Merge pull request #6051 from mprse/permissions_2b_v2

Permissions 2b: TLS 1.3 sigalg selection
This commit is contained in:
Manuel Pégourié-Gonnard 2022-09-28 09:50:04 +02:00 committed by GitHub
commit e3358e14b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 235 additions and 126 deletions

View file

@ -0,0 +1,3 @@
Features
* Add support for opaque keys as the private keys associated to certificates
for authentication in TLS 1.3.

View file

@ -906,12 +906,8 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
case MBEDTLS_SSL_SIG_RSA:
switch( sig_alg )
{
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
return( key_size <= 3072 );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
return( key_size <= 7680 );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: /* Intentional fallthrough */
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: /* Intentional fallthrough */
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
return( 1 );
@ -927,43 +923,13 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
return( 0 );
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_select_sig_alg_for_certificate_verify(
mbedtls_ssl_context *ssl,
mbedtls_pk_context *own_key,
uint16_t *algorithm )
{
uint16_t *sig_alg = ssl->handshake->received_sig_algs;
*algorithm = MBEDTLS_TLS1_3_SIG_NONE;
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
{
if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) &&
mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) &&
mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) )
{
MBEDTLS_SSL_DEBUG_MSG( 3,
( "select_sig_alg_for_certificate_verify:"
"selected signature algorithm %s [%04x]",
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
*sig_alg ) );
*algorithm = *sig_alg;
return( 0 );
}
}
MBEDTLS_SSL_DEBUG_MSG( 2,
( "select_sig_alg_for_certificate_verify:"
"no suitable signature algorithm found" ) );
return( -1 );
}
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *out_len )
{
int ret;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
mbedtls_pk_context *own_key;
@ -971,14 +937,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
size_t handshake_hash_len;
unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
size_t verify_buffer_len;
mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
psa_algorithm_t psa_algorithm = PSA_ALG_NONE;
uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
uint16_t *sig_alg = ssl->handshake->received_sig_algs;
size_t signature_len = 0;
unsigned char verify_hash[PSA_HASH_MAX_SIZE];
size_t verify_hash_len;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*out_len = 0;
@ -1011,64 +972,84 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
* opaque signature<0..2^16-1>;
* } CertificateVerify;
*/
ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key,
&algorithm );
if( ret != 0 )
/* Check there is space for the algorithm identifier (2 bytes) and the
* signature length (2 bytes).
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "signature algorithm not in received or offered list." ) );
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
psa_algorithm_t psa_algorithm = PSA_ALG_NONE;
unsigned char verify_hash[PSA_HASH_MAX_SIZE];
size_t verify_hash_len;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s",
mbedtls_ssl_sig_alg_to_str( algorithm ) ) );
if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) )
continue;
if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) )
continue;
if( !mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) )
continue;
if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
*sig_alg, &pk_type, &md_alg ) != 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/* Hash verify buffer with indicated hash function */
psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg );
status = psa_hash_compute( psa_algorithm,
verify_buffer,
verify_buffer_len,
verify_hash, sizeof( verify_hash ),
&verify_hash_len );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
md_alg, verify_hash, verify_hash_len,
p + 4, (size_t)( end - ( p + 4 ) ), &signature_len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature failed with %s",
mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_pk_sign_ext", ret );
/* The signature failed. This is possible if the private key
* was not suitable for the signature operation as purposely we
* did not check its suitability completely. Let's try with
* another signature algorithm.
*/
continue;
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature with %s",
mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
break;
}
if( *sig_alg == MBEDTLS_TLS1_3_SIG_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no suitable signature algorithm" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify with %s",
mbedtls_ssl_sig_alg_to_str( algorithm )) );
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
MBEDTLS_PUT_UINT16_BE( signature_len, p, 2 );
if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
algorithm, &pk_type, &md_alg ) != 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
*out_len = 4 + signature_len;
/* Check there is space for the algorithm identifier (2 bytes) and the
* signature length (2 bytes).
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
MBEDTLS_PUT_UINT16_BE( algorithm, p, 0 );
p += 2;
/* Hash verify buffer with indicated hash function */
psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg );
status = psa_hash_compute( psa_algorithm,
verify_buffer,
verify_buffer_len,
verify_hash,sizeof( verify_hash ),
&verify_hash_len );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
md_alg, verify_hash, verify_hash_len,
p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
return( ret );
}
MBEDTLS_PUT_UINT16_BE( signature_len, p, 0 );
p += 2 + signature_len;
*out_len = (size_t)( p - buf );
return( ret );
return( 0 );
}
int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )

View file

@ -1111,6 +1111,36 @@ static int ssl_tls13_determine_key_exchange_mode( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg( uint16_t sig_alg )
{
switch( sig_alg )
{
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
return( PSA_ALG_ECDSA( PSA_ALG_SHA_256 ) );
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
return( PSA_ALG_ECDSA( PSA_ALG_SHA_384 ) );
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
return( PSA_ALG_ECDSA( PSA_ALG_SHA_512 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_384 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_512 ) );
default:
return( PSA_ALG_NONE );
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Pick best ( private key, certificate chain ) pair based on the signature
* algorithms supported by the client.
@ -1136,9 +1166,19 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) )
continue;
if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) )
continue;
for( key_cert = key_cert_list; key_cert != NULL;
key_cert = key_cert->next )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t psa_alg = PSA_ALG_NONE;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate",
key_cert->cert );
@ -1162,8 +1202,18 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
"check signature algorithm %s [%04x]",
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
*sig_alg ) );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg( *sig_alg );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
*sig_alg, &key_cert->cert->pk ) )
*sig_alg, &key_cert->cert->pk )
#if defined(MBEDTLS_USE_PSA_CRYPTO)
&& psa_alg != PSA_ALG_NONE &&
mbedtls_pk_can_do_ext( &key_cert->cert->pk, psa_alg,
PSA_KEY_USAGE_SIGN_HASH ) == 1
#endif /* MBEDTLS_USE_PSA_CRYPTO */
)
{
ssl->handshake->key_cert = key_cert;
MBEDTLS_SSL_DEBUG_MSG( 3,

View file

@ -346,10 +346,11 @@ int main( void )
#define USAGE_KEY_OPAQUE_ALGS \
" key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n" \
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
@ -1821,7 +1822,8 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf( " ok (key type: %s)\n",
strlen( opt.key_file ) ? mbedtls_pk_get_name( &pkey ) : "none" );
strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ?
mbedtls_pk_get_name( &pkey ) : "none" );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/*

View file

@ -458,15 +458,17 @@ int main( void )
#endif
#define USAGE_KEY_OPAQUE_ALGS \
" key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n" \
" key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n" \
" key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
" comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \

View file

@ -205,6 +205,9 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2
if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
strcmp( *alg1, "rsa-decrypt" ) != 0 &&
strcmp( *alg1, "ecdsa-sign" ) != 0 &&
strcmp( *alg1, "ecdh" ) != 0 )
@ -212,6 +215,9 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2
if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 &&
strcmp( *alg2, "rsa-sign-pss" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
strcmp( *alg2, "rsa-decrypt" ) != 0 &&
strcmp( *alg2, "ecdsa-sign" ) != 0 &&
strcmp( *alg2, "ecdh" ) != 0 &&
@ -245,6 +251,21 @@ int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss-sha256" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss-sha384" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss-sha512" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-decrypt" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;

View file

@ -2042,6 +2042,59 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA"
-S "error" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_RSA_C
run_test "TLS 1.3 opaque key: no suitable algorithm found" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
1 \
-s "The SSL configuration is tls13 only" \
-c "key type: Opaque" \
-s "key types: Opaque, Opaque" \
-c "error" \
-s "no suitable signature algorithm"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_RSA_C
run_test "TLS 1.3 opaque key: suitable algorithm found" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
0 \
-s "The SSL configuration is tls13 only" \
-c "key type: Opaque" \
-s "key types: Opaque, Opaque" \
-C "error" \
-S "error" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_RSA_C
run_test "TLS 1.3 opaque key: first client sig alg not suitable" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \
"$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \
0 \
-s "The SSL configuration is tls13 only" \
-s "key types: Opaque, Opaque" \
-s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \
-s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-C "error" \
-S "error" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_RSA_C
run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
0 \
-s "The SSL configuration is tls13 only" \
-c "key type: Opaque" \
-s "key types: Opaque, Opaque" \
-C "error" \
-S "error" \
# Test using a RSA opaque private key for server authentication
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@ -11520,7 +11573,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - ope
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \
-c "no suitable signature algorithm" \
-C "unknown pk type"
requires_gnutls_tls1_3
@ -11538,7 +11591,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - gnu
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \
-c "no suitable signature algorithm" \
-C "unknown pk type"
# Test using an opaque private key for client authentication
@ -11792,7 +11845,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \
-c "no suitable signature algorithm" \
-C "unkown pk type"
requires_gnutls_tls1_3
@ -11811,7 +11864,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \
-c "no suitable signature algorithm" \
-C "unkown pk type"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12540,7 +12593,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->O" \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
-c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
-c "CertificateVerify signature with rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls_tls1_3
@ -12556,7 +12609,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->G" \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
-c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
-c "CertificateVerify signature with rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12573,8 +12626,8 @@ run_test "TLS 1.3: Check signature algorithm order, m->m" \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
-c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
-s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
-c "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]"
@ -12593,7 +12646,7 @@ run_test "TLS 1.3: Check signature algorithm order, O->m" \
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \
0 \
-c "TLSv1.3" \
-s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
-s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
requires_gnutls_tls1_3
@ -12612,7 +12665,7 @@ run_test "TLS 1.3: Check signature algorithm order, G->m" \
0 \
-c "Negotiated version: 3.4" \
-c "HTTP/1.0 200 [Oo][Kk]" \
-s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
-s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
requires_gnutls_tls1_3
@ -12629,8 +12682,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
--x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \
--priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \
1 \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
-s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
-S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12646,8 +12698,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \
-cert data_files/server2-sha256.crt -key data_files/server2.key \
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \
1 \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
-s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
-S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@ -12662,8 +12713,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \
"$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \
1 \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
-s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
-S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12719,7 +12769,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->O" \
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
-c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
-c "no suitable signature algorithm"
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12733,7 +12783,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->G" \
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
-c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
-c "no suitable signature algorithm"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@ -12748,7 +12798,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->m" \
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
-c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
-c "no suitable signature algorithm"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3