mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-11-30 03:20:28 +00:00
LibTLS: Add support for SECP384r1
This commit is contained in:
parent
6322d68b1b
commit
927dc1f02a
Notes:
sideshowbarker
2024-07-17 06:51:48 +09:00
Author: https://github.com/msvisser Commit: https://github.com/SerenityOS/serenity/commit/927dc1f02a Pull-request: https://github.com/SerenityOS/serenity/pull/21875 Issue: https://github.com/SerenityOS/serenity/issues/21211
3 changed files with 29 additions and 0 deletions
|
@ -14,6 +14,7 @@
|
||||||
#include <LibCrypto/Curves/Ed25519.h>
|
#include <LibCrypto/Curves/Ed25519.h>
|
||||||
#include <LibCrypto/Curves/EllipticCurve.h>
|
#include <LibCrypto/Curves/EllipticCurve.h>
|
||||||
#include <LibCrypto/Curves/SECP256r1.h>
|
#include <LibCrypto/Curves/SECP256r1.h>
|
||||||
|
#include <LibCrypto/Curves/SECP384r1.h>
|
||||||
#include <LibCrypto/Curves/X25519.h>
|
#include <LibCrypto/Curves/X25519.h>
|
||||||
#include <LibCrypto/Curves/X448.h>
|
#include <LibCrypto/Curves/X448.h>
|
||||||
#include <LibCrypto/PK/Code/EMSA_PKCS1_V1_5.h>
|
#include <LibCrypto/PK/Code/EMSA_PKCS1_V1_5.h>
|
||||||
|
@ -317,6 +318,9 @@ ssize_t TLSv12::handle_ecdhe_server_key_exchange(ReadonlyBytes buffer, u8& serve
|
||||||
case SupportedGroup::SECP256R1:
|
case SupportedGroup::SECP256R1:
|
||||||
m_context.server_key_exchange_curve = make<Crypto::Curves::SECP256r1>();
|
m_context.server_key_exchange_curve = make<Crypto::Curves::SECP256r1>();
|
||||||
break;
|
break;
|
||||||
|
case SupportedGroup::SECP384R1:
|
||||||
|
m_context.server_key_exchange_curve = make<Crypto::Curves::SECP384r1>();
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
return (i8)Error::NotUnderstood;
|
return (i8)Error::NotUnderstood;
|
||||||
}
|
}
|
||||||
|
@ -493,6 +497,15 @@ ssize_t TLSv12::verify_ecdsa_server_key_exchange(ReadonlyBytes server_key_info_b
|
||||||
res = curve.verify(digest.bytes(), server_point, signature);
|
res = curve.verify(digest.bytes(), server_point, signature);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
case SupportedGroup::SECP384R1: {
|
||||||
|
Crypto::Hash::Manager manager(hash_kind);
|
||||||
|
manager.update(message);
|
||||||
|
auto digest = manager.digest();
|
||||||
|
|
||||||
|
Crypto::Curves::SECP384r1 curve;
|
||||||
|
res = curve.verify(digest.bytes(), server_point, signature);
|
||||||
|
break;
|
||||||
|
}
|
||||||
default: {
|
default: {
|
||||||
dbgln("verify_ecdsa_server_key_exchange failed: Server certificate public key algorithm is not supported: {}", to_underlying(public_key.algorithm.ec_parameters));
|
dbgln("verify_ecdsa_server_key_exchange failed: Server certificate public key algorithm is not supported: {}", to_underlying(public_key.algorithm.ec_parameters));
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
#include <LibCrypto/ASN1/PEM.h>
|
#include <LibCrypto/ASN1/PEM.h>
|
||||||
#include <LibCrypto/Curves/Ed25519.h>
|
#include <LibCrypto/Curves/Ed25519.h>
|
||||||
#include <LibCrypto/Curves/SECP256r1.h>
|
#include <LibCrypto/Curves/SECP256r1.h>
|
||||||
|
#include <LibCrypto/Curves/SECP384r1.h>
|
||||||
#include <LibCrypto/PK/Code/EMSA_PKCS1_V1_5.h>
|
#include <LibCrypto/PK/Code/EMSA_PKCS1_V1_5.h>
|
||||||
#include <LibCrypto/PK/Code/EMSA_PSS.h>
|
#include <LibCrypto/PK/Code/EMSA_PSS.h>
|
||||||
#include <LibFileSystem/FileSystem.h>
|
#include <LibFileSystem/FileSystem.h>
|
||||||
|
@ -413,6 +414,19 @@ bool Context::verify_certificate_pair(Certificate const& subject, Certificate co
|
||||||
}
|
}
|
||||||
return result.value();
|
return result.value();
|
||||||
}
|
}
|
||||||
|
case SupportedGroup::SECP384R1: {
|
||||||
|
Crypto::Hash::Manager hasher(kind);
|
||||||
|
hasher.update(subject.tbs_asn1.bytes());
|
||||||
|
auto hash = hasher.digest();
|
||||||
|
|
||||||
|
Crypto::Curves::SECP384r1 curve;
|
||||||
|
auto result = curve.verify(hash.bytes(), issuer.public_key.raw_key, subject.signature_value);
|
||||||
|
if (result.is_error()) {
|
||||||
|
dbgln("verify_certificate_pair: Failed to check SECP384r1 signature {}", result.release_error());
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return result.value();
|
||||||
|
}
|
||||||
case SupportedGroup::X25519: {
|
case SupportedGroup::X25519: {
|
||||||
Crypto::Curves::Ed25519 curve;
|
Crypto::Curves::Ed25519 curve;
|
||||||
auto result = curve.verify(issuer.public_key.raw_key, subject.signature_value, subject.tbs_asn1.bytes());
|
auto result = curve.verify(issuer.public_key.raw_key, subject.signature_value, subject.tbs_asn1.bytes());
|
||||||
|
|
|
@ -164,10 +164,12 @@ struct Options {
|
||||||
{ HashAlgorithm::SHA256, SignatureAlgorithm::RSA },
|
{ HashAlgorithm::SHA256, SignatureAlgorithm::RSA },
|
||||||
{ HashAlgorithm::SHA1, SignatureAlgorithm::RSA },
|
{ HashAlgorithm::SHA1, SignatureAlgorithm::RSA },
|
||||||
{ HashAlgorithm::SHA256, SignatureAlgorithm::ECDSA },
|
{ HashAlgorithm::SHA256, SignatureAlgorithm::ECDSA },
|
||||||
|
{ HashAlgorithm::SHA384, SignatureAlgorithm::ECDSA },
|
||||||
{ HashAlgorithm::INTRINSIC, SignatureAlgorithm::ED25519 });
|
{ HashAlgorithm::INTRINSIC, SignatureAlgorithm::ED25519 });
|
||||||
OPTION_WITH_DEFAULTS(Vector<SupportedGroup>, elliptic_curves,
|
OPTION_WITH_DEFAULTS(Vector<SupportedGroup>, elliptic_curves,
|
||||||
SupportedGroup::X25519,
|
SupportedGroup::X25519,
|
||||||
SupportedGroup::SECP256R1,
|
SupportedGroup::SECP256R1,
|
||||||
|
SupportedGroup::SECP384R1,
|
||||||
SupportedGroup::X448)
|
SupportedGroup::X448)
|
||||||
OPTION_WITH_DEFAULTS(Vector<ECPointFormat>, supported_ec_point_formats, ECPointFormat::UNCOMPRESSED)
|
OPTION_WITH_DEFAULTS(Vector<ECPointFormat>, supported_ec_point_formats, ECPointFormat::UNCOMPRESSED)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue