diff --git a/ChangeLog.d/mbedtls_pk_sign_ext.txt b/ChangeLog.d/mbedtls_pk_sign_ext.txt new file mode 100644 index 000000000..8dfa2e501 --- /dev/null +++ b/ChangeLog.d/mbedtls_pk_sign_ext.txt @@ -0,0 +1,3 @@ +Features + * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when + PSA Crypto is enabled. diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 9ad7a1df6..324612a24 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -535,6 +535,45 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +#if defined(MBEDTLS_PSA_CRYPTO_C) +/** + * \brief Make signature given a signature type. + * + * \param pk_type Signature type. + * \param ctx The PK context to use. It must have been set up + * with a private key. + * \param md_alg Hash algorithm used (see notes) + * \param hash Hash of the message to sign + * \param hash_len Hash length + * \param sig Place to write the signature. + * It must have enough room for the signature. + * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough. + * You may use a smaller buffer if it is large enough + * given the key type. + * \param sig_size The size of the \p sig buffer in bytes. + * \param sig_len On successful return, + * the number of bytes written to \p sig. + * \param f_rng RNG function, must not be \c NULL. + * \param p_rng RNG parameter + * + * \return 0 on success, or a specific error code. + * + * \note When \p pk_type is #MBEDTLS_PK_RSASSA_PSS, + * see #PSA_ALG_RSA_PSS for a description of PSS options used. + * + * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. + * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. + * + */ +int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, + mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /** * \brief Restartable version of \c mbedtls_pk_sign() * diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index b4c7ba8a2..8dd47f644 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -29,7 +29,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" @@ -277,13 +277,11 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( } #endif /* MBEDTLS_ECP_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* Expose whatever RNG the PSA subsystem uses to applications using the * mbedtls_xxx API. The declarations and definitions here need to be * consistent with the implementation in library/psa_crypto_random_impl.h. * See that file for implementation documentation. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) + /* The type of a `f_rng` random generator function that many library functions * take. @@ -363,6 +361,6 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ -#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_UTIL_H */ diff --git a/library/pk.c b/library/pk.c index 79eccaada..7f4d5fe94 100644 --- a/library/pk.c +++ b/library/pk.c @@ -36,7 +36,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" #endif @@ -518,6 +518,48 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, f_rng, p_rng, NULL ) ); } +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* + * Make a signature given a signature type. + */ +int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, + mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ +#if defined(MBEDTLS_RSA_C) + psa_algorithm_t psa_md_alg; +#endif /* MBEDTLS_RSA_C */ + *sig_len = 0; + + if( ctx->pk_info == NULL ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + if( ! mbedtls_pk_can_do( ctx, pk_type ) ) + return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + + if( pk_type != MBEDTLS_PK_RSASSA_PSS ) + { + return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len, + sig, sig_size, sig_len, f_rng, p_rng ) ); + } +#if defined(MBEDTLS_RSA_C) + psa_md_alg = mbedtls_psa_translate_md( md_alg ); + if( psa_md_alg == 0 ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PSS( psa_md_alg ), + ctx->pk_ctx, hash, hash_len, + sig, sig_size, sig_len ) ); +#else /* MBEDTLS_RSA_C */ + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); +#endif /* !MBEDTLS_RSA_C */ + +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /* * Decrypt message */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 92e9bf4bc..2569b9c72 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -65,7 +65,7 @@ #include #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_pk_error_from_psa( psa_status_t status ) { switch( status ) @@ -100,28 +100,6 @@ int mbedtls_pk_error_from_psa( psa_status_t status ) } } -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ) -{ - switch( status ) - { - case PSA_ERROR_NOT_PERMITTED: - case PSA_ERROR_INVALID_ARGUMENT: - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - case PSA_ERROR_INVALID_HANDLE: - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); - case PSA_ERROR_BUFFER_TOO_SMALL: - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - case PSA_ERROR_INSUFFICIENT_ENTROPY: - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); - case PSA_ERROR_INVALID_SIGNATURE: - return( MBEDTLS_ERR_ECP_VERIFY_FAILED ); - default: - return( mbedtls_pk_error_from_psa( status ) ); - } -} -#endif - #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) int mbedtls_pk_error_from_psa_rsa( psa_status_t status ) { @@ -144,7 +122,34 @@ int mbedtls_pk_error_from_psa_rsa( psa_status_t status ) } } #endif -#endif + +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ) +{ + switch( status ) + { + case PSA_ERROR_NOT_PERMITTED: + case PSA_ERROR_INVALID_ARGUMENT: + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + case PSA_ERROR_INVALID_HANDLE: + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + case PSA_ERROR_INSUFFICIENT_ENTROPY: + return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + case PSA_ERROR_INVALID_SIGNATURE: + return( MBEDTLS_ERR_ECP_VERIFY_FAILED ); + default: + return( mbedtls_pk_error_from_psa( status ) ); + } +} +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_RSA_C) static int rsa_can_do( mbedtls_pk_type_t type ) @@ -191,13 +196,13 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, return( 0 ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) -static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +#if defined(MBEDTLS_PSA_CRYPTO_C) +int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg, + mbedtls_rsa_context *rsa_ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len ) { - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; @@ -206,31 +211,20 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; mbedtls_pk_info_t pk_info = mbedtls_rsa_info; - psa_algorithm_t psa_alg_md = - PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); - ((void) f_rng); - ((void) p_rng); - -#if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* SIZE_MAX > UINT_MAX */ - - *sig_len = mbedtls_rsa_get_len( rsa ); + *sig_len = mbedtls_rsa_get_len( rsa_ctx ); if( sig_size < *sig_len ) return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL ); /* mbedtls_pk_write_key_der() expects a full PK context; * re-construct one to make it happy */ key.pk_info = &pk_info; - key.pk_ctx = ctx; + key.pk_ctx = rsa_ctx; key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) ); if( key_len <= 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); - psa_set_key_algorithm( &attributes, psa_alg_md ); + psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR ); status = psa_import_key( &attributes, @@ -241,8 +235,7 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ret = mbedtls_pk_error_from_psa( status ); goto cleanup; } - - status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len, + status = psa_sign_hash( key_id, alg, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) { @@ -256,9 +249,29 @@ cleanup: status = psa_destroy_key( key_id ); if( ret == 0 && status != PSA_SUCCESS ) ret = mbedtls_pk_error_from_psa( status ); - return( ret ); } +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + ((void) f_rng); + ((void) p_rng); + + psa_algorithm_t psa_md_alg; + psa_md_alg = mbedtls_psa_translate_md( md_alg ); + if( psa_md_alg == 0 ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN( + psa_md_alg ), + ctx, hash, hash_len, + sig, sig_size, sig_len ) ); +} #else static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, @@ -911,7 +924,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, buf, 2 * signature_part_size ); if( status != PSA_SUCCESS ) { - ret = mbedtls_pk_error_from_psa_ecdca( status ); + ret = mbedtls_pk_error_from_psa_ecdsa( status ); goto cleanup; } @@ -1132,7 +1145,7 @@ static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) { - ret = mbedtls_pk_error_from_psa_ecdca( status ); + ret = mbedtls_pk_error_from_psa_ecdsa( status ); goto cleanup; } @@ -1454,7 +1467,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, status = psa_sign_hash( *key, alg, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) - return( mbedtls_pk_error_from_psa_ecdca( status ) ); + return( mbedtls_pk_error_from_psa_ecdsa( status ) ); /* transcode it to ASN.1 sequence */ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) ); diff --git a/library/pk_wrap.h b/library/pk_wrap.h index ca0d8d837..1b490cc31 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -27,6 +27,10 @@ #include "mbedtls/pk.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "psa/crypto.h" +#endif /* MBEDTLS_PSA_CRYPTO_C */ + struct mbedtls_pk_info_t { /** Public key type */ @@ -133,18 +137,28 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; #if defined(MBEDTLS_USE_PSA_CRYPTO) extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_pk_error_from_psa( psa_status_t status ); #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ); +int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ); #endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_PSA_CRYPTO_C) +int mbedtls_pk_error_from_psa( psa_status_t status ); + #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) int mbedtls_pk_error_from_psa_rsa( psa_status_t status ); #endif -#endif + +#if defined(MBEDTLS_RSA_C) +int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md, + mbedtls_rsa_context *rsa_ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len ); +#endif /* MBEDTLS_RSA_C */ + +#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PK_WRAP_H */ diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 2ffc5f41f..29b64dc4e 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -39,7 +39,7 @@ const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in ); const char *mbedtls_ssl_key_export_type_str( mbedtls_ssl_key_export_type in ); - +const char *mbedtls_ssl_sig_alg_to_str( uint16_t in ); #endif /* MBEDTLS_DEBUG_C */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c4621e7ca..42563921e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1960,6 +1960,97 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl return( 0 ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg ) +{ + *pk_type = MBEDTLS_PK_NONE; + *md_alg = MBEDTLS_MD_NONE; + + switch( sig_alg ) + { +#if defined(MBEDTLS_ECDSA_C) + +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: + *md_alg = MBEDTLS_MD_SHA256; + *pk_type = MBEDTLS_PK_ECDSA; + break; +#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: + *md_alg = MBEDTLS_MD_SHA384; + *pk_type = MBEDTLS_PK_ECDSA; + break; +#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: + *md_alg = MBEDTLS_MD_SHA512; + *pk_type = MBEDTLS_PK_ECDSA; + break; +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + *md_alg = MBEDTLS_MD_SHA256; + *pk_type = MBEDTLS_PK_RSASSA_PSS; + break; +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + *md_alg = MBEDTLS_MD_SHA384; + *pk_type = MBEDTLS_PK_RSASSA_PSS; + break; +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + *md_alg = MBEDTLS_MD_SHA512; + *pk_type = MBEDTLS_PK_RSASSA_PSS; + break; +#endif /* MBEDTLS_SHA512_C */ + +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) + +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: + *md_alg = MBEDTLS_MD_SHA256; + *pk_type = MBEDTLS_PK_RSA; + break; +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: + *md_alg = MBEDTLS_MD_SHA384; + *pk_type = MBEDTLS_PK_RSA; + break; +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: + *md_alg = MBEDTLS_MD_SHA512; + *pk_type = MBEDTLS_PK_RSA; + break; +#endif /* MBEDTLS_SHA512_C */ + +#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */ + + default: + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } + return( 0 ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + static inline int mbedtls_ssl_sig_alg_is_supported( const mbedtls_ssl_context *ssl, const uint16_t sig_alg ) @@ -2031,52 +2122,10 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { - switch( sig_alg ) - { -#if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - break; -#endif /* MBEDTLS_SHA256_C && - MBEDTLS_ECP_DP_SECP256R1_ENABLED && - MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - break; -#endif /* MBEDTLS_SHA384_C && - MBEDTLS_ECP_DP_SECP384R1_ENABLED && - MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - break; -#endif /* MBEDTLS_SHA512_C && - MBEDTLS_ECP_DP_SECP521R1_ENABLED && - MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - break; -#endif /* MBEDTLS_SHA256_C && - MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_RSA_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - break; -#endif /* MBEDTLS_SHA256_C && MBEDTLS_RSA_C*/ - - default: - return( 0 ); - } - - return( 1 ); + mbedtls_pk_type_t pk_type; + mbedtls_md_type_t md_alg; + return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + sig_alg, &pk_type, &md_alg ) ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ ((void) ssl); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f47faca8b..856b4ea86 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -32,6 +32,7 @@ #include "ssl_misc.h" #include "ssl_tls13_keys.h" +#include "ssl_debug_helpers.h" int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, @@ -334,31 +335,10 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, goto error; } - /* We currently only support ECDSA-based signatures */ - switch( algorithm ) + if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + algorithm, &sig_alg, &md_alg ) != 0 ) { - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - md_alg = MBEDTLS_MD_SHA256; - sig_alg = MBEDTLS_PK_ECDSA; - break; - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - md_alg = MBEDTLS_MD_SHA384; - sig_alg = MBEDTLS_PK_ECDSA; - break; - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - md_alg = MBEDTLS_MD_SHA512; - sig_alg = MBEDTLS_PK_ECDSA; - break; -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PSS" ) ); - md_alg = MBEDTLS_MD_SHA256; - sig_alg = MBEDTLS_PK_RSASSA_PSS; - break; -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); - goto error; + goto error; } MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )", @@ -948,6 +928,123 @@ cleanup: /* * STATE HANDLING: Output Certificate Verify */ +static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, + mbedtls_pk_context *own_key, + uint16_t *algorithm ) +{ + mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key ); + /* Determine the size of the key */ + size_t own_key_size = mbedtls_pk_get_bitlen( own_key ); + *algorithm = MBEDTLS_TLS1_3_SIG_NONE; + ((void) own_key_size); + + switch( sig ) + { +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + switch( own_key_size ) + { + case 256: + *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; + return( 0 ); + case 384: + *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; + return( 0 ); + case 521: + *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; + return( 0 ); + default: + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown key size: %" + MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + break; + } + break; +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_SSL_SIG_RSA: +#if defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_SHA256_C) + if( own_key_size <= 2048 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) + { + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; + return( 0 ); + } + else +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA384_C) + if( own_key_size <= 3072 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) + { + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + return( 0 ); + } + else +#endif /* MBEDTLS_SHA384_C */ +#if defined(MBEDTLS_SHA512_C) + if( own_key_size <= 4096 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) + { + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + return( 0 ); + } + else +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_SHA256_C) + if( own_key_size <= 2048 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 ) ) + { + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + return( 0 ); + } + else +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA384_C) + if( own_key_size <= 3072 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 ) ) + { + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; + return( 0 ); + } + else +#endif /* MBEDTLS_SHA384_C */ +#if defined(MBEDTLS_SHA512_C) + if( own_key_size <= 4096 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) ) + { + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; + return( 0 ); + } + else +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V15 */ + { + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown key size: %" + MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + } + break; +#endif /* MBEDTLS_RSA_C */ + default: + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "unkown signature type : %u", sig ) ); + break; + } + return( -1 ); +} + static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, @@ -961,11 +1058,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, size_t handshake_hash_len; unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; size_t verify_buffer_len; - unsigned char signature_type; -#if defined(MBEDTLS_ECDSA_C) - size_t own_key_size; -#endif /* MBEDTLS_ECDSA_C */ - mbedtls_md_type_t md_alg; + mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; + mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; size_t signature_len = 0; const mbedtls_md_info_t *md_info; @@ -1003,55 +1097,26 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - signature_type = mbedtls_ssl_sig_from_pk( own_key ); -#if defined(MBEDTLS_ECDSA_C) - /* Determine the size of the key */ - own_key_size = mbedtls_pk_get_bitlen( own_key ); -#endif /* MBEDTLS_ECDSA_C */ - switch( signature_type ) - { -#if defined(MBEDTLS_ECDSA_C) - case MBEDTLS_SSL_SIG_ECDSA: - switch( own_key_size ) - { - case 256: - md_alg = MBEDTLS_MD_SHA256; - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - break; - case 384: - md_alg = MBEDTLS_MD_SHA384; - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - break; - case 521: - md_alg = MBEDTLS_MD_SHA512; - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - break; - default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown key size: %" - MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - break; - } - break; -#endif /* MBEDTLS_ECDSA_C */ - - default: - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "unkown pk type : %d", signature_type ) ); - break; - } - - if( algorithm == MBEDTLS_TLS1_3_SIG_NONE || - ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) + ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm ); + if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm not in received or offered list." ) ); + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s", + mbedtls_ssl_sig_alg_to_str( algorithm ) ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } + if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + algorithm, &pk_type, &md_alg ) != 0 ) + { + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + /* Check there is space for the algorithm identifier (2 bytes) and the * signature length (2 bytes). */ @@ -1071,10 +1136,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, verify_hash_len = mbedtls_md_get_size( md_info ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); - if( ( ret = mbedtls_pk_sign( own_key, md_alg, - verify_hash, verify_hash_len, - p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key, + md_alg, verify_hash, verify_hash_len, + p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); return( ret ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f83af070b..d8a3a4e54 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1542,6 +1542,14 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; } + else if( strcmp( q, "rsa_pss_rsae_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + } + else if( strcmp( q, "rsa_pss_rsae_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + } else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; @@ -1554,6 +1562,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( "ecdsa_secp384r1_sha384 " ); mbedtls_printf( "ecdsa_secp521r1_sha512 " ); mbedtls_printf( "rsa_pss_rsae_sha256 " ); + mbedtls_printf( "rsa_pss_rsae_sha384 " ); + mbedtls_printf( "rsa_pss_rsae_sha512 " ); mbedtls_printf( "rsa_pkcs1_sha256 " ); mbedtls_printf( "\n" ); goto exit; diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index b3c4cfa0f..a359b3fe2 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -133,7 +133,7 @@ void my_debug( void *ctx, int level, mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. * diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 98e1c48c8..a722c19f0 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -234,6 +234,63 @@ class EnumDefinition: prototype=self._prototype) return body +class SignatureAlgorithmDefinition: + """ + Generate helper functions for signature algorithms. + + It generates translation function from signature algorithm define to string. + Signature algorithm definition looks like: + #define MBEDTLS_TLS1_3_SIG_[ upper case signature algorithm ] [ value(hex) ] + + Known limitation: + - the definitions SHOULD exist in same macro blocks. + """ + + @classmethod + def extract(cls, source_code, start=0, end=-1): + sig_alg_pattern = re.compile(r'#define\s+(?PMBEDTLS_TLS1_3_SIG_\w+)\s+' + + r'(?P0[xX][0-9a-fA-F]+)$', + re.MULTILINE | re.DOTALL) + matches = list(sig_alg_pattern.finditer(source_code, start, end)) + if matches: + yield SignatureAlgorithmDefinition(source_code, definitions=matches) + + def __init__(self, source_code, definitions=None): + if definitions is None: + definitions = [] + assert isinstance(definitions, list) and definitions + self._definitions = definitions + self._source = source_code + + def __repr__(self): + return 'SigAlgs({})'.format(self._definitions[0].span()) + + def span(self): + return self._definitions[0].span() + def __str__(self): + """ + Generate function for translating value to string + """ + translation_table = [] + for m in self._definitions: + name = m.groupdict()['name'] + translation_table.append( + '\tcase {}:\n\t return "{}";'.format(name, + name[len('MBEDTLS_TLS1_3_SIG_'):].lower()) + ) + + body = textwrap.dedent('''\ + const char *mbedtls_ssl_sig_alg_to_str( uint16_t in ) + {{ + switch( in ) + {{ + {translation_table} + }}; + + return "UNKOWN"; + }}''') + body = body.format(translation_table='\n'.join(translation_table)) + return body OUTPUT_C_TEMPLATE = '''\ /* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */ @@ -283,7 +340,9 @@ def generate_ssl_debug_helpers(output_directory, mbedtls_root): source_code = remove_c_comments(f.read()) definitions = dict() - for start, instance in preprocess_c_source_code(source_code, EnumDefinition): + for start, instance in preprocess_c_source_code(source_code, + EnumDefinition, + SignatureAlgorithmDefinition): if start in definitions: continue if isinstance(instance, EnumDefinition): diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d5334cece..aff2411e6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10037,12 +10037,11 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ - 1 \ + 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "unkown pk type" \ - -c "signature algorithm not in received or offered list." + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -10055,12 +10054,77 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ - 1 \ + 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "unkown pk type" \ - -c "signature algorithm not in received or offered list." + -c "Protocol is TLSv1.3" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 7d4fbcd8e..cf40e5514 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -340,3 +340,40 @@ pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384 PSA wrapped sign: BP512R1 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 + +PK Sign ext:RSA2048,PK_RSA,MD_SHA256 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 + +PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 + +PK Sign ext:RSA2048,PK_RSA,MD_SHA384 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA384_C:MBEDTLS_RSA_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 + +PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA384_C:MBEDTLS_RSA_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 + +PK Sign ext:RSA2048,PK_RSA,MD_SHA512 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA512_C:MBEDTLS_RSA_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 + +PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C:MBEDTLS_RSA_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 + +PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256 + +PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA384_C +pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384 + +PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C +pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512 + diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ed3d60231..237a8095d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1087,3 +1087,46 @@ exit: USE_PSA_DONE( ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */ +void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) +{ + /* See the description of pk_genkey() for the description of the `parameter` argument. */ + mbedtls_pk_context pk; + size_t sig_len; + unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); + size_t hash_len = mbedtls_md_get_size( md_info ); + void const *options = NULL; + mbedtls_pk_rsassa_pss_options rsassa_pss_options; + memset( hash, 0x2a, sizeof( hash ) ); + memset( sig, 0, sizeof( sig ) ); + + mbedtls_pk_init( &pk ); + PSA_INIT(); + + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( pk_type ) ) == 0 ); + + TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 ); + + TEST_ASSERT( mbedtls_pk_sign_ext( key_pk_type, &pk, md_alg, hash, hash_len, + sig, sizeof( sig ), &sig_len, + mbedtls_test_rnd_std_rand, NULL ) == 0 ); + + if( key_pk_type == MBEDTLS_PK_RSASSA_PSS ) + { + rsassa_pss_options.mgf1_hash_id = md_alg; + TEST_ASSERT( md_info != NULL ); + rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info ); + options = (const void*) &rsassa_pss_options; + } + TEST_ASSERT( mbedtls_pk_verify_ext( key_pk_type, options, &pk, md_alg, + hash, hash_len, sig, sig_len ) == 0 ); +exit: + PSA_DONE( ); + mbedtls_pk_free( &pk ); +} +/* END_CASE */ +