From 37987ddd0f5d334afbaa919d41bb18debec4ea4a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 16 Feb 2022 14:52:39 +0800 Subject: [PATCH] Add test cases Add test cases for different sig algs. Known issue is rsa_pss_rsae_sha256 fail Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 140 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 136 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 99ff60087..6ce8a3c14 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9873,8 +9873,7 @@ run_test "TLS 1.3: CertificateRequest check, empty certificate - gnutls" \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "<= write empty client certificate" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9889,8 +9888,7 @@ run_test "TLS 1.3: CertificateRequest check, empty certificate - openssl" \ -c "=> parse certificate request" \ -c "got a certificate request" \ -c "<= parse certificate request" \ - -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ - -c "<= write empty client certificate" + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -9925,6 +9923,140 @@ run_test "TLS 1.3: CertificateRequest check, no middlebox - gnutls" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp256r1_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt \ + key_file=data_files/ecdsa_secp256r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp384r1_sha384 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt \ + key_file=data_files/ecdsa_secp384r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, ecdsa_secp521r1_sha512 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt \ + key_file=data_files/ecdsa_secp521r1.key" \ + 0 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +#This test is expected fail now. It should be fixed later +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key" \ + 1 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + +#This test is expected fail now. It should be fixed later +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO +run_test "TLS 1.3: CertificateRequest check, rsa_pss_rsae_sha256 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key" \ + 1 \ + -c "=> parse certificate request" \ + -c "got a certificate request" \ + -c "<= parse certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C