-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not allow pkcs1 sig algs with TLS 1.3 protocol #495
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 1 files reviewed, 1 unresolved discussion (waiting on @simo5)
tlsfuzzer/messages.py, line 873 at r1 (raw file):
for sig in cert_req.supported_signature_algs: if self.private_key.key_type == "rsa-pss": if sig[0] == 8 and sig[1] in (9, 10, 11):
that old code was using this compare but it was a combination of trying to make the code as small as possible, to make it ft into the next()
and the fact they were not defined in SignatureSheme
I wonder if this should not be combined (and reuse the same lookup lists) as the code in ExpectCertificateVerify:
https://github.com/tomato42/tlsfuzzer/blob/a723fb424311d15e13dc5aa7adde3ebf4849ec9a/tlsfuzzer/expect.py#L752-L763
Yeah make sense, it will make it even more readable I think, let me try to change it |
changed along the lines drafted in the review
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r2.
Reviewable status: all files reviewed, 6 unresolved discussions (waiting on @simo5)
a discussion (no related file):
negative test coverage? (to see that pkcs1 signatures in TLS 1.3 are really rejected)
tlsfuzzer/messages.py, line 873 at r2 (raw file):
for sig in cert_req.supported_signature_algs: if self.private_key.key_type == "rsa-pss": if sig in (SignatureScheme.rsa_pss_pss_sha256,
nested if
that could be replaced with and
tlsfuzzer/messages.py, line 877 at r2 (raw file):
SignatureScheme.rsa_pss_pss_sha512): return sig else:
else
is not needed with return
in primary case
tlsfuzzer/messages.py, line 879 at r2 (raw file):
else: assert self.private_key.key_type == "rsa" if sig in (SignatureScheme.rsa_pkcs1_sha1,
md5 missing
tlsfuzzer/messages.py, line 884 at r2 (raw file):
SignatureScheme.rsa_pkcs1_sha384, SignatureScheme.rsa_pkcs1_sha512): if self.sig_version < (3, 4):
two if
s that can be replaced by and
tlsfuzzer/messages.py, line 886 at r2 (raw file):
if self.sig_version < (3, 4): return sig elif sig in (SignatureScheme.rsa_pss_sha256,
same here, else
with return
in previous case
test added and nested if/else that could be removed have been removed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r3, 1 of 1 files at r4.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @simo5)
tlsfuzzer/messages.py, line 883 at r3 (raw file):
SignatureScheme.rsa_pss_sha512): return sig # as a flabback check for pkcs1 only if TLS < 1.3
typo: falback
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @simo5)
tlsfuzzer/messages.py, line 883 at r3 (raw file):
Previously, tomato42 (Hubert Kario) wrote…
typo: falback
not fixed?
doh, somehow the git push had failed |
When tls1.3 is used pkcs1 is not supported so prevent selecting rsa_pkcs1_shaXXX singature algorithms if TLS1.3 is in use. Move signature algorithm selection to a helper function to make it easier to read. Signed-off-by: Simo Sorce <simo@redhat.com>
This test makes sure the code skips all pkcs1 sigalgs in the TLS1.3 case and picks the first valid non pkcs1 one. Signed-off-by: Simo Sorce <simo@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 2 files at r5, 1 of 1 files at r6.
Reviewable status: complete! all files reviewed, all discussions resolved
Thanks! |
When tls1.3 is used pkcs1 is not supported so prevent selecting
rsa_pkcs1_shaXXX singature algorithms if TLS1.3 is in use.
Move signature algorithm selection to a helper function to make it
easier to read.
tlslite-ng.json
andtlslite-ng-random-subset.json
This change is