VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/test/ssl-tests/14-curves.cnf.in@ 105945

Last change on this file since 105945 was 105945, checked in by vboxsync, 6 months ago

openssl-3.1.7: Applied and adjusted our OpenSSL changes to 3.1.7. bugref:10757
File size: 5.4 KB
Line 
1# -*- mode: perl; -*-
2
3## SSL test configurations
4
5package ssltests;
6
7use strict;
8use warnings;
9
10use OpenSSL::Test;
11use OpenSSL::Test::Utils qw(anydisabled);
12
13our $fips_mode;
14
15my @curves = ("prime256v1", "secp384r1", "secp521r1");
16
17my @curves_no_fips = ("X25519", "X448");
18
19push @curves, @curves_no_fips if !$fips_mode;
20
21#Curves *only* suitable for use in TLSv1.3
22my @curves_tls_1_3 = ("ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144",
23 "ffdhe8192");
24
25push @curves, @curves_tls_1_3;
26
27my @curves_tls_1_2 = ("sect233k1", "sect233r1",
28 "sect283k1", "sect283r1", "sect409k1", "sect409r1",
29 "sect571k1", "sect571r1", "secp224r1");
30
31my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1",
32 "sect163r1", "sect193r1", "sect193r2", "sect239k1",
33 "secp160k1", "secp160r1", "secp160r2", "secp192k1",
34 "secp224k1", "secp256k1", "brainpoolP256r1",
35 "brainpoolP384r1", "brainpoolP512r1");
36
37push @curves_tls_1_2, @curves_non_fips if !$fips_mode;
38
39our @tests = ();
40
41sub get_key_type {
42 my $group = shift;
43 my $keyType;
44
45 if ($group =~ /ffdhe/) {
46 $keyType = "dhKeyAgreement";
47 } else {
48 $keyType = $group;
49 }
50
51 return $keyType;
52}
53
54sub generate_tests() {
55 foreach (0..$#curves) {
56 my $curve = $curves[$_];
57 push @tests, {
58 name => "curve-${curve}",
59 server => {
60 "Curves" => $curve,
61 "MaxProtocol" => "TLSv1.3"
62 },
63 client => {
64 "CipherString" => "ECDHE",
65 "MaxProtocol" => "TLSv1.3",
66 "Curves" => $curve
67 },
68 test => {
69 "ExpectedTmpKeyType" => get_key_type($curve),
70 "ExpectedProtocol" => "TLSv1.3",
71 "ExpectedResult" => "Success"
72 },
73 };
74 }
75 foreach (0..$#curves_tls_1_2) {
76 my $curve = $curves_tls_1_2[$_];
77 push @tests, {
78 name => "curve-${curve}",
79 server => {
80 "Curves" => $curve,
81 "MaxProtocol" => "TLSv1.3"
82 },
83 client => {
84 "CipherString" => "ECDHE",
85 "MaxProtocol" => "TLSv1.2",
86 "Curves" => $curve
87 },
88 test => {
89 "ExpectedTmpKeyType" => get_key_type($curve),
90 "ExpectedProtocol" => "TLSv1.2",
91 "ExpectedResult" => "Success"
92 },
93 };
94 }
95 foreach (0..$#curves_tls_1_2) {
96 my $curve = $curves_tls_1_2[$_];
97 push @tests, {
98 name => "curve-${curve}-tls12-in-tls13",
99 server => {
100 "Curves" => "$curve:P-256",
101 "CipherString" => 'DEFAULT@SECLEVEL=1',
102 "MaxProtocol" => "TLSv1.3"
103 },
104 client => {
105 "CipherString" => 'ECDHE@SECLEVEL=1',
106 "MaxProtocol" => "TLSv1.3",
107 "MinProtocol" => "TLSv1.3",
108 "Curves" => "$curve:P-256"
109 },
110 test => {
111 #This curve is not allowed in a TLSv1.3 key_share. We should
112 #succeed but fallback to P-256
113 "ExpectedTmpKeyType" => "P-256",
114 "ExpectedProtocol" => "TLSv1.3",
115 "ExpectedResult" => "Success"
116 },
117 };
118 }
119 foreach (0..$#curves_tls_1_2) {
120 my $curve = $curves_tls_1_2[$_];
121 push @tests, {
122 name => "curve-${curve}-tls13",
123 server => {
124 "Curves" => $curve,
125 "MaxProtocol" => "TLSv1.3"
126 },
127 client => {
128 "CipherString" => "ECDHE",
129 "MinProtocol" => "TLSv1.3",
130 "Curves" => $curve
131 },
132 test => {
133 "ExpectedResult" => "ClientFail"
134 },
135 };
136 }
137 foreach (0..$#curves_tls_1_3) {
138 my $curve = $curves_tls_1_3[$_];
139 push @tests, {
140 name => "curve-${curve}-tls13-in-tls12",
141 server => {
142 "Curves" => $curve,
143 "CipherString" => 'DEFAULT@SECLEVEL=1',
144 "MaxProtocol" => "TLSv1.3"
145 },
146 client => {
147 "CipherString" => 'ECDHE@SECLEVEL=1',
148 "MaxProtocol" => "TLSv1.2",
149 "Curves" => $curve
150 },
151 test => {
152 #These curves are only suitable for TLSv1.3 so we expect the
153 #server to fail because it has no shared groups for TLSv1.2
154 #ECDHE key exchange
155 "ExpectedResult" => "ServerFail"
156 },
157 };
158 push @tests, {
159 name => "curve-${curve}-tls13-in-tls12-2",
160 server => {
161 "Curves" => $curve,
162 "CipherString" => 'DEFAULT@SECLEVEL=1',
163 "MaxProtocol" => "TLSv1.2"
164 },
165 client => {
166 "CipherString" => 'DEFAULT@SECLEVEL=1',
167 "MaxProtocol" => "TLSv1.3",
168 "Curves" => $curve
169 },
170 test => {
171 #These curves are only suitable for TLSv1.3. We expect TLSv1.2
172 #negotiation to succeed because we fall back to some other
173 #ciphersuite
174 "ExpectedResult" => "Success"
175 },
176 };
177 }
178}
179
180generate_tests();
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette