From a83014db4a2f734af9b5b65ca022f016d9da6b2d Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Mon, 22 Nov 2021 07:53:34 +0000 Subject: [PATCH 1/5] TLS1.3: Add signature scheme pkcs1 v1.5 Signed-off-by: XiaokangQian --- library/ssl_tls.c | 2 ++ library/ssl_tls13_generic.c | 7 ++++++- tests/ssl-opt.sh | 38 +++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b07d07ab1a..0d54ae9b0b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6376,6 +6376,7 @@ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256, #endif + MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256, MBEDTLS_TLS13_SIG_NONE }; @@ -6395,6 +6396,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256, #endif + MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256, MBEDTLS_TLS13_SIG_NONE }; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 2dd5c50313..d5a67a922c 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -376,11 +376,16 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, break; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256: - MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA" ) ); + MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PSS" ) ); md_alg = MBEDTLS_MD_SHA256; sig_alg = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + case MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256: + MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PKCS1 V1.5" ) ); + md_alg = MBEDTLS_MD_SHA256; + sig_alg = MBEDTLS_PK_RSA; + break; default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); goto error; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d43d66260e..c5f693035a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8907,6 +8907,44 @@ run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ -c "HTTP/1.0 200 OK" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_gnutls_next +run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PKCSV15_SHA256" \ + "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ + "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \ + 0 \ + -c "tls1_3 client state: 0" \ + -c "tls1_3 client state: 2" \ + -c "tls1_3 client state: 19" \ + -c "tls1_3 client state: 5" \ + -c "tls1_3 client state: 3" \ + -c "tls1_3 client state: 9" \ + -c "tls1_3 client state: 13" \ + -c "tls1_3 client state: 11" \ + -c "tls1_3 client state: 14" \ + -c "tls1_3 client state: 15" \ + -c "<= ssl_tls1_3_process_server_hello" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -s "Ephemeral EC Diffie-Hellman parameters" \ + -s "Version: TLS1.3" \ + -s "Cipher: AES-128-GCM" \ + -S "Client Signature:" \ + -s "Server Signature: RSA-PSS-RSAE-SHA256" \ + -c "ECDH curve: x25519" \ + -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ + -c "Certificate Verify: Signature algorithm ( 0804 )" \ + -c "=> ssl_tls1_3_process_server_hello" \ + -c "<= parse encrypted extensions" \ + -c "Certificate verification flags clear" \ + -c "=> parse certificate verify" \ + -c "<= parse certificate verify" \ + -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ + -c "<= parse finished message" \ + -c "HTTP/1.0 200 OK" + # Test heap memory usage after handshake requires_config_enabled MBEDTLS_MEMORY_DEBUG requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C From 7285067a8cdd884099468a62ceaa3b0d767ff24b Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Mon, 22 Nov 2021 10:12:48 +0000 Subject: [PATCH 2/5] Rebase code and remove useless state in test script Signed-off-by: XiaokangQian --- tests/ssl-opt.sh | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c5f693035a..8e22a918f7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8916,17 +8916,6 @@ run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PKCSV15_SHA256" \ "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \ 0 \ - -c "tls1_3 client state: 0" \ - -c "tls1_3 client state: 2" \ - -c "tls1_3 client state: 19" \ - -c "tls1_3 client state: 5" \ - -c "tls1_3 client state: 3" \ - -c "tls1_3 client state: 9" \ - -c "tls1_3 client state: 13" \ - -c "tls1_3 client state: 11" \ - -c "tls1_3 client state: 14" \ - -c "tls1_3 client state: 15" \ - -c "<= ssl_tls1_3_process_server_hello" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -s "Ephemeral EC Diffie-Hellman parameters" \ -s "Version: TLS1.3" \ @@ -8936,13 +8925,7 @@ run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PKCSV15_SHA256" \ -c "ECDH curve: x25519" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "=> ssl_tls1_3_process_server_hello" \ - -c "<= parse encrypted extensions" \ - -c "Certificate verification flags clear" \ - -c "=> parse certificate verify" \ - -c "<= parse certificate verify" \ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "<= parse finished message" \ -c "HTTP/1.0 200 OK" # Test heap memory usage after handshake From 4d2329fd8acfaf7fdf4bc5446ace48cc1abba731 Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Wed, 24 Nov 2021 02:27:38 +0000 Subject: [PATCH 3/5] Change code based on reviews Remove support signature PKCS1 v1.5 in CertificateVerify. Remove useless server states in test script Signed-off-by: XiaokangQian --- library/ssl_tls13_generic.c | 5 ----- programs/ssl/ssl_client2.c | 5 +++++ tests/ssl-opt.sh | 5 ----- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d5a67a922c..f9ad5dade8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -381,11 +381,6 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, sig_alg = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - case MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256: - MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PKCS1 V1.5" ) ); - md_alg = MBEDTLS_MD_SHA256; - sig_alg = MBEDTLS_PK_RSA; - break; default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); goto error; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 204b9754aa..214f471616 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1538,6 +1538,10 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256; } + else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PKCS1_SHA256; + } else { mbedtls_printf( "unknown signature algorithm %s\n", q ); @@ -1546,6 +1550,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "ecdsa_secp384r1_sha384 " ); mbedtls_printf( "ecdsa_secp521r1_sha512 " ); mbedtls_printf( "rsa_pss_rsae_sha256 " ); + mbedtls_printf( "rsa_pkcs1_sha256 " ); mbedtls_printf( "\n" ); goto exit; } diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8e22a918f7..dc29d0b21f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8916,12 +8916,7 @@ run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PKCSV15_SHA256" \ "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \ 0 \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -s "Ephemeral EC Diffie-Hellman parameters" \ - -s "Version: TLS1.3" \ - -s "Cipher: AES-128-GCM" \ - -S "Client Signature:" \ - -s "Server Signature: RSA-PSS-RSAE-SHA256" \ -c "ECDH curve: x25519" \ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ -c "Certificate Verify: Signature algorithm ( 0804 )" \ From d39a18d17988847398e5445776a77df0518bae33 Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Wed, 24 Nov 2021 08:12:54 +0000 Subject: [PATCH 4/5] Disable psa support in rsa pkcs1 test Signed-off-by: XiaokangQian --- tests/ssl-opt.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index dc29d0b21f..ecfc0f41e1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8911,6 +8911,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT +requires_config_disabled MBEDTLS_USE_PSA_CRYPTO requires_gnutls_next run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PKCSV15_SHA256" \ "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ From b112da7f2f9e06afb348806374b6fff468722e37 Mon Sep 17 00:00:00 2001 From: XiaokangQian Date: Thu, 25 Nov 2021 09:05:44 +0000 Subject: [PATCH 5/5] Remove the test case which has been covered Signed-off-by: XiaokangQian --- tests/ssl-opt.sh | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ecfc0f41e1..d43d66260e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8907,23 +8907,6 @@ run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ -c "HTTP/1.0 200 OK" -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL -requires_config_enabled MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_CLI_C -requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT -requires_config_disabled MBEDTLS_USE_PSA_CRYPTO -requires_gnutls_next -run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PKCSV15_SHA256" \ - "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ - "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \ - 0 \ - -s "Ephemeral EC Diffie-Hellman parameters" \ - -c "ECDH curve: x25519" \ - -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ - -c "Certificate Verify: Signature algorithm ( 0804 )" \ - -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ - -c "HTTP/1.0 200 OK" - # Test heap memory usage after handshake requires_config_enabled MBEDTLS_MEMORY_DEBUG requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C