diff options
| author | Peter Wu <pwu@cloudflare.com> | 2017-11-22 19:27:20 +0000 |
|---|---|---|
| committer | Filippo Valsorda <filippo@golang.org> | 2018-06-27 23:08:06 +0000 |
| commit | 87867505c0dae0c9a9b3b93cc01ee8c5a30dc8bb (patch) | |
| tree | 03ce81fd84385d238833585394dea98c0b425410 /src/crypto/tls/key_agreement.go | |
| parent | a6a69227f6b4905a9bd9fe1755a28c7a9e36df7e (diff) | |
| download | go-87867505c0dae0c9a9b3b93cc01ee8c5a30dc8bb.tar.gz go-87867505c0dae0c9a9b3b93cc01ee8c5a30dc8bb.zip | |
crypto/tls: add RSASSA-PSS support for handshake messages
This adds support for RSASSA-PSS signatures in handshake messages as
required by TLS 1.3. Even if TLS 1.2 is negotiated, it must support PSS
when advertised in the Client Hello (this will be done later as the
testdata will change).
Updates #9671
Change-Id: I8006b92e017453ae408c153233ce5ccef99b5c3f
Reviewed-on: https://go-review.googlesource.com/79736
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Diffstat (limited to 'src/crypto/tls/key_agreement.go')
| -rw-r--r-- | src/crypto/tls/key_agreement.go | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/crypto/tls/key_agreement.go b/src/crypto/tls/key_agreement.go index 7dc54d5faa..1e77facce0 100644 --- a/src/crypto/tls/key_agreement.go +++ b/src/crypto/tls/key_agreement.go @@ -139,13 +139,13 @@ func curveForCurveID(id CurveID) (elliptic.Curve, bool) { } -// ecdheRSAKeyAgreement implements a TLS key agreement where the server +// ecdheKeyAgreement implements a TLS key agreement where the server // generates an ephemeral EC public/private key pair and signs it. The // pre-master secret is then calculated using ECDH. The signature may // either be ECDSA or RSA. type ecdheKeyAgreement struct { version uint16 - sigType uint8 + isRSA bool privateKey []byte curveid CurveID @@ -217,7 +217,7 @@ NextCandidate: if err != nil { return nil, err } - if sigType != ka.sigType { + if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA { return nil, errors.New("tls: certificate cannot be used with the selected cipher suite") } @@ -226,7 +226,11 @@ NextCandidate: return nil, err } - sig, err := priv.Sign(config.rand(), digest, hashFunc) + signOpts := crypto.SignerOpts(hashFunc) + if sigType == signatureRSAPSS { + signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: hashFunc} + } + sig, err := priv.Sign(config.rand(), digest, signOpts) if err != nil { return nil, errors.New("tls: failed to sign ECDHE parameters: " + err.Error()) } @@ -334,7 +338,7 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell if err != nil { return err } - if sigType != ka.sigType { + if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA { return errServerKeyExchange } |