Update tests for TLS Ed448

Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5470)
2025-03-19 19:50:42 +08:00 · 2018-02-27 13:02:00 +00:00 · 2018-02-27 13:02:00 +00:00 · fe93b010e7
commit fe93b010e7
parent 0e1d6ecf37
14 changed files with 962 additions and 536 deletions
--- a/test/certs/client-ed448-cert.pem
+++ b/test/certs/client-ed448-cert.pem
@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICQDCCASigAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE4MDIyNzE3MTAxN1oYDzIxMTgwMjI4MTcxMDE3WjAXMRUwEwYDVQQD
+DAxDbGllbnQtRWQ0NDgwQzAFBgMrZXEDOgB4bFbdmw9IviAHXKt/2/hRDaiEr6JH
+bsLr3IPNQq3XIYxYh4AIPx3YffYW3xukHDGWTQ50dptQiwCjezB5MB0GA1UdDgQW
+BBTEno3ezhmTYZzGdD65nVRMp3f2hzAfBgNVHSMEGDAWgBSO9SWvHptrhD18gJrJ
+U5xNcvejUjAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMBcGA1UdEQQQ
+MA6CDENsaWVudC1FZDQ0ODANBgkqhkiG9w0BAQsFAAOCAQEAP2/y30iko57i8lUY
+ju9Vb4V0TCATKa+HNnzHG1jyWAgiWpPtHe269Cnb8AvdwWKVeppKkG6LeWHo3btP
+LOd8xEFhnklM4rPkxMYMCQ0lcw2xagbw3CW12mLs15N3QCjxSnA/kuuftzor9fRl
+gzazVh4Kf/jXtlRyBI6R4+bXSGgKhIipdBF5xWmTPvZBViWKxgysQuP1bNzw9AC4
+QMGm4ApOVuY9iE8dPYKgJUVGWc3d9l23fkd422kEgz5euK66HovjYaBj0S0kZhEZ
+tWUCRTcv4k40ke2jr8/Zm3Ugab09XWU2T98k/OvXu+Y0AlLMZp2ehC6wXObprEXv
+dY5URg==
+-----END CERTIFICATE-----
--- a/test/certs/client-ed448-key.pem
+++ b/test/certs/client-ed448-key.pem
@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEcCAQAwBQYDK2VxBDsEOWmRn7GCRupyB1q/qQZ+h1lEt+TGtZSNJ5U+Saa+X+hk
+gWpeKJP9MTpw7kdMAeAhb6XlhCANH2zV9A==
+-----END PRIVATE KEY-----
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@ -55,6 +55,7 @@ key() {
               args=("${args[@]}" -pkeyopt ec_param_enc:named_curve);;
        dsa)  args=(-paramfile "$bits");;
        ed25519)  ;;
+        ed448)  ;;
        *) printf "Unsupported key algorithm: %s\n" "$alg" >&2; return 1;;
        esac
        stderr_onerror \
--- a/test/certs/server-ed448-cert.pem
+++ b/test/certs/server-ed448-cert.pem
@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHTCCAQWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE4MDIyNzE1MDcxM1oYDzIxMTgwMjI4MTUwNzEzWjAQMQ4wDAYDVQQD
+DAVFZDQ0ODBDMAUGAytlcQM6ABBicYlhG1s3AoG5BFmY3r50lJzjQoER4zwuieEe
+QTvKxLEV06vGh79UWO6yQ5FxqmxvM1F/Xw7RAKNfMF0wHQYDVR0OBBYEFAwa1L4m
+3pwA8+IEJ7K/4izrjJIHMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJ
+MAkGA1UdEwQCMAAwEAYDVR0RBAkwB4IFRWQ0NDgwDQYJKoZIhvcNAQELBQADggEB
+AAugH2aE6VvArnOVjKBtalqtHlx+NCC3+S65sdWc9A9sNgI1ZiN7dn76TKn5d0T7
+NqV8nY1rwQg6WPGrCD6Eh63qhotytqYIxltppb4MOUJcz/Zf0ZwhB5bUfwNB//Ih
+5aZT86FpXVuyMnwUTWPcISJqpZiBv95yzZFMpniHFvecvV445ly4TFW5y6VURh40
+Tg4tMgjPTE7ADw+dX4FvnTWY3blxT1GzGxGvqWW4HgP8dOETnjmAwCzN0nUVmH9s
+7ybHORcSljcpe0XH6L/K7mbI+r8mVLsAoIzUeDwUdKKJZ2uGEtdhQDmJBp4EjOXE
+3qIn3wEQQ6ax4NIwkZihdLI=
+-----END CERTIFICATE-----
--- a/test/certs/server-ed448-key.pem
+++ b/test/certs/server-ed448-key.pem
@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEcCAQAwBQYDK2VxBDsEOTiHqANC9pFHbs8VAeqZ52cwKi0jPTSM5GjsKW4vbgG6
+BMFSdURqGj2FD02H7xsyrR20pIXI1GbE+A==
+-----END PRIVATE KEY-----
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@ -111,12 +111,19 @@ static int test_client_hello(int currtest)
         * F5_WORKAROUND_MIN_MSG_LEN bytes long - meaning padding will be
         * needed.
         */
-        if (currtest == TEST_ADD_PADDING
-                && (!TEST_false(SSL_CTX_set_alpn_protos(ctx,
+        if (currtest == TEST_ADD_PADDING) {
+             if (!TEST_false(SSL_CTX_set_alpn_protos(ctx,
                                    (unsigned char *)alpn_prots,
-                                    sizeof(alpn_prots) - 1))))
+                                    sizeof(alpn_prots) - 1)))
+                goto end;
+        /*
+         * Otherwise we need to make sure we have a small enough message to
+         * not need padding.
+         */
+        } else if (!TEST_true(SSL_CTX_set_cipher_list(ctx,
+                              "AES128-SHA:TLS13-AES-128-GCM-SHA256"))) {
            goto end;
-
+        }
        break;

    default:
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@ -239,7 +239,7 @@ static int test_builtin(void)
        unsigned char dirt, offset;

        nid = curves[n].nid;
-        if (nid == NID_ipsec4 || nid == NID_X25519)
+        if (nid == NID_ipsec4)
            continue;
        /* create new ecdsa key (== EC_KEY) */
        if (!TEST_ptr(eckey = EC_KEY_new())
--- a/test/ectest.c
+++ b/test/ectest.c
@ -1152,12 +1152,6 @@ static int internal_curve_test_method(int n)
    int r, nid = curves[n].nid;
    EC_GROUP *group;

-    /*
-     * Skip for X25519 because low level operations such as EC_POINT_mul()
-     * are not supported for this curve
-     */
-    if (nid == NID_X25519)
-        return 1;
    if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
        TEST_info("Curve %s failed\n", OBJ_nid2sn(nid));
        return 0;
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc
@ -968,7 +968,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
  }
  if (config->enable_all_curves) {
    static const int kAllCurves[] = {
-      NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_X25519,
+      NID_X25519, NID_X9_62_prime256v1, NID_X448, NID_secp521r1, NID_secp384r1
    };
    if (!SSL_set1_curves(ssl.get(), kAllCurves,
                         OPENSSL_ARRAY_SIZE(kAllCurves))) {
--- a/test/ssl-tests/14-curves.conf
+++ b/test/ssl-tests/14-curves.conf
@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl

-num_tests = 29
+num_tests = 30

 test-0 = 0-curve-sect163k1
 test-1 = 1-curve-sect163r1
@ -31,6 +31,7 @@ test-25 = 25-curve-brainpoolP256r1
 test-26 = 26-curve-brainpoolP384r1
 test-27 = 27-curve-brainpoolP512r1
 test-28 = 28-curve-X25519
+test-29 = 29-curve-X448
 # ===========================================================

 [0-curve-sect163k1]
@ -843,3 +844,31 @@ ExpectedResult = Success
 ExpectedTmpKeyType = X25519


+# ===========================================================
+
+[29-curve-X448]
+ssl_conf = 29-curve-X448-ssl
+
+[29-curve-X448-ssl]
+server = 29-curve-X448-server
+client = 29-curve-X448-client
+
+[29-curve-X448-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = X448
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-curve-X448-client]
+CipherString = ECDHE
+Curves = X448
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedResult = Success
+ExpectedTmpKeyType = X448
+
+
--- a/test/ssl-tests/14-curves.conf.in
+++ b/test/ssl-tests/14-curves.conf.in
@ -17,7 +17,7 @@ my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1",
              "secp160r2", "secp192k1", "prime192v1", "secp224k1",
              "secp224r1", "secp256k1", "prime256v1", "secp384r1",
              "secp521r1", "brainpoolP256r1", "brainpoolP384r1",
-              "brainpoolP512r1", "X25519");
+              "brainpoolP512r1", "X25519", "X448");

 our @tests = ();

--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@ -12,8 +12,10 @@ use OpenSSL::Test::Utils;
 my $server = {
    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),
-    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
+    "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
    "MaxProtocol" => "TLSv1.2"
 };

@ -22,8 +24,10 @@ my $server_pss = {
    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),
-    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
+    "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
    "MaxProtocol" => "TLSv1.2"
 };

@ -66,6 +70,23 @@ our @tests = (
            "ExpectedResult" => "Success"
        },
    },
+    {
+        name => "Ed448 CipherString and Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ed448:ECDSA+SHA256",
+            "RequestCAFile" => test_pem("root-cert.pem"),
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "Ed448",
+            "ExpectedServerSignType" =>, "Ed448",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
    {
        name => "RSA CipherString Selection",
        server => $server,
@ -124,6 +145,23 @@ our @tests = (
            "ExpectedResult" => "Success"
        },
    },
+    {
+        name => "Ed448 CipherString and Curves Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
+            # Excluding P-256 from the supported curves list means server
+            # certificate should be Ed25519 and not P-256
+            "Curves" => "X448"
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "Ed448",
+            "ExpectedServerSignType" =>, "Ed448",
+            "ExpectedResult" => "Success"
+        },
+    },
    {
        name => "ECDSA CipherString Selection, no ECDSA certificate",
        server => {
@ -323,8 +361,8 @@ our @tests = (
            "VerifyMode" => "Require"
        },
        client => {
-            "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
-            "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
+            "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"),
+            "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"),
            "MinProtocol" => "TLSv1.2",
            "MaxProtocol" => "TLSv1.2"
        },
@ -334,6 +372,24 @@ our @tests = (
            "ExpectedResult" => "Success"
        },
    },
+    {
+        name => "TLS 1.2 Ed448 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "Ed448.Certificate" => test_pem("client-ed448-cert.pem"),
+            "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"),
+            "MinProtocol" => "TLSv1.2",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed448",
+            "ExpectedClientSignType" => "Ed448",
+            "ExpectedResult" => "Success"
+        },
+    },
 );

 my @tests_tls_1_1 = (
@ -354,8 +410,10 @@ push @tests, @tests_tls_1_1 unless disabled("tls1_1");
 my $server_tls_1_3 = {
    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),
-    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
+    "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
    "MinProtocol" => "TLSv1.3",
    "MaxProtocol" => "TLSv1.3"
 };
@ -365,8 +423,10 @@ my $server_tls_1_3_pss = {
    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-    "EdDSA.Certificate" => test_pem("server-ed25519-cert.pem"),
-    "EdDSA.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
+    "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"),
    "MinProtocol" => "TLSv1.3",
    "MaxProtocol" => "TLSv1.3"
 };
@ -496,6 +556,18 @@ my @tests_tls_1_3 = (
            "ExpectedResult" => "Success"
        },
    },
+    {
+        name => "TLS 1.3 Ed448 Signature Algorithm Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ed448",
+        },
+        test   => {
+            "ExpectedServerCertType" => "Ed448",
+            "ExpectedServerSignType" => "Ed448",
+            "ExpectedResult" => "Success"
+        },
+    },
    {
        name => "TLS 1.3 Ed25519 CipherString and Groups Selection",
        server => $server_tls_1_3,
@ -512,6 +584,22 @@ my @tests_tls_1_3 = (
            "ExpectedResult" => "Success"
        },
    },
+    {
+        name => "TLS 1.3 Ed448 CipherString and Groups Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
+            # Excluding P-256 from the supported groups list should
+            # mean server still uses a P-256 certificate because supported
+            # groups is not used in signature selection for TLS 1.3
+            "Groups" => "X448"
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerSignType" =>, "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
    {
        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
        server => {
@ -578,6 +666,24 @@ my @tests_tls_1_3 = (
            "ExpectedResult" => "Success"
        },
    },
+    {
+        name => "TLS 1.3 Ed448 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"),
+            "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"),
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed448",
+            "ExpectedClientSignType" => "Ed448",
+            "ExpectedResult" => "Success"
+        },
+    },
 );

 push @tests, @tests_tls_1_3 unless disabled("tls1_3");
--- a/test/ssl_cert_table_internal_test.c
+++ b/test/ssl_cert_table_internal_test.c
@ -70,6 +70,8 @@ static int test_ssl_cert_table(void)
        return 0;
    if (!test_cert_table(EVP_PKEY_ED25519, SSL_aECDSA, SSL_PKEY_ED25519))
        return 0;
+    if (!test_cert_table(EVP_PKEY_ED448, SSL_aECDSA, SSL_PKEY_ED448))
+        return 0;

    return 1;
 }