diff options
| author | Samuel Bowman <sam@sambowman.tech> | 2021-08-12 16:00:30 -0400 |
|---|---|---|
| committer | Ali Mohammad Pur <Ali.mpfard@gmail.com> | 2021-08-16 03:50:53 +0430 |
| commit | 7089135a076244adaa28384e7a6d50256d6411fb (patch) | |
| tree | 067bad1ccba908d262f61091da8d706decaf3cb8 | |
| parent | b288016bbc2d24479daec82fecf44bd9bb8fce0d (diff) | |
| download | serenity-7089135a076244adaa28384e7a6d50256d6411fb.zip | |
LibTLS: Add DHE_RSA AES GCM cipher suites
This adds the following cipher suites:
* DHE_RSA_WITH_AES_128_GCM_SHA256
* DHE_RSA_WITH_AES_256_GCM_SHA384
| -rw-r--r-- | Userland/Libraries/LibTLS/CipherSuite.h | 8 | ||||
| -rw-r--r-- | Userland/Libraries/LibTLS/TLSv12.h | 16 |
2 files changed, 17 insertions, 7 deletions
diff --git a/Userland/Libraries/LibTLS/CipherSuite.h b/Userland/Libraries/LibTLS/CipherSuite.h index 1d5bf8bd48..cd7a5d7581 100644 --- a/Userland/Libraries/LibTLS/CipherSuite.h +++ b/Userland/Libraries/LibTLS/CipherSuite.h @@ -12,6 +12,7 @@ enum class CipherSuite { Invalid = 0, // Weak cipher suites, but we support them + // RFC 5246 - Original TLS v1.2 ciphers RSA_WITH_AES_128_CBC_SHA = 0x002F, RSA_WITH_AES_256_CBC_SHA = 0x0035, @@ -22,7 +23,14 @@ enum class CipherSuite { RSA_WITH_AES_128_GCM_SHA256 = 0x009C, RSA_WITH_AES_256_GCM_SHA384 = 0x009D, + // Secure cipher suites, but not recommended + + // RFC 5288 - DH, DHE and RSA for AES-GCM + DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, + DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, + // All recommended cipher suites (according to https://ciphersuite.info/cs/) + // RFC 5288 - DH, DHE and RSA for AES-GCM DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, diff --git a/Userland/Libraries/LibTLS/TLSv12.h b/Userland/Libraries/LibTLS/TLSv12.h index d44c75cf61..775f483432 100644 --- a/Userland/Libraries/LibTLS/TLSv12.h +++ b/Userland/Libraries/LibTLS/TLSv12.h @@ -164,13 +164,15 @@ enum ClientVerificationStaus { // 4 bytes of fixed IV, 8 random (nonce) bytes, 4 bytes for counter // GCM specifically asks us to transmit only the nonce, the counter is zero // and the fixed IV is derived from the premaster key. -#define ENUMERATE_CIPHERS(C) \ - C(true, CipherSuite::RSA_WITH_AES_128_CBC_SHA, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_128_CBC, Crypto::Hash::SHA1, 16, false) \ - C(true, CipherSuite::RSA_WITH_AES_256_CBC_SHA, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_256_CBC, Crypto::Hash::SHA1, 16, false) \ - C(true, CipherSuite::RSA_WITH_AES_128_CBC_SHA256, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_128_CBC, Crypto::Hash::SHA256, 16, false) \ - C(true, CipherSuite::RSA_WITH_AES_256_CBC_SHA256, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_256_CBC, Crypto::Hash::SHA256, 16, false) \ - C(true, CipherSuite::RSA_WITH_AES_128_GCM_SHA256, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_128_GCM, Crypto::Hash::SHA256, 8, true) \ - C(true, CipherSuite::RSA_WITH_AES_256_GCM_SHA384, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_256_GCM, Crypto::Hash::SHA384, 8, true) +#define ENUMERATE_CIPHERS(C) \ + C(true, CipherSuite::RSA_WITH_AES_128_CBC_SHA, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_128_CBC, Crypto::Hash::SHA1, 16, false) \ + C(true, CipherSuite::RSA_WITH_AES_256_CBC_SHA, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_256_CBC, Crypto::Hash::SHA1, 16, false) \ + C(true, CipherSuite::RSA_WITH_AES_128_CBC_SHA256, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_128_CBC, Crypto::Hash::SHA256, 16, false) \ + C(true, CipherSuite::RSA_WITH_AES_256_CBC_SHA256, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_256_CBC, Crypto::Hash::SHA256, 16, false) \ + C(true, CipherSuite::RSA_WITH_AES_128_GCM_SHA256, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_128_GCM, Crypto::Hash::SHA256, 8, true) \ + C(true, CipherSuite::RSA_WITH_AES_256_GCM_SHA384, KeyExchangeAlgorithm::RSA, CipherAlgorithm::AES_256_GCM, Crypto::Hash::SHA384, 8, true) \ + C(true, CipherSuite::DHE_RSA_WITH_AES_128_GCM_SHA256, KeyExchangeAlgorithm::DHE_RSA, CipherAlgorithm::AES_128_GCM, Crypto::Hash::SHA256, 8, true) \ + C(true, CipherSuite::DHE_RSA_WITH_AES_256_GCM_SHA384, KeyExchangeAlgorithm::DHE_RSA, CipherAlgorithm::AES_256_GCM, Crypto::Hash::SHA384, 8, true) constexpr KeyExchangeAlgorithm get_key_exchange_algorithm(CipherSuite suite) { |