1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 16:37:35 +00:00

LibTLS: Generate cipher variants based on the cipher

This is better than using the AEAD flag :^)
This commit is contained in:
DexesTTP 2021-05-18 23:26:23 +02:00 committed by Andreas Kling
parent 2e9a4bb95c
commit 9bb823a6ab
3 changed files with 42 additions and 8 deletions

View file

@ -25,6 +25,7 @@ bool TLSv12::expand_key()
}
auto key_size = key_length();
VERIFY(key_size);
auto mac_size = mac_length();
auto iv_size = iv_length();
@ -71,18 +72,36 @@ bool TLSv12::expand_key()
}
}
if (is_aead) {
memcpy(m_context.crypto.local_aead_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_aead_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
} else {
switch (get_cipher_algorithm(m_context.cipher)) {
case CipherAlgorithm::AES_128_CBC:
case CipherAlgorithm::AES_256_CBC: {
VERIFY(!is_aead);
memcpy(m_context.crypto.local_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::CBCMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
}
case CipherAlgorithm::AES_128_GCM:
case CipherAlgorithm::AES_256_GCM: {
VERIFY(is_aead);
memcpy(m_context.crypto.local_aead_iv, client_iv, iv_size);
memcpy(m_context.crypto.remote_aead_iv, server_iv, iv_size);
m_cipher_local = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { client_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Encryption, Crypto::Cipher::PaddingMode::RFC5246);
m_cipher_remote = Crypto::Cipher::AESCipher::GCMMode(ReadonlyBytes { server_key, key_size }, key_size * 8, Crypto::Cipher::Intent::Decryption, Crypto::Cipher::PaddingMode::RFC5246);
break;
}
case CipherAlgorithm::AES_128_CCM:
dbgln("Requested unimplemented AES CCM cipher");
TODO();
case CipherAlgorithm::AES_128_CCM_8:
dbgln("Requested unimplemented AES CCM-8 block cipher");
TODO();
default:
dbgln("Requested unknown block cipher");
VERIFY_NOT_REACHED();
}
m_context.crypto.created = 1;