Use enums to represent TLS signature and kex algorithms.

Adds support for PSS signatures (currently verifying only).
author: Jack Lloyd <[email protected]> 2017-12-21 15:37:39 -0500
committer: Jack Lloyd <[email protected]> 2018-01-28 12:14:07 -0500
commit: b2b55e6c2fdb824f49923b60d2c3ffff8f0fb99a (patch)
tree: 8d5650816329cbe176a4e1fee639094c9387b260 /src/tests
parent: 1c667d34bf71336d33bb76309176a993f13a2aac (diff)
3 files changed, 9 insertions, 4 deletions
diff --git a/src/tests/data/tls-policy/compat.txt b/src/tests/data/tls-policy/compat.txt
index 39564b51b..473453ab0 100644
--- a/src/tests/data/tls-policy/compat.txt
+++ b/src/tests/data/tls-policy/compat.txt
@@ -12,7 +12,7 @@ allow_dtls12 = false
 ciphers = ChaCha20Poly1305 AES-256/GCM AES-128/GCM AES-256 AES-128 3DES
 macs = AEAD SHA-256 SHA-384 SHA-1
 signature_hashes = SHA-512 SHA-384 SHA-256 SHA-1
-signature_methods = ECDSA RSA
+signature_methods = ECDSA RSA IMPLICIT
 key_exchange_methods = CECPQ1 ECDH DH RSA
 ecc_curves = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1
 allow_insecure_renegotiation = false
diff --git a/src/tests/data/tls/cert_verify.vec b/src/tests/data/tls/cert_verify.vec
index 7f09002ce..d36156cc2 100644
--- a/src/tests/data/tls/cert_verify.vec
+++ b/src/tests/data/tls/cert_verify.vec
@@ -24,7 +24,7 @@ Exception =
 #Incomplete algorithm
 Buffer = 06
 Protocol = 0303
-Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 1 bytes remaining, only 0 left
+Exception = Invalid argument Decoding error: Invalid CertificateVerify: Expected 2 bytes remaining, only 1 left
 
 #Incomplete certificate
 Buffer = 0601000500
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index f82d432b4..f9132d60a 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -879,9 +879,9 @@ class TLS_Unit_Tests final : public Test
          policy.set("key_exchange_methods", kex_policy);
          policy.set("negotiate_encrypt_then_mac", etm_policy);
 
-         if(kex_policy == "RSA")
+         if(kex_policy.find("RSA") != std::string::npos)
             {
-            policy.set("signature_methods", "RSA");
+            policy.set("signature_methods", "IMPLICIT");
             }
 
          std::vector<Botan::TLS::Protocol_Version> versions =
@@ -927,6 +927,11 @@ class TLS_Unit_Tests final : public Test
          policy.set("macs", mac_policy);
          policy.set("key_exchange_methods", kex_policy);
 
+         if(kex_policy.find("RSA") != std::string::npos)
+            {
+            policy.set("signature_methods", "IMPLICIT");
+            }
+
          for(auto const& kv : extra_policies)
             {
             policy.set(kv.first, kv.second);
author	Jack Lloyd <[email protected]>	2017-12-21 15:37:39 -0500
committer	Jack Lloyd <[email protected]>	2018-01-28 12:14:07 -0500
commit	b2b55e6c2fdb824f49923b60d2c3ffff8f0fb99a (patch)
tree	8d5650816329cbe176a4e1fee639094c9387b260 /src/tests
parent	1c667d34bf71336d33bb76309176a993f13a2aac (diff)