diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
commit | f4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch) | |
tree | 211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc | |
parent | f7d30133221896638f7bf4f66c504255c4b14f48 (diff) | |
download | UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.lz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.xz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.zip |
Issue #1338 - Part 2: Update NSS to 3.48-RTM
Diffstat (limited to 'security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc')
-rw-r--r-- | security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc index 194cbab47..7739fe76f 100644 --- a/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc @@ -56,6 +56,9 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase { if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { std::vector<SSLNamedGroup> groups = {group_}; + if (cert_group_ != ssl_grp_none) { + groups.push_back(cert_group_); + } client_->ConfigNamedGroups(groups); server_->ConfigNamedGroups(groups); kea_type_ = SSLInt_GetKEAType(group_); @@ -68,41 +71,48 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase { virtual void SetupCertificate() { if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { switch (sig_scheme_) { - case ssl_sig_rsa_pkcs1_sha256: - case ssl_sig_rsa_pkcs1_sha384: - case ssl_sig_rsa_pkcs1_sha512: + case ssl_sig_rsa_pss_rsae_sha256: + std::cerr << "Signature scheme: rsa_pss_rsae_sha256" << std::endl; Reset(TlsAgent::kServerRsaSign); auth_type_ = ssl_auth_rsa_sign; break; - case ssl_sig_rsa_pss_rsae_sha256: case ssl_sig_rsa_pss_rsae_sha384: + std::cerr << "Signature scheme: rsa_pss_rsae_sha384" << std::endl; Reset(TlsAgent::kServerRsaSign); auth_type_ = ssl_auth_rsa_sign; break; case ssl_sig_rsa_pss_rsae_sha512: // You can't fit SHA-512 PSS in a 1024-bit key. + std::cerr << "Signature scheme: rsa_pss_rsae_sha512" << std::endl; Reset(TlsAgent::kRsa2048); auth_type_ = ssl_auth_rsa_sign; break; case ssl_sig_rsa_pss_pss_sha256: + std::cerr << "Signature scheme: rsa_pss_pss_sha256" << std::endl; Reset(TlsAgent::kServerRsaPss); auth_type_ = ssl_auth_rsa_pss; break; case ssl_sig_rsa_pss_pss_sha384: + std::cerr << "Signature scheme: rsa_pss_pss_sha384" << std::endl; Reset("rsa_pss384"); auth_type_ = ssl_auth_rsa_pss; break; case ssl_sig_rsa_pss_pss_sha512: + std::cerr << "Signature scheme: rsa_pss_pss_sha512" << std::endl; Reset("rsa_pss512"); auth_type_ = ssl_auth_rsa_pss; break; case ssl_sig_ecdsa_secp256r1_sha256: + std::cerr << "Signature scheme: ecdsa_secp256r1_sha256" << std::endl; Reset(TlsAgent::kServerEcdsa256); auth_type_ = ssl_auth_ecdsa; + cert_group_ = ssl_grp_ec_secp256r1; break; case ssl_sig_ecdsa_secp384r1_sha384: + std::cerr << "Signature scheme: ecdsa_secp384r1_sha384" << std::endl; Reset(TlsAgent::kServerEcdsa384); auth_type_ = ssl_auth_ecdsa; + cert_group_ = ssl_grp_ec_secp384r1; break; default: ADD_FAILURE() << "Unsupported signature scheme: " << sig_scheme_; @@ -118,9 +128,11 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase { break; case ssl_auth_ecdsa: Reset(TlsAgent::kServerEcdsa256); + cert_group_ = ssl_grp_ec_secp256r1; break; case ssl_auth_ecdh_ecdsa: Reset(TlsAgent::kServerEcdhEcdsa); + cert_group_ = ssl_grp_ec_secp256r1; break; case ssl_auth_ecdh_rsa: Reset(TlsAgent::kServerEcdhRsa); @@ -198,6 +210,7 @@ class TlsCipherSuiteTestBase : public TlsConnectTestBase { SSLAuthType auth_type_; SSLKEAType kea_type_; SSLNamedGroup group_; + SSLNamedGroup cert_group_ = ssl_grp_none; SSLSignatureScheme sig_scheme_; SSLCipherSuiteInfo csinfo_; }; @@ -330,6 +343,12 @@ static SSLSignatureScheme kSignatureSchemesParamsArr[] = { ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512}; +static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = { + ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384, + ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384, + ssl_sig_rsa_pss_rsae_sha512, ssl_sig_rsa_pss_pss_sha256, + ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512}; + INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams, kDummySignatureSchemesParams, TLS_RSA_WITH_RC4_128_SHA, @@ -394,7 +413,7 @@ INSTANTIATE_CIPHER_TEST_P( #ifndef NSS_DISABLE_TLS_1_3 INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13, ::testing::ValuesIn(kFasterDHEGroups), - ::testing::ValuesIn(kSignatureSchemesParamsArr), + ::testing::ValuesIn(kSignatureSchemesParamsArrTls13), TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_256_GCM_SHA384); INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13, |