AuroraRuntime/Source/IO/TLS/TLSCipherSuites.cpp
Reece Wilson 033f7e2453 [+] Aurora::Crypto::X509::CertRequest
[+] Aurora::Crypto::X509::GenerateCertificate
[*] Fix lazily copied gen1 RSA code
[+] Aurora::Crypto::ECC::EECCCurve::eCurveSECP256R1
[+] Aurora::Crypto::ECC::EECCCurve::eCurveSECP256K1
[+] Aurora::Crypto::ECC::EECCCurve::eCurveSECP384R1
[+] Aurora::Crypto::ECC::EECCCurve::eCurveSECP521R1
[*] Unfuck ECC interop
[*] Tls pinning: use mbedtls_ssl_conf_verify for tls1.3 (when mbedtls is in a better state)
2022-11-18 21:03:11 +00:00

80 lines
2.4 KiB
C++

/***
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
File: TLSCipherSuites.cpp
Date: 2022-8-27
Author: Reece
***/
#include "TLS.hpp"
#include <mbedtls/ssl.h>
namespace Aurora::IO::TLS
{
AUKN_SYM const AuList<AuUInt16> &GetDefaultCipherSuites()
{
static AuList<AuUInt16> gDefaultSuites {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
MBEDTLS_TLS1_3_AES_128_GCM_SHA256,
MBEDTLS_TLS1_3_AES_256_GCM_SHA384,
MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS1_3_AES_128_CCM_SHA256,
MBEDTLS_TLS1_3_AES_128_CCM_8_SHA256,
#endif
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
};
return gDefaultSuites;
}
AUKN_SYM const AuList<AuUInt16> &GetSupportedCipherSuites()
{
static AuList<AuUInt16> gSupportedSuites;
if (gSupportedSuites.empty())
{
auto iItr = ::mbedtls_ssl_list_ciphersuites();
while (auto cipher = *(iItr++))
{
gSupportedSuites.push_back(cipher);
}
}
return gSupportedSuites;
}
AUKN_SYM AuUInt16 CipherSuiteFromString(const AuString &string)
{
auto pSuite = ::mbedtls_ssl_ciphersuite_from_string(string.c_str());
if (!pSuite)
{
SysPushErrorCrypt("Unknown ciphersuite: {}", string);
return 0;
}
return pSuite->private_id;
}
AUKN_SYM AuString CipherSuiteToString(AuUInt16 uCipherSuite)
{
auto pSuite = ::mbedtls_ssl_ciphersuite_from_id(uCipherSuite);
if (!pSuite)
{
SysPushErrorCrypt("Unknown ciphersuite: {} ({:02x})", uCipherSuite, uCipherSuite);
return {};
}
return pSuite->private_name;
}
}