yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #6051 from mprse/permissions_2b_v2

Browse source 
Permissions 2b: TLS 1.3 sigalg selection
This commit is contained in:
Manuel Pégourié-Gonnard 2022-09-28 09:50:04 +02:00 committed by GitHub
commit e3358e14b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 235 additions and 126 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog.d/tls13_sig_alg_selection.txt Normal file
View file

@ -0,0 +1,3 @@
Features
* Add support for opaque keys as the private keys associated to certificates
for authentication in TLS 1.3.

165
library/ssl_tls13_generic.c
View file

@ -906,12 +906,8 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
case MBEDTLS_SSL_SIG_RSA: case MBEDTLS_SSL_SIG_RSA:
switch( sig_alg ) switch( sig_alg )
{ {
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: /* Intentional fallthrough */
return( key_size <= 3072 ); case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: /* Intentional fallthrough */
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
return( key_size <= 7680 );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
return( 1 ); return( 1 );
@ -927,43 +923,13 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
return( 0 ); return( 0 );
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_select_sig_alg_for_certificate_verify(
mbedtls_ssl_context *ssl,
mbedtls_pk_context *own_key,
uint16_t *algorithm )
{
uint16_t *sig_alg = ssl->handshake->received_sig_algs;
*algorithm = MBEDTLS_TLS1_3_SIG_NONE;
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
{
if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) &&
mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) &&
mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) )
{
MBEDTLS_SSL_DEBUG_MSG( 3,
( "select_sig_alg_for_certificate_verify:"
"selected signature algorithm %s [%04x]",
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
*sig_alg ) );
*algorithm = *sig_alg;
return( 0 );
}
}
MBEDTLS_SSL_DEBUG_MSG( 2,
( "select_sig_alg_for_certificate_verify:"
"no suitable signature algorithm found" ) );
return( -1 );
}
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
unsigned char *buf, unsigned char *buf,
unsigned char *end, unsigned char *end,
size_t *out_len ) size_t *out_len )
{ {
int ret; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf; unsigned char *p = buf;
mbedtls_pk_context *own_key; mbedtls_pk_context *own_key;
@ -971,14 +937,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
size_t handshake_hash_len; size_t handshake_hash_len;
unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
size_t verify_buffer_len; size_t verify_buffer_len;
mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; uint16_t *sig_alg = ssl->handshake->received_sig_algs;
psa_algorithm_t psa_algorithm = PSA_ALG_NONE;
uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
size_t signature_len = 0; size_t signature_len = 0;
unsigned char verify_hash[PSA_HASH_MAX_SIZE];
size_t verify_hash_len;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*out_len = 0; *out_len = 0;
@ -1011,64 +972,84 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
* opaque signature<0..2^16-1>; * opaque signature<0..2^16-1>;
* } CertificateVerify; * } CertificateVerify;
*/ */
ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key, /* Check there is space for the algorithm identifier (2 bytes) and the
&algorithm ); * signature length (2 bytes).
if( ret != 0 ) */
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
( "signature algorithm not in received or offered list." ) ); mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
psa_algorithm_t psa_algorithm = PSA_ALG_NONE;
unsigned char verify_hash[PSA_HASH_MAX_SIZE];
size_t verify_hash_len;
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s", if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) )
mbedtls_ssl_sig_alg_to_str( algorithm ) ) ); continue;
if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) )
continue;
if( !mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) )
continue;
if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
*sig_alg, &pk_type, &md_alg ) != 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/* Hash verify buffer with indicated hash function */
psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg );
status = psa_hash_compute( psa_algorithm,
verify_buffer,
verify_buffer_len,
verify_hash, sizeof( verify_hash ),
&verify_hash_len );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
md_alg, verify_hash, verify_hash_len,
p + 4, (size_t)( end - ( p + 4 ) ), &signature_len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature failed with %s",
mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_pk_sign_ext", ret );
/* The signature failed. This is possible if the private key
* was not suitable for the signature operation as purposely we
* did not check its suitability completely. Let's try with
* another signature algorithm.
*/
continue;
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature with %s",
mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
break;
}
if( *sig_alg == MBEDTLS_TLS1_3_SIG_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "no suitable signature algorithm" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
} }
MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify with %s", MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
mbedtls_ssl_sig_alg_to_str( algorithm )) ); MBEDTLS_PUT_UINT16_BE( signature_len, p, 2 );
if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( *out_len = 4 + signature_len;
algorithm, &pk_type, &md_alg ) != 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/* Check there is space for the algorithm identifier (2 bytes) and the return( 0 );
* signature length (2 bytes).
*/
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
MBEDTLS_PUT_UINT16_BE( algorithm, p, 0 );
p += 2;
/* Hash verify buffer with indicated hash function */
psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg );
status = psa_hash_compute( psa_algorithm,
verify_buffer,
verify_buffer_len,
verify_hash,sizeof( verify_hash ),
&verify_hash_len );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
md_alg, verify_hash, verify_hash_len,
p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
return( ret );
}
MBEDTLS_PUT_UINT16_BE( signature_len, p, 0 );
p += 2 + signature_len;
*out_len = (size_t)( p - buf );
return( ret );
} }
int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl ) int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )

52
library/ssl_tls13_server.c
View file

@ -1111,6 +1111,36 @@ static int ssl_tls13_determine_key_exchange_mode( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg( uint16_t sig_alg )
{
switch( sig_alg )
{
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
return( PSA_ALG_ECDSA( PSA_ALG_SHA_256 ) );
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
return( PSA_ALG_ECDSA( PSA_ALG_SHA_384 ) );
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
return( PSA_ALG_ECDSA( PSA_ALG_SHA_512 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_384 ) );
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_512 ) );
default:
return( PSA_ALG_NONE );
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* /*
* Pick best ( private key, certificate chain ) pair based on the signature * Pick best ( private key, certificate chain ) pair based on the signature
* algorithms supported by the client. * algorithms supported by the client.
@ -1136,9 +1166,19 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{ {
if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) )
continue;
if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) )
continue;
for( key_cert = key_cert_list; key_cert != NULL; for( key_cert = key_cert_list; key_cert != NULL;
key_cert = key_cert->next ) key_cert = key_cert->next )
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t psa_alg = PSA_ALG_NONE;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate", MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate",
key_cert->cert ); key_cert->cert );
@ -1162,8 +1202,18 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
"check signature algorithm %s [%04x]", "check signature algorithm %s [%04x]",
mbedtls_ssl_sig_alg_to_str( *sig_alg ), mbedtls_ssl_sig_alg_to_str( *sig_alg ),
*sig_alg ) ); *sig_alg ) );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg( *sig_alg );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match( if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
*sig_alg, &key_cert->cert->pk ) ) *sig_alg, &key_cert->cert->pk )
#if defined(MBEDTLS_USE_PSA_CRYPTO)
&& psa_alg != PSA_ALG_NONE &&
mbedtls_pk_can_do_ext( &key_cert->cert->pk, psa_alg,
PSA_KEY_USAGE_SIGN_HASH ) == 1
#endif /* MBEDTLS_USE_PSA_CRYPTO */
)
{ {
ssl->handshake->key_cert = key_cert; ssl->handshake->key_cert = key_cert;
MBEDTLS_SSL_DEBUG_MSG( 3, MBEDTLS_SSL_DEBUG_MSG( 3,

12
programs/ssl/ssl_client2.c
View file

@ -346,10 +346,11 @@ int main( void )
#define USAGE_KEY_OPAQUE_ALGS \ #define USAGE_KEY_OPAQUE_ALGS \
" key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
" comma-separated pair of values among the following:\n" \ " comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \ " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
" the second value).\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n" \
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
@ -1821,7 +1822,8 @@ int main( int argc, char *argv[] )
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf( " ok (key type: %s)\n", mbedtls_printf( " ok (key type: %s)\n",
strlen( opt.key_file ) ? mbedtls_pk_get_name( &pkey ) : "none" ); strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ?
mbedtls_pk_get_name( &pkey ) : "none" );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
/* /*

20
programs/ssl/ssl_server2.c
View file

@ -458,15 +458,17 @@ int main( void )
#endif #endif
#define USAGE_KEY_OPAQUE_ALGS \ #define USAGE_KEY_OPAQUE_ALGS \
" key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
" comma-separated pair of values among the following:\n" \ " comma-separated pair of values among the following:\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \ " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
" the second value).\n" \ " ecdsa-sign, ecdh, none (only acceptable for\n" \
" key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ " the second value).\n" \
" comma-separated pair of values among the following:\n" \ " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
" rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ " comma-separated pair of values among the following:\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
" ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n" " the second value).\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \

21
programs/ssl/ssl_test_lib.c
View file

@ -205,6 +205,9 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2
if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 && if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss" ) != 0 && strcmp( *alg1, "rsa-sign-pss" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
strcmp( *alg1, "rsa-decrypt" ) != 0 && strcmp( *alg1, "rsa-decrypt" ) != 0 &&
strcmp( *alg1, "ecdsa-sign" ) != 0 && strcmp( *alg1, "ecdsa-sign" ) != 0 &&
strcmp( *alg1, "ecdh" ) != 0 ) strcmp( *alg1, "ecdh" ) != 0 )
@ -212,6 +215,9 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2
if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 && if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 &&
strcmp( *alg2, "rsa-sign-pss" ) != 0 && strcmp( *alg2, "rsa-sign-pss" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
strcmp( *alg2, "rsa-decrypt" ) != 0 && strcmp( *alg2, "rsa-decrypt" ) != 0 &&
strcmp( *alg2, "ecdsa-sign" ) != 0 && strcmp( *alg2, "ecdsa-sign" ) != 0 &&
strcmp( *alg2, "ecdh" ) != 0 && strcmp( *alg2, "ecdh" ) != 0 &&
@ -245,6 +251,21 @@ int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
*usage |= PSA_KEY_USAGE_SIGN_HASH; *usage |= PSA_KEY_USAGE_SIGN_HASH;
} }
else if( strcmp( algs[i], "rsa-sign-pss-sha256" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss-sha384" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss-sha512" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-decrypt" ) == 0 ) else if( strcmp( algs[i], "rsa-decrypt" ) == 0 )
{ {
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT; *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;

88
tests/ssl-opt.sh
View file

@ -2042,6 +2042,59 @@ run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA"
-S "error" \ -S "error" \
-C "error" -C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_RSA_C
run_test "TLS 1.3 opaque key: no suitable algorithm found" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
1 \
-s "The SSL configuration is tls13 only" \
-c "key type: Opaque" \
-s "key types: Opaque, Opaque" \
-c "error" \
-s "no suitable signature algorithm"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_RSA_C
run_test "TLS 1.3 opaque key: suitable algorithm found" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
0 \
-s "The SSL configuration is tls13 only" \
-c "key type: Opaque" \
-s "key types: Opaque, Opaque" \
-C "error" \
-S "error" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_RSA_C
run_test "TLS 1.3 opaque key: first client sig alg not suitable" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \
"$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \
0 \
-s "The SSL configuration is tls13 only" \
-s "key types: Opaque, Opaque" \
-s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \
-s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-C "error" \
-S "error" \
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_RSA_C
run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
"$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
"$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
0 \
-s "The SSL configuration is tls13 only" \
-c "key type: Opaque" \
-s "key types: Opaque, Opaque" \
-C "error" \
-S "error" \
# Test using a RSA opaque private key for server authentication # Test using a RSA opaque private key for server authentication
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@ -11520,7 +11573,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - ope
-c "got a certificate request" \ -c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \ -c "no suitable signature algorithm" \
-C "unknown pk type" -C "unknown pk type"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
@ -11538,7 +11591,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - gnu
-c "got a certificate request" \ -c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \ -c "no suitable signature algorithm" \
-C "unknown pk type" -C "unknown pk type"
# Test using an opaque private key for client authentication # Test using an opaque private key for client authentication
@ -11792,7 +11845,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv
-c "got a certificate request" \ -c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \ -c "no suitable signature algorithm" \
-C "unkown pk type" -C "unkown pk type"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
@ -11811,7 +11864,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv
-c "got a certificate request" \ -c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "signature algorithm not in received or offered list." \ -c "no suitable signature algorithm" \
-C "unkown pk type" -C "unkown pk type"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12540,7 +12593,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->O" \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \ 0 \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
-c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ -c "CertificateVerify signature with rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]" -c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
@ -12556,7 +12609,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->G" \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \ 0 \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
-c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ -c "CertificateVerify signature with rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]" -c "HTTP/1.0 200 [Oo][Kk]"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12573,8 +12626,8 @@ run_test "TLS 1.3: Check signature algorithm order, m->m" \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \ 0 \
-c "Protocol is TLSv1.3" \ -c "Protocol is TLSv1.3" \
-c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ -c "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]" -c "HTTP/1.0 200 [Oo][Kk]"
@ -12593,7 +12646,7 @@ run_test "TLS 1.3: Check signature algorithm order, O->m" \
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \
0 \ 0 \
-c "TLSv1.3" \ -c "TLSv1.3" \
-s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
@ -12612,7 +12665,7 @@ run_test "TLS 1.3: Check signature algorithm order, G->m" \
0 \ 0 \
-c "Negotiated version: 3.4" \ -c "Negotiated version: 3.4" \
-c "HTTP/1.0 200 [Oo][Kk]" \ -c "HTTP/1.0 200 [Oo][Kk]" \
-s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \ -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
@ -12629,8 +12682,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
--x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \ --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \
--priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \ --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \
1 \ 1 \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ -S "ssl_tls13_pick_key_cert:check signature algorithm"
-s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
requires_openssl_tls1_3 requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12646,8 +12698,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \
-cert data_files/server2-sha256.crt -key data_files/server2.key \ -cert data_files/server2-sha256.crt -key data_files/server2.key \
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \ -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \
1 \ 1 \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ -S "ssl_tls13_pick_key_cert:check signature algorithm"
-s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@ -12662,8 +12713,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \
"$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ "$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \
1 \ 1 \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ -S "ssl_tls13_pick_key_cert:check signature algorithm"
-s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12719,7 +12769,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->O" \
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \ 1 \
-c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" -c "no suitable signature algorithm"
requires_gnutls_tls1_3 requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@ -12733,7 +12783,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->G" \
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \ 1 \
-c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" -c "no suitable signature algorithm"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@ -12748,7 +12798,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->m" \
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \ 1 \
-c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" -c "no suitable signature algorithm"
requires_openssl_tls1_3 requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3