Commit graph

57 commits

Author SHA1 Message Date
Ali Mohammad Pur
d704b61066 LibCore+LibTLS: Add an API for connect()'ing 'with hostname
This just unifies the API for all three sockets (UDP, TCP and TLS)
2024-11-20 21:37:58 +01:00
Timothy Flynn
93712b24bf Everywhere: Hoist the Libraries folder to the top-level 2024-11-10 12:50:45 +01:00
Andreas Kling
13d7c09125 Libraries: Move to Userland/Libraries/ 2021-01-12 12:17:46 +01:00
asynts
6fa42af567 Everywhere: Replace a bundle of dbg with dbgln.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.

The modifications in this commit were automatically made using the
following command:

    find . -name '*.h' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-11 21:49:29 +01:00
Lenny Maiorani
f99d1d3bd7 Vector: Implement find, find_if, find_first_matching in terms of AK::find*
Problem:
- The implementation of `find` is coupled to the implementation of `Vector`.
- `Vector::find` takes the predicate by value which might be expensive.

Solution:
- Decouple the implementation of `find` from `Vector` by using a
  generic `find` algorithm.
- Change the name of `find` with a predicate to `find_if` so that a
  binding reference can be used and the predicate can be forwarded to
  avoid copies.
- Change all the `find(pred)` call sites to use `find_if`.
2021-01-11 19:45:05 +01:00
asynts
938e5c7719 Everywhere: Replace a bundle of dbg with dbgln.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:

The modifications in this commit were automatically made using the
following command:

    find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 21:11:09 +01:00
Andreas Kling
3be9a9ac76 LibTLS: Fix TLS breakage after ByteBuffer => Span conversion
Oops, I accidentally shadowed the outer scope's "decrypted" ByteBuffer
which caused us to throw away the buffer too early.

Fixes #4533.
2020-12-26 16:09:02 +01:00
Andreas Kling
b30acdb4b7 LibTLS+Userland: Remove all uses of ByteBuffer::slice_view()
This was another way to get a non-owning ByteBuffer wrapper.
2020-12-19 18:29:13 +01:00
Andreas Kling
d5600e966a LibTLS+LibCrypto: Remove all remaining uses of ByteBuffer::wrap() 2020-12-19 18:29:13 +01:00
Andreas Kling
e517505e35 LibTLS: Even more ByteBuffer -> Span conversion 2020-12-19 18:29:13 +01:00
Andreas Kling
f82b0a78ef LibTLS+LibCrypto: More ByteBuffer -> Span conversion 2020-12-19 18:29:13 +01:00
Andreas Kling
8e20208dd6 LibTLS+LibCrypto: Replace a whole bunch of ByteBuffers with Spans 2020-12-19 18:29:13 +01:00
AnotherTest
dbfce38c90 LibTLS: Read subjectAltName from certificates and use it
As quite a few certificates use this extension, reading and using it to
find matching certificates is fairly useful :^)
2020-12-13 20:24:58 +01:00
Andreas Kling
986ce57be9 LibTLS: TLSv12::read_line() should chomp result string
Match the Core::IODevice::read_line() API change and return a chomped
string from here as well.
2020-12-13 18:19:32 +01:00
Andreas Kling
b9b7b2b28a LibCore: Make IODevice::read_line() return a String
Almost everyone using this API actually wanted String instead of a
ByteBuffer anyway, and there were a bunch of slightly different ways
clients would convert to String.

Let's just cut out all the confusion and make it return String. :^)
2020-12-13 11:54:11 +01:00
AnotherTest
de4061ff94 LibTLS: Count the mac size towards the packet length in CBC mode
This is a regression introduced in 1172746, where the padding would be
done without accounting for the added MAC bytes.
Fixes #4098.
2020-11-16 13:21:18 +01:00
AnotherTest
1172746633 LibTLS: Add support for AEAD cipher suites
And integrate AES-GCM.
2020-11-14 10:18:54 +01:00
AnotherTest
37c089fb7b LibTLS: (Almost) verify certificate chain against root CA certificates
Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 23:42:03 +01:00
AnotherTest
1746e6f9ca LibTLS: Also read out the Organisational Unit from the certificate
This needs to be read out if we want to actually verify the cert chain.
2020-10-30 23:42:03 +01:00
AnotherTest
a2186fd64a LibTLS: Move out Certificate to its own header file 2020-10-30 23:42:03 +01:00
Luke
63a94deb43 LibTLS: Treat a close_notify before agreeing on a cipher suite as a handshake failure
Some TLS implementations (namely, AWS CloudFront) do this instead of
sending handshake_failure for some reason.
2020-10-26 08:59:57 +01:00
Nico Weber
ef1b21004f Everywhere: Fix typos
Mostly in comments, but sprintf() now prints "August" instead of
"Auguest" so that's something.
2020-10-02 16:03:17 +02:00
asynts
10c6f062b3 AK: Add Endian.h header to replace NetworkOrdered.h. 2020-08-25 16:22:14 +02:00
Nico Weber
8b166e57df
Misc: Remove some unneeded includes of Timer.h and ElapsedTimer.h (#3286) 2020-08-25 09:41:56 +02:00
AnotherTest
abb842ee5a LibTLS: Fix some debug logging 2020-08-24 09:29:39 +02:00
AnotherTest
0be3937be7 LibTLS: Do not process_message() the finished message twice
With two different sequence numbers to boot!
Fixes #3273
2020-08-24 09:29:39 +02:00
Ben Wiederhake
2a2630edc9 Meta: Fix wrong 'using namespace X' usages
Apart from causing All AK:: and Crypto:: symbols being suddenly visible even though
they might not be supposed to be, the style guide also says this is wrong:

https://github.com/SerenityOS/serenity/blob/master/Documentation/CodingStyle.md#using-statements
2020-08-23 00:53:16 +02:00
asynts
fff581cd72 AK: Rename span() to bytes() when appropriate.
I originally defined the bytes() method for the String class, because it
made it obvious that it's a span of bytes instead of span of characters.

This commit makes this more consistent by defining a bytes() method when
the type of the span is known to be u8.

Additionaly, the cast operator to Bytes is overloaded for ByteBuffer and
such.
2020-08-15 21:21:18 +02:00
Ali Mohammad Pur
d1571ce00a LibTLS: Re-silence a debug log
bc7a149039 (r41386045)
2020-08-12 10:59:06 +02:00
AnotherTest
880b0a7600 LibTLS: Avoid extra initialisation of buffers that are initialised
A trace for proof:
buffer:

    L91: 0:(packet.size() - header_size)
    L98: (packet.size() - header_size):(packet.size() - header_size + mac_size)
    L102: (packet.size() - header_size + mac_size):buffer.size()
    (asserted at L103)

ct:

    L88: 0:(header_size - 2)
    L123: (header_size - 2):(header_size)
    L111: (header_size):(header_size + iv_size)
    L117: (header_size + iv_size):(header_size + iv_size + length)
    (asserted at L113)
2020-08-11 21:37:10 +02:00
AnotherTest
bc7a149039 LibCrypto+LibTLS+Kernel: Switch the Cipher::Mode interface to use Span
This shaves 2.5 more runtime seconds off 'disasm /bin/id', and makes the
Mode<T> interface a lot more allocation-friendly.
2020-08-11 21:37:10 +02:00
asynts
b3d1a05261 Refactor: Expose const_cast by removing ByteBuffer::warp(const void*, size_t)
This function did a const_cast internally which made the call side look
"safe". This method is removed completely and call sites are replaced
with ByteBuffer::wrap(const_cast<void*>(data), size) which makes the
behaviour obvious.
2020-08-06 10:33:16 +02:00
Brian Gianforcaro
9572c95152 LibTLS + LibCrypto: Suppress unobserved Optoinal<T> return values. 2020-08-05 12:27:15 +02:00
AnotherTest
97256ad977 ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients
This makes gemini.circumlunar.space (and some more gemini pages) work
again :^)
2020-08-02 18:57:51 +02:00
AnotherTest
9d3ffa096a LibTLS: Add (basic) support for sending client certificates 2020-08-02 18:57:51 +02:00
AnotherTest
4065182811 LibTLS: Reschedule the timeout if we're too slow
Previously, we would not care if the handshake timer timed out because
the server was too slow, or because we were too slow, this caused
connections to fail when the system was under heavy load.
This patch fixes this behaviour (and closes #2843) by checking if the
timeout delay was within margin of error of the max timeout.
2020-07-21 13:01:35 +02:00
AnotherTest
b67acf9c88 LibTLS: Simplify record padding logic and ASSERT more assumptions 2020-06-04 15:58:04 +02:00
Andreas Kling
b2a7137f57 LibTLS: Put a little more debug spam behind TLS_DEBUG 2020-06-01 20:13:53 +02:00
AnotherTest
d54d2892a9 LibTLS: Avoid busy-wait between ClientHello and ServerHello
This commit also adds a timeout timer to cancel the connection if the
server does not respond to the hello request in 10 seconds.
2020-05-30 18:26:13 +02:00
Marcin Gasperowicz
9a4ee9aa1a Lagom: Adjust AK, LibCore and LibTLS to build on MacOS 2020-05-30 00:36:13 +02:00
Andreas Kling
c1dd67e792 LibCrypto+LibTLS: Use AK/Random.h
This makes it possible to build both of these on Linux.
2020-05-27 12:28:17 +02:00
Luke
8e6df3949d LibTLS: Add more TLS 1.2 error descriptions
Adds more TLS 1.2 error descriptions according to the specification:
https://tools.ietf.org/html/rfc5246#section-7.2.2

This changes the DecryptionFailed description, as the specification
says that this alert should NEVER be sent by a compliant server.
2020-05-27 11:11:56 +02:00
Andreas Kling
5049e41223 LibTLS: Put lots of debug spam behind TLS_DEBUG 2020-05-26 23:46:28 +02:00
AnotherTest
7d76299ca9 LibTLS: Do not call on_tls_finished until the client has read app data 2020-05-21 01:21:39 +02:00
AnotherTest
f9cffda0e0 LibTLS: Flush some packets as soon as more packets are written
This seems like a better compromise between throughput and latency, and
it doesn't _really_ affect the performance, so let's just compromise.
2020-05-20 08:30:51 +02:00
AnotherTest
379cb061d7 LibTLS: Only try to flush data when needed
This patchset drops the write notifier, and schedules writes only when
necessary.
As a result, the CPU utilisation no longer spikes to the skies :^)
2020-05-19 20:00:43 +02:00
Andreas Kling
4b202a3c79 LibCore+LibTLS: Don't keep a "ready to write" notifier on all Sockets
The "ready to write" notifier we set up in generic socket connection is
really only meant to detect a successful connection. Once we have a TCP
connection, for example, it will fire on every event loop iteration.

This was causing IRC Client to max out the CPU by getting this no-op
notifier callback over and over.

Since this was only used by TLSv12, I changed that code to create its
own notifier instead. It might be possible to improve TLS performance
by only processing writes when actually needed, but I didn't look very
closely at that for this patch. :^)
2020-05-18 20:16:52 +02:00
Sergey Bugaev
450a2a0f9c Build: Switch to CMake :^)
Closes https://github.com/SerenityOS/serenity/issues/2080
2020-05-14 20:15:18 +02:00
AnotherTest
af1ce6c33d LibTLS: Verify server certificate expiry date 2020-05-07 10:23:58 +02:00
AnotherTest
2a29e668bd LibTLS: Try to disambiguate errors in case of failure
Not particularly helpful, but better than nothing.
2020-05-05 11:20:42 +02:00