Stowage/ladybird
2
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-10-31 13:20:59 +00:00
Code Issues Projects Releases Packages Wiki Activity
ladybird/Userland/Libraries/LibTLS/TLSv12.cpp

547 lines
20 KiB
C++
Raw Normal View History

LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
/*
AK+Userland: Use mpfard@serenityos.org for my copyright headers
2021-04-23 00:43:01 +04:30
* Copyright (c) 2020, Ali Mohammad Pur <mpfard@serenityos.org>
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
*
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 01:24:48 -07:00
* SPDX-License-Identifier: BSD-2-Clause
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
*/
Base+LibTLS: Update CA Certificates list with actual certificates The CA certificates list now contains the actual certificate data for approximatly a hundred certificate authorities. These certificates were generated from https://mkcert.org, which uses the Mozilla CA certificate list. This also updates the code for reading the CA certificates.
2022-02-21 22:11:15 +01:00
#include <AK/Base64.h>
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.
2021-01-17 16:57:17 +01:00
#include <AK/Debug.h>
AK: Add Endian.h header to replace NetworkOrdered.h.
2020-08-25 15:11:15 +02:00
#include <AK/Endian.h>
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
#include <LibCore/ConfigFile.h>
LibTLS: Verify server certificate expiry date
2020-05-06 21:43:27 +04:30
#include <LibCore/DateTime.h>
LibTLS+Base: Rework default system certificate parser Change the default system certificate parser from our arbitrary INI format to well-known PEM format.
2023-03-14 14:14:01 +01:00
#include <LibCore/File.h>
LibTLS: Streamline certificate loading Some refactoring of our root ca loading process: - Remove duplicate code - Remove duplicate calls to `parse_root_ca` - Load user imported certificates in Browser/RequestServer
2023-04-10 07:06:17 +02:00
#include <LibCore/StandardPaths.h>
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
#include <LibCore/Timer.h>
LibTLS: Parse X.509 certificates with the new ASN.1 parser As a nice side effect, also correctly test for certificate validity :^)
2021-04-18 13:46:17 +04:30
#include <LibCrypto/ASN1/ASN1.h>
ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2020-08-02 05:27:42 +04:30
#include <LibCrypto/ASN1/PEM.h>
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
#include <LibCrypto/PK/Code/EMSA_PKCS1_V1_5.h>
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
#include <LibCrypto/PK/Code/EMSA_PSS.h>
LibTLS: Streamline certificate loading Some refactoring of our root ca loading process: - Remove duplicate code - Remove duplicate calls to `parse_root_ca` - Load user imported certificates in Browser/RequestServer
2023-04-10 07:06:17 +02:00
#include <LibFileSystem/FileSystem.h>
LibTLS+Base: Rework default system certificate parser Change the default system certificate parser from our arbitrary INI format to well-known PEM format.
2023-03-14 14:14:01 +01:00
#include <LibTLS/Certificate.h>
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
#include <LibTLS/TLSv12.h>
Everywhere: Remove klog(), dbg() and purge all LogStream usage :^) Good-bye LogStream. Long live AK::Format!
2021-03-12 17:29:37 +01:00
#include <errno.h>
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
Lagom: Adjust AK, LibCore and LibTLS to build on MacOS
2020-05-29 22:22:01 +02:00
#ifndef SOCK_NONBLOCK
# include <sys/ioctl.h>
#endif
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
namespace TLS {
LibTLS+LibCrypto: Replace a whole bunch of ByteBuffers with Spans
2020-12-19 15:07:09 +01:00
void TLSv12::consume(ReadonlyBytes record)
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
{
if (m_context.critical_error) {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.
2021-01-17 16:57:17 +01:00
dbgln("There has been a critical error ({}), refusing to continue", (i8)m_context.critical_error);
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
return;
}
if (record.size() == 0) {
return;
}
Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...) Replacement made by `find Kernel Userland -name '*.h' -o -name '*.cpp' | sed -i -Ee 's/dbgln\b<(\w+)>\(/dbgln_if(\1, /g'`
2021-02-07 15:33:24 +03:30
dbgln_if(TLS_DEBUG, "Consuming {} bytes", record.size());
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
AK: Make ByteBuffer::try_* functions return ErrorOr<void> Same as Vector, ByteBuffer now also signals allocation failure by returning an ENOMEM Error instead of a bool, allowing us to use the TRY() and MUST() patterns.
2021-11-10 14:33:44 +01:00
if (m_context.message_buffer.try_append(record).is_error()) {
Everywhere: Use OOM-safe ByteBuffer APIs where possible If we can easily communicate failure, let's avoid asserting and report failure instead.
2021-09-06 03:28:46 +04:30
dbgln("Not enough space in message buffer, dropping the record");
return;
}
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
size_t index { 0 };
size_t buffer_length = m_context.message_buffer.size();
size_t size_offset { 3 }; // read the common record header
size_t header_size { 5 };
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.
2021-01-17 16:57:17 +01:00
Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...) Replacement made by `find Kernel Userland -name '*.h' -o -name '*.cpp' | sed -i -Ee 's/dbgln\b<(\w+)>\(/dbgln_if(\1, /g'`
2021-02-07 15:33:24 +03:30
dbgln_if(TLS_DEBUG, "message buffer length {}", buffer_length);
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.
2021-01-17 16:57:17 +01:00
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
while (buffer_length >= 5) {
LibCrypto+LibTLS: Avoid unaligned reads and writes This adds an `AK::ByteReader` to help with that so we don't duplicate the logic all over the place. No more `*(const u16*)` and `*(const u32*)` for anyone. This should help a little with #7060.
2021-05-14 09:22:56 +04:30
auto length = AK::convert_between_host_and_network_endian(ByteReader::load16(m_context.message_buffer.offset_pointer(index + size_offset))) + header_size;
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
if (length > buffer_length) {
Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...) Replacement made by `find Kernel Userland -name '*.h' -o -name '*.cpp' | sed -i -Ee 's/dbgln\b<(\w+)>\(/dbgln_if(\1, /g'`
2021-02-07 15:33:24 +03:30
dbgln_if(TLS_DEBUG, "Need more data: {} > {}", length, buffer_length);
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
break;
}
LibTLS+Userland: Remove all uses of ByteBuffer::slice_view() This was another way to get a non-owning ByteBuffer wrapper.
2020-12-19 18:19:15 +01:00
auto consumed = handle_message(m_context.message_buffer.bytes().slice(index, length));
LibTLS: Put some debug spam behind an #ifdef
2020-05-03 14:28:40 +02:00
Everywhere: Debug macros instead of constexpr. This was done with the following script: find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec sed -i -E 's/dbgln<debug_([a-z_]+)>/dbgln<\U\1_DEBUG>/' {} \; find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec sed -i -E 's/if constexpr \(debug_([a-z0-9_]+)/if constexpr \(\U\1_DEBUG/' {} \;
2021-01-23 23:59:27 +01:00
if constexpr (TLS_DEBUG) {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.
2021-01-17 16:57:17 +01:00
if (consumed > 0)
dbgln("consumed {} bytes", consumed);
else
dbgln("error: {}", consumed);
}
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
if (consumed != (i8)Error::NeedMoreData) {
if (consumed < 0) {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.
2021-01-17 16:57:17 +01:00
dbgln("Consumed an error: {}", consumed);
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
if (!m_context.critical_error)
m_context.critical_error = (i8)consumed;
m_context.error_code = (Error)consumed;
break;
}
} else {
continue;
}
index += length;
buffer_length -= length;
if (m_context.critical_error) {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("Broken connection");
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
m_context.error_code = Error::BrokenConnection;
break;
}
}
if (m_context.error_code != Error::NoError && m_context.error_code != Error::NeedMoreData) {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.
2021-01-17 16:57:17 +01:00
dbgln("consume error: {}", (i8)m_context.error_code);
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
m_context.message_buffer.clear();
return;
}
if (index) {
AK/ByteBuffer+Everywhere: Handle errors in ByteBuffer::slice()
2022-06-13 05:20:42 -07:00
// FIXME: Propagate errors.
m_context.message_buffer = MUST(m_context.message_buffer.slice(index, m_context.message_buffer.size() - index));
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
}
}
LibTLS: Verify server certificate expiry date
2020-05-06 21:43:27 +04:30
bool Certificate::is_valid() const
{
auto now = Core::DateTime::now();
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
if (now < validity.not_before) {
dbgln("certificate expired (not yet valid, signed for {})", validity.not_before.to_deprecated_string());
LibTLS: Parse X.509 certificates with the new ASN.1 parser As a nice side effect, also correctly test for certificate validity :^)
2021-04-18 13:46:17 +04:30
return false;
LibTLS: Verify server certificate expiry date
2020-05-06 21:43:27 +04:30
}
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
if (validity.not_after < now) {
dbgln("certificate expired (expiry date {})", validity.not_after.to_deprecated_string());
LibTLS: Parse X.509 certificates with the new ASN.1 parser As a nice side effect, also correctly test for certificate validity :^)
2021-04-18 13:46:17 +04:30
return false;
LibTLS: Verify server certificate expiry date
2020-05-06 21:43:27 +04:30
}
return true;
}
LibTLS: Add self signage information to our parsed certificates
2023-03-21 18:48:05 +01:00
// https://www.ietf.org/rfc/rfc5280.html#page-12
bool Certificate::is_self_signed()
{
if (m_is_self_signed.has_value())
return *m_is_self_signed;
// Self-signed certificates are self-issued certificates where the digital
// signature may be verified by the public key bound into the certificate.
if (!this->is_self_issued)
m_is_self_signed.emplace(false);
// FIXME: Actually check if we sign ourself
m_is_self_signed.emplace(true);
return *m_is_self_signed;
}
LibTLS: Try to disambiguate errors in case of failure Not particularly helpful, but better than nothing.
2020-05-05 13:24:00 +04:30
void TLSv12::try_disambiguate_error() const
{
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("Possible failure cause(s): ");
LibTLS: Try to disambiguate errors in case of failure Not particularly helpful, but better than nothing.
2020-05-05 13:24:00 +04:30
switch ((AlertDescription)m_context.critical_error) {
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::HANDSHAKE_FAILURE:
LibTLS: Try to disambiguate errors in case of failure Not particularly helpful, but better than nothing.
2020-05-05 13:24:00 +04:30
if (!m_context.cipher_spec_set) {
LibTLS: Move TLS extensions to a separate 'extensions' struct This has no behavioural effect.
2021-02-07 07:19:34 +03:30
dbgln("- No cipher suite in common with {}", m_context.extensions.SNI);
LibTLS: Try to disambiguate errors in case of failure Not particularly helpful, but better than nothing.
2020-05-05 13:24:00 +04:30
} else {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- Unknown internal issue");
LibTLS: Try to disambiguate errors in case of failure Not particularly helpful, but better than nothing.
2020-05-05 13:24:00 +04:30
}
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::INSUFFICIENT_SECURITY:
LibTLS: Move TLS extensions to a separate 'extensions' struct This has no behavioural effect.
2021-02-07 07:19:34 +03:30
dbgln("- No cipher suite in common with {} (the server is oh so secure)", m_context.extensions.SNI);
LibTLS: Try to disambiguate errors in case of failure Not particularly helpful, but better than nothing.
2020-05-05 13:24:00 +04:30
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::PROTOCOL_VERSION:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- The server refused to negotiate with TLS 1.2 :(");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::UNEXPECTED_MESSAGE:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- We sent an invalid message for the state we're in.");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::BAD_RECORD_MAC:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- Bad MAC record from our side.");
dbgln("- Ciphertext wasn't an even multiple of the block length.");
dbgln("- Bad block cipher padding.");
dbgln("- If both sides are compliant, the only cause is messages being corrupted in the network.");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::RECORD_OVERFLOW:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- Sent a ciphertext record which has a length bigger than 18432 bytes.");
dbgln("- Sent record decrypted to a compressed record that has a length bigger than 18432 bytes.");
dbgln("- If both sides are compliant, the only cause is messages being corrupted in the network.");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::DECOMPRESSION_FAILURE_RESERVED:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- We sent invalid input for decompression (e.g. data that would expand to excessive length)");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::ILLEGAL_PARAMETER:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- We sent a parameter in the handshake that is out of range or inconsistent with the other parameters.");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::DECODE_ERROR:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- The message we sent cannot be decoded because a field was out of range or the length was incorrect.");
dbgln("- If both sides are compliant, the only cause is messages being corrupted in the network.");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::DECRYPT_ERROR:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- A handshake crypto operation failed. This includes signature verification and validating Finished.");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::ACCESS_DENIED:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- The certificate is valid, but once access control was applied, the sender decided to stop negotiation.");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::INTERNAL_ERROR:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- No one knows, but it isn't a protocol failure.");
LibTLS: Add more TLS 1.2 error descriptions Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26 23:27:41 +01:00
break;
LibTLS: Move AlertDescription to Extensions.h Also add missing values from the IANA registry
2023-04-14 00:43:25 +02:00
case AlertDescription::DECRYPTION_FAILED_RESERVED:
case AlertDescription::NO_CERTIFICATE_RESERVED:
case AlertDescription::EXPORT_RESTRICTION_RESERVED:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- No one knows, the server sent a non-compliant alert.");
LibTLS: Try to disambiguate errors in case of failure Not particularly helpful, but better than nothing.
2020-05-05 13:24:00 +04:30
break;
default:
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("- No one knows.");
LibTLS: Try to disambiguate errors in case of failure Not particularly helpful, but better than nothing.
2020-05-05 13:24:00 +04:30
break;
}
LibTLS: Add RFC explanation of AlertDescription values
2023-04-14 00:55:27 +02:00
dbgln("- {}", enum_to_value((AlertDescription)m_context.critical_error));
LibTLS: Try to disambiguate errors in case of failure Not particularly helpful, but better than nothing.
2020-05-05 13:24:00 +04:30
}
LibCore+LibTLS: Don't keep a "ready to write" notifier on all Sockets The "ready to write" notifier we set up in generic socket connection is really only meant to detect a successful connection. Once we have a TCP connection, for example, it will fire on every event loop iteration. This was causing IRC Client to max out the CPU by getting this no-op notifier callback over and over. Since this was only used by TLSv12, I changed that code to create its own notifier instead. It might be possible to improve TLS performance by only processing writes when actually needed, but I didn't look very closely at that for this patch. :^)
2020-05-18 20:16:52 +02:00
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
void TLSv12::set_root_certificates(Vector<Certificate> certificates)
{
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
if (!m_context.root_certificates.is_empty()) {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("TLS warn: resetting root certificates!");
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
m_context.root_certificates.clear();
}
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
for (auto& cert : certificates) {
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
if (!cert.is_valid()) {
dbgln("Certificate for {} by {} is invalid, things may or may not work!", cert.subject.common_name(), cert.issuer.common_name());
}
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
// FIXME: Figure out what we should do when our root certs are invalid.
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
m_context.root_certificates.set(MUST(cert.subject.to_string()).to_deprecated_string(), cert);
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
}
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2022-02-02 19:21:55 +03:30
dbgln_if(TLS_DEBUG, "{}: Set {} root certificates", this, m_context.root_certificates.size());
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
}
LibTLS: Simplify the way `verify_chain` is called The `build_rsa_pre_master_secret` function originally called `verify_chain_and_get_matching_certificate`, which verified the chain and returned a certificate matching the specified hostname. Since the first certificate in the chain should always be the one matching with the hostname, we can simply use that one instead. This means we can completely remove this method and just use `verify_chain`. To make sure the hostname is still verified, `verify_chain` now also checks that the first certificate in the chain matches the specified hostname. If the hostname is empty, we currently fail the verification, however this basically never happen, as the server name indication extension is always used.
2022-03-15 19:16:44 +01:00
static bool wildcard_matches(StringView host, StringView subject)
{
LibTLS: Correct matching hostname with certificate subject The wildcard specified in a certificates subject can only match a single level of subdomains. Originally, this function could match multiple levels of subdomains with a single "*.". As an example, https://wrong.host.badssl.com/ should fail to load, as the certificate provided by the server only specifies "*.badssl.com". However this was correctly matching anyway. With this change this page now correctly fails to load.
2022-02-22 16:04:07 +01:00
if (host == subject)
LibTLS: Simplify the way `verify_chain` is called The `build_rsa_pre_master_secret` function originally called `verify_chain_and_get_matching_certificate`, which verified the chain and returned a certificate matching the specified hostname. Since the first certificate in the chain should always be the one matching with the hostname, we can simply use that one instead. This means we can completely remove this method and just use `verify_chain`. To make sure the hostname is still verified, `verify_chain` now also checks that the first certificate in the chain matches the specified hostname. If the hostname is empty, we currently fail the verification, however this basically never happen, as the server name indication extension is always used.
2022-03-15 19:16:44 +01:00
return true;
Everywhere: Add sv suffix to strings relying on StringView(char const*) Each of these strings would previously rely on StringView's char const* constructor overload, which would call __builtin_strlen on the string. Since we now have operator ""sv, we can replace these with much simpler versions. This opens the door to being able to remove StringView(char const*). No functional changes.
2022-07-11 17:32:29 +00:00
if (subject.starts_with("*."sv)) {
LibTLS: Correct matching hostname with certificate subject The wildcard specified in a certificates subject can only match a single level of subdomains. Originally, this function could match multiple levels of subdomains with a single "*.". As an example, https://wrong.host.badssl.com/ should fail to load, as the certificate provided by the server only specifies "*.badssl.com". However this was correctly matching anyway. With this change this page now correctly fails to load.
2022-02-22 16:04:07 +01:00
auto maybe_first_dot_index = host.find('.');
if (maybe_first_dot_index.has_value()) {
auto first_dot_index = maybe_first_dot_index.release_value();
return wildcard_matches(host.substring_view(first_dot_index + 1), subject.substring_view(2));
}
}
LibTLS: Simplify the way `verify_chain` is called The `build_rsa_pre_master_secret` function originally called `verify_chain_and_get_matching_certificate`, which verified the chain and returned a certificate matching the specified hostname. Since the first certificate in the chain should always be the one matching with the hostname, we can simply use that one instead. This means we can completely remove this method and just use `verify_chain`. To make sure the hostname is still verified, `verify_chain` now also checks that the first certificate in the chain matches the specified hostname. If the hostname is empty, we currently fail the verification, however this basically never happen, as the server name indication extension is always used.
2022-03-15 19:16:44 +01:00
return false;
}
static bool certificate_subject_matches_host(Certificate& cert, StringView host)
{
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
if (wildcard_matches(host, cert.subject.common_name()))
LibTLS: Simplify the way `verify_chain` is called The `build_rsa_pre_master_secret` function originally called `verify_chain_and_get_matching_certificate`, which verified the chain and returned a certificate matching the specified hostname. Since the first certificate in the chain should always be the one matching with the hostname, we can simply use that one instead. This means we can completely remove this method and just use `verify_chain`. To make sure the hostname is still verified, `verify_chain` now also checks that the first certificate in the chain matches the specified hostname. If the hostname is empty, we currently fail the verification, however this basically never happen, as the server name indication extension is always used.
2022-03-15 19:16:44 +01:00
return true;
for (auto& san : cert.SAN) {
if (wildcard_matches(host, san))
return true;
}
return false;
}
bool Context::verify_chain(StringView host) const
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
{
LibTLS: Make the TLS connection options user-configurable The user may now request specific cipher suites, the use of SNI, and whether we should validate certificates (not that we're doing a good job of that).
2021-02-07 07:21:32 +03:30
if (!options.validate_certificates)
return true;
Everywhere: Run clang-format
2022-04-01 20:58:27 +03:00
Vector<Certificate> const* local_chain = nullptr;
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
if (is_server) {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("Unsupported: Server mode");
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
TODO();
} else {
local_chain = &certificates;
}
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
if (local_chain->is_empty()) {
dbgln("verify_chain: Attempting to verify an empty chain");
return false;
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
}
LibTLS: Add references to RFC5246 for the verify procedure
2022-02-22 13:48:52 +01:00
// RFC5246 section 7.4.2: The sender's certificate MUST come first in the list. Each following certificate
// MUST directly certify the one preceding it. Because certificate validation requires that root keys be
// distributed independently, the self-signed certificate that specifies the root certificate authority MAY be
// omitted from the chain, under the assumption that the remote end must already possess it in order to validate
// it in any case.
LibTLS: Simplify the way `verify_chain` is called The `build_rsa_pre_master_secret` function originally called `verify_chain_and_get_matching_certificate`, which verified the chain and returned a certificate matching the specified hostname. Since the first certificate in the chain should always be the one matching with the hostname, we can simply use that one instead. This means we can completely remove this method and just use `verify_chain`. To make sure the hostname is still verified, `verify_chain` now also checks that the first certificate in the chain matches the specified hostname. If the hostname is empty, we currently fail the verification, however this basically never happen, as the server name indication extension is always used.
2022-03-15 19:16:44 +01:00
if (!host.is_empty()) {
auto first_certificate = local_chain->first();
auto subject_matches = certificate_subject_matches_host(first_certificate, host);
if (!subject_matches) {
dbgln("verify_chain: First certificate does not match the hostname");
return false;
}
} else {
// FIXME: The host is taken from m_context.extensions.SNI, when is this empty?
dbgln("FIXME: verify_chain called without host");
return false;
}
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
for (size_t cert_index = 0; cert_index < local_chain->size(); ++cert_index) {
auto cert = local_chain->at(cert_index);
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
auto subject_string = MUST(cert.subject.to_string());
auto issuer_string = MUST(cert.issuer.to_string());
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
if (!cert.is_valid()) {
dbgln("verify_chain: Certificate is not valid {}", subject_string);
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
return false;
}
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
auto maybe_root_certificate = root_certificates.get(issuer_string.to_deprecated_string());
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
if (maybe_root_certificate.has_value()) {
LibTLS: Cleanup of verify_chain and verify_certificate_pair
2022-04-13 22:21:27 +02:00
auto& root_certificate = *maybe_root_certificate;
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
auto verification_correct = verify_certificate_pair(cert, root_certificate);
if (!verification_correct) {
dbgln("verify_chain: Signature inconsistent, {} was not signed by {} (root certificate)", subject_string, issuer_string);
return false;
}
// Root certificate reached, and correctly verified, so we can stop now
return true;
LibTLS: Cleanup of verify_chain and verify_certificate_pair
2022-04-13 22:21:27 +02:00
}
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
LibTLS: Cleanup of verify_chain and verify_certificate_pair
2022-04-13 22:21:27 +02:00
if (subject_string == issuer_string) {
dbgln("verify_chain: Non-root self-signed certificate");
return options.allow_self_signed_certificates;
}
if ((cert_index + 1) >= local_chain->size()) {
dbgln("verify_chain: No trusted root certificate found before end of certificate chain");
dbgln("verify_chain: Last certificate in chain was signed by {}", issuer_string);
return false;
}
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
LibTLS: Cleanup of verify_chain and verify_certificate_pair
2022-04-13 22:21:27 +02:00
auto parent_certificate = local_chain->at(cert_index + 1);
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
if (issuer_string != MUST(parent_certificate.subject.to_string())) {
LibTLS: Cleanup of verify_chain and verify_certificate_pair
2022-04-13 22:21:27 +02:00
dbgln("verify_chain: Next certificate in the chain is not the issuer of this certificate");
return false;
}
LibCrypto+LibTLS: Implement Key Usage and Basic Constraints extensions Root and intermediate CA certificates should have these extensions set to indicate that they are allowed to sign other certificates. The values reported in these extensions is now also checked by `verify_chain` to make sure no non-CA certificates are used to sign another certificate. The certificate parser now also aborts when a critical extension is detected which is unsupported, as is required by the specification.
2022-02-23 17:35:05 +01:00
LibTLS: Cleanup of verify_chain and verify_certificate_pair
2022-04-13 22:21:27 +02:00
if (!(parent_certificate.is_allowed_to_sign_certificate && parent_certificate.is_certificate_authority)) {
dbgln("verify_chain: {} is not marked as certificate authority", issuer_string);
return false;
}
if (parent_certificate.path_length_constraint.has_value() && cert_index > parent_certificate.path_length_constraint.value()) {
dbgln("verify_chain: Path length for certificate exceeded");
return false;
}
bool verification_correct = verify_certificate_pair(cert, parent_certificate);
if (!verification_correct) {
dbgln("verify_chain: Signature inconsistent, {} was not signed by {}", subject_string, issuer_string);
return false;
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
}
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
}
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
// Either a root certificate is reached, or parent validation fails as the end of the local chain is reached
VERIFY_NOT_REACHED();
}
LibTLS: Cleanup of verify_chain and verify_certificate_pair
2022-04-13 22:21:27 +02:00
bool Context::verify_certificate_pair(Certificate const& subject, Certificate const& issuer) const
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
{
LibTLS: Change CertificateKeyAlgorithm from enum to struct
2023-04-12 21:35:06 +02:00
Crypto::Hash::HashKind kind = Crypto::Hash::HashKind::Unknown;
auto identifier = subject.signature_algorithm.identifier;
if (identifier == rsa_encryption_oid)
kind = Crypto::Hash::HashKind::None;
if (identifier == rsa_md5_encryption_oid)
kind = Crypto::Hash::HashKind::MD5;
if (identifier == rsa_sha1_encryption_oid)
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
kind = Crypto::Hash::HashKind::SHA1;
LibTLS: Change CertificateKeyAlgorithm from enum to struct
2023-04-12 21:35:06 +02:00
if (identifier == rsa_sha256_encryption_oid)
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
kind = Crypto::Hash::HashKind::SHA256;
LibTLS: Change CertificateKeyAlgorithm from enum to struct
2023-04-12 21:35:06 +02:00
if (identifier == rsa_sha384_encryption_oid)
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
kind = Crypto::Hash::HashKind::SHA384;
LibTLS: Change CertificateKeyAlgorithm from enum to struct
2023-04-12 21:35:06 +02:00
if (identifier == rsa_sha512_encryption_oid)
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
kind = Crypto::Hash::HashKind::SHA512;
LibTLS: Change CertificateKeyAlgorithm from enum to struct
2023-04-12 21:35:06 +02:00
if (kind == Crypto::Hash::HashKind::Unknown) {
dbgln("verify_certificate_pair: Unknown signature algorithm, expected RSA with SHA1/256/384/512, got OID {}", identifier);
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
return false;
}
Crypto::PK::RSAPrivateKey dummy_private_key;
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
Crypto::PK::RSAPublicKey public_key_copy { issuer.public_key.rsa };
LibTLS: Cleanup of verify_chain and verify_certificate_pair
2022-04-13 22:21:27 +02:00
auto rsa = Crypto::PK::RSA(public_key_copy, dummy_private_key);
LibTLS: Verify the certificate chain sent by the server With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
2022-02-21 22:25:34 +01:00
auto verification_buffer_result = ByteBuffer::create_uninitialized(subject.signature_value.size());
if (verification_buffer_result.is_error()) {
dbgln("verify_certificate_pair: Unable to allocate buffer for verification");
return false;
}
auto verification_buffer = verification_buffer_result.release_value();
auto verification_buffer_bytes = verification_buffer.bytes();
rsa.verify(subject.signature_value, verification_buffer_bytes);
// FIXME: This slice is subject hack, this will work for most certificates, but you actually have to parse
// the ASN.1 data to correctly extract the signed part of the certificate.
ReadonlyBytes message = subject.original_asn1.bytes().slice(4, subject.original_asn1.size() - 4 - (5 + subject.signature_value.size()) - 15);
auto pkcs1 = Crypto::PK::EMSA_PKCS1_V1_5<Crypto::Hash::Manager>(kind);
auto verification = pkcs1.verify(message, verification_buffer_bytes, subject.signature_value.size() * 8);
return verification == Crypto::VerificationConsistency::Consistent;
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
}
LibTLS: Allow using other hash algorithms for HMAC The standard allows for ciphers to define which hash to use. Fixes #7348
2021-05-29 08:26:10 +02:00
template<typename HMACType>
Everywhere: Run clang-format
2022-04-01 20:58:27 +03:00
static void hmac_pseudorandom_function(Bytes output, ReadonlyBytes secret, u8 const* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b)
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
{
LibTLS: Rework method names and arrangement in cpp files This commit only moves and renames methods. The code hasn't changed.
2021-05-18 21:55:06 +02:00
if (!secret.size()) {
dbgln("null secret");
return;
}
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
LibTLS: Rework method names and arrangement in cpp files This commit only moves and renames methods. The code hasn't changed.
2021-05-18 21:55:06 +02:00
auto append_label_seed = [&](auto& hmac) {
hmac.update(label, label_length);
hmac.update(seed);
if (seed_b.size() > 0)
hmac.update(seed_b);
};
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
LibTLS: Allow using other hash algorithms for HMAC The standard allows for ciphers to define which hash to use. Fixes #7348
2021-05-29 08:26:10 +02:00
HMACType hmac(secret);
LibTLS: Rework method names and arrangement in cpp files This commit only moves and renames methods. The code hasn't changed.
2021-05-18 21:55:06 +02:00
append_label_seed(hmac);
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
LibTLS: Rework method names and arrangement in cpp files This commit only moves and renames methods. The code hasn't changed.
2021-05-18 21:55:06 +02:00
constexpr auto digest_size = hmac.digest_size();
u8 digest[digest_size];
auto digest_0 = Bytes { digest, digest_size };
digest_0.overwrite(0, hmac.digest().immutable_data(), digest_size);
size_t index = 0;
while (index < output.size()) {
hmac.update(digest_0);
append_label_seed(hmac);
auto digest_1 = hmac.digest();
auto copy_size = min(digest_size, output.size() - index);
output.overwrite(index, digest_1.immutable_data(), copy_size);
index += copy_size;
digest_0.overwrite(0, hmac.process(digest_0).immutable_data(), digest_size);
}
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
}
Everywhere: Run clang-format
2022-04-01 20:58:27 +03:00
void TLSv12::pseudorandom_function(Bytes output, ReadonlyBytes secret, u8 const* label, size_t label_length, ReadonlyBytes seed, ReadonlyBytes seed_b)
LibTLS: Allow using other hash algorithms for HMAC The standard allows for ciphers to define which hash to use. Fixes #7348
2021-05-29 08:26:10 +02:00
{
// Simplification: We only support the HMAC PRF with the hash function SHA-256 or stronger.
// RFC 5246: "In this section, we define one PRF, based on HMAC. This PRF with the
// SHA-256 hash function is used for all cipher suites defined in this
// document and in TLS documents published prior to this document when
// TLS 1.2 is negotiated. New cipher suites MUST explicitly specify a
// PRF and, in general, SHOULD use the TLS PRF with SHA-256 or a
// stronger standard hash function."
switch (hmac_hash()) {
case Crypto::Hash::HashKind::SHA512:
hmac_pseudorandom_function<Crypto::Authentication::HMAC<Crypto::Hash::SHA512>>(output, secret, label, label_length, seed, seed_b);
break;
case Crypto::Hash::HashKind::SHA384:
hmac_pseudorandom_function<Crypto::Authentication::HMAC<Crypto::Hash::SHA384>>(output, secret, label, label_length, seed, seed_b);
break;
case Crypto::Hash::HashKind::SHA256:
hmac_pseudorandom_function<Crypto::Authentication::HMAC<Crypto::Hash::SHA256>>(output, secret, label, label_length, seed, seed_b);
break;
default:
dbgln("Failed to find a suitable HMAC hash");
VERIFY_NOT_REACHED();
break;
}
}
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2022-02-02 19:21:55 +03:30
TLSv12::TLSv12(StreamVariantType stream, Options options)
: m_stream(move(stream))
LibCore+LibTLS: Don't keep a "ready to write" notifier on all Sockets The "ready to write" notifier we set up in generic socket connection is really only meant to detect a successful connection. Once we have a TCP connection, for example, it will fire on every event loop iteration. This was causing IRC Client to max out the CPU by getting this no-op notifier callback over and over. Since this was only used by TLSv12, I changed that code to create its own notifier instead. It might be possible to improve TLS performance by only processing writes when actually needed, but I didn't look very closely at that for this patch. :^)
2020-05-18 20:16:52 +02:00
{
LibTLS: Make the TLS connection options user-configurable The user may now request specific cipher suites, the use of SNI, and whether we should validate certificates (not that we're doing a good job of that).
2021-02-07 07:21:32 +03:30
m_context.options = move(options);
LibCore+LibTLS: Don't keep a "ready to write" notifier on all Sockets The "ready to write" notifier we set up in generic socket connection is really only meant to detect a successful connection. Once we have a TCP connection, for example, it will fire on every event loop iteration. This was causing IRC Client to max out the CPU by getting this no-op notifier callback over and over. Since this was only used by TLSv12, I changed that code to create its own notifier instead. It might be possible to improve TLS performance by only processing writes when actually needed, but I didn't look very closely at that for this patch. :^)
2020-05-18 20:16:52 +02:00
m_context.is_server = false;
Everywhere: Make ByteBuffer::{create_*,copy}() OOM-safe
2021-09-06 03:29:52 +04:30
m_context.tls_buffer = {};
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2022-02-02 19:21:55 +03:30
set_root_certificates(m_context.options.root_certificates.has_value()
? *m_context.options.root_certificates
: DefaultRootCACertificates::the().certificates());
setup_connection();
LibCore+LibTLS: Don't keep a "ready to write" notifier on all Sockets The "ready to write" notifier we set up in generic socket connection is really only meant to detect a successful connection. Once we have a TCP connection, for example, it will fire on every event loop iteration. This was causing IRC Client to max out the CPU by getting this no-op notifier callback over and over. Since this was only used by TLSv12, I changed that code to create its own notifier instead. It might be possible to improve TLS performance by only processing writes when actually needed, but I didn't look very closely at that for this patch. :^)
2020-05-18 20:16:52 +02:00
}
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2022-02-02 19:21:55 +03:30
Vector<Certificate> TLSv12::parse_pem_certificate(ReadonlyBytes certificate_pem_buffer, ReadonlyBytes rsa_key) // FIXME: This should not be bound to RSA
ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2020-08-02 05:27:42 +04:30
{
if (certificate_pem_buffer.is_empty() || rsa_key.is_empty()) {
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2022-02-02 19:21:55 +03:30
return {};
ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2020-08-02 05:27:42 +04:30
}
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2022-02-02 19:21:55 +03:30
LibCrypto: Make a better ASN.1 parser And use it to parse RSA keys. As a bonus, this one shouldn't be reading out of bounds or messing with the stack (as much) anymore.
2021-02-14 14:50:42 +03:30
auto decoded_certificate = Crypto::decode_pem(certificate_pem_buffer);
ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2020-08-02 05:27:42 +04:30
if (decoded_certificate.is_empty()) {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("Certificate not PEM");
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2022-02-02 19:21:55 +03:30
return {};
ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2020-08-02 05:27:42 +04:30
}
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
auto maybe_certificate = Certificate::parse_certificate(decoded_certificate);
if (!maybe_certificate.is_error()) {
Everywhere: Replace a bundle of dbg with dbgln. These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.Everything: The modifications in this commit were automatically made using the following command: find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 18:51:44 +01:00
dbgln("Invalid certificate");
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2022-02-02 19:21:55 +03:30
return {};
ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2020-08-02 05:27:42 +04:30
}
Crypto::PK::RSA rsa(rsa_key);
LibTLS: Avoid implicitly copying ByteBuffer
2021-11-28 22:15:57 +01:00
auto certificate = maybe_certificate.release_value();
ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2020-08-02 05:27:42 +04:30
certificate.private_key = rsa.private_key();
Userland: Convert TLS::TLSv12 to a Core::Stream::Socket This commit converts TLS::TLSv12 to a Core::Stream object, and in the process allows TLS to now wrap other Core::Stream::Socket objects. As a large part of LibHTTP and LibGemini depend on LibTLS's interface, this also converts those to support Core::Stream, which leads to a simplification of LibHTTP (as there's no need to care about the underlying socket type anymore). Note that RequestServer now controls the TLS socket options, which is a better place anyway, as RS is the first receiver of the user-requested options (though this is currently not particularly useful).
2022-02-02 19:21:55 +03:30
return { move(certificate) };
ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clients This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2020-08-02 05:27:42 +04:30
}
Everywhere: Replace AK::Singleton => Singleton
2021-08-07 21:34:11 +02:00
Singleton<DefaultRootCACertificates> DefaultRootCACertificates::s_the;
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
DefaultRootCACertificates::DefaultRootCACertificates()
{
LibTLS: Streamline certificate loading Some refactoring of our root ca loading process: - Remove duplicate code - Remove duplicate calls to `parse_root_ca` - Load user imported certificates in Browser/RequestServer
2023-04-10 07:06:17 +02:00
auto load_result = load_certificates();
if (load_result.is_error()) {
dbgln("Failed to load CA Certificates: {}", load_result.error());
Base+LibTLS: Update CA Certificates list with actual certificates The CA certificates list now contains the actual certificate data for approximatly a hundred certificate authorities. These certificates were generated from https://mkcert.org, which uses the Mozilla CA certificate list. This also updates the code for reading the CA certificates.
2022-02-21 22:11:15 +01:00
return;
}
LibTLS: Streamline certificate loading Some refactoring of our root ca loading process: - Remove duplicate code - Remove duplicate calls to `parse_root_ca` - Load user imported certificates in Browser/RequestServer
2023-04-10 07:06:17 +02:00
m_ca_certificates = load_result.release_value();
}
ErrorOr<Vector<Certificate>> DefaultRootCACertificates::load_certificates()
{
auto cacert_file = TRY(Core::File::open("/etc/cacert.pem"sv, Core::File::OpenMode::Read));
auto data = TRY(cacert_file->read_until_eof());
auto user_cert_path = TRY(String::formatted("{}/.config/certs.pem", Core::StandardPaths::home_directory()));
if (FileSystem::exists(user_cert_path)) {
auto user_cert_file = TRY(Core::File::open(user_cert_path, Core::File::OpenMode::Read));
TRY(data.try_append(TRY(user_cert_file->read_until_eof())));
LibTLS+Base: Rework default system certificate parser Change the default system certificate parser from our arbitrary INI format to well-known PEM format.
2023-03-14 14:14:01 +01:00
}
LibTLS: Refactor CA loading into central function
2023-03-27 19:28:27 +02:00
LibTLS: Streamline certificate loading Some refactoring of our root ca loading process: - Remove duplicate code - Remove duplicate calls to `parse_root_ca` - Load user imported certificates in Browser/RequestServer
2023-04-10 07:06:17 +02:00
return TRY(parse_pem_root_certificate_authorities(data));
LibTLS: Refactor CA loading into central function
2023-03-27 19:28:27 +02:00
}
LibTLS: Streamline certificate loading Some refactoring of our root ca loading process: - Remove duplicate code - Remove duplicate calls to `parse_root_ca` - Load user imported certificates in Browser/RequestServer
2023-04-10 07:06:17 +02:00
ErrorOr<Vector<Certificate>> DefaultRootCACertificates::parse_pem_root_certificate_authorities(ByteBuffer& data)
LibTLS: Refactor CA loading into central function
2023-03-27 19:28:27 +02:00
{
Vector<Certificate> certificates;
auto certs = TRY(Crypto::decode_pems(data));
LibTLS+Base: Rework default system certificate parser Change the default system certificate parser from our arbitrary INI format to well-known PEM format.
2023-03-14 14:14:01 +01:00
for (auto& cert : certs) {
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
auto certificate_result = Certificate::parse_certificate(cert.bytes());
if (certificate_result.is_error()) {
LibTLS+Base: Rework default system certificate parser Change the default system certificate parser from our arbitrary INI format to well-known PEM format.
2023-03-14 14:14:01 +01:00
// FIXME: It would be nice to have more informations about the certificate we failed to parse.
// Like: Issuer, Algorithm, CN, etc
LibTLS: Change Certificate parsing to use ErrorOr Loads of changes that are tightly connected... :/ * Change lambdas to static functions * Add spec docs to those functions * Keep the current scope around as a parameter * Add wrapping classes for some Certificate members * Parse ec and ecdsa data from certificates
2023-04-03 19:05:01 +02:00
dbgln("Failed to load certificate: {}", certificate_result.error());
LibTLS+Base: Rework default system certificate parser Change the default system certificate parser from our arbitrary INI format to well-known PEM format.
2023-03-14 14:14:01 +01:00
continue;
Base+LibTLS: Update CA Certificates list with actual certificates The CA certificates list now contains the actual certificate data for approximatly a hundred certificate authorities. These certificates were generated from https://mkcert.org, which uses the Mozilla CA certificate list. This also updates the code for reading the CA certificates.
2022-02-21 22:11:15 +01:00
}
LibTLS+Base: Rework default system certificate parser Change the default system certificate parser from our arbitrary INI format to well-known PEM format.
2023-03-14 14:14:01 +01:00
auto certificate = certificate_result.release_value();
LibTLS: Check if certificate is self signed before importing it as CA
2023-03-21 18:48:18 +01:00
if (certificate.is_certificate_authority && certificate.is_self_signed()) {
LibTLS: Refactor CA loading into central function
2023-03-27 19:28:27 +02:00
TRY(certificates.try_append(move(certificate)));
LibTLS: Check if certificate is self signed before importing it as CA
2023-03-21 18:48:18 +01:00
} else {
LibTLS: Streamline certificate loading Some refactoring of our root ca loading process: - Remove duplicate code - Remove duplicate calls to `parse_root_ca` - Load user imported certificates in Browser/RequestServer
2023-04-10 07:06:17 +02:00
dbgln("Skipped '{}' because it is not a valid root CA", TRY(certificate.subject.to_string()));
LibTLS: Check if certificate is self signed before importing it as CA
2023-03-21 18:48:18 +01:00
}
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
}
Base+LibTLS: Update CA Certificates list with actual certificates The CA certificates list now contains the actual certificate data for approximatly a hundred certificate authorities. These certificates were generated from https://mkcert.org, which uses the Mozilla CA certificate list. This also updates the code for reading the CA certificates.
2022-02-21 22:11:15 +01:00
LibTLS: Refactor CA loading into central function
2023-03-27 19:28:27 +02:00
dbgln("Loaded {} of {} ({:.2}%) provided CA Certificates", certificates.size(), certs.size(), (certificates.size() * 100.0) / certs.size());
return certificates;
LibTLS: (Almost) verify certificate chain against root CA certificates Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30 11:56:31 +03:30
}
LibTLS: Make enough stuff work to have a demo run ...maybe, sometimes :^)
2020-04-21 01:57:23 +04:30
}
Reference in a new issue Copy permalink