commit 000800a306dc95f5bac8a5e610b5300ca6765f52
author David Benjamin <davidben@chromium.org> Fri Nov 14 01:43:59 2014 -0500
committer Adam Langley <agl@google.com> Tue Nov 18 22:30:03 2014 +0000
tree 4f18265b290a8553dc0ffc81eabd1d83c518cb1e
parent ec2f27dee1d5f1de5a3fe519641daa4fc82430d1

Add tests for signature algorithm negotiation.

Change-Id: I5a263734560997b774014b5742877aa4b2940664
Reviewed-on: https://boringssl-review.googlesource.com/2289
Reviewed-by: Adam Langley <agl@google.com>

ssl/test/runner/common.go

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index a4bdef8..01b7581 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -129,8 +129,12 @@
 
 // Hash functions for TLS 1.2 (See RFC 5246, section A.4.1)
 const (
+	hashMD5    uint8 = 1
 	hashSHA1   uint8 = 2
+	hashSHA224 uint8 = 3
 	hashSHA256 uint8 = 4
+	hashSHA384 uint8 = 5
+	hashSHA512 uint8 = 6
 )
 
 // Signature algorithms for TLS 1.2 (See RFC 5246, section A.4.1)
@@ -346,6 +350,11 @@
 	// protection profiles to offer in DTLS-SRTP.
 	SRTPProtectionProfiles []uint16
 
+	// SignatureAndHashes, if not nil, overrides the default set of
+	// supported signature and hash algorithms to advertise in
+	// CertificateRequest.
+	SignatureAndHashes []signatureAndHash
+
 	// Bugs specifies optional misbehaviour to be used for testing other
 	// implementations.
 	Bugs ProtocolBugs
@@ -541,6 +550,14 @@
 	// SendSRTPProtectionProfile, if non-zero, is the SRTP profile that the
 	// server sends in the ServerHello instead of the negotiated one.
 	SendSRTPProtectionProfile uint16
+
+	// NoSignatureAndHashes, if true, causes the client to omit the
+	// signature and hashes extension.
+	//
+	// For a server, it will cause an empty list to be sent in the
+	// CertificateRequest message. None the less, the configured set will
+	// still be enforced.
+	NoSignatureAndHashes bool
 }
 
 func (c *Config) serverInit() {
@@ -655,6 +672,20 @@
 	return &c.Certificates[0]
 }
 
+func (c *Config) signatureAndHashesForServer() []signatureAndHash {
+	if c != nil && c.SignatureAndHashes != nil {
+		return c.SignatureAndHashes
+	}
+	return supportedClientCertSignatureAlgorithms
+}
+
+func (c *Config) signatureAndHashesForClient() []signatureAndHash {
+	if c != nil && c.SignatureAndHashes != nil {
+		return c.SignatureAndHashes
+	}
+	return supportedSKXSignatureAlgorithms
+}
+
 // BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate
 // from the CommonName and SubjectAlternateName fields of each of the leaf
 // certificates.
@@ -806,3 +837,12 @@
 func unexpectedMessageError(wanted, got interface{}) error {
 	return fmt.Errorf("tls: received unexpected handshake message of type %T when waiting for %T", got, wanted)
 }
+
+func isSupportedSignatureAndHash(sigHash signatureAndHash, sigHashes []signatureAndHash) bool {
+	for _, s := range sigHashes {
+		if s == sigHash {
+			return true
+		}
+	}
+	return false
+}