ソースを参照

[tls] Report supported signature algorithms in ClientHello

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 9年前
コミット
fc7885ed9e
2個のファイルの変更28行の追加0行の削除
  1. 3
    0
      src/include/ipxe/tls.h
  2. 25
    0
      src/net/tls.c

+ 3
- 0
src/include/ipxe/tls.h ファイルの表示

@@ -101,6 +101,9 @@ struct tls_header {
101 101
 #define TLS_MAX_FRAGMENT_LENGTH_2048 3
102 102
 #define TLS_MAX_FRAGMENT_LENGTH_4096 4
103 103
 
104
+/* TLS signature algorithms extension */
105
+#define TLS_SIGNATURE_ALGORITHMS 13
106
+
104 107
 /** TLS RX state machine state */
105 108
 enum tls_rx_state {
106 109
 	TLS_RX_HEADER = 0,

+ 25
- 0
src/net/tls.c ファイルの表示

@@ -854,6 +854,14 @@ static int tls_change_cipher ( struct tls_session *tls,
854 854
  * MD5+SHA1 is never explicitly specified.
855 855
  */
856 856
 struct tls_signature_hash_algorithm tls_signature_hash_algorithms[] = {
857
+	{
858
+		.code = {
859
+			.signature = TLS_RSA_ALGORITHM,
860
+			.hash = TLS_SHA1_ALGORITHM,
861
+		},
862
+		.pubkey = &rsa_algorithm,
863
+		.digest = &sha1_algorithm,
864
+	},
857 865
 	{
858 866
 		.code = {
859 867
 			.signature = TLS_RSA_ALGORITHM,
@@ -1001,6 +1009,13 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
1001 1009
 			struct {
1002 1010
 				uint8_t max;
1003 1011
 			} __attribute__ (( packed )) max_fragment_length;
1012
+			uint16_t signature_algorithms_type;
1013
+			uint16_t signature_algorithms_len;
1014
+			struct {
1015
+				uint16_t len;
1016
+				struct tls_signature_hash_id
1017
+					code[TLS_NUM_SIG_HASH_ALGORITHMS];
1018
+			} __attribute__ (( packed )) signature_algorithms;
1004 1019
 		} __attribute__ (( packed )) extensions;
1005 1020
 	} __attribute__ (( packed )) hello;
1006 1021
 	unsigned int i;
@@ -1032,6 +1047,16 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
1032 1047
 		= htons ( sizeof ( hello.extensions.max_fragment_length ) );
1033 1048
 	hello.extensions.max_fragment_length.max
1034 1049
 		= TLS_MAX_FRAGMENT_LENGTH_4096;
1050
+	hello.extensions.signature_algorithms_type
1051
+		= htons ( TLS_SIGNATURE_ALGORITHMS );
1052
+	hello.extensions.signature_algorithms_len
1053
+		= htons ( sizeof ( hello.extensions.signature_algorithms ) );
1054
+	hello.extensions.signature_algorithms.len
1055
+		= htons ( sizeof ( hello.extensions.signature_algorithms.code));
1056
+	for ( i = 0 ; i < TLS_NUM_SIG_HASH_ALGORITHMS ; i++ ) {
1057
+		hello.extensions.signature_algorithms.code[i]
1058
+			= tls_signature_hash_algorithms[i].code;
1059
+	}
1035 1060
 
1036 1061
 	return tls_send_handshake ( tls, &hello, sizeof ( hello ) );
1037 1062
 }

読み込み中…
キャンセル
保存