summaryrefslogtreecommitdiff
path: root/Libraries
diff options
context:
space:
mode:
authorAndreas Kling <kling@serenityos.org>2020-12-19 15:07:09 +0100
committerAndreas Kling <kling@serenityos.org>2020-12-19 18:29:13 +0100
commit8e20208dd6d561f0891fd424d8c396c28247cff9 (patch)
tree633790ef5fca4c9a55e6e6805a54ab63b6e14ca1 /Libraries
parent4d89c1885df4734c8b5cd61e1fd942dda24c3077 (diff)
downloadserenity-8e20208dd6d561f0891fd424d8c396c28247cff9.zip
LibTLS+LibCrypto: Replace a whole bunch of ByteBuffers with Spans
Diffstat (limited to 'Libraries')
-rw-r--r--Libraries/LibCrypto/Cipher/AES.cpp4
-rw-r--r--Libraries/LibCrypto/Cipher/AES.h8
-rw-r--r--Libraries/LibCrypto/Cipher/Cipher.h4
-rw-r--r--Libraries/LibCrypto/Cipher/Mode/CBC.h4
-rw-r--r--Libraries/LibCrypto/Cipher/Mode/CTR.h6
-rw-r--r--Libraries/LibCrypto/Cipher/Mode/GCM.h6
-rw-r--r--Libraries/LibCrypto/Cipher/Mode/Mode.h4
-rw-r--r--Libraries/LibCrypto/PK/Code/Code.h4
-rw-r--r--Libraries/LibCrypto/PK/Code/EMSA_PSS.h13
-rw-r--r--Libraries/LibCrypto/PK/PK.h8
-rw-r--r--Libraries/LibCrypto/PK/RSA.cpp20
-rw-r--r--Libraries/LibCrypto/PK/RSA.h20
-rw-r--r--Libraries/LibTLS/ClientHandshake.cpp26
-rw-r--r--Libraries/LibTLS/Exchange.cpp8
-rw-r--r--Libraries/LibTLS/Handshake.cpp2
-rw-r--r--Libraries/LibTLS/Record.cpp20
-rw-r--r--Libraries/LibTLS/Socket.cpp2
-rw-r--r--Libraries/LibTLS/TLSPacketBuilder.h2
-rw-r--r--Libraries/LibTLS/TLSv12.cpp10
-rw-r--r--Libraries/LibTLS/TLSv12.h47
20 files changed, 111 insertions, 107 deletions
diff --git a/Libraries/LibCrypto/Cipher/AES.cpp b/Libraries/LibCrypto/Cipher/AES.cpp
index 95fbb70515..66dbac2552 100644
--- a/Libraries/LibCrypto/Cipher/AES.cpp
+++ b/Libraries/LibCrypto/Cipher/AES.cpp
@@ -59,7 +59,7 @@ String AESCipherKey::to_string() const
return builder.build();
}
-void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
+void AESCipherKey::expand_encrypt_key(ReadonlyBytes user_key, size_t bits)
{
u32* round_key;
u32 temp;
@@ -170,7 +170,7 @@ void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
}
}
-void AESCipherKey::expand_decrypt_key(const ByteBuffer& user_key, size_t bits)
+void AESCipherKey::expand_decrypt_key(ReadonlyBytes user_key, size_t bits)
{
u32* round_key;
diff --git a/Libraries/LibCrypto/Cipher/AES.h b/Libraries/LibCrypto/Cipher/AES.h
index 70b9f88827..c1a0e53cc5 100644
--- a/Libraries/LibCrypto/Cipher/AES.h
+++ b/Libraries/LibCrypto/Cipher/AES.h
@@ -75,8 +75,8 @@ private:
struct AESCipherKey : public CipherKey {
virtual ByteBuffer data() const override { return ByteBuffer::copy(m_rd_keys, sizeof(m_rd_keys)); };
- virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) override;
- virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) override;
+ virtual void expand_encrypt_key(ReadonlyBytes user_key, size_t bits) override;
+ virtual void expand_decrypt_key(ReadonlyBytes user_key, size_t bits) override;
static bool is_valid_key_size(size_t bits) { return bits == 128 || bits == 192 || bits == 256; };
String to_string() const;
const u32* round_keys() const
@@ -84,7 +84,7 @@ struct AESCipherKey : public CipherKey {
return (const u32*)m_rd_keys;
}
- AESCipherKey(const ByteBuffer& user_key, size_t key_bits, Intent intent)
+ AESCipherKey(ReadonlyBytes user_key, size_t key_bits, Intent intent)
: m_bits(key_bits)
{
if (intent == Intent::Encryption)
@@ -119,7 +119,7 @@ public:
constexpr static size_t BlockSizeInBits = BlockType::BlockSizeInBits;
- AESCipher(const ByteBuffer& user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
+ AESCipher(ReadonlyBytes user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
: Cipher<AESCipherKey, AESCipherBlock>(mode)
, m_key(user_key, key_bits, intent)
{
diff --git a/Libraries/LibCrypto/Cipher/Cipher.h b/Libraries/LibCrypto/Cipher/Cipher.h
index 713030916b..ce000ad28a 100644
--- a/Libraries/LibCrypto/Cipher/Cipher.h
+++ b/Libraries/LibCrypto/Cipher/Cipher.h
@@ -106,8 +106,8 @@ struct CipherKey {
virtual ~CipherKey() { }
protected:
- virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
- virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
+ virtual void expand_encrypt_key(ReadonlyBytes user_key, size_t bits) = 0;
+ virtual void expand_decrypt_key(ReadonlyBytes user_key, size_t bits) = 0;
size_t bits { 0 };
};
diff --git a/Libraries/LibCrypto/Cipher/Mode/CBC.h b/Libraries/LibCrypto/Cipher/Mode/CBC.h
index 6083cfae70..fc4aa27aac 100644
--- a/Libraries/LibCrypto/Cipher/Mode/CBC.h
+++ b/Libraries/LibCrypto/Cipher/Mode/CBC.h
@@ -56,7 +56,7 @@ public:
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
- virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
+ virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) override
{
auto length = in.size();
if (length == 0)
@@ -97,7 +97,7 @@ public:
__builtin_memcpy(ivec_out->data(), iv, min(IV_length(), ivec_out->size()));
}
- virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
+ virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override
{
auto length = in.size();
if (length == 0)
diff --git a/Libraries/LibCrypto/Cipher/Mode/CTR.h b/Libraries/LibCrypto/Cipher/Mode/CTR.h
index e1db3ce0c2..928208e7fc 100644
--- a/Libraries/LibCrypto/Cipher/Mode/CTR.h
+++ b/Libraries/LibCrypto/Cipher/Mode/CTR.h
@@ -131,7 +131,7 @@ public:
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
- virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
+ virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) override
{
// Our interpretation of "ivec" is what AES-CTR
// would define as nonce + IV + 4 zero bytes.
@@ -143,7 +143,7 @@ public:
this->encrypt_or_stream(nullptr, out, ivec, ivec_out);
}
- virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
+ virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override
{
// XOR (and thus CTR) is the most symmetric mode.
this->encrypt(in, out, ivec);
@@ -156,7 +156,7 @@ private:
protected:
constexpr static IncrementFunctionType increment {};
- void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, const Bytes& ivec, Bytes* ivec_out = nullptr)
+ void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, ReadonlyBytes ivec, Bytes* ivec_out = nullptr)
{
size_t length;
if (in) {
diff --git a/Libraries/LibCrypto/Cipher/Mode/GCM.h b/Libraries/LibCrypto/Cipher/Mode/GCM.h
index 2e6f16f87e..6f3afec2e8 100644
--- a/Libraries/LibCrypto/Cipher/Mode/GCM.h
+++ b/Libraries/LibCrypto/Cipher/Mode/GCM.h
@@ -71,7 +71,7 @@ public:
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
// FIXME: This overload throws away the auth stuff, think up a better way to return more than a single bytebuffer.
- virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* = nullptr) override
+ virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* = nullptr) override
{
ASSERT(!ivec.is_empty());
@@ -79,7 +79,7 @@ public:
encrypt(in, out, ivec, dummy, dummy);
}
- virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
+ virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) override
{
encrypt(in, out, ivec);
}
@@ -108,7 +108,7 @@ public:
block0.get().bytes().copy_to(tag);
}
- VerificationConsistency decrypt(const ReadonlyBytes& in, Bytes out, const ReadonlyBytes& iv_in, const ReadonlyBytes& aad, const ReadonlyBytes& tag)
+ VerificationConsistency decrypt(ReadonlyBytes in, Bytes out, ReadonlyBytes iv_in, ReadonlyBytes aad, ReadonlyBytes tag)
{
auto iv_buf = ByteBuffer::copy(iv_in.data(), iv_in.size());
auto iv = iv_buf.bytes();
diff --git a/Libraries/LibCrypto/Cipher/Mode/Mode.h b/Libraries/LibCrypto/Cipher/Mode/Mode.h
index 65b65e4c1c..a34f6a4b98 100644
--- a/Libraries/LibCrypto/Cipher/Mode/Mode.h
+++ b/Libraries/LibCrypto/Cipher/Mode/Mode.h
@@ -39,8 +39,8 @@ class Mode {
public:
virtual ~Mode() { }
- virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) = 0;
- virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) = 0;
+ virtual void encrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}, Bytes* ivec_out = nullptr) = 0;
+ virtual void decrypt(ReadonlyBytes in, Bytes& out, ReadonlyBytes ivec = {}) = 0;
virtual size_t IV_length() const = 0;
diff --git a/Libraries/LibCrypto/PK/Code/Code.h b/Libraries/LibCrypto/PK/Code/Code.h
index d3bc206a1f..b5a70ddb14 100644
--- a/Libraries/LibCrypto/PK/Code/Code.h
+++ b/Libraries/LibCrypto/PK/Code/Code.h
@@ -41,8 +41,8 @@ public:
{
}
- virtual void encode(const ByteBuffer& in, ByteBuffer& out, size_t em_bits) = 0;
- virtual VerificationConsistency verify(const ByteBuffer& msg, const ByteBuffer& emsg, size_t em_bits) = 0;
+ virtual void encode(ReadonlyBytes in, ByteBuffer& out, size_t em_bits) = 0;
+ virtual VerificationConsistency verify(ReadonlyBytes msg, ReadonlyBytes emsg, size_t em_bits) = 0;
const HashFunction& hasher() const { return m_hasher; }
HashFunction& hasher() { return m_hasher; }
diff --git a/Libraries/LibCrypto/PK/Code/EMSA_PSS.h b/Libraries/LibCrypto/PK/Code/EMSA_PSS.h
index b905f654e0..f484717ead 100644
--- a/Libraries/LibCrypto/PK/Code/EMSA_PSS.h
+++ b/Libraries/LibCrypto/PK/Code/EMSA_PSS.h
@@ -46,7 +46,7 @@ public:
static constexpr auto SaltLength = SaltSize;
- virtual void encode(const ByteBuffer& in, ByteBuffer& out, size_t em_bits) override
+ virtual void encode(ReadonlyBytes in, ByteBuffer& out, size_t em_bits) override
{
// FIXME: we're supposed to check if in.size() > HashFunction::input_limitation
// however, all of our current hash functions can hash unlimited blocks
@@ -87,8 +87,7 @@ public:
u8 DB_mask[mask_length];
auto DB_mask_buffer = ByteBuffer::wrap(DB_mask, mask_length);
// FIXME: we should probably allow reading from u8*
- auto hash_buffer = ByteBuffer::wrap(hash.data, HashFunction::DigestSize);
- MGF1(hash_buffer, mask_length, DB_mask_buffer);
+ MGF1(ReadonlyBytes { hash.data, HashFunction::DigestSize }, mask_length, DB_mask_buffer);
for (size_t i = 0; i < DB.size(); ++i)
DB_data[i] ^= DB_mask[i];
@@ -101,7 +100,7 @@ public:
out[DB.size() + hash_fn.DigestSize] = 0xbc;
}
- virtual VerificationConsistency verify(const ByteBuffer& msg, const ByteBuffer& emsg, size_t em_bits) override
+ virtual VerificationConsistency verify(ReadonlyBytes msg, ReadonlyBytes emsg, size_t em_bits) override
{
auto& hash_fn = this->hasher();
hash_fn.update(msg);
@@ -114,8 +113,8 @@ public:
return VerificationConsistency::Inconsistent;
auto mask_length = emsg.size() - HashFunction::DigestSize - 1;
- auto masked_DB = emsg.slice_view(0, mask_length);
- auto H = emsg.slice_view(mask_length, HashFunction::DigestSize);
+ auto masked_DB = emsg.slice(0, mask_length);
+ auto H = emsg.slice(mask_length, HashFunction::DigestSize);
auto length_to_check = 8 * emsg.size() - em_bits;
auto octet = masked_DB[0];
@@ -160,7 +159,7 @@ public:
return VerificationConsistency::Consistent;
}
- void MGF1(const ByteBuffer& seed, size_t length, ByteBuffer& out)
+ void MGF1(ReadonlyBytes seed, size_t length, ByteBuffer& out)
{
auto& hash_fn = this->hasher();
ByteBuffer T = ByteBuffer::create_zeroed(0);
diff --git a/Libraries/LibCrypto/PK/PK.h b/Libraries/LibCrypto/PK/PK.h
index e2b6817a22..4b7fa739f5 100644
--- a/Libraries/LibCrypto/PK/PK.h
+++ b/Libraries/LibCrypto/PK/PK.h
@@ -49,11 +49,11 @@ public:
{
}
- virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) = 0;
- virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) = 0;
+ virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) = 0;
+ virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) = 0;
- virtual void sign(const ByteBuffer& in, ByteBuffer& out) = 0;
- virtual void verify(const ByteBuffer& in, ByteBuffer& out) = 0;
+ virtual void sign(ReadonlyBytes in, ByteBuffer& out) = 0;
+ virtual void verify(ReadonlyBytes in, ByteBuffer& out) = 0;
virtual String class_name() const = 0;
diff --git a/Libraries/LibCrypto/PK/RSA.cpp b/Libraries/LibCrypto/PK/RSA.cpp
index 8eaaf37481..4ffaff54e8 100644
--- a/Libraries/LibCrypto/PK/RSA.cpp
+++ b/Libraries/LibCrypto/PK/RSA.cpp
@@ -113,7 +113,7 @@ RSA::KeyPairType RSA::parse_rsa_key(ReadonlyBytes in)
return keypair;
}
-void RSA::encrypt(const ByteBuffer& in, ByteBuffer& out)
+void RSA::encrypt(ReadonlyBytes in, ByteBuffer& out)
{
#ifdef CRYPTO_DEBUG
dbg() << "in size: " << in.size();
@@ -133,7 +133,7 @@ void RSA::encrypt(const ByteBuffer& in, ByteBuffer& out)
}
}
-void RSA::decrypt(const ByteBuffer& in, ByteBuffer& out)
+void RSA::decrypt(ReadonlyBytes in, ByteBuffer& out)
{
// FIXME: Actually use the private key properly
@@ -149,7 +149,7 @@ void RSA::decrypt(const ByteBuffer& in, ByteBuffer& out)
out = out.slice(out.size() - aligned_size, aligned_size);
}
-void RSA::sign(const ByteBuffer& in, ByteBuffer& out)
+void RSA::sign(ReadonlyBytes in, ByteBuffer& out)
{
auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
auto exp = NumberTheory::ModularPower(in_integer, m_private_key.private_exponent(), m_private_key.modulus());
@@ -157,7 +157,7 @@ void RSA::sign(const ByteBuffer& in, ByteBuffer& out)
out = out.slice(out.size() - size, size);
}
-void RSA::verify(const ByteBuffer& in, ByteBuffer& out)
+void RSA::verify(ReadonlyBytes in, ByteBuffer& out)
{
auto in_integer = UnsignedBigInteger::import_data(in.data(), in.size());
auto exp = NumberTheory::ModularPower(in_integer, m_public_key.public_exponent(), m_public_key.modulus());
@@ -198,7 +198,7 @@ void RSA::import_public_key(ReadonlyBytes bytes, bool pem)
}
template<typename HashFunction>
-void RSA_EMSA_PSS<HashFunction>::sign(const ByteBuffer& in, ByteBuffer& out)
+void RSA_EMSA_PSS<HashFunction>::sign(ReadonlyBytes in, ByteBuffer& out)
{
// -- encode via EMSA_PSS
auto mod_bits = m_rsa.private_key().modulus().trimmed_length() * sizeof(u32) * 8;
@@ -212,7 +212,7 @@ void RSA_EMSA_PSS<HashFunction>::sign(const ByteBuffer& in, ByteBuffer& out)
}
template<typename HashFunction>
-VerificationConsistency RSA_EMSA_PSS<HashFunction>::verify(const ByteBuffer& in)
+VerificationConsistency RSA_EMSA_PSS<HashFunction>::verify(ReadonlyBytes in)
{
auto mod_bytes = m_rsa.public_key().modulus().trimmed_length() * sizeof(u32);
if (in.size() != mod_bytes)
@@ -228,7 +228,7 @@ VerificationConsistency RSA_EMSA_PSS<HashFunction>::verify(const ByteBuffer& in)
return m_emsa_pss.verify(in, EM, mod_bytes * 8 - 1);
}
-void RSA_PKCS1_EME::encrypt(const ByteBuffer& in, ByteBuffer& out)
+void RSA_PKCS1_EME::encrypt(ReadonlyBytes in, ByteBuffer& out)
{
auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8;
#ifdef CRYPTO_DEBUG
@@ -271,7 +271,7 @@ void RSA_PKCS1_EME::encrypt(const ByteBuffer& in, ByteBuffer& out)
RSA::encrypt(out, out);
}
-void RSA_PKCS1_EME::decrypt(const ByteBuffer& in, ByteBuffer& out)
+void RSA_PKCS1_EME::decrypt(ReadonlyBytes in, ByteBuffer& out)
{
auto mod_len = (m_public_key.modulus().trimmed_length() * sizeof(u32) * 8 + 7) / 8;
if (in.size() != mod_len) {
@@ -317,11 +317,11 @@ void RSA_PKCS1_EME::decrypt(const ByteBuffer& in, ByteBuffer& out)
out = out.slice(offset, out.size() - offset);
}
-void RSA_PKCS1_EME::sign(const ByteBuffer&, ByteBuffer&)
+void RSA_PKCS1_EME::sign(ReadonlyBytes, ByteBuffer&)
{
dbg() << "FIXME: RSA_PKCS_EME::sign";
}
-void RSA_PKCS1_EME::verify(const ByteBuffer&, ByteBuffer&)
+void RSA_PKCS1_EME::verify(ReadonlyBytes, ByteBuffer&)
{
dbg() << "FIXME: RSA_PKCS_EME::verify";
}
diff --git a/Libraries/LibCrypto/PK/RSA.h b/Libraries/LibCrypto/PK/RSA.h
index 5cc716c4cf..329a7b3890 100644
--- a/Libraries/LibCrypto/PK/RSA.h
+++ b/Libraries/LibCrypto/PK/RSA.h
@@ -178,11 +178,11 @@ public:
m_private_key = pair.private_key;
}
- virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) override;
- virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) override;
+ virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) override;
+ virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) override;
- virtual void sign(const ByteBuffer& in, ByteBuffer& out) override;
- virtual void verify(const ByteBuffer& in, ByteBuffer& out) override;
+ virtual void sign(ReadonlyBytes in, ByteBuffer& out) override;
+ virtual void verify(ReadonlyBytes in, ByteBuffer& out) override;
virtual String class_name() const override { return "RSA"; }
@@ -203,8 +203,8 @@ public:
{
}
- void sign(const ByteBuffer& in, ByteBuffer& out);
- VerificationConsistency verify(const ByteBuffer& in);
+ void sign(ReadonlyBytes in, ByteBuffer& out);
+ VerificationConsistency verify(ReadonlyBytes in);
private:
EMSA_PSS<HashFunction, HashFunction::DigestSize> m_emsa_pss;
@@ -222,11 +222,11 @@ public:
~RSA_PKCS1_EME() { }
- virtual void encrypt(const ByteBuffer& in, ByteBuffer& out) override;
- virtual void decrypt(const ByteBuffer& in, ByteBuffer& out) override;
+ virtual void encrypt(ReadonlyBytes in, ByteBuffer& out) override;
+ virtual void decrypt(ReadonlyBytes in, ByteBuffer& out) override;
- virtual void sign(const ByteBuffer&, ByteBuffer&) override;
- virtual void verify(const ByteBuffer&, ByteBuffer&) override;
+ virtual void sign(ReadonlyBytes, ByteBuffer&) override;
+ virtual void verify(ReadonlyBytes, ByteBuffer&) override;
virtual String class_name() const override { return "RSA_PKCS1-EME"; }
virtual size_t output_size() const override { return m_public_key.length(); }
diff --git a/Libraries/LibTLS/ClientHandshake.cpp b/Libraries/LibTLS/ClientHandshake.cpp
index 6fb48bf565..a9cf86783d 100644
--- a/Libraries/LibTLS/ClientHandshake.cpp
+++ b/Libraries/LibTLS/ClientHandshake.cpp
@@ -34,7 +34,7 @@
namespace TLS {
-ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
+ssize_t TLSv12::handle_server_hello_done(ReadonlyBytes buffer)
{
if (buffer.size() < 3)
return (i8)Error::NeedMoreData;
@@ -47,7 +47,7 @@ ssize_t TLSv12::handle_server_hello_done(const ByteBuffer& buffer)
return size + 3;
}
-ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_packets)
+ssize_t TLSv12::handle_hello(ReadonlyBytes buffer, WritePacketStage& write_packets)
{
write_packets = WritePacketStage::Initial;
if (m_context.connection_status != ConnectionStatus::Disconnected && m_context.connection_status != ConnectionStatus::Renegotiating) {
@@ -192,7 +192,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
}
} else if (extension_type == HandshakeExtension::SignatureAlgorithms) {
dbg() << "supported signatures: ";
- print_buffer(buffer.slice_view(res, extension_length));
+ print_buffer(buffer.slice(res, extension_length));
// FIXME: what are we supposed to do here?
}
res += extension_length;
@@ -202,7 +202,7 @@ ssize_t TLSv12::handle_hello(const ByteBuffer& buffer, WritePacketStage& write_p
return res;
}
-ssize_t TLSv12::handle_finished(const ByteBuffer& buffer, WritePacketStage& write_packets)
+ssize_t TLSv12::handle_finished(ReadonlyBytes buffer, WritePacketStage& write_packets)
{
if (m_context.connection_status < ConnectionStatus::KeyExchange || m_context.connection_status == ConnectionStatus::Established) {
dbg() << "unexpected finished message";
@@ -305,10 +305,10 @@ void TLSv12::build_random(PacketBuilder& builder)
builder.append_u24(outbuf.size() + 2);
builder.append((u16)outbuf.size());
- builder.append(outbuf);
+ builder.append(outbuf.bytes());
}
-ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
+ssize_t TLSv12::handle_payload(ReadonlyBytes vbuffer)
{
if (m_context.connection_status == ConnectionStatus::Established) {
#ifdef TLS_DEBUG
@@ -374,7 +374,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "unsupported: server mode";
ASSERT_NOT_REACHED();
} else {
- payload_res = handle_hello(buffer.slice_view(1, payload_size), write_packets);
+ payload_res = handle_hello(buffer.slice(1, payload_size), write_packets);
}
break;
case HelloVerifyRequest:
@@ -396,7 +396,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "unsupported: server mode";
ASSERT_NOT_REACHED();
}
- payload_res = handle_certificate(buffer.slice_view(1, payload_size));
+ payload_res = handle_certificate(buffer.slice(1, payload_size));
if (m_context.certificates.size()) {
auto it = m_context.certificates.find([&](auto& cert) { return cert.is_valid(); });
@@ -430,7 +430,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "unsupported: server mode";
ASSERT_NOT_REACHED();
} else {
- payload_res = handle_server_key_exchange(buffer.slice_view(1, payload_size));
+ payload_res = handle_server_key_exchange(buffer.slice(1, payload_size));
}
break;
case CertificateRequest:
@@ -466,7 +466,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "unsupported: server mode";
ASSERT_NOT_REACHED();
} else {
- payload_res = handle_server_hello_done(buffer.slice_view(1, payload_size));
+ payload_res = handle_server_hello_done(buffer.slice(1, payload_size));
if (payload_res > 0)
write_packets = WritePacketStage::ClientHandshake;
}
@@ -482,7 +482,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
dbg() << "certificate verify";
#endif
if (m_context.connection_status == ConnectionStatus::KeyExchange) {
- payload_res = handle_verify(buffer.slice_view(1, payload_size));
+ payload_res = handle_verify(buffer.slice(1, payload_size));
} else {
payload_res = (i8)Error::UnexpectedMessage;
}
@@ -517,7 +517,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
#ifdef TLS_DEBUG
dbg() << "finished";
#endif
- payload_res = handle_finished(buffer.slice_view(1, payload_size), write_packets);
+ payload_res = handle_finished(buffer.slice(1, payload_size), write_packets);
if (payload_res > 0) {
memset(m_context.handshake_messages, 0, sizeof(m_context.handshake_messages));
}
@@ -528,7 +528,7 @@ ssize_t TLSv12::handle_payload(const ByteBuffer& vbuffer)
}
if (type != HelloRequest) {
- update_hash(buffer.slice_view(0, payload_size + 1));
+ update_hash(buffer.slice(0, payload_size + 1));
}
// if something went wrong, send an alert about it
diff --git a/Libraries/LibTLS/Exchange.cpp b/Libraries/LibTLS/Exchange.cpp
index 41151a0bc4..403617e9e1 100644
--- a/Libraries/LibTLS/Exchange.cpp
+++ b/Libraries/LibTLS/Exchange.cpp
@@ -108,7 +108,7 @@ bool TLSv12::expand_key()
return true;
}
-void TLSv12::pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b)
+void TLSv12::pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b)
{
if (!secret.size()) {
dbg() << "null secret";
@@ -225,7 +225,7 @@ ByteBuffer TLSv12::build_certificate()
for (auto& certificate : certificates) {
if (!certificate->der.is_empty()) {
builder.append_u24(certificate->der.size());
- builder.append(certificate->der);
+ builder.append(certificate->der.bytes());
}
}
}
@@ -265,13 +265,13 @@ ByteBuffer TLSv12::build_client_key_exchange()
return packet;
}
-ssize_t TLSv12::handle_server_key_exchange(const ByteBuffer&)
+ssize_t TLSv12::handle_server_key_exchange(ReadonlyBytes)
{
dbg() << "FIXME: parse_server_key_exchange";
return 0;
}
-ssize_t TLSv12::handle_verify(const ByteBuffer&)
+ssize_t TLSv12::handle_verify(ReadonlyBytes)
{
dbg() << "FIXME: parse_verify";
return 0;
diff --git a/Libraries/LibTLS/Handshake.cpp b/Libraries/LibTLS/Handshake.cpp
index 8e2e819ed9..e4e4d9ff0e 100644
--- a/Libraries/LibTLS/Handshake.cpp
+++ b/Libraries/LibTLS/Handshake.cpp
@@ -160,7 +160,7 @@ ByteBuffer TLSv12::build_finished()
auto hashbuf = ByteBuffer::wrap(const_cast<u8*>(digest.immutable_data()), m_context.handshake_hash.digest_size());
pseudorandom_function(outbuffer, m_context.master_key, (const u8*)"client finished", 15, hashbuf, dummy);
- builder.append(outbuffer);
+ builder.append(outbuffer.bytes());
auto packet = builder.build();
update_packet(packet);
diff --git a/Libraries/LibTLS/Record.cpp b/Libraries/LibTLS/Record.cpp
index 521bee2705..627ac69e43 100644
--- a/Libraries/LibTLS/Record.cpp
+++ b/Libraries/LibTLS/Record.cpp
@@ -194,7 +194,7 @@ void TLSv12::update_packet(ByteBuffer& packet)
++m_context.local_sequence_number;
}
-void TLSv12::update_hash(const ByteBuffer& message)
+void TLSv12::update_hash(ReadonlyBytes message)
{
m_context.handshake_hash.update(message);
}
@@ -226,7 +226,7 @@ ByteBuffer TLSv12::hmac_message(const ReadonlyBytes& buf, const Optional<Readonl
return mac;
}
-ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
+ssize_t TLSv12::handle_message(ReadonlyBytes buffer)
{
auto res { 5ll };
size_t header_size = res;
@@ -265,7 +265,9 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
#ifdef TLS_DEBUG
dbg() << "message type: " << (u8)type << ", length: " << length;
#endif
- ByteBuffer plain = buffer.slice_view(buffer_position, buffer.size() - buffer_position);
+ auto plain = buffer.slice(buffer_position, buffer.size() - buffer_position);
+
+ ByteBuffer decrypted;
if (m_context.cipher_spec_set && type != MessageType::ChangeCipher) {
#ifdef TLS_DEBUG
@@ -284,8 +286,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
}
auto packet_length = length - iv_length() - 16;
- auto payload = plain.bytes();
- auto decrypted = ByteBuffer::create_uninitialized(packet_length);
+ auto payload = plain;
+ decrypted = ByteBuffer::create_uninitialized(packet_length);
// AEAD AAD (13)
// Seq. no (8)
@@ -299,8 +301,8 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
u64 seq_no = AK::convert_between_host_and_network_endian(m_context.remote_sequence_number);
u16 len = AK::convert_between_host_and_network_endian((u16)packet_length);
- aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
- aad_stream.write(buffer.bytes().slice(0, header_size - 2)); // content-type + version
+ aad_stream.write({ &seq_no, sizeof(seq_no) }); // Sequence number
+ aad_stream.write(buffer.slice(0, header_size - 2)); // content-type + version
aad_stream.write({ &len, sizeof(u16) });
ASSERT(aad_stream.is_end());
@@ -342,10 +344,10 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
auto iv_size = iv_length();
auto decrypted = m_aes_remote.cbc->create_aligned_buffer(length - iv_size);
- auto iv = buffer.slice_view(header_size, iv_size);
+ auto iv = buffer.slice(header_size, iv_size);
Bytes decrypted_span = decrypted;
- m_aes_remote.cbc->decrypt(buffer.bytes().slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
+ m_aes_remote.cbc->decrypt(buffer.slice(header_size + iv_size, length - iv_size), decrypted_span, iv);
length = decrypted_span.size();
diff --git a/Libraries/LibTLS/Socket.cpp b/Libraries/LibTLS/Socket.cpp
index 3c242c3be1..79572582a0 100644
--- a/Libraries/LibTLS/Socket.cpp
+++ b/Libraries/LibTLS/Socket.cpp
@@ -73,7 +73,7 @@ String TLSv12::read_line(size_t max_size)
return String::copy(buffer, Chomp);
}
-bool TLSv12::write(const ByteBuffer& buffer)
+bool TLSv12::write(ReadonlyBytes buffer)
{
if (m_context.connection_status != ConnectionStatus::Established) {
#ifdef TLS_DEBUG
diff --git a/Libraries/LibTLS/TLSPacketBuilder.h b/Libraries/LibTLS/TLSPacketBuilder.h
index b521f947a4..2994ed27ab 100644
--- a/Libraries/LibTLS/TLSPacketBuilder.h
+++ b/Libraries/LibTLS/TLSPacketBuilder.h
@@ -70,7 +70,7 @@ public:
{
append((const u8*)&value, sizeof(value));
}
- inline void append(const ByteBuffer& data)
+ inline void append(ReadonlyBytes data)
{
append(data.data(), data.size());
}
diff --git a/Libraries/LibTLS/TLSv12.cpp b/Libraries/LibTLS/TLSv12.cpp
index 634f3c7b7f..eb4471486f 100644
--- a/Libraries/LibTLS/TLSv12.cpp
+++ b/Libraries/LibTLS/TLSv12.cpp
@@ -428,7 +428,7 @@ static ssize_t _parse_asn1(const Context& context, Certificate& cert, const u8*
}
}
-Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
+Optional<Certificate> TLSv12::parse_asn1(ReadonlyBytes buffer, bool) const
{
// FIXME: Our ASN.1 parser is not quite up to the task of
// parsing this X.509 certificate, so for the
@@ -447,7 +447,7 @@ Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool) const
return cert;
}
-ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
+ssize_t TLSv12::handle_certificate(ReadonlyBytes buffer)
{
ssize_t res = 0;
@@ -522,7 +522,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
}
remaining -= certificate_size_specific;
- auto certificate = parse_asn1(buffer.slice_view(res_cert, certificate_size_specific), false);
+ auto certificate = parse_asn1(buffer.slice(res_cert, certificate_size_specific), false);
if (certificate.has_value()) {
if (certificate.value().is_valid()) {
m_context.certificates.append(certificate.value());
@@ -546,7 +546,7 @@ ssize_t TLSv12::handle_certificate(const ByteBuffer& buffer)
return res;
}
-void TLSv12::consume(const ByteBuffer& record)
+void TLSv12::consume(ReadonlyBytes record)
{
if (m_context.critical_error) {
dbg() << "There has been a critical error (" << (i8)m_context.critical_error << "), refusing to continue";
@@ -846,7 +846,7 @@ TLSv12::TLSv12(Core::Object* parent, Version version)
}
}
-bool TLSv12::add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& rsa_key) // FIXME: This should not be bound to RSA
+bool TLSv12::add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes rsa_key) // FIXME: This should not be bound to RSA
{
if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) {
return true;
diff --git a/Libraries/LibTLS/TLSv12.h b/Libraries/LibTLS/TLSv12.h
index 2af5383b40..072540d3e4 100644
--- a/Libraries/LibTLS/TLSv12.h
+++ b/Libraries/LibTLS/TLSv12.h
@@ -41,18 +41,21 @@
namespace TLS {
-inline void print_buffer(const ByteBuffer& buffer)
+inline void print_buffer(ReadonlyBytes buffer)
{
for (size_t i { 0 }; i < buffer.size(); ++i)
dbgprintf("%02x ", buffer[i]);
dbgprintf("\n");
}
+inline void print_buffer(const ByteBuffer& buffer)
+{
+ print_buffer(buffer.bytes());
+}
+
inline void print_buffer(const u8* buffer, size_t size)
{
- for (size_t i { 0 }; i < size; ++i)
- dbgprintf("%02x ", buffer[i]);
- dbgprintf("\n");
+ print_buffer(ReadonlyBytes { buffer, size });
}
class Socket;
@@ -277,13 +280,13 @@ public:
m_context.SNI = sni;
}
- Optional<Certificate> parse_asn1(const ByteBuffer& buffer, bool client_cert = false) const;
- bool load_certificates(const ByteBuffer& pem_buffer);
- bool load_private_key(const ByteBuffer& pem_buffer);
+ Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false) const;
+ bool load_certificates(ReadonlyBytes pem_buffer);
+ bool load_private_key(ReadonlyBytes pem_buffer);
void set_root_certificates(Vector<Certificate>);
- bool add_client_key(const ByteBuffer& certificate_pem_buffer, const ByteBuffer& key_pem_buffer);
+ bool add_client_key(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes key_pem_buffer);
bool add_client_key(Certificate certificate)
{
m_context.client_certificates.append(move(certificate));
@@ -313,7 +316,7 @@ public:
Optional<ByteBuffer> read();
ByteBuffer read(size_t max_size);
- bool write(const ByteBuffer& buffer);
+ bool write(ReadonlyBytes);
void alert(AlertLevel, AlertDescription);
bool can_read_line() const { return m_context.application_buffer.size() && memchr(m_context.application_buffer.data(), '\n', m_context.application_buffer.size()); }
@@ -332,13 +335,13 @@ private:
virtual bool common_connect(const struct sockaddr*, socklen_t) override;
- void consume(const ByteBuffer& record);
+ void consume(ReadonlyBytes record);
ByteBuffer hmac_message(const ReadonlyBytes& buf, const Optional<ReadonlyBytes> buf2, size_t mac_length, bool local = false);
void ensure_hmac(size_t digest_size, bool local);
void update_packet(ByteBuffer& packet);
- void update_hash(const ByteBuffer& in);
+ void update_hash(ReadonlyBytes in);
void write_packet(ByteBuffer& packet);
@@ -360,19 +363,19 @@ private:
bool check_connection_state(bool read);
- ssize_t handle_hello(const ByteBuffer& buffer, WritePacketStage&);
- ssize_t handle_finished(const ByteBuffer& buffer, WritePacketStage&);
- ssize_t handle_certificate(const ByteBuffer& buffer);
- ssize_t handle_server_key_exchange(const ByteBuffer& buffer);
- ssize_t handle_server_hello_done(const ByteBuffer& buffer);
- ssize_t handle_verify(const ByteBuffer& buffer);
- ssize_t handle_payload(const ByteBuffer& buffer);
- ssize_t handle_message(const ByteBuffer& buffer);
- ssize_t handle_random(const ByteBuffer& buffer);
+ ssize_t handle_hello(ReadonlyBytes, WritePacketStage&);
+ ssize_t handle_finished(ReadonlyBytes, WritePacketStage&);
+ ssize_t handle_certificate(ReadonlyBytes);
+ ssize_t handle_server_key_exchange(ReadonlyBytes);
+ ssize_t handle_server_hello_done(ReadonlyBytes);
+ ssize_t handle_verify(ReadonlyBytes);
+ ssize_t handle_payload(ReadonlyBytes);
+ ssize_t handle_message(ReadonlyBytes);
+ ssize_t handle_random(ReadonlyBytes);
- size_t asn1_length(const ByteBuffer& buffer, size_t* octets);
+ size_t asn1_length(ReadonlyBytes, size_t* octets);
- void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b);
+ void pseudorandom_function(ByteBuffer& output, ReadonlyBytes secret, const u8* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b);
size_t key_length() const
{