From b1caa48e4bb3f15e7eb749e0c3470436ebff3435 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Sun, 2 Aug 2015 16:54:24 +0100
Subject: [crypto] Support SHA-{224,384,512} in X.509 certificates

Add support for SHA-224, SHA-384, and SHA-512 as digest algorithms in
X.509 certificates, and allow the choice of public-key, cipher, and
digest algorithms to be configured at build time via config/crypto.h.

Originally-implemented-by: Tufan Karadere <tufank@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/include/ipxe/rsa.h |  1 +
 src/include/ipxe/tls.h | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

(limited to 'src/include/ipxe')

diff --git a/src/include/ipxe/rsa.h b/src/include/ipxe/rsa.h
index 5fe7ec4df..d947eec73 100644
--- a/src/include/ipxe/rsa.h
+++ b/src/include/ipxe/rsa.h
@@ -8,6 +8,7 @@
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 
+#include <stdarg.h>
 #include <ipxe/crypto.h>
 #include <ipxe/bigint.h>
 #include <ipxe/asn1.h>
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 7c5007494..7d982c326 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -20,6 +20,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/x509.h>
 #include <ipxe/pending.h>
 #include <ipxe/iobuf.h>
+#include <ipxe/tables.h>
 
 /** A TLS header */
 struct tls_header {
@@ -85,7 +86,10 @@ struct tls_header {
 /* TLS hash algorithm identifiers */
 #define TLS_MD5_ALGORITHM 1
 #define TLS_SHA1_ALGORITHM 2
+#define TLS_SHA224_ALGORITHM 3
 #define TLS_SHA256_ALGORITHM 4
+#define TLS_SHA384_ALGORITHM 5
+#define TLS_SHA512_ALGORITHM 6
 
 /* TLS signature algorithm identifiers */
 #define TLS_RSA_ALGORITHM 1
@@ -134,6 +138,14 @@ struct tls_cipher_suite {
 	uint16_t code;
 };
 
+/** TLS cipher suite table */
+#define TLS_CIPHER_SUITES						\
+	__table ( struct tls_cipher_suite, "tls_cipher_suites" )
+
+/** Declare a TLS cipher suite */
+#define __tls_cipher_suite( pref )					\
+	__table_entry ( TLS_CIPHER_SUITES, pref )
+
 /** A TLS cipher specification */
 struct tls_cipherspec {
 	/** Cipher suite */
@@ -168,6 +180,19 @@ struct tls_signature_hash_algorithm {
 	struct tls_signature_hash_id code;
 };
 
+/** TLS signature hash algorithm table
+ *
+ * Note that the default (TLSv1.1 and earlier) algorithm using
+ * MD5+SHA1 is never explicitly specified.
+ */
+#define TLS_SIG_HASH_ALGORITHMS						\
+	__table ( struct tls_signature_hash_algorithm,			\
+		  "tls_sig_hash_algorithms" )
+
+/** Declare a TLS signature hash algorithm */
+#define __tls_sig_hash_algorithm					\
+	__table_entry ( TLS_SIG_HASH_ALGORITHMS, 01 )
+
 /** TLS pre-master secret */
 struct tls_pre_master_secret {
 	/** TLS version */
-- 
cgit v1.2.3-55-g7522