diff --git a/tests/unit/s2n_auth_selection_test.c b/tests/unit/s2n_auth_selection_test.c index 79c5772ca15..b9b9e29b8a0 100644 --- a/tests/unit/s2n_auth_selection_test.c +++ b/tests/unit/s2n_auth_selection_test.c @@ -33,8 +33,8 @@ #define RSA_PKCS1_SIG_SCHEME &s2n_rsa_pkcs1_md5_sha1 #define RSA_PSS_PSS_SIG_SCHEME &s2n_rsa_pss_pss_sha256 #define RSA_PSS_RSAE_SIG_SCHEME &s2n_rsa_pss_rsae_sha256 -#define ECDSA_SIG_SCHEME &s2n_ecdsa_secp384r1_sha384 -#define ECDSA_SIG_SCHEME_OTHER_CURVE &s2n_ecdsa_secp256r1_sha256 +#define ECDSA_SIG_SCHEME &s2n_ecdsa_sha384 +#define ECDSA_SIG_SCHEME_OTHER_CURVE &s2n_ecdsa_sha256 #define EXPECT_SUCCESS_IF_RSA_PSS_CERTS_SUPPORTED(x) \ if (s2n_is_rsa_pss_certs_supported()) { \ @@ -179,8 +179,12 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME)); } - /* Test: If signature algorithm specifies curve, must match cert curve */ + /* Test: If signature algorithm is TLS1.3 ECDSA, must match cert curve */ { + DEFER_CLEANUP(struct s2n_connection *test_conn = s2n_connection_new(S2N_CLIENT), + s2n_connection_ptr_free); + test_conn->actual_protocol_version = S2N_TLS13; + struct s2n_cert_chain_and_key *ecdsa_cert_chain_for_other_curve = NULL; EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&ecdsa_cert_chain_for_other_curve, S2N_ECDSA_P256_PKCS1_CERT_CHAIN, S2N_ECDSA_P256_PKCS1_KEY)); @@ -189,15 +193,15 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store( ecdsa_cert_config_for_other_curve, ecdsa_cert_chain_for_other_curve)); - conn->secure->cipher_suite = NO_AUTH_CIPHER_SUITE; + test_conn->secure->cipher_suite = NO_AUTH_CIPHER_SUITE; - s2n_connection_set_config(conn, ecdsa_cert_config); - EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME)); - EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME_OTHER_CURVE)); + s2n_connection_set_config(test_conn, ecdsa_cert_config); + EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(test_conn, ECDSA_SIG_SCHEME)); + EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(test_conn, ECDSA_SIG_SCHEME_OTHER_CURVE)); - s2n_connection_set_config(conn, ecdsa_cert_config_for_other_curve); - EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME)); - EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(conn, ECDSA_SIG_SCHEME_OTHER_CURVE)); + s2n_connection_set_config(test_conn, ecdsa_cert_config_for_other_curve); + EXPECT_FAILURE(s2n_is_sig_scheme_valid_for_auth(test_conn, ECDSA_SIG_SCHEME)); + EXPECT_SUCCESS(s2n_is_sig_scheme_valid_for_auth(test_conn, ECDSA_SIG_SCHEME_OTHER_CURVE)); EXPECT_SUCCESS(s2n_config_free(ecdsa_cert_config_for_other_curve)); EXPECT_SUCCESS(s2n_cert_chain_and_key_free(ecdsa_cert_chain_for_other_curve)); diff --git a/tests/unit/s2n_client_auth_handshake_test.c b/tests/unit/s2n_client_auth_handshake_test.c index 242757110a0..168242bf451 100644 --- a/tests/unit/s2n_client_auth_handshake_test.c +++ b/tests/unit/s2n_client_auth_handshake_test.c @@ -47,8 +47,8 @@ int s2n_test_client_auth_negotiation(struct s2n_config *server_config, struct s2 client_conn->server_protocol_version = S2N_TLS13; client_conn->client_protocol_version = S2N_TLS13; client_conn->actual_protocol_version = S2N_TLS13; - client_conn->handshake_params.server_cert_sig_scheme = &s2n_ecdsa_secp256r1_sha256; - client_conn->handshake_params.client_cert_sig_scheme = &s2n_ecdsa_secp256r1_sha256; + client_conn->handshake_params.server_cert_sig_scheme = &s2n_ecdsa_sha256; + client_conn->handshake_params.client_cert_sig_scheme = &s2n_ecdsa_sha256; client_conn->secure->cipher_suite = &s2n_tls13_aes_128_gcm_sha256; if (!no_cert) { client_conn->handshake_params.our_chain_and_key = ecdsa_cert; @@ -58,7 +58,7 @@ int s2n_test_client_auth_negotiation(struct s2n_config *server_config, struct s2 server_conn->server_protocol_version = S2N_TLS13; server_conn->client_protocol_version = S2N_TLS13; server_conn->actual_protocol_version = S2N_TLS13; - server_conn->handshake_params.server_cert_sig_scheme = &s2n_ecdsa_secp256r1_sha256; + server_conn->handshake_params.server_cert_sig_scheme = &s2n_ecdsa_sha256; server_conn->secure->cipher_suite = &s2n_tls13_aes_128_gcm_sha256; if (no_cert) { diff --git a/tests/unit/s2n_fips_rules_test.c b/tests/unit/s2n_fips_rules_test.c index 059f3f10db9..3d8fe131439 100644 --- a/tests/unit/s2n_fips_rules_test.c +++ b/tests/unit/s2n_fips_rules_test.c @@ -120,7 +120,6 @@ int main(int argc, char **argv) const struct s2n_signature_scheme *valid[] = { &s2n_ecdsa_sha256, &s2n_rsa_pkcs1_sha384, - &s2n_ecdsa_secp521r1_sha512, &s2n_rsa_pss_pss_sha256, }; for (size_t i = 0; i < s2n_array_len(valid); i++) { diff --git a/tests/unit/s2n_security_policies_test.c b/tests/unit/s2n_security_policies_test.c index fea639e7225..5f099aea39b 100644 --- a/tests/unit/s2n_security_policies_test.c +++ b/tests/unit/s2n_security_policies_test.c @@ -54,60 +54,6 @@ static S2N_RESULT s2n_test_security_policies_compatible(const struct s2n_securit return S2N_RESULT_OK; } -static S2N_RESULT s2n_test_get_missing_duplicate_signature_scheme( - const struct s2n_signature_scheme *const *policy_schemes, size_t policy_schemes_count, - uint8_t minimum_policy_version, uint8_t maximum_policy_version, - const struct s2n_signature_scheme **duplicate) -{ - if (policy_schemes_count > 0) { - RESULT_ENSURE_REF(policy_schemes); - } - RESULT_ENSURE_REF(duplicate); - *duplicate = NULL; - - const struct s2n_signature_preferences *all_schemes = security_policy_test_all.signature_preferences; - - /* Check all schemes in target policy */ - for (int i = 0; i < policy_schemes_count; i++) { - const struct s2n_signature_scheme *from_policy = policy_schemes[i]; - EXPECT_NOT_NULL(from_policy); - - /* Check if duplicates exist for the scheme */ - for (size_t j = 0; j < all_schemes->count; j++) { - const struct s2n_signature_scheme *from_all = all_schemes->signature_schemes[j]; - EXPECT_NOT_NULL(from_all); - - /* Skip if not a duplicate */ - if (from_all == from_policy) { - continue; - } else if (from_all->iana_value != from_policy->iana_value) { - continue; - } else if (from_all->maximum_protocol_version - && from_all->maximum_protocol_version < minimum_policy_version) { - continue; - } else if (from_all->minimum_protocol_version - && from_all->minimum_protocol_version > maximum_policy_version) { - continue; - } - *duplicate = from_all; - - /* Check whether duplicate is also in the target policy */ - for (size_t k = 0; k < policy_schemes_count; k++) { - const struct s2n_signature_scheme *possible_match = policy_schemes[k]; - EXPECT_NOT_NULL(possible_match); - if (*duplicate == possible_match) { - *duplicate = NULL; - break; - } - } - if (*duplicate) { - return S2N_RESULT_OK; - } - } - } - return S2N_RESULT_OK; -} - int main(int argc, char **argv) { BEGIN_TEST(); @@ -875,7 +821,6 @@ int main(int argc, char **argv) /* If scheme will be used for pre-tls1.3 */ if (min_version < S2N_TLS13) { - EXPECT_NULL(scheme->signature_curve); EXPECT_NOT_EQUAL(scheme->sig_alg, S2N_SIGNATURE_RSA_PSS_PSS); } } @@ -1075,52 +1020,5 @@ int main(int argc, char **argv) }; }; - /* Policies must include all signature schemes that share an IANA value */ - { - for (int i = 0; security_policy_selection[i].version != NULL; i++) { - security_policy = security_policy_selection[i].security_policy; - EXPECT_NOT_NULL(security_policy); - const uint8_t max_protocol_version = security_policy_selection[i].supports_tls13 ? - s2n_highest_protocol_version : - S2N_TLS12; - - /* Check signature scheme preferences */ - { - const struct s2n_signature_scheme *duplicate = NULL; - EXPECT_OK(s2n_test_get_missing_duplicate_signature_scheme( - security_policy->signature_preferences->signature_schemes, - security_policy->signature_preferences->count, - security_policy->minimum_protocol_version, - max_protocol_version, - &duplicate)); - - if (duplicate) { - fprintf(stderr, "Policy: %s Scheme: %04x\n", - security_policy_selection[i].version, - duplicate->iana_value); - FAIL_MSG("Missing signature scheme"); - } - } - - /* Check certificate signature scheme preferences */ - if (security_policy->certificate_signature_preferences) { - const struct s2n_signature_scheme *duplicate = NULL; - EXPECT_OK(s2n_test_get_missing_duplicate_signature_scheme( - security_policy->certificate_signature_preferences->signature_schemes, - security_policy->certificate_signature_preferences->count, - security_policy->minimum_protocol_version, - max_protocol_version, - &duplicate)); - - if (duplicate) { - fprintf(stderr, "Policy: %s Scheme: %04x\n", - security_policy_selection[i].version, - duplicate->iana_value); - FAIL_MSG("Missing certificate signature scheme"); - } - } - } - } - END_TEST(); } diff --git a/tests/unit/s2n_signature_algorithms_test.c b/tests/unit/s2n_signature_algorithms_test.c index 63bea8097bf..f525647e187 100644 --- a/tests/unit/s2n_signature_algorithms_test.c +++ b/tests/unit/s2n_signature_algorithms_test.c @@ -33,8 +33,22 @@ #define ECDSA_CIPHER_SUITE &s2n_ecdhe_ecdsa_with_aes_128_cbc_sha #define TLS13_CIPHER_SUITE &s2n_tls13_aes_128_gcm_sha256 +/* The only TLS1.3-only signature schemes are RSA-PSS-PSS, which + * are difficult to test with due to mixed libcrypto support. + * Use a test scheme instead. + */ +const struct s2n_signature_scheme s2n_test_tls13_ecdsa_sha384 = { + .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA384, + .hash_alg = S2N_HASH_SHA384, + .sig_alg = S2N_SIGNATURE_ECDSA, + .libcrypto_nid = NID_ecdsa_with_SHA384, + .signature_curve = &s2n_ecc_curve_secp384r1, + /* Only supports TLS1.3 for testing */ + .minimum_protocol_version = S2N_TLS13, +}; + const struct s2n_signature_scheme *const test_signature_schemes[] = { - &s2n_ecdsa_secp384r1_sha384, + &s2n_test_tls13_ecdsa_sha384, &s2n_rsa_pkcs1_sha256, &s2n_rsa_pkcs1_sha224, &s2n_rsa_pkcs1_sha1, @@ -141,7 +155,7 @@ int main(int argc, char **argv) EXPECT_EQUAL(size, s2n_stuffer_data_available(&result)); for (size_t i = 0; i < s2n_array_len(test_signature_schemes); i++) { - if (test_signature_schemes[i] != &s2n_ecdsa_secp384r1_sha384) { + if (test_signature_schemes[i] != &s2n_test_tls13_ecdsa_sha384) { uint16_t iana_value = 0; EXPECT_SUCCESS(s2n_stuffer_read_uint16(&result, &iana_value)); EXPECT_EQUAL(iana_value, test_signature_schemes[i]->iana_value); @@ -189,10 +203,13 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_stuffer_read_uint16(&result, &size)); EXPECT_EQUAL(size, s2n_stuffer_data_available(&result)); - uint16_t iana_value = 0; - EXPECT_SUCCESS(s2n_stuffer_read_uint16(&result, &iana_value)); - EXPECT_EQUAL(iana_value, s2n_ecdsa_secp384r1_sha384.iana_value); - EXPECT_EQUAL(s2n_stuffer_data_available(&result), 0); + for (size_t i = 0; i < s2n_array_len(test_signature_schemes); i++) { + if (test_signature_schemes[i]->minimum_protocol_version >= S2N_TLS13) { + uint16_t iana_value = 0; + EXPECT_SUCCESS(s2n_stuffer_read_uint16(&result, &iana_value)); + EXPECT_EQUAL(iana_value, test_signature_schemes[i]->iana_value); + } + } }; }; @@ -218,7 +235,6 @@ int main(int argc, char **argv) * just not going to choose them. */ const struct s2n_signature_scheme *test_schemes[] = { - &s2n_ecdsa_secp384r1_sha384, &s2n_ecdsa_sha384, &s2n_rsa_pss_rsae_sha256, &s2n_rsa_pss_pss_sha256, @@ -414,7 +430,7 @@ int main(int argc, char **argv) /* Test: scheme not valid for higher protocol version */ { /* Valid TLS1.3 ECDSA sig schemes include associated curves */ - const struct s2n_signature_scheme *invalid = &s2n_ecdsa_sha256; + const struct s2n_signature_scheme *invalid = &s2n_ecdsa_sha224; DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER), s2n_connection_ptr_free); @@ -441,8 +457,7 @@ int main(int argc, char **argv) /* Test: scheme not valid for lower protocol version */ { - /* Valid TLS1.2 ECDSA sig schemes do not include associated curves */ - const struct s2n_signature_scheme *invalid = &s2n_ecdsa_secp384r1_sha384; + const struct s2n_signature_scheme *invalid = &s2n_test_tls13_ecdsa_sha384; DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER), s2n_connection_ptr_free); @@ -472,7 +487,7 @@ int main(int argc, char **argv) /* No SHA1 signature schemes for TLS1.3 actually exist. * Create one for testing. */ - struct s2n_signature_scheme sha1_tls13_scheme = s2n_ecdsa_secp384r1_sha384; + struct s2n_signature_scheme sha1_tls13_scheme = s2n_ecdsa_sha384; sha1_tls13_scheme.hash_alg = s2n_ecdsa_sha1.hash_alg; const struct s2n_signature_scheme *invalid = &sha1_tls13_scheme; @@ -494,7 +509,7 @@ int main(int argc, char **argv) S2N_ERR_NO_VALID_SIGNATURE_SCHEME); /* Succeeds without SHA1 */ - sha1_tls13_scheme.hash_alg = s2n_ecdsa_secp384r1_sha384.hash_alg; + sha1_tls13_scheme.hash_alg = s2n_ecdsa_sha384.hash_alg; EXPECT_OK(s2n_signature_algorithm_select(conn)); }; @@ -600,8 +615,8 @@ int main(int argc, char **argv) * extension is used instead. See https://github.com/aws/s2n-tls/issues/4274 */ { - const struct s2n_signature_scheme *ecdsa384 = &s2n_ecdsa_secp384r1_sha384; - const struct s2n_signature_scheme *ecdsa256 = &s2n_ecdsa_secp256r1_sha256; + const struct s2n_signature_scheme *ecdsa384 = &s2n_ecdsa_sha384; + const struct s2n_signature_scheme *ecdsa256 = &s2n_ecdsa_sha256; DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_SERVER), s2n_connection_ptr_free); @@ -637,16 +652,16 @@ int main(int argc, char **argv) conn->secure->cipher_suite = TLS13_CIPHER_SUITE; EXPECT_SUCCESS(s2n_connection_set_config(conn, client_ecdsa_config)); - const struct s2n_signature_scheme *expected = &s2n_ecdsa_secp384r1_sha384; + const struct s2n_signature_scheme *expected = &s2n_ecdsa_sha384; const struct s2n_signature_scheme *schemes[] = { /* No RSA certificates */ &s2n_rsa_pss_rsae_sha256, &s2n_rsa_pss_pss_sha256, &s2n_rsa_pkcs1_sha256, /* Only valid for TLS1.2 */ - &s2n_ecdsa_sha384, + &s2n_ecdsa_sha224, /* Wrong curve */ - &s2n_ecdsa_secp256r1_sha256, + &s2n_ecdsa_sha256, expected }; @@ -691,16 +706,14 @@ int main(int argc, char **argv) /* Test: no schemes offered by the peer */ { - const struct s2n_signature_scheme *ecdsa_not_default_tls12 = &s2n_ecdsa_sha384; - const struct s2n_signature_scheme *ecdsa_not_default_tls13 = &s2n_ecdsa_secp384r1_sha384; + const struct s2n_signature_scheme *ecdsa_not_default = &s2n_ecdsa_sha384; const struct s2n_signature_scheme *rsa_not_default = &s2n_rsa_pkcs1_sha256; /* Test: defaults allowed by security policy */ { /* We should need to skip valid non-default schemes to choose the defaults */ const struct s2n_signature_scheme *schemes_with_defaults[] = { - ecdsa_not_default_tls12, - ecdsa_not_default_tls13, + ecdsa_not_default, rsa_not_default, rsa_default, ecdsa_default @@ -730,18 +743,17 @@ int main(int argc, char **argv) conn->actual_protocol_version = S2N_TLS13; conn->secure->cipher_suite = TLS13_CIPHER_SUITE; EXPECT_OK(s2n_signature_algorithm_select(conn)); - EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, ecdsa_not_default_tls13); + EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, ecdsa_not_default); } /* Test: defaults not allowed by security policy */ { const struct s2n_signature_scheme *schemes_without_defaults[] = { - ecdsa_not_default_tls12, - ecdsa_not_default_tls13, + ecdsa_not_default, rsa_not_default, /* Add some more, less preferred non-defaults. * We only choose the most preferred though. */ - &s2n_ecdsa_secp384r1_sha384, + &s2n_ecdsa_sha512, &s2n_ecdsa_sha256, &s2n_rsa_pss_rsae_sha384, }; @@ -758,7 +770,7 @@ int main(int argc, char **argv) conn->actual_protocol_version = S2N_TLS12; conn->secure->cipher_suite = ECDSA_CIPHER_SUITE; EXPECT_OK(s2n_signature_algorithm_select(conn)); - EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, ecdsa_not_default_tls12); + EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, ecdsa_not_default); /* TLS1.2 with RSA does not choose default */ conn->actual_protocol_version = S2N_TLS12; @@ -770,21 +782,21 @@ int main(int argc, char **argv) conn->actual_protocol_version = S2N_TLS13; conn->secure->cipher_suite = TLS13_CIPHER_SUITE; EXPECT_OK(s2n_signature_algorithm_select(conn)); - EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, ecdsa_not_default_tls13); + EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, ecdsa_not_default); }; /* Test: skip invalid fallback candidates to choose valid one */ { - const struct s2n_signature_scheme *expected = &s2n_ecdsa_secp384r1_sha384; + const struct s2n_signature_scheme *expected = &s2n_ecdsa_sha384; const struct s2n_signature_scheme *schemes[] = { /* No RSA certificates */ &s2n_rsa_pss_rsae_sha256, &s2n_rsa_pss_pss_sha256, &s2n_rsa_pkcs1_sha256, /* Only valid for TLS1.2 */ - &s2n_ecdsa_sha384, + &s2n_ecdsa_sha224, /* Wrong curve */ - &s2n_ecdsa_secp256r1_sha256, + &s2n_ecdsa_sha256, expected }; @@ -808,8 +820,7 @@ int main(int argc, char **argv) * the peer offered no signature schemes at all. */ { - const struct s2n_signature_scheme *ecdsa_not_default_tls12 = &s2n_ecdsa_sha384; - const struct s2n_signature_scheme *ecdsa_not_default_tls13 = &s2n_ecdsa_secp384r1_sha384; + const struct s2n_signature_scheme *ecdsa_not_default = &s2n_ecdsa_sha384; const struct s2n_signature_scheme *rsa_not_default = &s2n_rsa_pss_rsae_sha256; /* Test: TLS1.2 chooses defaults */ @@ -820,8 +831,7 @@ int main(int argc, char **argv) /* We should need to skip valid non-default schemes to choose the defaults */ const struct s2n_signature_scheme *local_schemes[] = { invalid_scheme, - ecdsa_not_default_tls12, - ecdsa_not_default_tls13, + ecdsa_not_default, rsa_not_default, rsa_default, ecdsa_default @@ -857,13 +867,13 @@ int main(int argc, char **argv) { /* We should need to skip valid non-default schemes to choose the defaults */ const struct s2n_signature_scheme *local_schemes[] = { - ecdsa_not_default_tls12, + &s2n_ecdsa_sha224, rsa_default, ecdsa_default, - ecdsa_not_default_tls13 + ecdsa_not_default }; const struct s2n_signature_scheme *peer_schemes[] = { - ecdsa_not_default_tls12, + &s2n_ecdsa_sha224, /* TLS1.3 does not support the TLS1.2 defaults */ rsa_default, ecdsa_default @@ -882,7 +892,7 @@ int main(int argc, char **argv) peer_schemes, s2n_array_len(peer_schemes))); EXPECT_OK(s2n_signature_algorithm_select(conn)); - EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, ecdsa_not_default_tls13); + EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, ecdsa_not_default); }; }; }; @@ -1041,44 +1051,6 @@ int main(int argc, char **argv) }; }; - /* Test: choose correct signature for duplicate iana values. - * Some signature schemes have the same iana, but are different for - * different protocol versions. */ - { - const struct s2n_signature_scheme *const dup_test_signature_schemes[] = { - &s2n_ecdsa_secp384r1_sha384, - &s2n_ecdsa_sha384, - }; - - const struct s2n_signature_preferences dup_test_preferences = { - .count = 2, - .signature_schemes = dup_test_signature_schemes, - }; - - DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT), - s2n_connection_ptr_free); - - const struct s2n_security_policy *security_policy = NULL; - EXPECT_SUCCESS(s2n_connection_get_security_policy(conn, &security_policy)); - EXPECT_NOT_NULL(security_policy); - struct s2n_security_policy test_security_policy = *security_policy; - test_security_policy.signature_preferences = &dup_test_preferences; - conn->security_policy_override = &test_security_policy; - - DEFER_CLEANUP(struct s2n_stuffer input = { 0 }, s2n_stuffer_free); - EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&input, 0)); - - conn->actual_protocol_version = S2N_TLS13; - EXPECT_SUCCESS(s2n_stuffer_write_uint16(&input, s2n_ecdsa_sha384.iana_value)); - EXPECT_OK(s2n_signature_algorithm_recv(conn, &input)); - EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, &s2n_ecdsa_secp384r1_sha384); - - conn->actual_protocol_version = S2N_TLS12; - EXPECT_SUCCESS(s2n_stuffer_write_uint16(&input, s2n_ecdsa_sha384.iana_value)); - EXPECT_OK(s2n_signature_algorithm_recv(conn, &input)); - EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme, &s2n_ecdsa_sha384); - }; - /* Test: send and receive default signature preferences */ for (size_t i = S2N_TLS10; i < S2N_TLS13; i++) { DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT), @@ -1396,6 +1368,106 @@ int main(int argc, char **argv) }; }; + EXPECT_SUCCESS(s2n_reset_tls13_in_test()); + + /* Self-Talk test: ECDSA signature scheme curves must only match certificate + * curves and only for TLS1.3 + * + * Signature schemes do NOT have to match ECDHE curves. + * Signature schemes do NOT have to match certificate curves for TLS1.2. + * Signature schemes do NOT have to match PRF hashes. + */ + if (s2n_is_tls13_fully_supported()) { + DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free); + EXPECT_NOT_NULL(config); + EXPECT_SUCCESS(s2n_config_set_unsafe_for_testing(config)); + + /* Certificate uses p521 */ + DEFER_CLEANUP(struct s2n_cert_chain_and_key *ecdsa_p521_chain = NULL, + s2n_cert_chain_and_key_ptr_free); + EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&ecdsa_p521_chain, + S2N_ECDSA_P512_CERT_CHAIN, S2N_ECDSA_P512_KEY)); + EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, ecdsa_p521_chain)); + + /* Cipher should use SHA256 for PRF */ + struct s2n_cipher_suite *cipher_suite_tls13 = &s2n_tls13_aes_128_gcm_sha256; + struct s2n_cipher_suite *cipher_suite_tls12 = &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256; + struct s2n_cipher_preferences cipher_prefs = { + .count = 1, + .suites = NULL + }; + /* TLS1.2 prefers SHA224 for signatures. + * TLS1.3 has to use SHA512 to match the certificate. + * Include another valid TLS1.3 option (SHA256) to verify SHA512 is still chosen. + */ + const struct s2n_signature_scheme *sig_schemes[] = { + &s2n_ecdsa_sha224, + &s2n_ecdsa_sha256, + &s2n_ecdsa_sha512 + }; + struct s2n_signature_preferences sig_prefs = { + .count = s2n_array_len(sig_schemes), + .signature_schemes = sig_schemes + }; + /* Key exchange prefers SHA384 */ + const struct s2n_ecc_named_curve *curves[] = { + &s2n_ecc_curve_secp384r1, + &s2n_ecc_curve_secp521r1 + }; + struct s2n_ecc_preferences ecc_prefs = { + .count = s2n_array_len(curves), + .ecc_curves = curves + }; + struct s2n_security_policy policy = security_policy_20230317; + policy.cipher_preferences = &cipher_prefs; + policy.signature_preferences = &sig_prefs; + policy.ecc_preferences = &ecc_prefs; + config->security_policy = &policy; + + for (uint8_t version = S2N_TLS12; version <= S2N_TLS13; version++) { + if (version >= S2N_TLS13) { + cipher_prefs.suites = &cipher_suite_tls13; + } else { + cipher_prefs.suites = &cipher_suite_tls12; + } + + DEFER_CLEANUP(struct s2n_connection *client = s2n_connection_new(S2N_CLIENT), + s2n_connection_ptr_free); + EXPECT_SUCCESS(s2n_connection_set_config(client, config)); + + DEFER_CLEANUP(struct s2n_connection *server = s2n_connection_new(S2N_SERVER), + s2n_connection_ptr_free); + EXPECT_SUCCESS(s2n_connection_set_config(server, config)); + + DEFER_CLEANUP(struct s2n_test_io_pair io_pair, s2n_io_pair_close); + EXPECT_SUCCESS(s2n_io_pair_init_non_blocking(&io_pair)); + EXPECT_SUCCESS(s2n_connections_set_io_pair(client, server, &io_pair)); + + EXPECT_SUCCESS(s2n_negotiate_test_server_and_client(server, client)); + EXPECT_EQUAL(client->actual_protocol_version, version); + EXPECT_EQUAL(server->actual_protocol_version, version); + + if (version >= S2N_TLS13) { + /* TLS1.3 sig scheme does have to match certificate: 512 */ + EXPECT_EQUAL(server->handshake_params.server_cert_sig_scheme, &s2n_ecdsa_sha512); + } else { + /* TLS1.2 sig scheme does not have to match certificate: 224 */ + EXPECT_NOT_EQUAL(server->handshake_params.server_cert_sig_scheme, &s2n_ecdsa_sha512); + EXPECT_EQUAL(server->handshake_params.server_cert_sig_scheme, &s2n_ecdsa_sha224); + } + + /* PRF does not have to match certificate or sig scheme: 256 */ + EXPECT_NOT_EQUAL(server->secure->cipher_suite->prf_alg, S2N_HMAC_SHA512); + EXPECT_EQUAL(server->secure->cipher_suite->prf_alg, S2N_HMAC_SHA256); + + /* KEX does not have to match certificate or sig scheme or PRF: 384 */ + EXPECT_NOT_EQUAL(server->kex_params.server_ecc_evp_params.negotiated_curve, + &s2n_ecc_curve_secp521r1); + EXPECT_EQUAL(server->kex_params.server_ecc_evp_params.negotiated_curve, + &s2n_ecc_curve_secp384r1); + } + } + END_TEST(); return 0; diff --git a/tests/unit/s2n_signature_scheme_test.c b/tests/unit/s2n_signature_scheme_test.c index 83ff401e175..ec4c052baab 100644 --- a/tests/unit/s2n_signature_scheme_test.c +++ b/tests/unit/s2n_signature_scheme_test.c @@ -35,11 +35,21 @@ int main(int argc, char **argv) EXPECT_NOT_EQUAL(sig_scheme->libcrypto_nid, 0); if (sig_scheme->sig_alg == S2N_SIGNATURE_ECDSA - && sig_scheme->minimum_protocol_version == S2N_TLS13) { + && sig_scheme->maximum_protocol_version != S2N_TLS12) { EXPECT_NOT_NULL(sig_scheme->signature_curve); } else { EXPECT_NULL(sig_scheme->signature_curve); } + + /* No duplicate signature schemes are allowed */ + for (size_t dup_i = 0; dup_i < sig_prefs->count; dup_i++) { + if (dup_i == sig_i) { + continue; + } + const struct s2n_signature_scheme *const potential_duplicate = + sig_prefs->signature_schemes[dup_i]; + EXPECT_NOT_EQUAL(sig_scheme->iana_value, potential_duplicate->iana_value); + } } policy_i++; } diff --git a/tests/unit/s2n_tls13_cert_verify_test.c b/tests/unit/s2n_tls13_cert_verify_test.c index 27b9cb9c4de..07a5b3add57 100644 --- a/tests/unit/s2n_tls13_cert_verify_test.c +++ b/tests/unit/s2n_tls13_cert_verify_test.c @@ -34,7 +34,7 @@ struct s2n_tls13_cert_verify_test { }; const struct s2n_tls13_cert_verify_test test_cases[] = { - { .cert_file = S2N_ECDSA_P384_PKCS1_CERT_CHAIN, .key_file = S2N_ECDSA_P384_PKCS1_KEY, .sig_scheme = &s2n_ecdsa_secp256r1_sha256 }, + { .cert_file = S2N_ECDSA_P384_PKCS1_CERT_CHAIN, .key_file = S2N_ECDSA_P384_PKCS1_KEY, .sig_scheme = &s2n_ecdsa_sha256 }, #if RSA_PSS_CERTS_SUPPORTED { .cert_file = S2N_RSA_PSS_2048_SHA256_LEAF_CERT, .key_file = S2N_RSA_PSS_2048_SHA256_LEAF_KEY, .sig_scheme = &s2n_rsa_pss_pss_sha256 }, #endif diff --git a/tls/s2n_auth_selection.c b/tls/s2n_auth_selection.c index 3d56a022104..e14c587e544 100644 --- a/tls/s2n_auth_selection.c +++ b/tls/s2n_auth_selection.c @@ -117,8 +117,8 @@ static int s2n_certs_exist_for_sig_scheme(struct s2n_connection *conn, const str struct s2n_cert_chain_and_key *cert = s2n_get_compatible_cert_chain_and_key(conn, cert_type); POSIX_ENSURE_REF(cert); - /* For sig_algs that include a curve, the group must also match. */ - if (sig_scheme->signature_curve != NULL) { + /* For TLS1.3 sig_algs that include a curve, the group must also match. */ + if (sig_scheme->signature_curve && conn->actual_protocol_version >= S2N_TLS13) { POSIX_ENSURE_REF(cert->private_key); POSIX_ENSURE_REF(cert->cert_chain); POSIX_ENSURE_REF(cert->cert_chain->head); diff --git a/tls/s2n_signature_scheme.c b/tls/s2n_signature_scheme.c index bd2234a84eb..7b3b8342e74 100644 --- a/tls/s2n_signature_scheme.c +++ b/tls/s2n_signature_scheme.c @@ -110,8 +110,7 @@ const struct s2n_signature_scheme s2n_ecdsa_sha256 = { .hash_alg = S2N_HASH_SHA256, .sig_alg = S2N_SIGNATURE_ECDSA, .libcrypto_nid = NID_ecdsa_with_SHA256, - .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ + .signature_curve = &s2n_ecc_curve_secp256r1, /* Hardcoded for TLS 1.3 */ }; const struct s2n_signature_scheme s2n_ecdsa_sha384 = { @@ -119,8 +118,7 @@ const struct s2n_signature_scheme s2n_ecdsa_sha384 = { .hash_alg = S2N_HASH_SHA384, .sig_alg = S2N_SIGNATURE_ECDSA, .libcrypto_nid = NID_ecdsa_with_SHA384, - .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ + .signature_curve = &s2n_ecc_curve_secp384r1, /* Hardcoded for TLS 1.3 */ }; const struct s2n_signature_scheme s2n_ecdsa_sha512 = { @@ -128,38 +126,7 @@ const struct s2n_signature_scheme s2n_ecdsa_sha512 = { .hash_alg = S2N_HASH_SHA512, .sig_alg = S2N_SIGNATURE_ECDSA, .libcrypto_nid = NID_ecdsa_with_SHA512, - .signature_curve = NULL, /* Decided by supported_groups Extension in TLS 1.2 and before */ - .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */ -}; - -/* TLS 1.3 Compatible ECDSA Schemes */ -/* In TLS 1.3 the two byte IANA value also defines the Curve to use for signing */ - -const struct s2n_signature_scheme s2n_ecdsa_secp256r1_sha256 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256, - .hash_alg = S2N_HASH_SHA256, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA256, - .signature_curve = &s2n_ecc_curve_secp256r1, /* Hardcoded as of TLS 1.3 */ - .minimum_protocol_version = S2N_TLS13, -}; - -const struct s2n_signature_scheme s2n_ecdsa_secp384r1_sha384 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP384R1_SHA384, - .hash_alg = S2N_HASH_SHA384, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA384, - .signature_curve = &s2n_ecc_curve_secp384r1, /* Hardcoded as of TLS 1.3 */ - .minimum_protocol_version = S2N_TLS13, -}; - -const struct s2n_signature_scheme s2n_ecdsa_secp521r1_sha512 = { - .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP521R1_SHA512, - .hash_alg = S2N_HASH_SHA512, - .sig_alg = S2N_SIGNATURE_ECDSA, - .libcrypto_nid = NID_ecdsa_with_SHA512, - .signature_curve = &s2n_ecc_curve_secp521r1, /* Hardcoded as of TLS 1.3 */ - .minimum_protocol_version = S2N_TLS13, + .signature_curve = &s2n_ecc_curve_secp521r1, /* Hardcoded for TLS 1.3 */ }; /** @@ -229,10 +196,8 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20140601[] = { &s2n_rsa_pkcs1_sha224, /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_secp384r1_sha384, + &s2n_ecdsa_sha256, + &s2n_ecdsa_sha384, &s2n_ecdsa_sha512, &s2n_ecdsa_sha224, @@ -258,12 +223,9 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20200207[] = { &s2n_rsa_pkcs1_sha224, /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_secp384r1_sha384, + &s2n_ecdsa_sha256, + &s2n_ecdsa_sha384, &s2n_ecdsa_sha512, - &s2n_ecdsa_secp521r1_sha512, &s2n_ecdsa_sha224, /* SHA-1 Legacy */ @@ -282,8 +244,8 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_default_fips[] &s2n_rsa_pkcs1_sha512, /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + &s2n_ecdsa_sha256, + &s2n_ecdsa_sha384, &s2n_ecdsa_sha512, &s2n_ecdsa_sha224, }; @@ -308,15 +270,10 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20230317[] = { &s2n_rsa_pkcs1_sha512, /* TLS1.2 with ECDSA */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + &s2n_ecdsa_sha256, + &s2n_ecdsa_sha384, &s2n_ecdsa_sha512, - /* TLS1.3 with ECDSA */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_secp384r1_sha384, - &s2n_ecdsa_secp521r1_sha512, - /* TLS1.3 with RSA-PSS */ &s2n_rsa_pss_pss_sha256, &s2n_rsa_pss_pss_sha384, @@ -328,7 +285,6 @@ const struct s2n_signature_preferences s2n_signature_preferences_20230317 = { .signature_schemes = s2n_sig_scheme_pref_list_20230317, }; -/* Add s2n_ecdsa_secp521r1_sha512 */ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20201021[] = { /* RSA PSS */ &s2n_rsa_pss_pss_sha256, @@ -345,12 +301,9 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20201021[] = { &s2n_rsa_pkcs1_sha224, /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_secp384r1_sha384, - &s2n_ecdsa_sha512, /* same iana value as TLS 1.3 s2n_ecdsa_secp521r1_sha512 */ - &s2n_ecdsa_secp521r1_sha512, + &s2n_ecdsa_sha256, + &s2n_ecdsa_sha384, + &s2n_ecdsa_sha512, &s2n_ecdsa_sha224, /* SHA-1 Legacy */ @@ -394,13 +347,10 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20201110[] = { &s2n_rsa_pkcs1_sha512, &s2n_rsa_pkcs1_sha224, - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_secp384r1_sha384, + /* ECDSA */ + &s2n_ecdsa_sha256, + &s2n_ecdsa_sha384, &s2n_ecdsa_sha512, - &s2n_ecdsa_secp521r1_sha512, &s2n_ecdsa_sha224, }; @@ -415,8 +365,8 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20210816[] = { &s2n_rsa_pkcs1_sha384, &s2n_rsa_pkcs1_sha512, - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ + /* ECDSA */ + &s2n_ecdsa_sha384, &s2n_ecdsa_sha512, }; @@ -426,15 +376,12 @@ const struct s2n_signature_preferences s2n_signature_preferences_20210816 = { }; const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_rfc9151[] = { - /* ECDSA - TLS 1.3 */ - &s2n_ecdsa_secp384r1_sha384, + /* ECDSA */ + &s2n_ecdsa_sha384, /* RSA PSS - TLS 1.3 */ &s2n_rsa_pss_pss_sha384, - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - /* RSA */ &s2n_rsa_pss_rsae_sha384, @@ -442,8 +389,8 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_rfc9151[] = { }; const struct s2n_signature_scheme* const s2n_cert_sig_scheme_pref_list_rfc9151[] = { - /* ECDSA - TLS 1.3 */ - &s2n_ecdsa_secp384r1_sha384, + /* ECDSA */ + &s2n_ecdsa_sha384, /* RSA PSS * https://github.com/aws/s2n-tls/issues/3435 @@ -456,9 +403,6 @@ const struct s2n_signature_scheme* const s2n_cert_sig_scheme_pref_list_rfc9151[] * support rsa_pss. */ - /* ECDSA - TLS 1.2 */ - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - /* RSA */ &s2n_rsa_pkcs1_sha384, }; @@ -489,12 +433,9 @@ const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_test_all_fips[ &s2n_rsa_pkcs1_sha224, /* ECDSA */ - &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */ - &s2n_ecdsa_secp256r1_sha256, - &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */ - &s2n_ecdsa_secp384r1_sha384, - &s2n_ecdsa_sha512, /* same iana value as TLS 1.3 s2n_ecdsa_secp521r1_sha512 */ - &s2n_ecdsa_secp521r1_sha512, + &s2n_ecdsa_sha256, + &s2n_ecdsa_sha384, + &s2n_ecdsa_sha512, &s2n_ecdsa_sha224, }; diff --git a/tls/s2n_signature_scheme.h b/tls/s2n_signature_scheme.h index c8143f452aa..139318344e2 100644 --- a/tls/s2n_signature_scheme.h +++ b/tls/s2n_signature_scheme.h @@ -30,7 +30,7 @@ struct s2n_signature_scheme { uint8_t maximum_protocol_version; uint16_t libcrypto_nid; - /* Curve is only specified for ECDSA Signatures */ + /* Curve is only defined for TLS1.3 ECDSA Signatures */ struct s2n_ecc_named_curve const *signature_curve; }; @@ -51,18 +51,12 @@ extern const struct s2n_signature_scheme s2n_rsa_pkcs1_sha256; extern const struct s2n_signature_scheme s2n_rsa_pkcs1_sha384; extern const struct s2n_signature_scheme s2n_rsa_pkcs1_sha512; -/* TLS 1.2 Compatible ECDSA Schemes */ extern const struct s2n_signature_scheme s2n_ecdsa_sha1; extern const struct s2n_signature_scheme s2n_ecdsa_sha224; extern const struct s2n_signature_scheme s2n_ecdsa_sha256; extern const struct s2n_signature_scheme s2n_ecdsa_sha384; extern const struct s2n_signature_scheme s2n_ecdsa_sha512; -/* TLS 1.3 Compatible ECDSA Schemes */ -extern const struct s2n_signature_scheme s2n_ecdsa_secp256r1_sha256; -extern const struct s2n_signature_scheme s2n_ecdsa_secp384r1_sha384; -extern const struct s2n_signature_scheme s2n_ecdsa_secp521r1_sha512; - /* RSA PSS */ /* * Use RSA-PSS-RSAE instead of RSA-PSS-PSS in order to work with older certificates. diff --git a/tls/s2n_tls_parameters.h b/tls/s2n_tls_parameters.h index cb565aa3072..407913dff1b 100644 --- a/tls/s2n_tls_parameters.h +++ b/tls/s2n_tls_parameters.h @@ -147,18 +147,14 @@ #define TLS_SIGNATURE_SCHEME_ECDSA_SHA384 0x0503 #define TLS_SIGNATURE_SCHEME_ECDSA_SHA512 0x0603 -/* TLS 1.3 ECDSA Signature Schemes */ -#define TLS_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256 0x0403 -#define TLS_SIGNATURE_SCHEME_ECDSA_SECP384R1_SHA384 0x0503 -#define TLS_SIGNATURE_SCHEME_ECDSA_SECP521R1_SHA512 0x0603 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256 0x0804 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA384 0x0805 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA512 0x0806 -#define TLS_SIGNATURE_SCHEME_ED25519 0x0807 -#define TLS_SIGNATURE_SCHEME_ED448 0x0808 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA256 0x0809 -#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA384 0x080A -#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA512 0x080B +#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256 0x0804 +#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA384 0x0805 +#define TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA512 0x0806 +#define TLS_SIGNATURE_SCHEME_ED25519 0x0807 +#define TLS_SIGNATURE_SCHEME_ED448 0x0808 +#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA256 0x0809 +#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA384 0x080A +#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA512 0x080B #define TLS_SIGNATURE_SCHEME_LEN 2 #define TLS_SIGNATURE_SCHEME_LIST_MAX_LEN 64