runner: Remove an unnecessary use of AllCurves
AllCurves interferes with cross-version handshake hint tests. If any
curve is removed, the test breaks. This is a particular nuisance for
signing tests, where we'd rather like to see cross-version hint
compatibility. It's also a nuisance for writing test suppressions
because the remove curve is not actually listed in the test name.
The signing tests don't actually need to enable all curves. They just
need to handle some TLS 1.2 ECDSA rules. Fix that by having the test
know the expected curve and to configure it explicitly. Hopefully
that'll reduce the exceptions needed in the future.
Change-Id: I432e084c49a943afc92726ccf0b73658e7bd30b1
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/59325
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 1da1e2a..fc8c6ff 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -9724,26 +9724,29 @@
name string
id signatureAlgorithm
cert testCert
+ // If non-zero, the curve that must be supported in TLS 1.2 for cert to be
+ // accepted.
+ curve CurveID
}{
- {"RSA_PKCS1_SHA1", signatureRSAPKCS1WithSHA1, testCertRSA},
- {"RSA_PKCS1_SHA256", signatureRSAPKCS1WithSHA256, testCertRSA},
- {"RSA_PKCS1_SHA384", signatureRSAPKCS1WithSHA384, testCertRSA},
- {"RSA_PKCS1_SHA512", signatureRSAPKCS1WithSHA512, testCertRSA},
- {"ECDSA_SHA1", signatureECDSAWithSHA1, testCertECDSAP256},
+ {"RSA_PKCS1_SHA1", signatureRSAPKCS1WithSHA1, testCertRSA, 0},
+ {"RSA_PKCS1_SHA256", signatureRSAPKCS1WithSHA256, testCertRSA, 0},
+ {"RSA_PKCS1_SHA384", signatureRSAPKCS1WithSHA384, testCertRSA, 0},
+ {"RSA_PKCS1_SHA512", signatureRSAPKCS1WithSHA512, testCertRSA, 0},
+ {"ECDSA_SHA1", signatureECDSAWithSHA1, testCertECDSAP256, CurveP256},
// The “P256” in the following line is not a mistake. In TLS 1.2 the
// hash function doesn't have to match the curve and so the same
// signature algorithm works with P-224.
- {"ECDSA_P224_SHA256", signatureECDSAWithP256AndSHA256, testCertECDSAP224},
- {"ECDSA_P256_SHA256", signatureECDSAWithP256AndSHA256, testCertECDSAP256},
- {"ECDSA_P384_SHA384", signatureECDSAWithP384AndSHA384, testCertECDSAP384},
- {"ECDSA_P521_SHA512", signatureECDSAWithP521AndSHA512, testCertECDSAP521},
- {"RSA_PSS_SHA256", signatureRSAPSSWithSHA256, testCertRSA},
- {"RSA_PSS_SHA384", signatureRSAPSSWithSHA384, testCertRSA},
- {"RSA_PSS_SHA512", signatureRSAPSSWithSHA512, testCertRSA},
- {"Ed25519", signatureEd25519, testCertEd25519},
+ {"ECDSA_P224_SHA256", signatureECDSAWithP256AndSHA256, testCertECDSAP224, CurveP224},
+ {"ECDSA_P256_SHA256", signatureECDSAWithP256AndSHA256, testCertECDSAP256, CurveP256},
+ {"ECDSA_P384_SHA384", signatureECDSAWithP384AndSHA384, testCertECDSAP384, CurveP384},
+ {"ECDSA_P521_SHA512", signatureECDSAWithP521AndSHA512, testCertECDSAP521, CurveP521},
+ {"RSA_PSS_SHA256", signatureRSAPSSWithSHA256, testCertRSA, 0},
+ {"RSA_PSS_SHA384", signatureRSAPSSWithSHA384, testCertRSA, 0},
+ {"RSA_PSS_SHA512", signatureRSAPSSWithSHA512, testCertRSA, 0},
+ {"Ed25519", signatureEd25519, testCertEd25519, 0},
// Tests for key types prior to TLS 1.2.
- {"RSA", 0, testCertRSA},
- {"ECDSA", 0, testCertECDSAP256},
+ {"RSA", 0, testCertRSA, 0},
+ {"ECDSA", 0, testCertECDSAP256, CurveP256},
}
const fakeSigAlg1 signatureAlgorithm = 0x2a01
@@ -9795,6 +9798,14 @@
rejectByDefault = true
}
+ var curveFlags []string
+ if alg.curve != 0 && ver.version <= VersionTLS12 {
+ // In TLS 1.2, the ECDH curve list also constrains ECDSA keys. Ensure the
+ // corresponding curve is enabled on the shim. Also include X25519 to
+ // ensure the shim and runner have something in common for ECDH.
+ curveFlags = flagInts("-curves", []int{int(CurveX25519), int(alg.curve)})
+ }
+
var signError, signLocalError, verifyError, verifyLocalError, defaultError, defaultLocalError string
if shouldFail {
signError = ":NO_COMMON_SIGNATURE_ALGORITHMS:"
@@ -9833,7 +9844,7 @@
"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
},
- flagInts("-curves", shimConfig.AllCurves)...,
+ curveFlags...,
),
shouldFail: shouldFail,
expectedError: signError,
@@ -9857,7 +9868,7 @@
"-cert-file", path.Join(*resourceDir, getShimCertificate(alg.cert)),
"-key-file", path.Join(*resourceDir, getShimKey(alg.cert)),
},
- flagInts("-curves", shimConfig.AllCurves)...,
+ curveFlags...,
),
expectations: connectionExpectations{
peerSignatureAlgorithm: alg.id,
@@ -9898,7 +9909,7 @@
IgnorePeerSignatureAlgorithmPreferences: shouldFail,
},
},
- flags: flagInts("-curves", shimConfig.AllCurves),
+ flags: curveFlags,
// Resume the session to assert the peer signature
// algorithm is reported on both handshakes.
resumeSession: !shouldFail,
@@ -9931,7 +9942,7 @@
},
flags: append(
[]string{"-expect-peer-signature-algorithm", strconv.Itoa(int(alg.id))},
- flagInts("-curves", shimConfig.AllCurves)...,
+ curveFlags...,
),
// Resume the session to assert the peer signature
// algorithm is reported on both handshakes.
@@ -9955,7 +9966,7 @@
InvalidSignature: true,
},
},
- flags: flagInts("-curves", shimConfig.AllCurves),
+ flags: curveFlags,
shouldFail: true,
expectedError: ":BAD_SIGNATURE:",
}
