mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-05-09 03:04:24 +02:00
Remove key exchange based on encryption/decryption
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
Gabor Mezei
@@ -348,10 +348,10 @@ int main(void)
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#define USAGE_KEY_OPAQUE_ALGS \
|
||||
" key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
|
||||
" key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
|
||||
" comma-separated pair of values among the following:\n" \
|
||||
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
|
||||
" ecdsa-sign, ecdh, none (only acceptable for\n" \
|
||||
" the second value).\n" \
|
||||
|
||||
|
||||
@@ -210,7 +210,7 @@ int main(void)
|
||||
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
#define USAGE_SSL_ASYNC \
|
||||
" async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
|
||||
" async_operations=%%c... s=sign (default: -=off)\n" \
|
||||
" async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
|
||||
" async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \
|
||||
" default: -1 (not asynchronous)\n" \
|
||||
@@ -478,13 +478,13 @@ int main(void)
|
||||
" key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
|
||||
" comma-separated pair of values among the following:\n" \
|
||||
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
|
||||
" ecdsa-sign, ecdh, none (only acceptable for\n" \
|
||||
" the second value).\n" \
|
||||
" key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
|
||||
" comma-separated pair of values among the following:\n" \
|
||||
" rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
|
||||
" rsa-sign-pss-sha384, rsa-sign-pss-sha512,\n" \
|
||||
" ecdsa-sign, ecdh, none (only acceptable for\n" \
|
||||
" the second value).\n"
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
@@ -1227,16 +1227,6 @@ static int ssl_async_sign(mbedtls_ssl_context *ssl,
|
||||
hash, hash_len);
|
||||
}
|
||||
|
||||
static int ssl_async_decrypt(mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *cert,
|
||||
const unsigned char *input,
|
||||
size_t input_len)
|
||||
{
|
||||
return ssl_async_start(ssl, cert,
|
||||
ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
|
||||
input, input_len);
|
||||
}
|
||||
|
||||
static int ssl_async_resume(mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
size_t *output_len,
|
||||
@@ -1257,12 +1247,6 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
|
||||
switch (ctx->operation_type) {
|
||||
case ASYNC_OP_DECRYPT:
|
||||
ret = mbedtls_pk_decrypt(key_slot->pk,
|
||||
ctx->input, ctx->input_len,
|
||||
output, output_len, output_size,
|
||||
config_data->f_rng, config_data->p_rng);
|
||||
break;
|
||||
case ASYNC_OP_SIGN:
|
||||
ret = mbedtls_pk_sign(key_slot->pk,
|
||||
ctx->md_alg,
|
||||
@@ -3118,13 +3102,9 @@ usage:
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
if (opt.async_operations[0] != '-') {
|
||||
mbedtls_ssl_async_sign_t *sign = NULL;
|
||||
mbedtls_ssl_async_decrypt_t *decrypt = NULL;
|
||||
const char *r;
|
||||
for (r = opt.async_operations; *r; r++) {
|
||||
switch (*r) {
|
||||
case 'd':
|
||||
decrypt = ssl_async_decrypt;
|
||||
break;
|
||||
case 's':
|
||||
sign = ssl_async_sign;
|
||||
break;
|
||||
@@ -3137,7 +3117,6 @@ usage:
|
||||
ssl_async_keys.p_rng = &rng;
|
||||
mbedtls_ssl_conf_async_private_cb(&conf,
|
||||
sign,
|
||||
decrypt,
|
||||
ssl_async_resume,
|
||||
ssl_async_cancel,
|
||||
&ssl_async_keys);
|
||||
|
||||
@@ -197,7 +197,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
|
||||
strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
|
||||
strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
|
||||
strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
|
||||
strcmp(*alg1, "rsa-decrypt") != 0 &&
|
||||
strcmp(*alg1, "ecdsa-sign") != 0 &&
|
||||
strcmp(*alg1, "ecdh") != 0) {
|
||||
return 1;
|
||||
@@ -208,7 +207,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
|
||||
strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
|
||||
strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
|
||||
strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
|
||||
strcmp(*alg2, "rsa-decrypt") != 0 &&
|
||||
strcmp(*alg2, "ecdsa-sign") != 0 &&
|
||||
strcmp(*alg2, "ecdh") != 0 &&
|
||||
strcmp(*alg2, "none") != 0) {
|
||||
@@ -245,9 +243,6 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
|
||||
} else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) {
|
||||
*psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512);
|
||||
*usage |= PSA_KEY_USAGE_SIGN_HASH;
|
||||
} else if (strcmp(algs[i], "rsa-decrypt") == 0) {
|
||||
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
|
||||
*usage |= PSA_KEY_USAGE_DECRYPT;
|
||||
} else if (strcmp(algs[i], "ecdsa-sign") == 0) {
|
||||
*psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
|
||||
*usage |= PSA_KEY_USAGE_SIGN_HASH;
|
||||
|
||||
@@ -202,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len);
|
||||
* Coma-separated pair of values among the following:
|
||||
* - "rsa-sign-pkcs1"
|
||||
* - "rsa-sign-pss"
|
||||
* - "rsa-decrypt"
|
||||
* - "ecdsa-sign"
|
||||
* - "ecdh"
|
||||
* - "none" (only acceptable for the second value).
|
||||
|
||||
Reference in New Issue
Block a user