ssl: Handle signature_algorithm field in digitally_signed properly

with proper defaults

Added ssl_ECC_SUITE

1 files changed, 225 insertions, 0 deletions

diff --git a/lib/ssl/test/ssl_ECC_SUITE.erl b/lib/ssl/test/ssl_ECC_SUITE.erl
new file mode 100644
index 0000000000..608f2f11c3
--- /dev/null
+++ b/lib/ssl/test/ssl_ECC_SUITE.erl
@@ -0,0 +1,225 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.2
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+
+-module(ssl_ECC_SUITE).
+
+%% Note: This directive should only be used in test suites.
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include_lib("public_key/include/public_key.hrl").
+
+%%--------------------------------------------------------------------
+%% Common Test interface functions -----------------------------------
+%%--------------------------------------------------------------------
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+    [
+     {group, 'tlsv1.2'},
+     {group, 'tlsv1.1'},
+     {group, 'tlsv1'}
+    ].
+
+groups() ->
+    [
+     {'tlsv1.2', [], all_versions_groups()},
+     {'tlsv1.1', [], all_versions_groups()},
+     {'tlsv1', [], all_versions_groups()},
+     {'erlang_server', [], key_cert_combinations()},
+     {'erlang_client', [], key_cert_combinations()},
+     {'erlang', [], key_cert_combinations()}
+    ].
+
+all_versions_groups ()->
+    [{group, 'erlang_server'},
+     {group, 'erlang_client'},
+     {group, 'erlang'}
+    ].
+
+key_cert_combinations() ->
+    [client_ec_server_ec,
+     client_rsa_server_ec,
+     client_ec_server_rsa,
+     client_rsa_server_rsa].
+
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+    catch crypto:stop(),
+    try crypto:start() of
+	ok ->
+	    ssl:start(),
+	    Config
+    catch _:_ ->
+	    {skip, "Crypto did not start"}
+    end.
+
+end_per_suite(_Config) ->
+    ssl:stop(),
+    application:stop(crypto).
+
+%%--------------------------------------------------------------------
+init_per_group(erlang_client, Config) ->
+    case ssl_test_lib:is_sane_ecc(openssl) of
+	true ->
+	    common_init_per_group(erlang_client, [{server_type, openssl},
+						  {client_type, erlang} | Config]);
+	false ->
+	    {skip, "Known ECC bug in openssl"}
+    end;
+
+init_per_group(erlang_server, Config) ->
+    case ssl_test_lib:is_sane_ecc(openssl) of 
+	true ->
+	    common_init_per_group(erlang_client, [{server_type, erlang},
+						  {client_type, openssl} | Config]);
+	false ->
+	    {skip, "Known ECC bug in openssl"}
+    end;
+	
+init_per_group(erlang = Group, Config) ->
+     case ssl_test_lib:sufficient_crypto_support(Group) of
+	 true ->
+	     common_init_per_group(erlang, [{server_type, erlang},
+					    {client_type, erlang} | Config]);
+	 false ->
+	      {skip, "Crypto does not support ECC"}
+     end;		 
+init_per_group(Group, Config) ->
+    common_init_per_group(Group, Config).
+
+common_init_per_group(GroupName, Config) ->
+    case ssl_test_lib:is_tls_version(GroupName) of
+	true ->
+	    ssl_test_lib:init_tls_version(GroupName),
+	    [{tls_version, GroupName} | Config];
+	_ ->
+	   openssl_check(GroupName, Config)
+    end.
+
+end_per_group(_GroupName, Config) ->
+    Config.
+
+%%--------------------------------------------------------------------
+
+init_per_testcase(_TestCase, Config) ->
+    ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+    ct:log("Ciphers: ~p~n ", [ ssl:cipher_suites()]),
+    Config.
+
+end_per_testcase(_TestCase, Config) ->
+    Config.
+
+%%--------------------------------------------------------------------
+%% Test Cases --------------------------------------------------------
+%%--------------------------------------------------------------------
+
+client_ec_server_ec(Config) when is_list(Config) ->
+    basic_test("ec1.crt", "ec1.key", "ec2.crt", "ec2.key", Config).
+
+client_ec_server_rsa(Config)  when is_list(Config) ->
+    basic_test("ec1.crt", "ec1.key", "rsa1.crt", "rsa1.key", Config).
+
+client_rsa_server_ec(Config)  when is_list(Config) ->
+    basic_test("rsa1.crt", "rsa1.key", "ec2.crt", "ec2.key", Config).
+
+client_rsa_server_rsa(Config)  when is_list(Config) ->
+    basic_test("rsa1.crt", "rsa1.key", "rsa2.crt", "rsa2.key", Config).
+
+%%--------------------------------------------------------------------
+%% Internal functions ------------------------------------------------
+%%--------------------------------------------------------------------
+basic_test(ClientCert, ClientKey, ServerCert, ServerKey, Config) ->
+    DataDir = ?config(data_dir, Config),
+    SType = ?config(server_type, Config),
+    CType = ?config(client_type, Config),
+    {Server, Port} = start_server(SType,
+				  filename:join(DataDir, "CA.pem"),
+				  filename:join(DataDir, ServerCert),
+				  filename:join(DataDir, ServerKey),
+				  Config),
+    Client = start_client(CType, Port, filename:join(DataDir, "CA.pem"),
+			  filename:join(DataDir, ClientCert),
+			  filename:join(DataDir, ClientKey), Config),
+    check_result(Server, SType, Client, CType).
+
+start_client(openssl, Port, CA, Cert, Key, _) ->
+    Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+    Cmd = "openssl s_client -port " ++ integer_to_list(Port) ++  ssl_test_lib:version_flag(Version) ++
+	" -cert " ++ Cert ++ " -CAfile " ++ CA
+	++ " -key " ++ Key ++ " -host localhost -msg",
+    OpenSslPort =  open_port({spawn, Cmd}, [stderr_to_stdout]),
+    true = port_command(OpenSslPort, "Hello world"),
+    OpenSslPort;
+start_client(erlang, Port, CA, Cert, Key, Config) ->
+    {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
+    ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+			       {host, Hostname},
+			       {from, self()},
+			       {mfa, {ssl_test_lib, send_recv_result_active, []}},
+			       {options, [{verify, verify_peer}, {cacertfile, CA},
+					  {certfile, Cert}, {keyfile, Key}]}]).
+
+start_server(openssl, CA, Cert, Key, _) ->
+    Port = ssl_test_lib:inet_port(node()),
+    Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+    Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++ ssl_test_lib:version_flag(Version) ++
+	" -cert " ++ Cert ++ " -CAfile " ++ CA
+	++ " -key " ++ Key ++ " -Verify 2 -msg",
+    OpenSslPort =  open_port({spawn, Cmd}, [stderr_to_stdout]),
+    ssl_test_lib:wait_for_openssl_server(),
+    true = port_command(OpenSslPort, "Hello world"),
+    {OpenSslPort, Port};
+
+start_server(erlang, CA, Cert, Key, Config) ->
+    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+			       {from, self()},
+			       {mfa, {ssl_test_lib,
+				      send_recv_result_active,
+				      []}},
+			       {options,
+				[{verify, verify_peer}, {cacertfile, CA},
+				 {certfile, Cert}, {keyfile, Key}]}]),
+    {Server, ssl_test_lib:inet_port(Server)}.
+
+check_result(Server, erlang, Client, erlang) ->
+    ssl_test_lib:check_result(Server, ok, Client, ok);
+check_result(Server, erlang, _, _) ->
+    ssl_test_lib:check_result(Server, ok);
+check_result(_, _, Client, erlang) ->
+    ssl_test_lib:check_result(Client, ok);
+check_result(_,openssl, _, openssl) ->
+    ok.
+
+openssl_check(erlang, Config) ->
+    Config;
+openssl_check(_, Config) ->
+    TLSVersion = ?config(tls_version, Config),
+    case ssl_test_lib:check_sane_openssl_version(TLSVersion) of
+	true ->
+	    ssl:start(),
+	    Config;
+	false ->
+	    {skip, "TLS version not supported by openssl"}
+    end.
+