diff --git a/crypto/test/UnitTests.csproj b/crypto/test/UnitTests.csproj
index 71896d203..24a60346e 100644
--- a/crypto/test/UnitTests.csproj
+++ b/crypto/test/UnitTests.csproj
@@ -277,6 +277,8 @@
<Compile Include="src\crypto\tls\test\ByteQueueStreamTest.cs" />
<Compile Include="src\crypto\tls\test\DtlsProtocolTest.cs" />
<Compile Include="src\crypto\tls\test\DtlsTestCase.cs" />
+ <Compile Include="src\crypto\tls\test\DtlsTestClientProtocol.cs" />
+ <Compile Include="src\crypto\tls\test\DtlsTestServerProtocol.cs" />
<Compile Include="src\crypto\tls\test\DtlsTestSuite.cs" />
<Compile Include="src\crypto\tls\test\LoggingDatagramTransport.cs" />
<Compile Include="src\crypto\tls\test\MockDatagramAssociation.cs" />
@@ -299,8 +301,10 @@
<Compile Include="src\crypto\tls\test\TlsSrpProtocolTest.cs" />
<Compile Include="src\crypto\tls\test\TlsTestCase.cs" />
<Compile Include="src\crypto\tls\test\TlsTestClientImpl.cs" />
+ <Compile Include="src\crypto\tls\test\TlsTestClientProtocol.cs" />
<Compile Include="src\crypto\tls\test\TlsTestConfig.cs" />
<Compile Include="src\crypto\tls\test\TlsTestServerImpl.cs" />
+ <Compile Include="src\crypto\tls\test\TlsTestServerProtocol.cs" />
<Compile Include="src\crypto\tls\test\TlsTestSuite.cs" />
<Compile Include="src\crypto\tls\test\TlsTestUtilities.cs" />
<Compile Include="src\crypto\tls\test\UnreliableDatagramTransport.cs" />
diff --git a/crypto/test/src/asn1/test/DERApplicationSpecificTest.cs b/crypto/test/src/asn1/test/DERApplicationSpecificTest.cs
index a61ae87e8..e505acd9d 100644
--- a/crypto/test/src/asn1/test/DERApplicationSpecificTest.cs
+++ b/crypto/test/src/asn1/test/DERApplicationSpecificTest.cs
@@ -30,14 +30,73 @@ namespace Org.BouncyCastle.Asn1.Tests
+ "75F6C5F2E2D21F0395683B532A26E4C189B71EFE659C3F26E0EB9AEAE9986310"
+ "7F9B0DADA16414FFA204516AEE2B");
- public override string Name
+ private static readonly byte[] sampleData = Hex.Decode(
+ "613280020780a106060456000104a203020101a305a103020101be80288006025101020109a080b2800a01000000000000000000");
+
+ public override string Name
{
get { return "DerApplicationSpecific"; }
}
- public override void PerformTest()
+ private void TestTaggedObject()
+ {
+ // boolean explicit, int tagNo, ASN1Encodable obj
+ bool isExplicit = false;
+
+ // Type1 ::= VisibleString
+ DerVisibleString type1 = new DerVisibleString("Jones");
+ if (!Arrays.AreEqual(Hex.Decode("1A054A6F6E6573"), type1.GetEncoded()))
+ {
+ Fail("ERROR: expected value doesn't match!");
+ }
+
+ // Type2 ::= [APPLICATION 3] IMPLICIT Type1
+ isExplicit = false;
+ DerApplicationSpecific type2 = new DerApplicationSpecific(isExplicit, 3, type1);
+ // type2.isConstructed()
+ if (!Arrays.AreEqual(Hex.Decode("43054A6F6E6573"), type2.GetEncoded()))
+ {
+ Fail("ERROR: expected value doesn't match!");
+ }
+
+ // Type3 ::= [2] Type2
+ isExplicit = true;
+ DerTaggedObject type3 = new DerTaggedObject(isExplicit, 2, type2);
+ if (!Arrays.AreEqual(Hex.Decode("A20743054A6F6E6573"), type3.GetEncoded()))
+ {
+ Fail("ERROR: expected value doesn't match!");
+ }
+
+ // Type4 ::= [APPLICATION 7] IMPLICIT Type3
+ isExplicit = false;
+ DerApplicationSpecific type4 = new DerApplicationSpecific(isExplicit, 7, type3);
+ if (!Arrays.AreEqual(Hex.Decode("670743054A6F6E6573"), type4.GetEncoded()))
+ {
+ Fail("ERROR: expected value doesn't match!");
+ }
+
+ // Type5 ::= [2] IMPLICIT Type2
+ isExplicit = false;
+ DerTaggedObject type5 = new DerTaggedObject(isExplicit, 2, type2);
+ // type5.isConstructed()
+ if (!Arrays.AreEqual(Hex.Decode("82054A6F6E6573"), type5.GetEncoded()))
+ {
+ Fail("ERROR: expected value doesn't match!");
+ }
+ }
+
+ public override void PerformTest()
{
- DerInteger val = new DerInteger(9);
+ TestTaggedObject();
+
+ DerApplicationSpecific appSpec = (DerApplicationSpecific)Asn1Object.FromByteArray(sampleData);
+
+ if (1 != appSpec.ApplicationTag)
+ {
+ Fail("wrong tag detected");
+ }
+
+ DerInteger val = new DerInteger(9);
DerApplicationSpecific tagged = new DerApplicationSpecific(false, 3, val);
@@ -65,8 +124,6 @@ namespace Org.BouncyCastle.Asn1.Tests
if (!Arrays.AreEqual(certData, encoded))
{
- Console.WriteLine(Encoding.ASCII.GetString(certData, 0, certData.Length).Substring(0, 20));
- Console.WriteLine(Encoding.ASCII.GetString(encoded, 0, encoded.Length).Substring(0, 20));
Fail("re-encoding of certificate data failed");
}
}
diff --git a/crypto/test/src/asn1/test/EqualsAndHashCodeTest.cs b/crypto/test/src/asn1/test/EqualsAndHashCodeTest.cs
index 7e0695341..91329fbd5 100644
--- a/crypto/test/src/asn1/test/EqualsAndHashCodeTest.cs
+++ b/crypto/test/src/asn1/test/EqualsAndHashCodeTest.cs
@@ -3,6 +3,8 @@ using System.IO;
using NUnit.Framework;
+using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
using Org.BouncyCastle.Utilities.Test;
namespace Org.BouncyCastle.Asn1.Tests
@@ -43,7 +45,9 @@ namespace Org.BouncyCastle.Asn1.Tests
new DerUniversalString(data),
new DerUtcTime(new DateTime()),
new DerUtf8String("hello world"),
- new DerVisibleString("hello world")
+ new DerVisibleString("hello world"),
+ new DerGraphicString(Hex.Decode("deadbeef")),
+ new DerVideotexString(Strings.ToByteArray("Hello World"))
};
MemoryStream bOut = new MemoryStream();
diff --git a/crypto/test/src/crypto/test/NaccacheSternTest.cs b/crypto/test/src/crypto/test/NaccacheSternTest.cs
index 4fa256f12..9168adced 100644
--- a/crypto/test/src/crypto/test/NaccacheSternTest.cs
+++ b/crypto/test/src/crypto/test/NaccacheSternTest.cs
@@ -78,9 +78,6 @@ namespace Org.BouncyCastle.Crypto.Tests
static NaccacheSternTest()
{
- cryptEng.Debug = debug;
- decryptEng.Debug = debug;
-
// First the Parameters from the NaccacheStern Paper
// (see http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf )
@@ -145,7 +142,7 @@ namespace Org.BouncyCastle.Crypto.Tests
// specify key generation parameters
NaccacheSternKeyGenerationParameters genParam
- = new NaccacheSternKeyGenerationParameters(new SecureRandom(), 768, 8, 30, debug);
+ = new NaccacheSternKeyGenerationParameters(new SecureRandom(), 768, 8, 30);
// Initialize Key generator and generate key pair
NaccacheSternKeyPairGenerator pGen = new NaccacheSternKeyPairGenerator();
diff --git a/crypto/test/src/crypto/test/PSSTest.cs b/crypto/test/src/crypto/test/PSSTest.cs
index 91d8d3a6e..8578d254f 100644
--- a/crypto/test/src/crypto/test/PSSTest.cs
+++ b/crypto/test/src/crypto/test/PSSTest.cs
@@ -319,9 +319,45 @@ namespace Org.BouncyCastle.Crypto.Tests
{
Fail("loop test failed - failures: " + failed);
}
+
+ fixedSaltTest();
}
- public static void Main(
+ private void fixedSaltTest()
+ {
+ byte[] data = Hex.Decode("010203040506070809101112131415");
+
+ PssSigner eng = new PssSigner(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), Hex.Decode("deadbeef"));
+
+ eng.Init(true, prv8);
+
+ eng.BlockUpdate(data, 0, data.Length);
+
+ byte[] s = eng.GenerateSignature();
+
+ eng.Init(false, pub8);
+
+ eng.BlockUpdate(data, 0, data.Length);
+
+ if (!eng.VerifySignature(s))
+ {
+ Fail("fixed salt failed");
+ }
+
+ // test failure
+ eng = new PssSigner(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), Hex.Decode("beefbeef"));
+
+ eng.Init(false, pub8);
+
+ eng.BlockUpdate(data, 0, data.Length);
+
+ if (eng.VerifySignature(s))
+ {
+ Fail("fixed salt failure verfied");
+ }
+ }
+
+ public static void Main(
string[] args)
{
RunTest(new PssTest());
diff --git a/crypto/test/src/crypto/test/PaddingTest.cs b/crypto/test/src/crypto/test/PaddingTest.cs
index 6f41d754c..ed53d9228 100644
--- a/crypto/test/src/crypto/test/PaddingTest.cs
+++ b/crypto/test/src/crypto/test/PaddingTest.cs
@@ -105,11 +105,9 @@ namespace Org.BouncyCastle.Crypto.Tests
public override void PerformTest()
{
- SecureRandom rand = new SecureRandom(new byte[20]);
+ SecureRandom rand = SecureRandom.GetInstance("SHA1PRNG");
- rand.SetSeed(DateTime.Now.Ticks);
-
- doTestPadding(new Pkcs7Padding(), rand,
+ doTestPadding(new Pkcs7Padding(), rand,
Hex.Decode("ffffff0505050505"),
Hex.Decode("0000000004040404"));
diff --git a/crypto/test/src/crypto/test/VMPCMacTest.cs b/crypto/test/src/crypto/test/VMPCMacTest.cs
index 0ddb5506f..b9a5e3a93 100644
--- a/crypto/test/src/crypto/test/VMPCMacTest.cs
+++ b/crypto/test/src/crypto/test/VMPCMacTest.cs
@@ -35,16 +35,17 @@ namespace Org.BouncyCastle.Crypto.Tests
ICipherParameters kpwiv = new ParametersWithIV(kp,
Hex.Decode("4B5C2F003E67F39557A8D26F3DA2B155"));
- byte[] m = new byte[256];
+ int offset = 117;
+ byte[] m = new byte[512];
for (int i = 0; i < 256; i++)
{
- m[i] = (byte) i;
+ m[offset + i] = (byte)i;
}
- VmpcMac mac = new VmpcMac();
+ VmpcMac mac = new VmpcMac();
mac.Init(kpwiv);
- mac.BlockUpdate(m, 0, m.Length);
+ mac.BlockUpdate(m, offset, 256);
byte[] output = new byte[20];
mac.DoFinal(output, 0);
@@ -57,7 +58,7 @@ namespace Org.BouncyCastle.Crypto.Tests
}
}
- [Test]
+ [Test]
public void TestFunction()
{
string resultText = Perform().ToString();
diff --git a/crypto/test/src/crypto/tls/test/DtlsTestCase.cs b/crypto/test/src/crypto/tls/test/DtlsTestCase.cs
index d4af04fac..5e43337f4 100644
--- a/crypto/test/src/crypto/tls/test/DtlsTestCase.cs
+++ b/crypto/test/src/crypto/tls/test/DtlsTestCase.cs
@@ -28,8 +28,8 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
SecureRandom secureRandom = new SecureRandom();
- DtlsClientProtocol clientProtocol = new DtlsClientProtocol(secureRandom);
- DtlsServerProtocol serverProtocol = new DtlsServerProtocol(secureRandom);
+ DtlsTestClientProtocol clientProtocol = new DtlsTestClientProtocol(secureRandom, config);
+ DtlsTestServerProtocol serverProtocol = new DtlsTestServerProtocol(secureRandom, config);
MockDatagramAssociation network = new MockDatagramAssociation(1500);
@@ -101,14 +101,15 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
internal class Server
{
private readonly DtlsTestCase mOuter;
- private readonly DtlsServerProtocol mServerProtocol;
+ private readonly DtlsTestServerProtocol mServerProtocol;
private readonly DatagramTransport mServerTransport;
private readonly TlsTestServerImpl mServerImpl;
private volatile bool isShutdown = false;
internal Exception mCaught = null;
- internal Server(DtlsTestCase outer, DtlsServerProtocol serverProtocol, DatagramTransport serverTransport, TlsTestServerImpl serverImpl)
+ internal Server(DtlsTestCase outer, DtlsTestServerProtocol serverProtocol,
+ DatagramTransport serverTransport, TlsTestServerImpl serverImpl)
{
this.mOuter = outer;
this.mServerProtocol = serverProtocol;
diff --git a/crypto/test/src/crypto/tls/test/DtlsTestClientProtocol.cs b/crypto/test/src/crypto/tls/test/DtlsTestClientProtocol.cs
new file mode 100644
index 000000000..41ed93eb0
--- /dev/null
+++ b/crypto/test/src/crypto/tls/test/DtlsTestClientProtocol.cs
@@ -0,0 +1,28 @@
+using System;
+
+using Org.BouncyCastle.Security;
+
+namespace Org.BouncyCastle.Crypto.Tls.Tests
+{
+ internal class DtlsTestClientProtocol
+ : DtlsClientProtocol
+ {
+ protected readonly TlsTestConfig config;
+
+ public DtlsTestClientProtocol(SecureRandom secureRandom, TlsTestConfig config)
+ : base(secureRandom)
+ {
+ this.config = config;
+ }
+
+ protected override byte[] GenerateCertificateVerify(ClientHandshakeState state, DigitallySigned certificateVerify)
+ {
+ if (certificateVerify.Algorithm != null && config.clientAuthSigAlgClaimed != null)
+ {
+ certificateVerify = new DigitallySigned(config.clientAuthSigAlgClaimed, certificateVerify.Signature);
+ }
+
+ return base.GenerateCertificateVerify(state, certificateVerify);
+ }
+ }
+}
diff --git a/crypto/test/src/crypto/tls/test/DtlsTestServerProtocol.cs b/crypto/test/src/crypto/tls/test/DtlsTestServerProtocol.cs
new file mode 100644
index 000000000..006473cef
--- /dev/null
+++ b/crypto/test/src/crypto/tls/test/DtlsTestServerProtocol.cs
@@ -0,0 +1,18 @@
+using System;
+
+using Org.BouncyCastle.Security;
+
+namespace Org.BouncyCastle.Crypto.Tls.Tests
+{
+ internal class DtlsTestServerProtocol
+ : DtlsServerProtocol
+ {
+ protected readonly TlsTestConfig config;
+
+ public DtlsTestServerProtocol(SecureRandom secureRandom, TlsTestConfig config)
+ : base(secureRandom)
+ {
+ this.config = config;
+ }
+ }
+}
diff --git a/crypto/test/src/crypto/tls/test/DtlsTestSuite.cs b/crypto/test/src/crypto/tls/test/DtlsTestSuite.cs
index eb9d42e5f..a1ba62dde 100644
--- a/crypto/test/src/crypto/tls/test/DtlsTestSuite.cs
+++ b/crypto/test/src/crypto/tls/test/DtlsTestSuite.cs
@@ -31,7 +31,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
c.clientFallback = true;
- testSuite.Add(new TestCaseData(c).SetName("FallbackGood"));
+ AddTestCase(testSuite, c, "FallbackGood");
}
/*
@@ -40,20 +40,22 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
* alerts being raised
*/
- //{
- // TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
- // c.clientOfferVersion = ProtocolVersion.DTLSv10;
- // c.clientFallback = true;
- // c.ExpectServerFatalAlert(AlertDescription.inappropriate_fallback);
+#if false
+ {
+ TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
+ c.clientOfferVersion = ProtocolVersion.DTLSv10;
+ c.clientFallback = true;
+ c.ExpectServerFatalAlert(AlertDescription.inappropriate_fallback);
- // testSuite.Add(new TestCaseData(c).SetName("FallbackBad"));
- //}
+ AddTestCase(testSuite, c, "FallbackBad");
+ }
+#endif
{
TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
c.clientOfferVersion = ProtocolVersion.DTLSv10;
- testSuite.Add(new TestCaseData(c).SetName("FallbackNone"));
+ AddTestCase(testSuite, c, "FallbackNone");
}
}
@@ -71,61 +73,144 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
* alerts being raised
*/
- //{
- // TlsTestConfig c = CreateDtlsTestConfig(version);
- // c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
- // c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
+#if false
+ /*
+ * Server only declares support for SHA1/RSA, client selects MD5/RSA. Since the client is
+ * NOT actually tracking MD5 over the handshake, we expect fatal alert from the client.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateDtlsTestConfig(version);
+ c.clientAuth = C.CLIENT_AUTH_VALID;
+ c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+ c.serverCertReqSigAlgs = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
+ c.ExpectClientFatalAlert(AlertDescription.internal_error);
+
+ AddTestCase(testSuite, c, prefix + "BadCertificateVerifyHashAlg");
+ }
+
+ /*
+ * Server only declares support for SHA1/ECDSA, client selects SHA1/RSA. Since the client is
+ * actually tracking SHA1 over the handshake, we expect fatal alert to come from the server
+ * when it verifies the selected algorithm against the CertificateRequest supported
+ * algorithms.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateDtlsTestConfig(version);
+ c.clientAuth = C.CLIENT_AUTH_VALID;
+ c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
+ c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
+ c.ExpectServerFatalAlert(AlertDescription.illegal_parameter);
- // testSuite.Add(new TestCaseData(c).SetName(prefix + "BadCertificateVerify"));
- //}
+ AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlg");
+ }
- //{
- // TlsTestConfig c = CreateDtlsTestConfig(version);
- // c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
- // c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
+ /*
+ * Server only declares support for SHA1/ECDSA, client signs with SHA1/RSA, but sends
+ * SHA1/ECDSA in the CertificateVerify. Since the client is actually tracking SHA1 over the
+ * handshake, and the claimed algorithm is in the CertificateRequest supported algorithms,
+ * we expect fatal alert to come from the server when it finds the claimed algorithm
+ * doesn't match the client certificate.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateDtlsTestConfig(version);
+ c.clientAuth = C.CLIENT_AUTH_VALID;
+ c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
+ c.clientAuthSigAlgClaimed = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.ecdsa);
+ c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
+ c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
- // testSuite.Add(new TestCaseData(c).SetName(prefix + "BadClientCertificate"));
- //}
+ AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlgMismatch");
+ }
- //{
- // TlsTestConfig c = CreateDtlsTestConfig(version);
- // c.clientAuth = C.CLIENT_AUTH_NONE;
- // c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
- // c.ExpectServerFatalAlert(AlertDescription.handshake_failure);
+ {
+ TlsTestConfig c = CreateDtlsTestConfig(version);
+ c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
+ c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
- // testSuite.Add(new TestCaseData(c).SetName(prefix + "BadMandatoryCertReqDeclined"));
- //}
+ AddTestCase(testSuite, c, prefix + "BadCertificateVerifySignature");
+ }
{
TlsTestConfig c = CreateDtlsTestConfig(version);
+ c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
+ c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
- testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodDefault"));
+ AddTestCase(testSuite, c, prefix + "BadClientCertificate");
+ }
+
+ {
+ TlsTestConfig c = CreateDtlsTestConfig(version);
+ c.clientAuth = C.CLIENT_AUTH_NONE;
+ c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
+ c.ExpectServerFatalAlert(AlertDescription.handshake_failure);
+
+ AddTestCase(testSuite, c, prefix + "BadMandatoryCertReqDeclined");
+ }
+
+ /*
+ * Server selects MD5/RSA for ServerKeyExchange signature, which is not in the default
+ * supported signature algorithms that the client sent. We expect fatal alert from the
+ * client when it verifies the selected algorithm against the supported algorithms.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateDtlsTestConfig(version);
+ c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+ c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
+
+ AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg");
+ }
+
+ /*
+ * Server selects MD5/RSA for ServerKeyExchange signature, which is not the default {sha1,rsa}
+ * implied by the absent signature_algorithms extension. We expect fatal alert from the
+ * client when it verifies the selected algorithm against the implicit default.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateDtlsTestConfig(version);
+ c.clientSendSignatureAlgorithms = false;
+ c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+ c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
+
+ AddTestCaseDebug(testSuite, c, prefix + "BadServerKeyExchangeSigAlg2");
+ }
+#endif
+
+ {
+ TlsTestConfig c = CreateDtlsTestConfig(version);
+
+ AddTestCase(testSuite, c, prefix + "GoodDefault");
}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.serverCertReq = C.SERVER_CERT_REQ_NONE;
- testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodNoCertReq"));
+ AddTestCase(testSuite, c, prefix + "GoodNoCertReq");
}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_NONE;
- testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodOptionalCertReqDeclined"));
+ AddTestCase(testSuite, c, prefix + "GoodOptionalCertReqDeclined");
}
}
+ private static void AddTestCase(IList testSuite, TlsTestConfig config, String name)
+ {
+ testSuite.Add(new TestCaseData(config).SetName(name));
+ }
+
private static TlsTestConfig CreateDtlsTestConfig(ProtocolVersion version)
{
TlsTestConfig c = new TlsTestConfig();
c.clientMinimumVersion = ProtocolVersion.DTLSv10;
- /*
- * TODO We'd like to just set the offer version to DTLSv12, but there is a known issue with
- * overly-restrictive version checks b/w BC DTLS 1.2 client, BC DTLS 1.0 server
- */
- c.clientOfferVersion = version;
+ c.clientOfferVersion = ProtocolVersion.DTLSv12;
c.serverMaximumVersion = version;
c.serverMinimumVersion = ProtocolVersion.DTLSv10;
return c;
diff --git a/crypto/test/src/crypto/tls/test/MockDtlsClient.cs b/crypto/test/src/crypto/tls/test/MockDtlsClient.cs
index e3c604db7..25057b8ce 100644
--- a/crypto/test/src/crypto/tls/test/MockDtlsClient.cs
+++ b/crypto/test/src/crypto/tls/test/MockDtlsClient.cs
@@ -73,8 +73,13 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions);
- TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
- TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
+ {
+ /*
+ * NOTE: If you are copying test code, do not blindly set these extensions in your own client.
+ */
+ TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
+ TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
+ }
return clientExtensions;
}
diff --git a/crypto/test/src/crypto/tls/test/MockTlsClient.cs b/crypto/test/src/crypto/tls/test/MockTlsClient.cs
index 7c1198632..35c5b3599 100644
--- a/crypto/test/src/crypto/tls/test/MockTlsClient.cs
+++ b/crypto/test/src/crypto/tls/test/MockTlsClient.cs
@@ -63,8 +63,13 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(base.GetClientExtensions());
TlsExtensionsUtilities.AddEncryptThenMacExtension(clientExtensions);
TlsExtensionsUtilities.AddExtendedMasterSecretExtension(clientExtensions);
- TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
- TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
+ {
+ /*
+ * NOTE: If you are copying test code, do not blindly set these extensions in your own client.
+ */
+ TlsExtensionsUtilities.AddMaxFragmentLengthExtension(clientExtensions, MaxFragmentLength.pow2_9);
+ TlsExtensionsUtilities.AddTruncatedHMacExtension(clientExtensions);
+ }
return clientExtensions;
}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestCase.cs b/crypto/test/src/crypto/tls/test/TlsTestCase.cs
index 4b0c12710..7fb5db6ce 100644
--- a/crypto/test/src/crypto/tls/test/TlsTestCase.cs
+++ b/crypto/test/src/crypto/tls/test/TlsTestCase.cs
@@ -35,8 +35,8 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
NetworkStream clientNet = new NetworkStream(clientPipe);
NetworkStream serverNet = new NetworkStream(serverPipe);
- TlsClientProtocol clientProtocol = new TlsClientProtocol(clientNet, secureRandom);
- TlsServerProtocol serverProtocol = new TlsServerProtocol(serverNet, secureRandom);
+ TlsTestClientProtocol clientProtocol = new TlsTestClientProtocol(clientNet, secureRandom, config);
+ TlsTestServerProtocol serverProtocol = new TlsTestServerProtocol(serverNet, secureRandom, config);
TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
@@ -104,13 +104,13 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
internal class Server
{
protected readonly TlsTestCase mOuter;
- protected readonly TlsServerProtocol mServerProtocol;
+ protected readonly TlsTestServerProtocol mServerProtocol;
protected readonly TlsTestServerImpl mServerImpl;
internal bool mCanExit = false;
internal Exception mCaught = null;
- internal Server(TlsTestCase outer, TlsServerProtocol serverProtocol, TlsTestServerImpl serverImpl)
+ internal Server(TlsTestCase outer, TlsTestServerProtocol serverProtocol, TlsTestServerImpl serverImpl)
{
this.mOuter = outer;
this.mServerProtocol = serverProtocol;
diff --git a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs b/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
index 0cc1883ba..864a0a5cc 100644
--- a/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
+++ b/crypto/test/src/crypto/tls/test/TlsTestClientImpl.cs
@@ -1,4 +1,5 @@
using System;
+using System.Collections;
using System.IO;
using Org.BouncyCastle.Asn1;
@@ -56,6 +57,17 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
}
}
+ public override IDictionary GetClientExtensions()
+ {
+ IDictionary clientExtensions = base.GetClientExtensions();
+ if (clientExtensions != null && !mConfig.clientSendSignatureAlgorithms)
+ {
+ clientExtensions.Remove(ExtensionType.signature_algorithms);
+ this.mSupportedSignatureAlgorithms = null;
+ }
+ return clientExtensions;
+ }
+
public override bool IsFallback
{
get { return mConfig.clientFallback; }
@@ -201,9 +213,15 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
return null;
}
+ IList supportedSigAlgs = certificateRequest.SupportedSignatureAlgorithms;
+ if (supportedSigAlgs != null && mOuter.mConfig.clientAuthSigAlg != null)
+ {
+ supportedSigAlgs = new ArrayList(1);
+ supportedSigAlgs.Add(mOuter.mConfig.clientAuthSigAlg);
+ }
+
TlsSignerCredentials signerCredentials = TlsTestUtilities.LoadSignerCredentials(mContext,
- certificateRequest.SupportedSignatureAlgorithms, SignatureAlgorithm.rsa,
- "x509-client.pem", "x509-client-key.pem");
+ supportedSigAlgs, SignatureAlgorithm.rsa, "x509-client.pem", "x509-client-key.pem");
if (mOuter.mConfig.clientAuth == TlsTestConfig.CLIENT_AUTH_VALID)
{
diff --git a/crypto/test/src/crypto/tls/test/TlsTestClientProtocol.cs b/crypto/test/src/crypto/tls/test/TlsTestClientProtocol.cs
new file mode 100644
index 000000000..97b7c91bc
--- /dev/null
+++ b/crypto/test/src/crypto/tls/test/TlsTestClientProtocol.cs
@@ -0,0 +1,29 @@
+using System;
+using System.IO;
+
+using Org.BouncyCastle.Security;
+
+namespace Org.BouncyCastle.Crypto.Tls.Tests
+{
+ internal class TlsTestClientProtocol
+ : TlsClientProtocol
+ {
+ protected readonly TlsTestConfig config;
+
+ public TlsTestClientProtocol(Stream stream, SecureRandom secureRandom, TlsTestConfig config)
+ : base(stream, secureRandom)
+ {
+ this.config = config;
+ }
+
+ protected override void SendCertificateVerifyMessage(DigitallySigned certificateVerify)
+ {
+ if (certificateVerify.Algorithm != null && config.clientAuthSigAlgClaimed != null)
+ {
+ certificateVerify = new DigitallySigned(config.clientAuthSigAlgClaimed, certificateVerify.Signature);
+ }
+
+ base.SendCertificateVerifyMessage(certificateVerify);
+ }
+ }
+}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestConfig.cs b/crypto/test/src/crypto/tls/test/TlsTestConfig.cs
index 0d1e7badb..ccbb919d2 100644
--- a/crypto/test/src/crypto/tls/test/TlsTestConfig.cs
+++ b/crypto/test/src/crypto/tls/test/TlsTestConfig.cs
@@ -1,4 +1,5 @@
using System;
+using System.Collections;
namespace Org.BouncyCastle.Crypto.Tls.Tests
{
@@ -47,6 +48,18 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
public int clientAuth = CLIENT_AUTH_VALID;
/**
+ * If not null, and TLS 1.2 or higher is negotiated, selects a fixed signature/hash algorithm to
+ * be used for the CertificateVerify signature (if one is sent).
+ */
+ public SignatureAndHashAlgorithm clientAuthSigAlg = null;
+
+ /**
+ * If not null, and TLS 1.2 or higher is negotiated, selects a fixed signature/hash algorithm to
+ * be _claimed_ in the CertificateVerify (if one is sent), independently of what was actually used.
+ */
+ public SignatureAndHashAlgorithm clientAuthSigAlgClaimed = null;
+
+ /**
* Configures the minimum protocol version the client will accept. If null, uses the library's default.
*/
public ProtocolVersion clientMinimumVersion = null;
@@ -62,11 +75,28 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
public bool clientFallback = false;
/**
+ * Configures whether a (TLS 1.2+) client will send the signature_algorithms extension in ClientHello.
+ */
+ public bool clientSendSignatureAlgorithms = true;
+
+ /**
+ * If not null, and TLS 1.2 or higher is negotiated, selects a fixed signature/hash algorithm to
+ * be used for the ServerKeyExchange signature (if one is sent).
+ */
+ public SignatureAndHashAlgorithm serverAuthSigAlg = null;
+
+ /**
* Configures whether the test server will send a certificate request.
*/
public int serverCertReq = SERVER_CERT_REQ_OPTIONAL;
/**
+ * If TLS 1.2 or higher is negotiated, configures the set of supported signature algorithms in the
+ * CertificateRequest (if one is sent). If null, uses a default set.
+ */
+ public IList serverCertReqSigAlgs = null;
+
+ /**
* Configures the maximum protocol version the server will accept. If null, uses the library's default.
*/
public ProtocolVersion serverMaximumVersion = null;
diff --git a/crypto/test/src/crypto/tls/test/TlsTestServerImpl.cs b/crypto/test/src/crypto/tls/test/TlsTestServerImpl.cs
index 152d5dbdc..9edd2e524 100644
--- a/crypto/test/src/crypto/tls/test/TlsTestServerImpl.cs
+++ b/crypto/test/src/crypto/tls/test/TlsTestServerImpl.cs
@@ -1,6 +1,7 @@
using System;
using System.Collections;
using System.IO;
+using System.Threading;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
@@ -72,11 +73,11 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
+ ", " + AlertDescription.GetText(alertDescription));
if (message != null)
{
- output.WriteLine("> " + message);
+ SafeWriteLine(output, "> " + message);
}
if (cause != null)
{
- output.WriteLine(cause);
+ SafeWriteLine(output, cause);
}
}
}
@@ -92,7 +93,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
if (TlsTestConfig.DEBUG)
{
TextWriter output = (alertLevel == AlertLevel.fatal) ? Console.Error : Console.Out;
- output.WriteLine("TLS server received alert: " + AlertLevel.GetText(alertLevel)
+ SafeWriteLine(output, "TLS server received alert: " + AlertLevel.GetText(alertLevel)
+ ", " + AlertDescription.GetText(alertDescription));
}
}
@@ -122,7 +123,11 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
IList serverSigAlgs = null;
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(mServerVersion))
{
- serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
+ serverSigAlgs = mConfig.serverCertReqSigAlgs;
+ if (serverSigAlgs == null)
+ {
+ serverSigAlgs = TlsUtilities.GetDefaultSupportedSignatureAlgorithms();
+ }
}
IList certificateAuthorities = new ArrayList();
@@ -167,15 +172,27 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
}
}
+ protected virtual IList GetSupportedSignatureAlgorithms()
+ {
+ if (TlsUtilities.IsTlsV12(mContext) && mConfig.serverAuthSigAlg != null)
+ {
+ IList signatureAlgorithms = new ArrayList(1);
+ signatureAlgorithms.Add(mConfig.serverAuthSigAlg);
+ return signatureAlgorithms;
+ }
+
+ return mSupportedSignatureAlgorithms;
+ }
+
protected override TlsSignerCredentials GetDsaSignerCredentials()
{
- return TlsTestUtilities.LoadSignerCredentials(mContext, mSupportedSignatureAlgorithms, SignatureAlgorithm.dsa,
+ return TlsTestUtilities.LoadSignerCredentials(mContext, GetSupportedSignatureAlgorithms(), SignatureAlgorithm.dsa,
"x509-server-dsa.pem", "x509-server-key-dsa.pem");
}
protected override TlsSignerCredentials GetECDsaSignerCredentials()
{
- return TlsTestUtilities.LoadSignerCredentials(mContext, mSupportedSignatureAlgorithms, SignatureAlgorithm.ecdsa,
+ return TlsTestUtilities.LoadSignerCredentials(mContext, GetSupportedSignatureAlgorithms(), SignatureAlgorithm.ecdsa,
"x509-server-ecdsa.pem", "x509-server-key-ecdsa.pem");
}
@@ -187,8 +204,22 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
protected override TlsSignerCredentials GetRsaSignerCredentials()
{
- return TlsTestUtilities.LoadSignerCredentials(mContext, mSupportedSignatureAlgorithms, SignatureAlgorithm.rsa,
+ return TlsTestUtilities.LoadSignerCredentials(mContext, GetSupportedSignatureAlgorithms(), SignatureAlgorithm.rsa,
"x509-server.pem", "x509-server-key.pem");
}
+
+ private static void SafeWriteLine(TextWriter output, object line)
+ {
+ try
+ {
+ output.WriteLine(line);
+ }
+ catch (ThreadInterruptedException)
+ {
+ /*
+ * For some reason the NUnit plugin in Visual Studio started throwing these during alert logging
+ */
+ }
+ }
}
}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestServerProtocol.cs b/crypto/test/src/crypto/tls/test/TlsTestServerProtocol.cs
new file mode 100644
index 000000000..845b7f0b9
--- /dev/null
+++ b/crypto/test/src/crypto/tls/test/TlsTestServerProtocol.cs
@@ -0,0 +1,19 @@
+using System;
+using System.IO;
+
+using Org.BouncyCastle.Security;
+
+namespace Org.BouncyCastle.Crypto.Tls.Tests
+{
+ internal class TlsTestServerProtocol
+ : TlsServerProtocol
+ {
+ protected readonly TlsTestConfig config;
+
+ public TlsTestServerProtocol(Stream stream, SecureRandom secureRandom, TlsTestConfig config)
+ : base(stream, secureRandom)
+ {
+ this.config = config;
+ }
+ }
+}
diff --git a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs b/crypto/test/src/crypto/tls/test/TlsTestSuite.cs
index dfd09d06e..77cebe0a6 100644
--- a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs
+++ b/crypto/test/src/crypto/tls/test/TlsTestSuite.cs
@@ -32,7 +32,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
TlsTestConfig c = CreateTlsTestConfig(ProtocolVersion.TLSv12);
c.clientFallback = true;
- testSuite.Add(new TestCaseData(c).SetName("FallbackGood"));
+ AddTestCase(testSuite, c, "FallbackGood");
}
{
@@ -41,14 +41,14 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
c.clientFallback = true;
c.ExpectServerFatalAlert(AlertDescription.inappropriate_fallback);
- testSuite.Add(new TestCaseData(c).SetName("FallbackBad"));
+ AddTestCase(testSuite, c, "FallbackBad");
}
{
TlsTestConfig c = CreateTlsTestConfig(ProtocolVersion.TLSv12);
c.clientOfferVersion = ProtocolVersion.TLSv11;
- testSuite.Add(new TestCaseData(c).SetName("FallbackNone"));
+ AddTestCase(testSuite, c, "FallbackNone");
}
}
@@ -63,7 +63,58 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
{
TlsTestConfig c = CreateTlsTestConfig(version);
- testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodDefault"));
+ AddTestCase(testSuite, c, prefix + "GoodDefault");
+ }
+
+ /*
+ * Server only declares support for SHA1/RSA, client selects MD5/RSA. Since the client is
+ * NOT actually tracking MD5 over the handshake, we expect fatal alert from the client.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateTlsTestConfig(version);
+ c.clientAuth = C.CLIENT_AUTH_VALID;
+ c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+ c.serverCertReqSigAlgs = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
+ c.ExpectClientFatalAlert(AlertDescription.internal_error);
+
+ AddTestCase(testSuite, c, prefix + "BadCertificateVerifyHashAlg");
+ }
+
+ /*
+ * Server only declares support for SHA1/ECDSA, client selects SHA1/RSA. Since the client is
+ * actually tracking SHA1 over the handshake, we expect fatal alert to come from the server
+ * when it verifies the selected algorithm against the CertificateRequest supported
+ * algorithms.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateTlsTestConfig(version);
+ c.clientAuth = C.CLIENT_AUTH_VALID;
+ c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
+ c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
+ c.ExpectServerFatalAlert(AlertDescription.illegal_parameter);
+
+ AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlg");
+ }
+
+ /*
+ * Server only declares support for SHA1/ECDSA, client signs with SHA1/RSA, but sends
+ * SHA1/ECDSA in the CertificateVerify. Since the client is actually tracking SHA1 over the
+ * handshake, and the claimed algorithm is in the CertificateRequest supported algorithms,
+ * we expect fatal alert to come from the server when it finds the claimed algorithm
+ * doesn't match the client certificate.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateTlsTestConfig(version);
+ c.clientAuth = C.CLIENT_AUTH_VALID;
+ c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
+ c.clientAuthSigAlgClaimed = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.ecdsa);
+ c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
+ c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
+
+ AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlgMismatch");
}
{
@@ -71,7 +122,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
- testSuite.Add(new TestCaseData(c).SetName(prefix + "BadCertificateVerify"));
+ AddTestCase(testSuite, c, prefix + "BadCertificateVerifySignature");
}
{
@@ -79,7 +130,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
- testSuite.Add(new TestCaseData(c).SetName(prefix + "BadClientCertificate"));
+ AddTestCase(testSuite, c, prefix + "BadClientCertificate");
}
{
@@ -88,24 +139,58 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
c.ExpectServerFatalAlert(AlertDescription.handshake_failure);
- testSuite.Add(new TestCaseData(c).SetName(prefix + "BadMandatoryCertReqDeclined"));
+ AddTestCase(testSuite, c, prefix + "BadMandatoryCertReqDeclined");
+ }
+
+ /*
+ * Server selects MD5/RSA for ServerKeyExchange signature, which is not in the default
+ * supported signature algorithms that the client sent. We expect fatal alert from the
+ * client when it verifies the selected algorithm against the supported algorithms.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateTlsTestConfig(version);
+ c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+ c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
+
+ AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg");
+ }
+
+ /*
+ * Server selects MD5/RSA for ServerKeyExchange signature, which is not the default {sha1,rsa}
+ * implied by the absent signature_algorithms extension. We expect fatal alert from the
+ * client when it verifies the selected algorithm against the implicit default.
+ */
+ if (TlsUtilities.IsTlsV12(version))
+ {
+ TlsTestConfig c = CreateTlsTestConfig(version);
+ c.clientSendSignatureAlgorithms = false;
+ c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
+ c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
+
+ AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg2");
}
{
TlsTestConfig c = CreateTlsTestConfig(version);
c.serverCertReq = C.SERVER_CERT_REQ_NONE;
- testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodNoCertReq"));
+ AddTestCase(testSuite, c, prefix + "GoodNoCertReq");
}
{
TlsTestConfig c = CreateTlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_NONE;
- testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodOptionalCertReqDeclined"));
+ AddTestCase(testSuite, c, prefix + "GoodOptionalCertReqDeclined");
}
}
+ private static void AddTestCase(IList testSuite, TlsTestConfig config, string name)
+ {
+ testSuite.Add(new TestCaseData(config).SetName(name));
+ }
+
private static TlsTestConfig CreateTlsTestConfig(ProtocolVersion version)
{
TlsTestConfig c = new TlsTestConfig();
diff --git a/crypto/test/src/math/ec/test/ECPointTest.cs b/crypto/test/src/math/ec/test/ECPointTest.cs
index 3c10170f7..57f838f9f 100644
--- a/crypto/test/src/math/ec/test/ECPointTest.cs
+++ b/crypto/test/src/math/ec/test/ECPointTest.cs
@@ -437,6 +437,19 @@ namespace Org.BouncyCastle.Math.EC.Tests
}
}
}
+ else if (ECAlgorithms.IsF2mCurve(c))
+ {
+ int m = c.FieldSize;
+ BigInteger x = new BigInteger(m, secRand);
+ ECFieldElement fe = c.FromBigInteger(x);
+ for (int i = 0; i < 100; ++i)
+ {
+ ECFieldElement sq = fe.Square();
+ ECFieldElement check = sq.Sqrt();
+ Assert.AreEqual(fe, check);
+ fe = sq;
+ }
+ }
}
private void ImplAddSubtractMultiplyTwiceEncodingTestAllCoords(X9ECParameters x9ECParameters)
diff --git a/crypto/test/src/test/ECEncodingTest.cs b/crypto/test/src/test/ECEncodingTest.cs
index f1a4d5e3a..8d993c15e 100644
--- a/crypto/test/src/test/ECEncodingTest.cs
+++ b/crypto/test/src/test/ECEncodingTest.cs
@@ -109,7 +109,7 @@ namespace Org.BouncyCastle.Tests
if (!compress)
{
//pubKey.setPointFormat("UNCOMPRESSED");
- pubKey = SetPublicUncompressed(pubKey, false);
+ pubKey = SetPublicUncompressed(pubKey);
}
byte[] x = pubKey.Q.AffineXCoord.ToBigInteger().ToByteArrayUnsigned();
@@ -154,7 +154,7 @@ namespace Org.BouncyCastle.Tests
// TODO Private key compression?
//newKey.setPointFormat("UNCOMPRESSED");
//newPubKey.setPointFormat("UNCOMPRESSED");
- newPubKey = SetPublicUncompressed(newPubKey, false);
+ newPubKey = SetPublicUncompressed(newPubKey);
}
// string newPrivateKey = new string(Hex.encode(newKey.getEncoded()));
@@ -201,7 +201,7 @@ namespace Org.BouncyCastle.Tests
// TODO Private key compression?
//privECKey.setPointFormat("UNCOMPRESSED");
//pubECKey.setPointFormat("UNCOMPRESSED");
- pubECKey = SetPublicUncompressed(pubECKey, false);
+ pubECKey = SetPublicUncompressed(pubECKey);
}
certGen.SetSignatureAlgorithm("ECDSAwithSHA1");
@@ -216,13 +216,12 @@ namespace Org.BouncyCastle.Tests
}
private ECPublicKeyParameters SetPublicUncompressed(
- ECPublicKeyParameters key,
- bool withCompression)
+ ECPublicKeyParameters key)
{
ECPoint p = key.Q.Normalize();
return new ECPublicKeyParameters(
key.AlgorithmName,
- p.Curve.CreatePoint(p.XCoord.ToBigInteger(), p.YCoord.ToBigInteger(), withCompression),
+ p.Curve.CreatePoint(p.XCoord.ToBigInteger(), p.YCoord.ToBigInteger()),
key.Parameters);
}
|
