1 // Copyright 2017 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
12 func TestSignatureSelection(t *testing.T) {
13 rsaCert := &Certificate{
14 Certificate: [][]byte{testRSACertificate},
15 PrivateKey: testRSAPrivateKey,
17 pkcs1Cert := &Certificate{
18 Certificate: [][]byte{testRSACertificate},
19 PrivateKey: testRSAPrivateKey,
20 SupportedSignatureAlgorithms: []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256},
22 ecdsaCert := &Certificate{
23 Certificate: [][]byte{testP256Certificate},
24 PrivateKey: testP256PrivateKey,
26 ed25519Cert := &Certificate{
27 Certificate: [][]byte{testEd25519Certificate},
28 PrivateKey: testEd25519PrivateKey,
33 peerSigAlgs []SignatureScheme
36 expectedSigAlg SignatureScheme
38 expectedHash crypto.Hash
40 {rsaCert, []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
41 {rsaCert, []SignatureScheme{PKCS1WithSHA512, PKCS1WithSHA1}, VersionTLS12, PKCS1WithSHA512, signaturePKCS1v15, crypto.SHA512},
42 {rsaCert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256},
43 {pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
44 {rsaCert, []SignatureScheme{PSSWithSHA384, PKCS1WithSHA1}, VersionTLS13, PSSWithSHA384, signatureRSAPSS, crypto.SHA384},
45 {ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
46 {ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
47 {ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS13, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
48 {ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS12, Ed25519, signatureEd25519, directSigning},
49 {ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS13, Ed25519, signatureEd25519, directSigning},
51 // TLS 1.2 without signature_algorithms extension
52 {rsaCert, nil, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
53 {ecdsaCert, nil, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
55 // TLS 1.2 does not restrict the ECDSA curve (our ecdsaCert is P-256)
56 {ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS12, ECDSAWithP384AndSHA384, signatureECDSA, crypto.SHA384},
59 for testNo, test := range tests {
60 sigAlg, err := selectSignatureScheme(test.tlsVersion, test.cert, test.peerSigAlgs)
62 t.Errorf("test[%d]: unexpected selectSignatureScheme error: %v", testNo, err)
64 if test.expectedSigAlg != sigAlg {
65 t.Errorf("test[%d]: expected signature scheme %v, got %v", testNo, test.expectedSigAlg, sigAlg)
67 sigType, hashFunc, err := typeAndHashFromSignatureScheme(sigAlg)
69 t.Errorf("test[%d]: unexpected typeAndHashFromSignatureScheme error: %v", testNo, err)
71 if test.expectedSigType != sigType {
72 t.Errorf("test[%d]: expected signature algorithm %#x, got %#x", testNo, test.expectedSigType, sigType)
74 if test.expectedHash != hashFunc {
75 t.Errorf("test[%d]: expected hash function %#x, got %#x", testNo, test.expectedHash, hashFunc)
79 brokenCert := &Certificate{
80 Certificate: [][]byte{testRSACertificate},
81 PrivateKey: testRSAPrivateKey,
82 SupportedSignatureAlgorithms: []SignatureScheme{Ed25519},
85 badTests := []struct {
87 peerSigAlgs []SignatureScheme
90 {rsaCert, []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}, VersionTLS12},
91 {ecdsaCert, []SignatureScheme{PKCS1WithSHA256, PKCS1WithSHA1}, VersionTLS12},
92 {rsaCert, []SignatureScheme{0}, VersionTLS12},
93 {ed25519Cert, []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}, VersionTLS12},
94 {ecdsaCert, []SignatureScheme{Ed25519}, VersionTLS12},
95 {brokenCert, []SignatureScheme{Ed25519}, VersionTLS12},
96 {brokenCert, []SignatureScheme{PKCS1WithSHA256}, VersionTLS12},
97 // RFC 5246, Section 7.4.1.4.1, says to only consider {sha1,ecdsa} as
98 // default when the extension is missing, and RFC 8422 does not update
99 // it. Anyway, if a stack supports Ed25519 it better support sigalgs.
100 {ed25519Cert, nil, VersionTLS12},
101 // TLS 1.3 has no default signature_algorithms.
102 {rsaCert, nil, VersionTLS13},
103 {ecdsaCert, nil, VersionTLS13},
104 {ed25519Cert, nil, VersionTLS13},
105 // Wrong curve, which TLS 1.3 checks
106 {ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS13},
107 // TLS 1.3 does not support PKCS1v1.5 or SHA-1.
108 {rsaCert, []SignatureScheme{PKCS1WithSHA256}, VersionTLS13},
109 {pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS13},
110 {ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS13},
111 // The key can be too small for the hash.
112 {rsaCert, []SignatureScheme{PSSWithSHA512}, VersionTLS12},
115 for testNo, test := range badTests {
116 sigAlg, err := selectSignatureScheme(test.tlsVersion, test.cert, test.peerSigAlgs)
118 t.Errorf("test[%d]: unexpected success, got %v", testNo, sigAlg)
123 func TestLegacyTypeAndHash(t *testing.T) {
124 sigType, hashFunc, err := legacyTypeAndHashFromPublicKey(testRSAPrivateKey.Public())
126 t.Errorf("RSA: unexpected error: %v", err)
128 if expectedSigType := signaturePKCS1v15; expectedSigType != sigType {
129 t.Errorf("RSA: expected signature type %#x, got %#x", expectedSigType, sigType)
131 if expectedHashFunc := crypto.MD5SHA1; expectedHashFunc != hashFunc {
132 t.Errorf("RSA: expected hash %#x, got %#x", expectedHashFunc, hashFunc)
135 sigType, hashFunc, err = legacyTypeAndHashFromPublicKey(testECDSAPrivateKey.Public())
137 t.Errorf("ECDSA: unexpected error: %v", err)
139 if expectedSigType := signatureECDSA; expectedSigType != sigType {
140 t.Errorf("ECDSA: expected signature type %#x, got %#x", expectedSigType, sigType)
142 if expectedHashFunc := crypto.SHA1; expectedHashFunc != hashFunc {
143 t.Errorf("ECDSA: expected hash %#x, got %#x", expectedHashFunc, hashFunc)
146 // Ed25519 is not supported by TLS 1.0 and 1.1.
147 _, _, err = legacyTypeAndHashFromPublicKey(testEd25519PrivateKey.Public())
149 t.Errorf("Ed25519: unexpected success")
153 // TestSupportedSignatureAlgorithms checks that all supportedSignatureAlgorithms
154 // have valid type and hash information.
155 func TestSupportedSignatureAlgorithms(t *testing.T) {
156 for _, sigAlg := range supportedSignatureAlgorithms() {
157 sigType, hash, err := typeAndHashFromSignatureScheme(sigAlg)
159 t.Errorf("%v: unexpected error: %v", sigAlg, err)
162 t.Errorf("%v: missing signature type", sigAlg)
164 if hash == 0 && sigAlg != Ed25519 {
165 t.Errorf("%v: missing hash", sigAlg)