AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Further code optimization

Browse Source 
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-05-06 08:42:34 +02:00
parent 296bfba924
commit cb20d202d2
4 changed files with 93 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
programs/ssl/ssl_client2.c
View File

@ -1717,43 +1717,25 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
{
psa_algorithm_t psa_alg, psa_alg2 = 0;
psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_HASH;
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
psa_key_usage_t usage = 0;
if( strcmp( opt.key_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 )
if( key_opaque_set_alg_usage( opt.key_opaque_alg1,
opt.key_opaque_alg2,
&psa_alg, &psa_alg2,
&usage,
mbedtls_pk_get_type( &pkey ) ) == 0 )
{
if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
{
opt.key_opaque_alg1 = "ecdsa-sign";
opt.key_opaque_alg2 = "none";
}
else
{
opt.key_opaque_alg1 = "rsa-sign-pkcs1";
opt.key_opaque_alg2 = "rsa-sign-pss";
}
}
if ( strcmp( opt.key_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
{
ret = key_opaque_set_alg_usage( opt.key_opaque_alg1,
opt.key_opaque_alg2,
&psa_alg, &psa_alg2, &usage );
ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg,
usage, psa_alg2 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
(unsigned int) -ret );
mbedtls_printf( " failed\n ! "
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
}
if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg,
usage, psa_alg2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! "
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
goto exit;
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */

79
programs/ssl/ssl_server2.c
View File

@ -2597,79 +2597,44 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
{
psa_algorithm_t psa_alg, psa_alg2 = 0;
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
psa_key_usage_t psa_usage = 0;
if( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 )
if( key_opaque_set_alg_usage( opt.key1_opaque_alg1,
opt.key1_opaque_alg2,
&psa_alg, &psa_alg2,
&psa_usage,
mbedtls_pk_get_type( &pkey ) ) == 0 )
{
if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
{
opt.key1_opaque_alg1 = "ecdsa-sign";
opt.key1_opaque_alg2 = "ecdh";
}
else if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
{
opt.key1_opaque_alg1 = "rsa-sign-pkcs1";
opt.key1_opaque_alg2 = "none";
}
}
ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
psa_alg, psa_usage, psa_alg2 );
if( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
{
ret = key_opaque_set_alg_usage( opt.key1_opaque_alg1,
opt.key1_opaque_alg2,
&psa_alg, &psa_alg2, &psa_usage );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
psa_alg,
psa_usage,
psa_alg2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! "
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
}
if( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 )
{
if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
{
opt.key2_opaque_alg1 = "ecdsa-sign";
opt.key2_opaque_alg2 = "ecdh";
}
else if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
{
opt.key2_opaque_alg1 = "rsa-sign-pkcs1";
opt.key2_opaque_alg2 = "none";
}
}
psa_alg = PSA_ALG_NONE; psa_alg2 = PSA_ALG_NONE;
psa_usage = 0;
if( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
if( key_opaque_set_alg_usage( opt.key2_opaque_alg1,
opt.key2_opaque_alg2,
&psa_alg, &psa_alg2,
&psa_usage,
mbedtls_pk_get_type( &pkey2 ) ) == 0 )
{
ret = key_opaque_set_alg_usage( opt.key2_opaque_alg1,
opt.key2_opaque_alg2,
&psa_alg, &psa_alg2, &psa_usage );
ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
psa_alg, psa_usage, psa_alg2 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
psa_alg,
psa_usage,
psa_alg2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! "
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
(unsigned int) -ret );
goto exit;
}
}

105
programs/ssl/ssl_test_lib.c
View File

@ -225,62 +225,65 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2
int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg1,
psa_algorithm_t *psa_alg2,
psa_key_usage_t *usage )
psa_key_usage_t *usage,
mbedtls_pk_type_t key_type )
{
if( strcmp( alg1, "rsa-sign-pkcs1" ) == 0 )
if( strcmp( alg1, "none" ) != 0 )
{
*psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
*usage = PSA_KEY_USAGE_SIGN_HASH;
}
else if ( strcmp( alg1, "rsa-sign-pss" ) == 0 )
{
*psa_alg1 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
*usage = PSA_KEY_USAGE_SIGN_HASH;
}
else if ( strcmp( alg1, "rsa-decrypt" ) == 0 )
{
*psa_alg1 = PSA_ALG_RSA_PKCS1V15_CRYPT;
*usage = PSA_KEY_USAGE_DECRYPT;
}
else if ( strcmp( alg1, "ecdsa-sign" ) == 0 )
{
*psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
*usage = PSA_KEY_USAGE_SIGN_HASH;
}
else if ( strcmp( alg1, "ecdh" ) == 0 )
{
*psa_alg1 = PSA_ALG_ECDH;
*usage = PSA_KEY_USAGE_DERIVE;
}
const char * algs[] = { alg1, alg2 };
psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 };
if( strcmp( alg2, "rsa-sign-pkcs1" ) == 0 )
{
*psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
for ( int i = 0; i < 2; i++ )
{
if( strcmp( algs[i], "rsa-sign-pkcs1" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-decrypt" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
*usage |= PSA_KEY_USAGE_DECRYPT;
}
else if( strcmp( algs[i], "ecdsa-sign" ) == 0 )
{
*psa_algs[i] = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "ecdh" ) == 0 )
{
*psa_algs[i] = PSA_ALG_ECDH;
*usage |= PSA_KEY_USAGE_DERIVE;
}
else if( strcmp( algs[i], "none" ) == 0 )
{
*psa_algs[i] = PSA_ALG_NONE;
}
}
}
else if( strcmp( alg2, "rsa-sign-pss" ) == 0 )
else
{
*psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( alg2, "rsa-decrypt" ) == 0 )
{
*psa_alg2 = PSA_ALG_RSA_PKCS1V15_CRYPT;
*usage |= PSA_KEY_USAGE_DECRYPT;
}
else if( strcmp( alg2, "ecdsa-sign" ) == 0 )
{
*psa_alg2 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( alg2, "ecdh" ) == 0 )
{
*psa_alg2 = PSA_ALG_ECDH;
*usage |= PSA_KEY_USAGE_DERIVE;
}
else if( strcmp( alg2, "none" ) == 0 )
{
*psa_alg2 = PSA_ALG_NONE;
if( key_type == MBEDTLS_PK_ECKEY )
{
*psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
*psa_alg2 = PSA_ALG_ECDH;
*usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
}
else if( key_type == MBEDTLS_PK_RSA )
{
*psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
*psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
*usage = PSA_KEY_USAGE_SIGN_HASH;
}
else
{
return 1;
}
}
return 0;

7
programs/ssl/ssl_test_lib.h
View File

@ -246,10 +246,12 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2
*
*
* \param alg1 input string opaque key algorithm #1
* \param alg1 input string opaque key algorithm #2
* \param alg2 input string opaque key algorithm #2
* \param psa_alg1 output PSA algorithm #1
* \param psa_alg2 output PSA algorithm #2
* \param usage output key usage
* \param key_type key type used to set default psa algorithm/usage
* when alg1 in "none"
*
* \return \c 0 on success.
* \return \c 1 on parse failure.
@ -257,7 +259,8 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2
int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg1,
psa_algorithm_t *psa_alg2,
psa_key_usage_t *usage );
psa_key_usage_t *usage,
mbedtls_pk_type_t key_type );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)