Add test support for TLS signature types.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jan 2017 15:06:16 +0000 (15:06 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 30 Jan 2017 13:00:17 +0000 (13:00 +0000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)

test/README.ssltest.md
test/handshake_helper.c
test/handshake_helper.h
test/ssl_test.c
test/ssl_test_ctx.c
test/ssl_test_ctx.h

index 5e2b2d7..3d0fe91 100644 (file)
@@ -92,9 +92,12 @@ handshake.
 * ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or
   curve of server or client certificate
 
-* ExpectedServerSignatureHash, ExpectedClientSignatureHash - the expected
+* ExpectedServerSignHash, ExpectedClientSignHash - the expected
   signing hash used by server or client certificate
 
+* ExpectedServerSignType, ExpectedClientSignType - the expected
+  signature type used by server or client when signing messages
+
 ## Configuring the client and server
 
 The client and server configurations can be any valid `SSL_CTX`
index fd79565..a789899 100644 (file)
@@ -1073,6 +1073,9 @@ static HANDSHAKE_RESULT *do_handshake_internal(
     SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash);
     SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash);
 
+    SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type);
+    SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type);
+
     ret->server_cert_type = peer_pkey_type(client.ssl);
     ret->client_cert_type = peer_pkey_type(server.ssl);
 
index 604eed9..bdbeabb 100644 (file)
@@ -49,10 +49,14 @@ typedef struct handshake_result {
     int server_cert_type;
     /* server signing hash */
     int server_sign_hash;
+    /* server signature type */
+    int server_sign_type;
     /* client certificate key type */
     int client_cert_type;
     /* client signing hash */
     int client_sign_hash;
+    /* client signature type */
+    int client_sign_type;
 } HANDSHAKE_RESULT;
 
 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void);
index 58ddca4..752de63 100644 (file)
@@ -217,6 +217,13 @@ static int check_server_sign_hash(HANDSHAKE_RESULT *result,
                      result->server_sign_hash);
 }
 
+static int check_server_sign_type(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Server signing", test_ctx->expected_server_sign_type,
+                     result->server_sign_type);
+}
+
 static int check_client_cert_type(HANDSHAKE_RESULT *result,
                                   SSL_TEST_CTX *test_ctx)
 {
@@ -231,6 +238,13 @@ static int check_client_sign_hash(HANDSHAKE_RESULT *result,
                      result->client_sign_hash);
 }
 
+static int check_client_sign_type(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Client signing", test_ctx->expected_client_sign_type,
+                     result->client_sign_type);
+}
+
 /*
  * This could be further simplified by constructing an expected
  * HANDSHAKE_RESULT, and implementing comparison methods for
@@ -254,8 +268,10 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
         ret &= check_tmp_key(result, test_ctx);
         ret &= check_server_cert_type(result, test_ctx);
         ret &= check_server_sign_hash(result, test_ctx);
+        ret &= check_server_sign_type(result, test_ctx);
         ret &= check_client_cert_type(result, test_ctx);
         ret &= check_client_sign_hash(result, test_ctx);
+        ret &= check_client_sign_type(result, test_ctx);
     }
     return ret;
 }
index 3a937b3..e88e577 100644 (file)
@@ -432,9 +432,9 @@ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
 
 IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
 
-/***********************/
-/* Expected key types  */
-/***********************/
+/*************************************/
+/* Expected key and signature types  */
+/*************************************/
 
 __owur static int parse_expected_key_type(int *ptype, const char *value)
 {
@@ -473,6 +473,13 @@ __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx,
                                    value);
 }
 
+__owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx,
+                                                 const char *value)
+{
+    return parse_expected_key_type(&test_ctx->expected_server_sign_type,
+                                   value);
+}
+
 __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
                                                   const char *value)
 {
@@ -480,6 +487,13 @@ __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
                                    value);
 }
 
+__owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx,
+                                                 const char *value)
+{
+    return parse_expected_key_type(&test_ctx->expected_client_sign_type,
+                                   value);
+}
+
 /*************************/
 /* Expected signing hash */
 /*************************/
@@ -540,8 +554,10 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
     { "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
     { "ExpectedServerCertType", &parse_expected_server_cert_type },
     { "ExpectedServerSignHash", &parse_expected_server_sign_hash },
+    { "ExpectedServerSignType", &parse_expected_server_sign_type },
     { "ExpectedClientCertType", &parse_expected_client_cert_type },
     { "ExpectedClientSignHash", &parse_expected_client_sign_hash },
+    { "ExpectedClientSignType", &parse_expected_client_sign_type },
 };
 
 /* Nested client options. */
index b34efe3..13652b0 100644 (file)
@@ -165,10 +165,14 @@ typedef struct {
     int expected_server_cert_type;
     /* Expected server signing hash */
     int expected_server_sign_hash;
+    /* Expected server signature type */
+    int expected_server_sign_type;
     /* Expected client certificate key type */
     int expected_client_cert_type;
     /* Expected client signing hash */
     int expected_client_sign_hash;
+    /* Expected client signature type */
+    int expected_client_sign_type;
 } SSL_TEST_CTX;
 
 const char *ssl_test_result_name(ssl_test_result_t result);