mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-20 19:21:09 +01:00
Rename mbedtls_ssl_pk_alg_from_sig to mbedtls_ssl_pk_alg_from_sig_pk_alg and update to use mbedtls_pk_sigalg_t
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
This commit is contained in:
Ben Taylor
@@ -1511,7 +1511,7 @@ static inline mbedtls_svc_key_id_t mbedtls_ssl_get_opaque_psk(
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk);
|
||||
unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type);
|
||||
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig);
|
||||
mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig);
|
||||
#endif
|
||||
|
||||
mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash);
|
||||
@@ -2410,12 +2410,12 @@ static inline int mbedtls_ssl_sig_alg_is_offered(const mbedtls_ssl_context *ssl,
|
||||
}
|
||||
|
||||
static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
|
||||
uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg)
|
||||
uint16_t sig_alg, mbedtls_pk_sigalg_t *pk_type, mbedtls_md_type_t *md_alg)
|
||||
{
|
||||
*pk_type = mbedtls_ssl_pk_alg_from_sig(sig_alg & 0xff);
|
||||
*pk_type = mbedtls_ssl_pk_alg_from_sig_pk_alg(sig_alg & 0xff);
|
||||
*md_alg = mbedtls_ssl_md_alg_from_hash((sig_alg >> 8) & 0xff);
|
||||
|
||||
if (*pk_type != MBEDTLS_PK_NONE && *md_alg != MBEDTLS_MD_NONE) {
|
||||
if (*pk_type != MBEDTLS_PK_SIGALG_NONE && *md_alg != MBEDTLS_MD_NONE) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -2424,19 +2424,19 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg(
|
||||
#if defined(PSA_WANT_ALG_SHA_256)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
|
||||
*md_alg = MBEDTLS_MD_SHA256;
|
||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
*pk_type = MBEDTLS_PK_SIGALG_RSA_PSS;
|
||||
break;
|
||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||
#if defined(PSA_WANT_ALG_SHA_384)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
|
||||
*md_alg = MBEDTLS_MD_SHA384;
|
||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
*pk_type = MBEDTLS_PK_SIGALG_RSA_PSS;
|
||||
break;
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
#if defined(PSA_WANT_ALG_SHA_512)
|
||||
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
|
||||
*md_alg = MBEDTLS_MD_SHA512;
|
||||
*pk_type = MBEDTLS_PK_RSASSA_PSS;
|
||||
*pk_type = MBEDTLS_PK_SIGALG_RSA_PSS;
|
||||
break;
|
||||
#endif /* PSA_WANT_ALG_SHA_512 */
|
||||
#endif /* PSA_WANT_ALG_RSA_PSS */
|
||||
|
||||
@@ -5631,19 +5631,19 @@ unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type)
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig)
|
||||
mbedtls_pk_sigalg_t mbedtls_ssl_pk_alg_from_sig_pk_alg(unsigned char sig)
|
||||
{
|
||||
switch (sig) {
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
case MBEDTLS_SSL_SIG_RSA:
|
||||
return MBEDTLS_PK_RSA;
|
||||
return MBEDTLS_PK_SIGALG_RSA_PKCS1V15;
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
|
||||
case MBEDTLS_SSL_SIG_ECDSA:
|
||||
return MBEDTLS_PK_ECDSA;
|
||||
return MBEDTLS_PK_SIGALG_ECDSA;
|
||||
#endif
|
||||
default:
|
||||
return MBEDTLS_PK_NONE;
|
||||
return MBEDTLS_PK_SIGALG_NONE;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_PK_C &&
|
||||
|
||||
@@ -1884,7 +1884,7 @@ start_processing:
|
||||
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
||||
|
||||
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
|
||||
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
|
||||
mbedtls_pk_sigalg_t pk_alg = MBEDTLS_PK_SIGALG_NONE;
|
||||
unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
|
||||
size_t params_len = (size_t) (p - params);
|
||||
void *rs_ctx = NULL;
|
||||
@@ -1922,7 +1922,7 @@ start_processing:
|
||||
}
|
||||
p += 2;
|
||||
|
||||
if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
|
||||
if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1,
|
||||
("bad server key exchange message"));
|
||||
mbedtls_ssl_send_alert_message(
|
||||
@@ -1978,7 +1978,7 @@ start_processing:
|
||||
/*
|
||||
* Verify signature
|
||||
*/
|
||||
if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
|
||||
if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
|
||||
mbedtls_ssl_send_alert_message(
|
||||
ssl,
|
||||
@@ -1994,7 +1994,7 @@ start_processing:
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
|
||||
if (pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) {
|
||||
ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk,
|
||||
md_alg, hash, hashlen,
|
||||
p, sig_len);
|
||||
|
||||
@@ -3324,7 +3324,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
|
||||
unsigned char hash[48];
|
||||
unsigned char *hash_start = hash;
|
||||
size_t hashlen;
|
||||
mbedtls_pk_type_t pk_alg;
|
||||
mbedtls_pk_sigalg_t pk_alg;
|
||||
mbedtls_md_type_t md_alg;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
ssl->handshake->ciphersuite_info;
|
||||
@@ -3416,8 +3416,8 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
|
||||
/*
|
||||
* Signature
|
||||
*/
|
||||
if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i]))
|
||||
== MBEDTLS_PK_NONE) {
|
||||
if ((pk_alg = mbedtls_ssl_pk_alg_from_sig_pk_alg(ssl->in_msg[i]))
|
||||
== MBEDTLS_PK_SIGALG_NONE) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg"
|
||||
" for verify message"));
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
@@ -3426,7 +3426,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
|
||||
/*
|
||||
* Check the certificate's key type matches the signature alg
|
||||
*/
|
||||
if (!mbedtls_pk_can_do(peer_pk, pk_alg)) {
|
||||
if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key"));
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
}
|
||||
@@ -3456,7 +3456,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
|
||||
}
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk,
|
||||
if ((ret = mbedtls_pk_verify_ext(pk_alg, peer_pk,
|
||||
md_alg, hash_start, hashlen,
|
||||
ssl->in_msg + i, sig_len)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify_ext", ret);
|
||||
|
||||
@@ -221,7 +221,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
|
||||
const unsigned char *p = buf;
|
||||
uint16_t algorithm;
|
||||
size_t signature_len;
|
||||
mbedtls_pk_type_t sig_alg;
|
||||
mbedtls_pk_sigalg_t sig_alg;
|
||||
mbedtls_md_type_t md_alg;
|
||||
psa_algorithm_t hash_alg = PSA_ALG_NONE;
|
||||
unsigned char verify_hash[PSA_HASH_MAX_SIZE];
|
||||
@@ -277,7 +277,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
|
||||
/*
|
||||
* Check the certificate's key type matches the signature alg
|
||||
*/
|
||||
if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, sig_alg)) {
|
||||
if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, (mbedtls_pk_type_t) sig_alg)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("signature algorithm doesn't match cert key"));
|
||||
goto error;
|
||||
}
|
||||
@@ -927,7 +927,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
|
||||
|
||||
for (; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++) {
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
|
||||
mbedtls_pk_sigalg_t pk_type = MBEDTLS_PK_SIGALG_NONE;
|
||||
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
|
||||
psa_algorithm_t psa_algorithm = PSA_ALG_NONE;
|
||||
unsigned char verify_hash[PSA_HASH_MAX_SIZE];
|
||||
|
||||
Reference in New Issue
Block a user