commit ef14af04c75cd6e84ecc277b3b3291e9cae1ad6a
author Ronald Cron <ronald.cron@arm.com> Tue Aug 31 19:08:55 2021 +0200
committer Ronald Cron <ronald.cron@arm.com> Tue Nov 30 14:49:19 2021 +0100
tree c6ad28784eb628c26e1b975844cf95cec30e370b
parent d2c53e60ca69eb0c061333fe1556e6fba72e96bb

tests: psa: Refine choice of default hash algorithm for signature

As PSA signatures rely on built-in hash implementations
(cannot take an advantage of an accelerator for the
time being), chose an available built-in hash for
tests exercising a signature key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

tests/include/test/psa_exercise_key.h

diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h
index 57eae58..e67f515 100644
--- a/tests/include/test/psa_exercise_key.h
+++ b/tests/include/test/psa_exercise_key.h
@@ -56,6 +56,34 @@
 #undef KNOWN_SUPPORTED_HASH_ALG
 #endif
 
+/** \def KNOWN_MBEDTLS_SUPPORTED_HASH_ALG
+ *
+ * A hash algorithm that is known to be supported by Mbed TLS APIs.
+ *
+ * This is used in some smoke tests where the hash algorithm is used as
+ * part of another algorithm like a signature algorithm and the hashing is
+ * completed through an Mbed TLS hash API, not the PSA one.
+ */
+#if defined(MBEDTLS_MD2_C)
+#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD2
+#elif defined(MBEDTLS_MD4_C)
+#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD4
+#elif defined(MBEDTLS_MD5_C)
+#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_MD5
+/* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of
+ * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
+ * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be
+ * implausible anyway. */
+#elif defined(MBEDTLS_SHA1_C)
+#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_1
+#elif defined(MBEDTLS_SHA256_C)
+#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_256
+#elif defined(MBEDTLS_SHA512_C)
+#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_512
+#else
+#undef KNOWN_MBEDLTS_SUPPORTED_HASH_ALG
+#endif
+
 /** \def KNOWN_SUPPORTED_BLOCK_CIPHER
  *
  * A block cipher that is known to be supported.

tests/src/psa_exercise_key.c

diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index de2c48d..c1e76c8 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -309,8 +309,8 @@
         /* If the policy allows signing with any hash, just pick one. */
         if( PSA_ALG_IS_SIGN_HASH( alg ) && hash_alg == PSA_ALG_ANY_HASH )
         {
-    #if defined(KNOWN_SUPPORTED_HASH_ALG)
-            hash_alg = KNOWN_SUPPORTED_HASH_ALG;
+    #if defined(KNOWN_MBEDTLS_SUPPORTED_HASH_ALG)
+            hash_alg = KNOWN_MBEDTLS_SUPPORTED_HASH_ALG;
             alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
     #else
             TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" );