mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 14:37:46 +00:00
LibTLS: Rename NamedCurve to SupportedGroup
This matches the wording used in the IANA registry and TLS 1.3 Also add missing values from the IANA registry
This commit is contained in:
parent
6df3ffaf45
commit
a4855aef17
5 changed files with 87 additions and 24 deletions
|
@ -11,7 +11,7 @@
|
|||
#include <LibCrypto/ASN1/ASN1.h>
|
||||
#include <LibCrypto/ASN1/DER.h>
|
||||
#include <LibCrypto/ASN1/PEM.h>
|
||||
#include <LibTLS/CipherSuite.h>
|
||||
#include <LibTLS/Extensions.h>
|
||||
|
||||
namespace TLS {
|
||||
|
||||
|
@ -112,12 +112,12 @@ constexpr static Array<int, 4>
|
|||
} \
|
||||
} while (0)
|
||||
|
||||
static ErrorOr<NamedCurve> oid_to_curve(Vector<int> curve)
|
||||
static ErrorOr<SupportedGroup> oid_to_curve(Vector<int> curve)
|
||||
{
|
||||
if (curve == curve_ansip384r1)
|
||||
return NamedCurve::secp384r1;
|
||||
return SupportedGroup::SECP384R1;
|
||||
else if (curve == curve_prime256)
|
||||
return NamedCurve::secp256r1;
|
||||
return SupportedGroup::SECP256R1;
|
||||
|
||||
return Error::from_string_view(TRY(String::formatted("Unknown curve oid {}", curve)));
|
||||
}
|
||||
|
@ -175,7 +175,7 @@ static ErrorOr<Crypto::UnsignedBigInteger> parse_serial_number(Crypto::ASN1::Dec
|
|||
return serial;
|
||||
}
|
||||
|
||||
static ErrorOr<NamedCurve> parse_ec_parameters(Crypto::ASN1::Decoder& decoder, Vector<StringView> current_scope)
|
||||
static ErrorOr<SupportedGroup> parse_ec_parameters(Crypto::ASN1::Decoder& decoder, Vector<StringView> current_scope)
|
||||
{
|
||||
// ECParameters ::= CHOICE {
|
||||
// namedCurve OBJECT IDENTIFIER
|
||||
|
@ -314,9 +314,9 @@ static ErrorOr<CertificateKeyAlgorithm> parse_algorithm_identifier(Crypto::ASN1:
|
|||
auto ec_parameters = TRY(parse_ec_parameters(decoder, current_scope));
|
||||
EXIT_SCOPE();
|
||||
|
||||
if (ec_parameters == NamedCurve::secp256r1)
|
||||
if (ec_parameters == SupportedGroup::SECP256R1)
|
||||
return CertificateKeyAlgorithm::ECDSA_SECP256R1;
|
||||
else if (ec_parameters == NamedCurve::secp384r1)
|
||||
else if (ec_parameters == SupportedGroup::SECP384R1)
|
||||
return CertificateKeyAlgorithm::ECDSA_SECP384R1;
|
||||
}
|
||||
|
||||
|
|
|
@ -189,14 +189,6 @@ constexpr size_t cipher_key_size(CipherAlgorithm algorithm)
|
|||
}
|
||||
}
|
||||
|
||||
enum class NamedCurve : u16 {
|
||||
secp256r1 = 23,
|
||||
secp384r1 = 24,
|
||||
secp521r1 = 25,
|
||||
x25519 = 29,
|
||||
x448 = 30,
|
||||
};
|
||||
|
||||
enum class ECPointFormat : u8 {
|
||||
Uncompressed = 0,
|
||||
};
|
||||
|
|
|
@ -176,6 +176,77 @@ enum class ECCurveType : u8 {
|
|||
__ENUM_EC_CURVE_TYPES
|
||||
};
|
||||
|
||||
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
|
||||
#define __ENUM_SUPPORTED_GROUPS \
|
||||
_ENUM_KEY_VALUE(SECT163K1, 0x0001) \
|
||||
_ENUM_KEY_VALUE(SECT163R1, 0x0002) \
|
||||
_ENUM_KEY_VALUE(SECT163R2, 0x0003) \
|
||||
_ENUM_KEY_VALUE(SECT193R1, 0x0004) \
|
||||
_ENUM_KEY_VALUE(SECT193R2, 0x0005) \
|
||||
_ENUM_KEY_VALUE(SECT233K1, 0x0006) \
|
||||
_ENUM_KEY_VALUE(SECT233R1, 0x0007) \
|
||||
_ENUM_KEY_VALUE(SECT239K1, 0x0008) \
|
||||
_ENUM_KEY_VALUE(SECT283K1, 0x0009) \
|
||||
_ENUM_KEY_VALUE(SECT283R1, 0x000a) \
|
||||
_ENUM_KEY_VALUE(SECT409K1, 0x000b) \
|
||||
_ENUM_KEY_VALUE(SECT409R1, 0x000c) \
|
||||
_ENUM_KEY_VALUE(SECT571K1, 0x000d) \
|
||||
_ENUM_KEY_VALUE(SECT571R1, 0x000e) \
|
||||
_ENUM_KEY_VALUE(SECP160K1, 0x000f) \
|
||||
_ENUM_KEY_VALUE(SECP160R1, 0x0010) \
|
||||
_ENUM_KEY_VALUE(SECP160R2, 0x0011) \
|
||||
_ENUM_KEY_VALUE(SECP192K1, 0x0012) \
|
||||
_ENUM_KEY_VALUE(SECP192R1, 0x0013) \
|
||||
_ENUM_KEY_VALUE(SECP224K1, 0x0014) \
|
||||
_ENUM_KEY_VALUE(SECP224R1, 0x0015) \
|
||||
_ENUM_KEY_VALUE(SECP256K1, 0x0016) \
|
||||
_ENUM_KEY_VALUE(SECP256R1, 0x0017) \
|
||||
_ENUM_KEY_VALUE(SECP384R1, 0x0018) \
|
||||
_ENUM_KEY_VALUE(SECP521R1, 0x0019) \
|
||||
_ENUM_KEY_VALUE(BRAINPOOLP256R1, 0x001a) \
|
||||
_ENUM_KEY_VALUE(BRAINPOOLP384R1, 0x001b) \
|
||||
_ENUM_KEY_VALUE(BRAINPOOLP512R1, 0x001c) \
|
||||
_ENUM_KEY_VALUE(X25519, 0x001d) \
|
||||
_ENUM_KEY_VALUE(X448, 0x001e) \
|
||||
_ENUM_KEY_VALUE(BRAINPOOLP256R1TLS13, 0x001f) \
|
||||
_ENUM_KEY_VALUE(BRAINPOOLP384R1TLS13, 0x0020) \
|
||||
_ENUM_KEY_VALUE(BRAINPOOLP512R1TLS13, 0x0021) \
|
||||
_ENUM_KEY_VALUE(GC256A, 0x0022) \
|
||||
_ENUM_KEY_VALUE(GC256B, 0x0023) \
|
||||
_ENUM_KEY_VALUE(GC256C, 0x0024) \
|
||||
_ENUM_KEY_VALUE(GC256D, 0x0025) \
|
||||
_ENUM_KEY_VALUE(GC512A, 0x0026) \
|
||||
_ENUM_KEY_VALUE(GC512B, 0x0027) \
|
||||
_ENUM_KEY_VALUE(GC512C, 0x0028) \
|
||||
_ENUM_KEY_VALUE(CURVESM2, 0x0029) \
|
||||
_ENUM_KEY_VALUE(FFDHE2048, 0x0100) \
|
||||
_ENUM_KEY_VALUE(FFDHE3072, 0x0101) \
|
||||
_ENUM_KEY_VALUE(FFDHE4096, 0x0102) \
|
||||
_ENUM_KEY_VALUE(FFDHE6144, 0x0103) \
|
||||
_ENUM_KEY_VALUE(FFDHE8192, 0x0104) \
|
||||
_ENUM_KEY_VALUE(ARBITRARY_EXPLICIT_PRIME_CURVES, 0xff01) \
|
||||
_ENUM_KEY_VALUE(ARBITRARY_EXPLICIT_CHAR2_CURVES, 0xff02) \
|
||||
_ENUM_KEY_VALUE(GREASE_0, 0x0A0A) \
|
||||
_ENUM_KEY_VALUE(GREASE_1, 0x1A1A) \
|
||||
_ENUM_KEY_VALUE(GREASE_2, 0x2A2A) \
|
||||
_ENUM_KEY_VALUE(GREASE_3, 0x3A3A) \
|
||||
_ENUM_KEY_VALUE(GREASE_4, 0x4A4A) \
|
||||
_ENUM_KEY_VALUE(GREASE_5, 0x5A5A) \
|
||||
_ENUM_KEY_VALUE(GREASE_6, 0x6A6A) \
|
||||
_ENUM_KEY_VALUE(GREASE_7, 0x7A7A) \
|
||||
_ENUM_KEY_VALUE(GREASE_8, 0x8A8A) \
|
||||
_ENUM_KEY_VALUE(GREASE_9, 0x9A9A) \
|
||||
_ENUM_KEY_VALUE(GREASE_A, 0xAAAA) \
|
||||
_ENUM_KEY_VALUE(GREASE_B, 0xBABA) \
|
||||
_ENUM_KEY_VALUE(GREASE_C, 0xCACA) \
|
||||
_ENUM_KEY_VALUE(GREASE_D, 0xDADA) \
|
||||
_ENUM_KEY_VALUE(GREASE_E, 0xEAEA) \
|
||||
_ENUM_KEY_VALUE(GREASE_F, 0xFAFA)
|
||||
|
||||
enum class SupportedGroup : u16 {
|
||||
__ENUM_SUPPORTED_GROUPS
|
||||
};
|
||||
|
||||
#undef _ENUM_KEY
|
||||
#undef _ENUM_KEY_VALUE
|
||||
|
||||
|
|
|
@ -301,18 +301,18 @@ ssize_t TLSv12::handle_ecdhe_rsa_server_key_exchange(ReadonlyBytes buffer)
|
|||
if (curve_type != (u8)ECCurveType::NAMED_CURVE)
|
||||
return (i8)Error::NotUnderstood;
|
||||
|
||||
auto curve = static_cast<NamedCurve>(AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(4))));
|
||||
auto curve = static_cast<SupportedGroup>(AK::convert_between_host_and_network_endian(ByteReader::load16(buffer.offset_pointer(4))));
|
||||
if (!m_context.options.elliptic_curves.contains_slow(curve))
|
||||
return (i8)Error::NotUnderstood;
|
||||
|
||||
switch ((NamedCurve)curve) {
|
||||
case NamedCurve::x25519:
|
||||
switch ((SupportedGroup)curve) {
|
||||
case SupportedGroup::X25519:
|
||||
m_context.server_key_exchange_curve = make<Crypto::Curves::X25519>();
|
||||
break;
|
||||
case NamedCurve::x448:
|
||||
case SupportedGroup::X448:
|
||||
m_context.server_key_exchange_curve = make<Crypto::Curves::X448>();
|
||||
break;
|
||||
case NamedCurve::secp256r1:
|
||||
case SupportedGroup::SECP256R1:
|
||||
m_context.server_key_exchange_curve = make<Crypto::Curves::SECP256r1>();
|
||||
break;
|
||||
default:
|
||||
|
|
|
@ -211,10 +211,10 @@ struct Options {
|
|||
{ HashAlgorithm::SHA384, SignatureAlgorithm::RSA },
|
||||
{ HashAlgorithm::SHA256, SignatureAlgorithm::RSA },
|
||||
{ HashAlgorithm::SHA1, SignatureAlgorithm::RSA });
|
||||
OPTION_WITH_DEFAULTS(Vector<NamedCurve>, elliptic_curves,
|
||||
NamedCurve::x25519,
|
||||
NamedCurve::secp256r1,
|
||||
NamedCurve::x448)
|
||||
OPTION_WITH_DEFAULTS(Vector<SupportedGroup>, elliptic_curves,
|
||||
SupportedGroup::X25519,
|
||||
SupportedGroup::SECP256R1,
|
||||
SupportedGroup::X448)
|
||||
OPTION_WITH_DEFAULTS(Vector<ECPointFormat>, supported_ec_point_formats, ECPointFormat::Uncompressed)
|
||||
|
||||
OPTION_WITH_DEFAULTS(bool, use_sni, true)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue