ssl client: add key_opaque_algs command line option
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index f741d99..94b4d4f 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -115,6 +115,7 @@
#define DFL_USE_SRTP 0
#define DFL_SRTP_FORCE_PROFILE 0
#define DFL_SRTP_MKI ""
+#define DFL_KEY_OPAQUE_ALG "none"
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
@@ -343,6 +344,13 @@
#define USAGE_SERIALIZATION ""
#endif
+#define USAGE_KEY_OPAQUE_ALGS \
+ " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
+ " coma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n" \
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \
@@ -411,6 +419,7 @@
USAGE_CURVES \
USAGE_SIG_ALGS \
USAGE_DHMLEN \
+ USAGE_KEY_OPAQUE_ALGS \
"\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -523,6 +532,8 @@
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
const char *mki; /* The dtls mki value to use */
+ const char *key_opaque_alg1; /* Allowed opaque key alg 1 */
+ const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */
} opt;
#include "ssl_test_common_source.c"
@@ -885,6 +896,8 @@
opt.use_srtp = DFL_USE_SRTP;
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.mki = DFL_SRTP_MKI;
+ opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
+ opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
for( i = 1; i < argc; i++ )
{
@@ -1308,6 +1321,12 @@
{
opt.mki = q;
}
+ else if( strcmp( p, "key_opaque_algs" ) == 0 )
+ {
+ if ( key_opaque_alg_parse( q, &opt.key_opaque_alg1,
+ &opt.key_opaque_alg2 ) != 0 )
+ goto usage;
+ }
else
goto usage;
}