added external api for Elliptic Curves Extension.

cyassl/internal.h

@@ -1109,11 +1109,13 @@ typedef struct CYASSL_DTLS_CTX {
 typedef enum {
     SERVER_NAME_INDICATION =  0,
     MAX_FRAGMENT_LENGTH    =  1,
-  /*CLIENT_CERTIFICATE_URL =  2,
+  /*CLIENT_CERTIFICATE_URL =  2,*/
-    TRUSTED_CA_KEYS        =  3,*/
+  /*TRUSTED_CA_KEYS        =  3,*/
     TRUNCATED_HMAC         =  4,
-  /*STATUS_REQUEST         =  5,
+  /*STATUS_REQUEST         =  5,*/
-    SIGNATURE_ALGORITHMS   = 13,*/
+    ELLIPTIC_CURVES        = 10,
+  /*EC_POINT_FORMATS       = 11,*/
+  /*SIGNATURE_ALGORITHMS   = 13,*/
 } TLSX_Type;
 
 typedef struct TLSX {
@@ -1180,6 +1182,18 @@ CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions);
 
 #endif /* HAVE_TRUNCATED_HMAC */
 
+#ifdef HAVE_ELLIPTIC_CURVES
+
+typedef struct EllipticCurve {
+    word16                name; /* CurveNames    */
+    struct EllipticCurve* next; /* List Behavior */
+
+} EllipticCurve;
+
+CYASSL_LOCAL int TLSX_UseEllipticCurve(TLSX** extensions, word16 name);
+
+#endif
+
 #endif /* HAVE_TLS_EXTENSIONS */
 
 /* CyaSSL context type */

cyassl/ssl.h

@@ -1231,6 +1231,7 @@ CYASSL_API int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, unsigned char mfl);
 #endif /* NO_CYASSL_CLIENT */
 #endif /* HAVE_MAX_FRAGMENT */
 
+/* Truncated HMAC */
 #ifdef HAVE_TRUNCATED_HMAC
 #ifndef NO_CYASSL_CLIENT
 
@@ -1240,6 +1241,48 @@ CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx);
 #endif /* NO_CYASSL_CLIENT */
 #endif /* HAVE_TRUNCATED_HMAC */
 
+/* Elliptic Curves */
+#ifdef HAVE_ELLIPTIC_CURVES
+
+enum {
+  /*CYASSL_ECC_SECT163K1 =  1,*/
+  /*CYASSL_ECC_SECT163R1 =  2,*/
+  /*CYASSL_ECC_SECT163R2 =  3,*/
+  /*CYASSL_ECC_SECT193R1 =  4,*/
+  /*CYASSL_ECC_SECT193R2 =  5,*/
+  /*CYASSL_ECC_SECT233K1 =  6,*/
+  /*CYASSL_ECC_SECT233R1 =  7,*/
+  /*CYASSL_ECC_SECT239K1 =  8,*/
+  /*CYASSL_ECC_SECT283K1 =  9,*/
+  /*CYASSL_ECC_SECT283R1 = 10,*/
+  /*CYASSL_ECC_SECT409K1 = 11,*/
+  /*CYASSL_ECC_SECT409R1 = 12,*/
+  /*CYASSL_ECC_SECT571K1 = 13,*/
+  /*CYASSL_ECC_SECT571R1 = 14,*/
+  /*CYASSL_ECC_SECP160K1 = 15,*/
+    CYASSL_ECC_SECP160R1 = 16,
+  /*CYASSL_ECC_SECP160R2 = 17,*/
+  /*CYASSL_ECC_SECP192K1 = 18,*/
+    CYASSL_ECC_SECP192R1 = 19,
+  /*CYASSL_ECC_SECP224K1 = 20,*/
+    CYASSL_ECC_SECP224R1 = 21,
+  /*CYASSL_ECC_SECP256K1 = 22,*/
+    CYASSL_ECC_SECP256R1 = 23,
+    CYASSL_ECC_SECP384R1 = 24,
+    CYASSL_ECC_SECP521R1 = 25,
+  /*CYASSL_ECC_ARBITRARY_EXPLICIT_PRIME_CURVES = 0xFF01,*/
+  /*CYASSL_ECC_ARBITRARY_EXPLICIT_CHAR2_CURVES = 0xFF02*/
+};
+
+#ifndef NO_CYASSL_CLIENT
+
+CYASSL_API int CyaSSL_UseEllipticCurve(CYASSL* ssl, unsigned short name);
+CYASSL_API int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx,
+                                                          unsigned short name);
+
+#endif /* NO_CYASSL_CLIENT */
+#endif /* HAVE_ELLIPTIC_CURVES */
+
 
 #define CYASSL_CRL_MONITOR   0x01   /* monitor this dir flag */
 #define CYASSL_CRL_START_MON 0x02   /* start monitoring flag */

src/ssl.c

@@ -622,6 +622,30 @@ int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
 #endif /* NO_CYASSL_CLIENT */
 #endif /* HAVE_TRUNCATED_HMAC */
 
+/* Elliptic Curves */
+#ifdef HAVE_ELLIPTIC_CURVES
+#ifndef NO_CYASSL_CLIENT
+
+int CyaSSL_UseEllipticCurve(CYASSL* ssl, word16 name)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    return TLSX_UseEllipticCurve(&ssl->extensions, name);
+}
+
+int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx, word16 name)
+{
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    return TLSX_UseEllipticCurve(&ctx->extensions, name);
+}
+
+#endif /* NO_CYASSL_CLIENT */
+#endif /* HAVE_ELLIPTIC_CURVES */
+
+
 #ifndef CYASSL_LEANPSK
 int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags)
 {