LibTLS: Add IANA Hex codes for all recommended cipher suites

Also sort the existing cipher suites, and remove the unsupported ones. We don't support any of these recommended ciphers, but at least we now know which ones we should focus on :^)
Author: https://github.com/Dexesttp Commit: https://github.com/SerenityOS/serenity/commit/dd35aa7725e Pull-request: https://github.com/SerenityOS/serenity/pull/7543 Issue: https://github.com/SerenityOS/serenity/issues/7348
2024-11-10 13:00:29 +03:00 · 2021-05-29 00:36:00 +02:00 · 2021-05-29 00:36:00 +02:00 · dd35aa7725 · 2024-07-18 17:14:21 +09:00
commit dd35aa7725
parent 8658f20af7
2 changed files with 69 additions and 14 deletions
--- a/Userland/Libraries/LibTLS/CipherSuite.h
+++ b/Userland/Libraries/LibTLS/CipherSuite.h
@ -10,20 +10,77 @@ namespace TLS {

 enum class CipherSuite {
    Invalid = 0,
-    AES_128_GCM_SHA256 = 0x1301,
-    AES_256_GCM_SHA384 = 0x1302,
-    AES_128_CCM_SHA256 = 0x1304,
-    AES_128_CCM_8_SHA256 = 0x1305,

-    // We support these
+    // Weak cipher suites, but we support them
+    // RFC 5246 - Original TLS v1.2 ciphers
    RSA_WITH_AES_128_CBC_SHA = 0x002F,
    RSA_WITH_AES_256_CBC_SHA = 0x0035,
    RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
    RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
+
+    // RFC 5288 - DH, DHE and RSA for AES-GCM
    RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
    RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
+
+    // All recommended cipher suites (according to https://ciphersuite.info/cs/)
+    // RFC 5288 - DH, DHE and RSA for AES-GCM
+    DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
+    DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
+
+    // RFC 5289 - ECDHE for AES-GCM
+    ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
+    ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
+
+    // RFC 5487 - Pre-shared keys
+    DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
+    DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
+
+    // RFC 6209 - ARIA suites
+    DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056,
+    DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057,
+    ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05C,
+    ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05D,
+    DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06C,
+    DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06D,
+
+    // RFC 6367 - Camellia Cipher Suites
+    DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080,
+    DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081,
+    ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086,
+    ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087,
+    DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090,
+    DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091,
+
+    // RFC 6655 - DHE, PSK and RSA with AES-CCM
+    DHE_PSK_WITH_AES_128_CCM = 0xC0A6,
+    DHE_PSK_WITH_AES_256_CCM = 0xC0A7,
+
+    // RFC 7251 - ECDHE with AES-CCM
+    ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC,
+    ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD,
+    ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE,
+    ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF,
+
+    // RFC 7905 - ChaCha20-Poly1305 Cipher Suites
+    ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9,
+    ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAC,
+    DHE_PSK_WITH_CHACHA20_POLY1305 = 0xCCAD,
+
+    // RFC 8442 - ECDHE_PSK with AES-GCM and AES-CCM
+    ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xD001,
+    ECDHE_PSK_WITH_AES_256_GCM_SHA384 = 0xD002,
+    ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = 0xD003,
+    ECDHE_PSK_WITH_AES_128_CCM_SHA256 = 0xD005,
+
+    // RFC 8446 - TLS v1.3
+    AES_128_GCM_SHA256 = 0x1301,
+    AES_256_GCM_SHA384 = 0x1302,
+    CHACHA20_POLY1305_SHA256 = 0x1303,
+    AES_128_CCM_SHA256 = 0x1304,
+    AES_128_CCM_8_SHA256 = 0x1305,
 };

+// Defined in RFC 5246 section 7.4.1.4.1
 enum class HashAlgorithm : u8 {
    None = 0,
    MD5 = 1,
@ -34,6 +91,7 @@ enum class HashAlgorithm : u8 {
    SHA512 = 6,
 };

+// Defined in RFC 5246 section 7.4.1.4.1
 enum class SignatureAlgorithm : u8 {
    Anonymous = 0,
    RSA = 1,
@ -41,6 +99,12 @@ enum class SignatureAlgorithm : u8 {
    ECDSA = 3,
 };

+// Defined in RFC 5246 section 7.4.1.4.1
+struct SignatureAndHashAlgorithm {
+    HashAlgorithm hash;
+    SignatureAlgorithm signature;
+};
+
 enum class CipherAlgorithm {
    Invalid,
    AES_128_CBC,
@ -68,9 +132,4 @@ constexpr size_t cipher_key_size(CipherAlgorithm algorithm)
    }
 }

-struct SignatureAndHashAlgorithm {
-    HashAlgorithm hash;
-    SignatureAlgorithm signature;
-};
-
 }
--- a/Userland/Libraries/LibTLS/TLSv12.h
+++ b/Userland/Libraries/LibTLS/TLSv12.h
@ -168,10 +168,6 @@ enum ClientVerificationStaus {
 // GCM specifically asks us to transmit only the nonce, the counter is zero
 // and the fixed IV is derived from the premaster key.
 #define ENUMERATE_CIPHERS(C)                                                                                                                    \
-    C(false, CipherSuite::AES_128_GCM_SHA256, SignatureAlgorithm::Anonymous, CipherAlgorithm::AES_128_GCM, Crypto::Hash::SHA256, 8, true)       \
-    C(false, CipherSuite::AES_256_GCM_SHA384, SignatureAlgorithm::Anonymous, CipherAlgorithm::AES_256_GCM, Crypto::Hash::SHA384, 8, true)       \
-    C(false, CipherSuite::AES_128_CCM_SHA256, SignatureAlgorithm::Anonymous, CipherAlgorithm::AES_128_CCM, Crypto::Hash::SHA256, 16, false)     \
-    C(false, CipherSuite::AES_128_CCM_8_SHA256, SignatureAlgorithm::Anonymous, CipherAlgorithm::AES_128_CCM_8, Crypto::Hash::SHA256, 16, false) \
    C(true, CipherSuite::RSA_WITH_AES_128_CBC_SHA, SignatureAlgorithm::RSA, CipherAlgorithm::AES_128_CBC, Crypto::Hash::SHA1, 16, false)        \
    C(true, CipherSuite::RSA_WITH_AES_256_CBC_SHA, SignatureAlgorithm::RSA, CipherAlgorithm::AES_256_CBC, Crypto::Hash::SHA1, 16, false)        \
    C(true, CipherSuite::RSA_WITH_AES_128_CBC_SHA256, SignatureAlgorithm::RSA, CipherAlgorithm::AES_128_CBC, Crypto::Hash::SHA256, 16, false)   \