Further code optimization
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b371ca9..0047cab 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2597,79 +2597,44 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
{
- psa_algorithm_t psa_alg, psa_alg2 = 0;
+ psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
psa_key_usage_t psa_usage = 0;
- if( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 )
+ if( key_opaque_set_alg_usage( opt.key1_opaque_alg1,
+ opt.key1_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &psa_usage,
+ mbedtls_pk_get_type( &pkey ) ) == 0 )
{
- if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
- {
- opt.key1_opaque_alg1 = "ecdsa-sign";
- opt.key1_opaque_alg2 = "ecdh";
- }
- else if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
- {
- opt.key1_opaque_alg1 = "rsa-sign-pkcs1";
- opt.key1_opaque_alg2 = "none";
- }
- }
+ ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
+ psa_alg, psa_usage, psa_alg2 );
- if( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
- {
- ret = key_opaque_set_alg_usage( opt.key1_opaque_alg1,
- opt.key1_opaque_alg2,
- &psa_alg, &psa_alg2, &psa_usage );
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
- (unsigned int) -ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
- psa_alg,
- psa_usage,
- psa_alg2 ) ) != 0 )
- {
mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}
- if( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 )
- {
- if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
- {
- opt.key2_opaque_alg1 = "ecdsa-sign";
- opt.key2_opaque_alg2 = "ecdh";
- }
- else if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
- {
- opt.key2_opaque_alg1 = "rsa-sign-pkcs1";
- opt.key2_opaque_alg2 = "none";
- }
- }
+ psa_alg = PSA_ALG_NONE; psa_alg2 = PSA_ALG_NONE;
+ psa_usage = 0;
- if( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
+ if( key_opaque_set_alg_usage( opt.key2_opaque_alg1,
+ opt.key2_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &psa_usage,
+ mbedtls_pk_get_type( &pkey2 ) ) == 0 )
{
- ret = key_opaque_set_alg_usage( opt.key2_opaque_alg1,
- opt.key2_opaque_alg2,
- &psa_alg, &psa_alg2, &psa_usage );
+ ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
+ psa_alg, psa_usage, psa_alg2 );
+
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
- (unsigned int) -ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
- psa_alg,
- psa_usage,
- psa_alg2 ) ) != 0 )
- {
mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}