auth_test.go

Documentation: crypto/tls

		 1  // Copyright 2017 The Go Authors. All rights reserved.
		 2  // Use of this source code is governed by a BSD-style
		 3  // license that can be found in the LICENSE file.
		 4  
		 5  package tls
		 6  
		 7  import (
		 8  	"crypto"
		 9  	"testing"
		10  )
		11  
		12  func TestSignatureSelection(t *testing.T) {
		13  	rsaCert := &Certificate{
		14  		Certificate: [][]byte{testRSACertificate},
		15  		PrivateKey:	testRSAPrivateKey,
		16  	}
		17  	pkcs1Cert := &Certificate{
		18  		Certificate:									[][]byte{testRSACertificate},
		19  		PrivateKey:									 testRSAPrivateKey,
		20  		SupportedSignatureAlgorithms: []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256},
		21  	}
		22  	ecdsaCert := &Certificate{
		23  		Certificate: [][]byte{testP256Certificate},
		24  		PrivateKey:	testP256PrivateKey,
		25  	}
		26  	ed25519Cert := &Certificate{
		27  		Certificate: [][]byte{testEd25519Certificate},
		28  		PrivateKey:	testEd25519PrivateKey,
		29  	}
		30  
		31  	tests := []struct {
		32  		cert				*Certificate
		33  		peerSigAlgs []SignatureScheme
		34  		tlsVersion	uint16
		35  
		36  		expectedSigAlg	SignatureScheme
		37  		expectedSigType uint8
		38  		expectedHash		crypto.Hash
		39  	}{
		40  		{rsaCert, []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
		41  		{rsaCert, []SignatureScheme{PKCS1WithSHA512, PKCS1WithSHA1}, VersionTLS12, PKCS1WithSHA512, signaturePKCS1v15, crypto.SHA512},
		42  		{rsaCert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256},
		43  		{pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
		44  		{rsaCert, []SignatureScheme{PSSWithSHA384, PKCS1WithSHA1}, VersionTLS13, PSSWithSHA384, signatureRSAPSS, crypto.SHA384},
		45  		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
		46  		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
		47  		{ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS13, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
		48  		{ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS12, Ed25519, signatureEd25519, directSigning},
		49  		{ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS13, Ed25519, signatureEd25519, directSigning},
		50  
		51  		// TLS 1.2 without signature_algorithms extension
		52  		{rsaCert, nil, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
		53  		{ecdsaCert, nil, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
		54  
		55  		// TLS 1.2 does not restrict the ECDSA curve (our ecdsaCert is P-256)
		56  		{ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS12, ECDSAWithP384AndSHA384, signatureECDSA, crypto.SHA384},
		57  	}
		58  
		59  	for testNo, test := range tests {
		60  		sigAlg, err := selectSignatureScheme(test.tlsVersion, test.cert, test.peerSigAlgs)
		61  		if err != nil {
		62  			t.Errorf("test[%d]: unexpected selectSignatureScheme error: %v", testNo, err)
		63  		}
		64  		if test.expectedSigAlg != sigAlg {
		65  			t.Errorf("test[%d]: expected signature scheme %v, got %v", testNo, test.expectedSigAlg, sigAlg)
		66  		}
		67  		sigType, hashFunc, err := typeAndHashFromSignatureScheme(sigAlg)
		68  		if err != nil {
		69  			t.Errorf("test[%d]: unexpected typeAndHashFromSignatureScheme error: %v", testNo, err)
		70  		}
		71  		if test.expectedSigType != sigType {
		72  			t.Errorf("test[%d]: expected signature algorithm %#x, got %#x", testNo, test.expectedSigType, sigType)
		73  		}
		74  		if test.expectedHash != hashFunc {
		75  			t.Errorf("test[%d]: expected hash function %#x, got %#x", testNo, test.expectedHash, hashFunc)
		76  		}
		77  	}
		78  
		79  	brokenCert := &Certificate{
		80  		Certificate:									[][]byte{testRSACertificate},
		81  		PrivateKey:									 testRSAPrivateKey,
		82  		SupportedSignatureAlgorithms: []SignatureScheme{Ed25519},
		83  	}
		84  
		85  	badTests := []struct {
		86  		cert				*Certificate
		87  		peerSigAlgs []SignatureScheme
		88  		tlsVersion	uint16
		89  	}{
		90  		{rsaCert, []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}, VersionTLS12},
		91  		{ecdsaCert, []SignatureScheme{PKCS1WithSHA256, PKCS1WithSHA1}, VersionTLS12},
		92  		{rsaCert, []SignatureScheme{0}, VersionTLS12},
		93  		{ed25519Cert, []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}, VersionTLS12},
		94  		{ecdsaCert, []SignatureScheme{Ed25519}, VersionTLS12},
		95  		{brokenCert, []SignatureScheme{Ed25519}, VersionTLS12},
		96  		{brokenCert, []SignatureScheme{PKCS1WithSHA256}, VersionTLS12},
		97  		// RFC 5246, Section 7.4.1.4.1, says to only consider {sha1,ecdsa} as
		98  		// default when the extension is missing, and RFC 8422 does not update
		99  		// it. Anyway, if a stack supports Ed25519 it better support sigalgs.
	 100  		{ed25519Cert, nil, VersionTLS12},
	 101  		// TLS 1.3 has no default signature_algorithms.
	 102  		{rsaCert, nil, VersionTLS13},
	 103  		{ecdsaCert, nil, VersionTLS13},
	 104  		{ed25519Cert, nil, VersionTLS13},
	 105  		// Wrong curve, which TLS 1.3 checks
	 106  		{ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS13},
	 107  		// TLS 1.3 does not support PKCS1v1.5 or SHA-1.
	 108  		{rsaCert, []SignatureScheme{PKCS1WithSHA256}, VersionTLS13},
	 109  		{pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS13},
	 110  		{ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS13},
	 111  		// The key can be too small for the hash.
	 112  		{rsaCert, []SignatureScheme{PSSWithSHA512}, VersionTLS12},
	 113  	}
	 114  
	 115  	for testNo, test := range badTests {
	 116  		sigAlg, err := selectSignatureScheme(test.tlsVersion, test.cert, test.peerSigAlgs)
	 117  		if err == nil {
	 118  			t.Errorf("test[%d]: unexpected success, got %v", testNo, sigAlg)
	 119  		}
	 120  	}
	 121  }
	 122  
	 123  func TestLegacyTypeAndHash(t *testing.T) {
	 124  	sigType, hashFunc, err := legacyTypeAndHashFromPublicKey(testRSAPrivateKey.Public())
	 125  	if err != nil {
	 126  		t.Errorf("RSA: unexpected error: %v", err)
	 127  	}
	 128  	if expectedSigType := signaturePKCS1v15; expectedSigType != sigType {
	 129  		t.Errorf("RSA: expected signature type %#x, got %#x", expectedSigType, sigType)
	 130  	}
	 131  	if expectedHashFunc := crypto.MD5SHA1; expectedHashFunc != hashFunc {
	 132  		t.Errorf("RSA: expected hash %#x, got %#x", expectedHashFunc, hashFunc)
	 133  	}
	 134  
	 135  	sigType, hashFunc, err = legacyTypeAndHashFromPublicKey(testECDSAPrivateKey.Public())
	 136  	if err != nil {
	 137  		t.Errorf("ECDSA: unexpected error: %v", err)
	 138  	}
	 139  	if expectedSigType := signatureECDSA; expectedSigType != sigType {
	 140  		t.Errorf("ECDSA: expected signature type %#x, got %#x", expectedSigType, sigType)
	 141  	}
	 142  	if expectedHashFunc := crypto.SHA1; expectedHashFunc != hashFunc {
	 143  		t.Errorf("ECDSA: expected hash %#x, got %#x", expectedHashFunc, hashFunc)
	 144  	}
	 145  
	 146  	// Ed25519 is not supported by TLS 1.0 and 1.1.
	 147  	_, _, err = legacyTypeAndHashFromPublicKey(testEd25519PrivateKey.Public())
	 148  	if err == nil {
	 149  		t.Errorf("Ed25519: unexpected success")
	 150  	}
	 151  }
	 152  
	 153  // TestSupportedSignatureAlgorithms checks that all supportedSignatureAlgorithms
	 154  // have valid type and hash information.
	 155  func TestSupportedSignatureAlgorithms(t *testing.T) {
	 156  	for _, sigAlg := range supportedSignatureAlgorithms {
	 157  		sigType, hash, err := typeAndHashFromSignatureScheme(sigAlg)
	 158  		if err != nil {
	 159  			t.Errorf("%v: unexpected error: %v", sigAlg, err)
	 160  		}
	 161  		if sigType == 0 {
	 162  			t.Errorf("%v: missing signature type", sigAlg)
	 163  		}
	 164  		if hash == 0 && sigAlg != Ed25519 {
	 165  			t.Errorf("%v: missing hash", sigAlg)
	 166  		}
	 167  	}
	 168  }
	 169
View as plain text