summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2022-05-10 18:50:04 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2022-05-10 18:50:04 +0700
commit0f27ab94ef24d4c787a98226ca68e04b72c2b433 (patch)
treedfdfaff15da1de63c420b9d34b0befb05b5c683d /crypto
parentImprove TLS handshake hash tracking (diff)
downloadBouncyCastle.NET-ed25519-0f27ab94ef24d4c787a98226ca68e04b72c2b433.tar.xz
Test config for ClientHello sig algs
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/tls/TlsUtilities.cs7
-rw-r--r--crypto/test/src/tls/test/TlsTestClientImpl.cs8
-rw-r--r--crypto/test/src/tls/test/TlsTestConfig.cs4
3 files changed, 18 insertions, 1 deletions
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs
index 076aaf535..f6e509b7d 100644
--- a/crypto/src/tls/TlsUtilities.cs
+++ b/crypto/src/tls/TlsUtilities.cs
@@ -1068,10 +1068,15 @@ namespace Org.BouncyCastle.Tls
 
         public static IList GetDefaultSupportedSignatureAlgorithms(TlsContext context)
         {
+            return GetSupportedSignatureAlgorithms(context, DefaultSupportedSigAlgs);
+        }
+
+        public static IList GetSupportedSignatureAlgorithms(TlsContext context, IList candidates)
+        {
             TlsCrypto crypto = context.Crypto;
 
             IList result = Platform.CreateArrayList(DefaultSupportedSigAlgs.Count);
-            foreach (SignatureAndHashAlgorithm sigAndHashAlg in DefaultSupportedSigAlgs)
+            foreach (SignatureAndHashAlgorithm sigAndHashAlg in candidates)
             {
                 AddIfSupported(result, crypto, sigAndHashAlg);
             }
diff --git a/crypto/test/src/tls/test/TlsTestClientImpl.cs b/crypto/test/src/tls/test/TlsTestClientImpl.cs
index cb70dbc80..a15704af7 100644
--- a/crypto/test/src/tls/test/TlsTestClientImpl.cs
+++ b/crypto/test/src/tls/test/TlsTestClientImpl.cs
@@ -95,6 +95,14 @@ namespace Org.BouncyCastle.Tls.Tests
             return base.GetEarlyKeyShareGroups();
         }
 
+        protected override IList GetSupportedSignatureAlgorithms()
+        {
+            if (m_config.clientCHSigAlgs != null)
+                return TlsUtilities.GetSupportedSignatureAlgorithms(m_context, m_config.clientCHSigAlgs);
+
+            return base.GetSupportedSignatureAlgorithms();
+        }
+
         public override bool IsFallback()
         {
             return m_config.clientFallback;
diff --git a/crypto/test/src/tls/test/TlsTestConfig.cs b/crypto/test/src/tls/test/TlsTestConfig.cs
index a15d4e535..81784e3e3 100644
--- a/crypto/test/src/tls/test/TlsTestConfig.cs
+++ b/crypto/test/src/tls/test/TlsTestConfig.cs
@@ -45,6 +45,10 @@ namespace Org.BouncyCastle.Tls.Tests
         /// _claimed_ in the CertificateVerify (if one is sent), independently of what was actually used.</summary>
         public SignatureAndHashAlgorithm clientAuthSigAlgClaimed = null;
 
+        /// <summary>If TLS 1.2 or higher is negotiated, configures the set of supported signature algorithms in the
+        /// ClientHello. If null, uses a default set.</summary>
+        public IList clientCHSigAlgs = null;
+
         /// <summary>Control whether the client will call
         /// <see cref="TlsUtilities.CheckPeerSigAlgs(TlsContext, Crypto.TlsCertificate[])"/> to check the server
         /// certificate chain.</summary>