github.com/FISCO-BCOS/crypto@v0.0.0-20200202032121-bd8ab0b5d4f1/tls/auth_test.go (about) 1 // Copyright 2017 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import ( 8 "crypto" 9 "crypto/ed25519" 10 "testing" 11 ) 12 13 func TestSignatureSelection(t *testing.T) { 14 rsaCert := &testRSAPrivateKey.PublicKey 15 ecdsaCert := &testECDSAPrivateKey.PublicKey 16 ed25519Cert := testEd25519PrivateKey.Public().(ed25519.PublicKey) 17 sigsPKCS1WithSHA := []SignatureScheme{PKCS1WithSHA256, PKCS1WithSHA1} 18 sigsPSSWithSHA := []SignatureScheme{PSSWithSHA256, PSSWithSHA384} 19 sigsECDSAWithSHA := []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1} 20 21 tests := []struct { 22 pubkey crypto.PublicKey 23 peerSigAlgs []SignatureScheme 24 ourSigAlgs []SignatureScheme 25 tlsVersion uint16 26 27 expectedSigAlg SignatureScheme // if tlsVersion == VersionTLS12 28 expectedSigType uint8 29 expectedHash crypto.Hash 30 }{ 31 // Hash is fixed for RSA in TLS 1.1 and before. 32 // https://tools.ietf.org/html/rfc4346#page-44 33 {rsaCert, nil, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1}, 34 {rsaCert, nil, nil, VersionTLS10, 0, signaturePKCS1v15, crypto.MD5SHA1}, 35 {rsaCert, nil, nil, VersionSSL30, 0, signaturePKCS1v15, crypto.MD5SHA1}, 36 37 // Before TLS 1.2, there is no signature_algorithms extension 38 // nor field in CertificateRequest and digitally-signed and thus 39 // it should be ignored. 40 {rsaCert, sigsPKCS1WithSHA, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1}, 41 {rsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1}, 42 // Use SHA-1 for TLS 1.0 and 1.1 with ECDSA, see https://tools.ietf.org/html/rfc4492#page-20 43 {ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signatureECDSA, crypto.SHA1}, 44 {ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS10, 0, signatureECDSA, crypto.SHA1}, 45 46 // TLS 1.2 without signature_algorithms extension 47 // https://tools.ietf.org/html/rfc5246#page-47 48 {rsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1}, 49 {ecdsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1}, 50 51 {rsaCert, []SignatureScheme{PKCS1WithSHA1}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1}, 52 {rsaCert, []SignatureScheme{PKCS1WithSHA256}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256}, 53 // "sha_hash" may denote hashes other than SHA-1 54 // https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-17#page-17 55 {ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1}, 56 {ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256}, 57 58 // RSASSA-PSS is defined in TLS 1.3 for TLS 1.2 59 // https://tools.ietf.org/html/draft-ietf-tls-tls13-21#page-45 60 {rsaCert, []SignatureScheme{PSSWithSHA256}, sigsPSSWithSHA, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256}, 61 62 // All results are fixed for Ed25519. RFC 8422, Section 5.10. 63 {ed25519Cert, []SignatureScheme{Ed25519}, []SignatureScheme{ECDSAWithSHA1, Ed25519}, VersionTLS12, Ed25519, signatureEd25519, directSigning}, 64 {ed25519Cert, nil, nil, VersionTLS12, Ed25519, signatureEd25519, directSigning}, 65 } 66 67 for testNo, test := range tests { 68 sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion) 69 if err != nil { 70 t.Errorf("test[%d]: unexpected error: %v", testNo, err) 71 } 72 if test.tlsVersion == VersionTLS12 && test.expectedSigAlg != sigAlg { 73 t.Errorf("test[%d]: expected signature scheme %#x, got %#x", testNo, test.expectedSigAlg, sigAlg) 74 } 75 if test.expectedSigType != sigType { 76 t.Errorf("test[%d]: expected signature algorithm %#x, got %#x", testNo, test.expectedSigType, sigType) 77 } 78 if test.expectedHash != hashFunc { 79 t.Errorf("test[%d]: expected hash function %#x, got %#x", testNo, test.expectedHash, hashFunc) 80 } 81 } 82 83 badTests := []struct { 84 pubkey crypto.PublicKey 85 peerSigAlgs []SignatureScheme 86 ourSigAlgs []SignatureScheme 87 tlsVersion uint16 88 }{ 89 {rsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12}, 90 {ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS12}, 91 {ecdsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12}, 92 {rsaCert, []SignatureScheme{0}, sigsPKCS1WithSHA, VersionTLS12}, 93 {ed25519Cert, sigsECDSAWithSHA, sigsECDSAWithSHA, VersionTLS12}, 94 {ed25519Cert, []SignatureScheme{Ed25519}, sigsECDSAWithSHA, VersionTLS12}, 95 {ecdsaCert, []SignatureScheme{Ed25519}, []SignatureScheme{Ed25519}, VersionTLS12}, 96 {ed25519Cert, nil, nil, VersionTLS11}, 97 {ed25519Cert, nil, nil, VersionTLS10}, 98 {ed25519Cert, nil, nil, VersionSSL30}, 99 100 // ECDSA is unspecified for SSL 3.0 in RFC 4492. 101 // TODO a SSL 3.0 client cannot advertise signature_algorithms, 102 // but if an application feeds an ECDSA certificate anyway, it 103 // will be accepted rather than trigger a handshake failure. Ok? 104 //{ecdsaCert, nil, nil, VersionSSL30}, 105 } 106 107 for testNo, test := range badTests { 108 sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion) 109 if err == nil { 110 t.Errorf("test[%d]: unexpected success, got %#x %#x %#x", testNo, sigAlg, sigType, hashFunc) 111 } 112 } 113 }