From 0a1324aaa16c3bf91fe97600bb63f1116669a00f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Sep 2015 16:01:00 +0200 Subject: [PATCH] Add client-side extension parsing --- library/ssl_cli.c | 38 ++++++++++++++++++++++++++++++++++++++ tests/ssl-opt.sh | 3 +++ 2 files changed, 41 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 6b8236d45..e1cd245ad 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1076,6 +1076,31 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + int ret; + + if( ssl->transform_negotiate->ciphersuite_info->key_exchange != + MBEDTLS_KEY_EXCHANGE_ECJPAKE ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) ); + return( 0 ); + } + + if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, + buf, len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); + return( ret ); + } + + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + #if defined(MBEDTLS_SSL_ALPN) static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) @@ -1577,6 +1602,19 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) ); + + if( ( ret = ssl_parse_ecjpake_kkpp( ssl, + ext + 4, ext_size ) ) != 0 ) + { + return( ret ); + } + + break; +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + #if defined(MBEDTLS_SSL_ALPN) case MBEDTLS_TLS_EXT_ALPN: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4c65d8440..2527a863a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2511,6 +2511,7 @@ run_test "ECJPAKE: client not configured" \ -S "skip ecjpake kkpp extension" \ -S "ciphersuite mismatch: ecjpake not configured" \ -S "server hello, ecjpake kkpp extension" \ + -C "found ecjpake_kkpp extension" \ -S "None of the common ciphersuites is usable" run_test "ECJPAKE: server not configured" \ @@ -2524,6 +2525,7 @@ run_test "ECJPAKE: server not configured" \ -s "skip ecjpake kkpp extension" \ -s "ciphersuite mismatch: ecjpake not configured" \ -S "server hello, ecjpake kkpp extension" \ + -C "found ecjpake_kkpp extension" \ -s "None of the common ciphersuites is usable" run_test "ECJPAKE: working, TLS" \ @@ -2537,6 +2539,7 @@ run_test "ECJPAKE: working, TLS" \ -S "skip ecjpake kkpp extension" \ -S "ciphersuite mismatch: ecjpake not configured" \ -s "server hello, ecjpake kkpp extension" \ + -c "found ecjpake_kkpp extension" \ -S "None of the common ciphersuites is usable" # Tests for ciphersuites per version