Send the supported elliptic curves extension. Instead of hardcoding

the values let policy specify them. Also choose an ECC curve for
server kex from the client hello. Choice is via policy, default
implementation is to choose the first curve the client supports out of
the server's preference list.

1 files changed, 12 insertions, 1 deletions

diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 47c62a96a..207d40990 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -265,7 +265,18 @@ void Server::process_handshake_msg(Handshake_Type type,
                state->kex_priv = new DH_PrivateKey(rng, policy.dh_group());
             else if(kex_algo == "ECDH")
                {
-               EC_Group ec_group("secp256r1"); // FIXME, use client known groups
+               const std::vector<std::string>& curves =
+                  state->client_hello->supported_ecc_curves();
+
+               if(curves.empty())
+                  throw Internal_Error("Client sent no ECC extension but we negotiated ECDH");
+
+               const std::string curve_name = policy.choose_curve(curves);
+
+               if(curve_name == "") // shouldn't happen
+                  throw Internal_Error("Could not agree on an ECC curve with the client");
+
+               EC_Group ec_group(curve_name);
                state->kex_priv = new ECDH_PrivateKey(rng, ec_group);
                }
             else