diff options
| author | Michael Brown <mcb30@ipxe.org> | 2015-08-02 16:54:24 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2015-08-02 16:54:24 +0100 |
| commit | b1caa48e4bb3f15e7eb749e0c3470436ebff3435 (patch) | |
| tree | 8ce3bbef596e98c102585672186f3e586dd1c27e /src/include | |
| parent | 93370488acb9fedc06527bb0baf89cc2ce82a0a8 (diff) | |
| download | ipxe-b1caa48e4bb3f15e7eb749e0c3470436ebff3435.tar.gz | |
[crypto] Support SHA-{224,384,512} in X.509 certificates
Add support for SHA-224, SHA-384, and SHA-512 as digest algorithms in
X.509 certificates, and allow the choice of public-key, cipher, and
digest algorithms to be configured at build time via config/crypto.h.
Originally-implemented-by: Tufan Karadere <tufank@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ipxe/rsa.h | 1 | ||||
| -rw-r--r-- | src/include/ipxe/tls.h | 25 |
2 files changed, 26 insertions, 0 deletions
diff --git a/src/include/ipxe/rsa.h b/src/include/ipxe/rsa.h index 5fe7ec4df..d947eec73 100644 --- a/src/include/ipxe/rsa.h +++ b/src/include/ipxe/rsa.h @@ -8,6 +8,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +#include <stdarg.h> #include <ipxe/crypto.h> #include <ipxe/bigint.h> #include <ipxe/asn1.h> diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index 7c5007494..7d982c326 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -20,6 +20,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/x509.h> #include <ipxe/pending.h> #include <ipxe/iobuf.h> +#include <ipxe/tables.h> /** A TLS header */ struct tls_header { @@ -85,7 +86,10 @@ struct tls_header { /* TLS hash algorithm identifiers */ #define TLS_MD5_ALGORITHM 1 #define TLS_SHA1_ALGORITHM 2 +#define TLS_SHA224_ALGORITHM 3 #define TLS_SHA256_ALGORITHM 4 +#define TLS_SHA384_ALGORITHM 5 +#define TLS_SHA512_ALGORITHM 6 /* TLS signature algorithm identifiers */ #define TLS_RSA_ALGORITHM 1 @@ -134,6 +138,14 @@ struct tls_cipher_suite { uint16_t code; }; +/** TLS cipher suite table */ +#define TLS_CIPHER_SUITES \ + __table ( struct tls_cipher_suite, "tls_cipher_suites" ) + +/** Declare a TLS cipher suite */ +#define __tls_cipher_suite( pref ) \ + __table_entry ( TLS_CIPHER_SUITES, pref ) + /** A TLS cipher specification */ struct tls_cipherspec { /** Cipher suite */ @@ -168,6 +180,19 @@ struct tls_signature_hash_algorithm { struct tls_signature_hash_id code; }; +/** TLS signature hash algorithm table + * + * Note that the default (TLSv1.1 and earlier) algorithm using + * MD5+SHA1 is never explicitly specified. + */ +#define TLS_SIG_HASH_ALGORITHMS \ + __table ( struct tls_signature_hash_algorithm, \ + "tls_sig_hash_algorithms" ) + +/** Declare a TLS signature hash algorithm */ +#define __tls_sig_hash_algorithm \ + __table_entry ( TLS_SIG_HASH_ALGORITHMS, 01 ) + /** TLS pre-master secret */ struct tls_pre_master_secret { /** TLS version */ |