Further code optimization
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 970c2a9..2cfdde6 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1717,43 +1717,25 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
{
- psa_algorithm_t psa_alg, psa_alg2 = 0;
- psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_HASH;
+ psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
+ psa_key_usage_t usage = 0;
- if( strcmp( opt.key_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 )
+ if( key_opaque_set_alg_usage( opt.key_opaque_alg1,
+ opt.key_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &usage,
+ mbedtls_pk_get_type( &pkey ) ) == 0 )
{
- if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
- {
- opt.key_opaque_alg1 = "ecdsa-sign";
- opt.key_opaque_alg2 = "none";
- }
- else
- {
- opt.key_opaque_alg1 = "rsa-sign-pkcs1";
- opt.key_opaque_alg2 = "rsa-sign-pss";
- }
- }
-
- if ( strcmp( opt.key_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
- {
- ret = key_opaque_set_alg_usage( opt.key_opaque_alg1,
- opt.key_opaque_alg2,
- &psa_alg, &psa_alg2, &usage );
+ ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg,
+ usage, psa_alg2 );
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
- (unsigned int) -ret );
+ mbedtls_printf( " failed\n ! "
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}
-
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg,
- usage, psa_alg2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
- goto exit;
- }
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */