Closed ghost closed 3 years ago
And other signature and hash algorithms work? Only SHA512 is not working?
These are working with my above code:
working: RSA_PSS_RSAE_SHA256, RSA_PSS_RSAE_SHA384, RSA_PSS_RSAE_SHA512
These are not working with my code: Not working : ECDSA_SHA384, ECDSA_SHA512, RSA_PSS_PSS_SHA256, RSA_PSS_PSS_SHA384, RSA_PSS_PSS_SHA512
these signature algorithm are also not working in TLS1.2 and TLS1.3 server mode. And I'm loading corresponding certificate and key for every signature Algorithm.
I think the PSS_PSS ones should not work in the public release, as they are not implemented there yet. But AFAIK ecdsa should - do you have an idea @mmaehren ?
Looking through the commits of our development branch, I think this was caused by the KeyGenerator always using the defaultEcCertificateCurve from the Config instead of the curve defined in the certificate. This should be the case here, as the default group for this is SECP256R1 and the length of the signature (71) seems plausible for this. Unless I'm missing anything, applying the fix should consist of these changes: (before you do this, you could change the value of defaultEcCertificateCurve first to test if this suffices)
public static ECPrivateKey getECPrivateKey(Chooser chooser) {
if (chooser.getConnectionEndType() == ConnectionEndType.CLIENT) {
return new CustomECPrivateKey(chooser.getClientEcPrivateKey(), chooser.getEcCertificateCurve());
} else {
return new CustomECPrivateKey(chooser.getServerEcPrivateKey(), chooser.getEcCertificateCurve());
}
}
public NamedGroup getEcCertificateCurve() {
if (context.getEcCertificateCurve() != null) {
return context.getEcCertificateCurve();
} else {
return config.getDefaultEcCertificateCurve();
}
}
working as expected with @mmaehren patch. šš¼
if possible can you please give access to development branch . so we can test our tls project.
Yes, i think for this release we can provide early access. You can find it here: https://github.com/tls-attacker/TLS-Attacker/tree/dev
I'm trying to handshake with
openssl s_client -connect 127.0.0.1:54000 -msg -tls1_3 -sigalgs ecdsa_secp521r1_sha512
In server code:
when I'm getting fatal decrypt error.
with openssl s_server I'm able do handshake.
Let me know, if I miss something.
Attached debug log ecdsa_sha512_debug.log