ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-07-29 11:41:15 +03:00 · 2022-09-16 15:54:33 +02:00
parent 277cdcbcde
commit 50969e3af5
4 changed files with 51 additions and 13 deletions
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@ -205,6 +205,9 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2

    if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 &&
        strcmp( *alg1, "rsa-sign-pss" ) != 0 &&
+        strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
+        strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
+        strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
        strcmp( *alg1, "rsa-decrypt" ) != 0 &&
        strcmp( *alg1, "ecdsa-sign" ) != 0 &&
        strcmp( *alg1, "ecdh" ) != 0 )
@ -212,6 +215,9 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2

    if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 &&
        strcmp( *alg2, "rsa-sign-pss" ) != 0 &&
+        strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
+        strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
+        strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
        strcmp( *alg2, "rsa-decrypt" ) != 0 &&
        strcmp( *alg2, "ecdsa-sign" ) != 0 &&
        strcmp( *alg2, "ecdh" ) != 0 &&
@ -245,6 +251,21 @@ int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
                *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
                *usage |= PSA_KEY_USAGE_SIGN_HASH;
            }
+            else if( strcmp( algs[i], "rsa-sign-pss-sha256" ) == 0 )
+            {
+                *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
+                *usage |= PSA_KEY_USAGE_SIGN_HASH;
+            }
+            else if( strcmp( algs[i], "rsa-sign-pss-sha384" ) == 0 )
+            {
+                *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
+                *usage |= PSA_KEY_USAGE_SIGN_HASH;
+            }
+            else if( strcmp( algs[i], "rsa-sign-pss-sha512" ) == 0 )
+            {
+                *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
+                *usage |= PSA_KEY_USAGE_SIGN_HASH;
+            }
            else if( strcmp( algs[i], "rsa-decrypt" ) == 0 )
            {
                *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;