diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-10-11 13:54:34 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-10-11 14:37:12 +0100 |
| commit | ea33ea33c0d77b853c39d7b0e8c54f1a6f56b6bc (patch) | |
| tree | c36d42e2c31a03ffe03bb0a646a2c0e075082abf /src/net | |
| parent | 80c45c5c71af76e4313c37528d29aa485b247073 (diff) | |
| download | ipxe-ea33ea33c0d77b853c39d7b0e8c54f1a6f56b6bc.tar.gz | |
[tls] Add key exchange mechanism to definition of cipher suite
Allow for the key exchange mechanism to vary depending upon the
selected cipher suite.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/net')
| -rw-r--r-- | src/net/tls.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/src/net/tls.c b/src/net/tls.c index a1ffcacd7..b209e0d80 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -734,6 +734,7 @@ static int tls_generate_keys ( struct tls_connection *tls ) { /** Null cipher suite */ struct tls_cipher_suite tls_cipher_suite_null = { + .exchange = &tls_pubkey_exchange_algorithm, .pubkey = &pubkey_null, .cipher = &cipher_null, .digest = &digest_null, @@ -849,7 +850,8 @@ static int tls_select_cipher ( struct tls_connection *tls, suite ) ) != 0 ) return rc; - DBGC ( tls, "TLS %p selected %s-%s-%d-%s\n", tls, suite->pubkey->name, + DBGC ( tls, "TLS %p selected %s-%s-%s-%d-%s\n", tls, + suite->exchange->name, suite->pubkey->name, suite->cipher->name, ( suite->key_len * 8 ), suite->digest->name ); @@ -1205,12 +1207,12 @@ static int tls_send_certificate ( struct tls_connection *tls ) { } /** - * Transmit Client Key Exchange record + * Transmit Client Key Exchange record using public key exchange * * @v tls TLS connection * @ret rc Return status code */ -static int tls_send_client_key_exchange ( struct tls_connection *tls ) { +static int tls_send_client_key_exchange_pubkey ( struct tls_connection *tls ) { struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending; struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey; size_t max_len = pubkey_max_len ( pubkey, cipherspec->pubkey_ctx ); @@ -1269,6 +1271,26 @@ static int tls_send_client_key_exchange ( struct tls_connection *tls ) { ( sizeof ( key_xchg ) - unused ) ); } +/** Public key exchange algorithm */ +struct tls_key_exchange_algorithm tls_pubkey_exchange_algorithm = { + .name = "pubkey", + .exchange = tls_send_client_key_exchange_pubkey, +}; + +/** + * Transmit Client Key Exchange record + * + * @v tls TLS connection + * @ret rc Return status code + */ +static int tls_send_client_key_exchange ( struct tls_connection *tls ) { + struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending; + struct tls_cipher_suite *suite = cipherspec->suite; + + /* Transmit Client Key Exchange record via key exchange algorithm */ + return suite->exchange->exchange ( tls ); +} + /** * Transmit Certificate Verify record * |