Add Ed25519 TLS 1.3 and 1.2 tests

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)

diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index 5937f9ad4ecc7a632bdb2c47cba9218e182c45ef..90bc5a23c8e3219803380ea31f6fd13a7a7457d7 100644 (file)
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -12,6 +12,8 @@ use OpenSSL::Test::Utils;
 my $server = {
     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),
     "MaxProtocol" => "TLSv1.2"
 };
 
@@ -32,6 +34,23 @@ our @tests = (
             "ExpectedResult" => "Success"
         },
     },
+    {
+        name => "Ed25519 CipherString and Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ed25519:ECDSA+SHA256",
+            "RequestCAFile" => test_pem("root-cert.pem"),
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "Ed25519",
+            "ExpectedServerSignType" =>, "Ed25519",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
     {
         name => "RSA CipherString Selection",
         server => $server,
@@ -189,13 +208,33 @@ our @tests = (
             "ExpectedServerSignType" => "EC",
             "ExpectedResult" => "Success"
         },
-    }
+    },
+    {
+        name => "TLS 1.2 Ed25519 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
+            "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
+            "MinProtocol" => "TLSv1.2",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed25519",
+            "ExpectedClientSignType" => "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
 );
 
 
 my $server_tls_1_3 = {
     "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
     "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),
     "MinProtocol" => "TLSv1.3",
     "MaxProtocol" => "TLSv1.3"
 };
@@ -313,6 +352,18 @@ my @tests_tls_1_3 = (
             "ExpectedResult" => "Success"
         },
     },
+    {
+        name => "TLS 1.3 Ed25519 Signature Algorithm Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ed25519",
+        },
+        test   => {
+            "ExpectedServerCertType" => "Ed25519",
+            "ExpectedServerSignType" => "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
     {
         name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
         server => {
@@ -361,6 +412,24 @@ my @tests_tls_1_3 = (
             "ExpectedResult" => "Success"
         },
     },
+    {
+        name => "TLS 1.3 Ed25519 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
+            "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed25519",
+            "ExpectedClientSignType" => "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
     {
         name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
         server => {