Implement key_opaque option to ssl_client2

This commit is contained in:
Manuel Pégourié-Gonnard 2018-11-08 09:52:25 +01:00 committed by Hanno Becker
parent ca906fb8b9
commit f83d31260d
2 changed files with 29 additions and 2 deletions

View file

@ -566,6 +566,9 @@ int main( int argc, char *argv[] )
mbedtls_x509_crt cacert; mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert; mbedtls_x509_crt clicert;
mbedtls_pk_context pkey; mbedtls_pk_context pkey;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_slot_t key_slot = 0; /* invalid key slot */
#endif
#endif #endif
char *p, *q; char *p, *q;
const int *list; const int *list;
@ -1327,11 +1330,17 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 ) if( opt.key_opaque != 0 )
{ {
/* coming soon: load key to key slot */ if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
PSA_ALG_SHA_256 ) ) != 0 )
{
mbedtls_printf( " failed\n ! "
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", -ret );
goto exit;
}
} }
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
/* /*
@ -2138,6 +2147,9 @@ exit:
mbedtls_x509_crt_free( &clicert ); mbedtls_x509_crt_free( &clicert );
mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crt_free( &cacert );
mbedtls_pk_free( &pkey ); mbedtls_pk_free( &pkey );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key( key_slot );
#endif
#endif #endif
mbedtls_ssl_session_free( &saved_session ); mbedtls_ssl_session_free( &saved_session );
mbedtls_ssl_free( &ssl ); mbedtls_ssl_free( &ssl );

View file

@ -865,6 +865,21 @@ run_test "Default, DTLS" \
-s "Protocol is DTLSv1.2" \ -s "Protocol is DTLSv1.2" \
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
# Test using an opaque private key for client authentication
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C
run_test "Opaque key for client authentication" \
"$P_SRV auth_mode=required" \
"$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
key_file=data_files/server5.key" \
0 \
-c "key type: Opaque" \
-s "Verifying peer X.509 certificate... ok" \
-S "error" \
-C "error"
# Test current time in ServerHello # Test current time in ServerHello
requires_config_enabled MBEDTLS_HAVE_TIME requires_config_enabled MBEDTLS_HAVE_TIME
run_test "ServerHello contains gmt_unix_time" \ run_test "ServerHello contains gmt_unix_time" \