diff options
author | DexesTTP <dexes.ttp@gmail.com> | 2021-05-18 23:26:23 +0200 |
---|---|---|
committer | Andreas Kling <kling@serenityos.org> | 2021-05-19 09:18:45 +0200 |
commit | 9bb823a6ab13586eebf90b763f8f143e06a86bff (patch) | |
tree | b7194e7206c57aa7100ac1c5baa4248450e467a2 /Userland/Libraries/LibTLS | |
parent | 2e9a4bb95c8e2e22b56ad52e6ce5dfb62ceed1e1 (diff) | |
download | serenity-9bb823a6ab13586eebf90b763f8f143e06a86bff.zip |
LibTLS: Generate cipher variants based on the cipher
This is better than using the AEAD flag :^)
Diffstat (limited to 'Userland/Libraries/LibTLS')
-rw-r--r-- | Userland/Libraries/LibTLS/CipherSuite.h | 4 | ||||
-rw-r--r-- | Userland/Libraries/LibTLS/HandshakeClient.cpp | 33 | ||||
-rw-r--r-- | Userland/Libraries/LibTLS/TLSv12.h | 13 |
3 files changed, 42 insertions, 8 deletions
diff --git a/Userland/Libraries/LibTLS/CipherSuite.h b/Userland/Libraries/LibTLS/CipherSuite.h index 7fadbf839a..73cd67973a 100644 --- a/Userland/Libraries/LibTLS/CipherSuite.h +++ b/Userland/Libraries/LibTLS/CipherSuite.h @@ -43,6 +43,7 @@ enum class SignatureAlgorithm : u8 { }; enum class CipherAlgorithm { + Invalid, AES_128_CBC, AES_128_GCM, AES_128_CCM, @@ -62,8 +63,9 @@ constexpr size_t cipher_key_size(CipherAlgorithm algorithm) case CipherAlgorithm::AES_256_CBC: case CipherAlgorithm::AES_256_GCM: return 256; + case CipherAlgorithm::Invalid: default: - return 128; + return 0; } } diff --git a/Userland/Libraries/LibTLS/HandshakeClient.cpp b/Userland/Libraries/LibTLS/HandshakeClient.cpp index 02d1220b0f..e7a7a20fdc 100644 --- a/Userland/Libraries/LibTLS/HandshakeClient.cpp +++ b/Userland/Libraries/LibTLS/HandshakeClient.cpp @@ -25,6 +25,7 @@ bool TLSv12::expand_key() } auto key_size = key_length(); + VERIFY(key_size); auto mac_size = mac_length(); auto iv_size = iv_length(); @@ -71,18 +72,36 @@ bool TLSv12::expand_key() } } - if (is_aead) { - memcpy(m_context.crypto.local_aead_iv, client_iv, iv_size); - memcpy(m_context.crypto.remote_aead_iv, server_iv, iv_size); - - m_cipher_local = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246); - m_cipher_remote = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246); - } else { + switch (get_cipher_algorithm(m_context.cipher)) { + case CipherAlgorithm::AES_128_CBC: + case CipherAlgorithm::AES_256_CBC: { + VERIFY(!is_aead); memcpy(m_context.crypto.local_iv, client_iv, iv_size); memcpy(m_context.crypto.remote_iv, server_iv, iv_size); m_cipher_local = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246); m_cipher_remote = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246); + break; + } + case CipherAlgorithm::AES_128_GCM: + case CipherAlgorithm::AES_256_GCM: { + VERIFY(is_aead); + memcpy(m_context.crypto.local_aead_iv, client_iv, iv_size); + memcpy(m_context.crypto.remote_aead_iv, server_iv, iv_size); + + m_cipher_local = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246); + m_cipher_remote = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246); + break; + } + case CipherAlgorithm::AES_128_CCM: + dbgln("Requested unimplemented AES CCM cipher"); + TODO(); + case CipherAlgorithm::AES_128_CCM_8: + dbgln("Requested unimplemented AES CCM-8 block cipher"); + TODO(); + default: + dbgln("Requested unknown block cipher"); + VERIFY_NOT_REACHED(); } m_context.crypto.created = 1; diff --git a/Userland/Libraries/LibTLS/TLSv12.h b/Userland/Libraries/LibTLS/TLSv12.h index 3328574e82..21a517c6cd 100644 --- a/Userland/Libraries/LibTLS/TLSv12.h +++ b/Userland/Libraries/LibTLS/TLSv12.h @@ -179,6 +179,19 @@ enum ClientVerificationStaus { C(true, CipherSuite::RSA_WITH_AES_128_GCM_SHA256, SignatureAlgorithm::RSA, CipherAlgorithm::AES_128_GCM, Crypto::Hash::SHA256, 8, true) \ C(false, CipherSuite::RSA_WITH_AES_256_GCM_SHA384, SignatureAlgorithm::RSA, CipherAlgorithm::AES_256_GCM, Crypto::Hash::SHA384, 8, true) +constexpr CipherAlgorithm get_cipher_algorithm(CipherSuite suite) +{ + switch (suite) { +#define C(is_supported, suite, signature, cipher, hash, iv_size, is_aead) \ + case suite: \ + return cipher; + ENUMERATE_CIPHERS(C) +#undef C + default: + return CipherAlgorithm::Invalid; + } +} + struct Options { static Vector<CipherSuite> default_usable_cipher_suites() { |