Added server and client mode tests for ECDH-ECDSA.

5 files changed, 126 insertions, 13 deletions

diff --git a/tests/certs/ca-cert-ecc.pem b/tests/certs/ca-cert-ecc.pem
new file mode 100644
index 0000000000..ad8a34b552
--- /dev/null
+++ b/tests/certs/ca-cert-ecc.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwHhcNMTEwNTIzMjAzODIxWhcNMTIxMjIyMDc0MTUxWjB9MQsw
+CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy
+dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu
+dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB
+BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X
+uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud
+DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG
+SM49BAMCA0gAMEUCIDGuwD1KPyG+hRf88MeyMQcqOFZD0TbVleF+UsAGQ4enAiEA
+l4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
+-----END CERTIFICATE-----
diff --git a/tests/certs/ca-ecc.pem b/tests/certs/ca-ecc.pem
new file mode 100644
index 0000000000..3f15e017ac
--- /dev/null
+++ b/tests/certs/ca-ecc.pem
@@ -0,0 +1,28 @@
+Testing SECP224R1 (1)
+Testing SECP256R1 (2)
+Testing SECP384R1 (3)
+Public Key Info:
+	Public Key Algorithm: ECC
+	Key Security Level: High
+
+curve:	SECP256R1
+private key:
+	19:f4:6b:fc:8e:67:e7:51:98:ef:58:67:5f:4c:ee:
+	22:b9:2e:a4:22:ad:99:28:0d:29:c1:1e:3b:f7:2c:
+	61:48:
+x:
+	52:d8:8d:23:8a:e3:67:d7:86:36:b1:20:0b:09:7d:
+	c8:c9:ba:a2:20:95:2f:c5:4a:63:fa:83:5f:ce:78:
+	2f:8f:
+y:
+	00:f3:62:ca:fd:b7:f7:80:56:9d:6e:17:b9:0e:11:
+	4c:48:b2:c0:af:3b:59:17:16:30:68:09:07:99:17:
+	fe:dd:a7:
+
+Public Key ID: D8:37:48:4E:0C:07:DE:56:4E:C8:1E:7F:13:1D:7B:54:FA:9D:2D:BE
+
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBn0a/yOZ+dRmO9YZ19M7iK5LqQirZkoDSnBHjv3LGFIoAoGCCqGSM49
+AwEHoUQDQgAEUtiNI4rjZ9eGNrEgCwl9yMm6oiCVL8VKY/qDX854L4/zYsr9t/eA
+Vp1uF7kOEUxIssCvO1kXFjBoCQeZF/7dpw==
+-----END EC PRIVATE KEY-----
diff --git a/tests/certs/cert-ecc.pem b/tests/certs/cert-ecc.pem
new file mode 100644
index 0000000000..d0baccb049
--- /dev/null
+++ b/tests/certs/cert-ecc.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAaGgAwIBAgIETd4LiTAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEP
+MA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0
+aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZp
+Y2F0ZSBhdXRob3JpdHkwHhcNMTEwNTI2MDgxMjU4WhcNMTIxMjI0MTkxNjI5WjAh
+MQswCQYDVQQGEwJCRTESMBAGA1UEAxMJbG9jYWxob3N0ME4wEAYHKoZIzj0CAQYF
+K4EEACEDOgAEajvYx+4zlK+ML3N97kxGydOZ09wqD7YwOvRqLEt6lYUymIwd7RpG
+Ejz2W69GUXtw8vMbZmULNjyjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYI
+KwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUm+S0YAc8Me/osocf
+UaYG4uYxpwkwHwYDVR0jBBgwFoAU8LSB/pgSv7UouWRAA8vMH2ZOKAMwCgYIKoZI
+zj0EAwIDRwAwRAIgTqvgggIh57TVhSKXRie+XDhndnCUeNTE7qx2VO5CgfACIAwA
+OLnOYanr1sWQVKxSACU1wnNZ6UsuWSMr/uDlKJfZ
+-----END CERTIFICATE-----
diff --git a/tests/certs/ecc.pem b/tests/certs/ecc.pem
new file mode 100644
index 0000000000..0204664841
--- /dev/null
+++ b/tests/certs/ecc.pem
@@ -0,0 +1,25 @@
+Testing SECP224R1 (1)
+Testing SECP256R1 (2)
+Testing SECP384R1 (3)
+Public Key Info:
+	Public Key Algorithm: ECC
+	Key Security Level: Normal
+
+curve:	SECP224R1
+private key:
+	00:ff:d4:4c:0f:f1:ec:f1:8d:1c:a3:b4:57:1a:92:
+	65:5f:91:69:6e:ae:d4:e1:c7:02:be:84:e8:6c:
+x:
+	6a:3b:d8:c7:ee:33:94:af:8c:2f:73:7d:ee:4c:46:
+	c9:d3:99:d3:dc:2a:0f:b6:30:3a:f4:6a:2c:
+y:
+	4b:7a:95:85:32:98:8c:1d:ed:1a:46:12:3c:f6:5b:
+	af:46:51:7b:70:f2:f3:1b:66:65:0b:36:3c:
+
+Public Key ID: 0E:DF:58:4C:FA:6C:38:DE:12:4D:D3:28:77:51:37:02:5C:CA:24:DF
+
+-----BEGIN EC PRIVATE KEY-----
+MGkCAQEEHQD/1EwP8ezxjRyjtFcakmVfkWlurtThxwK+hOhsoAcGBSuBBAAhoTwD
+OgAEajvYx+4zlK+ML3N97kxGydOZ09wqD7YwOvRqLEt6lYUymIwd7RpGEjz2W69G
+UXtw8vMbZmULNjw=
+-----END EC PRIVATE KEY-----
diff --git a/tests/suite/testcompat-main b/tests/suite/testcompat-main
index ee9a92464b..b17f38c6f5 100755
--- a/tests/suite/testcompat-main
+++ b/tests/suite/testcompat-main
@@ -31,8 +31,11 @@ fi
 
 . ../scripts/common.sh
 
-echo "Compatibility checks using "`openssl version`
-openssl version|grep -e 1\.0 >/dev/null 2>&1
+SERV=openssl
+OPENSSL_CLI="openssl"
+
+echo "Compatibility checks using "`$SERV version`
+$SERV version|grep -e 1\.0 >/dev/null 2>&1
 SV=$?
 if test $SV != 0;then
   echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
@@ -48,6 +51,10 @@ CA_CERT=$srcdir/../../doc/credentials/x509-ca.pem
 CLI_CERT=$srcdir/../../doc/credentials/x509-client.pem
 CLI_KEY=$srcdir/../../doc/credentials/x509-client-key.pem
 
+CA_ECC_CERT=$srcdir/../certs/ca-cert-ecc.pem
+ECC_CERT=$srcdir/../certs/cert-ecc.pem
+ECC_KEY=$srcdir/../certs/ecc.pem
+
 SERV_CERT=$srcdir/../../doc/credentials/x509-server.pem
 SERV_KEY=$srcdir/../../doc/credentials/x509-server-key.pem
 SERV_DSA_CERT=$srcdir/../../doc/credentials/x509-server-dsa.pem
@@ -57,7 +64,6 @@ echo "#####################"
 echo "# Client mode tests #"
 echo "#####################"
 
-SERV=openssl
 
 launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -ssl3 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
 PID=$!
@@ -113,6 +119,23 @@ $CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL
 kill $PID
 wait
 
+if test $SV = 0;then
+
+#-cipher ECDHE-ECDSA-AES128-SHA
+launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem -certform pem -tls1 -key $ECC_KEY -cert $ECC_CERT -Verify 1 -named_curve secp224r1 -CAfile $CA_ECC_CERT &
+PID=$!
+wait_server $PID
+
+# Test TLS 1.0 with ECDHE-ECDSA ciphersuite
+echo "Checking TLS 1.0 with ECDHE-ECDSA..." 
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --insecure --x509certfile $ECC_CERT --x509keyfile $ECC_KEY </dev/null >/dev/null || \
+  fail "Failed"
+
+kill $PID
+wait
+
+fi
+
 launch_bare_server $$ s_server -quiet -accept $PORT -keyform pem -certform pem -dtls1 -mtu 1000 -timeout -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey $DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
 PID=$!
 wait_server $PID
@@ -161,7 +184,6 @@ echo "#####################"
 echo "# Server mode tests #"
 echo "#####################"
 SERV="../../src/gnutls-serv$EXEEXT -q"
-CLI="openssl"
 PORT="5559"
 
 # Note that openssl s_client does not return error code on failure
@@ -170,7 +192,7 @@ echo "Check SSL 3.0 with RSA ciphersuite"
 launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
 wait_server $PID
 
-$CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail "Failed"
 
 kill $PID
@@ -180,7 +202,7 @@ echo "Check SSL 3.0 with DHE-RSA ciphersuite"
 launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
 wait_server $PID
 
-$CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail "Failed"
 
 kill $PID
@@ -190,7 +212,7 @@ echo "Check SSL 3.0 with DHE-DSS ciphersuite"
 launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-SSL3.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh  & PID=$!
 wait_server $PID
 
-$CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client  -host localhost -port $PORT -ssl3 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail "Failed"
 
 kill $PID
@@ -202,7 +224,7 @@ echo "Check TLS 1.0 with RSA ciphersuite (SSLv2 hello)"
 launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh & PID=$!
 wait_server $PID
 
-$CLI s_client  -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client  -host localhost -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail "Failed"
 
 kill $PID
@@ -212,7 +234,7 @@ echo "Check TLS 1.0 with DHE-RSA ciphersuite"
 launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
 wait_server $PID
 
-$CLI s_client  -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail "Failed"
 
 kill $PID
@@ -222,7 +244,7 @@ echo "Check TLS 1.0 with DHE-DSS ciphersuite"
 launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS" --x509certfile $SERV_DSA_CERT --x509keyfile $SERV_DSA_KEY --dhparams params.dh  & PID=$!
 wait_server $PID
 
-$CLI s_client  -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail "Failed"
 
 kill $PID
@@ -231,11 +253,22 @@ wait
 if test $SV = 0;then
 
 echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
-launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
+launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL" --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT & PID=$!
 wait_server $PID
 
 #-cipher ECDHE-RSA-AES128-SHA 
-$CLI s_client  -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+  fail "Failed"
+
+kill $PID
+wait
+
+echo "Check TLS 1.0 with ECDHE-ECDSA ciphersuite"
+launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-ECDSA:+CURVE-ALL" --x509certfile $ECC_CERT --x509keyfile $ECC_KEY --x509cafile $CA_ECC_CERT & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-ECDSA-AES128-SHA 
+$OPENSSL_CLI s_client  -host localhost -tls1 -port $PORT -cert $ECC_CERT -key $ECC_KEY -CAfile $CA_ECC_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail "Failed"
 
 kill $PID
@@ -246,7 +279,7 @@ echo "Check DTLS 1.0 with RSA ciphersuite"
 launch_server $$  --priority "NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+RSA" --udp --x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT --dhparams params.dh  & PID=$!
 wait_server $PID
 
-$CLI s_client  -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+$OPENSSL_CLI s_client  -host localhost -port $PORT -dtls1 -cert $CLI_CERT -key $CLI_KEY -CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
   fail "Failed"
 
 kill $PID