mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 14:17:45 +00:00
LibTLS: Update HandshakeType value names to match IANA registry values
This commit is contained in:
stelar7
Sam Atkins
parent
611a235a52
commit
c30ee1b89b
5 changed files with 51 additions and 34 deletions
|
|
@ -62,6 +62,37 @@ enum class AlertLevel : u8 {
|
|||
__ENUM_ALERT_LEVELS
|
||||
};
|
||||
|
||||
// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-7
|
||||
#define __ENUM_HANDSHAKE_TYPES \
|
||||
_ENUM_KEY_VALUE(HELLO_REQUEST_RESERVED, 0) \
|
||||
_ENUM_KEY_VALUE(CLIENT_HELLO, 1) \
|
||||
_ENUM_KEY_VALUE(SERVER_HELLO, 2) \
|
||||
_ENUM_KEY_VALUE(HELLO_VERIFY_REQUEST_RESERVED, 3) \
|
||||
_ENUM_KEY_VALUE(NEW_SESSION_TICKET, 4) \
|
||||
_ENUM_KEY_VALUE(END_OF_EARLY_DATA, 5) \
|
||||
_ENUM_KEY_VALUE(HELLO_RETRY_REQUEST_RESERVED, 6) \
|
||||
_ENUM_KEY_VALUE(ENCRYPTED_EXTENSIONS, 8) \
|
||||
_ENUM_KEY_VALUE(REQUEST_CONNECTION_ID, 9) \
|
||||
_ENUM_KEY_VALUE(NEW_CONNECTION_ID, 10) \
|
||||
_ENUM_KEY_VALUE(CERTIFICATE, 11) \
|
||||
_ENUM_KEY_VALUE(SERVER_KEY_EXCHANGE_RESERVED, 12) \
|
||||
_ENUM_KEY_VALUE(CERTIFICATE_REQUEST, 13) \
|
||||
_ENUM_KEY_VALUE(SERVER_HELLO_DONE_RESERVED, 14) \
|
||||
_ENUM_KEY_VALUE(CERTIFICATE_VERIFY, 15) \
|
||||
_ENUM_KEY_VALUE(CLIENT_KEY_EXCHANGE_RESERVED, 16) \
|
||||
_ENUM_KEY_VALUE(FINISHED, 20) \
|
||||
_ENUM_KEY_VALUE(CERTIFICATE_URL_RESERVED, 21) \
|
||||
_ENUM_KEY_VALUE(CERTIFICATE_STATUS_RESERVED, 22) \
|
||||
_ENUM_KEY_VALUE(SUPPLEMENTAL_DATA_RESERVED, 23) \
|
||||
_ENUM_KEY_VALUE(KEY_UPDATE, 24) \
|
||||
_ENUM_KEY_VALUE(COMPRESSED_CERTIFICATE, 25) \
|
||||
_ENUM_KEY_VALUE(EKT_KEY, 26) \
|
||||
_ENUM_KEY_VALUE(MESSAGE_HASH, 254)
|
||||
|
||||
enum class HandshakeType : u8 {
|
||||
__ENUM_HANDSHAKE_TYPES
|
||||
};
|
||||
|
||||
#undef _ENUM_KEY
|
||||
#undef _ENUM_KEY_VALUE
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ ByteBuffer TLSv12::build_hello()
|
|||
auto version = (u16)m_context.options.version;
|
||||
PacketBuilder builder { ContentType::HANDSHAKE, packet_version };
|
||||
|
||||
builder.append((u8)ClientHello);
|
||||
builder.append(to_underlying(HandshakeType::CLIENT_HELLO));
|
||||
|
||||
// hello length (for later)
|
||||
u8 dummy[3] = {};
|
||||
|
|
@ -163,7 +163,7 @@ ByteBuffer TLSv12::build_change_cipher_spec()
|
|||
ByteBuffer TLSv12::build_handshake_finished()
|
||||
{
|
||||
PacketBuilder builder { ContentType::HANDSHAKE, m_context.options.version, 12 + 64 };
|
||||
builder.append((u8)HandshakeType::Finished);
|
||||
builder.append((u8)HandshakeType::FINISHED);
|
||||
|
||||
// RFC 5246 section 7.4.9: "In previous versions of TLS, the verify_data was always 12 octets
|
||||
// long. In the current version of TLS, it depends on the cipher
|
||||
|
|
@ -250,7 +250,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
ssize_t payload_res = 0;
|
||||
if (buffer_length < 1)
|
||||
return (i8)Error::NeedMoreData;
|
||||
auto type = buffer[0];
|
||||
auto type = static_cast<HandshakeType>(buffer[0]);
|
||||
auto write_packets { WritePacketStage::Initial };
|
||||
size_t payload_size = buffer[1] * 0x10000 + buffer[2] * 0x100 + buffer[3] + 3;
|
||||
dbgln_if(TLS_DEBUG, "payload size: {} buffer length: {}", payload_size, buffer_length);
|
||||
|
|
@ -258,7 +258,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
return (i8)Error::NeedMoreData;
|
||||
|
||||
switch (type) {
|
||||
case HelloRequest:
|
||||
case HandshakeType::HELLO_REQUEST_RESERVED:
|
||||
if (m_context.handshake_messages[0] >= 1) {
|
||||
dbgln("unexpected hello request message");
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
|
|
@ -274,14 +274,14 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
}
|
||||
break;
|
||||
case ClientHello:
|
||||
case HandshakeType::CLIENT_HELLO:
|
||||
// FIXME: We only support client mode right now
|
||||
if (m_context.is_server) {
|
||||
VERIFY_NOT_REACHED();
|
||||
}
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
break;
|
||||
case ServerHello:
|
||||
case HandshakeType::SERVER_HELLO:
|
||||
if (m_context.handshake_messages[2] >= 1) {
|
||||
dbgln("unexpected server hello message");
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
|
|
@ -295,11 +295,11 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
}
|
||||
payload_res = handle_server_hello(buffer.slice(1, payload_size), write_packets);
|
||||
break;
|
||||
case HelloVerifyRequest:
|
||||
case HandshakeType::HELLO_VERIFY_REQUEST_RESERVED:
|
||||
dbgln("unsupported: DTLS");
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
break;
|
||||
case CertificateMessage:
|
||||
case HandshakeType::CERTIFICATE:
|
||||
if (m_context.handshake_messages[4] >= 1) {
|
||||
dbgln("unexpected certificate message");
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
|
|
@ -317,7 +317,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
}
|
||||
break;
|
||||
case ServerKeyExchange:
|
||||
case HandshakeType::SERVER_KEY_EXCHANGE_RESERVED:
|
||||
if (m_context.handshake_messages[5] >= 1) {
|
||||
dbgln("unexpected server key exchange message");
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
|
|
@ -332,7 +332,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
payload_res = handle_server_key_exchange(buffer.slice(1, payload_size));
|
||||
}
|
||||
break;
|
||||
case CertificateRequest:
|
||||
case HandshakeType::CERTIFICATE_REQUEST:
|
||||
if (m_context.handshake_messages[6] >= 1) {
|
||||
dbgln("unexpected certificate request message");
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
|
|
@ -351,7 +351,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
m_context.client_verified = VerificationNeeded;
|
||||
}
|
||||
break;
|
||||
case ServerHelloDone:
|
||||
case HandshakeType::SERVER_HELLO_DONE_RESERVED:
|
||||
if (m_context.handshake_messages[7] >= 1) {
|
||||
dbgln("unexpected server hello done message");
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
|
|
@ -368,7 +368,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
write_packets = WritePacketStage::ClientHandshake;
|
||||
}
|
||||
break;
|
||||
case CertificateVerify:
|
||||
case HandshakeType::CERTIFICATE_VERIFY:
|
||||
if (m_context.handshake_messages[8] >= 1) {
|
||||
dbgln("unexpected certificate verify message");
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
|
|
@ -382,7 +382,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
}
|
||||
break;
|
||||
case ClientKeyExchange:
|
||||
case HandshakeType::CLIENT_KEY_EXCHANGE_RESERVED:
|
||||
if (m_context.handshake_messages[9] >= 1) {
|
||||
dbgln("unexpected client key exchange message");
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
|
|
@ -397,7 +397,7 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
}
|
||||
break;
|
||||
case Finished:
|
||||
case HandshakeType::FINISHED:
|
||||
m_context.cached_handshake.clear();
|
||||
if (m_context.handshake_messages[10] >= 1) {
|
||||
dbgln("unexpected finished message");
|
||||
|
|
@ -412,11 +412,11 @@ ssize_t TLSv12::handle_handshake_payload(ReadonlyBytes vbuffer)
|
|||
}
|
||||
break;
|
||||
default:
|
||||
dbgln("message type not understood: {}", type);
|
||||
dbgln("message type not understood: {}", to_underlying(type));
|
||||
return (i8)Error::NotUnderstood;
|
||||
}
|
||||
|
||||
if (type != HelloRequest) {
|
||||
if (type != HandshakeType::HELLO_REQUEST_RESERVED) {
|
||||
update_hash(buffer.slice(0, payload_size + 1), 0);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -338,7 +338,7 @@ ByteBuffer TLSv12::build_certificate()
|
|||
}
|
||||
}
|
||||
|
||||
builder.append((u8)HandshakeType::CertificateMessage);
|
||||
builder.append((u8)HandshakeType::CERTIFICATE);
|
||||
|
||||
if (!total_certificate_size) {
|
||||
dbgln_if(TLS_DEBUG, "No certificates, sending empty certificate message");
|
||||
|
|
@ -370,7 +370,7 @@ ByteBuffer TLSv12::build_client_key_exchange()
|
|||
}
|
||||
|
||||
PacketBuilder builder { ContentType::HANDSHAKE, m_context.options.version };
|
||||
builder.append((u8)HandshakeType::ClientKeyExchange);
|
||||
builder.append((u8)HandshakeType::CLIENT_KEY_EXCHANGE_RESERVED);
|
||||
|
||||
switch (get_key_exchange_algorithm(m_context.cipher)) {
|
||||
case KeyExchangeAlgorithm::RSA:
|
||||
|
|
|
|||
|
|
@ -71,8 +71,8 @@ void TLSv12::update_packet(ByteBuffer& packet)
|
|||
|
||||
if (packet[0] != (u8)ContentType::CHANGE_CIPHER_SPEC) {
|
||||
if (packet[0] == (u8)ContentType::HANDSHAKE && packet.size() > header_size) {
|
||||
u8 handshake_type = packet[header_size];
|
||||
if (handshake_type != HandshakeType::HelloRequest && handshake_type != HandshakeType::HelloVerifyRequest) {
|
||||
auto handshake_type = static_cast<HandshakeType>(packet[header_size]);
|
||||
if (handshake_type != HandshakeType::HELLO_REQUEST_RESERVED && handshake_type != HandshakeType::HELLO_VERIFY_REQUEST_RESERVED) {
|
||||
update_hash(packet.bytes(), header_size);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -113,20 +113,6 @@ enum class Error : i8 {
|
|||
OutOfMemory = -23,
|
||||
};
|
||||
|
||||
enum HandshakeType {
|
||||
HelloRequest = 0x00,
|
||||
ClientHello = 0x01,
|
||||
ServerHello = 0x02,
|
||||
HelloVerifyRequest = 0x03,
|
||||
CertificateMessage = 0x0b,
|
||||
ServerKeyExchange = 0x0c,
|
||||
CertificateRequest = 0x0d,
|
||||
ServerHelloDone = 0x0e,
|
||||
CertificateVerify = 0x0f,
|
||||
ClientKeyExchange = 0x10,
|
||||
Finished = 0x14
|
||||
};
|
||||
|
||||
enum class HandshakeExtension : u16 {
|
||||
ServerName = 0x00,
|
||||
EllipticCurves = 0x0a,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue