xref: /freebsd/contrib/bearssl/src/ssl/ssl_server_minf2g.c (revision 52c2bb75163559a6e2866ad374a7de67a4ea1273)
1 /*
2  * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining
5  * a copy of this software and associated documentation files (the
6  * "Software"), to deal in the Software without restriction, including
7  * without limitation the rights to use, copy, modify, merge, publish,
8  * distribute, sublicense, and/or sell copies of the Software, and to
9  * permit persons to whom the Software is furnished to do so, subject to
10  * the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #include "inner.h"
26 
27 /* see bearssl_ssl.h */
28 void
29 br_ssl_server_init_minf2g(br_ssl_server_context *cc,
30 	const br_x509_certificate *chain, size_t chain_len,
31 	const br_ec_private_key *sk)
32 {
33 	static const uint16_t suites[] = {
34 		BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
35 	};
36 
37 	/*
38 	 * Reset server context and set supported versions to TLS-1.2 (only).
39 	 */
40 	br_ssl_server_zero(cc);
41 	br_ssl_engine_set_versions(&cc->eng, BR_TLS12, BR_TLS12);
42 
43 	/*
44 	 * Set suites and elliptic curve implementation (for ECDHE).
45 	 */
46 	br_ssl_engine_set_suites(&cc->eng, suites,
47 		(sizeof suites) / (sizeof suites[0]));
48 	br_ssl_engine_set_ec(&cc->eng, &br_ec_all_m15);
49 
50 	/*
51 	 * Set the "server policy": handler for the certificate chain
52 	 * and private key operations.
53 	 */
54 	br_ssl_server_set_single_ec(cc, chain, chain_len, sk,
55 		BR_KEYTYPE_SIGN, 0, &br_ec_all_m15, br_ecdsa_i31_sign_asn1);
56 
57 	/*
58 	 * Set supported hash functions.
59 	 */
60 	br_ssl_engine_set_hash(&cc->eng, br_sha256_ID, &br_sha256_vtable);
61 
62 	/*
63 	 * Set the PRF implementations.
64 	 */
65 	br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf);
66 
67 	/*
68 	 * Symmetric encryption.
69 	 */
70 	br_ssl_engine_set_default_aes_gcm(&cc->eng);
71 }
72