diff options
Diffstat (limited to 'lib/ssl/test/openssl_cipher_suite_SUITE.erl')
-rw-r--r-- | lib/ssl/test/openssl_cipher_suite_SUITE.erl | 70 |
1 files changed, 60 insertions, 10 deletions
diff --git a/lib/ssl/test/openssl_cipher_suite_SUITE.erl b/lib/ssl/test/openssl_cipher_suite_SUITE.erl index 64c3899889..61297a5f18 100644 --- a/lib/ssl/test/openssl_cipher_suite_SUITE.erl +++ b/lib/ssl/test/openssl_cipher_suite_SUITE.erl @@ -82,7 +82,11 @@ aes_128_gcm_sha256/1, chacha20_poly1305_sha256/1, aes_128_ccm_sha256/1, - aes_128_ccm_8_sha256/1 + aes_128_ccm_8_sha256/1, + ecdhe_ecdsa_with_aes_128_ccm/1, + ecdhe_ecdsa_with_aes_256_ccm/1, + ecdhe_ecdsa_with_aes_128_ccm_8/1, + ecdhe_ecdsa_with_aes_256_ccm_8/1 ]). -define(DEFAULT_TIMEOUT, {seconds, 6}). @@ -140,7 +144,11 @@ groups() -> ecdhe_ecdsa_aes_128_gcm, ecdhe_ecdsa_aes_256_cbc, ecdhe_ecdsa_aes_256_gcm, - ecdhe_ecdsa_chacha20_poly1305 + ecdhe_ecdsa_chacha20_poly1305, + ecdhe_ecdsa_with_aes_128_ccm, + ecdhe_ecdsa_with_aes_256_ccm, + ecdhe_ecdsa_with_aes_128_ccm_8, + ecdhe_ecdsa_with_aes_256_ccm_8 ]}, {rsa, [], [rsa_des_cbc, rsa_3des_ede_cbc, @@ -298,7 +306,8 @@ do_init_per_group(ecdhe_ecdsa = GroupName, Config) -> end; do_init_per_group(dhe_dss = GroupName, Config) -> PKAlg = proplists:get_value(public_keys, crypto:supports()), - case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) of + case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) + andalso (ssl_test_lib:openssl_dsa_suites() =/= []) of true -> init_certs(GroupName, Config); false -> @@ -306,7 +315,8 @@ do_init_per_group(dhe_dss = GroupName, Config) -> end; do_init_per_group(srp_dss = GroupName, Config) -> PKAlg = proplists:get_value(public_keys, crypto:supports()), - case lists:member(dss, PKAlg) andalso lists:member(srp, PKAlg) of + case lists:member(dss, PKAlg) andalso lists:member(srp, PKAlg) + andalso (ssl_test_lib:openssl_dsa_suites() =/= []) of true -> init_certs(GroupName, Config); false -> @@ -339,11 +349,11 @@ do_init_per_group(dhe_rsa = GroupName, Config) -> end; do_init_per_group(rsa = GroupName, Config) -> PKAlg = proplists:get_value(public_keys, crypto:supports()), - case lists:member(rsa, PKAlg) of + case lists:member(rsa, PKAlg) andalso ssl_test_lib:openssl_support_rsa_kex() of true -> init_certs(GroupName, Config); false -> - {skip, "Missing SRP crypto support"} + {skip, "Missing RSA key exchange support"} end; do_init_per_group(dh_anon = GroupName, Config) -> PKAlg = proplists:get_value(public_keys, crypto:supports()), @@ -478,6 +488,28 @@ init_per_testcase(aes_128_ccm_8_sha256, Config) -> {skip, "Missing AES_128_CCM_8 crypto support"} end; +init_per_testcase(TestCase, Config) when TestCase == ecdhe_ecdsa_with_aes_128_ccm; + TestCase == ecdhe_ecdsa_with_aes_128_ccm_8-> + SupCiphers = proplists:get_value(ciphers, crypto:supports()), + case lists:member(aes_128_ccm, SupCiphers) of + true -> + ct:timetrap(?DEFAULT_TIMEOUT), + Config; + _ -> + {skip, "Missing AES_128_CCM crypto support"} + end; + +init_per_testcase(TestCase, Config) when TestCase == ecdhe_ecdsa_with_aes_256_ccm; + TestCase == ecdhe_ecdsa_with_aes_256_ccm_8 -> + SupCiphers = proplists:get_value(ciphers, crypto:supports()), + case lists:member(aes_256_ccm, SupCiphers) of + true -> + ct:timetrap(?DEFAULT_TIMEOUT), + Config; + _ -> + {skip, "Missing AES_256_CCM crypto support"} + end; + init_per_testcase(TestCase, Config) -> Cipher = ssl_test_lib:test_cipher(TestCase, Config), SupCiphers = proplists:get_value(ciphers, crypto:supports()), @@ -728,6 +760,18 @@ ecdhe_ecdsa_aes_256_gcm(Config) when is_list(Config) -> ecdhe_ecdsa_chacha20_poly1305(Config) when is_list(Config) -> run_ciphers_test(ecdhe_ecdsa, 'chacha20_poly1305', Config). + +ecdhe_ecdsa_with_aes_128_ccm(Config) when is_list(Config) -> + run_ciphers_test(ecdhe_ecdsa, 'aes_128_ccm', Config). + +ecdhe_ecdsa_with_aes_256_ccm(Config) when is_list(Config) -> + run_ciphers_test(ecdhe_ecdsa, 'aes_256_ccm', Config). + +ecdhe_ecdsa_with_aes_128_ccm_8(Config) when is_list(Config) -> + run_ciphers_test(ecdhe_ecdsa, 'aes_128_ccm_8', Config). + +ecdhe_ecdsa_with_aes_256_ccm_8(Config) when is_list(Config) -> + run_ciphers_test(ecdhe_ecdsa, 'aes_256_ccm_8', Config). %%-------------------------------------------------------------------- %% DHE_DSS -------------------------------------------------------- %%-------------------------------------------------------------------- @@ -897,7 +941,7 @@ run_ciphers_test(Kex, Cipher, Config) -> {skip, {not_sup, Kex, Cipher, Version}} end. -cipher_suite_test(CipherSuite, _Version, Config) -> +cipher_suite_test(CipherSuite, Version, Config) -> #{server_config := SOpts, client_config := COpts} = proplists:get_value(tls_config, Config), ServerOpts = ssl_test_lib:ssl_options(SOpts, Config), @@ -905,11 +949,17 @@ cipher_suite_test(CipherSuite, _Version, Config) -> ct:log("Testing CipherSuite ~p~n", [CipherSuite]), ct:log("Server Opts ~p~n", [ServerOpts]), ct:log("Client Opts ~p~n", [ClientOpts]), - ssl_test_lib:basic_test([{ciphers, [CipherSuite]} | COpts], SOpts, Config). - + case proplists:get_value(server_type, Config) of + erlang -> + ssl_test_lib:basic_test([{ciphers, ssl:cipher_suites(all, Version)} | COpts], + [{ciphers, [CipherSuite]} | SOpts], Config); + _ -> + ssl_test_lib:basic_test([{versions, [Version]}, {ciphers, [CipherSuite]} | COpts], + [{ciphers, ssl:cipher_suites(all, Version)} | SOpts], Config) + end. test_ciphers(Kex, Cipher, Version) -> - Ciphers = ssl:filter_cipher_suites(ssl:cipher_suites(default, Version) ++ ssl:cipher_suites(anonymous, Version), + Ciphers = ssl:filter_cipher_suites(ssl:cipher_suites(all, Version) ++ ssl:cipher_suites(anonymous, Version), [{key_exchange, fun(Kex0) when (Kex0 == Kex) andalso (Version =/= 'tlsv1.3') -> true; (Kex0) when (Kex0 == any) andalso (Version == 'tlsv1.3') -> true; |