6 files changed, 67 insertions, 1 deletions

diff --git a/configure.py b/configure.py
index 9122b38f0..292500337 100755
--- a/configure.py
+++ b/configure.py
@@ -435,10 +435,16 @@ def process_command_line(args):
     install_group.add_option('--includedir', metavar='DIR',
                              help='set the include file install dir')
 
+    misc_group = optparse.OptionGroup(parser, 'Miscellaneous options')
+
+    misc_group.add_option('--house-curve', metavar='STRING', dest='house_curve',
+                          help='a custom in-house curve of the format: curve.pem,NAME,OID,CURVEID')
+
     parser.add_option_group(target_group)
     parser.add_option_group(build_group)
     parser.add_option_group(mods_group)
     parser.add_option_group(install_group)
+    parser.add_option_group(misc_group)
 
     # These exist only for autoconf compatibility (requested by zw for mtn)
     compat_with_autoconf_options = [
@@ -1133,6 +1139,7 @@ def guess_processor(archinfo):
 Read a whole file into memory as a string
 """
 def slurp_file(filename):
+    # type: (object) -> object
     if filename is None:
         return ''
     return ''.join(open(filename).readlines())
@@ -1385,6 +1392,29 @@ def create_template_vars(build_config, options, modules, cc, arch, osinfo):
                 logging.warn('Unknown arch in innosetup_arch %s' % (arch))
         return None
 
+    def read_pem(filename):
+        lines = [line.rstrip() for line in open(filename)]
+        for ndx, line in enumerate(lines):
+            lines[ndx] = ''.join(('\"', lines[ndx], '\" \\', '\n'))
+        return ''.join(lines)
+
+    def misc_config():
+        opts = list()
+        if options.house_curve:
+            p = options.house_curve.split(",")
+            if len(p) < 4:
+                logging.error('Too few parameters to --in-house-curve')
+            # make sure TLS curve id is in reserved for private use range (0xFE00..0xFEFF)
+            curve_id = int(p[3], 16)
+            if curve_id < 0xfe00 or curve_id > 0xfeff:
+                logging.error('TLS curve ID not in reserved range (see RFC 4492)')
+            opts.append('HOUSE_ECC_CURVE_NAME \"' + p[1] + '\"')
+            opts.append('HOUSE_ECC_CURVE_OID \"' + p[2] + '\"')
+            opts.append('HOUSE_ECC_CURVE_PEM ' + read_pem(filename=p[0]))
+            opts.append('HOUSE_ECC_CURVE_TLS_ID ' + hex(curve_id))
+
+        return opts
+
     vars = {
         'version_major':  build_config.version_major,
         'version_minor':  build_config.version_minor,
@@ -1504,7 +1534,9 @@ def create_template_vars(build_config, options, modules, cc, arch, osinfo):
         'mod_list': '\n'.join(sorted([m.basename for m in modules])),
 
         'python_version': options.python_version,
-        'with_sphinx': options.with_sphinx
+        'with_sphinx': options.with_sphinx,
+
+        'misc_config': make_cpp_macros(misc_config())
         }
 
     if options.os == 'darwin' and options.build_shared_lib:
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in
index fe5210698..fea18fd90 100644
--- a/src/build-data/buildh.in
+++ b/src/build-data/buildh.in
@@ -268,6 +268,11 @@ Each read generates 32 bits of output
 */
 %{local_config}
 
+/*
+* Miscellaneous configuration options (if any) follow
+*/
+%{misc_config}
+
 /**
 * Controls how AutoSeeded_RNG is instantiated
 */
diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp
index a9651187c..1ad2d06f1 100644
--- a/src/lib/asn1/oids.cpp
+++ b/src/lib/asn1/oids.cpp
@@ -171,6 +171,11 @@ std::string lookup(const OID& oid)
    if(oid_str == "2.5.4.7") return "X520.Locality";
    if(oid_str == "2.5.4.8") return "X520.State";
    if(oid_str == "2.5.8.1.1") return "RSA";
+
+#if defined(BOTAN_HOUSE_ECC_CURVE_NAME)
+   if(oid_str == BOTAN_HOUSE_ECC_CURVE_OID) return BOTAN_HOUSE_ECC_CURVE_NAME;
+#endif
+
    return std::string();
    }
 
@@ -329,6 +334,11 @@ OID lookup(const std::string& name)
    if(name == "x962_p239v1") return OID("1.2.840.10045.3.1.4");
    if(name == "x962_p239v2") return OID("1.2.840.10045.3.1.5");
    if(name == "x962_p239v3") return OID("1.2.840.10045.3.1.6");
+
+#if defined(BOTAN_HOUSE_ECC_CURVE_NAME)
+   if(name == BOTAN_HOUSE_ECC_CURVE_NAME) return OID(BOTAN_HOUSE_ECC_CURVE_OID);
+#endif
+
    return OID();
    }
 
diff --git a/src/lib/pubkey/ec_group/named.cpp b/src/lib/pubkey/ec_group/named.cpp
index 6df8a3169..c19b8ed37 100644
--- a/src/lib/pubkey/ec_group/named.cpp
+++ b/src/lib/pubkey/ec_group/named.cpp
@@ -265,6 +265,11 @@ const char* EC_Group::PEM_for_named_group(const std::string& name)
          "8f0XjAs61Y8QEm3ozkJDW1PcZ+FA0r+UH/3UWcbWVeECAQE="
          "-----END EC PARAMETERS-----";
 
+#if defined(BOTAN_HOUSE_ECC_CURVE_NAME)
+   if(name == BOTAN_HOUSE_ECC_CURVE_NAME)
+      return BOTAN_HOUSE_ECC_CURVE_PEM;
+#endif
+
    return nullptr;
    }
 
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index a2db1faaf..f8eef5ac6 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -299,6 +299,11 @@ std::string Supported_Elliptic_Curves::curve_id_to_name(u16bit id)
          return "x25519";
 #endif
 
+#if defined(BOTAN_HOUSE_ECC_CURVE_NAME)
+      case BOTAN_HOUSE_ECC_CURVE_TLS_ID:
+         return BOTAN_HOUSE_ECC_CURVE_NAME;
+#endif
+
       default:
          return ""; // something we don't know or support
       }
@@ -324,6 +329,11 @@ u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name)
       return 29;
 #endif
 
+#if defined(BOTAN_HOUSE_ECC_CURVE_NAME)
+   if(name == BOTAN_HOUSE_ECC_CURVE_NAME)
+      return BOTAN_HOUSE_ECC_CURVE_TLS_ID;
+#endif
+
    // Unknown/unavailable EC curves are ignored
    return 0;
    }
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index 8a074db0c..ab37cffd1 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -1017,6 +1017,10 @@ class TLS_Unit_Tests : public Test
          test_modern_versions(results, *client_ses, *server_ses, *creds, "DHE_PSK", "AES-128", "SHA-1");
 #endif
 
+#if defined(BOTAN_HOUSE_ECC_CURVE_NAME)
+         test_modern_versions(results, *client_ses, *server_ses, *creds, "ECDH", "AES-128/GCM", "AEAD",
+                                       { { "ecc_curves", BOTAN_HOUSE_ECC_CURVE_NAME } });
+#endif
          return results;
          }