14-curves.cnf.in revision 1.1.1.1
1# -*- mode: perl; -*- 2 3## SSL test configurations 4 5package ssltests; 6 7use strict; 8use warnings; 9 10use OpenSSL::Test; 11use OpenSSL::Test::Utils qw(anydisabled); 12 13our $fips_mode; 14 15my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519", 16 "X448"); 17 18my @curves_tls_1_2 = ("sect233k1", "sect233r1", 19 "sect283k1", "sect283r1", "sect409k1", "sect409r1", 20 "sect571k1", "sect571r1", "secp224r1"); 21 22my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1", 23 "sect163r1", "sect193r1", "sect193r2", "sect239k1", 24 "secp160k1", "secp160r1", "secp160r2", "secp192k1", 25 "secp224k1", "secp256k1", "brainpoolP256r1", 26 "brainpoolP384r1", "brainpoolP512r1"); 27 28push @curves_tls_1_2, @curves_non_fips if !$fips_mode; 29 30our @tests = (); 31 32sub generate_tests() { 33 foreach (0..$#curves) { 34 my $curve = $curves[$_]; 35 push @tests, { 36 name => "curve-${curve}", 37 server => { 38 "Curves" => $curve, 39 "MaxProtocol" => "TLSv1.3" 40 }, 41 client => { 42 "CipherString" => "ECDHE", 43 "MaxProtocol" => "TLSv1.3", 44 "Curves" => $curve 45 }, 46 test => { 47 "ExpectedTmpKeyType" => $curve, 48 "ExpectedProtocol" => "TLSv1.3", 49 "ExpectedResult" => "Success" 50 }, 51 }; 52 } 53 foreach (0..$#curves_tls_1_2) { 54 my $curve = $curves_tls_1_2[$_]; 55 push @tests, { 56 name => "curve-${curve}", 57 server => { 58 "Curves" => $curve, 59 "MaxProtocol" => "TLSv1.3" 60 }, 61 client => { 62 "CipherString" => "ECDHE", 63 "MaxProtocol" => "TLSv1.2", 64 "Curves" => $curve 65 }, 66 test => { 67 "ExpectedTmpKeyType" => $curve, 68 "ExpectedProtocol" => "TLSv1.2", 69 "ExpectedResult" => "Success" 70 }, 71 }; 72 } 73 foreach (0..$#curves_tls_1_2) { 74 my $curve = $curves_tls_1_2[$_]; 75 push @tests, { 76 name => "curve-${curve}-tls12-in-tls13", 77 server => { 78 "Curves" => "$curve:P-256", 79 "CipherString" => 'DEFAULT@SECLEVEL=1', 80 "MaxProtocol" => "TLSv1.3" 81 }, 82 client => { 83 "CipherString" => 'ECDHE@SECLEVEL=1', 84 "MaxProtocol" => "TLSv1.3", 85 "MinProtocol" => "TLSv1.3", 86 "Curves" => "$curve:P-256" 87 }, 88 test => { 89 #This curve is not allowed in a TLSv1.3 key_share. We should 90 #succeed but fallback to P-256 91 "ExpectedTmpKeyType" => "P-256", 92 "ExpectedProtocol" => "TLSv1.3", 93 "ExpectedResult" => "Success" 94 }, 95 }; 96 } 97 foreach (0..$#curves_tls_1_2) { 98 my $curve = $curves_tls_1_2[$_]; 99 push @tests, { 100 name => "curve-${curve}-tls13", 101 server => { 102 "Curves" => $curve, 103 "MaxProtocol" => "TLSv1.3" 104 }, 105 client => { 106 "CipherString" => "ECDHE", 107 "MinProtocol" => "TLSv1.3", 108 "Curves" => $curve 109 }, 110 test => { 111 "ExpectedResult" => "ClientFail" 112 }, 113 }; 114 } 115} 116 117generate_tests(); 118