From 3aa2881cd4d35ae993b5b50a69462dca86e2e072 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 6 Dec 2024 17:15:11 -0700 Subject: [PATCH 1/3] account for rsa_pss_rsae vs rsa_pss_pss type --- scripts/openssl.test | 21 +++++++++++++++++++++ src/internal.c | 12 +++++++++++- src/tls13.c | 36 +++++++++++++++++++++++++++++++----- wolfssl/internal.h | 7 +++++++ 4 files changed, 70 insertions(+), 6 deletions(-) diff --git a/scripts/openssl.test b/scripts/openssl.test index b557bb69b..8ac83c115 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -1228,6 +1228,27 @@ do done IFS="$OIFS" #restore separator +# Test for RSA-PSS certs +echo -e "Doing interop RSA-PSS test" + +key_file=${CERT_DIR}/rsapss/server-rsapss-priv.pem +cert_file=${CERT_DIR}/rsapss/server-rsapss.pem +ca_file=${CERT_DIR}/client-cert.pem +openssl_suite="RSAPSS" +start_openssl_server + +cert="${CERT_DIR}/client-cert.pem" +key="${CERT_DIR}/client-key.pem" +caCert="${CERT_DIR}/rsapss/ca-rsapss.pem" +crl="-C" +wolfSuite="ALL" +version="4" +port=$server_port +do_wolfssl_client + +version="3" +do_wolfssl_client + do_cleanup echo -e "wolfSSL total cases $wolf_cases_total" diff --git a/src/internal.c b/src/internal.c index 85b8d616b..666de8645 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5142,7 +5142,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo, #endif #if defined(WC_RSA_PSS) - if (sigAlgo == rsa_pss_sa_algo) { + if (sigAlgo == rsa_pss_sa_algo || sigAlgo == rsa_pss_pss_algo) { enum wc_HashType hashType = WC_HASH_TYPE_NONE; int mgf = 0; @@ -32292,6 +32292,13 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } else #endif + #ifdef WC_RSA_PSS + if (sigAlgo == rsa_pss_pss_algo && + ssl->options.peerSigAlgo == rsa_sa_algo) { + ssl->options.peerSigAlgo = sigAlgo; + } + else + #endif #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) if (sigAlgo == sm2_sa_algo && ssl->options.peerSigAlgo == ecc_dsa_sa_algo) { @@ -32358,6 +32365,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifndef NO_RSA #ifdef WC_RSA_PSS case rsa_pss_sa_algo: + case rsa_pss_pss_algo: #endif case rsa_sa_algo: { @@ -32458,6 +32466,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifndef NO_RSA #ifdef WC_RSA_PSS case rsa_pss_sa_algo: + case rsa_pss_pss_algo: #endif case rsa_sa_algo: { @@ -32669,6 +32678,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifndef NO_RSA #ifdef WC_RSA_PSS case rsa_pss_sa_algo: + case rsa_pss_pss_algo: #ifdef HAVE_SELFTEST ret = wc_RsaPSS_CheckPadding( ssl->buffers.digest.buffer, diff --git a/src/tls13.c b/src/tls13.c index 3da3bb0e2..cf65f433e 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -7938,6 +7938,27 @@ static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output) } #endif /* WOLFSSL_DUAL_ALG_CERTS */ +static enum wc_MACAlgorithm GetNewSAHashAlgo(int typeIn) +{ + switch (typeIn) { + case RSA_PSS_RSAE_SHA256_MINOR: + case RSA_PSS_PSS_SHA256_MINOR: + return sha256_mac; + + case RSA_PSS_RSAE_SHA384_MINOR: + case RSA_PSS_PSS_SHA384_MINOR: + return sha384_mac; + + case RSA_PSS_RSAE_SHA512_MINOR: + case RSA_PSS_PSS_SHA512_MINOR: + case ED25519_SA_MINOR: + case ED448_SA_MINOR: + return sha512_mac; + default: + return no_mac; + } +} + /* Decode the signature algorithm. * * input The encoded signature algorithm. @@ -7962,17 +7983,23 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo, break; #endif case NEW_SA_MAJOR: - /* PSS signatures: 0x080[4-6] */ - if (input[1] >= sha256_mac && input[1] <= sha512_mac) { + *hashAlgo = GetNewSAHashAlgo(input[1]); + + /* PSS encryption: 0x080[4-6] */ + if (input[1] >= RSA_PSS_RSAE_SHA256_MINOR && + input[1] <= RSA_PSS_RSAE_SHA512_MINOR) { + *hsType = input[0]; + } + /* PSS signature: 0x080[9-B] */ + else if (input[1] >= RSA_PSS_PSS_SHA256_MINOR && + input[1] <= RSA_PSS_PSS_SHA512_MINOR) { *hsType = input[0]; - *hashAlgo = input[1]; } #ifdef HAVE_ED25519 /* ED25519: 0x0807 */ else if (input[1] == ED25519_SA_MINOR) { *hsType = ed25519_sa_algo; /* Hash performed as part of sign/verify operation. */ - *hashAlgo = sha512_mac; } #endif #ifdef HAVE_ED448 @@ -7980,7 +8007,6 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo, else if (input[1] == ED448_SA_MINOR) { *hsType = ed448_sa_algo; /* Hash performed as part of sign/verify operation. */ - *hashAlgo = sha512_mac; } #endif else diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 16c3ecfc4..37a381a38 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1813,6 +1813,13 @@ enum Misc { MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */ NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ + RSA_PSS_RSAE_SHA256_MINOR = 0x04, + RSA_PSS_RSAE_SHA384_MINOR = 0x05, + RSA_PSS_RSAE_SHA512_MINOR = 0x06, + RSA_PSS_PSS_SHA256_MINOR = 0x09, + RSA_PSS_PSS_SHA384_MINOR = 0x0A, + RSA_PSS_PSS_SHA512_MINOR = 0x0B, + ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ From 1ae0f7c66ff0210f471da5785778adb8610d6579 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 24 Dec 2024 10:09:48 -0700 Subject: [PATCH 2/3] do not do resume with new test case add wolfssl_no_resume flag to openssl.test check for version of openssl testing against check if RSA is supported for test case guard on test case for TLS versions supported --- scripts/openssl.test | 74 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 57 insertions(+), 17 deletions(-) diff --git a/scripts/openssl.test b/scripts/openssl.test index 8ac83c115..6077eb585 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -64,6 +64,7 @@ anon_wolfssl_pid=$no_pid wolf_cases_tested=0 wolf_cases_total=0 counter=0 +wolfssl_no_resume="" testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n" versionName="Invalid" if [ "$OPENSSL" = "" ]; then @@ -328,6 +329,10 @@ do_wolfssl_client() { then wolfssl_resume= fi + if [ "$wolfssl_no_resume" = "yes" ] + then + wolfssl_resume= + fi if [ "$version" != "5" -a "$version" != "" ] then echo "#" @@ -516,6 +521,19 @@ then if [ "$wolf_rsa" != "" ]; then echo "wolfSSL supports RSA" fi + # Check if RSA-PSS certificates supported in wolfSSL + wolf_rsapss=`$WOLFSSL_CLIENT -A "${CERT_DIR}/rsapss/ca-rsapss.pem" 2>&1` + case $wolf_rsapss in + *"ca file"*) + echo "wolfSSL does not support RSA-PSS" + wolf_rsapss="" + ;; + *) + ;; + esac + if [ "$wolf_rsapss" != "" ]; then + echo "wolfSSL supports RSA-PSS" + fi # Check if ECC certificates supported in wolfSSL wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1` case $wolf_ecc in @@ -1228,27 +1246,49 @@ do done IFS="$OIFS" #restore separator -# Test for RSA-PSS certs -echo -e "Doing interop RSA-PSS test" +# Skip RSA-PSS interop test when RSA-PSS is not supported +if [ "$wolf_rsapss" != "" ] +then + # Test for RSA-PSS certs interop + # Was running into alert sent by openssl server with version 1.1.1 released + # in Sep 2018. To avoid this issue check that openssl version 3.0.0 or later + # is used. -key_file=${CERT_DIR}/rsapss/server-rsapss-priv.pem -cert_file=${CERT_DIR}/rsapss/server-rsapss.pem -ca_file=${CERT_DIR}/client-cert.pem -openssl_suite="RSAPSS" -start_openssl_server + $OPENSSL version | awk '{print $2}' | \ + awk -F. '{if ($1 >= 3) exit 1; else exit 0;}' + RESULT=$? + if [ "$RESULT" = "0" ]; then + echo -e "Old version of openssl detected, skipping interop RSA-PSS test" + else + echo -e "Doing interop RSA-PSS test" -cert="${CERT_DIR}/client-cert.pem" -key="${CERT_DIR}/client-key.pem" -caCert="${CERT_DIR}/rsapss/ca-rsapss.pem" -crl="-C" -wolfSuite="ALL" -version="4" -port=$server_port -do_wolfssl_client + key_file=${CERT_DIR}/rsapss/server-rsapss-priv.pem + cert_file=${CERT_DIR}/rsapss/server-rsapss.pem + ca_file=${CERT_DIR}/client-cert.pem + openssl_suite="RSAPSS" + start_openssl_server -version="3" -do_wolfssl_client + cert="${CERT_DIR}/client-cert.pem" + key="${CERT_DIR}/client-key.pem" + caCert="${CERT_DIR}/rsapss/ca-rsapss.pem" + crl="-C" + wolfSuite="ALL" + wolfssl_no_resume="yes" + port=$server_port + if [ "$wolf_tls13" != "" ] + then + version="4" + do_wolfssl_client + fi + + if [ "$wolf_tls" != "" ] + then + version="3" + do_wolfssl_client + fi + fi +fi do_cleanup echo -e "wolfSSL total cases $wolf_cases_total" From af4b5c209757f6ece200112a8edb95dd470079c6 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Sat, 28 Dec 2024 11:34:17 -0800 Subject: [PATCH 3/3] only run RSA-PSS interop test if cipher suites with ephemeral keys are available --- scripts/openssl.test | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/openssl.test b/scripts/openssl.test index 6077eb585..f797a9ff8 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -1247,7 +1247,7 @@ done IFS="$OIFS" #restore separator # Skip RSA-PSS interop test when RSA-PSS is not supported -if [ "$wolf_rsapss" != "" ] +if [ "$wolf_rsapss" != "" -a "$ecdhe_avail" = "yes" -a "$wolf_rsa" = "yes" ] then # Test for RSA-PSS certs interop # Was running into alert sent by openssl server with version 1.1.1 released