diff options
| author | Ingela Anderton Andin <ingela@erlang.org> | 2021-04-12 14:21:43 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <ingela@erlang.org> | 2021-04-30 16:58:24 +0200 |
| commit | 0706f322ba1864ab83b74e752602f7d3e1feb2c2 (patch) | |
| tree | a170d9b0ce5dd6e44b80efd80bcdaa5104e1458b /lib/ssl/test/ssl_cert_SUITE.erl | |
| parent | 37a58368d7876e325710a4c269f0af27b40434c6 (diff) | |
| download | erlang-0706f322ba1864ab83b74e752602f7d3e1feb2c2.tar.gz | |
ssl: Add support for EDDSA
Closes #4637
Diffstat (limited to 'lib/ssl/test/ssl_cert_SUITE.erl')
| -rw-r--r-- | lib/ssl/test/ssl_cert_SUITE.erl | 56 |
1 files changed, 44 insertions, 12 deletions
diff --git a/lib/ssl/test/ssl_cert_SUITE.erl b/lib/ssl/test/ssl_cert_SUITE.erl index a142115b55..562d12a7ab 100644 --- a/lib/ssl/test/ssl_cert_SUITE.erl +++ b/lib/ssl/test/ssl_cert_SUITE.erl @@ -147,7 +147,8 @@ groups() -> {rsa_pss_rsae_1_3, [], all_version_tests() ++ rsa_tests() ++ tls_1_3_tests() ++ tls_1_3_rsa_tests()}, {rsa_pss_pss, [], all_version_tests() ++ rsa_tests()}, {rsa_pss_pss_1_3, [], all_version_tests() ++ rsa_tests() ++ tls_1_3_tests() ++ tls_1_3_rsa_tests()}, - {ecdsa_1_3, [], all_version_tests() ++ tls_1_3_tests()} + {ecdsa_1_3, [], all_version_tests() ++ tls_1_3_tests()}, + {eddsa_1_3, [], all_version_tests() ++ tls_1_3_tests()} ]. ssl_protocol_groups() -> @@ -165,6 +166,7 @@ tls_1_2_protocol_groups() -> tls_1_3_protocol_groups() -> [{group, rsa_1_3}, {group, ecdsa_1_3}, + {group, eddsa_1_3}, {group, rsa_pss_rsae_1_3}, {group, rsa_pss_pss_1_3} ]. @@ -229,7 +231,6 @@ init_per_suite(Config) -> catch crypto:stop(), try crypto:start() of ok -> - ssl_test_lib:clean_start(), Config catch _:_ -> {skip, "Crypto did not start"} @@ -244,6 +245,7 @@ end_per_suite(_Config) -> init_per_group(GroupName, Config) -> case ssl_test_lib:is_protocol_version(GroupName) of true -> + ssl_test_lib:clean_start(), ssl_test_lib:init_per_group(GroupName, [{client_type, erlang}, {server_type, erlang}, @@ -289,7 +291,7 @@ do_init_per_group(Alg, Config) when Alg == rsa_pss_rsae; {skip, "Missing EC crypto support"} end; do_init_per_group(Group, Config0) when Group == ecdsa; - Group == ecdsa_1_3 -> + Group == ecdsa_1_3 -> PKAlg = crypto:supports(public_keys), case lists:member(ecdsa, PKAlg) andalso (lists:member(ecdh, PKAlg) orelse lists:member(dh, PKAlg)) of @@ -307,12 +309,36 @@ do_init_per_group(Group, Config0) when Group == ecdsa; false -> {skip, "Missing EC crypto support"} end; - -do_init_per_group(Group, Config0) when Group == dsa -> +do_init_per_group(eddsa_1_3, Config0) -> + PKAlg = crypto:supports(public_keys), + PrivDir = proplists:get_value(priv_dir, Config0), + case lists:member(eddsa, PKAlg) andalso (lists:member(ecdh, PKAlg)) of + true -> + Conf = public_key:pkix_test_data(#{server_chain => #{root => ssl_test_lib:eddsa_conf(), + intermediates => [ssl_test_lib:eddsa_conf()], + peer => ssl_test_lib:eddsa_conf()}, + client_chain => #{root => ssl_test_lib:eddsa_conf(), + intermediates => [ssl_test_lib:eddsa_conf()], + peer => ssl_test_lib:eddsa_conf()}}), + [{server_config, SOpts}, + {client_config, COpts}] = x509_test:gen_pem_config_files(Conf, filename:join(PrivDir, "client_eddsa"), + filename:join(PrivDir, "server_eddsa")), + + [{cert_key_alg, eddsa} | + lists:delete(cert_key_alg, + [{client_cert_opts, COpts}, + {server_cert_opts, SOpts} | + lists:delete(server_cert_opts, + lists:delete(client_cert_opts, Config0))] + )]; + false -> + {skip, "Missing EC crypto support"} + end; +do_init_per_group(dsa, Config0) -> PKAlg = crypto:supports(public_keys), case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) of true -> - Config = ssl_test_lib:make_dsa_cert(Config0), + Config = ssl_test_lib:make_dsa_cert(Config0), COpts = proplists:get_value(client_dsa_opts, Config), SOpts = proplists:get_value(server_dsa_opts, Config), [{cert_key_alg, dsa} | @@ -324,7 +350,7 @@ do_init_per_group(Group, Config0) when Group == dsa -> false -> {skip, "Missing DSS crypto support"} end; -do_init_per_group(Group, Config) -> +do_init_per_group(_Group, Config) -> Config. end_per_group(GroupName, Config) -> @@ -491,7 +517,9 @@ missing_root_cert_auth_user_verify_fun_reject(Config) -> incomplete_chain_auth() -> [{doc,"Test that we can verify an incompleat chain when we have the certs to rebuild it"}]. incomplete_chain_auth(Config) when is_list(Config) -> - DefaultCertConf = ssl_test_lib:default_cert_chain_conf(), + Prop = proplists:get_value(tc_group_properties, Config), + Group = proplists:get_value(name, Prop), + DefaultCertConf = ssl_test_lib:default_ecc_cert_chain_conf(Group), #{client_config := ClientOpts0, server_config := ServerOpts0} = ssl_test_lib:make_cert_chains_der(proplists:get_value(cert_key_alg, Config), [{server_chain, DefaultCertConf}, @@ -608,7 +636,8 @@ critical_extension_auth() -> [{doc,"Test cert that has a critical unknown extension in verify_peer mode"}]. critical_extension_auth(Config) when is_list(Config) -> - DefaultCertConf = ssl_test_lib:default_cert_chain_conf(), + Prop = proplists:get_value(tc_group_properties, Config), + DefaultCertConf = ssl_test_lib:default_ecc_cert_chain_conf(proplists:get_value(name, Prop)), Ext = x509_test:extensions([{{2,16,840,1,113730,1,1}, <<3,2,6,192>>, true}]), #{client_config := ClientOpts0, server_config := ServerOpts0} = ssl_test_lib:make_cert_chains_der(proplists:get_value(cert_key_alg, Config), @@ -674,7 +703,8 @@ critical_extension_no_auth() -> [{doc,"Test cert that has a critical unknown extension in verify_none mode"}]. critical_extension_no_auth(Config) when is_list(Config) -> - DefaultCertConf = ssl_test_lib:default_cert_chain_conf(), + Prop = proplists:get_value(tc_group_properties, Config), + DefaultCertConf = ssl_test_lib:default_ecc_cert_chain_conf(proplists:get_value(name, Prop)), Ext = x509_test:extensions([{{2,16,840,1,113730,1,1}, <<3,2,6,192>>, true}]), #{client_config := ClientOpts0, server_config := ServerOpts0} = ssl_test_lib:make_cert_chains_der(proplists:get_value(cert_key_alg, Config), @@ -692,7 +722,8 @@ extended_key_usage_auth() -> [{doc,"Test cert that has a critical extended_key_usage extension in server cert"}]. extended_key_usage_auth(Config) when is_list(Config) -> - DefaultCertConf = ssl_test_lib:default_cert_chain_conf(), + Prop = proplists:get_value(tc_group_properties, Config), + DefaultCertConf = ssl_test_lib:default_ecc_cert_chain_conf(proplists:get_value(name, Prop)), Ext = x509_test:extensions([{?'id-ce-extKeyUsage', [?'id-kp-serverAuth'], true}]), #{client_config := ClientOpts0, @@ -762,7 +793,8 @@ cert_expired() -> [{doc,"Test server with expired certificate"}]. cert_expired(Config) when is_list(Config) -> - DefaultCertConf = ssl_test_lib:default_cert_chain_conf(), + Prop = proplists:get_value(tc_group_properties, Config), + DefaultCertConf = ssl_test_lib:default_ecc_cert_chain_conf(proplists:get_value(name, Prop)), {Year, Month, Day} = date(), #{client_config := ClientOpts0, server_config := ServerOpts0} = ssl_test_lib:make_cert_chains_der(proplists:get_value(cert_key_alg, Config), |