mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 10:55:46 +01:00
Add server writing of the extension
This commit is contained in:
parent
bf57be690e
commit
55c7f99112
@ -2055,6 +2055,49 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
|
static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
|
||||||
|
unsigned char *buf,
|
||||||
|
size_t *olen )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
unsigned char *p = buf;
|
||||||
|
const unsigned char *end = ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||||
|
size_t kkpp_len;
|
||||||
|
|
||||||
|
*olen = 0;
|
||||||
|
|
||||||
|
/* Skip costly computation if not needed */
|
||||||
|
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
|
||||||
|
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||||
|
return;
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) );
|
||||||
|
|
||||||
|
if( end - p < 4 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF );
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
|
||||||
|
p + 2, end - p - 2, &kkpp_len,
|
||||||
|
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
*p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
|
||||||
|
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF );
|
||||||
|
|
||||||
|
*olen = kkpp_len + 4;
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN )
|
#if defined(MBEDTLS_SSL_ALPN )
|
||||||
static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
|
||||||
unsigned char *buf, size_t *olen )
|
unsigned char *buf, size_t *olen )
|
||||||
@ -2345,6 +2388,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
|
ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
|
ext_len += olen;
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
|
ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
|
@ -2510,6 +2510,7 @@ run_test "ECJPAKE: client not configured" \
|
|||||||
-S "found ecjpake kkpp extension" \
|
-S "found ecjpake kkpp extension" \
|
||||||
-S "skip ecjpake kkpp extension" \
|
-S "skip ecjpake kkpp extension" \
|
||||||
-S "ciphersuite mismatch: ecjpake not configured" \
|
-S "ciphersuite mismatch: ecjpake not configured" \
|
||||||
|
-S "server hello, ecjpake kkpp extension" \
|
||||||
-S "None of the common ciphersuites is usable"
|
-S "None of the common ciphersuites is usable"
|
||||||
|
|
||||||
run_test "ECJPAKE: server not configured" \
|
run_test "ECJPAKE: server not configured" \
|
||||||
@ -2522,6 +2523,7 @@ run_test "ECJPAKE: server not configured" \
|
|||||||
-s "found ecjpake kkpp extension" \
|
-s "found ecjpake kkpp extension" \
|
||||||
-s "skip ecjpake kkpp extension" \
|
-s "skip ecjpake kkpp extension" \
|
||||||
-s "ciphersuite mismatch: ecjpake not configured" \
|
-s "ciphersuite mismatch: ecjpake not configured" \
|
||||||
|
-S "server hello, ecjpake kkpp extension" \
|
||||||
-s "None of the common ciphersuites is usable"
|
-s "None of the common ciphersuites is usable"
|
||||||
|
|
||||||
run_test "ECJPAKE: working, TLS" \
|
run_test "ECJPAKE: working, TLS" \
|
||||||
@ -2534,6 +2536,7 @@ run_test "ECJPAKE: working, TLS" \
|
|||||||
-s "found ecjpake kkpp extension" \
|
-s "found ecjpake kkpp extension" \
|
||||||
-S "skip ecjpake kkpp extension" \
|
-S "skip ecjpake kkpp extension" \
|
||||||
-S "ciphersuite mismatch: ecjpake not configured" \
|
-S "ciphersuite mismatch: ecjpake not configured" \
|
||||||
|
-s "server hello, ecjpake kkpp extension" \
|
||||||
-S "None of the common ciphersuites is usable"
|
-S "None of the common ciphersuites is usable"
|
||||||
|
|
||||||
# Tests for ciphersuites per version
|
# Tests for ciphersuites per version
|
||||||
|
Loading…
Reference in New Issue
Block a user