ssl_server2: use key opaque algs given from command line
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 390b83e..356e33a 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2596,59 +2596,90 @@
psa_algorithm_t psa_alg, psa_alg2;
psa_key_usage_t psa_usage;
- if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
+ if ( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
{
- if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
+ ret = key_opaque_set_alg_usage( opt.key1_opaque_alg1,
+ opt.key1_opaque_alg2,
+ &psa_alg, &psa_alg2, &psa_usage );
+ if( ret != 0 )
{
- psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_ECDH;
- psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
- }
- else
- {
- psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_NONE;
- psa_usage = PSA_KEY_USAGE_SIGN_HASH;
- }
-
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
- psa_alg,
- psa_usage,
- psa_alg2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}
-
- if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_RSA )
+ else
{
- if( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY )
+ if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ||
+ mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
{
- psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_ECDH;
- psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
+ if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
+ {
+ psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
+ psa_alg2 = PSA_ALG_ECDH;
+ psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
+ }
+ else
+ {
+ psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
+ psa_alg2 = PSA_ALG_NONE;
+ psa_usage = PSA_KEY_USAGE_SIGN_HASH;
+ }
}
- else
- {
- psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
- psa_alg2 = PSA_ALG_NONE;
- psa_usage = PSA_KEY_USAGE_SIGN_HASH;
- }
+ }
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
- psa_alg,
- psa_usage,
- psa_alg2 ) ) != 0 )
+ if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
+ psa_alg,
+ psa_usage,
+ psa_alg2 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! "
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ goto exit;
+ }
+
+
+ if ( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
+ {
+ ret = key_opaque_set_alg_usage( opt.key2_opaque_alg1,
+ opt.key2_opaque_alg2,
+ &psa_alg, &psa_alg2, &psa_usage );
+ if( ret != 0 )
{
- mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}
+ else
+ {
+ if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ||
+ mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_RSA )
+ {
+ if( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY )
+ {
+ psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
+ psa_alg2 = PSA_ALG_ECDH;
+ psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
+ }
+ else
+ {
+ psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
+ psa_alg2 = PSA_ALG_NONE;
+ psa_usage = PSA_KEY_USAGE_SIGN_HASH;
+ }
+ }
+ }
+
+ if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
+ psa_alg,
+ psa_usage,
+ psa_alg2 ) ) != 0 )
+ {
+ mbedtls_printf( " failed\n ! "
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ goto exit;
+ }
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */