From 919130c03547d358bf047ac89574a109b61415dd Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Wed, 23 Feb 2022 10:40:19 +0800
Subject: [PATCH] Add rsa_pss_rsae_sha256 support

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_generic.c | 50 +++++++++++++++++++++++++++++++++----
 tests/ssl-opt.sh            | 10 +++-----
 2 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 24a3d9dc34..8b0f668e9c 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -980,9 +980,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
     unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
     size_t verify_buffer_len;
     unsigned char signature_type;
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
     size_t own_key_size;
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDSA_C || MBEDTLS_X509_RSASSA_PSS_SUPPORT */
     mbedtls_md_type_t md_alg;
     uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
     size_t signature_len = 0;
@@ -1022,10 +1022,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
      *  } CertificateVerify;
      */
     signature_type = mbedtls_ssl_sig_from_pk( own_key );
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
     /* Determine the size of the key */
     own_key_size = mbedtls_pk_get_bitlen( own_key );
-#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDSA_C || MBEDTLS_X509_RSASSA_PSS_SUPPORT */
     switch( signature_type )
     {
 #if defined(MBEDTLS_ECDSA_C)
@@ -1054,10 +1054,50 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
             break;
 #endif /* MBEDTLS_ECDSA_C */
 
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+        case MBEDTLS_SSL_SIG_RSA:
+            if( own_key_size <= 2048 &&
+                mbedtls_ssl_sig_alg_is_received( ssl,
+                                    MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) )
+            {
+                md_alg  = MBEDTLS_MD_SHA256;
+                algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
+            }
+            else if( own_key_size <= 3072 &&
+                     mbedtls_ssl_sig_alg_is_received( ssl,
+                                    MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) )
+            {
+                md_alg  = MBEDTLS_MD_SHA384;
+                algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
+            }
+            else if( own_key_size <= 4096 &&
+                     mbedtls_ssl_sig_alg_is_received( ssl,
+                                    MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) )
+            {
+                md_alg  = MBEDTLS_MD_SHA512;
+                algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
+            }
+            else
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %"
+                                            MBEDTLS_PRINTF_SIZET " bits",
+                                            own_key_size ) );
+                break;
+            }
+
+            if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *own_key ),
+                                         MBEDTLS_RSA_PKCS_V21,
+                                         md_alg ) != 0 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Set RSA padding Fail" ) );
+                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            }
+            break;
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
         default:
             MBEDTLS_SSL_DEBUG_MSG( 1,
                                    ( "unkown pk type : %d", signature_type ) );
-            break;
+            return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
     }
 
     if( algorithm == MBEDTLS_TLS1_3_SIG_NONE ||
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d5334cece3..44a754650d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -10037,12 +10037,11 @@ run_test    "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
             "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
             "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \
                     key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
-            1 \
+            0 \
             -c "got a certificate request" \
             -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
             -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-            -c "unkown pk type" \
-            -c "signature algorithm not in received or offered list."
+            -c "Protocol is TLSv1.3"
 
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
@@ -10055,12 +10054,11 @@ run_test    "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
             "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
             "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \
                     key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
-            1 \
+            0 \
             -c "got a certificate request" \
             -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
             -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-            -c "unkown pk type" \
-            -c "signature algorithm not in received or offered list."
+            -c "Protocol is TLSv1.3"
 
 requires_openssl_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3