Fixed #1975: Add support to select elliptic curve and signature algorithm for TLS

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5472 74dad513-b988-da41-8d7b-12977e46ad98
author: Liong Sauw Ming <ming@teluu.com> 2016-10-27 07:58:01 +0000
committer: Liong Sauw Ming <ming@teluu.com> 2016-10-27 07:58:01 +0000
commit: 0b59aafe8a9658a21a3a39b2d5e47d3844376287 (patch)
tree: 92dd6d767bb6405f5f9719bc946eea476f633764 /pjsip
parent: d77d36f42151dfb6c6c1aca842e09ad897acc4a3 (diff)
2 files changed, 65 insertions, 0 deletions
diff --git a/pjsip/include/pjsip/sip_transport_tls.h b/pjsip/include/pjsip/sip_transport_tls.h
index 98a2c84d..f7645c46 100644
--- a/pjsip/include/pjsip/sip_transport_tls.h
+++ b/pjsip/include/pjsip/sip_transport_tls.h
@@ -141,6 +141,51 @@ typedef struct pjsip_tls_setting
     pj_ssl_cipher *ciphers;
 
     /**
+     * Number of curves contained in the specified curve preference.
+     * If this is set to zero, then default curve list of the backend
+     * will be used.
+     *
+     * Default: 0 (zero).
+     */
+    unsigned curves_num;
+
+    /**
+     * Curves and order preference. The #pj_ssl_curve_get_availables()
+     * can be used to check the available curves supported by backend.
+     */
+    pj_ssl_curve *curves;
+
+    /**
+     * The supported signature algorithms. Set the sigalgs string
+     * using this form:
+     * "<DIGEST>+<ALGORITHM>:<DIGEST>+<ALGORITHM>"
+     * Digests are: "RSA", "DSA" or "ECDSA"
+     * Algorithms are: "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512"
+     * Example: "ECDSA+SHA256:RSA+SHA256"
+     */
+    pj_str_t	sigalgs;
+
+    /**
+     * Reseed random number generator.
+     * For type #PJ_SSL_ENTROPY_FILE, parameter \a entropy_path
+     * must be set to a file.
+     * For type #PJ_SSL_ENTROPY_EGD, parameter \a entropy_path
+     * must be set to a socket.
+     *
+     * Default value is PJ_SSL_ENTROPY_NONE.
+    */
+    pj_ssl_entropy_t	entropy_type;
+
+    /**
+     * When using a file/socket for entropy #PJ_SSL_ENTROPY_EGD or
+     * #PJ_SSL_ENTROPY_FILE, \a entropy_path must contain the path
+     * to entropy socket/file.
+     *
+     * Default value is an empty string.
+     */
+    pj_str_t		entropy_path;
+
+    /**
      * Specifies TLS transport behavior on the server TLS certificate 
      * verification result:
      * - If \a verify_server is disabled (set to PJ_FALSE), TLS transport 
@@ -292,6 +337,8 @@ PJ_INLINE(void) pjsip_tls_setting_copy(pj_pool_t *pool,
     pj_strdup_with_null(pool, &dst->cert_file, &src->cert_file);
     pj_strdup_with_null(pool, &dst->privkey_file, &src->privkey_file);
     pj_strdup_with_null(pool, &dst->password, &src->password);
+    pj_strdup_with_null(pool, &dst->sigalgs, &src->sigalgs);
+    pj_strdup_with_null(pool, &dst->entropy_path, &src->entropy_path);
     if (src->ciphers_num) {
 	unsigned i;
 	dst->ciphers = (pj_ssl_cipher*) pj_pool_calloc(pool, src->ciphers_num,
@@ -299,6 +346,14 @@ PJ_INLINE(void) pjsip_tls_setting_copy(pj_pool_t *pool,
 	for (i=0; i<src->ciphers_num; ++i)
 	    dst->ciphers[i] = src->ciphers[i];
     }
+
+    if (src->curves_num) {
+	unsigned i;
+	dst->curves = (pj_ssl_curve*) pj_pool_calloc(pool, src->curves_num,
+						     sizeof(pj_ssl_curve));
+	for (i=0; i<src->curves_num; ++i)
+	    dst->curves[i] = src->curves[i];
+    }
 }
 
 
diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
index 19eed519..c1789641 100644
--- a/pjsip/src/pjsip/sip_transport_tls.c
+++ b/pjsip/src/pjsip/sip_transport_tls.c
@@ -391,6 +391,11 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start2( pjsip_endpoint *endpt,
 	ssock_param.read_buffer_size = PJSIP_MAX_PKT_LEN;
     ssock_param.ciphers_num = listener->tls_setting.ciphers_num;
     ssock_param.ciphers = listener->tls_setting.ciphers;
+    ssock_param.curves_num = listener->tls_setting.curves_num;
+    ssock_param.curves = listener->tls_setting.curves;
+    ssock_param.sigalgs = listener->tls_setting.sigalgs;
+    ssock_param.entropy_type = listener->tls_setting.entropy_type;
+    ssock_param.entropy_path = listener->tls_setting.entropy_path;
     ssock_param.reuse_addr = listener->tls_setting.reuse_addr;
     ssock_param.qos_type = listener->tls_setting.qos_type;
     ssock_param.qos_ignore_error = listener->tls_setting.qos_ignore_error;
@@ -1070,6 +1075,11 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory,
 	ssock_param.read_buffer_size = PJSIP_MAX_PKT_LEN;
     ssock_param.ciphers_num = listener->tls_setting.ciphers_num;
     ssock_param.ciphers = listener->tls_setting.ciphers;
+    ssock_param.curves_num = listener->tls_setting.curves_num;
+    ssock_param.curves = listener->tls_setting.curves;
+    ssock_param.sigalgs = listener->tls_setting.sigalgs;
+    ssock_param.entropy_type = listener->tls_setting.entropy_type;
+    ssock_param.entropy_path = listener->tls_setting.entropy_path;
     ssock_param.qos_type = listener->tls_setting.qos_type;
     ssock_param.qos_ignore_error = listener->tls_setting.qos_ignore_error;
     pj_memcpy(&ssock_param.qos_params, &listener->tls_setting.qos_params,
author	Liong Sauw Ming <ming@teluu.com>	2016-10-27 07:58:01 +0000
committer	Liong Sauw Ming <ming@teluu.com>	2016-10-27 07:58:01 +0000
commit	0b59aafe8a9658a21a3a39b2d5e47d3844376287 (patch)
tree	92dd6d767bb6405f5f9719bc946eea476f633764 /pjsip
parent	d77d36f42151dfb6c6c1aca842e09ad897acc4a3 (diff)