Add support for EECDH to Sofia-SIP

This adds support for the ephemeral elliptic curve Diffie-Hellman key
exchange, which provides for forward secrecy in the event that
long-term keys are compromised.

For the moment, we've hard-coded the curve as prime256v1.

diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
index 0a50de4882282d23a0207382a8003f30e4028b9c..33432283efc8a18b643c63441b23c0d8586f57fa 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
@@ -263,6 +263,27 @@ int tls_verify_cb(int ok, X509_STORE_CTX *store)
   return ok;
 }
 
+static
+int tls_init_ecdh_curve(tls_t *tls)
+{
+  int nid;
+  EC_KEY *ecdh;
+  if (!(nid = OBJ_sn2nid("prime256v1"))) {
+    tls_log_errors(1, "Couldn't find specified curve", 0);
+    errno = EIO;
+    return -1;
+  }
+  if (!(ecdh = EC_KEY_new_by_curve_name(nid))) {
+    tls_log_errors(1, "Couldn't create specified curve", 0);
+    errno = EIO;
+    return -1;
+  }
+  SSL_CTX_set_options(tls->ctx, SSL_OP_SINGLE_ECDH_USE);
+  SSL_CTX_set_tmp_ecdh(tls->ctx, ecdh);
+  EC_KEY_free(ecdh);
+  return 0;
+}
+
 static
 int tls_init_context(tls_t *tls, tls_issues_t const *ti)
 {
@@ -381,6 +402,12 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
   SSL_CTX_set_verify_depth(tls->ctx, ti->verify_depth);
   SSL_CTX_set_verify(tls->ctx, verify, tls_verify_cb);
 
+  if (tls_init_ecdh_curve(tls) == 0) {
+    SU_DEBUG_3(("%s\n", "tls: initialized ECDH"));
+  } else {
+    SU_DEBUG_3(("%s\n", "tls: failed to initialize ECDH"));
+  }
+
   if (!SSL_CTX_set_cipher_list(tls->ctx, ti->ciphers)) {
     SU_DEBUG_1(("%s: error setting cipher list\n", "tls_init_context"));
     tls_log_errors(3, "tls_init_context", 0);