提交 f55e99f7 编写于 作者: B Benjamin Kaduk

Add TLS 1.3 draft-23 PSS signature algorithms

We now have a split in the signature algorithms codepoint space for
whether the certificate's key is for rsaEncryption or a PSS-specific
key, which should let us get rid of some special-casing that we
previously needed to try to coax rsaEncryption keys into performing PSS.
(This will be done in a subsequent commit.)

Send the new PSS-with-PSS-specific key first in our list, so that
we prefer the new technology to the old one.

We need to update the expected certificate type in one test,
since the "RSA-PSS+SHA256" form now corresponds to a public key
of type rsaEncryption, so we should expect the server certificate
type to be just "RSA".  If we want to get a server certificate
type of "RSA-PSS", we need to use a new signature algorithm
that cannot be represented as signature+hash, so add a test for that
as well.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5068)
上级 f27f5cd4
......@@ -1918,9 +1918,12 @@ typedef enum downgrade_en {
#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603
#define TLSEXT_SIGALG_ecdsa_sha224 0x0303
#define TLSEXT_SIGALG_ecdsa_sha1 0x0203
#define TLSEXT_SIGALG_rsa_pss_sha256 0x0804
#define TLSEXT_SIGALG_rsa_pss_sha384 0x0805
#define TLSEXT_SIGALG_rsa_pss_sha512 0x0806
#define TLSEXT_SIGALG_rsa_pss_rsae_sha256 0x0804
#define TLSEXT_SIGALG_rsa_pss_rsae_sha384 0x0805
#define TLSEXT_SIGALG_rsa_pss_rsae_sha512 0x0806
#define TLSEXT_SIGALG_rsa_pss_pss_sha256 0x0809
#define TLSEXT_SIGALG_rsa_pss_pss_sha384 0x080a
#define TLSEXT_SIGALG_rsa_pss_pss_sha512 0x080b
#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401
#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501
#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601
......
......@@ -624,9 +624,12 @@ static const uint16_t tls12_sigalgs[] = {
TLSEXT_SIGALG_ed25519,
#endif
TLSEXT_SIGALG_rsa_pss_sha256,
TLSEXT_SIGALG_rsa_pss_sha384,
TLSEXT_SIGALG_rsa_pss_sha512,
TLSEXT_SIGALG_rsa_pss_pss_sha256,
TLSEXT_SIGALG_rsa_pss_pss_sha384,
TLSEXT_SIGALG_rsa_pss_pss_sha512,
TLSEXT_SIGALG_rsa_pss_rsae_sha256,
TLSEXT_SIGALG_rsa_pss_rsae_sha384,
TLSEXT_SIGALG_rsa_pss_rsae_sha512,
TLSEXT_SIGALG_rsa_pkcs1_sha256,
TLSEXT_SIGALG_rsa_pkcs1_sha384,
......@@ -676,13 +679,22 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA1, NID_undef},
#endif
{"rsa_pss_sha256", TLSEXT_SIGALG_rsa_pss_sha256,
{"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
NID_undef, NID_undef},
{"rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384,
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
NID_undef, NID_undef},
{"rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512,
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
NID_undef, NID_undef},
{"rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256,
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef},
{"rsa_pss_sha384", TLSEXT_SIGALG_rsa_pss_sha384,
{"rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384,
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef},
{"rsa_pss_sha512", TLSEXT_SIGALG_rsa_pss_sha512,
{"rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512,
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef},
{"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256,
......
......@@ -247,7 +247,7 @@ sub sigalgs_filter
#No PSS sig algs - just send rsa_pkcs1_sha256
$sigalg = pack "C4", 0x00, 0x02, 0x04, 0x01;
} else {
#PSS sig algs only - just send rsa_pss_sha256
#PSS sig algs only - just send rsa_pss_rsae_sha256
$sigalg = pack "C4", 0x00, 0x02, 0x08, 0x04;
}
$message->set_extension(TLSProxy::Message::EXT_SIG_ALGS, $sigalg);
......
# Generated with generate_ssl_tests.pl
num_tests = 22
num_tests = 23
test-0 = 0-ECDSA CipherString Selection
test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection
......@@ -16,14 +16,15 @@ test-10 = 10-ECDSA Signature Algorithm Selection compressed point
test-11 = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate
test-12 = 12-RSA Signature Algorithm Selection
test-13 = 13-RSA-PSS Signature Algorithm Selection
test-14 = 14-RSA-PSS Certificate Signature Algorithm Selection
test-15 = 15-Only RSA-PSS Certificate
test-16 = 16-RSA-PSS Certificate, no PSS signature algorithms
test-17 = 17-Suite B P-256 Hash Algorithm Selection
test-18 = 18-Suite B P-384 Hash Algorithm Selection
test-19 = 19-TLS 1.2 Ed25519 Client Auth
test-20 = 20-Only RSA-PSS Certificate, TLS v1.1
test-21 = 21-TLS 1.2 DSA Certificate Test
test-14 = 14-RSA-PSS Certificate Legacy Signature Algorithm Selection
test-15 = 15-RSA-PSS Certificate Unified Signature Algorithm Selection
test-16 = 16-Only RSA-PSS Certificate
test-17 = 17-RSA-PSS Certificate, no PSS signature algorithms
test-18 = 18-Suite B P-256 Hash Algorithm Selection
test-19 = 19-Suite B P-384 Hash Algorithm Selection
test-20 = 20-TLS 1.2 Ed25519 Client Auth
test-21 = 21-Only RSA-PSS Certificate, TLS v1.1
test-22 = 22-TLS 1.2 DSA Certificate Test
# ===========================================================
[0-ECDSA CipherString Selection]
......@@ -463,14 +464,14 @@ ExpectedServerSignType = RSA-PSS
# ===========================================================
[14-RSA-PSS Certificate Signature Algorithm Selection]
ssl_conf = 14-RSA-PSS Certificate Signature Algorithm Selection-ssl
[14-RSA-PSS Certificate Legacy Signature Algorithm Selection]
ssl_conf = 14-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
[14-RSA-PSS Certificate Signature Algorithm Selection-ssl]
server = 14-RSA-PSS Certificate Signature Algorithm Selection-server
client = 14-RSA-PSS Certificate Signature Algorithm Selection-client
[14-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
server = 14-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
client = 14-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
[14-RSA-PSS Certificate Signature Algorithm Selection-server]
[14-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
......@@ -482,7 +483,7 @@ PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-RSA-PSS Certificate Signature Algorithm Selection-client]
[14-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA-PSS+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
......@@ -490,6 +491,40 @@ VerifyMode = Peer
[test-14]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256
ExpectedServerSignType = RSA-PSS
# ===========================================================
[15-RSA-PSS Certificate Unified Signature Algorithm Selection]
ssl_conf = 15-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
[15-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
server = 15-RSA-PSS Certificate Unified Signature Algorithm Selection-server
client = 15-RSA-PSS Certificate Unified Signature Algorithm Selection-client
[15-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
MaxProtocol = TLSv1.2
PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[15-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = rsa_pss_pss_sha256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-15]
ExpectedResult = Success
ExpectedServerCertType = RSA-PSS
ExpectedServerSignHash = SHA256
ExpectedServerSignType = RSA-PSS
......@@ -497,24 +532,24 @@ ExpectedServerSignType = RSA-PSS
# ===========================================================
[15-Only RSA-PSS Certificate]
ssl_conf = 15-Only RSA-PSS Certificate-ssl
[16-Only RSA-PSS Certificate]
ssl_conf = 16-Only RSA-PSS Certificate-ssl
[15-Only RSA-PSS Certificate-ssl]
server = 15-Only RSA-PSS Certificate-server
client = 15-Only RSA-PSS Certificate-client
[16-Only RSA-PSS Certificate-ssl]
server = 16-Only RSA-PSS Certificate-server
client = 16-Only RSA-PSS Certificate-client
[15-Only RSA-PSS Certificate-server]
[16-Only RSA-PSS Certificate-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
[15-Only RSA-PSS Certificate-client]
[16-Only RSA-PSS Certificate-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-15]
[test-16]
ExpectedResult = Success
ExpectedServerCertType = RSA-PSS
ExpectedServerSignHash = SHA256
......@@ -523,38 +558,38 @@ ExpectedServerSignType = RSA-PSS
# ===========================================================
[16-RSA-PSS Certificate, no PSS signature algorithms]
ssl_conf = 16-RSA-PSS Certificate, no PSS signature algorithms-ssl
[17-RSA-PSS Certificate, no PSS signature algorithms]
ssl_conf = 17-RSA-PSS Certificate, no PSS signature algorithms-ssl
[16-RSA-PSS Certificate, no PSS signature algorithms-ssl]
server = 16-RSA-PSS Certificate, no PSS signature algorithms-server
client = 16-RSA-PSS Certificate, no PSS signature algorithms-client
[17-RSA-PSS Certificate, no PSS signature algorithms-ssl]
server = 17-RSA-PSS Certificate, no PSS signature algorithms-server
client = 17-RSA-PSS Certificate, no PSS signature algorithms-client
[16-RSA-PSS Certificate, no PSS signature algorithms-server]
[17-RSA-PSS Certificate, no PSS signature algorithms-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
[16-RSA-PSS Certificate, no PSS signature algorithms-client]
[17-RSA-PSS Certificate, no PSS signature algorithms-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-16]
[test-17]
ExpectedResult = ServerFail
# ===========================================================
[17-Suite B P-256 Hash Algorithm Selection]
ssl_conf = 17-Suite B P-256 Hash Algorithm Selection-ssl
[18-Suite B P-256 Hash Algorithm Selection]
ssl_conf = 18-Suite B P-256 Hash Algorithm Selection-ssl
[17-Suite B P-256 Hash Algorithm Selection-ssl]
server = 17-Suite B P-256 Hash Algorithm Selection-server
client = 17-Suite B P-256 Hash Algorithm Selection-client
[18-Suite B P-256 Hash Algorithm Selection-ssl]
server = 18-Suite B P-256 Hash Algorithm Selection-server
client = 18-Suite B P-256 Hash Algorithm Selection-client
[17-Suite B P-256 Hash Algorithm Selection-server]
[18-Suite B P-256 Hash Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = SUITEB128
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
......@@ -562,13 +597,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[17-Suite B P-256 Hash Algorithm Selection-client]
[18-Suite B P-256 Hash Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
VerifyMode = Peer
[test-17]
[test-18]
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignHash = SHA256
......@@ -577,14 +612,14 @@ ExpectedServerSignType = EC
# ===========================================================
[18-Suite B P-384 Hash Algorithm Selection]
ssl_conf = 18-Suite B P-384 Hash Algorithm Selection-ssl
[19-Suite B P-384 Hash Algorithm Selection]
ssl_conf = 19-Suite B P-384 Hash Algorithm Selection-ssl
[18-Suite B P-384 Hash Algorithm Selection-ssl]
server = 18-Suite B P-384 Hash Algorithm Selection-server
client = 18-Suite B P-384 Hash Algorithm Selection-client
[19-Suite B P-384 Hash Algorithm Selection-ssl]
server = 19-Suite B P-384 Hash Algorithm Selection-server
client = 19-Suite B P-384 Hash Algorithm Selection-client
[18-Suite B P-384 Hash Algorithm Selection-server]
[19-Suite B P-384 Hash Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = SUITEB128
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
......@@ -592,13 +627,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[18-Suite B P-384 Hash Algorithm Selection-client]
[19-Suite B P-384 Hash Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
VerifyMode = Peer
[test-18]
[test-19]
ExpectedResult = Success
ExpectedServerCertType = P-384
ExpectedServerSignHash = SHA384
......@@ -607,21 +642,21 @@ ExpectedServerSignType = EC
# ===========================================================
[19-TLS 1.2 Ed25519 Client Auth]
ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl
[20-TLS 1.2 Ed25519 Client Auth]
ssl_conf = 20-TLS 1.2 Ed25519 Client Auth-ssl
[19-TLS 1.2 Ed25519 Client Auth-ssl]
server = 19-TLS 1.2 Ed25519 Client Auth-server
client = 19-TLS 1.2 Ed25519 Client Auth-client
[20-TLS 1.2 Ed25519 Client Auth-ssl]
server = 20-TLS 1.2 Ed25519 Client Auth-server
client = 20-TLS 1.2 Ed25519 Client Auth-client
[19-TLS 1.2 Ed25519 Client Auth-server]
[20-TLS 1.2 Ed25519 Client Auth-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
[19-TLS 1.2 Ed25519 Client Auth-client]
[20-TLS 1.2 Ed25519 Client Auth-client]
CipherString = DEFAULT
EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
......@@ -630,7 +665,7 @@ MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-19]
[test-20]
ExpectedClientCertType = Ed25519
ExpectedClientSignType = Ed25519
ExpectedResult = Success
......@@ -638,38 +673,38 @@ ExpectedResult = Success
# ===========================================================
[20-Only RSA-PSS Certificate, TLS v1.1]
ssl_conf = 20-Only RSA-PSS Certificate, TLS v1.1-ssl
[21-Only RSA-PSS Certificate, TLS v1.1]
ssl_conf = 21-Only RSA-PSS Certificate, TLS v1.1-ssl
[20-Only RSA-PSS Certificate, TLS v1.1-ssl]
server = 20-Only RSA-PSS Certificate, TLS v1.1-server
client = 20-Only RSA-PSS Certificate, TLS v1.1-client
[21-Only RSA-PSS Certificate, TLS v1.1-ssl]
server = 21-Only RSA-PSS Certificate, TLS v1.1-server
client = 21-Only RSA-PSS Certificate, TLS v1.1-client
[20-Only RSA-PSS Certificate, TLS v1.1-server]
[21-Only RSA-PSS Certificate, TLS v1.1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
[20-Only RSA-PSS Certificate, TLS v1.1-client]
[21-Only RSA-PSS Certificate, TLS v1.1-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-20]
[test-21]
ExpectedResult = ServerFail
# ===========================================================
[21-TLS 1.2 DSA Certificate Test]
ssl_conf = 21-TLS 1.2 DSA Certificate Test-ssl
[22-TLS 1.2 DSA Certificate Test]
ssl_conf = 22-TLS 1.2 DSA Certificate Test-ssl
[21-TLS 1.2 DSA Certificate Test-ssl]
server = 21-TLS 1.2 DSA Certificate Test-server
client = 21-TLS 1.2 DSA Certificate Test-client
[22-TLS 1.2 DSA Certificate Test-ssl]
server = 22-TLS 1.2 DSA Certificate Test-server
client = 22-TLS 1.2 DSA Certificate Test-client
[21-TLS 1.2 DSA Certificate Test-server]
[22-TLS 1.2 DSA Certificate Test-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = ALL
DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
......@@ -679,13 +714,13 @@ MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[21-TLS 1.2 DSA Certificate Test-client]
[22-TLS 1.2 DSA Certificate Test-client]
CipherString = ALL
SignatureAlgorithms = DSA+SHA256:DSA+SHA1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-21]
[test-22]
ExpectedResult = Success
......@@ -232,11 +232,24 @@ our @tests = (
},
},
{
name => "RSA-PSS Certificate Signature Algorithm Selection",
name => "RSA-PSS Certificate Legacy Signature Algorithm Selection",
server => $server_pss,
client => {
"SignatureAlgorithms" => "RSA-PSS+SHA256",
},
test => {
"ExpectedServerCertType" => "RSA",
"ExpectedServerSignHash" => "SHA256",
"ExpectedServerSignType" => "RSA-PSS",
"ExpectedResult" => "Success"
},
},
{
name => "RSA-PSS Certificate Unified Signature Algorithm Selection",
server => $server_pss,
client => {
"SignatureAlgorithms" => "rsa_pss_pss_sha256",
},
test => {
"ExpectedServerCertType" => "RSA-PSS",
"ExpectedServerSignHash" => "SHA256",
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册