mirror of
https://github.com/cuberite/polarssl.git
synced 2025-11-03 12:11:27 -05:00
Add ecjpake_pw option to ssl_client2/server2
This commit is contained in:
Manuel Pégourié-Gonnard
parent
eef142d753
commit
70905a7855
@ -75,6 +75,7 @@ int main( void )
|
||||
#define DFL_KEY_FILE ""
|
||||
#define DFL_PSK ""
|
||||
#define DFL_PSK_IDENTITY "Client_identity"
|
||||
#define DFL_ECJPAKE_PW NULL
|
||||
#define DFL_FORCE_CIPHER 0
|
||||
#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
|
||||
#define DFL_ALLOW_LEGACY -2
|
||||
@ -210,6 +211,13 @@ int main( void )
|
||||
#define USAGE_RENEGO ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#define USAGE_ECJPAKE \
|
||||
" ecjpake_pw=%%s default: none (disabled)\n"
|
||||
#else
|
||||
#define USAGE_ECJPAKE ""
|
||||
#endif
|
||||
|
||||
#define USAGE \
|
||||
"\n usage: ssl_client2 param=<>...\n" \
|
||||
"\n acceptable parameters:\n" \
|
||||
@ -232,6 +240,7 @@ int main( void )
|
||||
USAGE_IO \
|
||||
"\n" \
|
||||
USAGE_PSK \
|
||||
USAGE_ECJPAKE \
|
||||
"\n" \
|
||||
" allow_legacy=%%d default: (library default: no)\n" \
|
||||
USAGE_RENEGO \
|
||||
@ -277,6 +286,7 @@ struct options
|
||||
const char *key_file; /* the file with the client key */
|
||||
const char *psk; /* the pre-shared key */
|
||||
const char *psk_identity; /* the pre-shared key identity */
|
||||
const char *ecjpake_pw; /* the EC J-PAKE password */
|
||||
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
||||
int renegotiation; /* enable / disable renegotiation */
|
||||
int allow_legacy; /* allow legacy renegotiation */
|
||||
@ -466,6 +476,7 @@ int main( int argc, char *argv[] )
|
||||
opt.key_file = DFL_KEY_FILE;
|
||||
opt.psk = DFL_PSK;
|
||||
opt.psk_identity = DFL_PSK_IDENTITY;
|
||||
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
||||
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
|
||||
opt.renegotiation = DFL_RENEGOTIATION;
|
||||
opt.allow_legacy = DFL_ALLOW_LEGACY;
|
||||
@ -553,6 +564,8 @@ int main( int argc, char *argv[] )
|
||||
opt.psk = q;
|
||||
else if( strcmp( p, "psk_identity" ) == 0 )
|
||||
opt.psk_identity = q;
|
||||
else if( strcmp( p, "ecjpake_pw" ) == 0 )
|
||||
opt.ecjpake_pw = q;
|
||||
else if( strcmp( p, "force_ciphersuite" ) == 0 )
|
||||
{
|
||||
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
|
||||
@ -1194,6 +1207,19 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
|
||||
(const unsigned char *) opt.ecjpake_pw,
|
||||
strlen( opt.ecjpake_pw ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if( opt.nbio == 2 )
|
||||
mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
|
||||
else
|
||||
|
||||
@ -102,6 +102,7 @@ int main( void )
|
||||
#define DFL_KEY_FILE2 ""
|
||||
#define DFL_PSK ""
|
||||
#define DFL_PSK_IDENTITY "Client_identity"
|
||||
#define DFL_ECJPAKE_PW NULL
|
||||
#define DFL_PSK_LIST NULL
|
||||
#define DFL_FORCE_CIPHER 0
|
||||
#define DFL_VERSION_SUITES NULL
|
||||
@ -293,6 +294,13 @@ int main( void )
|
||||
#define USAGE_RENEGO ""
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#define USAGE_ECJPAKE \
|
||||
" ecjpake_pw=%%s default: none (disabled)\n"
|
||||
#else
|
||||
#define USAGE_ECJPAKE ""
|
||||
#endif
|
||||
|
||||
#define USAGE \
|
||||
"\n usage: ssl_server2 param=<>...\n" \
|
||||
"\n acceptable parameters:\n" \
|
||||
@ -314,6 +322,7 @@ int main( void )
|
||||
USAGE_SNI \
|
||||
"\n" \
|
||||
USAGE_PSK \
|
||||
USAGE_ECJPAKE \
|
||||
"\n" \
|
||||
" allow_legacy=%%d default: (library default: no)\n" \
|
||||
USAGE_RENEGO \
|
||||
@ -358,6 +367,7 @@ struct options
|
||||
const char *psk; /* the pre-shared key */
|
||||
const char *psk_identity; /* the pre-shared key identity */
|
||||
char *psk_list; /* list of PSK id/key pairs for callback */
|
||||
const char *ecjpake_pw; /* the EC J-PAKE password */
|
||||
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
||||
const char *version_suites; /* per-version ciphersuites */
|
||||
int renegotiation; /* enable / disable renegotiation */
|
||||
@ -900,6 +910,7 @@ int main( int argc, char *argv[] )
|
||||
opt.psk = DFL_PSK;
|
||||
opt.psk_identity = DFL_PSK_IDENTITY;
|
||||
opt.psk_list = DFL_PSK_LIST;
|
||||
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
||||
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
|
||||
opt.version_suites = DFL_VERSION_SUITES;
|
||||
opt.renegotiation = DFL_RENEGOTIATION;
|
||||
@ -985,6 +996,8 @@ int main( int argc, char *argv[] )
|
||||
opt.psk_identity = q;
|
||||
else if( strcmp( p, "psk_list" ) == 0 )
|
||||
opt.psk_list = q;
|
||||
else if( strcmp( p, "ecjpake_pw" ) == 0 )
|
||||
opt.ecjpake_pw = q;
|
||||
else if( strcmp( p, "force_ciphersuite" ) == 0 )
|
||||
{
|
||||
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
|
||||
@ -1898,6 +1911,19 @@ reset:
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
|
||||
{
|
||||
if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
|
||||
(const unsigned char *) opt.ecjpake_pw,
|
||||
strlen( opt.ecjpake_pw ) ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
/*
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user