Rename all the signature algorithm tests.
ServerKeyExchange and SigningHash are both very 1.2-specific names. Replace with names that fit both 1.2 and 1.3 (and are a bit shorter). Also fix a reference to ServerKeyExchange in sign.go. Change-Id: I25d4ff135cc77cc545f0f9e94014244d56a9e96b Reviewed-on: https://boringssl-review.googlesource.com/8773 Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
David Benjamin
parent
8ac3571c93
commit
bbfff7cb75
@ -4807,7 +4807,7 @@ func addSignatureAlgorithmTests() {
|
||||
suffix := "-" + alg.name + "-" + ver.name
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
name: "SigningHash-ClientAuth-Sign" + suffix,
|
||||
name: "ClientAuth-Sign" + suffix,
|
||||
config: Config{
|
||||
MaxVersion: ver.version,
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
@ -4829,7 +4829,7 @@ func addSignatureAlgorithmTests() {
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "SigningHash-ClientAuth-Verify" + suffix,
|
||||
name: "ClientAuth-Verify" + suffix,
|
||||
config: Config{
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{getRunnerCertificate(alg.cert)},
|
||||
@ -4855,7 +4855,7 @@ func addSignatureAlgorithmTests() {
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "SigningHash-ServerKeyExchange-Sign" + suffix,
|
||||
name: "ServerAuth-Sign" + suffix,
|
||||
config: Config{
|
||||
MaxVersion: ver.version,
|
||||
CipherSuites: []uint16{
|
||||
@ -4879,7 +4879,7 @@ func addSignatureAlgorithmTests() {
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
name: "SigningHash-ServerKeyExchange-Verify" + suffix,
|
||||
name: "ServerAuth-Verify" + suffix,
|
||||
config: Config{
|
||||
MaxVersion: ver.version,
|
||||
Certificates: []Certificate{getRunnerCertificate(alg.cert)},
|
||||
@ -4909,7 +4909,7 @@ func addSignatureAlgorithmTests() {
|
||||
//
|
||||
// TODO(davidben): Test this in TLS 1.3.
|
||||
testCases = append(testCases, testCase{
|
||||
name: "SigningHash-ClientAuth-SignatureType",
|
||||
name: "ClientAuth-SignatureType",
|
||||
config: Config{
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
MaxVersion: VersionTLS12,
|
||||
@ -4928,7 +4928,7 @@ func addSignatureAlgorithmTests() {
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "SigningHash-ServerKeyExchange-SignatureType",
|
||||
name: "ServerAuth-SignatureType",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS12,
|
||||
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
||||
@ -4965,7 +4965,7 @@ func addSignatureAlgorithmTests() {
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
name: "Verify-ServerKeyExchange-SignatureType",
|
||||
name: "Verify-ServerAuth-SignatureType",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS12,
|
||||
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
||||
@ -4983,7 +4983,7 @@ func addSignatureAlgorithmTests() {
|
||||
// Test that, if the list is missing, the peer falls back to SHA-1 in
|
||||
// TLS 1.2, but not TLS 1.3.
|
||||
testCases = append(testCases, testCase{
|
||||
name: "SigningHash-ClientAuth-Fallback",
|
||||
name: "ClientAuth-SHA1-Fallback",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS12,
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
@ -5002,7 +5002,7 @@ func addSignatureAlgorithmTests() {
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "SigningHash-ServerKeyExchange-Fallback",
|
||||
name: "ServerAuth-SHA1-Fallback",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS12,
|
||||
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
||||
@ -5016,7 +5016,7 @@ func addSignatureAlgorithmTests() {
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
name: "SigningHash-ClientAuth-Fallback-TLS13",
|
||||
name: "ClientAuth-NoFallback-TLS13",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
ClientAuth: RequireAnyClientCert,
|
||||
@ -5037,7 +5037,7 @@ func addSignatureAlgorithmTests() {
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "SigningHash-ServerKeyExchange-Fallback-TLS13",
|
||||
name: "ServerAuth-NoFallback-TLS13",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS13,
|
||||
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
||||
@ -5056,7 +5056,7 @@ func addSignatureAlgorithmTests() {
|
||||
// rejecting MD5 signatures.
|
||||
testCases = append(testCases, testCase{
|
||||
testType: serverTest,
|
||||
name: "SigningHash-ClientAuth-Enforced",
|
||||
name: "ClientAuth-Enforced",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS12,
|
||||
Certificates: []Certificate{rsaCertificate},
|
||||
@ -5078,7 +5078,7 @@ func addSignatureAlgorithmTests() {
|
||||
})
|
||||
|
||||
testCases = append(testCases, testCase{
|
||||
name: "SigningHash-ServerKeyExchange-Enforced",
|
||||
name: "ServerAuth-Enforced",
|
||||
config: Config{
|
||||
MaxVersion: VersionTLS12,
|
||||
CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
||||
|
||||
@ -61,7 +61,7 @@ func signMessage(version uint16, key crypto.PrivateKey, config *Config, sigAlg s
|
||||
|
||||
func verifyMessage(version uint16, key crypto.PublicKey, config *Config, sigAlg signatureAlgorithm, msg, sig []byte) error {
|
||||
if version >= VersionTLS12 && !isSupportedSignatureAlgorithm(sigAlg, config.verifySignatureAlgorithms()) {
|
||||
return errors.New("tls: unsupported signature algorithm for ServerKeyExchange")
|
||||
return errors.New("tls: unsupported signature algorithm")
|
||||
}
|
||||
|
||||
signer, err := getSigner(version, key, config, sigAlg)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user