robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[tls] Support (and prefer) SHA-256 variants of existing cipher suites 

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 13 years ago
parent
015c936791
commit
6069b09bfc
2 changed files with 17 additions and 3 deletions
Unified View Show Diff Stats
  1. 2
    0
      src/include/ipxe/tls.h
  2. 15
    3
      src/net/tls.c

+ 2
- 0
src/include/ipxe/tls.h View File

77 
 #define TLS_RSA_WITH_NULL_SHA 0x0002
 77 
 #define TLS_RSA_WITH_NULL_SHA 0x0002
78 
 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f
 78 
 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f
79 
 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
 79 
 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
80 
+#define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003c
81 
+#define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003d
80
82
81 
 /* TLS extension types */
 83 
 /* TLS extension types */
82 
 #define TLS_SERVER_NAME 0
 84 
 #define TLS_SERVER_NAME 0

+ 15
- 3
src/net/tls.c View File

513 
 		cipher = &aes_cbc_algorithm;
 513 
 		cipher = &aes_cbc_algorithm;
514 
 		digest = &sha1_algorithm;
 514 
 		digest = &sha1_algorithm;
515 
 		break;
 515 
 		break;
516 
+	case htons ( TLS_RSA_WITH_AES_128_CBC_SHA256 ):
517 
+		key_len = ( 128 / 8 );
518 
+		cipher = &aes_cbc_algorithm;
519 
+		digest = &sha256_algorithm;
520 
+		break;
521 
+	case htons ( TLS_RSA_WITH_AES_256_CBC_SHA256 ):
522 
+		key_len = ( 256 / 8 );
523 
+		cipher = &aes_cbc_algorithm;
524 
+		digest = &sha256_algorithm;
525 
+		break;
516 
 	default:
 526 
 	default:
517 
 		DBGC ( tls, "TLS %p does not support cipher %04x\n",
 527 
 		DBGC ( tls, "TLS %p does not support cipher %04x\n",
518 
 		       tls, ntohs ( cipher_suite ) );
 528 
 		       tls, ntohs ( cipher_suite ) );
677 
 		uint8_t random[32];
 687 
 		uint8_t random[32];
678 
 		uint8_t session_id_len;
 688 
 		uint8_t session_id_len;
679 
 		uint16_t cipher_suite_len;
 689 
 		uint16_t cipher_suite_len;
680 
-		uint16_t cipher_suites[2];
690 
+		uint16_t cipher_suites[4];
681 
 		uint8_t compression_methods_len;
 691 
 		uint8_t compression_methods_len;
682 
 		uint8_t compression_methods[1];
 692 
 		uint8_t compression_methods[1];
683 
 		uint16_t extensions_len;
 693 
 		uint16_t extensions_len;
702 
 	hello.version = htons ( tls->version );
 712 
 	hello.version = htons ( tls->version );
703 
 	memcpy ( &hello.random, &tls->client_random, sizeof ( hello.random ) );
 713 
 	memcpy ( &hello.random, &tls->client_random, sizeof ( hello.random ) );
704 
 	hello.cipher_suite_len = htons ( sizeof ( hello.cipher_suites ) );
 714 
 	hello.cipher_suite_len = htons ( sizeof ( hello.cipher_suites ) );
705 
-	hello.cipher_suites[0] = htons ( TLS_RSA_WITH_AES_128_CBC_SHA );
706 
-	hello.cipher_suites[1] = htons ( TLS_RSA_WITH_AES_256_CBC_SHA );
715 
+	hello.cipher_suites[0] = htons ( TLS_RSA_WITH_AES_256_CBC_SHA256 );
716 
+	hello.cipher_suites[1] = htons ( TLS_RSA_WITH_AES_128_CBC_SHA256 );
717 
+	hello.cipher_suites[2] = htons ( TLS_RSA_WITH_AES_256_CBC_SHA );
718 
+	hello.cipher_suites[3] = htons ( TLS_RSA_WITH_AES_128_CBC_SHA );
707 
 	hello.compression_methods_len = sizeof ( hello.compression_methods );
 719 
 	hello.compression_methods_len = sizeof ( hello.compression_methods );
708 
 	hello.extensions_len = htons ( sizeof ( hello.extensions ) );
 720 
 	hello.extensions_len = htons ( sizeof ( hello.extensions ) );
709 
 	hello.extensions.server_name_type = htons ( TLS_SERVER_NAME );
 721 
 	hello.extensions.server_name_type = htons ( TLS_SERVER_NAME );

Write Preview
Loading…
Cancel
Save