diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-10-11 13:57:05 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-10-11 15:42:13 +0100 |
| commit | 2c78242732765be200f81a84cc95037ba2924e42 (patch) | |
| tree | d643151bf469c622d4a9b759fba88d3d08459f55 | |
| parent | 6b2c94d3a7d93a8fc47fcb0b895477d4dafca5f0 (diff) | |
| download | ipxe-2c78242732765be200f81a84cc95037ba2924e42.tar.gz | |
[tls] Add support for DHE variants of the existing cipher suites
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/crypto/mishmash/rsa_aes_cbc_sha1.c | 28 | ||||
| -rw-r--r-- | src/crypto/mishmash/rsa_aes_cbc_sha256.c | 28 | ||||
| -rw-r--r-- | src/include/ipxe/tls.h | 4 |
3 files changed, 56 insertions, 4 deletions
diff --git a/src/crypto/mishmash/rsa_aes_cbc_sha1.c b/src/crypto/mishmash/rsa_aes_cbc_sha1.c index 04b4ce2a7..b054a01c7 100644 --- a/src/crypto/mishmash/rsa_aes_cbc_sha1.c +++ b/src/crypto/mishmash/rsa_aes_cbc_sha1.c @@ -29,8 +29,31 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/sha1.h> #include <ipxe/tls.h> +/** TLS_DHE_RSA_WITH_AES_128_CBC_SHA cipher suite */ +struct tls_cipher_suite +tls_dhe_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 03 ) = { + .code = htons ( TLS_DHE_RSA_WITH_AES_128_CBC_SHA ), + .key_len = ( 128 / 8 ), + .exchange = &tls_dhe_exchange_algorithm, + .pubkey = &rsa_algorithm, + .cipher = &aes_cbc_algorithm, + .digest = &sha1_algorithm, +}; + +/** TLS_DHE_RSA_WITH_AES_256_CBC_SHA cipher suite */ +struct tls_cipher_suite +tls_dhe_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 04 ) = { + .code = htons ( TLS_DHE_RSA_WITH_AES_256_CBC_SHA ), + .key_len = ( 256 / 8 ), + .exchange = &tls_dhe_exchange_algorithm, + .pubkey = &rsa_algorithm, + .cipher = &aes_cbc_algorithm, + .digest = &sha1_algorithm, +}; + /** TLS_RSA_WITH_AES_128_CBC_SHA cipher suite */ -struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite (03) = { +struct tls_cipher_suite +tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 13 ) = { .code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA ), .key_len = ( 128 / 8 ), .exchange = &tls_pubkey_exchange_algorithm, @@ -40,7 +63,8 @@ struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite (03) = { }; /** TLS_RSA_WITH_AES_256_CBC_SHA cipher suite */ -struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite (04) = { +struct tls_cipher_suite +tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 14 ) = { .code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA ), .key_len = ( 256 / 8 ), .exchange = &tls_pubkey_exchange_algorithm, diff --git a/src/crypto/mishmash/rsa_aes_cbc_sha256.c b/src/crypto/mishmash/rsa_aes_cbc_sha256.c index 1021f76f4..b003523d5 100644 --- a/src/crypto/mishmash/rsa_aes_cbc_sha256.c +++ b/src/crypto/mishmash/rsa_aes_cbc_sha256.c @@ -29,8 +29,31 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/sha256.h> #include <ipxe/tls.h> +/** TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 cipher suite */ +struct tls_cipher_suite +tls_dhe_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 01 ) = { + .code = htons ( TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ), + .key_len = ( 128 / 8 ), + .exchange = &tls_dhe_exchange_algorithm, + .pubkey = &rsa_algorithm, + .cipher = &aes_cbc_algorithm, + .digest = &sha256_algorithm, +}; + +/** TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 cipher suite */ +struct tls_cipher_suite +tls_dhe_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 02 ) = { + .code = htons ( TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ), + .key_len = ( 256 / 8 ), + .exchange = &tls_dhe_exchange_algorithm, + .pubkey = &rsa_algorithm, + .cipher = &aes_cbc_algorithm, + .digest = &sha256_algorithm, +}; + /** TLS_RSA_WITH_AES_128_CBC_SHA256 cipher suite */ -struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite(01)={ +struct tls_cipher_suite +tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 11 ) = { .code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA256 ), .key_len = ( 128 / 8 ), .exchange = &tls_pubkey_exchange_algorithm, @@ -40,7 +63,8 @@ struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite(01)={ }; /** TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite */ -struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite(02)={ +struct tls_cipher_suite +tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 12 ) = { .code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA256 ), .key_len = ( 256 / 8 ), .exchange = &tls_pubkey_exchange_algorithm, diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index 6d6c82de0..879e1be98 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -86,9 +86,13 @@ struct tls_header { #define TLS_RSA_WITH_NULL_MD5 0x0001 #define TLS_RSA_WITH_NULL_SHA 0x0002 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035 +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003c #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003d +#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 +#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006b /* TLS hash algorithm identifiers */ #define TLS_MD5_ALGORITHM 1 |