1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-26 18:02:06 +00:00
Commit graph

174 commits

Author SHA1 Message Date
stelar7
a559dca816 LibTLS: Fix supported signature algorithms typo
The ED curve is INTRINSIC/ED25519, not INTRINSIC/ECDSA
2023-10-31 07:07:53 +01:00
Andrew Kaster
baa26d10a8 LibTLS: Retry sending in TLSv12::flush() on EAGAIN or EINTR
Crashing here is not very helpful.
2023-10-31 00:36:51 +03:30
Andrew Kaster
f9386737a6 LibTLS: Add certificate verification for ECDSA with SECP256r1 curves 2023-10-30 10:17:39 -06:00
Michiel Visser
c548dca174 LibTLS: Add ECDSA support with the secp256r1 curve 2023-10-30 10:17:39 -06:00
Ali Mohammad Pur
aeee98b3a1 AK+Everywhere: Remove the null state of DeprecatedString
This commit removes DeprecatedString's "null" state, and replaces all
its users with one of the following:
- A normal, empty DeprecatedString
- Optional<DeprecatedString>

Note that null states of DeprecatedFlyString/StringView/etc are *not*
affected by this commit. However, DeprecatedString::empty() is now
considered equal to a null StringView.
2023-10-13 18:33:21 +03:30
Tim Ledbetter
e6d9bb0774 LibTLS: Don't attempt to read past EOF when parsing TBSCertificate
This allows the decoder to fail gracefully when reading a partial or
malformed TBSCertificate. We also now ensure that the certificate data
is valid before making a copy of it.
2023-10-11 07:08:22 +02:00
stelar7
42d80aab06 LibTLS: Reorder supported ciphers 2023-10-06 22:32:07 +02:00
Andrew Kaster
28d3d3c9fc LibTLS: Allow applications to provide a custom default CA Cert path
On Lagom, we also need to allow the initial load of /etc/cacert.pem to
fail.
2023-08-02 05:44:43 +02:00
Andrew Kaster
6266976e7a LibTLS: Move singleton for DefaultRootCACertificates out of line
This follows the pattern of every other singleton in the system.

Also, remove use of AK::Singleton in place of a function-scope static.
There are only three uses of that class outside of the Kernel, and all
the remaining uses are suspect. We need it in the Kernel because we
want to avoid global destructors to prevent nasty surprises about
expected lifetimes of objects. In Userland, we have normal thread-safe
statics available. 7d11edbe1 attempted to standardize the pattern, but
it seems like more uses of awkward singleton creation have crept in or
were missed back then.

As a bonus, this fixes a linker error on macOS with -g -O0 for Lagom
WebContent.
2023-07-26 05:34:38 +02:00
Lucas CHOLLET
9581fe1d7d LibTLS: Remove unused methods
Affected methods are:
 - can_read_line
 - can_read
 - read_line
2023-07-03 23:29:28 +02:00
stelar7
0fc73679f1 LibTLS: Fix typo in ecdsa_sha512 OID 2023-07-02 16:13:37 +02:00
stelar7
77080fbade LibTLS: Rename parse_version to parse_certificate_version
This is not a generic version, but specifically for certificates.
2023-07-02 16:13:37 +02:00
Ben Wiederhake
2bb2a7097d LibTLS: Avoid unnecessary HashMap copies, improve const-correctness 2023-05-19 22:33:57 +02:00
Ben Wiederhake
ac5cef1b66 LibCrypto+LibTLS: Avoid crashing on invalid input
Fixes #18307.
2023-05-08 06:43:28 +02:00
stelar7
2d2d2539b4 LibTLS: Use the TBS ASN.1 data when verifying certificates 2023-05-05 09:36:43 +03:30
stelar7
0b70314379 LibCrypto: Store the TBS ASN.1 data on the certificate
This way we dont need to guess the offsets in LibTLS when using it.
2023-05-05 09:36:43 +03:30
Ali Mohammad Pur
7e6341587b AK+Everywhere: Disallow Error::from_string_view(FooString)
That pattern seems to show up a lot in code written by people that
aren't intimately familiar with the lifetime model of Error and Strings.
This commit makes the compiler detect it and present a more helpful
diagnostic than "garbage string at runtime".
2023-04-28 05:55:20 +02:00
stelar7
4043c89310 LibTLS: Change CertificateKeyAlgorithm from enum to struct 2023-04-15 09:03:47 +03:30
stelar7
e59137d4f6 LibTLS: Add RFC explanation of AlertDescription values 2023-04-14 12:32:04 +01:00
stelar7
9059694216 LibTLS: Show enum value instead of underlying value where possible 2023-04-14 12:32:04 +01:00
stelar7
5853d9642a LibTLS: Move AlertDescription to Extensions.h
Also add missing values from the IANA registry
2023-04-14 12:32:04 +01:00
stelar7
e8945f15f4 LibTLS: Move CipherSuite to Extensions.h
Also add missing values from the IANA registry
2023-04-14 12:32:04 +01:00
stelar7
da8edece29 LibTLS: Move HashAlgorithm to Extensions.h
Also add missing values from the IANA registry
2023-04-14 12:32:04 +01:00
stelar7
fba7695dcc LibTLS: Move SignatureAlgorithm to Extensions.h
Also add missing values from the IANA registry
2023-04-14 12:32:04 +01:00
stelar7
e5f81475e5 LibTLS: Move ECPointFormat to Extensions.h
Also add missing values from the IANA registry
2023-04-14 12:32:04 +01:00
stelar7
a4855aef17 LibTLS: Rename NamedCurve to SupportedGroup
This matches the wording used in the IANA registry and TLS 1.3
Also add missing values from the IANA registry
2023-04-14 12:32:04 +01:00
stelar7
6df3ffaf45 LibTLS: Move ECCurveType to Extensions.h
Also add missing values from the IANA registry
2023-04-14 12:32:04 +01:00
stelar7
0fea6e7f13 LibTLS: Move NameType to Extensions.h 2023-04-14 12:32:04 +01:00
stelar7
9110f26c79 LibTLS: Rename HandshakeExtension to ExtensionType
This matches the wording used in the TLS RFC
2023-04-14 12:32:04 +01:00
stelar7
c30ee1b89b LibTLS: Update HandshakeType value names to match IANA registry values 2023-04-14 12:32:04 +01:00
stelar7
611a235a52 LibTLS: Rename AlertLevel Critial to FATAL
This matches the wording used in the TLS RFC
2023-04-14 12:32:04 +01:00
stelar7
ca6b8bfe7f LibTLS: Rename Version to ProtocolVersion
This matches the wording used in the TLS RFC
Also define GREASE values as specified in RFC8701
2023-04-14 12:32:04 +01:00
stelar7
082e64e167 LibTLS: Rename MessageType to ContentType
This matches the wording used in the TLS RFC
2023-04-14 12:32:04 +01:00
Fabian Dellwing
e78db6417a LibTLS: Remove outdated comment about ECC
PR #18166 introduced the ability to parse ECC certificates. If we
now fail here the reason is mostlikely something new and we should
prevent this rabbit hole from happening.
2023-04-12 11:40:06 +03:30
Fabian Dellwing
93232d4e6d LibTLS: Streamline certificate loading
Some refactoring of our root ca loading process:

- Remove duplicate code
- Remove duplicate calls to `parse_root_ca`
- Load user imported certificates in Browser/RequestServer
2023-04-12 11:40:06 +03:30
stelar7
e4481baef9 LibTLS: Dont also include the OID when printing the RDN short name 2023-04-12 11:36:54 +03:30
stelar7
d527edf0ab LibTLS: Change Certificate parsing to use ErrorOr
Loads of changes that are tightly connected... :/
* Change lambdas to static functions
* Add spec docs to those functions
* Keep the current scope around as a parameter
* Add wrapping classes for some Certificate members
* Parse ec and ecdsa data from certificates
2023-04-06 09:57:31 +03:30
Fabian Dellwing
459dee1f86 LibTLS: Refactor CA loading into central function 2023-04-03 19:58:47 -06:00
Timothy Flynn
15532df83d AK+Everywhere: Change AK::fill_with_random to accept a Bytes object
Rather than the very C-like API we currently have, accepting a void* and
a length, let's take a Bytes object instead. In almost all existing
cases, the compiler figures out the length.
2023-04-03 15:53:49 +02:00
Fabian Dellwing
ee0ae18386 LibTLS: Check if certificate is self signed before importing it as CA 2023-03-27 15:34:28 +03:30
Fabian Dellwing
114a383af3 LibTLS: Add self signage information to our parsed certificates 2023-03-27 15:34:28 +03:30
Fabian Dellwing
12cd74495a LibTLS+Base: Rework default system certificate parser
Change the default system certificate parser from our arbitrary
INI format to well-known PEM format.
2023-03-16 18:54:20 +03:30
Fabian Dellwing
b07654c3c1 Meta: Download cacert.pem at build time 2023-03-16 18:54:20 +03:30
Tim Schumacher
ecd1862859 AK: Rename Stream::write_entire_buffer to Stream::write_until_depleted
No functional changes.
2023-03-13 15:16:20 +00:00
Tim Schumacher
d5871f5717 AK: Rename Stream::{read,write} to Stream::{read_some,write_some}
Similar to POSIX read, the basic read and write functions of AK::Stream
do not have a lower limit of how much data they read or write (apart
from "none at all").

Rename the functions to "read some [data]" and "write some [data]" (with
"data" being omitted, since everything here is reading and writing data)
to make them sufficiently distinct from the functions that ensure to
use the entire buffer (which should be the go-to function for most
usages).

No functional changes, just a lot of new FIXMEs.
2023-03-13 15:16:20 +00:00
Tim Schumacher
874c7bba28 LibCore: Remove Stream.h 2023-02-13 00:50:07 +00:00
Tim Schumacher
606a3982f3 LibCore: Move Stream-based file into the Core namespace 2023-02-13 00:50:07 +00:00
Tim Schumacher
a96339b72b LibCore: Move Stream-based sockets into the Core namespace 2023-02-13 00:50:07 +00:00
Tim Schumacher
d43a7eae54 LibCore: Rename File to DeprecatedFile
As usual, this removes many unused includes and moves used includes
further down the chain.
2023-02-13 00:50:07 +00:00
Tim Schumacher
43f36d5e7f LibTLS: Use AK::Stream for serializing TLS packets
We are working with a MemoryStream, so our stream operations shouldn't
ever fail as long as we stay in-bounds, so `MUST` is fine.
2023-02-08 18:51:02 +00:00