lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512

Browse Source 
Add rsae sha384 sha512
This commit is contained in:
Ronald Cron
2022-03-29 14:01:51 +02:00
committed by GitHub
parent 39f2f73e69 d73d0a327a
commit 63d97ad0bb
15 changed files with 627 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
library/pk.c
View File

@ -36,7 +36,7 @@
#include "mbedtls/ecdsa.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "mbedtls/psa_util.h"
#endif
@ -518,6 +518,48 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
f_rng, p_rng, NULL ) );
}
#if defined(MBEDTLS_PSA_CRYPTO_C)
/*
* Make a signature given a signature type.
*/
int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
mbedtls_pk_context *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
#if defined(MBEDTLS_RSA_C)
psa_algorithm_t psa_md_alg;
#endif /* MBEDTLS_RSA_C */
*sig_len = 0;
if( ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ! mbedtls_pk_can_do( ctx, pk_type ) )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
if( pk_type != MBEDTLS_PK_RSASSA_PSS )
{
return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len,
sig, sig_size, sig_len, f_rng, p_rng ) );
}
#if defined(MBEDTLS_RSA_C)
psa_md_alg = mbedtls_psa_translate_md( md_alg );
if( psa_md_alg == 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PSS( psa_md_alg ),
ctx->pk_ctx, hash, hash_len,
sig, sig_size, sig_len ) );
#else /* MBEDTLS_RSA_C */
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
#endif /* !MBEDTLS_RSA_C */
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
/*
* Decrypt message
*/

113
library/pk_wrap.c
View File

@ -65,7 +65,7 @@
#include <limits.h>
#include <stdint.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(MBEDTLS_PSA_CRYPTO_C)
int mbedtls_pk_error_from_psa( psa_status_t status )
{
switch( status )
@ -100,28 +100,6 @@ int mbedtls_pk_error_from_psa( psa_status_t status )
}
}
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
int mbedtls_pk_error_from_psa_ecdca( psa_status_t status )
{
switch( status )
{
case PSA_ERROR_NOT_PERMITTED:
case PSA_ERROR_INVALID_ARGUMENT:
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
case PSA_ERROR_INVALID_HANDLE:
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
case PSA_ERROR_BUFFER_TOO_SMALL:
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
case PSA_ERROR_INSUFFICIENT_ENTROPY:
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
case PSA_ERROR_INVALID_SIGNATURE:
return( MBEDTLS_ERR_ECP_VERIFY_FAILED );
default:
return( mbedtls_pk_error_from_psa( status ) );
}
}
#endif
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
{
@ -144,7 +122,34 @@ int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
}
}
#endif
#endif
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status )
{
switch( status )
{
case PSA_ERROR_NOT_PERMITTED:
case PSA_ERROR_INVALID_ARGUMENT:
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
case PSA_ERROR_INVALID_HANDLE:
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
case PSA_ERROR_BUFFER_TOO_SMALL:
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
case PSA_ERROR_INSUFFICIENT_ENTROPY:
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
case PSA_ERROR_INVALID_SIGNATURE:
return( MBEDTLS_ERR_ECP_VERIFY_FAILED );
default:
return( mbedtls_pk_error_from_psa( status ) );
}
}
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_RSA_C)
static int rsa_can_do( mbedtls_pk_type_t type )
@ -191,13 +196,13 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
return( 0 );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
#if defined(MBEDTLS_PSA_CRYPTO_C)
int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg,
mbedtls_rsa_context *rsa_ctx,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size,
size_t *sig_len )
{
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
@ -206,31 +211,20 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
int key_len;
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
psa_algorithm_t psa_alg_md =
PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
((void) f_rng);
((void) p_rng);
#if SIZE_MAX > UINT_MAX
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* SIZE_MAX > UINT_MAX */
*sig_len = mbedtls_rsa_get_len( rsa );
*sig_len = mbedtls_rsa_get_len( rsa_ctx );
if( sig_size < *sig_len )
return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
/* mbedtls_pk_write_key_der() expects a full PK context;
* re-construct one to make it happy */
key.pk_info = &pk_info;
key.pk_ctx = ctx;
key.pk_ctx = rsa_ctx;
key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
if( key_len <= 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, psa_alg_md );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
status = psa_import_key( &attributes,
@ -241,8 +235,7 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
ret = mbedtls_pk_error_from_psa( status );
goto cleanup;
}
status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len,
status = psa_sign_hash( key_id, alg, hash, hash_len,
sig, sig_size, sig_len );
if( status != PSA_SUCCESS )
{
@ -256,9 +249,29 @@ cleanup:
status = psa_destroy_key( key_id );
if( ret == 0 && status != PSA_SUCCESS )
ret = mbedtls_pk_error_from_psa( status );
return( ret );
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
((void) f_rng);
((void) p_rng);
psa_algorithm_t psa_md_alg;
psa_md_alg = mbedtls_psa_translate_md( md_alg );
if( psa_md_alg == 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN(
psa_md_alg ),
ctx, hash, hash_len,
sig, sig_size, sig_len ) );
}
#else
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
@ -911,7 +924,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
buf, 2 * signature_part_size );
if( status != PSA_SUCCESS )
{
ret = mbedtls_pk_error_from_psa_ecdca( status );
ret = mbedtls_pk_error_from_psa_ecdsa( status );
goto cleanup;
}
@ -1132,7 +1145,7 @@ static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
sig, sig_size, sig_len );
if( status != PSA_SUCCESS )
{
ret = mbedtls_pk_error_from_psa_ecdca( status );
ret = mbedtls_pk_error_from_psa_ecdsa( status );
goto cleanup;
}
@ -1454,7 +1467,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
status = psa_sign_hash( *key, alg, hash, hash_len,
sig, sig_size, sig_len );
if( status != PSA_SUCCESS )
return( mbedtls_pk_error_from_psa_ecdca( status ) );
return( mbedtls_pk_error_from_psa_ecdsa( status ) );
/* transcode it to ASN.1 sequence */
return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );

26
library/pk_wrap.h
View File

@ -27,6 +27,10 @@
#include "mbedtls/pk.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
#endif /* MBEDTLS_PSA_CRYPTO_C */
struct mbedtls_pk_info_t
{
/** Public key type */
@ -133,18 +137,28 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_pk_error_from_psa( psa_status_t status );
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
int mbedtls_pk_error_from_psa_ecdca( psa_status_t status );
int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status );
#endif
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_C)
int mbedtls_pk_error_from_psa( psa_status_t status );
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
#endif
#endif
#if defined(MBEDTLS_RSA_C)
int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md,
mbedtls_rsa_context *rsa_ctx,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size,
size_t *sig_len );
#endif /* MBEDTLS_RSA_C */
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PK_WRAP_H */

2
library/ssl_debug_helpers.h
View File

@ -39,7 +39,7 @@ const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in );
const char *mbedtls_ssl_key_export_type_str( mbedtls_ssl_key_export_type in );
const char *mbedtls_ssl_sig_alg_to_str( uint16_t in );
#endif /* MBEDTLS_DEBUG_C */

141
library/ssl_misc.h
View File

@ -1960,6 +1960,97 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl
return( 0 );
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
{
*pk_type = MBEDTLS_PK_NONE;
*md_alg = MBEDTLS_MD_NONE;
switch( sig_alg )
{
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
*md_alg = MBEDTLS_MD_SHA256;
*pk_type = MBEDTLS_PK_ECDSA;
break;
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
*md_alg = MBEDTLS_MD_SHA384;
*pk_type = MBEDTLS_PK_ECDSA;
break;
#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
*md_alg = MBEDTLS_MD_SHA512;
*pk_type = MBEDTLS_PK_ECDSA;
break;
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
*md_alg = MBEDTLS_MD_SHA256;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
*md_alg = MBEDTLS_MD_SHA384;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
*md_alg = MBEDTLS_MD_SHA512;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
*md_alg = MBEDTLS_MD_SHA256;
*pk_type = MBEDTLS_PK_RSA;
break;
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
*md_alg = MBEDTLS_MD_SHA384;
*pk_type = MBEDTLS_PK_RSA;
break;
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
*md_alg = MBEDTLS_MD_SHA512;
*pk_type = MBEDTLS_PK_RSA;
break;
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */
default:
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
static inline int mbedtls_ssl_sig_alg_is_supported(
const mbedtls_ssl_context *ssl,
const uint16_t sig_alg )
@ -2031,52 +2122,10 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4)
{
switch( sig_alg )
{
#if defined(MBEDTLS_SHA256_C) && \
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
defined(MBEDTLS_ECDSA_C)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
break;
#endif /* MBEDTLS_SHA256_C &&
MBEDTLS_ECP_DP_SECP256R1_ENABLED &&
MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_SHA384_C) && \
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
defined(MBEDTLS_ECDSA_C)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
break;
#endif /* MBEDTLS_SHA384_C &&
MBEDTLS_ECP_DP_SECP384R1_ENABLED &&
MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_SHA512_C) && \
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
defined(MBEDTLS_ECDSA_C)
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
break;
#endif /* MBEDTLS_SHA512_C &&
MBEDTLS_ECP_DP_SECP521R1_ENABLED &&
MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_SHA256_C) && \
defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
break;
#endif /* MBEDTLS_SHA256_C &&
MBEDTLS_X509_RSASSA_PSS_SUPPORT */
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_RSA_C)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
break;
#endif /* MBEDTLS_SHA256_C && MBEDTLS_RSA_C*/
default:
return( 0 );
}
return( 1 );
mbedtls_pk_type_t pk_type;
mbedtls_md_type_t md_alg;
return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
sig_alg, &pk_type, &md_alg ) );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
((void) ssl);

213
library/ssl_tls13_generic.c
View File

@ -32,6 +32,7 @@
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
unsigned hs_type,
@ -334,31 +335,10 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
goto error;
}
/* We currently only support ECDSA-based signatures */
switch( algorithm )
if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
algorithm, &sig_alg, &md_alg ) != 0 )
{
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
md_alg = MBEDTLS_MD_SHA256;
sig_alg = MBEDTLS_PK_ECDSA;
break;
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
md_alg = MBEDTLS_MD_SHA384;
sig_alg = MBEDTLS_PK_ECDSA;
break;
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
md_alg = MBEDTLS_MD_SHA512;
sig_alg = MBEDTLS_PK_ECDSA;
break;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PSS" ) );
md_alg = MBEDTLS_MD_SHA256;
sig_alg = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
goto error;
goto error;
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )",
@ -948,6 +928,123 @@ cleanup:
/*
* STATE HANDLING: Output Certificate Verify
*/
static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
mbedtls_pk_context *own_key,
uint16_t *algorithm )
{
mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key );
/* Determine the size of the key */
size_t own_key_size = mbedtls_pk_get_bitlen( own_key );
*algorithm = MBEDTLS_TLS1_3_SIG_NONE;
((void) own_key_size);
switch( sig )
{
#if defined(MBEDTLS_ECDSA_C)
case MBEDTLS_SSL_SIG_ECDSA:
switch( own_key_size )
{
case 256:
*algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
return( 0 );
case 384:
*algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
return( 0 );
case 521:
*algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
return( 0 );
default:
MBEDTLS_SSL_DEBUG_MSG( 3,
( "unknown key size: %"
MBEDTLS_PRINTF_SIZET " bits",
own_key_size ) );
break;
}
break;
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_SSL_SIG_RSA:
#if defined(MBEDTLS_PKCS1_V21)
#if defined(MBEDTLS_SHA256_C)
if( own_key_size <= 2048 &&
mbedtls_ssl_sig_alg_is_received( ssl,
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) )
{
*algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
return( 0 );
}
else
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
if( own_key_size <= 3072 &&
mbedtls_ssl_sig_alg_is_received( ssl,
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) )
{
*algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
return( 0 );
}
else
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA512_C)
if( own_key_size <= 4096 &&
mbedtls_ssl_sig_alg_is_received( ssl,
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) )
{
*algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
return( 0 );
}
else
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_PKCS1_V21 */
#if defined(MBEDTLS_PKCS1_V15)
#if defined(MBEDTLS_SHA256_C)
if( own_key_size <= 2048 &&
mbedtls_ssl_sig_alg_is_received( ssl,
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 ) )
{
*algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
return( 0 );
}
else
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA384_C)
if( own_key_size <= 3072 &&
mbedtls_ssl_sig_alg_is_received( ssl,
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 ) )
{
*algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384;
return( 0 );
}
else
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA512_C)
if( own_key_size <= 4096 &&
mbedtls_ssl_sig_alg_is_received( ssl,
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) )
{
*algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512;
return( 0 );
}
else
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_PKCS1_V15 */
{
MBEDTLS_SSL_DEBUG_MSG( 3,
( "unknown key size: %"
MBEDTLS_PRINTF_SIZET " bits",
own_key_size ) );
}
break;
#endif /* MBEDTLS_RSA_C */
default:
MBEDTLS_SSL_DEBUG_MSG( 1,
( "unkown signature type : %u", sig ) );
break;
}
return( -1 );
}
static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
unsigned char *buf,
unsigned char *end,
@ -961,11 +1058,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
size_t handshake_hash_len;
unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
size_t verify_buffer_len;
unsigned char signature_type;
#if defined(MBEDTLS_ECDSA_C)
size_t own_key_size;
#endif /* MBEDTLS_ECDSA_C */
mbedtls_md_type_t md_alg;
mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
size_t signature_len = 0;
const mbedtls_md_info_t *md_info;
@ -1003,55 +1097,26 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
* opaque signature<0..2^16-1>;
* } CertificateVerify;
*/
signature_type = mbedtls_ssl_sig_from_pk( own_key );
#if defined(MBEDTLS_ECDSA_C)
/* Determine the size of the key */
own_key_size = mbedtls_pk_get_bitlen( own_key );
#endif /* MBEDTLS_ECDSA_C */
switch( signature_type )
{
#if defined(MBEDTLS_ECDSA_C)
case MBEDTLS_SSL_SIG_ECDSA:
switch( own_key_size )
{
case 256:
md_alg = MBEDTLS_MD_SHA256;
algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
break;
case 384:
md_alg = MBEDTLS_MD_SHA384;
algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
break;
case 521:
md_alg = MBEDTLS_MD_SHA512;
algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
break;
default:
MBEDTLS_SSL_DEBUG_MSG( 3,
( "unknown key size: %"
MBEDTLS_PRINTF_SIZET " bits",
own_key_size ) );
break;
}
break;
#endif /* MBEDTLS_ECDSA_C */
default:
MBEDTLS_SSL_DEBUG_MSG( 1,
( "unkown pk type : %d", signature_type ) );
break;
}
if( algorithm == MBEDTLS_TLS1_3_SIG_NONE ||
! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm );
if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "signature algorithm not in received or offered list." ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s",
mbedtls_ssl_sig_alg_to_str( algorithm ) ) );
MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
algorithm, &pk_type, &md_alg ) != 0 )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
/* Check there is space for the algorithm identifier (2 bytes) and the
* signature length (2 bytes).
*/
@ -1071,10 +1136,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
verify_hash_len = mbedtls_md_get_size( md_info );
MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
if( ( ret = mbedtls_pk_sign( own_key, md_alg,
verify_hash, verify_hash_len,
p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
md_alg, verify_hash, verify_hash_len,
p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
return( ret );