cipher suite ECDHE-ECDSA-NULL-SHA

src/internal.c

@@ -1285,6 +1285,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
     }
 #endif
 
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+    if (tls && haveECDSAsig) {
+        suites->suites[idx++] = ECC_BYTE;
+        suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA;
+    }
+#endif
+
 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
     if (tls && haveRSA) {
         suites->suites[idx++] = 0;
@@ -3981,6 +3988,11 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
                 return 1;
             break;
 
+        case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
+            if (requirement == REQUIRES_ECC_DSA)
+                return 1;
+            break;
+
         default:
             WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
             return 0;
@@ -9913,6 +9925,10 @@ static const char* const cipher_names[] =
 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
     "IDEA-CBC-SHA",
 #endif
+
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+    "ECDHE-ECDSA-NULL-SHA",
+#endif
 };
 
 
@@ -10327,6 +10343,10 @@ static int cipher_name_idx[] =
 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
     SSL_RSA_WITH_IDEA_CBC_SHA,
 #endif
+
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+    TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+#endif
 };
 
 

src/keys.c

@@ -764,6 +764,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
 
         break;
 #endif
+
+#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+    case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
+        ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
+        ssl->specs.cipher_type           = stream;
+        ssl->specs.mac_algorithm         = sha_mac;
+        ssl->specs.kea                   = ecc_diffie_hellman_kea;
+        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
+        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.static_ecdh           = 0;
+        ssl->specs.key_size              = 0;
+        ssl->specs.block_size            = 0;
+        ssl->specs.iv_size               = 0;
+
+    break;
+#endif
 #endif /* HAVE_ECC */
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8

tests/test.conf

@@ -399,6 +399,39 @@
 -v 3
 -l ECDHE-RSA-AES256-SHA
 
+# server TLSv1 ECDHE-ECDSA-NULL-SHA
+-v 1
+-l ECDHE-ECDSA-NULL-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-NULL-SHA
+-v 1
+-l ECDHE-ECDSA-NULL-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
+-v 2
+-l ECDHE-ECDSA-NULL-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-NULL-SHA
+-v 2
+-l ECDHE-ECDSA-NULL-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
+-v 3
+-l ECDHE-ECDSA-NULL-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
+-v 3
+-l ECDHE-ECDSA-NULL-SHA
+-A ./certs/server-ecc.pem
+
 # server TLSv1 ECDHE-ECDSA-RC4
 -v 1
 -l ECDHE-ECDSA-RC4-SHA

wolfssl/internal.h

@@ -520,6 +520,9 @@ typedef byte word24[3];
                 #endif
             #endif /* NO_SHA */
         #endif
+        #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA)
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+        #endif
     #endif
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) \
         && !defined(NO_OLD_POLY1305)
@@ -705,6 +708,7 @@ enum {
     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   = 0x28,
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
+    TLS_ECDHE_ECDSA_WITH_NULL_SHA           = 0x06,
 
     /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA    = 0x0F,