From e511b4e7cb7316b244d02e667c3f7667159d0ee8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Sep 2015 14:11:09 +0200 Subject: [PATCH] Ignore ECJPAKE suite if not configured on server --- library/ssl_srv.c | 11 +++++++++++ tests/ssl-opt.sh | 21 +++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index aab25e22e..6676c18a0 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -707,6 +707,17 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, } #endif +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && + mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: " + "ecjpake not configured" ) ); + return( 0 ); + } +#endif + + #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) && ( ssl->handshake->curves == NULL || diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 77db588db..20ee6bc15 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2499,6 +2499,27 @@ run_test "PSK callback: wrong key" \ -S "SSL - Unknown identity received" \ -s "SSL - Verification of the message MAC failed" +# Tests for EC J-PAKE + +run_test "ECJPAKE: client not configured" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3" \ + 0 \ + -C "add ciphersuite: c0ff" \ + -C "adding ecjpake_kkpp extension" \ + -S "ciphersuite mismatch: ecjpake not configured" \ + -S "None of the common ciphersuites is usable" + +run_test "ECJPAKE: server not configured" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3 ecjpake_pw=bla \ + force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ + 1 \ + -c "add ciphersuite: c0ff" \ + -c "adding ecjpake_kkpp extension" \ + -s "ciphersuite mismatch: ecjpake not configured" \ + -s "None of the common ciphersuites is usable" + # Tests for ciphersuites per version run_test "Per-version suites: SSL3" \