ssl client: add key_opaque_algs command line option

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-25 12:45:41 +02:00 · 2022-04-25 12:45:41 +02:00 · f1822febc4
commit f1822febc4
parent 85d692d1c4
1 changed files with 19 additions and 0 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -115,6 +115,7 @@ int main( void )
 #define DFL_USE_SRTP            0
 #define DFL_SRTP_FORCE_PROFILE  0
 #define DFL_SRTP_MKI            ""
+#define DFL_KEY_OPAQUE_ALG      "none"

 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
 #define GET_REQUEST_END "\r\n\r\n"
@ -343,6 +344,13 @@ int main( void )
 #define USAGE_SERIALIZATION ""
 #endif

+#define USAGE_KEY_OPAQUE_ALGS \
+    "    key_opaque_algs=%%s  Allowed opaque key algorithms.\n"                      \
+    "                        coma-separated pair of values among the following:\n"   \
+    "                        rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n"           \
+    "                        ecdsa-sign, ecdh, none (only acceptable for\n"          \
+    "                        the second value).\n"                                   \
+
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
    "    tls13_kex_modes=%%s   default: all\n"     \
@ -411,6 +419,7 @@ int main( void )
    USAGE_CURVES                                            \
    USAGE_SIG_ALGS                                          \
    USAGE_DHMLEN                                            \
+    USAGE_KEY_OPAQUE_ALGS                                   \
    "\n"

 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@ -523,6 +532,8 @@ struct options
    int use_srtp;               /* Support SRTP                             */
    int force_srtp_profile;     /* SRTP protection profile to use or all    */
    const char *mki;            /* The dtls mki value to use                */
+    const char *key_opaque_alg1; /* Allowed opaque key alg 1                */
+    const char *key_opaque_alg2; /* Allowed Opaque key alg 2                */
 } opt;

 #include "ssl_test_common_source.c"
@ -885,6 +896,8 @@ int main( int argc, char *argv[] )
    opt.use_srtp            = DFL_USE_SRTP;
    opt.force_srtp_profile  = DFL_SRTP_FORCE_PROFILE;
    opt.mki                 = DFL_SRTP_MKI;
+    opt.key_opaque_alg1     = DFL_KEY_OPAQUE_ALG;
+    opt.key_opaque_alg2     = DFL_KEY_OPAQUE_ALG;

    for( i = 1; i < argc; i++ )
    {
@ -1308,6 +1321,12 @@ int main( int argc, char *argv[] )
        {
            opt.mki = q;
        }
+        else if( strcmp( p, "key_opaque_algs" ) == 0 )
+        {
+            if ( key_opaque_alg_parse( q, &opt.key_opaque_alg1,
+                                          &opt.key_opaque_alg2 ) != 0 )
+                goto usage;
+        }
        else
            goto usage;
    }