[tls] Add support for DHE variants of the existing cipher suites

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/mishmash/rsa_aes_cbc_sha1.c

@@ -29,8 +29,31 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/sha1.h>
 #include <ipxe/tls.h>
 
+/** TLS_DHE_RSA_WITH_AES_128_CBC_SHA cipher suite */
+struct tls_cipher_suite
+tls_dhe_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 03 ) = {
+	.code = htons ( TLS_DHE_RSA_WITH_AES_128_CBC_SHA ),
+	.key_len = ( 128 / 8 ),
+	.exchange = &tls_dhe_exchange_algorithm,
+	.pubkey = &rsa_algorithm,
+	.cipher = &aes_cbc_algorithm,
+	.digest = &sha1_algorithm,
+};
+
+/** TLS_DHE_RSA_WITH_AES_256_CBC_SHA cipher suite */
+struct tls_cipher_suite
+tls_dhe_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 04 ) = {
+	.code = htons ( TLS_DHE_RSA_WITH_AES_256_CBC_SHA ),
+	.key_len = ( 256 / 8 ),
+	.exchange = &tls_dhe_exchange_algorithm,
+	.pubkey = &rsa_algorithm,
+	.cipher = &aes_cbc_algorithm,
+	.digest = &sha1_algorithm,
+};
+
 /** TLS_RSA_WITH_AES_128_CBC_SHA cipher suite */
-struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite (03) = {
+struct tls_cipher_suite
+tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 13 ) = {
 	.code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA ),
 	.key_len = ( 128 / 8 ),
 	.exchange = &tls_pubkey_exchange_algorithm,
@@ -40,7 +63,8 @@ struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite (03) = {
 };
 
 /** TLS_RSA_WITH_AES_256_CBC_SHA cipher suite */
-struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite (04) = {
+struct tls_cipher_suite
+tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 14 ) = {
 	.code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA ),
 	.key_len = ( 256 / 8 ),
 	.exchange = &tls_pubkey_exchange_algorithm,

src/crypto/mishmash/rsa_aes_cbc_sha256.c

@@ -29,8 +29,31 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/sha256.h>
 #include <ipxe/tls.h>
 
+/** TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 cipher suite */
+struct tls_cipher_suite
+tls_dhe_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 01 ) = {
+	.code = htons ( TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ),
+	.key_len = ( 128 / 8 ),
+	.exchange = &tls_dhe_exchange_algorithm,
+	.pubkey = &rsa_algorithm,
+	.cipher = &aes_cbc_algorithm,
+	.digest = &sha256_algorithm,
+};
+
+/** TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 cipher suite */
+struct tls_cipher_suite
+tls_dhe_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 02 ) = {
+	.code = htons ( TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ),
+	.key_len = ( 256 / 8 ),
+	.exchange = &tls_dhe_exchange_algorithm,
+	.pubkey = &rsa_algorithm,
+	.cipher = &aes_cbc_algorithm,
+	.digest = &sha256_algorithm,
+};
+
 /** TLS_RSA_WITH_AES_128_CBC_SHA256 cipher suite */
-struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite(01)={
+struct tls_cipher_suite
+tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 11 ) = {
 	.code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA256 ),
 	.key_len = ( 128 / 8 ),
 	.exchange = &tls_pubkey_exchange_algorithm,
@@ -40,7 +63,8 @@ struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite(01)={
 };
 
 /** TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite */
-struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite(02)={
+struct tls_cipher_suite
+tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 12 ) = {
 	.code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA256 ),
 	.key_len = ( 256 / 8 ),
 	.exchange = &tls_pubkey_exchange_algorithm,

src/include/ipxe/tls.h

@@ -86,9 +86,13 @@ struct tls_header {
 #define TLS_RSA_WITH_NULL_MD5 0x0001
 #define TLS_RSA_WITH_NULL_SHA 0x0002
 #define TLS_RSA_WITH_AES_128_CBC_SHA 0x002f
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x0033
 #define TLS_RSA_WITH_AES_256_CBC_SHA 0x0035
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
 #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003c
 #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003d
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006b
 
 /* TLS hash algorithm identifiers */
 #define TLS_MD5_ALGORITHM 1