From 4ca0d72c3b3b24ccbd6c42a586873cb96b65078c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 25 Apr 2022 12:46:22 +0200 Subject: [PATCH] ssl server: add key_opaque_algs command line option Signed-off-by: Przemek Stekiel --- programs/ssl/ssl_server2.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d728b95e3..f04315ef8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -151,6 +151,7 @@ int main( void ) #define DFL_USE_SRTP 0 #define DFL_SRTP_FORCE_PROFILE 0 #define DFL_SRTP_SUPPORT_MKI 0 +#define DFL_KEY_OPAQUE_ALG "none" #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -455,6 +456,13 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif +#define USAGE_KEY_OPAQUE_ALGS \ + " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ + " coma-separated pair of values among the following:\n" \ + " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ + " ecdsa-sign, ecdh, none (only acceptable for\n" \ + " the second value).\n" \ + #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ " tls13_kex_modes=%%s default: all\n" \ @@ -519,6 +527,7 @@ int main( void ) USAGE_ETM \ USAGE_CURVES \ USAGE_SIG_ALGS \ + USAGE_KEY_OPAQUE_ALGS \ "\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -659,6 +668,8 @@ struct options int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ int support_mki; /* The dtls mki mki support */ + const char *key_opaque_alg1; /* Allowed opaque key alg 1 */ + const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */ } opt; #include "ssl_test_common_source.c" @@ -1615,6 +1626,8 @@ int main( int argc, char *argv[] ) opt.use_srtp = DFL_USE_SRTP; opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; opt.support_mki = DFL_SRTP_SUPPORT_MKI; + opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG; + opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG; for( i = 1; i < argc; i++ ) { @@ -2088,6 +2101,12 @@ int main( int argc, char *argv[] ) { opt.support_mki = atoi( q ); } + else if( strcmp( p, "key_opaque_algs" ) == 0 ) + { + if ( key_opaque_alg_parse( q, &opt.key_opaque_alg1, + &opt.key_opaque_alg2 ) != 0 ) + goto usage; + } else goto usage; }