mirror of
https://github.com/SerenityOS/serenity
synced 2024-07-22 10:36:24 +00:00
LibTLS+LibCrypto: Replace a whole bunch of ByteBuffers with Spans
This commit is contained in:
Andreas Kling
parent
4d89c1885d
commit
8e20208dd6
|
|
@ -118,6 +118,9 @@ public:
|
|||
ALWAYS_INLINE constexpr const T* data() const { return this->m_values; }
|
||||
ALWAYS_INLINE constexpr T* data() { return this->m_values; }
|
||||
|
||||
ALWAYS_INLINE constexpr const T* offset_pointer(size_t offset) const { return this->m_values + offset; }
|
||||
ALWAYS_INLINE constexpr T* offset_pointer(size_t offset) { return this->m_values + offset; }
|
||||
|
||||
using ConstIterator = SimpleIterator<const Span, const T>;
|
||||
using Iterator = SimpleIterator<Span, T>;
|
||||
|
||||
|
|
@ -128,7 +131,7 @@ public:
|
|||
constexpr Iterator end() { return Iterator::end(*this); }
|
||||
|
||||
ALWAYS_INLINE constexpr size_t size() const { return this->m_size; }
|
||||
|
||||
ALWAYS_INLINE constexpr bool is_null() const { return this->m_values == nullptr; }
|
||||
ALWAYS_INLINE constexpr bool is_empty() const { return this->m_size == 0; }
|
||||
|
||||
ALWAYS_INLINE constexpr Span slice(size_t start, size_t length) const
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ String AESCipherKey::to_string() const
|
|||
return builder.build();
|
||||
}
|
||||
|
||||
void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
|
||||
void AESCipherKey::expand_encrypt_key(ReadonlyBytes user_key, size_t bits)
|
||||
{
|
||||
u32* round_key;
|
||||
u32 temp;
|
||||
|
|
@ -170,7 +170,7 @@ void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
|
|||
}
|
||||
}
|
||||
|
||||
void AESCipherKey::expand_decrypt_key(const ByteBuffer& user_key, size_t bits)
|
||||
void AESCipherKey::expand_decrypt_key(ReadonlyBytes user_key, size_t bits)
|
||||
{
|
||||
u32* round_key;
|
||||
|
||||
|
|
|
|||
|
|
@ -75,8 +75,8 @@ private:
|
|||
|
||||
struct AESCipherKey : public CipherKey {
|
||||
virtual ByteBuffer data() const override { return ByteBuffer::copy(m_rd_keys, sizeof(m_rd_keys)); };
|
||||
virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) override;
|
||||
virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) override;
|
||||
virtual void expand_encrypt_key(ReadonlyBytes user_key, size_t bits) override;
|
||||
virtual void expand_decrypt_key(ReadonlyBytes user_key, size_t bits) override;
|
||||
static bool is_valid_key_size(size_t bits) { return bits == 128 || bits == 192 || bits == 256; };
|
||||
String to_string() const;
|
||||
const u32* round_keys() const
|
||||
|
|
@ -84,7 +84,7 @@ struct AESCipherKey : public CipherKey {
|
|||
return (const u32*)m_rd_keys;
|
||||
}
|
||||
|
||||
AESCipherKey(const ByteBuffer& user_key, size_t key_bits, Intent intent)
|
||||
AESCipherKey(ReadonlyBytes user_key, size_t key_bits, Intent intent)
|
||||
: m_bits(key_bits)
|
||||
{
|
||||
if (intent == Intent::Encryption)
|
||||
|
|
@ -119,7 +119,7 @@ public:
|
|||
|
||||
constexpr static size_t BlockSizeInBits = BlockType::BlockSizeInBits;
|
||||
|
||||
AESCipher(const ByteBuffer& user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
|
||||
AESCipher(ReadonlyBytes user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
|
||||
: Cipher<AESCipherKey, AESCipherBlock>(mode)
|
||||
, m_key(user_key, key_bits, intent)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -106,8 +106,8 @@ struct CipherKey {
|
|||
virtual ~CipherKey() { }
|
||||
|
||||
protected:
|
||||
virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
|
||||
virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
|
||||
virtual void expand_encrypt_key(ReadonlyBytes user_key, size_t bits) = 0;
|
||||
virtual void expand_decrypt_key(ReadonlyBytes user_key, size_t bits) = 0;
|
||||
size_t bits { 0 };
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ public:
|
|||
|
||||
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
||||
|
||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
|
||||
virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) override
|
||||
{
|
||||
auto length = in.size();
|
||||
if (length == 0)
|
||||
|
|
@ -97,7 +97,7 @@ public:
|
|||
__builtin_memcpy(ivec_out->data(), iv, min(IV_length(), ivec_out->size()));
|
||||
}
|
||||
|
||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
|
||||
virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override
|
||||
{
|
||||
auto length = in.size();
|
||||
if (length == 0)
|
||||
|
|
|
|||
|
|
@ -131,7 +131,7 @@ public:
|
|||
|
||||
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
||||
|
||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
|
||||
virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) override
|
||||
{
|
||||
// Our interpretation of "ivec" is what AES-CTR
|
||||
// would define as nonce + IV + 4 zero bytes.
|
||||
|
|
@ -143,7 +143,7 @@ public:
|
|||
this->encrypt_or_stream(nullptr, out, ivec, ivec_out);
|
||||
}
|
||||
|
||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
|
||||
virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override
|
||||
{
|
||||
// XOR (and thus CTR) is the most symmetric mode.
|
||||
this->encrypt(in, out, ivec);
|
||||
|
|
@ -156,7 +156,7 @@ private:
|
|||
protected:
|
||||
constexpr static IncrementFunctionType increment {};
|
||||
|
||||
void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, const Bytes& ivec, Bytes* ivec_out = nullptr)
|
||||
void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, ReadonlyBytes ivec, Bytes* ivec_out = nullptr)
|
||||
{
|
||||
size_t length;
|
||||
if (in) {
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ public:
|
|||
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
||||
|
||||
// FIXME: This overload throws away the auth stuff, think up a better way to return more than a single bytebuffer.
|
||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* = nullptr) override
|
||||
virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* = nullptr) override
|
||||
{
|
||||
ASSERT(!ivec.is_empty());
|
||||
|
||||
|
|
@ -79,7 +79,7 @@ public:
|
|||
|
||||
encrypt(in, out, ivec, dummy, dummy);
|
||||
}
|
||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
|
||||
virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override
|
||||
{
|
||||
encrypt(in, out, ivec);
|
||||
}
|
||||
|
|
@ -108,7 +108,7 @@ public:
|
|||
block0.get().bytes().copy_to(tag);
|
||||
}
|
||||
|
||||
VerificationConsistency decrypt(const ReadonlyBytes& in, Bytes out, const ReadonlyBytes& iv_in, const ReadonlyBytes& aad, const ReadonlyBytes& tag)
|
||||
VerificationConsistency decrypt(ReadonlyBytes in, Bytes out, ReadonlyBytes iv_in, ReadonlyBytes aad, ReadonlyBytes tag)
|
||||
{
|
||||
auto iv_buf = ByteBuffer::copy(iv_in.data(), iv_in.size());
|
||||
auto iv = iv_buf.bytes();
|
||||
|
|
|
|||
|
|
@ -39,8 +39,8 @@ class Mode {
|
|||
public:
|
||||
virtual ~Mode() { }
|
||||
|
||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) = 0;
|
||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) = 0;
|
||||
virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) = 0;
|
||||
virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) = 0;
|
||||
|
||||
virtual size_t IV_length() const = 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@ public:
|
|||
{
|
||||
}
|
||||
|
||||
virtual void encode(const ByteBuffer& in, ByteBuffer& out, size_t em_bits) = 0;
|
||||
virtual VerificationConsistency verify(const ByteBuffer& msg, const ByteBuffer& emsg, size_t em_bits) = 0;
|
||||
virtual void encode(ReadonlyBytes in, ByteBuffer& out, size_t em_bits) = 0;
|
||||
virtual VerificationConsistency verify(ReadonlyBytes msg, ReadonlyBytes emsg, size_t em_bits) = 0;
|
||||
|
||||
const HashFunction& hasher() const { return m_hasher; }
|
||||
HashFunction& hasher() { return m_hasher; }
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ public:
|
|||
|
||||
static constexpr auto SaltLength = SaltSize;
|
||||
|
||||
virtual void encode(const ByteBuffer& in, ByteBuffer& out, size_t em_bits) override
|
||||
virtual void encode(ReadonlyBytes in, ByteBuffer& out, size_t em_bits) override
|
||||
{
|
||||
// FIXME: we're supposed to check if in.size() > HashFunction::input_limitation
|
||||
// however, all of our current hash functions can hash unlimited blocks
|
||||
|
|
@ -87,8 +87,7 @@ public:
|
|||
u8 DB_mask[mask_length];
|
||||
auto DB_mask_buffer = ByteBuffer::wrap(DB_mask, mask_length);
|
||||
// FIXME: we should probably allow reading from u8*
|
||||
auto hash_buffer = ByteBuffer::wrap(hash.data, HashFunction::DigestSize);
|
||||
MGF1(hash_buffer, mask_length, DB_mask_buffer);
|
||||
MGF1(ReadonlyBytes { hash.data, HashFunction::DigestSize }, mask_length, DB_mask_buffer);
|
||||
|
||||
for (size_t i = 0; i < DB.size(); ++i)
|
||||
DB_data[i] ^= DB_mask[i];
|
||||
|
|
@ -101,7 +100,7 @@ public:
|
|||
out[DB.size() + hash_fn.DigestSize] = 0xbc;
|
||||
}
|
||||
|
||||
virtual VerificationConsistency verify(const ByteBuffer& msg, const ByteBuffer& emsg, size_t em_bits) override
|
||||
virtual VerificationConsistency verify(ReadonlyBytes msg, ReadonlyBytes emsg, size_t em_bits) override
|
||||
{
|
||||
auto& hash_fn = this->hasher();
|
||||
hash_fn.update(msg);
|
||||
|
|
@ -114,8 +113,8 @@ public:
|
|||
return VerificationConsistency::Inconsistent;
|
||||
|
||||
auto mask_length = emsg.size() - HashFunction::DigestSize - 1;
|
||||
auto masked_DB = emsg.slice_view(0, mask_length);
|
||||
auto H = emsg.slice_view(mask_length, HashFunction::DigestSize);
|
||||
auto masked_DB = emsg.slice(0, mask_length);
|
||||
auto H = emsg.slice(mask_length, HashFunction::DigestSize);
|
||||
|
||||
auto length_to_check = 8 * emsg.size() - em_bits;
|
||||
auto octet = masked_DB[0];
|
||||
|
|
@ -160,7 +159,7 @@ public:
|
|||
return VerificationConsistency::Consistent;
|
||||
}
|
||||
|
||||
void MGF1(const ByteBuffer& seed, size_t length, ByteBuffer& out)
|
||||
void MGF1(ReadonlyBytes seed, size_t length, ByteBuffer& out)
|
||||
{
|
||||
auto& hash_fn = this->hasher();
|
||||
ByteBuffer T = ByteBuffer::create_zeroed(0);
|
||||
|
|
|
|||
|
|
@ -49,11 +49,11 @@ public:
|
|||
{
|
||||
}
|
||||
|
||||
virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) = 0;
|
||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) = 0;
|
||||
virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) = 0;
|
||||
virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) = 0;
|
||||
|
||||
virtual void sign(const ByteBuffer& in, ByteBuffer& out) = 0;
|
||||
virtual void verify(const ByteBuffer& in, ByteBuffer& out) = 0;
|
||||
virtual void sign(ReadonlyBytes in, ByteBuffer& out) = 0;
|
||||
virtual void verify(ReadonlyBytes in, ByteBuffer& out) = 0;
|
||||
|
||||
virtual String class_name() const = 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ RSA::KeyPairType RSA::parse_rsa_key(ReadonlyBytes in)
|
|||
return keypair;
|
||||
}
|
||||
|
||||
void RSA::encrypt(const ByteBuffer& in, ByteBuffer& out)
|
||||
void RSA::encrypt(ReadonlyBytes in, ByteBuffer& out)
|
||||
{
|
||||
#ifdef CRYPTO_DEBUG
|
||||
dbg() << "in size: " << in.size();
|
||||
|
|
@ -133,7 +133,7 @@ void RSA::encrypt(const ByteBuffer& in, ByteBuffer& out)
|
|||
}
|
||||
}
|
||||
|
||||
void RSA::decrypt(const ByteBuffer& in, ByteBuffer& out)
|
||||
void RSA::decrypt(ReadonlyBytes in, ByteBuffer& out)
|
||||
{
|
||||
// FIXME: Actually use the private key properly
|
||||
|
||||
|
|
@ -149,7 +149,7 @@ void RSA::decrypt(const ByteBuffer& in, ByteBuffer& out)
|
|||
out = out.slice(out.size() - aligned_size, aligned_size);
|
||||
}
|
||||
|
||||
void RSA::sign(const ByteBuffer& in, ByteBuffer& out)
|
||||
void RSA::sign(ReadonlyBytes in, ByteBuffer& out)
|
||||
{
|
||||
auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
|
||||
auto exp = NumberTheory::ModularPower(in_integer, m_private_key.private_exponent(), m_private_key.modulus());
|
||||
|
|
@ -157,7 +157,7 @@ void RSA::sign(const ByteBuffer& in, ByteBuffer& out)
|
|||
out = out.slice(out.size() - size, size);
|
||||
}
|
||||
|
||||
void RSA::verify(const ByteBuffer& in, ByteBuffer& out)
|
||||
void RSA::verify(ReadonlyBytes in, ByteBuffer& out)
|
||||
{
|
||||
auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
|
||||
auto exp = NumberTheory::ModularPower(in_integer, m_public_key.public_exponent(), m_public_key.modulus());
|
||||
|
|
@ -198,7 +198,7 @@ void RSA::import_public_key(ReadonlyBytes bytes, bool pem)
|
|||
}
|
||||
|
||||
template<typename HashFunction>
|
||||
void RSA_EMSA_PSS<HashFunction>::sign(const ByteBuffer& in, ByteBuffer& out)
|
||||
void RSA_EMSA_PSS<HashFunction>::sign(ReadonlyBytes in, ByteBuffer& out)
|
||||
{
|
||||
// -- encode via EMSA_PSS
|
||||
auto mod_bits = m_rsa.private_key().modulus().trimmed_length() * sizeof(u32) * 8;
|
||||
|
|
@ -212,7 +212,7 @@ void RSA_EMSA_PSS<HashFunction>::sign(const ByteBuffer& in, ByteBuffer& out)
|
|||
}
|
||||
|
||||
template<typename HashFunction>
|
||||
VerificationConsistency RSA_EMSA_PSS<HashFunction>::verify(const ByteBuffer& in)
|
||||
VerificationConsistency RSA_EMSA_PSS<HashFunction>::verify(ReadonlyBytes in)
|
||||
{
|
||||
auto mod_bytes = m_rsa.public_key().modulus().trimmed_length() * sizeof(u32);
|
||||
if (in.size() != mod_bytes)
|
||||
|
|
@ -228,7 +228,7 @@ VerificationConsistency RSA_EMSA_PSS<HashFunction>::verify(const ByteBuffer& in)
|
|||
return m_emsa_pss.verify(in, EM, mod_bytes * 8 - 1);
|
||||
}
|
||||
|
||||
void RSA_PKCS1_EME::encrypt(const ByteBuffer& in, ByteBuffer& out)
|
||||
void RSA_PKCS1_EME::encrypt(ReadonlyBytes in, ByteBuffer& out)
|
||||
{
|
||||
auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8;
|
||||
#ifdef CRYPTO_DEBUG
|
||||
|
|
@ -271,7 +271,7 @@ void RSA_PKCS1_EME::encrypt(const ByteBuffer& in, ByteBuffer& out)
|
|||
|
||||
RSA::encrypt(out, out);
|
||||
}
|
||||
void RSA_PKCS1_EME::decrypt(const ByteBuffer& in, ByteBuffer& out)
|
||||
void RSA_PKCS1_EME::decrypt(ReadonlyBytes in, ByteBuffer& out)
|
||||
{
|
||||
auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8;
|
||||
if (in.size() != mod_len) {
|
||||
|
|
@ -317,11 +317,11 @@ void RSA_PKCS1_EME::decrypt(const ByteBuffer& in, ByteBuffer& out)
|
|||
out = out.slice(offset, out.size() - offset);
|
||||
}
|
||||
|
||||
void RSA_PKCS1_EME::sign(const ByteBuffer&, ByteBuffer&)
|
||||
void RSA_PKCS1_EME::sign(ReadonlyBytes, ByteBuffer&)
|
||||
{
|
||||
dbg() << "FIXME: RSA_PKCS_EME::sign";
|
||||
}
|
||||
void RSA_PKCS1_EME::verify(const ByteBuffer&, ByteBuffer&)
|
||||
void RSA_PKCS1_EME::verify(ReadonlyBytes, ByteBuffer&)
|
||||
{
|
||||
dbg() << "FIXME: RSA_PKCS_EME::verify";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -178,11 +178,11 @@ public:
|
|||
m_private_key = pair.private_key;
|
||||
}
|
||||
|
||||
virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) override;
|
||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) override;
|
||||
virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) override;
|
||||
virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) override;
|
||||
|
||||
virtual void sign(const ByteBuffer& in, ByteBuffer& out) override;
|
||||
virtual void verify(const ByteBuffer& in, ByteBuffer& out) override;
|
||||
virtual void sign(ReadonlyBytes in, ByteBuffer& out) override;
|
||||
virtual void verify(ReadonlyBytes in, ByteBuffer& out) override;
|
||||
|
||||
virtual String class_name() const override { return "RSA"; }
|
||||
|
||||
|
|
@ -203,8 +203,8 @@ public:
|
|||
{
|
||||
}
|
||||
|
||||
void sign(const ByteBuffer& in, ByteBuffer& out);
|
||||
VerificationConsistency verify(const ByteBuffer& in);
|
||||
void sign(ReadonlyBytes in, ByteBuffer& out);
|
||||
VerificationConsistency verify(ReadonlyBytes in);
|
||||
|
||||
private:
|
||||
EMSA_PSS<HashFunction, HashFunction::DigestSize> m_emsa_pss;
|
||||
|
|
@ -222,11 +222,11 @@ public:
|
|||
|
||||
~RSA_PKCS1_EME() { }
|
||||
|
||||
virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) override;
|
||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) override;
|
||||
virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) override;
|
||||
virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) override;
|
||||
|
||||
virtual void sign(const ByteBuffer&, ByteBuffer&) override;
|
||||
virtual void verify(const ByteBuffer&, ByteBuffer&) override;
|
||||
virtual void sign(ReadonlyBytes, ByteBuffer&) override;
|
||||
virtual void verify(ReadonlyBytes, ByteBuffer&) override;
|
||||
|
||||
virtual String class_name() const override { return "RSA_PKCS1-EME"; }
|
||||
virtual size_t output_size() const override { return m_public_key.length(); }
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
|
||||
namespace TLS {
|
||||
|
||||
ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
|
||||
ssize_t TLSv12::handle_server_hello_done(ReadonlyBytes buffer)
|
||||
{
|
||||
if (buffer.size() < 3)
|
||||
return (i8)Error::NeedMoreData;
|
||||
|
|
@ -47,7 +47,7 @@ ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
|
|||
return size + 3;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_packets)
|
||||
ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packets)
|
||||
{
|
||||
write_packets = WritePacketStage::Initial;
|
||||
if (m_context.connection_status != ConnectionStatus::Disconnected && m_context.connection_status != ConnectionStatus::Renegotiating) {
|
||||
|
|
@ -192,7 +192,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
|
|||
}
|
||||
} else if (extension_type == HandshakeExtension::SignatureAlgorithms) {
|
||||
dbg() << "supported signatures: ";
|
||||
print_buffer(buffer.slice_view(res, extension_length));
|
||||
print_buffer(buffer.slice(res, extension_length));
|
||||
// FIXME: what are we supposed to do here?
|
||||
}
|
||||
res += extension_length;
|
||||
|
|
@ -202,7 +202,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
|
|||
return res;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& write_packets)
|
||||
ssize_t TLSv12::handle_finished(ReadonlyBytes buffer, WritePacketStage& write_packets)
|
||||
{
|
||||
if (m_context.connection_status < ConnectionStatus::KeyExchange || m_context.connection_status == ConnectionStatus::Established) {
|
||||
dbg() << "unexpected finished message";
|
||||
|
|
@ -305,10 +305,10 @@ void TLSv12::build_random(PacketBuilder& builder)
|
|||
|
||||
builder.append_u24(outbuf.size() + 2);
|
||||
builder.append((u16)outbuf.size());
|
||||
builder.append(outbuf);
|
||||
builder.append(outbuf.bytes());
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
||||
ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
|
||||
{
|
||||
if (m_context.connection_status == ConnectionStatus::Established) {
|
||||
#ifdef TLS_DEBUG
|
||||
|
|
@ -374,7 +374,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "unsupported: server mode";
|
||||
ASSERT_NOT_REACHED();
|
||||
} else {
|
||||
payload_res = handle_hello(buffer.slice_view(1, payload_size), write_packets);
|
||||
payload_res = handle_hello(buffer.slice(1, payload_size), write_packets);
|
||||
}
|
||||
break;
|
||||
case HelloVerifyRequest:
|
||||
|
|
@ -396,7 +396,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "unsupported: server mode";
|
||||
ASSERT_NOT_REACHED();
|
||||
}
|
||||
payload_res = handle_certificate(buffer.slice_view(1, payload_size));
|
||||
payload_res = handle_certificate(buffer.slice(1, payload_size));
|
||||
if (m_context.certificates.size()) {
|
||||
auto it = m_context.certificates.find([&](auto& cert) { return cert.is_valid(); });
|
||||
|
||||
|
|
@ -430,7 +430,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "unsupported: server mode";
|
||||
ASSERT_NOT_REACHED();
|
||||
} else {
|
||||
payload_res = handle_server_key_exchange(buffer.slice_view(1, payload_size));
|
||||
payload_res = handle_server_key_exchange(buffer.slice(1, payload_size));
|
||||
}
|
||||
break;
|
||||
case CertificateRequest:
|
||||
|
|
@ -466,7 +466,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "unsupported: server mode";
|
||||
ASSERT_NOT_REACHED();
|
||||
} else {
|
||||
payload_res = handle_server_hello_done(buffer.slice_view(1, payload_size));
|
||||
payload_res = handle_server_hello_done(buffer.slice(1, payload_size));
|
||||
if (payload_res > 0)
|
||||
write_packets = WritePacketStage::ClientHandshake;
|
||||
}
|
||||
|
|
@ -482,7 +482,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "certificate verify";
|
||||
#endif
|
||||
if (m_context.connection_status == ConnectionStatus::KeyExchange) {
|
||||
payload_res = handle_verify(buffer.slice_view(1, payload_size));
|
||||
payload_res = handle_verify(buffer.slice(1, payload_size));
|
||||
} else {
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
}
|
||||
|
|
@ -517,7 +517,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
#ifdef TLS_DEBUG
|
||||
dbg() << "finished";
|
||||
#endif
|
||||
payload_res = handle_finished(buffer.slice_view(1, payload_size), write_packets);
|
||||
payload_res = handle_finished(buffer.slice(1, payload_size), write_packets);
|
||||
if (payload_res > 0) {
|
||||
memset(m_context.handshake_messages, 0, sizeof(m_context.handshake_messages));
|
||||
}
|
||||
|
|
@ -528,7 +528,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
}
|
||||
|
||||
if (type != HelloRequest) {
|
||||
update_hash(buffer.slice_view(0, payload_size + 1));
|
||||
update_hash(buffer.slice(0, payload_size + 1));
|
||||
}
|
||||
|
||||
// if something went wrong, send an alert about it
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ bool TLSv12::expand_key()
|
|||
return true;
|
||||
}
|
||||
|
||||
void TLSv12::pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b)
|
||||
void TLSv12::pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b)
|
||||
{
|
||||
if (!secret.size()) {
|
||||
dbg() << "null secret";
|
||||
|
|
@ -225,7 +225,7 @@ ByteBuffer TLSv12::build_certificate()
|
|||
for (auto& certificate : certificates) {
|
||||
if (!certificate->der.is_empty()) {
|
||||
builder.append_u24(certificate->der.size());
|
||||
builder.append(certificate->der);
|
||||
builder.append(certificate->der.bytes());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -265,13 +265,13 @@ ByteBuffer TLSv12::build_client_key_exchange()
|
|||
return packet;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_server_key_exchange(const ByteBuffer&)
|
||||
ssize_t TLSv12::handle_server_key_exchange(ReadonlyBytes)
|
||||
{
|
||||
dbg() << "FIXME: parse_server_key_exchange";
|
||||
return 0;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_verify(const ByteBuffer&)
|
||||
ssize_t TLSv12::handle_verify(ReadonlyBytes)
|
||||
{
|
||||
dbg() << "FIXME: parse_verify";
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ ByteBuffer TLSv12::build_finished()
|
|||
auto hashbuf = ByteBuffer::wrap(const_cast<u8*>(digest.immutable_data()), m_context.handshake_hash.digest_size());
|
||||
pseudorandom_function(outbuffer, m_context.master_key, (const u8*)"client finished", 15, hashbuf, dummy);
|
||||
|
||||
builder.append(outbuffer);
|
||||
builder.append(outbuffer.bytes());
|
||||
auto packet = builder.build();
|
||||
update_packet(packet);
|
||||
|
||||
|
|
|
|||
|
|
@ -194,7 +194,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
|
|||
++m_context.local_sequence_number;
|
||||
}
|
||||
|
||||
void TLSv12::update_hash(const ByteBuffer& message)
|
||||
void TLSv12::update_hash(ReadonlyBytes message)
|
||||
{
|
||||
m_context.handshake_hash.update(message);
|
||||
}
|
||||
|
|
@ -226,7 +226,7 @@ ByteBuffer TLSv12::hmac_message(const ReadonlyBytes& buf, const Optional<Readonl
|
|||
return mac;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
||||
ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
|
||||
{
|
||||
auto res { 5ll };
|
||||
size_t header_size = res;
|
||||
|
|
@ -265,7 +265,9 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
|||
#ifdef TLS_DEBUG
|
||||
dbg() << "message type: " << (u8)type << ", length: " << length;
|
||||
#endif
|
||||
ByteBuffer plain = buffer.slice_view(buffer_position, buffer.size() - buffer_position);
|
||||
auto plain = buffer.slice(buffer_position, buffer.size() - buffer_position);
|
||||
|
||||
ByteBuffer decrypted;
|
||||
|
||||
if (m_context.cipher_spec_set && type != MessageType::ChangeCipher) {
|
||||
#ifdef TLS_DEBUG
|
||||
|
|
@ -284,8 +286,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
|||
}
|
||||
|
||||
auto packet_length = length - iv_length() - 16;
|
||||
auto payload = plain.bytes();
|
||||
auto decrypted = ByteBuffer::create_uninitialized(packet_length);
|
||||
auto payload = plain;
|
||||
decrypted = ByteBuffer::create_uninitialized(packet_length);
|
||||
|
||||
// AEAD AAD (13)
|
||||
// Seq. no (8)
|
||||
|
|
@ -299,8 +301,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
|||
u64 seq_no = AK::convert_between_host_and_network_endian(m_context.remote_sequence_number);
|
||||
u16 len = AK::convert_between_host_and_network_endian((u16)packet_length);
|
||||
|
||||
aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
|
||||
aad_stream.write(buffer.bytes().slice(0, header_size - 2)); // content-type + version
|
||||
aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
|
||||
aad_stream.write(buffer.slice(0, header_size - 2)); // content-type + version
|
||||
aad_stream.write({ &len, sizeof(u16) });
|
||||
ASSERT(aad_stream.is_end());
|
||||
|
||||
|
|
@ -342,10 +344,10 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
|||
auto iv_size = iv_length();
|
||||
|
||||
auto decrypted = m_aes_remote.cbc->create_aligned_buffer(length - iv_size);
|
||||
auto iv = buffer.slice_view(header_size, iv_size);
|
||||
auto iv = buffer.slice(header_size, iv_size);
|
||||
|
||||
Bytes decrypted_span = decrypted;
|
||||
m_aes_remote.cbc->decrypt(buffer.bytes().slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
|
||||
m_aes_remote.cbc->decrypt(buffer.slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
|
||||
|
||||
length = decrypted_span.size();
|
||||
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ String TLSv12::read_line(size_t max_size)
|
|||
return String::copy(buffer, Chomp);
|
||||
}
|
||||
|
||||
bool TLSv12::write(const ByteBuffer& buffer)
|
||||
bool TLSv12::write(ReadonlyBytes buffer)
|
||||
{
|
||||
if (m_context.connection_status != ConnectionStatus::Established) {
|
||||
#ifdef TLS_DEBUG
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ public:
|
|||
{
|
||||
append((const u8*)&value, sizeof(value));
|
||||
}
|
||||
inline void append(const ByteBuffer& data)
|
||||
inline void append(ReadonlyBytes data)
|
||||
{
|
||||
append(data.data(), data.size());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -428,7 +428,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
|
|||
}
|
||||
}
|
||||
|
||||
Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
|
||||
Optional<Certificate> TLSv12::parse_asn1(ReadonlyBytes buffer, bool) const
|
||||
{
|
||||
// FIXME: Our ASN.1 parser is not quite up to the task of
|
||||
// parsing this X.509 certificate, so for the
|
||||
|
|
@ -447,7 +447,7 @@ Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
|
|||
return cert;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
|
||||
ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
|
||||
{
|
||||
ssize_t res = 0;
|
||||
|
||||
|
|
@ -522,7 +522,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
|
|||
}
|
||||
remaining -= certificate_size_specific;
|
||||
|
||||
auto certificate = parse_asn1(buffer.slice_view(res_cert, certificate_size_specific), false);
|
||||
auto certificate = parse_asn1(buffer.slice(res_cert, certificate_size_specific), false);
|
||||
if (certificate.has_value()) {
|
||||
if (certificate.value().is_valid()) {
|
||||
m_context.certificates.append(certificate.value());
|
||||
|
|
@ -546,7 +546,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
|
|||
return res;
|
||||
}
|
||||
|
||||
void TLSv12::consume(const ByteBuffer& record)
|
||||
void TLSv12::consume(ReadonlyBytes record)
|
||||
{
|
||||
if (m_context.critical_error) {
|
||||
dbg() << "There has been a critical error (" << (i8)m_context.critical_error << "), refusing to continue";
|
||||
|
|
@ -846,7 +846,7 @@ TLSv12::TLSv12(Core::Object* parent, Version version)
|
|||
}
|
||||
}
|
||||
|
||||
bool TLSv12::add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& rsa_key) // FIXME: This should not be bound to RSA
|
||||
bool TLSv12::add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes rsa_key) // FIXME: This should not be bound to RSA
|
||||
{
|
||||
if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) {
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -41,18 +41,21 @@
|
|||
|
||||
namespace TLS {
|
||||
|
||||
inline void print_buffer(const ByteBuffer& buffer)
|
||||
inline void print_buffer(ReadonlyBytes buffer)
|
||||
{
|
||||
for (size_t i { 0 }; i < buffer.size(); ++i)
|
||||
dbgprintf("%02x ", buffer[i]);
|
||||
dbgprintf("\n");
|
||||
}
|
||||
|
||||
inline void print_buffer(const ByteBuffer& buffer)
|
||||
{
|
||||
print_buffer(buffer.bytes());
|
||||
}
|
||||
|
||||
inline void print_buffer(const u8* buffer, size_t size)
|
||||
{
|
||||
for (size_t i { 0 }; i < size; ++i)
|
||||
dbgprintf("%02x ", buffer[i]);
|
||||
dbgprintf("\n");
|
||||
print_buffer(ReadonlyBytes { buffer, size });
|
||||
}
|
||||
|
||||
class Socket;
|
||||
|
|
@ -277,13 +280,13 @@ public:
|
|||
m_context.SNI = sni;
|
||||
}
|
||||
|
||||
Optional<Certificate> parse_asn1(const ByteBuffer& buffer, bool client_cert = false) const;
|
||||
bool load_certificates(const ByteBuffer& pem_buffer);
|
||||
bool load_private_key(const ByteBuffer& pem_buffer);
|
||||
Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false) const;
|
||||
bool load_certificates(ReadonlyBytes pem_buffer);
|
||||
bool load_private_key(ReadonlyBytes pem_buffer);
|
||||
|
||||
void set_root_certificates(Vector<Certificate>);
|
||||
|
||||
bool add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& key_pem_buffer);
|
||||
bool add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes key_pem_buffer);
|
||||
bool add_client_key(Certificate certificate)
|
||||
{
|
||||
m_context.client_certificates.append(move(certificate));
|
||||
|
|
@ -313,7 +316,7 @@ public:
|
|||
Optional<ByteBuffer> read();
|
||||
ByteBuffer read(size_t max_size);
|
||||
|
||||
bool write(const ByteBuffer& buffer);
|
||||
bool write(ReadonlyBytes);
|
||||
void alert(AlertLevel, AlertDescription);
|
||||
|
||||
bool can_read_line() const { return m_context.application_buffer.size() && memchr(m_context.application_buffer.data(), '\n', m_context.application_buffer.size()); }
|
||||
|
|
@ -332,13 +335,13 @@ private:
|
|||
|
||||
virtual bool common_connect(const struct sockaddr*, socklen_t) override;
|
||||
|
||||
void consume(const ByteBuffer& record);
|
||||
void consume(ReadonlyBytes record);
|
||||
|
||||
ByteBuffer hmac_message(const ReadonlyBytes& buf, const Optional<ReadonlyBytes> buf2, size_t mac_length, bool local = false);
|
||||
void ensure_hmac(size_t digest_size, bool local);
|
||||
|
||||
void update_packet(ByteBuffer& packet);
|
||||
void update_hash(const ByteBuffer& in);
|
||||
void update_hash(ReadonlyBytes in);
|
||||
|
||||
void write_packet(ByteBuffer& packet);
|
||||
|
||||
|
|
@ -360,19 +363,19 @@ private:
|
|||
|
||||
bool check_connection_state(bool read);
|
||||
|
||||
ssize_t handle_hello(const ByteBuffer& buffer, WritePacketStage&);
|
||||
ssize_t handle_finished(const ByteBuffer& buffer, WritePacketStage&);
|
||||
ssize_t handle_certificate(const ByteBuffer& buffer);
|
||||
ssize_t handle_server_key_exchange(const ByteBuffer& buffer);
|
||||
ssize_t handle_server_hello_done(const ByteBuffer& buffer);
|
||||
ssize_t handle_verify(const ByteBuffer& buffer);
|
||||
ssize_t handle_payload(const ByteBuffer& buffer);
|
||||
ssize_t handle_message(const ByteBuffer& buffer);
|
||||
ssize_t handle_random(const ByteBuffer& buffer);
|
||||
ssize_t handle_hello(ReadonlyBytes, WritePacketStage&);
|
||||
ssize_t handle_finished(ReadonlyBytes, WritePacketStage&);
|
||||
ssize_t handle_certificate(ReadonlyBytes);
|
||||
ssize_t handle_server_key_exchange(ReadonlyBytes);
|
||||
ssize_t handle_server_hello_done(ReadonlyBytes);
|
||||
ssize_t handle_verify(ReadonlyBytes);
|
||||
ssize_t handle_payload(ReadonlyBytes);
|
||||
ssize_t handle_message(ReadonlyBytes);
|
||||
ssize_t handle_random(ReadonlyBytes);
|
||||
|
||||
size_t asn1_length(const ByteBuffer& buffer, size_t* octets);
|
||||
size_t asn1_length(ReadonlyBytes, size_t* octets);
|
||||
|
||||
void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b);
|
||||
void pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b);
|
||||
|
||||
size_t key_length() const
|
||||
{
|
||||
|
|
|
|||
|
|
@ -198,7 +198,7 @@ static void tls(const char* message, size_t len)
|
|||
|
||||
static void aes_cbc(const char* message, size_t len)
|
||||
{
|
||||
auto buffer = ByteBuffer::wrap(const_cast<char*>(message), len);
|
||||
ReadonlyBytes buffer { message, len };
|
||||
// FIXME: Take iv as an optional parameter
|
||||
auto iv = ByteBuffer::create_zeroed(Crypto::Cipher::AESCipher::block_size());
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue