提交 a92e710b 编写于 作者: D Dr. Stephen Henson

Add tests for client and server signature type

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
上级 54b7f2a5
...@@ -562,6 +562,7 @@ VerifyMode = Peer ...@@ -562,6 +562,7 @@ VerifyMode = Peer
[test-18] [test-18]
ExpectedClientCertType = RSA ExpectedClientCertType = RSA
ExpectedClientSignHash = SHA256 ExpectedClientSignHash = SHA256
ExpectedClientSignType = RSA
ExpectedResult = Success ExpectedResult = Success
......
...@@ -34,10 +34,12 @@ sub generate_tests() { ...@@ -34,10 +34,12 @@ sub generate_tests() {
$caalert = "UnknownCA"; $caalert = "UnknownCA";
} }
my $clihash; my $clihash;
my $clisigtype;
my $clisigalgs; my $clisigalgs;
# TODO add TLSv1.3 versions # TODO(TLS1.3) add TLSv1.3 versions
if ($protocol_name eq "TLSv1.2") { if ($protocol_name eq "TLSv1.2") {
$clihash = "SHA256"; $clihash = "SHA256";
$clisigtype = "RSA";
$clisigalgs = "SHA256+RSA"; $clisigalgs = "SHA256+RSA";
} }
# Sanity-check simple handshake. # Sanity-check simple handshake.
...@@ -106,6 +108,7 @@ sub generate_tests() { ...@@ -106,6 +108,7 @@ sub generate_tests() {
}, },
test => { "ExpectedResult" => "Success", test => { "ExpectedResult" => "Success",
"ExpectedClientCertType" => "RSA", "ExpectedClientCertType" => "RSA",
"ExpectedClientSignType" => $clisigtype,
"ExpectedClientSignHash" => $clihash, "ExpectedClientSignHash" => $clihash,
}, },
}; };
......
# Generated with generate_ssl_tests.pl # Generated with generate_ssl_tests.pl
num_tests = 6 num_tests = 7
test-0 = 0-ECDSA CipherString Selection test-0 = 0-ECDSA CipherString Selection
test-1 = 1-RSA CipherString Selection test-1 = 1-RSA CipherString Selection
...@@ -8,6 +8,7 @@ test-2 = 2-ECDSA CipherString Selection, no ECDSA certificate ...@@ -8,6 +8,7 @@ test-2 = 2-ECDSA CipherString Selection, no ECDSA certificate
test-3 = 3-ECDSA Signature Algorithm Selection test-3 = 3-ECDSA Signature Algorithm Selection
test-4 = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate test-4 = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate
test-5 = 5-RSA Signature Algorithm Selection test-5 = 5-RSA Signature Algorithm Selection
test-6 = 6-RSA-PSS Signature Algorithm Selection
# =========================================================== # ===========================================================
[0-ECDSA CipherString Selection] [0-ECDSA CipherString Selection]
...@@ -33,6 +34,7 @@ VerifyMode = Peer ...@@ -33,6 +34,7 @@ VerifyMode = Peer
[test-0] [test-0]
ExpectedResult = Success ExpectedResult = Success
ExpectedServerCertType = P-256 ExpectedServerCertType = P-256
ExpectedServerSignType = EC
# =========================================================== # ===========================================================
...@@ -60,6 +62,7 @@ VerifyMode = Peer ...@@ -60,6 +62,7 @@ VerifyMode = Peer
[test-1] [test-1]
ExpectedResult = Success ExpectedResult = Success
ExpectedServerCertType = RSA ExpectedServerCertType = RSA
ExpectedServerSignType = RSA-PSS
# =========================================================== # ===========================================================
...@@ -112,6 +115,7 @@ VerifyMode = Peer ...@@ -112,6 +115,7 @@ VerifyMode = Peer
ExpectedResult = Success ExpectedResult = Success
ExpectedServerCertType = P-256 ExpectedServerCertType = P-256
ExpectedServerSignHash = SHA256 ExpectedServerSignHash = SHA256
ExpectedServerSignType = EC
# =========================================================== # ===========================================================
...@@ -165,5 +169,36 @@ VerifyMode = Peer ...@@ -165,5 +169,36 @@ VerifyMode = Peer
ExpectedResult = Success ExpectedResult = Success
ExpectedServerCertType = RSA ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256 ExpectedServerSignHash = SHA256
ExpectedServerSignType = RSA
# ===========================================================
[6-RSA-PSS Signature Algorithm Selection]
ssl_conf = 6-RSA-PSS Signature Algorithm Selection-ssl
[6-RSA-PSS Signature Algorithm Selection-ssl]
server = 6-RSA-PSS Signature Algorithm Selection-server
client = 6-RSA-PSS Signature Algorithm Selection-client
[6-RSA-PSS Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-RSA-PSS Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA-PSS+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-6]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256
ExpectedServerSignType = RSA-PSS
...@@ -15,7 +15,7 @@ my $dir_sep = $^O ne "VMS" ? "/" : ""; ...@@ -15,7 +15,7 @@ my $dir_sep = $^O ne "VMS" ? "/" : "";
my $server = { my $server = {
"ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem", "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
"ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem", "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
# TODO: add test cases for TLSv1.3 # TODO(TLS1.3): add test cases for TLSv1.3
"MaxProtocol" => "TLSv1.2" "MaxProtocol" => "TLSv1.2"
}; };
...@@ -28,6 +28,7 @@ our @tests = ( ...@@ -28,6 +28,7 @@ our @tests = (
}, },
test => { test => {
"ExpectedServerCertType" =>, "P-256", "ExpectedServerCertType" =>, "P-256",
"ExpectedServerSignType" =>, "EC",
"ExpectedResult" => "Success" "ExpectedResult" => "Success"
}, },
}, },
...@@ -39,6 +40,7 @@ our @tests = ( ...@@ -39,6 +40,7 @@ our @tests = (
}, },
test => { test => {
"ExpectedServerCertType" =>, "RSA", "ExpectedServerCertType" =>, "RSA",
"ExpectedServerSignType" =>, "RSA-PSS",
"ExpectedResult" => "Success" "ExpectedResult" => "Success"
}, },
}, },
...@@ -61,6 +63,7 @@ our @tests = ( ...@@ -61,6 +63,7 @@ our @tests = (
test => { test => {
"ExpectedServerCertType" => "P-256", "ExpectedServerCertType" => "P-256",
"ExpectedServerSignHash" => "SHA256", "ExpectedServerSignHash" => "SHA256",
"ExpectedServerSignType" => "EC",
"ExpectedResult" => "Success" "ExpectedResult" => "Success"
}, },
}, },
...@@ -83,6 +86,20 @@ our @tests = ( ...@@ -83,6 +86,20 @@ our @tests = (
test => { test => {
"ExpectedServerCertType" => "RSA", "ExpectedServerCertType" => "RSA",
"ExpectedServerSignHash" => "SHA256", "ExpectedServerSignHash" => "SHA256",
"ExpectedServerSignType" => "RSA",
"ExpectedResult" => "Success"
},
},
{
name => "RSA-PSS Signature Algorithm Selection",
server => $server,
client => {
"SignatureAlgorithms" => "RSA-PSS+SHA256",
},
test => {
"ExpectedServerCertType" => "RSA",
"ExpectedServerSignHash" => "SHA256",
"ExpectedServerSignType" => "RSA-PSS",
"ExpectedResult" => "Success" "ExpectedResult" => "Success"
}, },
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册