From 55c7f991120f850a8b8704ca685dca76e7ab1a58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg2@elzevir.fr>
Date: Wed, 16 Sep 2015 15:35:27 +0200
Subject: [PATCH] Add server writing of the extension

---
 library/ssl_srv.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++
 tests/ssl-opt.sh  |  3 +++
 2 files changed, 51 insertions(+)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 9088965b4..b5256d3aa 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2055,6 +2055,49 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
+                                        unsigned char *buf,
+                                        size_t *olen )
+{
+    int ret;
+    unsigned char *p = buf;
+    const unsigned char *end = ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    size_t kkpp_len;
+
+    *olen = 0;
+
+    /* Skip costly computation if not needed */
+    if( ssl->transform_negotiate->ciphersuite_info->key_exchange !=
+        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+        return;
+
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) );
+
+    if( end - p < 4 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP      ) & 0xFF );
+
+    if( ( ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
+                    p + 2, end - p - 2, &kkpp_len,
+                    ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
+        return;
+    }
+
+    *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF );
+    *p++ = (unsigned char)( ( kkpp_len      ) & 0xFF );
+
+    *olen = kkpp_len + 4;
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
 #if defined(MBEDTLS_SSL_ALPN )
 static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
                                 unsigned char *buf, size_t *olen )
@@ -2345,6 +2388,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
     ext_len += olen;
 #endif
 
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
+    ext_len += olen;
+#endif
+
 #if defined(MBEDTLS_SSL_ALPN)
     ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
     ext_len += olen;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8051aed42..4c65d8440 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2510,6 +2510,7 @@ run_test    "ECJPAKE: client not configured" \
             -S "found ecjpake kkpp extension" \
             -S "skip ecjpake kkpp extension" \
             -S "ciphersuite mismatch: ecjpake not configured" \
+            -S "server hello, ecjpake kkpp extension" \
             -S "None of the common ciphersuites is usable"
 
 run_test    "ECJPAKE: server not configured" \
@@ -2522,6 +2523,7 @@ run_test    "ECJPAKE: server not configured" \
             -s "found ecjpake kkpp extension" \
             -s "skip ecjpake kkpp extension" \
             -s "ciphersuite mismatch: ecjpake not configured" \
+            -S "server hello, ecjpake kkpp extension" \
             -s "None of the common ciphersuites is usable"
 
 run_test    "ECJPAKE: working, TLS" \
@@ -2534,6 +2536,7 @@ run_test    "ECJPAKE: working, TLS" \
             -s "found ecjpake kkpp extension" \
             -S "skip ecjpake kkpp extension" \
             -S "ciphersuite mismatch: ecjpake not configured" \
+            -s "server hello, ecjpake kkpp extension" \
             -S "None of the common ciphersuites is usable"
 
 # Tests for ciphersuites per version