Merge branch 'master' into openslxopenslx

1 files changed, 114 insertions, 54 deletions

diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index cf3277820..b4a92a044 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -8,6 +8,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdint.h>
 #include <ipxe/refcnt.h>
@@ -96,10 +97,16 @@ struct tls_header {
 #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009d
 #define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009e
 #define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x009f
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xc009
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xc00a
 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xc013
 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xc014
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xc023
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xc024
 #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xc027
 #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xc028
+#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xc02b
+#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xc02c
 #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xc02f
 #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xc030
 
@@ -113,6 +120,7 @@ struct tls_header {
 
 /* TLS signature algorithm identifiers */
 #define TLS_RSA_ALGORITHM 1
+#define TLS_ECDSA_ALGORITHM 3
 
 /* TLS server name extension */
 #define TLS_SERVER_NAME 0
@@ -127,11 +135,16 @@ struct tls_header {
 
 /* TLS named curve extension */
 #define TLS_NAMED_CURVE 10
+#define TLS_NAMED_CURVE_SECP256R1 23
+#define TLS_NAMED_CURVE_SECP384R1 24
 #define TLS_NAMED_CURVE_X25519 29
 
 /* TLS signature algorithms extension */
 #define TLS_SIGNATURE_ALGORITHMS 13
 
+/* TLS extended master secret extension */
+#define TLS_EXTENDED_MASTER_SECRET 23
+
 /* TLS session ticket extension */
 #define TLS_SESSION_TICKET 35
 
@@ -218,12 +231,19 @@ struct tls_cipher_suite {
 /** TLS named curved type */
 #define TLS_NAMED_CURVE_TYPE 3
 
+/** TLS uncompressed curve point format */
+#define TLS_POINT_FORMAT_UNCOMPRESSED 4
+
 /** A TLS named curve */
 struct tls_named_curve {
 	/** Elliptic curve */
 	struct elliptic_curve *curve;
 	/** Numeric code (in network-endian order) */
 	uint16_t code;
+	/** Curve point format byte (if any) */
+	uint8_t format;
+	/** Pre-master secret length */
+	uint8_t pre_master_secret_len;
 };
 
 /** TLS named curve table */
@@ -240,8 +260,6 @@ struct tls_cipherspec {
 	struct tls_cipher_suite *suite;
 	/** Dynamically-allocated storage */
 	void *dynamic;
-	/** Public key encryption context */
-	void *pubkey_ctx;
 	/** Bulk encryption cipher context */
 	void *cipher_ctx;
 	/** MAC secret */
@@ -250,6 +268,14 @@ struct tls_cipherspec {
 	void *fixed_iv;
 };
 
+/** A TLS cipher specification pair */
+struct tls_cipherspec_pair {
+	/** Current cipher specification */
+	struct tls_cipherspec active;
+	/** Next cipher specification */
+	struct tls_cipherspec pending;
+};
+
 /** A TLS signature and hash algorithm identifier */
 struct tls_signature_hash_id {
 	/** Hash algorithm */
@@ -335,11 +361,77 @@ struct tls_session {
 	size_t ticket_len;
 	/** Master secret */
 	uint8_t master_secret[48];
+	/** Extended master secret flag */
+	int extended_master_secret;
 
 	/** List of connections */
 	struct list_head conn;
 };
 
+/** TLS transmit state */
+struct tls_tx {
+	/** Cipher specifications */
+	struct tls_cipherspec_pair cipherspec;
+	/** Sequence number */
+	uint64_t seq;
+	/** Pending transmissions */
+	unsigned int pending;
+	/** Transmit process */
+	struct process process;
+};
+
+/** TLS receive state */
+struct tls_rx {
+	/** Cipher specifications */
+	struct tls_cipherspec_pair cipherspec;
+	/** Sequence number */
+	uint64_t seq;
+	/** State machine current state */
+	enum tls_rx_state state;
+	/** Current received record header */
+	struct tls_header header;
+	/** Current received record header (static I/O buffer) */
+	struct io_buffer iobuf;
+	/** List of received data buffers */
+	struct list_head data;
+	/** Received handshake fragment */
+	struct io_buffer *handshake;
+};
+
+/** TLS client state */
+struct tls_client {
+	/** Random bytes */
+	struct tls_client_random random;
+	/** Private key (if used) */
+	struct private_key *key;
+	/** Certificate chain (if used) */
+	struct x509_chain *chain;
+	/** Security negotiation pending operation */
+	struct pending_operation negotiation;
+};
+
+/** TLS server state */
+struct tls_server {
+	/** Random bytes */
+	uint8_t random[32];
+	/** Server Key Exchange record (if any) */
+	void *exchange;
+	/** Server Key Exchange record length */
+	size_t exchange_len;
+	/** Root of trust */
+	struct x509_root *root;
+	/** Certificate chain */
+	struct x509_chain *chain;
+	/** Public key (within server certificate) */
+	struct asn1_cursor key;
+	/** Certificate validator */
+	struct interface validator;
+	/** Certificate validation pending operation */
+	struct pending_operation validation;
+	/** Security negotiation pending operation */
+	struct pending_operation negotiation;
+};
+
 /** A TLS connection */
 struct tls_connection {
 	/** Reference counter */
@@ -365,71 +457,39 @@ struct tls_connection {
 
 	/** Protocol version */
 	uint16_t version;
-	/** Current TX cipher specification */
-	struct tls_cipherspec tx_cipherspec;
-	/** Next TX cipher specification */
-	struct tls_cipherspec tx_cipherspec_pending;
-	/** Current RX cipher specification */
-	struct tls_cipherspec rx_cipherspec;
-	/** Next RX cipher specification */
-	struct tls_cipherspec rx_cipherspec_pending;
 	/** Master secret */
 	uint8_t master_secret[48];
-	/** Server random bytes */
-	uint8_t server_random[32];
-	/** Client random bytes */
-	struct tls_client_random client_random;
-	/** Server Key Exchange record (if any) */
-	void *server_key;
-	/** Server Key Exchange record length */
-	size_t server_key_len;
 	/** Digest algorithm used for handshake verification */
 	struct digest_algorithm *handshake_digest;
 	/** Digest algorithm context used for handshake verification */
 	uint8_t *handshake_ctx;
-	/** Private key */
-	struct private_key *key;
-	/** Client certificate chain (if used) */
-	struct x509_chain *certs;
 	/** Secure renegotiation flag */
 	int secure_renegotiation;
+	/** Extended master secret flag */
+	int extended_master_secret;
 	/** Verification data */
 	struct tls_verify_data verify;
 
-	/** Root of trust */
-	struct x509_root *root;
-	/** Server certificate chain */
-	struct x509_chain *chain;
-	/** Certificate validator */
-	struct interface validator;
-
-	/** Client security negotiation pending operation */
-	struct pending_operation client_negotiation;
-	/** Server security negotiation pending operation */
-	struct pending_operation server_negotiation;
-	/** Certificate validation pending operation */
-	struct pending_operation validation;
+	/** Transmit state */
+	struct tls_tx tx;
+	/** Receive state */
+	struct tls_rx rx;
+	/** Client state */
+	struct tls_client client;
+	/** Server state */
+	struct tls_server server;
+};
 
-	/** TX sequence number */
-	uint64_t tx_seq;
-	/** TX pending transmissions */
-	unsigned int tx_pending;
-	/** TX process */
-	struct process process;
+/** Advertised maximum fragment length */
+#define TLS_MAX_FRAGMENT_LENGTH_VALUE TLS_MAX_FRAGMENT_LENGTH_4096
 
-	/** RX sequence number */
-	uint64_t rx_seq;
-	/** RX state */
-	enum tls_rx_state rx_state;
-	/** Current received record header */
-	struct tls_header rx_header;
-	/** Current received record header (static I/O buffer) */
-	struct io_buffer rx_header_iobuf;
-	/** List of received data buffers */
-	struct list_head rx_data;
-	/** Received handshake fragment */
-	struct io_buffer *rx_handshake;
-};
+/** TX maximum fragment length
+ *
+ * TLS requires us to limit our transmitted records to the maximum
+ * fragment length that we attempt to negotiate, even if the server
+ * does not respect this choice.
+ */
+#define TLS_TX_BUFSIZE 4096
 
 /** RX I/O buffer size
  *