diff options
| author | Henrik Nord <[email protected]> | 2014-01-17 14:30:48 +0100 |
|---|---|---|
| committer | Henrik Nord <[email protected]> | 2014-01-17 14:30:58 +0100 |
| commit | 3199b4b663d82d83027fc74c8bf5b6c7849ad1d4 (patch) | |
| tree | 00c95d6a9f0cb67fdb379fd91fc65fce2ff97acd /lib/ssl | |
| parent | 045fcfc02ace59d07618f8983809236642bba630 (diff) | |
| parent | 8837c1be2ba8a3c123df3f5a87003daa9aac6539 (diff) | |
| download | otp-3199b4b663d82d83027fc74c8bf5b6c7849ad1d4.tar.gz otp-3199b4b663d82d83027fc74c8bf5b6c7849ad1d4.tar.bz2 otp-3199b4b663d82d83027fc74c8bf5b6c7849ad1d4.zip | |
Merge branch 'RoadRunnr/ecdh_crypto'
* RoadRunnr/ecdh_crypto:
crypto: selective support for GF2m curves
ssl: add brainpool elliptic curves to TLS (RFC-7027)
public_key: add brainpool elliptic curves (RFC-5639)
crypto: document ec_curves/0 and ec_curve/1
crypto: add brainpool (RFC 5639) curves
crypto: move elitic curve definitions from OpenSSL built-ins to Erlang
crypto: add ECDH test vectors for more curves
OTP-11578
Diffstat (limited to 'lib/ssl')
| -rw-r--r-- | lib/ssl/src/tls_v1.erl | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl index 2395e98642..7c7fdd64c3 100644 --- a/lib/ssl/src/tls_v1.erl +++ b/lib/ssl/src/tls_v1.erl @@ -368,11 +368,19 @@ finished_label(server) -> %% list ECC curves in prefered order ecc_curves(_Minor) -> - [?sect571r1,?sect571k1,?secp521r1,?sect409k1,?sect409r1, - ?secp384r1,?sect283k1,?sect283r1,?secp256k1,?secp256r1, - ?sect239k1,?sect233k1,?sect233r1,?secp224k1,?secp224r1, - ?sect193r1,?sect193r2,?secp192k1,?secp192r1,?sect163k1, - ?sect163r1,?sect163r2,?secp160k1,?secp160r1,?secp160r2]. + TLSCurves = [sect571r1,sect571k1,secp521r1,brainpoolP512r1, + sect409k1,sect409r1,brainpoolP384r1,secp384r1, + sect283k1,sect283r1,brainpoolP256r1,secp256k1,secp256r1, + sect239k1,sect233k1,sect233r1,secp224k1,secp224r1, + sect193r1,sect193r2,secp192k1,secp192r1,sect163k1, + sect163r1,sect163r2,secp160k1,secp160r1,secp160r2], + CryptoCurves = crypto:ec_curves(), + lists:foldr(fun(Curve, Curves) -> + case proplists:get_bool(Curve, CryptoCurves) of + true -> [pubkey_cert_records:namedCurves(Curve)|Curves]; + false -> Curves + end + end, [], TLSCurves). %% ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) oid_to_enum(?sect163k1) -> 1; @@ -399,7 +407,10 @@ oid_to_enum(?secp224r1) -> 21; oid_to_enum(?secp256k1) -> 22; oid_to_enum(?secp256r1) -> 23; oid_to_enum(?secp384r1) -> 24; -oid_to_enum(?secp521r1) -> 25. +oid_to_enum(?secp521r1) -> 25; +oid_to_enum(?brainpoolP256r1) -> 26; +oid_to_enum(?brainpoolP384r1) -> 27; +oid_to_enum(?brainpoolP512r1) -> 28. enum_to_oid(1) -> ?sect163k1; enum_to_oid(2) -> ?sect163r1; @@ -425,7 +436,10 @@ enum_to_oid(21) -> ?secp224r1; enum_to_oid(22) -> ?secp256k1; enum_to_oid(23) -> ?secp256r1; enum_to_oid(24) -> ?secp384r1; -enum_to_oid(25) -> ?secp521r1. +enum_to_oid(25) -> ?secp521r1; +enum_to_oid(26) -> ?brainpoolP256r1; +enum_to_oid(27) -> ?brainpoolP384r1; +enum_to_oid(28) -> ?brainpoolP512r1. sufficent_ec_support() -> CryptoSupport = crypto:supports(), |