github.com/icodeface/tls@v0.0.0-20230910023335-34df9250cd12/auth_test.go (about)

     1  // Copyright 2017 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package tls
     6  
     7  import (
     8  	"crypto"
     9  	"testing"
    10  )
    11  
    12  func TestSignatureSelection(t *testing.T) {
    13  	rsaCert := &testRSAPrivateKey.PublicKey
    14  	ecdsaCert := &testECDSAPrivateKey.PublicKey
    15  	sigsPKCS1WithSHA := []SignatureScheme{PKCS1WithSHA256, PKCS1WithSHA1}
    16  	sigsPSSWithSHA := []SignatureScheme{PSSWithSHA256, PSSWithSHA384}
    17  	sigsECDSAWithSHA := []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}
    18  
    19  	tests := []struct {
    20  		pubkey      crypto.PublicKey
    21  		peerSigAlgs []SignatureScheme
    22  		ourSigAlgs  []SignatureScheme
    23  		tlsVersion  uint16
    24  
    25  		expectedSigAlg  SignatureScheme // or 0 if ignored
    26  		expectedSigType uint8
    27  		expectedHash    crypto.Hash
    28  	}{
    29  		// Hash is fixed for RSA in TLS 1.1 and before.
    30  		// https://tools.ietf.org/html/rfc4346#page-44
    31  		{rsaCert, nil, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1},
    32  		{rsaCert, nil, nil, VersionTLS10, 0, signaturePKCS1v15, crypto.MD5SHA1},
    33  		{rsaCert, nil, nil, VersionSSL30, 0, signaturePKCS1v15, crypto.MD5SHA1},
    34  
    35  		// Before TLS 1.2, there is no signature_algorithms extension
    36  		// nor field in CertificateRequest and digitally-signed and thus
    37  		// it should be ignored.
    38  		{rsaCert, sigsPKCS1WithSHA, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1},
    39  		{rsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1},
    40  		// Use SHA-1 for TLS 1.0 and 1.1 with ECDSA, see https://tools.ietf.org/html/rfc4492#page-20
    41  		{ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signatureECDSA, crypto.SHA1},
    42  		{ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS10, 0, signatureECDSA, crypto.SHA1},
    43  
    44  		// TLS 1.2 without signature_algorithms extension
    45  		// https://tools.ietf.org/html/rfc5246#page-47
    46  		{rsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
    47  		{ecdsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
    48  
    49  		{rsaCert, []SignatureScheme{PKCS1WithSHA1}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
    50  		{rsaCert, []SignatureScheme{PKCS1WithSHA256}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
    51  		// "sha_hash" may denote hashes other than SHA-1
    52  		// https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-17#page-17
    53  		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
    54  		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
    55  
    56  		// RSASSA-PSS is defined in TLS 1.3 for TLS 1.2
    57  		// https://tools.ietf.org/html/draft-ietf-tls-tls13-21#page-45
    58  		{rsaCert, []SignatureScheme{PSSWithSHA256}, sigsPSSWithSHA, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256},
    59  	}
    60  
    61  	for testNo, test := range tests {
    62  		sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion)
    63  		if err != nil {
    64  			t.Errorf("test[%d]: unexpected error: %v", testNo, err)
    65  		}
    66  		if test.expectedSigAlg != 0 && test.expectedSigAlg != sigAlg {
    67  			t.Errorf("test[%d]: expected signature scheme %#x, got %#x", testNo, test.expectedSigAlg, sigAlg)
    68  		}
    69  		if test.expectedSigType != sigType {
    70  			t.Errorf("test[%d]: expected signature algorithm %#x, got %#x", testNo, test.expectedSigType, sigType)
    71  		}
    72  		if test.expectedHash != hashFunc {
    73  			t.Errorf("test[%d]: expected hash function %#x, got %#x", testNo, test.expectedHash, hashFunc)
    74  		}
    75  	}
    76  
    77  	badTests := []struct {
    78  		pubkey      crypto.PublicKey
    79  		peerSigAlgs []SignatureScheme
    80  		ourSigAlgs  []SignatureScheme
    81  		tlsVersion  uint16
    82  	}{
    83  		{rsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12},
    84  		{ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS12},
    85  		{ecdsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12},
    86  		{rsaCert, []SignatureScheme{0}, sigsPKCS1WithSHA, VersionTLS12},
    87  
    88  		// ECDSA is unspecified for SSL 3.0 in RFC 4492.
    89  		// TODO a SSL 3.0 client cannot advertise signature_algorithms,
    90  		// but if an application feeds an ECDSA certificate anyway, it
    91  		// will be accepted rather than trigger a handshake failure. Ok?
    92  		//{ecdsaCert, nil, nil, VersionSSL30},
    93  	}
    94  
    95  	for testNo, test := range badTests {
    96  		sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion)
    97  		if err == nil {
    98  			t.Errorf("test[%d]: unexpected success, got %#x %#x %#x", testNo, sigAlg, sigType, hashFunc)
    99  		}
   100  	}
   101  }