From 02d583c3df156b8cdaad1f6a45f7ea6d440c3962 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 3 May 2024 17:47:06 +0100 Subject: [PATCH] Implement & test ECDSA support --- rustls-libssl/src/evp_pkey.rs | 28 ++++++++++++ rustls-libssl/src/sign.rs | 29 ++++++++++++- rustls-libssl/test-ca/ecdsa-p256/ca.cert | 12 ++++++ rustls-libssl/test-ca/ecdsa-p256/server.cert | 36 ++++++++++++++++ rustls-libssl/test-ca/ecdsa-p256/server.key | 5 +++ rustls-libssl/test-ca/ecdsa-p384/ca.cert | 13 ++++++ rustls-libssl/test-ca/ecdsa-p384/server.cert | 39 +++++++++++++++++ rustls-libssl/test-ca/ecdsa-p384/server.key | 6 +++ rustls-libssl/test-ca/ecdsa-p521/ca.cert | 15 +++++++ rustls-libssl/test-ca/ecdsa-p521/server.cert | 45 ++++++++++++++++++++ rustls-libssl/test-ca/ecdsa-p521/server.key | 8 ++++ rustls-libssl/tests/runner.rs | 3 ++ 12 files changed, 237 insertions(+), 2 deletions(-) create mode 100644 rustls-libssl/test-ca/ecdsa-p256/ca.cert create mode 100644 rustls-libssl/test-ca/ecdsa-p256/server.cert create mode 100644 rustls-libssl/test-ca/ecdsa-p256/server.key create mode 100644 rustls-libssl/test-ca/ecdsa-p384/ca.cert create mode 100644 rustls-libssl/test-ca/ecdsa-p384/server.cert create mode 100644 rustls-libssl/test-ca/ecdsa-p384/server.key create mode 100644 rustls-libssl/test-ca/ecdsa-p521/ca.cert create mode 100644 rustls-libssl/test-ca/ecdsa-p521/server.cert create mode 100644 rustls-libssl/test-ca/ecdsa-p521/server.key diff --git a/rustls-libssl/src/evp_pkey.rs b/rustls-libssl/src/evp_pkey.rs index 7665a1f..1e5d417 100644 --- a/rustls-libssl/src/evp_pkey.rs +++ b/rustls-libssl/src/evp_pkey.rs @@ -191,6 +191,34 @@ impl EvpScheme for Ed25519 { } } +pub fn ecdsa_sha256() -> Box { + Box::new(Ecdsa(unsafe { EVP_sha256() })) +} + +pub fn ecdsa_sha384() -> Box { + Box::new(Ecdsa(unsafe { EVP_sha384() })) +} + +pub fn ecdsa_sha512() -> Box { + Box::new(Ecdsa(unsafe { EVP_sha512() })) +} + +#[derive(Debug)] +struct Ecdsa(*const EVP_MD); + +impl EvpScheme for Ecdsa { + fn digest(&self) -> *mut EVP_MD { + self.0 as *mut EVP_MD + } + + fn configure_ctx(&self, _: &mut SignCtx) -> Option<()> { + Some(()) + } +} + +unsafe impl Sync for Ecdsa {} +unsafe impl Send for Ecdsa {} + /// Owning wrapper for a signing `EVP_MD_CTX` pub(crate) struct SignCtx { md_ctx: *mut EVP_MD_CTX, diff --git a/rustls-libssl/src/sign.rs b/rustls-libssl/src/sign.rs index 0e69408..89f6414 100644 --- a/rustls-libssl/src/sign.rs +++ b/rustls-libssl/src/sign.rs @@ -10,8 +10,8 @@ use rustls::{SignatureAlgorithm, SignatureScheme}; use crate::error; use crate::evp_pkey::{ - ed25519, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, rsa_pss_sha256, rsa_pss_sha384, - rsa_pss_sha512, EvpPkey, EvpScheme, + ecdsa_sha256, ecdsa_sha384, ecdsa_sha512, ed25519, rsa_pkcs1_sha256, rsa_pkcs1_sha384, + rsa_pkcs1_sha512, rsa_pss_sha256, rsa_pss_sha384, rsa_pss_sha512, EvpPkey, EvpScheme, }; use crate::x509::OwnedX509Stack; @@ -216,6 +216,31 @@ impl sign::SigningKey for OpenSslKey { None } + SignatureAlgorithm::ECDSA => { + if offered.contains(&SignatureScheme::ECDSA_NISTP256_SHA256) { + return Some(Box::new(OpenSslSigner { + pkey: self.0.clone(), + pscheme: ecdsa_sha256(), + scheme: SignatureScheme::ECDSA_NISTP256_SHA256, + })); + } + if offered.contains(&SignatureScheme::ECDSA_NISTP384_SHA384) { + return Some(Box::new(OpenSslSigner { + pkey: self.0.clone(), + pscheme: ecdsa_sha384(), + scheme: SignatureScheme::ECDSA_NISTP384_SHA384, + })); + } + if offered.contains(&SignatureScheme::ECDSA_NISTP521_SHA512) { + return Some(Box::new(OpenSslSigner { + pkey: self.0.clone(), + pscheme: ecdsa_sha512(), + scheme: SignatureScheme::ECDSA_NISTP521_SHA512, + })); + } + + None + } _ => None, } } diff --git a/rustls-libssl/test-ca/ecdsa-p256/ca.cert b/rustls-libssl/test-ca/ecdsa-p256/ca.cert new file mode 100644 index 0000000..0666d8f --- /dev/null +++ b/rustls-libssl/test-ca/ecdsa-p256/ca.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtzCCAV2gAwIBAgIBBDAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMjU2IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMjU2IENBMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEt7wL3biRoR6fSefjp0t08cudi2zQUounGCxjHQY1brlh +IVUp2VfP/FhPKBX7VgHRHTJoukAAtg12Aks7cqalEKOBgzCBgDAfBgNVHSMEGDAW +gBRfW6pxJGPHn4+tADqUNDV6Uo8xyDAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRfW6pxJGPHn4+tADqUNDV6 +Uo8xyDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFZel8Z3muq9 +cA5ZQfnoPyXbPv5yf0aT+VsXDk0mirdoAiEAjzViKYx3OOYAnlRSvlDabDbqXy2f +Vezw14zRbrDN9D4= +-----END CERTIFICATE----- diff --git a/rustls-libssl/test-ca/ecdsa-p256/server.cert b/rustls-libssl/test-ca/ecdsa-p256/server.cert new file mode 100644 index 0000000..953f3c9 --- /dev/null +++ b/rustls-libssl/test-ca/ecdsa-p256/server.cert @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIBxjCCAW2gAwIBAgIBEjAKBggqhkjOPQQDAjAzMTEwLwYDVQQDDChwb255dG93 +biBFQ0RTQSBwMjU2IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw +MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABNjZ6JNt+53aq8bcp33lKeJGPSZZRzHg +fuFuCBQyC1Yx0s8ff4MUQcnzrwqde++6eKiQkwy8oC4v60tsICflmY+jgYkwgYYw +HwYDVR0jBBgwFoAU0jOcpG97skCpDmP1BEpFfjcVnHIwUwYDVR0RBEwwSoIOdGVz +dHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0hwTG +M2QBhxAgAQ24AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIGwDAKBggqhkjOPQQD +AgNHADBEAiAoZIrzdGAMX4UJ6Nq9pfKk8s95OmY6sPv2cMQX68JmRQIgCkMJNt5R +4tHOCXLj/2duxXss95/Q+r3sXrOJDn/96dk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIByDCCAW+gAwIBAgIBCzAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMjU2IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMjU2IGxldmVsIDIgaW50ZXJt +ZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtj1/NrV2DF8pdu0nbz8e +GWJC9loBDlmVy0SCKcBezKOErTzNV6PvE3qPy2vNJgzkEKZYpgjEMYKvDImZlOE2 +OqOBgzCBgDAfBgNVHSMEGDAWgBRfW6pxJGPHn4+tADqUNDV6Uo8xyDAOBgNVHQ8B +Af8EBAMCAf4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW +BBTSM5ykb3uyQKkOY/UESkV+NxWccjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 +BAMCA0cAMEQCIBKOv7CRDiJ/zXyxL6hJwlxrBSoSSrZBeTyVND5jqAvSAiBu3OSo +KaMUQcDSi8/dXkxIC/Wpp8D0IUV2AyEC+7kBZA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtzCCAV2gAwIBAgIBBDAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMjU2IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMjU2IENBMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEt7wL3biRoR6fSefjp0t08cudi2zQUounGCxjHQY1brlh +IVUp2VfP/FhPKBX7VgHRHTJoukAAtg12Aks7cqalEKOBgzCBgDAfBgNVHSMEGDAW +gBRfW6pxJGPHn4+tADqUNDV6Uo8xyDAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRfW6pxJGPHn4+tADqUNDV6 +Uo8xyDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFZel8Z3muq9 +cA5ZQfnoPyXbPv5yf0aT+VsXDk0mirdoAiEAjzViKYx3OOYAnlRSvlDabDbqXy2f +Vezw14zRbrDN9D4= +-----END CERTIFICATE----- diff --git a/rustls-libssl/test-ca/ecdsa-p256/server.key b/rustls-libssl/test-ca/ecdsa-p256/server.key new file mode 100644 index 0000000..af85610 --- /dev/null +++ b/rustls-libssl/test-ca/ecdsa-p256/server.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMyvFQ1aDiQcxbZAT +EtOOXL91NxQ9mwzZojvaJF276kihRANCAATY2eiTbfud2qvG3Kd95SniRj0mWUcx +4H7hbggUMgtWMdLPH3+DFEHJ868KnXvvuniokJMMvKAuL+tLbCAn5ZmP +-----END PRIVATE KEY----- diff --git a/rustls-libssl/test-ca/ecdsa-p384/ca.cert b/rustls-libssl/test-ca/ecdsa-p384/ca.cert new file mode 100644 index 0000000..87c137d --- /dev/null +++ b/rustls-libssl/test-ca/ecdsa-p384/ca.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9DCCAXqgAwIBAgIBBTAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMzg0IENBMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAEDEC6KiN/ndgCEKUK+opKyRctlbb6R62CMqPF2y/oGfZlIqNT +yfmY6tQ0eqR6fo0KAxinwU6mbfydyu0+pIGW0lqf3NhQENMErSRrdCUDNxh47Xef +StgVMDD+dMI1PwFjo4GDMIGAMB8GA1UdIwQYMBaAFEwlemtPJLok55o6Szy1gNQz +72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwHQYDVR0OBBYEFEwlemtPJLok55o6Szy1gNQz72dpMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIxALb7BmuYs0vF5QUupqaNhTIUgxNNa39N+1GR +E1QCnUUd6tXj/UawVBBrei3CbUxC2wIwRW5RrYosKIIZtnxkQsPrapY3mxIitRqC +lpd7Vf2wBvi1Kf3LtWLSG6NMIB8TO7Rs +-----END CERTIFICATE----- diff --git a/rustls-libssl/test-ca/ecdsa-p384/server.cert b/rustls-libssl/test-ca/ecdsa-p384/server.cert new file mode 100644 index 0000000..da3c589 --- /dev/null +++ b/rustls-libssl/test-ca/ecdsa-p384/server.cert @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIICBTCCAYqgAwIBAgIBEzAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 +biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw +MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABO+9bzwsp+UMJE9q1hZHotYJ6HYIT0wz3nML +54iNzsZlA9f1yIqf2aL+BMfSD2pCHfVgWTEZFp7WEvIhrDu+WcUXHoRQ31p9lw6X +MzJWXihbN0OU5nBOPPcyImL5TIhIWKOBiTCBhjAfBgNVHSMEGDAWgBR7EQhJDBu8 ++OtZdw2OB7lPdAz7NDBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25k +LnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGHECABDbgAAAAAAAAAAAAA +AAEwDgYDVR0PAQH/BAQDAgbAMAoGCCqGSM49BAMDA2kAMGYCMQDkM+CEeHnsf4Ww +YNDUjNlodcpJDxEk4PTsIECvu2EdQjLXHt0vrogZeAVvHhUMixcCMQDB/pZCcjsW +ly7qVSS2f9PJE/LY7dLv9Gg2gLQyhAj3hG1zVC8psFK/KRKME6ypVZ0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE +tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp +p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA +FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 +DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD +yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz ++51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB9DCCAXqgAwIBAgIBBTAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMzg0IENBMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAEDEC6KiN/ndgCEKUK+opKyRctlbb6R62CMqPF2y/oGfZlIqNT +yfmY6tQ0eqR6fo0KAxinwU6mbfydyu0+pIGW0lqf3NhQENMErSRrdCUDNxh47Xef +StgVMDD+dMI1PwFjo4GDMIGAMB8GA1UdIwQYMBaAFEwlemtPJLok55o6Szy1gNQz +72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwHQYDVR0OBBYEFEwlemtPJLok55o6Szy1gNQz72dpMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIxALb7BmuYs0vF5QUupqaNhTIUgxNNa39N+1GR +E1QCnUUd6tXj/UawVBBrei3CbUxC2wIwRW5RrYosKIIZtnxkQsPrapY3mxIitRqC +lpd7Vf2wBvi1Kf3LtWLSG6NMIB8TO7Rs +-----END CERTIFICATE----- diff --git a/rustls-libssl/test-ca/ecdsa-p384/server.key b/rustls-libssl/test-ca/ecdsa-p384/server.key new file mode 100644 index 0000000..7c183fa --- /dev/null +++ b/rustls-libssl/test-ca/ecdsa-p384/server.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA9ijAQuSTgVl10LcJO +f9UA7L8jb9N0bxvCjAvGWzzojcYD6sWFkq9Fyc7YNa0K9YihZANiAATvvW88LKfl +DCRPatYWR6LWCeh2CE9MM95zC+eIjc7GZQPX9ciKn9mi/gTH0g9qQh31YFkxGRae +1hLyIaw7vlnFFx6EUN9afZcOlzMyVl4oWzdDlOZwTjz3MiJi+UyISFg= +-----END PRIVATE KEY----- diff --git a/rustls-libssl/test-ca/ecdsa-p521/ca.cert b/rustls-libssl/test-ca/ecdsa-p521/ca.cert new file mode 100644 index 0000000..3082bfe --- /dev/null +++ b/rustls-libssl/test-ca/ecdsa-p521/ca.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICPjCCAaCgAwIBAgIBBjAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwNTIxIENBMIGbMBAGByqGSM49 +AgEGBSuBBAAjA4GGAAQBNE6id6TKt03nKiz09bDEM1h1f2JJ0QjWgiCovHNbjEWw +FI5PQ0MqAMjhbeoRBvvOXEQLd41J0XcbCXg0GwZqmdgArcmTlO8IAdoVQCg3jp3w +3s9SHxk/ebZqyd6iNsyYGCwIVr7FtBGUm39ONNS8nxrcIUpP00hpUF9jdhaSbssF +K82jgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVqJx92t5jbBm9XsMwwDgYDVR0P +AQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E +FgQUOjnapNNhlEVqJx92t5jbBm9XsMwwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO +PQQDBAOBiwAwgYcCQRlgAuUKnW527uUTyEjsaZcsssAu37olCWXuduP9tNyhLYPr +lYlu+ltLmR250DdikBXAl3unkpYEAdQam9lc1nMxAkIBVBah69psNw9vjrR9jNtp +Ql22JD6hpeJsWFe0gdDhNZjIS+sKPXrDj3YfmRHLm9JsgVKinMaVMfI8DstuIaET +IzE= +-----END CERTIFICATE----- diff --git a/rustls-libssl/test-ca/ecdsa-p521/server.cert b/rustls-libssl/test-ca/ecdsa-p521/server.cert new file mode 100644 index 0000000..ea8d7b0 --- /dev/null +++ b/rustls-libssl/test-ca/ecdsa-p521/server.cert @@ -0,0 +1,45 @@ +-----BEGIN CERTIFICATE----- +MIICTzCCAbCgAwIBAgIBFDAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93 +biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw +MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTCB +mzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAIeQ9nmRpEKiaPHndWHt+MHk0HhYKJ68 +mRNXyqIV2h2PdBRnX2LOMFUG6soS0C+DwY6PJnxggheUAUFfPuj7FO5eABouUuKS +wO7BsOQgWk0tJBPMWpE1M+nqab3Sq79B2bdtZaoMciP1fMO7Y92RMWJHTEWuo+cV +V2TOPN6QsMPA17sno4GJMIGGMB8GA1UdIwQYMBaAFKzEA+eqUyatDn0QF2/CitNP +hRQ0MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQudGVzdHNlcnZl +ci5jb22CCWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAAATAOBgNVHQ8B +Af8EBAMCBsAwCgYIKoZIzj0EAwQDgYwAMIGIAkIAyxKBhR9HWpLZ5WFPB72MZB2s +pBWkSl60DkryT+YkB26LjJdEYHFifDjqc0f0Aq4hDvHGtcACGSMh3cbm7PsxUqUC +QgHEGiQxY/i1EYYGCLDI44Ov67Cx7wH0Hg3XN8N2szuNdzfyIIM6m0rD63MBFXEM +kTsk0uE5jRRt2e+0yE3X0em3YA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICUDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJt +ZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBecdhU3/ueIjmAf2NPGZH +dT44+uxq+rc7aZXy+6ucFRRHq5OdFSh3Z/qSFlk9n682wLQJRG+8hi230pnPwM7E +j5ABAAcyK6nDHPKBZK4+YXuiUYsKBbD82Gn4zXff2dyahjlKtuBjjqlLaMCwgADO +QdGfF5/peH4i46dN7xm6HHWULVujgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVq +Jx92t5jbBm9XsMwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUrMQD56pTJq0OfRAXb8KK00+FFDQwDwYDVR0T +AQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBiwAwgYcCQXhkIhVuUfxQqafd3jG75ugN +vg4nZdHZx715Du1cKErBfN5x1Ib1fQMKe+Y4qZ8R1S3uLfoHlOzirLwCzeRaExne +AkIBVkovuBx1n/y5HK+uRIQTpGRjH4srgvW4Q2PxsXjVEe2jP1R2smUwz8+VamPo +j1CGz5rAaj99YdMqNKXG8/avL9Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPjCCAaCgAwIBAgIBBjAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwNTIxIENBMIGbMBAGByqGSM49 +AgEGBSuBBAAjA4GGAAQBNE6id6TKt03nKiz09bDEM1h1f2JJ0QjWgiCovHNbjEWw +FI5PQ0MqAMjhbeoRBvvOXEQLd41J0XcbCXg0GwZqmdgArcmTlO8IAdoVQCg3jp3w +3s9SHxk/ebZqyd6iNsyYGCwIVr7FtBGUm39ONNS8nxrcIUpP00hpUF9jdhaSbssF +K82jgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVqJx92t5jbBm9XsMwwDgYDVR0P +AQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E +FgQUOjnapNNhlEVqJx92t5jbBm9XsMwwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO +PQQDBAOBiwAwgYcCQRlgAuUKnW527uUTyEjsaZcsssAu37olCWXuduP9tNyhLYPr +lYlu+ltLmR250DdikBXAl3unkpYEAdQam9lc1nMxAkIBVBah69psNw9vjrR9jNtp +Ql22JD6hpeJsWFe0gdDhNZjIS+sKPXrDj3YfmRHLm9JsgVKinMaVMfI8DstuIaET +IzE= +-----END CERTIFICATE----- diff --git a/rustls-libssl/test-ca/ecdsa-p521/server.key b/rustls-libssl/test-ca/ecdsa-p521/server.key new file mode 100644 index 0000000..e907642 --- /dev/null +++ b/rustls-libssl/test-ca/ecdsa-p521/server.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA2udCT3jmo9pjJThF +nw5rUTOWEUsJqvOSGi9huhY6K4q3vMk7oOdRke3UiR6CebOdv0drE8aYVEJM6+yD +eu8752ihgYkDgYYABACHkPZ5kaRComjx53Vh7fjB5NB4WCievJkTV8qiFdodj3QU +Z19izjBVBurKEtAvg8GOjyZ8YIIXlAFBXz7o+xTuXgAaLlLiksDuwbDkIFpNLSQT +zFqRNTPp6mm90qu/Qdm3bWWqDHIj9XzDu2PdkTFiR0xFrqPnFVdkzjzekLDDwNe7 +Jw== +-----END PRIVATE KEY----- diff --git a/rustls-libssl/tests/runner.rs b/rustls-libssl/tests/runner.rs index c2a1255..4dc107d 100644 --- a/rustls-libssl/tests/runner.rs +++ b/rustls-libssl/tests/runner.rs @@ -402,6 +402,9 @@ fn server_key_algorithms() { server_with_key_algorithm("rsa", "rsa_pkcs1_sha384", "-tls1_2"); server_with_key_algorithm("rsa", "rsa_pkcs1_sha512", "-tls1_2"); server_with_key_algorithm("ed25519", "ed25519", "-tls1_3"); + server_with_key_algorithm("ecdsa-p256", "ecdsa_secp256r1_sha256", "-tls1_3"); + server_with_key_algorithm("ecdsa-p384", "ecdsa_secp384r1_sha384", "-tls1_3"); + server_with_key_algorithm("ecdsa-p521", "ecdsa_secp521r1_sha512", "-tls1_3"); } const NGINX_LOG_LEVEL: &str = "info";