diff options
Diffstat (limited to 'src/lib/tls')
55 files changed, 881 insertions, 880 deletions
diff --git a/src/lib/tls/credentials_manager.cpp b/src/lib/tls/credentials_manager.cpp index a42fb5789..c59933762 100644 --- a/src/lib/tls/credentials_manager.cpp +++ b/src/lib/tls/credentials_manager.cpp @@ -54,7 +54,7 @@ bool Credentials_Manager::srp_verifier(const std::string&, const std::string&, std::string&, BigInt&, - std::vector<byte>&, + std::vector<uint8_t>&, bool) { return false; diff --git a/src/lib/tls/credentials_manager.h b/src/lib/tls/credentials_manager.h index 0e2fe0dea..e39c81c36 100644 --- a/src/lib/tls/credentials_manager.h +++ b/src/lib/tls/credentials_manager.h @@ -131,7 +131,7 @@ class BOTAN_DLL Credentials_Manager const std::string& identifier, std::string& group_name, BigInt& verifier, - std::vector<byte>& salt, + std::vector<uint8_t>& salt, bool generate_fake_on_unknown); /** diff --git a/src/lib/tls/msg_cert_req.cpp b/src/lib/tls/msg_cert_req.cpp index 4fd528148..484693fcc 100644 --- a/src/lib/tls/msg_cert_req.cpp +++ b/src/lib/tls/msg_cert_req.cpp @@ -19,7 +19,7 @@ namespace TLS { namespace { -std::string cert_type_code_to_name(byte code) +std::string cert_type_code_to_name(uint8_t code) { switch(code) { @@ -34,7 +34,7 @@ std::string cert_type_code_to_name(byte code) } } -byte cert_type_name_to_code(const std::string& name) +uint8_t cert_type_name_to_code(const std::string& name) { if(name == "RSA") return 1; @@ -75,7 +75,7 @@ Certificate_Req::Certificate_Req(Handshake_IO& io, /** * Deserialize a Certificate Request message */ -Certificate_Req::Certificate_Req(const std::vector<byte>& buf, +Certificate_Req::Certificate_Req(const std::vector<uint8_t>& buf, Protocol_Version version) { if(buf.size() < 4) @@ -83,7 +83,7 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf, TLS_Data_Reader reader("CertificateRequest", buf); - std::vector<byte> cert_type_codes = reader.get_range_vector<byte>(1, 1, 255); + std::vector<uint8_t> cert_type_codes = reader.get_range_vector<uint8_t>(1, 1, 255); for(size_t i = 0; i != cert_type_codes.size(); ++i) { @@ -97,7 +97,7 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf, if(version.supports_negotiable_signature_algorithms()) { - std::vector<byte> sig_hash_algs = reader.get_range_vector<byte>(2, 2, 65534); + std::vector<uint8_t> sig_hash_algs = reader.get_range_vector<uint8_t>(2, 2, 65534); if(sig_hash_algs.size() % 2 != 0) throw Decoding_Error("Bad length for signature IDs in certificate request"); @@ -110,14 +110,14 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf, } } - const u16bit purported_size = reader.get_u16bit(); + const uint16_t purported_size = reader.get_uint16_t(); if(reader.remaining_bytes() != purported_size) throw Decoding_Error("Inconsistent length in certificate request"); while(reader.has_remaining()) { - std::vector<byte> name_bits = reader.get_range_vector<byte>(2, 0, 65535); + std::vector<uint8_t> name_bits = reader.get_range_vector<uint8_t>(2, 0, 65535); BER_Decoder decoder(name_bits.data(), name_bits.size()); X509_DN name; @@ -129,11 +129,11 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf, /** * Serialize a Certificate Request message */ -std::vector<byte> Certificate_Req::serialize() const +std::vector<uint8_t> Certificate_Req::serialize() const { - std::vector<byte> buf; + std::vector<uint8_t> buf; - std::vector<byte> cert_types; + std::vector<uint8_t> cert_types; for(size_t i = 0; i != m_cert_key_types.size(); ++i) cert_types.push_back(cert_type_name_to_code(m_cert_key_types[i])); @@ -143,7 +143,7 @@ std::vector<byte> Certificate_Req::serialize() const if(!m_supported_algos.empty()) buf += Signature_Algorithms(m_supported_algos).serialize(); - std::vector<byte> encoded_names; + std::vector<uint8_t> encoded_names; for(size_t i = 0; i != m_names.size(); ++i) { diff --git a/src/lib/tls/msg_cert_status.cpp b/src/lib/tls/msg_cert_status.cpp index f28fe10d2..bd982f506 100644 --- a/src/lib/tls/msg_cert_status.cpp +++ b/src/lib/tls/msg_cert_status.cpp @@ -16,7 +16,7 @@ namespace Botan { namespace TLS { -Certificate_Status::Certificate_Status(const std::vector<byte>& buf) +Certificate_Status::Certificate_Status(const std::vector<uint8_t>& buf) { if(buf.size() < 5) throw Decoding_Error("Invalid Certificate_Status message: too small"); @@ -24,7 +24,7 @@ Certificate_Status::Certificate_Status(const std::vector<byte>& buf) if(buf[0] != 1) throw Decoding_Error("Unexpected Certificate_Status message: unexpected message type"); - size_t len = make_u32bit(0, buf[1], buf[2], buf[3]); + size_t len = make_uint32(0, buf[1], buf[2], buf[3]); // Verify the redundant length field... if(buf.size() != len + 4) @@ -41,17 +41,17 @@ Certificate_Status::Certificate_Status(Handshake_IO& io, hash.update(io.send(*this)); } -std::vector<byte> Certificate_Status::serialize() const +std::vector<uint8_t> Certificate_Status::serialize() const { BOTAN_ASSERT_NONNULL(m_response); - const std::vector<byte>& m_resp_bits = m_response->raw_bits(); + const std::vector<uint8_t>& m_resp_bits = m_response->raw_bits(); if(m_resp_bits.size() > 0xFFFFFF) // unlikely throw Encoding_Error("OCSP response too long to encode in TLS"); - const uint32_t m_resp_bits_len = static_cast<u32bit>(m_resp_bits.size()); + const uint32_t m_resp_bits_len = static_cast<uint32_t>(m_resp_bits.size()); - std::vector<byte> buf; + std::vector<uint8_t> buf; buf.push_back(1); // type OCSP for(size_t i = 1; i < 4; ++i) buf[i] = get_byte(i, m_resp_bits_len); diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index 2f8e8230e..4f936b380 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -38,7 +38,7 @@ Certificate_Verify::Certificate_Verify(Handshake_IO& io, /* * Deserialize a Certificate Verify message */ -Certificate_Verify::Certificate_Verify(const std::vector<byte>& buf, +Certificate_Verify::Certificate_Verify(const std::vector<uint8_t>& buf, Protocol_Version version) { TLS_Data_Reader reader("CertificateVerify", buf); @@ -49,15 +49,15 @@ Certificate_Verify::Certificate_Verify(const std::vector<byte>& buf, m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte()); } - m_signature = reader.get_range<byte>(2, 0, 65535); + m_signature = reader.get_range<uint8_t>(2, 0, 65535); } /* * Serialize a Certificate Verify message */ -std::vector<byte> Certificate_Verify::serialize() const +std::vector<uint8_t> Certificate_Verify::serialize() const { - std::vector<byte> buf; + std::vector<uint8_t> buf; if(!m_hash_algo.empty() && !m_sig_algo.empty()) { @@ -65,7 +65,7 @@ std::vector<byte> Certificate_Verify::serialize() const buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo)); } - const u16bit sig_len = static_cast<u16bit>(m_signature.size()); + const uint16_t sig_len = static_cast<uint16_t>(m_signature.size()); buf.push_back(get_byte(0, sig_len)); buf.push_back(get_byte(1, sig_len)); buf += m_signature; diff --git a/src/lib/tls/msg_certificate.cpp b/src/lib/tls/msg_certificate.cpp index 10ee7c95f..1fc6bf959 100644 --- a/src/lib/tls/msg_certificate.cpp +++ b/src/lib/tls/msg_certificate.cpp @@ -31,24 +31,24 @@ Certificate::Certificate(Handshake_IO& io, /** * Deserialize a Certificate message */ -Certificate::Certificate(const std::vector<byte>& buf, const Policy& /*policy_currently_unused*/) +Certificate::Certificate(const std::vector<uint8_t>& buf, const Policy& /*policy_currently_unused*/) { if(buf.size() < 3) throw Decoding_Error("Certificate: Message malformed"); - const size_t total_size = make_u32bit(0, buf[0], buf[1], buf[2]); + const size_t total_size = make_uint32(0, buf[0], buf[1], buf[2]); if(total_size != buf.size() - 3) throw Decoding_Error("Certificate: Message malformed"); - const byte* certs = buf.data() + 3; + const uint8_t* certs = buf.data() + 3; while(size_t remaining_bytes = buf.data() + buf.size() - certs) { if(remaining_bytes < 3) throw Decoding_Error("Certificate: Message malformed"); - const size_t cert_size = make_u32bit(0, certs[0], certs[1], certs[2]); + const size_t cert_size = make_uint32(0, certs[0], certs[1], certs[2]); if(remaining_bytes < (3 + cert_size)) throw Decoding_Error("Certificate: Message malformed"); @@ -63,24 +63,24 @@ Certificate::Certificate(const std::vector<byte>& buf, const Policy& /*policy_cu /** * Serialize a Certificate message */ -std::vector<byte> Certificate::serialize() const +std::vector<uint8_t> Certificate::serialize() const { - std::vector<byte> buf(3); + std::vector<uint8_t> buf(3); for(size_t i = 0; i != m_certs.size(); ++i) { - std::vector<byte> raw_cert = m_certs[i].BER_encode(); + std::vector<uint8_t> raw_cert = m_certs[i].BER_encode(); const size_t cert_size = raw_cert.size(); for(size_t j = 0; j != 3; ++j) { - buf.push_back(get_byte(j+1, static_cast<u32bit>(cert_size))); + buf.push_back(get_byte(j+1, static_cast<uint32_t>(cert_size))); } buf += raw_cert; } const size_t buf_size = buf.size() - 3; for(size_t i = 0; i != 3; ++i) - buf[i] = get_byte(i+1, static_cast<u32bit>(buf_size)); + buf[i] = get_byte(i+1, static_cast<uint32_t>(buf_size)); return buf; } diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index 870307217..99c7b6e2e 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -22,15 +22,15 @@ enum { TLS_FALLBACK_SCSV = 0x5600 }; -std::vector<byte> make_hello_random(RandomNumberGenerator& rng, +std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng, const Policy& policy) { - std::vector<byte> buf(32); + std::vector<uint8_t> buf(32); rng.randomize(buf.data(), buf.size()); if(policy.include_time_in_hello_random()) { - const u32bit time32 = static_cast<u32bit>( + const uint32_t time32 = static_cast<uint32_t>( std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); store_be(time32, buf.data()); @@ -50,7 +50,7 @@ Hello_Request::Hello_Request(Handshake_IO& io) /* * Deserialize a Hello Request message */ -Hello_Request::Hello_Request(const std::vector<byte>& buf) +Hello_Request::Hello_Request(const std::vector<uint8_t>& buf) { if(buf.size()) throw Decoding_Error("Bad Hello_Request, has non-zero size"); @@ -59,9 +59,9 @@ Hello_Request::Hello_Request(const std::vector<byte>& buf) /* * Serialize a Hello Request message */ -std::vector<byte> Hello_Request::serialize() const +std::vector<uint8_t> Hello_Request::serialize() const { - return std::vector<byte>(); + return std::vector<uint8_t>(); } /* @@ -71,7 +71,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const std::vector<byte>& reneg_info, + const std::vector<uint8_t>& reneg_info, const Client_Hello::Settings& client_settings, const std::vector<std::string>& next_protocols) : m_version(client_settings.protocol_version()), @@ -141,7 +141,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const std::vector<byte>& reneg_info, + const std::vector<uint8_t>& reneg_info, const Session& session, const std::vector<std::string>& next_protocols) : m_version(session.version()), @@ -207,9 +207,9 @@ void Client_Hello::update_hello_cookie(const Hello_Verify_Request& hello_verify) /* * Serialize a Client Hello message */ -std::vector<byte> Client_Hello::serialize() const +std::vector<uint8_t> Client_Hello::serialize() const { - std::vector<byte> buf; + std::vector<uint8_t> buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -237,32 +237,32 @@ std::vector<byte> Client_Hello::serialize() const /* * Read a counterparty client hello */ -Client_Hello::Client_Hello(const std::vector<byte>& buf) +Client_Hello::Client_Hello(const std::vector<uint8_t>& buf) { if(buf.size() < 41) throw Decoding_Error("Client_Hello: Packet corrupted"); TLS_Data_Reader reader("ClientHello", buf); - const byte major_version = reader.get_byte(); - const byte minor_version = reader.get_byte(); + const uint8_t major_version = reader.get_byte(); + const uint8_t minor_version = reader.get_byte(); m_version = Protocol_Version(major_version, minor_version); - m_random = reader.get_fixed<byte>(32); + m_random = reader.get_fixed<uint8_t>(32); - m_session_id = reader.get_range<byte>(1, 0, 32); + m_session_id = reader.get_range<uint8_t>(1, 0, 32); if(m_version.is_datagram_protocol()) - m_hello_cookie = reader.get_range<byte>(1, 0, 255); + m_hello_cookie = reader.get_range<uint8_t>(1, 0, 255); - m_suites = reader.get_range_vector<u16bit>(2, 1, 32767); + m_suites = reader.get_range_vector<uint16_t>(2, 1, 32767); - m_comp_methods = reader.get_range_vector<byte>(1, 1, 255); + m_comp_methods = reader.get_range_vector<uint8_t>(1, 1, 255); m_extensions.deserialize(reader); - if(offered_suite(static_cast<u16bit>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) + if(offered_suite(static_cast<uint16_t>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) { if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>()) { @@ -289,13 +289,13 @@ Client_Hello::Client_Hello(const std::vector<byte>& buf) bool Client_Hello::sent_fallback_scsv() const { - return offered_suite(static_cast<u16bit>(TLS_FALLBACK_SCSV)); + return offered_suite(static_cast<uint16_t>(TLS_FALLBACK_SCSV)); } /* * Check if we offered this ciphersuite */ -bool Client_Hello::offered_suite(u16bit ciphersuite) const +bool Client_Hello::offered_suite(uint16_t ciphersuite) const { for(size_t i = 0; i != m_suites.size(); ++i) if(m_suites[i] == ciphersuite) diff --git a/src/lib/tls/msg_client_kex.cpp b/src/lib/tls/msg_client_kex.cpp index 05926ac2d..c9c63c673 100644 --- a/src/lib/tls/msg_client_kex.cpp +++ b/src/lib/tls/msg_client_kex.cpp @@ -66,7 +66,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, SymmetricKey psk = creds.psk("tls-client", hostname, psk_identity); - std::vector<byte> zeros(psk.length()); + std::vector<uint8_t> zeros(psk.length()); append_tls_length_value(m_pre_master, zeros, 2); append_tls_length_value(m_pre_master, psk.bits_of(), 2); @@ -91,9 +91,9 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - BigInt p = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); - BigInt g = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); - BigInt Y = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); + BigInt p = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535)); + BigInt g = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535)); + BigInt Y = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535)); if(reader.remaining_bytes()) throw Decoding_Error("Bad params size for DH key exchange"); @@ -122,7 +122,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, PK_Key_Agreement ka(priv_key, rng, "Raw"); - secure_vector<byte> dh_secret = CT::strip_leading_zeros( + secure_vector<uint8_t> dh_secret = CT::strip_leading_zeros( ka.derive_key(0, counterparty_key.public_value()).bits_of()); if(kex_algo == "DH") @@ -137,12 +137,12 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, } else if(kex_algo == "ECDH" || kex_algo == "ECDHE_PSK") { - const byte curve_type = reader.get_byte(); + const uint8_t curve_type = reader.get_byte(); if(curve_type != 3) throw Decoding_Error("Server sent non-named ECC curve"); - const u16bit curve_id = reader.get_u16bit(); + const uint16_t curve_id = reader.get_uint16_t(); const std::string curve_name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); @@ -155,9 +155,9 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, "Server sent ECC curve prohibited by policy"); } - const std::vector<byte> ecdh_key = reader.get_range<byte>(1, 1, 255); - std::vector<byte> our_ecdh_public; - secure_vector<byte> ecdh_secret; + const std::vector<uint8_t> ecdh_key = reader.get_range<uint8_t>(1, 1, 255); + std::vector<uint8_t> our_ecdh_public; + secure_vector<uint8_t> ecdh_secret; if(curve_name == "x25519") { @@ -204,10 +204,10 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, #if defined(BOTAN_HAS_SRP6) else if(kex_algo == "SRP_SHA") { - const BigInt N = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); - const BigInt g = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); - std::vector<byte> salt = reader.get_range<byte>(1, 1, 255); - const BigInt B = BigInt::decode(reader.get_range<byte>(2, 1, 65535)); + const BigInt N = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535)); + const BigInt g = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535)); + std::vector<uint8_t> salt = reader.get_range<uint8_t>(1, 1, 255); + const BigInt B = BigInt::decode(reader.get_range<uint8_t>(2, 1, 65535)); const std::string srp_group = srp6_group_identifier(N, g); @@ -234,7 +234,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, #if defined(BOTAN_HAS_CECPQ1) else if(kex_algo == "CECPQ1") { - const std::vector<byte> cecpq1_offer = reader.get_range<byte>(2, 1, 65535); + const std::vector<uint8_t> cecpq1_offer = reader.get_range<uint8_t>(2, 1, 65535); if(cecpq1_offer.size() != CECPQ1_OFFER_BYTES) throw TLS_Exception(Alert::HANDSHAKE_FAILURE, "Invalid CECPQ1 key size"); @@ -273,7 +273,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, PK_Encryptor_EME encryptor(*rsa_pub, rng, "PKCS1v15"); - const std::vector<byte> encrypted_key = encryptor.encrypt(m_pre_master, rng); + const std::vector<uint8_t> encrypted_key = encryptor.encrypt(m_pre_master, rng); append_tls_length_value(m_key_material, encrypted_key, 2); } @@ -289,7 +289,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io, /* * Read a Client Key Exchange message */ -Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, +Client_Key_Exchange::Client_Key_Exchange(const std::vector<uint8_t>& contents, const Handshake_State& state, const Private_Key* server_rsa_kex_key, Credentials_Manager& creds, @@ -310,12 +310,12 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, throw Internal_Error("Expected RSA key but got " + server_rsa_kex_key->algo_name()); TLS_Data_Reader reader("ClientKeyExchange", contents); - const std::vector<byte> encrypted_pre_master = reader.get_range<byte>(2, 0, 65535); + const std::vector<uint8_t> encrypted_pre_master = reader.get_range<uint8_t>(2, 0, 65535); PK_Decryptor_EME decryptor(*server_rsa_kex_key, rng, "PKCS1v15"); - const byte client_major = state.client_hello()->version().major_version(); - const byte client_minor = state.client_hello()->version().minor_version(); + const uint8_t client_major = state.client_hello()->version().major_version(); + const uint8_t client_minor = state.client_hello()->version().minor_version(); /* * PK_Decryptor::decrypt_or_random will return a random value if @@ -325,8 +325,8 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, */ const size_t expected_plaintext_size = 48; const size_t expected_content_size = 2; - const byte expected_content_bytes[expected_content_size] = { client_major, client_minor }; - const byte expected_content_pos[expected_content_size] = { 0, 1 }; + const uint8_t expected_content_bytes[expected_content_size] = { client_major, client_minor }; + const uint8_t expected_content_pos[expected_content_size] = { 0, 1 }; m_pre_master = decryptor.decrypt_or_random(encrypted_pre_master.data(), @@ -363,7 +363,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, if(kex_algo == "PSK") { - std::vector<byte> zeros(psk.length()); + std::vector<uint8_t> zeros(psk.length()); append_tls_length_value(m_pre_master, zeros, 2); append_tls_length_value(m_pre_master, psk.bits_of(), 2); } @@ -372,7 +372,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, { SRP6_Server_Session& srp = state.server_kex()->server_srp_params(); - m_pre_master = srp.step2(BigInt::decode(reader.get_range<byte>(2, 0, 65535))).bits_of(); + m_pre_master = srp.step2(BigInt::decode(reader.get_range<uint8_t>(2, 0, 65535))).bits_of(); } #endif #if defined(BOTAN_HAS_CECPQ1) @@ -380,7 +380,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, { const CECPQ1_key& cecpq1_offer = state.server_kex()->cecpq1_key(); - const std::vector<byte> cecpq1_accept = reader.get_range<byte>(2, 0, 65535); + const std::vector<uint8_t> cecpq1_accept = reader.get_range<uint8_t>(2, 0, 65535); if(cecpq1_accept.size() != CECPQ1_ACCEPT_BYTES) throw Decoding_Error("Invalid size for CECPQ1 accept message"); @@ -404,14 +404,14 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents, { PK_Key_Agreement ka(*ka_key, rng, "Raw"); - std::vector<byte> client_pubkey; + std::vector<uint8_t> client_pubkey; if(ka_key->algo_name() == "DH") - client_pubkey = reader.get_range<byte>(2, 0, 65535); + client_pubkey = reader.get_range<uint8_t>(2, 0, 65535); else - client_pubkey = reader.get_range<byte>(1, 0, 255); + client_pubkey = reader.get_range<uint8_t>(1, 0, 255); - secure_vector<byte> shared_secret = ka.derive_key(0, client_pubkey).bits_of(); + secure_vector<uint8_t> shared_secret = ka.derive_key(0, client_pubkey).bits_of(); if(ka_key->algo_name() == "DH") shared_secret = CT::strip_leading_zeros(shared_secret); diff --git a/src/lib/tls/msg_finished.cpp b/src/lib/tls/msg_finished.cpp index 7d5eea77a..18398e48b 100644 --- a/src/lib/tls/msg_finished.cpp +++ b/src/lib/tls/msg_finished.cpp @@ -17,21 +17,21 @@ namespace { /* * Compute the verify_data */ -std::vector<byte> finished_compute_verify(const Handshake_State& state, +std::vector<uint8_t> finished_compute_verify(const Handshake_State& state, Connection_Side side) { - const byte TLS_CLIENT_LABEL[] = { + const uint8_t TLS_CLIENT_LABEL[] = { 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64 }; - const byte TLS_SERVER_LABEL[] = { + const uint8_t TLS_SERVER_LABEL[] = { 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64 }; std::unique_ptr<KDF> prf(state.protocol_specific_prf()); - std::vector<byte> input; - std::vector<byte> label; + std::vector<uint8_t> input; + std::vector<uint8_t> label; if(side == CLIENT) label += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)); else @@ -57,7 +57,7 @@ Finished::Finished(Handshake_IO& io, /* * Serialize a Finished message */ -std::vector<byte> Finished::serialize() const +std::vector<uint8_t> Finished::serialize() const { return m_verification_data; } @@ -65,7 +65,7 @@ std::vector<byte> Finished::serialize() const /* * Deserialize a Finished message */ -Finished::Finished(const std::vector<byte>& buf) : m_verification_data(buf) +Finished::Finished(const std::vector<uint8_t>& buf) : m_verification_data(buf) {} /* diff --git a/src/lib/tls/msg_hello_verify.cpp b/src/lib/tls/msg_hello_verify.cpp index 059d9d4fd..34b7bb3d5 100644 --- a/src/lib/tls/msg_hello_verify.cpp +++ b/src/lib/tls/msg_hello_verify.cpp @@ -12,7 +12,7 @@ namespace Botan { namespace TLS { -Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& buf) +Hello_Verify_Request::Hello_Verify_Request(const std::vector<uint8_t>& buf) { if(buf.size() < 3) throw Decoding_Error("Hello verify request too small"); @@ -31,7 +31,7 @@ Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& buf) m_cookie.assign(buf.begin() + 3, buf.end()); } -Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& client_hello_bits, +Hello_Verify_Request::Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key) { @@ -46,7 +46,7 @@ Hello_Verify_Request::Hello_Verify_Request(const std::vector<byte>& client_hello m_cookie = unlock(hmac->final()); } -std::vector<byte> Hello_Verify_Request::serialize() const +std::vector<uint8_t> Hello_Verify_Request::serialize() const { /* DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be @@ -55,10 +55,10 @@ std::vector<byte> Hello_Verify_Request::serialize() const Protocol_Version format_version(Protocol_Version::DTLS_V10); - std::vector<byte> bits; + std::vector<uint8_t> bits; bits.push_back(format_version.major_version()); bits.push_back(format_version.minor_version()); - bits.push_back(static_cast<byte>(m_cookie.size())); + bits.push_back(static_cast<uint8_t>(m_cookie.size())); bits += m_cookie; return bits; } diff --git a/src/lib/tls/msg_server_hello.cpp b/src/lib/tls/msg_server_hello.cpp index 37e521403..9d84a29e0 100644 --- a/src/lib/tls/msg_server_hello.cpp +++ b/src/lib/tls/msg_server_hello.cpp @@ -22,7 +22,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const std::vector<byte>& reneg_info, + const std::vector<uint8_t>& reneg_info, const Client_Hello& client_hello, const Server_Hello::Settings& server_settings, const std::string next_protocol) : @@ -62,12 +62,12 @@ Server_Hello::Server_Hello(Handshake_IO& io, if(m_version.is_datagram_protocol()) { - const std::vector<u16bit> server_srtp = policy.srtp_profiles(); - const std::vector<u16bit> client_srtp = client_hello.srtp_profiles(); + const std::vector<uint16_t> server_srtp = policy.srtp_profiles(); + const std::vector<uint16_t> client_srtp = client_hello.srtp_profiles(); if(!server_srtp.empty() && !client_srtp.empty()) { - u16bit shared = 0; + uint16_t shared = 0; // always using server preferences for now for(auto s_srtp : server_srtp) for(auto c_srtp : client_srtp) @@ -89,7 +89,7 @@ Server_Hello::Server_Hello(Handshake_IO& io, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const std::vector<byte>& reneg_info, + const std::vector<uint8_t>& reneg_info, const Client_Hello& client_hello, Session& resumed_session, bool offer_session_ticket, @@ -139,23 +139,23 @@ Server_Hello::Server_Hello(Handshake_IO& io, /* * Deserialize a Server Hello message */ -Server_Hello::Server_Hello(const std::vector<byte>& buf) +Server_Hello::Server_Hello(const std::vector<uint8_t>& buf) { if(buf.size() < 38) throw Decoding_Error("Server_Hello: Packet corrupted"); TLS_Data_Reader reader("ServerHello", buf); - const byte major_version = reader.get_byte(); - const byte minor_version = reader.get_byte(); + const uint8_t major_version = reader.get_byte(); + const uint8_t minor_version = reader.get_byte(); m_version = Protocol_Version(major_version, minor_version); - m_random = reader.get_fixed<byte>(32); + m_random = reader.get_fixed<uint8_t>(32); - m_session_id = reader.get_range<byte>(1, 0, 32); + m_session_id = reader.get_range<uint8_t>(1, 0, 32); - m_ciphersuite = reader.get_u16bit(); + m_ciphersuite = reader.get_uint16_t(); m_comp_method = reader.get_byte(); @@ -165,9 +165,9 @@ Server_Hello::Server_Hello(const std::vector<byte>& buf) /* * Serialize a Server Hello message */ -std::vector<byte> Server_Hello::serialize() const +std::vector<uint8_t> Server_Hello::serialize() const { - std::vector<byte> buf; + std::vector<uint8_t> buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -197,7 +197,7 @@ Server_Hello_Done::Server_Hello_Done(Handshake_IO& io, /* * Deserialize a Server Hello Done message */ -Server_Hello_Done::Server_Hello_Done(const std::vector<byte>& buf) +Server_Hello_Done::Server_Hello_Done(const std::vector<uint8_t>& buf) { if(buf.size()) throw Decoding_Error("Server_Hello_Done: Must be empty, and is not"); @@ -206,9 +206,9 @@ Server_Hello_Done::Server_Hello_Done(const std::vector<byte>& buf) /* * Serialize a Server Hello Done message */ -std::vector<byte> Server_Hello_Done::serialize() const +std::vector<uint8_t> Server_Hello_Done::serialize() const { - return std::vector<byte>(); + return std::vector<uint8_t>(); } } diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index 72b90a31c..244d97611 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -81,7 +81,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, if(named_curve_id == 0) throw Internal_Error("TLS does not support ECC with " + curve_name); - std::vector<byte> ecdh_public_val; + std::vector<uint8_t> ecdh_public_val; if(curve_name == "x25519") { @@ -119,7 +119,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, std::string group_id; BigInt v; - std::vector<byte> salt; + std::vector<uint8_t> salt; const bool found = creds.srp_verifier("tls-server", hostname, srp_identifier, @@ -178,7 +178,7 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io, /** * Deserialize a Server Key Exchange message */ -Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf, +Server_Key_Exchange::Server_Key_Exchange(const std::vector<uint8_t>& buf, const std::string& kex_algo, const std::string& sig_algo, Protocol_Version version) @@ -202,28 +202,28 @@ Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf, for(size_t i = 0; i != 3; ++i) { - reader.get_range<byte>(2, 1, 65535); + reader.get_range<uint8_t>(2, 1, 65535); } } else if(kex_algo == "ECDH" || kex_algo == "ECDHE_PSK") { reader.get_byte(); // curve type - reader.get_u16bit(); // curve id - reader.get_range<byte>(1, 1, 255); // public key + reader.get_uint16_t(); // curve id + reader.get_range<uint8_t>(1, 1, 255); // public key } else if(kex_algo == "SRP_SHA") { // 2 bigints (N,g) then salt, then server B - reader.get_range<byte>(2, 1, 65535); - reader.get_range<byte>(2, 1, 65535); - reader.get_range<byte>(1, 1, 255); - reader.get_range<byte>(2, 1, 65535); + reader.get_range<uint8_t>(2, 1, 65535); + reader.get_range<uint8_t>(2, 1, 65535); + reader.get_range<uint8_t>(1, 1, 255); + reader.get_range<uint8_t>(2, 1, 65535); } else if(kex_algo == "CECPQ1") { // u16 blob - reader.get_range<byte>(2, 1, 65535); + reader.get_range<uint8_t>(2, 1, 65535); } else if(kex_algo != "PSK") throw Decoding_Error("Server_Key_Exchange: Unsupported kex type " + kex_algo); @@ -238,7 +238,7 @@ Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf, m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte()); } - m_signature = reader.get_range<byte>(2, 0, 65535); + m_signature = reader.get_range<uint8_t>(2, 0, 65535); } reader.assert_done(); @@ -249,9 +249,9 @@ Server_Key_Exchange::~Server_Key_Exchange() {} /** * Serialize a Server Key Exchange message */ -std::vector<byte> Server_Key_Exchange::serialize() const +std::vector<uint8_t> Server_Key_Exchange::serialize() const { - std::vector<byte> buf = params(); + std::vector<uint8_t> buf = params(); if(m_signature.size()) { diff --git a/src/lib/tls/msg_session_ticket.cpp b/src/lib/tls/msg_session_ticket.cpp index 3fe6e64cf..7a24c9dbd 100644 --- a/src/lib/tls/msg_session_ticket.cpp +++ b/src/lib/tls/msg_session_ticket.cpp @@ -17,8 +17,8 @@ namespace TLS { New_Session_Ticket::New_Session_Ticket(Handshake_IO& io, Handshake_Hash& hash, - const std::vector<byte>& ticket, - u32bit lifetime) : + const std::vector<uint8_t>& ticket, + uint32_t lifetime) : m_ticket_lifetime_hint(lifetime), m_ticket(ticket) { @@ -31,20 +31,20 @@ New_Session_Ticket::New_Session_Ticket(Handshake_IO& io, hash.update(io.send(*this)); } -New_Session_Ticket::New_Session_Ticket(const std::vector<byte>& buf) +New_Session_Ticket::New_Session_Ticket(const std::vector<uint8_t>& buf) { if(buf.size() < 6) throw Decoding_Error("Session ticket message too short to be valid"); TLS_Data_Reader reader("SessionTicket", buf); - m_ticket_lifetime_hint = reader.get_u32bit(); - m_ticket = reader.get_range<byte>(2, 0, 65535); + m_ticket_lifetime_hint = reader.get_uint32_t(); + m_ticket = reader.get_range<uint8_t>(2, 0, 65535); } -std::vector<byte> New_Session_Ticket::serialize() const +std::vector<uint8_t> New_Session_Ticket::serialize() const { - std::vector<byte> buf(4); + std::vector<uint8_t> buf(4); store_be(m_ticket_lifetime_hint, buf.data()); append_tls_length_value(buf, m_ticket, 2); return buf; diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp index 049c12df1..594822829 100644 --- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp +++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp @@ -55,16 +55,16 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db, if(stmt->step()) { - std::pair<const byte*, size_t> salt = stmt->get_blob(0); + std::pair<const uint8_t*, size_t> salt = stmt->get_blob(0); const size_t iterations = stmt->get_size_t(1); const size_t check_val_db = stmt->get_size_t(2); - secure_vector<byte> x = pbkdf->pbkdf_iterations(32 + 2, + secure_vector<uint8_t> x = pbkdf->pbkdf_iterations(32 + 2, passphrase, salt.first, salt.second, iterations); - const size_t check_val_created = make_u16bit(x[0], x[1]); + const size_t check_val_created = make_uint16(x[0], x[1]); m_session_key.assign(x.begin() + 2, x.end()); if(check_val_created != check_val_db) @@ -79,16 +79,16 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db, // new database case - std::vector<byte> salt = unlock(rng.random_vec(16)); + std::vector<uint8_t> salt = unlock(rng.random_vec(16)); size_t iterations = 0; - secure_vector<byte> x = pbkdf->pbkdf_timed(32 + 2, + secure_vector<uint8_t> x = pbkdf->pbkdf_timed(32 + 2, passphrase, salt.data(), salt.size(), std::chrono::milliseconds(100), iterations); - size_t check_val = make_u16bit(x[0], x[1]); + size_t check_val = make_uint16(x[0], x[1]); m_session_key.assign(x.begin() + 2, x.end()); auto stmt = m_db->new_statement("insert into tls_sessions_metadata values(?1, ?2, ?3)"); @@ -101,7 +101,7 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db, } } -bool Session_Manager_SQL::load_from_session_id(const std::vector<byte>& session_id, +bool Session_Manager_SQL::load_from_session_id(const std::vector<uint8_t>& session_id, Session& session) { auto stmt = m_db->new_statement("select session from tls_sessions where session_id = ?1"); @@ -110,7 +110,7 @@ bool Session_Manager_SQL::load_from_session_id(const std::vector<byte>& session_ while(stmt->step()) { - std::pair<const byte*, size_t> blob = stmt->get_blob(0); + std::pair<const uint8_t*, size_t> blob = stmt->get_blob(0); try { @@ -137,7 +137,7 @@ bool Session_Manager_SQL::load_from_server_info(const Server_Information& server while(stmt->step()) { - std::pair<const byte*, size_t> blob = stmt->get_blob(0); + std::pair<const uint8_t*, size_t> blob = stmt->get_blob(0); try { @@ -152,7 +152,7 @@ bool Session_Manager_SQL::load_from_server_info(const Server_Information& server return false; } -void Session_Manager_SQL::remove_entry(const std::vector<byte>& session_id) +void Session_Manager_SQL::remove_entry(const std::vector<uint8_t>& session_id) { auto stmt = m_db->new_statement("delete from tls_sessions where session_id = ?1"); diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.h b/src/lib/tls/sessions_sql/tls_session_manager_sql.h index 24e2be7c3..f22d01172 100644 --- a/src/lib/tls/sessions_sql/tls_session_manager_sql.h +++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.h @@ -48,13 +48,13 @@ class BOTAN_DLL Session_Manager_SQL : public Session_Manager Session_Manager_SQL& operator=(const Session_Manager_SQL&) = delete; - bool load_from_session_id(const std::vector<byte>& session_id, + bool load_from_session_id(const std::vector<uint8_t>& session_id, Session& session) override; bool load_from_server_info(const Server_Information& info, Session& session) override; - void remove_entry(const std::vector<byte>& session_id) override; + void remove_entry(const std::vector<uint8_t>& session_id) override; size_t remove_all() override; @@ -67,7 +67,7 @@ class BOTAN_DLL Session_Manager_SQL : public Session_Manager void prune_session_cache(); std::shared_ptr<SQL_Database> m_db; - secure_vector<byte> m_session_key; + secure_vector<uint8_t> m_session_key; RandomNumberGenerator& m_rng; size_t m_max_sessions; std::chrono::seconds m_session_lifetime; diff --git a/src/lib/tls/tls_alert.cpp b/src/lib/tls/tls_alert.cpp index 6cecb3bbe..e1e8c6eb6 100644 --- a/src/lib/tls/tls_alert.cpp +++ b/src/lib/tls/tls_alert.cpp @@ -12,7 +12,7 @@ namespace Botan { namespace TLS { -Alert::Alert(const secure_vector<byte>& buf) +Alert::Alert(const secure_vector<uint8_t>& buf) { if(buf.size() != 2) throw Decoding_Error("Alert: Bad size " + std::to_string(buf.size()) + @@ -23,16 +23,16 @@ Alert::Alert(const secure_vector<byte>& buf) else throw Decoding_Error("Alert: Bad code for alert level"); - const byte dc = buf[1]; + const uint8_t dc = buf[1]; m_type_code = static_cast<Type>(dc); } -std::vector<byte> Alert::serialize() const +std::vector<uint8_t> Alert::serialize() const { - return std::vector<byte>({ - static_cast<byte>(is_fatal() ? 2 : 1), - static_cast<byte>(type()) + return std::vector<uint8_t>({ + static_cast<uint8_t>(is_fatal() ? 2 : 1), + static_cast<uint8_t>(type()) }); } diff --git a/src/lib/tls/tls_alert.h b/src/lib/tls/tls_alert.h index 1184c6260..1cfc95544 100644 --- a/src/lib/tls/tls_alert.h +++ b/src/lib/tls/tls_alert.h @@ -86,13 +86,13 @@ class BOTAN_DLL Alert /** * Serialize an alert */ - std::vector<byte> serialize() const; + std::vector<uint8_t> serialize() const; /** * Deserialize an Alert message * @param buf the serialized alert */ - explicit Alert(const secure_vector<byte>& buf); + explicit Alert(const secure_vector<uint8_t>& buf); /** * Create a new Alert diff --git a/src/lib/tls/tls_blocking.cpp b/src/lib/tls/tls_blocking.cpp index 9408972fd..83e4a340c 100644 --- a/src/lib/tls/tls_blocking.cpp +++ b/src/lib/tls/tls_blocking.cpp @@ -51,14 +51,14 @@ void Blocking_Client::alert_cb(const Alert& alert) this->alert_notification(alert); } -void Blocking_Client::data_cb(const byte data[], size_t data_len) +void Blocking_Client::data_cb(const uint8_t data[], size_t data_len) { m_plaintext.insert(m_plaintext.end(), data, data + data_len); } void Blocking_Client::do_handshake() { - std::vector<byte> readbuf(4096); + std::vector<uint8_t> readbuf(4096); while(!m_channel.is_closed() && !m_channel.is_active()) { @@ -67,9 +67,9 @@ void Blocking_Client::do_handshake() } } -size_t Blocking_Client::read(byte buf[], size_t buf_len) +size_t Blocking_Client::read(uint8_t buf[], size_t buf_len) { - std::vector<byte> readbuf(4096); + std::vector<uint8_t> readbuf(4096); while(m_plaintext.empty() && !m_channel.is_closed()) { diff --git a/src/lib/tls/tls_blocking.h b/src/lib/tls/tls_blocking.h index 0f2986710..96928f425 100644 --- a/src/lib/tls/tls_blocking.h +++ b/src/lib/tls/tls_blocking.h @@ -30,8 +30,8 @@ class BOTAN_DLL Blocking_Client * These functions are expected to block until completing entirely, or * fail by throwing an exception. */ - typedef std::function<size_t (byte[], size_t)> read_fn; - typedef std::function<void (const byte[], size_t)> write_fn; + typedef std::function<size_t (uint8_t[], size_t)> read_fn; + typedef std::function<void (const uint8_t[], size_t)> write_fn; BOTAN_DEPRECATED("Use the regular TLS::Client interface") Blocking_Client(read_fn reader, @@ -56,11 +56,12 @@ class BOTAN_DLL Blocking_Client size_t pending() const { return m_plaintext.size(); } /** - * Blocking read, will return at least 1 byte or 0 on connection close + * Blocking read, will return at least 1 byte (eventually) or else 0 if the connection + * is closed. */ - size_t read(byte buf[], size_t buf_len); + size_t read(uint8_t buf[], size_t buf_len); - void write(const byte buf[], size_t buf_len) { m_channel.send(buf, buf_len); } + void write(const uint8_t buf[], size_t buf_len) { m_channel.send(buf, buf_len); } const TLS::Channel& underlying_channel() const { return m_channel; } TLS::Channel& underlying_channel() { return m_channel; } @@ -89,14 +90,14 @@ class BOTAN_DLL Blocking_Client bool handshake_cb(const Session&); - void data_cb(const byte data[], size_t data_len); + void data_cb(const uint8_t data[], size_t data_len); void alert_cb(const Alert& alert); read_fn m_read; std::unique_ptr<Compat_Callbacks> m_callbacks; TLS::Client m_channel; - secure_vector<byte> m_plaintext; + secure_vector<uint8_t> m_plaintext; }; } diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index 89e4aaa5d..a0b8894ad 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -61,7 +61,7 @@ class BOTAN_DLL Callbacks * * @param size the length of the received record, in bytes */ - virtual void tls_record_received(u64bit seq_no, const uint8_t data[], size_t size) = 0; + virtual void tls_record_received(uint64_t seq_no, const uint8_t data[], size_t size) = 0; /** * Mandatory callback: alert received @@ -202,9 +202,9 @@ class BOTAN_DLL Callbacks class BOTAN_DLL Compat_Callbacks final : public Callbacks { public: - typedef std::function<void (const byte[], size_t)> output_fn; - typedef std::function<void (const byte[], size_t)> data_cb; - typedef std::function<void (Alert, const byte[], size_t)> alert_cb; + typedef std::function<void (const uint8_t[], size_t)> output_fn; + typedef std::function<void (const uint8_t[], size_t)> data_cb; + typedef std::function<void (Alert, const uint8_t[], size_t)> alert_cb; typedef std::function<bool (const Session&)> handshake_cb; typedef std::function<void (const Handshake_Message&)> handshake_msg_cb; typedef std::function<std::string (std::vector<std::string>)> next_protocol_fn; @@ -240,14 +240,14 @@ class BOTAN_DLL Compat_Callbacks final : public Callbacks m_alert_cb(alert_cb), m_hs_cb(hs_cb), m_hs_msg_cb(hs_msg_cb), m_next_proto(next_proto) {} - void tls_emit_data(const byte data[], size_t size) override + void tls_emit_data(const uint8_t data[], size_t size) override { BOTAN_ASSERT(m_output_function != nullptr, "Invalid TLS output function callback."); m_output_function(data, size); } - void tls_record_received(u64bit /*seq_no*/, const byte data[], size_t size) override + void tls_record_received(uint64_t /*seq_no*/, const uint8_t data[], size_t size) override { BOTAN_ASSERT(m_app_data_cb != nullptr, "Invalid TLS app data callback."); diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index bd9ce2528..9b6f511f5 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -79,7 +79,7 @@ Key_Length_Specification TLS_CBC_HMAC_AEAD_Mode::key_spec() const return Key_Length_Specification(m_cipher_keylen + m_mac_keylen); } -void TLS_CBC_HMAC_AEAD_Mode::key_schedule(const byte key[], size_t keylen) +void TLS_CBC_HMAC_AEAD_Mode::key_schedule(const uint8_t key[], size_t keylen) { // Both keys are of fixed length specified by the ciphersuite @@ -90,7 +90,7 @@ void TLS_CBC_HMAC_AEAD_Mode::key_schedule(const byte key[], size_t keylen) mac().set_key(&key[m_cipher_keylen], m_mac_keylen); } -void TLS_CBC_HMAC_AEAD_Mode::start_msg(const byte nonce[], size_t nonce_len) +void TLS_CBC_HMAC_AEAD_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { if(!valid_nonce_length(nonce_len)) { @@ -105,43 +105,43 @@ void TLS_CBC_HMAC_AEAD_Mode::start_msg(const byte nonce[], size_t nonce_len) } } -size_t TLS_CBC_HMAC_AEAD_Mode::process(byte buf[], size_t sz) +size_t TLS_CBC_HMAC_AEAD_Mode::process(uint8_t buf[], size_t sz) { m_msg.insert(m_msg.end(), buf, buf + sz); return 0; } -std::vector<byte> TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len(uint16_t len) +std::vector<uint8_t> TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len(uint16_t len) { - std::vector<byte> ad = m_ad; + std::vector<uint8_t> ad = m_ad; BOTAN_ASSERT(ad.size() == 13, "Expected AAD size"); ad[11] = get_byte(0, len); ad[12] = get_byte(1, len); return ad; } -void TLS_CBC_HMAC_AEAD_Mode::set_associated_data(const byte ad[], size_t ad_len) +void TLS_CBC_HMAC_AEAD_Mode::set_associated_data(const uint8_t ad[], size_t ad_len) { if(ad_len != 13) throw Exception("Invalid TLS AEAD associated data length"); m_ad.assign(ad, ad + ad_len); } -void TLS_CBC_HMAC_AEAD_Encryption::set_associated_data(const byte ad[], size_t ad_len) +void TLS_CBC_HMAC_AEAD_Encryption::set_associated_data(const uint8_t ad[], size_t ad_len) { TLS_CBC_HMAC_AEAD_Mode::set_associated_data(ad, ad_len); if(use_encrypt_then_mac()) { // AAD hack for EtM - size_t pt_size = make_u16bit(assoc_data()[11], assoc_data()[12]); + size_t pt_size = make_uint16(assoc_data()[11], assoc_data()[12]); size_t enc_size = round_up(iv_size() + pt_size + 1, block_size()); assoc_data()[11] = get_byte<uint16_t>(0, enc_size); assoc_data()[12] = get_byte<uint16_t>(1, enc_size); } } -void TLS_CBC_HMAC_AEAD_Encryption::cbc_encrypt_record(byte buf[], size_t buf_size) +void TLS_CBC_HMAC_AEAD_Encryption::cbc_encrypt_record(uint8_t buf[], size_t buf_size) { const size_t blocks = buf_size / block_size(); BOTAN_ASSERT(buf_size % block_size() == 0, "Valid CBC input"); @@ -165,7 +165,7 @@ size_t TLS_CBC_HMAC_AEAD_Encryption::output_length(size_t input_length) const (use_encrypt_then_mac() ? tag_size() : 0); } -void TLS_CBC_HMAC_AEAD_Encryption::finish(secure_vector<byte>& buffer, size_t offset) +void TLS_CBC_HMAC_AEAD_Encryption::finish(secure_vector<uint8_t>& buffer, size_t offset) { update(buffer, offset); buffer.resize(offset); // truncate, leaving just header @@ -191,12 +191,12 @@ void TLS_CBC_HMAC_AEAD_Encryption::finish(secure_vector<byte>& buffer, size_t of } for(size_t i = 0; i != pad_val + 1; ++i) - buffer.push_back(static_cast<byte>(pad_val)); + buffer.push_back(static_cast<uint8_t>(pad_val)); cbc_encrypt_record(&buffer[header_size], enc_size); } // EtM also uses ciphertext size instead of plaintext size for AEAD input - const byte* mac_input = (use_encrypt_then_mac() ? &buffer[header_size] : msg().data()); + const uint8_t* mac_input = (use_encrypt_then_mac() ? &buffer[header_size] : msg().data()); const size_t mac_input_len = (use_encrypt_then_mac() ? enc_size : msg().size()); mac().update(mac_input, mac_input_len); @@ -207,7 +207,7 @@ void TLS_CBC_HMAC_AEAD_Encryption::finish(secure_vector<byte>& buffer, size_t of if(use_encrypt_then_mac() == false) { for(size_t i = 0; i != pad_val + 1; ++i) - buffer.push_back(static_cast<byte>(pad_val)); + buffer.push_back(static_cast<uint8_t>(pad_val)); cbc_encrypt_record(&buffer[header_size], buf_size); } } @@ -226,30 +226,30 @@ namespace { * Returning 0 in the error case should ensure the MAC check will fail. * This approach is suggested in section 6.2.3.2 of RFC 5246. */ -u16bit check_tls_padding(const byte record[], size_t record_len) +uint16_t check_tls_padding(const uint8_t record[], size_t record_len) { /* * TLS v1.0 and up require all the padding bytes be the same value * and allows up to 255 bytes. */ - const byte pad_byte = record[(record_len-1)]; + const uint8_t pad_byte = record[(record_len-1)]; - byte pad_invalid = 0; + uint8_t pad_invalid = 0; for(size_t i = 0; i != record_len; ++i) { const size_t left = record_len - i - 2; - const byte delim_mask = CT::is_less<u16bit>(static_cast<u16bit>(left), pad_byte) & 0xFF; + const uint8_t delim_mask = CT::is_less<uint16_t>(static_cast<uint16_t>(left), pad_byte) & 0xFF; pad_invalid |= (delim_mask & (record[i] ^ pad_byte)); } - u16bit pad_invalid_mask = CT::expand_mask<u16bit>(pad_invalid); - return CT::select<u16bit>(pad_invalid_mask, 0, pad_byte + 1); + uint16_t pad_invalid_mask = CT::expand_mask<uint16_t>(pad_invalid); + return CT::select<uint16_t>(pad_invalid_mask, 0, pad_byte + 1); } } -void TLS_CBC_HMAC_AEAD_Decryption::cbc_decrypt_record(byte record_contents[], size_t record_len) +void TLS_CBC_HMAC_AEAD_Decryption::cbc_decrypt_record(uint8_t record_contents[], size_t record_len) { BOTAN_ASSERT(record_len % block_size() == 0, "Buffer is an even multiple of block size"); @@ -258,15 +258,15 @@ void TLS_CBC_HMAC_AEAD_Decryption::cbc_decrypt_record(byte record_contents[], si BOTAN_ASSERT(blocks >= 1, "At least one ciphertext block"); - byte* buf = record_contents; + uint8_t* buf = record_contents; - secure_vector<byte> last_ciphertext(block_size()); + secure_vector<uint8_t> last_ciphertext(block_size()); copy_mem(last_ciphertext.data(), buf, block_size()); cipher().decrypt(buf); xor_buf(buf, cbc_state().data(), block_size()); - secure_vector<byte> last_ciphertext2; + secure_vector<uint8_t> last_ciphertext2; for(size_t i = 1; i < blocks; ++i) { @@ -361,18 +361,18 @@ void TLS_CBC_HMAC_AEAD_Decryption::perform_additional_compressions(size_t plen, // If there are no compressions, we just add 55/111 dummy bytes so that no // compression is performed. const uint16_t data_len = block_size * add_compressions + equal * max_bytes_in_first_block; - secure_vector<byte> data(data_len); + secure_vector<uint8_t> data(data_len); mac().update(unlock(data)); // we do not need to clear the MAC since the connection is broken anyway } -void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<byte>& buffer, size_t offset) +void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<uint8_t>& buffer, size_t offset) { update(buffer, offset); buffer.resize(offset); const size_t record_len = msg().size(); - byte* record_contents = msg().data(); + uint8_t* record_contents = msg().data(); // This early exit does not leak info because all the values compared are public if(record_len < tag_size() || @@ -392,7 +392,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<byte>& buffer, size_t of } mac().update(record_contents, enc_size); - std::vector<byte> mac_buf(tag_size()); + std::vector<uint8_t> mac_buf(tag_size()); mac().final(mac_buf.data()); const size_t mac_offset = enc_size; @@ -407,7 +407,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<byte>& buffer, size_t of cbc_decrypt_record(record_contents, enc_size); // 0 if padding was invalid, otherwise 1 + padding_bytes - u16bit pad_size = check_tls_padding(record_contents, enc_size); + uint16_t pad_size = check_tls_padding(record_contents, enc_size); // No oracle here, whoever sent us this had the key since MAC check passed if(pad_size == 0) @@ -415,8 +415,8 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<byte>& buffer, size_t of throw TLS_Exception(Alert::BAD_RECORD_MAC, "Message authentication failure"); } - const byte* plaintext_block = &record_contents[0]; - const u16bit plaintext_length = enc_size - pad_size; + const uint8_t* plaintext_block = &record_contents[0]; + const uint16_t plaintext_length = enc_size - pad_size; buffer.insert(buffer.end(), plaintext_block, plaintext_block + plaintext_length); } @@ -427,7 +427,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<byte>& buffer, size_t of cbc_decrypt_record(record_contents, record_len); // 0 if padding was invalid, otherwise 1 + padding_bytes - u16bit pad_size = check_tls_padding(record_contents, record_len); + uint16_t pad_size = check_tls_padding(record_contents, record_len); /* This mask is zero if there is not enough room in the packet to get a valid MAC. @@ -437,7 +437,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<byte>& buffer, size_t of (sending empty records, instead of 1/(n-1) splitting) */ - const u16bit size_ok_mask = CT::is_lte<u16bit>(static_cast<u16bit>(tag_size() + pad_size), static_cast<u16bit>(record_len + 1)); + const uint16_t size_ok_mask = CT::is_lte<uint16_t>(static_cast<uint16_t>(tag_size() + pad_size), static_cast<uint16_t>(record_len + 1)); pad_size &= size_ok_mask; CT::unpoison(record_contents, record_len); @@ -448,20 +448,20 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<byte>& buffer, size_t of */ CT::unpoison(pad_size); - const byte* plaintext_block = &record_contents[0]; - const u16bit plaintext_length = static_cast<u16bit>(record_len - tag_size() - pad_size); + const uint8_t* plaintext_block = &record_contents[0]; + const uint16_t plaintext_length = static_cast<uint16_t>(record_len - tag_size() - pad_size); mac().update(assoc_data_with_len(plaintext_length)); mac().update(plaintext_block, plaintext_length); - std::vector<byte> mac_buf(tag_size()); + std::vector<uint8_t> mac_buf(tag_size()); mac().final(mac_buf.data()); const size_t mac_offset = record_len - (tag_size() + pad_size); const bool mac_ok = same_mem(&record_contents[mac_offset], mac_buf.data(), tag_size()); - const u16bit ok_mask = size_ok_mask & CT::expand_mask<u16bit>(mac_ok) & CT::expand_mask<u16bit>(pad_size); + const uint16_t ok_mask = size_ok_mask & CT::expand_mask<uint16_t>(mac_ok) & CT::expand_mask<uint16_t>(pad_size); CT::unpoison(ok_mask); diff --git a/src/lib/tls/tls_cbc/tls_cbc.h b/src/lib/tls/tls_cbc/tls_cbc.h index 97c3387e8..d281c36f3 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.h +++ b/src/lib/tls/tls_cbc/tls_cbc.h @@ -28,7 +28,7 @@ class BOTAN_DLL TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode std::string name() const override final; - void set_associated_data(const byte ad[], size_t ad_len) override; + void set_associated_data(const uint8_t ad[], size_t ad_len) override; size_t update_granularity() const override final; @@ -71,16 +71,16 @@ class BOTAN_DLL TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode return *m_mac; } - secure_vector<byte>& cbc_state() { return m_cbc_state; } - std::vector<byte>& assoc_data() { return m_ad; } - secure_vector<byte>& msg() { return m_msg; } + secure_vector<uint8_t>& cbc_state() { return m_cbc_state; } + std::vector<uint8_t>& assoc_data() { return m_ad; } + secure_vector<uint8_t>& msg() { return m_msg; } - std::vector<byte> assoc_data_with_len(uint16_t len); + std::vector<uint8_t> assoc_data_with_len(uint16_t len); private: - void start_msg(const byte nonce[], size_t nonce_len) override final; + void start_msg(const uint8_t nonce[], size_t nonce_len) override final; - void key_schedule(const byte key[], size_t length) override final; + void key_schedule(const uint8_t key[], size_t length) override final; const std::string m_cipher_name; const std::string m_mac_name; @@ -94,9 +94,9 @@ class BOTAN_DLL TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode std::unique_ptr<BlockCipher> m_cipher; std::unique_ptr<MessageAuthenticationCode> m_mac; - secure_vector<byte> m_cbc_state; - std::vector<byte> m_ad; - secure_vector<byte> m_msg; + secure_vector<uint8_t> m_cbc_state; + std::vector<uint8_t> m_ad; + secure_vector<uint8_t> m_msg; }; /** @@ -121,15 +121,15 @@ class BOTAN_DLL TLS_CBC_HMAC_AEAD_Encryption final : public TLS_CBC_HMAC_AEAD_Mo use_encrypt_then_mac) {} - void set_associated_data(const byte ad[], size_t ad_len) override; + void set_associated_data(const uint8_t ad[], size_t ad_len) override; size_t output_length(size_t input_length) const override; size_t minimum_final_size() const override { return 0; } - void finish(secure_vector<byte>& final_block, size_t offset = 0) override; + void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override; private: - void cbc_encrypt_record(byte record_contents[], size_t record_len); + void cbc_encrypt_record(uint8_t record_contents[], size_t record_len); }; /** @@ -158,10 +158,10 @@ class BOTAN_DLL TLS_CBC_HMAC_AEAD_Decryption final : public TLS_CBC_HMAC_AEAD_Mo size_t minimum_final_size() const override { return tag_size(); } - void finish(secure_vector<byte>& final_block, size_t offset = 0) override; + void finish(secure_vector<uint8_t>& final_block, size_t offset = 0) override; private: - void cbc_decrypt_record(byte record_contents[], size_t record_len); + void cbc_decrypt_record(uint8_t record_contents[], size_t record_len); void perform_additional_compressions(size_t plen, size_t padlen); }; diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index c8fe407e2..cc7b7df6b 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -86,7 +86,7 @@ Connection_Sequence_Numbers& Channel::sequence_numbers() const return *m_sequence_numbers; } -std::shared_ptr<Connection_Cipher_State> Channel::read_cipher_state_epoch(u16bit epoch) const +std::shared_ptr<Connection_Cipher_State> Channel::read_cipher_state_epoch(uint16_t epoch) const { auto i = m_read_cipher_states.find(epoch); if(i == m_read_cipher_states.end()) @@ -94,7 +94,7 @@ std::shared_ptr<Connection_Cipher_State> Channel::read_cipher_state_epoch(u16bit return i->second; } -std::shared_ptr<Connection_Cipher_State> Channel::write_cipher_state_epoch(u16bit epoch) const +std::shared_ptr<Connection_Cipher_State> Channel::write_cipher_state_epoch(uint16_t epoch) const { auto i = m_write_cipher_states.find(epoch); if(i == m_write_cipher_states.end()) @@ -142,7 +142,7 @@ Handshake_State& Channel::create_handshake_state(Protocol_Version version) io.reset(new Datagram_Handshake_IO( std::bind(&Channel::send_record_under_epoch, this, _1, _2, _3), sequence_numbers(), - static_cast<u16bit>(m_policy.dtls_default_mtu()), + static_cast<uint16_t>(m_policy.dtls_default_mtu()), m_policy.dtls_initial_timeout(), m_policy.dtls_maximum_timeout())); } @@ -192,7 +192,7 @@ void Channel::change_cipher_spec_reader(Connection_Side side) sequence_numbers().new_read_cipher_state(); - const u16bit epoch = sequence_numbers().current_read_epoch(); + const uint16_t epoch = sequence_numbers().current_read_epoch(); BOTAN_ASSERT(m_read_cipher_states.count(epoch) == 0, "No read cipher state currently set for next epoch"); @@ -221,7 +221,7 @@ void Channel::change_cipher_spec_writer(Connection_Side side) sequence_numbers().new_write_cipher_state(); - const u16bit epoch = sequence_numbers().current_write_epoch(); + const uint16_t epoch = sequence_numbers().current_write_epoch(); BOTAN_ASSERT(m_write_cipher_states.count(epoch) == 0, "No write cipher state currently set for next epoch"); @@ -264,10 +264,10 @@ void Channel::activate_session() if(!m_active_state->version().is_datagram_protocol()) { // TLS is easy just remove all but the current state - const u16bit current_epoch = sequence_numbers().current_write_epoch(); + const uint16_t current_epoch = sequence_numbers().current_write_epoch(); const auto not_current_epoch = - [current_epoch](u16bit epoch) { return (epoch != current_epoch); }; + [current_epoch](uint16_t epoch) { return (epoch != current_epoch); }; map_remove_if(not_current_epoch, m_write_cipher_states); map_remove_if(not_current_epoch, m_read_cipher_states); @@ -276,19 +276,19 @@ void Channel::activate_session() callbacks().tls_session_activated(); } -size_t Channel::received_data(const std::vector<byte>& buf) +size_t Channel::received_data(const std::vector<uint8_t>& buf) { return this->received_data(buf.data(), buf.size()); } -size_t Channel::received_data(const byte input[], size_t input_size) +size_t Channel::received_data(const uint8_t input[], size_t input_size) { try { while(!is_closed() && input_size) { - secure_vector<byte> record_data; - u64bit record_sequence = 0; + secure_vector<uint8_t> record_data; + uint64_t record_sequence = 0; Record_Type record_type = NO_RECORD; Protocol_Version record_version; @@ -364,8 +364,8 @@ size_t Channel::received_data(const byte input[], size_t input_size) } } -void Channel::process_handshake_ccs(const secure_vector<byte>& record, - u64bit record_sequence, +void Channel::process_handshake_ccs(const secure_vector<uint8_t>& record, + uint64_t record_sequence, Record_Type record_type, Protocol_Version record_version) { @@ -382,7 +382,7 @@ void Channel::process_handshake_ccs(const secure_vector<byte>& record, */ sequence_numbers().read_accept(record_sequence); - const u16bit epoch = record_sequence >> 48; + const uint16_t epoch = record_sequence >> 48; if(epoch == sequence_numbers().current_read_epoch()) { @@ -427,7 +427,7 @@ void Channel::process_handshake_ccs(const secure_vector<byte>& record, } } -void Channel::process_application_data(u64bit seq_no, const secure_vector<byte>& record) +void Channel::process_application_data(uint64_t seq_no, const secure_vector<uint8_t>& record) { if(!active_state()) throw Unexpected_Message("Application data before handshake done"); @@ -441,7 +441,7 @@ void Channel::process_application_data(u64bit seq_no, const secure_vector<byte>& callbacks().tls_record_received(seq_no, record.data(), record.size()); } -void Channel::process_alert(const secure_vector<byte>& record) +void Channel::process_alert(const secure_vector<uint8_t>& record) { Alert alert_msg(record); @@ -466,8 +466,8 @@ void Channel::process_alert(const secure_vector<byte>& record) } -void Channel::write_record(Connection_Cipher_State* cipher_state, u16bit epoch, - byte record_type, const byte input[], size_t length) +void Channel::write_record(Connection_Cipher_State* cipher_state, uint16_t epoch, + uint8_t record_type, const uint8_t input[], size_t length) { BOTAN_ASSERT(m_pending_state || m_active_state, "Some connection state exists"); @@ -486,7 +486,7 @@ void Channel::write_record(Connection_Cipher_State* cipher_state, u16bit epoch, callbacks().tls_emit_data(m_writebuf.data(), m_writebuf.size()); } -void Channel::send_record_array(u16bit epoch, byte type, const byte input[], size_t length) +void Channel::send_record_array(uint16_t epoch, uint8_t type, const uint8_t input[], size_t length) { if(length == 0) return; @@ -523,19 +523,19 @@ void Channel::send_record_array(u16bit epoch, byte type, const byte input[], siz } } -void Channel::send_record(byte record_type, const std::vector<byte>& record) +void Channel::send_record(uint8_t record_type, const std::vector<uint8_t>& record) { send_record_array(sequence_numbers().current_write_epoch(), record_type, record.data(), record.size()); } -void Channel::send_record_under_epoch(u16bit epoch, byte record_type, - const std::vector<byte>& record) +void Channel::send_record_under_epoch(uint16_t epoch, uint8_t record_type, + const std::vector<uint8_t>& record) { send_record_array(epoch, record_type, record.data(), record.size()); } -void Channel::send(const byte buf[], size_t buf_size) +void Channel::send(const uint8_t buf[], size_t buf_size) { if(!is_active()) throw Exception("Data cannot be sent on inactive TLS connection"); @@ -546,7 +546,7 @@ void Channel::send(const byte buf[], size_t buf_size) void Channel::send(const std::string& string) { - this->send(reinterpret_cast<const byte*>(string.c_str()), string.size()); + this->send(reinterpret_cast<const uint8_t*>(string.c_str()), string.size()); } void Channel::send_alert(const Alert& alert) @@ -586,7 +586,7 @@ void Channel::secure_renegotiation_check(const Client_Hello* client_hello) if(secure_renegotiation) { - const std::vector<byte>& data = client_hello->renegotiation_info(); + const std::vector<uint8_t>& data = client_hello->renegotiation_info(); if(data != secure_renegotiation_data_for_client_hello()) throw TLS_Exception(Alert::HANDSHAKE_FAILURE, @@ -609,7 +609,7 @@ void Channel::secure_renegotiation_check(const Server_Hello* server_hello) if(secure_renegotiation) { - const std::vector<byte>& data = server_hello->renegotiation_info(); + const std::vector<uint8_t>& data = server_hello->renegotiation_info(); if(data != secure_renegotiation_data_for_server_hello()) throw TLS_Exception(Alert::HANDSHAKE_FAILURE, @@ -617,23 +617,23 @@ void Channel::secure_renegotiation_check(const Server_Hello* server_hello) } } -std::vector<byte> Channel::secure_renegotiation_data_for_client_hello() const +std::vector<uint8_t> Channel::secure_renegotiation_data_for_client_hello() const { if(auto active = active_state()) return active->client_finished()->verify_data(); - return std::vector<byte>(); + return std::vector<uint8_t>(); } -std::vector<byte> Channel::secure_renegotiation_data_for_server_hello() const +std::vector<uint8_t> Channel::secure_renegotiation_data_for_server_hello() const { if(auto active = active_state()) { - std::vector<byte> buf = active->client_finished()->verify_data(); + std::vector<uint8_t> buf = active->client_finished()->verify_data(); buf += active->server_finished()->verify_data(); return buf; } - return std::vector<byte>(); + return std::vector<uint8_t>(); } bool Channel::secure_renegotiation_supported() const @@ -656,10 +656,10 @@ SymmetricKey Channel::key_material_export(const std::string& label, { std::unique_ptr<KDF> prf(active->protocol_specific_prf()); - const secure_vector<byte>& master_secret = + const secure_vector<uint8_t>& master_secret = active->session_keys().master_secret(); - std::vector<byte> salt; + std::vector<uint8_t> salt; salt += active->client_hello()->random(); salt += active->server_hello()->random(); @@ -668,8 +668,8 @@ SymmetricKey Channel::key_material_export(const std::string& label, size_t context_size = context.length(); if(context_size > 0xFFFF) throw Exception("key_material_export context is too long"); - salt.push_back(get_byte(0, static_cast<u16bit>(context_size))); - salt.push_back(get_byte(1, static_cast<u16bit>(context_size))); + salt.push_back(get_byte(0, static_cast<uint16_t>(context_size))); + salt.push_back(get_byte(1, static_cast<uint16_t>(context_size))); salt += to_byte_vector(context); } diff --git a/src/lib/tls/tls_channel.h b/src/lib/tls/tls_channel.h index 110269e80..e098d8ef1 100644 --- a/src/lib/tls/tls_channel.h +++ b/src/lib/tls/tls_channel.h @@ -36,9 +36,9 @@ class Server_Hello; class BOTAN_DLL Channel { public: - typedef std::function<void (const byte[], size_t)> output_fn; - typedef std::function<void (const byte[], size_t)> data_cb; - typedef std::function<void (Alert, const byte[], size_t)> alert_cb; + typedef std::function<void (const uint8_t[], size_t)> output_fn; + typedef std::function<void (const uint8_t[], size_t)> data_cb; + typedef std::function<void (Alert, const uint8_t[], size_t)> alert_cb; typedef std::function<bool (const Session&)> handshake_cb; typedef std::function<void (const Handshake_Message&)> handshake_msg_cb; static size_t IO_BUF_DEFAULT_SIZE; @@ -96,20 +96,20 @@ class BOTAN_DLL Channel * @return a hint as the how many more bytes we need to process the * current record (this may be 0 if on a record boundary) */ - size_t received_data(const byte buf[], size_t buf_size); + size_t received_data(const uint8_t buf[], size_t buf_size); /** * Inject TLS traffic received from counterparty * @return a hint as the how many more bytes we need to process the * current record (this may be 0 if on a record boundary) */ - size_t received_data(const std::vector<byte>& buf); + size_t received_data(const std::vector<uint8_t>& buf); /** * Inject plaintext intended for counterparty * Throws an exception if is_active() is false */ - void send(const byte buf[], size_t buf_size); + void send(const uint8_t buf[], size_t buf_size); /** * Inject plaintext intended for counterparty @@ -202,7 +202,7 @@ class BOTAN_DLL Channel virtual void process_handshake_msg(const Handshake_State* active_state, Handshake_State& pending_state, Handshake_Type type, - const std::vector<byte>& contents) = 0; + const std::vector<uint8_t>& contents) = 0; virtual void initiate_handshake(Handshake_State& state, bool force_full_renegotiation) = 0; @@ -227,8 +227,8 @@ class BOTAN_DLL Channel void secure_renegotiation_check(const Client_Hello* client_hello); void secure_renegotiation_check(const Server_Hello* server_hello); - std::vector<byte> secure_renegotiation_data_for_client_hello() const; - std::vector<byte> secure_renegotiation_data_for_server_hello() const; + std::vector<uint8_t> secure_renegotiation_data_for_client_hello() const; + std::vector<uint8_t> secure_renegotiation_data_for_server_hello() const; RandomNumberGenerator& rng() { return m_rng; } @@ -242,22 +242,22 @@ class BOTAN_DLL Channel private: void init(size_t io_buf_sze); - void send_record(byte record_type, const std::vector<byte>& record); + void send_record(uint8_t record_type, const std::vector<uint8_t>& record); - void send_record_under_epoch(u16bit epoch, byte record_type, - const std::vector<byte>& record); + void send_record_under_epoch(uint16_t epoch, uint8_t record_type, + const std::vector<uint8_t>& record); - void send_record_array(u16bit epoch, byte record_type, - const byte input[], size_t length); + void send_record_array(uint16_t epoch, uint8_t record_type, + const uint8_t input[], size_t length); void write_record(Connection_Cipher_State* cipher_state, - u16bit epoch, byte type, const byte input[], size_t length); + uint16_t epoch, uint8_t type, const uint8_t input[], size_t length); Connection_Sequence_Numbers& sequence_numbers() const; - std::shared_ptr<Connection_Cipher_State> read_cipher_state_epoch(u16bit epoch) const; + std::shared_ptr<Connection_Cipher_State> read_cipher_state_epoch(uint16_t epoch) const; - std::shared_ptr<Connection_Cipher_State> write_cipher_state_epoch(u16bit epoch) const; + std::shared_ptr<Connection_Cipher_State> write_cipher_state_epoch(uint16_t epoch) const; void reset_state(); @@ -266,14 +266,14 @@ class BOTAN_DLL Channel const Handshake_State* pending_state() const { return m_pending_state.get(); } /* methods to handle incoming traffic through Channel::receive_data. */ - void process_handshake_ccs(const secure_vector<byte>& record, - u64bit record_sequence, + void process_handshake_ccs(const secure_vector<uint8_t>& record, + uint64_t record_sequence, Record_Type record_type, Protocol_Version record_version); - void process_application_data(u64bit req_no, const secure_vector<byte>& record); + void process_application_data(uint64_t req_no, const secure_vector<uint8_t>& record); - void process_alert(const secure_vector<byte>& record); + void process_alert(const secure_vector<uint8_t>& record); bool m_is_datagram; @@ -294,12 +294,12 @@ class BOTAN_DLL Channel std::unique_ptr<Handshake_State> m_pending_state; /* cipher states for each epoch */ - std::map<u16bit, std::shared_ptr<Connection_Cipher_State>> m_write_cipher_states; - std::map<u16bit, std::shared_ptr<Connection_Cipher_State>> m_read_cipher_states; + std::map<uint16_t, std::shared_ptr<Connection_Cipher_State>> m_write_cipher_states; + std::map<uint16_t, std::shared_ptr<Connection_Cipher_State>> m_read_cipher_states; /* I/O buffers */ - secure_vector<byte> m_writebuf; - secure_vector<byte> m_readbuf; + secure_vector<uint8_t> m_writebuf; + secure_vector<uint8_t> m_readbuf; }; } diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index 08ef8e812..346d62bea 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -17,7 +17,7 @@ namespace Botan { namespace TLS { -bool Ciphersuite::is_scsv(u16bit suite) +bool Ciphersuite::is_scsv(uint16_t suite) { // TODO: derive from IANA file in script return (suite == 0x00FF || suite == 0x5600); @@ -40,7 +40,7 @@ bool Ciphersuite::cbc_ciphersuite() const return (mac_algo() != "AEAD"); } -Ciphersuite Ciphersuite::by_id(u16bit suite) +Ciphersuite Ciphersuite::by_id(uint16_t suite) { const std::vector<Ciphersuite>& all_suites = all_known_ciphersuites(); auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite); diff --git a/src/lib/tls/tls_ciphersuite.h b/src/lib/tls/tls_ciphersuite.h index fe3392a38..dd8e27b6f 100644 --- a/src/lib/tls/tls_ciphersuite.h +++ b/src/lib/tls/tls_ciphersuite.h @@ -27,12 +27,12 @@ class BOTAN_DLL Ciphersuite * @param suite the ciphersuite code number * @return ciphersuite object */ - static Ciphersuite by_id(u16bit suite); + static Ciphersuite by_id(uint16_t suite); /** * Returns true iff this suite is a known SCSV */ - static bool is_scsv(u16bit suite); + static bool is_scsv(uint16_t suite); /** * Generate a static list of all known ciphersuites and return it. @@ -50,7 +50,7 @@ class BOTAN_DLL Ciphersuite /** * @return ciphersuite number */ - u16bit ciphersuite_code() const { return m_ciphersuite_code; } + uint16_t ciphersuite_code() const { return m_ciphersuite_code; } /** * @return true if this is a PSK ciphersuite @@ -111,7 +111,7 @@ class BOTAN_DLL Ciphersuite bool valid() const { return m_usable; } bool operator<(const Ciphersuite& o) const { return ciphersuite_code() < o.ciphersuite_code(); } - bool operator<(const u16bit c) const { return ciphersuite_code() < c; } + bool operator<(const uint16_t c) const { return ciphersuite_code() < c; } Ciphersuite() {} @@ -119,7 +119,7 @@ class BOTAN_DLL Ciphersuite bool is_usable() const; - Ciphersuite(u16bit ciphersuite_code, + Ciphersuite(uint16_t ciphersuite_code, const char* iana_id, const char* sig_algo, const char* kex_algo, @@ -145,7 +145,7 @@ class BOTAN_DLL Ciphersuite m_usable = is_usable(); } - u16bit m_ciphersuite_code = 0; + uint16_t m_ciphersuite_code = 0; /* All of these const char* strings are references to compile time diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 37dd37812..16179832a 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -35,7 +35,7 @@ class Client_Handshake_State : public Handshake_State } // Used during session resumption - secure_vector<byte> resume_master_secret; + secure_vector<uint8_t> resume_master_secret; std::unique_ptr<Public_Key> server_public_key; }; @@ -196,7 +196,7 @@ void Client::send_client_hello(Handshake_State& state_base, void Client::process_handshake_msg(const Handshake_State* active_state, Handshake_State& state_base, Handshake_Type type, - const std::vector<byte>& contents) + const std::vector<uint8_t>& contents) { Client_Handshake_State& state = dynamic_cast<Client_Handshake_State&>(state_base); @@ -281,7 +281,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, throw TLS_Exception(Alert::HANDSHAKE_FAILURE, msg.str()); } - if(u16bit srtp = state.server_hello()->srtp_profile()) + if(uint16_t srtp = state.server_hello()->srtp_profile()) { if(!value_exists(state.client_hello()->srtp_profiles(), srtp)) throw TLS_Exception(Alert::HANDSHAKE_FAILURE, @@ -561,9 +561,9 @@ void Client::process_handshake_msg(const Handshake_State* active_state, state.client_finished(new Finished(state.handshake_io(), state, CLIENT)); } - std::vector<byte> session_id = state.server_hello()->session_id(); + std::vector<uint8_t> session_id = state.server_hello()->session_id(); - const std::vector<byte>& session_ticket = state.session_ticket(); + const std::vector<uint8_t>& session_ticket = state.session_ticket(); if(session_id.empty() && !session_ticket.empty()) session_id = make_hello_random(rng(), policy()); diff --git a/src/lib/tls/tls_client.h b/src/lib/tls/tls_client.h index d3cff147e..3cf6a1e2b 100644 --- a/src/lib/tls/tls_client.h +++ b/src/lib/tls/tls_client.h @@ -150,7 +150,7 @@ class BOTAN_DLL Client final : public Channel void process_handshake_msg(const Handshake_State* active_state, Handshake_State& pending_state, Handshake_Type type, - const std::vector<byte>& contents) override; + const std::vector<uint8_t>& contents) override; Handshake_State* new_handshake_state(Handshake_IO* io) override; diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp index 731e149b2..85379a817 100644 --- a/src/lib/tls/tls_extensions.cpp +++ b/src/lib/tls/tls_extensions.cpp @@ -16,7 +16,7 @@ namespace TLS { namespace { -Extension* make_extension(TLS_Data_Reader& reader, u16bit code, u16bit size) +Extension* make_extension(TLS_Data_Reader& reader, uint16_t code, uint16_t size) { switch(code) { @@ -68,15 +68,15 @@ void Extensions::deserialize(TLS_Data_Reader& reader) { if(reader.has_remaining()) { - const u16bit all_extn_size = reader.get_u16bit(); + const uint16_t all_extn_size = reader.get_uint16_t(); if(reader.remaining_bytes() != all_extn_size) throw Decoding_Error("Bad extension size"); while(reader.has_remaining()) { - const u16bit extension_code = reader.get_u16bit(); - const u16bit extension_size = reader.get_u16bit(); + const uint16_t extension_code = reader.get_uint16_t(); + const uint16_t extension_size = reader.get_uint16_t(); Extension* extn = make_extension(reader, extension_code, @@ -90,36 +90,36 @@ void Extensions::deserialize(TLS_Data_Reader& reader) } } -std::vector<byte> Extensions::serialize() const +std::vector<uint8_t> Extensions::serialize() const { - std::vector<byte> buf(2); // 2 bytes for length field + std::vector<uint8_t> buf(2); // 2 bytes for length field for(auto& extn : m_extensions) { if(extn.second->empty()) continue; - const u16bit extn_code = extn.second->type(); + const uint16_t extn_code = extn.second->type(); - std::vector<byte> extn_val = extn.second->serialize(); + std::vector<uint8_t> extn_val = extn.second->serialize(); buf.push_back(get_byte(0, extn_code)); buf.push_back(get_byte(1, extn_code)); - buf.push_back(get_byte(0, static_cast<u16bit>(extn_val.size()))); - buf.push_back(get_byte(1, static_cast<u16bit>(extn_val.size()))); + buf.push_back(get_byte(0, static_cast<uint16_t>(extn_val.size()))); + buf.push_back(get_byte(1, static_cast<uint16_t>(extn_val.size()))); buf += extn_val; } - const u16bit extn_size = static_cast<u16bit>(buf.size() - 2); + const uint16_t extn_size = static_cast<uint16_t>(buf.size() - 2); buf[0] = get_byte(0, extn_size); buf[1] = get_byte(1, extn_size); // avoid sending a completely empty extensions block if(buf.size() == 2) - return std::vector<byte>(); + return std::vector<uint8_t>(); return buf; } @@ -133,7 +133,7 @@ std::set<Handshake_Extension_Type> Extensions::extension_types() const } Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, - u16bit extension_size) + uint16_t extension_size) { /* * This is used by the server to confirm that it knew the name @@ -141,20 +141,20 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, if(extension_size == 0) return; - u16bit name_bytes = reader.get_u16bit(); + uint16_t name_bytes = reader.get_uint16_t(); if(name_bytes + 2 != extension_size) throw Decoding_Error("Bad encoding of SNI extension"); while(name_bytes) { - byte name_type = reader.get_byte(); + uint8_t name_type = reader.get_byte(); name_bytes--; if(name_type == 0) // DNS { m_sni_host_name = reader.get_string(2, 1, 65535); - name_bytes -= static_cast<u16bit>(2 + m_sni_host_name.size()); + name_bytes -= static_cast<uint16_t>(2 + m_sni_host_name.size()); } else // some other unknown name type { @@ -164,21 +164,21 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, } } -std::vector<byte> Server_Name_Indicator::serialize() const +std::vector<uint8_t> Server_Name_Indicator::serialize() const { - std::vector<byte> buf; + std::vector<uint8_t> buf; size_t name_len = m_sni_host_name.size(); - buf.push_back(get_byte(0, static_cast<u16bit>(name_len+3))); - buf.push_back(get_byte(1, static_cast<u16bit>(name_len+3))); + buf.push_back(get_byte(0, static_cast<uint16_t>(name_len+3))); + buf.push_back(get_byte(1, static_cast<uint16_t>(name_len+3))); buf.push_back(0); // DNS - buf.push_back(get_byte(0, static_cast<u16bit>(name_len))); - buf.push_back(get_byte(1, static_cast<u16bit>(name_len))); + buf.push_back(get_byte(0, static_cast<uint16_t>(name_len))); + buf.push_back(get_byte(1, static_cast<uint16_t>(name_len))); buf += std::make_pair( - reinterpret_cast<const byte*>(m_sni_host_name.data()), + reinterpret_cast<const uint8_t*>(m_sni_host_name.data()), m_sni_host_name.size()); return buf; @@ -187,18 +187,18 @@ std::vector<byte> Server_Name_Indicator::serialize() const #if defined(BOTAN_HAS_SRP6) SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader, - u16bit extension_size) : m_srp_identifier(reader.get_string(1, 1, 255)) + uint16_t extension_size) : m_srp_identifier(reader.get_string(1, 1, 255)) { if(m_srp_identifier.size() + 1 != extension_size) throw Decoding_Error("Bad encoding for SRP identifier extension"); } -std::vector<byte> SRP_Identifier::serialize() const +std::vector<uint8_t> SRP_Identifier::serialize() const { - std::vector<byte> buf; + std::vector<uint8_t> buf; - const byte* srp_bytes = - reinterpret_cast<const byte*>(m_srp_identifier.data()); + const uint8_t* srp_bytes = + reinterpret_cast<const uint8_t*>(m_srp_identifier.data()); append_tls_length_value(buf, srp_bytes, m_srp_identifier.size(), 1); @@ -208,26 +208,26 @@ std::vector<byte> SRP_Identifier::serialize() const #endif Renegotiation_Extension::Renegotiation_Extension(TLS_Data_Reader& reader, - u16bit extension_size) : m_reneg_data(reader.get_range<byte>(1, 0, 255)) + uint16_t extension_size) : m_reneg_data(reader.get_range<uint8_t>(1, 0, 255)) { if(m_reneg_data.size() + 1 != extension_size) throw Decoding_Error("Bad encoding for secure renegotiation extn"); } -std::vector<byte> Renegotiation_Extension::serialize() const +std::vector<uint8_t> Renegotiation_Extension::serialize() const { - std::vector<byte> buf; + std::vector<uint8_t> buf; append_tls_length_value(buf, m_reneg_data, 1); return buf; } Application_Layer_Protocol_Notification::Application_Layer_Protocol_Notification(TLS_Data_Reader& reader, - u16bit extension_size) + uint16_t extension_size) { if(extension_size == 0) return; // empty extension - const u16bit name_bytes = reader.get_u16bit(); + const uint16_t name_bytes = reader.get_uint16_t(); size_t bytes_remaining = extension_size - 2; @@ -256,9 +256,9 @@ const std::string& Application_Layer_Protocol_Notification::single_protocol() co return m_protocols[0]; } -std::vector<byte> Application_Layer_Protocol_Notification::serialize() const +std::vector<uint8_t> Application_Layer_Protocol_Notification::serialize() const { - std::vector<byte> buf(2); + std::vector<uint8_t> buf(2); for(auto&& p: m_protocols) { @@ -266,18 +266,18 @@ std::vector<byte> Application_Layer_Protocol_Notification::serialize() const throw TLS_Exception(Alert::INTERNAL_ERROR, "ALPN name too long"); if(p != "") append_tls_length_value(buf, - reinterpret_cast<const byte*>(p.data()), + reinterpret_cast<const uint8_t*>(p.data()), p.size(), 1); } - buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2)); - buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2)); + buf[0] = get_byte(0, static_cast<uint16_t>(buf.size()-2)); + buf[1] = get_byte(1, static_cast<uint16_t>(buf.size()-2)); return buf; } -std::string Supported_Elliptic_Curves::curve_id_to_name(u16bit id) +std::string Supported_Elliptic_Curves::curve_id_to_name(uint16_t id) { switch(id) { @@ -309,7 +309,7 @@ std::string Supported_Elliptic_Curves::curve_id_to_name(u16bit id) } } -u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) +uint16_t Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) { if(name == "secp256r1") return 23; @@ -338,13 +338,13 @@ u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) return 0; } -std::vector<byte> Supported_Elliptic_Curves::serialize() const +std::vector<uint8_t> Supported_Elliptic_Curves::serialize() const { - std::vector<byte> buf(2); + std::vector<uint8_t> buf(2); for(size_t i = 0; i != m_curves.size(); ++i) { - const u16bit id = name_to_curve_id(m_curves[i]); + const uint16_t id = name_to_curve_id(m_curves[i]); if(id > 0) { @@ -353,16 +353,16 @@ std::vector<byte> Supported_Elliptic_Curves::serialize() const } } - buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2)); - buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2)); + buf[0] = get_byte(0, static_cast<uint16_t>(buf.size()-2)); + buf[1] = get_byte(1, static_cast<uint16_t>(buf.size()-2)); return buf; } Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader, - u16bit extension_size) + uint16_t extension_size) { - u16bit len = reader.get_u16bit(); + uint16_t len = reader.get_uint16_t(); if(len + 2 != extension_size) throw Decoding_Error("Inconsistent length field in elliptic curve list"); @@ -374,7 +374,7 @@ Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader, for(size_t i = 0; i != len; ++i) { - const u16bit id = reader.get_u16bit(); + const uint16_t id = reader.get_uint16_t(); const std::string name = curve_id_to_name(id); if(!name.empty()) @@ -382,30 +382,30 @@ Supported_Elliptic_Curves::Supported_Elliptic_Curves(TLS_Data_Reader& reader, } } -std::vector<byte> Supported_Point_Formats::serialize() const +std::vector<uint8_t> Supported_Point_Formats::serialize() const { // if this extension is sent, it MUST include uncompressed (RFC 4492, section 5.1) if(m_prefers_compressed) { - return std::vector<byte>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED}; + return std::vector<uint8_t>{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED}; } else { - return std::vector<byte>{1, UNCOMPRESSED}; + return std::vector<uint8_t>{1, UNCOMPRESSED}; } } Supported_Point_Formats::Supported_Point_Formats(TLS_Data_Reader& reader, - u16bit extension_size) + uint16_t extension_size) { - byte len = reader.get_byte(); + uint8_t len = reader.get_byte(); if(len + 1 != extension_size) throw Decoding_Error("Inconsistent length field in supported point formats list"); for(size_t i = 0; i != len; ++i) { - byte format = reader.get_byte(); + uint8_t format = reader.get_byte(); if(format == UNCOMPRESSED) { @@ -424,7 +424,7 @@ Supported_Point_Formats::Supported_Point_Formats(TLS_Data_Reader& reader, } } -std::string Signature_Algorithms::hash_algo_name(byte code) +std::string Signature_Algorithms::hash_algo_name(uint8_t code) { switch(code) { @@ -446,7 +446,7 @@ std::string Signature_Algorithms::hash_algo_name(byte code) } } -byte Signature_Algorithms::hash_algo_code(const std::string& name) +uint8_t Signature_Algorithms::hash_algo_code(const std::string& name) { if(name == "SHA-1") return 2; @@ -463,7 +463,7 @@ byte Signature_Algorithms::hash_algo_code(const std::string& name) throw Internal_Error("Unknown hash ID " + name + " for signature_algorithms"); } -std::string Signature_Algorithms::sig_algo_name(byte code) +std::string Signature_Algorithms::sig_algo_name(uint8_t code) { switch(code) { @@ -478,7 +478,7 @@ std::string Signature_Algorithms::sig_algo_name(byte code) } } -byte Signature_Algorithms::sig_algo_code(const std::string& name) +uint8_t Signature_Algorithms::sig_algo_code(const std::string& name) { if(name == "RSA") return 1; @@ -492,16 +492,16 @@ byte Signature_Algorithms::sig_algo_code(const std::string& name) throw Internal_Error("Unknown sig ID " + name + " for signature_algorithms"); } -std::vector<byte> Signature_Algorithms::serialize() const +std::vector<uint8_t> Signature_Algorithms::serialize() const { - std::vector<byte> buf(2); + std::vector<uint8_t> buf(2); for(size_t i = 0; i != m_supported_algos.size(); ++i) { try { - const byte hash_code = hash_algo_code(m_supported_algos[i].first); - const byte sig_code = sig_algo_code(m_supported_algos[i].second); + const uint8_t hash_code = hash_algo_code(m_supported_algos[i].first); + const uint8_t sig_code = sig_algo_code(m_supported_algos[i].second); buf.push_back(hash_code); buf.push_back(sig_code); @@ -510,8 +510,8 @@ std::vector<byte> Signature_Algorithms::serialize() const {} } - buf[0] = get_byte(0, static_cast<u16bit>(buf.size()-2)); - buf[1] = get_byte(1, static_cast<u16bit>(buf.size()-2)); + buf[0] = get_byte(0, static_cast<uint16_t>(buf.size()-2)); + buf[1] = get_byte(1, static_cast<uint16_t>(buf.size()-2)); return buf; } @@ -525,17 +525,17 @@ Signature_Algorithms::Signature_Algorithms(const std::vector<std::string>& hashe } Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, - u16bit extension_size) + uint16_t extension_size) { - u16bit len = reader.get_u16bit(); + uint16_t len = reader.get_uint16_t(); if(len + 2 != extension_size) throw Decoding_Error("Bad encoding on signature algorithms extension"); while(len) { - const byte hash_code = reader.get_byte(); - const byte sig_code = reader.get_byte(); + const uint8_t hash_code = reader.get_byte(); + const uint8_t sig_code = reader.get_byte(); len -= 2; if(sig_code == 0) @@ -559,13 +559,13 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, } Session_Ticket::Session_Ticket(TLS_Data_Reader& reader, - u16bit extension_size) : m_ticket(reader.get_elem<byte, std::vector<byte>>(extension_size)) + uint16_t extension_size) : m_ticket(reader.get_elem<uint8_t, std::vector<uint8_t>>(extension_size)) {} SRTP_Protection_Profiles::SRTP_Protection_Profiles(TLS_Data_Reader& reader, - u16bit extension_size) : m_pp(reader.get_range<u16bit>(2, 0, 65535)) + uint16_t extension_size) : m_pp(reader.get_range<uint16_t>(2, 0, 65535)) { - const std::vector<byte> mki = reader.get_range<byte>(1, 0, 255); + const std::vector<uint8_t> mki = reader.get_range<uint8_t>(1, 0, 255); if(m_pp.size() * 2 + mki.size() + 3 != extension_size) throw Decoding_Error("Bad encoding for SRTP protection extension"); @@ -574,15 +574,15 @@ SRTP_Protection_Profiles::SRTP_Protection_Profiles(TLS_Data_Reader& reader, throw Decoding_Error("Unhandled non-empty MKI for SRTP protection extension"); } -std::vector<byte> SRTP_Protection_Profiles::serialize() const +std::vector<uint8_t> SRTP_Protection_Profiles::serialize() const { - std::vector<byte> buf; + std::vector<uint8_t> buf; - const u16bit pp_len = static_cast<u16bit>(m_pp.size() * 2); + const uint16_t pp_len = static_cast<uint16_t>(m_pp.size() * 2); buf.push_back(get_byte(0, pp_len)); buf.push_back(get_byte(1, pp_len)); - for(u16bit pp : m_pp) + for(uint16_t pp : m_pp) { buf.push_back(get_byte(0, pp)); buf.push_back(get_byte(1, pp)); @@ -594,32 +594,32 @@ std::vector<byte> SRTP_Protection_Profiles::serialize() const } Extended_Master_Secret::Extended_Master_Secret(TLS_Data_Reader&, - u16bit extension_size) + uint16_t extension_size) { if(extension_size != 0) throw Decoding_Error("Invalid extended_master_secret extension"); } -std::vector<byte> Extended_Master_Secret::serialize() const +std::vector<uint8_t> Extended_Master_Secret::serialize() const { - return std::vector<byte>(); + return std::vector<uint8_t>(); } Encrypt_then_MAC::Encrypt_then_MAC(TLS_Data_Reader&, - u16bit extension_size) + uint16_t extension_size) { if(extension_size != 0) throw Decoding_Error("Invalid encrypt_then_mac extension"); } -std::vector<byte> Encrypt_then_MAC::serialize() const +std::vector<uint8_t> Encrypt_then_MAC::serialize() const { - return std::vector<byte>(); + return std::vector<uint8_t>(); } -std::vector<byte> Certificate_Status_Request::serialize() const +std::vector<uint8_t> Certificate_Status_Request::serialize() const { - std::vector<byte> buf; + std::vector<uint8_t> buf; if(m_server_side) return buf; // server reply is empty @@ -644,11 +644,11 @@ std::vector<byte> Certificate_Status_Request::serialize() const } Certificate_Status_Request::Certificate_Status_Request(TLS_Data_Reader& reader, - u16bit extension_size) + uint16_t extension_size) { if(extension_size > 0) { - const byte type = reader.get_byte(); + const uint8_t type = reader.get_byte(); if(type == 1) { reader.discard_next(extension_size - 1); // fixme @@ -661,7 +661,7 @@ Certificate_Status_Request::Certificate_Status_Request(TLS_Data_Reader& reader, } Certificate_Status_Request::Certificate_Status_Request(const std::vector<X509_DN>& ocsp_responder_ids, - const std::vector<std::vector<byte>>& ocsp_key_ids) : + const std::vector<std::vector<uint8_t>>& ocsp_key_ids) : m_ocsp_names(ocsp_responder_ids), m_ocsp_keys(ocsp_key_ids), m_server_side(false) diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h index f766a3b1b..38d810c76 100644 --- a/src/lib/tls/tls_extensions.h +++ b/src/lib/tls/tls_extensions.h @@ -58,7 +58,7 @@ class Extension /** * @return serialized binary for the extension */ - virtual std::vector<byte> serialize() const = 0; + virtual std::vector<uint8_t> serialize() const = 0; /** * @return if we should encode this extension or not @@ -83,11 +83,11 @@ class Server_Name_Indicator final : public Extension m_sni_host_name(host_name) {} Server_Name_Indicator(TLS_Data_Reader& reader, - u16bit extension_size); + uint16_t extension_size); std::string host_name() const { return m_sni_host_name; } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; bool empty() const override { return m_sni_host_name.empty(); } private: @@ -110,11 +110,11 @@ class SRP_Identifier final : public Extension m_srp_identifier(identifier) {} SRP_Identifier(TLS_Data_Reader& reader, - u16bit extension_size); + uint16_t extension_size); std::string identifier() const { return m_srp_identifier; } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; bool empty() const override { return m_srp_identifier.empty(); } private: @@ -135,20 +135,20 @@ class Renegotiation_Extension final : public Extension Renegotiation_Extension() {} - explicit Renegotiation_Extension(const std::vector<byte>& bits) : + explicit Renegotiation_Extension(const std::vector<uint8_t>& bits) : m_reneg_data(bits) {} Renegotiation_Extension(TLS_Data_Reader& reader, - u16bit extension_size); + uint16_t extension_size); - const std::vector<byte>& renegotiation_info() const + const std::vector<uint8_t>& renegotiation_info() const { return m_reneg_data; } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; bool empty() const override { return false; } // always send this private: - std::vector<byte> m_reneg_data; + std::vector<uint8_t> m_reneg_data; }; /** @@ -178,9 +178,9 @@ class Application_Layer_Protocol_Notification final : public Extension m_protocols(protocols) {} Application_Layer_Protocol_Notification(TLS_Data_Reader& reader, - u16bit extension_size); + uint16_t extension_size); - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; bool empty() const override { return m_protocols.empty(); } private: @@ -201,7 +201,7 @@ class Session_Ticket final : public Extension /** * @return contents of the session ticket */ - const std::vector<byte>& contents() const { return m_ticket; } + const std::vector<uint8_t>& contents() const { return m_ticket; } /** * Create empty extension, used by both client and server @@ -211,19 +211,19 @@ class Session_Ticket final : public Extension /** * Extension with ticket, used by client */ - explicit Session_Ticket(const std::vector<byte>& session_ticket) : + explicit Session_Ticket(const std::vector<uint8_t>& session_ticket) : m_ticket(session_ticket) {} /** * Deserialize a session ticket */ - Session_Ticket(TLS_Data_Reader& reader, u16bit extension_size); + Session_Ticket(TLS_Data_Reader& reader, uint16_t extension_size); - std::vector<byte> serialize() const override { return m_ticket; } + std::vector<uint8_t> serialize() const override { return m_ticket; } bool empty() const override { return false; } private: - std::vector<byte> m_ticket; + std::vector<uint8_t> m_ticket; }; /** @@ -237,18 +237,18 @@ class Supported_Elliptic_Curves final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - static std::string curve_id_to_name(u16bit id); - static u16bit name_to_curve_id(const std::string& name); + static std::string curve_id_to_name(uint16_t id); + static uint16_t name_to_curve_id(const std::string& name); const std::vector<std::string>& curves() const { return m_curves; } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; explicit Supported_Elliptic_Curves(const std::vector<std::string>& curves) : m_curves(curves) {} Supported_Elliptic_Curves(TLS_Data_Reader& reader, - u16bit extension_size); + uint16_t extension_size); bool empty() const override { return m_curves.empty(); } private: @@ -261,7 +261,7 @@ class Supported_Elliptic_Curves final : public Extension class Supported_Point_Formats final : public Extension { public: - enum ECPointFormat : byte { + enum ECPointFormat : uint8_t { UNCOMPRESSED = 0, ANSIX962_COMPRESSED_PRIME = 1, ANSIX962_COMPRESSED_CHAR2 = 2, // don't support these curves @@ -272,13 +272,13 @@ class Supported_Point_Formats final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; explicit Supported_Point_Formats(bool prefer_compressed) : m_prefers_compressed(prefer_compressed) {} Supported_Point_Formats(TLS_Data_Reader& reader, - u16bit extension_size); + uint16_t extension_size); bool empty() const override { return false; } @@ -299,11 +299,11 @@ class Signature_Algorithms final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - static std::string hash_algo_name(byte code); - static byte hash_algo_code(const std::string& name); + static std::string hash_algo_name(uint8_t code); + static uint8_t hash_algo_code(const std::string& name); - static std::string sig_algo_name(byte code); - static byte sig_algo_code(const std::string& name); + static std::string sig_algo_name(uint8_t code); + static uint8_t sig_algo_code(const std::string& name); // [(hash,sig),(hash,sig),...] const std::vector<std::pair<std::string, std::string>>& @@ -312,7 +312,7 @@ class Signature_Algorithms final : public Extension return m_supported_algos; } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; bool empty() const override { return false; } @@ -323,7 +323,7 @@ class Signature_Algorithms final : public Extension m_supported_algos(algos) {} Signature_Algorithms(TLS_Data_Reader& reader, - u16bit extension_size); + uint16_t extension_size); private: std::vector<std::pair<std::string, std::string>> m_supported_algos; }; @@ -339,19 +339,19 @@ class SRTP_Protection_Profiles final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - const std::vector<u16bit>& profiles() const { return m_pp; } + const std::vector<uint16_t>& profiles() const { return m_pp; } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; bool empty() const override { return m_pp.empty(); } - explicit SRTP_Protection_Profiles(const std::vector<u16bit>& pp) : m_pp(pp) {} + explicit SRTP_Protection_Profiles(const std::vector<uint16_t>& pp) : m_pp(pp) {} - explicit SRTP_Protection_Profiles(u16bit pp) : m_pp(1, pp) {} + explicit SRTP_Protection_Profiles(uint16_t pp) : m_pp(1, pp) {} - SRTP_Protection_Profiles(TLS_Data_Reader& reader, u16bit extension_size); + SRTP_Protection_Profiles(TLS_Data_Reader& reader, uint16_t extension_size); private: - std::vector<u16bit> m_pp; + std::vector<uint16_t> m_pp; }; /** @@ -365,13 +365,13 @@ class Extended_Master_Secret final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; bool empty() const override { return false; } Extended_Master_Secret() {} - Extended_Master_Secret(TLS_Data_Reader& reader, u16bit extension_size); + Extended_Master_Secret(TLS_Data_Reader& reader, uint16_t extension_size); }; /** @@ -385,13 +385,13 @@ class Encrypt_then_MAC final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; bool empty() const override { return false; } Encrypt_then_MAC() {} - Encrypt_then_MAC(TLS_Data_Reader& reader, u16bit extension_size); + Encrypt_then_MAC(TLS_Data_Reader& reader, uint16_t extension_size); }; /** @@ -405,7 +405,7 @@ class Certificate_Status_Request final : public Extension Handshake_Extension_Type type() const override { return static_type(); } - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; bool empty() const override { return false; } @@ -414,13 +414,13 @@ class Certificate_Status_Request final : public Extension // Client version, both lists can be empty Certificate_Status_Request(const std::vector<X509_DN>& ocsp_responder_ids, - const std::vector<std::vector<byte>>& ocsp_key_ids); + const std::vector<std::vector<uint8_t>>& ocsp_key_ids); - Certificate_Status_Request(TLS_Data_Reader& reader, u16bit extension_size); + Certificate_Status_Request(TLS_Data_Reader& reader, uint16_t extension_size); private: std::vector<X509_DN> m_ocsp_names; - std::vector<std::vector<byte>> m_ocsp_keys; - std::vector<byte> m_extension_bytes; + std::vector<std::vector<uint8_t>> m_ocsp_keys; + std::vector<uint8_t> m_extension_bytes; bool m_server_side; }; @@ -455,7 +455,7 @@ class BOTAN_DLL Extensions m_extensions[extn->type()].reset(extn); } - std::vector<byte> serialize() const; + std::vector<uint8_t> serialize() const; void deserialize(TLS_Data_Reader& reader); diff --git a/src/lib/tls/tls_handshake_hash.cpp b/src/lib/tls/tls_handshake_hash.cpp index 7bac87bc8..a3e90ebc5 100644 --- a/src/lib/tls/tls_handshake_hash.cpp +++ b/src/lib/tls/tls_handshake_hash.cpp @@ -16,7 +16,7 @@ namespace TLS { /** * Return a TLS Handshake Hash */ -secure_vector<byte> Handshake_Hash::final(Protocol_Version version, +secure_vector<uint8_t> Handshake_Hash::final(Protocol_Version version, const std::string& mac_algo) const { std::string hash_algo = mac_algo; diff --git a/src/lib/tls/tls_handshake_hash.h b/src/lib/tls/tls_handshake_hash.h index d0f5c882f..c0c266f9e 100644 --- a/src/lib/tls/tls_handshake_hash.h +++ b/src/lib/tls/tls_handshake_hash.h @@ -22,20 +22,20 @@ namespace TLS { class Handshake_Hash { public: - void update(const byte in[], size_t length) + void update(const uint8_t in[], size_t length) { m_data += std::make_pair(in, length); } - void update(const std::vector<byte>& in) + void update(const std::vector<uint8_t>& in) { m_data += in; } - secure_vector<byte> final(Protocol_Version version, + secure_vector<uint8_t> final(Protocol_Version version, const std::string& mac_algo) const; - const std::vector<byte>& get_contents() const { return m_data; } + const std::vector<uint8_t>& get_contents() const { return m_data; } void reset() { m_data.clear(); } private: - std::vector<byte> m_data; + std::vector<uint8_t> m_data; }; } diff --git a/src/lib/tls/tls_handshake_io.cpp b/src/lib/tls/tls_handshake_io.cpp index ed7b1487d..159e7289a 100644 --- a/src/lib/tls/tls_handshake_io.cpp +++ b/src/lib/tls/tls_handshake_io.cpp @@ -18,22 +18,22 @@ namespace TLS { namespace { -inline size_t load_be24(const byte q[3]) +inline size_t load_be24(const uint8_t q[3]) { - return make_u32bit(0, + return make_uint32(0, q[0], q[1], q[2]); } -void store_be24(byte out[3], size_t val) +void store_be24(uint8_t out[3], size_t val) { - out[0] = get_byte(1, static_cast<u32bit>(val)); - out[1] = get_byte(2, static_cast<u32bit>(val)); - out[2] = get_byte(3, static_cast<u32bit>(val)); + out[0] = get_byte(1, static_cast<uint32_t>(val)); + out[1] = get_byte(2, static_cast<uint32_t>(val)); + out[2] = get_byte(3, static_cast<uint32_t>(val)); } -u64bit steady_clock_ms() +uint64_t steady_clock_ms() { return std::chrono::duration_cast<std::chrono::milliseconds>( std::chrono::steady_clock::now().time_since_epoch()).count(); @@ -58,8 +58,8 @@ Protocol_Version Stream_Handshake_IO::initial_record_version() const return Protocol_Version::TLS_V10; } -void Stream_Handshake_IO::add_record(const std::vector<byte>& record, - Record_Type record_type, u64bit) +void Stream_Handshake_IO::add_record(const std::vector<uint8_t>& record, + Record_Type record_type, uint64_t) { if(record_type == HANDSHAKE) { @@ -71,25 +71,25 @@ void Stream_Handshake_IO::add_record(const std::vector<byte>& record, throw Decoding_Error("Invalid ChangeCipherSpec"); // Pretend it's a regular handshake message of zero length - const byte ccs_hs[] = { HANDSHAKE_CCS, 0, 0, 0 }; + const uint8_t ccs_hs[] = { HANDSHAKE_CCS, 0, 0, 0 }; m_queue.insert(m_queue.end(), ccs_hs, ccs_hs + sizeof(ccs_hs)); } else throw Decoding_Error("Unknown message type " + std::to_string(record_type) + " in handshake processing"); } -std::pair<Handshake_Type, std::vector<byte>> +std::pair<Handshake_Type, std::vector<uint8_t>> Stream_Handshake_IO::get_next_record(bool) { if(m_queue.size() >= 4) { - const size_t length = make_u32bit(0, m_queue[1], m_queue[2], m_queue[3]); + const size_t length = make_uint32(0, m_queue[1], m_queue[2], m_queue[3]); if(m_queue.size() >= length + 4) { Handshake_Type type = static_cast<Handshake_Type>(m_queue[0]); - std::vector<byte> contents(m_queue.begin() + 4, + std::vector<uint8_t> contents(m_queue.begin() + 4, m_queue.begin() + 4 + length); m_queue.erase(m_queue.begin(), m_queue.begin() + 4 + length); @@ -98,14 +98,14 @@ Stream_Handshake_IO::get_next_record(bool) } } - return std::make_pair(HANDSHAKE_NONE, std::vector<byte>()); + return std::make_pair(HANDSHAKE_NONE, std::vector<uint8_t>()); } -std::vector<byte> -Stream_Handshake_IO::format(const std::vector<byte>& msg, +std::vector<uint8_t> +Stream_Handshake_IO::format(const std::vector<uint8_t>& msg, Handshake_Type type) const { - std::vector<byte> send_buf(4 + msg.size()); + std::vector<uint8_t> send_buf(4 + msg.size()); const size_t buf_size = msg.size(); @@ -121,17 +121,17 @@ Stream_Handshake_IO::format(const std::vector<byte>& msg, return send_buf; } -std::vector<byte> Stream_Handshake_IO::send(const Handshake_Message& msg) +std::vector<uint8_t> Stream_Handshake_IO::send(const Handshake_Message& msg) { - const std::vector<byte> msg_bits = msg.serialize(); + const std::vector<uint8_t> msg_bits = msg.serialize(); if(msg.type() == HANDSHAKE_CCS) { m_send_hs(CHANGE_CIPHER_SPEC, msg_bits); - return std::vector<byte>(); // not included in handshake hashes + return std::vector<uint8_t>(); // not included in handshake hashes } - const std::vector<byte> buf = format(msg_bits, msg.type()); + const std::vector<uint8_t> buf = format(msg_bits, msg.type()); m_send_hs(HANDSHAKE, buf); return buf; } @@ -149,11 +149,11 @@ void Datagram_Handshake_IO::retransmit_last_flight() void Datagram_Handshake_IO::retransmit_flight(size_t flight_idx) { - const std::vector<u16bit>& flight = m_flights.at(flight_idx); + const std::vector<uint16_t>& flight = m_flights.at(flight_idx); BOTAN_ASSERT(flight.size() > 0, "Nonempty flight to retransmit"); - u16bit epoch = m_flight_data[flight[0]].epoch; + uint16_t epoch = m_flight_data[flight[0]].epoch; for(auto msg_seq : flight) { @@ -162,7 +162,7 @@ void Datagram_Handshake_IO::retransmit_flight(size_t flight_idx) if(msg.epoch != epoch) { // Epoch gap: insert the CCS - std::vector<byte> ccs(1, 1); + std::vector<uint8_t> ccs(1, 1); m_send_hs(epoch, CHANGE_CIPHER_SPEC, ccs); } @@ -182,7 +182,7 @@ bool Datagram_Handshake_IO::timeout_check() return false; } - const u64bit ms_since_write = steady_clock_ms() - m_last_write; + const uint64_t ms_since_write = steady_clock_ms() - m_last_write; if(ms_since_write < m_next_timeout) return false; @@ -193,11 +193,11 @@ bool Datagram_Handshake_IO::timeout_check() return true; } -void Datagram_Handshake_IO::add_record(const std::vector<byte>& record, +void Datagram_Handshake_IO::add_record(const std::vector<uint8_t>& record, Record_Type record_type, - u64bit record_sequence) + uint64_t record_sequence) { - const u16bit epoch = static_cast<u16bit>(record_sequence >> 48); + const uint16_t epoch = static_cast<uint16_t>(record_sequence >> 48); if(record_type == CHANGE_CIPHER_SPEC) { @@ -208,7 +208,7 @@ void Datagram_Handshake_IO::add_record(const std::vector<byte>& record, const size_t DTLS_HANDSHAKE_HEADER_LEN = 12; - const byte* record_bits = record.data(); + const uint8_t* record_bits = record.data(); size_t record_size = record.size(); while(record_size) @@ -216,9 +216,9 @@ void Datagram_Handshake_IO::add_record(const std::vector<byte>& record, if(record_size < DTLS_HANDSHAKE_HEADER_LEN) return; // completely bogus? at least degenerate/weird - const byte msg_type = record_bits[0]; + const uint8_t msg_type = record_bits[0]; const size_t msg_len = load_be24(&record_bits[1]); - const u16bit message_seq = load_be<u16bit>(&record_bits[4], 0); + const uint16_t message_seq = load_be<uint16_t>(&record_bits[4], 0); const size_t fragment_offset = load_be24(&record_bits[6]); const size_t fragment_length = load_be24(&record_bits[9]); @@ -246,29 +246,29 @@ void Datagram_Handshake_IO::add_record(const std::vector<byte>& record, } } -std::pair<Handshake_Type, std::vector<byte>> +std::pair<Handshake_Type, std::vector<uint8_t>> Datagram_Handshake_IO::get_next_record(bool expecting_ccs) { // Expecting a message means the last flight is concluded if(!m_flights.rbegin()->empty()) - m_flights.push_back(std::vector<u16bit>()); + m_flights.push_back(std::vector<uint16_t>()); if(expecting_ccs) { if(!m_messages.empty()) { - const u16bit current_epoch = m_messages.begin()->second.epoch(); + const uint16_t current_epoch = m_messages.begin()->second.epoch(); if(m_ccs_epochs.count(current_epoch)) - return std::make_pair(HANDSHAKE_CCS, std::vector<byte>()); + return std::make_pair(HANDSHAKE_CCS, std::vector<uint8_t>()); } - return std::make_pair(HANDSHAKE_NONE, std::vector<byte>()); + return std::make_pair(HANDSHAKE_NONE, std::vector<uint8_t>()); } auto i = m_messages.find(m_in_message_seq); if(i == m_messages.end() || !i->second.complete()) - return std::make_pair(HANDSHAKE_NONE, std::vector<byte>()); + return std::make_pair(HANDSHAKE_NONE, std::vector<uint8_t>()); m_in_message_seq += 1; @@ -276,11 +276,11 @@ Datagram_Handshake_IO::get_next_record(bool expecting_ccs) } void Datagram_Handshake_IO::Handshake_Reassembly::add_fragment( - const byte fragment[], + const uint8_t fragment[], size_t fragment_length, size_t fragment_offset, - u16bit epoch, - byte msg_type, + uint16_t epoch, + uint8_t msg_type, size_t msg_length) { if(complete()) @@ -335,7 +335,7 @@ bool Datagram_Handshake_IO::Handshake_Reassembly::complete() const return (m_msg_type != HANDSHAKE_NONE && m_message.size() == m_msg_length); } -std::pair<Handshake_Type, std::vector<byte>> +std::pair<Handshake_Type, std::vector<uint8_t>> Datagram_Handshake_IO::Handshake_Reassembly::message() const { if(!complete()) @@ -344,15 +344,15 @@ Datagram_Handshake_IO::Handshake_Reassembly::message() const return std::make_pair(static_cast<Handshake_Type>(m_msg_type), m_message); } -std::vector<byte> -Datagram_Handshake_IO::format_fragment(const byte fragment[], +std::vector<uint8_t> +Datagram_Handshake_IO::format_fragment(const uint8_t fragment[], size_t frag_len, - u16bit frag_offset, - u16bit msg_len, + uint16_t frag_offset, + uint16_t msg_len, Handshake_Type type, - u16bit msg_sequence) const + uint16_t msg_sequence) const { - std::vector<byte> send_buf(12 + frag_len); + std::vector<uint8_t> send_buf(12 + frag_len); send_buf[0] = type; @@ -371,33 +371,33 @@ Datagram_Handshake_IO::format_fragment(const byte fragment[], return send_buf; } -std::vector<byte> -Datagram_Handshake_IO::format_w_seq(const std::vector<byte>& msg, +std::vector<uint8_t> +Datagram_Handshake_IO::format_w_seq(const std::vector<uint8_t>& msg, Handshake_Type type, - u16bit msg_sequence) const + uint16_t msg_sequence) const { - return format_fragment(msg.data(), msg.size(), 0, static_cast<u16bit>(msg.size()), type, msg_sequence); + return format_fragment(msg.data(), msg.size(), 0, static_cast<uint16_t>(msg.size()), type, msg_sequence); } -std::vector<byte> -Datagram_Handshake_IO::format(const std::vector<byte>& msg, +std::vector<uint8_t> +Datagram_Handshake_IO::format(const std::vector<uint8_t>& msg, Handshake_Type type) const { return format_w_seq(msg, type, m_in_message_seq - 1); } -std::vector<byte> +std::vector<uint8_t> Datagram_Handshake_IO::send(const Handshake_Message& msg) { - const std::vector<byte> msg_bits = msg.serialize(); - const u16bit epoch = m_seqs.current_write_epoch(); + const std::vector<uint8_t> msg_bits = msg.serialize(); + const uint16_t epoch = m_seqs.current_write_epoch(); const Handshake_Type msg_type = msg.type(); if(msg_type == HANDSHAKE_CCS) { m_send_hs(epoch, CHANGE_CIPHER_SPEC, msg_bits); - return std::vector<byte>(); // not included in handshake hashes + return std::vector<uint8_t>(); // not included in handshake hashes } // Note: not saving CCS, instead we know it was there due to change in epoch @@ -411,12 +411,12 @@ Datagram_Handshake_IO::send(const Handshake_Message& msg) return send_message(m_out_message_seq - 1, epoch, msg_type, msg_bits); } -std::vector<byte> Datagram_Handshake_IO::send_message(u16bit msg_seq, - u16bit epoch, +std::vector<uint8_t> Datagram_Handshake_IO::send_message(uint16_t msg_seq, + uint16_t epoch, Handshake_Type msg_type, - const std::vector<byte>& msg_bits) + const std::vector<uint8_t>& msg_bits) { - const std::vector<byte> no_fragment = + const std::vector<uint8_t> no_fragment = format_w_seq(msg_bits, msg_type, msg_seq); if(no_fragment.size() + DTLS_HEADER_SIZE <= m_mtu) @@ -441,8 +441,8 @@ std::vector<byte> Datagram_Handshake_IO::send_message(u16bit msg_seq, HANDSHAKE, format_fragment(&msg_bits[frag_offset], frag_len, - static_cast<u16bit>(frag_offset), - static_cast<u16bit>(msg_bits.size()), + static_cast<uint16_t>(frag_offset), + static_cast<uint16_t>(msg_bits.size()), msg_type, msg_seq)); diff --git a/src/lib/tls/tls_handshake_io.h b/src/lib/tls/tls_handshake_io.h index 601ac41d9..a9453abcc 100644 --- a/src/lib/tls/tls_handshake_io.h +++ b/src/lib/tls/tls_handshake_io.h @@ -32,22 +32,22 @@ class Handshake_IO public: virtual Protocol_Version initial_record_version() const = 0; - virtual std::vector<byte> send(const Handshake_Message& msg) = 0; + virtual std::vector<uint8_t> send(const Handshake_Message& msg) = 0; virtual bool timeout_check() = 0; - virtual std::vector<byte> format( - const std::vector<byte>& handshake_msg, + virtual std::vector<uint8_t> format( + const std::vector<uint8_t>& handshake_msg, Handshake_Type handshake_type) const = 0; - virtual void add_record(const std::vector<byte>& record, + virtual void add_record(const std::vector<uint8_t>& record, Record_Type type, - u64bit sequence_number) = 0; + uint64_t sequence_number) = 0; /** * Returns (HANDSHAKE_NONE, std::vector<>()) if no message currently available */ - virtual std::pair<Handshake_Type, std::vector<byte>> + virtual std::pair<Handshake_Type, std::vector<uint8_t>> get_next_record(bool expecting_ccs) = 0; Handshake_IO() {} @@ -65,7 +65,7 @@ class Handshake_IO class Stream_Handshake_IO final : public Handshake_IO { public: - typedef std::function<void (byte, const std::vector<byte>&)> writer_fn; + typedef std::function<void (uint8_t, const std::vector<uint8_t>&)> writer_fn; explicit Stream_Handshake_IO(writer_fn writer) : m_send_hs(writer) {} @@ -73,20 +73,20 @@ class Stream_Handshake_IO final : public Handshake_IO bool timeout_check() override { return false; } - std::vector<byte> send(const Handshake_Message& msg) override; + std::vector<uint8_t> send(const Handshake_Message& msg) override; - std::vector<byte> format( - const std::vector<byte>& handshake_msg, + std::vector<uint8_t> format( + const std::vector<uint8_t>& handshake_msg, Handshake_Type handshake_type) const override; - void add_record(const std::vector<byte>& record, + void add_record(const std::vector<uint8_t>& record, Record_Type type, - u64bit sequence_number) override; + uint64_t sequence_number) override; - std::pair<Handshake_Type, std::vector<byte>> + std::pair<Handshake_Type, std::vector<uint8_t>> get_next_record(bool expecting_ccs) override; private: - std::deque<byte> m_queue; + std::deque<uint8_t> m_queue; writer_fn m_send_hs; }; @@ -96,11 +96,11 @@ class Stream_Handshake_IO final : public Handshake_IO class Datagram_Handshake_IO final : public Handshake_IO { public: - typedef std::function<void (u16bit, byte, const std::vector<byte>&)> writer_fn; + typedef std::function<void (uint16_t, uint8_t, const std::vector<uint8_t>&)> writer_fn; Datagram_Handshake_IO(writer_fn writer, class Connection_Sequence_Numbers& seq, - u16bit mtu, u64bit initial_timeout_ms, u64bit max_timeout_ms) : + uint16_t mtu, uint64_t initial_timeout_ms, uint64_t max_timeout_ms) : m_seqs(seq), m_flights(1), m_initial_timeout(initial_timeout_ms), @@ -113,96 +113,96 @@ class Datagram_Handshake_IO final : public Handshake_IO bool timeout_check() override; - std::vector<byte> send(const Handshake_Message& msg) override; + std::vector<uint8_t> send(const Handshake_Message& msg) override; - std::vector<byte> format( - const std::vector<byte>& handshake_msg, + std::vector<uint8_t> format( + const std::vector<uint8_t>& handshake_msg, Handshake_Type handshake_type) const override; - void add_record(const std::vector<byte>& record, + void add_record(const std::vector<uint8_t>& record, Record_Type type, - u64bit sequence_number) override; + uint64_t sequence_number) override; - std::pair<Handshake_Type, std::vector<byte>> + std::pair<Handshake_Type, std::vector<uint8_t>> get_next_record(bool expecting_ccs) override; private: void retransmit_flight(size_t flight); void retransmit_last_flight(); - std::vector<byte> format_fragment( - const byte fragment[], + std::vector<uint8_t> format_fragment( + const uint8_t fragment[], size_t fragment_len, - u16bit frag_offset, - u16bit msg_len, + uint16_t frag_offset, + uint16_t msg_len, Handshake_Type type, - u16bit msg_sequence) const; + uint16_t msg_sequence) const; - std::vector<byte> format_w_seq( - const std::vector<byte>& handshake_msg, + std::vector<uint8_t> format_w_seq( + const std::vector<uint8_t>& handshake_msg, Handshake_Type handshake_type, - u16bit msg_sequence) const; + uint16_t msg_sequence) const; - std::vector<byte> send_message(u16bit msg_seq, u16bit epoch, + std::vector<uint8_t> send_message(uint16_t msg_seq, uint16_t epoch, Handshake_Type msg_type, - const std::vector<byte>& msg); + const std::vector<uint8_t>& msg); class Handshake_Reassembly { public: - void add_fragment(const byte fragment[], + void add_fragment(const uint8_t fragment[], size_t fragment_length, size_t fragment_offset, - u16bit epoch, - byte msg_type, + uint16_t epoch, + uint8_t msg_type, size_t msg_length); bool complete() const; - u16bit epoch() const { return m_epoch; } + uint16_t epoch() const { return m_epoch; } - std::pair<Handshake_Type, std::vector<byte>> message() const; + std::pair<Handshake_Type, std::vector<uint8_t>> message() const; private: - byte m_msg_type = HANDSHAKE_NONE; + uint8_t m_msg_type = HANDSHAKE_NONE; size_t m_msg_length = 0; - u16bit m_epoch = 0; + uint16_t m_epoch = 0; // vector<bool> m_seen; - // vector<byte> m_fragments - std::map<size_t, byte> m_fragments; - std::vector<byte> m_message; + // vector<uint8_t> m_fragments + std::map<size_t, uint8_t> m_fragments; + std::vector<uint8_t> m_message; }; struct Message_Info { - Message_Info(u16bit e, Handshake_Type mt, const std::vector<byte>& msg) : + Message_Info(uint16_t e, Handshake_Type mt, const std::vector<uint8_t>& msg) : epoch(e), msg_type(mt), msg_bits(msg) {} Message_Info(const Message_Info& other) = default; Message_Info() : epoch(0xFFFF), msg_type(HANDSHAKE_NONE) {} - u16bit epoch; + uint16_t epoch; Handshake_Type msg_type; - std::vector<byte> msg_bits; + std::vector<uint8_t> msg_bits; }; class Connection_Sequence_Numbers& m_seqs; - std::map<u16bit, Handshake_Reassembly> m_messages; - std::set<u16bit> m_ccs_epochs; - std::vector<std::vector<u16bit>> m_flights; - std::map<u16bit, Message_Info> m_flight_data; + std::map<uint16_t, Handshake_Reassembly> m_messages; + std::set<uint16_t> m_ccs_epochs; + std::vector<std::vector<uint16_t>> m_flights; + std::map<uint16_t, Message_Info> m_flight_data; - u64bit m_initial_timeout = 0; - u64bit m_max_timeout = 0; + uint64_t m_initial_timeout = 0; + uint64_t m_max_timeout = 0; - u64bit m_last_write = 0; - u64bit m_next_timeout = 0; + uint64_t m_last_write = 0; + uint64_t m_next_timeout = 0; - u16bit m_in_message_seq = 0; - u16bit m_out_message_seq = 0; + uint16_t m_in_message_seq = 0; + uint16_t m_out_message_seq = 0; writer_fn m_send_hs; - u16bit m_mtu; + uint16_t m_mtu; }; } diff --git a/src/lib/tls/tls_handshake_msg.h b/src/lib/tls/tls_handshake_msg.h index c1d3bfdc7..b4279fe34 100644 --- a/src/lib/tls/tls_handshake_msg.h +++ b/src/lib/tls/tls_handshake_msg.h @@ -39,7 +39,7 @@ class BOTAN_DLL Handshake_Message /** * @return DER representation of this message */ - virtual std::vector<byte> serialize() const = 0; + virtual std::vector<uint8_t> serialize() const = 0; virtual ~Handshake_Message() {} }; diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index 039d5b326..461f60cc4 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -77,7 +77,7 @@ const char* handshake_type_to_string(Handshake_Type type) namespace { -u32bit bitmask_for_handshake_type(Handshake_Type type) +uint32_t bitmask_for_handshake_type(Handshake_Type type) { switch(type) { @@ -134,7 +134,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) throw Internal_Error("Unknown handshake type " + std::to_string(type)); } -std::string handshake_mask_to_string(u32bit mask) +std::string handshake_mask_to_string(uint32_t mask) { const Handshake_Type types[] = { HELLO_VERIFY_REQUEST, @@ -288,14 +288,14 @@ void Handshake_State::compute_session_keys() m_session_keys = Session_Keys(this, client_kex()->pre_master_secret(), false); } -void Handshake_State::compute_session_keys(const secure_vector<byte>& resume_master_secret) +void Handshake_State::compute_session_keys(const secure_vector<uint8_t>& resume_master_secret) { m_session_keys = Session_Keys(this, resume_master_secret, true); } void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) { - const u32bit mask = bitmask_for_handshake_type(handshake_msg); + const uint32_t mask = bitmask_for_handshake_type(handshake_msg); m_hand_received_mask |= mask; @@ -321,12 +321,12 @@ void Handshake_State::set_expected_next(Handshake_Type handshake_msg) bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const { - const u32bit mask = bitmask_for_handshake_type(handshake_msg); + const uint32_t mask = bitmask_for_handshake_type(handshake_msg); return (m_hand_received_mask & mask) != 0; } -std::pair<Handshake_Type, std::vector<byte>> +std::pair<Handshake_Type, std::vector<uint8_t>> Handshake_State::get_next_handshake_msg() { const bool expecting_ccs = @@ -347,7 +347,7 @@ std::string Handshake_State::srp_identifier() const } -std::vector<byte> Handshake_State::session_ticket() const +std::vector<uint8_t> Handshake_State::session_ticket() const { if(new_session_ticket() && !new_session_ticket()->ticket().empty()) return new_session_ticket()->ticket(); diff --git a/src/lib/tls/tls_handshake_state.h b/src/lib/tls/tls_handshake_state.h index bdfc0d5d5..889f0d101 100644 --- a/src/lib/tls/tls_handshake_state.h +++ b/src/lib/tls/tls_handshake_state.h @@ -74,10 +74,10 @@ class Handshake_State */ void set_expected_next(Handshake_Type msg_type); - std::pair<Handshake_Type, std::vector<byte>> + std::pair<Handshake_Type, std::vector<uint8_t>> get_next_handshake_msg(); - std::vector<byte> session_ticket() const; + std::vector<uint8_t> session_ticket() const; std::pair<std::string, Signature_Format> parse_sig_format(const Public_Key& key, @@ -162,7 +162,7 @@ class Handshake_State void compute_session_keys(); - void compute_session_keys(const secure_vector<byte>& resume_master_secret); + void compute_session_keys(const secure_vector<uint8_t>& resume_master_secret); Handshake_Hash& hash() { return m_handshake_hash; } @@ -175,8 +175,8 @@ class Handshake_State std::unique_ptr<Handshake_IO> m_handshake_io; - u32bit m_hand_expecting_mask = 0; - u32bit m_hand_received_mask = 0; + uint32_t m_hand_expecting_mask = 0; + uint32_t m_hand_received_mask = 0; Protocol_Version m_version; Ciphersuite m_ciphersuite; Session_Keys m_session_keys; diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 82fa22320..30a037e8e 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -38,7 +38,7 @@ namespace TLS { class Session; class Handshake_IO; -std::vector<byte> make_hello_random(RandomNumberGenerator& rng, +std::vector<uint8_t> make_hello_random(RandomNumberGenerator& rng, const Policy& policy); /** @@ -47,18 +47,18 @@ std::vector<byte> make_hello_random(RandomNumberGenerator& rng, class BOTAN_DLL Hello_Verify_Request final : public Handshake_Message { public: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; Handshake_Type type() const override { return HELLO_VERIFY_REQUEST; } - std::vector<byte> cookie() const { return m_cookie; } + std::vector<uint8_t> cookie() const { return m_cookie; } - explicit Hello_Verify_Request(const std::vector<byte>& buf); + explicit Hello_Verify_Request(const std::vector<uint8_t>& buf); - Hello_Verify_Request(const std::vector<byte>& client_hello_bits, + Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key); private: - std::vector<byte> m_cookie; + std::vector<uint8_t> m_cookie; }; /** @@ -91,15 +91,15 @@ class BOTAN_DLL Client_Hello final : public Handshake_Message Protocol_Version version() const { return m_version; } - const std::vector<byte>& random() const { return m_random; } + const std::vector<uint8_t>& random() const { return m_random; } - const std::vector<byte>& session_id() const { return m_session_id; } + const std::vector<uint8_t>& session_id() const { return m_session_id; } - std::vector<u16bit> ciphersuites() const { return m_suites; } + std::vector<uint16_t> ciphersuites() const { return m_suites; } - std::vector<byte> compression_methods() const { return m_comp_methods; } + std::vector<uint8_t> compression_methods() const { return m_comp_methods; } - bool offered_suite(u16bit ciphersuite) const; + bool offered_suite(uint16_t ciphersuite) const; bool sent_fallback_scsv() const; @@ -155,11 +155,11 @@ class BOTAN_DLL Client_Hello final : public Handshake_Message return m_extensions.has<Renegotiation_Extension>(); } - std::vector<byte> renegotiation_info() const + std::vector<uint8_t> renegotiation_info() const { if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>()) return reneg->renegotiation_info(); - return std::vector<byte>(); + return std::vector<uint8_t>(); } bool supports_session_ticket() const @@ -167,11 +167,11 @@ class BOTAN_DLL Client_Hello final : public Handshake_Message return m_extensions.has<Session_Ticket>(); } - std::vector<byte> session_ticket() const + std::vector<uint8_t> session_ticket() const { if(Session_Ticket* ticket = m_extensions.get<Session_Ticket>()) return ticket->contents(); - return std::vector<byte>(); + return std::vector<uint8_t>(); } bool supports_alpn() const @@ -206,11 +206,11 @@ class BOTAN_DLL Client_Hello final : public Handshake_Message return std::vector<std::string>(); } - std::vector<u16bit> srtp_profiles() const + std::vector<uint16_t> srtp_profiles() const { if(SRTP_Protection_Profiles* srtp = m_extensions.get<SRTP_Protection_Profiles>()) return srtp->profiles(); - return std::vector<u16bit>(); + return std::vector<uint16_t>(); } void update_hello_cookie(const Hello_Verify_Request& hello_verify); @@ -222,7 +222,7 @@ class BOTAN_DLL Client_Hello final : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const std::vector<byte>& reneg_info, + const std::vector<uint8_t>& reneg_info, const Client_Hello::Settings& client_settings, const std::vector<std::string>& next_protocols); @@ -230,21 +230,21 @@ class BOTAN_DLL Client_Hello final : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const std::vector<byte>& reneg_info, + const std::vector<uint8_t>& reneg_info, const Session& resumed_session, const std::vector<std::string>& next_protocols); - explicit Client_Hello(const std::vector<byte>& buf); + explicit Client_Hello(const std::vector<uint8_t>& buf); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; Protocol_Version m_version; - std::vector<byte> m_session_id; - std::vector<byte> m_random; - std::vector<u16bit> m_suites; - std::vector<byte> m_comp_methods; - std::vector<byte> m_hello_cookie; // DTLS only + std::vector<uint8_t> m_session_id; + std::vector<uint8_t> m_random; + std::vector<uint16_t> m_suites; + std::vector<uint8_t> m_comp_methods; + std::vector<uint8_t> m_hello_cookie; // DTLS only Extensions m_extensions; }; @@ -258,10 +258,10 @@ class BOTAN_DLL Server_Hello final : public Handshake_Message class Settings { public: - Settings(const std::vector<byte> new_session_id, + Settings(const std::vector<uint8_t> new_session_id, Protocol_Version new_session_version, - u16bit ciphersuite, - byte compression, + uint16_t ciphersuite, + uint8_t compression, bool offer_session_ticket) : m_new_session_id(new_session_id), m_new_session_version(new_session_version), @@ -269,17 +269,17 @@ class BOTAN_DLL Server_Hello final : public Handshake_Message m_compression(compression), m_offer_session_ticket(offer_session_ticket) {}; - const std::vector<byte>& session_id() const { return m_new_session_id; }; + const std::vector<uint8_t>& session_id() const { return m_new_session_id; }; Protocol_Version protocol_version() const { return m_new_session_version; }; - u16bit ciphersuite() const { return m_ciphersuite; }; - byte compression() const { return m_compression; } + uint16_t ciphersuite() const { return m_ciphersuite; }; + uint8_t compression() const { return m_compression; } bool offer_session_ticket() const { return m_offer_session_ticket; } private: - const std::vector<byte> m_new_session_id; + const std::vector<uint8_t> m_new_session_id; Protocol_Version m_new_session_version; - u16bit m_ciphersuite; - byte m_compression; + uint16_t m_ciphersuite; + uint8_t m_compression; bool m_offer_session_ticket; }; @@ -288,24 +288,24 @@ class BOTAN_DLL Server_Hello final : public Handshake_Message Protocol_Version version() const { return m_version; } - const std::vector<byte>& random() const { return m_random; } + const std::vector<uint8_t>& random() const { return m_random; } - const std::vector<byte>& session_id() const { return m_session_id; } + const std::vector<uint8_t>& session_id() const { return m_session_id; } - u16bit ciphersuite() const { return m_ciphersuite; } + uint16_t ciphersuite() const { return m_ciphersuite; } - byte compression_method() const { return m_comp_method; } + uint8_t compression_method() const { return m_comp_method; } bool secure_renegotiation() const { return m_extensions.has<Renegotiation_Extension>(); } - std::vector<byte> renegotiation_info() const + std::vector<uint8_t> renegotiation_info() const { if(Renegotiation_Extension* reneg = m_extensions.get<Renegotiation_Extension>()) return reneg->renegotiation_info(); - return std::vector<byte>(); + return std::vector<uint8_t>(); } bool supports_extended_master_secret() const @@ -328,7 +328,7 @@ class BOTAN_DLL Server_Hello final : public Handshake_Message return m_extensions.has<Session_Ticket>(); } - u16bit srtp_profile() const + uint16_t srtp_profile() const { if(auto srtp = m_extensions.get<SRTP_Protection_Profiles>()) { @@ -364,7 +364,7 @@ class BOTAN_DLL Server_Hello final : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const std::vector<byte>& secure_reneg_info, + const std::vector<uint8_t>& secure_reneg_info, const Client_Hello& client_hello, const Server_Hello::Settings& settings, const std::string next_protocol); @@ -373,20 +373,20 @@ class BOTAN_DLL Server_Hello final : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const std::vector<byte>& secure_reneg_info, + const std::vector<uint8_t>& secure_reneg_info, const Client_Hello& client_hello, Session& resumed_session, bool offer_session_ticket, const std::string& next_protocol); - explicit Server_Hello(const std::vector<byte>& buf); + explicit Server_Hello(const std::vector<uint8_t>& buf); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; Protocol_Version m_version; - std::vector<byte> m_session_id, m_random; - u16bit m_ciphersuite; - byte m_comp_method; + std::vector<uint8_t> m_session_id, m_random; + uint16_t m_ciphersuite; + uint8_t m_comp_method; Extensions m_extensions; }; @@ -399,7 +399,7 @@ class Client_Key_Exchange final : public Handshake_Message public: Handshake_Type type() const override { return CLIENT_KEX; } - const secure_vector<byte>& pre_master_secret() const + const secure_vector<uint8_t>& pre_master_secret() const { return m_pre_master; } Client_Key_Exchange(Handshake_IO& io, @@ -410,7 +410,7 @@ class Client_Key_Exchange final : public Handshake_Message const std::string& hostname, RandomNumberGenerator& rng); - Client_Key_Exchange(const std::vector<byte>& buf, + Client_Key_Exchange(const std::vector<uint8_t>& buf, const Handshake_State& state, const Private_Key* server_rsa_kex_key, Credentials_Manager& creds, @@ -418,11 +418,11 @@ class Client_Key_Exchange final : public Handshake_Message RandomNumberGenerator& rng); private: - std::vector<byte> serialize() const override + std::vector<uint8_t> serialize() const override { return m_key_material; } - std::vector<byte> m_key_material; - secure_vector<byte> m_pre_master; + std::vector<uint8_t> m_key_material; + secure_vector<uint8_t> m_pre_master; }; /** @@ -441,9 +441,9 @@ class Certificate final : public Handshake_Message Handshake_Hash& hash, const std::vector<X509_Certificate>& certs); - explicit Certificate(const std::vector<byte>& buf, const Policy &policy); + explicit Certificate(const std::vector<uint8_t>& buf, const Policy &policy); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; std::vector<X509_Certificate> m_certs; }; @@ -458,14 +458,14 @@ class Certificate_Status final : public Handshake_Message std::shared_ptr<const OCSP::Response> response() const { return m_response; } - Certificate_Status(const std::vector<byte>& buf); + Certificate_Status(const std::vector<uint8_t>& buf); Certificate_Status(Handshake_IO& io, Handshake_Hash& hash, std::shared_ptr<const OCSP::Response> response); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; std::shared_ptr<const OCSP::Response> m_response; }; @@ -491,10 +491,10 @@ class Certificate_Req final : public Handshake_Message const std::vector<X509_DN>& allowed_cas, Protocol_Version version); - Certificate_Req(const std::vector<byte>& buf, + Certificate_Req(const std::vector<uint8_t>& buf, Protocol_Version version); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; std::vector<X509_DN> m_names; std::vector<std::string> m_cert_key_types; @@ -526,14 +526,14 @@ class BOTAN_DLL Certificate_Verify final : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* key); - Certificate_Verify(const std::vector<byte>& buf, + Certificate_Verify(const std::vector<uint8_t>& buf, Protocol_Version version); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; std::string m_sig_algo; // sig algo used to create signature std::string m_hash_algo; // hash used to create signature - std::vector<byte> m_signature; + std::vector<uint8_t> m_signature; }; /** @@ -544,7 +544,7 @@ class Finished final : public Handshake_Message public: Handshake_Type type() const override { return FINISHED; } - std::vector<byte> verify_data() const + std::vector<uint8_t> verify_data() const { return m_verification_data; } bool verify(const Handshake_State& state, @@ -554,11 +554,11 @@ class Finished final : public Handshake_Message Handshake_State& state, Connection_Side side); - explicit Finished(const std::vector<byte>& buf); + explicit Finished(const std::vector<uint8_t>& buf); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; - std::vector<byte> m_verification_data; + std::vector<uint8_t> m_verification_data; }; /** @@ -570,9 +570,9 @@ class BOTAN_DLL Hello_Request final : public Handshake_Message Handshake_Type type() const override { return HELLO_REQUEST; } explicit Hello_Request(Handshake_IO& io); - explicit Hello_Request(const std::vector<byte>& buf); + explicit Hello_Request(const std::vector<uint8_t>& buf); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; }; /** @@ -583,7 +583,7 @@ class Server_Key_Exchange final : public Handshake_Message public: Handshake_Type type() const override { return SERVER_KEX; } - const std::vector<byte>& params() const { return m_params; } + const std::vector<uint8_t>& params() const { return m_params; } bool verify(const Public_Key& server_key, const Handshake_State& state, @@ -617,14 +617,14 @@ class Server_Key_Exchange final : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* signing_key = nullptr); - Server_Key_Exchange(const std::vector<byte>& buf, + Server_Key_Exchange(const std::vector<uint8_t>& buf, const std::string& kex_alg, const std::string& sig_alg, Protocol_Version version); ~Server_Key_Exchange(); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; #if defined(BOTAN_HAS_SRP6) std::unique_ptr<SRP6_Server_Session> m_srp_params; @@ -636,11 +636,11 @@ class Server_Key_Exchange final : public Handshake_Message std::unique_ptr<Private_Key> m_kex_key; - std::vector<byte> m_params; + std::vector<uint8_t> m_params; std::string m_sig_algo; // sig algo used to create signature std::string m_hash_algo; // hash used to create signature - std::vector<byte> m_signature; + std::vector<uint8_t> m_signature; }; /** @@ -652,9 +652,9 @@ class Server_Hello_Done final : public Handshake_Message Handshake_Type type() const override { return SERVER_HELLO_DONE; } Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash); - explicit Server_Hello_Done(const std::vector<byte>& buf); + explicit Server_Hello_Done(const std::vector<uint8_t>& buf); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; }; /** @@ -665,23 +665,23 @@ class BOTAN_DLL New_Session_Ticket final : public Handshake_Message public: Handshake_Type type() const override { return NEW_SESSION_TICKET; } - u32bit ticket_lifetime_hint() const { return m_ticket_lifetime_hint; } - const std::vector<byte>& ticket() const { return m_ticket; } + uint32_t ticket_lifetime_hint() const { return m_ticket_lifetime_hint; } + const std::vector<uint8_t>& ticket() const { return m_ticket; } New_Session_Ticket(Handshake_IO& io, Handshake_Hash& hash, - const std::vector<byte>& ticket, - u32bit lifetime); + const std::vector<uint8_t>& ticket, + uint32_t lifetime); New_Session_Ticket(Handshake_IO& io, Handshake_Hash& hash); - explicit New_Session_Ticket(const std::vector<byte>& buf); + explicit New_Session_Ticket(const std::vector<uint8_t>& buf); private: - std::vector<byte> serialize() const override; + std::vector<uint8_t> serialize() const override; - u32bit m_ticket_lifetime_hint = 0; - std::vector<byte> m_ticket; + uint32_t m_ticket_lifetime_hint = 0; + std::vector<uint8_t> m_ticket; }; /** @@ -692,8 +692,8 @@ class Change_Cipher_Spec final : public Handshake_Message public: Handshake_Type type() const override { return HANDSHAKE_CCS; } - std::vector<byte> serialize() const override - { return std::vector<byte>(1, 1); } + std::vector<uint8_t> serialize() const override + { return std::vector<uint8_t>(1, 1); } }; } diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 84ba5e4bf..ccab54ca0 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -224,12 +224,12 @@ void Policy::check_peer_key_acceptable(const Public_Key& public_key) const /* * Return allowed compression algorithms */ -std::vector<byte> Policy::compression() const +std::vector<uint8_t> Policy::compression() const { - return std::vector<byte>{ NO_COMPRESSION }; + return std::vector<uint8_t>{ NO_COMPRESSION }; } -u32bit Policy::session_ticket_lifetime() const +uint32_t Policy::session_ticket_lifetime() const { return 86400; // ~1 day } @@ -289,9 +289,9 @@ size_t Policy::dtls_default_mtu() const return 1280 - 40 - 8; } -std::vector<u16bit> Policy::srtp_profiles() const +std::vector<uint16_t> Policy::srtp_profiles() const { - return std::vector<u16bit>(); + return std::vector<uint16_t>(); } namespace { @@ -367,7 +367,7 @@ class Ciphersuite_Preference_Ordering } -std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version, +std::vector<uint16_t> Policy::ciphersuite_list(Protocol_Version version, bool have_srp) const { const std::vector<std::string> ciphers = allowed_ciphers(); @@ -421,7 +421,7 @@ std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version, Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs); std::sort(ciphersuites.begin(), ciphersuites.end(), order); - std::vector<u16bit> ciphersuite_codes; + std::vector<uint16_t> ciphersuite_codes; for(auto i : ciphersuites) ciphersuite_codes.push_back(i.ciphersuite_code()); return ciphersuite_codes; diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index b577eb265..9fd3561a3 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -94,7 +94,7 @@ class BOTAN_DLL Policy * * @note Compression is not currently supported */ - virtual std::vector<byte> compression() const; + virtual std::vector<uint8_t> compression() const; /** * Choose an elliptic curve to use @@ -215,14 +215,14 @@ class BOTAN_DLL Policy * tickets do not expire until the session ticket key rolls over. * Expired session tickets cannot be used to resume a session. */ - virtual u32bit session_ticket_lifetime() const; + virtual uint32_t session_ticket_lifetime() const; /** * If this returns a non-empty vector, and DTLS is negotiated, * then we will also attempt to negotiate the SRTP extension from * RFC 5764 using the returned values as the profile ids. */ - virtual std::vector<u16bit> srtp_profiles() const; + virtual std::vector<uint16_t> srtp_profiles() const; /** * @return true if and only if we are willing to accept this version @@ -267,7 +267,7 @@ class BOTAN_DLL Policy /** * Return allowed ciphersuites, in order of preference */ - virtual std::vector<u16bit> ciphersuite_list(Protocol_Version version, + virtual std::vector<uint16_t> ciphersuite_list(Protocol_Version version, bool have_srp) const; /** @@ -450,15 +450,15 @@ class BOTAN_DLL Text_Policy : public Policy bool hide_unknown_users() const override { return get_bool("hide_unknown_users", Policy::hide_unknown_users()); } - u32bit session_ticket_lifetime() const override - { return static_cast<u32bit>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime())); } + uint32_t session_ticket_lifetime() const override + { return static_cast<uint32_t>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime())); } bool send_fallback_scsv(Protocol_Version version) const override { return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false; } - std::vector<u16bit> srtp_profiles() const override + std::vector<uint16_t> srtp_profiles() const override { - std::vector<u16bit> r; + std::vector<uint16_t> r; for(auto&& p : get_list("srtp_profiles", std::vector<std::string>())) { r.push_back(to_u32bit(p)); diff --git a/src/lib/tls/tls_reader.h b/src/lib/tls/tls_reader.h index 88bc4e932..e461d8ffc 100644 --- a/src/lib/tls/tls_reader.h +++ b/src/lib/tls/tls_reader.h @@ -24,7 +24,7 @@ namespace TLS { class TLS_Data_Reader { public: - TLS_Data_Reader(const char* type, const std::vector<byte>& buf_in) : + TLS_Data_Reader(const char* type, const std::vector<uint8_t>& buf_in) : m_typename(type), m_buf(buf_in), m_offset(0) {} void assert_done() const @@ -39,9 +39,9 @@ class TLS_Data_Reader bool has_remaining() const { return (remaining_bytes() > 0); } - std::vector<byte> get_remaining() + std::vector<uint8_t> get_remaining() { - return std::vector<byte>(m_buf.begin() + m_offset, m_buf.end()); + return std::vector<uint8_t>(m_buf.begin() + m_offset, m_buf.end()); } void discard_next(size_t bytes) @@ -50,27 +50,27 @@ class TLS_Data_Reader m_offset += bytes; } - u32bit get_u32bit() + uint32_t get_uint32_t() { assert_at_least(4); - u32bit result = make_u32bit(m_buf[m_offset ], m_buf[m_offset+1], + uint32_t result = make_uint32(m_buf[m_offset ], m_buf[m_offset+1], m_buf[m_offset+2], m_buf[m_offset+3]); m_offset += 4; return result; } - u16bit get_u16bit() + uint16_t get_uint16_t() { assert_at_least(2); - u16bit result = make_u16bit(m_buf[m_offset], m_buf[m_offset+1]); + uint16_t result = make_uint16(m_buf[m_offset], m_buf[m_offset+1]); m_offset += 2; return result; } - byte get_byte() + uint8_t get_byte() { assert_at_least(1); - byte result = m_buf[m_offset]; + uint8_t result = m_buf[m_offset]; m_offset += 1; return result; } @@ -116,8 +116,8 @@ class TLS_Data_Reader size_t min_bytes, size_t max_bytes) { - std::vector<byte> v = - get_range_vector<byte>(len_bytes, min_bytes, max_bytes); + std::vector<uint8_t> v = + get_range_vector<uint8_t>(len_bytes, min_bytes, max_bytes); return std::string(reinterpret_cast<char*>(v.data()), v.size()); } @@ -136,7 +136,7 @@ class TLS_Data_Reader if(len_bytes == 1) return get_byte(); else if(len_bytes == 2) - return get_u16bit(); + return get_uint16_t(); throw decode_error("Bad length size"); } @@ -174,7 +174,7 @@ class TLS_Data_Reader } const char* m_typename; - const std::vector<byte>& m_buf; + const std::vector<uint8_t>& m_buf; size_t m_offset; }; @@ -182,7 +182,7 @@ class TLS_Data_Reader * Helper function for encoding length-tagged vectors */ template<typename T, typename Alloc> -void append_tls_length_value(std::vector<byte, Alloc>& buf, +void append_tls_length_value(std::vector<uint8_t, Alloc>& buf, const T* vals, size_t vals_size, size_t tag_size) @@ -206,7 +206,7 @@ void append_tls_length_value(std::vector<byte, Alloc>& buf, } template<typename T, typename Alloc, typename Alloc2> -void append_tls_length_value(std::vector<byte, Alloc>& buf, +void append_tls_length_value(std::vector<uint8_t, Alloc>& buf, const std::vector<T, Alloc2>& vals, size_t tag_size) { @@ -214,12 +214,12 @@ void append_tls_length_value(std::vector<byte, Alloc>& buf, } template<typename Alloc> -void append_tls_length_value(std::vector<byte, Alloc>& buf, +void append_tls_length_value(std::vector<uint8_t, Alloc>& buf, const std::string& str, size_t tag_size) { append_tls_length_value(buf, - reinterpret_cast<const byte*>(str.data()), + reinterpret_cast<const uint8_t*>(str.data()), str.size(), tag_size); } diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 5eef2b4e2..71251398b 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -109,43 +109,43 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, } } -std::vector<byte> Connection_Cipher_State::aead_nonce(u64bit seq, RandomNumberGenerator& rng) +std::vector<uint8_t> Connection_Cipher_State::aead_nonce(uint64_t seq, RandomNumberGenerator& rng) { if(m_cbc_nonce) { if(m_nonce.size()) { - std::vector<byte> nonce; + std::vector<uint8_t> nonce; nonce.swap(m_nonce); return nonce; } - std::vector<byte> nonce(nonce_bytes_from_record()); + std::vector<uint8_t> nonce(nonce_bytes_from_record()); rng.randomize(nonce.data(), nonce.size()); return nonce; } else if(nonce_bytes_from_handshake() == 12) { - std::vector<byte> nonce(12); + std::vector<uint8_t> nonce(12); store_be(seq, nonce.data() + 4); xor_buf(nonce, m_nonce.data(), m_nonce.size()); return nonce; } else { - std::vector<byte> nonce = m_nonce; + std::vector<uint8_t> nonce = m_nonce; store_be(seq, &nonce[nonce_bytes_from_handshake()]); return nonce; } } -std::vector<byte> -Connection_Cipher_State::aead_nonce(const byte record[], size_t record_len, u64bit seq) +std::vector<uint8_t> +Connection_Cipher_State::aead_nonce(const uint8_t record[], size_t record_len, uint64_t seq) { if(m_cbc_nonce) { if(record_len < nonce_bytes_from_record()) throw Decoding_Error("Invalid CBC packet too short to be valid"); - std::vector<byte> nonce(record, record + nonce_bytes_from_record()); + std::vector<uint8_t> nonce(record, record + nonce_bytes_from_record()); return nonce; } else if(nonce_bytes_from_handshake() == 12) @@ -155,7 +155,7 @@ Connection_Cipher_State::aead_nonce(const byte record[], size_t record_len, u64b use the XOR nonce construction from draft-ietf-tls-chacha20-poly1305 */ - std::vector<byte> nonce(12); + std::vector<uint8_t> nonce(12); store_be(seq, nonce.data() + 4); xor_buf(nonce, m_nonce.data(), m_nonce.size()); return nonce; @@ -164,7 +164,7 @@ Connection_Cipher_State::aead_nonce(const byte record[], size_t record_len, u64b { if(record_len < nonce_bytes_from_record()) throw Decoding_Error("Invalid AEAD packet too short to be valid"); - std::vector<byte> nonce = m_nonce; + std::vector<uint8_t> nonce = m_nonce; copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record()); return nonce; } @@ -174,19 +174,19 @@ Connection_Cipher_State::aead_nonce(const byte record[], size_t record_len, u64b nonce_len == 0 is assumed to mean no nonce in the message but instead the AEAD uses the seq number in network order. */ - std::vector<byte> nonce = m_nonce; + std::vector<uint8_t> nonce = m_nonce; store_be(seq, &nonce[nonce_bytes_from_handshake()]); return nonce; } } -std::vector<byte> -Connection_Cipher_State::format_ad(u64bit msg_sequence, - byte msg_type, +std::vector<uint8_t> +Connection_Cipher_State::format_ad(uint64_t msg_sequence, + uint8_t msg_type, Protocol_Version version, - u16bit msg_length) + uint16_t msg_length) { - std::vector<byte> ad(13); + std::vector<uint8_t> ad(13); store_be(msg_sequence, &ad[0]); ad[8] = msg_type; @@ -200,7 +200,7 @@ Connection_Cipher_State::format_ad(u64bit msg_sequence, namespace { -inline void append_u16_len(secure_vector<byte>& output, size_t len_field) +inline void append_u16_len(secure_vector<uint8_t>& output, size_t len_field) { const uint16_t len16 = len_field; BOTAN_ASSERT_EQUAL(len_field, len16, "No truncation"); @@ -210,10 +210,10 @@ inline void append_u16_len(secure_vector<byte>& output, size_t len_field) } -void write_record(secure_vector<byte>& output, +void write_record(secure_vector<uint8_t>& output, Record_Message msg, Protocol_Version version, - u64bit seq, + uint64_t seq, Connection_Cipher_State* cs, RandomNumberGenerator& rng) { @@ -237,7 +237,7 @@ void write_record(secure_vector<byte>& output, } AEAD_Mode* aead = cs->aead(); - std::vector<byte> aad = cs->format_ad(seq, msg.get_type(), version, static_cast<u16bit>(msg.get_size())); + std::vector<uint8_t> aad = cs->format_ad(seq, msg.get_type(), version, static_cast<uint16_t>(msg.get_size())); const size_t ctext_size = aead->output_length(msg.get_size()); @@ -245,7 +245,7 @@ void write_record(secure_vector<byte>& output, aead->set_ad(aad); - const std::vector<byte> nonce = cs->aead_nonce(seq, rng); + const std::vector<uint8_t> nonce = cs->aead_nonce(seq, rng); append_u16_len(output, rec_size); @@ -269,8 +269,8 @@ void write_record(secure_vector<byte>& output, namespace { -size_t fill_buffer_to(secure_vector<byte>& readbuf, - const byte*& input, +size_t fill_buffer_to(secure_vector<uint8_t>& readbuf, + const uint8_t*& input, size_t& input_size, size_t& input_consumed, size_t desired) @@ -288,9 +288,9 @@ size_t fill_buffer_to(secure_vector<byte>& readbuf, return (desired - readbuf.size()); // how many bytes do we still need? } -void decrypt_record(secure_vector<byte>& output, - byte record_contents[], size_t record_len, - u64bit record_sequence, +void decrypt_record(secure_vector<uint8_t>& output, + uint8_t record_contents[], size_t record_len, + uint64_t record_sequence, Protocol_Version record_version, Record_Type record_type, Connection_Cipher_State& cs) @@ -298,14 +298,14 @@ void decrypt_record(secure_vector<byte>& output, AEAD_Mode* aead = cs.aead(); BOTAN_ASSERT(aead, "Cannot decrypt without cipher"); - const std::vector<byte> nonce = cs.aead_nonce(record_contents, record_len, record_sequence); - const byte* msg = &record_contents[cs.nonce_bytes_from_record()]; + const std::vector<uint8_t> nonce = cs.aead_nonce(record_contents, record_len, record_sequence); + const uint8_t* msg = &record_contents[cs.nonce_bytes_from_record()]; const size_t msg_length = record_len - cs.nonce_bytes_from_record(); const size_t ptext_size = aead->output_length(msg_length); aead->set_associated_data_vec( - cs.format_ad(record_sequence, record_type, record_version, static_cast<u16bit>(ptext_size)) + cs.format_ad(record_sequence, record_type, record_version, static_cast<uint16_t>(ptext_size)) ); aead->start(nonce); @@ -315,7 +315,7 @@ void decrypt_record(secure_vector<byte>& output, aead->finish(output, offset); } -size_t read_tls_record(secure_vector<byte>& readbuf, +size_t read_tls_record(secure_vector<uint8_t>& readbuf, Record_Raw_Input& raw_input, Record& rec, Connection_Sequence_Numbers* sequence_numbers, @@ -335,7 +335,7 @@ size_t read_tls_record(secure_vector<byte>& readbuf, BOTAN_ASSERT(!rec.get_protocol_version()->is_datagram_protocol(), "Expected TLS"); - const size_t record_size = make_u16bit(readbuf[TLS_HEADER_SIZE-2], + const size_t record_size = make_uint16(readbuf[TLS_HEADER_SIZE-2], readbuf[TLS_HEADER_SIZE-1]); if(record_size > MAX_CIPHERTEXT_SIZE) @@ -357,7 +357,7 @@ size_t read_tls_record(secure_vector<byte>& readbuf, *rec.get_type() = static_cast<Record_Type>(readbuf[0]); - u16bit epoch = 0; + uint16_t epoch = 0; if(sequence_numbers) { @@ -371,7 +371,7 @@ size_t read_tls_record(secure_vector<byte>& readbuf, epoch = 0; } - byte* record_contents = &readbuf[TLS_HEADER_SIZE]; + uint8_t* record_contents = &readbuf[TLS_HEADER_SIZE]; if(epoch == 0) // Unencrypted initial handshake { @@ -400,7 +400,7 @@ size_t read_tls_record(secure_vector<byte>& readbuf, return 0; } -size_t read_dtls_record(secure_vector<byte>& readbuf, +size_t read_dtls_record(secure_vector<uint8_t>& readbuf, Record_Raw_Input& raw_input, Record& rec, Connection_Sequence_Numbers* sequence_numbers, @@ -421,7 +421,7 @@ size_t read_dtls_record(secure_vector<byte>& readbuf, BOTAN_ASSERT(rec.get_protocol_version()->is_datagram_protocol(), "Expected DTLS"); - const size_t record_size = make_u16bit(readbuf[DTLS_HEADER_SIZE-2], + const size_t record_size = make_uint16(readbuf[DTLS_HEADER_SIZE-2], readbuf[DTLS_HEADER_SIZE-1]); if(record_size > MAX_CIPHERTEXT_SIZE) @@ -440,9 +440,9 @@ size_t read_dtls_record(secure_vector<byte>& readbuf, *rec.get_type() = static_cast<Record_Type>(readbuf[0]); - u16bit epoch = 0; + uint16_t epoch = 0; - *rec.get_sequence() = load_be<u64bit>(&readbuf[3], 0); + *rec.get_sequence() = load_be<uint64_t>(&readbuf[3], 0); epoch = (*rec.get_sequence() >> 48); if(sequence_numbers && sequence_numbers->already_seen(*rec.get_sequence())) @@ -451,7 +451,7 @@ size_t read_dtls_record(secure_vector<byte>& readbuf, return 0; } - byte* record_contents = &readbuf[DTLS_HEADER_SIZE]; + uint8_t* record_contents = &readbuf[DTLS_HEADER_SIZE]; if(epoch == 0) // Unencrypted initial handshake { @@ -491,7 +491,7 @@ size_t read_dtls_record(secure_vector<byte>& readbuf, } -size_t read_record(secure_vector<byte>& readbuf, +size_t read_record(secure_vector<uint8_t>& readbuf, Record_Raw_Input& raw_input, Record& rec, Connection_Sequence_Numbers* sequence_numbers, diff --git a/src/lib/tls/tls_record.h b/src/lib/tls/tls_record.h index d4a2a9372..ebb83c484 100644 --- a/src/lib/tls/tls_record.h +++ b/src/lib/tls/tls_record.h @@ -44,13 +44,13 @@ class Connection_Cipher_State AEAD_Mode* aead() { return m_aead.get(); } - std::vector<byte> aead_nonce(u64bit seq, RandomNumberGenerator& rng); + std::vector<uint8_t> aead_nonce(uint64_t seq, RandomNumberGenerator& rng); - std::vector<byte> aead_nonce(const byte record[], size_t record_len, u64bit seq); + std::vector<uint8_t> aead_nonce(const uint8_t record[], size_t record_len, uint64_t seq); - std::vector<byte> format_ad(u64bit seq, byte type, + std::vector<uint8_t> format_ad(uint64_t seq, uint8_t type, Protocol_Version version, - u16bit ptext_length); + uint16_t ptext_length); size_t nonce_bytes_from_handshake() const { return m_nonce_bytes_from_handshake; } size_t nonce_bytes_from_record() const { return m_nonce_bytes_from_record; } @@ -66,7 +66,7 @@ class Connection_Cipher_State std::chrono::system_clock::time_point m_start_time; std::unique_ptr<AEAD_Mode> m_aead; - std::vector<byte> m_nonce; + std::vector<uint8_t> m_nonce; size_t m_nonce_bytes_from_handshake; size_t m_nonce_bytes_from_record; bool m_cbc_nonce; @@ -75,26 +75,26 @@ class Connection_Cipher_State class Record { public: - Record(secure_vector<byte>& data, - u64bit* sequence, + Record(secure_vector<uint8_t>& data, + uint64_t* sequence, Protocol_Version* protocol_version, Record_Type* type) : m_data(data), m_sequence(sequence), m_protocol_version(protocol_version), m_type(type), m_size(data.size()) {}; - secure_vector<byte>& get_data() { return m_data; } + secure_vector<uint8_t>& get_data() { return m_data; } Protocol_Version* get_protocol_version() { return m_protocol_version; } - u64bit* get_sequence() { return m_sequence; } + uint64_t* get_sequence() { return m_sequence; } Record_Type* get_type() { return m_type; } size_t& get_size() { return m_size; } private: - secure_vector<byte>& m_data; - u64bit* m_sequence; + secure_vector<uint8_t>& m_data; + uint64_t* m_sequence; Protocol_Version* m_protocol_version; Record_Type* m_type; size_t m_size; @@ -103,33 +103,33 @@ class Record class Record_Message { public: - Record_Message(const byte* data, size_t size) + Record_Message(const uint8_t* data, size_t size) : m_type(0), m_sequence(0), m_data(data), m_size(size) {}; - Record_Message(byte type, u64bit sequence, const byte* data, size_t size) + Record_Message(uint8_t type, uint64_t sequence, const uint8_t* data, size_t size) : m_type(type), m_sequence(sequence), m_data(data), m_size(size) {}; - byte& get_type() { return m_type; }; - u64bit& get_sequence() { return m_sequence; }; - const byte* get_data() { return m_data; }; + uint8_t& get_type() { return m_type; }; + uint64_t& get_sequence() { return m_sequence; }; + const uint8_t* get_data() { return m_data; }; size_t& get_size() { return m_size; }; private: - byte m_type; - u64bit m_sequence; - const byte* m_data; + uint8_t m_type; + uint64_t m_sequence; + const uint8_t* m_data; size_t m_size; }; class Record_Raw_Input { public: - Record_Raw_Input(const byte* data, size_t size, size_t& consumed, + Record_Raw_Input(const uint8_t* data, size_t size, size_t& consumed, bool is_datagram) : m_data(data), m_size(size), m_consumed(consumed), m_is_datagram(is_datagram) {}; - const byte*& get_data() { return m_data; }; + const uint8_t*& get_data() { return m_data; }; size_t& get_size() { return m_size; }; @@ -139,7 +139,7 @@ class Record_Raw_Input bool is_datagram() { return m_is_datagram; }; private: - const byte* m_data; + const uint8_t* m_data; size_t m_size; size_t& m_consumed; bool m_is_datagram; @@ -155,21 +155,21 @@ class Record_Raw_Input * @param cipherstate is the writing cipher state * @param rng is a random number generator */ -void write_record(secure_vector<byte>& write_buffer, +void write_record(secure_vector<uint8_t>& write_buffer, Record_Message rec_msg, Protocol_Version version, - u64bit msg_sequence, + uint64_t msg_sequence, Connection_Cipher_State* cipherstate, RandomNumberGenerator& rng); // epoch -> cipher state -typedef std::function<std::shared_ptr<Connection_Cipher_State> (u16bit)> get_cipherstate_fn; +typedef std::function<std::shared_ptr<Connection_Cipher_State> (uint16_t)> get_cipherstate_fn; /** * Decode a TLS record * @return zero if full message, else number of bytes still needed */ -size_t read_record(secure_vector<byte>& read_buffer, +size_t read_record(secure_vector<uint8_t>& read_buffer, Record_Raw_Input& raw_input, Record& rec, Connection_Sequence_Numbers* sequence_numbers, diff --git a/src/lib/tls/tls_seq_numbers.h b/src/lib/tls/tls_seq_numbers.h index aa0cfe1f4..ece329494 100644 --- a/src/lib/tls/tls_seq_numbers.h +++ b/src/lib/tls/tls_seq_numbers.h @@ -22,14 +22,14 @@ class Connection_Sequence_Numbers virtual void new_read_cipher_state() = 0; virtual void new_write_cipher_state() = 0; - virtual u16bit current_read_epoch() const = 0; - virtual u16bit current_write_epoch() const = 0; + virtual uint16_t current_read_epoch() const = 0; + virtual uint16_t current_write_epoch() const = 0; - virtual u64bit next_write_sequence(u16bit) = 0; - virtual u64bit next_read_sequence() = 0; + virtual uint64_t next_write_sequence(uint16_t) = 0; + virtual uint64_t next_read_sequence() = 0; - virtual bool already_seen(u64bit seq) const = 0; - virtual void read_accept(u64bit seq) = 0; + virtual bool already_seen(uint64_t seq) const = 0; + virtual void read_accept(uint64_t seq) = 0; }; class Stream_Sequence_Numbers final : public Connection_Sequence_Numbers @@ -38,19 +38,19 @@ class Stream_Sequence_Numbers final : public Connection_Sequence_Numbers void new_read_cipher_state() override { m_read_seq_no = 0; m_read_epoch += 1; } void new_write_cipher_state() override { m_write_seq_no = 0; m_write_epoch += 1; } - u16bit current_read_epoch() const override { return m_read_epoch; } - u16bit current_write_epoch() const override { return m_write_epoch; } + uint16_t current_read_epoch() const override { return m_read_epoch; } + uint16_t current_write_epoch() const override { return m_write_epoch; } - u64bit next_write_sequence(u16bit) override { return m_write_seq_no++; } - u64bit next_read_sequence() override { return m_read_seq_no; } + uint64_t next_write_sequence(uint16_t) override { return m_write_seq_no++; } + uint64_t next_read_sequence() override { return m_read_seq_no; } - bool already_seen(u64bit) const override { return false; } - void read_accept(u64bit) override { m_read_seq_no++; } + bool already_seen(uint64_t) const override { return false; } + void read_accept(uint64_t) override { m_read_seq_no++; } private: - u64bit m_write_seq_no = 0; - u64bit m_read_seq_no = 0; - u16bit m_read_epoch = 0; - u16bit m_write_epoch = 0; + uint64_t m_write_seq_no = 0; + uint64_t m_read_seq_no = 0; + uint16_t m_read_epoch = 0; + uint16_t m_write_epoch = 0; }; class Datagram_Sequence_Numbers final : public Connection_Sequence_Numbers @@ -66,29 +66,29 @@ class Datagram_Sequence_Numbers final : public Connection_Sequence_Numbers m_write_seqs[m_write_epoch] = 0; } - u16bit current_read_epoch() const override { return m_read_epoch; } - u16bit current_write_epoch() const override { return m_write_epoch; } + uint16_t current_read_epoch() const override { return m_read_epoch; } + uint16_t current_write_epoch() const override { return m_write_epoch; } - u64bit next_write_sequence(u16bit epoch) override + uint64_t next_write_sequence(uint16_t epoch) override { auto i = m_write_seqs.find(epoch); BOTAN_ASSERT(i != m_write_seqs.end(), "Found epoch"); - return (static_cast<u64bit>(epoch) << 48) | i->second++; + return (static_cast<uint64_t>(epoch) << 48) | i->second++; } - u64bit next_read_sequence() override + uint64_t next_read_sequence() override { throw Exception("DTLS uses explicit sequence numbers"); } - bool already_seen(u64bit sequence) const override + bool already_seen(uint64_t sequence) const override { const size_t window_size = sizeof(m_window_bits) * 8; if(sequence > m_window_highest) return false; - const u64bit offset = m_window_highest - sequence; + const uint64_t offset = m_window_highest - sequence; if(offset >= window_size) return true; // really old? @@ -96,7 +96,7 @@ class Datagram_Sequence_Numbers final : public Connection_Sequence_Numbers return (((m_window_bits >> offset) & 1) == 1); } - void read_accept(u64bit sequence) override + void read_accept(uint64_t sequence) override { const size_t window_size = sizeof(m_window_bits) * 8; @@ -114,17 +114,17 @@ class Datagram_Sequence_Numbers final : public Connection_Sequence_Numbers } else { - const u64bit offset = m_window_highest - sequence; - m_window_bits |= (static_cast<u64bit>(1) << offset); + const uint64_t offset = m_window_highest - sequence; + m_window_bits |= (static_cast<uint64_t>(1) << offset); } } private: - std::map<u16bit, u64bit> m_write_seqs; - u16bit m_write_epoch = 0; - u16bit m_read_epoch = 0; - u64bit m_window_highest = 0; - u64bit m_window_bits = 0; + std::map<uint16_t, uint64_t> m_write_seqs; + uint16_t m_write_epoch = 0; + uint16_t m_read_epoch = 0; + uint64_t m_window_highest = 0; + uint64_t m_window_bits = 0; }; } diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 78c7704cc..1d42a6d25 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -51,8 +51,8 @@ bool check_for_resume(Session& session_info, const Client_Hello* client_hello, std::chrono::seconds session_ticket_lifetime) { - const std::vector<byte>& client_session_id = client_hello->session_id(); - const std::vector<byte>& session_ticket = client_hello->session_ticket(); + const std::vector<uint8_t>& client_session_id = client_hello->session_id(); + const std::vector<uint8_t>& session_ticket = client_hello->session_ticket(); if(session_ticket.empty()) { @@ -149,7 +149,7 @@ bool check_for_resume(Session& session_info, /* * Choose which ciphersuite to use */ -u16bit choose_ciphersuite( +uint16_t choose_ciphersuite( const Policy& policy, Protocol_Version version, Credentials_Manager& creds, @@ -158,8 +158,8 @@ u16bit choose_ciphersuite( { const bool our_choice = policy.server_uses_own_ciphersuite_preferences(); const bool have_srp = creds.attempt_srp("tls-server", client_hello.sni_hostname()); - const std::vector<u16bit> client_suites = client_hello.ciphersuites(); - const std::vector<u16bit> server_suites = policy.ciphersuite_list(version, have_srp); + const std::vector<uint16_t> client_suites = client_hello.ciphersuites(); + const std::vector<uint16_t> server_suites = policy.ciphersuite_list(version, have_srp); if(server_suites.empty()) throw TLS_Exception(Alert::HANDSHAKE_FAILURE, @@ -172,8 +172,8 @@ u16bit choose_ciphersuite( Walk down one list in preference order */ - std::vector<u16bit> pref_list = server_suites; - std::vector<u16bit> other_list = client_suites; + std::vector<uint16_t> pref_list = server_suites; + std::vector<uint16_t> other_list = client_suites; if(!our_choice) std::swap(pref_list, other_list); @@ -230,10 +230,10 @@ u16bit choose_ciphersuite( /* * Choose which compression algorithm to use */ -byte choose_compression(const Policy& policy, - const std::vector<byte>& c_comp) +uint8_t choose_compression(const Policy& policy, + const std::vector<uint8_t>& c_comp) { - std::vector<byte> s_comp = policy.compression(); + std::vector<uint8_t> s_comp = policy.compression(); for(size_t i = 0; i != s_comp.size(); ++i) for(size_t j = 0; j != c_comp.size(); ++j) @@ -352,7 +352,7 @@ void Server::initiate_handshake(Handshake_State& state, */ void Server::process_client_hello_msg(const Handshake_State* active_state, Server_Handshake_State& pending_state, - const std::vector<byte>& contents) + const std::vector<uint8_t>& contents) { const bool initial_handshake = !active_state; @@ -470,14 +470,14 @@ void Server::process_client_hello_msg(const Handshake_State* active_state, } void Server::process_certificate_msg(Server_Handshake_State& pending_state, - const std::vector<byte>& contents) + const std::vector<uint8_t>& contents) { pending_state.client_certs(new Certificate(contents, policy())); pending_state.set_expected_next(CLIENT_KEX); } void Server::process_client_key_exchange_msg(Server_Handshake_State& pending_state, - const std::vector<byte>& contents) + const std::vector<uint8_t>& contents) { if(pending_state.received_handshake_msg(CERTIFICATE) && !pending_state.client_certs()->empty()) pending_state.set_expected_next(CERTIFICATE_VERIFY); @@ -501,7 +501,7 @@ void Server::process_change_cipher_spec_msg(Server_Handshake_State& pending_stat void Server::process_certificate_verify_msg(Server_Handshake_State& pending_state, Handshake_Type type, - const std::vector<byte>& contents) + const std::vector<uint8_t>& contents) { pending_state.client_verify ( new Certificate_Verify ( contents, pending_state.version() ) ); @@ -543,7 +543,7 @@ void Server::process_certificate_verify_msg(Server_Handshake_State& pending_stat void Server::process_finished_msg(Server_Handshake_State& pending_state, Handshake_Type type, - const std::vector<byte>& contents) + const std::vector<uint8_t>& contents) { pending_state.set_expected_next ( HANDSHAKE_NONE ); @@ -569,7 +569,7 @@ void Server::process_finished_msg(Server_Handshake_State& pending_state, pending_state.server_hello()->supports_extended_master_secret(), pending_state.server_hello()->supports_encrypt_then_mac(), get_peer_cert_chain ( pending_state ), - std::vector<byte>(), + std::vector<uint8_t>(), Server_Information(pending_state.client_hello()->sni_hostname()), pending_state.srp_identifier(), pending_state.server_hello()->srtp_profile() @@ -621,7 +621,7 @@ void Server::process_finished_msg(Server_Handshake_State& pending_state, void Server::process_handshake_msg(const Handshake_State* active_state, Handshake_State& state_base, Handshake_Type type, - const std::vector<byte>& contents) + const std::vector<uint8_t>& contents) { Server_Handshake_State& state = dynamic_cast<Server_Handshake_State&>(state_base); state.confirm_transition_to(type); diff --git a/src/lib/tls/tls_server.h b/src/lib/tls/tls_server.h index 051eda445..bea498ab7 100644 --- a/src/lib/tls/tls_server.h +++ b/src/lib/tls/tls_server.h @@ -112,27 +112,27 @@ class BOTAN_DLL Server final : public Channel void process_handshake_msg(const Handshake_State* active_state, Handshake_State& pending_state, Handshake_Type type, - const std::vector<byte>& contents) override; + const std::vector<uint8_t>& contents) override; void process_client_hello_msg(const Handshake_State* active_state, Server_Handshake_State& pending_state, - const std::vector<byte>& contents); + const std::vector<uint8_t>& contents); void process_certificate_msg(Server_Handshake_State& pending_state, - const std::vector<byte>& contents); + const std::vector<uint8_t>& contents); void process_client_key_exchange_msg(Server_Handshake_State& pending_state, - const std::vector<byte>& contents); + const std::vector<uint8_t>& contents); void process_change_cipher_spec_msg(Server_Handshake_State& pending_state); void process_certificate_verify_msg(Server_Handshake_State& pending_state, Handshake_Type type, - const std::vector<byte>& contents); + const std::vector<uint8_t>& contents); void process_finished_msg(Server_Handshake_State& pending_state, Handshake_Type type, - const std::vector<byte>& contents); + const std::vector<uint8_t>& contents); void session_resume(Server_Handshake_State& pending_state, bool have_session_ticket_key, diff --git a/src/lib/tls/tls_server_info.h b/src/lib/tls/tls_server_info.h index cd46aea3f..06b4f088a 100644 --- a/src/lib/tls/tls_server_info.h +++ b/src/lib/tls/tls_server_info.h @@ -32,7 +32,7 @@ class BOTAN_DLL Server_Information * TCP/UDP). Zero represents unknown. */ Server_Information(const std::string& hostname, - u16bit port = 0) : + uint16_t port = 0) : m_hostname(hostname), m_service(""), m_port(port) {} /** @@ -44,7 +44,7 @@ class BOTAN_DLL Server_Information */ Server_Information(const std::string& hostname, const std::string& service, - u16bit port = 0) : + uint16_t port = 0) : m_hostname(hostname), m_service(service), m_port(port) {} /** @@ -61,7 +61,7 @@ class BOTAN_DLL Server_Information /** * @return the protocol port of the server, or zero if unknown */ - u16bit port() const { return m_port; } + uint16_t port() const { return m_port; } /** * @return whether the hostname is known @@ -70,7 +70,7 @@ class BOTAN_DLL Server_Information private: std::string m_hostname, m_service; - u16bit m_port; + uint16_t m_port; }; inline bool operator==(const Server_Information& a, const Server_Information& b) diff --git a/src/lib/tls/tls_session.cpp b/src/lib/tls/tls_session.cpp index d6b52846f..d82c490ab 100644 --- a/src/lib/tls/tls_session.cpp +++ b/src/lib/tls/tls_session.cpp @@ -17,19 +17,19 @@ namespace Botan { namespace TLS { -Session::Session(const std::vector<byte>& session_identifier, - const secure_vector<byte>& master_secret, +Session::Session(const std::vector<uint8_t>& session_identifier, + const secure_vector<uint8_t>& master_secret, Protocol_Version version, - u16bit ciphersuite, - byte compression_method, + uint16_t ciphersuite, + uint8_t compression_method, Connection_Side side, bool extended_master_secret, bool encrypt_then_mac, const std::vector<X509_Certificate>& certs, - const std::vector<byte>& ticket, + const std::vector<uint8_t>& ticket, const Server_Information& server_info, const std::string& srp_identifier, - u16bit srtp_profile) : + uint16_t srtp_profile) : m_start_time(std::chrono::system_clock::now()), m_identifier(session_identifier), m_session_ticket(ticket), @@ -49,14 +49,14 @@ Session::Session(const std::vector<byte>& session_identifier, Session::Session(const std::string& pem) { - secure_vector<byte> der = PEM_Code::decode_check_label(pem, "TLS SESSION"); + secure_vector<uint8_t> der = PEM_Code::decode_check_label(pem, "TLS SESSION"); *this = Session(der.data(), der.size()); } -Session::Session(const byte ber[], size_t ber_len) +Session::Session(const uint8_t ber[], size_t ber_len) { - byte side_code = 0; + uint8_t side_code = 0; ASN1_String server_hostname; ASN1_String server_service; @@ -64,8 +64,8 @@ Session::Session(const byte ber[], size_t ber_len) ASN1_String srp_identifier_str; - byte major_version = 0, minor_version = 0; - std::vector<byte> peer_cert_bits; + uint8_t major_version = 0, minor_version = 0; + std::vector<uint8_t> peer_cert_bits; size_t start_time = 0; size_t srtp_profile = 0; @@ -109,11 +109,11 @@ Session::Session(const byte ber[], size_t ber_len) m_version = Protocol_Version(major_version, minor_version); m_start_time = std::chrono::system_clock::from_time_t(start_time); m_connection_side = static_cast<Connection_Side>(side_code); - m_srtp_profile = static_cast<u16bit>(srtp_profile); + m_srtp_profile = static_cast<uint16_t>(srtp_profile); m_server_info = Server_Information(server_hostname.value(), server_service.value(), - static_cast<u16bit>(server_port)); + static_cast<uint16_t>(server_port)); m_srp_identifier = srp_identifier_str.value(); @@ -126,9 +126,9 @@ Session::Session(const byte ber[], size_t ber_len) } } -secure_vector<byte> Session::DER_encode() const +secure_vector<uint8_t> Session::DER_encode() const { - std::vector<byte> peer_cert_bits; + std::vector<uint8_t> peer_cert_bits; for(size_t i = 0; i != m_peer_certs.size(); ++i) peer_cert_bits += m_peer_certs[i].BER_encode(); @@ -168,14 +168,14 @@ std::chrono::seconds Session::session_age() const std::chrono::system_clock::now() - m_start_time); } -std::vector<byte> +std::vector<uint8_t> Session::encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const { std::unique_ptr<AEAD_Mode> aead(get_aead("AES-256/GCM", ENCRYPTION)); const size_t nonce_len = aead->default_nonce_length(); - const secure_vector<byte> nonce = rng.random_vec(nonce_len); - const secure_vector<byte> bits = this->DER_encode(); + const secure_vector<uint8_t> nonce = rng.random_vec(nonce_len); + const secure_vector<uint8_t> bits = this->DER_encode(); // Support any length key for input std::unique_ptr<MessageAuthenticationCode> hmac(MessageAuthenticationCode::create("HMAC(SHA-256)")); @@ -183,14 +183,14 @@ Session::encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const hmac->update(nonce); aead->set_key(hmac->final()); - secure_vector<byte> buf = nonce; + secure_vector<uint8_t> buf = nonce; buf += bits; aead->start(buf.data(), nonce_len); aead->finish(buf, nonce_len); return unlock(buf); } -Session Session::decrypt(const byte in[], size_t in_len, const SymmetricKey& key) +Session Session::decrypt(const uint8_t in[], size_t in_len, const SymmetricKey& key) { try { @@ -207,7 +207,7 @@ Session Session::decrypt(const byte in[], size_t in_len, const SymmetricKey& key aead->set_key(hmac->final()); aead->start(in, nonce_len); - secure_vector<byte> buf(in + nonce_len, in + in_len); + secure_vector<uint8_t> buf(in + nonce_len, in + in_len); aead->finish(buf, 0); return Session(buf.data(), buf.size()); diff --git a/src/lib/tls/tls_session.h b/src/lib/tls/tls_session.h index 5530632db..115409014 100644 --- a/src/lib/tls/tls_session.h +++ b/src/lib/tls/tls_session.h @@ -45,26 +45,26 @@ class BOTAN_DLL Session /** * New session (sets session start time) */ - Session(const std::vector<byte>& session_id, - const secure_vector<byte>& master_secret, + Session(const std::vector<uint8_t>& session_id, + const secure_vector<uint8_t>& master_secret, Protocol_Version version, - u16bit ciphersuite, - byte compression_method, + uint16_t ciphersuite, + uint8_t compression_method, Connection_Side side, bool supports_extended_master_secret, bool supports_encrypt_then_mac, const std::vector<X509_Certificate>& peer_certs, - const std::vector<byte>& session_ticket, + const std::vector<uint8_t>& session_ticket, const Server_Information& server_info, const std::string& srp_identifier, - u16bit srtp_profile); + uint16_t srtp_profile); /** * Load a session from DER representation (created by DER_encode) * @param ber DER representation buffer * @param ber_len size of buffer in bytes */ - Session(const byte ber[], size_t ber_len); + Session(const uint8_t ber[], size_t ber_len); /** * Load a session from PEM representation (created by PEM_encode) @@ -77,12 +77,12 @@ class BOTAN_DLL Session * @warning if the master secret is compromised so is the * session traffic */ - secure_vector<byte> DER_encode() const; + secure_vector<uint8_t> DER_encode() const; /** * Encrypt a session (useful for serialization or session tickets) */ - std::vector<byte> encrypt(const SymmetricKey& key, + std::vector<uint8_t> encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const; @@ -92,7 +92,7 @@ class BOTAN_DLL Session * @param ctext_size the size of ctext in bytes * @param key the same key used by the encrypting side */ - static Session decrypt(const byte ctext[], + static Session decrypt(const uint8_t ctext[], size_t ctext_size, const SymmetricKey& key); @@ -101,7 +101,7 @@ class BOTAN_DLL Session * @param ctext the ciphertext returned by encrypt * @param key the same key used by the encrypting side */ - static inline Session decrypt(const std::vector<byte>& ctext, + static inline Session decrypt(const std::vector<uint8_t>& ctext, const SymmetricKey& key) { return Session::decrypt(ctext.data(), ctext.size(), key); @@ -122,7 +122,7 @@ class BOTAN_DLL Session /** * Get the ciphersuite code of the saved session */ - u16bit ciphersuite_code() const { return m_ciphersuite; } + uint16_t ciphersuite_code() const { return m_ciphersuite; } /** * Get the ciphersuite info of the saved session @@ -132,7 +132,7 @@ class BOTAN_DLL Session /** * Get the compression method used in the saved session */ - byte compression_method() const { return m_compression_method; } + uint8_t compression_method() const { return m_compression_method; } /** * Get which side of the connection the resumed session we are/were @@ -148,17 +148,17 @@ class BOTAN_DLL Session /** * Get the saved master secret */ - const secure_vector<byte>& master_secret() const { return m_master_secret; } + const secure_vector<uint8_t>& master_secret() const { return m_master_secret; } /** * Get the session identifier */ - const std::vector<byte>& session_id() const { return m_identifier; } + const std::vector<uint8_t>& session_id() const { return m_identifier; } /** * Get the negotiated DTLS-SRTP algorithm (RFC 5764) */ - u16bit dtls_srtp_profile() const { return m_srtp_profile; } + uint16_t dtls_srtp_profile() const { return m_srtp_profile; } bool supports_extended_master_secret() const { return m_extended_master_secret; } @@ -182,7 +182,7 @@ class BOTAN_DLL Session /** * Return the session ticket the server gave us */ - const std::vector<byte>& session_ticket() const { return m_session_ticket; } + const std::vector<uint8_t>& session_ticket() const { return m_session_ticket; } /** * @return information about the TLS server @@ -194,15 +194,15 @@ class BOTAN_DLL Session std::chrono::system_clock::time_point m_start_time; - std::vector<byte> m_identifier; - std::vector<byte> m_session_ticket; // only used by client side - secure_vector<byte> m_master_secret; + std::vector<uint8_t> m_identifier; + std::vector<uint8_t> m_session_ticket; // only used by client side + secure_vector<uint8_t> m_master_secret; Protocol_Version m_version; - u16bit m_ciphersuite; - byte m_compression_method; + uint16_t m_ciphersuite; + uint8_t m_compression_method; Connection_Side m_connection_side; - u16bit m_srtp_profile; + uint16_t m_srtp_profile; bool m_extended_master_secret; bool m_encrypt_then_mac; diff --git a/src/lib/tls/tls_session_key.cpp b/src/lib/tls/tls_session_key.cpp index 193af8d9f..d2aff858f 100644 --- a/src/lib/tls/tls_session_key.cpp +++ b/src/lib/tls/tls_session_key.cpp @@ -17,7 +17,7 @@ namespace TLS { * Session_Keys Constructor */ Session_Keys::Session_Keys(const Handshake_State* state, - const secure_vector<byte>& pre_master_secret, + const secure_vector<uint8_t>& pre_master_secret, bool resuming) { const size_t cipher_keylen = state->ciphersuite().cipher_keylen(); @@ -28,14 +28,14 @@ Session_Keys::Session_Keys(const Handshake_State* state, const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_nonce_bytes); - const byte MASTER_SECRET_MAGIC[] = { + const uint8_t MASTER_SECRET_MAGIC[] = { 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 }; - const byte EXT_MASTER_SECRET_MAGIC[] = { + const uint8_t EXT_MASTER_SECRET_MAGIC[] = { 0x65, 0x78, 0x74, 0x65, 0x6E, 0x64, 0x65, 0x64, 0x20, 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 }; - const byte KEY_GEN_MAGIC[] = { + const uint8_t KEY_GEN_MAGIC[] = { 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E }; std::unique_ptr<KDF> prf(state->protocol_specific_prf()); @@ -47,8 +47,8 @@ Session_Keys::Session_Keys(const Handshake_State* state, } else { - secure_vector<byte> salt; - secure_vector<byte> label; + secure_vector<uint8_t> salt; + secure_vector<uint8_t> label; if(extended_master_secret) { label += std::make_pair(EXT_MASTER_SECRET_MAGIC, sizeof(EXT_MASTER_SECRET_MAGIC)); @@ -65,15 +65,15 @@ Session_Keys::Session_Keys(const Handshake_State* state, m_master_sec = prf->derive_key(48, pre_master_secret, salt, label); } - secure_vector<byte> salt; - secure_vector<byte> label; + secure_vector<uint8_t> salt; + secure_vector<uint8_t> label; label += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); salt += state->server_hello()->random(); salt += state->client_hello()->random(); SymmetricKey keyblock = prf->derive_key(prf_gen, m_master_sec, salt, label); - const byte* key_data = keyblock.begin(); + const uint8_t* key_data = keyblock.begin(); m_c_mac = SymmetricKey(key_data, mac_keylen); key_data += mac_keylen; diff --git a/src/lib/tls/tls_session_key.h b/src/lib/tls/tls_session_key.h index 8399a9676..c2c082d4a 100644 --- a/src/lib/tls/tls_session_key.h +++ b/src/lib/tls/tls_session_key.h @@ -55,7 +55,7 @@ class Session_Keys /** * @return TLS master secret */ - const secure_vector<byte>& master_secret() const { return m_master_sec; } + const secure_vector<uint8_t>& master_secret() const { return m_master_sec; } Session_Keys() {} @@ -65,11 +65,11 @@ class Session_Keys * @param resuming whether this TLS session is resumed */ Session_Keys(const Handshake_State* state, - const secure_vector<byte>& pre_master_secret, + const secure_vector<uint8_t>& pre_master_secret, bool resuming); private: - secure_vector<byte> m_master_sec; + secure_vector<uint8_t> m_master_sec; SymmetricKey m_c_cipher, m_s_cipher, m_c_mac, m_s_mac; InitializationVector m_c_iv, m_s_iv; }; diff --git a/src/lib/tls/tls_session_manager.h b/src/lib/tls/tls_session_manager.h index ca6712e1f..88b73c73a 100644 --- a/src/lib/tls/tls_session_manager.h +++ b/src/lib/tls/tls_session_manager.h @@ -36,7 +36,7 @@ class BOTAN_DLL Session_Manager or not modified if not found * @return true if session was modified */ - virtual bool load_from_session_id(const std::vector<byte>& session_id, + virtual bool load_from_session_id(const std::vector<uint8_t>& session_id, Session& session) = 0; /** @@ -52,7 +52,7 @@ class BOTAN_DLL Session_Manager /** * Remove this session id from the cache, if it exists */ - virtual void remove_entry(const std::vector<byte>& session_id) = 0; + virtual void remove_entry(const std::vector<uint8_t>& session_id) = 0; /** * Remove all sessions from the cache, return number of sessions deleted @@ -86,13 +86,13 @@ class BOTAN_DLL Session_Manager class BOTAN_DLL Session_Manager_Noop : public Session_Manager { public: - bool load_from_session_id(const std::vector<byte>&, Session&) override + bool load_from_session_id(const std::vector<uint8_t>&, Session&) override { return false; } bool load_from_server_info(const Server_Information&, Session&) override { return false; } - void remove_entry(const std::vector<byte>&) override {} + void remove_entry(const std::vector<uint8_t>&) override {} size_t remove_all() override { return 0; } @@ -121,13 +121,13 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager std::chrono::seconds session_lifetime = std::chrono::seconds(7200)); - bool load_from_session_id(const std::vector<byte>& session_id, + bool load_from_session_id(const std::vector<uint8_t>& session_id, Session& session) override; bool load_from_server_info(const Server_Information& info, Session& session) override; - void remove_entry(const std::vector<byte>& session_id) override; + void remove_entry(const std::vector<uint8_t>& session_id) override; size_t remove_all() override; @@ -147,9 +147,9 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager std::chrono::seconds m_session_lifetime; RandomNumberGenerator& m_rng; - secure_vector<byte> m_session_key; + secure_vector<uint8_t> m_session_key; - std::map<std::string, std::vector<byte>> m_sessions; // hex(session_id) -> session + std::map<std::string, std::vector<uint8_t>> m_sessions; // hex(session_id) -> session std::map<Server_Information, std::string> m_info_sessions; }; diff --git a/src/lib/tls/tls_session_manager_memory.cpp b/src/lib/tls/tls_session_manager_memory.cpp index d0866b37a..f120a4290 100644 --- a/src/lib/tls/tls_session_manager_memory.cpp +++ b/src/lib/tls/tls_session_manager_memory.cpp @@ -55,7 +55,7 @@ bool Session_Manager_In_Memory::load_from_session_str( } bool Session_Manager_In_Memory::load_from_session_id( - const std::vector<byte>& session_id, Session& session) + const std::vector<uint8_t>& session_id, Session& session) { lock_guard_type<mutex_type> lock(m_mutex); @@ -85,7 +85,7 @@ bool Session_Manager_In_Memory::load_from_server_info( } void Session_Manager_In_Memory::remove_entry( - const std::vector<byte>& session_id) + const std::vector<uint8_t>& session_id) { lock_guard_type<mutex_type> lock(m_mutex); diff --git a/src/lib/tls/tls_version.cpp b/src/lib/tls/tls_version.cpp index 37360b410..274cedc11 100644 --- a/src/lib/tls/tls_version.cpp +++ b/src/lib/tls/tls_version.cpp @@ -15,8 +15,8 @@ namespace TLS { std::string Protocol_Version::to_string() const { - const byte maj = major_version(); - const byte min = minor_version(); + const uint8_t maj = major_version(); + const uint8_t min = minor_version(); if(maj == 3 && min == 0) return "SSL v3"; diff --git a/src/lib/tls/tls_version.h b/src/lib/tls/tls_version.h index 29839502d..f60297e8a 100644 --- a/src/lib/tls/tls_version.h +++ b/src/lib/tls/tls_version.h @@ -52,14 +52,14 @@ class BOTAN_DLL Protocol_Version * @param named_version a specific named version of the protocol */ Protocol_Version(Version_Code named_version) : - m_version(static_cast<u16bit>(named_version)) {} + m_version(static_cast<uint16_t>(named_version)) {} /** * @param major the major version * @param minor the minor version */ - Protocol_Version(byte major, byte minor) : - m_version((static_cast<u16bit>(major) << 8) | minor) {} + Protocol_Version(uint8_t major, uint8_t minor) : + m_version((static_cast<uint16_t>(major) << 8) | minor) {} /** * @return true if this is a valid protocol version @@ -74,12 +74,12 @@ class BOTAN_DLL Protocol_Version /** * @return major version of the protocol version */ - byte major_version() const { return get_byte(0, m_version); } + uint8_t major_version() const { return get_byte(0, m_version); } /** * @return minor version of the protocol version */ - byte minor_version() const { return get_byte(1, m_version); } + uint8_t minor_version() const { return get_byte(1, m_version); } /** * @return human-readable description of this version @@ -138,7 +138,7 @@ class BOTAN_DLL Protocol_Version } private: - u16bit m_version; + uint16_t m_version; }; } |