Declare ECDSA key exchange and ciphersuites

Also fix bug in ssl_list_ciphersuites(). For now, disable it on server. Client will offer it but fail if server selects it.
2013-08-17 17:39:04 +02:00 · 2013-08-17 17:39:04 +02:00 · 32ea60a127
commit 32ea60a127
parent 0b03200e96
4 changed files with 152 additions and 7 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -363,6 +363,28 @@
 */
 #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED

+/**
+ * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ *
+ * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS
+ *
+ * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_PARSE_C
+ *
+ * This enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ *      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ *      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ *      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+ *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+ */
+#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+
 /**
 * \def POLARSSL_ERROR_STRERROR_BC
 *
@ -1419,6 +1441,12 @@
 #error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
 #endif

+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
+    ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) ||          \
+      !defined(POLARSSL_X509_PARSE_C) )
+#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
+#endif
+
 #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
    ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_PARSE_C) )
 #error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"