diff --git a/crypto/test/src/tls/test/DtlsTestSuite.cs b/crypto/test/src/tls/test/DtlsTestSuite.cs
index 0af2be32c..27c1ca648 100644
--- a/crypto/test/src/tls/test/DtlsTestSuite.cs
+++ b/crypto/test/src/tls/test/DtlsTestSuite.cs
@@ -68,63 +68,59 @@ namespace Org.BouncyCastle.Tls.Tests
+ "_";
/*
- * NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
- * of the DTLS server after a fatal alert. As of writing, manual runs show the correct
- * alerts being raised
- */
-
-#if false
- /*
- * Server only declares support for SHA1/RSA, client selects MD5/RSA. Since the client is
- * NOT actually tracking MD5 over the handshake, we expect fatal alert from the client.
+ * Server only declares support for SHA256/ECDSA, client selects SHA256/RSA, so we expect fatal alert
+ * from the client validation of the CertificateVerify algorithm.
*/
if (TlsUtilities.IsTlsV12(version))
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
+ c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.rsa);
+ c.serverCertReqSigAlgs = TlsUtilities.VectorOfOne(
+ new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa));
c.ExpectClientFatalAlert(AlertDescription.internal_error);
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifyHashAlg");
+ AddTestCase(testSuite, c, prefix + "BadCertVerifySigAlgClient");
}
/*
- * Server only declares support for SHA1/ECDSA, client selects SHA1/RSA. Since the client is
- * actually tracking SHA1 over the handshake, we expect fatal alert to come from the server
- * when it verifies the selected algorithm against the CertificateRequest supported
- * algorithms.
+ * Server only declares support for rsa_pss_rsae_sha256, client selects rsa_pss_rsae_sha256 but claims
+ * ecdsa_secp256r1_sha256, so we expect fatal alert from the server validation of the
+ * CertificateVerify algorithm.
*/
if (TlsUtilities.IsTlsV12(version))
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
+ c.clientAuthSigAlg = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256);
+ c.clientAuthSigAlgClaimed = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256);
+ c.serverCertReqSigAlgs = TlsUtilities.VectorOfOne(
+ SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256));
c.serverCheckSigAlgOfClientCerts = false;
c.ExpectServerFatalAlert(AlertDescription.illegal_parameter);
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlg");
+ AddTestCase(testSuite, c, prefix + "BadCertVerifySigAlgServer1");
}
/*
- * Server only declares support for SHA1/ECDSA, client signs with SHA1/RSA, but sends
- * SHA1/ECDSA in the CertificateVerify. Since the client is actually tracking SHA1 over the
- * handshake, and the claimed algorithm is in the CertificateRequest supported algorithms,
- * we expect fatal alert to come from the server when it finds the claimed algorithm
- * doesn't match the client certificate.
+ * Server declares support for rsa_pss_rsae_sha256 and ecdsa_secp256r1_sha256, client selects
+ * rsa_pss_rsae_sha256 but claims ecdsa_secp256r1_sha256, so we expect fatal alert from the server
+ * validation of the client certificate.
*/
if (TlsUtilities.IsTlsV12(version))
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
- c.clientAuthSigAlgClaimed = new SignatureAndHashAlgorithm(HashAlgorithm.sha1,
- SignatureAlgorithm.ecdsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
- c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
+ c.clientAuthSigAlg = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256);
+ c.clientAuthSigAlgClaimed = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256);
+ c.serverCertReqSigAlgs = new ArrayList(2);
+ c.serverCertReqSigAlgs.Add(
+ SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256));
+ c.serverCertReqSigAlgs.Add(
+ SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256));
+ c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlgMismatch");
+ AddTestCase(testSuite, c, prefix + "BadCertVerifySigAlgServer2");
}
{
@@ -132,7 +128,7 @@ namespace Org.BouncyCastle.Tls.Tests
c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySignature");
+ AddTestCase(testSuite, c, prefix + "BadCertVerifySignature");
}
{
@@ -161,8 +157,9 @@ namespace Org.BouncyCastle.Tls.Tests
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientSendSignatureAlgorithms = false;
+ c.clientSendSignatureAlgorithmsCert = false;
c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.rsa);
- c.ExpectClientFatalAlert(AlertDescription.certificate_unknown);
+ c.ExpectClientFatalAlert(AlertDescription.bad_certificate);
AddTestCase(testSuite, c, prefix + "BadServerCertSigAlg");
}
@@ -196,7 +193,6 @@ namespace Org.BouncyCastle.Tls.Tests
AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg2");
}
-#endif
{
TlsTestConfig c = CreateDtlsTestConfig(version);
@@ -218,7 +214,6 @@ namespace Org.BouncyCastle.Tls.Tests
AddTestCase(testSuite, c, prefix + "GoodOptionalCertReqDeclined");
}
-#if false
/*
* Server generates downgraded (RFC 8446) ServerHello. We expect fatal alert
* (illegal_parameter) from the client.
@@ -232,7 +227,6 @@ namespace Org.BouncyCastle.Tls.Tests
AddTestCase(testSuite, c, prefix + "BadDowngrade");
}
-#endif
}
private static void AddTestCase(IList testSuite, TlsTestConfig config, string name)
diff --git a/crypto/test/src/tls/test/TlsTestClientImpl.cs b/crypto/test/src/tls/test/TlsTestClientImpl.cs
index 04c8ad0af..cb70dbc80 100644
--- a/crypto/test/src/tls/test/TlsTestClientImpl.cs
+++ b/crypto/test/src/tls/test/TlsTestClientImpl.cs
@@ -310,14 +310,23 @@ namespace Org.BouncyCastle.Tls.Tests
IList supportedSigAlgs = certificateRequest.SupportedSignatureAlgorithms;
if (supportedSigAlgs != null && config.clientAuthSigAlg != null)
{
- supportedSigAlgs = new ArrayList(1);
- supportedSigAlgs.Add(config.clientAuthSigAlg);
+ supportedSigAlgs = TlsUtilities.VectorOfOne(config.clientAuthSigAlg);
}
// TODO[tls13] Check also supportedSigAlgsCert against the chain signature(s)
TlsCredentialedSigner signerCredentials = TlsTestUtilities.LoadSignerCredentials(m_context,
supportedSigAlgs, SignatureAlgorithm.rsa, "x509-client-rsa.pem", "x509-client-key-rsa.pem");
+ if (signerCredentials == null && supportedSigAlgs != null)
+ {
+ SignatureAndHashAlgorithm pss = SignatureScheme.GetSignatureAndHashAlgorithm(
+ SignatureScheme.rsa_pss_rsae_sha256);
+ if (TlsUtilities.ContainsSignatureAlgorithm(supportedSigAlgs, pss))
+ {
+ signerCredentials = TlsTestUtilities.LoadSignerCredentials(m_context,
+ new string[]{ "x509-client-rsa.pem" }, "x509-client-key-rsa.pem", pss);
+ }
+ }
if (config.clientAuth == TlsTestConfig.CLIENT_AUTH_VALID)
return signerCredentials;
diff --git a/crypto/test/src/tls/test/TlsTestClientProtocol.cs b/crypto/test/src/tls/test/TlsTestClientProtocol.cs
index f7e94680a..879996040 100644
--- a/crypto/test/src/tls/test/TlsTestClientProtocol.cs
+++ b/crypto/test/src/tls/test/TlsTestClientProtocol.cs
@@ -19,6 +19,16 @@ namespace Org.BouncyCastle.Tls.Tests
this.m_config = config;
}
+ protected override void Send13CertificateVerifyMessage(DigitallySigned certificateVerify)
+ {
+ if (m_config.clientAuthSigAlgClaimed != null)
+ {
+ certificateVerify = new DigitallySigned(m_config.clientAuthSigAlgClaimed, certificateVerify.Signature);
+ }
+
+ base.Send13CertificateVerifyMessage(certificateVerify);
+ }
+
protected override void SendCertificateVerifyMessage(DigitallySigned certificateVerify)
{
if (certificateVerify.Algorithm != null && m_config.clientAuthSigAlgClaimed != null)
diff --git a/crypto/test/src/tls/test/TlsTestServerImpl.cs b/crypto/test/src/tls/test/TlsTestServerImpl.cs
index 77df632fe..273de3d31 100644
--- a/crypto/test/src/tls/test/TlsTestServerImpl.cs
+++ b/crypto/test/src/tls/test/TlsTestServerImpl.cs
@@ -258,9 +258,7 @@ namespace Org.BouncyCastle.Tls.Tests
{
if (TlsUtilities.IsTlsV12(m_context) && m_config.serverAuthSigAlg != null)
{
- IList signatureAlgorithms = new ArrayList(1);
- signatureAlgorithms.Add(m_config.serverAuthSigAlg);
- return signatureAlgorithms;
+ return TlsUtilities.VectorOfOne(m_config.serverAuthSigAlg);
}
return m_context.SecurityParameters.ClientSigAlgs;
diff --git a/crypto/test/src/tls/test/TlsTestSuite.cs b/crypto/test/src/tls/test/TlsTestSuite.cs
index adedd8249..86a543ef0 100644
--- a/crypto/test/src/tls/test/TlsTestSuite.cs
+++ b/crypto/test/src/tls/test/TlsTestSuite.cs
@@ -104,56 +104,59 @@ namespace Org.BouncyCastle.Tls.Tests
}
/*
- * Server only declares support for SHA1/RSA, client selects MD5/RSA. Since the client is
- * NOT actually tracking MD5 over the handshake, we expect fatal alert from the client.
+ * Server only declares support for SHA256/ECDSA, client selects SHA256/RSA, so we expect fatal alert
+ * from the client validation of the CertificateVerify algorithm.
*/
if (isTlsV12Exactly)
{
TlsTestConfig c = CreateTlsTestConfig(version, clientCrypto, serverCrypto);
c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
- c.serverCheckSigAlgOfClientCerts = false;
+ c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.rsa);
+ c.serverCertReqSigAlgs = TlsUtilities.VectorOfOne(
+ new SignatureAndHashAlgorithm(HashAlgorithm.sha256, SignatureAlgorithm.ecdsa));
c.ExpectClientFatalAlert(AlertDescription.internal_error);
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifyHashAlg");
+ AddTestCase(testSuite, c, prefix + "BadCertVerifySigAlgClient");
}
/*
- * Server only declares support for SHA1/ECDSA, client selects SHA1/RSA. Since the client is
- * actually tracking SHA1 over the handshake, we expect fatal alert to come from the server
- * when it verifies the selected algorithm against the CertificateRequest supported
- * algorithms.
+ * Server only declares support for rsa_pss_rsae_sha256, client selects rsa_pss_rsae_sha256 but claims
+ * ecdsa_secp256r1_sha256, so we expect fatal alert from the server validation of the
+ * CertificateVerify algorithm.
*/
if (isTlsV12)
{
TlsTestConfig c = CreateTlsTestConfig(version, clientCrypto, serverCrypto);
c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
+ c.clientAuthSigAlg = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256);
+ c.clientAuthSigAlgClaimed = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256);
+ c.serverCertReqSigAlgs = TlsUtilities.VectorOfOne(
+ SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256));
c.serverCheckSigAlgOfClientCerts = false;
c.ExpectServerFatalAlert(AlertDescription.illegal_parameter);
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlg");
+ AddTestCase(testSuite, c, prefix + "BadCertVerifySigAlgServer1");
}
/*
- * Server only declares support for SHA1/ECDSA, client signs with SHA1/RSA, but sends
- * SHA1/ECDSA in the CertificateVerify. Since the client is actually tracking SHA1 over the
- * handshake, and the claimed algorithm is in the CertificateRequest supported algorithms,
- * we expect fatal alert to come from the server when it finds the claimed algorithm
- * doesn't match the client certificate.
+ * Server declares support for rsa_pss_rsae_sha256 and ecdsa_secp256r1_sha256, client selects
+ * rsa_pss_rsae_sha256 but claims ecdsa_secp256r1_sha256, so we expect fatal alert from the server
+ * validation of the client certificate.
*/
if (isTlsV12)
{
TlsTestConfig c = CreateTlsTestConfig(version, clientCrypto, serverCrypto);
c.clientAuth = C.CLIENT_AUTH_VALID;
- c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
- c.clientAuthSigAlgClaimed = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.ecdsa);
- c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
+ c.clientAuthSigAlg = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256);
+ c.clientAuthSigAlgClaimed = SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256);
+ c.serverCertReqSigAlgs = new ArrayList(2);
+ c.serverCertReqSigAlgs.Add(
+ SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.rsa_pss_rsae_sha256));
+ c.serverCertReqSigAlgs.Add(
+ SignatureScheme.GetSignatureAndHashAlgorithm(SignatureScheme.ecdsa_secp256r1_sha256));
c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlgMismatch");
+ AddTestCase(testSuite, c, prefix + "BadCertVerifySigAlgServer2");
}
{
@@ -161,7 +164,7 @@ namespace Org.BouncyCastle.Tls.Tests
c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
- AddTestCase(testSuite, c, prefix + "BadCertificateVerifySignature");
+ AddTestCase(testSuite, c, prefix + "BadCertVerifySignature");
}
{
|
