Skip to content

Commit

Permalink
Update tests for TLS Ed448
Browse files Browse the repository at this point in the history
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from openssl/openssl#5470)
  • Loading branch information
mattcaswell committed Mar 5, 2018
1 parent 0e1d6ec commit fe93b01
Show file tree
Hide file tree
Showing 14 changed files with 828 additions and 402 deletions.
15 changes: 15 additions & 0 deletions test/certs/client-ed448-cert.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICQDCCASigAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMCAXDTE4MDIyNzE3MTAxN1oYDzIxMTgwMjI4MTcxMDE3WjAXMRUwEwYDVQQD
DAxDbGllbnQtRWQ0NDgwQzAFBgMrZXEDOgB4bFbdmw9IviAHXKt/2/hRDaiEr6JH
bsLr3IPNQq3XIYxYh4AIPx3YffYW3xukHDGWTQ50dptQiwCjezB5MB0GA1UdDgQW
BBTEno3ezhmTYZzGdD65nVRMp3f2hzAfBgNVHSMEGDAWgBSO9SWvHptrhD18gJrJ
U5xNcvejUjAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMBcGA1UdEQQQ
MA6CDENsaWVudC1FZDQ0ODANBgkqhkiG9w0BAQsFAAOCAQEAP2/y30iko57i8lUY
ju9Vb4V0TCATKa+HNnzHG1jyWAgiWpPtHe269Cnb8AvdwWKVeppKkG6LeWHo3btP
LOd8xEFhnklM4rPkxMYMCQ0lcw2xagbw3CW12mLs15N3QCjxSnA/kuuftzor9fRl
gzazVh4Kf/jXtlRyBI6R4+bXSGgKhIipdBF5xWmTPvZBViWKxgysQuP1bNzw9AC4
QMGm4ApOVuY9iE8dPYKgJUVGWc3d9l23fkd422kEgz5euK66HovjYaBj0S0kZhEZ
tWUCRTcv4k40ke2jr8/Zm3Ugab09XWU2T98k/OvXu+Y0AlLMZp2ehC6wXObprEXv
dY5URg==
-----END CERTIFICATE-----
4 changes: 4 additions & 0 deletions test/certs/client-ed448-key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOWmRn7GCRupyB1q/qQZ+h1lEt+TGtZSNJ5U+Saa+X+hk
gWpeKJP9MTpw7kdMAeAhb6XlhCANH2zV9A==
-----END PRIVATE KEY-----
1 change: 1 addition & 0 deletions test/certs/mkcert.sh
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ key() {
args=("${args[@]}" -pkeyopt ec_param_enc:named_curve);;
dsa) args=(-paramfile "$bits");;
ed25519) ;;
ed448) ;;
*) printf "Unsupported key algorithm: %s\n" "$alg" >&2; return 1;;
esac
stderr_onerror \
Expand Down
14 changes: 14 additions & 0 deletions test/certs/server-ed448-cert.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICHTCCAQWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMCAXDTE4MDIyNzE1MDcxM1oYDzIxMTgwMjI4MTUwNzEzWjAQMQ4wDAYDVQQD
DAVFZDQ0ODBDMAUGAytlcQM6ABBicYlhG1s3AoG5BFmY3r50lJzjQoER4zwuieEe
QTvKxLEV06vGh79UWO6yQ5FxqmxvM1F/Xw7RAKNfMF0wHQYDVR0OBBYEFAwa1L4m
3pwA8+IEJ7K/4izrjJIHMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJ
MAkGA1UdEwQCMAAwEAYDVR0RBAkwB4IFRWQ0NDgwDQYJKoZIhvcNAQELBQADggEB
AAugH2aE6VvArnOVjKBtalqtHlx+NCC3+S65sdWc9A9sNgI1ZiN7dn76TKn5d0T7
NqV8nY1rwQg6WPGrCD6Eh63qhotytqYIxltppb4MOUJcz/Zf0ZwhB5bUfwNB//Ih
5aZT86FpXVuyMnwUTWPcISJqpZiBv95yzZFMpniHFvecvV445ly4TFW5y6VURh40
Tg4tMgjPTE7ADw+dX4FvnTWY3blxT1GzGxGvqWW4HgP8dOETnjmAwCzN0nUVmH9s
7ybHORcSljcpe0XH6L/K7mbI+r8mVLsAoIzUeDwUdKKJZ2uGEtdhQDmJBp4EjOXE
3qIn3wEQQ6ax4NIwkZihdLI=
-----END CERTIFICATE-----
4 changes: 4 additions & 0 deletions test/certs/server-ed448-key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOTiHqANC9pFHbs8VAeqZ52cwKi0jPTSM5GjsKW4vbgG6
BMFSdURqGj2FD02H7xsyrR20pIXI1GbE+A==
-----END PRIVATE KEY-----
15 changes: 11 additions & 4 deletions test/clienthellotest.c
Original file line number Diff line number Diff line change
Expand Up @@ -111,12 +111,19 @@ static int test_client_hello(int currtest)
* F5_WORKAROUND_MIN_MSG_LEN bytes long - meaning padding will be
* needed.
*/
if (currtest == TEST_ADD_PADDING
&& (!TEST_false(SSL_CTX_set_alpn_protos(ctx,
if (currtest == TEST_ADD_PADDING) {
if (!TEST_false(SSL_CTX_set_alpn_protos(ctx,
(unsigned char *)alpn_prots,
sizeof(alpn_prots) - 1))))
sizeof(alpn_prots) - 1)))
goto end;
/*
* Otherwise we need to make sure we have a small enough message to
* not need padding.
*/
} else if (!TEST_true(SSL_CTX_set_cipher_list(ctx,
"AES128-SHA:TLS13-AES-128-GCM-SHA256"))) {
goto end;

}
break;

default:
Expand Down
2 changes: 1 addition & 1 deletion test/ecdsatest.c
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ static int test_builtin(void)
unsigned char dirt, offset;

nid = curves[n].nid;
if (nid == NID_ipsec4 || nid == NID_X25519)
if (nid == NID_ipsec4)
continue;
/* create new ecdsa key (== EC_KEY) */
if (!TEST_ptr(eckey = EC_KEY_new())
Expand Down
6 changes: 0 additions & 6 deletions test/ectest.c
Original file line number Diff line number Diff line change
Expand Up @@ -1152,12 +1152,6 @@ static int internal_curve_test_method(int n)
int r, nid = curves[n].nid;
EC_GROUP *group;

/*
* Skip for X25519 because low level operations such as EC_POINT_mul()
* are not supported for this curve
*/
if (nid == NID_X25519)
return 1;
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
TEST_info("Curve %s failed\n", OBJ_nid2sn(nid));
return 0;
Expand Down
2 changes: 1 addition & 1 deletion test/ossl_shim/ossl_shim.cc
Original file line number Diff line number Diff line change
Expand Up @@ -968,7 +968,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
}
if (config->enable_all_curves) {
static const int kAllCurves[] = {
NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, NID_X25519,
NID_X25519, NID_X9_62_prime256v1, NID_X448, NID_secp521r1, NID_secp384r1
};
if (!SSL_set1_curves(ssl.get(), kAllCurves,
OPENSSL_ARRAY_SIZE(kAllCurves))) {
Expand Down
31 changes: 30 additions & 1 deletion test/ssl-tests/14-curves.conf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl

num_tests = 29
num_tests = 30

test-0 = 0-curve-sect163k1
test-1 = 1-curve-sect163r1
Expand Down Expand Up @@ -31,6 +31,7 @@ test-25 = 25-curve-brainpoolP256r1
test-26 = 26-curve-brainpoolP384r1
test-27 = 27-curve-brainpoolP512r1
test-28 = 28-curve-X25519
test-29 = 29-curve-X448
# ===========================================================

[0-curve-sect163k1]
Expand Down Expand Up @@ -843,3 +844,31 @@ ExpectedResult = Success
ExpectedTmpKeyType = X25519


# ===========================================================

[29-curve-X448]
ssl_conf = 29-curve-X448-ssl

[29-curve-X448-ssl]
server = 29-curve-X448-server
client = 29-curve-X448-client

[29-curve-X448-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Curves = X448
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[29-curve-X448-client]
CipherString = ECDHE
Curves = X448
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

[test-29]
ExpectedResult = Success
ExpectedTmpKeyType = X448


2 changes: 1 addition & 1 deletion test/ssl-tests/14-curves.conf.in
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1",
"secp160r2", "secp192k1", "prime192v1", "secp224k1",
"secp224r1", "secp256k1", "prime256v1", "secp384r1",
"secp521r1", "brainpoolP256r1", "brainpoolP384r1",
"brainpoolP512r1", "X25519");
"brainpoolP512r1", "X25519", "X448");

our @tests = ();

Expand Down
Loading

0 comments on commit fe93b01

Please sign in to comment.