ssl server: add key_opaque_algs command line option
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index d728b95..f04315e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -151,6 +151,7 @@
#define DFL_USE_SRTP 0
#define DFL_SRTP_FORCE_PROFILE 0
#define DFL_SRTP_SUPPORT_MKI 0
+#define DFL_KEY_OPAQUE_ALG "none"
#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
"02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
@@ -455,6 +456,13 @@
#define USAGE_SERIALIZATION ""
#endif
+#define USAGE_KEY_OPAQUE_ALGS \
+ " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
+ " coma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n" \
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \
@@ -519,6 +527,7 @@
USAGE_ETM \
USAGE_CURVES \
USAGE_SIG_ALGS \
+ USAGE_KEY_OPAQUE_ALGS \
"\n"
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -659,6 +668,8 @@
int use_srtp; /* Support SRTP */
int force_srtp_profile; /* SRTP protection profile to use or all */
int support_mki; /* The dtls mki mki support */
+ const char *key_opaque_alg1; /* Allowed opaque key alg 1 */
+ const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */
} opt;
#include "ssl_test_common_source.c"
@@ -1615,6 +1626,8 @@
opt.use_srtp = DFL_USE_SRTP;
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.support_mki = DFL_SRTP_SUPPORT_MKI;
+ opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
+ opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
for( i = 1; i < argc; i++ )
{
@@ -2088,6 +2101,12 @@
{
opt.support_mki = atoi( q );
}
+ else if( strcmp( p, "key_opaque_algs" ) == 0 )
+ {
+ if ( key_opaque_alg_parse( q, &opt.key_opaque_alg1,
+ &opt.key_opaque_alg2 ) != 0 )
+ goto usage;
+ }
else
goto usage;
}