ -189,13 +208,33 @@ our @tests = (
              "ExpectedServerSignType" => "EC",
              "ExpectedResult" => "Success"
          },
-    }
+    },
+    {
+        name => "TLS 1.2 Ed25519 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
+            "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
+            "MinProtocol" => "TLSv1.2",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed25519",
+            "ExpectedClientSignType" => "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
  );
  
  
  my $server_tls_1_3 = {
      "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
      "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),
      "MinProtocol" => "TLSv1.3",
      "MaxProtocol" => "TLSv1.3"
  };
@@ -313,6 +352,18 @@ my @tests_tls_1_3 = (
              "ExpectedResult" => "Success"
          },
      },
+    {
+        name => "TLS 1.3 Ed25519 Signature Algorithm Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ed25519",
+        },
+        test   => {
+            "ExpectedServerCertType" => "Ed25519",
+            "ExpectedServerSignType" => "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
      {
          name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
          server => {
@@ -361,6 +412,24 @@ my @tests_tls_1_3 = (
              "ExpectedResult" => "Success"
          },
      },
+    {
+        name => "TLS 1.3 Ed25519 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
+            "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed25519",
+            "ExpectedClientSignType" => "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
      {
          name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
          server => {