From 0f27ab94ef24d4c787a98226ca68e04b72c2b433 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Tue, 10 May 2022 18:50:04 +0700 Subject: Test config for ClientHello sig algs --- crypto/src/tls/TlsUtilities.cs | 7 ++++++- crypto/test/src/tls/test/TlsTestClientImpl.cs | 8 ++++++++ crypto/test/src/tls/test/TlsTestConfig.cs | 4 ++++ 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index 076aaf535..f6e509b7d 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -1067,11 +1067,16 @@ namespace Org.BouncyCastle.Tls } public static IList GetDefaultSupportedSignatureAlgorithms(TlsContext context) + { + return GetSupportedSignatureAlgorithms(context, DefaultSupportedSigAlgs); + } + + public static IList GetSupportedSignatureAlgorithms(TlsContext context, IList candidates) { TlsCrypto crypto = context.Crypto; IList result = Platform.CreateArrayList(DefaultSupportedSigAlgs.Count); - foreach (SignatureAndHashAlgorithm sigAndHashAlg in DefaultSupportedSigAlgs) + foreach (SignatureAndHashAlgorithm sigAndHashAlg in candidates) { AddIfSupported(result, crypto, sigAndHashAlg); } diff --git a/crypto/test/src/tls/test/TlsTestClientImpl.cs b/crypto/test/src/tls/test/TlsTestClientImpl.cs index cb70dbc80..a15704af7 100644 --- a/crypto/test/src/tls/test/TlsTestClientImpl.cs +++ b/crypto/test/src/tls/test/TlsTestClientImpl.cs @@ -95,6 +95,14 @@ namespace Org.BouncyCastle.Tls.Tests return base.GetEarlyKeyShareGroups(); } + protected override IList GetSupportedSignatureAlgorithms() + { + if (m_config.clientCHSigAlgs != null) + return TlsUtilities.GetSupportedSignatureAlgorithms(m_context, m_config.clientCHSigAlgs); + + return base.GetSupportedSignatureAlgorithms(); + } + public override bool IsFallback() { return m_config.clientFallback; diff --git a/crypto/test/src/tls/test/TlsTestConfig.cs b/crypto/test/src/tls/test/TlsTestConfig.cs index a15d4e535..81784e3e3 100644 --- a/crypto/test/src/tls/test/TlsTestConfig.cs +++ b/crypto/test/src/tls/test/TlsTestConfig.cs @@ -45,6 +45,10 @@ namespace Org.BouncyCastle.Tls.Tests /// _claimed_ in the CertificateVerify (if one is sent), independently of what was actually used. public SignatureAndHashAlgorithm clientAuthSigAlgClaimed = null; + /// If TLS 1.2 or higher is negotiated, configures the set of supported signature algorithms in the + /// ClientHello. If null, uses a default set. + public IList clientCHSigAlgs = null; + /// Control whether the client will call /// to check the server /// certificate chain. -- cgit 1.4.1