aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_ECC_SUITE.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2013-09-02 09:49:18 +0200
committerIngela Anderton Andin <[email protected]>2013-09-02 09:49:18 +0200
commit4b1b05ad4c5b5813ebb9e768b3fd2a3ebc0d4da0 (patch)
treec129659efec88eaa1770bf908716cab36e0be835 /lib/ssl/test/ssl_ECC_SUITE.erl
parent63a3de06cfc02762ff933bf34ec2a4307f51749b (diff)
parentc7ce9238217a2d0ca5bfbdeb25922495ef1d584a (diff)
downloadotp-4b1b05ad4c5b5813ebb9e768b3fd2a3ebc0d4da0.tar.gz
otp-4b1b05ad4c5b5813ebb9e768b3fd2a3ebc0d4da0.tar.bz2
otp-4b1b05ad4c5b5813ebb9e768b3fd2a3ebc0d4da0.zip
Merge branch 'ia/ssl/ecc-digitally_signed/OTP-11229' into maint
* ia/ssl/ecc-digitally_signed/OTP-11229: ssl: Skip second length indicator in EC extensions ssl: Handle signature_algorithm field in digitally_signed properly with proper defaults
Diffstat (limited to 'lib/ssl/test/ssl_ECC_SUITE.erl')
-rw-r--r--lib/ssl/test/ssl_ECC_SUITE.erl225
1 files changed, 225 insertions, 0 deletions
diff --git a/lib/ssl/test/ssl_ECC_SUITE.erl b/lib/ssl/test/ssl_ECC_SUITE.erl
new file mode 100644
index 0000000000..608f2f11c3
--- /dev/null
+++ b/lib/ssl/test/ssl_ECC_SUITE.erl
@@ -0,0 +1,225 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.2
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+
+-module(ssl_ECC_SUITE).
+
+%% Note: This directive should only be used in test suites.
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("public_key/include/public_key.hrl").
+
+%%--------------------------------------------------------------------
+%% Common Test interface functions -----------------------------------
+%%--------------------------------------------------------------------
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+ [
+ {group, 'tlsv1.2'},
+ {group, 'tlsv1.1'},
+ {group, 'tlsv1'}
+ ].
+
+groups() ->
+ [
+ {'tlsv1.2', [], all_versions_groups()},
+ {'tlsv1.1', [], all_versions_groups()},
+ {'tlsv1', [], all_versions_groups()},
+ {'erlang_server', [], key_cert_combinations()},
+ {'erlang_client', [], key_cert_combinations()},
+ {'erlang', [], key_cert_combinations()}
+ ].
+
+all_versions_groups ()->
+ [{group, 'erlang_server'},
+ {group, 'erlang_client'},
+ {group, 'erlang'}
+ ].
+
+key_cert_combinations() ->
+ [client_ec_server_ec,
+ client_rsa_server_ec,
+ client_ec_server_rsa,
+ client_rsa_server_rsa].
+
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+ catch crypto:stop(),
+ try crypto:start() of
+ ok ->
+ ssl:start(),
+ Config
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
+
+end_per_suite(_Config) ->
+ ssl:stop(),
+ application:stop(crypto).
+
+%%--------------------------------------------------------------------
+init_per_group(erlang_client, Config) ->
+ case ssl_test_lib:is_sane_ecc(openssl) of
+ true ->
+ common_init_per_group(erlang_client, [{server_type, openssl},
+ {client_type, erlang} | Config]);
+ false ->
+ {skip, "Known ECC bug in openssl"}
+ end;
+
+init_per_group(erlang_server, Config) ->
+ case ssl_test_lib:is_sane_ecc(openssl) of
+ true ->
+ common_init_per_group(erlang_client, [{server_type, erlang},
+ {client_type, openssl} | Config]);
+ false ->
+ {skip, "Known ECC bug in openssl"}
+ end;
+
+init_per_group(erlang = Group, Config) ->
+ case ssl_test_lib:sufficient_crypto_support(Group) of
+ true ->
+ common_init_per_group(erlang, [{server_type, erlang},
+ {client_type, erlang} | Config]);
+ false ->
+ {skip, "Crypto does not support ECC"}
+ end;
+init_per_group(Group, Config) ->
+ common_init_per_group(Group, Config).
+
+common_init_per_group(GroupName, Config) ->
+ case ssl_test_lib:is_tls_version(GroupName) of
+ true ->
+ ssl_test_lib:init_tls_version(GroupName),
+ [{tls_version, GroupName} | Config];
+ _ ->
+ openssl_check(GroupName, Config)
+ end.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+%%--------------------------------------------------------------------
+
+init_per_testcase(_TestCase, Config) ->
+ ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ct:log("Ciphers: ~p~n ", [ ssl:cipher_suites()]),
+ Config.
+
+end_per_testcase(_TestCase, Config) ->
+ Config.
+
+%%--------------------------------------------------------------------
+%% Test Cases --------------------------------------------------------
+%%--------------------------------------------------------------------
+
+client_ec_server_ec(Config) when is_list(Config) ->
+ basic_test("ec1.crt", "ec1.key", "ec2.crt", "ec2.key", Config).
+
+client_ec_server_rsa(Config) when is_list(Config) ->
+ basic_test("ec1.crt", "ec1.key", "rsa1.crt", "rsa1.key", Config).
+
+client_rsa_server_ec(Config) when is_list(Config) ->
+ basic_test("rsa1.crt", "rsa1.key", "ec2.crt", "ec2.key", Config).
+
+client_rsa_server_rsa(Config) when is_list(Config) ->
+ basic_test("rsa1.crt", "rsa1.key", "rsa2.crt", "rsa2.key", Config).
+
+%%--------------------------------------------------------------------
+%% Internal functions ------------------------------------------------
+%%--------------------------------------------------------------------
+basic_test(ClientCert, ClientKey, ServerCert, ServerKey, Config) ->
+ DataDir = ?config(data_dir, Config),
+ SType = ?config(server_type, Config),
+ CType = ?config(client_type, Config),
+ {Server, Port} = start_server(SType,
+ filename:join(DataDir, "CA.pem"),
+ filename:join(DataDir, ServerCert),
+ filename:join(DataDir, ServerKey),
+ Config),
+ Client = start_client(CType, Port, filename:join(DataDir, "CA.pem"),
+ filename:join(DataDir, ClientCert),
+ filename:join(DataDir, ClientKey), Config),
+ check_result(Server, SType, Client, CType).
+
+start_client(openssl, Port, CA, Cert, Key, _) ->
+ Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Cmd = "openssl s_client -port " ++ integer_to_list(Port) ++ ssl_test_lib:version_flag(Version) ++
+ " -cert " ++ Cert ++ " -CAfile " ++ CA
+ ++ " -key " ++ Key ++ " -host localhost -msg",
+ OpenSslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
+ true = port_command(OpenSslPort, "Hello world"),
+ OpenSslPort;
+start_client(erlang, Port, CA, Cert, Key, Config) ->
+ {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
+ ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, [{verify, verify_peer}, {cacertfile, CA},
+ {certfile, Cert}, {keyfile, Key}]}]).
+
+start_server(openssl, CA, Cert, Key, _) ->
+ Port = ssl_test_lib:inet_port(node()),
+ Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++ ssl_test_lib:version_flag(Version) ++
+ " -cert " ++ Cert ++ " -CAfile " ++ CA
+ ++ " -key " ++ Key ++ " -Verify 2 -msg",
+ OpenSslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
+ ssl_test_lib:wait_for_openssl_server(),
+ true = port_command(OpenSslPort, "Hello world"),
+ {OpenSslPort, Port};
+
+start_server(erlang, CA, Cert, Key, Config) ->
+ {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib,
+ send_recv_result_active,
+ []}},
+ {options,
+ [{verify, verify_peer}, {cacertfile, CA},
+ {certfile, Cert}, {keyfile, Key}]}]),
+ {Server, ssl_test_lib:inet_port(Server)}.
+
+check_result(Server, erlang, Client, erlang) ->
+ ssl_test_lib:check_result(Server, ok, Client, ok);
+check_result(Server, erlang, _, _) ->
+ ssl_test_lib:check_result(Server, ok);
+check_result(_, _, Client, erlang) ->
+ ssl_test_lib:check_result(Client, ok);
+check_result(_,openssl, _, openssl) ->
+ ok.
+
+openssl_check(erlang, Config) ->
+ Config;
+openssl_check(_, Config) ->
+ TLSVersion = ?config(tls_version, Config),
+ case ssl_test_lib:check_sane_openssl_version(TLSVersion) of
+ true ->
+ ssl:start(),
+ Config;
+ false ->
+ {skip, "TLS version not supported by openssl"}
+ end.
+