crypto/tls: advertise and accept rsa_pss_rsae signature algorithms

crypto/x509 already supports PSS signatures (with rsaEncryption OID), and crypto/tls support was added in CL 79736. Advertise support for the algorithms and accept them as a peer. Note that this is about PSS signatures from regular RSA public keys. RSA-PSS only public keys (with RSASSA-PSS OID) are supported in neither crypto/tls nor crypto/x509. See RFC 8446, Section 4.2.3. testdata/Server-TLSv12-ClientAuthRequested* got modified because the CertificateRequest carries the supported signature algorithms. The net/smtp tests changed because 512 bits keys are too small for PSS. Based on Peter Wu's CL 79738, who did all the actual work in CL 79736. Updates #9671 Change-Id: I4a31e9c6e152ff4c50a5c8a274edd610d5fff231 Reviewed-on: https://go-review.googlesource.com/c/146258 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-04 20:47:36 +03:00 · 2018-10-31 12:14:51 -04:00 · 2018-10-31 12:14:51 -04:00 · ed74f7823e
commit ed74f7823e
parent 6d1d147e90
12 changed files with 766 additions and 131 deletions
--- a/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
+++ b/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
@ -1,11 +1,14 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 5d 01 00 00  59 03 03 ee 51 24 51 2c  |....]...Y...Q$Q,|
-00000010  0b 9f 26 d2 7c e0 8b 8a  9b a8 d3 a9 a7 59 05 a3  |..&.|........Y..|
-00000020  67 92 fc 3f cb e8 cd ba  62 b7 19 00 00 04 00 2f  |g..?....b....../|
-00000030  00 ff 01 00 00 2c 00 0d  00 20 00 1e 06 01 06 02  |.....,... ......|
-00000040  06 03 05 01 05 02 05 03  04 01 04 02 04 03 03 01  |................|
-00000050  03 02 03 03 02 01 02 02  02 03 00 16 00 00 00 17  |................|
-00000060  00 00                                             |..|
+00000000  16 03 01 00 97 01 00 00  93 03 03 f3 41 3d 06 d9  |............A=..|
+00000010  97 bb f5 12 3f 23 ec 16  e0 5a 55 3d f2 5b 7d df  |....?#...ZU=.[}.|
+00000020  cf bf 96 d7 c2 cc 20 e9  9b 4c 5a 00 00 04 00 2f  |...... ..LZ..../|
+00000030  00 ff 01 00 00 66 00 00  00 0e 00 0c 00 00 09 31  |.....f.........1|
+00000040  32 37 2e 30 2e 30 2e 31  00 0b 00 04 03 00 01 02  |27.0.0.1........|
+00000050  00 0a 00 0c 00 0a 00 1d  00 17 00 1e 00 19 00 18  |................|
+00000060  00 16 00 00 00 17 00 00  00 0d 00 30 00 2e 04 03  |...........0....|
+00000070  05 03 06 03 08 07 08 08  08 09 08 0a 08 0b 08 04  |................|
+00000080  08 05 08 06 04 01 05 01  06 01 03 03 02 03 03 01  |................|
+00000090  02 01 03 02 02 02 04 02  05 02 06 02              |............|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
@ -48,36 +51,37 @@
 00000260  f1 6c 04 ed 73 bb b3 43  77 8d 0c 1c f1 0f a1 d8  |.l..s..Cw.......|
 00000270  40 83 61 c9 4c 72 2b 9d  ae db 46 06 06 4d f4 c1  |@.a.Lr+...F..M..|
 00000280  b3 3e c0 d1 bd 42 d4 db  fe 3d 13 60 84 5c 21 d3  |.>...B...=.`.\!.|
-00000290  3b e9 fa e7 16 03 03 00  1b 0d 00 00 17 02 01 40  |;..............@|
-000002a0  00 10 04 01 04 03 05 01  05 03 06 01 06 03 02 01  |................|
-000002b0  02 03 00 00 16 03 03 00  04 0e 00 00 00           |.............|
+00000290  3b e9 fa e7 16 03 03 00  21 0d 00 00 1d 02 01 40  |;.......!......@|
+000002a0  00 16 08 04 08 05 08 06  04 01 04 03 05 01 05 03  |................|
+000002b0  06 01 06 03 02 01 02 03  00 00 16 03 03 00 04 0e  |................|
+000002c0  00 00 00                                          |...|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 07 0b 00 00  03 00 00 00 16 03 03 00  |................|
-00000010  86 10 00 00 82 00 80 0b  e8 d9 4f fa 7d 63 8c 89  |..........O.}c..|
-00000020  b7 c8 73 76 9b fa 7f b6  c3 57 f2 54 75 90 90 ec  |..sv.....W.Tu...|
-00000030  9e 8d 08 ae 3f dc 6e fa  df 2a 32 2b 35 e9 03 f7  |....?.n..*2+5...|
-00000040  c5 d1 7c f5 20 1f 77 0a  24 b8 4e 7e 11 fe b0 87  |..|. .w.$.N~....|
-00000050  db f6 ff 92 1a fc 6a 8d  48 7e ac bc 95 99 4a f8  |......j.H~....J.|
-00000060  1b cc 07 42 48 0c 25 d2  47 82 59 14 76 84 d3 e9  |...BH.%.G.Y.v...|
-00000070  d6 0a 5a b1 0a c6 31 3e  80 e2 29 c8 a6 31 dd 64  |..Z...1>..)..1.d|
-00000080  96 7a f5 ee d9 0f 03 b5  93 05 b8 a2 04 66 ff fc  |.z...........f..|
-00000090  f5 2f e7 6c b9 2d 98 14  03 03 00 01 01 16 03 03  |./.l.-..........|
-000000a0  00 40 f2 d2 da 46 89 c4  17 25 b8 33 d6 38 46 5c  |.@...F...%.3.8F\|
-000000b0  80 a0 eb cf fd 5a 27 f3  0b 16 e1 29 bd b8 46 28  |.....Z'....)..F(|
-000000c0  11 d3 cc 12 12 96 9b b8  31 52 50 73 81 57 aa 29  |........1RPs.W.)|
-000000d0  5c 66 da 39 2d f8 cb 15  e0 01 86 b5 0b d5 1f 56  |\f.9-..........V|
-000000e0  23 a0                                             |#.|
+00000010  86 10 00 00 82 00 80 20  42 c0 a5 c6 81 fa 13 e7  |....... B.......|
+00000020  a1 cc 81 01 43 75 a0 53  a9 d4 a6 6b b6 39 e0 68  |....Cu.S...k.9.h|
+00000030  ab 3d 7c f3 90 14 ba 37  8d 43 d1 95 ae b5 bc 78  |.=|....7.C.....x|
+00000040  c9 b0 90 82 e9 d8 15 29  f0 53 df 71 e2 b5 84 fa  |.......).S.q....|
+00000050  95 6b 02 28 8f ec c9 80  ff c8 29 14 e3 4b da 11  |.k.(......)..K..|
+00000060  04 3f b3 69 cd 99 a3 41  fd 1f 6f 8d f8 08 32 e1  |.?.i...A..o...2.|
+00000070  56 f8 25 8e 2f b4 e0 6e  61 2a 07 ba 7e ab 65 46  |V.%./..na*..~.eF|
+00000080  1b f6 77 da b6 9b 1d 0f  4a cf bf 81 04 b1 6f 7e  |..w.....J.....o~|
+00000090  0d 72 22 3c 9a f3 69 14  03 03 00 01 01 16 03 03  |.r"<..i.........|
+000000a0  00 40 2a a8 99 e7 90 7c  45 32 c7 5f c9 8f 4a 0d  |.@*....|E2._..J.|
+000000b0  cf 7b 90 71 43 68 76 f0  69 de 72 8a 74 b0 26 ee  |.{.qChv.i.r.t.&.|
+000000c0  92 4c 7f 0b 84 25 78 94  36 59 0b 32 3e c4 6a d2  |.L...%x.6Y.2>.j.|
+000000d0  28 6f f8 5c ab 94 1b e5  95 2d 78 68 08 44 13 9a  |(o.\.....-xh.D..|
+000000e0  9a 3d                                             |.=|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 40 00 00 00 00 00  |..........@.....|
-00000010  00 00 00 00 00 00 00 00  00 00 00 65 58 5e 2f 25  |...........eX^/%|
-00000020  67 71 87 7d a9 75 73 80  6b 03 76 63 a8 1f 80 06  |gq.}.us.k.vc....|
-00000030  0f 78 b0 75 20 9e ab 36  59 d7 f9 88 22 c1 d1 be  |.x.u ..6Y..."...|
-00000040  c9 d2 c1 13 20 6a 75 07  95 00 ca 17 03 03 00 40  |.... ju........@|
+00000010  00 00 00 00 00 00 00 00  00 00 00 58 dd c1 b3 2e  |...........X....|
+00000020  88 70 3e a3 39 e2 fd 31  9e 28 b0 10 54 aa ac 50  |.p>.9..1.(..T..P|
+00000030  50 26 3a 73 b4 85 11 18  ea 1a 98 73 c4 52 0a 66  |P&:s.......s.R.f|
+00000040  c6 c7 47 05 8a 79 b8 e1  d4 89 0d 17 03 03 00 40  |..G..y.........@|
 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000060  25 31 9c 1d 48 d9 c3 e4  59 3a 3a e2 85 3a 78 27  |%1..H...Y::..:x'|
-00000070  85 69 63 8e 3c 32 b2 03  65 3f 7a 7f 3b fe b1 83  |.ic.<2..e?z.;...|
-00000080  f6 64 a1 3e 83 55 7b 39  2a 01 86 de 79 a3 55 b1  |.d.>.U{9*...y.U.|
+00000060  ac d4 c6 97 fe 43 18 5d  e2 ce 80 a0 4c b4 82 96  |.....C.]....L...|
+00000070  fe 7c 25 05 a5 2e 31 d7  39 34 7c dc d6 bd 54 86  |.|%...1.94|...T.|
+00000080  34 01 aa e9 65 20 3b 5d  35 03 40 68 f5 cb ec 8c  |4...e ;]5.@h....|
 00000090  15 03 03 00 30 00 00 00  00 00 00 00 00 00 00 00  |....0...........|
-000000a0  00 00 00 00 00 40 26 48  75 e5 e0 83 c0 1a 66 5a  |.....@&Hu.....fZ|
-000000b0  5f b2 11 a6 b7 a3 4d f2  ca 49 6a f2 48 a1 ee 99  |_.....M..Ij.H...|
-000000c0  ff 0d c1 f7 4f                                    |....O|
+000000a0  00 00 00 00 00 9e 32 db  a8 b6 e5 f2 f9 f7 ca 62  |......2........b|
+000000b0  b8 43 a1 04 e6 68 9e d3  0a e3 30 08 f1 3a 67 f3  |.C...h....0..:g.|
+000000c0  a3 12 a0 7c 79                                    |...|y|