Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512

Add rsae sha384 sha512
2025-07-28 00:21:48 +03:00 · 2022-03-29 14:01:51 +02:00
parent 39f2f73e69 d73d0a327a
commit 63d97ad0bb
15 changed files with 627 additions and 191 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -1960,6 +1960,97 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl
    return( 0 );
 }

+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+    uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg )
+{
+    *pk_type = MBEDTLS_PK_NONE;
+    *md_alg = MBEDTLS_MD_NONE;
+
+    switch( sig_alg )
+    {
+#if defined(MBEDTLS_ECDSA_C)
+
+#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+        case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
+            *md_alg = MBEDTLS_MD_SHA256;
+            *pk_type = MBEDTLS_PK_ECDSA;
+            break;
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+        case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
+            *md_alg = MBEDTLS_MD_SHA384;
+            *pk_type = MBEDTLS_PK_ECDSA;
+            break;
+#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+        case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
+            *md_alg = MBEDTLS_MD_SHA512;
+            *pk_type = MBEDTLS_PK_ECDSA;
+            break;
+#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+
+#if defined(MBEDTLS_SHA256_C)
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
+            *md_alg = MBEDTLS_MD_SHA256;
+            *pk_type = MBEDTLS_PK_RSASSA_PSS;
+            break;
+#endif /* MBEDTLS_SHA256_C  */
+
+#if defined(MBEDTLS_SHA384_C)
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+            *md_alg = MBEDTLS_MD_SHA384;
+            *pk_type = MBEDTLS_PK_RSASSA_PSS;
+            break;
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+            *md_alg = MBEDTLS_MD_SHA512;
+            *pk_type = MBEDTLS_PK_RSASSA_PSS;
+            break;
+#endif /* MBEDTLS_SHA512_C */
+
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
+
+#if defined(MBEDTLS_SHA256_C)
+        case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
+            *md_alg = MBEDTLS_MD_SHA256;
+            *pk_type = MBEDTLS_PK_RSA;
+            break;
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+        case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
+            *md_alg = MBEDTLS_MD_SHA384;
+            *pk_type = MBEDTLS_PK_RSA;
+            break;
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+        case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
+            *md_alg = MBEDTLS_MD_SHA512;
+            *pk_type = MBEDTLS_PK_RSA;
+            break;
+#endif /* MBEDTLS_SHA512_C */
+
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */
+
+            default:
+                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        }
+        return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
 static inline int mbedtls_ssl_sig_alg_is_supported(
                                                const mbedtls_ssl_context *ssl,
                                                const uint16_t sig_alg )
@ -2031,52 +2122,10 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4)
    {
-        switch( sig_alg )
-        {
-#if defined(MBEDTLS_SHA256_C) && \
-    defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
-    defined(MBEDTLS_ECDSA_C)
-            case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
-                break;
-#endif /* MBEDTLS_SHA256_C &&
-          MBEDTLS_ECP_DP_SECP256R1_ENABLED &&
-          MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_SHA384_C) && \
-    defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \
-    defined(MBEDTLS_ECDSA_C)
-            case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
-                break;
-#endif /* MBEDTLS_SHA384_C &&
-          MBEDTLS_ECP_DP_SECP384R1_ENABLED &&
-          MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_SHA512_C) && \
-    defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \
-    defined(MBEDTLS_ECDSA_C)
-            case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
-                break;
-#endif /* MBEDTLS_SHA512_C &&
-          MBEDTLS_ECP_DP_SECP521R1_ENABLED &&
-          MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_SHA256_C) && \
-    defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-            case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
-                break;
-#endif /* MBEDTLS_SHA256_C &&
-          MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-
-#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_RSA_C)
-            case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
-                break;
-#endif /* MBEDTLS_SHA256_C && MBEDTLS_RSA_C*/
-
-            default:
-                return( 0 );
-        }
-
-        return( 1 );
+        mbedtls_pk_type_t pk_type;
+        mbedtls_md_type_t md_alg;
+        return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
+                                                sig_alg, &pk_type, &md_alg ) );
    }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
    ((void) ssl);