LibTLS: Try to disambiguate errors in case of failure

Not particularly helpful, but better than nothing.
This commit is contained in:
AnotherTest 2020-05-05 13:24:00 +04:30 committed by Andreas Kling
parent fcd922f7b1
commit 2a29e668bd
Notes: sideshowbarker 2024-07-19 06:57:35 +09:00
3 changed files with 74 additions and 28 deletions

View file

@ -282,8 +282,9 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
auto level = plain[0];
auto code = plain[1];
if (level == (u8)AlertLevel::Critical) {
dbg() << "We were alerted of a critical error: " << code;
dbg() << "We were alerted of a critical error: " << code << " (" << alert_name((AlertDescription)code) << ")";
m_context.critical_error = code;
try_disambiguate_error();
res = (i8)Error::UnknownError;
} else {
dbg() << "Alert: " << code;

View file

@ -519,4 +519,28 @@ void TLSv12::ensure_hmac(size_t digest_size, bool local)
m_hmac_remote = move(hmac);
}
void TLSv12::try_disambiguate_error() const
{
dbg() << "Possible failure cause: ";
switch ((AlertDescription)m_context.critical_error) {
case AlertDescription::HandshakeFailure:
if (!m_context.cipher_spec_set) {
dbg() << "- No cipher suite in common with " << m_context.SNI;
} else {
dbg() << "- Unknown internal issue";
}
break;
case AlertDescription::InsufficientSecurity:
dbg() << "- No cipher suite in common with " << m_context.SNI << " (the server is oh so secure)";
break;
case AlertDescription::DecryptionFailed:
dbg() << "- Bad MAC record from our side";
dbg() << "- Bad block cipher padding";
break;
default:
dbg() << "- No one knows";
break;
}
}
}

View file

@ -73,36 +73,55 @@ enum class CipherSuite {
RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
};
#define ENUMERATE_ALERT_DESCRIPTIONS \
ENUMERATE_ALERT_DESCRIPTION(CloseNotify, 0) \
ENUMERATE_ALERT_DESCRIPTION(UnexpectedMessage, 10) \
ENUMERATE_ALERT_DESCRIPTION(BadRecordMAC, 20) \
ENUMERATE_ALERT_DESCRIPTION(DecryptionFailed, 21) \
ENUMERATE_ALERT_DESCRIPTION(RecordOverflow, 22) \
ENUMERATE_ALERT_DESCRIPTION(DecompressionFailure, 30) \
ENUMERATE_ALERT_DESCRIPTION(HandshakeFailure, 40) \
ENUMERATE_ALERT_DESCRIPTION(NoCertificate, 41) \
ENUMERATE_ALERT_DESCRIPTION(BadCertificate, 42) \
ENUMERATE_ALERT_DESCRIPTION(UnsupportedCertificate, 43) \
ENUMERATE_ALERT_DESCRIPTION(CertificateRevoked, 44) \
ENUMERATE_ALERT_DESCRIPTION(CertificateExpired, 45) \
ENUMERATE_ALERT_DESCRIPTION(CertificateUnknown, 46) \
ENUMERATE_ALERT_DESCRIPTION(IllegalParameter, 47) \
ENUMERATE_ALERT_DESCRIPTION(UnknownCA, 48) \
ENUMERATE_ALERT_DESCRIPTION(AccessDenied, 49) \
ENUMERATE_ALERT_DESCRIPTION(DecodeError, 50) \
ENUMERATE_ALERT_DESCRIPTION(DecryptError, 51) \
ENUMERATE_ALERT_DESCRIPTION(ExportRestriction, 60) \
ENUMERATE_ALERT_DESCRIPTION(ProtocolVersion, 70) \
ENUMERATE_ALERT_DESCRIPTION(InsufficientSecurity, 71) \
ENUMERATE_ALERT_DESCRIPTION(InternalError, 80) \
ENUMERATE_ALERT_DESCRIPTION(InappropriateFallback, 86) \
ENUMERATE_ALERT_DESCRIPTION(UserCanceled, 90) \
ENUMERATE_ALERT_DESCRIPTION(NoRenegotiation, 100) \
ENUMERATE_ALERT_DESCRIPTION(UnsupportedExtension, 110) \
ENUMERATE_ALERT_DESCRIPTION(NoError, 255)
enum class AlertDescription : u8 {
CloseNotify = 0,
UnexpectedMessage = 10,
BadRecordMAC = 20,
DecryptionFailed = 21,
RecordOverflow = 22,
DecompressionFailure = 30,
HandshakeFailure = 40,
NoCertificate = 41,
BadCertificate = 42,
UnsupportedCertificate = 43,
CertificateRevoked = 44,
CertificateExpired = 45,
CertificateUnknown = 46,
IllegalParameter = 47,
UnknownCA = 48,
AccessDenied = 49,
DecodeError = 50,
DecryptError = 51,
ExportRestriction = 60,
ProtocolVersion = 70,
InsufficientSecurity = 71,
InternalError = 80,
InappropriateFallback = 86,
UserCanceled = 90,
NoRenegotiation = 100,
UnsupportedExtension = 110,
NoError = 255
#define ENUMERATE_ALERT_DESCRIPTION(name, value) name = value,
ENUMERATE_ALERT_DESCRIPTIONS
#undef ENUMERATE_ALERT_DESCRIPTION
};
constexpr static const char* alert_name(AlertDescription descriptor)
{
#define ENUMERATE_ALERT_DESCRIPTION(name, value) \
case AlertDescription::name: \
return #name;
switch (descriptor) {
ENUMERATE_ALERT_DESCRIPTIONS
}
return "Unknown";
#undef ENUMERATE_ALERT_DESCRIPTION
}
enum class Error : i8 {
NoError = 0,
UnknownError = -1,
@ -437,6 +456,8 @@ private:
bool compute_master_secret(size_t length);
void try_disambiguate_error() const;
Context m_context;
OwnPtr<Crypto::Authentication::HMAC<Crypto::Hash::Manager>> m_hmac_local;