mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-07 13:22:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add function to convert sig_alg to psa alg and use it

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-07-05 22:14:34 +02:00 committed by Ronald Cron
parent b40f2e81ec
commit 3c326f9697
1 changed files with 35 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
library/ssl_tls13_generic.c
View File

@ -927,6 +927,40 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
return( 0 ); return( 0 );
} }
static psa_algorithm_t ssl_tls13_select_sig_alg_to_psa_alg( uint16_t sig_alg )
{
psa_algorithm_t psa_alg = 0;
switch( sig_alg )
{
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
break;
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_384 );
break;
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_512 );
break;
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
break;
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
break;
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
break;
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
psa_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
break;
default:
break;
}
return( psa_alg );
}
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_select_sig_alg_for_certificate_verify( static int ssl_tls13_select_sig_alg_for_certificate_verify(
mbedtls_ssl_context *ssl, mbedtls_ssl_context *ssl,
@ -939,34 +973,7 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify(
*algorithm = MBEDTLS_TLS1_3_SIG_NONE; *algorithm = MBEDTLS_TLS1_3_SIG_NONE;
for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ ) for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
{ {
switch( *sig_alg ) psa_alg = ssl_tls13_select_sig_alg_to_psa_alg( *sig_alg );
{
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
break;
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_384 );
break;
case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_512 );
break;
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
break;
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
break;
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
break;
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
psa_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
break;
default:
break;
}
if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) && if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) &&
mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) && mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) &&