/** TLS version 1.2 */
#define TLS_VERSION_TLS_1_2 0x0303
+/** Maximum supported TLS version */
+#define TLS_VERSION_MAX TLS_VERSION_TLS_1_2
+
/** Change cipher content type */
#define TLS_TYPE_CHANGE_CIPHER 20
#define __tls_sig_hash_algorithm \
__table_entry ( TLS_SIG_HASH_ALGORITHMS, 01 )
-/** TLS pre-master secret */
-struct tls_pre_master_secret {
- /** TLS version */
- uint16_t version;
- /** Random data */
- uint8_t random[46];
-} __attribute__ (( packed ));
-
/** TLS client random data */
struct tls_client_random {
/** GMT Unix time */
struct tls_cipherspec rx_cipherspec;
/** Next RX cipher specification */
struct tls_cipherspec rx_cipherspec_pending;
- /** Premaster secret */
- struct tls_pre_master_secret pre_master_secret;
/** Master secret */
uint8_t master_secret[48];
/** Server random bytes */
* Generate master secret
*
* @v tls TLS connection
+ * @v pre_master_secret Pre-master secret
+ * @v pre_master_secret_len Length of pre-master secret
*
- * The pre-master secret and the client and server random values must
- * already be known.
+ * The client and server random values must already be known.
*/
-static void tls_generate_master_secret ( struct tls_connection *tls ) {
+static void tls_generate_master_secret ( struct tls_connection *tls,
+ const void *pre_master_secret,
+ size_t pre_master_secret_len ) {
+
DBGC ( tls, "TLS %p pre-master-secret:\n", tls );
- DBGC_HD ( tls, &tls->pre_master_secret,
- sizeof ( tls->pre_master_secret ) );
+ DBGC_HD ( tls, pre_master_secret, pre_master_secret_len );
DBGC ( tls, "TLS %p client random bytes:\n", tls );
DBGC_HD ( tls, &tls->client_random, sizeof ( tls->client_random ) );
DBGC ( tls, "TLS %p server random bytes:\n", tls );
DBGC_HD ( tls, &tls->server_random, sizeof ( tls->server_random ) );
- tls_prf_label ( tls, &tls->pre_master_secret,
- sizeof ( tls->pre_master_secret ),
+ tls_prf_label ( tls, pre_master_secret, pre_master_secret_len,
&tls->master_secret, sizeof ( tls->master_secret ),
"master secret",
&tls->client_random, sizeof ( tls->client_random ),
struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
size_t max_len = pubkey_max_len ( pubkey, cipherspec->pubkey_ctx );
+ struct {
+ uint16_t version;
+ uint8_t random[46];
+ } __attribute__ (( packed )) pre_master_secret;
struct {
uint32_t type_length;
uint16_t encrypted_pre_master_secret_len;
int len;
int rc;
+ /* Generate pre-master secret */
+ pre_master_secret.version = htons ( TLS_VERSION_MAX );
+ if ( ( rc = tls_generate_random ( tls, &pre_master_secret.random,
+ ( sizeof ( pre_master_secret.random ) ) ) ) != 0 ) {
+ return rc;
+ }
+
/* Generate master secret */
- tls_generate_master_secret ( tls );
+ tls_generate_master_secret ( tls, &pre_master_secret,
+ sizeof ( pre_master_secret ) );
/* Generate keys */
if ( ( rc = tls_generate_keys ( tls ) ) != 0 ) {
/* Encrypt pre-master secret using server's public key */
memset ( &key_xchg, 0, sizeof ( key_xchg ) );
len = pubkey_encrypt ( pubkey, cipherspec->pubkey_ctx,
- &tls->pre_master_secret,
- sizeof ( tls->pre_master_secret ),
+ &pre_master_secret, sizeof ( pre_master_secret ),
key_xchg.encrypted_pre_master_secret );
if ( len < 0 ) {
rc = len;
&tls->refcnt );
tls->key = privkey_get ( key ? key : &private_key );
tls->root = x509_root_get ( root ? root : &root_certificates );
- tls->version = TLS_VERSION_TLS_1_2;
+ tls->version = TLS_VERSION_MAX;
tls_clear_cipher ( tls, &tls->tx_cipherspec );
tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );
tls_clear_cipher ( tls, &tls->rx_cipherspec );
( sizeof ( tls->client_random.random ) ) ) ) != 0 ) {
goto err_random;
}
- tls->pre_master_secret.version = htons ( tls->version );
- if ( ( rc = tls_generate_random ( tls, &tls->pre_master_secret.random,
- ( sizeof ( tls->pre_master_secret.random ) ) ) ) != 0 ) {
- goto err_random;
- }
if ( ( rc = tls_session ( tls, name ) ) != 0 )
goto err_session;
list_add_tail ( &tls->list, &tls->session->conn );
projects / thirdparty / ipxe.git / commitdiff
