• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# -*- mode: perl; -*-
2
3## SSL test configurations
4
5package ssltests;
6
7use strict;
8use warnings;
9
10use OpenSSL::Test;
11use OpenSSL::Test::Utils qw(anydisabled);
12
13our $fips_mode;
14
15my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519",
16              "X448");
17
18my @curves_tls_1_2 = ("sect233k1", "sect233r1",
19              "sect283k1", "sect283r1", "sect409k1", "sect409r1",
20              "sect571k1", "sect571r1", "secp224r1");
21
22my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1",
23                       "sect163r1", "sect193r1", "sect193r2", "sect239k1",
24                       "secp160k1", "secp160r1", "secp160r2", "secp192k1",
25                       "secp224k1",  "secp256k1", "brainpoolP256r1",
26                       "brainpoolP384r1", "brainpoolP512r1");
27
28push @curves_tls_1_2, @curves_non_fips if !$fips_mode;
29
30our @tests = ();
31
32sub generate_tests() {
33    foreach (0..$#curves) {
34        my $curve = $curves[$_];
35        push @tests, {
36            name => "curve-${curve}",
37            server => {
38                "Curves" => $curve,
39                "MaxProtocol" => "TLSv1.3"
40            },
41            client => {
42                "CipherString" => "ECDHE",
43                "MaxProtocol" => "TLSv1.3",
44                "Curves" => $curve
45            },
46            test   => {
47                "ExpectedTmpKeyType" => $curve,
48                "ExpectedProtocol" => "TLSv1.3",
49                "ExpectedResult" => "Success"
50            },
51        };
52    }
53    foreach (0..$#curves_tls_1_2) {
54        my $curve = $curves_tls_1_2[$_];
55        push @tests, {
56            name => "curve-${curve}",
57            server => {
58                "Curves" => $curve,
59                "MaxProtocol" => "TLSv1.3"
60            },
61            client => {
62                "CipherString" => "ECDHE",
63                "MaxProtocol" => "TLSv1.2",
64                "Curves" => $curve
65            },
66            test   => {
67                "ExpectedTmpKeyType" => $curve,
68                "ExpectedProtocol" => "TLSv1.2",
69                "ExpectedResult" => "Success"
70            },
71        };
72    }
73    foreach (0..$#curves_tls_1_2) {
74        my $curve = $curves_tls_1_2[$_];
75        push @tests, {
76            name => "curve-${curve}-tls12-in-tls13",
77            server => {
78                "Curves" => "$curve:P-256",
79                "CipherString" => 'DEFAULT@SECLEVEL=1',
80                "MaxProtocol" => "TLSv1.3"
81            },
82            client => {
83                "CipherString" => 'ECDHE@SECLEVEL=1',
84                "MaxProtocol" => "TLSv1.3",
85                "MinProtocol" => "TLSv1.3",
86                "Curves" => "$curve:P-256"
87            },
88            test   => {
89                #This curve is not allowed in a TLSv1.3 key_share. We should
90                #succeed but fallback to P-256
91                "ExpectedTmpKeyType" => "P-256",
92                "ExpectedProtocol" => "TLSv1.3",
93                "ExpectedResult" => "Success"
94            },
95        };
96    }
97    foreach (0..$#curves_tls_1_2) {
98        my $curve = $curves_tls_1_2[$_];
99        push @tests, {
100            name => "curve-${curve}-tls13",
101            server => {
102                "Curves" => $curve,
103                "MaxProtocol" => "TLSv1.3"
104            },
105            client => {
106                "CipherString" => "ECDHE",
107                "MinProtocol" => "TLSv1.3",
108                "Curves" => $curve
109            },
110            test   => {
111                "ExpectedResult" => "ClientFail"
112            },
113        };
114    }
115}
116
117generate_tests();
118