robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[tls] Report supported signature algorithms in ClientHello 

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 10 years ago
parent
1ac7434111
commit
fc7885ed9e
2 changed files with 28 additions and 0 deletions
Split View Show Diff Stats
  1. 3
    0
      src/include/ipxe/tls.h
  2. 25
    0
      src/net/tls.c

+ 3
- 0
src/include/ipxe/tls.h View File 

@@ -101,6 +101,9 @@ struct tls_header {
101 101 
 #define TLS_MAX_FRAGMENT_LENGTH_2048 3
102 102 
 #define TLS_MAX_FRAGMENT_LENGTH_4096 4
103 103
104 
+/* TLS signature algorithms extension */
105 
+#define TLS_SIGNATURE_ALGORITHMS 13
106 
+
104 107 
 /** TLS RX state machine state */
105 108 
 enum tls_rx_state {
106 109 
 	TLS_RX_HEADER = 0,

+ 25
- 0
src/net/tls.c View File 

@@ -854,6 +854,14 @@ static int tls_change_cipher ( struct tls_session *tls,
854 854 
  * MD5+SHA1 is never explicitly specified.
855 855 
  */
856 856 
 struct tls_signature_hash_algorithm tls_signature_hash_algorithms[] = {
857 
+	{
858 
+		.code = {
859 
+			.signature = TLS_RSA_ALGORITHM,
860 
+			.hash = TLS_SHA1_ALGORITHM,
861 
+		},
862 
+		.pubkey = &rsa_algorithm,
863 
+		.digest = &sha1_algorithm,
864 
+	},
857 865 
 	{
858 866 
 		.code = {
859 867 
 			.signature = TLS_RSA_ALGORITHM,
 
@@ -1001,6 +1009,13 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
1001 1009 
 			struct {
1002 1010 
 				uint8_t max;
1003 1011 
 			} __attribute__ (( packed )) max_fragment_length;
1012 
+			uint16_t signature_algorithms_type;
1013 
+			uint16_t signature_algorithms_len;
1014 
+			struct {
1015 
+				uint16_t len;
1016 
+				struct tls_signature_hash_id
1017 
+					code[TLS_NUM_SIG_HASH_ALGORITHMS];
1018 
+			} __attribute__ (( packed )) signature_algorithms;
1004 1019 
 		} __attribute__ (( packed )) extensions;
1005 1020 
 	} __attribute__ (( packed )) hello;
1006 1021 
 	unsigned int i;
 
@@ -1032,6 +1047,16 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
1032 1047 
 		= htons ( sizeof ( hello.extensions.max_fragment_length ) );
1033 1048 
 	hello.extensions.max_fragment_length.max
1034 1049 
 		= TLS_MAX_FRAGMENT_LENGTH_4096;
1050 
+	hello.extensions.signature_algorithms_type
1051 
+		= htons ( TLS_SIGNATURE_ALGORITHMS );
1052 
+	hello.extensions.signature_algorithms_len
1053 
+		= htons ( sizeof ( hello.extensions.signature_algorithms ) );
1054 
+	hello.extensions.signature_algorithms.len
1055 
+		= htons ( sizeof ( hello.extensions.signature_algorithms.code));
1056 
+	for ( i = 0 ; i < TLS_NUM_SIG_HASH_ALGORITHMS ; i++ ) {
1057 
+		hello.extensions.signature_algorithms.code[i]
1058 
+			= tls_signature_hash_algorithms[i].code;
1059 
+	}
1035 1060
1036 1061 
 	return tls_send_handshake ( tls, &hello, sizeof ( hello ) );
1037 1062 
 }

Write Preview
Loading…
Cancel
Save