Add tests for deprecated sigalgs with TLS 1.3 ClientHellos

    EMPTY_SIG_ALGS_EXT => 1,

    NO_KNOWN_SIG_ALGS => 2,

    NO_PSS_SIG_ALGS => 3,

    PSS_ONLY_SIG_ALGS => 4

    PSS_ONLY_SIG_ALGS => 4,

    PURE_SIGALGS => 5,

    COMPAT_SIGALGS => 6

};

#Note: Throughout this test we override the default ciphersuites where TLSv1.2

#Test 1: Default sig algs should succeed

$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";

plan tests => 16;

plan tests => 18;

ok(TLSProxy::Message->success, "Default sigalgs");

my $testtype;

    ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA");

}

my ($dsa_status, $sha1_status, $sha224_status);

SKIP: {

    skip "TLSv1.3 disabled", 2 if disabled("tls1_3") || disabled("dsa");

    #Test 17: signature_algorithms with 1.3-only ClientHello

    $testtype = PURE_SIGALGS;

    $dsa_status = $sha1_status = $sha224_status = 0;

    $proxy->clear();

    $proxy->clientflags("-tls1_3");

    $proxy->filter(\&modify_sigalgs_filter);

    $proxy->start();

    ok($dsa_status && $sha1_status && $sha224_status,

       "DSA/SHA2 sigalg sent for 1.3-only ClientHello");

    #Test 18: signature_algorithms with backwards compatible ClientHello

    $testtype = COMPAT_SIGALGS;

    $dsa_status = $sha1_status = $sha224_status = 0;

    $proxy->clear();

    $proxy->filter(\&modify_sigalgs_filter);

    $proxy->start();

    ok($dsa_status && $sha1_status && $sha224_status,

       "DSA sigalg not sent for compat ClientHello");

}

sub sigalgs_filter

        }

    }

}

sub modify_sigalgs_filter

{

    my $proxy = shift;

    # We're only interested in the initial ClientHello

    return if ($proxy->flight != 0);

    foreach my $message (@{$proxy->message_list}) {

        my $ext;

        my @algs;

        if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {

            if ($testtype == PURE_SIGALGS) {

                my $ok = 1;

                $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};

                @algs = unpack('S>*', $ext);

                # unpack will unpack the length as well

                shift @algs;

                foreach (@algs) {

                    if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256

                        || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384

                        || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512

                        || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224

                        || $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1

                        || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1

                        || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {

                        $ok = 0;

                    }

                }

                $sha1_status = $dsa_status = $sha224_status = 1 if ($ok);

            } elsif ($testtype == COMPAT_SIGALGS) {

                $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};

                @algs = unpack('S>*', $ext);

                # unpack will unpack the length as well

                shift @algs;

                foreach (@algs) {

                    if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256

                        || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384

                        || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) {

                        $dsa_status = 1;

                    }

                    if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1

                        || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1

                        || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {

                        $sha1_status = 1;

                    }

                    if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224

                        || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224

                        || $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) {

                        $sha224_status = 1;

                    }

                }

            }

        }

    }

}