kris
/
th5
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Alternative TLS implementation in Go
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
564 Commits
3 Branches
2.6 MiB
 
 
Tree: 9fe6933c1f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9fe6933c1f'
${ noResults }
th5/auth_test.go

102 lines
4.5 KiB
Raw Blame History 

  1. // Copyright 2017 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package trs

  6. 

  7. import (

  8. 	"crypto"

  9. 	"testing"

  10. )

  11. 

  12. func TestSignatureSelection(t *testing.T) {

  13. 	rsaCert := &testRSAPrivateKey.PublicKey

  14. 	ecdsaCert := &testECDSAPrivateKey.PublicKey

  15. 	sigsPKCS1WithSHA := []SignatureScheme{PKCS1WithSHA256, PKCS1WithSHA1}

  16. 	sigsPSSWithSHA := []SignatureScheme{PSSWithSHA256, PSSWithSHA384}

  17. 	sigsECDSAWithSHA := []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}

  18. 

  19. 	tests := []struct {

  20. 		pubkey      crypto.PublicKey

  21. 		peerSigAlgs []SignatureScheme

  22. 		ourSigAlgs  []SignatureScheme

  23. 		tlsVersion  uint16

  24. 

  25. 		expectedSigAlg  SignatureScheme // or 0 if ignored

  26. 		expectedSigType uint8

  27. 		expectedHash    crypto.Hash

  28. 	}{

  29. 		// Hash is fixed for RSA in TLS 1.1 and before.

  30. 		// https://tools.ietf.org/html/rfc4346#page-44

  31. 		{rsaCert, nil, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1},

  32. 		{rsaCert, nil, nil, VersionTLS10, 0, signaturePKCS1v15, crypto.MD5SHA1},

  33. 		{rsaCert, nil, nil, VersionSSL30, 0, signaturePKCS1v15, crypto.MD5SHA1},

  34. 

  35. 		// Before TLS 1.2, there is no signature_algorithms extension

  36. 		// nor field in CertificateRequest and digitally-signed and thus

  37. 		// it should be ignored.

  38. 		{rsaCert, sigsPKCS1WithSHA, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1},

  39. 		{rsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1},

  40. 		// Use SHA-1 for TLS 1.0 and 1.1 with ECDSA, see https://tools.ietf.org/html/rfc4492#page-20

  41. 		{ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signatureECDSA, crypto.SHA1},

  42. 		{ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS10, 0, signatureECDSA, crypto.SHA1},

  43. 

  44. 		// TLS 1.2 without signature_algorithms extension

  45. 		// https://tools.ietf.org/html/rfc5246#page-47

  46. 		{rsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},

  47. 		{ecdsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},

  48. 

  49. 		{rsaCert, []SignatureScheme{PKCS1WithSHA1}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},

  50. 		{rsaCert, []SignatureScheme{PKCS1WithSHA256}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},

  51. 		// "sha_hash" may denote hashes other than SHA-1

  52. 		// https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-17#page-17

  53. 		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},

  54. 		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},

  55. 

  56. 		// RSASSA-PSS is defined in TLS 1.3 for TLS 1.2

  57. 		// https://tools.ietf.org/html/draft-ietf-tls-tls13-21#page-45

  58. 		{rsaCert, []SignatureScheme{PSSWithSHA256}, sigsPSSWithSHA, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256},

  59. 	}

  60. 

  61. 	for testNo, test := range tests {

  62. 		sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion)

  63. 		if err != nil {

  64. 			t.Errorf("test[%d]: unexpected error: %v", testNo, err)

  65. 		}

  66. 		if test.expectedSigAlg != 0 && test.expectedSigAlg != sigAlg {

  67. 			t.Errorf("test[%d]: expected signature scheme %#x, got %#x", testNo, test.expectedSigAlg, sigAlg)

  68. 		}

  69. 		if test.expectedSigType != sigType {

  70. 			t.Errorf("test[%d]: expected signature algorithm %#x, got %#x", testNo, test.expectedSigType, sigType)

  71. 		}

  72. 		if test.expectedHash != hashFunc {

  73. 			t.Errorf("test[%d]: expected hash function %#x, got %#x", testNo, test.expectedHash, hashFunc)

  74. 		}

  75. 	}

  76. 

  77. 	badTests := []struct {

  78. 		pubkey      crypto.PublicKey

  79. 		peerSigAlgs []SignatureScheme

  80. 		ourSigAlgs  []SignatureScheme

  81. 		tlsVersion  uint16

  82. 	}{

  83. 		{rsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12},

  84. 		{ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS12},

  85. 		{ecdsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12},

  86. 		{rsaCert, []SignatureScheme{0}, sigsPKCS1WithSHA, VersionTLS12},

  87. 

  88. 		// ECDSA is unspecified for SSL 3.0 in RFC 4492.

  89. 		// TODO a SSL 3.0 client cannot advertise signature_algorithms,

  90. 		// but if an application feeds an ECDSA certificate anyway, it

  91. 		// will be accepted rather than trigger a handshake failure. Ok?

  92. 		//{ecdsaCert, nil, nil, VersionSSL30},

  93. 	}

  94. 

  95. 	for testNo, test := range badTests {

  96. 		sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion)

  97. 		if err == nil {

  98. 			t.Errorf("test[%d]: unexpected success, got %#x %#x %#x", testNo, sigAlg, sigType, hashFunc)

  99. 		}

  100. 	}

  101. }