SSL: add Elliptic Curve ciphers unit tests

1 files changed, 71 insertions, 4 deletions

diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 10bbd4d88b..aa87224305 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -69,6 +69,7 @@ groups() ->
      {session, [], session_tests()},
      {renegotiate, [], renegotiate_tests()},
      {ciphers, [], cipher_tests()},
+     {ciphers_ec, [], cipher_tests_ec()},
      {error_handling_tests, [], error_handling_tests()}
     ].
 
@@ -76,6 +77,7 @@ all_versions_groups ()->
     [{group, api},
      {group, renegotiate},
      {group, ciphers},
+     {group, ciphers_ec},
      {group, error_handling_tests}].
 
 
@@ -163,6 +165,12 @@ cipher_tests() ->
      srp_dsa_cipher_suites,
      default_reject_anonymous].
 
+cipher_tests_ec() ->
+    [ciphers_ecdsa_signed_certs,
+     ciphers_ecdsa_signed_certs_openssl_names,
+     ciphers_ecdh_rsa_signed_certs,
+     ciphers_ecdh_rsa_signed_certs_openssl_names].
+
 error_handling_tests()->
     [controller_dies,
      client_closes_socket,
@@ -191,7 +199,9 @@ init_per_suite(Config0) ->
 	    ct:print("Make certs  ~p~n", [Result]),
 
 	    Config1 = ssl_test_lib:make_dsa_cert(Config0),
-	    Config = ssl_test_lib:cert_options(Config1),
+	    Config2 = ssl_test_lib:make_ecdsa_cert(Config1),
+	    Config3 = ssl_test_lib:make_ecdh_rsa_cert(Config2),
+	    Config = ssl_test_lib:cert_options(Config3),
 	    [{watchdog, Dog} | Config]
     catch _:_ ->
 	    {skip, "Crypto did not start"}
@@ -1656,6 +1666,48 @@ default_reject_anonymous(Config) when is_list(Config) ->
 			      Client, {error, {tls_alert, "insufficient security"}}).
 
 %%--------------------------------------------------------------------
+ciphers_ecdsa_signed_certs() ->
+    [{doc, "Test all ecdsa ssl cipher suites in highest support ssl/tls version"}].
+
+ciphers_ecdsa_signed_certs(Config) when is_list(Config) ->
+    Version =
+       ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+
+    Ciphers = ssl_test_lib:ecdsa_suites(),
+    ct:print("~p erlang cipher suites ~p~n", [Version, Ciphers]),
+    run_suites(Ciphers, Version, Config, ecdsa).
+%%--------------------------------------------------------------------
+ciphers_ecdsa_signed_certs_openssl_names() ->
+    [{doc, "Test all ecdsa ssl cipher suites in highest support ssl/tls version"}].
+
+ciphers_ecdsa_signed_certs_openssl_names(Config) when is_list(Config) ->
+    Version =
+       ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:openssl_ecdsa_suites(),
+    ct:print("tls1 openssl cipher suites ~p~n", [Ciphers]),
+    run_suites(Ciphers, Version, Config, ecdsa).
+%%--------------------------------------------------------------------
+ciphers_ecdh_rsa_signed_certs() ->
+    [{doc, "Test all ecdh_rsa ssl cipher suites in highest support ssl/tls version"}].
+
+ciphers_ecdh_rsa_signed_certs(Config) when is_list(Config) ->
+    Version =
+       ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+
+    Ciphers = ssl_test_lib:ecdh_rsa_suites(),
+    ct:print("~p erlang cipher suites ~p~n", [Version, Ciphers]),
+    run_suites(Ciphers, Version, Config, ecdh_rsa).
+%%--------------------------------------------------------------------
+ciphers_ecdh_rsa_signed_certs_openssl_names() ->
+    [{doc, "Test all ecdh_rsa ssl cipher suites in highest support ssl/tls version"}].
+
+ciphers_ecdh_rsa_signed_certs_openssl_names(Config) when is_list(Config) ->
+    Version =
+       ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:openssl_ecdh_rsa_suites(),
+    ct:print("tls1 openssl cipher suites ~p~n", [Ciphers]),
+    run_suites(Ciphers, Version, Config, ecdh_rsa).
+%%--------------------------------------------------------------------
 reuse_session() ->
     [{doc,"Test reuse of sessions (short handshake)"}].
 reuse_session(Config) when is_list(Config) -> 
@@ -3149,12 +3201,21 @@ rizzo_test(Cipher, Config, Version, Mfa) ->
 	    [{Cipher, Error}]
     end.
 
-client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == rsa orelse KeyAlgo == dhe_rsa ->
+client_server_opts({KeyAlgo,_,_}, Config)
+  when KeyAlgo == rsa orelse
+       KeyAlgo == dhe_rsa orelse
+       KeyAlgo == ecdhe_rsa ->
     {?config(client_opts, Config),
      ?config(server_opts, Config)};
 client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo == dhe_dss ->
     {?config(client_dsa_opts, Config),
-     ?config(server_dsa_opts, Config)}.
+     ?config(server_dsa_opts, Config)};
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == ecdh_ecdsa orelse KeyAlgo == ecdhe_ecdsa ->
+    {?config(client_opts, Config),
+     ?config(server_ecdsa_opts, Config)};
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == ecdh_rsa ->
+    {?config(client_opts, Config),
+     ?config(server_ecdh_rsa_opts, Config)}.
 
 run_suites(Ciphers, Version, Config, Type) ->
     {ClientOpts, ServerOpts} =
@@ -3189,7 +3250,13 @@ run_suites(Ciphers, Version, Config, Type) ->
 		 ?config(server_srp_anon, Config)};
 	    srp_dsa ->
 		{?config(client_srp_dsa, Config),
-		 ?config(server_srp_dsa, Config)}
+		 ?config(server_srp_dsa, Config)};
+	    ecdsa ->
+		{?config(client_opts, Config),
+		 ?config(server_ecdsa_opts, Config)};
+	    ecdh_rsa ->
+		{?config(client_opts, Config),
+		 ?config(server_ecdh_rsa_opts, Config)}
 	    end,
 
     Result =  lists:map(fun(Cipher) ->