Add Context.set_sigalgs_list() and Connection.get_sigalgs()

Jean-Daniel Dupas · Jean-Daniel Dupas · commit ddc1b2ee7b8e · 2019-07-08T16:19:09.000+02:00
This is based on SSL_CTX_set1_sigalgs(3).

It let the client limits the set of signature algorithms that should be used by the server for certificate selection.
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
@@ -1207,6 +1207,25 @@ def set_cipher_list(self, cipher_list):
                 ],
             )
 
+    def set_sigalgs_list(self, sigalgs_list):
+        """
+        Set the list of signature algorithms to be used in this context.
+
+        See the OpenSSL manual for more information (e.g.
+        :manpage:`SSL_CTX_set1_sigalgs_list(3)`).
+
+        :param bytes sigalgs_list: An OpenSSL signature algorithms list.
+        :return: None
+        """
+        sigalgs_list = _text_to_bytes_and_warn("sigalgs_list", sigalgs_list)
+
+        if not isinstance(sigalgs_list, bytes):
+            raise TypeError("sigalgs_list must be a byte string.")
+
+        _openssl_assert(
+            _lib.SSL_CTX_set1_sigalgs_list(self._context, sigalgs_list) == 1
+        )
+
     def set_client_ca_list(self, certificate_authorities):
         """
         Set the list of preferred client certificate signers for this server
@@ -2019,6 +2038,25 @@ def get_cipher_list(self):
             ciphers.append(_native(_ffi.string(result)))
         return ciphers
 
+    def get_sigalgs(self):
+        """
+        Retrieve the list of signature algorithms used by the Connection object.
+        Must be used after handshake only.
+        See :manpage:`SSL_get_sigalgs(3)`.
+
+        :return: A list of SignatureScheme (int) as defined by RFC 8446.
+        """
+        sigalgs = []
+        rsign = _ffi.new("unsigned char *")
+        rhash = _ffi.new("unsigned char *")
+        for i in count():
+            result = _lib.SSL_get_sigalgs(self._ssl, i, _ffi.NULL, _ffi.NULL,
+                                          _ffi.NULL, rsign, rhash)
+            if result == 0:
+                break
+            sigalgs.append(rsign[0] + (rhash[0] << 8))
+        return sigalgs
+
     def get_client_ca_list(self):
         """
         Get CAs whose certificates are suggested for client authentication.
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
@@ -457,6 +457,82 @@ def test_set_cipher_list_no_cipher_match(self, context):
                 ],
             )
 
+    @pytest.mark.parametrize("sigalgs_list", [
+        b"RSA-PSS+SHA256:RSA-PSS+SHA384",
+        u"RSA-PSS+SHA256:RSA-PSS+SHA384",
+    ])
+    def test_set_sigalgs_list(self, context, sigalgs_list):
+        """
+        `Context.set_sigalgs_list` accepts both byte and unicode strings
+        for naming the signature algorithms which connections created
+        with the context object will send to the server.
+        """
+        context.set_sigalgs_list(sigalgs_list)
+
+    def test_set_sigalgs_list_wrong_type(self, context):
+        """
+        `Context.set_cipher_list` raises `TypeError` when passed a non-string
+        argument.
+        """
+        with pytest.raises(TypeError):
+            context.set_sigalgs_list(object())
+
+    def test_set_sigalgs_list_invalid_name(self, context):
+        """
+        `Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a
+        `"no cipher match"` reason string regardless of the TLS
+        version.
+        """
+        with pytest.raises(Error):
+            context.set_sigalgs_list(b"imaginary-sigalg")
+
+    def test_set_sigalgs_list_not_supported(self):
+        """
+        `Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a
+        `"no cipher match"` reason string regardless of the TLS
+        version.
+        """
+
+        def make_client(socket):
+            context = Context(SSLv23_METHOD)
+            context.set_sigalgs_list(b"ECDSA+SHA256:ECDSA+SHA384")
+            c = Connection(context, socket)
+            c.set_connect_state()
+            return c
+
+        with pytest.raises(Error) as excinfo:
+            loopback(client_factory=make_client)
+        assert excinfo.value.args == (
+                [
+                    (
+                        'SSL routines',
+                        'tls_choose_sigalg',
+                        'no suitable signature algorithm',
+                    ),
+                ],
+            )
+
+    def test_get_sigalgs(self):
+        """
+        `Connection.get_sigalgs` returns the signature algorithms send by the client to the server.
+         This is supported only in TLS1_2 and later.
+        """
+
+        def make_client(socket):
+            context = Context(TLSv1_2_METHOD)
+            context.set_sigalgs_list(b"RSA-PSS+SHA256:ECDSA+SHA384")
+            c = Connection(context, socket)
+            c.set_connect_state()
+            return c
+
+        srv, client = loopback(
+            server_factory=lambda s: loopback_server_factory(s, TLSv1_2_METHOD),
+            client_factory=make_client)
+
+        sigalgs = srv.get_sigalgs()
+        assert 0x0804 in sigalgs  # rsa_pss_rsae_sha256
+        assert 0x0503 in sigalgs  # ecdsa_secp384r1_sha384
+
     def test_load_client_ca(self, context, ca_file):
         """
         `Context.load_client_ca` works as far as we can tell.
