struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite (03) = {
.code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA ),
.key_len = ( 128 / 8 ),
+ .exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
.digest = &sha1_algorithm,
struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite (04) = {
.code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA ),
.key_len = ( 256 / 8 ),
+ .exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
.digest = &sha1_algorithm,
struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite(01)={
.code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA256 ),
.key_len = ( 128 / 8 ),
+ .exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
.digest = &sha256_algorithm,
struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite(02)={
.code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA256 ),
.key_len = ( 256 / 8 ),
+ .exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
.digest = &sha256_algorithm,
#include <ipxe/iobuf.h>
#include <ipxe/tables.h>
+struct tls_connection;
+
/** A TLS header */
struct tls_header {
/** Content type
TLS_TX_FINISHED = 0x0020,
};
+/** A TLS key exchange algorithm */
+struct tls_key_exchange_algorithm {
+ /** Algorithm name */
+ const char *name;
+ /**
+ * Transmit Client Key Exchange record
+ *
+ * @v tls TLS connection
+ * @ret rc Return status code
+ */
+ int ( * exchange ) ( struct tls_connection *tls );
+};
+
/** A TLS cipher suite */
struct tls_cipher_suite {
+ /** Key exchange algorithm */
+ struct tls_key_exchange_algorithm *exchange;
/** Public-key encryption algorithm */
struct pubkey_algorithm *pubkey;
/** Bulk encryption cipher algorithm */
/** RX I/O buffer alignment */
#define TLS_RX_ALIGN 16
+extern struct tls_key_exchange_algorithm tls_pubkey_exchange_algorithm;
+
extern int add_tls ( struct interface *xfer, const char *name,
struct x509_root *root, struct private_key *key );
/** Null cipher suite */
struct tls_cipher_suite tls_cipher_suite_null = {
+ .exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &pubkey_null,
.cipher = &cipher_null,
.digest = &digest_null,
suite ) ) != 0 )
return rc;
- DBGC ( tls, "TLS %p selected %s-%s-%d-%s\n", tls, suite->pubkey->name,
+ DBGC ( tls, "TLS %p selected %s-%s-%s-%d-%s\n", tls,
+ suite->exchange->name, suite->pubkey->name,
suite->cipher->name, ( suite->key_len * 8 ),
suite->digest->name );
}
/**
- * Transmit Client Key Exchange record
+ * Transmit Client Key Exchange record using public key exchange
*
* @v tls TLS connection
* @ret rc Return status code
*/
-static int tls_send_client_key_exchange ( struct tls_connection *tls ) {
+static int tls_send_client_key_exchange_pubkey ( struct tls_connection *tls ) {
struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
size_t max_len = pubkey_max_len ( pubkey, cipherspec->pubkey_ctx );
( sizeof ( key_xchg ) - unused ) );
}
+/** Public key exchange algorithm */
+struct tls_key_exchange_algorithm tls_pubkey_exchange_algorithm = {
+ .name = "pubkey",
+ .exchange = tls_send_client_key_exchange_pubkey,
+};
+
+/**
+ * Transmit Client Key Exchange record
+ *
+ * @v tls TLS connection
+ * @ret rc Return status code
+ */
+static int tls_send_client_key_exchange ( struct tls_connection *tls ) {
+ struct tls_cipherspec *cipherspec = &tls->tx_cipherspec_pending;
+ struct tls_cipher_suite *suite = cipherspec->suite;
+
+ /* Transmit Client Key Exchange record via key exchange algorithm */
+ return suite->exchange->exchange ( tls );
+}
+
/**
* Transmit Certificate Verify record
*
projects / thirdparty / ipxe.git / commitdiff
