From 0c6be8f86312c0225a61e588f86364d6f61304aa Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 20 Jun 2022 20:42:00 +0800 Subject: [PATCH] move big function Signed-off-by: Jerry Yu --- library/ssl_misc.h | 70 ++----------------------------------- library/ssl_tls.c | 1 - library/ssl_tls13_generic.c | 70 +++++++++++++++++++++++++++++++++++++ 3 files changed, 72 insertions(+), 69 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b144a42754..715d0367cd 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2163,75 +2163,9 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -static inline int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( +int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg, - mbedtls_pk_context *key) -{ - mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key ); - size_t key_size = mbedtls_pk_get_bitlen( key ); - - switch( pk_type ) - { -#if defined(MBEDTLS_ECDSA_C) - case MBEDTLS_SSL_SIG_ECDSA: - switch( key_size ) - { -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - case 256: - return( - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 ); -#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - case 384: - return( - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 ); -#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - case 521: - return( - sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 ); -#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ - default: - break; - } - break; -#endif /* MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_RSA_C) - case MBEDTLS_SSL_SIG_RSA: - switch( sig_alg ) - { -#if defined(MBEDTLS_PKCS1_V21) -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - return( key_size <= 2048 ); -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - return( key_size <= 3072 ); -#endif /* MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - return( key_size <= 4096 ); -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_PKCS1_V21 */ - - default: - break; - } - break; -#endif /* MBEDTLS_RSA_C */ - - default: - break; - } - - return( 0 ); -} + mbedtls_pk_context *key); #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ab3db96ab2..55d6da5d38 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8188,7 +8188,6 @@ int mbedtls_ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf, return( MBEDTLS_ERR_SSL_BAD_CONFIG ); for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ ) - { if( ! mbedtls_ssl_sig_alg_is_supported( ssl, *sig_alg ) ) continue; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 718e8a9fdb..901e3c0fbc 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -855,6 +855,76 @@ cleanup: * STATE HANDLING: Output Certificate Verify */ +int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( + uint16_t sig_alg, + mbedtls_pk_context *key) +{ + mbedtls_pk_type_t pk_type = mbedtls_ssl_sig_from_pk( key ); + size_t key_size = mbedtls_pk_get_bitlen( key ); + + switch( pk_type ) + { +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + switch( key_size ) + { +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case 256: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256 ); +#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + +#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case 384: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384 ); +#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case 521: + return( + sig_alg == MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512 ); +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + default: + break; + } + break; +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_SSL_SIG_RSA: + switch( sig_alg ) + { +#if defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + return( key_size <= 2048 ); +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + return( key_size <= 3072 ); +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + return( key_size <= 4096 ); +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V21 */ + + default: + break; + } + break; +#endif /* MBEDTLS_RSA_C */ + + default: + break; + } + + return( 0 ); +} + static int ssl_tls13_select_sig_alg_for_certificate_verify( mbedtls_ssl_context *ssl, mbedtls_pk_context *own_key,