diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 119826f727..783b823bd9 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2058,6 +2058,8 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( } return( 0 ); } + + #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ static inline int mbedtls_ssl_sig_alg_is_supported( @@ -2141,6 +2143,102 @@ static inline int mbedtls_ssl_sig_alg_is_supported( ((void) sig_alg); return( 0 ); } + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + +static inline int mbedtls_ssl_tls13_sig_alg_is_available_for_pk( + mbedtls_ssl_context *ssl, + uint16_t sig_alg, + mbedtls_pk_context *key) +{ + mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key ); + size_t key_size = mbedtls_pk_get_bitlen( key ); + + if( !mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) ) + return( 0 ); + + switch( pk_type ) + { +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + switch( key_size ) + { +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case 256: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 ); +#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case 384: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 ); +#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case 521: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 ); +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + default: + break; + } + break; +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_SSL_SIG_RSA: + switch( sig_alg ) + { +#if defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + return( key_size <= 2048 ); +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + return( key_size <= 3072 ); +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + return( key_size <= 4096 ); +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V21 */ + +#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: + return( key_size <= 2048 ); +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: + return( key_size <= 3072 ); +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: + return( key_size <= 4096 ); +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V15 */ + + default: + break; + } + break; +#endif /* MBEDTLS_RSA_C */ + + default: + break; + } + + return( 0 ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -2276,10 +2374,6 @@ int mbedtls_ssl_parse_server_name_ext( mbedtls_ssl_context *ssl, const unsigned char *end ); #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -int mbedtls_ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, - mbedtls_pk_context *own_key, - uint16_t *algorithm ); - #if defined(MBEDTLS_SSL_ALPN) int mbedtls_ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 893de43946..3ab6cc2076 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -854,120 +854,25 @@ cleanup: /* * STATE HANDLING: Output Certificate Verify */ -int mbedtls_ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, - mbedtls_pk_context *own_key, - uint16_t *algorithm ) + +static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, + mbedtls_pk_context *own_key, + uint16_t *algorithm ) { - mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key ); - /* Determine the size of the key */ - size_t own_key_size = mbedtls_pk_get_bitlen( own_key ); + uint16_t *sig_alg = ssl->handshake->received_sig_algs; + *algorithm = MBEDTLS_TLS1_3_SIG_NONE; - ((void) own_key_size); - - switch( sig ) + for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) { -#if defined(MBEDTLS_ECDSA_C) - case MBEDTLS_SSL_SIG_ECDSA: - switch( own_key_size ) - { - case 256: - *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - return( 0 ); - case 384: - *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - return( 0 ); - case 521: - *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - return( 0 ); - default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown key size: %" - MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - break; - } - break; -#endif /* MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_SSL_SIG_RSA: -#if defined(MBEDTLS_PKCS1_V21) -#if defined(MBEDTLS_SHA256_C) - if( own_key_size <= 2048 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA384_C) - if( own_key_size <= 3072 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA384_C */ -#if defined(MBEDTLS_SHA512_C) - if( own_key_size <= 4096 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V21 */ -#if defined(MBEDTLS_PKCS1_V15) -#if defined(MBEDTLS_SHA256_C) - if( own_key_size <= 2048 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA384_C) - if( own_key_size <= 3072 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA384_C */ -#if defined(MBEDTLS_SHA512_C) - if( own_key_size <= 4096 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) ) - { - *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; - return( 0 ); - } - else -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V15 */ - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown key size: %" - MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - } - break; -#endif /* MBEDTLS_RSA_C */ - default: - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "unknown signature type : %u", sig ) ); - break; + if( mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg) && + mbedtls_ssl_tls13_sig_alg_is_available_for_pk( + ssl, *sig_alg, own_key ) ) + { + *algorithm = *sig_alg; + return( 0 ); + } } + return( -1 ); } @@ -1024,7 +929,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - ret = mbedtls_ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm ); + ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm ); if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index ffbbbcfa5e..0ebad933f2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -352,7 +352,6 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) { mbedtls_ssl_key_cert *key_cert, *key_cert_list; const uint16_t *sig_alg = ssl->handshake->received_sig_algs; - uint16_t key_sig_alg; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ssl->handshake->sni_key_cert != NULL ) @@ -372,7 +371,6 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) for( key_cert = key_cert_list; key_cert != NULL; key_cert = key_cert->next ) { - int ret; MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate", key_cert->cert ); @@ -391,11 +389,9 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) continue; } - ret = mbedtls_ssl_tls13_get_sig_alg_from_pk( - ssl, &key_cert->cert->pk, &key_sig_alg ); - if( ret != 0 ) - continue; - if( *sig_alg == key_sig_alg ) + MBEDTLS_SSL_DEBUG_MSG( 2,("Try get sig alg %04x",*sig_alg)); + if( mbedtls_ssl_tls13_sig_alg_is_available_for_pk( + ssl, *sig_alg, &key_cert->cert->pk ) ) { ssl->handshake->key_cert = key_cert; MBEDTLS_SSL_DEBUG_CRT( @@ -406,6 +402,7 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl ) } } + MBEDTLS_SSL_DEBUG_MSG( 2,("No signature algorithm found")); return( -1 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C &&