From 0bc834b27fb04596a9e69196e0934543467d2d11 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 6 Sep 2022 17:30:43 -0400 Subject: [PATCH] Enable signature algorithms in ssl programs with PSA based hashes Signed-off-by: Andrzej Kurek --- programs/ssl/ssl_client2.c | 4 +-- programs/ssl/ssl_server2.c | 4 +-- programs/ssl/ssl_test_common_source.c | 39 ++++++++++++++++++++++----- 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 253752186..89150114a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1426,11 +1426,11 @@ int main( int argc, char *argv[] ) if( opt.psk_opaque != 0 ) { /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(MBEDTLS_SHA384_C) +#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); else -#endif /* MBEDTLS_SHA384_C */ +#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 8b6335915..a1b29786d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2261,11 +2261,11 @@ int main( int argc, char *argv[] ) if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 ) { /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(MBEDTLS_SHA384_C) +#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); else -#endif /* MBEDTLS_SHA384_C */ +#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 8c35fabda..7ff3345b7 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -296,23 +296,50 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len ) #else #define MBEDTLS_SSL_SIG_ALG( hash ) #endif + +#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \ + ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) ) +#define HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA +#endif +#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \ + ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) ) +#define HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA +#endif +#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \ + ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) ) +#define HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA +#endif +#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \ + ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) ) +#define HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA +#endif +#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \ + ( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) ) +#define HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA +#endif + uint16_t ssl_sig_algs_for_test[] = { -#if defined(MBEDTLS_SHA512_C) +#if defined(HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 ) #endif -#if defined(MBEDTLS_SHA384_C) +#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 ) #endif -#if defined(MBEDTLS_SHA256_C) +#if defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 ) #endif -#if defined(MBEDTLS_SHA224_C) +#if defined(HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 ) #endif -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_RSA_C) && defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256, #endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA1_C) +#if defined(HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA) /* Allow SHA-1 as we use it extensively in tests. */ MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 ) #endif