From 8e20208dd6d561f0891fd424d8c396c28247cff9 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Sat, 19 Dec 2020 15:07:09 +0100 Subject: [PATCH] LibTLS+LibCrypto: Replace a whole bunch of ByteBuffers with Spans --- AK/Span.h | 5 ++- Libraries/LibCrypto/Cipher/AES.cpp | 4 +-- Libraries/LibCrypto/Cipher/AES.h | 8 ++--- Libraries/LibCrypto/Cipher/Cipher.h | 4 +-- Libraries/LibCrypto/Cipher/Mode/CBC.h | 4 +-- Libraries/LibCrypto/Cipher/Mode/CTR.h | 6 ++-- Libraries/LibCrypto/Cipher/Mode/GCM.h | 6 ++-- Libraries/LibCrypto/Cipher/Mode/Mode.h | 4 +-- Libraries/LibCrypto/PK/Code/Code.h | 4 +-- Libraries/LibCrypto/PK/Code/EMSA_PSS.h | 13 ++++--- Libraries/LibCrypto/PK/PK.h | 8 ++--- Libraries/LibCrypto/PK/RSA.cpp | 20 +++++------ Libraries/LibCrypto/PK/RSA.h | 20 +++++------ Libraries/LibTLS/ClientHandshake.cpp | 26 +++++++------- Libraries/LibTLS/Exchange.cpp | 8 ++--- Libraries/LibTLS/Handshake.cpp | 2 +- Libraries/LibTLS/Record.cpp | 20 ++++++----- Libraries/LibTLS/Socket.cpp | 2 +- Libraries/LibTLS/TLSPacketBuilder.h | 2 +- Libraries/LibTLS/TLSv12.cpp | 10 +++--- Libraries/LibTLS/TLSv12.h | 47 ++++++++++++++------------ Userland/test-crypto.cpp | 2 +- 22 files changed, 116 insertions(+), 109 deletions(-) diff --git a/AK/Span.h b/AK/Span.h index 870a2c5bca..f8d0028934 100644 --- a/AK/Span.h +++ b/AK/Span.h @@ -118,6 +118,9 @@ public: ALWAYS_INLINE constexpr const T* data() const { return this->m_values; } ALWAYS_INLINE constexpr T* data() { return this->m_values; } + ALWAYS_INLINE constexpr const T* offset_pointer(size_t offset) const { return this->m_values + offset; } + ALWAYS_INLINE constexpr T* offset_pointer(size_t offset) { return this->m_values + offset; } + using ConstIterator = SimpleIterator; using Iterator = SimpleIterator; @@ -128,7 +131,7 @@ public: constexpr Iterator end() { return Iterator::end(*this); } ALWAYS_INLINE constexpr size_t size() const { return this->m_size; } - + ALWAYS_INLINE constexpr bool is_null() const { return this->m_values == nullptr; } ALWAYS_INLINE constexpr bool is_empty() const { return this->m_size == 0; } ALWAYS_INLINE constexpr Span slice(size_t start, size_t length) const diff --git a/Libraries/LibCrypto/Cipher/AES.cpp b/Libraries/LibCrypto/Cipher/AES.cpp index 95fbb70515..66dbac2552 100644 --- a/Libraries/LibCrypto/Cipher/AES.cpp +++ b/Libraries/LibCrypto/Cipher/AES.cpp @@ -59,7 +59,7 @@ String AESCipherKey::to_string() const return builder.build(); } -void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits) +void AESCipherKey::expand_encrypt_key(ReadonlyBytes user_key, size_t bits) { u32* round_key; u32 temp; @@ -170,7 +170,7 @@ void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits) } } -void AESCipherKey::expand_decrypt_key(const ByteBuffer& user_key, size_t bits) +void AESCipherKey::expand_decrypt_key(ReadonlyBytes user_key, size_t bits) { u32* round_key; diff --git a/Libraries/LibCrypto/Cipher/AES.h b/Libraries/LibCrypto/Cipher/AES.h index 70b9f88827..c1a0e53cc5 100644 --- a/Libraries/LibCrypto/Cipher/AES.h +++ b/Libraries/LibCrypto/Cipher/AES.h @@ -75,8 +75,8 @@ private: struct AESCipherKey : public CipherKey { virtual ByteBuffer data() const override { return ByteBuffer::copy(m_rd_keys, sizeof(m_rd_keys)); }; - virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) override; - virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) override; + virtual void expand_encrypt_key(ReadonlyBytes user_key, size_t bits) override; + virtual void expand_decrypt_key(ReadonlyBytes user_key, size_t bits) override; static bool is_valid_key_size(size_t bits) { return bits == 128 || bits == 192 || bits == 256; }; String to_string() const; const u32* round_keys() const @@ -84,7 +84,7 @@ struct AESCipherKey : public CipherKey { return (const u32*)m_rd_keys; } - AESCipherKey(const ByteBuffer& user_key, size_t key_bits, Intent intent) + AESCipherKey(ReadonlyBytes user_key, size_t key_bits, Intent intent) : m_bits(key_bits) { if (intent == Intent::Encryption) @@ -119,7 +119,7 @@ public: constexpr static size_t BlockSizeInBits = BlockType::BlockSizeInBits; - AESCipher(const ByteBuffer& user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS) + AESCipher(ReadonlyBytes user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS) : Cipher(mode) , m_key(user_key, key_bits, intent) { diff --git a/Libraries/LibCrypto/Cipher/Cipher.h b/Libraries/LibCrypto/Cipher/Cipher.h index 713030916b..ce000ad28a 100644 --- a/Libraries/LibCrypto/Cipher/Cipher.h +++ b/Libraries/LibCrypto/Cipher/Cipher.h @@ -106,8 +106,8 @@ struct CipherKey { virtual ~CipherKey() { } protected: - virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) = 0; - virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) = 0; + virtual void expand_encrypt_key(ReadonlyBytes user_key, size_t bits) = 0; + virtual void expand_decrypt_key(ReadonlyBytes user_key, size_t bits) = 0; size_t bits { 0 }; }; diff --git a/Libraries/LibCrypto/Cipher/Mode/CBC.h b/Libraries/LibCrypto/Cipher/Mode/CBC.h index 6083cfae70..fc4aa27aac 100644 --- a/Libraries/LibCrypto/Cipher/Mode/CBC.h +++ b/Libraries/LibCrypto/Cipher/Mode/CBC.h @@ -56,7 +56,7 @@ public: virtual size_t IV_length() const override { return IVSizeInBits / 8; } - virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override + virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) override { auto length = in.size(); if (length == 0) @@ -97,7 +97,7 @@ public: __builtin_memcpy(ivec_out->data(), iv, min(IV_length(), ivec_out->size())); } - virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override + virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override { auto length = in.size(); if (length == 0) diff --git a/Libraries/LibCrypto/Cipher/Mode/CTR.h b/Libraries/LibCrypto/Cipher/Mode/CTR.h index e1db3ce0c2..928208e7fc 100644 --- a/Libraries/LibCrypto/Cipher/Mode/CTR.h +++ b/Libraries/LibCrypto/Cipher/Mode/CTR.h @@ -131,7 +131,7 @@ public: virtual size_t IV_length() const override { return IVSizeInBits / 8; } - virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override + virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) override { // Our interpretation of "ivec" is what AES-CTR // would define as nonce + IV + 4 zero bytes. @@ -143,7 +143,7 @@ public: this->encrypt_or_stream(nullptr, out, ivec, ivec_out); } - virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override + virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override { // XOR (and thus CTR) is the most symmetric mode. this->encrypt(in, out, ivec); @@ -156,7 +156,7 @@ private: protected: constexpr static IncrementFunctionType increment {}; - void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, const Bytes& ivec, Bytes* ivec_out = nullptr) + void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, ReadonlyBytes ivec, Bytes* ivec_out = nullptr) { size_t length; if (in) { diff --git a/Libraries/LibCrypto/Cipher/Mode/GCM.h b/Libraries/LibCrypto/Cipher/Mode/GCM.h index 2e6f16f87e..6f3afec2e8 100644 --- a/Libraries/LibCrypto/Cipher/Mode/GCM.h +++ b/Libraries/LibCrypto/Cipher/Mode/GCM.h @@ -71,7 +71,7 @@ public: virtual size_t IV_length() const override { return IVSizeInBits / 8; } // FIXME: This overload throws away the auth stuff, think up a better way to return more than a single bytebuffer. - virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* = nullptr) override + virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* = nullptr) override { ASSERT(!ivec.is_empty()); @@ -79,7 +79,7 @@ public: encrypt(in, out, ivec, dummy, dummy); } - virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override + virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override { encrypt(in, out, ivec); } @@ -108,7 +108,7 @@ public: block0.get().bytes().copy_to(tag); } - VerificationConsistency decrypt(const ReadonlyBytes& in, Bytes out, const ReadonlyBytes& iv_in, const ReadonlyBytes& aad, const ReadonlyBytes& tag) + VerificationConsistency decrypt(ReadonlyBytes in, Bytes out, ReadonlyBytes iv_in, ReadonlyBytes aad, ReadonlyBytes tag) { auto iv_buf = ByteBuffer::copy(iv_in.data(), iv_in.size()); auto iv = iv_buf.bytes(); diff --git a/Libraries/LibCrypto/Cipher/Mode/Mode.h b/Libraries/LibCrypto/Cipher/Mode/Mode.h index 65b65e4c1c..a34f6a4b98 100644 --- a/Libraries/LibCrypto/Cipher/Mode/Mode.h +++ b/Libraries/LibCrypto/Cipher/Mode/Mode.h @@ -39,8 +39,8 @@ class Mode { public: virtual ~Mode() { } - virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) = 0; - virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) = 0; + virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) = 0; + virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) = 0; virtual size_t IV_length() const = 0; diff --git a/Libraries/LibCrypto/PK/Code/Code.h b/Libraries/LibCrypto/PK/Code/Code.h index d3bc206a1f..b5a70ddb14 100644 --- a/Libraries/LibCrypto/PK/Code/Code.h +++ b/Libraries/LibCrypto/PK/Code/Code.h @@ -41,8 +41,8 @@ public: { } - virtual void encode(const ByteBuffer& in, ByteBuffer& out, size_t em_bits) = 0; - virtual VerificationConsistency verify(const ByteBuffer& msg, const ByteBuffer& emsg, size_t em_bits) = 0; + virtual void encode(ReadonlyBytes in, ByteBuffer& out, size_t em_bits) = 0; + virtual VerificationConsistency verify(ReadonlyBytes msg, ReadonlyBytes emsg, size_t em_bits) = 0; const HashFunction& hasher() const { return m_hasher; } HashFunction& hasher() { return m_hasher; } diff --git a/Libraries/LibCrypto/PK/Code/EMSA_PSS.h b/Libraries/LibCrypto/PK/Code/EMSA_PSS.h index b905f654e0..f484717ead 100644 --- a/Libraries/LibCrypto/PK/Code/EMSA_PSS.h +++ b/Libraries/LibCrypto/PK/Code/EMSA_PSS.h @@ -46,7 +46,7 @@ public: static constexpr auto SaltLength = SaltSize; - virtual void encode(const ByteBuffer& in, ByteBuffer& out, size_t em_bits) override + virtual void encode(ReadonlyBytes in, ByteBuffer& out, size_t em_bits) override { // FIXME: we're supposed to check if in.size() > HashFunction::input_limitation // however, all of our current hash functions can hash unlimited blocks @@ -87,8 +87,7 @@ public: u8 DB_mask[mask_length]; auto DB_mask_buffer = ByteBuffer::wrap(DB_mask, mask_length); // FIXME: we should probably allow reading from u8* - auto hash_buffer = ByteBuffer::wrap(hash.data, HashFunction::DigestSize); - MGF1(hash_buffer, mask_length, DB_mask_buffer); + MGF1(ReadonlyBytes { hash.data, HashFunction::DigestSize }, mask_length, DB_mask_buffer); for (size_t i = 0; i < DB.size(); ++i) DB_data[i] ^= DB_mask[i]; @@ -101,7 +100,7 @@ public: out[DB.size() + hash_fn.DigestSize] = 0xbc; } - virtual VerificationConsistency verify(const ByteBuffer& msg, const ByteBuffer& emsg, size_t em_bits) override + virtual VerificationConsistency verify(ReadonlyBytes msg, ReadonlyBytes emsg, size_t em_bits) override { auto& hash_fn = this->hasher(); hash_fn.update(msg); @@ -114,8 +113,8 @@ public: return VerificationConsistency::Inconsistent; auto mask_length = emsg.size() - HashFunction::DigestSize - 1; - auto masked_DB = emsg.slice_view(0, mask_length); - auto H = emsg.slice_view(mask_length, HashFunction::DigestSize); + auto masked_DB = emsg.slice(0, mask_length); + auto H = emsg.slice(mask_length, HashFunction::DigestSize); auto length_to_check = 8 * emsg.size() - em_bits; auto octet = masked_DB[0]; @@ -160,7 +159,7 @@ public: return VerificationConsistency::Consistent; } - void MGF1(const ByteBuffer& seed, size_t length, ByteBuffer& out) + void MGF1(ReadonlyBytes seed, size_t length, ByteBuffer& out) { auto& hash_fn = this->hasher(); ByteBuffer T = ByteBuffer::create_zeroed(0); diff --git a/Libraries/LibCrypto/PK/PK.h b/Libraries/LibCrypto/PK/PK.h index e2b6817a22..4b7fa739f5 100644 --- a/Libraries/LibCrypto/PK/PK.h +++ b/Libraries/LibCrypto/PK/PK.h @@ -49,11 +49,11 @@ public: { } - virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) = 0; - virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) = 0; + virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) = 0; + virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) = 0; - virtual void sign(const ByteBuffer& in, ByteBuffer& out) = 0; - virtual void verify(const ByteBuffer& in, ByteBuffer& out) = 0; + virtual void sign(ReadonlyBytes in, ByteBuffer& out) = 0; + virtual void verify(ReadonlyBytes in, ByteBuffer& out) = 0; virtual String class_name() const = 0; diff --git a/Libraries/LibCrypto/PK/RSA.cpp b/Libraries/LibCrypto/PK/RSA.cpp index 8eaaf37481..4ffaff54e8 100644 --- a/Libraries/LibCrypto/PK/RSA.cpp +++ b/Libraries/LibCrypto/PK/RSA.cpp @@ -113,7 +113,7 @@ RSA::KeyPairType RSA::parse_rsa_key(ReadonlyBytes in) return keypair; } -void RSA::encrypt(const ByteBuffer& in, ByteBuffer& out) +void RSA::encrypt(ReadonlyBytes in, ByteBuffer& out) { #ifdef CRYPTO_DEBUG dbg() << "in size: " << in.size(); @@ -133,7 +133,7 @@ void RSA::encrypt(const ByteBuffer& in, ByteBuffer& out) } } -void RSA::decrypt(const ByteBuffer& in, ByteBuffer& out) +void RSA::decrypt(ReadonlyBytes in, ByteBuffer& out) { // FIXME: Actually use the private key properly @@ -149,7 +149,7 @@ void RSA::decrypt(const ByteBuffer& in, ByteBuffer& out) out = out.slice(out.size() - aligned_size, aligned_size); } -void RSA::sign(const ByteBuffer& in, ByteBuffer& out) +void RSA::sign(ReadonlyBytes in, ByteBuffer& out) { auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size()); auto exp = NumberTheory::ModularPower(in_integer, m_private_key.private_exponent(), m_private_key.modulus()); @@ -157,7 +157,7 @@ void RSA::sign(const ByteBuffer& in, ByteBuffer& out) out = out.slice(out.size() - size, size); } -void RSA::verify(const ByteBuffer& in, ByteBuffer& out) +void RSA::verify(ReadonlyBytes in, ByteBuffer& out) { auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size()); auto exp = NumberTheory::ModularPower(in_integer, m_public_key.public_exponent(), m_public_key.modulus()); @@ -198,7 +198,7 @@ void RSA::import_public_key(ReadonlyBytes bytes, bool pem) } template -void RSA_EMSA_PSS::sign(const ByteBuffer& in, ByteBuffer& out) +void RSA_EMSA_PSS::sign(ReadonlyBytes in, ByteBuffer& out) { // -- encode via EMSA_PSS auto mod_bits = m_rsa.private_key().modulus().trimmed_length() * sizeof(u32) * 8; @@ -212,7 +212,7 @@ void RSA_EMSA_PSS::sign(const ByteBuffer& in, ByteBuffer& out) } template -VerificationConsistency RSA_EMSA_PSS::verify(const ByteBuffer& in) +VerificationConsistency RSA_EMSA_PSS::verify(ReadonlyBytes in) { auto mod_bytes = m_rsa.public_key().modulus().trimmed_length() * sizeof(u32); if (in.size() != mod_bytes) @@ -228,7 +228,7 @@ VerificationConsistency RSA_EMSA_PSS::verify(const ByteBuffer& in) return m_emsa_pss.verify(in, EM, mod_bytes * 8 - 1); } -void RSA_PKCS1_EME::encrypt(const ByteBuffer& in, ByteBuffer& out) +void RSA_PKCS1_EME::encrypt(ReadonlyBytes in, ByteBuffer& out) { auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8; #ifdef CRYPTO_DEBUG @@ -271,7 +271,7 @@ void RSA_PKCS1_EME::encrypt(const ByteBuffer& in, ByteBuffer& out) RSA::encrypt(out, out); } -void RSA_PKCS1_EME::decrypt(const ByteBuffer& in, ByteBuffer& out) +void RSA_PKCS1_EME::decrypt(ReadonlyBytes in, ByteBuffer& out) { auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8; if (in.size() != mod_len) { @@ -317,11 +317,11 @@ void RSA_PKCS1_EME::decrypt(const ByteBuffer& in, ByteBuffer& out) out = out.slice(offset, out.size() - offset); } -void RSA_PKCS1_EME::sign(const ByteBuffer&, ByteBuffer&) +void RSA_PKCS1_EME::sign(ReadonlyBytes, ByteBuffer&) { dbg() << "FIXME: RSA_PKCS_EME::sign"; } -void RSA_PKCS1_EME::verify(const ByteBuffer&, ByteBuffer&) +void RSA_PKCS1_EME::verify(ReadonlyBytes, ByteBuffer&) { dbg() << "FIXME: RSA_PKCS_EME::verify"; } diff --git a/Libraries/LibCrypto/PK/RSA.h b/Libraries/LibCrypto/PK/RSA.h index 5cc716c4cf..329a7b3890 100644 --- a/Libraries/LibCrypto/PK/RSA.h +++ b/Libraries/LibCrypto/PK/RSA.h @@ -178,11 +178,11 @@ public: m_private_key = pair.private_key; } - virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) override; - virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) override; + virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) override; + virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) override; - virtual void sign(const ByteBuffer& in, ByteBuffer& out) override; - virtual void verify(const ByteBuffer& in, ByteBuffer& out) override; + virtual void sign(ReadonlyBytes in, ByteBuffer& out) override; + virtual void verify(ReadonlyBytes in, ByteBuffer& out) override; virtual String class_name() const override { return "RSA"; } @@ -203,8 +203,8 @@ public: { } - void sign(const ByteBuffer& in, ByteBuffer& out); - VerificationConsistency verify(const ByteBuffer& in); + void sign(ReadonlyBytes in, ByteBuffer& out); + VerificationConsistency verify(ReadonlyBytes in); private: EMSA_PSS m_emsa_pss; @@ -222,11 +222,11 @@ public: ~RSA_PKCS1_EME() { } - virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) override; - virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) override; + virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) override; + virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) override; - virtual void sign(const ByteBuffer&, ByteBuffer&) override; - virtual void verify(const ByteBuffer&, ByteBuffer&) override; + virtual void sign(ReadonlyBytes, ByteBuffer&) override; + virtual void verify(ReadonlyBytes, ByteBuffer&) override; virtual String class_name() const override { return "RSA_PKCS1-EME"; } virtual size_t output_size() const override { return m_public_key.length(); } diff --git a/Libraries/LibTLS/ClientHandshake.cpp b/Libraries/LibTLS/ClientHandshake.cpp index 6fb48bf565..a9cf86783d 100644 --- a/Libraries/LibTLS/ClientHandshake.cpp +++ b/Libraries/LibTLS/ClientHandshake.cpp @@ -34,7 +34,7 @@ namespace TLS { -ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer) +ssize_t TLSv12::handle_server_hello_done(ReadonlyBytes buffer) { if (buffer.size() < 3) return (i8)Error::NeedMoreData; @@ -47,7 +47,7 @@ ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer) return size + 3; } -ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_packets) +ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packets) { write_packets = WritePacketStage::Initial; if (m_context.connection_status != ConnectionStatus::Disconnected && m_context.connection_status != ConnectionStatus::Renegotiating) { @@ -192,7 +192,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p } } else if (extension_type == HandshakeExtension::SignatureAlgorithms) { dbg() << "supported signatures: "; - print_buffer(buffer.slice_view(res, extension_length)); + print_buffer(buffer.slice(res, extension_length)); // FIXME: what are we supposed to do here? } res += extension_length; @@ -202,7 +202,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p return res; } -ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& write_packets) +ssize_t TLSv12::handle_finished(ReadonlyBytes buffer, WritePacketStage& write_packets) { if (m_context.connection_status < ConnectionStatus::KeyExchange || m_context.connection_status == ConnectionStatus::Established) { dbg() << "unexpected finished message"; @@ -305,10 +305,10 @@ void TLSv12::build_random(PacketBuilder& builder) builder.append_u24(outbuf.size() + 2); builder.append((u16)outbuf.size()); - builder.append(outbuf); + builder.append(outbuf.bytes()); } -ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer) +ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer) { if (m_context.connection_status == ConnectionStatus::Established) { #ifdef TLS_DEBUG @@ -374,7 +374,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer) dbg() << "unsupported: server mode"; ASSERT_NOT_REACHED(); } else { - payload_res = handle_hello(buffer.slice_view(1, payload_size), write_packets); + payload_res = handle_hello(buffer.slice(1, payload_size), write_packets); } break; case HelloVerifyRequest: @@ -396,7 +396,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer) dbg() << "unsupported: server mode"; ASSERT_NOT_REACHED(); } - payload_res = handle_certificate(buffer.slice_view(1, payload_size)); + payload_res = handle_certificate(buffer.slice(1, payload_size)); if (m_context.certificates.size()) { auto it = m_context.certificates.find([&](auto& cert) { return cert.is_valid(); }); @@ -430,7 +430,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer) dbg() << "unsupported: server mode"; ASSERT_NOT_REACHED(); } else { - payload_res = handle_server_key_exchange(buffer.slice_view(1, payload_size)); + payload_res = handle_server_key_exchange(buffer.slice(1, payload_size)); } break; case CertificateRequest: @@ -466,7 +466,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer) dbg() << "unsupported: server mode"; ASSERT_NOT_REACHED(); } else { - payload_res = handle_server_hello_done(buffer.slice_view(1, payload_size)); + payload_res = handle_server_hello_done(buffer.slice(1, payload_size)); if (payload_res > 0) write_packets = WritePacketStage::ClientHandshake; } @@ -482,7 +482,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer) dbg() << "certificate verify"; #endif if (m_context.connection_status == ConnectionStatus::KeyExchange) { - payload_res = handle_verify(buffer.slice_view(1, payload_size)); + payload_res = handle_verify(buffer.slice(1, payload_size)); } else { payload_res = (i8)Error::UnexpectedMessage; } @@ -517,7 +517,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer) #ifdef TLS_DEBUG dbg() << "finished"; #endif - payload_res = handle_finished(buffer.slice_view(1, payload_size), write_packets); + payload_res = handle_finished(buffer.slice(1, payload_size), write_packets); if (payload_res > 0) { memset(m_context.handshake_messages, 0, sizeof(m_context.handshake_messages)); } @@ -528,7 +528,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer) } if (type != HelloRequest) { - update_hash(buffer.slice_view(0, payload_size + 1)); + update_hash(buffer.slice(0, payload_size + 1)); } // if something went wrong, send an alert about it diff --git a/Libraries/LibTLS/Exchange.cpp b/Libraries/LibTLS/Exchange.cpp index 41151a0bc4..403617e9e1 100644 --- a/Libraries/LibTLS/Exchange.cpp +++ b/Libraries/LibTLS/Exchange.cpp @@ -108,7 +108,7 @@ bool TLSv12::expand_key() return true; } -void TLSv12::pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b) +void TLSv12::pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b) { if (!secret.size()) { dbg() << "null secret"; @@ -225,7 +225,7 @@ ByteBuffer TLSv12::build_certificate() for (auto& certificate : certificates) { if (!certificate->der.is_empty()) { builder.append_u24(certificate->der.size()); - builder.append(certificate->der); + builder.append(certificate->der.bytes()); } } } @@ -265,13 +265,13 @@ ByteBuffer TLSv12::build_client_key_exchange() return packet; } -ssize_t TLSv12::handle_server_key_exchange(const ByteBuffer&) +ssize_t TLSv12::handle_server_key_exchange(ReadonlyBytes) { dbg() << "FIXME: parse_server_key_exchange"; return 0; } -ssize_t TLSv12::handle_verify(const ByteBuffer&) +ssize_t TLSv12::handle_verify(ReadonlyBytes) { dbg() << "FIXME: parse_verify"; return 0; diff --git a/Libraries/LibTLS/Handshake.cpp b/Libraries/LibTLS/Handshake.cpp index 8e2e819ed9..e4e4d9ff0e 100644 --- a/Libraries/LibTLS/Handshake.cpp +++ b/Libraries/LibTLS/Handshake.cpp @@ -160,7 +160,7 @@ ByteBuffer TLSv12::build_finished() auto hashbuf = ByteBuffer::wrap(const_cast(digest.immutable_data()), m_context.handshake_hash.digest_size()); pseudorandom_function(outbuffer, m_context.master_key, (const u8*)"client finished", 15, hashbuf, dummy); - builder.append(outbuffer); + builder.append(outbuffer.bytes()); auto packet = builder.build(); update_packet(packet); diff --git a/Libraries/LibTLS/Record.cpp b/Libraries/LibTLS/Record.cpp index 521bee2705..627ac69e43 100644 --- a/Libraries/LibTLS/Record.cpp +++ b/Libraries/LibTLS/Record.cpp @@ -194,7 +194,7 @@ void TLSv12::update_packet(ByteBuffer& packet) ++m_context.local_sequence_number; } -void TLSv12::update_hash(const ByteBuffer& message) +void TLSv12::update_hash(ReadonlyBytes message) { m_context.handshake_hash.update(message); } @@ -226,7 +226,7 @@ ByteBuffer TLSv12::hmac_message(const ReadonlyBytes& buf, const Optionalcreate_aligned_buffer(length - iv_size); - auto iv = buffer.slice_view(header_size, iv_size); + auto iv = buffer.slice(header_size, iv_size); Bytes decrypted_span = decrypted; - m_aes_remote.cbc->decrypt(buffer.bytes().slice(header_size + iv_size, length - iv_size), decrypted_span, iv); + m_aes_remote.cbc->decrypt(buffer.slice(header_size + iv_size, length - iv_size), decrypted_span, iv); length = decrypted_span.size(); diff --git a/Libraries/LibTLS/Socket.cpp b/Libraries/LibTLS/Socket.cpp index 3c242c3be1..79572582a0 100644 --- a/Libraries/LibTLS/Socket.cpp +++ b/Libraries/LibTLS/Socket.cpp @@ -73,7 +73,7 @@ String TLSv12::read_line(size_t max_size) return String::copy(buffer, Chomp); } -bool TLSv12::write(const ByteBuffer& buffer) +bool TLSv12::write(ReadonlyBytes buffer) { if (m_context.connection_status != ConnectionStatus::Established) { #ifdef TLS_DEBUG diff --git a/Libraries/LibTLS/TLSPacketBuilder.h b/Libraries/LibTLS/TLSPacketBuilder.h index b521f947a4..2994ed27ab 100644 --- a/Libraries/LibTLS/TLSPacketBuilder.h +++ b/Libraries/LibTLS/TLSPacketBuilder.h @@ -70,7 +70,7 @@ public: { append((const u8*)&value, sizeof(value)); } - inline void append(const ByteBuffer& data) + inline void append(ReadonlyBytes data) { append(data.data(), data.size()); } diff --git a/Libraries/LibTLS/TLSv12.cpp b/Libraries/LibTLS/TLSv12.cpp index 634f3c7b7f..eb4471486f 100644 --- a/Libraries/LibTLS/TLSv12.cpp +++ b/Libraries/LibTLS/TLSv12.cpp @@ -428,7 +428,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8* } } -Optional TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const +Optional TLSv12::parse_asn1(ReadonlyBytes buffer, bool) const { // FIXME: Our ASN.1 parser is not quite up to the task of // parsing this X.509 certificate, so for the @@ -447,7 +447,7 @@ Optional TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const return cert; } -ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer) +ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer) { ssize_t res = 0; @@ -522,7 +522,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer) } remaining -= certificate_size_specific; - auto certificate = parse_asn1(buffer.slice_view(res_cert, certificate_size_specific), false); + auto certificate = parse_asn1(buffer.slice(res_cert, certificate_size_specific), false); if (certificate.has_value()) { if (certificate.value().is_valid()) { m_context.certificates.append(certificate.value()); @@ -546,7 +546,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer) return res; } -void TLSv12::consume(const ByteBuffer& record) +void TLSv12::consume(ReadonlyBytes record) { if (m_context.critical_error) { dbg() << "There has been a critical error (" << (i8)m_context.critical_error << "), refusing to continue"; @@ -846,7 +846,7 @@ TLSv12::TLSv12(Core::Object* parent, Version version) } } -bool TLSv12::add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& rsa_key) // FIXME: This should not be bound to RSA +bool TLSv12::add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes rsa_key) // FIXME: This should not be bound to RSA { if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) { return true; diff --git a/Libraries/LibTLS/TLSv12.h b/Libraries/LibTLS/TLSv12.h index 2af5383b40..072540d3e4 100644 --- a/Libraries/LibTLS/TLSv12.h +++ b/Libraries/LibTLS/TLSv12.h @@ -41,18 +41,21 @@ namespace TLS { -inline void print_buffer(const ByteBuffer& buffer) +inline void print_buffer(ReadonlyBytes buffer) { for (size_t i { 0 }; i < buffer.size(); ++i) dbgprintf("%02x ", buffer[i]); dbgprintf("\n"); } +inline void print_buffer(const ByteBuffer& buffer) +{ + print_buffer(buffer.bytes()); +} + inline void print_buffer(const u8* buffer, size_t size) { - for (size_t i { 0 }; i < size; ++i) - dbgprintf("%02x ", buffer[i]); - dbgprintf("\n"); + print_buffer(ReadonlyBytes { buffer, size }); } class Socket; @@ -277,13 +280,13 @@ public: m_context.SNI = sni; } - Optional parse_asn1(const ByteBuffer& buffer, bool client_cert = false) const; - bool load_certificates(const ByteBuffer& pem_buffer); - bool load_private_key(const ByteBuffer& pem_buffer); + Optional parse_asn1(ReadonlyBytes, bool client_cert = false) const; + bool load_certificates(ReadonlyBytes pem_buffer); + bool load_private_key(ReadonlyBytes pem_buffer); void set_root_certificates(Vector); - bool add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& key_pem_buffer); + bool add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes key_pem_buffer); bool add_client_key(Certificate certificate) { m_context.client_certificates.append(move(certificate)); @@ -313,7 +316,7 @@ public: Optional read(); ByteBuffer read(size_t max_size); - bool write(const ByteBuffer& buffer); + bool write(ReadonlyBytes); void alert(AlertLevel, AlertDescription); bool can_read_line() const { return m_context.application_buffer.size() && memchr(m_context.application_buffer.data(), '\n', m_context.application_buffer.size()); } @@ -332,13 +335,13 @@ private: virtual bool common_connect(const struct sockaddr*, socklen_t) override; - void consume(const ByteBuffer& record); + void consume(ReadonlyBytes record); ByteBuffer hmac_message(const ReadonlyBytes& buf, const Optional buf2, size_t mac_length, bool local = false); void ensure_hmac(size_t digest_size, bool local); void update_packet(ByteBuffer& packet); - void update_hash(const ByteBuffer& in); + void update_hash(ReadonlyBytes in); void write_packet(ByteBuffer& packet); @@ -360,19 +363,19 @@ private: bool check_connection_state(bool read); - ssize_t handle_hello(const ByteBuffer& buffer, WritePacketStage&); - ssize_t handle_finished(const ByteBuffer& buffer, WritePacketStage&); - ssize_t handle_certificate(const ByteBuffer& buffer); - ssize_t handle_server_key_exchange(const ByteBuffer& buffer); - ssize_t handle_server_hello_done(const ByteBuffer& buffer); - ssize_t handle_verify(const ByteBuffer& buffer); - ssize_t handle_payload(const ByteBuffer& buffer); - ssize_t handle_message(const ByteBuffer& buffer); - ssize_t handle_random(const ByteBuffer& buffer); + ssize_t handle_hello(ReadonlyBytes, WritePacketStage&); + ssize_t handle_finished(ReadonlyBytes, WritePacketStage&); + ssize_t handle_certificate(ReadonlyBytes); + ssize_t handle_server_key_exchange(ReadonlyBytes); + ssize_t handle_server_hello_done(ReadonlyBytes); + ssize_t handle_verify(ReadonlyBytes); + ssize_t handle_payload(ReadonlyBytes); + ssize_t handle_message(ReadonlyBytes); + ssize_t handle_random(ReadonlyBytes); - size_t asn1_length(const ByteBuffer& buffer, size_t* octets); + size_t asn1_length(ReadonlyBytes, size_t* octets); - void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b); + void pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b); size_t key_length() const { diff --git a/Userland/test-crypto.cpp b/Userland/test-crypto.cpp index 454c61c0e0..861fc13daf 100644 --- a/Userland/test-crypto.cpp +++ b/Userland/test-crypto.cpp @@ -198,7 +198,7 @@ static void tls(const char* message, size_t len) static void aes_cbc(const char* message, size_t len) { - auto buffer = ByteBuffer::wrap(const_cast(message), len); + ReadonlyBytes buffer { message, len }; // FIXME: Take iv as an optional parameter auto iv = ByteBuffer::create_zeroed(Crypto::Cipher::AESCipher::block_size());