diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-11-07 18:11:36 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-11-08 14:09:18 +0000 |
| commit | c453b4c284dbedb5de0663f6b30878b425a7a3e8 (patch) | |
| tree | 3edacf954d8f3d899d5d666fc6b1c4ba71cbcb9a /src/crypto | |
| parent | b6eef1485808093f9dae4fe9d6b685e01a6d65a4 (diff) | |
| download | ipxe-c453b4c284dbedb5de0663f6b30878b425a7a3e8.tar.gz | |
[tls] Add MAC length as a cipher suite parameter
TLS stream and block ciphers use a MAC with a length equal to the
output length of the digest algorithm in use. For AEAD ciphers there
is no MAC, with the equivalent functionality provided by the cipher
algorithm's authentication tag.
Allow for the existence of AEAD cipher suites by making the MAC length
a parameter of the cipher suite.
Assume that the MAC key length is equal to the MAC length, since this
is true for all currently supported cipher suites.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/mishmash/rsa_aes_cbc_sha1.c | 4 | ||||
| -rw-r--r-- | src/crypto/mishmash/rsa_aes_cbc_sha256.c | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/crypto/mishmash/rsa_aes_cbc_sha1.c b/src/crypto/mishmash/rsa_aes_cbc_sha1.c index 765ed1138..4f399a036 100644 --- a/src/crypto/mishmash/rsa_aes_cbc_sha1.c +++ b/src/crypto/mishmash/rsa_aes_cbc_sha1.c @@ -36,6 +36,7 @@ tls_dhe_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 03 ) = { .key_len = ( 128 / 8 ), .fixed_iv_len = 0, .record_iv_len = AES_BLOCKSIZE, + .mac_len = SHA1_DIGEST_SIZE, .exchange = &tls_dhe_exchange_algorithm, .pubkey = &rsa_algorithm, .cipher = &aes_cbc_algorithm, @@ -49,6 +50,7 @@ tls_dhe_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 04 ) = { .key_len = ( 256 / 8 ), .fixed_iv_len = 0, .record_iv_len = AES_BLOCKSIZE, + .mac_len = SHA1_DIGEST_SIZE, .exchange = &tls_dhe_exchange_algorithm, .pubkey = &rsa_algorithm, .cipher = &aes_cbc_algorithm, @@ -62,6 +64,7 @@ tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 13 ) = { .key_len = ( 128 / 8 ), .fixed_iv_len = 0, .record_iv_len = AES_BLOCKSIZE, + .mac_len = SHA1_DIGEST_SIZE, .exchange = &tls_pubkey_exchange_algorithm, .pubkey = &rsa_algorithm, .cipher = &aes_cbc_algorithm, @@ -75,6 +78,7 @@ tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 14 ) = { .key_len = ( 256 / 8 ), .fixed_iv_len = 0, .record_iv_len = AES_BLOCKSIZE, + .mac_len = SHA1_DIGEST_SIZE, .exchange = &tls_pubkey_exchange_algorithm, .pubkey = &rsa_algorithm, .cipher = &aes_cbc_algorithm, diff --git a/src/crypto/mishmash/rsa_aes_cbc_sha256.c b/src/crypto/mishmash/rsa_aes_cbc_sha256.c index 1cc7dfe27..4b02a7743 100644 --- a/src/crypto/mishmash/rsa_aes_cbc_sha256.c +++ b/src/crypto/mishmash/rsa_aes_cbc_sha256.c @@ -36,6 +36,7 @@ tls_dhe_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 01 ) = { .key_len = ( 128 / 8 ), .fixed_iv_len = 0, .record_iv_len = AES_BLOCKSIZE, + .mac_len = SHA256_DIGEST_SIZE, .exchange = &tls_dhe_exchange_algorithm, .pubkey = &rsa_algorithm, .cipher = &aes_cbc_algorithm, @@ -49,6 +50,7 @@ tls_dhe_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 02 ) = { .key_len = ( 256 / 8 ), .fixed_iv_len = 0, .record_iv_len = AES_BLOCKSIZE, + .mac_len = SHA256_DIGEST_SIZE, .exchange = &tls_dhe_exchange_algorithm, .pubkey = &rsa_algorithm, .cipher = &aes_cbc_algorithm, @@ -62,6 +64,7 @@ tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 11 ) = { .key_len = ( 128 / 8 ), .fixed_iv_len = 0, .record_iv_len = AES_BLOCKSIZE, + .mac_len = SHA256_DIGEST_SIZE, .exchange = &tls_pubkey_exchange_algorithm, .pubkey = &rsa_algorithm, .cipher = &aes_cbc_algorithm, @@ -75,6 +78,7 @@ tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 12 ) = { .key_len = ( 256 / 8 ), .fixed_iv_len = 0, .record_iv_len = AES_BLOCKSIZE, + .mac_len = SHA256_DIGEST_SIZE, .exchange = &tls_pubkey_exchange_algorithm, .pubkey = &rsa_algorithm, .cipher = &aes_cbc_algorithm, |