e2e_tests: Add ECDSA tests

gowthamsk-arm · tgonzalezorlandoarm · commit 694f20948664 · 2024-05-15T21:12:35.000+01:00
Signed-off-by: Gowtham Suresh Kumar &lt;gowtham.sureshkumar@arm.com&gt;
diff --git a/parsec-openssl-provider-shared/e2e_tests/tests/handshake.rs b/parsec-openssl-provider-shared/e2e_tests/tests/handshake.rs
@@ -105,6 +105,29 @@ fn test_handshake_client_authentication_with_no_rsa_client_key() {
     client.connect(addr);
 }
 
+#[should_panic]
+#[test]
+fn test_handshake_client_authentication_with_no_ecdsa_client_key() {
+    let listener = TcpListener::bind("127.0.0.1:0").unwrap();
+    let addr = listener.local_addr().unwrap();
+
+    let server = Server::new(
+        Some(String::from("../../tests/tls/server/server_cert.pem")),
+        Some(String::from("../../tests/tls/server/server_priv_key.pem")),
+        Some(String::from("../../tests/tls/ca/ca_cert.pem")),
+        SslVerifyMode::PEER | SslVerifyMode::FAIL_IF_NO_PEER_CERT,
+    );
+    server.accept(listener);
+
+    let client = Client::new(
+        Some(String::from("../../tests/tls/client/parsec_ecdsa.pem")),
+        None,
+        Some(String::from("../../tests/tls/ca/ca_cert.pem")),
+        SslVerifyMode::PEER,
+    );
+    client.connect(addr);
+}
+
 #[test]
 fn test_handshake_client_authentication_rsa() {
     let socket = TcpListener::bind("127.0.0.1:0").unwrap();
@@ -127,6 +150,28 @@ fn test_handshake_client_authentication_rsa() {
     client.connect(addr);
 }
 
+#[test]
+fn test_handshake_client_authentication_ecdsa() {
+    let socket = TcpListener::bind("127.0.0.1:0").unwrap();
+    let addr = socket.local_addr().unwrap();
+
+    let server = Server::new(
+        Some(String::from("../../tests/tls/server/server_cert.pem")),
+        Some(String::from("../../tests/tls/server/server_priv_key.pem")),
+        Some(String::from("../../tests/tls/ca/ca_cert.pem")),
+        SslVerifyMode::FAIL_IF_NO_PEER_CERT | SslVerifyMode::PEER,
+    );
+    server.accept(socket);
+
+    let client = Client::new(
+        Some(String::from("../../tests/tls/client/parsec_ecdsa.pem")),
+        Some(String::from("PARSEC_TEST_ECDSA_KEY")),
+        Some(String::from("../../tests/tls/ca/ca_cert.pem")),
+        SslVerifyMode::PEER,
+    );
+    client.connect(addr);
+}
+
 #[should_panic]
 #[test]
 fn test_handshake_client_authentication_with_fake_ca() {
@@ -168,3 +213,22 @@ fn test_client_with_mismatched_rsa_key_and_certificate() {
         .set_private_key_file(String::from("PARSEC_TEST_RSA_KEY"), SslFiletype::PEM)
         .unwrap_err();
 }
+
+// This is a negative test case. When a client is configured with a wrong certificate for a private
+// key, the key management match function should report an error about the mismatched private key and
+// public key from the x509 certificate.
+#[test]
+fn test_client_with_mismatched_ecdsa_key_and_certificate() {
+    let mut ctx_builder = SslContext::builder(SslMethod::tls_client()).unwrap();
+
+    ctx_builder
+        .set_certificate_file(
+            String::from("../../tests/tls/fake_client/parsec_ecdsa.pem"),
+            SslFiletype::PEM,
+        )
+        .unwrap();
+
+    ctx_builder
+        .set_private_key_file(String::from("PARSEC_TEST_ECDSA_KEY"), SslFiletype::PEM)
+        .unwrap_err();
+}
