diff --git a/Include/Aurora/IO/TLS/TLSCipherSuites.hpp b/Include/Aurora/IO/TLS/TLSCipherSuites.hpp index 49f27ede..c0de1cf6 100644 --- a/Include/Aurora/IO/TLS/TLSCipherSuites.hpp +++ b/Include/Aurora/IO/TLS/TLSCipherSuites.hpp @@ -9,5 +9,9 @@ namespace Aurora::IO::TLS { - AUKN_SYM AuList GetSupportedCipherSuites(); + AUKN_SYM const AuList &GetDefaultCipherSuites(); + AUKN_SYM const AuList &GetSupportedCipherSuites(); + + AUKN_SYM AuUInt16 CipherSuiteFromString(const AuString &string); + AUKN_SYM AuString CipherSuiteToString(AuUInt16 uCipherSuite); } \ No newline at end of file diff --git a/Source/IO/TLS/TLSCipherSuites.cpp b/Source/IO/TLS/TLSCipherSuites.cpp index d6475106..d4b1b1f1 100644 --- a/Source/IO/TLS/TLSCipherSuites.cpp +++ b/Source/IO/TLS/TLSCipherSuites.cpp @@ -6,11 +6,67 @@ Author: Reece ***/ #include "TLS.hpp" +#include namespace Aurora::IO::TLS { - AUKN_SYM AuList GetSupportedCipherSuites() + AUKN_SYM const AuList &GetDefaultCipherSuites() { - return {}; + static AuList gDefaultSuites { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 + }; + + return gDefaultSuites; + } + + AUKN_SYM const AuList &GetSupportedCipherSuites() + { + static AuList gSupportedSuites; + + if (gSupportedSuites.empty()) + { + auto iItr = mbedtls_ssl_list_ciphersuites(); + + while (auto cipher = *(iItr++)) + { + gSupportedSuites.push_back(cipher); + } + } + + return gSupportedSuites; + } + + AUKN_SYM AuUInt16 CipherSuiteFromString(const AuString &string) + { + auto pSuite = mbedtls_ssl_ciphersuite_from_string(string.c_str()); + if (!pSuite) + { + SysPushErrorCrypt("Unknown ciphersuite: {}", string); + return 0; + } + + return pSuite->private_id; + } + + AUKN_SYM AuString CipherSuiteToString(AuUInt16 uCipherSuite) + { + auto pSuite = mbedtls_ssl_ciphersuite_from_id(uCipherSuite); + if (!pSuite) + { + SysPushErrorCrypt("Unknown ciphersuite: {} ({:02x})", uCipherSuite, uCipherSuite); + return {}; + } + + return pSuite->private_name; } } \ No newline at end of file diff --git a/Source/IO/TLS/TLSContext.cpp b/Source/IO/TLS/TLSContext.cpp index b2121774..cc2a5d2e 100644 --- a/Source/IO/TLS/TLSContext.cpp +++ b/Source/IO/TLS/TLSContext.cpp @@ -183,7 +183,28 @@ namespace Aurora::IO::TLS } } - ::mbedtls_ssl_set_bio(&ssl, this, TLSContextSend, TLSContextRecv, NULL); + ::mbedtls_ssl_set_bio(&ssl, this, TLSContextSend, TLSContextRecv, nullptr); + + if (this->meta_.cipherSuites.size()) + { + this->cipherSuites_.reserve(this->meta_.cipherSuites.size()); + for (const auto &cipher : this->meta_.cipherSuites) + { + this->cipherSuites_.push_back(cipher); + } + } + else + { + auto &defaultCiphers = GetDefaultCipherSuites(); + this->cipherSuites_.reserve(defaultCiphers.size()); + for (const auto &cipher : defaultCiphers) + { + this->cipherSuites_.push_back(cipher); + } + } + + this->cipherSuites_.push_back(0); + ((mbedtls_ssl_config *)ssl.private_conf/*fuck yourself*/)->private_ciphersuite_list = this->cipherSuites_.data(); } void TLSContext::Destroy() diff --git a/Source/IO/TLS/TLSContext.hpp b/Source/IO/TLS/TLSContext.hpp index c138b5e2..75e0514c 100644 --- a/Source/IO/TLS/TLSContext.hpp +++ b/Source/IO/TLS/TLSContext.hpp @@ -70,6 +70,7 @@ namespace Aurora::IO::TLS bool CheckCertificate(const AuMemoryViewRead &read); private: + AuList cipherSuites_; TLSMeta meta_; AuWPtr wpSocket_; TLSProtocolRecv channelRecv_;