david/ipxe
david/ipxe
Archived
1
0
Fork 0
Code

[tls] Report supported signature algorithms in ClientHello

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown 2015-08-02 14:08:38 +01:00
parent 1ac7434111
commit fc7885ed9e
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/include/ipxe/tls.h
View File

@ -101,6 +101,9 @@ struct tls_header {
#define TLS_MAX_FRAGMENT_LENGTH_2048 3
#define TLS_MAX_FRAGMENT_LENGTH_4096 4
/* TLS signature algorithms extension */
#define TLS_SIGNATURE_ALGORITHMS 13
/** TLS RX state machine state */
enum tls_rx_state {
TLS_RX_HEADER = 0,

25
src/net/tls.c
View File

@ -854,6 +854,14 @@ static int tls_change_cipher ( struct tls_session *tls,
* MD5+SHA1 is never explicitly specified.
*/
struct tls_signature_hash_algorithm tls_signature_hash_algorithms[] = {
{
.code = {
.signature = TLS_RSA_ALGORITHM,
.hash = TLS_SHA1_ALGORITHM,
},
.pubkey = &rsa_algorithm,
.digest = &sha1_algorithm,
},
{
.code = {
.signature = TLS_RSA_ALGORITHM,
@ -1001,6 +1009,13 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
struct {
uint8_t max;
} __attribute__ (( packed )) max_fragment_length;
uint16_t signature_algorithms_type;
uint16_t signature_algorithms_len;
struct {
uint16_t len;
struct tls_signature_hash_id
code[TLS_NUM_SIG_HASH_ALGORITHMS];
} __attribute__ (( packed )) signature_algorithms;
} __attribute__ (( packed )) extensions;
} __attribute__ (( packed )) hello;
unsigned int i;
@ -1032,6 +1047,16 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
= htons ( sizeof ( hello.extensions.max_fragment_length ) );
hello.extensions.max_fragment_length.max
= TLS_MAX_FRAGMENT_LENGTH_4096;
hello.extensions.signature_algorithms_type
= htons ( TLS_SIGNATURE_ALGORITHMS );
hello.extensions.signature_algorithms_len
= htons ( sizeof ( hello.extensions.signature_algorithms ) );
hello.extensions.signature_algorithms.len
= htons ( sizeof ( hello.extensions.signature_algorithms.code));
for ( i = 0 ; i < TLS_NUM_SIG_HASH_ALGORITHMS ; i++ ) {
hello.extensions.signature_algorithms.code[i]
= tls_signature_hash_algorithms[i].code;
}
return tls_send_handshake ( tls, &hello, sizeof ( hello ) );
}