From: Dr. Stephen Henson Date: Fri, 27 Jan 2017 15:56:47 +0000 (+0000) Subject: Add tests for client and server signature type X-Git-Tag: OpenSSL_1_1_1-pre1~2524 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a92e710b7a15eb82fbfb9e9c8e4029d56a08dfb3;p=oweals%2Fopenssl.git Add tests for client and server signature type Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/2301) --- diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf index a9170984d4..96024884d9 100644 --- a/test/ssl-tests/04-client_auth.conf +++ b/test/ssl-tests/04-client_auth.conf @@ -562,6 +562,7 @@ VerifyMode = Peer [test-18] ExpectedClientCertType = RSA ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA ExpectedResult = Success diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index d45e399c3f..be601a9b1b 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -34,10 +34,12 @@ sub generate_tests() { $caalert = "UnknownCA"; } my $clihash; + my $clisigtype; my $clisigalgs; - # TODO add TLSv1.3 versions + # TODO(TLS1.3) add TLSv1.3 versions if ($protocol_name eq "TLSv1.2") { $clihash = "SHA256"; + $clisigtype = "RSA"; $clisigalgs = "SHA256+RSA"; } # Sanity-check simple handshake. @@ -106,6 +108,7 @@ sub generate_tests() { }, test => { "ExpectedResult" => "Success", "ExpectedClientCertType" => "RSA", + "ExpectedClientSignType" => $clisigtype, "ExpectedClientSignHash" => $clihash, }, }; diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index c663b7e959..9f30abbbbb 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 6 +num_tests = 7 test-0 = 0-ECDSA CipherString Selection test-1 = 1-RSA CipherString Selection @@ -8,6 +8,7 @@ test-2 = 2-ECDSA CipherString Selection, no ECDSA certificate test-3 = 3-ECDSA Signature Algorithm Selection test-4 = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate test-5 = 5-RSA Signature Algorithm Selection +test-6 = 6-RSA-PSS Signature Algorithm Selection # =========================================================== [0-ECDSA CipherString Selection] @@ -33,6 +34,7 @@ VerifyMode = Peer [test-0] ExpectedResult = Success ExpectedServerCertType = P-256 +ExpectedServerSignType = EC # =========================================================== @@ -60,6 +62,7 @@ VerifyMode = Peer [test-1] ExpectedResult = Success ExpectedServerCertType = RSA +ExpectedServerSignType = RSA-PSS # =========================================================== @@ -112,6 +115,7 @@ VerifyMode = Peer ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC # =========================================================== @@ -165,5 +169,36 @@ VerifyMode = Peer ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA + + +# =========================================================== + +[6-RSA-PSS Signature Algorithm Selection] +ssl_conf = 6-RSA-PSS Signature Algorithm Selection-ssl + +[6-RSA-PSS Signature Algorithm Selection-ssl] +server = 6-RSA-PSS Signature Algorithm Selection-server +client = 6-RSA-PSS Signature Algorithm Selection-client + +[6-RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in index e8bac765ee..6bc1d90dd0 100644 --- a/test/ssl-tests/20-cert-select.conf.in +++ b/test/ssl-tests/20-cert-select.conf.in @@ -15,7 +15,7 @@ my $dir_sep = $^O ne "VMS" ? "/" : ""; my $server = { "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem", "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem", - # TODO: add test cases for TLSv1.3 + # TODO(TLS1.3): add test cases for TLSv1.3 "MaxProtocol" => "TLSv1.2" }; @@ -28,6 +28,7 @@ our @tests = ( }, test => { "ExpectedServerCertType" =>, "P-256", + "ExpectedServerSignType" =>, "EC", "ExpectedResult" => "Success" }, }, @@ -39,6 +40,7 @@ our @tests = ( }, test => { "ExpectedServerCertType" =>, "RSA", + "ExpectedServerSignType" =>, "RSA-PSS", "ExpectedResult" => "Success" }, }, @@ -61,6 +63,7 @@ our @tests = ( test => { "ExpectedServerCertType" => "P-256", "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "EC", "ExpectedResult" => "Success" }, }, @@ -83,6 +86,20 @@ our @tests = ( test => { "ExpectedServerCertType" => "RSA", "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA", + "ExpectedResult" => "Success" + }, + }, + { + name => "RSA-PSS Signature Algorithm Selection", + server => $server, + client => { + "SignatureAlgorithms" => "RSA-PSS+SHA256", + }, + test => { + "ExpectedServerCertType" => "RSA", + "ExpectedServerSignHash" => "SHA256", + "ExpectedServerSignType" => "RSA-PSS", "ExpectedResult" => "Success" }, }