[tls] Allow handshake digest algorithm to be specified by cipher suite

All existing cipher suites use SHA-256 as the TLSv1.2 and above handshake digest algorithm (even when using SHA-1 as the MAC digest algorithm). Some GCM cipher suites use SHA-384 as the handshake digest algorithm. Allow the cipher suite to specify the handshake (and PRF) digest algorithm to be used for TLSv1.2 and above. This requires some restructuring to allow for the fact that the ClientHello message must be included within the handshake digest, even though the relevant digest algorithm is not yet known at the point that the ClientHello is sent. Fortunately, the ClientHello may be reproduced verbatim at the point of receiving the ServerHello, so we rely on reconstructing (rather than storing) this message. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-02-14 02:31:26 +03:00 · 2022-11-09 14:04:43 +00:00
parent 51ecc05490
commit 7256a6eb24
4 changed files with 125 additions and 68 deletions
--- a/src/crypto/mishmash/rsa_aes_cbc_sha1.c
+++ b/src/crypto/mishmash/rsa_aes_cbc_sha1.c
@@ -27,6 +27,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/rsa.h>
 #include <ipxe/aes.h>
 #include <ipxe/sha1.h>
+#include <ipxe/sha256.h>
 #include <ipxe/tls.h>

 /** TLS_DHE_RSA_WITH_AES_128_CBC_SHA cipher suite */
@@ -41,6 +42,7 @@ tls_dhe_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 03 ) = {
 	.pubkey = &rsa_algorithm,
 	.cipher = &aes_cbc_algorithm,
 	.digest = &sha1_algorithm,
+	.handshake = &sha256_algorithm,
 };

 /** TLS_DHE_RSA_WITH_AES_256_CBC_SHA cipher suite */
@@ -55,6 +57,7 @@ tls_dhe_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 04 ) = {
 	.pubkey = &rsa_algorithm,
 	.cipher = &aes_cbc_algorithm,
 	.digest = &sha1_algorithm,
+	.handshake = &sha256_algorithm,
 };

 /** TLS_RSA_WITH_AES_128_CBC_SHA cipher suite */
@@ -69,6 +72,7 @@ tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 13 ) = {
 	.pubkey = &rsa_algorithm,
 	.cipher = &aes_cbc_algorithm,
 	.digest = &sha1_algorithm,
+	.handshake = &sha256_algorithm,
 };

 /** TLS_RSA_WITH_AES_256_CBC_SHA cipher suite */
@@ -83,4 +87,5 @@ tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 14 ) = {
 	.pubkey = &rsa_algorithm,
 	.cipher = &aes_cbc_algorithm,
 	.digest = &sha1_algorithm,
+	.handshake = &sha256_algorithm,
 };
--- a/src/crypto/mishmash/rsa_aes_cbc_sha256.c
+++ b/src/crypto/mishmash/rsa_aes_cbc_sha256.c
@@ -41,6 +41,7 @@ tls_dhe_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 01 ) = {
 	.pubkey = &rsa_algorithm,
 	.cipher = &aes_cbc_algorithm,
 	.digest = &sha256_algorithm,
+	.handshake = &sha256_algorithm,
 };

 /** TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 cipher suite */
@@ -55,6 +56,7 @@ tls_dhe_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 02 ) = {
 	.pubkey = &rsa_algorithm,
 	.cipher = &aes_cbc_algorithm,
 	.digest = &sha256_algorithm,
+	.handshake = &sha256_algorithm,
 };

 /** TLS_RSA_WITH_AES_128_CBC_SHA256 cipher suite */
@@ -69,6 +71,7 @@ tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 11 ) = {
 	.pubkey = &rsa_algorithm,
 	.cipher = &aes_cbc_algorithm,
 	.digest = &sha256_algorithm,
+	.handshake = &sha256_algorithm,
 };

 /** TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite */
@@ -83,4 +86,5 @@ tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 12 ) = {
 	.pubkey = &rsa_algorithm,
 	.cipher = &aes_cbc_algorithm,
 	.digest = &sha256_algorithm,
+	.handshake = &sha256_algorithm,
 };