mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 20:57:35 +00:00
LibTLS: Implement the DHE_RSA key exchange algorithm
This adds two methods, handle_dhe_rsa_server_key_exchange and build_dhe_rsa_pre_master_secret, to TLSv12 and a struct, server_diffie_hellman_params, to Context, which are used to implement the DHE_RSA key exchange algorithm. This grants us the benefits of forward secrecy and access to sites which support DHE_RSA. It is worth noting that the signature of the server provided Diffie-Hellman parameters is not currently validated. This will need to be addressed to prevent man-in-the-middle attacks.
This commit is contained in:
parent
020bfc9d93
commit
b288016bbc
3 changed files with 75 additions and 5 deletions
|
@ -300,6 +300,12 @@ struct Context {
|
|||
size_t send_retries { 0 };
|
||||
|
||||
time_t handshake_initiation_timestamp { 0 };
|
||||
|
||||
struct {
|
||||
ByteBuffer p;
|
||||
ByteBuffer g;
|
||||
ByteBuffer Ys;
|
||||
} server_diffie_hellman_params;
|
||||
};
|
||||
|
||||
class TLSv12 : public Core::Socket {
|
||||
|
@ -397,6 +403,7 @@ private:
|
|||
ByteBuffer build_change_cipher_spec();
|
||||
ByteBuffer build_verify_request();
|
||||
void build_rsa_pre_master_secret(PacketBuilder&);
|
||||
void build_dhe_rsa_pre_master_secret(PacketBuilder&);
|
||||
|
||||
bool flush();
|
||||
void write_into_socket();
|
||||
|
@ -408,6 +415,7 @@ private:
|
|||
ssize_t handle_handshake_finished(ReadonlyBytes, WritePacketStage&);
|
||||
ssize_t handle_certificate(ReadonlyBytes);
|
||||
ssize_t handle_server_key_exchange(ReadonlyBytes);
|
||||
ssize_t handle_dhe_rsa_server_key_exchange(ReadonlyBytes);
|
||||
ssize_t handle_server_hello_done(ReadonlyBytes);
|
||||
ssize_t handle_certificate_verify(ReadonlyBytes);
|
||||
ssize_t handle_handshake_payload(ReadonlyBytes);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue