github.com/icodeface/tls@v0.0.0-20230910023335-34df9250cd12/auth_test.go (about) 1 // Copyright 2017 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tls 6 7 import ( 8 "crypto" 9 "testing" 10 ) 11 12 func TestSignatureSelection(t *testing.T) { 13 rsaCert := &testRSAPrivateKey.PublicKey 14 ecdsaCert := &testECDSAPrivateKey.PublicKey 15 sigsPKCS1WithSHA := []SignatureScheme{PKCS1WithSHA256, PKCS1WithSHA1} 16 sigsPSSWithSHA := []SignatureScheme{PSSWithSHA256, PSSWithSHA384} 17 sigsECDSAWithSHA := []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1} 18 19 tests := []struct { 20 pubkey crypto.PublicKey 21 peerSigAlgs []SignatureScheme 22 ourSigAlgs []SignatureScheme 23 tlsVersion uint16 24 25 expectedSigAlg SignatureScheme // or 0 if ignored 26 expectedSigType uint8 27 expectedHash crypto.Hash 28 }{ 29 // Hash is fixed for RSA in TLS 1.1 and before. 30 // https://tools.ietf.org/html/rfc4346#page-44 31 {rsaCert, nil, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1}, 32 {rsaCert, nil, nil, VersionTLS10, 0, signaturePKCS1v15, crypto.MD5SHA1}, 33 {rsaCert, nil, nil, VersionSSL30, 0, signaturePKCS1v15, crypto.MD5SHA1}, 34 35 // Before TLS 1.2, there is no signature_algorithms extension 36 // nor field in CertificateRequest and digitally-signed and thus 37 // it should be ignored. 38 {rsaCert, sigsPKCS1WithSHA, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1}, 39 {rsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1}, 40 // Use SHA-1 for TLS 1.0 and 1.1 with ECDSA, see https://tools.ietf.org/html/rfc4492#page-20 41 {ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signatureECDSA, crypto.SHA1}, 42 {ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS10, 0, signatureECDSA, crypto.SHA1}, 43 44 // TLS 1.2 without signature_algorithms extension 45 // https://tools.ietf.org/html/rfc5246#page-47 46 {rsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1}, 47 {ecdsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1}, 48 49 {rsaCert, []SignatureScheme{PKCS1WithSHA1}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1}, 50 {rsaCert, []SignatureScheme{PKCS1WithSHA256}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256}, 51 // "sha_hash" may denote hashes other than SHA-1 52 // https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-17#page-17 53 {ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1}, 54 {ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256}, 55 56 // RSASSA-PSS is defined in TLS 1.3 for TLS 1.2 57 // https://tools.ietf.org/html/draft-ietf-tls-tls13-21#page-45 58 {rsaCert, []SignatureScheme{PSSWithSHA256}, sigsPSSWithSHA, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256}, 59 } 60 61 for testNo, test := range tests { 62 sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion) 63 if err != nil { 64 t.Errorf("test[%d]: unexpected error: %v", testNo, err) 65 } 66 if test.expectedSigAlg != 0 && test.expectedSigAlg != sigAlg { 67 t.Errorf("test[%d]: expected signature scheme %#x, got %#x", testNo, test.expectedSigAlg, sigAlg) 68 } 69 if test.expectedSigType != sigType { 70 t.Errorf("test[%d]: expected signature algorithm %#x, got %#x", testNo, test.expectedSigType, sigType) 71 } 72 if test.expectedHash != hashFunc { 73 t.Errorf("test[%d]: expected hash function %#x, got %#x", testNo, test.expectedHash, hashFunc) 74 } 75 } 76 77 badTests := []struct { 78 pubkey crypto.PublicKey 79 peerSigAlgs []SignatureScheme 80 ourSigAlgs []SignatureScheme 81 tlsVersion uint16 82 }{ 83 {rsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12}, 84 {ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS12}, 85 {ecdsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12}, 86 {rsaCert, []SignatureScheme{0}, sigsPKCS1WithSHA, VersionTLS12}, 87 88 // ECDSA is unspecified for SSL 3.0 in RFC 4492. 89 // TODO a SSL 3.0 client cannot advertise signature_algorithms, 90 // but if an application feeds an ECDSA certificate anyway, it 91 // will be accepted rather than trigger a handshake failure. Ok? 92 //{ecdsaCert, nil, nil, VersionSSL30}, 93 } 94 95 for testNo, test := range badTests { 96 sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion) 97 if err == nil { 98 t.Errorf("test[%d]: unexpected success, got %#x %#x %#x", testNo, sigAlg, sigType, hashFunc) 99 } 100 } 101 }