Commit ca4cf4b8 authored by jan.koester's avatar jan.koester
Browse files

test

parent 8e8d4875
Loading
Loading
Loading
Loading
+11 −11
Original line number Diff line number Diff line
@@ -1427,27 +1427,27 @@ std::vector<uint8_t> netplus::ssl::_tls13_build_certificate_verify()
    std::vector<uint8_t> sig;
    std::vector<uint8_t> cv;
    
    // Use RSA-PKCS1-SHA256 (0x0401) for maximum compatibility
    // This is the classic RSA signature algorithm, widely supported
    // TLS 1.3 RFC 8446 Section 4.4.3: For RSA signatures, RSASSA-PSS algorithms MUST be used.
    // rsa_pkcs1_* algorithms are NOT allowed for CertificateVerify in TLS 1.3.
    if (_rsa) {
        // For TLS 1.3, we need to use RSA-PKCS1-SHA256 (0x0401)
        // which is RSA signature with PKCS#1 v1.5 padding
        sig = _rsa_sha256_pkcs15_sign(toSign);
        // For TLS 1.3, we MUST use RSA-PSS-RSAE-SHA256 (0x0804)
        // PKCS#1 v1.5 (0x0401) is NOT allowed for CertificateVerify in TLS 1.3
        sig = _rsa_pss_sha256_sign(toSign);
        if (sig.empty())
            throwSSL(NetException::Error, "TLS1.3 CertificateVerify: RSA signature empty");
            throwSSL(NetException::Error, "TLS1.3 CertificateVerify: RSA-PSS signature empty");
        
        // DEBUG: Log RSA signature details
        fprintf(stderr, "[TLS] RSA-PKCS1-SHA256 signature generated: size=%zu\n", sig.size());
        fprintf(stderr, "[TLS] RSA signature (first 16 bytes): ");
        // DEBUG: Log RSA-PSS signature details
        fprintf(stderr, "[TLS] RSA-PSS-SHA256 signature generated: size=%zu\n", sig.size());
        fprintf(stderr, "[TLS] RSA-PSS signature (first 16 bytes): ");
        for (int i = 0; i < 16 && i < (int)sig.size(); i++)
            fprintf(stderr, "%02x ", sig[i]);
        fprintf(stderr, "\n");
        fprintf(stderr, "[TLS] RSA signature (last 16 bytes): ");
        fprintf(stderr, "[TLS] RSA-PSS signature (last 16 bytes): ");
        for (int i = (int)sig.size() - 16; i < (int)sig.size(); i++)
            if (i >= 0) fprintf(stderr, "%02x ", sig[i]);
        fprintf(stderr, "\n");
        
        cv.push_back(0x04); cv.push_back(0x01);  // rsa_pkcs1_sha256
        cv.push_back(0x08); cv.push_back(0x04);  // rsa_pss_rsae_sha256 (TLS 1.3 required)
    } else if (_has_ec_key) {
        // Use ECDSA-SHA256 with P-256 curve (0x0403)
        sig = _ecdsa_sha256_sign(toSign);