1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 13:37:44 +00:00

LibTLS: Implement the DHE_RSA key exchange algorithm

This adds two methods, handle_dhe_rsa_server_key_exchange and
build_dhe_rsa_pre_master_secret, to TLSv12 and a struct,
server_diffie_hellman_params, to Context, which are used to implement
the DHE_RSA key exchange algorithm. This grants us the benefits of
forward secrecy and access to sites which support DHE_RSA.

It is worth noting that the signature of the server provided
Diffie-Hellman parameters is not currently validated. This will need to
be addressed to prevent man-in-the-middle attacks.
This commit is contained in:
Samuel Bowman 2021-08-12 15:25:47 -04:00 committed by Ali Mohammad Pur
parent 020bfc9d93
commit b288016bbc
3 changed files with 75 additions and 5 deletions

View file

@ -300,6 +300,12 @@ struct Context {
size_t send_retries { 0 };
time_t handshake_initiation_timestamp { 0 };
struct {
ByteBuffer p;
ByteBuffer g;
ByteBuffer Ys;
} server_diffie_hellman_params;
};
class TLSv12 : public Core::Socket {
@ -397,6 +403,7 @@ private:
ByteBuffer build_change_cipher_spec();
ByteBuffer build_verify_request();
void build_rsa_pre_master_secret(PacketBuilder&);
void build_dhe_rsa_pre_master_secret(PacketBuilder&);
bool flush();
void write_into_socket();
@ -408,6 +415,7 @@ private:
ssize_t handle_handshake_finished(ReadonlyBytes, WritePacketStage&);
ssize_t handle_certificate(ReadonlyBytes);
ssize_t handle_server_key_exchange(ReadonlyBytes);
ssize_t handle_dhe_rsa_server_key_exchange(ReadonlyBytes);
ssize_t handle_server_hello_done(ReadonlyBytes);
ssize_t handle_certificate_verify(ReadonlyBytes);
ssize_t handle_handshake_payload(ReadonlyBytes);