SSL: add Elliptic Curve ciphers unit tests

3 files changed, 229 insertions, 25 deletions

diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index 71aa985c4f..f37928be85 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -45,7 +45,7 @@
 %%      {dnQualifer, DnQ}
 %%   issuer = {Issuer, IssuerKey}                   true (i.e. a ca cert is created) 
 %%                                                  (obs IssuerKey migth be {Key, Password}
-%%   key = KeyFile|KeyBin|rsa|dsa                   Subject PublicKey rsa or dsa generates key
+%%   key = KeyFile|KeyBin|rsa|dsa|ec                Subject PublicKey rsa, dsa or ec generates key
 %%   
 %%
 %%   (OBS: The generated keys are for testing only)
@@ -91,6 +91,16 @@ gen_dsa(LSize,NSize) when is_integer(LSize), is_integer(NSize) ->
     {Key, encode_key(Key)}.
 
 %%--------------------------------------------------------------------
+%% @doc Creates a ec key (OBS: for testing only)
+%%   the sizes are in bytes
+%% @spec (::integer()) -> {::atom(), ::binary(), ::opaque()}
+%% @end
+%%--------------------------------------------------------------------
+gen_ec(Curve) when is_atom(Curve) ->
+    Key = gen_ec2(Curve),
+    {Key, encode_key(Key)}.
+
+%%--------------------------------------------------------------------
 %% @doc Verifies cert signatures
 %% @spec (::binary(), ::tuple()) -> ::boolean()
 %% @end
@@ -102,7 +112,10 @@ verify_signature(DerEncodedCert, DerKey, _KeyParams) ->
 	    public_key:pkix_verify(DerEncodedCert, 
 				   #'RSAPublicKey'{modulus=Mod, publicExponent=Exp});
 	#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y} ->
-	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}})
+	    public_key:pkix_verify(DerEncodedCert, {Y, #'Dss-Parms'{p=P, q=Q, g=G}});
+	#'ECPrivateKey'{version = _Version, privateKey = _PrivKey,
+			parameters = _Params, publicKey = _PubKey} ->
+	    public_key:pkix_verify(DerEncodedCert, Key)
     end.
 
 %%%%%%%%%%%%%%%%%%%%%%%%% Implementation %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -112,6 +125,7 @@ get_key(Opts) ->
 	undefined -> make_key(rsa, Opts);
 	rsa ->       make_key(rsa, Opts);
 	dsa ->       make_key(dsa, Opts);
+	ec ->        make_key(ec, Opts);
 	Key ->
 	    Password = proplists:get_value(password, Opts, no_passwd),
 	    decode_key(Key, Password)
@@ -129,6 +143,8 @@ decode_key(#'RSAPrivateKey'{} = Key,_) ->
     Key;
 decode_key(#'DSAPrivateKey'{} = Key,_) ->
     Key;
+decode_key(#'ECPrivateKey'{} = Key,_) ->
+    Key;
 decode_key(PemEntry = {_,_,_}, Pw) ->
     public_key:pem_entry_decode(PemEntry, Pw);
 decode_key(PemBin, Pw) ->
@@ -140,7 +156,10 @@ encode_key(Key = #'RSAPrivateKey'{}) ->
     {'RSAPrivateKey', Der, not_encrypted};
 encode_key(Key = #'DSAPrivateKey'{}) ->
     {ok, Der} = 'OTP-PUB-KEY':encode('DSAPrivateKey', Key),
-    {'DSAPrivateKey', Der, not_encrypted}.
+    {'DSAPrivateKey', Der, not_encrypted};
+encode_key(Key = #'ECPrivateKey'{}) ->
+    {ok, Der} = 'OTP-PUB-KEY':encode('ECPrivateKey', Key),
+    {'ECPrivateKey', Der, not_encrypted}.
 
 make_tbs(SubjectKey, Opts) ->    
     Version = list_to_atom("v"++integer_to_list(proplists:get_value(version, Opts, 3))),
@@ -277,7 +296,14 @@ publickey(#'RSAPrivateKey'{modulus=N, publicExponent=E}) ->
 publickey(#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y}) ->
     Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-dsa', 
 				 parameters={params, #'Dss-Parms'{p=P, q=Q, g=G}}},
-    #'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y}.
+    #'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y};
+publickey(#'ECPrivateKey'{version = _Version,
+			  privateKey = _PrivKey,
+			  parameters = Params,
+			  publicKey = {0, PubKey}}) ->
+    Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-ecPublicKey', parameters=Params},
+    #'OTPSubjectPublicKeyInfo'{algorithm = Algo,
+			       subjectPublicKey = #'ECPoint'{point = PubKey}}.
 
 validity(Opts) ->
     DefFrom0 = calendar:gregorian_days_to_date(calendar:date_to_gregorian_days(date())-1),
@@ -298,13 +324,24 @@ sign_algorithm(#'RSAPrivateKey'{}, Opts) ->
 	   end,
     {Type, 'NULL'};
 sign_algorithm(#'DSAPrivateKey'{p=P, q=Q, g=G}, _Opts) ->
-    {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}}.
+    {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}};
+sign_algorithm(#'ECPrivateKey'{}, Opts) ->
+    Type = case proplists:get_value(digest, Opts, sha1) of
+	       sha1 ->   ?'ecdsa-with-SHA1';
+	       sha512 -> ?'ecdsa-with-SHA512';
+	       sha384 -> ?'ecdsa-with-SHA384';
+	       sha256 -> ?'ecdsa-with-SHA256'
+	   end,
+    {Type, 'NULL'}.
 
 make_key(rsa, _Opts) ->
     %% (OBS: for testing only)
     gen_rsa2(64);
 make_key(dsa, _Opts) ->
-    gen_dsa2(128, 20).  %% Bytes i.e. {1024, 160} 
+    gen_dsa2(128, 20);  %% Bytes i.e. {1024, 160}
+make_key(ec, _Opts) ->
+    %% (OBS: for testing only)
+    gen_ec2(secp256k1).
     
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% RSA key generation  (OBS: for testing only)
@@ -363,6 +400,24 @@ gen_dsa2(LSize, NSize) ->
 	    #'DSAPrivateKey'{version=0, p=P, q=Q, g=G, y=Y, x=X}
     end.
     
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% EC key generation  (OBS: for testing only)
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+int2list(I) ->
+    L = (length(integer_to_list(I, 16)) + 1) div 2,
+    binary_to_list(<<I:(L*8)>>).
+
+gen_ec2(CurveId) ->
+    Key = crypto:ec_key_new(CurveId),
+    crypto:ec_key_generate(Key),
+    {_Curve, PrivKey, PubKey} = crypto:ec_key_to_term(Key),
+
+    #'ECPrivateKey'{version = 1,
+		    privateKey = int2list(PrivKey),
+		    parameters = {namedCurve, pubkey_cert_records:namedCurves(CurveId)},
+		    publicKey = {0, PubKey}}.
+
 %% See fips_186-3.pdf
 dsa_search(T, P0, Q, Iter) when Iter > 0 ->
     P = 2*T*Q*P0 + 1,
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 10bbd4d88b..aa87224305 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -69,6 +69,7 @@ groups() ->
      {session, [], session_tests()},
      {renegotiate, [], renegotiate_tests()},
      {ciphers, [], cipher_tests()},
+     {ciphers_ec, [], cipher_tests_ec()},
      {error_handling_tests, [], error_handling_tests()}
     ].
 
@@ -76,6 +77,7 @@ all_versions_groups ()->
     [{group, api},
      {group, renegotiate},
      {group, ciphers},
+     {group, ciphers_ec},
      {group, error_handling_tests}].
 
 
@@ -163,6 +165,12 @@ cipher_tests() ->
      srp_dsa_cipher_suites,
      default_reject_anonymous].
 
+cipher_tests_ec() ->
+    [ciphers_ecdsa_signed_certs,
+     ciphers_ecdsa_signed_certs_openssl_names,
+     ciphers_ecdh_rsa_signed_certs,
+     ciphers_ecdh_rsa_signed_certs_openssl_names].
+
 error_handling_tests()->
     [controller_dies,
      client_closes_socket,
@@ -191,7 +199,9 @@ init_per_suite(Config0) ->
 	    ct:print("Make certs  ~p~n", [Result]),
 
 	    Config1 = ssl_test_lib:make_dsa_cert(Config0),
-	    Config = ssl_test_lib:cert_options(Config1),
+	    Config2 = ssl_test_lib:make_ecdsa_cert(Config1),
+	    Config3 = ssl_test_lib:make_ecdh_rsa_cert(Config2),
+	    Config = ssl_test_lib:cert_options(Config3),
 	    [{watchdog, Dog} | Config]
     catch _:_ ->
 	    {skip, "Crypto did not start"}
@@ -1656,6 +1666,48 @@ default_reject_anonymous(Config) when is_list(Config) ->
 			      Client, {error, {tls_alert, "insufficient security"}}).
 
 %%--------------------------------------------------------------------
+ciphers_ecdsa_signed_certs() ->
+    [{doc, "Test all ecdsa ssl cipher suites in highest support ssl/tls version"}].
+
+ciphers_ecdsa_signed_certs(Config) when is_list(Config) ->
+    Version =
+       ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+
+    Ciphers = ssl_test_lib:ecdsa_suites(),
+    ct:print("~p erlang cipher suites ~p~n", [Version, Ciphers]),
+    run_suites(Ciphers, Version, Config, ecdsa).
+%%--------------------------------------------------------------------
+ciphers_ecdsa_signed_certs_openssl_names() ->
+    [{doc, "Test all ecdsa ssl cipher suites in highest support ssl/tls version"}].
+
+ciphers_ecdsa_signed_certs_openssl_names(Config) when is_list(Config) ->
+    Version =
+       ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:openssl_ecdsa_suites(),
+    ct:print("tls1 openssl cipher suites ~p~n", [Ciphers]),
+    run_suites(Ciphers, Version, Config, ecdsa).
+%%--------------------------------------------------------------------
+ciphers_ecdh_rsa_signed_certs() ->
+    [{doc, "Test all ecdh_rsa ssl cipher suites in highest support ssl/tls version"}].
+
+ciphers_ecdh_rsa_signed_certs(Config) when is_list(Config) ->
+    Version =
+       ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+
+    Ciphers = ssl_test_lib:ecdh_rsa_suites(),
+    ct:print("~p erlang cipher suites ~p~n", [Version, Ciphers]),
+    run_suites(Ciphers, Version, Config, ecdh_rsa).
+%%--------------------------------------------------------------------
+ciphers_ecdh_rsa_signed_certs_openssl_names() ->
+    [{doc, "Test all ecdh_rsa ssl cipher suites in highest support ssl/tls version"}].
+
+ciphers_ecdh_rsa_signed_certs_openssl_names(Config) when is_list(Config) ->
+    Version =
+       ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:openssl_ecdh_rsa_suites(),
+    ct:print("tls1 openssl cipher suites ~p~n", [Ciphers]),
+    run_suites(Ciphers, Version, Config, ecdh_rsa).
+%%--------------------------------------------------------------------
 reuse_session() ->
     [{doc,"Test reuse of sessions (short handshake)"}].
 reuse_session(Config) when is_list(Config) -> 
@@ -3149,12 +3201,21 @@ rizzo_test(Cipher, Config, Version, Mfa) ->
 	    [{Cipher, Error}]
     end.
 
-client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == rsa orelse KeyAlgo == dhe_rsa ->
+client_server_opts({KeyAlgo,_,_}, Config)
+  when KeyAlgo == rsa orelse
+       KeyAlgo == dhe_rsa orelse
+       KeyAlgo == ecdhe_rsa ->
     {?config(client_opts, Config),
      ?config(server_opts, Config)};
 client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo == dhe_dss ->
     {?config(client_dsa_opts, Config),
-     ?config(server_dsa_opts, Config)}.
+     ?config(server_dsa_opts, Config)};
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == ecdh_ecdsa orelse KeyAlgo == ecdhe_ecdsa ->
+    {?config(client_opts, Config),
+     ?config(server_ecdsa_opts, Config)};
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == ecdh_rsa ->
+    {?config(client_opts, Config),
+     ?config(server_ecdh_rsa_opts, Config)}.
 
 run_suites(Ciphers, Version, Config, Type) ->
     {ClientOpts, ServerOpts} =
@@ -3189,7 +3250,13 @@ run_suites(Ciphers, Version, Config, Type) ->
 		 ?config(server_srp_anon, Config)};
 	    srp_dsa ->
 		{?config(client_srp_dsa, Config),
-		 ?config(server_srp_dsa, Config)}
+		 ?config(server_srp_dsa, Config)};
+	    ecdsa ->
+		{?config(client_opts, Config),
+		 ?config(server_ecdsa_opts, Config)};
+	    ecdh_rsa ->
+		{?config(client_opts, Config),
+		 ?config(server_ecdh_rsa_opts, Config)}
 	    end,
 
     Result =  lists:map(fun(Cipher) ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 50afad95a5..fc1817ec49 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -404,6 +404,49 @@ make_dsa_cert(Config) ->
 		       {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]}
      | Config].
 
+make_ecdsa_cert(Config) ->
+    case proplists:get_bool(ec, crypto:algorithms()) of
+	    true ->
+	    {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, ec, ec, ""),
+	    {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, ec, ec, ""),
+	    [{server_ecdsa_opts, [{ssl_imp, new},{reuseaddr, true},
+				  {cacertfile, ServerCaCertFile},
+				  {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
+	     {server_ecdsa_verify_opts, [{ssl_imp, new},{reuseaddr, true},
+					 {cacertfile, ClientCaCertFile},
+					 {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
+					 {verify, verify_peer}]},
+	     {client_ecdsa_opts, [{ssl_imp, new},{reuseaddr, true},
+				  {cacertfile, ClientCaCertFile},
+				  {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]}
+	     | Config];
+	_ ->
+	    Config
+    end.
+
+%% RFC 4492, Sect. 2.3.  ECDH_RSA
+%%
+%%    This key exchange algorithm is the same as ECDH_ECDSA except that the
+%%    server's certificate MUST be signed with RSA rather than ECDSA.
+make_ecdh_rsa_cert(Config) ->
+    case proplists:get_bool(ec, crypto:algorithms()) of
+	true ->
+	    {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, rsa, ec, "rsa_"),
+	    {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, rsa, ec, "rsa_"),
+	    [{server_ecdh_rsa_opts, [{ssl_imp, new},{reuseaddr, true},
+				     {cacertfile, ServerCaCertFile},
+				     {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
+	     {server_ecdh_rsa_verify_opts, [{ssl_imp, new},{reuseaddr, true},
+					    {cacertfile, ClientCaCertFile},
+					    {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
+					    {verify, verify_peer}]},
+	     {client_ecdh_rsa_opts, [{ssl_imp, new},{reuseaddr, true},
+				     {cacertfile, ClientCaCertFile},
+				     {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]}
+	     | Config];
+	_ ->
+	    Config
+    end.
 
 make_mix_cert(Config) ->
     {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, dsa,
@@ -667,10 +710,14 @@ send_selected_port(_,_,_) ->
     ok.
 
 rsa_suites() ->
-    lists:filter(fun({dhe_dss, _, _}) ->
-			 false;
+    lists:filter(fun({rsa, _, _}) ->
+			 true;
+		    ({dhe_rsa, _, _}) ->
+			 true;
+		    ({ecdhe_rsa, _, _}) ->
+			 true;
 		    (_) ->
-			 true
+			 false
 		 end,
 		 ssl:cipher_suites()).
 
@@ -690,17 +737,32 @@ dsa_suites() ->
 		 end,
 		 ssl:cipher_suites()).
 
+ecdsa_suites() ->
+     lists:filter(fun({ecdhe_ecdsa, _, _}) ->
+			 true;
+		    (_) ->
+			 false
+		 end,
+		 ssl:cipher_suites()).
+
+ecdh_rsa_suites() ->
+     lists:filter(fun({ecdh_rsa, _, _}) ->
+			 true;
+		    (_) ->
+			 false
+		 end,
+		 ssl:cipher_suites()).
 
 openssl_rsa_suites() ->
     Ciphers = ssl:cipher_suites(openssl),
     lists:filter(fun(Str) ->
-			 case re:run(Str,"DSS",[]) of
+			 case re:run(Str,"DSS|ECDH-RSA|ECDSA",[]) of
 			     nomatch ->
 				 true;
 			     _ ->
 				 false
 			 end 
-		 end, Ciphers).
+		     end, Ciphers).
 
 openssl_dsa_suites() ->
     Ciphers = ssl:cipher_suites(openssl),
@@ -713,13 +775,39 @@ openssl_dsa_suites() ->
 			 end 
 		 end, Ciphers).
 
+openssl_ecdsa_suites() ->
+    Ciphers = ssl:cipher_suites(openssl),
+    lists:filter(fun(Str) ->
+			 case re:run(Str,"ECDHE-ECDSA",[]) of
+			     nomatch ->
+				 false;
+			     _ ->
+				 true
+			 end
+		 end, Ciphers).
+
+openssl_ecdh_rsa_suites() ->
+    Ciphers = ssl:cipher_suites(openssl),
+    lists:filter(fun(Str) ->
+			 case re:run(Str,"ECDH-RSA",[]) of
+			     nomatch ->
+				 false;
+			     _ ->
+				 true
+			 end
+		 end, Ciphers).
+
 anonymous_suites() ->
     Suites =
 	[{dh_anon, rc4_128, md5},
 	 {dh_anon, des_cbc, sha},
 	 {dh_anon, '3des_ede_cbc', sha},
 	 {dh_anon, aes_128_cbc, sha},
-	 {dh_anon, aes_256_cbc, sha}],
+	 {dh_anon, aes_256_cbc, sha},
+	 {ecdh_anon,rc4_128,sha},
+	 {ecdh_anon,'3des_ede_cbc',sha},
+	 {ecdh_anon,aes_128_cbc,sha},
+	 {ecdh_anon,aes_256_cbc,sha}],
     ssl_cipher:filter_suites(Suites).
 
 psk_suites() ->
@@ -840,15 +928,9 @@ init_tls_version(Version) ->
     ssl:start().
 
 sufficient_crypto_support('tlsv1.2') ->
-    Data = "Sampl",
-    Data2 = "e #1",
-    Key = <<0,1,2,3,16,17,18,19,32,33,34,35,48,49,50,51,4,5,6,7,20,21,22,23,36,37,38,39,
-	    52,53,54,55,8,9,10,11,24,25,26,27,40,41,42,43,56,57,58,59>>,
-    try
-	crypto:sha256_mac(Key, lists:flatten([Data, Data2])),
-	true
-    catch _:_ -> false
-    end;
+    proplists:get_bool(sha256, crypto:algorithms());
+sufficient_crypto_support(ciphers_ec) ->
+    proplists:get_bool(ec, crypto:algorithms());
 sufficient_crypto_support(_) ->
     true.