diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9088965b4..b5256d3aa 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2055,6 +2055,49 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen ) +{ + int ret; + unsigned char *p = buf; + const unsigned char *end = ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN; + size_t kkpp_len; + + *olen = 0; + + /* Skip costly computation if not needed */ + if( ssl->transform_negotiate->ciphersuite_info->key_exchange != + MBEDTLS_KEY_EXCHANGE_ECJPAKE ) + return; + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) ); + + if( end - p < 4 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + + if( ( ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, + p + 2, end - p - 2, &kkpp_len, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); + return; + } + + *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); + + *olen = kkpp_len + 4; +} +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + #if defined(MBEDTLS_SSL_ALPN ) static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) @@ -2345,6 +2388,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; +#endif + #if defined(MBEDTLS_SSL_ALPN) ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8051aed42..4c65d8440 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2510,6 +2510,7 @@ run_test "ECJPAKE: client not configured" \ -S "found ecjpake kkpp extension" \ -S "skip ecjpake kkpp extension" \ -S "ciphersuite mismatch: ecjpake not configured" \ + -S "server hello, ecjpake kkpp extension" \ -S "None of the common ciphersuites is usable" run_test "ECJPAKE: server not configured" \ @@ -2522,6 +2523,7 @@ run_test "ECJPAKE: server not configured" \ -s "found ecjpake kkpp extension" \ -s "skip ecjpake kkpp extension" \ -s "ciphersuite mismatch: ecjpake not configured" \ + -S "server hello, ecjpake kkpp extension" \ -s "None of the common ciphersuites is usable" run_test "ECJPAKE: working, TLS" \ @@ -2534,6 +2536,7 @@ run_test "ECJPAKE: working, TLS" \ -s "found ecjpake kkpp extension" \ -S "skip ecjpake kkpp extension" \ -S "ciphersuite mismatch: ecjpake not configured" \ + -s "server hello, ecjpake kkpp extension" \ -S "None of the common ciphersuites is usable" # Tests for ciphersuites per version