Further code optimization
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 970c2a9..2cfdde6 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1717,43 +1717,25 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
{
- psa_algorithm_t psa_alg, psa_alg2 = 0;
- psa_key_usage_t usage = PSA_KEY_USAGE_SIGN_HASH;
+ psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
+ psa_key_usage_t usage = 0;
- if( strcmp( opt.key_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 )
+ if( key_opaque_set_alg_usage( opt.key_opaque_alg1,
+ opt.key_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &usage,
+ mbedtls_pk_get_type( &pkey ) ) == 0 )
{
- if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
- {
- opt.key_opaque_alg1 = "ecdsa-sign";
- opt.key_opaque_alg2 = "none";
- }
- else
- {
- opt.key_opaque_alg1 = "rsa-sign-pkcs1";
- opt.key_opaque_alg2 = "rsa-sign-pss";
- }
- }
-
- if ( strcmp( opt.key_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
- {
- ret = key_opaque_set_alg_usage( opt.key_opaque_alg1,
- opt.key_opaque_alg2,
- &psa_alg, &psa_alg2, &usage );
+ ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg,
+ usage, psa_alg2 );
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
- (unsigned int) -ret );
+ mbedtls_printf( " failed\n ! "
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}
-
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg,
- usage, psa_alg2 ) ) != 0 )
- {
- mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
- goto exit;
- }
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b371ca9..0047cab 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2597,79 +2597,44 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
{
- psa_algorithm_t psa_alg, psa_alg2 = 0;
+ psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
psa_key_usage_t psa_usage = 0;
- if( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 )
+ if( key_opaque_set_alg_usage( opt.key1_opaque_alg1,
+ opt.key1_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &psa_usage,
+ mbedtls_pk_get_type( &pkey ) ) == 0 )
{
- if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
- {
- opt.key1_opaque_alg1 = "ecdsa-sign";
- opt.key1_opaque_alg2 = "ecdh";
- }
- else if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
- {
- opt.key1_opaque_alg1 = "rsa-sign-pkcs1";
- opt.key1_opaque_alg2 = "none";
- }
- }
+ ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
+ psa_alg, psa_usage, psa_alg2 );
- if( strcmp( opt.key1_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
- {
- ret = key_opaque_set_alg_usage( opt.key1_opaque_alg1,
- opt.key1_opaque_alg2,
- &psa_alg, &psa_alg2, &psa_usage );
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
- (unsigned int) -ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
- psa_alg,
- psa_usage,
- psa_alg2 ) ) != 0 )
- {
mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}
- if( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) == 0 )
- {
- if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
- {
- opt.key2_opaque_alg1 = "ecdsa-sign";
- opt.key2_opaque_alg2 = "ecdh";
- }
- else if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
- {
- opt.key2_opaque_alg1 = "rsa-sign-pkcs1";
- opt.key2_opaque_alg2 = "none";
- }
- }
+ psa_alg = PSA_ALG_NONE; psa_alg2 = PSA_ALG_NONE;
+ psa_usage = 0;
- if( strcmp( opt.key2_opaque_alg1, DFL_KEY_OPAQUE_ALG ) != 0 )
+ if( key_opaque_set_alg_usage( opt.key2_opaque_alg1,
+ opt.key2_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &psa_usage,
+ mbedtls_pk_get_type( &pkey2 ) ) == 0 )
{
- ret = key_opaque_set_alg_usage( opt.key2_opaque_alg1,
- opt.key2_opaque_alg2,
- &psa_alg, &psa_alg2, &psa_usage );
+ ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
+ psa_alg, psa_usage, psa_alg2 );
+
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! key_opaque_set_alg_usage returned -0x%x\n\n",
- (unsigned int) -ret );
- goto exit;
- }
-
- if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
- psa_alg,
- psa_usage,
- psa_alg2 ) ) != 0 )
- {
mbedtls_printf( " failed\n ! "
- "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
+ "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret );
goto exit;
}
}
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index 7eebebb..a7f3d0e 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -225,62 +225,65 @@
int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg1,
psa_algorithm_t *psa_alg2,
- psa_key_usage_t *usage )
+ psa_key_usage_t *usage,
+ mbedtls_pk_type_t key_type )
{
- if( strcmp( alg1, "rsa-sign-pkcs1" ) == 0 )
+ if( strcmp( alg1, "none" ) != 0 )
{
- *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
- *usage = PSA_KEY_USAGE_SIGN_HASH;
- }
- else if ( strcmp( alg1, "rsa-sign-pss" ) == 0 )
- {
- *psa_alg1 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
- *usage = PSA_KEY_USAGE_SIGN_HASH;
- }
- else if ( strcmp( alg1, "rsa-decrypt" ) == 0 )
- {
- *psa_alg1 = PSA_ALG_RSA_PKCS1V15_CRYPT;
- *usage = PSA_KEY_USAGE_DECRYPT;
- }
- else if ( strcmp( alg1, "ecdsa-sign" ) == 0 )
- {
- *psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
- *usage = PSA_KEY_USAGE_SIGN_HASH;
- }
- else if ( strcmp( alg1, "ecdh" ) == 0 )
- {
- *psa_alg1 = PSA_ALG_ECDH;
- *usage = PSA_KEY_USAGE_DERIVE;
- }
+ const char * algs[] = { alg1, alg2 };
+ psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 };
- if( strcmp( alg2, "rsa-sign-pkcs1" ) == 0 )
- {
- *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
- *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ for ( int i = 0; i < 2; i++ )
+ {
+ if( strcmp( algs[i], "rsa-sign-pkcs1" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else if( strcmp( algs[i], "rsa-sign-pss" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else if( strcmp( algs[i], "rsa-decrypt" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
+ *usage |= PSA_KEY_USAGE_DECRYPT;
+ }
+ else if( strcmp( algs[i], "ecdsa-sign" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else if( strcmp( algs[i], "ecdh" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_ECDH;
+ *usage |= PSA_KEY_USAGE_DERIVE;
+ }
+ else if( strcmp( algs[i], "none" ) == 0 )
+ {
+ *psa_algs[i] = PSA_ALG_NONE;
+ }
+ }
}
- else if( strcmp( alg2, "rsa-sign-pss" ) == 0 )
+ else
{
- *psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
- *usage |= PSA_KEY_USAGE_SIGN_HASH;
- }
- else if( strcmp( alg2, "rsa-decrypt" ) == 0 )
- {
- *psa_alg2 = PSA_ALG_RSA_PKCS1V15_CRYPT;
- *usage |= PSA_KEY_USAGE_DECRYPT;
- }
- else if( strcmp( alg2, "ecdsa-sign" ) == 0 )
- {
- *psa_alg2 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
- *usage |= PSA_KEY_USAGE_SIGN_HASH;
- }
- else if( strcmp( alg2, "ecdh" ) == 0 )
- {
- *psa_alg2 = PSA_ALG_ECDH;
- *usage |= PSA_KEY_USAGE_DERIVE;
- }
- else if( strcmp( alg2, "none" ) == 0 )
- {
- *psa_alg2 = PSA_ALG_NONE;
+ if( key_type == MBEDTLS_PK_ECKEY )
+ {
+ *psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
+ *psa_alg2 = PSA_ALG_ECDH;
+ *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
+ }
+ else if( key_type == MBEDTLS_PK_RSA )
+ {
+ *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
+ *psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
+ *usage = PSA_KEY_USAGE_SIGN_HASH;
+ }
+ else
+ {
+ return 1;
+ }
}
return 0;
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index 367b8e2..f0d0c3b 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -246,10 +246,12 @@
*
*
* \param alg1 input string opaque key algorithm #1
- * \param alg1 input string opaque key algorithm #2
+ * \param alg2 input string opaque key algorithm #2
* \param psa_alg1 output PSA algorithm #1
* \param psa_alg2 output PSA algorithm #2
* \param usage output key usage
+ * \param key_type key type used to set default psa algorithm/usage
+ * when alg1 in "none"
*
* \return \c 0 on success.
* \return \c 1 on parse failure.
@@ -257,7 +259,8 @@
int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg1,
psa_algorithm_t *psa_alg2,
- psa_key_usage_t *usage );
+ psa_key_usage_t *usage,
+ mbedtls_pk_type_t key_type );
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)