RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 02:37:35 +00:00
Code Issues Activity Actions

LibTLS: Rename HandshakeExtension to ExtensionType

Browse source 
This matches the wording used in the TLS RFC
This commit is contained in:
stelar7 2023-04-14 00:07:17 +02:00 committed by Sam Atkins
parent c30ee1b89b
commit 9110f26c79
4 changed files with 75 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

66
Userland/Libraries/LibTLS/Extensions.h
View file

@ -93,6 +93,72 @@ enum class HandshakeType : u8 {
__ENUM_HANDSHAKE_TYPES __ENUM_HANDSHAKE_TYPES
}; };
// https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-1
#define __ENUM_EXTENSION_TYPES \
_ENUM_KEY_VALUE(SERVER_NAME, 0) \
_ENUM_KEY_VALUE(MAX_FRAGMENT_LENGTH, 1) \
_ENUM_KEY_VALUE(CLIENT_CERTIFICATE_URL, 2) \
_ENUM_KEY_VALUE(TRUSTED_CA_KEYS, 3) \
_ENUM_KEY_VALUE(TRUNCATED_HMAC, 4) \
_ENUM_KEY_VALUE(STATUS_REQUEST, 5) \
_ENUM_KEY_VALUE(USER_MAPPING, 6) \
_ENUM_KEY_VALUE(CLIENT_AUTHZ, 7) \
_ENUM_KEY_VALUE(SERVER_AUTHZ, 8) \
_ENUM_KEY_VALUE(CERT_TYPE, 9) \
_ENUM_KEY_VALUE(SUPPORTED_GROUPS, 10) \
_ENUM_KEY_VALUE(EC_POINT_FORMATS, 11) \
_ENUM_KEY_VALUE(SRP, 12) \
_ENUM_KEY_VALUE(SIGNATURE_ALGORITHMS, 13) \
_ENUM_KEY_VALUE(USE_SRTP, 14) \
_ENUM_KEY_VALUE(HEARTBEAT, 15) \
_ENUM_KEY_VALUE(APPLICATION_LAYER_PROTOCOL_NEGOTIATION, 16) \
_ENUM_KEY_VALUE(STATUS_REQUEST_V2, 17) \
_ENUM_KEY_VALUE(SIGNED_CERTIFICATE_TIMESTAMP, 18) \
_ENUM_KEY_VALUE(CLIENT_CERTIFICATE_TYPE, 19) \
_ENUM_KEY_VALUE(SERVER_CERTIFICATE_TYPE, 20) \
_ENUM_KEY_VALUE(PADDING, 21) \
_ENUM_KEY_VALUE(ENCRYPT_THEN_MAC, 22) \
_ENUM_KEY_VALUE(EXTENDED_MASTER_SECRET, 23) \
_ENUM_KEY_VALUE(TOKEN_BINDING, 24) \
_ENUM_KEY_VALUE(CACHED_INFO, 25) \
_ENUM_KEY_VALUE(TLS_LTS, 26) \
_ENUM_KEY_VALUE(COMPRESS_CERTIFICATE, 27) \
_ENUM_KEY_VALUE(RECORD_SIZE_LIMIT, 28) \
_ENUM_KEY_VALUE(PWD_PROTECT, 29) \
_ENUM_KEY_VALUE(PWD_CLEAR, 30) \
_ENUM_KEY_VALUE(PASSWORD_SALT, 31) \
_ENUM_KEY_VALUE(TICKET_PINNING, 32) \
_ENUM_KEY_VALUE(TLS_CERT_WITH_EXTERN_PSK, 33) \
_ENUM_KEY_VALUE(DELEGATED_CREDENTIALS, 34) \
_ENUM_KEY_VALUE(SESSION_TICKET, 35) \
_ENUM_KEY_VALUE(TLMSP, 36) \
_ENUM_KEY_VALUE(TLMSP_PROXYING, 37) \
_ENUM_KEY_VALUE(TLMSP_DELEGATE, 38) \
_ENUM_KEY_VALUE(SUPPORTED_EKT_CIPHERS, 39) \
_ENUM_KEY_VALUE(PRE_SHARED_KEY, 41) \
_ENUM_KEY_VALUE(EARLY_DATA, 42) \
_ENUM_KEY_VALUE(SUPPORTED_VERSIONS, 43) \
_ENUM_KEY_VALUE(COOKIE, 44) \
_ENUM_KEY_VALUE(PSK_KEY_EXCHANGE_MODES, 45) \
_ENUM_KEY_VALUE(CERTIFICATE_AUTHORITIES, 47) \
_ENUM_KEY_VALUE(OID_FILTERS, 48) \
_ENUM_KEY_VALUE(POST_HANDSHAKE_AUTH, 49) \
_ENUM_KEY_VALUE(SIGNATURE_ALGORITHMS_CERT, 50) \
_ENUM_KEY_VALUE(KEY_SHARE, 51) \
_ENUM_KEY_VALUE(TRANSPARENCY_INFO, 52) \
_ENUM_KEY_VALUE(CONNECTION_ID_DEPRECATED, 53) \
_ENUM_KEY_VALUE(CONNECTION_ID, 54) \
_ENUM_KEY_VALUE(EXTERNAL_ID_HASH, 55) \
_ENUM_KEY_VALUE(EXTERNAL_SESSION_ID, 56) \
_ENUM_KEY_VALUE(QUIC_TRANSPORT_PARAMETERS, 57) \
_ENUM_KEY_VALUE(TICKET_REQUEST, 58) \
_ENUM_KEY_VALUE(DNSSEC_CHAIN, 59) \
_ENUM_KEY_VALUE(RENEGOTIATION_INFO, 65281)
enum class ExtensionType : u16 {
__ENUM_EXTENSION_TYPES
};
#undef _ENUM_KEY #undef _ENUM_KEY
#undef _ENUM_KEY_VALUE #undef _ENUM_KEY_VALUE

8
Userland/Libraries/LibTLS/Handshake.cpp
View file

@ -90,7 +90,7 @@ ByteBuffer TLSv12::build_hello()
if (sni_length) { if (sni_length) {
// SNI extension // SNI extension
builder.append((u16)HandshakeExtension::ServerName); builder.append((u16)ExtensionType::SERVER_NAME);
// extension length // extension length
builder.append((u16)(sni_length + 5)); builder.append((u16)(sni_length + 5));
// SNI length // SNI length
@ -103,7 +103,7 @@ ByteBuffer TLSv12::build_hello()
} }
// signature_algorithms extension // signature_algorithms extension
builder.append((u16)HandshakeExtension::SignatureAlgorithms); builder.append((u16)ExtensionType::SIGNATURE_ALGORITHMS);
// Extension length // Extension length
builder.append((u16)(2 + 2 * m_context.options.supported_signature_algorithms.size())); builder.append((u16)(2 + 2 * m_context.options.supported_signature_algorithms.size()));
// Vector count // Vector count
@ -116,14 +116,14 @@ ByteBuffer TLSv12::build_hello()
if (supports_elliptic_curves) { if (supports_elliptic_curves) {
// elliptic_curves extension // elliptic_curves extension
builder.append((u16)HandshakeExtension::EllipticCurves); builder.append((u16)ExtensionType::SUPPORTED_GROUPS);
builder.append((u16)(2 + elliptic_curves_length)); builder.append((u16)(2 + elliptic_curves_length));
builder.append((u16)elliptic_curves_length); builder.append((u16)elliptic_curves_length);
for (auto& curve : m_context.options.elliptic_curves) for (auto& curve : m_context.options.elliptic_curves)
builder.append((u16)curve); builder.append((u16)curve);
// ec_point_formats extension // ec_point_formats extension
builder.append((u16)HandshakeExtension::ECPointFormats); builder.append((u16)ExtensionType::EC_POINT_FORMATS);
builder.append((u16)(1 + supported_ec_point_formats_length)); builder.append((u16)(1 + supported_ec_point_formats_length));
builder.append((u8)supported_ec_point_formats_length); builder.append((u8)supported_ec_point_formats_length);
for (auto& format : m_context.options.supported_ec_point_formats) for (auto& format : m_context.options.supported_ec_point_formats)

10
Userland/Libraries/LibTLS/HandshakeServer.cpp
View file

@ -111,7 +111,7 @@ ssize_t TLSv12::handle_server_hello(ReadonlyBytes buffer, WritePacketStage& writ
} }
while (buffer.size() - res >= 4) { while (buffer.size() - res >= 4) {
auto extension_type = (HandshakeExtension)AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(res))); auto extension_type = (ExtensionType)AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(res)));
res += 2; res += 2;
u16 extension_length = AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(res))); u16 extension_length = AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(res)));
res += 2; res += 2;
@ -121,7 +121,7 @@ ssize_t TLSv12::handle_server_hello(ReadonlyBytes buffer, WritePacketStage& writ
if (buffer.size() - res < extension_length) if (buffer.size() - res < extension_length)
return (i8)Error::NeedMoreData; return (i8)Error::NeedMoreData;
if (extension_type == HandshakeExtension::ServerName) { if (extension_type == ExtensionType::SERVER_NAME) {
// RFC6066 section 3: SNI extension_data can be empty in the server hello // RFC6066 section 3: SNI extension_data can be empty in the server hello
if (extension_length > 0) { if (extension_length > 0) {
// ServerNameList total size // ServerNameList total size
@ -149,7 +149,7 @@ ssize_t TLSv12::handle_server_hello(ReadonlyBytes buffer, WritePacketStage& writ
res += sni_name_length; res += sni_name_length;
dbgln("SNI host_name: {}", m_context.extensions.SNI); dbgln("SNI host_name: {}", m_context.extensions.SNI);
} }
} else if (extension_type == HandshakeExtension::ApplicationLayerProtocolNegotiation && m_context.alpn.size()) { } else if (extension_type == ExtensionType::APPLICATION_LAYER_PROTOCOL_NEGOTIATION && m_context.alpn.size()) {
if (buffer.size() - res > 2) { if (buffer.size() - res > 2) {
auto alpn_length = AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(res))); auto alpn_length = AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(res)));
if (alpn_length && alpn_length <= extension_length - 2) { if (alpn_length && alpn_length <= extension_length - 2) {
@ -172,12 +172,12 @@ ssize_t TLSv12::handle_server_hello(ReadonlyBytes buffer, WritePacketStage& writ
} }
} }
res += extension_length; res += extension_length;
} else if (extension_type == HandshakeExtension::SignatureAlgorithms) { } else if (extension_type == ExtensionType::SIGNATURE_ALGORITHMS) {
dbgln("supported signatures: "); dbgln("supported signatures: ");
print_buffer(buffer.slice(res, extension_length)); print_buffer(buffer.slice(res, extension_length));
res += extension_length; res += extension_length;
// FIXME: what are we supposed to do here? // FIXME: what are we supposed to do here?
} else if (extension_type == HandshakeExtension::ECPointFormats) { } else if (extension_type == ExtensionType::EC_POINT_FORMATS) {
// RFC8422 section 5.2: A server that selects an ECC cipher suite in response to a ClientHello message // RFC8422 section 5.2: A server that selects an ECC cipher suite in response to a ClientHello message
// including a Supported Point Formats Extension appends this extension (along with others) to its // including a Supported Point Formats Extension appends this extension (along with others) to its
// ServerHello message, enumerating the point formats it can parse. The Supported Point Formats Extension, // ServerHello message, enumerating the point formats it can parse. The Supported Point Formats Extension,

8
Userland/Libraries/LibTLS/TLSv12.h
View file

@ -113,14 +113,6 @@ enum class Error : i8 {
OutOfMemory = -23, OutOfMemory = -23,
}; };
enum class HandshakeExtension : u16 {
ServerName = 0x00,
EllipticCurves = 0x0a,
ECPointFormats = 0x0b,
SignatureAlgorithms = 0x0d,
ApplicationLayerProtocolNegotiation = 0x10,
};
enum class NameType : u8 { enum class NameType : u8 {
HostName = 0x00, HostName = 0x00,
}; };