diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 99c2d2a5e..53ec635af 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -75,6 +75,7 @@ int main( void ) #define DFL_KEY_FILE "" #define DFL_PSK "" #define DFL_PSK_IDENTITY "Client_identity" +#define DFL_ECJPAKE_PW NULL #define DFL_FORCE_CIPHER 0 #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED #define DFL_ALLOW_LEGACY -2 @@ -210,6 +211,13 @@ int main( void ) #define USAGE_RENEGO "" #endif +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#define USAGE_ECJPAKE \ + " ecjpake_pw=%%s default: none (disabled)\n" +#else +#define USAGE_ECJPAKE "" +#endif + #define USAGE \ "\n usage: ssl_client2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -232,6 +240,7 @@ int main( void ) USAGE_IO \ "\n" \ USAGE_PSK \ + USAGE_ECJPAKE \ "\n" \ " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ @@ -277,6 +286,7 @@ struct options const char *key_file; /* the file with the client key */ const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ + const char *ecjpake_pw; /* the EC J-PAKE password */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ int renegotiation; /* enable / disable renegotiation */ int allow_legacy; /* allow legacy renegotiation */ @@ -466,6 +476,7 @@ int main( int argc, char *argv[] ) opt.key_file = DFL_KEY_FILE; opt.psk = DFL_PSK; opt.psk_identity = DFL_PSK_IDENTITY; + opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.renegotiation = DFL_RENEGOTIATION; opt.allow_legacy = DFL_ALLOW_LEGACY; @@ -553,6 +564,8 @@ int main( int argc, char *argv[] ) opt.psk = q; else if( strcmp( p, "psk_identity" ) == 0 ) opt.psk_identity = q; + else if( strcmp( p, "ecjpake_pw" ) == 0 ) + opt.ecjpake_pw = q; else if( strcmp( p, "force_ciphersuite" ) == 0 ) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q ); @@ -1194,6 +1207,19 @@ int main( int argc, char *argv[] ) } #endif +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + if( opt.ecjpake_pw != DFL_ECJPAKE_PW ) + { + if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl, + (const unsigned char *) opt.ecjpake_pw, + strlen( opt.ecjpake_pw ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret ); + goto exit; + } + } +#endif + if( opt.nbio == 2 ) mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL ); else diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f169291eb..3f88452b6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -102,6 +102,7 @@ int main( void ) #define DFL_KEY_FILE2 "" #define DFL_PSK "" #define DFL_PSK_IDENTITY "Client_identity" +#define DFL_ECJPAKE_PW NULL #define DFL_PSK_LIST NULL #define DFL_FORCE_CIPHER 0 #define DFL_VERSION_SUITES NULL @@ -293,6 +294,13 @@ int main( void ) #define USAGE_RENEGO "" #endif +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#define USAGE_ECJPAKE \ + " ecjpake_pw=%%s default: none (disabled)\n" +#else +#define USAGE_ECJPAKE "" +#endif + #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ @@ -314,6 +322,7 @@ int main( void ) USAGE_SNI \ "\n" \ USAGE_PSK \ + USAGE_ECJPAKE \ "\n" \ " allow_legacy=%%d default: (library default: no)\n" \ USAGE_RENEGO \ @@ -358,6 +367,7 @@ struct options const char *psk; /* the pre-shared key */ const char *psk_identity; /* the pre-shared key identity */ char *psk_list; /* list of PSK id/key pairs for callback */ + const char *ecjpake_pw; /* the EC J-PAKE password */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ const char *version_suites; /* per-version ciphersuites */ int renegotiation; /* enable / disable renegotiation */ @@ -900,6 +910,7 @@ int main( int argc, char *argv[] ) opt.psk = DFL_PSK; opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_list = DFL_PSK_LIST; + opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.version_suites = DFL_VERSION_SUITES; opt.renegotiation = DFL_RENEGOTIATION; @@ -985,6 +996,8 @@ int main( int argc, char *argv[] ) opt.psk_identity = q; else if( strcmp( p, "psk_list" ) == 0 ) opt.psk_list = q; + else if( strcmp( p, "ecjpake_pw" ) == 0 ) + opt.ecjpake_pw = q; else if( strcmp( p, "force_ciphersuite" ) == 0 ) { opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q ); @@ -1898,6 +1911,19 @@ reset: } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + if( opt.ecjpake_pw != DFL_ECJPAKE_PW ) + { + if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl, + (const unsigned char *) opt.ecjpake_pw, + strlen( opt.ecjpake_pw ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret ); + goto exit; + } + } +#endif + mbedtls_printf( " ok\n" ); /*