Add function to convert sig_alg to psa alg and use it

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-07-05 22:14:34 +02:00 · 2022-07-05 22:14:34 +02:00 · 3c326f9697
commit 3c326f9697
parent b40f2e81ec
1 changed files with 35 additions and 28 deletions
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -927,6 +927,40 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
    return( 0 );
 }

+static psa_algorithm_t ssl_tls13_select_sig_alg_to_psa_alg( uint16_t sig_alg )
+{
+    psa_algorithm_t psa_alg = 0;
+    switch( sig_alg )
+    {
+        case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
+            psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
+            psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_384 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
+            psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_512 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
+            psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+            psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+            psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
+        case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
+        case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
+            psa_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
+            break;
+        default:
+            break;
+    }
+    return( psa_alg );
+}
+
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_select_sig_alg_for_certificate_verify(
                                          mbedtls_ssl_context *ssl,
@ -939,34 +973,7 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify(
    *algorithm = MBEDTLS_TLS1_3_SIG_NONE;
    for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
    {
-        switch( *sig_alg )
-        {
-            case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
-                psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
-                psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_384 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
-                psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_512 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
-                psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
-                psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
-                psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
-            case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
-            case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
-                psa_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
-                break;
-            default:
-                break;
-        }
+        psa_alg = ssl_tls13_select_sig_alg_to_psa_alg( *sig_alg );

        if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) &&
            mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) &&