mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 06:17:35 +00:00
LibTLS+LibCrypto: Replace a whole bunch of ByteBuffers with Spans
This commit is contained in:
parent
4d89c1885d
commit
8e20208dd6
22 changed files with 116 additions and 109 deletions
|
@ -34,7 +34,7 @@
|
|||
|
||||
namespace TLS {
|
||||
|
||||
ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
|
||||
ssize_t TLSv12::handle_server_hello_done(ReadonlyBytes buffer)
|
||||
{
|
||||
if (buffer.size() < 3)
|
||||
return (i8)Error::NeedMoreData;
|
||||
|
@ -47,7 +47,7 @@ ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
|
|||
return size + 3;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_packets)
|
||||
ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packets)
|
||||
{
|
||||
write_packets = WritePacketStage::Initial;
|
||||
if (m_context.connection_status != ConnectionStatus::Disconnected && m_context.connection_status != ConnectionStatus::Renegotiating) {
|
||||
|
@ -192,7 +192,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
|
|||
}
|
||||
} else if (extension_type == HandshakeExtension::SignatureAlgorithms) {
|
||||
dbg() << "supported signatures: ";
|
||||
print_buffer(buffer.slice_view(res, extension_length));
|
||||
print_buffer(buffer.slice(res, extension_length));
|
||||
// FIXME: what are we supposed to do here?
|
||||
}
|
||||
res += extension_length;
|
||||
|
@ -202,7 +202,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
|
|||
return res;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& write_packets)
|
||||
ssize_t TLSv12::handle_finished(ReadonlyBytes buffer, WritePacketStage& write_packets)
|
||||
{
|
||||
if (m_context.connection_status < ConnectionStatus::KeyExchange || m_context.connection_status == ConnectionStatus::Established) {
|
||||
dbg() << "unexpected finished message";
|
||||
|
@ -305,10 +305,10 @@ void TLSv12::build_random(PacketBuilder& builder)
|
|||
|
||||
builder.append_u24(outbuf.size() + 2);
|
||||
builder.append((u16)outbuf.size());
|
||||
builder.append(outbuf);
|
||||
builder.append(outbuf.bytes());
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
||||
ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
|
||||
{
|
||||
if (m_context.connection_status == ConnectionStatus::Established) {
|
||||
#ifdef TLS_DEBUG
|
||||
|
@ -374,7 +374,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "unsupported: server mode";
|
||||
ASSERT_NOT_REACHED();
|
||||
} else {
|
||||
payload_res = handle_hello(buffer.slice_view(1, payload_size), write_packets);
|
||||
payload_res = handle_hello(buffer.slice(1, payload_size), write_packets);
|
||||
}
|
||||
break;
|
||||
case HelloVerifyRequest:
|
||||
|
@ -396,7 +396,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "unsupported: server mode";
|
||||
ASSERT_NOT_REACHED();
|
||||
}
|
||||
payload_res = handle_certificate(buffer.slice_view(1, payload_size));
|
||||
payload_res = handle_certificate(buffer.slice(1, payload_size));
|
||||
if (m_context.certificates.size()) {
|
||||
auto it = m_context.certificates.find([&](auto& cert) { return cert.is_valid(); });
|
||||
|
||||
|
@ -430,7 +430,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "unsupported: server mode";
|
||||
ASSERT_NOT_REACHED();
|
||||
} else {
|
||||
payload_res = handle_server_key_exchange(buffer.slice_view(1, payload_size));
|
||||
payload_res = handle_server_key_exchange(buffer.slice(1, payload_size));
|
||||
}
|
||||
break;
|
||||
case CertificateRequest:
|
||||
|
@ -466,7 +466,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "unsupported: server mode";
|
||||
ASSERT_NOT_REACHED();
|
||||
} else {
|
||||
payload_res = handle_server_hello_done(buffer.slice_view(1, payload_size));
|
||||
payload_res = handle_server_hello_done(buffer.slice(1, payload_size));
|
||||
if (payload_res > 0)
|
||||
write_packets = WritePacketStage::ClientHandshake;
|
||||
}
|
||||
|
@ -482,7 +482,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
dbg() << "certificate verify";
|
||||
#endif
|
||||
if (m_context.connection_status == ConnectionStatus::KeyExchange) {
|
||||
payload_res = handle_verify(buffer.slice_view(1, payload_size));
|
||||
payload_res = handle_verify(buffer.slice(1, payload_size));
|
||||
} else {
|
||||
payload_res = (i8)Error::UnexpectedMessage;
|
||||
}
|
||||
|
@ -517,7 +517,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
#ifdef TLS_DEBUG
|
||||
dbg() << "finished";
|
||||
#endif
|
||||
payload_res = handle_finished(buffer.slice_view(1, payload_size), write_packets);
|
||||
payload_res = handle_finished(buffer.slice(1, payload_size), write_packets);
|
||||
if (payload_res > 0) {
|
||||
memset(m_context.handshake_messages, 0, sizeof(m_context.handshake_messages));
|
||||
}
|
||||
|
@ -528,7 +528,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
|
|||
}
|
||||
|
||||
if (type != HelloRequest) {
|
||||
update_hash(buffer.slice_view(0, payload_size + 1));
|
||||
update_hash(buffer.slice(0, payload_size + 1));
|
||||
}
|
||||
|
||||
// if something went wrong, send an alert about it
|
||||
|
|
|
@ -108,7 +108,7 @@ bool TLSv12::expand_key()
|
|||
return true;
|
||||
}
|
||||
|
||||
void TLSv12::pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b)
|
||||
void TLSv12::pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b)
|
||||
{
|
||||
if (!secret.size()) {
|
||||
dbg() << "null secret";
|
||||
|
@ -225,7 +225,7 @@ ByteBuffer TLSv12::build_certificate()
|
|||
for (auto& certificate : certificates) {
|
||||
if (!certificate->der.is_empty()) {
|
||||
builder.append_u24(certificate->der.size());
|
||||
builder.append(certificate->der);
|
||||
builder.append(certificate->der.bytes());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -265,13 +265,13 @@ ByteBuffer TLSv12::build_client_key_exchange()
|
|||
return packet;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_server_key_exchange(const ByteBuffer&)
|
||||
ssize_t TLSv12::handle_server_key_exchange(ReadonlyBytes)
|
||||
{
|
||||
dbg() << "FIXME: parse_server_key_exchange";
|
||||
return 0;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_verify(const ByteBuffer&)
|
||||
ssize_t TLSv12::handle_verify(ReadonlyBytes)
|
||||
{
|
||||
dbg() << "FIXME: parse_verify";
|
||||
return 0;
|
||||
|
|
|
@ -160,7 +160,7 @@ ByteBuffer TLSv12::build_finished()
|
|||
auto hashbuf = ByteBuffer::wrap(const_cast<u8*>(digest.immutable_data()), m_context.handshake_hash.digest_size());
|
||||
pseudorandom_function(outbuffer, m_context.master_key, (const u8*)"client finished", 15, hashbuf, dummy);
|
||||
|
||||
builder.append(outbuffer);
|
||||
builder.append(outbuffer.bytes());
|
||||
auto packet = builder.build();
|
||||
update_packet(packet);
|
||||
|
||||
|
|
|
@ -194,7 +194,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
|
|||
++m_context.local_sequence_number;
|
||||
}
|
||||
|
||||
void TLSv12::update_hash(const ByteBuffer& message)
|
||||
void TLSv12::update_hash(ReadonlyBytes message)
|
||||
{
|
||||
m_context.handshake_hash.update(message);
|
||||
}
|
||||
|
@ -226,7 +226,7 @@ ByteBuffer TLSv12::hmac_message(const ReadonlyBytes& buf, const Optional<Readonl
|
|||
return mac;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
||||
ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
|
||||
{
|
||||
auto res { 5ll };
|
||||
size_t header_size = res;
|
||||
|
@ -265,7 +265,9 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
|||
#ifdef TLS_DEBUG
|
||||
dbg() << "message type: " << (u8)type << ", length: " << length;
|
||||
#endif
|
||||
ByteBuffer plain = buffer.slice_view(buffer_position, buffer.size() - buffer_position);
|
||||
auto plain = buffer.slice(buffer_position, buffer.size() - buffer_position);
|
||||
|
||||
ByteBuffer decrypted;
|
||||
|
||||
if (m_context.cipher_spec_set && type != MessageType::ChangeCipher) {
|
||||
#ifdef TLS_DEBUG
|
||||
|
@ -284,8 +286,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
|||
}
|
||||
|
||||
auto packet_length = length - iv_length() - 16;
|
||||
auto payload = plain.bytes();
|
||||
auto decrypted = ByteBuffer::create_uninitialized(packet_length);
|
||||
auto payload = plain;
|
||||
decrypted = ByteBuffer::create_uninitialized(packet_length);
|
||||
|
||||
// AEAD AAD (13)
|
||||
// Seq. no (8)
|
||||
|
@ -299,8 +301,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
|||
u64 seq_no = AK::convert_between_host_and_network_endian(m_context.remote_sequence_number);
|
||||
u16 len = AK::convert_between_host_and_network_endian((u16)packet_length);
|
||||
|
||||
aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
|
||||
aad_stream.write(buffer.bytes().slice(0, header_size - 2)); // content-type + version
|
||||
aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
|
||||
aad_stream.write(buffer.slice(0, header_size - 2)); // content-type + version
|
||||
aad_stream.write({ &len, sizeof(u16) });
|
||||
ASSERT(aad_stream.is_end());
|
||||
|
||||
|
@ -342,10 +344,10 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
|
|||
auto iv_size = iv_length();
|
||||
|
||||
auto decrypted = m_aes_remote.cbc->create_aligned_buffer(length - iv_size);
|
||||
auto iv = buffer.slice_view(header_size, iv_size);
|
||||
auto iv = buffer.slice(header_size, iv_size);
|
||||
|
||||
Bytes decrypted_span = decrypted;
|
||||
m_aes_remote.cbc->decrypt(buffer.bytes().slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
|
||||
m_aes_remote.cbc->decrypt(buffer.slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
|
||||
|
||||
length = decrypted_span.size();
|
||||
|
||||
|
|
|
@ -73,7 +73,7 @@ String TLSv12::read_line(size_t max_size)
|
|||
return String::copy(buffer, Chomp);
|
||||
}
|
||||
|
||||
bool TLSv12::write(const ByteBuffer& buffer)
|
||||
bool TLSv12::write(ReadonlyBytes buffer)
|
||||
{
|
||||
if (m_context.connection_status != ConnectionStatus::Established) {
|
||||
#ifdef TLS_DEBUG
|
||||
|
|
|
@ -70,7 +70,7 @@ public:
|
|||
{
|
||||
append((const u8*)&value, sizeof(value));
|
||||
}
|
||||
inline void append(const ByteBuffer& data)
|
||||
inline void append(ReadonlyBytes data)
|
||||
{
|
||||
append(data.data(), data.size());
|
||||
}
|
||||
|
|
|
@ -428,7 +428,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
|
|||
}
|
||||
}
|
||||
|
||||
Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
|
||||
Optional<Certificate> TLSv12::parse_asn1(ReadonlyBytes buffer, bool) const
|
||||
{
|
||||
// FIXME: Our ASN.1 parser is not quite up to the task of
|
||||
// parsing this X.509 certificate, so for the
|
||||
|
@ -447,7 +447,7 @@ Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
|
|||
return cert;
|
||||
}
|
||||
|
||||
ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
|
||||
ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
|
||||
{
|
||||
ssize_t res = 0;
|
||||
|
||||
|
@ -522,7 +522,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
|
|||
}
|
||||
remaining -= certificate_size_specific;
|
||||
|
||||
auto certificate = parse_asn1(buffer.slice_view(res_cert, certificate_size_specific), false);
|
||||
auto certificate = parse_asn1(buffer.slice(res_cert, certificate_size_specific), false);
|
||||
if (certificate.has_value()) {
|
||||
if (certificate.value().is_valid()) {
|
||||
m_context.certificates.append(certificate.value());
|
||||
|
@ -546,7 +546,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
|
|||
return res;
|
||||
}
|
||||
|
||||
void TLSv12::consume(const ByteBuffer& record)
|
||||
void TLSv12::consume(ReadonlyBytes record)
|
||||
{
|
||||
if (m_context.critical_error) {
|
||||
dbg() << "There has been a critical error (" << (i8)m_context.critical_error << "), refusing to continue";
|
||||
|
@ -846,7 +846,7 @@ TLSv12::TLSv12(Core::Object* parent, Version version)
|
|||
}
|
||||
}
|
||||
|
||||
bool TLSv12::add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& rsa_key) // FIXME: This should not be bound to RSA
|
||||
bool TLSv12::add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes rsa_key) // FIXME: This should not be bound to RSA
|
||||
{
|
||||
if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) {
|
||||
return true;
|
||||
|
|
|
@ -41,18 +41,21 @@
|
|||
|
||||
namespace TLS {
|
||||
|
||||
inline void print_buffer(const ByteBuffer& buffer)
|
||||
inline void print_buffer(ReadonlyBytes buffer)
|
||||
{
|
||||
for (size_t i { 0 }; i < buffer.size(); ++i)
|
||||
dbgprintf("%02x ", buffer[i]);
|
||||
dbgprintf("\n");
|
||||
}
|
||||
|
||||
inline void print_buffer(const ByteBuffer& buffer)
|
||||
{
|
||||
print_buffer(buffer.bytes());
|
||||
}
|
||||
|
||||
inline void print_buffer(const u8* buffer, size_t size)
|
||||
{
|
||||
for (size_t i { 0 }; i < size; ++i)
|
||||
dbgprintf("%02x ", buffer[i]);
|
||||
dbgprintf("\n");
|
||||
print_buffer(ReadonlyBytes { buffer, size });
|
||||
}
|
||||
|
||||
class Socket;
|
||||
|
@ -277,13 +280,13 @@ public:
|
|||
m_context.SNI = sni;
|
||||
}
|
||||
|
||||
Optional<Certificate> parse_asn1(const ByteBuffer& buffer, bool client_cert = false) const;
|
||||
bool load_certificates(const ByteBuffer& pem_buffer);
|
||||
bool load_private_key(const ByteBuffer& pem_buffer);
|
||||
Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false) const;
|
||||
bool load_certificates(ReadonlyBytes pem_buffer);
|
||||
bool load_private_key(ReadonlyBytes pem_buffer);
|
||||
|
||||
void set_root_certificates(Vector<Certificate>);
|
||||
|
||||
bool add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& key_pem_buffer);
|
||||
bool add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes key_pem_buffer);
|
||||
bool add_client_key(Certificate certificate)
|
||||
{
|
||||
m_context.client_certificates.append(move(certificate));
|
||||
|
@ -313,7 +316,7 @@ public:
|
|||
Optional<ByteBuffer> read();
|
||||
ByteBuffer read(size_t max_size);
|
||||
|
||||
bool write(const ByteBuffer& buffer);
|
||||
bool write(ReadonlyBytes);
|
||||
void alert(AlertLevel, AlertDescription);
|
||||
|
||||
bool can_read_line() const { return m_context.application_buffer.size() && memchr(m_context.application_buffer.data(), '\n', m_context.application_buffer.size()); }
|
||||
|
@ -332,13 +335,13 @@ private:
|
|||
|
||||
virtual bool common_connect(const struct sockaddr*, socklen_t) override;
|
||||
|
||||
void consume(const ByteBuffer& record);
|
||||
void consume(ReadonlyBytes record);
|
||||
|
||||
ByteBuffer hmac_message(const ReadonlyBytes& buf, const Optional<ReadonlyBytes> buf2, size_t mac_length, bool local = false);
|
||||
void ensure_hmac(size_t digest_size, bool local);
|
||||
|
||||
void update_packet(ByteBuffer& packet);
|
||||
void update_hash(const ByteBuffer& in);
|
||||
void update_hash(ReadonlyBytes in);
|
||||
|
||||
void write_packet(ByteBuffer& packet);
|
||||
|
||||
|
@ -360,19 +363,19 @@ private:
|
|||
|
||||
bool check_connection_state(bool read);
|
||||
|
||||
ssize_t handle_hello(const ByteBuffer& buffer, WritePacketStage&);
|
||||
ssize_t handle_finished(const ByteBuffer& buffer, WritePacketStage&);
|
||||
ssize_t handle_certificate(const ByteBuffer& buffer);
|
||||
ssize_t handle_server_key_exchange(const ByteBuffer& buffer);
|
||||
ssize_t handle_server_hello_done(const ByteBuffer& buffer);
|
||||
ssize_t handle_verify(const ByteBuffer& buffer);
|
||||
ssize_t handle_payload(const ByteBuffer& buffer);
|
||||
ssize_t handle_message(const ByteBuffer& buffer);
|
||||
ssize_t handle_random(const ByteBuffer& buffer);
|
||||
ssize_t handle_hello(ReadonlyBytes, WritePacketStage&);
|
||||
ssize_t handle_finished(ReadonlyBytes, WritePacketStage&);
|
||||
ssize_t handle_certificate(ReadonlyBytes);
|
||||
ssize_t handle_server_key_exchange(ReadonlyBytes);
|
||||
ssize_t handle_server_hello_done(ReadonlyBytes);
|
||||
ssize_t handle_verify(ReadonlyBytes);
|
||||
ssize_t handle_payload(ReadonlyBytes);
|
||||
ssize_t handle_message(ReadonlyBytes);
|
||||
ssize_t handle_random(ReadonlyBytes);
|
||||
|
||||
size_t asn1_length(const ByteBuffer& buffer, size_t* octets);
|
||||
size_t asn1_length(ReadonlyBytes, size_t* octets);
|
||||
|
||||
void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b);
|
||||
void pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b);
|
||||
|
||||
size_t key_length() const
|
||||
{
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue