diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 970c2a97bf..2cfdde67fe 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1717,43 +1717,25 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.key_opaque != 0 ) { - psa_algorithm_t psa_alg, psa_alg2 = 0; - psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_HASH; + psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; + psa_key_usage_t usage = 0; - if( strcmp( opt.key_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 ) + if( key_opaque_set_alg_usage( opt.key_opaque_alg1, + opt.key_opaque_alg2, + &psa_alg, &psa_alg2, + &usage, + mbedtls_pk_get_type( &pkey ) ) == 0 ) { - if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) - { - opt.key_opaque_alg1 = "ecdsa-sign"; - opt.key_opaque_alg2 = "none"; - } - else - { - opt.key_opaque_alg1 = "rsa-sign-pkcs1"; - opt.key_opaque_alg2 = "rsa-sign-pss"; - } - } - - if ( strcmp( opt.key_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 ) - { - ret = key_opaque_set_alg_usage( opt.key_opaque_alg1, - opt.key_opaque_alg2, - &psa_alg, &psa_alg2, &usage ); + ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg, + usage, psa_alg2 ); if( ret != 0 ) { - mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n", - (unsigned int) -ret ); + mbedtls_printf( " failed\n ! " + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", + (unsigned int) -ret ); goto exit; } } - - if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg, - usage, psa_alg2 ) ) != 0 ) - { - mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); - goto exit; - } } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b371ca9b72..0047cabb2b 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2597,79 +2597,44 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.key_opaque != 0 ) { - psa_algorithm_t psa_alg, psa_alg2 = 0; + psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; psa_key_usage_t psa_usage = 0; - if( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 ) + if( key_opaque_set_alg_usage( opt.key1_opaque_alg1, + opt.key1_opaque_alg2, + &psa_alg, &psa_alg2, + &psa_usage, + mbedtls_pk_get_type( &pkey ) ) == 0 ) { - if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) - { - opt.key1_opaque_alg1 = "ecdsa-sign"; - opt.key1_opaque_alg2 = "ecdh"; - } - else if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA ) - { - opt.key1_opaque_alg1 = "rsa-sign-pkcs1"; - opt.key1_opaque_alg2 = "none"; - } - } + ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, + psa_alg, psa_usage, psa_alg2 ); - if( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 ) - { - ret = key_opaque_set_alg_usage( opt.key1_opaque_alg1, - opt.key1_opaque_alg2, - &psa_alg, &psa_alg2, &psa_usage ); if( ret != 0 ) - { - mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n", - (unsigned int) -ret ); - goto exit; - } - - if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, - psa_alg, - psa_usage, - psa_alg2 ) ) != 0 ) { mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", + (unsigned int) -ret ); goto exit; } } - if( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 ) - { - if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) - { - opt.key2_opaque_alg1 = "ecdsa-sign"; - opt.key2_opaque_alg2 = "ecdh"; - } - else if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA ) - { - opt.key2_opaque_alg1 = "rsa-sign-pkcs1"; - opt.key2_opaque_alg2 = "none"; - } - } + psa_alg = PSA_ALG_NONE; psa_alg2 = PSA_ALG_NONE; + psa_usage = 0; - if( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 ) + if( key_opaque_set_alg_usage( opt.key2_opaque_alg1, + opt.key2_opaque_alg2, + &psa_alg, &psa_alg2, + &psa_usage, + mbedtls_pk_get_type( &pkey2 ) ) == 0 ) { - ret = key_opaque_set_alg_usage( opt.key2_opaque_alg1, - opt.key2_opaque_alg2, - &psa_alg, &psa_alg2, &psa_usage ); + ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2, + psa_alg, psa_usage, psa_alg2 ); + if( ret != 0 ) - { - mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n", - (unsigned int) -ret ); - goto exit; - } - - if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2, - psa_alg, - psa_usage, - psa_alg2 ) ) != 0 ) { mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", + (unsigned int) -ret ); goto exit; } } diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 7eebebb44d..a7f3d0e389 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -225,62 +225,65 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 int key_opaque_set_alg_usage( const char *alg1, const char *alg2, psa_algorithm_t *psa_alg1, psa_algorithm_t *psa_alg2, - psa_key_usage_t *usage ) + psa_key_usage_t *usage, + mbedtls_pk_type_t key_type ) { - if( strcmp( alg1, "rsa-sign-pkcs1" ) == 0 ) + if( strcmp( alg1, "none" ) != 0 ) { - *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); - *usage = PSA_KEY_USAGE_SIGN_HASH; - } - else if ( strcmp( alg1, "rsa-sign-pss" ) == 0 ) - { - *psa_alg1 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); - *usage = PSA_KEY_USAGE_SIGN_HASH; - } - else if ( strcmp( alg1, "rsa-decrypt" ) == 0 ) - { - *psa_alg1 = PSA_ALG_RSA_PKCS1V15_CRYPT; - *usage = PSA_KEY_USAGE_DECRYPT; - } - else if ( strcmp( alg1, "ecdsa-sign" ) == 0 ) - { - *psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); - *usage = PSA_KEY_USAGE_SIGN_HASH; - } - else if ( strcmp( alg1, "ecdh" ) == 0 ) - { - *psa_alg1 = PSA_ALG_ECDH; - *usage = PSA_KEY_USAGE_DERIVE; - } + const char * algs[] = { alg1, alg2 }; + psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 }; - if( strcmp( alg2, "rsa-sign-pkcs1" ) == 0 ) - { - *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); - *usage |= PSA_KEY_USAGE_SIGN_HASH; + for ( int i = 0; i < 2; i++ ) + { + if( strcmp( algs[i], "rsa-sign-pkcs1" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( algs[i], "rsa-sign-pss" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( algs[i], "rsa-decrypt" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT; + *usage |= PSA_KEY_USAGE_DECRYPT; + } + else if( strcmp( algs[i], "ecdsa-sign" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( algs[i], "ecdh" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_ECDH; + *usage |= PSA_KEY_USAGE_DERIVE; + } + else if( strcmp( algs[i], "none" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_NONE; + } + } } - else if( strcmp( alg2, "rsa-sign-pss" ) == 0 ) + else { - *psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } - else if( strcmp( alg2, "rsa-decrypt" ) == 0 ) - { - *psa_alg2 = PSA_ALG_RSA_PKCS1V15_CRYPT; - *usage |= PSA_KEY_USAGE_DECRYPT; - } - else if( strcmp( alg2, "ecdsa-sign" ) == 0 ) - { - *psa_alg2 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); - *usage |= PSA_KEY_USAGE_SIGN_HASH; - } - else if( strcmp( alg2, "ecdh" ) == 0 ) - { - *psa_alg2 = PSA_ALG_ECDH; - *usage |= PSA_KEY_USAGE_DERIVE; - } - else if( strcmp( alg2, "none" ) == 0 ) - { - *psa_alg2 = PSA_ALG_NONE; + if( key_type == MBEDTLS_PK_ECKEY ) + { + *psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + *psa_alg2 = PSA_ALG_ECDH; + *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; + } + else if( key_type == MBEDTLS_PK_RSA ) + { + *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + *psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); + *usage = PSA_KEY_USAGE_SIGN_HASH; + } + else + { + return 1; + } } return 0; diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index 367b8e2910..f0d0c3b895 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -246,10 +246,12 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 * * * \param alg1 input string opaque key algorithm #1 - * \param alg1 input string opaque key algorithm #2 + * \param alg2 input string opaque key algorithm #2 * \param psa_alg1 output PSA algorithm #1 * \param psa_alg2 output PSA algorithm #2 * \param usage output key usage + * \param key_type key type used to set default psa algorithm/usage + * when alg1 in "none" * * \return \c 0 on success. * \return \c 1 on parse failure. @@ -257,7 +259,8 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 int key_opaque_set_alg_usage( const char *alg1, const char *alg2, psa_algorithm_t *psa_alg1, psa_algorithm_t *psa_alg2, - psa_key_usage_t *usage ); + psa_key_usage_t *usage, + mbedtls_pk_type_t key_type ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)