mirror of
https://github.com/cuberite/polarssl.git
synced 2025-10-04 19:16:58 -04:00
exercise_key: allow SIGN_MESSAGE/VERIFY_MESSAGE with PSA_ALG_ANY_HASH
There was already code to instantiate the wildcard for sign/verify-hash. Make that work with sign/verify-message as well. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
05ee3fbdc0
commit
4781bd9773
@ -283,16 +283,11 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key,
|
|||||||
psa_key_usage_t usage,
|
psa_key_usage_t usage,
|
||||||
psa_algorithm_t alg)
|
psa_algorithm_t alg)
|
||||||
{
|
{
|
||||||
if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) &&
|
|
||||||
PSA_ALG_IS_SIGN_HASH(alg)) {
|
|
||||||
unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 };
|
|
||||||
size_t payload_length = 16;
|
|
||||||
unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
|
|
||||||
size_t signature_length = sizeof(signature);
|
|
||||||
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
|
|
||||||
|
|
||||||
/* If the policy allows signing with any hash, just pick one. */
|
/* If the policy allows signing with any hash, just pick one. */
|
||||||
if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH) {
|
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
|
||||||
|
if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH &&
|
||||||
|
usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
|
||||||
|
PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE)) {
|
||||||
#if defined(KNOWN_SUPPORTED_HASH_ALG)
|
#if defined(KNOWN_SUPPORTED_HASH_ALG)
|
||||||
hash_alg = KNOWN_SUPPORTED_HASH_ALG;
|
hash_alg = KNOWN_SUPPORTED_HASH_ALG;
|
||||||
alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
|
alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
|
||||||
@ -301,6 +296,13 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key,
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) &&
|
||||||
|
PSA_ALG_IS_SIGN_HASH(alg)) {
|
||||||
|
unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 };
|
||||||
|
size_t payload_length = 16;
|
||||||
|
unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
|
||||||
|
size_t signature_length = sizeof(signature);
|
||||||
|
|
||||||
/* Some algorithms require the payload to have the size of
|
/* Some algorithms require the payload to have the size of
|
||||||
* the hash encoded in the algorithm. Use this input size
|
* the hash encoded in the algorithm. Use this input size
|
||||||
* even for algorithms that allow other input sizes. */
|
* even for algorithms that allow other input sizes. */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user