1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 06:17:35 +00:00

LibTLS+LibCrypto: Replace a whole bunch of ByteBuffers with Spans

This commit is contained in:
Andreas Kling 2020-12-19 15:07:09 +01:00
parent 4d89c1885d
commit 8e20208dd6
22 changed files with 116 additions and 109 deletions

View file

@ -34,7 +34,7 @@
namespace TLS {
ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
ssize_t TLSv12::handle_server_hello_done(ReadonlyBytes buffer)
{
if (buffer.size() < 3)
return (i8)Error::NeedMoreData;
@ -47,7 +47,7 @@ ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
return size + 3;
}
ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_packets)
ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packets)
{
write_packets = WritePacketStage::Initial;
if (m_context.connection_status != ConnectionStatus::Disconnected && m_context.connection_status != ConnectionStatus::Renegotiating) {
@ -192,7 +192,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
}
} else if (extension_type == HandshakeExtension::SignatureAlgorithms) {
dbg() << "supported signatures: ";
print_buffer(buffer.slice_view(res, extension_length));
print_buffer(buffer.slice(res, extension_length));
// FIXME: what are we supposed to do here?
}
res += extension_length;
@ -202,7 +202,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
return res;
}
ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& write_packets)
ssize_t TLSv12::handle_finished(ReadonlyBytes buffer, WritePacketStage& write_packets)
{
if (m_context.connection_status < ConnectionStatus::KeyExchange || m_context.connection_status == ConnectionStatus::Established) {
dbg() << "unexpected finished message";
@ -305,10 +305,10 @@ void TLSv12::build_random(PacketBuilder& builder)
builder.append_u24(outbuf.size() + 2);
builder.append((u16)outbuf.size());
builder.append(outbuf);
builder.append(outbuf.bytes());
}
ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
{
if (m_context.connection_status == ConnectionStatus::Established) {
#ifdef TLS_DEBUG
@ -374,7 +374,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "unsupported: server mode";
ASSERT_NOT_REACHED();
} else {
payload_res = handle_hello(buffer.slice_view(1, payload_size), write_packets);
payload_res = handle_hello(buffer.slice(1, payload_size), write_packets);
}
break;
case HelloVerifyRequest:
@ -396,7 +396,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "unsupported: server mode";
ASSERT_NOT_REACHED();
}
payload_res = handle_certificate(buffer.slice_view(1, payload_size));
payload_res = handle_certificate(buffer.slice(1, payload_size));
if (m_context.certificates.size()) {
auto it = m_context.certificates.find([&](auto& cert) { return cert.is_valid(); });
@ -430,7 +430,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "unsupported: server mode";
ASSERT_NOT_REACHED();
} else {
payload_res = handle_server_key_exchange(buffer.slice_view(1, payload_size));
payload_res = handle_server_key_exchange(buffer.slice(1, payload_size));
}
break;
case CertificateRequest:
@ -466,7 +466,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "unsupported: server mode";
ASSERT_NOT_REACHED();
} else {
payload_res = handle_server_hello_done(buffer.slice_view(1, payload_size));
payload_res = handle_server_hello_done(buffer.slice(1, payload_size));
if (payload_res > 0)
write_packets = WritePacketStage::ClientHandshake;
}
@ -482,7 +482,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "certificate verify";
#endif
if (m_context.connection_status == ConnectionStatus::KeyExchange) {
payload_res = handle_verify(buffer.slice_view(1, payload_size));
payload_res = handle_verify(buffer.slice(1, payload_size));
} else {
payload_res = (i8)Error::UnexpectedMessage;
}
@ -517,7 +517,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
#ifdef TLS_DEBUG
dbg() << "finished";
#endif
payload_res = handle_finished(buffer.slice_view(1, payload_size), write_packets);
payload_res = handle_finished(buffer.slice(1, payload_size), write_packets);
if (payload_res > 0) {
memset(m_context.handshake_messages, 0, sizeof(m_context.handshake_messages));
}
@ -528,7 +528,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
}
if (type != HelloRequest) {
update_hash(buffer.slice_view(0, payload_size + 1));
update_hash(buffer.slice(0, payload_size + 1));
}
// if something went wrong, send an alert about it

View file

@ -108,7 +108,7 @@ bool TLSv12::expand_key()
return true;
}
void TLSv12::pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b)
void TLSv12::pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b)
{
if (!secret.size()) {
dbg() << "null secret";
@ -225,7 +225,7 @@ ByteBuffer TLSv12::build_certificate()
for (auto& certificate : certificates) {
if (!certificate->der.is_empty()) {
builder.append_u24(certificate->der.size());
builder.append(certificate->der);
builder.append(certificate->der.bytes());
}
}
}
@ -265,13 +265,13 @@ ByteBuffer TLSv12::build_client_key_exchange()
return packet;
}
ssize_t TLSv12::handle_server_key_exchange(const ByteBuffer&)
ssize_t TLSv12::handle_server_key_exchange(ReadonlyBytes)
{
dbg() << "FIXME: parse_server_key_exchange";
return 0;
}
ssize_t TLSv12::handle_verify(const ByteBuffer&)
ssize_t TLSv12::handle_verify(ReadonlyBytes)
{
dbg() << "FIXME: parse_verify";
return 0;

View file

@ -160,7 +160,7 @@ ByteBuffer TLSv12::build_finished()
auto hashbuf = ByteBuffer::wrap(const_cast<u8*>(digest.immutable_data()), m_context.handshake_hash.digest_size());
pseudorandom_function(outbuffer, m_context.master_key, (const u8*)"client finished", 15, hashbuf, dummy);
builder.append(outbuffer);
builder.append(outbuffer.bytes());
auto packet = builder.build();
update_packet(packet);

View file

@ -194,7 +194,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
++m_context.local_sequence_number;
}
void TLSv12::update_hash(const ByteBuffer& message)
void TLSv12::update_hash(ReadonlyBytes message)
{
m_context.handshake_hash.update(message);
}
@ -226,7 +226,7 @@ ByteBuffer TLSv12::hmac_message(const ReadonlyBytes& buf, const Optional<Readonl
return mac;
}
ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
{
auto res { 5ll };
size_t header_size = res;
@ -265,7 +265,9 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
#ifdef TLS_DEBUG
dbg() << "message type: " << (u8)type << ", length: " << length;
#endif
ByteBuffer plain = buffer.slice_view(buffer_position, buffer.size() - buffer_position);
auto plain = buffer.slice(buffer_position, buffer.size() - buffer_position);
ByteBuffer decrypted;
if (m_context.cipher_spec_set && type != MessageType::ChangeCipher) {
#ifdef TLS_DEBUG
@ -284,8 +286,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
}
auto packet_length = length - iv_length() - 16;
auto payload = plain.bytes();
auto decrypted = ByteBuffer::create_uninitialized(packet_length);
auto payload = plain;
decrypted = ByteBuffer::create_uninitialized(packet_length);
// AEAD AAD (13)
// Seq. no (8)
@ -299,8 +301,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
u64 seq_no = AK::convert_between_host_and_network_endian(m_context.remote_sequence_number);
u16 len = AK::convert_between_host_and_network_endian((u16)packet_length);
aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
aad_stream.write(buffer.bytes().slice(0, header_size - 2)); // content-type + version
aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
aad_stream.write(buffer.slice(0, header_size - 2)); // content-type + version
aad_stream.write({ &len, sizeof(u16) });
ASSERT(aad_stream.is_end());
@ -342,10 +344,10 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
auto iv_size = iv_length();
auto decrypted = m_aes_remote.cbc->create_aligned_buffer(length - iv_size);
auto iv = buffer.slice_view(header_size, iv_size);
auto iv = buffer.slice(header_size, iv_size);
Bytes decrypted_span = decrypted;
m_aes_remote.cbc->decrypt(buffer.bytes().slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
m_aes_remote.cbc->decrypt(buffer.slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
length = decrypted_span.size();

View file

@ -73,7 +73,7 @@ String TLSv12::read_line(size_t max_size)
return String::copy(buffer, Chomp);
}
bool TLSv12::write(const ByteBuffer& buffer)
bool TLSv12::write(ReadonlyBytes buffer)
{
if (m_context.connection_status != ConnectionStatus::Established) {
#ifdef TLS_DEBUG

View file

@ -70,7 +70,7 @@ public:
{
append((const u8*)&value, sizeof(value));
}
inline void append(const ByteBuffer& data)
inline void append(ReadonlyBytes data)
{
append(data.data(), data.size());
}

View file

@ -428,7 +428,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
}
}
Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
Optional<Certificate> TLSv12::parse_asn1(ReadonlyBytes buffer, bool) const
{
// FIXME: Our ASN.1 parser is not quite up to the task of
// parsing this X.509 certificate, so for the
@ -447,7 +447,7 @@ Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
return cert;
}
ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
{
ssize_t res = 0;
@ -522,7 +522,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
}
remaining -= certificate_size_specific;
auto certificate = parse_asn1(buffer.slice_view(res_cert, certificate_size_specific), false);
auto certificate = parse_asn1(buffer.slice(res_cert, certificate_size_specific), false);
if (certificate.has_value()) {
if (certificate.value().is_valid()) {
m_context.certificates.append(certificate.value());
@ -546,7 +546,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
return res;
}
void TLSv12::consume(const ByteBuffer& record)
void TLSv12::consume(ReadonlyBytes record)
{
if (m_context.critical_error) {
dbg() << "There has been a critical error (" << (i8)m_context.critical_error << "), refusing to continue";
@ -846,7 +846,7 @@ TLSv12::TLSv12(Core::Object* parent, Version version)
}
}
bool TLSv12::add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& rsa_key) // FIXME: This should not be bound to RSA
bool TLSv12::add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes rsa_key) // FIXME: This should not be bound to RSA
{
if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) {
return true;

View file

@ -41,18 +41,21 @@
namespace TLS {
inline void print_buffer(const ByteBuffer& buffer)
inline void print_buffer(ReadonlyBytes buffer)
{
for (size_t i { 0 }; i < buffer.size(); ++i)
dbgprintf("%02x ", buffer[i]);
dbgprintf("\n");
}
inline void print_buffer(const ByteBuffer& buffer)
{
print_buffer(buffer.bytes());
}
inline void print_buffer(const u8* buffer, size_t size)
{
for (size_t i { 0 }; i < size; ++i)
dbgprintf("%02x ", buffer[i]);
dbgprintf("\n");
print_buffer(ReadonlyBytes { buffer, size });
}
class Socket;
@ -277,13 +280,13 @@ public:
m_context.SNI = sni;
}
Optional<Certificate> parse_asn1(const ByteBuffer& buffer, bool client_cert = false) const;
bool load_certificates(const ByteBuffer& pem_buffer);
bool load_private_key(const ByteBuffer& pem_buffer);
Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false) const;
bool load_certificates(ReadonlyBytes pem_buffer);
bool load_private_key(ReadonlyBytes pem_buffer);
void set_root_certificates(Vector<Certificate>);
bool add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& key_pem_buffer);
bool add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes key_pem_buffer);
bool add_client_key(Certificate certificate)
{
m_context.client_certificates.append(move(certificate));
@ -313,7 +316,7 @@ public:
Optional<ByteBuffer> read();
ByteBuffer read(size_t max_size);
bool write(const ByteBuffer& buffer);
bool write(ReadonlyBytes);
void alert(AlertLevel, AlertDescription);
bool can_read_line() const { return m_context.application_buffer.size() && memchr(m_context.application_buffer.data(), '\n', m_context.application_buffer.size()); }
@ -332,13 +335,13 @@ private:
virtual bool common_connect(const struct sockaddr*, socklen_t) override;
void consume(const ByteBuffer& record);
void consume(ReadonlyBytes record);
ByteBuffer hmac_message(const ReadonlyBytes& buf, const Optional<ReadonlyBytes> buf2, size_t mac_length, bool local = false);
void ensure_hmac(size_t digest_size, bool local);
void update_packet(ByteBuffer& packet);
void update_hash(const ByteBuffer& in);
void update_hash(ReadonlyBytes in);
void write_packet(ByteBuffer& packet);
@ -360,19 +363,19 @@ private:
bool check_connection_state(bool read);
ssize_t handle_hello(const ByteBuffer& buffer, WritePacketStage&);
ssize_t handle_finished(const ByteBuffer& buffer, WritePacketStage&);
ssize_t handle_certificate(const ByteBuffer& buffer);
ssize_t handle_server_key_exchange(const ByteBuffer& buffer);
ssize_t handle_server_hello_done(const ByteBuffer& buffer);
ssize_t handle_verify(const ByteBuffer& buffer);
ssize_t handle_payload(const ByteBuffer& buffer);
ssize_t handle_message(const ByteBuffer& buffer);
ssize_t handle_random(const ByteBuffer& buffer);
ssize_t handle_hello(ReadonlyBytes, WritePacketStage&);
ssize_t handle_finished(ReadonlyBytes, WritePacketStage&);
ssize_t handle_certificate(ReadonlyBytes);
ssize_t handle_server_key_exchange(ReadonlyBytes);
ssize_t handle_server_hello_done(ReadonlyBytes);
ssize_t handle_verify(ReadonlyBytes);
ssize_t handle_payload(ReadonlyBytes);
ssize_t handle_message(ReadonlyBytes);
ssize_t handle_random(ReadonlyBytes);
size_t asn1_length(const ByteBuffer& buffer, size_t* octets);
size_t asn1_length(ReadonlyBytes, size_t* octets);
void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b);
void pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b);
size_t key_length() const
{