diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f741d9963..2cfdde67f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -115,6 +115,7 @@ int main( void ) #define DFL_USE_SRTP 0 #define DFL_SRTP_FORCE_PROFILE 0 #define DFL_SRTP_MKI "" +#define DFL_KEY_OPAQUE_ALG "none" #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" @@ -343,6 +344,13 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif +#define USAGE_KEY_OPAQUE_ALGS \ + " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \ + " comma-separated pair of values among the following:\n" \ + " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ + " ecdsa-sign, ecdh, none (only acceptable for\n" \ + " the second value).\n" \ + #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ " tls13_kex_modes=%%s default: all\n" \ @@ -411,6 +419,7 @@ int main( void ) USAGE_CURVES \ USAGE_SIG_ALGS \ USAGE_DHMLEN \ + USAGE_KEY_OPAQUE_ALGS \ "\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -523,6 +532,8 @@ struct options int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ const char *mki; /* The dtls mki value to use */ + const char *key_opaque_alg1; /* Allowed opaque key alg 1 */ + const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */ } opt; #include "ssl_test_common_source.c" @@ -885,6 +896,8 @@ int main( int argc, char *argv[] ) opt.use_srtp = DFL_USE_SRTP; opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; opt.mki = DFL_SRTP_MKI; + opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG; + opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG; for( i = 1; i < argc; i++ ) { @@ -1308,6 +1321,12 @@ int main( int argc, char *argv[] ) { opt.mki = q; } + else if( strcmp( p, "key_opaque_algs" ) == 0 ) + { + if( key_opaque_alg_parse( q, &opt.key_opaque_alg1, + &opt.key_opaque_alg2 ) != 0 ) + goto usage; + } else goto usage; } @@ -1698,26 +1717,24 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.key_opaque != 0 ) { - psa_algorithm_t psa_alg, psa_alg2; + psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; + psa_key_usage_t usage = 0; - if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) + if( key_opaque_set_alg_usage( opt.key_opaque_alg1, + opt.key_opaque_alg2, + &psa_alg, &psa_alg2, + &usage, + mbedtls_pk_get_type( &pkey ) ) == 0 ) { - psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_NONE; - } - else - { - psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); - } - - if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg, - PSA_KEY_USAGE_SIGN_HASH, - psa_alg2 ) ) != 0 ) - { - mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); - goto exit; + ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, psa_alg, + usage, psa_alg2 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! " + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", + (unsigned int) -ret ); + goto exit; + } } } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d728b95e3..0047cabb2 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -151,6 +151,7 @@ int main( void ) #define DFL_USE_SRTP 0 #define DFL_SRTP_FORCE_PROFILE 0 #define DFL_SRTP_SUPPORT_MKI 0 +#define DFL_KEY_OPAQUE_ALG "none" #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -455,6 +456,17 @@ int main( void ) #define USAGE_SERIALIZATION "" #endif +#define USAGE_KEY_OPAQUE_ALGS \ + " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \ + " comma-separated pair of values among the following:\n" \ + " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ + " ecdsa-sign, ecdh, none (only acceptable for\n" \ + " the second value).\n" \ + " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \ + " comma-separated pair of values among the following:\n" \ + " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \ + " ecdsa-sign, ecdh, none (only acceptable for\n" \ + " the second value).\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #define USAGE_TLS1_3_KEY_EXCHANGE_MODES \ " tls13_kex_modes=%%s default: all\n" \ @@ -519,6 +531,7 @@ int main( void ) USAGE_ETM \ USAGE_CURVES \ USAGE_SIG_ALGS \ + USAGE_KEY_OPAQUE_ALGS \ "\n" #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -659,6 +672,10 @@ struct options int use_srtp; /* Support SRTP */ int force_srtp_profile; /* SRTP protection profile to use or all */ int support_mki; /* The dtls mki mki support */ + const char *key1_opaque_alg1; /* Allowed opaque key 1 alg 1 */ + const char *key1_opaque_alg2; /* Allowed Opaque key 1 alg 2 */ + const char *key2_opaque_alg1; /* Allowed opaque key 2 alg 1 */ + const char *key2_opaque_alg2; /* Allowed Opaque key 2 alg 2 */ } opt; #include "ssl_test_common_source.c" @@ -679,7 +696,7 @@ static int get_auth_mode( const char *s ) } /* - * Used by sni_parse and psk_parse to handle coma-separated lists + * Used by sni_parse and psk_parse to handle comma-separated lists */ #define GET_ITEM( dst ) \ do \ @@ -1615,6 +1632,10 @@ int main( int argc, char *argv[] ) opt.use_srtp = DFL_USE_SRTP; opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE; opt.support_mki = DFL_SRTP_SUPPORT_MKI; + opt.key1_opaque_alg1 = DFL_KEY_OPAQUE_ALG; + opt.key1_opaque_alg2 = DFL_KEY_OPAQUE_ALG; + opt.key2_opaque_alg1 = DFL_KEY_OPAQUE_ALG; + opt.key2_opaque_alg2 = DFL_KEY_OPAQUE_ALG; for( i = 1; i < argc; i++ ) { @@ -2088,6 +2109,18 @@ int main( int argc, char *argv[] ) { opt.support_mki = atoi( q ); } + else if( strcmp( p, "key_opaque_algs" ) == 0 ) + { + if( key_opaque_alg_parse( q, &opt.key1_opaque_alg1, + &opt.key1_opaque_alg2 ) != 0 ) + goto usage; + } + else if( strcmp( p, "key_opaque_algs2" ) == 0 ) + { + if( key_opaque_alg_parse( q, &opt.key2_opaque_alg1, + &opt.key2_opaque_alg2 ) != 0 ) + goto usage; + } else goto usage; } @@ -2564,59 +2597,44 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_USE_PSA_CRYPTO) if( opt.key_opaque != 0 ) { - psa_algorithm_t psa_alg, psa_alg2; - psa_key_usage_t psa_usage; + psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE; + psa_key_usage_t psa_usage = 0; - if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA ) + if( key_opaque_set_alg_usage( opt.key1_opaque_alg1, + opt.key1_opaque_alg2, + &psa_alg, &psa_alg2, + &psa_usage, + mbedtls_pk_get_type( &pkey ) ) == 0 ) { - if( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ) - { - psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_ECDH; - psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; - } - else - { - psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_NONE; - psa_usage = PSA_KEY_USAGE_SIGN_HASH; - } + ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, + psa_alg, psa_usage, psa_alg2 ); - if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot, - psa_alg, - psa_usage, - psa_alg2 ) ) != 0 ) + if( ret != 0 ) { mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", + (unsigned int) -ret ); goto exit; } } - if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_RSA ) - { - if( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ) - { - psa_alg = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_ECDH; - psa_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; - } - else - { - psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); - psa_alg2 = PSA_ALG_NONE; - psa_usage = PSA_KEY_USAGE_SIGN_HASH; - } + psa_alg = PSA_ALG_NONE; psa_alg2 = PSA_ALG_NONE; + psa_usage = 0; - if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2, - psa_alg, - psa_usage, - psa_alg2 ) ) != 0 ) + if( key_opaque_set_alg_usage( opt.key2_opaque_alg1, + opt.key2_opaque_alg2, + &psa_alg, &psa_alg2, + &psa_usage, + mbedtls_pk_get_type( &pkey2 ) ) == 0 ) + { + ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2, + psa_alg, psa_usage, psa_alg2 ); + + if( ret != 0 ) { mbedtls_printf( " failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret ); + "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", + (unsigned int) -ret ); goto exit; } } diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index a28a47769..a7f3d0e38 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -193,6 +193,103 @@ int rng_get( void *p_rng, unsigned char *output, size_t output_len ) #endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */ } +int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 ) +{ + char* separator; + if( ( separator = strchr( arg, ',' ) ) == NULL ) + return 1; + *separator = '\0'; + + *alg1 = arg; + *alg2 = separator + 1; + + if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 && + strcmp( *alg1, "rsa-sign-pss" ) != 0 && + strcmp( *alg1, "rsa-decrypt" ) != 0 && + strcmp( *alg1, "ecdsa-sign" ) != 0 && + strcmp( *alg1, "ecdh" ) != 0 ) + return 1; + + if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 && + strcmp( *alg2, "rsa-sign-pss" ) != 0 && + strcmp( *alg2, "rsa-decrypt" ) != 0 && + strcmp( *alg2, "ecdsa-sign" ) != 0 && + strcmp( *alg2, "ecdh" ) != 0 && + strcmp( *alg2, "none" ) != 0 ) + return 1; + + return 0; +} + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int key_opaque_set_alg_usage( const char *alg1, const char *alg2, + psa_algorithm_t *psa_alg1, + psa_algorithm_t *psa_alg2, + psa_key_usage_t *usage, + mbedtls_pk_type_t key_type ) +{ + if( strcmp( alg1, "none" ) != 0 ) + { + const char * algs[] = { alg1, alg2 }; + psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 }; + + for ( int i = 0; i < 2; i++ ) + { + if( strcmp( algs[i], "rsa-sign-pkcs1" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( algs[i], "rsa-sign-pss" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( algs[i], "rsa-decrypt" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT; + *usage |= PSA_KEY_USAGE_DECRYPT; + } + else if( strcmp( algs[i], "ecdsa-sign" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + *usage |= PSA_KEY_USAGE_SIGN_HASH; + } + else if( strcmp( algs[i], "ecdh" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_ECDH; + *usage |= PSA_KEY_USAGE_DERIVE; + } + else if( strcmp( algs[i], "none" ) == 0 ) + { + *psa_algs[i] = PSA_ALG_NONE; + } + } + } + else + { + if( key_type == MBEDTLS_PK_ECKEY ) + { + *psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ); + *psa_alg2 = PSA_ALG_ECDH; + *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE; + } + else if( key_type == MBEDTLS_PK_RSA ) + { + *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ); + *psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ); + *usage = PSA_KEY_USAGE_SIGN_HASH; + } + else + { + return 1; + } + } + + return 0; +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) int ca_callback( void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates ) diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index a359b3fe2..f0d0c3b89 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -221,6 +221,48 @@ void rng_free( rng_context_t *rng ); */ int rng_get( void *p_rng, unsigned char *output, size_t output_len ); +/** Parse command-line option: key_opaque_algs + * + * + * \param arg String value of key_opaque_algs + * Coma-separated pair of values among the following: + * - "rsa-sign-pkcs1" + * - "rsa-sign-pss" + * - "rsa-decrypt" + * - "ecdsa-sign" + * - "ecdh" + * - "none" (only acceptable for the second value). + * \param alg1 Address of pointer to alg #1 + * \param alg2 Address of pointer to alg #2 + * + * \return \c 0 on success. + * \return \c 1 on parse failure. + */ +int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 ); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +/** Parse given opaque key algoritms to obtain psa algs and usage + * that will be passed to mbedtls_pk_wrap_as_opaque(). + * + * + * \param alg1 input string opaque key algorithm #1 + * \param alg2 input string opaque key algorithm #2 + * \param psa_alg1 output PSA algorithm #1 + * \param psa_alg2 output PSA algorithm #2 + * \param usage output key usage + * \param key_type key type used to set default psa algorithm/usage + * when alg1 in "none" + * + * \return \c 0 on success. + * \return \c 1 on parse failure. + */ +int key_opaque_set_alg_usage( const char *alg1, const char *alg2, + psa_algorithm_t *psa_alg1, + psa_algorithm_t *psa_alg2, + psa_key_usage_t *usage, + mbedtls_pk_type_t key_type ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) /* The test implementation of the PSA external RNG is insecure. When * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto