crypto/tls: add RSASSA-PSS support for handshake messages

This adds support for RSASSA-PSS signatures in handshake messages as required by TLS 1.3. Even if TLS 1.2 is negotiated, it must support PSS when advertised in the Client Hello (this will be done later as the testdata will change). Updates #9671 Change-Id: I8006b92e017453ae408c153233ce5ccef99b5c3f Reviewed-on: https://go-review.googlesource.com/79736 Reviewed-by: Filippo Valsorda <filippo@golang.org>
2025-04-03 20:17:36 +03:00 · 2017-11-22 19:27:20 +00:00 · 2017-11-22 19:27:20 +00:00 · 0524876ddb
commit 0524876ddb
parent 611a58ad27
8 changed files with 90 additions and 25 deletions
--- a/auth.go
+++ b/auth.go
@ -30,9 +30,9 @@ func pickSignatureAlgorithm(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []S
 		switch pubkey.(type) {
 		case *rsa.PublicKey:
 			if tlsVersion < VersionTLS12 {
-				return 0, signatureRSA, crypto.MD5SHA1, nil
+				return 0, signaturePKCS1v15, crypto.MD5SHA1, nil
 			} else {
-				return PKCS1WithSHA1, signatureRSA, crypto.SHA1, nil
+				return PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1, nil
 			}
 		case *ecdsa.PublicKey:
 			return ECDSAWithSHA1, signatureECDSA, crypto.SHA1, nil
@ -51,7 +51,7 @@ func pickSignatureAlgorithm(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []S
 		sigType := signatureFromSignatureScheme(sigAlg)
 		switch pubkey.(type) {
 		case *rsa.PublicKey:
-			if sigType == signatureRSA {
+			if sigType == signaturePKCS1v15 || sigType == signatureRSAPSS {
 				return sigAlg, sigType, hashAlg, nil
 			}
 		case *ecdsa.PublicKey:
@ -84,7 +84,7 @@ func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc c
 		if !ecdsa.Verify(pubKey, digest, ecdsaSig.R, ecdsaSig.S) {
 			return errors.New("tls: ECDSA verification failure")
 		}
-	case signatureRSA:
+	case signaturePKCS1v15:
 		pubKey, ok := pubkey.(*rsa.PublicKey)
 		if !ok {
 			return errors.New("tls: RSA signing requires a RSA public key")
@ -92,6 +92,15 @@ func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc c
 		if err := rsa.VerifyPKCS1v15(pubKey, hashFunc, digest, sig); err != nil {
 			return err
 		}
+	case signatureRSAPSS:
+		pubKey, ok := pubkey.(*rsa.PublicKey)
+		if !ok {
+			return errors.New("tls: RSA signing requires a RSA public key")
+		}
+		signOpts := &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash}
+		if err := rsa.VerifyPSS(pubKey, hashFunc, digest, sig, signOpts); err != nil {
+			return err
+		}
 	default:
 		return errors.New("tls: unknown signature algorithm")
 	}