Support Ed25519 keys in BoGo.
These will be used to test the C implementation.
BUG=187
Change-Id: If397eaa51885c8140a63c5f731ce58a8ad6949aa
Reviewed-on: https://boringssl-review.googlesource.com/14452
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index ef144c3..8dc0446 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -17,6 +17,8 @@
"io"
"math/big"
"time"
+
+ "./ed25519"
)
// serverHandshakeState contains details of a server handshake in progress.
@@ -1095,6 +1097,9 @@
hs.ellipticOk = supportedCurve && supportedPointFormat
_, hs.ecdsaOk = hs.cert.PrivateKey.(*ecdsa.PrivateKey)
+ // Ed25519 also uses ECDSA certificates.
+ _, ed25519Ok := hs.cert.PrivateKey.(ed25519.PrivateKey)
+ hs.ecdsaOk = hs.ecdsaOk || ed25519Ok
// For test purposes, check that the peer never offers a session when
// renegotiating.
@@ -1859,13 +1864,13 @@
}
if len(certs) > 0 {
- var pub crypto.PublicKey
- switch key := certs[0].PublicKey.(type) {
- case *ecdsa.PublicKey, *rsa.PublicKey:
- pub = key
+ pub := getCertificatePublicKey(certs[0])
+ switch pub.(type) {
+ case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey:
+ break
default:
c.sendAlert(alertUnsupportedCertificate)
- return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
+ return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", pub)
}
c.peerCertificates = certs
return pub, nil