From b58c47a666650468d224c9a5b22494bfb3c5474c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 2 May 2022 14:44:46 +0200 Subject: [PATCH] ssl_server2: use key opaque algs given from command line Signed-off-by: Przemek Stekiel --- programs/ssl/ssl_server2.c | 111 ++++++++++++++++++++++++------------- 1 file changed, 71 insertions(+), 40 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 390b83eca3..356e33aa75 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2596,59 +2596,90 @@ int main( int argc, char *argv[] ) psa_algorithm_t psa_alg, psa_alg2; psa_key_usage_t psa_usage; - if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA ) + if ( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 ) { - if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) + ret = key_opaque_set_alg_usage( opt.key1_opaque_alg1, + opt.key1_opaque_alg2, + &psa_alg, &psa_alg2, &psa_usage ); + if( ret != 0 ) { - psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_ECDH; - psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; - } - else - { - psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_NONE; - psa_usage = PSA_KEY_USAGE_SIGN_HASH; - } - - if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, - psa_alg, - psa_usage, - psa_alg2 ) ) != 0 ) - { - mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n", + (unsigned int) -ret ); goto exit; } } - - if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_RSA ) + else { - if( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ) + if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY || + mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA ) { - psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_ECDH; - psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; - } - else - { - psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_NONE; - psa_usage = PSA_KEY_USAGE_SIGN_HASH; + if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) + { + psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_ECDH; + psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; + } + else + { + psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_NONE; + psa_usage = PSA_KEY_USAGE_SIGN_HASH; + } } + } - if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2, - psa_alg, - psa_usage, - psa_alg2 ) ) != 0 ) + if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, + psa_alg, + psa_usage, + psa_alg2 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! " + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + goto exit; + } + + + if ( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 ) + { + ret = key_opaque_set_alg_usage( opt.key2_opaque_alg1, + opt.key2_opaque_alg2, + &psa_alg, &psa_alg2, &psa_usage ); + if( ret != 0 ) { - mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n", + (unsigned int) -ret ); goto exit; } } + else + { + if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY || + mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_RSA ) + { + if( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ) + { + psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_ECDH; + psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; + } + else + { + psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_NONE; + psa_usage = PSA_KEY_USAGE_SIGN_HASH; + } + } + } + + if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2, + psa_alg, + psa_usage, + psa_alg2 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! " + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + goto exit; + } } #endif /* MBEDTLS_USE_PSA_CRYPTO */