Add client-side extension parsing

This commit is contained in:
Manuel Pégourié-Gonnard 2015-09-16 16:01:00 +02:00
parent 55c7f99112
commit 0a1324aaa1
2 changed files with 41 additions and 0 deletions

View File

@ -1076,6 +1076,31 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
} }
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
int ret;
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
return( 0 );
}
if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
buf, len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
return( ret );
}
return( 0 );
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len ) const unsigned char *buf, size_t len )
@ -1577,6 +1602,19 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
break; break;
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) );
if( ( ret = ssl_parse_ecjpake_kkpp( ssl,
ext + 4, ext_size ) ) != 0 )
{
return( ret );
}
break;
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
case MBEDTLS_TLS_EXT_ALPN: case MBEDTLS_TLS_EXT_ALPN:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );

View File

@ -2511,6 +2511,7 @@ run_test "ECJPAKE: client not configured" \
-S "skip ecjpake kkpp extension" \ -S "skip ecjpake kkpp extension" \
-S "ciphersuite mismatch: ecjpake not configured" \ -S "ciphersuite mismatch: ecjpake not configured" \
-S "server hello, ecjpake kkpp extension" \ -S "server hello, ecjpake kkpp extension" \
-C "found ecjpake_kkpp extension" \
-S "None of the common ciphersuites is usable" -S "None of the common ciphersuites is usable"
run_test "ECJPAKE: server not configured" \ run_test "ECJPAKE: server not configured" \
@ -2524,6 +2525,7 @@ run_test "ECJPAKE: server not configured" \
-s "skip ecjpake kkpp extension" \ -s "skip ecjpake kkpp extension" \
-s "ciphersuite mismatch: ecjpake not configured" \ -s "ciphersuite mismatch: ecjpake not configured" \
-S "server hello, ecjpake kkpp extension" \ -S "server hello, ecjpake kkpp extension" \
-C "found ecjpake_kkpp extension" \
-s "None of the common ciphersuites is usable" -s "None of the common ciphersuites is usable"
run_test "ECJPAKE: working, TLS" \ run_test "ECJPAKE: working, TLS" \
@ -2537,6 +2539,7 @@ run_test "ECJPAKE: working, TLS" \
-S "skip ecjpake kkpp extension" \ -S "skip ecjpake kkpp extension" \
-S "ciphersuite mismatch: ecjpake not configured" \ -S "ciphersuite mismatch: ecjpake not configured" \
-s "server hello, ecjpake kkpp extension" \ -s "server hello, ecjpake kkpp extension" \
-c "found ecjpake_kkpp extension" \
-S "None of the common ciphersuites is usable" -S "None of the common ciphersuites is usable"
# Tests for ciphersuites per version # Tests for ciphersuites per version