diff options
Diffstat (limited to 'Userland')
-rw-r--r-- | Userland/Libraries/LibTLS/Extensions.h | 31 | ||||
-rw-r--r-- | Userland/Libraries/LibTLS/Handshake.cpp | 32 | ||||
-rw-r--r-- | Userland/Libraries/LibTLS/HandshakeClient.cpp | 4 | ||||
-rw-r--r-- | Userland/Libraries/LibTLS/Record.cpp | 4 | ||||
-rw-r--r-- | Userland/Libraries/LibTLS/TLSv12.h | 14 |
5 files changed, 51 insertions, 34 deletions
diff --git a/Userland/Libraries/LibTLS/Extensions.h b/Userland/Libraries/LibTLS/Extensions.h index d73e1e98f6..918f821412 100644 --- a/Userland/Libraries/LibTLS/Extensions.h +++ b/Userland/Libraries/LibTLS/Extensions.h @@ -62,6 +62,37 @@ enum class AlertLevel : u8 { __ENUM_ALERT_LEVELS }; +// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-7 +#define __ENUM_HANDSHAKE_TYPES \ + _ENUM_KEY_VALUE(HELLO_REQUEST_RESERVED, 0) \ + _ENUM_KEY_VALUE(CLIENT_HELLO, 1) \ + _ENUM_KEY_VALUE(SERVER_HELLO, 2) \ + _ENUM_KEY_VALUE(HELLO_VERIFY_REQUEST_RESERVED, 3) \ + _ENUM_KEY_VALUE(NEW_SESSION_TICKET, 4) \ + _ENUM_KEY_VALUE(END_OF_EARLY_DATA, 5) \ + _ENUM_KEY_VALUE(HELLO_RETRY_REQUEST_RESERVED, 6) \ + _ENUM_KEY_VALUE(ENCRYPTED_EXTENSIONS, 8) \ + _ENUM_KEY_VALUE(REQUEST_CONNECTION_ID, 9) \ + _ENUM_KEY_VALUE(NEW_CONNECTION_ID, 10) \ + _ENUM_KEY_VALUE(CERTIFICATE, 11) \ + _ENUM_KEY_VALUE(SERVER_KEY_EXCHANGE_RESERVED, 12) \ + _ENUM_KEY_VALUE(CERTIFICATE_REQUEST, 13) \ + _ENUM_KEY_VALUE(SERVER_HELLO_DONE_RESERVED, 14) \ + _ENUM_KEY_VALUE(CERTIFICATE_VERIFY, 15) \ + _ENUM_KEY_VALUE(CLIENT_KEY_EXCHANGE_RESERVED, 16) \ + _ENUM_KEY_VALUE(FINISHED, 20) \ + _ENUM_KEY_VALUE(CERTIFICATE_URL_RESERVED, 21) \ + _ENUM_KEY_VALUE(CERTIFICATE_STATUS_RESERVED, 22) \ + _ENUM_KEY_VALUE(SUPPLEMENTAL_DATA_RESERVED, 23) \ + _ENUM_KEY_VALUE(KEY_UPDATE, 24) \ + _ENUM_KEY_VALUE(COMPRESSED_CERTIFICATE, 25) \ + _ENUM_KEY_VALUE(EKT_KEY, 26) \ + _ENUM_KEY_VALUE(MESSAGE_HASH, 254) + +enum class HandshakeType : u8 { + __ENUM_HANDSHAKE_TYPES +}; + #undef _ENUM_KEY #undef _ENUM_KEY_VALUE diff --git a/Userland/Libraries/LibTLS/Handshake.cpp b/Userland/Libraries/LibTLS/Handshake.cpp index 823443e4b9..93e16f9b01 100644 --- a/Userland/Libraries/LibTLS/Handshake.cpp +++ b/Userland/Libraries/LibTLS/Handshake.cpp @@ -24,7 +24,7 @@ ByteBuffer TLSv12::build_hello() auto version = (u16)m_context.options.version; PacketBuilder builder { ContentType::HANDSHAKE, packet_version }; - builder.append((u8)ClientHello); + builder.append(to_underlying(HandshakeType::CLIENT_HELLO)); // hello length (for later) u8 dummy[3] = {}; @@ -163,7 +163,7 @@ ByteBuffer TLSv12::build_change_cipher_spec() ByteBuffer TLSv12::build_handshake_finished() { PacketBuilder builder { ContentType::HANDSHAKE, m_context.options.version, 12 + 64 }; - builder.append((u8)HandshakeType::Finished); + builder.append((u8)HandshakeType::FINISHED); // RFC 5246 section 7.4.9: "In previous versions of TLS, the verify_data was always 12 octets // long. In the current version of TLS, it depends on the cipher @@ -250,7 +250,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) ssize_t payload_res = 0; if (buffer_length < 1) return (i8)Error::NeedMoreData; - auto type = buffer[0]; + auto type = static_cast<HandshakeType>(buffer[0]); auto write_packets { WritePacketStage::Initial }; size_t payload_size = buffer[1] * 0x10000 + buffer[2] * 0x100 + buffer[3] + 3; dbgln_if(TLS_DEBUG, "payload size: {} buffer length: {}", payload_size, buffer_length); @@ -258,7 +258,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) return (i8)Error::NeedMoreData; switch (type) { - case HelloRequest: + case HandshakeType::HELLO_REQUEST_RESERVED: if (m_context.handshake_messages[0] >= 1) { dbgln("unexpected hello request message"); payload_res = (i8)Error::UnexpectedMessage; @@ -274,14 +274,14 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) payload_res = (i8)Error::UnexpectedMessage; } break; - case ClientHello: + case HandshakeType::CLIENT_HELLO: // FIXME: We only support client mode right now if (m_context.is_server) { VERIFY_NOT_REACHED(); } payload_res = (i8)Error::UnexpectedMessage; break; - case ServerHello: + case HandshakeType::SERVER_HELLO: if (m_context.handshake_messages[2] >= 1) { dbgln("unexpected server hello message"); payload_res = (i8)Error::UnexpectedMessage; @@ -295,11 +295,11 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) } payload_res = handle_server_hello(buffer.slice(1, payload_size), write_packets); break; - case HelloVerifyRequest: + case HandshakeType::HELLO_VERIFY_REQUEST_RESERVED: dbgln("unsupported: DTLS"); payload_res = (i8)Error::UnexpectedMessage; break; - case CertificateMessage: + case HandshakeType::CERTIFICATE: if (m_context.handshake_messages[4] >= 1) { dbgln("unexpected certificate message"); payload_res = (i8)Error::UnexpectedMessage; @@ -317,7 +317,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) payload_res = (i8)Error::UnexpectedMessage; } break; - case ServerKeyExchange: + case HandshakeType::SERVER_KEY_EXCHANGE_RESERVED: if (m_context.handshake_messages[5] >= 1) { dbgln("unexpected server key exchange message"); payload_res = (i8)Error::UnexpectedMessage; @@ -332,7 +332,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) payload_res = handle_server_key_exchange(buffer.slice(1, payload_size)); } break; - case CertificateRequest: + case HandshakeType::CERTIFICATE_REQUEST: if (m_context.handshake_messages[6] >= 1) { dbgln("unexpected certificate request message"); payload_res = (i8)Error::UnexpectedMessage; @@ -351,7 +351,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) m_context.client_verified = VerificationNeeded; } break; - case ServerHelloDone: + case HandshakeType::SERVER_HELLO_DONE_RESERVED: if (m_context.handshake_messages[7] >= 1) { dbgln("unexpected server hello done message"); payload_res = (i8)Error::UnexpectedMessage; @@ -368,7 +368,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) write_packets = WritePacketStage::ClientHandshake; } break; - case CertificateVerify: + case HandshakeType::CERTIFICATE_VERIFY: if (m_context.handshake_messages[8] >= 1) { dbgln("unexpected certificate verify message"); payload_res = (i8)Error::UnexpectedMessage; @@ -382,7 +382,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) payload_res = (i8)Error::UnexpectedMessage; } break; - case ClientKeyExchange: + case HandshakeType::CLIENT_KEY_EXCHANGE_RESERVED: if (m_context.handshake_messages[9] >= 1) { dbgln("unexpected client key exchange message"); payload_res = (i8)Error::UnexpectedMessage; @@ -397,7 +397,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) payload_res = (i8)Error::UnexpectedMessage; } break; - case Finished: + case HandshakeType::FINISHED: m_context.cached_handshake.clear(); if (m_context.handshake_messages[10] >= 1) { dbgln("unexpected finished message"); @@ -412,11 +412,11 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer) } break; default: - dbgln("message type not understood: {}", type); + dbgln("message type not understood: {}", to_underlying(type)); return (i8)Error::NotUnderstood; } - if (type != HelloRequest) { + if (type != HandshakeType::HELLO_REQUEST_RESERVED) { update_hash(buffer.slice(0, payload_size + 1), 0); } diff --git a/Userland/Libraries/LibTLS/HandshakeClient.cpp b/Userland/Libraries/LibTLS/HandshakeClient.cpp index 3e60705de3..892c4ba1a2 100644 --- a/Userland/Libraries/LibTLS/HandshakeClient.cpp +++ b/Userland/Libraries/LibTLS/HandshakeClient.cpp @@ -338,7 +338,7 @@ ByteBuffer TLSv12::build_certificate() } } - builder.append((u8)HandshakeType::CertificateMessage); + builder.append((u8)HandshakeType::CERTIFICATE); if (!total_certificate_size) { dbgln_if(TLS_DEBUG, "No certificates, sending empty certificate message"); @@ -370,7 +370,7 @@ ByteBuffer TLSv12::build_client_key_exchange() } PacketBuilder builder { ContentType::HANDSHAKE, m_context.options.version }; - builder.append((u8)HandshakeType::ClientKeyExchange); + builder.append((u8)HandshakeType::CLIENT_KEY_EXCHANGE_RESERVED); switch (get_key_exchange_algorithm(m_context.cipher)) { case KeyExchangeAlgorithm::RSA: diff --git a/Userland/Libraries/LibTLS/Record.cpp b/Userland/Libraries/LibTLS/Record.cpp index 29fb54a8d3..8dbe3ae028 100644 --- a/Userland/Libraries/LibTLS/Record.cpp +++ b/Userland/Libraries/LibTLS/Record.cpp @@ -71,8 +71,8 @@ void TLSv12::update_packet(ByteBuffer& packet) if (packet[0] != (u8)ContentType::CHANGE_CIPHER_SPEC) { if (packet[0] == (u8)ContentType::HANDSHAKE && packet.size() > header_size) { - u8 handshake_type = packet[header_size]; - if (handshake_type != HandshakeType::HelloRequest && handshake_type != HandshakeType::HelloVerifyRequest) { + auto handshake_type = static_cast<HandshakeType>(packet[header_size]); + if (handshake_type != HandshakeType::HELLO_REQUEST_RESERVED && handshake_type != HandshakeType::HELLO_VERIFY_REQUEST_RESERVED) { update_hash(packet.bytes(), header_size); } } diff --git a/Userland/Libraries/LibTLS/TLSv12.h b/Userland/Libraries/LibTLS/TLSv12.h index afb214e6f0..a0ad64d4d6 100644 --- a/Userland/Libraries/LibTLS/TLSv12.h +++ b/Userland/Libraries/LibTLS/TLSv12.h @@ -113,20 +113,6 @@ enum class Error : i8 { OutOfMemory = -23, }; -enum HandshakeType { - HelloRequest = 0x00, - ClientHello = 0x01, - ServerHello = 0x02, - HelloVerifyRequest = 0x03, - CertificateMessage = 0x0b, - ServerKeyExchange = 0x0c, - CertificateRequest = 0x0d, - ServerHelloDone = 0x0e, - CertificateVerify = 0x0f, - ClientKeyExchange = 0x10, - Finished = 0x14 -}; - enum class HandshakeExtension : u16 { ServerName = 0x00, EllipticCurves = 0x0a, |