1e1051a39Sopenharmony_ci# -*- mode: perl; -*- 2e1051a39Sopenharmony_ci# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci# Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci# this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci# in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci# https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci## Test TLSv1.3 certificate authentication 11e1051a39Sopenharmony_ci## Similar to 04-client_auth.cnf.in output, but specific for 12e1051a39Sopenharmony_ci## TLSv1.3 and post-handshake authentication 13e1051a39Sopenharmony_ci 14e1051a39Sopenharmony_ciuse strict; 15e1051a39Sopenharmony_ciuse warnings; 16e1051a39Sopenharmony_ci 17e1051a39Sopenharmony_cipackage ssltests; 18e1051a39Sopenharmony_ciuse OpenSSL::Test::Utils; 19e1051a39Sopenharmony_ci 20e1051a39Sopenharmony_ciour @tests = ( 21e1051a39Sopenharmony_ci { 22e1051a39Sopenharmony_ci name => "server-auth-TLSv1.3", 23e1051a39Sopenharmony_ci server => { 24e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 25e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 26e1051a39Sopenharmony_ci }, 27e1051a39Sopenharmony_ci client => { 28e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 29e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 30e1051a39Sopenharmony_ci }, 31e1051a39Sopenharmony_ci test => { 32e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 33e1051a39Sopenharmony_ci }, 34e1051a39Sopenharmony_ci }, 35e1051a39Sopenharmony_ci { 36e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-request", 37e1051a39Sopenharmony_ci server => { 38e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 39e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 40e1051a39Sopenharmony_ci "VerifyMode" => "Request", 41e1051a39Sopenharmony_ci }, 42e1051a39Sopenharmony_ci client => { 43e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 44e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 45e1051a39Sopenharmony_ci }, 46e1051a39Sopenharmony_ci test => { 47e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 48e1051a39Sopenharmony_ci }, 49e1051a39Sopenharmony_ci }, 50e1051a39Sopenharmony_ci { 51e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-require-fail", 52e1051a39Sopenharmony_ci server => { 53e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 54e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 55e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 56e1051a39Sopenharmony_ci "VerifyMode" => "Require", 57e1051a39Sopenharmony_ci }, 58e1051a39Sopenharmony_ci client => { 59e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 60e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 61e1051a39Sopenharmony_ci }, 62e1051a39Sopenharmony_ci test => { 63e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail", 64e1051a39Sopenharmony_ci "ExpectedServerAlert" => "CertificateRequired", 65e1051a39Sopenharmony_ci }, 66e1051a39Sopenharmony_ci }, 67e1051a39Sopenharmony_ci { 68e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-require", 69e1051a39Sopenharmony_ci server => { 70e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 71e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 72e1051a39Sopenharmony_ci "ClientSignatureAlgorithms" => "PSS+SHA256", 73e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 74e1051a39Sopenharmony_ci "VerifyMode" => "Request", 75e1051a39Sopenharmony_ci }, 76e1051a39Sopenharmony_ci client => { 77e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 78e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 79e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 80e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 81e1051a39Sopenharmony_ci }, 82e1051a39Sopenharmony_ci test => { 83e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 84e1051a39Sopenharmony_ci "ExpectedClientCertType" => "RSA", 85e1051a39Sopenharmony_ci "ExpectedClientSignType" => "RSA-PSS", 86e1051a39Sopenharmony_ci "ExpectedClientSignHash" => "SHA256", 87e1051a39Sopenharmony_ci "ExpectedClientCANames" => "empty" 88e1051a39Sopenharmony_ci }, 89e1051a39Sopenharmony_ci }, 90e1051a39Sopenharmony_ci { 91e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-require-non-empty-names", 92e1051a39Sopenharmony_ci server => { 93e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 94e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 95e1051a39Sopenharmony_ci "ClientSignatureAlgorithms" => "PSS+SHA256", 96e1051a39Sopenharmony_ci "ClientCAFile" => test_pem("root-cert.pem"), 97e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 98e1051a39Sopenharmony_ci "VerifyMode" => "Request", 99e1051a39Sopenharmony_ci }, 100e1051a39Sopenharmony_ci client => { 101e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 102e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 103e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 104e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 105e1051a39Sopenharmony_ci }, 106e1051a39Sopenharmony_ci test => { 107e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 108e1051a39Sopenharmony_ci "ExpectedClientCertType" => "RSA", 109e1051a39Sopenharmony_ci "ExpectedClientSignType" => "RSA-PSS", 110e1051a39Sopenharmony_ci "ExpectedClientSignHash" => "SHA256", 111e1051a39Sopenharmony_ci "ExpectedClientCANames" => test_pem("root-cert.pem"), 112e1051a39Sopenharmony_ci }, 113e1051a39Sopenharmony_ci }, 114e1051a39Sopenharmony_ci { 115e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-noroot", 116e1051a39Sopenharmony_ci server => { 117e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 118e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 119e1051a39Sopenharmony_ci "VerifyMode" => "Require", 120e1051a39Sopenharmony_ci }, 121e1051a39Sopenharmony_ci client => { 122e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 123e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 124e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 125e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 126e1051a39Sopenharmony_ci }, 127e1051a39Sopenharmony_ci test => { 128e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail", 129e1051a39Sopenharmony_ci "ExpectedServerAlert" => "UnknownCA", 130e1051a39Sopenharmony_ci }, 131e1051a39Sopenharmony_ci }, 132e1051a39Sopenharmony_ci { 133e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-request-post-handshake", 134e1051a39Sopenharmony_ci server => { 135e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 136e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 137e1051a39Sopenharmony_ci "VerifyMode" => "RequestPostHandshake", 138e1051a39Sopenharmony_ci }, 139e1051a39Sopenharmony_ci client => { 140e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 141e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 142e1051a39Sopenharmony_ci }, 143e1051a39Sopenharmony_ci test => { 144e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail", 145e1051a39Sopenharmony_ci "HandshakeMode" => "PostHandshakeAuth", 146e1051a39Sopenharmony_ci }, 147e1051a39Sopenharmony_ci }, 148e1051a39Sopenharmony_ci { 149e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-require-fail-post-handshake", 150e1051a39Sopenharmony_ci server => { 151e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 152e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 153e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 154e1051a39Sopenharmony_ci "VerifyMode" => "RequirePostHandshake", 155e1051a39Sopenharmony_ci }, 156e1051a39Sopenharmony_ci client => { 157e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 158e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 159e1051a39Sopenharmony_ci }, 160e1051a39Sopenharmony_ci test => { 161e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail", 162e1051a39Sopenharmony_ci "HandshakeMode" => "PostHandshakeAuth", 163e1051a39Sopenharmony_ci }, 164e1051a39Sopenharmony_ci }, 165e1051a39Sopenharmony_ci { 166e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-require-post-handshake", 167e1051a39Sopenharmony_ci server => { 168e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 169e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 170e1051a39Sopenharmony_ci "ClientSignatureAlgorithms" => "PSS+SHA256", 171e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 172e1051a39Sopenharmony_ci "VerifyMode" => "RequestPostHandshake", 173e1051a39Sopenharmony_ci }, 174e1051a39Sopenharmony_ci client => { 175e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 176e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 177e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 178e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 179e1051a39Sopenharmony_ci extra => { 180e1051a39Sopenharmony_ci "EnablePHA" => "Yes", 181e1051a39Sopenharmony_ci }, 182e1051a39Sopenharmony_ci }, 183e1051a39Sopenharmony_ci test => { 184e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 185e1051a39Sopenharmony_ci "HandshakeMode" => "PostHandshakeAuth", 186e1051a39Sopenharmony_ci "ExpectedClientCertType" => "RSA", 187e1051a39Sopenharmony_ci "ExpectedClientSignType" => "RSA-PSS", 188e1051a39Sopenharmony_ci "ExpectedClientSignHash" => "SHA256", 189e1051a39Sopenharmony_ci "ExpectedClientCANames" => "empty" 190e1051a39Sopenharmony_ci }, 191e1051a39Sopenharmony_ci }, 192e1051a39Sopenharmony_ci { 193e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake", 194e1051a39Sopenharmony_ci server => { 195e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 196e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 197e1051a39Sopenharmony_ci "ClientSignatureAlgorithms" => "PSS+SHA256", 198e1051a39Sopenharmony_ci "ClientCAFile" => test_pem("root-cert.pem"), 199e1051a39Sopenharmony_ci "VerifyCAFile" => test_pem("root-cert.pem"), 200e1051a39Sopenharmony_ci "VerifyMode" => "RequestPostHandshake", 201e1051a39Sopenharmony_ci }, 202e1051a39Sopenharmony_ci client => { 203e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 204e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 205e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 206e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 207e1051a39Sopenharmony_ci extra => { 208e1051a39Sopenharmony_ci "EnablePHA" => "Yes", 209e1051a39Sopenharmony_ci }, 210e1051a39Sopenharmony_ci }, 211e1051a39Sopenharmony_ci test => { 212e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 213e1051a39Sopenharmony_ci "HandshakeMode" => "PostHandshakeAuth", 214e1051a39Sopenharmony_ci "ExpectedClientCertType" => "RSA", 215e1051a39Sopenharmony_ci "ExpectedClientSignType" => "RSA-PSS", 216e1051a39Sopenharmony_ci "ExpectedClientSignHash" => "SHA256", 217e1051a39Sopenharmony_ci "ExpectedClientCANames" => test_pem("root-cert.pem"), 218e1051a39Sopenharmony_ci }, 219e1051a39Sopenharmony_ci }, 220e1051a39Sopenharmony_ci { 221e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-noroot-post-handshake", 222e1051a39Sopenharmony_ci server => { 223e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 224e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 225e1051a39Sopenharmony_ci "VerifyMode" => "RequirePostHandshake", 226e1051a39Sopenharmony_ci }, 227e1051a39Sopenharmony_ci client => { 228e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 229e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 230e1051a39Sopenharmony_ci "Certificate" => test_pem("ee-client-chain.pem"), 231e1051a39Sopenharmony_ci "PrivateKey" => test_pem("ee-key.pem"), 232e1051a39Sopenharmony_ci extra => { 233e1051a39Sopenharmony_ci "EnablePHA" => "Yes", 234e1051a39Sopenharmony_ci }, 235e1051a39Sopenharmony_ci }, 236e1051a39Sopenharmony_ci test => { 237e1051a39Sopenharmony_ci "ExpectedResult" => "ServerFail", 238e1051a39Sopenharmony_ci "HandshakeMode" => "PostHandshakeAuth", 239e1051a39Sopenharmony_ci "ExpectedServerAlert" => "UnknownCA", 240e1051a39Sopenharmony_ci }, 241e1051a39Sopenharmony_ci }, 242e1051a39Sopenharmony_ci { 243e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-request-force-client-post-handshake", 244e1051a39Sopenharmony_ci server => { 245e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 246e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 247e1051a39Sopenharmony_ci "VerifyMode" => "RequestPostHandshake", 248e1051a39Sopenharmony_ci }, 249e1051a39Sopenharmony_ci client => { 250e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 251e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 252e1051a39Sopenharmony_ci extra => { 253e1051a39Sopenharmony_ci "EnablePHA" => "Yes", 254e1051a39Sopenharmony_ci }, 255e1051a39Sopenharmony_ci }, 256e1051a39Sopenharmony_ci test => { 257e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 258e1051a39Sopenharmony_ci "HandshakeMode" => "PostHandshakeAuth", 259e1051a39Sopenharmony_ci }, 260e1051a39Sopenharmony_ci }, 261e1051a39Sopenharmony_ci { 262e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-request-force-server-post-handshake", 263e1051a39Sopenharmony_ci server => { 264e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 265e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 266e1051a39Sopenharmony_ci "VerifyMode" => "RequestPostHandshake", 267e1051a39Sopenharmony_ci extra => { 268e1051a39Sopenharmony_ci "ForcePHA" => "Yes", 269e1051a39Sopenharmony_ci }, 270e1051a39Sopenharmony_ci }, 271e1051a39Sopenharmony_ci client => { 272e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 273e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 274e1051a39Sopenharmony_ci }, 275e1051a39Sopenharmony_ci test => { 276e1051a39Sopenharmony_ci "ExpectedResult" => "ClientFail", 277e1051a39Sopenharmony_ci "HandshakeMode" => "PostHandshakeAuth", 278e1051a39Sopenharmony_ci }, 279e1051a39Sopenharmony_ci }, 280e1051a39Sopenharmony_ci { 281e1051a39Sopenharmony_ci name => "client-auth-TLSv1.3-request-force-both-post-handshake", 282e1051a39Sopenharmony_ci server => { 283e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 284e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 285e1051a39Sopenharmony_ci "VerifyMode" => "RequestPostHandshake", 286e1051a39Sopenharmony_ci extra => { 287e1051a39Sopenharmony_ci "ForcePHA" => "Yes", 288e1051a39Sopenharmony_ci }, 289e1051a39Sopenharmony_ci }, 290e1051a39Sopenharmony_ci client => { 291e1051a39Sopenharmony_ci "MinProtocol" => "TLSv1.3", 292e1051a39Sopenharmony_ci "MaxProtocol" => "TLSv1.3", 293e1051a39Sopenharmony_ci extra => { 294e1051a39Sopenharmony_ci "EnablePHA" => "Yes", 295e1051a39Sopenharmony_ci }, 296e1051a39Sopenharmony_ci }, 297e1051a39Sopenharmony_ci test => { 298e1051a39Sopenharmony_ci "ExpectedResult" => "Success", 299e1051a39Sopenharmony_ci "HandshakeMode" => "PostHandshakeAuth", 300e1051a39Sopenharmony_ci }, 301e1051a39Sopenharmony_ci }, 302e1051a39Sopenharmony_ci); 303