mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-04 06:40:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #5127 from xkqian/xkqian/pr/add_rsa_pss_rsae

Browse Source 
Xkqian/pr/add rsa pss rsae
This commit is contained in:
Ronald Cron 2021-11-24 14:22:30 +01:00 committed by GitHub
commit b92b88cc4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 83 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
library/ssl_tls.c
View File

@ -6370,6 +6370,12 @@ static uint16_t ssl_preset_default_sig_algs[] = {
MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512, MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */ #endif /* MBEDTLS_ECDSA_C */
/* RSA algorithms */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256,
#endif
MBEDTLS_TLS13_SIG_NONE MBEDTLS_TLS13_SIG_NONE
}; };
@ -6383,6 +6389,12 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = {
MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384, MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */ #endif /* MBEDTLS_ECDSA_C */
/* RSA algorithms */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256,
#endif
MBEDTLS_TLS13_SIG_NONE MBEDTLS_TLS13_SIG_NONE
}; };
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */

27
library/ssl_tls13_generic.c
View File

@ -320,6 +320,11 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE]; unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE];
size_t verify_hash_len; size_t verify_hash_len;
void const *opts_ptr = NULL;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
mbedtls_pk_rsassa_pss_options opts;
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
/* /*
* struct { * struct {
* SignatureScheme algorithm; * SignatureScheme algorithm;
@ -368,6 +373,13 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
md_alg = MBEDTLS_MD_SHA512; md_alg = MBEDTLS_MD_SHA512;
sig_alg = MBEDTLS_PK_ECDSA; sig_alg = MBEDTLS_PK_ECDSA;
break; break;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
case MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256:
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA" ) );
md_alg = MBEDTLS_MD_SHA256;
sig_alg = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
default: default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
goto error; goto error;
@ -426,8 +438,21 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
} }
MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if( sig_alg == MBEDTLS_PK_RSASSA_PSS )
{
const mbedtls_md_info_t* md_info;
opts.mgf1_hash_id = md_alg;
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
opts.expected_salt_len = mbedtls_md_get_size( md_info );
opts_ptr = (const void*) &opts;
}
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
if( ( ret = mbedtls_pk_verify_ext( sig_alg, NULL, if( ( ret = mbedtls_pk_verify_ext( sig_alg, opts_ptr,
&ssl->session_negotiate->peer_cert->pk, &ssl->session_negotiate->peer_cert->pk,
md_alg, verify_hash, verify_hash_len, md_alg, verify_hash, verify_hash_len,
p, signature_len ) ) == 0 ) p, signature_len ) ) == 0 )

5
programs/ssl/ssl_client2.c
View File

@ -1534,6 +1534,10 @@ int main( int argc, char *argv[] )
{ {
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512; sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
} }
else if( strcmp( q, "rsa_pss_rsae_sha256" ) == 0 )
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256;
}
else else
{ {
mbedtls_printf( "unknown signature algorithm %s\n", q ); mbedtls_printf( "unknown signature algorithm %s\n", q );
@ -1541,6 +1545,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( "ecdsa_secp256r1_sha256 " ); mbedtls_printf( "ecdsa_secp256r1_sha256 " );
mbedtls_printf( "ecdsa_secp384r1_sha384 " ); mbedtls_printf( "ecdsa_secp384r1_sha384 " );
mbedtls_printf( "ecdsa_secp521r1_sha512 " ); mbedtls_printf( "ecdsa_secp521r1_sha512 " );
mbedtls_printf( "rsa_pss_rsae_sha256 " );
mbedtls_printf( "\n" ); mbedtls_printf( "\n" );
goto exit; goto exit;
} }

41
tests/ssl-opt.sh
View File

@ -79,16 +79,20 @@ fi
if [ -n "${OPENSSL_NEXT:-}" ]; then if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
O_NEXT_SRV_RSA="$OPENSSL_NEXT s_server -www -cert data_files/server2-sha256.crt -key data_files/server2.key"
O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
else else
O_NEXT_SRV=false O_NEXT_SRV=false
O_NEXT_SRV_RSA=false
O_NEXT_CLI=false O_NEXT_CLI=false
fi fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
G_NEXT_SRV_RSA="$GNUTLS_NEXT_SERV --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key"
else else
G_NEXT_SRV=false G_NEXT_SRV=false
G_NEXT_SRV_RSA=false
fi fi
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
@ -264,7 +268,7 @@ requires_config_value_equals() {
# Space-separated list of ciphersuites supported by this build of # Space-separated list of ciphersuites supported by this build of
# Mbed TLS. # Mbed TLS.
P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null | P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
grep TLS- | grep 'TLS-\|TLS1-3' |
tr -s ' \n' ' ')" tr -s ' \n' ' ')"
requires_ciphersuite_enabled() { requires_ciphersuite_enabled() {
case $P_CIPHERSUITES in case $P_CIPHERSUITES in
@ -1416,11 +1420,13 @@ fi
if [ -n "${OPENSSL_NEXT:-}" ]; then if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
O_NEXT_SRV_RSA="$O_NEXT_SRV_RSA -accept $SRV_PORT"
O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
fi fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
G_NEXT_SRV_RSA="$G_NEXT_SRV_RSA -p $SRV_PORT"
fi fi
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
@ -8835,6 +8841,22 @@ run_test "TLS1.3: minimal feature sets - openssl" \
-c "<= parse finished message" \ -c "<= parse finished message" \
-c "HTTP/1.0 200 ok" -c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
run_test "TLS 1.3 m->O AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \
"$O_NEXT_SRV_RSA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_3 -msg -no_middlebox -num_tickets 0" \
"$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
0 \
-c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
-c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-c "HTTP/1.0 200 ok"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_gnutls_next_no_ticket requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat requires_gnutls_next_disable_tls13_compat
@ -8867,6 +8889,23 @@ run_test "TLS1.3: minimal feature sets - gnutls" \
-c "<= parse finished message" \ -c "<= parse finished message" \
-c "HTTP/1.0 200 OK" -c "HTTP/1.0 200 OK"
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
requires_gnutls_next
run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \
"$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
"$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
0 \
-c "ECDH curve: x25519" \
-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
-c "Certificate Verify: Signature algorithm ( 0804 )" \
-c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
-c "HTTP/1.0 200 OK"
# Test heap memory usage after handshake # Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG requires_config_enabled MBEDTLS_MEMORY_DEBUG