ssl_write_supported_groups_ext(): add support for ffdh keys
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/library/ssl_client.c b/library/ssl_client.c
index e84c28a..7fa3737 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -274,8 +274,40 @@
*group_list));
}
#endif /* MBEDTLS_ECP_LIGHT */
- /* Add DHE groups here */
+ if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
+ mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) {
+ const char *ffdh_group = NULL;
+ switch (*group_list) {
+ case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
+ ffdh_group = "ffdhe2048";
+ break;
+ case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
+ ffdh_group = "ffdhe3072";
+ break;
+ case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
+ ffdh_group = "ffdhe4096";
+ break;
+ case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
+ ffdh_group = "ffdhe6144";
+ break;
+ case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
+ ffdh_group = "ffdhe8192";
+ break;
+ default:
+ break;
+ }
+
+ if (ffdh_group == NULL) {
+ continue;
+ }
+
+ MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2);
+ MBEDTLS_PUT_UINT16_BE(*group_list, p, 0);
+ p += 2;
+ MBEDTLS_SSL_DEBUG_MSG(3, ("NamedGroup: %s ( %x )",
+ ffdh_group, *group_list));
+
}
/* Length of named_group_list */