Merge pull request #6051 from mprse/permissions_2b_v2
Permissions 2b: TLS 1.3 sigalg selection
diff --git a/ChangeLog.d/tls13_sig_alg_selection.txt b/ChangeLog.d/tls13_sig_alg_selection.txt
new file mode 100644
index 0000000..8857750
--- /dev/null
+++ b/ChangeLog.d/tls13_sig_alg_selection.txt
@@ -0,0 +1,3 @@
+Features
+ * Add support for opaque keys as the private keys associated to certificates
+ for authentication in TLS 1.3.
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f74cb40..abb7a14 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -906,12 +906,8 @@
case MBEDTLS_SSL_SIG_RSA:
switch( sig_alg )
{
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
- return( key_size <= 3072 );
-
- case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
- return( key_size <= 7680 );
-
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: /* Intentional fallthrough */
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: /* Intentional fallthrough */
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
return( 1 );
@@ -928,42 +924,12 @@
}
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_select_sig_alg_for_certificate_verify(
- mbedtls_ssl_context *ssl,
- mbedtls_pk_context *own_key,
- uint16_t *algorithm )
-{
- uint16_t *sig_alg = ssl->handshake->received_sig_algs;
-
- *algorithm = MBEDTLS_TLS1_3_SIG_NONE;
- for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
- {
- if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) &&
- mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) &&
- mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3,
- ( "select_sig_alg_for_certificate_verify:"
- "selected signature algorithm %s [%04x]",
- mbedtls_ssl_sig_alg_to_str( *sig_alg ),
- *sig_alg ) );
- *algorithm = *sig_alg;
- return( 0 );
- }
- }
- MBEDTLS_SSL_DEBUG_MSG( 2,
- ( "select_sig_alg_for_certificate_verify:"
- "no suitable signature algorithm found" ) );
- return( -1 );
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
size_t *out_len )
{
- int ret;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
mbedtls_pk_context *own_key;
@@ -971,14 +937,9 @@
size_t handshake_hash_len;
unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
size_t verify_buffer_len;
- mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
- mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
- psa_algorithm_t psa_algorithm = PSA_ALG_NONE;
- uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
+
+ uint16_t *sig_alg = ssl->handshake->received_sig_algs;
size_t signature_len = 0;
- unsigned char verify_hash[PSA_HASH_MAX_SIZE];
- size_t verify_hash_len;
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*out_len = 0;
@@ -1011,64 +972,84 @@
* opaque signature<0..2^16-1>;
* } CertificateVerify;
*/
- ret = ssl_tls13_select_sig_alg_for_certificate_verify( ssl, own_key,
- &algorithm );
- if( ret != 0 )
+ /* Check there is space for the algorithm identifier (2 bytes) and the
+ * signature length (2 bytes).
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
+
+ for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
{
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "signature algorithm not in received or offered list." ) );
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
+ mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
+ psa_algorithm_t psa_algorithm = PSA_ALG_NONE;
+ unsigned char verify_hash[PSA_HASH_MAX_SIZE];
+ size_t verify_hash_len;
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s",
- mbedtls_ssl_sig_alg_to_str( algorithm ) ) );
+ if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) )
+ continue;
+ if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) )
+ continue;
+
+ if( !mbedtls_ssl_tls13_check_sig_alg_cert_key_match( *sig_alg, own_key ) )
+ continue;
+
+ if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
+ *sig_alg, &pk_type, &md_alg ) != 0 )
+ {
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ /* Hash verify buffer with indicated hash function */
+ psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg );
+ status = psa_hash_compute( psa_algorithm,
+ verify_buffer,
+ verify_buffer_len,
+ verify_hash, sizeof( verify_hash ),
+ &verify_hash_len );
+ if( status != PSA_SUCCESS )
+ return( psa_ssl_status_to_mbedtls( status ) );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
+
+ if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
+ md_alg, verify_hash, verify_hash_len,
+ p + 4, (size_t)( end - ( p + 4 ) ), &signature_len,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature failed with %s",
+ mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
+ MBEDTLS_SSL_DEBUG_RET( 2, "mbedtls_pk_sign_ext", ret );
+
+ /* The signature failed. This is possible if the private key
+ * was not suitable for the signature operation as purposely we
+ * did not check its suitability completely. Let's try with
+ * another signature algorithm.
+ */
+ continue;
+ }
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify signature with %s",
+ mbedtls_ssl_sig_alg_to_str( *sig_alg ) ) );
+
+ break;
+ }
+
+ if( *sig_alg == MBEDTLS_TLS1_3_SIG_NONE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "no suitable signature algorithm" ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "CertificateVerify with %s",
- mbedtls_ssl_sig_alg_to_str( algorithm )) );
+ MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
+ MBEDTLS_PUT_UINT16_BE( signature_len, p, 2 );
- if( mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
- algorithm, &pk_type, &md_alg ) != 0 )
- {
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- }
+ *out_len = 4 + signature_len;
- /* Check there is space for the algorithm identifier (2 bytes) and the
- * signature length (2 bytes).
- */
- MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
- MBEDTLS_PUT_UINT16_BE( algorithm, p, 0 );
- p += 2;
-
- /* Hash verify buffer with indicated hash function */
- psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg );
- status = psa_hash_compute( psa_algorithm,
- verify_buffer,
- verify_buffer_len,
- verify_hash,sizeof( verify_hash ),
- &verify_hash_len );
- if( status != PSA_SUCCESS )
- return( psa_ssl_status_to_mbedtls( status ) );
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
-
- if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
- md_alg, verify_hash, verify_hash_len,
- p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
- return( ret );
- }
-
- MBEDTLS_PUT_UINT16_BE( signature_len, p, 0 );
- p += 2 + signature_len;
-
- *out_len = (size_t)( p - buf );
-
- return( ret );
+ return( 0 );
}
int mbedtls_ssl_tls13_write_certificate_verify( mbedtls_ssl_context *ssl )
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index bf281bf..6591ecb 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1111,6 +1111,36 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg( uint16_t sig_alg )
+{
+ switch( sig_alg )
+ {
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
+ return( PSA_ALG_ECDSA( PSA_ALG_SHA_256 ) );
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
+ return( PSA_ALG_ECDSA( PSA_ALG_SHA_384 ) );
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
+ return( PSA_ALG_ECDSA( PSA_ALG_SHA_512 ) );
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
+ return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ) );
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+ return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 ) );
+ case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+ return( PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 ) );
+ case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
+ return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ) );
+ case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
+ return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_384 ) );
+ case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
+ return( PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_512 ) );
+ default:
+ return( PSA_ALG_NONE );
+ }
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* Pick best ( private key, certificate chain ) pair based on the signature
* algorithms supported by the client.
@@ -1136,9 +1166,19 @@
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
+ if( !mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) )
+ continue;
+
+ if( !mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) )
+ continue;
+
for( key_cert = key_cert_list; key_cert != NULL;
key_cert = key_cert->next )
{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_algorithm_t psa_alg = PSA_ALG_NONE;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
MBEDTLS_SSL_DEBUG_CRT( 3, "certificate (chain) candidate",
key_cert->cert );
@@ -1162,8 +1202,18 @@
"check signature algorithm %s [%04x]",
mbedtls_ssl_sig_alg_to_str( *sig_alg ),
*sig_alg ) );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg( *sig_alg );
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
- *sig_alg, &key_cert->cert->pk ) )
+ *sig_alg, &key_cert->cert->pk )
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ && psa_alg != PSA_ALG_NONE &&
+ mbedtls_pk_can_do_ext( &key_cert->cert->pk, psa_alg,
+ PSA_KEY_USAGE_SIGN_HASH ) == 1
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ )
{
ssl->handshake->key_cert = key_cert;
MBEDTLS_SSL_DEBUG_MSG( 3,
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 64baa19..6377162 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -346,10 +346,11 @@
#define USAGE_KEY_OPAQUE_ALGS \
" key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
- " comma-separated pair of values among the following:\n" \
- " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
- " ecdsa-sign, ecdh, none (only acceptable for\n" \
- " the second value).\n" \
+ " comma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n" \
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
@@ -1821,7 +1822,8 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf( " ok (key type: %s)\n",
- strlen( opt.key_file ) ? mbedtls_pk_get_name( &pkey ) : "none" );
+ strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ?
+ mbedtls_pk_get_name( &pkey ) : "none" );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/*
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index a129de6..7526bc6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -458,15 +458,17 @@
#endif
#define USAGE_KEY_OPAQUE_ALGS \
- " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
- " comma-separated pair of values among the following:\n" \
- " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
- " ecdsa-sign, ecdh, none (only acceptable for\n" \
- " the second value).\n" \
- " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
- " comma-separated pair of values among the following:\n" \
- " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
- " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
+ " comma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n" \
+ " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
+ " comma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
" the second value).\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index a7f3d0e..cf810a3 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -205,6 +205,9 @@
if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss" ) != 0 &&
+ strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
+ strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
+ strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
strcmp( *alg1, "rsa-decrypt" ) != 0 &&
strcmp( *alg1, "ecdsa-sign" ) != 0 &&
strcmp( *alg1, "ecdh" ) != 0 )
@@ -212,6 +215,9 @@
if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 &&
strcmp( *alg2, "rsa-sign-pss" ) != 0 &&
+ strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
+ strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
+ strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
strcmp( *alg2, "rsa-decrypt" ) != 0 &&
strcmp( *alg2, "ecdsa-sign" ) != 0 &&
strcmp( *alg2, "ecdh" ) != 0 &&
@@ -245,6 +251,21 @@
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
+ else if( strcmp( algs[i], "rsa-sign-pss-sha256" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else if( strcmp( algs[i], "rsa-sign-pss-sha384" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else if( strcmp( algs[i], "rsa-sign-pss-sha512" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ }
else if( strcmp( algs[i], "rsa-decrypt" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f51d945..5e4bd59 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2042,6 +2042,59 @@
-S "error" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test "TLS 1.3 opaque key: no suitable algorithm found" \
+ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
+ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+ 1 \
+ -s "The SSL configuration is tls13 only" \
+ -c "key type: Opaque" \
+ -s "key types: Opaque, Opaque" \
+ -c "error" \
+ -s "no suitable signature algorithm"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test "TLS 1.3 opaque key: suitable algorithm found" \
+ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+ 0 \
+ -s "The SSL configuration is tls13 only" \
+ -c "key type: Opaque" \
+ -s "key types: Opaque, Opaque" \
+ -C "error" \
+ -S "error" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test "TLS 1.3 opaque key: first client sig alg not suitable" \
+ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \
+ "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \
+ 0 \
+ -s "The SSL configuration is tls13 only" \
+ -s "key types: Opaque, Opaque" \
+ -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \
+ -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
+ -C "error" \
+ -S "error" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
+ "$P_SRV debug_level=4 force_version=tls13 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+ "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+ 0 \
+ -s "The SSL configuration is tls13 only" \
+ -c "key type: Opaque" \
+ -s "key types: Opaque, Opaque" \
+ -C "error" \
+ -S "error" \
+
# Test using a RSA opaque private key for server authentication
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@@ -11520,7 +11573,7 @@
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "signature algorithm not in received or offered list." \
+ -c "no suitable signature algorithm" \
-C "unknown pk type"
requires_gnutls_tls1_3
@@ -11538,7 +11591,7 @@
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "signature algorithm not in received or offered list." \
+ -c "no suitable signature algorithm" \
-C "unknown pk type"
# Test using an opaque private key for client authentication
@@ -11792,7 +11845,7 @@
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "signature algorithm not in received or offered list." \
+ -c "no suitable signature algorithm" \
-C "unkown pk type"
requires_gnutls_tls1_3
@@ -11811,7 +11864,7 @@
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "signature algorithm not in received or offered list." \
+ -c "no suitable signature algorithm" \
-C "unkown pk type"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -12540,7 +12593,7 @@
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
- -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
+ -c "CertificateVerify signature with rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls_tls1_3
@@ -12556,7 +12609,7 @@
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
- -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
+ -c "CertificateVerify signature with rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -12573,8 +12626,8 @@
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
0 \
-c "Protocol is TLSv1.3" \
- -c "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
- -s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
+ -c "CertificateVerify signature with rsa_pss_rsae_sha512" \
+ -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]"
@@ -12593,7 +12646,7 @@
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \
0 \
-c "TLSv1.3" \
- -s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
+ -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
requires_gnutls_tls1_3
@@ -12612,7 +12665,7 @@
0 \
-c "Negotiated version: 3.4" \
-c "HTTP/1.0 200 [Oo][Kk]" \
- -s "select_sig_alg_for_certificate_verify:selected signature algorithm rsa_pss_rsae_sha512" \
+ -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
requires_gnutls_tls1_3
@@ -12629,8 +12682,7 @@
--x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \
--priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \
1 \
- -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
- -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
+ -S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -12646,8 +12698,7 @@
-cert data_files/server2-sha256.crt -key data_files/server2.key \
-sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \
1 \
- -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
- -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
+ -S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@@ -12662,8 +12713,7 @@
"$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \
1 \
- -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
- -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
+ -S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -12719,7 +12769,7 @@
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
- -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
+ -c "no suitable signature algorithm"
requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
@@ -12733,7 +12783,7 @@
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
- -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
+ -c "no suitable signature algorithm"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
@@ -12748,7 +12798,7 @@
"$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \
sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
1 \
- -c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
+ -c "no suitable signature algorithm"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3