RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 14:37:46 +00:00
Code Issues Activity Actions

LibTLS: Rename NamedCurve to SupportedGroup

Browse source 
This matches the wording used in the IANA registry and TLS 1.3
Also add missing values from the IANA registry
This commit is contained in:
stelar7 2023-04-14 00:16:18 +02:00 committed by Sam Atkins
parent 6df3ffaf45
commit a4855aef17
5 changed files with 87 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Userland/Libraries/LibTLS/Certificate.cpp
View file

@ -11,7 +11,7 @@
#include <LibCrypto/ASN1/ASN1.h>
#include <LibCrypto/ASN1/DER.h>
#include <LibCrypto/ASN1/PEM.h>
#include <LibTLS/CipherSuite.h>
#include <LibTLS/Extensions.h>
namespace TLS {
@ -112,12 +112,12 @@ constexpr static Array<int, 4>
} \
} while (0)
static ErrorOr<NamedCurve> oid_to_curve(Vector<int> curve)
static ErrorOr<SupportedGroup> oid_to_curve(Vector<int> curve)
{
if (curve == curve_ansip384r1)
return NamedCurve::secp384r1;
return SupportedGroup::SECP384R1;
else if (curve == curve_prime256)
return NamedCurve::secp256r1;
return SupportedGroup::SECP256R1;
return Error::from_string_view(TRY(String::formatted("Unknown curve oid {}", curve)));
}
@ -175,7 +175,7 @@ static ErrorOr<Crypto::UnsignedBigInteger> parse_serial_number(Crypto::ASN1::Dec
return serial;
}
static ErrorOr<NamedCurve> parse_ec_parameters(Crypto::ASN1::Decoder& decoder, Vector<StringView> current_scope)
static ErrorOr<SupportedGroup> parse_ec_parameters(Crypto::ASN1::Decoder& decoder, Vector<StringView> current_scope)
{
// ECParameters ::= CHOICE {
// namedCurve OBJECT IDENTIFIER
@ -314,9 +314,9 @@ static ErrorOr<CertificateKeyAlgorithm> parse_algorithm_identifier(Crypto::ASN1:
auto ec_parameters = TRY(parse_ec_parameters(decoder, current_scope));
EXIT_SCOPE();
if (ec_parameters == NamedCurve::secp256r1)
if (ec_parameters == SupportedGroup::SECP256R1)
return CertificateKeyAlgorithm::ECDSA_SECP256R1;
else if (ec_parameters == NamedCurve::secp384r1)
else if (ec_parameters == SupportedGroup::SECP384R1)
return CertificateKeyAlgorithm::ECDSA_SECP384R1;
}

8
Userland/Libraries/LibTLS/CipherSuite.h
View file

@ -189,14 +189,6 @@ constexpr size_t cipher_key_size(CipherAlgorithm algorithm)
}
}
enum class NamedCurve : u16 {
secp256r1 = 23,
secp384r1 = 24,
secp521r1 = 25,
x25519 = 29,
x448 = 30,
};
enum class ECPointFormat : u8 {
Uncompressed = 0,
};

71
Userland/Libraries/LibTLS/Extensions.h
View file

@ -176,6 +176,77 @@ enum class ECCurveType : u8 {
__ENUM_EC_CURVE_TYPES
};
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
#define __ENUM_SUPPORTED_GROUPS \
_ENUM_KEY_VALUE(SECT163K1, 0x0001) \
_ENUM_KEY_VALUE(SECT163R1, 0x0002) \
_ENUM_KEY_VALUE(SECT163R2, 0x0003) \
_ENUM_KEY_VALUE(SECT193R1, 0x0004) \
_ENUM_KEY_VALUE(SECT193R2, 0x0005) \
_ENUM_KEY_VALUE(SECT233K1, 0x0006) \
_ENUM_KEY_VALUE(SECT233R1, 0x0007) \
_ENUM_KEY_VALUE(SECT239K1, 0x0008) \
_ENUM_KEY_VALUE(SECT283K1, 0x0009) \
_ENUM_KEY_VALUE(SECT283R1, 0x000a) \
_ENUM_KEY_VALUE(SECT409K1, 0x000b) \
_ENUM_KEY_VALUE(SECT409R1, 0x000c) \
_ENUM_KEY_VALUE(SECT571K1, 0x000d) \
_ENUM_KEY_VALUE(SECT571R1, 0x000e) \
_ENUM_KEY_VALUE(SECP160K1, 0x000f) \
_ENUM_KEY_VALUE(SECP160R1, 0x0010) \
_ENUM_KEY_VALUE(SECP160R2, 0x0011) \
_ENUM_KEY_VALUE(SECP192K1, 0x0012) \
_ENUM_KEY_VALUE(SECP192R1, 0x0013) \
_ENUM_KEY_VALUE(SECP224K1, 0x0014) \
_ENUM_KEY_VALUE(SECP224R1, 0x0015) \
_ENUM_KEY_VALUE(SECP256K1, 0x0016) \
_ENUM_KEY_VALUE(SECP256R1, 0x0017) \
_ENUM_KEY_VALUE(SECP384R1, 0x0018) \
_ENUM_KEY_VALUE(SECP521R1, 0x0019) \
_ENUM_KEY_VALUE(BRAINPOOLP256R1, 0x001a) \
_ENUM_KEY_VALUE(BRAINPOOLP384R1, 0x001b) \
_ENUM_KEY_VALUE(BRAINPOOLP512R1, 0x001c) \
_ENUM_KEY_VALUE(X25519, 0x001d) \
_ENUM_KEY_VALUE(X448, 0x001e) \
_ENUM_KEY_VALUE(BRAINPOOLP256R1TLS13, 0x001f) \
_ENUM_KEY_VALUE(BRAINPOOLP384R1TLS13, 0x0020) \
_ENUM_KEY_VALUE(BRAINPOOLP512R1TLS13, 0x0021) \
_ENUM_KEY_VALUE(GC256A, 0x0022) \
_ENUM_KEY_VALUE(GC256B, 0x0023) \
_ENUM_KEY_VALUE(GC256C, 0x0024) \
_ENUM_KEY_VALUE(GC256D, 0x0025) \
_ENUM_KEY_VALUE(GC512A, 0x0026) \
_ENUM_KEY_VALUE(GC512B, 0x0027) \
_ENUM_KEY_VALUE(GC512C, 0x0028) \
_ENUM_KEY_VALUE(CURVESM2, 0x0029) \
_ENUM_KEY_VALUE(FFDHE2048, 0x0100) \
_ENUM_KEY_VALUE(FFDHE3072, 0x0101) \
_ENUM_KEY_VALUE(FFDHE4096, 0x0102) \
_ENUM_KEY_VALUE(FFDHE6144, 0x0103) \
_ENUM_KEY_VALUE(FFDHE8192, 0x0104) \
_ENUM_KEY_VALUE(ARBITRARY_EXPLICIT_PRIME_CURVES, 0xff01) \
_ENUM_KEY_VALUE(ARBITRARY_EXPLICIT_CHAR2_CURVES, 0xff02) \
_ENUM_KEY_VALUE(GREASE_0, 0x0A0A) \
_ENUM_KEY_VALUE(GREASE_1, 0x1A1A) \
_ENUM_KEY_VALUE(GREASE_2, 0x2A2A) \
_ENUM_KEY_VALUE(GREASE_3, 0x3A3A) \
_ENUM_KEY_VALUE(GREASE_4, 0x4A4A) \
_ENUM_KEY_VALUE(GREASE_5, 0x5A5A) \
_ENUM_KEY_VALUE(GREASE_6, 0x6A6A) \
_ENUM_KEY_VALUE(GREASE_7, 0x7A7A) \
_ENUM_KEY_VALUE(GREASE_8, 0x8A8A) \
_ENUM_KEY_VALUE(GREASE_9, 0x9A9A) \
_ENUM_KEY_VALUE(GREASE_A, 0xAAAA) \
_ENUM_KEY_VALUE(GREASE_B, 0xBABA) \
_ENUM_KEY_VALUE(GREASE_C, 0xCACA) \
_ENUM_KEY_VALUE(GREASE_D, 0xDADA) \
_ENUM_KEY_VALUE(GREASE_E, 0xEAEA) \
_ENUM_KEY_VALUE(GREASE_F, 0xFAFA)
enum class SupportedGroup : u16 {
__ENUM_SUPPORTED_GROUPS
};
#undef _ENUM_KEY
#undef _ENUM_KEY_VALUE

10
Userland/Libraries/LibTLS/HandshakeServer.cpp
View file

@ -301,18 +301,18 @@ ssize_t TLSv12::handle_ecdhe_rsa_server_key_exchange(ReadonlyBytes buffer)
if (curve_type != (u8)ECCurveType::NAMED_CURVE)
return (i8)Error::NotUnderstood;
auto curve = static_cast<NamedCurve>(AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(4))));
auto curve = static_cast<SupportedGroup>(AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(4))));
if (!m_context.options.elliptic_curves.contains_slow(curve))
return (i8)Error::NotUnderstood;
switch ((NamedCurve)curve) {
case NamedCurve::x25519:
switch ((SupportedGroup)curve) {
case SupportedGroup::X25519:
m_context.server_key_exchange_curve = make<Crypto::Curves::X25519>();
break;
case NamedCurve::x448:
case SupportedGroup::X448:
m_context.server_key_exchange_curve = make<Crypto::Curves::X448>();
break;
case NamedCurve::secp256r1:
case SupportedGroup::SECP256R1:
m_context.server_key_exchange_curve = make<Crypto::Curves::SECP256r1>();
break;
default:

8
Userland/Libraries/LibTLS/TLSv12.h
View file

@ -211,10 +211,10 @@ struct Options {
{ HashAlgorithm::SHA384, SignatureAlgorithm::RSA },
{ HashAlgorithm::SHA256, SignatureAlgorithm::RSA },
{ HashAlgorithm::SHA1, SignatureAlgorithm::RSA });
OPTION_WITH_DEFAULTS(Vector<NamedCurve>, elliptic_curves,
NamedCurve::x25519,
NamedCurve::secp256r1,
NamedCurve::x448)
OPTION_WITH_DEFAULTS(Vector<SupportedGroup>, elliptic_curves,
SupportedGroup::X25519,
SupportedGroup::SECP256R1,
SupportedGroup::X448)
OPTION_WITH_DEFAULTS(Vector<ECPointFormat>, supported_ec_point_formats, ECPointFormat::Uncompressed)
OPTION_WITH_DEFAULTS(bool, use_sni, true)