From 64f410c24638e6d5ba3d870020a77e6f4816da87 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Jun 2022 13:09:27 +0800 Subject: [PATCH] Add tls13 sig alg parameters Signed-off-by: Jerry Yu --- programs/ssl/ssl_client2.c | 70 +++++++++++++++++++++++++++++++------- programs/ssl/ssl_server2.c | 70 +++++++++++++++++++++++++++++++------- 2 files changed, 116 insertions(+), 24 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 97b786a76..6e6cd471a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1534,7 +1534,19 @@ int main( int argc, char *argv[] ) if( *p == ',' ) *p++ = '\0'; - if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) + if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + } + else if( strcmp( q, "rsa_pkcs1_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; + } + else if( strcmp( q, "rsa_pkcs1_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; + } + else if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; } @@ -1558,21 +1570,55 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; } - else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + else if( strcmp( q, "ed25519" ) == 0 ) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519; + } + else if( strcmp( q, "ed448" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448; + } + else if( strcmp( q, "rsa_pss_pss_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256; + } + else if( strcmp( q, "rsa_pss_pss_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384; + } + else if( strcmp( q, "rsa_pss_pss_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512; + } + else if( strcmp( q, "rsa_pkcs1_sha1" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1; + } + else if( strcmp( q, "ecdsa_sha1" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1; } else { - mbedtls_printf( "unknown signature algorithm %s\n", q ); - mbedtls_printf( "supported signature algorithms: " ); - mbedtls_printf( "ecdsa_secp256r1_sha256 " ); - mbedtls_printf( "ecdsa_secp384r1_sha384 " ); - mbedtls_printf( "ecdsa_secp521r1_sha512 " ); - mbedtls_printf( "rsa_pss_rsae_sha256 " ); - mbedtls_printf( "rsa_pss_rsae_sha384 " ); - mbedtls_printf( "rsa_pss_rsae_sha512 " ); - mbedtls_printf( "rsa_pkcs1_sha256 " ); + ret = -1; + mbedtls_printf( "unknown signature algorithm \"%s\"\n", q ); + mbedtls_printf( "supported signature algorithms:\n" ); + mbedtls_printf("\trsa_pkcs1_sha256 "); + mbedtls_printf("rsa_pkcs1_sha384 "); + mbedtls_printf("rsa_pkcs1_sha512\n"); + mbedtls_printf("\tecdsa_secp256r1_sha256 "); + mbedtls_printf("ecdsa_secp384r1_sha384 "); + mbedtls_printf("ecdsa_secp521r1_sha512\n"); + mbedtls_printf("\trsa_pss_rsae_sha256 "); + mbedtls_printf("rsa_pss_rsae_sha384 "); + mbedtls_printf("rsa_pss_rsae_sha512\n"); + mbedtls_printf("\trsa_pss_pss_sha256 "); + mbedtls_printf("rsa_pss_pss_sha384 "); + mbedtls_printf("rsa_pss_pss_sha512\n"); + mbedtls_printf("\ted25519 "); + mbedtls_printf("ed448 "); + mbedtls_printf("rsa_pkcs1_sha1 "); + mbedtls_printf("ecdsa_sha1\n"); mbedtls_printf( "\n" ); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 425181752..769f8c6a6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2370,7 +2370,19 @@ int main( int argc, char *argv[] ) if( *p == ',' ) *p++ = '\0'; - if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) + if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + } + else if( strcmp( q, "rsa_pkcs1_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; + } + else if( strcmp( q, "rsa_pkcs1_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; + } + else if( strcmp( q, "ecdsa_secp256r1_sha256" ) == 0 ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; } @@ -2394,21 +2406,55 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; } - else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) + else if( strcmp( q, "ed25519" ) == 0 ) { - sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519; + } + else if( strcmp( q, "ed448" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448; + } + else if( strcmp( q, "rsa_pss_pss_sha256" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256; + } + else if( strcmp( q, "rsa_pss_pss_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384; + } + else if( strcmp( q, "rsa_pss_pss_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512; + } + else if( strcmp( q, "rsa_pkcs1_sha1" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1; + } + else if( strcmp( q, "ecdsa_sha1" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1; } else { - mbedtls_printf( "unknown signature algorithm %s\n", q ); - mbedtls_printf( "supported signature algorithms: " ); - mbedtls_printf( "ecdsa_secp256r1_sha256 " ); - mbedtls_printf( "ecdsa_secp384r1_sha384 " ); - mbedtls_printf( "ecdsa_secp521r1_sha512 " ); - mbedtls_printf( "rsa_pss_rsae_sha256 " ); - mbedtls_printf( "rsa_pss_rsae_sha384 " ); - mbedtls_printf( "rsa_pss_rsae_sha512 " ); - mbedtls_printf( "rsa_pkcs1_sha256 " ); + ret = -1; + mbedtls_printf( "unknown signature algorithm \"%s\"\n", q ); + mbedtls_printf( "supported signature algorithms:\n" ); + mbedtls_printf("\trsa_pkcs1_sha256 "); + mbedtls_printf("rsa_pkcs1_sha384 "); + mbedtls_printf("rsa_pkcs1_sha512\n"); + mbedtls_printf("\tecdsa_secp256r1_sha256 "); + mbedtls_printf("ecdsa_secp384r1_sha384 "); + mbedtls_printf("ecdsa_secp521r1_sha512\n"); + mbedtls_printf("\trsa_pss_rsae_sha256 "); + mbedtls_printf("rsa_pss_rsae_sha384 "); + mbedtls_printf("rsa_pss_rsae_sha512\n"); + mbedtls_printf("\trsa_pss_pss_sha256 "); + mbedtls_printf("rsa_pss_pss_sha384 "); + mbedtls_printf("rsa_pss_pss_sha512\n"); + mbedtls_printf("\ted25519 "); + mbedtls_printf("ed448 "); + mbedtls_printf("rsa_pkcs1_sha1 "); + mbedtls_printf("ecdsa_sha1\n"); mbedtls_printf( "\n" ); goto exit; }