Add tests for client and server signature type
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf
index a917098..9602488 100644
--- a/test/ssl-tests/04-client_auth.conf
+++ b/test/ssl-tests/04-client_auth.conf
@@ -562,6 +562,7 @@
[test-18]
ExpectedClientCertType = RSA
ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA
ExpectedResult = Success
diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in
index d45e399..be601a9 100644
--- a/test/ssl-tests/04-client_auth.conf.in
+++ b/test/ssl-tests/04-client_auth.conf.in
@@ -34,10 +34,12 @@
$caalert = "UnknownCA";
}
my $clihash;
+ my $clisigtype;
my $clisigalgs;
- # TODO add TLSv1.3 versions
+ # TODO(TLS1.3) add TLSv1.3 versions
if ($protocol_name eq "TLSv1.2") {
$clihash = "SHA256";
+ $clisigtype = "RSA";
$clisigalgs = "SHA256+RSA";
}
# Sanity-check simple handshake.
@@ -106,6 +108,7 @@
},
test => { "ExpectedResult" => "Success",
"ExpectedClientCertType" => "RSA",
+ "ExpectedClientSignType" => $clisigtype,
"ExpectedClientSignHash" => $clihash,
},
};
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf
index c663b7e..9f30abb 100644
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
-num_tests = 6
+num_tests = 7
test-0 = 0-ECDSA CipherString Selection
test-1 = 1-RSA CipherString Selection
@@ -8,6 +8,7 @@
test-3 = 3-ECDSA Signature Algorithm Selection
test-4 = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate
test-5 = 5-RSA Signature Algorithm Selection
+test-6 = 6-RSA-PSS Signature Algorithm Selection
# ===========================================================
[0-ECDSA CipherString Selection]
@@ -33,6 +34,7 @@
[test-0]
ExpectedResult = Success
ExpectedServerCertType = P-256
+ExpectedServerSignType = EC
# ===========================================================
@@ -60,6 +62,7 @@
[test-1]
ExpectedResult = Success
ExpectedServerCertType = RSA
+ExpectedServerSignType = RSA-PSS
# ===========================================================
@@ -112,6 +115,7 @@
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
# ===========================================================
@@ -165,5 +169,36 @@
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA
+
+
+# ===========================================================
+
+[6-RSA-PSS Signature Algorithm Selection]
+ssl_conf = 6-RSA-PSS Signature Algorithm Selection-ssl
+
+[6-RSA-PSS Signature Algorithm Selection-ssl]
+server = 6-RSA-PSS Signature Algorithm Selection-server
+client = 6-RSA-PSS Signature Algorithm Selection-client
+
+[6-RSA-PSS Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-RSA-PSS Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index e8bac76..6bc1d90 100644
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -15,7 +15,7 @@
my $server = {
"ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
"ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
- # TODO: add test cases for TLSv1.3
+ # TODO(TLS1.3): add test cases for TLSv1.3
"MaxProtocol" => "TLSv1.2"
};
@@ -28,6 +28,7 @@
},
test => {
"ExpectedServerCertType" =>, "P-256",
+ "ExpectedServerSignType" =>, "EC",
"ExpectedResult" => "Success"
},
},
@@ -39,6 +40,7 @@
},
test => {
"ExpectedServerCertType" =>, "RSA",
+ "ExpectedServerSignType" =>, "RSA-PSS",
"ExpectedResult" => "Success"
},
},
@@ -61,6 +63,7 @@
test => {
"ExpectedServerCertType" => "P-256",
"ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "EC",
"ExpectedResult" => "Success"
},
},
@@ -83,6 +86,20 @@
test => {
"ExpectedServerCertType" => "RSA",
"ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "RSA",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "RSA-PSS Signature Algorithm Selection",
+ server => $server,
+ client => {
+ "SignatureAlgorithms" => "RSA-PSS+SHA256",
+ },
+ test => {
+ "ExpectedServerCertType" => "RSA",
+ "ExpectedServerSignHash" => "SHA256",
+ "ExpectedServerSignType" => "RSA-PSS",
"ExpectedResult" => "Success"
},
}