diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 5e2b2d76fc1422554aa26b3a5c2fa9cb077f0789..3d0fe91f5514791ee582f53d170dc0df6382c8b5 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -92,9 +92,12 @@ handshake. * ExpectedServerCertType, ExpectedClientCertType - the expected algorithm or curve of server or client certificate -* ExpectedServerSignatureHash, ExpectedClientSignatureHash - the expected +* ExpectedServerSignHash, ExpectedClientSignHash - the expected signing hash used by server or client certificate +* ExpectedServerSignType, ExpectedClientSignType - the expected + signature type used by server or client when signing messages + ## Configuring the client and server The client and server configurations can be any valid `SSL_CTX` diff --git a/test/handshake_helper.c b/test/handshake_helper.c index fd79565bef857abf66333f58f82a1d044d90e4a4..a7898991e031b01dd18f32b6a8827d4a53c1ef03 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -1073,6 +1073,9 @@ static HANDSHAKE_RESULT *do_handshake_internal( SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash); SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash); + SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type); + SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type); + ret->server_cert_type = peer_pkey_type(client.ssl); ret->client_cert_type = peer_pkey_type(server.ssl); diff --git a/test/handshake_helper.h b/test/handshake_helper.h index 604eed9bbac8f0ec24a326092f08bed1298e07c7..bdbeabb6fe3df6a9cdcada14f8c6d15e13a9363d 100644 --- a/test/handshake_helper.h +++ b/test/handshake_helper.h @@ -49,10 +49,14 @@ typedef struct handshake_result { int server_cert_type; /* server signing hash */ int server_sign_hash; + /* server signature type */ + int server_sign_type; /* client certificate key type */ int client_cert_type; /* client signing hash */ int client_sign_hash; + /* client signature type */ + int client_sign_type; } HANDSHAKE_RESULT; HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void); diff --git a/test/ssl_test.c b/test/ssl_test.c index 58ddca4ec059bbf321bdbba2dcaacf9e26a88309..752de6396be1c79126bf620af46118fa7db21eb3 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -217,6 +217,13 @@ static int check_server_sign_hash(HANDSHAKE_RESULT *result, result->server_sign_hash); } +static int check_server_sign_type(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Server signing", test_ctx->expected_server_sign_type, + result->server_sign_type); +} + static int check_client_cert_type(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) { @@ -231,6 +238,13 @@ static int check_client_sign_hash(HANDSHAKE_RESULT *result, result->client_sign_hash); } +static int check_client_sign_type(HANDSHAKE_RESULT *result, + SSL_TEST_CTX *test_ctx) +{ + return check_nid("Client signing", test_ctx->expected_client_sign_type, + result->client_sign_type); +} + /* * This could be further simplified by constructing an expected * HANDSHAKE_RESULT, and implementing comparison methods for @@ -254,8 +268,10 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) ret &= check_tmp_key(result, test_ctx); ret &= check_server_cert_type(result, test_ctx); ret &= check_server_sign_hash(result, test_ctx); + ret &= check_server_sign_type(result, test_ctx); ret &= check_client_cert_type(result, test_ctx); ret &= check_client_sign_hash(result, test_ctx); + ret &= check_client_sign_type(result, test_ctx); } return ret; } diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 3a937b388085271de91e82856a76efe2f8f9c4e2..e88e577eab33b17c6aad85d4e470db9de096d781 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -432,9 +432,9 @@ IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size) IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size) -/***********************/ -/* Expected key types */ -/***********************/ +/*************************************/ +/* Expected key and signature types */ +/*************************************/ __owur static int parse_expected_key_type(int *ptype, const char *value) { @@ -473,6 +473,13 @@ __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx, value); } +__owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_type(&test_ctx->expected_server_sign_type, + value); +} + __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx, const char *value) { @@ -480,6 +487,13 @@ __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx, value); } +__owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_key_type(&test_ctx->expected_client_sign_type, + value); +} + /*************************/ /* Expected signing hash */ /*************************/ @@ -540,8 +554,10 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedTmpKeyType", &parse_expected_tmp_key_type }, { "ExpectedServerCertType", &parse_expected_server_cert_type }, { "ExpectedServerSignHash", &parse_expected_server_sign_hash }, + { "ExpectedServerSignType", &parse_expected_server_sign_type }, { "ExpectedClientCertType", &parse_expected_client_cert_type }, { "ExpectedClientSignHash", &parse_expected_client_sign_hash }, + { "ExpectedClientSignType", &parse_expected_client_sign_type }, }; /* Nested client options. */ diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index b34efe327cfe94cd4b76c83aa58a6dd99300dc3e..13652b0528d18e10d9c20b7e294b305f8ea7e5c2 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -165,10 +165,14 @@ typedef struct { int expected_server_cert_type; /* Expected server signing hash */ int expected_server_sign_hash; + /* Expected server signature type */ + int expected_server_sign_type; /* Expected client certificate key type */ int expected_client_cert_type; /* Expected client signing hash */ int expected_client_sign_hash; + /* Expected client signature type */ + int expected_client_sign_type; } SSL_TEST_CTX; const char *ssl_test_result_name(ssl_test_result_t result);