sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-02-09 07:10:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

[tls] Add key exchange mechanism to definition of cipher suite

Browse Source 
Allow for the key exchange mechanism to vary depending upon the
selected cipher suite.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2022-10-11 13:54:34 +01:00
parent 80c45c5c71
commit ea33ea33c0
4 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/net/tls.c
View File

@@ -734,6 +734,7 @@ static int tls_generate_keys ( struct tls_connection *tls ) {
/** Null cipher suite */
struct tls_cipher_suite tls_cipher_suite_null = {
.exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &pubkey_null,
.cipher = &cipher_null,
.digest = &digest_null,
@@ -849,7 +850,8 @@ static int tls_select_cipher ( struct tls_connection *tls,
suite ) ) != 0 )
return rc;
DBGC ( tls, "TLS %p selected %s-%s-%d-%s\n", tls, suite->pubkey->name,
DBGC ( tls, "TLS %p selected %s-%s-%s-%d-%s\n", tls,
suite->exchange->name, suite->pubkey->name,
suite->cipher->name, ( suite->key_len * 8 ),
suite->digest->name );
@@ -1205,12 +1207,12 @@ static int tls_send_certificate ( struct tls_connection *tls ) {
}
/**
* Transmit Client Key Exchange record
* Transmit Client Key Exchange record using public key exchange
*
* @v tls TLS connection
* @ret rc Return status code
*/
static int tls_send_client_key_exchange ( struct tls_connection *tls ) {
static int tls_send_client_key_exchange_pubkey ( struct tls_connection *tls ) {
struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
size_t max_len = pubkey_max_len ( pubkey, cipherspec->pubkey_ctx );
@@ -1269,6 +1271,26 @@ static int tls_send_client_key_exchange ( struct tls_connection *tls ) {
( sizeof ( key_xchg ) - unused ) );
}
/** Public key exchange algorithm */
struct tls_key_exchange_algorithm tls_pubkey_exchange_algorithm = {
.name = "pubkey",
.exchange = tls_send_client_key_exchange_pubkey,
};
/**
* Transmit Client Key Exchange record
*
* @v tls TLS connection
* @ret rc Return status code
*/
static int tls_send_client_key_exchange ( struct tls_connection *tls ) {
struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
struct tls_cipher_suite *suite = cipherspec->suite;
/* Transmit Client Key Exchange record via key exchange algorithm */
return suite->exchange->exchange ( tls );
}
/**
* Transmit Certificate Verify record
*