diff --git a/examples/coap-client.c b/examples/coap-client.c index 3fdc121dd0..f0c1b7264f 100644 --- a/examples/coap-client.c +++ b/examples/coap-client.c @@ -154,6 +154,7 @@ static coap_oscore_conf_t *oscore_conf = NULL; static int doing_oscore = 0; static int doing_tls_engine = 0; static char *tls_engine_conf = NULL; +static int ec_jpake = 0; static int quit = 0; @@ -509,7 +510,7 @@ usage(const char *program, const char *version) { "\t\t[-E oscore_conf_file[,seq_file]] [-G count] [-H hoplimit]\n" "\t\t[-K interval] [-N] [-O num,text] [-P scheme://address[:port]\n" "\t\t[-T token] [-U] [-V num] [-X size]\n" - "\t\t[[-h match_hint_file] [-k key] [-u user]]\n" + "\t\t[[-h match_hint_file] [-k key] [-u user] [-2]]\n" "\t\t[[-c certfile] [-j keyfile] [-n] [-C cafile]\n" "\t\t[-J pkcs11_pin] [-M raw_pk] [-R trust_casfile]] URI\n" "\tURI can be an absolute URI or a URI prefixed with scheme and host\n\n" @@ -590,6 +591,7 @@ usage(const char *program, const char *version) { "\t \t\tkey begins with 0x, then the hex text (two [0-9a-f] per\n" "\t \t\tbyte) is converted to binary data\n" "\t-u user\t\tUser identity to send for pre-shared key mode\n" + "\t-2 \t\tUse EC-JPAKE negotiation (if supported)\n" "PKI Options (if supported by underlying (D)TLS library)\n" "\tNote: If any one of '-c certfile', '-j keyfile' or '-C cafile' is in\n" "\tPKCS11 URI naming format (pkcs11: prefix), then any remaining non\n" @@ -1467,6 +1469,7 @@ setup_psk(const uint8_t *identity, memset(&dtls_psk, 0, sizeof(dtls_psk)); dtls_psk.version = COAP_DTLS_CPSK_SETUP_VERSION; + dtls_psk.ec_jpake = ec_jpake; if (valid_ihs.count) { dtls_psk.validate_ih_call_back = verify_ih_callback; } @@ -1663,7 +1666,7 @@ main(int argc, char **argv) { coap_startup(); while ((opt = getopt(argc, argv, - "a:b:c:e:f:h:j:k:l:m:no:p:q:rs:t:u:v:wA:B:C:E:G:H:J:K:L:M:NO:P:R:T:UV:X:")) != -1) { + "a:b:c:e:f:h:j:k:l:m:no:p:q:rs:t:u:v:wA:B:C:E:G:H:J:K:L:M:NO:P:R:T:UV:X:2")) != -1) { switch (opt) { case 'a': strncpy(node_str, optarg, NI_MAXHOST - 1); @@ -1816,6 +1819,9 @@ main(int argc, char **argv) { tls_engine_conf = optarg; doing_tls_engine = 1; break; + case '2': + ec_jpake = 1; + break; default: usage(argv[0], LIBCOAP_PACKAGE_VERSION); goto failed; diff --git a/examples/coap-server.c b/examples/coap-server.c index 7835d3c367..1fd421f009 100644 --- a/examples/coap-server.c +++ b/examples/coap-server.c @@ -75,6 +75,7 @@ static coap_oscore_conf_t *oscore_conf; static int doing_oscore = 0; static int doing_tls_engine = 0; static char *tls_engine_conf = NULL; +static int ec_jpake = 0; /* set to 1 to request clean server shutdown */ static int quit = 0; @@ -2079,6 +2080,7 @@ setup_spsk(void) { memset(&dtls_spsk, 0, sizeof(dtls_spsk)); dtls_spsk.version = COAP_DTLS_SPSK_SETUP_VERSION; + dtls_spsk.ec_jpake = ec_jpake; dtls_spsk.validate_id_call_back = valid_ids.count ? verify_id_callback : NULL; dtls_spsk.validate_sni_call_back = valid_psk_snis.count ? @@ -2145,7 +2147,7 @@ usage(const char *program, const char *version) { "\t\t[-L value] [-N] [-P scheme://address[:port],[name1[,name2..]]]\n" "\t\t[-T max_token_size] [-U type] [-V num] [-X size]\n" "\t\t[[-h hint] [-i match_identity_file] [-k key]\n" - "\t\t[-s match_psk_sni_file] [-u user]]\n" + "\t\t[-s match_psk_sni_file] [-u user] [-2]]\n" "\t\t[[-c certfile] [-j keyfile] [-m] [-n] [-C cafile]\n" "\t\t[-J pkcs11_pin] [-M rpk_file] [-R trust_casfile]\n" "\t\t[-S match_pki_sni_file]]\n" @@ -2252,6 +2254,7 @@ usage(const char *program, const char *version) { "\t \t\t-s followed by -i\n" "\t-u user\t\tUser identity for pre-shared key mode (only used if\n" "\t \t\toption -P is set)\n" + "\t-2 \t\tUse EC-JPAKE negotiation (if supported)\n" ); fprintf(stderr, "PKI Options (if supported by underlying (D)TLS library)\n" @@ -2850,7 +2853,7 @@ main(int argc, char **argv) { clock_offset = time(NULL); while ((opt = getopt(argc, argv, - "a:b:c:d:eg:h:i:j:k:l:mnp:q:rs:tu:v:w:A:C:E:G:J:L:M:NP:R:S:T:U:V:X:")) != -1) { + "a:b:c:d:eg:h:i:j:k:l:mnp:q:rs:tu:v:w:A:C:E:G:J:L:M:NP:R:S:T:U:V:X:2")) != -1) { switch (opt) { #ifndef _WIN32 case 'a': @@ -3016,6 +3019,9 @@ main(int argc, char **argv) { case 'X': csm_max_message_size = strtol(optarg, NULL, 10); break; + case '2': + ec_jpake = 1; + break; default: usage(argv[0], LIBCOAP_PACKAGE_VERSION); goto failed; diff --git a/include/coap3/coap_dtls.h b/include/coap3/coap_dtls.h index 1444cde091..10b01bf8ee 100644 --- a/include/coap3/coap_dtls.h +++ b/include/coap3/coap_dtls.h @@ -451,9 +451,11 @@ typedef struct coap_dtls_cpsk_t { to support this version of the struct */ /* Options to enable different TLS functionality in libcoap */ - uint8_t reserved[7]; /**< Reserved - must be set to 0 for - future compatibility */ - /* Size of 7 chosen to align to next + uint8_t ec_jpake; /**< Set to 1 if EC-JPAKE is to be used. + Currently Mbed TLS only */ + uint8_t reserved[6]; /**< Reserved - must be set to 0 for + future compatibility */ + /* Size of 6 chosen to align to next * parameter, so if newly defined option * it can use one of the reserverd slot so * no need to change @@ -539,9 +541,11 @@ typedef struct coap_dtls_spsk_t { to support this version of the struct */ /* Options to enable different TLS functionality in libcoap */ - uint8_t reserved[7]; /**< Reserved - must be set to 0 for - future compatibility */ - /* Size of 7 chosen to align to next + uint8_t ec_jpake; /**< Set to 1 if EC-JPAKE can be used. + Currently Mbed TLS only */ + uint8_t reserved[6]; /**< Reserved - must be set to 0 for + future compatibility */ + /* Size of 6 chosen to align to next * parameter, so if newly defined option * it can use one of the reserverd slot so * no need to change diff --git a/man/coap-client.txt.in b/man/coap-client.txt.in index a3efdb64bd..f6fe0bef2e 100644 --- a/man/coap-client.txt.in +++ b/man/coap-client.txt.in @@ -27,7 +27,7 @@ SYNOPSIS [*-K* interval] [*-L* value] [*-N*] [*-O* num,text] [*-P* scheme://addr[:port]] [*-T* token] [*-U*] [*-V* num] [*-X* size] - [[*-h* match_hint_file] [*-k* key] [*-u* user]] + [[*-h* match_hint_file] [*-k* key] [*-u* user] [*-2*]] [[*-c* certfile] [*-j* keyfile] [*-n*] [*-C* cafile] [*-J* pkcs11_pin] [*-M* rpk_file] [*-R* trust_casfile]] URI @@ -217,6 +217,9 @@ OPTIONS - PSK *-u* user:: User identity to send for pre-shared key mode (*-k* option also required). +*-2* :: + Use EC-JPAKE negotiation (if supported). + OPTIONS - PKI ------------- (If supported by underlying (D)TLS library) diff --git a/man/coap-server.txt.in b/man/coap-server.txt.in index 82c9d0db86..13284f107a 100644 --- a/man/coap-server.txt.in +++ b/man/coap-server.txt.in @@ -27,7 +27,7 @@ SYNOPSIS [*-P* scheme://addr[:port],[name1[,name2..]]] [*-T* max_token_size] [*-U* type] [*-V* num] [*-X* size] [[*-h* hint] [*-i* match_identity_file] [*-k* key] - [*-s* match_psk_sni_file] [*-u* user]] + [*-s* match_psk_sni_file] [*-u* user] [*-2*]] [[*-c* certfile] [*-j* keyfile] [*-n*] [*-C* cafile] [*-J* pkcs11_pin] [*-M* rpk_file] [*-R* trust_casfile] [*-S* match_pki_sni_file]] @@ -196,6 +196,9 @@ OPTIONS - PSK *-u* user :: User identity for pre-shared key mode (only used if option *-P* is set). +*-2* :: + Use EC-JPAKE negotiation (if supported). + OPTIONS - PKI ------------- (If supported by underlying (D)TLS library) diff --git a/man/coap_encryption.txt.in b/man/coap_encryption.txt.in index 50309e1e94..08c9b58da5 100644 --- a/man/coap_encryption.txt.in +++ b/man/coap_encryption.txt.in @@ -140,7 +140,11 @@ typedef struct coap_dtls_cpsk_t { to support the version of the struct */ /* Options to enable different TLS functionality in libcoap */ - uint8_t reserved[7]; /* Reserved - must be set to 0 for + uint8_t ec_jpake; /* Set to 1 if DC-JPAKE is to be used. + Currently Mbed TLS only */ + + /* Options to enable different TLS functionality in libcoap */ + uint8_t reserved[6]; /* Reserved - must be set to 0 for future compatibility */ /** Identity Hint check callback function. @@ -178,6 +182,11 @@ definition. *version* is set to COAP_DTLS_CPSK_SETUP_VERSION. This will then allow support for different versions of the coap_dtls_cpsk_t structure in the future. +*SECTION: PSK Server: coap_dtls_spsk_t: ec_jpake* + +*ec_jpake* Set to 1 if EC-JPAKE negotiation is to be used. Currently only +supported by suitably compiled Mbed TLS library. + *SECTION: PSK Client: coap_dtls_cpsk_t: Reserved* *reserved* All must be set to 0. Future functionality updates will make use of @@ -262,11 +271,15 @@ environment. [source, c] ---- typedef struct coap_dtls_spsk_t { - uint8_t version; /** Set to COAP_DTLS_SPSK_SETUP_VERSION + uint8_t version; /* Set to COAP_DTLS_SPSK_SETUP_VERSION to support the version of the struct */ /* Options to enable different TLS functionality in libcoap */ - uint8_t reserved[7]; /* Reserved - must be set to 0 for + uint8_t ec_jpake; /* Set to 1 if DC-JPAKE can be used. + Currently Mbed TLS only */ + + /* Options to enable different TLS functionality in libcoap */ + uint8_t reserved[6]; /* Reserved - must be set to 0 for future compatibility */ /** Identity check callback function. @@ -304,6 +317,11 @@ definition. *version* is set to COAP_DTLS_SPSK_SETUP_VERSION. This will then allow support for different versions of the coap_dtls_spsk_t structure in the future. +*SECTION: PSK Server: coap_dtls_spsk_t: ec_jpake* + +*ec_jpake* Set to 1 if EC-JPAKE negotiation can be used. Currently only +supported by suitably compiled Mbed TLS library. + *SECTION: PSK Server: coap_dtls_spsk_t: Reserved* *reserved* All must be set to 0. Future functionality updates will make use of diff --git a/src/coap_gnutls.c b/src/coap_gnutls.c index 9053e68268..dfc0c076e4 100644 --- a/src/coap_gnutls.c +++ b/src/coap_gnutls.c @@ -394,6 +394,9 @@ coap_dtls_context_set_spsk(coap_context_t *c_context, if (!g_context || !setup_data) return 0; + if (setup_data->ec_jpake) { + coap_log_warn("GnuTLS has no EC-JPAKE support\n"); + } g_context->psk_pki_enabled |= IS_PSK; return 1; } @@ -414,6 +417,9 @@ coap_dtls_context_set_cpsk(coap_context_t *c_context, if (!g_context || !setup_data) return 0; + if (setup_data->ec_jpake) { + coap_log_warn("GnuTLS has no EC-JPAKE support\n"); + } g_context->psk_pki_enabled |= IS_PSK; return 1; } diff --git a/src/coap_mbedtls.c b/src/coap_mbedtls.c index bdcf8645e8..b2a1ee20e9 100644 --- a/src/coap_mbedtls.c +++ b/src/coap_mbedtls.c @@ -105,6 +105,7 @@ #define IS_PSK (1 << 0) #define IS_PKI (1 << 1) +#define IS_ECJPAKE (1 << 2) #define IS_CLIENT (1 << 6) #define IS_SERVER (1 << 7) @@ -165,6 +166,7 @@ typedef struct coap_mbedtls_context_t { typedef enum coap_enc_method_t { COAP_ENC_PSK, COAP_ENC_PKI, + COAP_ENC_ECJPAKE, } coap_enc_method_t; #ifndef MBEDTLS_2_X_COMPAT @@ -1100,6 +1102,7 @@ setup_server_ssl_session(coap_session_t *c_session, #if COAP_CLIENT_SUPPORT static int *psk_ciphers = NULL; static int *pki_ciphers = NULL; +static int *ecjpake_ciphers = NULL; static int processed_ciphers = 0; #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) @@ -1136,6 +1139,10 @@ set_ciphersuites(mbedtls_ssl_config *conf, coap_enc_method_t method) { const int *base = list; int *psk_list; int *pki_list; +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + int *ecjpake_list; + int ecjpake_count = 1; +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ int psk_count = 1; /* account for empty terminator */ int pki_count = 1; @@ -1143,17 +1150,21 @@ set_ciphersuites(mbedtls_ssl_config *conf, coap_enc_method_t method) { const mbedtls_ssl_ciphersuite_t *cur = mbedtls_ssl_ciphersuite_from_id(*list); -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 if (cur) { +#if MBEDTLS_VERSION_NUMBER >= 0x03020000 if (cur->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2) { /* Minimum of TLS1.2 required - skip */ } #else - if (cur) { if (cur->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) { /* Minimum of TLS1.2 required - skip */ } #endif /* MBEDTLS_VERSION_NUMBER >= 0x03020000 */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + else if (cur->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { + ecjpake_count++; + } +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if MBEDTLS_VERSION_NUMBER >= 0x03060000 else if (cur->min_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3) { psk_count++; @@ -1185,24 +1196,43 @@ set_ciphersuites(mbedtls_ssl_config *conf, coap_enc_method_t method) { psk_ciphers = NULL; return; } +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + ecjpake_ciphers = mbedtls_malloc(ecjpake_count * sizeof(ecjpake_ciphers[0])); + if (ecjpake_ciphers == NULL) { + coap_log_err("set_ciphers: mbedtls_malloc with count %d failed\n", pki_count); + mbedtls_free(psk_ciphers); + mbedtls_free(pki_ciphers); + psk_ciphers = NULL; + pki_ciphers = NULL; + return; + } +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ psk_list = psk_ciphers; pki_list = pki_ciphers; +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + ecjpake_list = ecjpake_ciphers; +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ while (*list) { const mbedtls_ssl_ciphersuite_t *cur = mbedtls_ssl_ciphersuite_from_id(*list); -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 if (cur) { +#if MBEDTLS_VERSION_NUMBER >= 0x03020000 if (cur->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2) { /* Minimum of TLS1.2 required - skip */ } #else - if (cur) { if (cur->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) { /* Minimum of TLS1.2 required - skip */ } #endif /* MBEDTLS_VERSION_NUMBER >= 0x03020000 */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + else if (cur->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { + *ecjpake_list = *list; + ecjpake_list++; + } +#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if MBEDTLS_VERSION_NUMBER >= 0x03060000 else if (cur->min_tls_version >= MBEDTLS_SSL_VERSION_TLS1_3) { *psk_list = *list; @@ -1229,7 +1259,20 @@ set_ciphersuites(mbedtls_ssl_config *conf, coap_enc_method_t method) { *pki_list = 0; processed_ciphers = 1; } - mbedtls_ssl_conf_ciphersuites(conf, method == COAP_ENC_PSK ? psk_ciphers : pki_ciphers); + switch (method) { + case COAP_ENC_PSK: + mbedtls_ssl_conf_ciphersuites(conf, psk_ciphers); + break; + case COAP_ENC_PKI: + mbedtls_ssl_conf_ciphersuites(conf, pki_ciphers); + break; + case COAP_ENC_ECJPAKE: + mbedtls_ssl_conf_ciphersuites(conf, ecjpake_ciphers); + break; + default: + assert(0); + break; + } } static int @@ -1292,7 +1335,18 @@ setup_client_ssl_session(coap_session_t *c_session, } /* Identity Hint currently not supported in Mbed TLS so code removed */ +#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + if (m_context->psk_pki_enabled & IS_ECJPAKE) { + set_ciphersuites(&m_env->conf, COAP_ENC_ECJPAKE); +#if MBEDTLS_VERSION_NUMBER >= 0x03020000 + mbedtls_ssl_conf_max_tls_version(&m_env->conf, MBEDTLS_SSL_VERSION_TLS1_2); +#endif /* MBEDTLS_VERSION_NUMBER >= 0x03020000 */ + } else { + set_ciphersuites(&m_env->conf, COAP_ENC_PSK); + } +#else /* ! MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ set_ciphersuites(&m_env->conf, COAP_ENC_PSK); +#endif /* ! MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #else /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ coap_log_warn("PSK not enabled in Mbed TLS library\n"); #endif /* ! MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ @@ -1470,6 +1524,16 @@ do_mbedtls_handshake(coap_session_t *c_session, get_error_string(ret)); reset: mbedtls_ssl_session_reset(&m_env->ssl); +#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + coap_mbedtls_context_t *m_context = + ((coap_mbedtls_context_t *)c_session->context->dtls_context); + if (m_context->psk_pki_enabled & IS_PSK && + m_context->psk_pki_enabled & (IS_SERVER | IS_ECJPAKE)) { + const coap_bin_const_t *psk_key; + psk_key = coap_get_session_server_psk_key(c_session); + mbedtls_ssl_set_hs_ecjpake_password(&m_env->ssl, psk_key->s, psk_key->length); + } +#endif /* ! MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ return -1; } @@ -1692,6 +1756,16 @@ coap_dtls_new_mbedtls_env(coap_session_t *c_session, coap_sock_read, NULL); } #endif /* ! COAP_DISABLE_TCP */ +#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + coap_mbedtls_context_t *m_context = + ((coap_mbedtls_context_t *)c_session->context->dtls_context); + if ((m_context->psk_pki_enabled & IS_PSK) && + (role != COAP_DTLS_ROLE_CLIENT || m_context->psk_pki_enabled & IS_ECJPAKE)) { + const coap_bin_const_t *psk_key; + psk_key = coap_get_session_server_psk_key(c_session); + mbedtls_ssl_set_hs_ecjpake_password(&m_env->ssl, psk_key->s, psk_key->length); + } +#endif /* ! MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ mbedtls_ssl_set_timer_cb(&m_env->ssl, &m_env->timer, mbedtls_timing_set_delay, mbedtls_timing_get_delay); @@ -1799,6 +1873,13 @@ coap_dtls_context_set_spsk(coap_context_t *c_context, if (!m_context || !setup_data) return 0; + if (setup_data->ec_jpake) { +#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + m_context->psk_pki_enabled |= IS_ECJPAKE; +#else /* ! MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + coap_log_warn("Mbed TLS not compiled for EC-JPAKE support\n"); +#endif /* ! MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + } m_context->psk_pki_enabled |= IS_PSK; return 1; } @@ -1831,6 +1912,13 @@ coap_dtls_context_set_cpsk(coap_context_t *c_context, if (setup_data->validate_ih_call_back) { coap_log_warn("CoAP Client with Mbed TLS does not support Identity Hint selection\n"); } + if (setup_data->ec_jpake) { +#ifdef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + m_context->psk_pki_enabled |= IS_ECJPAKE; +#else /* ! MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + coap_log_warn("Mbed TLS not compiled for EC-JPAKE support\n"); +#endif /* ! MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + } m_context->psk_pki_enabled |= IS_PSK; return 1; #endif /* MBEDTLS_SSL_CLI_C */ @@ -2600,8 +2688,10 @@ coap_dtls_shutdown(void) { #if COAP_CLIENT_SUPPORT mbedtls_free(psk_ciphers); mbedtls_free(pki_ciphers); + mbedtls_free(ecjpake_ciphers); psk_ciphers = NULL; pki_ciphers = NULL; + ecjpake_ciphers = NULL; processed_ciphers = 0; #endif /* COAP_CLIENT_SUPPORT */ coap_dtls_set_log_level(COAP_LOG_EMERG); diff --git a/src/coap_openssl.c b/src/coap_openssl.c index 95a3cb5c85..379c918c18 100644 --- a/src/coap_openssl.c +++ b/src/coap_openssl.c @@ -1222,6 +1222,9 @@ coap_dtls_context_set_spsk(coap_context_t *c_context, SSL_set_options(o_context->dtls.ssl, SSL_OP_COOKIE_EXCHANGE); SSL_set_mtu(o_context->dtls.ssl, COAP_DEFAULT_MTU); } + if (setup_data->ec_jpake) { + coap_log_warn("OpenSSL has no EC-JPAKE support\n"); + } o_context->psk_pki_enabled |= IS_PSK; return 1; } @@ -1255,6 +1258,9 @@ coap_dtls_context_set_cpsk(coap_context_t *c_context, SSL_set_options(o_context->dtls.ssl, SSL_OP_COOKIE_EXCHANGE); SSL_set_mtu(o_context->dtls.ssl, COAP_DEFAULT_MTU); } + if (setup_data->ec_jpake) { + coap_log_warn("OpenSSL has no EC-JPAKE support\n"); + } o_context->psk_pki_enabled |= IS_PSK; return 1; } diff --git a/src/coap_tinydtls.c b/src/coap_tinydtls.c index d2489c50d2..b5aaec5369 100644 --- a/src/coap_tinydtls.c +++ b/src/coap_tinydtls.c @@ -1473,6 +1473,9 @@ coap_dtls_context_set_cpsk(coap_context_t *coap_context COAP_UNUSED, return 0; #ifdef DTLS_PSK + if (setup_data->ec_jpake) { + coap_log_warn("TinyDTLS has no EC-JPAKE support\n"); + } return 1; #else /* ! DTLS_PSK */ coap_log_warn("TinyDTLS not compiled with PSK support\n"); @@ -1494,6 +1497,9 @@ coap_dtls_context_set_spsk(coap_context_t *coap_context COAP_UNUSED, coap_log_warn("CoAP Server with TinyDTLS does not support SNI selection\n"); } + if (setup_data->ec_jpake) { + coap_log_warn("TinyDTLS has no EC-JPAKE support\n"); + } return 1; #else /* ! DTLS_PSK */ coap_log_warn("TinyDTLS not compiled with PSK support\n"); diff --git a/src/coap_wolfssl.c b/src/coap_wolfssl.c index 7bd10beb4f..5797e7bb8e 100644 --- a/src/coap_wolfssl.c +++ b/src/coap_wolfssl.c @@ -1044,6 +1044,9 @@ coap_dtls_context_set_spsk(coap_context_t *c_context, psk_tls_server_name_call_back); #endif /* !COAP_DISABLE_TCP */ } + if (setup_data->ec_jpake) { + coap_log_warn("wolfSSL has no EC-JPAKE support\n"); + } w_context->psk_pki_enabled |= IS_PSK; return 1; } @@ -1060,6 +1063,9 @@ coap_dtls_context_set_cpsk(coap_context_t *c_context, if (!setup_data || !w_context) return 0; + if (setup_data->ec_jpake) { + coap_log_warn("wolfSSL has no EC-JPAKE support\n"); + } w_context->psk_pki_enabled |= IS_PSK; return 1; }