From 94e371af91eca583391f49d714fc53faa1f1bdae Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 22 Apr 2022 13:58:05 +0200 Subject: [PATCH] Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2 Signed-off-by: Neil Armstrong --- programs/ssl/ssl_client2.c | 18 ++++++++++++++++-- programs/ssl/ssl_server2.c | 37 +++++++++++++++++++++++++++++++++++-- 2 files changed, 51 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index cd6098682..3275a5881 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1709,8 +1709,22 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.key_opaque != 0 ) { - if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, - PSA_ALG_ANY_HASH ) ) != 0 ) + psa_algorithm_t psa_alg, psa_alg2; + + if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) + { + psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_NONE; + } + else + { + psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); + } + + if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg, + PSA_KEY_USAGE_SIGN_HASH, + psa_alg2 ) ) != 0 ) { mbedtls_printf( " failed\n ! " "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a91af0eb5..46a918883 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2575,11 +2575,29 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.key_opaque != 0 ) { + psa_algorithm_t psa_alg, psa_alg2; + psa_key_usage_t psa_usage; + if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA ) { + if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) + { + psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_ECDH; + psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; + } + else + { + psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_NONE; + psa_usage = PSA_KEY_USAGE_SIGN_HASH; + } + if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, - PSA_ALG_ANY_HASH ) ) != 0 ) + psa_alg, + psa_usage, + psa_alg2 ) ) != 0 ) { mbedtls_printf( " failed\n ! " "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); @@ -2590,8 +2608,23 @@ int main( int argc, char *argv[] ) if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_RSA ) { + if( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ) + { + psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_ECDH; + psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; + } + else + { + psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + psa_alg2 = PSA_ALG_NONE; + psa_usage = PSA_KEY_USAGE_SIGN_HASH; + } + if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2, - PSA_ALG_ANY_HASH ) ) != 0 ) + psa_alg, + psa_usage, + psa_alg2 ) ) != 0 ) { mbedtls_printf( " failed\n ! " "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );