diff options
author | lloyd <[email protected]> | 2012-05-18 20:32:36 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-05-18 20:32:36 +0000 |
commit | c691561f3198f481c13457433efbccc1c9fcd898 (patch) | |
tree | a45ea2c5a30e0cb009fbcb68a61ef39332ff790c /src/tls | |
parent | d76700f01c7ecac5633edf75f8d7408b46c5dbac (diff) |
Fairly huge update that replaces the old secmem types with std::vector
using a custom allocator. Currently our allocator just does new/delete
with a memset before deletion, and the mmap and mlock allocators have
been removed.
Diffstat (limited to 'src/tls')
41 files changed, 299 insertions, 302 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index df3957a4b..e63dc91ba 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -21,14 +21,14 @@ enum { TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF }; -MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng) +std::vector<byte> make_hello_random(RandomNumberGenerator& rng) { - MemoryVector<byte> buf(32); + std::vector<byte> buf(32); const u32bit time32 = static_cast<u32bit>( std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); - store_be(time32, buf); + store_be(time32, &buf[0]); rng.randomize(&buf[4], buf.size() - 4); return buf; } @@ -44,7 +44,7 @@ Hello_Request::Hello_Request(Record_Writer& writer) /* * Deserialize a Hello Request message */ -Hello_Request::Hello_Request(const MemoryRegion<byte>& buf) +Hello_Request::Hello_Request(const std::vector<byte>& buf) { if(buf.size()) throw Decoding_Error("Bad Hello_Request, has non-zero size"); @@ -53,9 +53,9 @@ Hello_Request::Hello_Request(const MemoryRegion<byte>& buf) /* * Serialize a Hello Request message */ -MemoryVector<byte> Hello_Request::serialize() const +std::vector<byte> Hello_Request::serialize() const { - return MemoryVector<byte>(); + return std::vector<byte>(); } /* @@ -65,7 +65,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, bool next_protocol, const std::string& hostname, const std::string& srp_identifier) : @@ -101,7 +101,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, const Session& session, bool next_protocol) : m_version(session.version()), @@ -140,7 +140,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, /* * Read a counterparty client hello */ -Client_Hello::Client_Hello(const MemoryRegion<byte>& buf, Handshake_Type type) +Client_Hello::Client_Hello(const std::vector<byte>& buf, Handshake_Type type) { m_next_protocol = false; m_secure_renegotiation = false; @@ -158,9 +158,9 @@ Client_Hello::Client_Hello(const MemoryRegion<byte>& buf, Handshake_Type type) /* * Serialize a Client Hello message */ -MemoryVector<byte> Client_Hello::serialize() const +std::vector<byte> Client_Hello::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -202,7 +202,7 @@ MemoryVector<byte> Client_Hello::serialize() const return buf; } -void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) +void Client_Hello::deserialize_sslv2(const std::vector<byte>& buf) { if(buf.size() < 12 || buf[0] != 1) throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); @@ -243,7 +243,7 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) /* * Deserialize a Client Hello message */ -void Client_Hello::deserialize(const MemoryRegion<byte>& buf) +void Client_Hello::deserialize(const std::vector<byte>& buf) { if(buf.size() == 0) throw Decoding_Error("Client_Hello: Packet corrupted"); diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index f97081383..5ff9ec1ce 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -26,7 +26,7 @@ namespace TLS { namespace { -SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input) +secure_vector<byte> strip_leading_zeros(const secure_vector<byte>& input) { size_t leading_zeros = 0; @@ -37,8 +37,8 @@ SecureVector<byte> strip_leading_zeros(const MemoryRegion<byte>& input) ++leading_zeros; } - SecureVector<byte> output(&input[leading_zeros], - input.size() - leading_zeros); + secure_vector<byte> output(&input[leading_zeros], + &input[input.size()-1]); return output; } @@ -76,7 +76,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, SymmetricKey psk = creds.psk("tls-client", hostname, psk_identity); - MemoryVector<byte> zeros(psk.length()); + std::vector<byte> zeros(psk.length()); append_tls_length_value(pre_master, zeros, 2); append_tls_length_value(pre_master, psk.bits_of(), 2); @@ -124,7 +124,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Key_Agreement ka(priv_key, "Raw"); - SecureVector<byte> dh_secret = strip_leading_zeros( + secure_vector<byte> dh_secret = strip_leading_zeros( ka.derive_key(0, counterparty_key.public_value()).bits_of()); if(kex_algo == "DH") @@ -153,7 +153,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, EC_Group group(name); - MemoryVector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255); + std::vector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255); ECDH_PublicKey counterparty_key(group, OS2ECP(ecdh_key, group.get_curve())); @@ -161,7 +161,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Key_Agreement ka(priv_key, "Raw"); - SecureVector<byte> ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); + secure_vector<byte> ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); if(kex_algo == "ECDH") pre_master = ecdh_secret; @@ -177,7 +177,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, { const BigInt N = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); const BigInt g = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); - MemoryVector<byte> salt = reader.get_range<byte>(1, 1, 255); + std::vector<byte> salt = reader.get_range<byte>(1, 1, 255); const BigInt B = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); const std::string srp_group = srp6_group_identifier(N, g); @@ -228,7 +228,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Encryptor_EME encryptor(*rsa_pub, "PKCS1v15"); - MemoryVector<byte> encrypted_key = encryptor.encrypt(pre_master, rng); + std::vector<byte> encrypted_key = encryptor.encrypt(pre_master, rng); if(state->version() == Protocol_Version::SSL_V3) key_material = encrypted_key; // no length field @@ -247,7 +247,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, /* * Read a Client Key Exchange message */ -Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, +Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, const Handshake_State* state, Credentials_Manager& creds, const Policy& policy, @@ -326,7 +326,7 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, if(kex_algo == "PSK") { - MemoryVector<byte> zeros(psk.length()); + std::vector<byte> zeros(psk.length()); append_tls_length_value(pre_master, zeros, 2); append_tls_length_value(pre_master, psk.bits_of(), 2); } @@ -352,14 +352,14 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, { PK_Key_Agreement ka(*ka_key, "Raw"); - MemoryVector<byte> client_pubkey; + std::vector<byte> client_pubkey; if(ka_key->algo_name() == "DH") client_pubkey = reader.get_range<byte>(2, 0, 65535); else client_pubkey = reader.get_range<byte>(1, 0, 255); - SecureVector<byte> shared_secret = ka.derive_key(0, client_pubkey).bits_of(); + secure_vector<byte> shared_secret = ka.derive_key(0, client_pubkey).bits_of(); if(ka_key->algo_name() == "DH") shared_secret = strip_leading_zeros(shared_secret); diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 1b686c1c4..6ec5339bb 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -80,7 +80,7 @@ Certificate_Req::Certificate_Req(Record_Writer& writer, /** * Deserialize a Certificate Request message */ -Certificate_Req::Certificate_Req(const MemoryRegion<byte>& buf, +Certificate_Req::Certificate_Req(const std::vector<byte>& buf, Protocol_Version version) { if(buf.size() < 4) @@ -141,9 +141,9 @@ Certificate_Req::Certificate_Req(const MemoryRegion<byte>& buf, /** * Serialize a Certificate Request message */ -MemoryVector<byte> Certificate_Req::serialize() const +std::vector<byte> Certificate_Req::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; std::vector<byte> cert_types; @@ -155,7 +155,7 @@ MemoryVector<byte> Certificate_Req::serialize() const if(!m_supported_algos.empty()) buf += Signature_Algorithms(m_supported_algos).serialize(); - MemoryVector<byte> encoded_names; + std::vector<byte> encoded_names; for(size_t i = 0; i != names.size(); ++i) { @@ -184,7 +184,7 @@ Certificate::Certificate(Record_Writer& writer, /** * Deserialize a Certificate message */ -Certificate::Certificate(const MemoryRegion<byte>& buf) +Certificate::Certificate(const std::vector<byte>& buf) { if(buf.size() < 3) throw Decoding_Error("Certificate: Message malformed"); @@ -196,14 +196,14 @@ Certificate::Certificate(const MemoryRegion<byte>& buf) const byte* certs = &buf[3]; - while(certs != buf.end()) + while(size_t remaining_bytes = &buf[buf.size()] - certs) { - if(buf.end() - certs < 3) + if(remaining_bytes < 3) throw Decoding_Error("Certificate: Message malformed"); const size_t cert_size = make_u32bit(0, certs[0], certs[1], certs[2]); - if(buf.end() - certs < (3 + cert_size)) + if(remaining_bytes < (3 + cert_size)) throw Decoding_Error("Certificate: Message malformed"); DataSource_Memory cert_buf(&certs[3], cert_size); @@ -216,13 +216,13 @@ Certificate::Certificate(const MemoryRegion<byte>& buf) /** * Serialize a Certificate message */ -MemoryVector<byte> Certificate::serialize() const +std::vector<byte> Certificate::serialize() const { - MemoryVector<byte> buf(3); + std::vector<byte> buf(3); for(size_t i = 0; i != m_certs.size(); ++i) { - MemoryVector<byte> raw_cert = m_certs[i].BER_encode(); + std::vector<byte> raw_cert = m_certs[i].BER_encode(); const size_t cert_size = raw_cert.size(); for(size_t i = 0; i != 3; ++i) buf.push_back(get_byte<u32bit>(i+1, cert_size)); diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp index 0a377b35f..e6d90b060 100644 --- a/src/tls/cert_ver.cpp +++ b/src/tls/cert_ver.cpp @@ -33,7 +33,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, if(state->version() == Protocol_Version::SSL_V3) { - SecureVector<byte> md5_sha = state->hash.final_ssl3( + secure_vector<byte> md5_sha = state->hash.final_ssl3( state->keys.master_secret()); if(priv_key->algo_name() == "DSA") @@ -52,7 +52,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, /* * Deserialize a Certificate Verify message */ -Certificate_Verify::Certificate_Verify(const MemoryRegion<byte>& buf, +Certificate_Verify::Certificate_Verify(const std::vector<byte>& buf, Protocol_Version version) { TLS_Data_Reader reader(buf); @@ -69,9 +69,9 @@ Certificate_Verify::Certificate_Verify(const MemoryRegion<byte>& buf, /* * Serialize a Certificate Verify message */ -MemoryVector<byte> Certificate_Verify::serialize() const +std::vector<byte> Certificate_Verify::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; if(hash_algo != "" && sig_algo != "") { @@ -102,7 +102,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, if(state->version() == Protocol_Version::SSL_V3) { - SecureVector<byte> md5_sha = state->hash.final_ssl3( + secure_vector<byte> md5_sha = state->hash.final_ssl3( state->keys.master_secret()); return verifier.verify_message(&md5_sha[16], md5_sha.size()-16, diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index bb6e8d20e..c8ae4a343 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -18,7 +18,7 @@ namespace { /* * Compute the verify_data */ -MemoryVector<byte> finished_compute_verify(Handshake_State* state, +std::vector<byte> finished_compute_verify(Handshake_State* state, Connection_Side side) { if(state->version() == Protocol_Version::SSL_V3) @@ -28,14 +28,14 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state, Handshake_Hash hash = state->hash; // don't modify state - MemoryVector<byte> ssl3_finished; + std::vector<byte> ssl3_finished; if(side == CLIENT) hash.update(SSL_CLIENT_LABEL, sizeof(SSL_CLIENT_LABEL)); else hash.update(SSL_SERVER_LABEL, sizeof(SSL_SERVER_LABEL)); - return hash.final_ssl3(state->keys.master_secret()); + return unlock(hash.final_ssl3(state->keys.master_secret())); } else { @@ -49,7 +49,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state, std::unique_ptr<KDF> prf(state->protocol_specific_prf()); - MemoryVector<byte> input; + std::vector<byte> input; if(side == CLIENT) input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)); else @@ -57,7 +57,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state, input += state->hash.final(state->version(), state->suite.mac_algo()); - return prf->derive_key(12, state->keys.master_secret(), input); + return unlock(prf->derive_key(12, state->keys.master_secret(), input)); } } @@ -77,7 +77,7 @@ Finished::Finished(Record_Writer& writer, /* * Serialize a Finished message */ -MemoryVector<byte> Finished::serialize() const +std::vector<byte> Finished::serialize() const { return verification_data; } @@ -85,7 +85,7 @@ MemoryVector<byte> Finished::serialize() const /* * Deserialize a Finished message */ -Finished::Finished(const MemoryRegion<byte>& buf) +Finished::Finished(const std::vector<byte>& buf) { verification_data = buf; } diff --git a/src/tls/hello_verify.cpp b/src/tls/hello_verify.cpp index e844d7f72..c77076e4c 100644 --- a/src/tls/hello_verify.cpp +++ b/src/tls/hello_verify.cpp @@ -13,7 +13,7 @@ namespace Botan { namespace TLS { -Hello_Verify_Request::Hello_Verify_Request(const MemoryRegion<byte>& buf) +Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& buf) { if(buf.size() < 3) throw Decoding_Error("Hello verify request too small"); @@ -25,7 +25,7 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryRegion<byte>& buf) copy_mem(&m_cookie[0], &buf[2], buf.size() - 2); } -Hello_Verify_Request::Hello_Verify_Request(const MemoryVector<byte>& client_hello_bits, +Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key) { @@ -37,10 +37,10 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryVector<byte>& client_hell hmac->update_be(client_identity.size()); hmac->update(client_identity); - m_cookie = hmac->final(); + m_cookie = unlock(hmac->final()); } -MemoryVector<byte> Hello_Verify_Request::serialize() const +std::vector<byte> Hello_Verify_Request::serialize() const { /* DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be @@ -49,7 +49,7 @@ MemoryVector<byte> Hello_Verify_Request::serialize() const Protocol_Version format_version(Protocol_Version::TLS_V11); - MemoryVector<byte> bits; + std::vector<byte> bits; bits.push_back(format_version.major_version()); bits.push_back(format_version.minor_version()); bits += m_cookie; diff --git a/src/tls/next_protocol.cpp b/src/tls/next_protocol.cpp index 17b77fb6e..adf9acbe9 100644 --- a/src/tls/next_protocol.cpp +++ b/src/tls/next_protocol.cpp @@ -22,7 +22,7 @@ Next_Protocol::Next_Protocol(Record_Writer& writer, hash.update(writer.send(*this)); } -Next_Protocol::Next_Protocol(const MemoryRegion<byte>& buf) +Next_Protocol::Next_Protocol(const std::vector<byte>& buf) { TLS_Data_Reader reader(buf); @@ -31,9 +31,9 @@ Next_Protocol::Next_Protocol(const MemoryRegion<byte>& buf) reader.get_range_vector<byte>(1, 0, 255); // padding, ignored } -MemoryVector<byte> Next_Protocol::serialize() const +std::vector<byte> Next_Protocol::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; append_tls_length_value(buf, reinterpret_cast<const byte*>(m_protocol.data()), diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index b240f4703..4a1d6aac1 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -165,7 +165,7 @@ size_t Record_Reader::fill_buffer_to(const byte*& input, size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, size_t& consumed, byte& msg_type, - MemoryVector<byte>& msg) + std::vector<byte>& msg) { const byte* input = &input_array[0]; @@ -333,7 +333,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, ++m_seq_no; - m_mac->final(m_macbuf); + m_mac->final(&m_macbuf[0]); const size_t mac_offset = record_len - (m_macbuf.size() + pad_size); diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 3a54d7931..63383f85e 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -146,10 +146,10 @@ void Record_Writer::activate(Connection_Side side, throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo); } -MemoryVector<byte> Record_Writer::send(Handshake_Message& msg) +std::vector<byte> Record_Writer::send(Handshake_Message& msg) { - const MemoryVector<byte> buf = msg.serialize(); - MemoryVector<byte> send_buf(4); + const std::vector<byte> buf = msg.serialize(); + std::vector<byte> send_buf(4); const size_t buf_size = buf.size(); diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index 1244dd2d8..d4cc4a1ab 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -21,13 +21,13 @@ namespace TLS { */ Server_Hello::Server_Hello(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion<byte>& session_id, + const std::vector<byte>& session_id, Protocol_Version ver, u16bit ciphersuite, byte compression, size_t max_fragment_size, bool client_has_secure_renegotiation, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, bool offer_session_ticket, bool client_has_npn, const std::vector<std::string>& next_protocols, @@ -53,7 +53,7 @@ Server_Hello::Server_Hello(Record_Writer& writer, /* * Deserialize a Server Hello message */ -Server_Hello::Server_Hello(const MemoryRegion<byte>& buf) +Server_Hello::Server_Hello(const std::vector<byte>& buf) { m_secure_renegotiation = false; m_supports_session_ticket = false; @@ -118,9 +118,9 @@ Server_Hello::Server_Hello(const MemoryRegion<byte>& buf) /* * Serialize a Server Hello message */ -MemoryVector<byte> Server_Hello::serialize() const +std::vector<byte> Server_Hello::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -167,7 +167,7 @@ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, /* * Deserialize a Server Hello Done message */ -Server_Hello_Done::Server_Hello_Done(const MemoryRegion<byte>& buf) +Server_Hello_Done::Server_Hello_Done(const std::vector<byte>& buf) { if(buf.size()) throw Decoding_Error("Server_Hello_Done: Must be empty, and is not"); @@ -176,9 +176,9 @@ Server_Hello_Done::Server_Hello_Done(const MemoryRegion<byte>& buf) /* * Serialize a Server Hello Done message */ -MemoryVector<byte> Server_Hello_Done::serialize() const +std::vector<byte> Server_Hello_Done::serialize() const { - return MemoryVector<byte>(); + return std::vector<byte>(); } } diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 34cd872ac..d28b44857 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -95,7 +95,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, std::string group_id; BigInt v; - MemoryVector<byte> salt; + std::vector<byte> salt; const bool found = creds.srp_verifier("tls-server", hostname, srp_identifier, @@ -142,7 +142,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, /** * Deserialize a Server Key Exchange message */ -Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, +Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf, const std::string& kex_algo, const std::string& sig_algo, Protocol_Version version) : @@ -186,7 +186,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); - MemoryVector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255); + std::vector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255); if(name == "") throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " + @@ -203,7 +203,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion<byte>& buf, const BigInt N = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); const BigInt g = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); - MemoryVector<byte> salt = reader.get_range<byte>(1, 1, 255); + std::vector<byte> salt = reader.get_range<byte>(1, 1, 255); const BigInt B = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); append_tls_length_value(m_params, BigInt::encode(N), 2); @@ -236,9 +236,9 @@ Server_Key_Exchange::~Server_Key_Exchange() /** * Serialize a Server Key Exchange message */ -MemoryVector<byte> Server_Key_Exchange::serialize() const +std::vector<byte> Server_Key_Exchange::serialize() const { - MemoryVector<byte> buf = params(); + std::vector<byte> buf = params(); if(m_signature.size()) { diff --git a/src/tls/session_ticket.cpp b/src/tls/session_ticket.cpp index 273996a16..8cee2a454 100644 --- a/src/tls/session_ticket.cpp +++ b/src/tls/session_ticket.cpp @@ -17,7 +17,7 @@ namespace TLS { New_Session_Ticket::New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion<byte>& ticket, + const std::vector<byte>& ticket, u32bit lifetime) : m_ticket_lifetime_hint(lifetime), m_ticket(ticket) @@ -32,7 +32,7 @@ New_Session_Ticket::New_Session_Ticket(Record_Writer& writer, hash.update(writer.send(*this)); } -New_Session_Ticket::New_Session_Ticket(const MemoryRegion<byte>& buf) : +New_Session_Ticket::New_Session_Ticket(const std::vector<byte>& buf) : m_ticket_lifetime_hint(0) { if(buf.size() < 6) @@ -44,9 +44,9 @@ New_Session_Ticket::New_Session_Ticket(const MemoryRegion<byte>& buf) : m_ticket = reader.get_range<byte>(2, 0, 65535); } -MemoryVector<byte> New_Session_Ticket::serialize() const +std::vector<byte> New_Session_Ticket::serialize() const { - MemoryVector<byte> buf(4); + std::vector<byte> buf(4); store_be(m_ticket_lifetime_hint, &buf[0]); append_tls_length_value(buf, m_ticket, 2); return buf; diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp index f4d0e1034..b6aaa3498 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp @@ -53,7 +53,7 @@ class sqlite3_statement bind(column, timeval); } - void bind(int column, const MemoryRegion<byte>& val) + void bind(int column, const std::vector<byte>& val) { int rc = sqlite3_bind_blob(m_stmt, column, &val[0], val.size(), SQLITE_TRANSIENT); if(rc != SQLITE_OK) @@ -137,7 +137,7 @@ SymmetricKey derive_key(const std::string& passphrase, { std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(SHA-512)")); - SecureVector<byte> x = pbkdf->derive_key(32 + 3, + std::vector<byte> x = pbkdf->derive_key(32 + 3, passphrase, salt, salt_len, iterations).bits_of(); @@ -217,7 +217,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase, // new database case - MemoryVector<byte> salt = rng.random_vec(16); + std::vector<byte> salt = rng.random_vec(16); const size_t iterations = 64 * 1024; size_t check_val = 0; @@ -240,7 +240,7 @@ Session_Manager_SQLite::~Session_Manager_SQLite() sqlite3_close(m_db); } -bool Session_Manager_SQLite::load_from_session_id(const MemoryRegion<byte>& session_id, +bool Session_Manager_SQLite::load_from_session_id(const std::vector<byte>& session_id, Session& session) { sqlite3_statement stmt(m_db, "select session from tls_sessions where session_id = ?1"); @@ -300,7 +300,7 @@ bool Session_Manager_SQLite::load_from_host_info(const std::string& hostname, return false; } -void Session_Manager_SQLite::remove_entry(const MemoryRegion<byte>& session_id) +void Session_Manager_SQLite::remove_entry(const std::vector<byte>& session_id) { sqlite3_statement stmt(m_db, "delete from tls_sessions where session_id = ?1"); diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h index cac7affd0..923915496 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h @@ -40,13 +40,13 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager ~Session_Manager_SQLite(); - bool load_from_session_id(const MemoryRegion<byte>& session_id, + bool load_from_session_id(const std::vector<byte>& session_id, Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, Session& session); - void remove_entry(const MemoryRegion<byte>& session_id); + void remove_entry(const std::vector<byte>& session_id); void save(const Session& session_data); diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index dee082bac..5bc2e7484 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -12,7 +12,7 @@ namespace Botan { namespace TLS { -Alert::Alert(const MemoryRegion<byte>& buf) +Alert::Alert(const std::vector<byte>& buf) { if(buf.size() != 2) throw Decoding_Error("Alert: Bad size " + std::to_string(buf.size()) + diff --git a/src/tls/tls_alert.h b/src/tls/tls_alert.h index 3dfff3d29..b3001f259 100644 --- a/src/tls/tls_alert.h +++ b/src/tls/tls_alert.h @@ -82,7 +82,7 @@ class BOTAN_DLL Alert * Deserialize an Alert message * @param buf the serialized alert */ - Alert(const MemoryRegion<byte>& buf); + Alert(const std::vector<byte>& buf); Alert(Type alert_type, bool is_fatal = false) : fatal(is_fatal), type_code(alert_type) {} diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index 7a66eb946..ff6722b5e 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -43,7 +43,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) while(buf_size) { byte rec_type = CONNECTION_CLOSED; - MemoryVector<byte> record; + std::vector<byte> record; size_t consumed = 0; const size_t needed = reader.add_input(buf, buf_size, @@ -67,12 +67,12 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) { Heartbeat_Message heartbeat(record); - const MemoryRegion<byte>& payload = heartbeat.payload(); + const std::vector<byte>& payload = heartbeat.payload(); if(heartbeat.is_request() && !state) { Heartbeat_Message response(Heartbeat_Message::RESPONSE, - payload, payload.size()); + &payload[0], payload.size()); writer.send(HEARTBEAT, response.contents()); } @@ -159,7 +159,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) * Split up and process handshake messages */ void Channel::read_handshake(byte rec_type, - const MemoryRegion<byte>& rec_buf) + const std::vector<byte>& rec_buf) { if(rec_type == HANDSHAKE) { @@ -178,7 +178,7 @@ void Channel::read_handshake(byte rec_type, { if(state->handshake_reader()->have_full_record()) { - std::pair<Handshake_Type, MemoryVector<byte> > msg = + std::pair<Handshake_Type, std::vector<byte> > msg = state->handshake_reader()->get_next_record(); process_handshake_msg(msg.first, msg.second); } @@ -188,7 +188,7 @@ void Channel::read_handshake(byte rec_type, else if(rec_type == CHANGE_CIPHER_SPEC) { if(state->handshake_reader()->empty() && rec_buf.size() == 1 && rec_buf[0] == 1) - process_handshake_msg(HANDSHAKE_CCS, MemoryVector<byte>()); + process_handshake_msg(HANDSHAKE_CCS, std::vector<byte>()); else throw Decoding_Error("Malformed ChangeCipherSpec message"); } @@ -259,7 +259,7 @@ void Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) if(client_hello->secure_renegotiation()) { - const MemoryVector<byte>& data = client_hello->renegotiation_info(); + const std::vector<byte>& data = client_hello->renegotiation_info(); if(initial_handshake) { @@ -294,7 +294,7 @@ void Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) if(secure_renegotiation) { - const MemoryVector<byte>& data = server_hello->renegotiation_info(); + const std::vector<byte>& data = server_hello->renegotiation_info(); if(initial_handshake) { diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index d1131460b..46dafc416 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -92,10 +92,10 @@ class BOTAN_DLL Channel void send_alert(const Alert& alert); virtual void read_handshake(byte rec_type, - const MemoryRegion<byte>& rec_buf); + const std::vector<byte>& rec_buf); virtual void process_handshake_msg(Handshake_Type type, - const MemoryRegion<byte>& contents) = 0; + const std::vector<byte>& contents) = 0; virtual void alert_notify(const Alert& alert) = 0; @@ -122,12 +122,12 @@ class BOTAN_DLL Channel void update(class Finished* client_finished, class Finished* server_finished); - const MemoryVector<byte>& for_client_hello() const + const std::vector<byte>& for_client_hello() const { return client_verify; } - MemoryVector<byte> for_server_hello() const + std::vector<byte> for_server_hello() const { - MemoryVector<byte> buf = client_verify; + std::vector<byte> buf = client_verify; buf += server_verify; return buf; } @@ -137,7 +137,7 @@ class BOTAN_DLL Channel private: bool initial_handshake; bool secure_renegotiation; - MemoryVector<byte> client_verify, server_verify; + std::vector<byte> client_verify, server_verify; }; Secure_Renegotiation_State secure_renegotiation; diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index dd17db2cf..feb9ef85f 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -141,7 +141,7 @@ void Client::alert_notify(const Alert& alert) * Process a handshake message */ void Client::process_handshake_msg(Handshake_Type type, - const MemoryRegion<byte>& contents) + const std::vector<byte>& contents) { if(state == 0) throw Unexpected_Message("Unexpected handshake message from server"); @@ -446,9 +446,9 @@ void Client::process_handshake_msg(Handshake_Type type, secure_renegotiation.update(state->client_finished, state->server_finished); - MemoryVector<byte> session_id = state->server_hello->session_id(); + std::vector<byte> session_id = state->server_hello->session_id(); - const MemoryRegion<byte>& session_ticket = state->session_ticket(); + const std::vector<byte>& session_ticket = state->session_ticket(); if(session_id.empty() && !session_ticket.empty()) session_id = make_hello_random(rng); diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 297c5f611..2844780bd 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -56,7 +56,7 @@ class BOTAN_DLL Client : public Channel void renegotiate(bool force_full_renegotiation); private: void process_handshake_msg(Handshake_Type type, - const MemoryRegion<byte>& contents); + const std::vector<byte>& contents) override; void alert_notify(const Alert& alert); diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 6d69bfb9b..0f4e3176e 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -81,9 +81,9 @@ Extensions::Extensions(TLS_Data_Reader& reader) } } -MemoryVector<byte> Extensions::serialize() const +std::vector<byte> Extensions::serialize() const { - MemoryVector<byte> buf(2); // 2 bytes for length field + std::vector<byte> buf(2); // 2 bytes for length field for(std::map<Handshake_Extension_Type, Extension*>::const_iterator i = extensions.begin(); i != extensions.end(); ++i) @@ -93,7 +93,7 @@ MemoryVector<byte> Extensions::serialize() const const u16bit extn_code = i->second->type(); - MemoryVector<byte> extn_val = i->second->serialize(); + std::vector<byte> extn_val = i->second->serialize(); buf.push_back(get_byte(0, extn_code)); buf.push_back(get_byte(1, extn_code)); @@ -111,7 +111,7 @@ MemoryVector<byte> Extensions::serialize() const // avoid sending a completely empty extensions block if(buf.size() == 2) - return MemoryVector<byte>(); + return std::vector<byte>(); return buf; } @@ -159,9 +159,9 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, } } -MemoryVector<byte> Server_Name_Indicator::serialize() const +std::vector<byte> Server_Name_Indicator::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; size_t name_len = sni_host_name.size(); @@ -188,9 +188,9 @@ SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader, throw Decoding_Error("Bad encoding for SRP identifier extension"); } -MemoryVector<byte> SRP_Identifier::serialize() const +std::vector<byte> SRP_Identifier::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; const byte* srp_bytes = reinterpret_cast<const byte*>(srp_identifier.data()); @@ -209,9 +209,9 @@ Renegotation_Extension::Renegotation_Extension(TLS_Data_Reader& reader, throw Decoding_Error("Bad encoding for secure renegotiation extn"); } -MemoryVector<byte> Renegotation_Extension::serialize() const +std::vector<byte> Renegotation_Extension::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; append_tls_length_value(buf, reneg_data, 1); return buf; } @@ -279,9 +279,9 @@ Next_Protocol_Notification::Next_Protocol_Notification(TLS_Data_Reader& reader, } } -MemoryVector<byte> Next_Protocol_Notification::serialize() const +std::vector<byte> Next_Protocol_Notification::serialize() const { - MemoryVector<byte> buf; + std::vector<byte> buf; for(size_t i = 0; i != m_protocols.size(); ++i) { @@ -356,9 +356,9 @@ u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) throw Invalid_Argument("name_to_curve_id unknown name " + name); } -MemoryVector<byte> Supported_Elliptic_Curves::serialize() const +std::vector<byte> Supported_Elliptic_Curves::serialize() const { - MemoryVector<byte> buf(2); + std::vector<byte> buf(2); for(size_t i = 0; i != m_curves.size(); ++i) { @@ -466,9 +466,9 @@ byte Signature_Algorithms::sig_algo_code(const std::string& name) throw Internal_Error("Unknown sig ID " + name + " for signature_algorithms"); } -MemoryVector<byte> Signature_Algorithms::serialize() const +std::vector<byte> Signature_Algorithms::serialize() const { - MemoryVector<byte> buf(2); + std::vector<byte> buf(2); for(size_t i = 0; i != m_supported_algos.size(); ++i) { @@ -516,7 +516,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, Session_Ticket::Session_Ticket(TLS_Data_Reader& reader, u16bit extension_size) { - m_ticket = reader.get_elem<byte, MemoryVector<byte> >(extension_size); + m_ticket = reader.get_elem<byte, std::vector<byte> >(extension_size); } } diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h index 3fe3f7399..885851c95 100644 --- a/src/tls/tls_extensions.h +++ b/src/tls/tls_extensions.h @@ -49,7 +49,7 @@ class Extension public: virtual Handshake_Extension_Type type() const = 0; - virtual MemoryVector<byte> serialize() const = 0; + virtual std::vector<byte> serialize() const = 0; virtual bool empty() const = 0; @@ -75,7 +75,7 @@ class Server_Name_Indicator : public Extension std::string host_name() const { return sni_host_name; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return sni_host_name == ""; } private: @@ -101,7 +101,7 @@ class SRP_Identifier : public Extension std::string identifier() const { return srp_identifier; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return srp_identifier == ""; } private: @@ -121,20 +121,20 @@ class Renegotation_Extension : public Extension Renegotation_Extension() {} - Renegotation_Extension(const MemoryRegion<byte>& bits) : + Renegotation_Extension(const std::vector<byte>& bits) : reneg_data(bits) {} Renegotation_Extension(TLS_Data_Reader& reader, u16bit extension_size); - const MemoryVector<byte>& renegotiation_info() const + const std::vector<byte>& renegotiation_info() const { return reneg_data; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return false; } // always send this private: - MemoryVector<byte> reneg_data; + std::vector<byte> reneg_data; }; /** @@ -152,9 +152,9 @@ class Maximum_Fragment_Length : public Extension size_t fragment_size() const; - MemoryVector<byte> serialize() const + std::vector<byte> serialize() const { - return MemoryVector<byte>(&val, 1); + return std::vector<byte>(1, val); } /** @@ -204,7 +204,7 @@ class Next_Protocol_Notification : public Extension Next_Protocol_Notification(TLS_Data_Reader& reader, u16bit extension_size); - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return false; } private: @@ -219,7 +219,7 @@ class Session_Ticket : public Extension Handshake_Extension_Type type() const { return static_type(); } - const MemoryVector<byte>& contents() const { return m_ticket; } + const std::vector<byte>& contents() const { return m_ticket; } /** * Create empty extension, used by both client and server @@ -229,7 +229,7 @@ class Session_Ticket : public Extension /** * Extension with ticket, used by client */ - Session_Ticket(const MemoryRegion<byte>& session_ticket) : + Session_Ticket(const std::vector<byte>& session_ticket) : m_ticket(session_ticket) {} /** @@ -237,11 +237,11 @@ class Session_Ticket : public Extension */ Session_Ticket(TLS_Data_Reader& reader, u16bit extension_size); - MemoryVector<byte> serialize() const { return m_ticket; } + std::vector<byte> serialize() const { return m_ticket; } bool empty() const { return false; } private: - MemoryVector<byte> m_ticket; + std::vector<byte> m_ticket; }; /** @@ -260,7 +260,7 @@ class Supported_Elliptic_Curves : public Extension const std::vector<std::string>& curves() const { return m_curves; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Supported_Elliptic_Curves(const std::vector<std::string>& curves) : m_curves(curves) {} @@ -296,7 +296,7 @@ class Signature_Algorithms : public Extension return m_supported_algos; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return false; } @@ -322,7 +322,7 @@ class Heartbeat_Support_Indicator : public Extension bool peer_allowed_to_send() const { return m_peer_allowed_to_send; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; bool empty() const { return false; } @@ -360,7 +360,7 @@ class Extensions extensions[extn->type()] = extn; } - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Extensions() {} diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 02516632e..df956e7bb 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -16,7 +16,7 @@ namespace Botan { namespace TLS { void Handshake_Hash::update(Handshake_Type handshake_type, - const MemoryRegion<byte>& handshake_msg) + const std::vector<byte>& handshake_msg) { update(static_cast<byte>(handshake_type)); @@ -30,7 +30,7 @@ void Handshake_Hash::update(Handshake_Type handshake_type, /** * Return a TLS Handshake Hash */ -SecureVector<byte> Handshake_Hash::final(Protocol_Version version, +secure_vector<byte> Handshake_Hash::final(Protocol_Version version, const std::string& mac_algo) { Algorithm_Factory& af = global_state().algorithm_factory(); @@ -59,7 +59,7 @@ SecureVector<byte> Handshake_Hash::final(Protocol_Version version, /** * Return a SSLv3 Handshake Hash */ -SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) +secure_vector<byte> Handshake_Hash::final_ssl3(const secure_vector<byte>& secret) { const byte PAD_INNER = 0x36, PAD_OUTER = 0x5C; @@ -79,7 +79,7 @@ SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) for(size_t i = 0; i != 40; ++i) sha1->update(PAD_INNER); - SecureVector<byte> inner_md5 = md5->final(), inner_sha1 = sha1->final(); + secure_vector<byte> inner_md5 = md5->final(), inner_sha1 = sha1->final(); md5->update(secret); sha1->update(secret); @@ -92,7 +92,7 @@ SecureVector<byte> Handshake_Hash::final_ssl3(const MemoryRegion<byte>& secret) md5->update(inner_md5); sha1->update(inner_sha1); - SecureVector<byte> output; + secure_vector<byte> output; output += md5->final(); output += sha1->final(); return output; diff --git a/src/tls/tls_handshake_hash.h b/src/tls/tls_handshake_hash.h index c13f97aa8..02943977f 100644 --- a/src/tls/tls_handshake_hash.h +++ b/src/tls/tls_handshake_hash.h @@ -27,25 +27,28 @@ class Handshake_Hash void update(const byte in[], size_t length) { data += std::make_pair(in, length); } - void update(const MemoryRegion<byte>& in) + void update(const secure_vector<byte>& in) + { data += in; } + + void update(const std::vector<byte>& in) { data += in; } void update(byte in) { data.push_back(in); } void update(Handshake_Type handshake_type, - const MemoryRegion<byte>& handshake_msg); + const std::vector<byte>& handshake_msg); - SecureVector<byte> final(Protocol_Version version, + secure_vector<byte> final(Protocol_Version version, const std::string& mac_algo); - SecureVector<byte> final_ssl3(const MemoryRegion<byte>& master_secret); + secure_vector<byte> final_ssl3(const secure_vector<byte>& master_secret); - const SecureVector<byte>& get_contents() const + const secure_vector<byte>& get_contents() const { return data; } private: - SecureVector<byte> data; + secure_vector<byte> data; }; } diff --git a/src/tls/tls_handshake_reader.cpp b/src/tls/tls_handshake_reader.cpp index 8278a2296..a3fe48f71 100644 --- a/src/tls/tls_handshake_reader.cpp +++ b/src/tls/tls_handshake_reader.cpp @@ -38,7 +38,7 @@ bool Stream_Handshake_Reader::have_full_record() const return false; } -std::pair<Handshake_Type, MemoryVector<byte> > Stream_Handshake_Reader::get_next_record() +std::pair<Handshake_Type, std::vector<byte> > Stream_Handshake_Reader::get_next_record() { if(m_queue.size() >= 4) { @@ -50,7 +50,7 @@ std::pair<Handshake_Type, MemoryVector<byte> > Stream_Handshake_Reader::get_next if(m_queue.size() >= length + 4) { Handshake_Type type = static_cast<Handshake_Type>(head[0]); - MemoryVector<byte> contents(length); + std::vector<byte> contents(length); m_queue.read(head, 4); // discard m_queue.read(&contents[0], contents.size()); diff --git a/src/tls/tls_handshake_reader.h b/src/tls/tls_handshake_reader.h index 06a273ced..618e1878a 100644 --- a/src/tls/tls_handshake_reader.h +++ b/src/tls/tls_handshake_reader.h @@ -29,7 +29,7 @@ class Handshake_Reader virtual bool have_full_record() const = 0; - virtual std::pair<Handshake_Type, MemoryVector<byte> > get_next_record() = 0; + virtual std::pair<Handshake_Type, std::vector<byte> > get_next_record() = 0; virtual ~Handshake_Reader() {} }; @@ -46,7 +46,7 @@ class Stream_Handshake_Reader : public Handshake_Reader bool have_full_record() const; - std::pair<Handshake_Type, MemoryVector<byte> > get_next_record(); + std::pair<Handshake_Type, std::vector<byte> > get_next_record(); private: SecureQueue m_queue; }; diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index f5a9f899c..b8f3125c8 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -154,7 +154,7 @@ std::string Handshake_State::srp_identifier() const return ""; } -const MemoryRegion<byte>& Handshake_State::session_ticket() const +const std::vector<byte>& Handshake_State::session_ticket() const { if(new_session_ticket && !new_session_ticket->ticket().empty()) return new_session_ticket->ticket(); diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 364c715f8..ef8b4ee8f 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -37,7 +37,7 @@ class Handshake_State void confirm_transition_to(Handshake_Type handshake_msg); void set_expected_next(Handshake_Type handshake_msg); - const MemoryRegion<byte>& session_ticket() const; + const std::vector<byte>& session_ticket() const; std::pair<std::string, Signature_Format> understand_sig_format(const Public_Key* key, @@ -86,7 +86,7 @@ class Handshake_State /* * Only used by clients for session resumption */ - SecureVector<byte> resume_master_secret; + secure_vector<byte> resume_master_secret; /* * diff --git a/src/tls/tls_heartbeats.cpp b/src/tls/tls_heartbeats.cpp index 059772d34..8c129858e 100644 --- a/src/tls/tls_heartbeats.cpp +++ b/src/tls/tls_heartbeats.cpp @@ -14,7 +14,7 @@ namespace Botan { namespace TLS { -Heartbeat_Message::Heartbeat_Message(const MemoryRegion<byte>& buf) +Heartbeat_Message::Heartbeat_Message(const std::vector<byte>& buf) { TLS_Data_Reader reader(buf); @@ -35,13 +35,13 @@ Heartbeat_Message::Heartbeat_Message(Type type, const byte payload[], size_t payload_len) : m_type(type), - m_payload(payload, payload_len) + m_payload(payload, payload + payload_len) { } -MemoryVector<byte> Heartbeat_Message::contents() const +std::vector<byte> Heartbeat_Message::contents() const { - MemoryVector<byte> send_buf(3 + m_payload.size() + 16); + std::vector<byte> send_buf(3 + m_payload.size() + 16); send_buf[0] = m_type; send_buf[1] = get_byte<u16bit>(0, m_payload.size()); send_buf[2] = get_byte<u16bit>(1, m_payload.size()); @@ -51,9 +51,9 @@ MemoryVector<byte> Heartbeat_Message::contents() const return send_buf; } -MemoryVector<byte> Heartbeat_Support_Indicator::serialize() const +std::vector<byte> Heartbeat_Support_Indicator::serialize() const { - MemoryVector<byte> heartbeat(1); + std::vector<byte> heartbeat(1); heartbeat[0] = (m_peer_allowed_to_send ? 1 : 2); return heartbeat; } diff --git a/src/tls/tls_heartbeats.h b/src/tls/tls_heartbeats.h index 4fa49501b..f3cc9ec68 100644 --- a/src/tls/tls_heartbeats.h +++ b/src/tls/tls_heartbeats.h @@ -19,18 +19,18 @@ class Heartbeat_Message public: enum Type { REQUEST = 1, RESPONSE = 2 }; - MemoryVector<byte> contents() const; + std::vector<byte> contents() const; - const MemoryRegion<byte>& payload() const { return m_payload; } + const std::vector<byte>& payload() const { return m_payload; } bool is_request() const { return m_type == REQUEST; } - Heartbeat_Message(const MemoryRegion<byte>& buf); + Heartbeat_Message(const std::vector<byte>& buf); Heartbeat_Message(Type type, const byte payload[], size_t payload_len); private: Type m_type; - MemoryVector<byte> m_payload; + std::vector<byte> m_payload; }; } diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index d9146dda1..e3bdaa6a0 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -34,7 +34,7 @@ class Record_Reader; class Handshake_Message { public: - virtual MemoryVector<byte> serialize() const = 0; + virtual std::vector<byte> serialize() const = 0; virtual Handshake_Type type() const = 0; Handshake_Message() {} @@ -44,7 +44,7 @@ class Handshake_Message Handshake_Message& operator=(const Handshake_Message&) { return (*this); } }; -MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng); +std::vector<byte> make_hello_random(RandomNumberGenerator& rng); /** * DTLS Hello Verify Request @@ -52,18 +52,18 @@ MemoryVector<byte> make_hello_random(RandomNumberGenerator& rng); class Hello_Verify_Request : public Handshake_Message { public: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Handshake_Type type() const { return HELLO_VERIFY_REQUEST; } - MemoryVector<byte> cookie() const { return m_cookie; } + std::vector<byte> cookie() const { return m_cookie; } - Hello_Verify_Request(const MemoryRegion<byte>& buf); + Hello_Verify_Request(const std::vector<byte>& buf); - Hello_Verify_Request(const MemoryVector<byte>& client_hello_bits, + Hello_Verify_Request(const std::vector<byte>& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key); private: - MemoryVector<byte> m_cookie; + std::vector<byte> m_cookie; }; /** @@ -76,7 +76,7 @@ class Client_Hello : public Handshake_Message Protocol_Version version() const { return m_version; } - const MemoryVector<byte>& session_id() const { return m_session_id; } + const std::vector<byte>& session_id() const { return m_session_id; } const std::vector<std::pair<std::string, std::string> >& supported_algos() const { return m_supported_algos; } @@ -87,7 +87,7 @@ class Client_Hello : public Handshake_Message std::vector<u16bit> ciphersuites() const { return m_suites; } std::vector<byte> compression_methods() const { return m_comp_methods; } - const MemoryVector<byte>& random() const { return m_random; } + const std::vector<byte>& random() const { return m_random; } std::string sni_hostname() const { return m_hostname; } @@ -95,7 +95,7 @@ class Client_Hello : public Handshake_Message bool secure_renegotiation() const { return m_secure_renegotiation; } - const MemoryVector<byte>& renegotiation_info() + const std::vector<byte>& renegotiation_info() { return m_renegotiation_info; } bool offered_suite(u16bit ciphersuite) const; @@ -106,7 +106,7 @@ class Client_Hello : public Handshake_Message bool supports_session_ticket() const { return m_supports_session_ticket; } - const MemoryRegion<byte>& session_ticket() const + const std::vector<byte>& session_ticket() const { return m_session_ticket; } bool supports_heartbeats() const { return m_supports_heartbeats; } @@ -117,7 +117,7 @@ class Client_Hello : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, bool next_protocol = false, const std::string& hostname = "", const std::string& srp_identifier = ""); @@ -126,20 +126,20 @@ class Client_Hello : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, const Session& resumed_session, bool next_protocol = false); - Client_Hello(const MemoryRegion<byte>& buf, + Client_Hello(const std::vector<byte>& buf, Handshake_Type type); private: - MemoryVector<byte> serialize() const; - void deserialize(const MemoryRegion<byte>& buf); - void deserialize_sslv2(const MemoryRegion<byte>& buf); + std::vector<byte> serialize() const; + void deserialize(const std::vector<byte>& buf); + void deserialize_sslv2(const std::vector<byte>& buf); Protocol_Version m_version; - MemoryVector<byte> m_session_id, m_random; + std::vector<byte> m_session_id, m_random; std::vector<u16bit> m_suites; std::vector<byte> m_comp_methods; std::string m_hostname; @@ -148,13 +148,13 @@ class Client_Hello : public Handshake_Message size_t m_fragment_size; bool m_secure_renegotiation; - MemoryVector<byte> m_renegotiation_info; + std::vector<byte> m_renegotiation_info; std::vector<std::pair<std::string, std::string> > m_supported_algos; std::vector<std::string> m_supported_curves; bool m_supports_session_ticket; - MemoryVector<byte> m_session_ticket; + std::vector<byte> m_session_ticket; bool m_supports_heartbeats; bool m_peer_can_send_heartbeats; @@ -170,9 +170,9 @@ class Server_Hello : public Handshake_Message Protocol_Version version() { return m_version; } - const MemoryVector<byte>& random() const { return m_random; } + const std::vector<byte>& random() const { return m_random; } - const MemoryVector<byte>& session_id() const { return m_session_id; } + const std::vector<byte>& session_id() const { return m_session_id; } u16bit ciphersuite() const { return m_ciphersuite; } @@ -189,7 +189,7 @@ class Server_Hello : public Handshake_Message size_t fragment_size() const { return m_fragment_size; } - const MemoryVector<byte>& renegotiation_info() + const std::vector<byte>& renegotiation_info() { return m_renegotiation_info; } bool supports_heartbeats() const { return m_supports_heartbeats; } @@ -198,31 +198,31 @@ class Server_Hello : public Handshake_Message Server_Hello(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion<byte>& session_id, + const std::vector<byte>& session_id, Protocol_Version ver, u16bit ciphersuite, byte compression, size_t max_fragment_size, bool client_has_secure_renegotiation, - const MemoryRegion<byte>& reneg_info, + const std::vector<byte>& reneg_info, bool offer_session_ticket, bool client_has_npn, const std::vector<std::string>& next_protocols, bool client_has_heartbeat, RandomNumberGenerator& rng); - Server_Hello(const MemoryRegion<byte>& buf); + Server_Hello(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Protocol_Version m_version; - MemoryVector<byte> m_session_id, m_random; + std::vector<byte> m_session_id, m_random; u16bit m_ciphersuite; byte m_comp_method; size_t m_fragment_size; bool m_secure_renegotiation; - MemoryVector<byte> m_renegotiation_info; + std::vector<byte> m_renegotiation_info; bool m_next_protocol; std::vector<std::string> m_next_protocols; @@ -240,7 +240,7 @@ class Client_Key_Exchange : public Handshake_Message public: Handshake_Type type() const { return CLIENT_KEX; } - const SecureVector<byte>& pre_master_secret() const + const secure_vector<byte>& pre_master_secret() const { return pre_master; } Client_Key_Exchange(Record_Writer& output, @@ -250,16 +250,17 @@ class Client_Key_Exchange : public Handshake_Message const std::string& hostname, RandomNumberGenerator& rng); - Client_Key_Exchange(const MemoryRegion<byte>& buf, + Client_Key_Exchange(const std::vector<byte>& buf, const Handshake_State* state, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng); private: - MemoryVector<byte> serialize() const { return key_material; } + std::vector<byte> serialize() const { return key_material; } - SecureVector<byte> key_material, pre_master; + std::vector<byte> key_material; + secure_vector<byte> pre_master; }; /** @@ -278,9 +279,9 @@ class Certificate : public Handshake_Message Handshake_Hash& hash, const std::vector<X509_Certificate>& certs); - Certificate(const MemoryRegion<byte>& buf); + Certificate(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; std::vector<X509_Certificate> m_certs; }; @@ -307,10 +308,10 @@ class Certificate_Req : public Handshake_Message const std::vector<X509_Certificate>& allowed_cas, Protocol_Version version); - Certificate_Req(const MemoryRegion<byte>& buf, + Certificate_Req(const std::vector<byte>& buf, Protocol_Version version); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; std::vector<X509_DN> names; std::vector<std::string> cert_key_types; @@ -339,14 +340,14 @@ class Certificate_Verify : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* key); - Certificate_Verify(const MemoryRegion<byte>& buf, + Certificate_Verify(const std::vector<byte>& buf, Protocol_Version version); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; std::string sig_algo; // sig algo used to create signature std::string hash_algo; // hash used to create signature - MemoryVector<byte> signature; + std::vector<byte> signature; }; /** @@ -357,7 +358,7 @@ class Finished : public Handshake_Message public: Handshake_Type type() const { return FINISHED; } - MemoryVector<byte> verify_data() const + std::vector<byte> verify_data() const { return verification_data; } bool verify(Handshake_State* state, @@ -367,12 +368,12 @@ class Finished : public Handshake_Message Handshake_State* state, Connection_Side side); - Finished(const MemoryRegion<byte>& buf); + Finished(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Connection_Side side; - MemoryVector<byte> verification_data; + std::vector<byte> verification_data; }; /** @@ -384,9 +385,9 @@ class Hello_Request : public Handshake_Message Handshake_Type type() const { return HELLO_REQUEST; } Hello_Request(Record_Writer& writer); - Hello_Request(const MemoryRegion<byte>& buf); + Hello_Request(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; }; /** @@ -397,7 +398,7 @@ class Server_Key_Exchange : public Handshake_Message public: Handshake_Type type() const { return SERVER_KEX; } - const MemoryVector<byte>& params() const { return m_params; } + const std::vector<byte>& params() const { return m_params; } bool verify(const X509_Certificate& cert, Handshake_State* state) const; @@ -415,23 +416,23 @@ class Server_Key_Exchange : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* signing_key = 0); - Server_Key_Exchange(const MemoryRegion<byte>& buf, + Server_Key_Exchange(const std::vector<byte>& buf, const std::string& kex_alg, const std::string& sig_alg, Protocol_Version version); ~Server_Key_Exchange(); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; Private_Key* m_kex_key; SRP6_Server_Session* m_srp_params; - MemoryVector<byte> m_params; + std::vector<byte> m_params; std::string m_sig_algo; // sig algo used to create signature std::string m_hash_algo; // hash used to create signature - MemoryVector<byte> m_signature; + std::vector<byte> m_signature; }; /** @@ -443,9 +444,9 @@ class Server_Hello_Done : public Handshake_Message Handshake_Type type() const { return SERVER_HELLO_DONE; } Server_Hello_Done(Record_Writer& writer, Handshake_Hash& hash); - Server_Hello_Done(const MemoryRegion<byte>& buf); + Server_Hello_Done(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; }; /** @@ -462,9 +463,9 @@ class Next_Protocol : public Handshake_Message Handshake_Hash& hash, const std::string& protocol); - Next_Protocol(const MemoryRegion<byte>& buf); + Next_Protocol(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; std::string m_protocol; }; @@ -475,22 +476,22 @@ class New_Session_Ticket : public Handshake_Message Handshake_Type type() const { return NEW_SESSION_TICKET; } u32bit ticket_lifetime_hint() const { return m_ticket_lifetime_hint; } - const MemoryVector<byte>& ticket() const { return m_ticket; } + const std::vector<byte>& ticket() const { return m_ticket; } New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion<byte>& ticket, + const std::vector<byte>& ticket, u32bit lifetime); New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash); - New_Session_Ticket(const MemoryRegion<byte>& buf); + New_Session_Ticket(const std::vector<byte>& buf); private: - MemoryVector<byte> serialize() const; + std::vector<byte> serialize() const; u32bit m_ticket_lifetime_hint; - MemoryVector<byte> m_ticket; + std::vector<byte> m_ticket; }; } diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h index bf8098bed..7440e16b7 100644 --- a/src/tls/tls_reader.h +++ b/src/tls/tls_reader.h @@ -25,7 +25,7 @@ namespace TLS { class TLS_Data_Reader { public: - TLS_Data_Reader(const MemoryRegion<byte>& buf_in) : + TLS_Data_Reader(const std::vector<byte>& buf_in) : buf(buf_in), offset(0) {} void assert_done() const @@ -91,14 +91,14 @@ class TLS_Data_Reader } template<typename T> - SecureVector<T> get_range(size_t len_bytes, + std::vector<T> get_range(size_t len_bytes, size_t min_elems, size_t max_elems) { const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); - return get_elem<T, SecureVector<T> >(num_elems); + return get_elem<T, std::vector<T> >(num_elems); } template<typename T> @@ -123,9 +123,9 @@ class TLS_Data_Reader } template<typename T> - SecureVector<T> get_fixed(size_t size) + std::vector<T> get_fixed(size_t size) { - return get_elem<T, SecureVector<T> >(size); + return get_elem<T, std::vector<T> >(size); } private: @@ -169,15 +169,15 @@ class TLS_Data_Reader } } - const MemoryRegion<byte>& buf; + const std::vector<byte>& buf; size_t offset; }; /** * Helper function for encoding length-tagged vectors */ -template<typename T> -void append_tls_length_value(MemoryRegion<byte>& buf, +template<typename T, typename Alloc> +void append_tls_length_value(std::vector<byte, Alloc>& buf, const T* vals, size_t vals_size, size_t tag_size) @@ -200,26 +200,19 @@ void append_tls_length_value(MemoryRegion<byte>& buf, buf.push_back(get_byte(j, vals[i])); } -template<typename T> -void append_tls_length_value(MemoryRegion<byte>& buf, - const MemoryRegion<T>& vals, +template<typename T, typename Alloc, typename Alloc2> +void append_tls_length_value(std::vector<byte, Alloc>& buf, + const std::vector<T, Alloc2>& vals, size_t tag_size) { append_tls_length_value(buf, &vals[0], vals.size(), tag_size); } -template<typename T> -void append_tls_length_value(MemoryRegion<byte>& buf, - const std::vector<T>& vals, +template<typename Alloc> +void append_tls_length_value(std::vector<byte, Alloc>& buf, + const std::string& str, size_t tag_size) { - append_tls_length_value(buf, &vals[0], vals.size(), tag_size); - } - -inline void append_tls_length_value(MemoryRegion<byte>& buf, - const std::string& str, - size_t tag_size) - { append_tls_length_value(buf, reinterpret_cast<const byte*>(&str[0]), str.size(), diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 3b44ee1c6..a92dcbe9d 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -33,10 +33,10 @@ class BOTAN_DLL Record_Writer void send(byte type, const byte input[], size_t length); void send(byte type, byte val) { send(type, &val, 1); } - void send(byte type, const MemoryRegion<byte>& input) + void send(byte type, const std::vector<byte>& input) { send(type, &input[0], input.size()); } - MemoryVector<byte> send(class Handshake_Message& msg); + std::vector<byte> send(class Handshake_Message& msg); void send_alert(const Alert& alert); @@ -62,7 +62,7 @@ class BOTAN_DLL Record_Writer std::function<void (const byte[], size_t)> m_output_fn; - MemoryVector<byte> m_writebuf; + std::vector<byte> m_writebuf; Pipe m_cipher; MessageAuthenticationCode* m_mac; @@ -93,7 +93,7 @@ class BOTAN_DLL Record_Reader size_t add_input(const byte input[], size_t input_size, size_t& input_consumed, byte& msg_type, - MemoryVector<byte>& msg); + std::vector<byte>& msg); void activate(Connection_Side side, const Ciphersuite& suite, @@ -118,8 +118,8 @@ class BOTAN_DLL Record_Reader size_t& input_consumed, size_t desired); - MemoryVector<byte> m_readbuf; - MemoryVector<byte> m_macbuf; + std::vector<byte> m_readbuf; + std::vector<byte> m_macbuf; size_t m_readbuf_pos; Pipe m_cipher; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 1e8c73ec3..7c2c4d323 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -24,8 +24,8 @@ bool check_for_resume(Session& session_info, Client_Hello* client_hello, std::chrono::seconds session_ticket_lifetime) { - const MemoryVector<byte>& client_session_id = client_hello->session_id(); - const MemoryVector<byte>& session_ticket = client_hello->session_ticket(); + const std::vector<byte>& client_session_id = client_hello->session_id(); + const std::vector<byte>& session_ticket = client_hello->session_ticket(); if(session_ticket.empty()) { @@ -232,7 +232,7 @@ void Server::alert_notify(const Alert& alert) * Split up and process handshake messages */ void Server::read_handshake(byte rec_type, - const MemoryRegion<byte>& rec_buf) + const std::vector<byte>& rec_buf) { if(rec_type == HANDSHAKE && !state) { @@ -247,7 +247,7 @@ void Server::read_handshake(byte rec_type, * Process a handshake message */ void Server::process_handshake_msg(Handshake_Type type, - const MemoryRegion<byte>& contents) + const std::vector<byte>& contents) { if(state == 0) throw Unexpected_Message("Unexpected handshake message from client"); @@ -396,7 +396,7 @@ void Server::process_handshake_msg(Handshake_Type type, state->server_hello = new Server_Hello( writer, state->hash, - rng.random_vec(32), // new session ID + unlock(rng.random_vec(32)), // new session ID state->version(), choose_ciphersuite(policy, creds, cert_chains, state->client_hello), choose_compression(policy, state->client_hello->compression_methods()), @@ -569,7 +569,7 @@ void Server::process_handshake_msg(Handshake_Type type, secure_renegotiation.supported(), state->server_hello->fragment_size(), peer_certs, - MemoryVector<byte>(), + std::vector<byte>(), m_hostname, state->srp_identifier() ); diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index 684021ebc..441e03eb2 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -51,9 +51,9 @@ class BOTAN_DLL Server : public Channel { return m_next_protocol; } private: - void read_handshake(byte, const MemoryRegion<byte>&); + void read_handshake(byte, const std::vector<byte>&); - void process_handshake_msg(Handshake_Type, const MemoryRegion<byte>&); + void process_handshake_msg(Handshake_Type, const std::vector<byte>&); void alert_notify(const Alert& alert); diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index dac38e67b..d2aae9a7e 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -18,8 +18,8 @@ namespace Botan { namespace TLS { -Session::Session(const MemoryRegion<byte>& session_identifier, - const MemoryRegion<byte>& master_secret, +Session::Session(const std::vector<byte>& session_identifier, + const secure_vector<byte>& master_secret, Protocol_Version version, u16bit ciphersuite, byte compression_method, @@ -27,7 +27,7 @@ Session::Session(const MemoryRegion<byte>& session_identifier, bool secure_renegotiation_supported, size_t fragment_size, const std::vector<X509_Certificate>& certs, - const MemoryRegion<byte>& ticket, + const std::vector<byte>& ticket, const std::string& sni_hostname, const std::string& srp_identifier) : m_start_time(std::chrono::system_clock::now()), @@ -48,7 +48,7 @@ Session::Session(const MemoryRegion<byte>& session_identifier, Session::Session(const std::string& pem) { - SecureVector<byte> der = PEM_Code::decode_check_label(pem, "SSL SESSION"); + secure_vector<byte> der = PEM_Code::decode_check_label(pem, "SSL SESSION"); *this = Session(&der[0], der.size()); } @@ -61,7 +61,7 @@ Session::Session(const byte ber[], size_t ber_len) byte major_version = 0, minor_version = 0; - MemoryVector<byte> peer_cert_bits; + std::vector<byte> peer_cert_bits; size_t start_time = 0; @@ -94,16 +94,16 @@ Session::Session(const byte ber[], size_t ber_len) if(!peer_cert_bits.empty()) { - DataSource_Memory certs(peer_cert_bits); + DataSource_Memory certs(&peer_cert_bits[0], peer_cert_bits.size()); while(!certs.end_of_data()) m_peer_certs.push_back(X509_Certificate(certs)); } } -SecureVector<byte> Session::DER_encode() const +secure_vector<byte> Session::DER_encode() const { - MemoryVector<byte> peer_cert_bits; + std::vector<byte> peer_cert_bits; for(size_t i = 0; i != m_peer_certs.size(); ++i) peer_cert_bits += m_peer_certs[i].BER_encode(); @@ -154,7 +154,7 @@ const size_t MAC_OUTPUT_LENGTH = 32; } -MemoryVector<byte> +std::vector<byte> Session::encrypt(const SymmetricKey& master_key, RandomNumberGenerator& rng) const { @@ -177,9 +177,9 @@ Session::encrypt(const SymmetricKey& master_key, Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, ENCRYPTION)); pipe.process_msg(this->DER_encode()); - MemoryVector<byte> ctext = pipe.read_all(0); + secure_vector<byte> ctext = pipe.read_all(0); - MemoryVector<byte> out(MAGIC_LENGTH); + std::vector<byte> out(MAGIC_LENGTH); store_be(SESSION_CRYPTO_MAGIC, &out[0]); out += cipher_iv.bits_of(); out += ctext; @@ -217,7 +217,7 @@ Session Session::decrypt(const byte buf[], size_t buf_len, mac->set_key(mac_key); mac->update(&buf[0], buf_len - MAC_OUTPUT_LENGTH); - MemoryVector<byte> computed_mac = mac->final(); + secure_vector<byte> computed_mac = mac->final(); if(!same_mem(&buf[buf_len - MAC_OUTPUT_LENGTH], &computed_mac[0], computed_mac.size())) throw Decoding_Error("MAC verification failed for encrypted session"); @@ -234,7 +234,7 @@ Session Session::decrypt(const byte buf[], size_t buf_len, Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, DECRYPTION)); pipe.process_msg(&buf[CTEXT_OFFSET], buf_len - (MAC_OUTPUT_LENGTH + CTEXT_OFFSET)); - SecureVector<byte> ber = pipe.read_all(); + secure_vector<byte> ber = pipe.read_all(); return Session(&ber[0], ber.size()); } diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index a2b341a30..2c474bc6a 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -43,8 +43,8 @@ class BOTAN_DLL Session /** * New session (sets session start time) */ - Session(const MemoryRegion<byte>& session_id, - const MemoryRegion<byte>& master_secret, + Session(const std::vector<byte>& session_id, + const secure_vector<byte>& master_secret, Protocol_Version version, u16bit ciphersuite, byte compression_method, @@ -52,7 +52,7 @@ class BOTAN_DLL Session bool secure_renegotiation_supported, size_t fragment_size, const std::vector<X509_Certificate>& peer_certs, - const MemoryRegion<byte>& session_ticket, + const std::vector<byte>& session_ticket, const std::string& sni_hostname = "", const std::string& srp_identifier = ""); @@ -71,12 +71,12 @@ class BOTAN_DLL Session * @warning if the master secret is compromised so is the * session traffic */ - SecureVector<byte> DER_encode() const; + secure_vector<byte> DER_encode() const; /** * Encrypt a session (useful for serialization or session tickets) */ - MemoryVector<byte> encrypt(const SymmetricKey& key, + std::vector<byte> encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const; @@ -95,7 +95,7 @@ class BOTAN_DLL Session * @param ctext the ciphertext returned by encrypt * @param key the same key used by the encrypting side */ - static inline Session decrypt(const MemoryRegion<byte>& ctext, + static inline Session decrypt(const std::vector<byte>& ctext, const SymmetricKey& key) { return Session::decrypt(&ctext[0], ctext.size(), key); @@ -147,13 +147,13 @@ class BOTAN_DLL Session /** * Get the saved master secret */ - const SecureVector<byte>& master_secret() const + const secure_vector<byte>& master_secret() const { return m_master_secret; } /** * Get the session identifier */ - const MemoryVector<byte>& session_id() const + const std::vector<byte>& session_id() const { return m_identifier; } /** @@ -186,16 +186,16 @@ class BOTAN_DLL Session /** * Return the session ticket the server gave us */ - const MemoryVector<byte>& session_ticket() const { return m_session_ticket; } + const std::vector<byte>& session_ticket() const { return m_session_ticket; } private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 0x2994e300 }; std::chrono::system_clock::time_point m_start_time; - MemoryVector<byte> m_identifier; - MemoryVector<byte> m_session_ticket; // only used by client side - SecureVector<byte> m_master_secret; + std::vector<byte> m_identifier; + std::vector<byte> m_session_ticket; // only used by client side + secure_vector<byte> m_master_secret; Protocol_Version m_version; u16bit m_ciphersuite; diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 4d7603ce1..0cd74a63a 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -19,7 +19,7 @@ namespace TLS { * Session_Keys Constructor */ Session_Keys::Session_Keys(Handshake_State* state, - const MemoryRegion<byte>& pre_master_secret, + const secure_vector<byte>& pre_master_secret, bool resuming) { const size_t mac_keylen = output_length_of(state->suite.mac_algo()); @@ -45,7 +45,7 @@ Session_Keys::Session_Keys(Handshake_State* state, } else { - SecureVector<byte> salt; + secure_vector<byte> salt; if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); @@ -56,7 +56,7 @@ Session_Keys::Session_Keys(Handshake_State* state, master_sec = prf->derive_key(48, pre_master_secret, salt); } - SecureVector<byte> salt; + secure_vector<byte> salt; if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); salt += state->server_hello->random(); diff --git a/src/tls/tls_session_key.h b/src/tls/tls_session_key.h index 25de56aea..0021694e3 100644 --- a/src/tls/tls_session_key.h +++ b/src/tls/tls_session_key.h @@ -31,16 +31,16 @@ class Session_Keys InitializationVector client_iv() const { return c_iv; } InitializationVector server_iv() const { return s_iv; } - const SecureVector<byte>& master_secret() const { return master_sec; } + const secure_vector<byte>& master_secret() const { return master_sec; } Session_Keys() {} Session_Keys(class Handshake_State* state, - const MemoryRegion<byte>& pre_master, + const secure_vector<byte>& pre_master, bool resuming); private: - SecureVector<byte> master_sec; + secure_vector<byte> master_sec; SymmetricKey c_cipher, s_cipher, c_mac, s_mac; InitializationVector c_iv, s_iv; }; diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index d103df35f..72eb83c21 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -37,7 +37,7 @@ bool Session_Manager_In_Memory::load_from_session_str( } bool Session_Manager_In_Memory::load_from_session_id( - const MemoryRegion<byte>& session_id, Session& session) + const std::vector<byte>& session_id, Session& session) { std::lock_guard<std::mutex> lock(m_mutex); @@ -69,7 +69,7 @@ bool Session_Manager_In_Memory::load_from_host_info( } void Session_Manager_In_Memory::remove_entry( - const MemoryRegion<byte>& session_id) + const std::vector<byte>& session_id) { std::lock_guard<std::mutex> lock(m_mutex); diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index 84d51406d..fa1ecae39 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -36,7 +36,7 @@ class BOTAN_DLL Session_Manager or not modified if not found * @return true if session was modified */ - virtual bool load_from_session_id(const MemoryRegion<byte>& session_id, + virtual bool load_from_session_id(const std::vector<byte>& session_id, Session& session) = 0; /** @@ -53,7 +53,7 @@ class BOTAN_DLL Session_Manager /** * Remove this session id from the cache, if it exists */ - virtual void remove_entry(const MemoryRegion<byte>& session_id) = 0; + virtual void remove_entry(const std::vector<byte>& session_id) = 0; /** * Save a session on a best effort basis; the manager may not in @@ -94,13 +94,13 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager m_session_lifetime(session_lifetime) {} - bool load_from_session_id(const MemoryRegion<byte>& session_id, + bool load_from_session_id(const std::vector<byte>& session_id, Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, Session& session); - void remove_entry(const MemoryRegion<byte>& session_id); + void remove_entry(const std::vector<byte>& session_id); void save(const Session& session_data); |