From: Pascal Knecht <pascal.knecht@hsr.ch>
Date: Tue, 13 Oct 2020 11:54:38 +0000 (+0200)
Subject: tls-crypto: Distinguish between signing and verifying signature schemes
X-Git-Tag: 5.9.2rc1~23^2~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=06112f3fe26413585c832b50e36b7d91d0e96f6e;p=thirdparty%2Fstrongswan.git

tls-crypto: Distinguish between signing and verifying signature schemes

strongSwan supports RSA_PSS_RSAE schemes for signing but does not
differentiate between rsaEncryption and rsassaPss encoding. Thus
RSA_PSS_PSS schemes are only used for verifying signatures.
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 86fafb4dd4..fc74d31f2e 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1512,19 +1512,18 @@ METHOD(tls_crypto_t, get_signature_algorithms, void,
 /**
  * Get the signature parameters from a TLS signature scheme
  */
-static signature_params_t *params_for_scheme(tls_signature_scheme_t sig)
+static signature_params_t *params_for_scheme(tls_signature_scheme_t sig,
+											 bool sign)
 {
 	int i;
 
 	for (i = 0; i < countof(schemes); i++)
 	{
 		/* strongSwan supports only RSA_PSS_RSAE schemes for signing but can
-		 * verify public keys in rsaEncryption as well as rsassaPss encoding.
-		 * Current implementation does not distinguish between signing and
-		 * verifying. */
-		if (sig == TLS_SIG_RSA_PSS_PSS_SHA256 ||
-			sig == TLS_SIG_RSA_PSS_PSS_SHA384 ||
-			sig == TLS_SIG_RSA_PSS_PSS_SHA512)
+		 * verify public keys in rsaEncryption as well as rsassaPss encoding. */
+		if (sign && (sig == TLS_SIG_RSA_PSS_PSS_SHA256 ||
+					 sig == TLS_SIG_RSA_PSS_PSS_SHA384 ||
+					 sig == TLS_SIG_RSA_PSS_PSS_SHA512))
 		{
 			continue;
 		}
@@ -1765,7 +1764,7 @@ METHOD(tls_crypto_t, sign, bool,
 		{
 			if (reader->read_uint16(reader, &scheme))
 			{
-				params = params_for_scheme(scheme);
+				params = params_for_scheme(scheme, TRUE);
 				if (params &&
 					type == key_type_from_signature_scheme(params->scheme) &&
 					key->sign(key, params->scheme, params->params, data, &sig))
@@ -1840,7 +1839,7 @@ METHOD(tls_crypto_t, verify, bool,
 			DBG1(DBG_TLS, "received invalid signature");
 			return FALSE;
 		}
-		params = params_for_scheme(scheme);
+		params = params_for_scheme(scheme, FALSE);
 		if (!params)
 		{
 			DBG1(DBG_TLS, "signature algorithms %N not supported",