ssl: Add new interop test suite

Remove test form "ECC suites" that are covered by the new interop
suite or by the fairly new ssl_cipher_suite_SUITE.

1 files changed, 25 insertions, 53 deletions

diff --git a/lib/ssl/test/ssl_cipher_suite_SUITE.erl b/lib/ssl/test/ssl_cipher_suite_SUITE.erl
index 7b0e4d1cbf..51788c29e7 100644
--- a/lib/ssl/test/ssl_cipher_suite_SUITE.erl
+++ b/lib/ssl/test/ssl_cipher_suite_SUITE.erl
@@ -127,7 +127,6 @@ groups() ->
                ]}
     ].
 
-
 kex() ->
      rsa() ++ ecdsa() ++ dss() ++ anonymous().
 
@@ -154,7 +153,6 @@ anonymous() ->
      {group, ecdhe_psk},
      {group, srp_anon}
     ].
-    
 
 init_per_suite(Config) ->
     catch crypto:stop(),
@@ -170,7 +168,7 @@ end_per_suite(_Config) ->
     ssl:stop(),
     application:stop(crypto).
 
-%%--------------------------------------------------------------------
+
 init_per_group(GroupName, Config) when GroupName == ecdh_anon;
                                        GroupName == ecdhe_rsa;
                                        GroupName == ecdhe_psk ->
@@ -236,6 +234,7 @@ end_per_group(GroupName, Config) ->
       false ->
           Config
   end.
+
 init_per_testcase(TestCase, Config) when TestCase == psk_3des_ede_cbc;
                                          TestCase == srp_anon_3des_ede_cbc;
                                          TestCase == dhe_psk_3des_ede_cbc;
@@ -302,8 +301,7 @@ init_per_testcase(TestCase, Config) when TestCase == psk_aes_256_ccm_8;
             {skip, "Missing AES_256_CCM crypto support"}
     end;
 init_per_testcase(TestCase, Config) ->
-    Cipher = test_cipher(TestCase, Config),
-    %%Reason = io_lib:format("Missing ~p crypto support", [Cipher]),
+    Cipher = ssl_test_lib:test_cipher(TestCase, Config),
     SupCiphers = proplists:get_value(ciphers, crypto:supports()),
     case lists:member(Cipher, SupCiphers) of
         true ->
@@ -316,17 +314,21 @@ init_per_testcase(TestCase, Config) ->
 end_per_testcase(_TestCase, Config) ->
     Config.
 
+%%--------------------------------------------------------------------
+%% Initializtion   ------------------------------------------
+%%--------------------------------------------------------------------
+
 init_certs(srp_rsa, Config) ->
-    DefConf = default_cert_chain_conf(),
+    DefConf = ssl_test_lib:default_cert_chain_conf(),
     CertChainConf = ssl_test_lib:gen_conf(rsa, rsa, DefConf, DefConf),
     #{server_config := ServerOpts,
       client_config := ClientOpts} 
         = public_key:pkix_test_data(CertChainConf),
-    [{tls_config, #{server_config => [{user_lookup_fun, {fun user_lookup/3, undefined}} | ServerOpts],
+    [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, undefined}} | ServerOpts],
                     client_config => [{srp_identity, {"Test-User", "secret"}} | ClientOpts]}} |
      proplists:delete(tls_config, Config)];
 init_certs(srp_anon, Config) ->
-    [{tls_config, #{server_config => [{user_lookup_fun, {fun user_lookup/3, undefined}}],
+    [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, undefined}}],
                     client_config => [{srp_identity, {"Test-User", "secret"}}]}} |
      proplists:delete(tls_config, Config)];
 init_certs(rsa_psk, Config) ->
@@ -335,9 +337,9 @@ init_certs(rsa_psk, Config) ->
                                                                    [[],[],[{extensions, ClientExt}]]}], 
                                                                  Config, "_peer_keyEncipherment"),
     PskSharedSecret = <<1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>,
-    [{tls_config, #{server_config => [{user_lookup_fun, {fun user_lookup/3, PskSharedSecret}} | ServerOpts],
+    [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, PskSharedSecret}} | ServerOpts],
                     client_config => [{psk_identity, "Test-User"},
-                                      {user_lookup_fun, {fun user_lookup/3, PskSharedSecret}} | ClientOpts]}} |
+                                      {user_lookup_fun, {fun ssl_test_lib:user_lookup/3, PskSharedSecret}} | ClientOpts]}} |
      proplists:delete(tls_config, Config)];
 init_certs(rsa, Config) ->
     ClientExt = x509_test:extensions([{key_usage, [digitalSignature, keyEncipherment]}]),
@@ -348,7 +350,7 @@ init_certs(rsa, Config) ->
                     client_config => ClientOpts}} |
      proplists:delete(tls_config, Config)];
 init_certs(dhe_dss, Config) ->
-    DefConf = default_cert_chain_conf(),
+    DefConf = ssl_test_lib:default_cert_chain_conf(),
     CertChainConf = ssl_test_lib:gen_conf(dsa, dsa, DefConf, DefConf),
     #{server_config := ServerOpts,
       client_config := ClientOpts} 
@@ -357,17 +359,17 @@ init_certs(dhe_dss, Config) ->
                     client_config => ClientOpts}} |
      proplists:delete(tls_config, Config)];
 init_certs(srp_dss, Config) ->
-    DefConf = default_cert_chain_conf(),
+    DefConf = ssl_test_lib:default_cert_chain_conf(),
     CertChainConf = ssl_test_lib:gen_conf(dsa, dsa, DefConf, DefConf),
     #{server_config := ServerOpts,
       client_config := ClientOpts} 
         = public_key:pkix_test_data(CertChainConf),
-    [{tls_config, #{server_config => [{user_lookup_fun, {fun user_lookup/3, undefined}} | ServerOpts],
+    [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, undefined}} | ServerOpts],
                     client_config => [{srp_identity, {"Test-User", "secret"}} | ClientOpts]}} |
        proplists:delete(tls_config, Config)];
 init_certs(GroupName, Config) when GroupName == dhe_rsa;
                                    GroupName == ecdhe_rsa ->
-    DefConf = default_cert_chain_conf(),
+    DefConf = ssl_test_lib:default_cert_chain_conf(),
     CertChainConf = ssl_test_lib:gen_conf(rsa, rsa, DefConf, DefConf),
     #{server_config := ServerOpts,
       client_config := ClientOpts} 
@@ -377,7 +379,7 @@ init_certs(GroupName, Config) when GroupName == dhe_rsa;
      proplists:delete(tls_config, Config)];
 init_certs(GroupName, Config) when GroupName == dhe_ecdsa;
                                    GroupName == ecdhe_ecdsa ->
-    DefConf = default_cert_chain_conf(),
+    DefConf = ssl_test_lib:default_cert_chain_conf(),
     CertChainConf = ssl_test_lib:gen_conf(ecdsa, ecdsa, DefConf, DefConf),
     #{server_config := ServerOpts,
       client_config := ClientOpts} 
@@ -389,12 +391,12 @@ init_certs(GroupName, Config) when GroupName == psk;
                                    GroupName == dhe_psk;
                                    GroupName == ecdhe_psk ->
     PskSharedSecret = <<1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>,
-    [{tls_config, #{server_config => [{user_lookup_fun, {fun user_lookup/3, PskSharedSecret}}],
+    [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, PskSharedSecret}}],
                     client_config => [{psk_identity, "Test-User"},
-                                      {user_lookup_fun, {fun user_lookup/3, PskSharedSecret}}]}} |
+                                      {user_lookup_fun, {fun ssl_test_lib:user_lookup/3, PskSharedSecret}}]}} |
      proplists:delete(tls_config, Config)]; 
 init_certs(srp, Config) -> 
-      [{tls_config, #{server_config => [{user_lookup_fun, {fun user_lookup/3, undefined}}],
+      [{tls_config, #{server_config => [{user_lookup_fun, {fun ssl_test_lib:user_lookup/3, undefined}}],
                       client_config => [{srp_identity, {"Test-User", "secret"}}]}} |
        proplists:delete(tls_config, Config)];
 init_certs(_GroupName, Config) -> 
@@ -403,20 +405,6 @@ init_certs(_GroupName, Config) ->
                      client_config => []}} |
        proplists:delete(tls_config, Config)].
 
-default_cert_chain_conf() ->
-    Digest = digest(),
-    [[Digest], [Digest], [Digest]].
-        
-
-digest() ->
-    case application:get_env(ssl, protocol_version, application:get_env(ssl, dtls_protocol_version)) of
-        Ver when Ver == 'tlsv1.2';
-                 Ver == 'dtlsv1.2' ->
-            {digest, sha256};
-        _ ->
-            {digest, sha1}
-    end.
-
 %%--------------------------------------------------------------------
 %% Test Cases --------------------------------------------------------
 %%--------------------------------------------------------------------
@@ -715,10 +703,6 @@ psk_aes_256_ccm_8(Config) when is_list(Config) ->
 %%--------------------------------------------------------------------
 %% Internal functions  ----------------------------------------------
 %%--------------------------------------------------------------------
-test_cipher(TestCase, Config) ->
-    [{name, Group} |_] = proplists:get_value(tc_group_properties, Config),
-    list_to_atom(re:replace(atom_to_list(TestCase), atom_to_list(Group) ++ "_",  "", [{return, list}])).
-
 run_ciphers_test(Kex, Cipher, Config) ->
     Version = ssl_test_lib:protocol_version(Config),
     TestCiphers = test_ciphers(Kex, Cipher, Version),                  
@@ -732,30 +716,28 @@ run_ciphers_test(Kex, Cipher, Config) ->
             {skip, {not_sup, Kex, Cipher, Version}}
     end.
 
-cipher_suite_test(CipherSuite, Version, Config) ->
+cipher_suite_test(ErlangCipherSuite, Version, Config) ->
     #{server_config := SOpts,
       client_config := COpts} = proplists:get_value(tls_config, Config),
     ServerOpts = ssl_test_lib:ssl_options(SOpts, Config),
     ClientOpts = ssl_test_lib:ssl_options(COpts, Config),
-    ct:log("Testing CipherSuite ~p~n", [CipherSuite]),
+    ct:log("Testing CipherSuite ~p~n", [ErlangCipherSuite]),
     ct:log("Server Opts ~p~n", [ServerOpts]),
     ct:log("Client Opts ~p~n", [ClientOpts]),
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
-    ErlangCipherSuite = erlang_cipher_suite(CipherSuite),
-
     ConnectionInfo = {ok, {Version, ErlangCipherSuite}},
     
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 					{from, self()},
                                         {mfa, {ssl_test_lib, cipher_result, [ConnectionInfo]}},
-                                        {options, [{versions, [Version]}, {ciphers, [CipherSuite]} | ServerOpts]}]),
+                                        {options, [{versions, [Version]}, {ciphers, [ErlangCipherSuite]} | ServerOpts]}]),
     Port = ssl_test_lib:inet_port(Server),
     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 					{host, Hostname},
 					{from, self()},
 					{mfa, {ssl_test_lib, cipher_result, [ConnectionInfo]}},
-					{options, [{versions, [Version]}, {ciphers, [CipherSuite]} |
+					{options, [{versions, [Version]}, {ciphers, [ErlangCipherSuite]} |
                                                    ClientOpts]}]),
 
     ssl_test_lib:check_result(Server, ok, Client, ok),
@@ -763,17 +745,6 @@ cipher_suite_test(CipherSuite, Version, Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
-erlang_cipher_suite(Suite) when is_list(Suite)->
-    ssl_cipher_format:suite_definition(ssl_cipher_format:suite_openssl_str_to_map(Suite));
-erlang_cipher_suite(Suite) ->
-    Suite.
-
-user_lookup(psk, _Identity, UserState) ->
-    {ok, UserState};
-user_lookup(srp, Username, _UserState) ->
-    Salt = ssl_cipher:random_bytes(16),
-    UserPassHash = crypto:hash(sha, [Salt, crypto:hash(sha, [Username, <<$:>>, <<"secret">>])]),
-    {ok, {srp_1024, Salt, UserPassHash}}.
 
 test_ciphers(Kex, Cipher, Version) ->
     ssl:filter_cipher_suites(ssl:cipher_suites(all, Version) ++ ssl:cipher_suites(anonymous, Version), 
@@ -785,3 +756,4 @@ test_ciphers(Kex, Cipher, Version) ->
                                fun(Cipher0) when Cipher0 == Cipher -> true; 
                                   (_) -> false 
                                end}]).
+