Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add three additional signature algorithms, offered by atleast AWS #139

Merged
merged 3 commits into from
Mar 15, 2024
Merged

Add three additional signature algorithms, offered by atleast AWS #139

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4f170e8
Add three additional signature algorithms, offered by atleast AWS
MathiasKoch Mar 14, 2024
363a8a9
Add script to generate test certificates and keys, and add new ong-li…
MathiasKoch Mar 15, 2024
9b3c9d7
Fix webpki
MathiasKoch Mar 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/config.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ where
pub struct TlsConfig<'a> {
pub(crate) server_name: Option<&'a str>,
pub(crate) psk: Option<(&'a [u8], Vec<&'a [u8], 4>)>,
pub(crate) signature_schemes: Vec<SignatureScheme, 16>,
pub(crate) signature_schemes: Vec<SignatureScheme, 19>,
pub(crate) named_groups: Vec<NamedGroup, 16>,
pub(crate) max_fragment_length: Option<MaxFragmentLength>,
pub(crate) ca: Option<Certificate<'a>>,
Expand Down
8 changes: 8 additions & 0 deletions src/extensions/extension_data/signature_algorithms.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ pub enum SignatureScheme {
RsaPssPssSha384 = 0x080a,
RsaPssPssSha512 = 0x080b,

Sha224Ecdsa = 0x0303,
Sha224Rsa = 0x0301,
Sha224Dsa = 0x0302,

/* Legacy algorithms */
RsaPkcs1Sha1 = 0x0201,
EcdsaSha1 = 0x0203,
Expand Down Expand Up @@ -63,6 +67,10 @@ impl SignatureScheme {
0x080a => Ok(Self::RsaPssPssSha384),
0x080b => Ok(Self::RsaPssPssSha512),

0x0303 => Ok(Self::Sha224Ecdsa),
0x0301 => Ok(Self::Sha224Rsa),
0x0302 => Ok(Self::Sha224Dsa),

0x0201 => Ok(Self::RsaPkcs1Sha1),
0x0203 => Ok(Self::EcdsaSha1),
_ => Err(ParseError::InvalidData),
Expand Down
6 changes: 3 additions & 3 deletions src/extensions/messages.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,12 @@ extension_group! {
pub enum ClientHelloExtension<'a> {
ServerName(ServerNameList<'a, 1>),
SupportedVersions(SupportedVersionsClientHello<16>),
SignatureAlgorithms(SignatureAlgorithms<16>),
SignatureAlgorithms(SignatureAlgorithms<19>),
SupportedGroups(SupportedGroups<16>),
KeyShare(KeyShareClientHello<'a, 1>),
PreSharedKey(PreSharedKeyClientHello<'a, 4>),
PskKeyExchangeModes(PskKeyExchangeModes<4>),
SignatureAlgorithmsCert(SignatureAlgorithmsCert<16>),
SignatureAlgorithmsCert(SignatureAlgorithmsCert<19>),
MaxFragmentLength(MaxFragmentLength),
StatusRequest(Unimplemented<'a>),
UseSrtp(Unimplemented<'a>),
Expand Down Expand Up @@ -71,7 +71,7 @@ extension_group! {
extension_group! {
pub enum CertificateRequestExtension<'a> {
StatusRequest(Unimplemented<'a>),
SignatureAlgorithms(SignatureAlgorithms<16>),
SignatureAlgorithms(SignatureAlgorithms<19>),
SignedCertificateTimestamp(Unimplemented<'a>),
CertificateAuthorities(Unimplemented<'a>),
OidFilters(Unimplemented<'a>),
Expand Down
2 changes: 1 addition & 1 deletion src/handshake/certificate_request.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ impl<'a> CertificateRequestRef<'a> {
#[cfg_attr(feature = "defmt", derive(defmt::Format))]
pub struct CertificateRequest {
pub(crate) request_context: Vec<u8, 256>,
pub(crate) signature_algorithms: Option<SignatureAlgorithms<16>>,
pub(crate) signature_algorithms: Option<SignatureAlgorithms<19>>,
}

impl<'a> TryFrom<CertificateRequestRef<'a>> for CertificateRequest {
Expand Down
8 changes: 8 additions & 0 deletions src/webpki.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ impl TryInto<&'static webpki::SignatureAlgorithm> for SignatureScheme {
SignatureScheme::Ed25519 => Ok(&webpki::ED25519),
SignatureScheme::Ed448 => Err(TlsError::InvalidSignatureScheme),

SignatureScheme::Sha224Ecdsa => Err(TlsError::InvalidSignatureScheme),
SignatureScheme::Sha224Rsa => Err(TlsError::InvalidSignatureScheme),
SignatureScheme::Sha224Dsa => Err(TlsError::InvalidSignatureScheme),

/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */
SignatureScheme::RsaPssPssSha256 => Err(TlsError::InvalidSignatureScheme),
SignatureScheme::RsaPssPssSha384 => Err(TlsError::InvalidSignatureScheme),
Expand Down Expand Up @@ -69,6 +73,10 @@ impl TryInto<&'static webpki::SignatureAlgorithm> for SignatureScheme {
SignatureScheme::Ed25519 => Ok(&webpki::ED25519),
SignatureScheme::Ed448 => Err(TlsError::InvalidSignatureScheme),

SignatureScheme::Sha224Ecdsa => Err(TlsError::InvalidSignatureScheme),
SignatureScheme::Sha224Rsa => Err(TlsError::InvalidSignatureScheme),
SignatureScheme::Sha224Dsa => Err(TlsError::InvalidSignatureScheme),

/* RSASSA-PSS algorithms with public key OID RSASSA-PSS */
SignatureScheme::RsaPssPssSha256 => Err(TlsError::InvalidSignatureScheme),
SignatureScheme::RsaPssPssSha384 => Err(TlsError::InvalidSignatureScheme),
Expand Down
21 changes: 11 additions & 10 deletions tests/data/ca-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB2TCCAX+gAwIBAgIUZ+9dtzTSadaW+FC4m8dOGL40eBMwCgYIKoZIzj0EAwIw
QjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwT
RGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yMTEwMTMwODIwNDJaFw0zMTEwMTEwODIw
NDJaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNV
BAoME0RlZmF1bHQgQ29tcGFueSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AARwQ/jWAMuCH4qbcYVntGyq4RCYKiWiN9cVXKOnnDbSfIXS8IGnF7PFrCOck9yx
4A7Pfo/00rTf0x1/NKNOV5nio1MwUTAdBgNVHQ4EFgQU7HQ64pisg1MasN9wSLE/
LC6PcjowHwYDVR0jBBgwFoAU7HQ64pisg1MasN9wSLE/LC6PcjowDwYDVR0TAQH/
BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBMip1366r3oWgJFzkkmh3Sf2te54G5
KWs0PcVLaoNiuAIhAIx5dhXti2FEQ4mkZUKaqxfH5GdboZa6JEv2yYTd6ZvK
MIIB4TCCAYegAwIBAgIUQg+MEmSRVTK2bmxap0ML1hrSlWYwCgYIKoZIzj0EAwIw
RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNDAzMTUxMDA0MTRaGA8yMDUxMDgw
MTEwMDQxNFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAf
BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqG
SM49AwEHA0IABB2pswE2gtPH89n4Wt0G4s8DomZAB7nkUgUOt5cs6vEJLoPTiPo8
3KXH3neFwooXK1OX+pCtwyun+EMDxbzZAyujUzBRMB0GA1UdDgQWBBTCzl8UW2Kl
0hJcSAmVz0/TKyCdXDAfBgNVHSMEGDAWgBTCzl8UW2Kl0hJcSAmVz0/TKyCdXDAP
BgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIECp2SXHt3BkjkxCovuE
5v8TmyuZqgyte95t9B28kDExAiEAqSM8ngckj9JqgKUijOMRYIE+frU9RtlawtUi
7n2KQV0=
-----END CERTIFICATE-----
10 changes: 5 additions & 5 deletions tests/data/ca-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgb2Ff7kE1XJA3FKLl
sNqHvI6ALhbh3pZjzeWTa+BrfvKhRANCAARwQ/jWAMuCH4qbcYVntGyq4RCYKiWi
N9cVXKOnnDbSfIXS8IGnF7PFrCOck9yx4A7Pfo/00rTf0x1/NKNOV5ni
-----END PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINFi5sVVW/2beOSKPlg8ef4Daez9wW2md3vBQ/XGzxKmoAoGCCqGSM49
AwEHoUQDQgAEHamzATaC08fz2fha3QbizwOiZkAHueRSBQ63lyzq8Qkug9OI+jzc
pcfed4XCihcrU5f6kK3DK6f4QwPFvNkDKw==
-----END EC PRIVATE KEY-----
20 changes: 10 additions & 10 deletions tests/data/client-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBzDCCAXGgAwIBAgIUVB+wKMT9vfrrgAOVt5qON8J8onMwCgYIKoZIzj0EAwIw
QjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwT
RGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yNDAyMDkwOTI3NDlaFw0yNDAzMTAwOTI3
NDlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK
DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAAQzXKrX05qlw3NP1k6+kSiTnmI6Mo3ffT6VY71oPQIcqYiD1+hY7tIkk9kV
ke11ZNdGZR0r/o+4TzYJcxcgkNhLo0IwQDAdBgNVHQ4EFgQUBH7ViSdnDzmkYtsO
/f+BpHjeJHcwHwYDVR0jBBgwFoAU7HQ64pisg1MasN9wSLE/LC6PcjowCgYIKoZI
zj0EAwIDSQAwRgIhAONbHGkd+/wpgELOk/az5ELfrB7YO2o4a6Uix5KQOnARAiEA
tDGyTnCEmHjB/GGsLwLa8DRplNXFESDH2erfhutw8ME=
MIIBzTCCAXSgAwIBAgIUGQYrxI6lMa1yflVNpTO7VPPEwSgwCgYIKoZIzj0EAwIw
RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDAzMTUxMDA0MTVaFw0yNjEyMTAx
MDA0MTVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD
VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjO
PQMBBwNCAATBRnKMD+6BTcFuurE4Qt4pMgjUaWLOP/kTdGzyaZkVlPfp0fIKTRKv
EgHJlmTjsZfHkIm7nVD078BrfRoP6DqIo0IwQDAdBgNVHQ4EFgQUghgnu06bRUBN
bZHPn38zSTpb70UwHwYDVR0jBBgwFoAUws5fFFtipdISXEgJlc9P0ysgnVwwCgYI
KoZIzj0EAwIDRwAwRAIgOu6eFOYVbuWpIyDs2WrLXqHybAYlv4y4qqD6LZtITawC
IHNgKyB1PNV0CN7VOexBVJQv4edB8etbVxAF+WqztDT+
-----END CERTIFICATE-----
6 changes: 3 additions & 3 deletions tests/data/client-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIIMoxSnX9BbbgLSGk2rVi0o+NLwzisbbfce/pLGkHwvooAoGCCqGSM49
AwEHoUQDQgAEM1yq19OapcNzT9ZOvpEok55iOjKN330+lWO9aD0CHKmIg9foWO7S
JJPZFZHtdWTXRmUdK/6PuE82CXMXIJDYSw==
MHcCAQEEIFllWPnIPExTk23tY4nSbss9UJ3EgDG91qZqajC/FBrkoAoGCCqGSM49
AwEHoUQDQgAEwUZyjA/ugU3BbrqxOELeKTII1Glizj/5E3Rs8mmZFZT36dHyCk0S
rxIByZZk47GXx5CJu51Q9O/Aa30aD+g6iA==
-----END EC PRIVATE KEY-----
8 changes: 8 additions & 0 deletions tests/data/client.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIH/MIGnAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAATBRnKMD+6BTcFuurE4Qt4pMgjUaWLOP/kTdGzyaZkVlPfp0fIK
TRKvEgHJlmTjsZfHkIm7nVD078BrfRoP6DqIoAAwCgYIKoZIzj0EAwIDRwAwRAIg
Lz4amy52zltB01+MsIbEs0prvo3IscABIjJ5fmDbfKwCIBIHDrmrMLpSQmC6IhtD
dbx7onV8yn6akJxA8tYjW6em
-----END CERTIFICATE REQUEST-----
14 changes: 14 additions & 0 deletions tests/data/gen_certs_and_keys.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Create CA private key and certificate
openssl ecparam -name prime256v1 -genkey -noout -out ca-key.pem
openssl req -new -x509 -sha256 -key ca-key.pem -days 10000 -out ca-cert.pem


# Create private key, certificate signing request (CSR) and certificate for client
openssl ecparam -name prime256v1 -genkey -noout -out client-key.pem
openssl req -new -sha256 -key client-key.pem -out client.csr
openssl x509 -req -in client.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem -days 1000 -sha256

# Create private key, certificate signing request (CSR) and certificate for server
openssl ecparam -name prime256v1 -genkey -noout -out server-key.pem
openssl req -new -sha256 -key server-key.pem -out server.csr
openssl x509 -req -in server.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -days 10000 -sha256
21 changes: 10 additions & 11 deletions tests/data/server-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,12 @@
-----BEGIN CERTIFICATE-----
MIICBjCCAa2gAwIBAgIULDyCYYteka2S6hEC2890o7k+0Z0wCgYIKoZIzj0EAwIw
QjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwT
RGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yMTEwMTMwODIwNDJaFw0zMTEwMTEwODIw
NDJaMHIxCzAJBgNVBAYTAk5PMQ4wDAYDVQQIDAVIYW1hcjEOMAwGA1UEBwwFSGFt
YXIxGDAWBgNVBAoMD0dsb2JhbCBTZWN1cml0eTEVMBMGA1UECwwMSG9sc2V0YmFr
a2VuMRIwEAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AATEmfbzqqHiZwCKXgEfjAWjk6zPlK9Fs3bXfjo2gt1NuqA4yCdOULKa6aIFHyAv
fM3zHNiL5vk5pbBtzja6vaIjo1EwTzAfBgNVHSMEGDAWgBTsdDrimKyDUxqw33BI
sT8sLo9yOjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAUBgNVHREEDTALgglsb2Nh
bGhvc3QwCgYIKoZIzj0EAwIDRwAwRAIgbzQX/FohpbrME+QE6bo0UrYdXI1hSaSs
8yjdM7dr4HoCIEM+dbqDGm+QG+tkhH7jB35czbBWmC/Y5ObMM29i/u2h
MIIBzzCCAXagAwIBAgIUGQYrxI6lMa1yflVNpTO7VPPEwSkwCgYIKoZIzj0EAwIw
RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNDAzMTUxMDA0MTdaGA8yMDUxMDgw
MTEwMDQxN1owRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAf
BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqG
SM49AwEHA0IABETSCUisGGdCnccDgjSkSnk7W9AwUJVV4fLeP7c0G1QH1KBjQFib
fOiWiVi28vSFmqjsTDIMx9kdWLeUnBi9zwGjQjBAMB0GA1UdDgQWBBQDKzwiywv5
9mVBb18zMizxhf9YgzAfBgNVHSMEGDAWgBTCzl8UW2Kl0hJcSAmVz0/TKyCdXDAK
BggqhkjOPQQDAgNHADBEAiBRY8JvchuVF8+3ZKKHK5479LHIKGrLunjAiUct6x9J
nQIgXzQlpSfpbSiZJc1vyfePkiyiDq02t3TQg7vhpmZeonU=
-----END CERTIFICATE-----
10 changes: 5 additions & 5 deletions tests/data/server-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKoaBrAdXxdzKFph6
tXe2+WYYMV0HUz9KWdnz81f38YKhRANCAATEmfbzqqHiZwCKXgEfjAWjk6zPlK9F
s3bXfjo2gt1NuqA4yCdOULKa6aIFHyAvfM3zHNiL5vk5pbBtzja6vaIj
-----END PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINr4rPfkzpj7lJtJSoAwhLlTw5EQbHq+prwpWL5NlUlHoAoGCCqGSM49
AwEHoUQDQgAERNIJSKwYZ0KdxwOCNKRKeTtb0DBQlVXh8t4/tzQbVAfUoGNAWJt8
6JaJWLby9IWaqOxMMgzH2R1Yt5ScGL3PAQ==
-----END EC PRIVATE KEY-----
8 changes: 8 additions & 0 deletions tests/data/server.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIH/MIGnAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAARE0glIrBhnQp3HA4I0pEp5O1vQMFCVVeHy3j+3NBtUB9SgY0BY
m3zololYtvL0hZqo7EwyDMfZHVi3lJwYvc8BoAAwCgYIKoZIzj0EAwIDRwAwRAIg
PrWAWWiMXPKHsx6zzEkzzonesjnUJc3YsbGfmGn8xXACIHLTD3XYL/X1Naoi1CMq
nNcthxjBCwiHfVB2cqaf8N19
-----END CERTIFICATE REQUEST-----