feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #8263 from JacobBarthelmeh/rsa_pss

Browse Source 
account for rsa_pss_rsae vs rsa_pss_pss type
This commit is contained in:
David Garske
2024-12-28 13:47:30 -08:00
committed by GitHub
parent 2e8f0176c9 af4b5c2097
commit 8d7c60017c
4 changed files with 110 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
scripts/openssl.test
View File

@ -64,6 +64,7 @@ anon_wolfssl_pid=$no_pid
wolf_cases_tested=0 wolf_cases_tested=0
wolf_cases_total=0 wolf_cases_total=0
counter=0 counter=0
wolfssl_no_resume=""
testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n" testing_summary="OpenSSL Interop Testing Summary:\nVersion\tTested\t#Found\t#wolf\t#Found\t#OpenSSL\n"
versionName="Invalid" versionName="Invalid"
if [ "$OPENSSL" = "" ]; then if [ "$OPENSSL" = "" ]; then
@ -328,6 +329,10 @@ do_wolfssl_client() {
then then
wolfssl_resume= wolfssl_resume=
fi fi
if [ "$wolfssl_no_resume" = "yes" ]
then
wolfssl_resume=
fi
if [ "$version" != "5" -a "$version" != "" ] if [ "$version" != "5" -a "$version" != "" ]
then then
echo "#" echo "#"
@ -516,6 +521,19 @@ then
if [ "$wolf_rsa" != "" ]; then if [ "$wolf_rsa" != "" ]; then
echo "wolfSSL supports RSA" echo "wolfSSL supports RSA"
fi fi
# Check if RSA-PSS certificates supported in wolfSSL
wolf_rsapss=`$WOLFSSL_CLIENT -A "${CERT_DIR}/rsapss/ca-rsapss.pem" 2>&1`
case $wolf_rsapss in
*"ca file"*)
echo "wolfSSL does not support RSA-PSS"
wolf_rsapss=""
;;
*)
;;
esac
if [ "$wolf_rsapss" != "" ]; then
echo "wolfSSL supports RSA-PSS"
fi
# Check if ECC certificates supported in wolfSSL # Check if ECC certificates supported in wolfSSL
wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1` wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1`
case $wolf_ecc in case $wolf_ecc in
@ -1228,6 +1246,49 @@ do
done done
IFS="$OIFS" #restore separator IFS="$OIFS" #restore separator
# Skip RSA-PSS interop test when RSA-PSS is not supported
if [ "$wolf_rsapss" != "" -a "$ecdhe_avail" = "yes" -a "$wolf_rsa" = "yes" ]
then
# Test for RSA-PSS certs interop
# Was running into alert sent by openssl server with version 1.1.1 released
# in Sep 2018. To avoid this issue check that openssl version 3.0.0 or later
# is used.
$OPENSSL version | awk '{print $2}' | \
awk -F. '{if ($1 >= 3) exit 1; else exit 0;}'
RESULT=$?
if [ "$RESULT" = "0" ]; then
echo -e "Old version of openssl detected, skipping interop RSA-PSS test"
else
echo -e "Doing interop RSA-PSS test"
key_file=${CERT_DIR}/rsapss/server-rsapss-priv.pem
cert_file=${CERT_DIR}/rsapss/server-rsapss.pem
ca_file=${CERT_DIR}/client-cert.pem
openssl_suite="RSAPSS"
start_openssl_server
cert="${CERT_DIR}/client-cert.pem"
key="${CERT_DIR}/client-key.pem"
caCert="${CERT_DIR}/rsapss/ca-rsapss.pem"
crl="-C"
wolfSuite="ALL"
wolfssl_no_resume="yes"
port=$server_port
if [ "$wolf_tls13" != "" ]
then
version="4"
do_wolfssl_client
fi
if [ "$wolf_tls" != "" ]
then
version="3"
do_wolfssl_client
fi
fi
fi
do_cleanup do_cleanup
echo -e "wolfSSL total cases $wolf_cases_total" echo -e "wolfSSL total cases $wolf_cases_total"

12
src/internal.c
View File

@ -5142,7 +5142,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
#endif #endif
#if defined(WC_RSA_PSS) #if defined(WC_RSA_PSS)
if (sigAlgo == rsa_pss_sa_algo) { if (sigAlgo == rsa_pss_sa_algo || sigAlgo == rsa_pss_pss_algo) {
enum wc_HashType hashType = WC_HASH_TYPE_NONE; enum wc_HashType hashType = WC_HASH_TYPE_NONE;
int mgf = 0; int mgf = 0;
@ -32292,6 +32292,13 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
} }
else else
#endif #endif
#ifdef WC_RSA_PSS
if (sigAlgo == rsa_pss_pss_algo &&
ssl->options.peerSigAlgo == rsa_sa_algo) {
ssl->options.peerSigAlgo = sigAlgo;
}
else
#endif
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
if (sigAlgo == sm2_sa_algo && if (sigAlgo == sm2_sa_algo &&
ssl->options.peerSigAlgo == ecc_dsa_sa_algo) { ssl->options.peerSigAlgo == ecc_dsa_sa_algo) {
@ -32358,6 +32365,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
#ifndef NO_RSA #ifndef NO_RSA
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
case rsa_pss_sa_algo: case rsa_pss_sa_algo:
case rsa_pss_pss_algo:
#endif #endif
case rsa_sa_algo: case rsa_sa_algo:
{ {
@ -32458,6 +32466,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
#ifndef NO_RSA #ifndef NO_RSA
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
case rsa_pss_sa_algo: case rsa_pss_sa_algo:
case rsa_pss_pss_algo:
#endif #endif
case rsa_sa_algo: case rsa_sa_algo:
{ {
@ -32669,6 +32678,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
#ifndef NO_RSA #ifndef NO_RSA
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
case rsa_pss_sa_algo: case rsa_pss_sa_algo:
case rsa_pss_pss_algo:
#ifdef HAVE_SELFTEST #ifdef HAVE_SELFTEST
ret = wc_RsaPSS_CheckPadding( ret = wc_RsaPSS_CheckPadding(
ssl->buffers.digest.buffer, ssl->buffers.digest.buffer,

36
src/tls13.c
View File

@ -7938,6 +7938,27 @@ static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output)
} }
#endif /* WOLFSSL_DUAL_ALG_CERTS */ #endif /* WOLFSSL_DUAL_ALG_CERTS */
static enum wc_MACAlgorithm GetNewSAHashAlgo(int typeIn)
{
switch (typeIn) {
case RSA_PSS_RSAE_SHA256_MINOR:
case RSA_PSS_PSS_SHA256_MINOR:
return sha256_mac;
case RSA_PSS_RSAE_SHA384_MINOR:
case RSA_PSS_PSS_SHA384_MINOR:
return sha384_mac;
case RSA_PSS_RSAE_SHA512_MINOR:
case RSA_PSS_PSS_SHA512_MINOR:
case ED25519_SA_MINOR:
case ED448_SA_MINOR:
return sha512_mac;
default:
return no_mac;
}
}
/* Decode the signature algorithm. /* Decode the signature algorithm.
* *
* input The encoded signature algorithm. * input The encoded signature algorithm.
@ -7962,17 +7983,23 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
break; break;
#endif #endif
case NEW_SA_MAJOR: case NEW_SA_MAJOR:
/* PSS signatures: 0x080[4-6] */ *hashAlgo = GetNewSAHashAlgo(input[1]);
if (input[1] >= sha256_mac && input[1] <= sha512_mac) {
/* PSS encryption: 0x080[4-6] */
if (input[1] >= RSA_PSS_RSAE_SHA256_MINOR &&
input[1] <= RSA_PSS_RSAE_SHA512_MINOR) {
*hsType = input[0];
}
/* PSS signature: 0x080[9-B] */
else if (input[1] >= RSA_PSS_PSS_SHA256_MINOR &&
input[1] <= RSA_PSS_PSS_SHA512_MINOR) {
*hsType = input[0]; *hsType = input[0];
*hashAlgo = input[1];
} }
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
/* ED25519: 0x0807 */ /* ED25519: 0x0807 */
else if (input[1] == ED25519_SA_MINOR) { else if (input[1] == ED25519_SA_MINOR) {
*hsType = ed25519_sa_algo; *hsType = ed25519_sa_algo;
/* Hash performed as part of sign/verify operation. */ /* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} }
#endif #endif
#ifdef HAVE_ED448 #ifdef HAVE_ED448
@ -7980,7 +8007,6 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
else if (input[1] == ED448_SA_MINOR) { else if (input[1] == ED448_SA_MINOR) {
*hsType = ed448_sa_algo; *hsType = ed448_sa_algo;
/* Hash performed as part of sign/verify operation. */ /* Hash performed as part of sign/verify operation. */
*hashAlgo = sha512_mac;
} }
#endif #endif
else else

7
wolfssl/internal.h
View File

@ -1813,6 +1813,13 @@ enum Misc {
MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */ MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */
NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */
RSA_PSS_RSAE_SHA256_MINOR = 0x04,
RSA_PSS_RSAE_SHA384_MINOR = 0x05,
RSA_PSS_RSAE_SHA512_MINOR = 0x06,
RSA_PSS_PSS_SHA256_MINOR = 0x09,
RSA_PSS_PSS_SHA384_MINOR = 0x0A,
RSA_PSS_PSS_SHA512_MINOR = 0x0B,
ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */