Add tests for client and server signature type

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2301)
2025-04-06 20:20:50 +08:00 · 2017-01-27 15:56:47 +00:00 · 2017-01-27 15:56:47 +00:00 · a92e710b7a
commit a92e710b7a
parent 54b7f2a5ca
4 changed files with 59 additions and 3 deletions
--- a/test/ssl-tests/04-client_auth.conf
+++ b/test/ssl-tests/04-client_auth.conf
@ -562,6 +562,7 @@ VerifyMode = Peer
 [test-18]
 ExpectedClientCertType = RSA
 ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA
 ExpectedResult = Success


--- a/test/ssl-tests/04-client_auth.conf.in
+++ b/test/ssl-tests/04-client_auth.conf.in
@ -34,10 +34,12 @@ sub generate_tests() {
                $caalert = "UnknownCA";
            }
            my $clihash;
+            my $clisigtype;
            my $clisigalgs;
-            # TODO add TLSv1.3 versions
+            # TODO(TLS1.3) add TLSv1.3 versions
            if ($protocol_name eq "TLSv1.2") {
                $clihash = "SHA256";
+                $clisigtype = "RSA";
                $clisigalgs = "SHA256+RSA";
            }
            # Sanity-check simple handshake.
@ -106,6 +108,7 @@ sub generate_tests() {
                },
                test   => { "ExpectedResult" => "Success",
                            "ExpectedClientCertType" => "RSA",
+                            "ExpectedClientSignType" => $clisigtype,
                            "ExpectedClientSignHash" => $clihash,
                },
            };
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl

-num_tests = 6
+num_tests = 7

 test-0 = 0-ECDSA CipherString Selection
 test-1 = 1-RSA CipherString Selection
@ -8,6 +8,7 @@ test-2 = 2-ECDSA CipherString Selection, no ECDSA certificate
 test-3 = 3-ECDSA Signature Algorithm Selection
 test-4 = 4-ECDSA Signature Algorithm Selection, no ECDSA certificate
 test-5 = 5-RSA Signature Algorithm Selection
+test-6 = 6-RSA-PSS Signature Algorithm Selection
 # ===========================================================

 [0-ECDSA CipherString Selection]
@ -33,6 +34,7 @@ VerifyMode = Peer
 [test-0]
 ExpectedResult = Success
 ExpectedServerCertType = P-256
+ExpectedServerSignType = EC


 # ===========================================================
@ -60,6 +62,7 @@ VerifyMode = Peer
 [test-1]
 ExpectedResult = Success
 ExpectedServerCertType = RSA
+ExpectedServerSignType = RSA-PSS


 # ===========================================================
@ -112,6 +115,7 @@ VerifyMode = Peer
 ExpectedResult = Success
 ExpectedServerCertType = P-256
 ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC


 # ===========================================================
@ -165,5 +169,36 @@ VerifyMode = Peer
 ExpectedResult = Success
 ExpectedServerCertType = RSA
 ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA
+
+
+# ===========================================================
+
+[6-RSA-PSS Signature Algorithm Selection]
+ssl_conf = 6-RSA-PSS Signature Algorithm Selection-ssl
+
+[6-RSA-PSS Signature Algorithm Selection-ssl]
+server = 6-RSA-PSS Signature Algorithm Selection-server
+client = 6-RSA-PSS Signature Algorithm Selection-client
+
+[6-RSA-PSS Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-RSA-PSS Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS


--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@ -15,7 +15,7 @@ my $dir_sep = $^O ne "VMS" ? "/" : "";
 my $server = {
    "ECDSA.Certificate" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-cert.pem",
    "ECDSA.PrivateKey" => "\${ENV::TEST_CERTS_DIR}${dir_sep}server-ecdsa-key.pem",
-    # TODO: add test cases for TLSv1.3
+    # TODO(TLS1.3): add test cases for TLSv1.3
    "MaxProtocol" => "TLSv1.2"
 };

@ -28,6 +28,7 @@ our @tests = (
        },
        test   => {
            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerSignType" =>, "EC",
            "ExpectedResult" => "Success"
        },
    },
@ -39,6 +40,7 @@ our @tests = (
        },
        test   => {
            "ExpectedServerCertType" =>, "RSA",
+            "ExpectedServerSignType" =>, "RSA-PSS",
            "ExpectedResult" => "Success"
        },
    },
@ -61,6 +63,7 @@ our @tests = (
        test   => {
            "ExpectedServerCertType" => "P-256",
            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "EC",
            "ExpectedResult" => "Success"
        },
    },
@ -83,6 +86,20 @@ our @tests = (
        test   => {
            "ExpectedServerCertType" => "RSA",
            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA-PSS Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "SignatureAlgorithms" => "RSA-PSS+SHA256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA-PSS",
            "ExpectedResult" => "Success"
        },
    }