RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 20:07:35 +00:00
Code Issues Activity Actions

LibTLS: Use RSA key exchange based on the cipher

Browse source 
After this, we aren't hardcoding RSA in everything we do anymore!
This commit is contained in:
DexesTTP 2021-05-19 00:12:09 +02:00 committed by Andreas Kling
parent 9bb823a6ab
commit 68f6796e72
3 changed files with 60 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

29
Userland/Libraries/LibTLS/HandshakeClient.cpp
View file

@ -109,7 +109,7 @@ bool TLSv12::expand_key()
return true;
}
bool TLSv12::compute_master_secret(size_t length)
bool TLSv12::compute_master_secret_from_pre_master_secret(size_t length)
{
if (m_context.premaster_key.size() == 0 || length < 48) {
dbgln("there's no way I can make a master secret like this");
@ -168,7 +168,7 @@ Optional<size_t> TLSv12::verify_chain_and_get_matching_certificate(const StringV
return {};
}
void TLSv12::build_random(PacketBuilder& builder)
void TLSv12::build_rsa_pre_master_secret(PacketBuilder& builder)
{
u8 random_bytes[48];
size_t bytes = 48;
@ -215,7 +215,7 @@ void TLSv12::build_random(PacketBuilder& builder)
print_buffer(outbuf);
}
if (!compute_master_secret(bytes)) {
if (!compute_master_secret_from_pre_master_secret(bytes)) {
dbgln("oh noes we could not derive a master key :(");
return;
}
@ -282,7 +282,28 @@ ByteBuffer TLSv12::build_client_key_exchange()
{
PacketBuilder builder { MessageType::Handshake, m_context.options.version };
builder.append((u8)HandshakeType::ClientKeyExchange);
build_random(builder);
switch (get_signature_algorithm(m_context.cipher)) {
case SignatureAlgorithm::Anonymous:
dbgln("Client key exchange for Anonymous signature is not implemented");
TODO();
break;
case SignatureAlgorithm::RSA:
build_rsa_pre_master_secret(builder);
break;
case SignatureAlgorithm::DSA:
dbgln("Client key exchange for DSA signature is not implemented");
TODO();
break;
case SignatureAlgorithm::ECDSA:
dbgln("Client key exchange for ECDSA signature is not implemented");
TODO();
break;
default:
dbgln("Unknonwn client key exchange signature algorithm");
VERIFY_NOT_REACHED();
break;
}
m_context.connection_status = ConnectionStatus::KeyExchange;