Merge pull request #5127 from xkqian/xkqian/pr/add_rsa_pss_rsae
Xkqian/pr/add rsa pss rsae
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 48a6369..91cc5b6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6370,6 +6370,12 @@
MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
+
+ /* RSA algorithms */
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256,
+#endif
+
MBEDTLS_TLS13_SIG_NONE
};
@@ -6383,6 +6389,12 @@
MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
+
+ /* RSA algorithms */
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256,
+#endif
+
MBEDTLS_TLS13_SIG_NONE
};
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 12ef4d5..6b7a6f8 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -320,6 +320,11 @@
unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE];
size_t verify_hash_len;
+ void const *opts_ptr = NULL;
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ mbedtls_pk_rsassa_pss_options opts;
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
/*
* struct {
* SignatureScheme algorithm;
@@ -368,6 +373,13 @@
md_alg = MBEDTLS_MD_SHA512;
sig_alg = MBEDTLS_PK_ECDSA;
break;
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ case MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256:
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA" ) );
+ md_alg = MBEDTLS_MD_SHA256;
+ sig_alg = MBEDTLS_PK_RSASSA_PSS;
+ break;
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
goto error;
@@ -426,8 +438,21 @@
}
MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ if( sig_alg == MBEDTLS_PK_RSASSA_PSS )
+ {
+ const mbedtls_md_info_t* md_info;
+ opts.mgf1_hash_id = md_alg;
+ if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
+ {
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+ opts.expected_salt_len = mbedtls_md_get_size( md_info );
+ opts_ptr = (const void*) &opts;
+ }
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
- if( ( ret = mbedtls_pk_verify_ext( sig_alg, NULL,
+ if( ( ret = mbedtls_pk_verify_ext( sig_alg, opts_ptr,
&ssl->session_negotiate->peer_cert->pk,
md_alg, verify_hash, verify_hash_len,
p, signature_len ) ) == 0 )
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index cb299b1..204b975 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1534,6 +1534,10 @@
{
sig_alg_list[i++] = MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512;
}
+ else if( strcmp( q, "rsa_pss_rsae_sha256" ) == 0 )
+ {
+ sig_alg_list[i++] = MBEDTLS_TLS13_SIG_RSA_PSS_RSAE_SHA256;
+ }
else
{
mbedtls_printf( "unknown signature algorithm %s\n", q );
@@ -1541,6 +1545,7 @@
mbedtls_printf( "ecdsa_secp256r1_sha256 " );
mbedtls_printf( "ecdsa_secp384r1_sha384 " );
mbedtls_printf( "ecdsa_secp521r1_sha512 " );
+ mbedtls_printf( "rsa_pss_rsae_sha256 " );
mbedtls_printf( "\n" );
goto exit;
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1ac34da..d43d662 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -79,16 +79,20 @@
if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
+ O_NEXT_SRV_RSA="$OPENSSL_NEXT s_server -www -cert data_files/server2-sha256.crt -key data_files/server2.key"
O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
else
O_NEXT_SRV=false
+ O_NEXT_SRV_RSA=false
O_NEXT_CLI=false
fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
+ G_NEXT_SRV_RSA="$GNUTLS_NEXT_SERV --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key"
else
G_NEXT_SRV=false
+ G_NEXT_SRV_RSA=false
fi
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
@@ -264,7 +268,7 @@
# Space-separated list of ciphersuites supported by this build of
# Mbed TLS.
P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
- grep TLS- |
+ grep 'TLS-\|TLS1-3' |
tr -s ' \n' ' ')"
requires_ciphersuite_enabled() {
case $P_CIPHERSUITES in
@@ -1416,11 +1420,13 @@
if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
+ O_NEXT_SRV_RSA="$O_NEXT_SRV_RSA -accept $SRV_PORT"
O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
+ G_NEXT_SRV_RSA="$G_NEXT_SRV_RSA -p $SRV_PORT"
fi
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
@@ -8835,6 +8841,22 @@
-c "<= parse finished message" \
-c "HTTP/1.0 200 ok"
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+run_test "TLS 1.3 m->O AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \
+ "$O_NEXT_SRV_RSA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_3 -msg -no_middlebox -num_tickets 0" \
+ "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
+ 0 \
+ -c "ECDH curve: x25519" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+ -c "HTTP/1.0 200 ok"
+
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
@@ -8867,6 +8889,23 @@
-c "<= parse finished message" \
-c "HTTP/1.0 200 OK"
+requires_gnutls_next_no_ticket
+requires_gnutls_next_disable_tls13_compat
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
+requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
+requires_gnutls_next
+run_test "TLS 1.3 m->G AES_128_GCM_SHA256 , RSA_PSS_RSAE_SHA256" \
+ "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
+ "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
+ 0 \
+ -c "ECDH curve: x25519" \
+ -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
+ -c "Certificate Verify: Signature algorithm ( 0804 )" \
+ -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
+ -c "HTTP/1.0 200 OK"
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG