tls-sig: check RSA-PSS signature key compatibility also in TLS 1.2

This extends commit 51d21634 to cover the optional TLS 1.2 cases,
which RFC 8446 4.2.3 suggests: "Implementations that advertise support
for RSASSA-PSS (which is mandatory in TLS 1.3) MUST be prepared to
accept a signature using that scheme even when TLS 1.2 is negotiated".

Signed-off-by: Daiki Ueno <dueno@redhat.com>

diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index 75f88e5fbdeb09cc6ae0e6ccfd3e583ff317fb3e..f512127ced5fb2f26f95e57dae444cee6a6a5011 100644 (file)
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -271,6 +271,7 @@ _gnutls_handshake_verify_data12(gnutls_session_t session,
        gnutls_datum_t dconcat;
        int ret;
        const version_entry_st *ver = get_version(session);
+       const gnutls_sign_entry_st *se = _gnutls_sign_to_entry(sign_algo);
 
        _gnutls_handshake_log
            ("HSK[%p]: verify TLS 1.2 handshake data: using %s\n", session,
@@ -283,6 +284,12 @@ _gnutls_handshake_verify_data12(gnutls_session_t session,
        if (ret < 0)
                return gnutls_assert_val(ret);
 
+       if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
+               _gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
+                                     session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
+               return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+       }
+
        ret =
            _gnutls_session_sign_algo_enabled(session, sign_algo);
        if (ret < 0)
@@ -356,11 +363,18 @@ _gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session,
 {
        int ret;
        gnutls_datum_t dconcat;
+       const gnutls_sign_entry_st *se = _gnutls_sign_to_entry(sign_algo);
 
        ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
        if (ret < 0)
                return gnutls_assert_val(ret);
 
+       if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
+               _gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
+                                     session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
+               return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+       }
+
        dconcat.data = session->internals.handshake_hash_buffer.data;
        dconcat.size = session->internals.handshake_hash_buffer_prev_len;
 
@@ -567,6 +581,9 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
 
        gnutls_sign_algorithm_set_client(session, sign_algo);
 
+       if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == 0))
+               return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
        _gnutls_debug_log("sign handshake cert vrfy: picked %s\n",
                          gnutls_sign_algorithm_get_name(sign_algo));
 

diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json
index f9de1746992279326972364761f920ceb505505c..c2b28c5569fc6baec6f35e02c2b315b856b2f307 100644 (file)
--- a/tests/suite/tls-fuzzer/gnutls-cert.json
+++ b/tests/suite/tls-fuzzer/gnutls-cert.json
@@ -37,13 +37,11 @@
                          "-p", "@PORT@"]
           },
          {"name" : "test-rsa-pss-sigs-on-certificate-verify.py",
-         "comment" : "FIXME: We shouldn't allow rsa_pss_pss* schemes as there is only RSA key #645",
+         "comment": "tlsfuzzer doesn't know ed25519 scheme which we advertise",
           "arguments" : ["-k", "tests/clientX509Key.pem",
                          "-c", "tests/clientX509Cert.pem",
                          "-e", "check CertificateRequest sigalgs",
-                        "-e", "rsa_pss_pss_sha256 in CertificateVerify with rsa key",
-                        "-e", "rsa_pss_pss_sha384 in CertificateVerify with rsa key",
-                        "-e", "rsa_pss_pss_sha512 in CertificateVerify with rsa key",
+                         "--illegpar",
                          "-n", "100",
                          "-p", "@PORT@"]
           },