RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 14:02:46 +00:00
Code Issues Activity Actions
14493 commits 1 branch 0 tags 230 MiB
Commit graph

42 commits

Author SHA1 Message Date
AnotherTest
de4061ff94 LibTLS: Count the mac size towards the packet length in CBC mode 
This is a regression introduced in 1172746, where the padding would be
done without accounting for the added MAC bytes.
Fixes #4098.
 2020-11-16 13:21:18 +01:00
AnotherTest
1172746633 LibTLS: Add support for AEAD cipher suites 
And integrate AES-GCM.
 2020-11-14 10:18:54 +01:00
AnotherTest
37c089fb7b LibTLS: (Almost) verify certificate chain against root CA certificates 
Also adds a very primitive systemwide ca_certs.ini file.
 2020-10-30 23:42:03 +01:00
AnotherTest
1746e6f9ca LibTLS: Also read out the Organisational Unit from the certificate 
This needs to be read out if we want to actually verify the cert chain.
 2020-10-30 23:42:03 +01:00
AnotherTest
a2186fd64a LibTLS: Move out Certificate to its own header file 2020-10-30 23:42:03 +01:00
Luke
63a94deb43 LibTLS: Treat a close_notify before agreeing on a cipher suite as a handshake failure 
Some TLS implementations (namely, AWS CloudFront) do this instead of
sending handshake_failure for some reason.
 2020-10-26 08:59:57 +01:00
Nico Weber
ef1b21004f Everywhere: Fix typos 
Mostly in comments, but sprintf() now prints "August" instead of
"Auguest" so that's something.
 2020-10-02 16:03:17 +02:00
asynts
10c6f062b3 AK: Add Endian.h header to replace NetworkOrdered.h. 2020-08-25 16:22:14 +02:00
Nico Weber
8b166e57df
Misc: Remove some unneeded includes of Timer.h and ElapsedTimer.h (#3286) 2020-08-25 09:41:56 +02:00
AnotherTest
abb842ee5a LibTLS: Fix some debug logging 2020-08-24 09:29:39 +02:00
AnotherTest
0be3937be7 LibTLS: Do not process_message() the finished message twice 
With two different sequence numbers to boot!
Fixes #3273
 2020-08-24 09:29:39 +02:00
Ben Wiederhake
2a2630edc9 Meta: Fix wrong 'using namespace X' usages 
Apart from causing All AK:: and Crypto:: symbols being suddenly visible even though
they might not be supposed to be, the style guide also says this is wrong:

https://github.com/SerenityOS/serenity/blob/master/Documentation/CodingStyle.md#using-statements
 2020-08-23 00:53:16 +02:00
asynts
fff581cd72 AK: Rename span() to bytes() when appropriate. 
I originally defined the bytes() method for the String class, because it
made it obvious that it's a span of bytes instead of span of characters.

This commit makes this more consistent by defining a bytes() method when
the type of the span is known to be u8.

Additionaly, the cast operator to Bytes is overloaded for ByteBuffer and
such.
 2020-08-15 21:21:18 +02:00
Ali Mohammad Pur
d1571ce00a LibTLS: Re-silence a debug log 
bc7a149039 (r41386045)
 2020-08-12 10:59:06 +02:00
AnotherTest
880b0a7600 LibTLS: Avoid extra initialisation of buffers that are initialised 
A trace for proof:
buffer:

    L91: 0:(packet.size() - header_size)
    L98: (packet.size() - header_size):(packet.size() - header_size + mac_size)
    L102: (packet.size() - header_size + mac_size):buffer.size()
    (asserted at L103)

ct:

    L88: 0:(header_size - 2)
    L123: (header_size - 2):(header_size)
    L111: (header_size):(header_size + iv_size)
    L117: (header_size + iv_size):(header_size + iv_size + length)
    (asserted at L113)
 2020-08-11 21:37:10 +02:00
AnotherTest
bc7a149039 LibCrypto+LibTLS+Kernel: Switch the Cipher::Mode interface to use Span 
This shaves 2.5 more runtime seconds off 'disasm /bin/id', and makes the
Mode<T> interface a lot more allocation-friendly.
 2020-08-11 21:37:10 +02:00
asynts
b3d1a05261 Refactor: Expose const_cast by removing ByteBuffer::warp(const void*, size_t) 
This function did a const_cast internally which made the call side look
"safe". This method is removed completely and call sites are replaced
with ByteBuffer::wrap(const_cast<void*>(data), size) which makes the
behaviour obvious.
 2020-08-06 10:33:16 +02:00
Brian Gianforcaro
9572c95152 LibTLS + LibCrypto: Suppress unobserved Optoinal<T> return values. 2020-08-05 12:27:15 +02:00
AnotherTest
97256ad977 ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients 
This makes gemini.circumlunar.space (and some more gemini pages) work
again :^)
 2020-08-02 18:57:51 +02:00
AnotherTest
9d3ffa096a LibTLS: Add (basic) support for sending client certificates 2020-08-02 18:57:51 +02:00
AnotherTest
4065182811 LibTLS: Reschedule the timeout if we're too slow 
Previously, we would not care if the handshake timer timed out because
the server was too slow, or because we were too slow, this caused
connections to fail when the system was under heavy load.
This patch fixes this behaviour (and closes #2843) by checking if the
timeout delay was within margin of error of the max timeout.
 2020-07-21 13:01:35 +02:00
AnotherTest
b67acf9c88 LibTLS: Simplify record padding logic and ASSERT more assumptions 2020-06-04 15:58:04 +02:00
Andreas Kling
b2a7137f57 LibTLS: Put a little more debug spam behind TLS_DEBUG 2020-06-01 20:13:53 +02:00
AnotherTest
d54d2892a9 LibTLS: Avoid busy-wait between ClientHello and ServerHello 
This commit also adds a timeout timer to cancel the connection if the
server does not respond to the hello request in 10 seconds.
 2020-05-30 18:26:13 +02:00
Marcin Gasperowicz
9a4ee9aa1a Lagom: Adjust AK, LibCore and LibTLS to build on MacOS 2020-05-30 00:36:13 +02:00
Andreas Kling
c1dd67e792 LibCrypto+LibTLS: Use AK/Random.h 
This makes it possible to build both of these on Linux.
 2020-05-27 12:28:17 +02:00
Luke
8e6df3949d LibTLS: Add more TLS 1.2 error descriptions 
Adds more TLS 1.2 error descriptions according to the specification:
https://tools.ietf.org/html/rfc5246#section-7.2.2

This changes the DecryptionFailed description, as the specification
says that this alert should NEVER be sent by a compliant server.
 2020-05-27 11:11:56 +02:00
Andreas Kling
5049e41223 LibTLS: Put lots of debug spam behind TLS_DEBUG 2020-05-26 23:46:28 +02:00
AnotherTest
7d76299ca9 LibTLS: Do not call on_tls_finished until the client has read app data 2020-05-21 01:21:39 +02:00
AnotherTest
f9cffda0e0 LibTLS: Flush some packets as soon as more packets are written 
This seems like a better compromise between throughput and latency, and
it doesn't _really_ affect the performance, so let's just compromise.
 2020-05-20 08:30:51 +02:00
AnotherTest
379cb061d7 LibTLS: Only try to flush data when needed 
This patchset drops the write notifier, and schedules writes only when
necessary.
As a result, the CPU utilisation no longer spikes to the skies :^)
 2020-05-19 20:00:43 +02:00
Andreas Kling
4b202a3c79 LibCore+LibTLS: Don't keep a "ready to write" notifier on all Sockets 
The "ready to write" notifier we set up in generic socket connection is
really only meant to detect a successful connection. Once we have a TCP
connection, for example, it will fire on every event loop iteration.

This was causing IRC Client to max out the CPU by getting this no-op
notifier callback over and over.

Since this was only used by TLSv12, I changed that code to create its
own notifier instead. It might be possible to improve TLS performance
by only processing writes when actually needed, but I didn't look very
closely at that for this patch. :^)
 2020-05-18 20:16:52 +02:00
Sergey Bugaev
450a2a0f9c Build: Switch to CMake :^) 
Closes https://github.com/SerenityOS/serenity/issues/2080
 2020-05-14 20:15:18 +02:00
AnotherTest
af1ce6c33d LibTLS: Verify server certificate expiry date 2020-05-07 10:23:58 +02:00
AnotherTest
2a29e668bd LibTLS: Try to disambiguate errors in case of failure 
Not particularly helpful, but better than nothing.
 2020-05-05 11:20:42 +02:00
Andreas Kling
e7abbc6655 LibTLS: Put some debug spam behind an #ifdef 2020-05-03 19:14:50 +02:00
AnotherTest
b028a123b8 LibTLS: "Properly" handle the server dropping the connection 
Contrary to popular belief, not every implementation of TLS follows the
specs.
Some of them just drop the connection without sending a proper
close_notify, and we should handle that gracefully.
 2020-05-03 19:08:40 +02:00
AnotherTest
0da07c284e LibTLS: Implement build_alert() 2020-05-02 12:24:10 +02:00
AnotherTest
dace14e70d LibTLS: Split TLSv12 to sensible categorical files 
This commit splits the TLSv12 file into multiple files, and also removes
some magic values, to make the code less horrible. :^)
 2020-05-02 12:24:10 +02:00
AnotherTest
bb46e5f608 LibTLS: Switch to Hash::Manager for hashing and add SHA1 
Now we can talk to google.com
 2020-05-02 12:24:10 +02:00
AnotherTest
a1e1570552 LibCrypto+LibTLS: Generalise the use of IV length 
This is in preparation for the upcoming Galois/Counter mode, which
conventionally has 12 bytes of IV as opposed to CBC's 16 bytes.

...Also fixes a lot of style issues, since the author finally found the
project's clang config file in the repository root :^)
 2020-05-02 12:24:10 +02:00
AnotherTest
72d56b46b5 LibTLS: Make enough stuff work to have a demo run 
...maybe, sometimes :^)
 2020-05-02 12:24:10 +02:00