summary refs log tree commit diff
path: root/crypto/test/src/tls
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2022-05-10 21:19:48 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2022-05-10 21:19:48 +0700
commit93bff341314da42a50e9cfd625d5c04e772490fb (patch)
tree49ad01ad06b20925d895e23dacb47806270d3cce /crypto/test/src/tls
parentTest config for ClientHello sig algs (diff)
downloadBouncyCastle.NET-ed25519-93bff341314da42a50e9cfd625d5c04e772490fb.tar.xz
Rewrite test cases without MD5
Diffstat (limited to 'crypto/test/src/tls')
-rw-r--r--crypto/test/src/tls/test/DtlsTestSuite.cs28
-rw-r--r--crypto/test/src/tls/test/TlsTestClientImpl.cs3
-rw-r--r--crypto/test/src/tls/test/TlsTestSuite.cs27
3 files changed, 28 insertions, 30 deletions
diff --git a/crypto/test/src/tls/test/DtlsTestSuite.cs b/crypto/test/src/tls/test/DtlsTestSuite.cs
index 27c1ca648..158620fae 100644
--- a/crypto/test/src/tls/test/DtlsTestSuite.cs
+++ b/crypto/test/src/tls/test/DtlsTestSuite.cs
@@ -92,10 +92,9 @@ namespace Org.BouncyCastle.Tls.Tests
             {
                 TlsTestConfig c = CreateDtlsTestConfig(version);
                 c.clientAuth = C.CLIENT_AUTH_VALID;
-                c.clientAuthSigAlg = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256);
+                c.clientAuthSigAlg = SignatureAndHashAlgorithm.rsa_pss_rsae_sha256;
                 c.clientAuthSigAlgClaimed = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256);
-                c.serverCertReqSigAlgs = TlsUtilities.VectorOfOne(
-                    SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256));
+                c.serverCertReqSigAlgs = TlsUtilities.VectorOfOne(SignatureAndHashAlgorithm.rsa_pss_rsae_sha256);
                 c.serverCheckSigAlgOfClientCerts = false;
                 c.ExpectServerFatalAlert(AlertDescription.illegal_parameter);
 
@@ -111,11 +110,10 @@ namespace Org.BouncyCastle.Tls.Tests
             {
                 TlsTestConfig c = CreateDtlsTestConfig(version);
                 c.clientAuth = C.CLIENT_AUTH_VALID;
-                c.clientAuthSigAlg = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256);
+                c.clientAuthSigAlg = SignatureAndHashAlgorithm.rsa_pss_rsae_sha256;
                 c.clientAuthSigAlgClaimed = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256);
                 c.serverCertReqSigAlgs = new ArrayList(2);
-                c.serverCertReqSigAlgs.Add(
-                    SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256));
+                c.serverCertReqSigAlgs.Add(SignatureAndHashAlgorithm.rsa_pss_rsae_sha256);
                 c.serverCertReqSigAlgs.Add(
                     SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256));
                 c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
@@ -165,30 +163,32 @@ namespace Org.BouncyCastle.Tls.Tests
             }
 
             /*
-             * Server selects MD5/RSA for ServerKeyExchange signature, which is not in the default
-             * supported signature algorithms that the client sent. We expect fatal alert from the
-             * client when it verifies the selected algorithm against the supported algorithms.
+             * Client declares support for SHA256/RSA, server selects SHA384/RSA, so we expect fatal alert from the
+             * client validation of the ServerKeyExchange algorithm.
              */
             if (TlsUtilities.IsTlsV12(version))
             {
                 TlsTestConfig c = CreateDtlsTestConfig(version);
-                c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+                c.clientCHSigAlgs = TlsUtilities.VectorOfOne(
+                    new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.rsa));
+                c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha384, SignatureAlgorithm.rsa);
                 c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
 
                 AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg");
             }
 
             /*
-             * Server selects MD5/RSA for ServerKeyExchange signature, which is not the default {sha1,rsa}
-             * implied by the absent signature_algorithms extension. We expect fatal alert from the
-             * client when it verifies the selected algorithm against the implicit default.
+             * Server selects SHA256/RSA for ServerKeyExchange signature, which is not the default {sha1,rsa} implied by
+             * the absent signature_algorithms extension. We expect fatal alert from the client when it verifies the
+             * selected algorithm against the implicit default.
              */
             if (TlsUtilities.IsTlsV12(version))
             {
                 TlsTestConfig c = CreateDtlsTestConfig(version);
                 c.clientCheckSigAlgOfServerCerts = false;
                 c.clientSendSignatureAlgorithms = false;
-                c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+                c.clientSendSignatureAlgorithmsCert = false;
+                c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.rsa);
                 c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
 
                 AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg2");
diff --git a/crypto/test/src/tls/test/TlsTestClientImpl.cs b/crypto/test/src/tls/test/TlsTestClientImpl.cs
index a15704af7..ca5175a73 100644
--- a/crypto/test/src/tls/test/TlsTestClientImpl.cs
+++ b/crypto/test/src/tls/test/TlsTestClientImpl.cs
@@ -327,8 +327,7 @@ namespace Org.BouncyCastle.Tls.Tests
                     supportedSigAlgs, SignatureAlgorithm.rsa, "x509-client-rsa.pem", "x509-client-key-rsa.pem");
                 if (signerCredentials == null && supportedSigAlgs != null)
                 {
-                    SignatureAndHashAlgorithm pss = SignatureScheme.GetSignatureAndHashAlgorithm(
-                        SignatureScheme.rsa_pss_rsae_sha256);
+                    SignatureAndHashAlgorithm pss = SignatureAndHashAlgorithm.rsa_pss_rsae_sha256;
                     if (TlsUtilities.ContainsSignatureAlgorithm(supportedSigAlgs, pss))
                     {
                         signerCredentials = TlsTestUtilities.LoadSignerCredentials(m_context,
diff --git a/crypto/test/src/tls/test/TlsTestSuite.cs b/crypto/test/src/tls/test/TlsTestSuite.cs
index 86a543ef0..4f4e4e023 100644
--- a/crypto/test/src/tls/test/TlsTestSuite.cs
+++ b/crypto/test/src/tls/test/TlsTestSuite.cs
@@ -128,10 +128,9 @@ namespace Org.BouncyCastle.Tls.Tests
             {
                 TlsTestConfig c = CreateTlsTestConfig(version, clientCrypto, serverCrypto);
                 c.clientAuth = C.CLIENT_AUTH_VALID;
-                c.clientAuthSigAlg = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256);
+                c.clientAuthSigAlg = SignatureAndHashAlgorithm.rsa_pss_rsae_sha256;
                 c.clientAuthSigAlgClaimed = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256);
-                c.serverCertReqSigAlgs = TlsUtilities.VectorOfOne(
-                    SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256));
+                c.serverCertReqSigAlgs = TlsUtilities.VectorOfOne(SignatureAndHashAlgorithm.rsa_pss_rsae_sha256);
                 c.serverCheckSigAlgOfClientCerts = false;
                 c.ExpectServerFatalAlert(AlertDescription.illegal_parameter);
 
@@ -147,11 +146,10 @@ namespace Org.BouncyCastle.Tls.Tests
             {
                 TlsTestConfig c = CreateTlsTestConfig(version, clientCrypto, serverCrypto);
                 c.clientAuth = C.CLIENT_AUTH_VALID;
-                c.clientAuthSigAlg = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256);
+                c.clientAuthSigAlg = SignatureAndHashAlgorithm.rsa_pss_rsae_sha256;
                 c.clientAuthSigAlgClaimed = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256);
                 c.serverCertReqSigAlgs = new ArrayList(2);
-                c.serverCertReqSigAlgs.Add(
-                    SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256));
+                c.serverCertReqSigAlgs.Add(SignatureAndHashAlgorithm.rsa_pss_rsae_sha256);
                 c.serverCertReqSigAlgs.Add(
                     SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256));
                 c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
@@ -215,23 +213,24 @@ namespace Org.BouncyCastle.Tls.Tests
             }
 
             /*
-             * Server selects MD5/RSA for ServerKeyExchange signature, which is not in the default
-             * supported signature algorithms that the client sent. We expect fatal alert from the
-             * client when it verifies the selected algorithm against the supported algorithms.
+             * Client declares support for SHA256/RSA, server selects SHA384/RSA, so we expect fatal alert from the
+             * client validation of the ServerKeyExchange algorithm.
              */
             if (TlsUtilities.IsTlsV12(version))
             {
                 TlsTestConfig c = CreateTlsTestConfig(version, clientCrypto, serverCrypto);
-                c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+                c.clientCHSigAlgs = TlsUtilities.VectorOfOne(
+                    new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.rsa));
+                c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha384, SignatureAlgorithm.rsa);
                 c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
 
                 AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg");
             }
 
             /*
-             * Server selects MD5/RSA for ServerKeyExchange signature, which is not the default {sha1,rsa}
-             * implied by the absent signature_algorithms extension. We expect fatal alert from the
-             * client when it verifies the selected algorithm against the implicit default.
+             * Server selects SHA256/RSA for ServerKeyExchange signature, which is not the default {sha1,rsa} implied by
+             * the absent signature_algorithms extension. We expect fatal alert from the client when it verifies the
+             * selected algorithm against the implicit default.
              */
             if (isTlsV12Exactly)
             {
@@ -239,7 +238,7 @@ namespace Org.BouncyCastle.Tls.Tests
                 c.clientCheckSigAlgOfServerCerts = false;
                 c.clientSendSignatureAlgorithms = false;
                 c.clientSendSignatureAlgorithmsCert = false;
-                c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+                c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.rsa);
                 c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
 
                 AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg2");