beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-26 01:20:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

LibTLS: Add support for parsing curve25519 and curve448

Browse source
This commit is contained in:
stelar7 2024-10-28 10:26:15 +01:00 committed by Andreas Kling
parent 944f00c489
commit 5e98c3f763
Notes: github-actions[bot] 2024-10-31 08:53:37 +00:00 
Author: https://github.com/stelar7
Commit: https://github.com/LadybirdBrowser/ladybird/commit/5e98c3f7638
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/1983
Reviewed-by: https://github.com/BenWiederhake
2 changed files with 48 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
Userland/Libraries/LibTLS/Certificate.cpp
View file

@ -202,15 +202,23 @@ static ErrorOr<AlgorithmIdentifier> parse_algorithm_identifier(Crypto::ASN1::Dec
return AlgorithmIdentifier(algorithm); return AlgorithmIdentifier(algorithm);
} }
// https://www.ietf.org/rfc/rfc5758.txt
// When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or // When the ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or
// ecdsa-with-SHA512 algorithm identifier appears in the algorithm field // ecdsa-with-SHA512 algorithm identifier appears in the algorithm field
// as an AlgorithmIdentifier, the encoding MUST omit the parameters // as an AlgorithmIdentifier, the encoding MUST omit the parameters
// field. // field.
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
// For all of the OIDs, the parameters MUST be absent.
Array<Array<int, 7>, 8> no_parameter_algorithms = { Array<Array<int, 7>, 8> no_parameter_algorithms = {
ecdsa_with_sha224_encryption_oid, ecdsa_with_sha224_encryption_oid,
ecdsa_with_sha256_encryption_oid, ecdsa_with_sha256_encryption_oid,
ecdsa_with_sha384_encryption_oid, ecdsa_with_sha384_encryption_oid,
ecdsa_with_sha512_encryption_oid, ecdsa_with_sha512_encryption_oid,
x25519_oid,
x448_oid,
ed25519_oid,
ed448_oid
}; };
bool is_no_parameter_algorithm = false; bool is_no_parameter_algorithm = false;
@ -379,11 +387,23 @@ ErrorOr<SubjectPublicKey> parse_subject_public_key_info(Crypto::ASN1::Decoder& d
return public_key; return public_key;
} }
if (public_key.algorithm.identifier.span() == ec_public_key_encryption_oid.span()) { // https://datatracker.ietf.org/doc/html/rfc8410#section-9
// For all of the OIDs, the parameters MUST be absent.
Array<Array<int, 7>, 5> no_parameter_algorithms = {
ec_public_key_encryption_oid,
x25519_oid,
x448_oid,
ed25519_oid,
ed448_oid
};
for (auto const& inner : no_parameter_algorithms) {
if (public_key.algorithm.identifier.span() == inner.span()) {
// Note: Raw key is already stored, so we can just exit out at this point. // Note: Raw key is already stored, so we can just exit out at this point.
EXIT_SCOPE(); EXIT_SCOPE();
return public_key; return public_key;
} }
}
String algo_oid = TRY(String::join("."sv, public_key.algorithm.identifier)); String algo_oid = TRY(String::join("."sv, public_key.algorithm.identifier));
ERROR_WITH_SCOPE(TRY(String::formatted("Unhandled algorithm {}", algo_oid))); ERROR_WITH_SCOPE(TRY(String::formatted("Unhandled algorithm {}", algo_oid)));
@ -426,11 +446,23 @@ ErrorOr<PrivateKey> parse_private_key_info(Crypto::ASN1::Decoder& decoder, Vecto
return private_key; return private_key;
} }
if (private_key.algorithm.identifier.span() == ec_public_key_encryption_oid.span()) { // https://datatracker.ietf.org/doc/html/rfc8410#section-9
// For all of the OIDs, the parameters MUST be absent.
Array<Array<int, 7>, 5> no_parameter_algorithms = {
ec_public_key_encryption_oid,
x25519_oid,
x448_oid,
ed25519_oid,
ed448_oid
};
for (auto const& inner : no_parameter_algorithms) {
if (private_key.algorithm.identifier.span() == inner.span()) {
// Note: Raw key is already stored, so we can just exit out at this point. // Note: Raw key is already stored, so we can just exit out at this point.
EXIT_SCOPE(); EXIT_SCOPE();
return private_key; return private_key;
} }
}
String algo_oid = TRY(String::join("."sv, private_key.algorithm.identifier)); String algo_oid = TRY(String::join("."sv, private_key.algorithm.identifier));
ERROR_WITH_SCOPE(TRY(String::formatted("Unhandled algorithm {}", algo_oid))); ERROR_WITH_SCOPE(TRY(String::formatted("Unhandled algorithm {}", algo_oid)));

11
Userland/Libraries/LibTLS/Certificate.h
View file

@ -31,9 +31,13 @@ constexpr static Array<int, 7>
ecdsa_with_sha256_encryption_oid { 1, 2, 840, 10045, 4, 3, 2 }, ecdsa_with_sha256_encryption_oid { 1, 2, 840, 10045, 4, 3, 2 },
ecdsa_with_sha384_encryption_oid { 1, 2, 840, 10045, 4, 3, 3 }, ecdsa_with_sha384_encryption_oid { 1, 2, 840, 10045, 4, 3, 3 },
ecdsa_with_sha512_encryption_oid { 1, 2, 840, 10045, 4, 3, 4 }, ecdsa_with_sha512_encryption_oid { 1, 2, 840, 10045, 4, 3, 4 },
ec_public_key_encryption_oid { 1, 2, 840, 10045, 2, 1 }; ec_public_key_encryption_oid { 1, 2, 840, 10045, 2, 1 },
x25519_oid { 1, 3, 101, 110 },
x448_oid { 1, 3, 101, 111 },
ed25519_oid { 1, 3, 101, 112 },
ed448_oid { 1, 3, 101, 113 };
constexpr static Array<Array<int, 7>, 9> known_algorithm_identifiers { constexpr static Array<Array<int, 7>, 10> known_algorithm_identifiers {
rsa_encryption_oid, rsa_encryption_oid,
rsa_md5_encryption_oid, rsa_md5_encryption_oid,
rsa_sha1_encryption_oid, rsa_sha1_encryption_oid,
@ -42,7 +46,8 @@ constexpr static Array<Array<int, 7>, 9> known_algorithm_identifiers {
rsa_sha512_encryption_oid, rsa_sha512_encryption_oid,
ecdsa_with_sha256_encryption_oid, ecdsa_with_sha256_encryption_oid,
ecdsa_with_sha384_encryption_oid, ecdsa_with_sha384_encryption_oid,
ec_public_key_encryption_oid ec_public_key_encryption_oid,
x25519_oid
}; };
constexpr static Array<int, 7> constexpr static Array<int, 7>