mirror of
https://github.com/SerenityOS/serenity
synced 2024-10-15 12:23:15 +00:00
LibTLS+LibCrypto: Replace a whole bunch of ByteBuffers with Spans
This commit is contained in:
parent
4d89c1885d
commit
8e20208dd6
|
@ -118,6 +118,9 @@ public:
|
||||||
ALWAYS_INLINE constexpr const T* data() const { return this->m_values; }
|
ALWAYS_INLINE constexpr const T* data() const { return this->m_values; }
|
||||||
ALWAYS_INLINE constexpr T* data() { return this->m_values; }
|
ALWAYS_INLINE constexpr T* data() { return this->m_values; }
|
||||||
|
|
||||||
|
ALWAYS_INLINE constexpr const T* offset_pointer(size_t offset) const { return this->m_values + offset; }
|
||||||
|
ALWAYS_INLINE constexpr T* offset_pointer(size_t offset) { return this->m_values + offset; }
|
||||||
|
|
||||||
using ConstIterator = SimpleIterator<const Span, const T>;
|
using ConstIterator = SimpleIterator<const Span, const T>;
|
||||||
using Iterator = SimpleIterator<Span, T>;
|
using Iterator = SimpleIterator<Span, T>;
|
||||||
|
|
||||||
|
@ -128,7 +131,7 @@ public:
|
||||||
constexpr Iterator end() { return Iterator::end(*this); }
|
constexpr Iterator end() { return Iterator::end(*this); }
|
||||||
|
|
||||||
ALWAYS_INLINE constexpr size_t size() const { return this->m_size; }
|
ALWAYS_INLINE constexpr size_t size() const { return this->m_size; }
|
||||||
|
ALWAYS_INLINE constexpr bool is_null() const { return this->m_values == nullptr; }
|
||||||
ALWAYS_INLINE constexpr bool is_empty() const { return this->m_size == 0; }
|
ALWAYS_INLINE constexpr bool is_empty() const { return this->m_size == 0; }
|
||||||
|
|
||||||
ALWAYS_INLINE constexpr Span slice(size_t start, size_t length) const
|
ALWAYS_INLINE constexpr Span slice(size_t start, size_t length) const
|
||||||
|
|
|
@ -59,7 +59,7 @@ String AESCipherKey::to_string() const
|
||||||
return builder.build();
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
|
void AESCipherKey::expand_encrypt_key(ReadonlyBytes user_key, size_t bits)
|
||||||
{
|
{
|
||||||
u32* round_key;
|
u32* round_key;
|
||||||
u32 temp;
|
u32 temp;
|
||||||
|
@ -170,7 +170,7 @@ void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void AESCipherKey::expand_decrypt_key(const ByteBuffer& user_key, size_t bits)
|
void AESCipherKey::expand_decrypt_key(ReadonlyBytes user_key, size_t bits)
|
||||||
{
|
{
|
||||||
u32* round_key;
|
u32* round_key;
|
||||||
|
|
||||||
|
|
|
@ -75,8 +75,8 @@ private:
|
||||||
|
|
||||||
struct AESCipherKey : public CipherKey {
|
struct AESCipherKey : public CipherKey {
|
||||||
virtual ByteBuffer data() const override { return ByteBuffer::copy(m_rd_keys, sizeof(m_rd_keys)); };
|
virtual ByteBuffer data() const override { return ByteBuffer::copy(m_rd_keys, sizeof(m_rd_keys)); };
|
||||||
virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) override;
|
virtual void expand_encrypt_key(ReadonlyBytes user_key, size_t bits) override;
|
||||||
virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) override;
|
virtual void expand_decrypt_key(ReadonlyBytes user_key, size_t bits) override;
|
||||||
static bool is_valid_key_size(size_t bits) { return bits == 128 || bits == 192 || bits == 256; };
|
static bool is_valid_key_size(size_t bits) { return bits == 128 || bits == 192 || bits == 256; };
|
||||||
String to_string() const;
|
String to_string() const;
|
||||||
const u32* round_keys() const
|
const u32* round_keys() const
|
||||||
|
@ -84,7 +84,7 @@ struct AESCipherKey : public CipherKey {
|
||||||
return (const u32*)m_rd_keys;
|
return (const u32*)m_rd_keys;
|
||||||
}
|
}
|
||||||
|
|
||||||
AESCipherKey(const ByteBuffer& user_key, size_t key_bits, Intent intent)
|
AESCipherKey(ReadonlyBytes user_key, size_t key_bits, Intent intent)
|
||||||
: m_bits(key_bits)
|
: m_bits(key_bits)
|
||||||
{
|
{
|
||||||
if (intent == Intent::Encryption)
|
if (intent == Intent::Encryption)
|
||||||
|
@ -119,7 +119,7 @@ public:
|
||||||
|
|
||||||
constexpr static size_t BlockSizeInBits = BlockType::BlockSizeInBits;
|
constexpr static size_t BlockSizeInBits = BlockType::BlockSizeInBits;
|
||||||
|
|
||||||
AESCipher(const ByteBuffer& user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
|
AESCipher(ReadonlyBytes user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
|
||||||
: Cipher<AESCipherKey, AESCipherBlock>(mode)
|
: Cipher<AESCipherKey, AESCipherBlock>(mode)
|
||||||
, m_key(user_key, key_bits, intent)
|
, m_key(user_key, key_bits, intent)
|
||||||
{
|
{
|
||||||
|
|
|
@ -106,8 +106,8 @@ struct CipherKey {
|
||||||
virtual ~CipherKey() { }
|
virtual ~CipherKey() { }
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
|
virtual void expand_encrypt_key(ReadonlyBytes user_key, size_t bits) = 0;
|
||||||
virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
|
virtual void expand_decrypt_key(ReadonlyBytes user_key, size_t bits) = 0;
|
||||||
size_t bits { 0 };
|
size_t bits { 0 };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -56,7 +56,7 @@ public:
|
||||||
|
|
||||||
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
||||||
|
|
||||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
|
virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) override
|
||||||
{
|
{
|
||||||
auto length = in.size();
|
auto length = in.size();
|
||||||
if (length == 0)
|
if (length == 0)
|
||||||
|
@ -97,7 +97,7 @@ public:
|
||||||
__builtin_memcpy(ivec_out->data(), iv, min(IV_length(), ivec_out->size()));
|
__builtin_memcpy(ivec_out->data(), iv, min(IV_length(), ivec_out->size()));
|
||||||
}
|
}
|
||||||
|
|
||||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
|
virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override
|
||||||
{
|
{
|
||||||
auto length = in.size();
|
auto length = in.size();
|
||||||
if (length == 0)
|
if (length == 0)
|
||||||
|
|
|
@ -131,7 +131,7 @@ public:
|
||||||
|
|
||||||
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
||||||
|
|
||||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
|
virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) override
|
||||||
{
|
{
|
||||||
// Our interpretation of "ivec" is what AES-CTR
|
// Our interpretation of "ivec" is what AES-CTR
|
||||||
// would define as nonce + IV + 4 zero bytes.
|
// would define as nonce + IV + 4 zero bytes.
|
||||||
|
@ -143,7 +143,7 @@ public:
|
||||||
this->encrypt_or_stream(nullptr, out, ivec, ivec_out);
|
this->encrypt_or_stream(nullptr, out, ivec, ivec_out);
|
||||||
}
|
}
|
||||||
|
|
||||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
|
virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override
|
||||||
{
|
{
|
||||||
// XOR (and thus CTR) is the most symmetric mode.
|
// XOR (and thus CTR) is the most symmetric mode.
|
||||||
this->encrypt(in, out, ivec);
|
this->encrypt(in, out, ivec);
|
||||||
|
@ -156,7 +156,7 @@ private:
|
||||||
protected:
|
protected:
|
||||||
constexpr static IncrementFunctionType increment {};
|
constexpr static IncrementFunctionType increment {};
|
||||||
|
|
||||||
void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, const Bytes& ivec, Bytes* ivec_out = nullptr)
|
void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, ReadonlyBytes ivec, Bytes* ivec_out = nullptr)
|
||||||
{
|
{
|
||||||
size_t length;
|
size_t length;
|
||||||
if (in) {
|
if (in) {
|
||||||
|
|
|
@ -71,7 +71,7 @@ public:
|
||||||
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
||||||
|
|
||||||
// FIXME: This overload throws away the auth stuff, think up a better way to return more than a single bytebuffer.
|
// FIXME: This overload throws away the auth stuff, think up a better way to return more than a single bytebuffer.
|
||||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* = nullptr) override
|
virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* = nullptr) override
|
||||||
{
|
{
|
||||||
ASSERT(!ivec.is_empty());
|
ASSERT(!ivec.is_empty());
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@ public:
|
||||||
|
|
||||||
encrypt(in, out, ivec, dummy, dummy);
|
encrypt(in, out, ivec, dummy, dummy);
|
||||||
}
|
}
|
||||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
|
virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override
|
||||||
{
|
{
|
||||||
encrypt(in, out, ivec);
|
encrypt(in, out, ivec);
|
||||||
}
|
}
|
||||||
|
@ -108,7 +108,7 @@ public:
|
||||||
block0.get().bytes().copy_to(tag);
|
block0.get().bytes().copy_to(tag);
|
||||||
}
|
}
|
||||||
|
|
||||||
VerificationConsistency decrypt(const ReadonlyBytes& in, Bytes out, const ReadonlyBytes& iv_in, const ReadonlyBytes& aad, const ReadonlyBytes& tag)
|
VerificationConsistency decrypt(ReadonlyBytes in, Bytes out, ReadonlyBytes iv_in, ReadonlyBytes aad, ReadonlyBytes tag)
|
||||||
{
|
{
|
||||||
auto iv_buf = ByteBuffer::copy(iv_in.data(), iv_in.size());
|
auto iv_buf = ByteBuffer::copy(iv_in.data(), iv_in.size());
|
||||||
auto iv = iv_buf.bytes();
|
auto iv = iv_buf.bytes();
|
||||||
|
|
|
@ -39,8 +39,8 @@ class Mode {
|
||||||
public:
|
public:
|
||||||
virtual ~Mode() { }
|
virtual ~Mode() { }
|
||||||
|
|
||||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) = 0;
|
virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) = 0;
|
||||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) = 0;
|
virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) = 0;
|
||||||
|
|
||||||
virtual size_t IV_length() const = 0;
|
virtual size_t IV_length() const = 0;
|
||||||
|
|
||||||
|
|
|
@ -41,8 +41,8 @@ public:
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
virtual void encode(const ByteBuffer& in, ByteBuffer& out, size_t em_bits) = 0;
|
virtual void encode(ReadonlyBytes in, ByteBuffer& out, size_t em_bits) = 0;
|
||||||
virtual VerificationConsistency verify(const ByteBuffer& msg, const ByteBuffer& emsg, size_t em_bits) = 0;
|
virtual VerificationConsistency verify(ReadonlyBytes msg, ReadonlyBytes emsg, size_t em_bits) = 0;
|
||||||
|
|
||||||
const HashFunction& hasher() const { return m_hasher; }
|
const HashFunction& hasher() const { return m_hasher; }
|
||||||
HashFunction& hasher() { return m_hasher; }
|
HashFunction& hasher() { return m_hasher; }
|
||||||
|
|
|
@ -46,7 +46,7 @@ public:
|
||||||
|
|
||||||
static constexpr auto SaltLength = SaltSize;
|
static constexpr auto SaltLength = SaltSize;
|
||||||
|
|
||||||
virtual void encode(const ByteBuffer& in, ByteBuffer& out, size_t em_bits) override
|
virtual void encode(ReadonlyBytes in, ByteBuffer& out, size_t em_bits) override
|
||||||
{
|
{
|
||||||
// FIXME: we're supposed to check if in.size() > HashFunction::input_limitation
|
// FIXME: we're supposed to check if in.size() > HashFunction::input_limitation
|
||||||
// however, all of our current hash functions can hash unlimited blocks
|
// however, all of our current hash functions can hash unlimited blocks
|
||||||
|
@ -87,8 +87,7 @@ public:
|
||||||
u8 DB_mask[mask_length];
|
u8 DB_mask[mask_length];
|
||||||
auto DB_mask_buffer = ByteBuffer::wrap(DB_mask, mask_length);
|
auto DB_mask_buffer = ByteBuffer::wrap(DB_mask, mask_length);
|
||||||
// FIXME: we should probably allow reading from u8*
|
// FIXME: we should probably allow reading from u8*
|
||||||
auto hash_buffer = ByteBuffer::wrap(hash.data, HashFunction::DigestSize);
|
MGF1(ReadonlyBytes { hash.data, HashFunction::DigestSize }, mask_length, DB_mask_buffer);
|
||||||
MGF1(hash_buffer, mask_length, DB_mask_buffer);
|
|
||||||
|
|
||||||
for (size_t i = 0; i < DB.size(); ++i)
|
for (size_t i = 0; i < DB.size(); ++i)
|
||||||
DB_data[i] ^= DB_mask[i];
|
DB_data[i] ^= DB_mask[i];
|
||||||
|
@ -101,7 +100,7 @@ public:
|
||||||
out[DB.size() + hash_fn.DigestSize] = 0xbc;
|
out[DB.size() + hash_fn.DigestSize] = 0xbc;
|
||||||
}
|
}
|
||||||
|
|
||||||
virtual VerificationConsistency verify(const ByteBuffer& msg, const ByteBuffer& emsg, size_t em_bits) override
|
virtual VerificationConsistency verify(ReadonlyBytes msg, ReadonlyBytes emsg, size_t em_bits) override
|
||||||
{
|
{
|
||||||
auto& hash_fn = this->hasher();
|
auto& hash_fn = this->hasher();
|
||||||
hash_fn.update(msg);
|
hash_fn.update(msg);
|
||||||
|
@ -114,8 +113,8 @@ public:
|
||||||
return VerificationConsistency::Inconsistent;
|
return VerificationConsistency::Inconsistent;
|
||||||
|
|
||||||
auto mask_length = emsg.size() - HashFunction::DigestSize - 1;
|
auto mask_length = emsg.size() - HashFunction::DigestSize - 1;
|
||||||
auto masked_DB = emsg.slice_view(0, mask_length);
|
auto masked_DB = emsg.slice(0, mask_length);
|
||||||
auto H = emsg.slice_view(mask_length, HashFunction::DigestSize);
|
auto H = emsg.slice(mask_length, HashFunction::DigestSize);
|
||||||
|
|
||||||
auto length_to_check = 8 * emsg.size() - em_bits;
|
auto length_to_check = 8 * emsg.size() - em_bits;
|
||||||
auto octet = masked_DB[0];
|
auto octet = masked_DB[0];
|
||||||
|
@ -160,7 +159,7 @@ public:
|
||||||
return VerificationConsistency::Consistent;
|
return VerificationConsistency::Consistent;
|
||||||
}
|
}
|
||||||
|
|
||||||
void MGF1(const ByteBuffer& seed, size_t length, ByteBuffer& out)
|
void MGF1(ReadonlyBytes seed, size_t length, ByteBuffer& out)
|
||||||
{
|
{
|
||||||
auto& hash_fn = this->hasher();
|
auto& hash_fn = this->hasher();
|
||||||
ByteBuffer T = ByteBuffer::create_zeroed(0);
|
ByteBuffer T = ByteBuffer::create_zeroed(0);
|
||||||
|
|
|
@ -49,11 +49,11 @@ public:
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) = 0;
|
virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) = 0;
|
||||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) = 0;
|
virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) = 0;
|
||||||
|
|
||||||
virtual void sign(const ByteBuffer& in, ByteBuffer& out) = 0;
|
virtual void sign(ReadonlyBytes in, ByteBuffer& out) = 0;
|
||||||
virtual void verify(const ByteBuffer& in, ByteBuffer& out) = 0;
|
virtual void verify(ReadonlyBytes in, ByteBuffer& out) = 0;
|
||||||
|
|
||||||
virtual String class_name() const = 0;
|
virtual String class_name() const = 0;
|
||||||
|
|
||||||
|
|
|
@ -113,7 +113,7 @@ RSA::KeyPairType RSA::parse_rsa_key(ReadonlyBytes in)
|
||||||
return keypair;
|
return keypair;
|
||||||
}
|
}
|
||||||
|
|
||||||
void RSA::encrypt(const ByteBuffer& in, ByteBuffer& out)
|
void RSA::encrypt(ReadonlyBytes in, ByteBuffer& out)
|
||||||
{
|
{
|
||||||
#ifdef CRYPTO_DEBUG
|
#ifdef CRYPTO_DEBUG
|
||||||
dbg() << "in size: " << in.size();
|
dbg() << "in size: " << in.size();
|
||||||
|
@ -133,7 +133,7 @@ void RSA::encrypt(const ByteBuffer& in, ByteBuffer& out)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void RSA::decrypt(const ByteBuffer& in, ByteBuffer& out)
|
void RSA::decrypt(ReadonlyBytes in, ByteBuffer& out)
|
||||||
{
|
{
|
||||||
// FIXME: Actually use the private key properly
|
// FIXME: Actually use the private key properly
|
||||||
|
|
||||||
|
@ -149,7 +149,7 @@ void RSA::decrypt(const ByteBuffer& in, ByteBuffer& out)
|
||||||
out = out.slice(out.size() - aligned_size, aligned_size);
|
out = out.slice(out.size() - aligned_size, aligned_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
void RSA::sign(const ByteBuffer& in, ByteBuffer& out)
|
void RSA::sign(ReadonlyBytes in, ByteBuffer& out)
|
||||||
{
|
{
|
||||||
auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
|
auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
|
||||||
auto exp = NumberTheory::ModularPower(in_integer, m_private_key.private_exponent(), m_private_key.modulus());
|
auto exp = NumberTheory::ModularPower(in_integer, m_private_key.private_exponent(), m_private_key.modulus());
|
||||||
|
@ -157,7 +157,7 @@ void RSA::sign(const ByteBuffer& in, ByteBuffer& out)
|
||||||
out = out.slice(out.size() - size, size);
|
out = out.slice(out.size() - size, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
void RSA::verify(const ByteBuffer& in, ByteBuffer& out)
|
void RSA::verify(ReadonlyBytes in, ByteBuffer& out)
|
||||||
{
|
{
|
||||||
auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
|
auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
|
||||||
auto exp = NumberTheory::ModularPower(in_integer, m_public_key.public_exponent(), m_public_key.modulus());
|
auto exp = NumberTheory::ModularPower(in_integer, m_public_key.public_exponent(), m_public_key.modulus());
|
||||||
|
@ -198,7 +198,7 @@ void RSA::import_public_key(ReadonlyBytes bytes, bool pem)
|
||||||
}
|
}
|
||||||
|
|
||||||
template<typename HashFunction>
|
template<typename HashFunction>
|
||||||
void RSA_EMSA_PSS<HashFunction>::sign(const ByteBuffer& in, ByteBuffer& out)
|
void RSA_EMSA_PSS<HashFunction>::sign(ReadonlyBytes in, ByteBuffer& out)
|
||||||
{
|
{
|
||||||
// -- encode via EMSA_PSS
|
// -- encode via EMSA_PSS
|
||||||
auto mod_bits = m_rsa.private_key().modulus().trimmed_length() * sizeof(u32) * 8;
|
auto mod_bits = m_rsa.private_key().modulus().trimmed_length() * sizeof(u32) * 8;
|
||||||
|
@ -212,7 +212,7 @@ void RSA_EMSA_PSS<HashFunction>::sign(const ByteBuffer& in, ByteBuffer& out)
|
||||||
}
|
}
|
||||||
|
|
||||||
template<typename HashFunction>
|
template<typename HashFunction>
|
||||||
VerificationConsistency RSA_EMSA_PSS<HashFunction>::verify(const ByteBuffer& in)
|
VerificationConsistency RSA_EMSA_PSS<HashFunction>::verify(ReadonlyBytes in)
|
||||||
{
|
{
|
||||||
auto mod_bytes = m_rsa.public_key().modulus().trimmed_length() * sizeof(u32);
|
auto mod_bytes = m_rsa.public_key().modulus().trimmed_length() * sizeof(u32);
|
||||||
if (in.size() != mod_bytes)
|
if (in.size() != mod_bytes)
|
||||||
|
@ -228,7 +228,7 @@ VerificationConsistency RSA_EMSA_PSS<HashFunction>::verify(const ByteBuffer& in)
|
||||||
return m_emsa_pss.verify(in, EM, mod_bytes * 8 - 1);
|
return m_emsa_pss.verify(in, EM, mod_bytes * 8 - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
void RSA_PKCS1_EME::encrypt(const ByteBuffer& in, ByteBuffer& out)
|
void RSA_PKCS1_EME::encrypt(ReadonlyBytes in, ByteBuffer& out)
|
||||||
{
|
{
|
||||||
auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8;
|
auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8;
|
||||||
#ifdef CRYPTO_DEBUG
|
#ifdef CRYPTO_DEBUG
|
||||||
|
@ -271,7 +271,7 @@ void RSA_PKCS1_EME::encrypt(const ByteBuffer& in, ByteBuffer& out)
|
||||||
|
|
||||||
RSA::encrypt(out, out);
|
RSA::encrypt(out, out);
|
||||||
}
|
}
|
||||||
void RSA_PKCS1_EME::decrypt(const ByteBuffer& in, ByteBuffer& out)
|
void RSA_PKCS1_EME::decrypt(ReadonlyBytes in, ByteBuffer& out)
|
||||||
{
|
{
|
||||||
auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8;
|
auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8;
|
||||||
if (in.size() != mod_len) {
|
if (in.size() != mod_len) {
|
||||||
|
@ -317,11 +317,11 @@ void RSA_PKCS1_EME::decrypt(const ByteBuffer& in, ByteBuffer& out)
|
||||||
out = out.slice(offset, out.size() - offset);
|
out = out.slice(offset, out.size() - offset);
|
||||||
}
|
}
|
||||||
|
|
||||||
void RSA_PKCS1_EME::sign(const ByteBuffer&, ByteBuffer&)
|
void RSA_PKCS1_EME::sign(ReadonlyBytes, ByteBuffer&)
|
||||||
{
|
{
|
||||||
dbg() << "FIXME: RSA_PKCS_EME::sign";
|
dbg() << "FIXME: RSA_PKCS_EME::sign";
|
||||||
}
|
}
|
||||||
void RSA_PKCS1_EME::verify(const ByteBuffer&, ByteBuffer&)
|
void RSA_PKCS1_EME::verify(ReadonlyBytes, ByteBuffer&)
|
||||||
{
|
{
|
||||||
dbg() << "FIXME: RSA_PKCS_EME::verify";
|
dbg() << "FIXME: RSA_PKCS_EME::verify";
|
||||||
}
|
}
|
||||||
|
|
|
@ -178,11 +178,11 @@ public:
|
||||||
m_private_key = pair.private_key;
|
m_private_key = pair.private_key;
|
||||||
}
|
}
|
||||||
|
|
||||||
virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) override;
|
virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) override;
|
||||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) override;
|
virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) override;
|
||||||
|
|
||||||
virtual void sign(const ByteBuffer& in, ByteBuffer& out) override;
|
virtual void sign(ReadonlyBytes in, ByteBuffer& out) override;
|
||||||
virtual void verify(const ByteBuffer& in, ByteBuffer& out) override;
|
virtual void verify(ReadonlyBytes in, ByteBuffer& out) override;
|
||||||
|
|
||||||
virtual String class_name() const override { return "RSA"; }
|
virtual String class_name() const override { return "RSA"; }
|
||||||
|
|
||||||
|
@ -203,8 +203,8 @@ public:
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
void sign(const ByteBuffer& in, ByteBuffer& out);
|
void sign(ReadonlyBytes in, ByteBuffer& out);
|
||||||
VerificationConsistency verify(const ByteBuffer& in);
|
VerificationConsistency verify(ReadonlyBytes in);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
EMSA_PSS<HashFunction, HashFunction::DigestSize> m_emsa_pss;
|
EMSA_PSS<HashFunction, HashFunction::DigestSize> m_emsa_pss;
|
||||||
|
@ -222,11 +222,11 @@ public:
|
||||||
|
|
||||||
~RSA_PKCS1_EME() { }
|
~RSA_PKCS1_EME() { }
|
||||||
|
|
||||||
virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) override;
|
virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) override;
|
||||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) override;
|
virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) override;
|
||||||
|
|
||||||
virtual void sign(const ByteBuffer&, ByteBuffer&) override;
|
virtual void sign(ReadonlyBytes, ByteBuffer&) override;
|
||||||
virtual void verify(const ByteBuffer&, ByteBuffer&) override;
|
virtual void verify(ReadonlyBytes, ByteBuffer&) override;
|
||||||
|
|
||||||
virtual String class_name() const override { return "RSA_PKCS1-EME"; }
|
virtual String class_name() const override { return "RSA_PKCS1-EME"; }
|
||||||
virtual size_t output_size() const override { return m_public_key.length(); }
|
virtual size_t output_size() const override { return m_public_key.length(); }
|
||||||
|
|
|
@ -34,7 +34,7 @@
|
||||||
|
|
||||||
namespace TLS {
|
namespace TLS {
|
||||||
|
|
||||||
ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
|
ssize_t TLSv12::handle_server_hello_done(ReadonlyBytes buffer)
|
||||||
{
|
{
|
||||||
if (buffer.size() < 3)
|
if (buffer.size() < 3)
|
||||||
return (i8)Error::NeedMoreData;
|
return (i8)Error::NeedMoreData;
|
||||||
|
@ -47,7 +47,7 @@ ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
|
||||||
return size + 3;
|
return size + 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_packets)
|
ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packets)
|
||||||
{
|
{
|
||||||
write_packets = WritePacketStage::Initial;
|
write_packets = WritePacketStage::Initial;
|
||||||
if (m_context.connection_status != ConnectionStatus::Disconnected && m_context.connection_status != ConnectionStatus::Renegotiating) {
|
if (m_context.connection_status != ConnectionStatus::Disconnected && m_context.connection_status != ConnectionStatus::Renegotiating) {
|
||||||
|
@ -192,7 +192,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
|
||||||
}
|
}
|
||||||
} else if (extension_type == HandshakeExtension::SignatureAlgorithms) {
|
} else if (extension_type == HandshakeExtension::SignatureAlgorithms) {
|
||||||
dbg() << "supported signatures: ";
|
dbg() << "supported signatures: ";
|
||||||
print_buffer(buffer.slice_view(res, extension_length));
|
print_buffer(buffer.slice(res, extension_length));
|
||||||
// FIXME: what are we supposed to do here?
|
// FIXME: what are we supposed to do here?
|
||||||
}
|
}
|
||||||
res += extension_length;
|
res += extension_length;
|
||||||
|
@ -202,7 +202,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& write_packets)
|
ssize_t TLSv12::handle_finished(ReadonlyBytes buffer, WritePacketStage& write_packets)
|
||||||
{
|
{
|
||||||
if (m_context.connection_status < ConnectionStatus::KeyExchange || m_context.connection_status == ConnectionStatus::Established) {
|
if (m_context.connection_status < ConnectionStatus::KeyExchange || m_context.connection_status == ConnectionStatus::Established) {
|
||||||
dbg() << "unexpected finished message";
|
dbg() << "unexpected finished message";
|
||||||
|
@ -305,10 +305,10 @@ void TLSv12::build_random(PacketBuilder& builder)
|
||||||
|
|
||||||
builder.append_u24(outbuf.size() + 2);
|
builder.append_u24(outbuf.size() + 2);
|
||||||
builder.append((u16)outbuf.size());
|
builder.append((u16)outbuf.size());
|
||||||
builder.append(outbuf);
|
builder.append(outbuf.bytes());
|
||||||
}
|
}
|
||||||
|
|
||||||
ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
|
||||||
{
|
{
|
||||||
if (m_context.connection_status == ConnectionStatus::Established) {
|
if (m_context.connection_status == ConnectionStatus::Established) {
|
||||||
#ifdef TLS_DEBUG
|
#ifdef TLS_DEBUG
|
||||||
|
@ -374,7 +374,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
||||||
dbg() << "unsupported: server mode";
|
dbg() << "unsupported: server mode";
|
||||||
ASSERT_NOT_REACHED();
|
ASSERT_NOT_REACHED();
|
||||||
} else {
|
} else {
|
||||||
payload_res = handle_hello(buffer.slice_view(1, payload_size), write_packets);
|
payload_res = handle_hello(buffer.slice(1, payload_size), write_packets);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case HelloVerifyRequest:
|
case HelloVerifyRequest:
|
||||||
|
@ -396,7 +396,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
||||||
dbg() << "unsupported: server mode";
|
dbg() << "unsupported: server mode";
|
||||||
ASSERT_NOT_REACHED();
|
ASSERT_NOT_REACHED();
|
||||||
}
|
}
|
||||||
payload_res = handle_certificate(buffer.slice_view(1, payload_size));
|
payload_res = handle_certificate(buffer.slice(1, payload_size));
|
||||||
if (m_context.certificates.size()) {
|
if (m_context.certificates.size()) {
|
||||||
auto it = m_context.certificates.find([&](auto& cert) { return cert.is_valid(); });
|
auto it = m_context.certificates.find([&](auto& cert) { return cert.is_valid(); });
|
||||||
|
|
||||||
|
@ -430,7 +430,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
||||||
dbg() << "unsupported: server mode";
|
dbg() << "unsupported: server mode";
|
||||||
ASSERT_NOT_REACHED();
|
ASSERT_NOT_REACHED();
|
||||||
} else {
|
} else {
|
||||||
payload_res = handle_server_key_exchange(buffer.slice_view(1, payload_size));
|
payload_res = handle_server_key_exchange(buffer.slice(1, payload_size));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case CertificateRequest:
|
case CertificateRequest:
|
||||||
|
@ -466,7 +466,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
||||||
dbg() << "unsupported: server mode";
|
dbg() << "unsupported: server mode";
|
||||||
ASSERT_NOT_REACHED();
|
ASSERT_NOT_REACHED();
|
||||||
} else {
|
} else {
|
||||||
payload_res = handle_server_hello_done(buffer.slice_view(1, payload_size));
|
payload_res = handle_server_hello_done(buffer.slice(1, payload_size));
|
||||||
if (payload_res > 0)
|
if (payload_res > 0)
|
||||||
write_packets = WritePacketStage::ClientHandshake;
|
write_packets = WritePacketStage::ClientHandshake;
|
||||||
}
|
}
|
||||||
|
@ -482,7 +482,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
||||||
dbg() << "certificate verify";
|
dbg() << "certificate verify";
|
||||||
#endif
|
#endif
|
||||||
if (m_context.connection_status == ConnectionStatus::KeyExchange) {
|
if (m_context.connection_status == ConnectionStatus::KeyExchange) {
|
||||||
payload_res = handle_verify(buffer.slice_view(1, payload_size));
|
payload_res = handle_verify(buffer.slice(1, payload_size));
|
||||||
} else {
|
} else {
|
||||||
payload_res = (i8)Error::UnexpectedMessage;
|
payload_res = (i8)Error::UnexpectedMessage;
|
||||||
}
|
}
|
||||||
|
@ -517,7 +517,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
||||||
#ifdef TLS_DEBUG
|
#ifdef TLS_DEBUG
|
||||||
dbg() << "finished";
|
dbg() << "finished";
|
||||||
#endif
|
#endif
|
||||||
payload_res = handle_finished(buffer.slice_view(1, payload_size), write_packets);
|
payload_res = handle_finished(buffer.slice(1, payload_size), write_packets);
|
||||||
if (payload_res > 0) {
|
if (payload_res > 0) {
|
||||||
memset(m_context.handshake_messages, 0, sizeof(m_context.handshake_messages));
|
memset(m_context.handshake_messages, 0, sizeof(m_context.handshake_messages));
|
||||||
}
|
}
|
||||||
|
@ -528,7 +528,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (type != HelloRequest) {
|
if (type != HelloRequest) {
|
||||||
update_hash(buffer.slice_view(0, payload_size + 1));
|
update_hash(buffer.slice(0, payload_size + 1));
|
||||||
}
|
}
|
||||||
|
|
||||||
// if something went wrong, send an alert about it
|
// if something went wrong, send an alert about it
|
||||||
|
|
|
@ -108,7 +108,7 @@ bool TLSv12::expand_key()
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void TLSv12::pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b)
|
void TLSv12::pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b)
|
||||||
{
|
{
|
||||||
if (!secret.size()) {
|
if (!secret.size()) {
|
||||||
dbg() << "null secret";
|
dbg() << "null secret";
|
||||||
|
@ -225,7 +225,7 @@ ByteBuffer TLSv12::build_certificate()
|
||||||
for (auto& certificate : certificates) {
|
for (auto& certificate : certificates) {
|
||||||
if (!certificate->der.is_empty()) {
|
if (!certificate->der.is_empty()) {
|
||||||
builder.append_u24(certificate->der.size());
|
builder.append_u24(certificate->der.size());
|
||||||
builder.append(certificate->der);
|
builder.append(certificate->der.bytes());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -265,13 +265,13 @@ ByteBuffer TLSv12::build_client_key_exchange()
|
||||||
return packet;
|
return packet;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssize_t TLSv12::handle_server_key_exchange(const ByteBuffer&)
|
ssize_t TLSv12::handle_server_key_exchange(ReadonlyBytes)
|
||||||
{
|
{
|
||||||
dbg() << "FIXME: parse_server_key_exchange";
|
dbg() << "FIXME: parse_server_key_exchange";
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssize_t TLSv12::handle_verify(const ByteBuffer&)
|
ssize_t TLSv12::handle_verify(ReadonlyBytes)
|
||||||
{
|
{
|
||||||
dbg() << "FIXME: parse_verify";
|
dbg() << "FIXME: parse_verify";
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -160,7 +160,7 @@ ByteBuffer TLSv12::build_finished()
|
||||||
auto hashbuf = ByteBuffer::wrap(const_cast<u8*>(digest.immutable_data()), m_context.handshake_hash.digest_size());
|
auto hashbuf = ByteBuffer::wrap(const_cast<u8*>(digest.immutable_data()), m_context.handshake_hash.digest_size());
|
||||||
pseudorandom_function(outbuffer, m_context.master_key, (const u8*)"client finished", 15, hashbuf, dummy);
|
pseudorandom_function(outbuffer, m_context.master_key, (const u8*)"client finished", 15, hashbuf, dummy);
|
||||||
|
|
||||||
builder.append(outbuffer);
|
builder.append(outbuffer.bytes());
|
||||||
auto packet = builder.build();
|
auto packet = builder.build();
|
||||||
update_packet(packet);
|
update_packet(packet);
|
||||||
|
|
||||||
|
|
|
@ -194,7 +194,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
|
||||||
++m_context.local_sequence_number;
|
++m_context.local_sequence_number;
|
||||||
}
|
}
|
||||||
|
|
||||||
void TLSv12::update_hash(const ByteBuffer& message)
|
void TLSv12::update_hash(ReadonlyBytes message)
|
||||||
{
|
{
|
||||||
m_context.handshake_hash.update(message);
|
m_context.handshake_hash.update(message);
|
||||||
}
|
}
|
||||||
|
@ -226,7 +226,7 @@ ByteBuffer TLSv12::hmac_message(const ReadonlyBytes& buf, const Optional<Readonl
|
||||||
return mac;
|
return mac;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
|
||||||
{
|
{
|
||||||
auto res { 5ll };
|
auto res { 5ll };
|
||||||
size_t header_size = res;
|
size_t header_size = res;
|
||||||
|
@ -265,7 +265,9 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
||||||
#ifdef TLS_DEBUG
|
#ifdef TLS_DEBUG
|
||||||
dbg() << "message type: " << (u8)type << ", length: " << length;
|
dbg() << "message type: " << (u8)type << ", length: " << length;
|
||||||
#endif
|
#endif
|
||||||
ByteBuffer plain = buffer.slice_view(buffer_position, buffer.size() - buffer_position);
|
auto plain = buffer.slice(buffer_position, buffer.size() - buffer_position);
|
||||||
|
|
||||||
|
ByteBuffer decrypted;
|
||||||
|
|
||||||
if (m_context.cipher_spec_set && type != MessageType::ChangeCipher) {
|
if (m_context.cipher_spec_set && type != MessageType::ChangeCipher) {
|
||||||
#ifdef TLS_DEBUG
|
#ifdef TLS_DEBUG
|
||||||
|
@ -284,8 +286,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
||||||
}
|
}
|
||||||
|
|
||||||
auto packet_length = length - iv_length() - 16;
|
auto packet_length = length - iv_length() - 16;
|
||||||
auto payload = plain.bytes();
|
auto payload = plain;
|
||||||
auto decrypted = ByteBuffer::create_uninitialized(packet_length);
|
decrypted = ByteBuffer::create_uninitialized(packet_length);
|
||||||
|
|
||||||
// AEAD AAD (13)
|
// AEAD AAD (13)
|
||||||
// Seq. no (8)
|
// Seq. no (8)
|
||||||
|
@ -299,8 +301,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
||||||
u64 seq_no = AK::convert_between_host_and_network_endian(m_context.remote_sequence_number);
|
u64 seq_no = AK::convert_between_host_and_network_endian(m_context.remote_sequence_number);
|
||||||
u16 len = AK::convert_between_host_and_network_endian((u16)packet_length);
|
u16 len = AK::convert_between_host_and_network_endian((u16)packet_length);
|
||||||
|
|
||||||
aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
|
aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
|
||||||
aad_stream.write(buffer.bytes().slice(0, header_size - 2)); // content-type + version
|
aad_stream.write(buffer.slice(0, header_size - 2)); // content-type + version
|
||||||
aad_stream.write({ &len, sizeof(u16) });
|
aad_stream.write({ &len, sizeof(u16) });
|
||||||
ASSERT(aad_stream.is_end());
|
ASSERT(aad_stream.is_end());
|
||||||
|
|
||||||
|
@ -342,10 +344,10 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
||||||
auto iv_size = iv_length();
|
auto iv_size = iv_length();
|
||||||
|
|
||||||
auto decrypted = m_aes_remote.cbc->create_aligned_buffer(length - iv_size);
|
auto decrypted = m_aes_remote.cbc->create_aligned_buffer(length - iv_size);
|
||||||
auto iv = buffer.slice_view(header_size, iv_size);
|
auto iv = buffer.slice(header_size, iv_size);
|
||||||
|
|
||||||
Bytes decrypted_span = decrypted;
|
Bytes decrypted_span = decrypted;
|
||||||
m_aes_remote.cbc->decrypt(buffer.bytes().slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
|
m_aes_remote.cbc->decrypt(buffer.slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
|
||||||
|
|
||||||
length = decrypted_span.size();
|
length = decrypted_span.size();
|
||||||
|
|
||||||
|
|
|
@ -73,7 +73,7 @@ String TLSv12::read_line(size_t max_size)
|
||||||
return String::copy(buffer, Chomp);
|
return String::copy(buffer, Chomp);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool TLSv12::write(const ByteBuffer& buffer)
|
bool TLSv12::write(ReadonlyBytes buffer)
|
||||||
{
|
{
|
||||||
if (m_context.connection_status != ConnectionStatus::Established) {
|
if (m_context.connection_status != ConnectionStatus::Established) {
|
||||||
#ifdef TLS_DEBUG
|
#ifdef TLS_DEBUG
|
||||||
|
|
|
@ -70,7 +70,7 @@ public:
|
||||||
{
|
{
|
||||||
append((const u8*)&value, sizeof(value));
|
append((const u8*)&value, sizeof(value));
|
||||||
}
|
}
|
||||||
inline void append(const ByteBuffer& data)
|
inline void append(ReadonlyBytes data)
|
||||||
{
|
{
|
||||||
append(data.data(), data.size());
|
append(data.data(), data.size());
|
||||||
}
|
}
|
||||||
|
|
|
@ -428,7 +428,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
|
Optional<Certificate> TLSv12::parse_asn1(ReadonlyBytes buffer, bool) const
|
||||||
{
|
{
|
||||||
// FIXME: Our ASN.1 parser is not quite up to the task of
|
// FIXME: Our ASN.1 parser is not quite up to the task of
|
||||||
// parsing this X.509 certificate, so for the
|
// parsing this X.509 certificate, so for the
|
||||||
|
@ -447,7 +447,7 @@ Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
|
||||||
return cert;
|
return cert;
|
||||||
}
|
}
|
||||||
|
|
||||||
ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
|
ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
|
||||||
{
|
{
|
||||||
ssize_t res = 0;
|
ssize_t res = 0;
|
||||||
|
|
||||||
|
@ -522,7 +522,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
|
||||||
}
|
}
|
||||||
remaining -= certificate_size_specific;
|
remaining -= certificate_size_specific;
|
||||||
|
|
||||||
auto certificate = parse_asn1(buffer.slice_view(res_cert, certificate_size_specific), false);
|
auto certificate = parse_asn1(buffer.slice(res_cert, certificate_size_specific), false);
|
||||||
if (certificate.has_value()) {
|
if (certificate.has_value()) {
|
||||||
if (certificate.value().is_valid()) {
|
if (certificate.value().is_valid()) {
|
||||||
m_context.certificates.append(certificate.value());
|
m_context.certificates.append(certificate.value());
|
||||||
|
@ -546,7 +546,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
void TLSv12::consume(const ByteBuffer& record)
|
void TLSv12::consume(ReadonlyBytes record)
|
||||||
{
|
{
|
||||||
if (m_context.critical_error) {
|
if (m_context.critical_error) {
|
||||||
dbg() << "There has been a critical error (" << (i8)m_context.critical_error << "), refusing to continue";
|
dbg() << "There has been a critical error (" << (i8)m_context.critical_error << "), refusing to continue";
|
||||||
|
@ -846,7 +846,7 @@ TLSv12::TLSv12(Core::Object* parent, Version version)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bool TLSv12::add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& rsa_key) // FIXME: This should not be bound to RSA
|
bool TLSv12::add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes rsa_key) // FIXME: This should not be bound to RSA
|
||||||
{
|
{
|
||||||
if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) {
|
if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) {
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -41,18 +41,21 @@
|
||||||
|
|
||||||
namespace TLS {
|
namespace TLS {
|
||||||
|
|
||||||
inline void print_buffer(const ByteBuffer& buffer)
|
inline void print_buffer(ReadonlyBytes buffer)
|
||||||
{
|
{
|
||||||
for (size_t i { 0 }; i < buffer.size(); ++i)
|
for (size_t i { 0 }; i < buffer.size(); ++i)
|
||||||
dbgprintf("%02x ", buffer[i]);
|
dbgprintf("%02x ", buffer[i]);
|
||||||
dbgprintf("\n");
|
dbgprintf("\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
inline void print_buffer(const ByteBuffer& buffer)
|
||||||
|
{
|
||||||
|
print_buffer(buffer.bytes());
|
||||||
|
}
|
||||||
|
|
||||||
inline void print_buffer(const u8* buffer, size_t size)
|
inline void print_buffer(const u8* buffer, size_t size)
|
||||||
{
|
{
|
||||||
for (size_t i { 0 }; i < size; ++i)
|
print_buffer(ReadonlyBytes { buffer, size });
|
||||||
dbgprintf("%02x ", buffer[i]);
|
|
||||||
dbgprintf("\n");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
class Socket;
|
class Socket;
|
||||||
|
@ -277,13 +280,13 @@ public:
|
||||||
m_context.SNI = sni;
|
m_context.SNI = sni;
|
||||||
}
|
}
|
||||||
|
|
||||||
Optional<Certificate> parse_asn1(const ByteBuffer& buffer, bool client_cert = false) const;
|
Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false) const;
|
||||||
bool load_certificates(const ByteBuffer& pem_buffer);
|
bool load_certificates(ReadonlyBytes pem_buffer);
|
||||||
bool load_private_key(const ByteBuffer& pem_buffer);
|
bool load_private_key(ReadonlyBytes pem_buffer);
|
||||||
|
|
||||||
void set_root_certificates(Vector<Certificate>);
|
void set_root_certificates(Vector<Certificate>);
|
||||||
|
|
||||||
bool add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& key_pem_buffer);
|
bool add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes key_pem_buffer);
|
||||||
bool add_client_key(Certificate certificate)
|
bool add_client_key(Certificate certificate)
|
||||||
{
|
{
|
||||||
m_context.client_certificates.append(move(certificate));
|
m_context.client_certificates.append(move(certificate));
|
||||||
|
@ -313,7 +316,7 @@ public:
|
||||||
Optional<ByteBuffer> read();
|
Optional<ByteBuffer> read();
|
||||||
ByteBuffer read(size_t max_size);
|
ByteBuffer read(size_t max_size);
|
||||||
|
|
||||||
bool write(const ByteBuffer& buffer);
|
bool write(ReadonlyBytes);
|
||||||
void alert(AlertLevel, AlertDescription);
|
void alert(AlertLevel, AlertDescription);
|
||||||
|
|
||||||
bool can_read_line() const { return m_context.application_buffer.size() && memchr(m_context.application_buffer.data(), '\n', m_context.application_buffer.size()); }
|
bool can_read_line() const { return m_context.application_buffer.size() && memchr(m_context.application_buffer.data(), '\n', m_context.application_buffer.size()); }
|
||||||
|
@ -332,13 +335,13 @@ private:
|
||||||
|
|
||||||
virtual bool common_connect(const struct sockaddr*, socklen_t) override;
|
virtual bool common_connect(const struct sockaddr*, socklen_t) override;
|
||||||
|
|
||||||
void consume(const ByteBuffer& record);
|
void consume(ReadonlyBytes record);
|
||||||
|
|
||||||
ByteBuffer hmac_message(const ReadonlyBytes& buf, const Optional<ReadonlyBytes> buf2, size_t mac_length, bool local = false);
|
ByteBuffer hmac_message(const ReadonlyBytes& buf, const Optional<ReadonlyBytes> buf2, size_t mac_length, bool local = false);
|
||||||
void ensure_hmac(size_t digest_size, bool local);
|
void ensure_hmac(size_t digest_size, bool local);
|
||||||
|
|
||||||
void update_packet(ByteBuffer& packet);
|
void update_packet(ByteBuffer& packet);
|
||||||
void update_hash(const ByteBuffer& in);
|
void update_hash(ReadonlyBytes in);
|
||||||
|
|
||||||
void write_packet(ByteBuffer& packet);
|
void write_packet(ByteBuffer& packet);
|
||||||
|
|
||||||
|
@ -360,19 +363,19 @@ private:
|
||||||
|
|
||||||
bool check_connection_state(bool read);
|
bool check_connection_state(bool read);
|
||||||
|
|
||||||
ssize_t handle_hello(const ByteBuffer& buffer, WritePacketStage&);
|
ssize_t handle_hello(ReadonlyBytes, WritePacketStage&);
|
||||||
ssize_t handle_finished(const ByteBuffer& buffer, WritePacketStage&);
|
ssize_t handle_finished(ReadonlyBytes, WritePacketStage&);
|
||||||
ssize_t handle_certificate(const ByteBuffer& buffer);
|
ssize_t handle_certificate(ReadonlyBytes);
|
||||||
ssize_t handle_server_key_exchange(const ByteBuffer& buffer);
|
ssize_t handle_server_key_exchange(ReadonlyBytes);
|
||||||
ssize_t handle_server_hello_done(const ByteBuffer& buffer);
|
ssize_t handle_server_hello_done(ReadonlyBytes);
|
||||||
ssize_t handle_verify(const ByteBuffer& buffer);
|
ssize_t handle_verify(ReadonlyBytes);
|
||||||
ssize_t handle_payload(const ByteBuffer& buffer);
|
ssize_t handle_payload(ReadonlyBytes);
|
||||||
ssize_t handle_message(const ByteBuffer& buffer);
|
ssize_t handle_message(ReadonlyBytes);
|
||||||
ssize_t handle_random(const ByteBuffer& buffer);
|
ssize_t handle_random(ReadonlyBytes);
|
||||||
|
|
||||||
size_t asn1_length(const ByteBuffer& buffer, size_t* octets);
|
size_t asn1_length(ReadonlyBytes, size_t* octets);
|
||||||
|
|
||||||
void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b);
|
void pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b);
|
||||||
|
|
||||||
size_t key_length() const
|
size_t key_length() const
|
||||||
{
|
{
|
||||||
|
|
|
@ -198,7 +198,7 @@ static void tls(const char* message, size_t len)
|
||||||
|
|
||||||
static void aes_cbc(const char* message, size_t len)
|
static void aes_cbc(const char* message, size_t len)
|
||||||
{
|
{
|
||||||
auto buffer = ByteBuffer::wrap(const_cast<char*>(message), len);
|
ReadonlyBytes buffer { message, len };
|
||||||
// FIXME: Take iv as an optional parameter
|
// FIXME: Take iv as an optional parameter
|
||||||
auto iv = ByteBuffer::create_zeroed(Crypto::Cipher::AESCipher::block_size());
|
auto iv = ByteBuffer::create_zeroed(Crypto::Cipher::AESCipher::block_size());
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue