fac92db771
This commit adds support for the use of PSA-based opaque PSKs in the TLS client example application programs/ssl/ssl_client2. Specifically, a numerical command line option `psk_slot` with the following constraints and semantics is added: - It can only be used alongside the provisioning of a raw PSK through the preexisting `psk` command line option. - It can only be used if both TLS 1.2 and a PSK-only ciphersuite are enforced through the appropriate use of the `min_version` and `force_ciphersuite` command line options. - If the previous conditions are met, setting `psk_slot=d` will result in the PSA key slot with identifier `d` being populated with the raw PSK data specified through the `psk` parameter and passed to Mbed TLS via `mbedtls_ssl_conf_psk_opaque()` prior to the handshake. Enforcing the TLS version and ciphersuite is necessary to determine the exact KDF algorithm the PSK will be used for. This is required as it is currently not possible to set up a key without specifying exactly one algorithm the key may be used with. |
||
---|---|---|
.. | ||
CMakeLists.txt | ||
dtls_client.c | ||
dtls_server.c | ||
mini_client.c | ||
ssl_client1.c | ||
ssl_client2.c | ||
ssl_fork_server.c | ||
ssl_mail_client.c | ||
ssl_pthread_server.c | ||
ssl_server.c | ||
ssl_server2.c |