Google Git
Sign in
flutter / third_party / openssl / 64e2b23ce3b75fc6c73ac8c979894e190c9e78d1 / . / test / ssl-tests / 20-cert-select.conf.in
blob: 3d50f0220dc8aa70450aebc83630f073a1a55284 [file] [log] [blame]
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]1# -*- mode: perl; -*-
2
3## SSL test configurations
4
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]5
6use strict;
7use warnings;
8
Dr. Stephen Henson53f08732017-02-01 13:29:45 +0000[diff] [blame]9package ssltests;
10use OpenSSL::Test::Utils;
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]11
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]12my $server = {
Dr. Stephen Henson31b238a2017-02-16 15:27:49 +0000[diff] [blame]13 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
14 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]15 "MaxProtocol" => "TLSv1.2"
16};
17
18our @tests = (
19 {
20 name => "ECDSA CipherString Selection",
21 server => $server,
22 client => {
23 "CipherString" => "aECDSA",
24 },
25 test => {
26 "ExpectedServerCertType" =>, "P-256",
Dr. Stephen Hensona92e7102017-01-27 15:56:47 +0000[diff] [blame]27 "ExpectedServerSignType" =>, "EC",
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]28 "ExpectedResult" => "Success"
29 },
30 },
31 {
32 name => "RSA CipherString Selection",
33 server => $server,
34 client => {
35 "CipherString" => "aRSA",
36 },
37 test => {
38 "ExpectedServerCertType" =>, "RSA",
Dr. Stephen Hensona92e7102017-01-27 15:56:47 +0000[diff] [blame]39 "ExpectedServerSignType" =>, "RSA-PSS",
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]40 "ExpectedResult" => "Success"
41 },
42 },
43 {
44 name => "ECDSA CipherString Selection, no ECDSA certificate",
Dr. Stephen Henson0e2c7b32017-02-02 12:34:22 +0000[diff] [blame]45 server => {
46 "MaxProtocol" => "TLSv1.2"
47 },
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]48 client => {
49 "CipherString" => "aECDSA"
50 },
51 test => {
52 "ExpectedResult" => "ServerFail"
53 },
54 },
55 {
56 name => "ECDSA Signature Algorithm Selection",
57 server => $server,
58 client => {
59 "SignatureAlgorithms" => "ECDSA+SHA256",
60 },
61 test => {
Dr. Stephen Henson062540c2017-01-15 15:59:48 +0000[diff] [blame]62 "ExpectedServerCertType" => "P-256",
63 "ExpectedServerSignHash" => "SHA256",
Dr. Stephen Hensona92e7102017-01-27 15:56:47 +0000[diff] [blame]64 "ExpectedServerSignType" => "EC",
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]65 "ExpectedResult" => "Success"
66 },
67 },
68 {
Dr. Stephen Henson53f08732017-02-01 13:29:45 +0000[diff] [blame]69 name => "ECDSA Signature Algorithm Selection SHA384",
70 server => $server,
71 client => {
72 "SignatureAlgorithms" => "ECDSA+SHA384",
73 },
74 test => {
75 "ExpectedServerCertType" => "P-256",
76 "ExpectedServerSignHash" => "SHA384",
77 "ExpectedServerSignType" => "EC",
78 "ExpectedResult" => "Success"
79 },
80 },
81 {
Dr. Stephen Hensonc7493082017-02-25 00:40:55 +0000[diff] [blame]82 name => "ECDSA Signature Algorithm Selection SHA1",
83 server => $server,
84 client => {
85 "SignatureAlgorithms" => "ECDSA+SHA1",
86 },
87 test => {
88 "ExpectedServerCertType" => "P-256",
89 "ExpectedServerSignHash" => "SHA1",
90 "ExpectedServerSignType" => "EC",
91 "ExpectedResult" => "Success"
92 },
93 },
94 {
95 name => "ECDSA Signature Algorithm Selection compressed point",
96 server => {
97 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
98 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
99 "MaxProtocol" => "TLSv1.2"
100 },
101 client => {
102 "SignatureAlgorithms" => "ECDSA+SHA256",
103 },
104 test => {
105 "ExpectedServerCertType" => "P-256",
106 "ExpectedServerSignHash" => "SHA256",
107 "ExpectedServerSignType" => "EC",
108 "ExpectedResult" => "Success"
109 },
110 },
111 {
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]112 name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
Dr. Stephen Henson0e2c7b32017-02-02 12:34:22 +0000[diff] [blame]113 server => {
114 "MaxProtocol" => "TLSv1.2"
115 },
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]116 client => {
117 "SignatureAlgorithms" => "ECDSA+SHA256",
118 },
119 test => {
120 "ExpectedResult" => "ServerFail"
121 },
122 },
123 {
124 name => "RSA Signature Algorithm Selection",
125 server => $server,
126 client => {
127 "SignatureAlgorithms" => "RSA+SHA256",
128 },
129 test => {
Dr. Stephen Henson062540c2017-01-15 15:59:48 +0000[diff] [blame]130 "ExpectedServerCertType" => "RSA",
131 "ExpectedServerSignHash" => "SHA256",
Dr. Stephen Hensona92e7102017-01-27 15:56:47 +0000[diff] [blame]132 "ExpectedServerSignType" => "RSA",
133 "ExpectedResult" => "Success"
134 },
135 },
136 {
137 name => "RSA-PSS Signature Algorithm Selection",
138 server => $server,
139 client => {
140 "SignatureAlgorithms" => "RSA-PSS+SHA256",
141 },
142 test => {
143 "ExpectedServerCertType" => "RSA",
144 "ExpectedServerSignHash" => "SHA256",
145 "ExpectedServerSignType" => "RSA-PSS",
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]146 "ExpectedResult" => "Success"
147 },
Dr. Stephen Henson9f577cd2017-02-24 15:47:54 +0000[diff] [blame]148 },
149 {
150 name => "Suite B P-256 Hash Algorithm Selection",
151 server => {
152 "ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
153 "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
154 "MaxProtocol" => "TLSv1.2",
155 "CipherString" => "SUITEB128"
156 },
157 client => {
158 "VerifyCAFile" => test_pem("p384-root.pem"),
159 "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
160 },
161 test => {
162 "ExpectedServerCertType" => "P-256",
163 "ExpectedServerSignHash" => "SHA256",
164 "ExpectedServerSignType" => "EC",
165 "ExpectedResult" => "Success"
166 },
167 },
168 {
169 name => "Suite B P-384 Hash Algorithm Selection",
170 server => {
171 "ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
172 "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
173 "MaxProtocol" => "TLSv1.2",
174 "CipherString" => "SUITEB128"
175 },
176 client => {
177 "VerifyCAFile" => test_pem("p384-root.pem"),
178 "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
179 },
180 test => {
181 "ExpectedServerCertType" => "P-384",
182 "ExpectedServerSignHash" => "SHA384",
183 "ExpectedServerSignType" => "EC",
184 "ExpectedResult" => "Success"
185 },
Dr. Stephen Hensonedb8a5e2017-01-12 14:52:31 +0000[diff] [blame]186 }
187);
Dr. Stephen Henson53f08732017-02-01 13:29:45 +0000[diff] [blame]188
189
190my $server_tls_1_3 = {
Dr. Stephen Henson31b238a2017-02-16 15:27:49 +0000[diff] [blame]191 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
192 "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
Dr. Stephen Henson86de6582017-02-15 22:16:09 +0000[diff] [blame]193 "MinProtocol" => "TLSv1.3",
194 "MaxProtocol" => "TLSv1.3"
195};
196
197my $client_tls_1_3 = {
Dr. Stephen Henson31b238a2017-02-16 15:27:49 +0000[diff] [blame]198 "RSA.Certificate" => test_pem("ee-client-chain.pem"),
199 "RSA.PrivateKey" => test_pem("ee-key.pem"),
200 "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
201 "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
Dr. Stephen Henson53f08732017-02-01 13:29:45 +0000[diff] [blame]202 "MinProtocol" => "TLSv1.3",
203 "MaxProtocol" => "TLSv1.3"
204};
205
206my @tests_tls_1_3 = (
207 {
208 name => "TLS 1.3 ECDSA Signature Algorithm Selection",
209 server => $server_tls_1_3,
210 client => {
211 "SignatureAlgorithms" => "ECDSA+SHA256",
212 },
213 test => {
214 "ExpectedServerCertType" => "P-256",
215 "ExpectedServerSignHash" => "SHA256",
216 "ExpectedServerSignType" => "EC",
217 "ExpectedResult" => "Success"
218 },
219 },
220 {
Dr. Stephen Hensonc7493082017-02-25 00:40:55 +0000[diff] [blame]221 name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point",
222 server => {
223 "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
224 "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
225 "MinProtocol" => "TLSv1.3",
226 "MaxProtocol" => "TLSv1.3"
227 },
228 client => {
229 "SignatureAlgorithms" => "ECDSA+SHA256",
230 },
231 test => {
232 "ExpectedResult" => "ServerFail"
233 },
234 },
235 {
236 name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",
237 server => $server_tls_1_3,
238 client => {
239 "SignatureAlgorithms" => "ECDSA+SHA1",
240 },
241 test => {
242 "ExpectedResult" => "ServerFail"
243 },
244 },
245 {
Dr. Stephen Henson53f08732017-02-01 13:29:45 +0000[diff] [blame]246 name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
247 server => $server_tls_1_3,
248 client => {
249 "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
250 },
251 test => {
252 "ExpectedServerCertType" => "P-256",
253 "ExpectedServerSignHash" => "SHA256",
254 "ExpectedServerSignType" => "EC",
255 "ExpectedResult" => "Success"
256 },
257 },
258 {
259 name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
260 server => $server_tls_1_3,
261 client => {
262 "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
263 },
264 test => {
265 "ExpectedServerCertType" => "RSA",
266 "ExpectedServerSignHash" => "SHA384",
267 "ExpectedServerSignType" => "RSA-PSS",
268 "ExpectedResult" => "Success"
269 },
270 },
271 {
272 name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
Dr. Stephen Henson0e2c7b32017-02-02 12:34:22 +0000[diff] [blame]273 server => {
274 "MinProtocol" => "TLSv1.3",
275 "MaxProtocol" => "TLSv1.3"
276 },
Dr. Stephen Henson53f08732017-02-01 13:29:45 +0000[diff] [blame]277 client => {
278 "SignatureAlgorithms" => "ECDSA+SHA256",
279 },
280 test => {
281 "ExpectedResult" => "ServerFail"
282 },
283 },
284 {
285 name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
286 server => $server_tls_1_3,
287 client => {
288 "SignatureAlgorithms" => "RSA+SHA256",
289 },
290 test => {
291 "ExpectedResult" => "ServerFail"
292 },
293 },
294 {
295 name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
296 server => $server_tls_1_3,
297 client => {
298 "SignatureAlgorithms" => "RSA-PSS+SHA256",
299 },
300 test => {
301 "ExpectedServerCertType" => "RSA",
302 "ExpectedServerSignHash" => "SHA256",
303 "ExpectedServerSignType" => "RSA-PSS",
304 "ExpectedResult" => "Success"
305 },
Dr. Stephen Henson86de6582017-02-15 22:16:09 +0000[diff] [blame]306 },
307 {
308 name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
309 server => {
310 "ClientSignatureAlgorithms" => "PSS+SHA256",
Dr. Stephen Henson31b238a2017-02-16 15:27:49 +0000[diff] [blame]311 "VerifyCAFile" => test_pem("root-cert.pem"),
Dr. Stephen Henson86de6582017-02-15 22:16:09 +0000[diff] [blame]312 "VerifyMode" => "Require"
313 },
314 client => $client_tls_1_3,
315 test => {
316 "ExpectedClientCertType" => "RSA",
317 "ExpectedClientSignHash" => "SHA256",
318 "ExpectedClientSignType" => "RSA-PSS",
319 "ExpectedResult" => "Success"
320 },
321 },
322 {
323 name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
324 server => {
325 "ClientSignatureAlgorithms" => "ECDSA+SHA256",
Dr. Stephen Henson31b238a2017-02-16 15:27:49 +0000[diff] [blame]326 "VerifyCAFile" => test_pem("root-cert.pem"),
Dr. Stephen Henson86de6582017-02-15 22:16:09 +0000[diff] [blame]327 "VerifyMode" => "Require"
328 },
329 client => $client_tls_1_3,
330 test => {
331 "ExpectedClientCertType" => "P-256",
332 "ExpectedClientSignHash" => "SHA256",
333 "ExpectedClientSignType" => "EC",
334 "ExpectedResult" => "Success"
335 },
336 },
Dr. Stephen Henson8336ca12017-03-03 21:02:42 +0000[diff] [blame]337 {
338 name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
339 server => {
340 "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256",
341 "VerifyCAFile" => test_pem("root-cert.pem"),
342 "VerifyMode" => "Request"
343 },
344 client => {},
345 test => {
346 "ExpectedResult" => "ServerFail"
347 },
348 },
Dr. Stephen Henson53f08732017-02-01 13:29:45 +0000[diff] [blame]349);
350
351push @tests, @tests_tls_1_3 unless disabled("tls1_3");
Dr. Stephen Henson7a08b762017-02-17 15:28:36 +0000[diff] [blame]352
353my @tests_dsa_tls_1_2 = (
354 {
355 name => "TLS 1.2 DSA Certificate Test",
356 server => {
357 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
358 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
359 "DHParameters" => test_pem("dhp2048.pem"),
360 "MinProtocol" => "TLSv1.2",
361 "MaxProtocol" => "TLSv1.2",
362 "CipherString" => "ALL",
363 },
364 client => {
365 "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
366 "CipherString" => "ALL",
367 },
368 test => {
369 "ExpectedResult" => "Success"
370 },
371 },
372);
373
374my @tests_dsa_tls_1_3 = (
375 {
376 name => "TLS 1.3 DSA Certificate Test",
377 server => {
378 "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
379 "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
380 "MinProtocol" => "TLSv1.3",
381 "MaxProtocol" => "TLSv1.3",
382 "CipherString" => "ALL",
383 },
384 client => {
Dr. Stephen Henson8336ca12017-03-03 21:02:42 +0000[diff] [blame]385 "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256",
Dr. Stephen Henson7a08b762017-02-17 15:28:36 +0000[diff] [blame]386 "CipherString" => "ALL",
387 },
388 test => {
389 "ExpectedResult" => "ServerFail"
390 },
391 },
392);
393
394if (!disabled("dsa")) {
395 push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
396 push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
397}