mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256 and TLS13-AES128-GCM-SHA256.

Browse Source
This commit is contained in:
David Garske 2020-10-15 13:30:20 -07:00
parent fb9ed686cb
commit 10f459f891
17 changed files with 498 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/ecc/bp256r1-key.der Normal file
View File

Binary file not shown.

5
certs/ecc/bp256r1-key.pem Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHgCAQEEIALRjSn7gQicLnRopI92xvo14rrdLVl0IEzDB40t3Pa7oAsGCSskAwMC
CAEBB6FEA0IABC7vJ8tXOtxiJba1QlzuKVbjqM6GbkRSIxXIQ8BiEBYeSsuI0HXg
OGuAhGSfcKrYuzOQwduBRq7pgckDabXOres=
-----END EC PRIVATE KEY-----

BIN
certs/ecc/client-bp256r1-cert.der Normal file
View File

Binary file not shown.

57
certs/ecc/client-bp256r1-cert.pem Normal file
View File

@ -0,0 +1,57 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:c2:32:32:87:c0:20:35:77:e6:56:4b:ba:d3:ba:19:de:0e:ed:9e
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC256BPR1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Oct 15 20:13:58 2020 GMT
Not After : Oct 13 20:13:58 2030 GMT
Subject: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC256BPR1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:2e:ef:27:cb:57:3a:dc:62:25:b6:b5:42:5c:ee:
29:56:e3:a8:ce:86:6e:44:52:23:15:c8:43:c0:62:
10:16:1e:4a:cb:88:d0:75:e0:38:6b:80:84:64:9f:
70:aa:d8:bb:33:90:c1:db:81:46:ae:e9:81:c9:03:
69:b5:ce:ad:eb
ASN1 OID: brainpoolP256r1
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Subject Key Identifier:
B4:1B:3B:4F:65:F2:BF:9E:8A:8F:E3:33:96:44:1F:67:EA:B3:34:D5
X509v3 Authority Key Identifier:
keyid:B4:1B:3B:4F:65:F2:BF:9E:8A:8F:E3:33:96:44:1F:67:EA:B3:34:D5
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:28:b6:b4:eb:ae:c1:9b:71:0a:15:92:93:d6:2d:
12:a6:ff:2d:2a:f5:23:a8:e2:df:6c:d9:33:d4:7f:e9:2e:08:
02:20:33:eb:45:aa:c1:7c:36:c1:60:52:09:0e:2d:e4:2a:49:
1d:d8:b2:c5:79:3e:be:d4:61:c5:14:d0:b6:f2:42:d4
-----BEGIN CERTIFICATE-----
MIICyTCCAnCgAwIBAgIUI8IyMofAIDV35lZLutO6Gd4O7Z4wCgYIKoZIzj0EAwIw
gZoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
ZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMRcwFQYDVQQLDA5FQ0MyNTZCUFIxLUNM
STEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
QHdvbGZzc2wuY29tMB4XDTIwMTAxNTIwMTM1OFoXDTMwMTAxMzIwMTM1OFowgZox
CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0
dGxlMRAwDgYDVQQKDAdFbGlwdGljMRcwFQYDVQQLDA5FQ0MyNTZCUFIxLUNMSTEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
bGZzc2wuY29tMFowFAYHKoZIzj0CAQYJKyQDAwIIAQEHA0IABC7vJ8tXOtxiJba1
QlzuKVbjqM6GbkRSIxXIQ8BiEBYeSsuI0HXgOGuAhGSfcKrYuzOQwduBRq7pgckD
abXOreujgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0O
BBYEFLQbO09l8r+eio/jM5ZEH2fqszTVMB8GA1UdIwQYMBaAFLQbO09l8r+eio/j
M5ZEH2fqszTVMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
KwYBBQUHAwQwCgYIKoZIzj0EAwIDRwAwRAIgKLa0667Bm3EKFZKT1i0Spv8tKvUj
qOLfbNkz1H/pLggCIDPrRarBfDbBYFIJDi3kKkkd2LLFeT6+1GHFFNC28kLU
-----END CERTIFICATE-----

BIN
certs/ecc/client-secp256k1-cert.der Normal file
View File

Binary file not shown.

57
certs/ecc/client-secp256k1-cert.pem Normal file
View File

@ -0,0 +1,57 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:12:fd:a2:a8:15:63:d8:4e:3f:48:81:46:92:ae:65:f3:27:7f:f2
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC256K1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Oct 15 20:13:49 2020 GMT
Not After : Oct 13 20:13:49 2030 GMT
Subject: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC256K1-CLI, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d7:0d:0b:f1:0e:22:88:fe:fb:d5:e5:e1:09:a4:
3e:90:76:b3:29:cb:d9:13:60:b7:ea:88:82:d7:8c:
b6:db:21:dc:93:0f:e9:58:bb:c5:f2:a2:c2:f5:23:
36:c5:d5:eb:24:a6:24:db:ee:02:b0:05:31:a6:33:
1f:cd:79:82:10
ASN1 OID: secp256k1
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Subject Key Identifier:
44:6A:D8:71:6D:AB:62:18:21:02:27:23:90:BF:1D:77:B6:79:4B:77
X509v3 Authority Key Identifier:
keyid:44:6A:D8:71:6D:AB:62:18:21:02:27:23:90:BF:1D:77:B6:79:4B:77
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, E-mail Protection
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:73:08:4a:18:d1:ad:81:f6:5c:59:27:da:36:9a:
cd:fb:4e:97:5a:58:b3:61:fe:b0:ec:7e:76:ca:0c:5a:d3:c1:
02:21:00:a5:05:b4:f5:2f:d3:bf:71:d4:0c:fb:bf:a0:64:0b:
cd:bb:18:ef:df:92:bc:5c:cc:6c:74:82:c8:52:5a:f6:46
-----BEGIN CERTIFICATE-----
MIICwjCCAmigAwIBAgIUPRL9oqgVY9hOP0iBRpKuZfMnf/IwCgYIKoZIzj0EAwIw
gZgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
ZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1DTEkx
GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
b2xmc3NsLmNvbTAeFw0yMDEwMTUyMDEzNDlaFw0zMDEwMTMyMDEzNDlaMIGYMQsw
CQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRs
ZTEQMA4GA1UECgwHRWxpcHRpYzEVMBMGA1UECwwMRUNDMjU2SzEtQ0xJMRgwFgYD
VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
bC5jb20wVjAQBgcqhkjOPQIBBgUrgQQACgNCAATXDQvxDiKI/vvV5eEJpD6QdrMp
y9kTYLfqiILXjLbbIdyTD+lYu8XyosL1IzbF1eskpiTb7gKwBTGmMx/NeYIQo4GQ
MIGNMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1UdDgQWBBREathx
batiGCECJyOQvx13tnlLdzAfBgNVHSMEGDAWgBREathxbatiGCECJyOQvx13tnlL
dzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME
MAoGCCqGSM49BAMCA0gAMEUCIHMIShjRrYH2XFkn2jaazftOl1pYs2H+sOx+dsoM
WtPBAiEApQW09S/Tv3HUDPu/oGQLzbsY79+SvFzMbHSCyFJa9kY=
-----END CERTIFICATE-----

33
certs/ecc/genecc.sh
View File

@ -88,6 +88,39 @@ rm ./certs/client-ecc384-req.pem
rm ./certs/client-ecc384-key.par
# Generate ECC Kerberos Keys
if [ -f ./certs/ecc/secp256k1-key.pem ]; then
openssl ecparam -name secp256k1 -genkey -noout -out ./certs/ecc/secp256k1-key.pem
openssl ec -in ./certs/ecc/secp256k1-key.pem -inform PEM -out ./certs/ecc/secp256k1-key.der -outform DER
fi
# Create self-signed ECC Kerberos certificates
openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc/secp256k1-key.pem -out ./certs/ecc/server-secp256k1-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC256K1-SRV/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/"
openssl x509 -req -in ./certs/ecc/server-secp256k1-req.pem -days 3650 -extfile ./certs/ecc/wolfssl.cnf -extensions server_cert -signkey ./certs/ecc/secp256k1-key.pem -text -out ./certs/ecc/server-secp256k1-cert.pem
openssl x509 -inform pem -in ./certs/ecc/server-secp256k1-cert.pem -outform der -out ./certs/ecc/server-secp256k1-cert.der
rm ./certs/ecc/server-secp256k1-req.pem
openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc/secp256k1-key.pem -out ./certs/ecc/client-secp256k1-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC256K1-CLI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/"
openssl x509 -req -in ./certs/ecc/client-secp256k1-req.pem -days 3650 -extfile ./certs/ecc/wolfssl.cnf -extensions usr_cert -signkey ./certs/ecc/secp256k1-key.pem -text -out ./certs/ecc/client-secp256k1-cert.pem
openssl x509 -inform pem -in ./certs/ecc/client-secp256k1-cert.pem -outform der -out ./certs/ecc/client-secp256k1-cert.der
rm ./certs/ecc/client-secp256k1-req.pem
# Generate ECC Brainpool Keys
if [ -f ./certs/ecc/bp256r1-key.pem ]; then
openssl ecparam -name brainpoolP256r1 -genkey -noout -out ./certs/ecc/bp256r1-key.pem
openssl ec -in ./certs/ecc/bp256r1-key.pem -inform PEM -out ./certs/ecc/bp256r1-key.der -outform DER
fi
# Create self-signed ECC Brainpool certificates
openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc/bp256r1-key.pem -out ./certs/ecc/server-bp256r1-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC256BPR1-SRV/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/"
openssl x509 -req -in ./certs/ecc/server-bp256r1-req.pem -days 3650 -extfile ./certs/ecc/wolfssl.cnf -extensions server_cert -signkey ./certs/ecc/bp256r1-key.pem -text -out ./certs/ecc/server-bp256r1-cert.pem
openssl x509 -inform pem -in ./certs/ecc/server-bp256r1-cert.pem -outform der -out ./certs/ecc/server-bp256r1-cert.der
rm ./certs/ecc/server-bp256r1-req.pem
openssl req -config ./certs/ecc/wolfssl.cnf -sha256 -new -key ./certs/ecc/bp256r1-key.pem -out ./certs/ecc/client-bp256r1-req.pem -subj "/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC256BPR1-CLI/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/"
openssl x509 -req -in ./certs/ecc/client-bp256r1-req.pem -days 3650 -extfile ./certs/ecc/wolfssl.cnf -extensions usr_cert -signkey ./certs/ecc/bp256r1-key.pem -text -out ./certs/ecc/client-bp256r1-cert.pem
openssl x509 -inform pem -in ./certs/ecc/client-bp256r1-cert.pem -outform der -out ./certs/ecc/client-bp256r1-cert.der
rm ./certs/ecc/client-bp256r1-req.pem
# Also manually need to:
# 1. Copy ./certs/server-ecc.der into ./certs/test/server-cert-ecc-badsig.der `cp ./certs/server-ecc.der ./certs/test/server-cert-ecc-badsig.der`
# 2. Modify last byte so its invalidates signature in ./certs/test/server-cert-ecc-badsig.der

18
certs/ecc/include.am
View File

@ -6,3 +6,21 @@ EXTRA_DIST += \
certs/ecc/genecc.sh \
certs/ecc/wolfssl.cnf \
certs/ecc/wolfssl_384.cnf
# Koblitz Curves
EXTRA_DIST += \
certs/ecc/secp256k1-key.der \
certs/ecc/secp256k1-key.pem \
certs/ecc/client-secp256k1-cert.der \
certs/ecc/client-secp256k1-cert.pem \
certs/ecc/server-secp256k1-cert.der \
certs/ecc/server-secp256k1-cert.pem
# Brainpool Curves
EXTRA_DIST += \
certs/ecc/bp256r1-key.der \
certs/ecc/bp256r1-key.pem \
certs/ecc/client-bp256r1-cert.der \
certs/ecc/client-bp256r1-cert.pem \
certs/ecc/server-bp256r1-cert.der \
certs/ecc/server-bp256r1-cert.pem

BIN
certs/ecc/secp256k1-key.der Normal file
View File

Binary file not shown.

5
certs/ecc/secp256k1-key.pem Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEILlFjaVww/Q8MLWZOcmS3ZCx3VCJWWoNXxRYRA3e4IApoAcGBSuBBAAK
oUQDQgAE1w0L8Q4iiP771eXhCaQ+kHazKcvZE2C36oiC14y22yHckw/pWLvF8qLC
9SM2xdXrJKYk2+4CsAUxpjMfzXmCEA==
-----END EC PRIVATE KEY-----

BIN
certs/ecc/server-bp256r1-cert.der Normal file
View File

Binary file not shown.

63
certs/ecc/server-bp256r1-cert.pem Normal file
View File

@ -0,0 +1,63 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:f8:fa:8b:cf:ec:8f:2c:bc:40:fb:95:a0:3e:04:db:dd:c5:7f:08
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC256BPR1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Oct 15 20:13:55 2020 GMT
Not After : Oct 13 20:13:55 2030 GMT
Subject: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC256BPR1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:2e:ef:27:cb:57:3a:dc:62:25:b6:b5:42:5c:ee:
29:56:e3:a8:ce:86:6e:44:52:23:15:c8:43:c0:62:
10:16:1e:4a:cb:88:d0:75:e0:38:6b:80:84:64:9f:
70:aa:d8:bb:33:90:c1:db:81:46:ae:e9:81:c9:03:
69:b5:ce:ad:eb
ASN1 OID: brainpoolP256r1
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
X509v3 Subject Key Identifier:
B4:1B:3B:4F:65:F2:BF:9E:8A:8F:E3:33:96:44:1F:67:EA:B3:34:D5
X509v3 Authority Key Identifier:
keyid:B4:1B:3B:4F:65:F2:BF:9E:8A:8F:E3:33:96:44:1F:67:EA:B3:34:D5
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC256BPR1-SRV/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:2F:F8:FA:8B:CF:EC:8F:2C:BC:40:FB:95:A0:3E:04:DB:DD:C5:7F:08
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:81:37:b3:f7:a7:e7:9d:1b:62:3f:25:20:02:
45:93:45:5c:91:23:1b:8b:bc:09:0c:f7:ef:51:29:a4:90:ec:
91:02:20:74:dd:26:c3:eb:24:e1:33:ce:b4:c6:f8:5f:9f:99:
6d:2b:9a:ee:ac:33:d8:08:29:19:3c:00:f1:83:de:a6:af
-----BEGIN CERTIFICATE-----
MIIDfjCCAySgAwIBAgIUL/j6i8/sjyy8QPuVoD4E293FfwgwCgYIKoZIzj0EAwIw
gZoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
ZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMRcwFQYDVQQLDA5FQ0MyNTZCUFIxLVNS
VjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
QHdvbGZzc2wuY29tMB4XDTIwMTAxNTIwMTM1NVoXDTMwMTAxMzIwMTM1NVowgZox
CzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0
dGxlMRAwDgYDVQQKDAdFbGlwdGljMRcwFQYDVQQLDA5FQ0MyNTZCUFIxLVNSVjEY
MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
bGZzc2wuY29tMFowFAYHKoZIzj0CAQYJKyQDAwIIAQEHA0IABC7vJ8tXOtxiJba1
QlzuKVbjqM6GbkRSIxXIQ8BiEBYeSsuI0HXgOGuAhGSfcKrYuzOQwduBRq7pgckD
abXOreujggFDMIIBPzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAdBgNV
HQ4EFgQUtBs7T2Xyv56Kj+MzlkQfZ+qzNNUwgdoGA1UdIwSB0jCBz4AUtBs7T2Xy
v56Kj+MzlkQfZ+qzNNWhgaCkgZ0wgZoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApX
YXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMRcw
FQYDVQQLDA5FQ0MyNTZCUFIxLVNSVjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQv+PqLz+yPLLxA+5Wg
PgTb3cV/CDAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYI
KoZIzj0EAwIDSAAwRQIhAIE3s/en550bYj8lIAJFk0VckSMbi7wJDPfvUSmkkOyR
AiB03SbD6yThM860xvhfn5ltK5rurDPYCCkZPADxg96mrw==
-----END CERTIFICATE-----

BIN
certs/ecc/server-secp256k1-cert.der Normal file
View File

Binary file not shown.

63
certs/ecc/server-secp256k1-cert.pem Normal file
View File

@ -0,0 +1,63 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:d5:b7:78:ff:06:14:3b:1e:c5:ba:8b:dd:5e:67:b2:16:aa:b2:c7
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC256K1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Oct 15 20:13:46 2020 GMT
Not After : Oct 13 20:13:46 2030 GMT
Subject: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC256K1-SRV, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d7:0d:0b:f1:0e:22:88:fe:fb:d5:e5:e1:09:a4:
3e:90:76:b3:29:cb:d9:13:60:b7:ea:88:82:d7:8c:
b6:db:21:dc:93:0f:e9:58:bb:c5:f2:a2:c2:f5:23:
36:c5:d5:eb:24:a6:24:db:ee:02:b0:05:31:a6:33:
1f:cd:79:82:10
ASN1 OID: secp256k1
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
X509v3 Subject Key Identifier:
44:6A:D8:71:6D:AB:62:18:21:02:27:23:90:BF:1D:77:B6:79:4B:77
X509v3 Authority Key Identifier:
keyid:44:6A:D8:71:6D:AB:62:18:21:02:27:23:90:BF:1D:77:B6:79:4B:77
DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC256K1-SRV/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:60:D5:B7:78:FF:06:14:3B:1E:C5:BA:8B:DD:5E:67:B2:16:AA:B2:C7
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:01:71:b5:5f:e4:5b:b7:95:b4:59:9a:b0:dc:ef:
64:01:76:ef:04:07:d8:b4:44:e5:db:86:e4:05:8c:c1:22:19:
02:20:3e:93:fb:30:f9:4c:89:39:35:df:b3:79:d5:29:bb:2b:
08:84:8a:f8:55:7c:f9:68:d6:2c:11:28:af:a9:33:0f
-----BEGIN CERTIFICATE-----
MIIDczCCAxqgAwIBAgIUYNW3eP8GFDsexbqL3V5nshaqsscwCgYIKoZIzj0EAwIw
gZgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
ZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMRUwEwYDVQQLDAxFQ0MyNTZLMS1TUlYx
GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
b2xmc3NsLmNvbTAeFw0yMDEwMTUyMDEzNDZaFw0zMDEwMTMyMDEzNDZaMIGYMQsw
CQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRs
ZTEQMA4GA1UECgwHRWxpcHRpYzEVMBMGA1UECwwMRUNDMjU2SzEtU1JWMRgwFgYD
VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
bC5jb20wVjAQBgcqhkjOPQIBBgUrgQQACgNCAATXDQvxDiKI/vvV5eEJpD6QdrMp
y9kTYLfqiILXjLbbIdyTD+lYu8XyosL1IzbF1eskpiTb7gKwBTGmMx/NeYIQo4IB
QTCCAT0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0OBBYEFERq
2HFtq2IYIQInI5C/HXe2eUt3MIHYBgNVHSMEgdAwgc2AFERq2HFtq2IYIQInI5C/
HXe2eUt3oYGepIGbMIGYMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv
bjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UECgwHRWxpcHRpYzEVMBMGA1UECwwM
RUNDMjU2SzEtU1JWMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFGDVt3j/BhQ7HsW6i91eZ7IWqrLHMA4G
A1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNH
ADBEAiABcbVf5Fu3lbRZmrDc72QBdu8EB9i0ROXbhuQFjMEiGQIgPpP7MPlMiTk1
37N51Sm7KwiEivhVfPlo1iwRKK+pMw8=
-----END CERTIFICATE-----

3
tests/include.am
View File

@ -49,5 +49,6 @@ EXTRA_DIST += tests/test.conf \
tests/test-altchains.conf \
tests/test-trustpeer.conf \
tests/test-dhprime.conf \
tests/test-p521.conf
tests/test-p521.conf \
test-ecc-cust-curves.conf
DISTCLEANFILES+= tests/.libs/unit.test

16
tests/suites.c
View File

@ -882,8 +882,8 @@ int SuiteTest(int argc, char** argv)
goto exit;
}
#endif
#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \
defined(WOLFSSL_SHA512)
#if defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
(defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
/* add P-521 certificate cipher suite tests */
strcpy(argv0[1], "tests/test-p521.conf");
printf("starting P-521 extra cipher suite tests\n");
@ -894,6 +894,18 @@ int SuiteTest(int argc, char** argv)
goto exit;
}
#endif
#if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \
defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL)
/* TLS non-NIST curves (Koblitz / Brainpool) */
strcpy(argv0[1], "tests/test-ecc-cust-curves.conf");
printf("starting TLS test of non-NIST curves (Koblitz / Brainpool)\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_DTLS
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls.conf");

181
tests/test-ecc-cust-curves.conf Normal file
View File

@ -0,0 +1,181 @@
# ----- secp256k1 ------
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/server-secp256k1-cert.pem
-k ./certs/ecc/secp256k1-key.pem
-d
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ecc/server-secp256k1-cert.pem
-x
-C
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/server-secp256k1-cert.pem
-k ./certs/ecc/secp256k1-key.pem
-d
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/ecc/server-secp256k1-cert.pem
-x
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/server-secp256k1-cert.pem
-k ./certs/ecc/secp256k1-key.pem
-d
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ecc/server-secp256k1-cert.pem
-x
-C
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth)
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/server-secp256k1-cert.pem
-k ./certs/ecc/secp256k1-key.pem
-A ./certs/ecc/client-secp256k1-cert.pem
-V
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutal auth)
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/client-secp256k1-cert.pem
-k ./certs/ecc/secp256k1-key.pem
-A ./certs/ecc/server-secp256k1-cert.pem
-C
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/server-secp256k1-cert.pem
-k ./certs/ecc/secp256k1-key.pem
-A ./certs/ecc/client-secp256k1-cert.pem
-V
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutal auth)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/client-secp256k1-cert.pem
-k ./certs/ecc/secp256k1-key.pem
-A ./certs/ecc/server-secp256k1-cert.pem
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth)
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/server-secp256k1-cert.pem
-k ./certs/ecc/secp256k1-key.pem
-A ./certs/ecc/client-secp256k1-cert.pem
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth)
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/client-secp256k1-cert.pem
-k ./certs/ecc/secp256k1-key.pem
-A ./certs/ecc/server-secp256k1-cert.pem
-C
# ----- bp256r1 ------
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/server-bp256r1-cert.pem
-k ./certs/ecc/bp256r1-key.pem
-d
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/ecc/server-bp256r1-cert.pem
-x
-C
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/server-bp256r1-cert.pem
-k ./certs/ecc/bp256r1-key.pem
-d
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/ecc/server-bp256r1-cert.pem
-x
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/server-bp256r1-cert.pem
-k ./certs/ecc/bp256r1-key.pem
-d
# client TLSv1.3 TLS13-AES128-GCM-SHA256
-v 4
-l TLS13-AES128-GCM-SHA256
-A ./certs/ecc/server-bp256r1-cert.pem
-x
-C
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth)
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/server-bp256r1-cert.pem
-k ./certs/ecc/bp256r1-key.pem
-A ./certs/ecc/client-bp256r1-cert.pem
-V
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutal auth)
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/client-bp256r1-cert.pem
-k ./certs/ecc/bp256r1-key.pem
-A ./certs/ecc/server-bp256r1-cert.pem
-C
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/server-bp256r1-cert.pem
-k ./certs/ecc/bp256r1-key.pem
-A ./certs/ecc/client-bp256r1-cert.pem
-V
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutal auth)
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/ecc/client-bp256r1-cert.pem
-k ./certs/ecc/bp256r1-key.pem
-A ./certs/ecc/server-bp256r1-cert.pem
-C
# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth)
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/server-bp256r1-cert.pem
-k ./certs/ecc/bp256r1-key.pem
-A ./certs/ecc/client-bp256r1-cert.pem
-V
# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth)
-v 4
-l TLS13-AES128-GCM-SHA256
-c ./certs/ecc/client-bp256r1-cert.pem
-k ./certs/ecc/bp256r1-key.pem
-A ./certs/ecc/server-bp256r1-cert.pem
-C