github.com/pion/dtls/v2@v2.2.12/pkg/crypto/signaturehash/signaturehash_test.go

github.com/pion/dtls/v2@v2.2.12/pkg/crypto/signaturehash/signaturehash_test.go (about)

     1  // SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly>
     2  // SPDX-License-Identifier: MIT
     3  
     4  package signaturehash
     5  
     6  import (
     7  	"crypto/tls"
     8  	"errors"
     9  	"reflect"
    10  	"testing"
    11  
    12  	"github.com/pion/dtls/v2/pkg/crypto/hash"
    13  	"github.com/pion/dtls/v2/pkg/crypto/signature"
    14  )
    15  
    16  func TestParseSignatureSchemes(t *testing.T) {
    17  	cases := map[string]struct {
    18  		input          []tls.SignatureScheme
    19  		expected       []Algorithm
    20  		err            error
    21  		insecureHashes bool
    22  	}{
    23  		"Translate": {
    24  			input: []tls.SignatureScheme{
    25  				tls.ECDSAWithP256AndSHA256,
    26  				tls.ECDSAWithP384AndSHA384,
    27  				tls.ECDSAWithP521AndSHA512,
    28  				tls.PKCS1WithSHA256,
    29  				tls.PKCS1WithSHA384,
    30  				tls.PKCS1WithSHA512,
    31  				tls.Ed25519,
    32  			},
    33  			expected: []Algorithm{
    34  				{hash.SHA256, signature.ECDSA},
    35  				{hash.SHA384, signature.ECDSA},
    36  				{hash.SHA512, signature.ECDSA},
    37  				{hash.SHA256, signature.RSA},
    38  				{hash.SHA384, signature.RSA},
    39  				{hash.SHA512, signature.RSA},
    40  				{hash.Ed25519, signature.Ed25519},
    41  			},
    42  			insecureHashes: false,
    43  			err:            nil,
    44  		},
    45  		"InvalidSignatureAlgorithm": {
    46  			input: []tls.SignatureScheme{
    47  				tls.ECDSAWithP256AndSHA256, // Valid
    48  				0x04FF,                     // Invalid: unknown signature with SHA-256
    49  			},
    50  			expected:       nil,
    51  			insecureHashes: false,
    52  			err:            errInvalidSignatureAlgorithm,
    53  		},
    54  		"InvalidHashAlgorithm": {
    55  			input: []tls.SignatureScheme{
    56  				tls.ECDSAWithP256AndSHA256, // Valid
    57  				0x0003,                     // Invalid: ECDSA with None
    58  			},
    59  			expected:       nil,
    60  			insecureHashes: false,
    61  			err:            errInvalidHashAlgorithm,
    62  		},
    63  		"InsecureHashAlgorithmDenied": {
    64  			input: []tls.SignatureScheme{
    65  				tls.ECDSAWithP256AndSHA256, // Valid
    66  				tls.ECDSAWithSHA1,          // Insecure
    67  			},
    68  			expected: []Algorithm{
    69  				{hash.SHA256, signature.ECDSA},
    70  			},
    71  			insecureHashes: false,
    72  			err:            nil,
    73  		},
    74  		"InsecureHashAlgorithmAllowed": {
    75  			input: []tls.SignatureScheme{
    76  				tls.ECDSAWithP256AndSHA256, // Valid
    77  				tls.ECDSAWithSHA1,          // Insecure
    78  			},
    79  			expected: []Algorithm{
    80  				{hash.SHA256, signature.ECDSA},
    81  				{hash.SHA1, signature.ECDSA},
    82  			},
    83  			insecureHashes: true,
    84  			err:            nil,
    85  		},
    86  		"OnlyInsecureHashAlgorithm": {
    87  			input: []tls.SignatureScheme{
    88  				tls.ECDSAWithSHA1, // Insecure
    89  			},
    90  			insecureHashes: false,
    91  			err:            errNoAvailableSignatureSchemes,
    92  		},
    93  	}
    94  
    95  	for name, testCase := range cases {
    96  		testCase := testCase
    97  		t.Run(name, func(t *testing.T) {
    98  			output, err := ParseSignatureSchemes(testCase.input, testCase.insecureHashes)
    99  			if testCase.err != nil && !errors.Is(err, testCase.err) {
   100  				t.Fatalf("Expected error: %v, got: %v", testCase.err, err)
   101  			}
   102  			if !reflect.DeepEqual(testCase.expected, output) {
   103  				t.Errorf("Expected signatureHashAlgorithm:\n%+v\ngot:\n%+v", testCase.expected, output)
   104  			}
   105  		})
   106  	}
   107  }