Andrew Kelley
1d20ada366
std.crypto.tls.Client: refactor to reduce namespace bloat
2023-01-02 16:57:16 -07:00
Andrew Kelley
16af6286c8
std.crypto.tls.Client: support SignatureScheme.ecdsa_secp384r1_sha384
2023-01-02 16:57:16 -07:00
Andrew Kelley
940d368e7e
std.crypto.tls.Client: fix the read function
...
The read function has been renamed to readAdvanced since it has slightly
different semantics than typical read functions, specifically regarding
the end-of-file. A higher level read function is implemented on top.
Now, API users may pass small buffers to the read function and
everything will work fine. This is done by re-decrypting the same
ciphertext record with each call to read() until the record is finished
being transmitted.
If the buffer supplied to read() is large enough, then any given
ciphertext record will only be decrypted once, since it decrypts
directly to the read() buffer and therefore does not need any memcpy. On
the other hand, if the buffer supplied to read() is small, then the
ciphertext is decrypted into a stack buffer, a subset is copied to the
read() buffer, and then the entire ciphertext record is saved for the
next call to read().
2023-01-02 16:57:16 -07:00
Andrew Kelley
21ab99174e
std.crypto.tls.Client: use enums more
2023-01-02 16:57:16 -07:00
Andrew Kelley
477864dca5
std.crypto.tls.Client: fix truncation attack vulnerability
2023-01-02 16:57:16 -07:00
Andrew Kelley
ceb211e65f
std.crypto.tls.Client: handle key_update message
2023-01-02 16:57:15 -07:00
Andrew Kelley
b24f178029
std.crypto.tls.Certificate: fix parsing missing subsequent fields
...
Instead of seeing all the attributed types and values, the code was only
seeing the first one.
2023-01-02 16:57:15 -07:00
Andrew Kelley
642a8b05c3
std.crypto.tls.Certificate: explicit error set for verify
2023-01-02 16:57:15 -07:00
Andrew Kelley
862ecf2344
std.crypto.tls.Client: handle extra data after handshake
2023-01-02 16:57:15 -07:00
Andrew Kelley
16f936b420
std.crypto.tls: handle the certificate_verify message
2023-01-02 16:57:15 -07:00
Andrew Kelley
29475b4518
std.crypto.tls: validate previous certificate
2023-01-02 16:57:15 -07:00
Andrew Kelley
4f9f4575bd
std.crypto.tls: rename HandshakeCipher
2023-01-02 16:57:15 -07:00
Andrew Kelley
7ed7bd247e
std.crypto.tls: verify the common name matches
2023-01-02 16:57:15 -07:00
Andrew Kelley
244a97e8ad
std.crypto.tls: certificate signature validation
2023-01-02 16:57:15 -07:00
Andrew Kelley
bbc074252c
introduce std.crypto.CertificateBundle
...
for reading root certificate authority bundles from standard
installation locations on the file system. So far only Linux logic is
added.
2023-01-02 16:57:15 -07:00
Andrew Kelley
3237000d95
std.crypto.tls: rudimentary certificate parsing
2023-01-02 16:57:15 -07:00
Andrew Kelley
5d7eca6669
std.crypto.tls.Client: fix verify_data for batched handshakes
2023-01-02 16:57:15 -07:00
Andrew Kelley
e2c16d03ab
std.crypto.tls.Client: support secp256r1 for handshake
2023-01-02 16:57:15 -07:00
Andrew Kelley
f460c21705
std.crypto.tls.Client: avoid hard-coded bytes in key_share
2023-01-02 16:57:15 -07:00
Andrew Kelley
7a23778384
std.crypto.tls: send a legacy session id
...
To support middlebox compatibility mode.
2023-01-02 16:57:15 -07:00
Andrew Kelley
e2efba76aa
std.crypto.tls: refactor to remove mutations
...
build up the hello message with array concatenation and helper functions
rather than hard-coded offsets and lengths.
2023-01-02 16:57:15 -07:00
Andrew Kelley
41f4461cda
std.crypto.tls.Client: verify the server's Finished message
2023-01-02 16:57:15 -07:00
Andrew Kelley
f6c3a86f0f
std.crypto.tls.Client: remove unnecessary coercion
2023-01-02 16:57:15 -07:00
Andrew Kelley
8ef4dcd39f
std.crypto.tls: add some benchmark data points
...
Looks like aegis-128l is the winner on baseline too.
2023-01-02 16:57:15 -07:00
Andrew Kelley
942b5b468f
std.crypto.tls: implement the rest of the cipher suites
...
Also:
* Use KeyPair.create() function
* Don't bother with CCM
2023-01-02 16:57:15 -07:00
Andrew Kelley
93ab8be8d8
extract std.crypto.tls.Client into separate namespace
2023-01-02 16:57:15 -07:00
