diff --git a/cyassl/internal.h b/cyassl/internal.h index 085d2a393..f2e9558ec 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1109,11 +1109,13 @@ typedef struct CYASSL_DTLS_CTX { typedef enum { SERVER_NAME_INDICATION = 0, MAX_FRAGMENT_LENGTH = 1, - /*CLIENT_CERTIFICATE_URL = 2, - TRUSTED_CA_KEYS = 3,*/ + /*CLIENT_CERTIFICATE_URL = 2,*/ + /*TRUSTED_CA_KEYS = 3,*/ TRUNCATED_HMAC = 4, - /*STATUS_REQUEST = 5, - SIGNATURE_ALGORITHMS = 13,*/ + /*STATUS_REQUEST = 5,*/ + ELLIPTIC_CURVES = 10, + /*EC_POINT_FORMATS = 11,*/ + /*SIGNATURE_ALGORITHMS = 13,*/ } TLSX_Type; typedef struct TLSX { @@ -1180,6 +1182,18 @@ CYASSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions); #endif /* HAVE_TRUNCATED_HMAC */ +#ifdef HAVE_ELLIPTIC_CURVES + +typedef struct EllipticCurve { + word16 name; /* CurveNames */ + struct EllipticCurve* next; /* List Behavior */ + +} EllipticCurve; + +CYASSL_LOCAL int TLSX_UseEllipticCurve(TLSX** extensions, word16 name); + +#endif + #endif /* HAVE_TLS_EXTENSIONS */ /* CyaSSL context type */ diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 049e0d5eb..678c1934f 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -1231,6 +1231,7 @@ CYASSL_API int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, unsigned char mfl); #endif /* NO_CYASSL_CLIENT */ #endif /* HAVE_MAX_FRAGMENT */ +/* Truncated HMAC */ #ifdef HAVE_TRUNCATED_HMAC #ifndef NO_CYASSL_CLIENT @@ -1240,6 +1241,48 @@ CYASSL_API int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx); #endif /* NO_CYASSL_CLIENT */ #endif /* HAVE_TRUNCATED_HMAC */ +/* Elliptic Curves */ +#ifdef HAVE_ELLIPTIC_CURVES + +enum { + /*CYASSL_ECC_SECT163K1 = 1,*/ + /*CYASSL_ECC_SECT163R1 = 2,*/ + /*CYASSL_ECC_SECT163R2 = 3,*/ + /*CYASSL_ECC_SECT193R1 = 4,*/ + /*CYASSL_ECC_SECT193R2 = 5,*/ + /*CYASSL_ECC_SECT233K1 = 6,*/ + /*CYASSL_ECC_SECT233R1 = 7,*/ + /*CYASSL_ECC_SECT239K1 = 8,*/ + /*CYASSL_ECC_SECT283K1 = 9,*/ + /*CYASSL_ECC_SECT283R1 = 10,*/ + /*CYASSL_ECC_SECT409K1 = 11,*/ + /*CYASSL_ECC_SECT409R1 = 12,*/ + /*CYASSL_ECC_SECT571K1 = 13,*/ + /*CYASSL_ECC_SECT571R1 = 14,*/ + /*CYASSL_ECC_SECP160K1 = 15,*/ + CYASSL_ECC_SECP160R1 = 16, + /*CYASSL_ECC_SECP160R2 = 17,*/ + /*CYASSL_ECC_SECP192K1 = 18,*/ + CYASSL_ECC_SECP192R1 = 19, + /*CYASSL_ECC_SECP224K1 = 20,*/ + CYASSL_ECC_SECP224R1 = 21, + /*CYASSL_ECC_SECP256K1 = 22,*/ + CYASSL_ECC_SECP256R1 = 23, + CYASSL_ECC_SECP384R1 = 24, + CYASSL_ECC_SECP521R1 = 25, + /*CYASSL_ECC_ARBITRARY_EXPLICIT_PRIME_CURVES = 0xFF01,*/ + /*CYASSL_ECC_ARBITRARY_EXPLICIT_CHAR2_CURVES = 0xFF02*/ +}; + +#ifndef NO_CYASSL_CLIENT + +CYASSL_API int CyaSSL_UseEllipticCurve(CYASSL* ssl, unsigned short name); +CYASSL_API int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx, + unsigned short name); + +#endif /* NO_CYASSL_CLIENT */ +#endif /* HAVE_ELLIPTIC_CURVES */ + #define CYASSL_CRL_MONITOR 0x01 /* monitor this dir flag */ #define CYASSL_CRL_START_MON 0x02 /* start monitoring flag */ diff --git a/src/ssl.c b/src/ssl.c index e12e66f9e..b1d309db2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -622,6 +622,30 @@ int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx) #endif /* NO_CYASSL_CLIENT */ #endif /* HAVE_TRUNCATED_HMAC */ +/* Elliptic Curves */ +#ifdef HAVE_ELLIPTIC_CURVES +#ifndef NO_CYASSL_CLIENT + +int CyaSSL_UseEllipticCurve(CYASSL* ssl, word16 name) +{ + if (ssl == NULL) + return BAD_FUNC_ARG; + + return TLSX_UseEllipticCurve(&ssl->extensions, name); +} + +int CyaSSL_CTX_UseEllipticCurve(CYASSL_CTX* ctx, word16 name) +{ + if (ctx == NULL) + return BAD_FUNC_ARG; + + return TLSX_UseEllipticCurve(&ctx->extensions, name); +} + +#endif /* NO_CYASSL_CLIENT */ +#endif /* HAVE_ELLIPTIC_CURVES */ + + #ifndef CYASSL_LEANPSK int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags) {