Add server extension parsing
Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag
for both), and ignore extension if we have no password.
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index d9e3e5c..b74cca2 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -150,6 +150,7 @@
* of state of the renegotiation flag, so no indicator is required)
*/
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
+#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
#ifdef __cplusplus
extern "C" {
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 6676c18..9088965 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -318,6 +318,33 @@
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ size_t len )
+{
+ int ret;
+
+ if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
+ return( 0 );
+ }
+
+ if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
+ buf, len ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
+ return( ret );
+ }
+
+ /* Only mark the extension as OK when we're sure it is */
+ ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK;
+
+ return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -709,10 +736,10 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
- mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
+ ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: "
- "ecjpake not configured" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: ecjpake "
+ "not configured or ext missing" ) );
return( 0 );
}
#endif
@@ -1571,6 +1598,16 @@
break;
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) );
+
+ ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size );
+ if( ret != 0 )
+ return( ret );
+ break;
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) );
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 20ee6bc..8051aed 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2507,6 +2507,8 @@
0 \
-C "add ciphersuite: c0ff" \
-C "adding ecjpake_kkpp extension" \
+ -S "found ecjpake kkpp extension" \
+ -S "skip ecjpake kkpp extension" \
-S "ciphersuite mismatch: ecjpake not configured" \
-S "None of the common ciphersuites is usable"
@@ -2517,9 +2519,23 @@
1 \
-c "add ciphersuite: c0ff" \
-c "adding ecjpake_kkpp extension" \
+ -s "found ecjpake kkpp extension" \
+ -s "skip ecjpake kkpp extension" \
-s "ciphersuite mismatch: ecjpake not configured" \
-s "None of the common ciphersuites is usable"
+run_test "ECJPAKE: working, TLS" \
+ "$P_SRV debug_level=3 ecjpake_pw=bla" \
+ "$P_CLI debug_level=3 ecjpake_pw=bla \
+ force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
+ 1 \
+ -c "add ciphersuite: c0ff" \
+ -c "adding ecjpake_kkpp extension" \
+ -s "found ecjpake kkpp extension" \
+ -S "skip ecjpake kkpp extension" \
+ -S "ciphersuite mismatch: ecjpake not configured" \
+ -S "None of the common ciphersuites is usable"
+
# Tests for ciphersuites per version
run_test "Per-version suites: SSL3" \