Skip to content

Commit

Permalink
[tls] Report supported signature algorithms in ClientHello
Browse files Browse the repository at this point in the history 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
  • Loading branch information
@mcb30
mcb30 committed Aug 2, 2015
1 parent 1ac7434 commit fc7885e
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/include/ipxe/tls.h
View file
Expand Up @@ -101,6 +101,9 @@ struct tls_header {
#define TLS_MAX_FRAGMENT_LENGTH_2048 3
#define TLS_MAX_FRAGMENT_LENGTH_4096 4

/* TLS signature algorithms extension */
#define TLS_SIGNATURE_ALGORITHMS 13

/** TLS RX state machine state */
enum tls_rx_state {
TLS_RX_HEADER = 0,
Expand Down
25 changes: 25 additions & 0 deletions src/net/tls.c
View file
Expand Up @@ -854,6 +854,14 @@ static int tls_change_cipher ( struct tls_session *tls,
* MD5+SHA1 is never explicitly specified.
*/
struct tls_signature_hash_algorithm tls_signature_hash_algorithms[] = {
{
.code = {
.signature = TLS_RSA_ALGORITHM,
.hash = TLS_SHA1_ALGORITHM,
},
.pubkey = &rsa_algorithm,
.digest = &sha1_algorithm,
},
{
.code = {
.signature = TLS_RSA_ALGORITHM,
Expand Down Expand Up @@ -1001,6 +1009,13 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
struct {
uint8_t max;
} __attribute__ (( packed )) max_fragment_length;
uint16_t signature_algorithms_type;
uint16_t signature_algorithms_len;
struct {
uint16_t len;
struct tls_signature_hash_id
code[TLS_NUM_SIG_HASH_ALGORITHMS];
} __attribute__ (( packed )) signature_algorithms;
} __attribute__ (( packed )) extensions;
} __attribute__ (( packed )) hello;
unsigned int i;
Expand Down Expand Up @@ -1032,6 +1047,16 @@ static int tls_send_client_hello ( struct tls_session *tls ) {
= htons ( sizeof ( hello.extensions.max_fragment_length ) );
hello.extensions.max_fragment_length.max
= TLS_MAX_FRAGMENT_LENGTH_4096;
hello.extensions.signature_algorithms_type
= htons ( TLS_SIGNATURE_ALGORITHMS );
hello.extensions.signature_algorithms_len
= htons ( sizeof ( hello.extensions.signature_algorithms ) );
hello.extensions.signature_algorithms.len
= htons ( sizeof ( hello.extensions.signature_algorithms.code));
for ( i = 0 ; i < TLS_NUM_SIG_HASH_ALGORITHMS ; i++ ) {
hello.extensions.signature_algorithms.code[i]
= tls_signature_hash_algorithms[i].code;
}

return tls_send_handshake ( tls, &hello, sizeof ( hello ) );
}
Expand Down

0 comments on commit fc7885e

Please sign in to comment.