From bf57be690e2e20a08cc64a75ffd6e64222ee3bc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Sep 2015 15:04:01 +0200 Subject: [PATCH] Add server extension parsing Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag for both), and ignore extension if we have no password. --- include/mbedtls/ssl_internal.h | 1 + library/ssl_srv.c | 43 +++++++++++++++++++++++++++++++--- tests/ssl-opt.sh | 16 +++++++++++++ 3 files changed, 57 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index d9e3e5c8f..b74cca2df 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -150,6 +150,7 @@ * of state of the renegotiation flag, so no indicator is required) */ #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) +#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) #ifdef __cplusplus extern "C" { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6676c18a0..9088965b4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -318,6 +318,33 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + int ret; + + if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) ); + return( 0 ); + } + + if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, + buf, len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); + return( ret ); + } + + /* Only mark the extension as OK when we're sure it is */ + ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; + + return( 0 ); +} +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -709,10 +736,10 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) + ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: " - "ecjpake not configured" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: ecjpake " + "not configured or ext missing" ) ); return( 0 ); } #endif @@ -1571,6 +1598,16 @@ read_record_header: break; #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) ); + + ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 20ee6bc15..8051aed42 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2507,6 +2507,8 @@ run_test "ECJPAKE: client not configured" \ 0 \ -C "add ciphersuite: c0ff" \ -C "adding ecjpake_kkpp extension" \ + -S "found ecjpake kkpp extension" \ + -S "skip ecjpake kkpp extension" \ -S "ciphersuite mismatch: ecjpake not configured" \ -S "None of the common ciphersuites is usable" @@ -2517,9 +2519,23 @@ run_test "ECJPAKE: server not configured" \ 1 \ -c "add ciphersuite: c0ff" \ -c "adding ecjpake_kkpp extension" \ + -s "found ecjpake kkpp extension" \ + -s "skip ecjpake kkpp extension" \ -s "ciphersuite mismatch: ecjpake not configured" \ -s "None of the common ciphersuites is usable" +run_test "ECJPAKE: working, TLS" \ + "$P_SRV debug_level=3 ecjpake_pw=bla" \ + "$P_CLI debug_level=3 ecjpake_pw=bla \ + force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ + 1 \ + -c "add ciphersuite: c0ff" \ + -c "adding ecjpake_kkpp extension" \ + -s "found ecjpake kkpp extension" \ + -S "skip ecjpake kkpp extension" \ + -S "ciphersuite mismatch: ecjpake not configured" \ + -S "None of the common ciphersuites is usable" + # Tests for ciphersuites per version run_test "Per-version suites: SSL3" \