From 01396a16dae33ab104bf5d93a41165d64fba1b25 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 2 May 2022 13:41:53 +0200 Subject: [PATCH] ssl_test_lib: add function translate given opaque algoritms to psa Signed-off-by: Przemek Stekiel --- programs/ssl/ssl_test_lib.c | 64 +++++++++++++++++++++++++++++++++++++ programs/ssl/ssl_test_lib.h | 18 +++++++++++ 2 files changed, 82 insertions(+) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 094a65dd9..c0704d056 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -221,6 +221,70 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 return 0; } +int key_opaque_set_alg_usage( const char *alg1, const char *alg2, + psa_algorithm_t *psa_alg1, + psa_algorithm_t *psa_alg2, + psa_key_usage_t *usage ) +{ + if( strcmp( alg1, "rsa-sign-pkcs1" ) == 0 ) + { + *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + *usage = PSA_KEY_USAGE_SIGN_HASH; + } + else if ( strcmp( alg1, "rsa-sign-pss" ) == 0 ) + { + *psa_alg1 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); + *usage = PSA_KEY_USAGE_SIGN_HASH; + } + else if ( strcmp( alg1, "rsa-decrypt" ) == 0 ) + { + *psa_alg1 = PSA_ALG_RSA_PKCS1V15_CRYPT; + *usage = PSA_KEY_USAGE_DECRYPT; + } + else if ( strcmp( alg1, "ecdsa-sign" ) == 0 ) + { + *psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + *usage = PSA_KEY_USAGE_SIGN_HASH; + } + else if ( strcmp( alg1, "ecdh" ) == 0 ) + { + *psa_alg1 = PSA_ALG_ECDH; + *usage = PSA_KEY_USAGE_DERIVE; + } + + if( strcmp( alg2, "rsa-sign-pkcs1" ) == 0 ) + { + *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( alg2, "rsa-sign-pss" ) == 0 ) + { + *psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( alg2, "rsa-decrypt" ) == 0 ) + { + *psa_alg2 = PSA_ALG_RSA_PKCS1V15_CRYPT; + *usage |= PSA_KEY_USAGE_DECRYPT; + } + else if( strcmp( alg2, "ecdsa-sign" ) == 0 ) + { + *psa_alg2 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( alg2, "ecdh" ) == 0 ) + { + *psa_alg2 = PSA_ALG_ECDH; + *usage |= PSA_KEY_USAGE_DERIVE; + } + else if( strcmp( alg2, "none" ) == 0 ) + { + *psa_alg2 = PSA_ALG_NONE; + } + + return 0; +} + #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates ) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index e0ee79df2..618da512f 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -240,6 +240,24 @@ int rng_get( void *p_rng, unsigned char *output, size_t output_len ); */ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 ); +/** Parse given opaque key algoritms to obtain psa algs and usage + * that will be passed to mbedtls_pk_wrap_as_opaque(). + * + * + * \param alg1 input string opaque key algorithm #1 + * \param alg1 input string opaque key algorithm #2 + * \param psa_alg1 output PSA algorithm #1 + * \param psa_alg2 output PSA algorithm #2 + * \param usage output key usage + * + * \return \c 0 on success. + * \return \c 1 on parse failure. + */ +int key_opaque_set_alg_usage( const char *alg1, const char *alg2, + psa_algorithm_t *psa_alg1, + psa_algorithm_t *psa_alg2, + psa_key_usage_t *usage ); + #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) /* The test implementation of the PSA external RNG is insecure. When * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto