LibTLS: Add support for SECP384r1

Userland/Libraries/LibTLS/HandshakeServer.cpp

@@ -14,6 +14,7 @@
 #include <LibCrypto/Curves/Ed25519.h>
 #include <LibCrypto/Curves/EllipticCurve.h>
 #include <LibCrypto/Curves/SECP256r1.h>
+#include <LibCrypto/Curves/SECP384r1.h>
 #include <LibCrypto/Curves/X25519.h>
 #include <LibCrypto/Curves/X448.h>
 #include <LibCrypto/PK/Code/EMSA_PKCS1_V1_5.h>
@@ -317,6 +318,9 @@ ssize_t TLSv12::handle_ecdhe_server_key_exchange(ReadonlyBytes buffer, u8& serve
     case SupportedGroup::SECP256R1:
         m_context.server_key_exchange_curve = make<Crypto::Curves::SECP256r1>();
         break;
+    case SupportedGroup::SECP384R1:
+        m_context.server_key_exchange_curve = make<Crypto::Curves::SECP384r1>();
+        break;
     default:
         return (i8)Error::NotUnderstood;
     }
@@ -493,6 +497,15 @@ ssize_t TLSv12::verify_ecdsa_server_key_exchange(ReadonlyBytes server_key_info_b
         res = curve.verify(digest.bytes(), server_point, signature);
         break;
     }
+    case SupportedGroup::SECP384R1: {
+        Crypto::Hash::Manager manager(hash_kind);
+        manager.update(message);
+        auto digest = manager.digest();
+
+        Crypto::Curves::SECP384r1 curve;
+        res = curve.verify(digest.bytes(), server_point, signature);
+        break;
+    }
     default: {
         dbgln("verify_ecdsa_server_key_exchange failed: Server certificate public key algorithm is not supported: {}", to_underlying(public_key.algorithm.ec_parameters));
         break;

Userland/Libraries/LibTLS/TLSv12.cpp

@@ -16,6 +16,7 @@
 #include <LibCrypto/ASN1/PEM.h>
 #include <LibCrypto/Curves/Ed25519.h>
 #include <LibCrypto/Curves/SECP256r1.h>
+#include <LibCrypto/Curves/SECP384r1.h>
 #include <LibCrypto/PK/Code/EMSA_PKCS1_V1_5.h>
 #include <LibCrypto/PK/Code/EMSA_PSS.h>
 #include <LibFileSystem/FileSystem.h>
@@ -413,6 +414,19 @@ bool Context::verify_certificate_pair(Certificate const& subject, Certificate co
         }
         return result.value();
     }
+    case SupportedGroup::SECP384R1: {
+        Crypto::Hash::Manager hasher(kind);
+        hasher.update(subject.tbs_asn1.bytes());
+        auto hash = hasher.digest();
+
+        Crypto::Curves::SECP384r1 curve;
+        auto result = curve.verify(hash.bytes(), issuer.public_key.raw_key, subject.signature_value);
+        if (result.is_error()) {
+            dbgln("verify_certificate_pair: Failed to check SECP384r1 signature {}", result.release_error());
+            return false;
+        }
+        return result.value();
+    }
     case SupportedGroup::X25519: {
         Crypto::Curves::Ed25519 curve;
         auto result = curve.verify(issuer.public_key.raw_key, subject.signature_value, subject.tbs_asn1.bytes());

Userland/Libraries/LibTLS/TLSv12.h

@@ -164,10 +164,12 @@ struct Options {
         { HashAlgorithm::SHA256, SignatureAlgorithm::RSA },
         { HashAlgorithm::SHA1, SignatureAlgorithm::RSA },
         { HashAlgorithm::SHA256, SignatureAlgorithm::ECDSA },
+        { HashAlgorithm::SHA384, SignatureAlgorithm::ECDSA },
         { HashAlgorithm::INTRINSIC, SignatureAlgorithm::ED25519 });
     OPTION_WITH_DEFAULTS(Vector<SupportedGroup>, elliptic_curves,
         SupportedGroup::X25519,
         SupportedGroup::SECP256R1,
+        SupportedGroup::SECP384R1,
         SupportedGroup::X448)
     OPTION_WITH_DEFAULTS(Vector<ECPointFormat>, supported_ec_point_formats, ECPointFormat::UNCOMPRESSED)