Add client-side extension parsing
This commit is contained in:
parent
55c7f99112
commit
0a1324aaa1
2 changed files with 41 additions and 0 deletions
|
@ -1076,6 +1076,31 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
|
static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
|
||||||
|
const unsigned char *buf,
|
||||||
|
size_t len )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
|
||||||
|
MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
|
||||||
|
buf, len ) ) != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf, size_t len )
|
const unsigned char *buf, size_t len )
|
||||||
|
@ -1577,6 +1602,19 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
break;
|
break;
|
||||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
|
case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) );
|
||||||
|
|
||||||
|
if( ( ret = ssl_parse_ecjpake_kkpp( ssl,
|
||||||
|
ext + 4, ext_size ) ) != 0 )
|
||||||
|
{
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
case MBEDTLS_TLS_EXT_ALPN:
|
case MBEDTLS_TLS_EXT_ALPN:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
|
||||||
|
|
|
@ -2511,6 +2511,7 @@ run_test "ECJPAKE: client not configured" \
|
||||||
-S "skip ecjpake kkpp extension" \
|
-S "skip ecjpake kkpp extension" \
|
||||||
-S "ciphersuite mismatch: ecjpake not configured" \
|
-S "ciphersuite mismatch: ecjpake not configured" \
|
||||||
-S "server hello, ecjpake kkpp extension" \
|
-S "server hello, ecjpake kkpp extension" \
|
||||||
|
-C "found ecjpake_kkpp extension" \
|
||||||
-S "None of the common ciphersuites is usable"
|
-S "None of the common ciphersuites is usable"
|
||||||
|
|
||||||
run_test "ECJPAKE: server not configured" \
|
run_test "ECJPAKE: server not configured" \
|
||||||
|
@ -2524,6 +2525,7 @@ run_test "ECJPAKE: server not configured" \
|
||||||
-s "skip ecjpake kkpp extension" \
|
-s "skip ecjpake kkpp extension" \
|
||||||
-s "ciphersuite mismatch: ecjpake not configured" \
|
-s "ciphersuite mismatch: ecjpake not configured" \
|
||||||
-S "server hello, ecjpake kkpp extension" \
|
-S "server hello, ecjpake kkpp extension" \
|
||||||
|
-C "found ecjpake_kkpp extension" \
|
||||||
-s "None of the common ciphersuites is usable"
|
-s "None of the common ciphersuites is usable"
|
||||||
|
|
||||||
run_test "ECJPAKE: working, TLS" \
|
run_test "ECJPAKE: working, TLS" \
|
||||||
|
@ -2537,6 +2539,7 @@ run_test "ECJPAKE: working, TLS" \
|
||||||
-S "skip ecjpake kkpp extension" \
|
-S "skip ecjpake kkpp extension" \
|
||||||
-S "ciphersuite mismatch: ecjpake not configured" \
|
-S "ciphersuite mismatch: ecjpake not configured" \
|
||||||
-s "server hello, ecjpake kkpp extension" \
|
-s "server hello, ecjpake kkpp extension" \
|
||||||
|
-c "found ecjpake_kkpp extension" \
|
||||||
-S "None of the common ciphersuites is usable"
|
-S "None of the common ciphersuites is usable"
|
||||||
|
|
||||||
# Tests for ciphersuites per version
|
# Tests for ciphersuites per version
|
||||||
|
|
Loading…
Reference in a new issue