[tls] Treat signature algorithm identifiers as opaque 16-bit values
RFC 5246 defines the signature_algorithm extension values for TLS
version 1.2 as being tuples of {HashAlgorithm, SignatureAlgorithm}
pairs. RFC 8446 redefines the signature_algorithm extension values
for TLS version 1.3 in a backwards-compatible way as opaque 16-bit
SignatureScheme values, and RFC 8447 updates RFC 5246 to allow these
values to be used with TLS version 1.2.
Redefine our concept of a signature algorithm identifier to remove the
internal structure that no longer exists.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
+12
-21
@@ -113,17 +113,16 @@ struct tls_header {
|
||||
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xc02f
|
||||
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xc030
|
||||
|
||||
/* TLS hash algorithm identifiers */
|
||||
#define TLS_MD5_ALGORITHM 1
|
||||
#define TLS_SHA1_ALGORITHM 2
|
||||
#define TLS_SHA224_ALGORITHM 3
|
||||
#define TLS_SHA256_ALGORITHM 4
|
||||
#define TLS_SHA384_ALGORITHM 5
|
||||
#define TLS_SHA512_ALGORITHM 6
|
||||
|
||||
/* TLS signature algorithm identifiers */
|
||||
#define TLS_RSA_ALGORITHM 1
|
||||
#define TLS_ECDSA_ALGORITHM 3
|
||||
/* TLS signature hash algorithm identifiers */
|
||||
#define TLS_RSA_SHA1_ALGORITHM 0x0201
|
||||
#define TLS_RSA_SHA224_ALGORITHM 0x0301
|
||||
#define TLS_ECDSA_SHA224_ALGORITHM 0x0303
|
||||
#define TLS_RSA_SHA256_ALGORITHM 0x0401
|
||||
#define TLS_ECDSA_SHA256_ALGORITHM 0x0403
|
||||
#define TLS_RSA_SHA384_ALGORITHM 0x0501
|
||||
#define TLS_ECDSA_SHA384_ALGORITHM 0x0503
|
||||
#define TLS_RSA_SHA512_ALGORITHM 0x0601
|
||||
#define TLS_ECDSA_SHA512_ALGORITHM 0x0603
|
||||
|
||||
/* TLS server name extension */
|
||||
#define TLS_SERVER_NAME 0
|
||||
@@ -279,22 +278,14 @@ struct tls_cipherspec_pair {
|
||||
struct tls_cipherspec pending;
|
||||
};
|
||||
|
||||
/** A TLS signature and hash algorithm identifier */
|
||||
struct tls_signature_hash_id {
|
||||
/** Hash algorithm */
|
||||
uint8_t hash;
|
||||
/** Signature algorithm */
|
||||
uint8_t signature;
|
||||
} __attribute__ (( packed ));
|
||||
|
||||
/** A TLS signature algorithm */
|
||||
struct tls_signature_hash_algorithm {
|
||||
/** Digest algorithm */
|
||||
struct digest_algorithm *digest;
|
||||
/** Public-key algorithm */
|
||||
struct pubkey_algorithm *pubkey;
|
||||
/** Numeric code */
|
||||
struct tls_signature_hash_id code;
|
||||
/** Numeric code (in network-endian order) */
|
||||
uint16_t code;
|
||||
};
|
||||
|
||||
/** TLS signature hash algorithm table
|
||||
|
||||
Reference in New Issue
Block a user