diff options
Diffstat (limited to '')
27 files changed, 290 insertions, 321 deletions
diff --git a/src/mbedTLS++/AesCfb128Decryptor.cpp b/src/mbedTLS++/AesCfb128Decryptor.cpp index 3efe95dbe..6587c0e56 100644 --- a/src/mbedTLS++/AesCfb128Decryptor.cpp +++ b/src/mbedTLS++/AesCfb128Decryptor.cpp @@ -54,7 +54,7 @@ void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16]) } Key; const DWORD Mode = CRYPT_MODE_CFB; - Key.Header = { PLAINTEXTKEYBLOB, CUR_BLOB_VERSION, 0, CALG_AES_128 }; + Key.Header = {PLAINTEXTKEYBLOB, CUR_BLOB_VERSION, 0, CALG_AES_128}; Key.Length = 16; std::copy_n(a_Key, 16, Key.Key); @@ -83,6 +83,13 @@ void cAesCfb128Decryptor::ProcessData(std::byte * const a_EncryptedIn, const siz DWORD Length = static_cast<DWORD>(a_Length); CryptDecrypt(m_Key, 0, FALSE, 0, reinterpret_cast<BYTE *>(a_EncryptedIn), &Length); #else - mbedtls_aes_crypt_cfb8(&m_Aes, MBEDTLS_AES_DECRYPT, a_Length, m_IV, reinterpret_cast<unsigned char *>(a_EncryptedIn), reinterpret_cast<unsigned char *>(a_EncryptedIn)); + mbedtls_aes_crypt_cfb8( + &m_Aes, + MBEDTLS_AES_DECRYPT, + a_Length, + m_IV, + reinterpret_cast<unsigned char *>(a_EncryptedIn), + reinterpret_cast<unsigned char *>(a_EncryptedIn) + ); #endif } diff --git a/src/mbedTLS++/AesCfb128Decryptor.h b/src/mbedTLS++/AesCfb128Decryptor.h index 1fee2bbba..7da582647 100644 --- a/src/mbedTLS++/AesCfb128Decryptor.h +++ b/src/mbedTLS++/AesCfb128Decryptor.h @@ -22,8 +22,7 @@ /** Decrypts data using the AES / CFB 128 algorithm */ class cAesCfb128Decryptor { -public: - + public: cAesCfb128Decryptor(void); ~cAesCfb128Decryptor(); @@ -36,8 +35,7 @@ public: /** Returns true if the object has been initialized with the Key / IV */ bool IsValid(void) const { return m_IsValid; } -protected: - + protected: #if PLATFORM_CRYPTOGRAPHY && defined(_WIN32) HCRYPTPROV m_Aes; HCRYPTKEY m_Key; @@ -50,4 +48,4 @@ protected: /** Indicates whether the object has been initialized with the Key / IV */ bool m_IsValid; -} ; +}; diff --git a/src/mbedTLS++/AesCfb128Encryptor.cpp b/src/mbedTLS++/AesCfb128Encryptor.cpp index 2a08ef28e..7a1480d95 100644 --- a/src/mbedTLS++/AesCfb128Encryptor.cpp +++ b/src/mbedTLS++/AesCfb128Encryptor.cpp @@ -10,7 +10,7 @@ -cAesCfb128Encryptor::cAesCfb128Encryptor(void): +cAesCfb128Encryptor::cAesCfb128Encryptor(void) : m_IsValid(false) { mbedtls_aes_init(&m_Aes); @@ -46,5 +46,12 @@ void cAesCfb128Encryptor::Init(const Byte a_Key[16], const Byte a_IV[16]) void cAesCfb128Encryptor::ProcessData(std::byte * const a_PlainIn, const size_t a_Length) { ASSERT(IsValid()); // Must Init() first - mbedtls_aes_crypt_cfb8(&m_Aes, MBEDTLS_AES_ENCRYPT, a_Length, m_IV, reinterpret_cast<const unsigned char *>(a_PlainIn), reinterpret_cast<unsigned char *>(a_PlainIn)); + mbedtls_aes_crypt_cfb8( + &m_Aes, + MBEDTLS_AES_ENCRYPT, + a_Length, + m_IV, + reinterpret_cast<const unsigned char *>(a_PlainIn), + reinterpret_cast<unsigned char *>(a_PlainIn) + ); } diff --git a/src/mbedTLS++/AesCfb128Encryptor.h b/src/mbedTLS++/AesCfb128Encryptor.h index ce3e1fd56..e656b12ff 100644 --- a/src/mbedTLS++/AesCfb128Encryptor.h +++ b/src/mbedTLS++/AesCfb128Encryptor.h @@ -18,8 +18,7 @@ /** Encrypts data using the AES / CFB (128) algorithm */ class cAesCfb128Encryptor { -public: - + public: cAesCfb128Encryptor(void); ~cAesCfb128Encryptor(); @@ -32,8 +31,7 @@ public: /** Returns true if the object has been initialized with the Key / IV */ bool IsValid(void) const { return m_IsValid; } -protected: - + protected: mbedtls_aes_context m_Aes; /** The InitialVector, used by the CFB mode encryption */ @@ -41,4 +39,4 @@ protected: /** Indicates whether the object has been initialized with the Key / IV */ bool m_IsValid; -} ; +}; diff --git a/src/mbedTLS++/BlockingSslClientSocket.cpp b/src/mbedTLS++/BlockingSslClientSocket.cpp index 6e6410879..452da1b50 100644 --- a/src/mbedTLS++/BlockingSslClientSocket.cpp +++ b/src/mbedTLS++/BlockingSslClientSocket.cpp @@ -13,24 +13,17 @@ //////////////////////////////////////////////////////////////////////////////// // cBlockingSslClientSocketConnectCallbacks: -class cBlockingSslClientSocketConnectCallbacks: - public cNetwork::cConnectCallbacks +class cBlockingSslClientSocketConnectCallbacks : public cNetwork::cConnectCallbacks { /** The socket object that is using this instance of the callbacks. */ cBlockingSslClientSocket & m_Socket; - virtual void OnConnected(cTCPLink & a_Link) override - { - m_Socket.OnConnected(); - } + virtual void OnConnected(cTCPLink & a_Link) override { m_Socket.OnConnected(); } - virtual void OnError(int a_ErrorCode, const AString & a_ErrorMsg) override - { - m_Socket.OnConnectError(a_ErrorMsg); - } + virtual void OnError(int a_ErrorCode, const AString & a_ErrorMsg) override { m_Socket.OnConnectError(a_ErrorMsg); } -public: - cBlockingSslClientSocketConnectCallbacks(cBlockingSslClientSocket & a_Socket): + public: + cBlockingSslClientSocketConnectCallbacks(cBlockingSslClientSocket & a_Socket) : m_Socket(a_Socket) { } @@ -43,15 +36,11 @@ public: //////////////////////////////////////////////////////////////////////////////// // cBlockingSslClientSocketLinkCallbacks: -class cBlockingSslClientSocketLinkCallbacks: - public cTCPLink::cCallbacks +class cBlockingSslClientSocketLinkCallbacks : public cTCPLink::cCallbacks { cBlockingSslClientSocket & m_Socket; - virtual void OnLinkCreated(cTCPLinkPtr a_Link) override - { - m_Socket.SetLink(a_Link); - } + virtual void OnLinkCreated(cTCPLinkPtr a_Link) override { m_Socket.SetLink(a_Link); } virtual void OnReceivedData(const char * a_Data, size_t a_Length) override @@ -60,20 +49,13 @@ class cBlockingSslClientSocketLinkCallbacks: } - virtual void OnRemoteClosed(void) override - { - m_Socket.OnDisconnected(); - } + virtual void OnRemoteClosed(void) override { m_Socket.OnDisconnected(); } - virtual void OnError(int a_ErrorCode, const AString & a_ErrorMsg) override - { - m_Socket.OnDisconnected(); - } + virtual void OnError(int a_ErrorCode, const AString & a_ErrorMsg) override { m_Socket.OnDisconnected(); } -public: - - cBlockingSslClientSocketLinkCallbacks(cBlockingSslClientSocket & a_Socket): + public: + cBlockingSslClientSocketLinkCallbacks(cBlockingSslClientSocket & a_Socket) : m_Socket(a_Socket) { } @@ -87,8 +69,7 @@ public: // cBlockingSslClientSocket: cBlockingSslClientSocket::cBlockingSslClientSocket(void) : - m_Ssl(*this), - m_IsConnected(false) + m_Ssl(*this), m_IsConnected(false) { // Nothing needed yet } @@ -109,10 +90,12 @@ bool cBlockingSslClientSocket::Connect(const AString & a_ServerName, UInt16 a_Po // Connect the underlying socket: m_ServerName = a_ServerName; - if (!cNetwork::Connect(a_ServerName, a_Port, - std::make_shared<cBlockingSslClientSocketConnectCallbacks>(*this), - std::make_shared<cBlockingSslClientSocketLinkCallbacks>(*this)) - ) + if (!cNetwork::Connect( + a_ServerName, + a_Port, + std::make_shared<cBlockingSslClientSocketConnectCallbacks>(*this), + std::make_shared<cBlockingSslClientSocketLinkCallbacks>(*this) + )) { return false; } @@ -169,8 +152,10 @@ void cBlockingSslClientSocket::SetExpectedPeerName(AString a_ExpectedPeerName) if (!m_ExpectedPeerName.empty()) { LOGWARNING( - "SSL: Trying to set multiple expected peer names, only the last one will be used. %s overwriting the previous %s", - a_ExpectedPeerName, m_ExpectedPeerName + "SSL: Trying to set multiple expected peer names, only the last one will be used. %s overwriting the " + "previous %s", + a_ExpectedPeerName, + m_ExpectedPeerName ); } @@ -214,7 +199,7 @@ bool cBlockingSslClientSocket::Send(const void * a_Data, size_t a_NumBytes) int res = m_Ssl.WritePlain(Data, a_NumBytes); if (res < 0) { - ASSERT(res != MBEDTLS_ERR_SSL_WANT_READ); // This should never happen with callback-based SSL + ASSERT(res != MBEDTLS_ERR_SSL_WANT_READ); // This should never happen with callback-based SSL ASSERT(res != MBEDTLS_ERR_SSL_WANT_WRITE); // This should never happen with callback-based SSL m_LastErrorText = fmt::format(FMT_STRING("Data cannot be written to SSL context: -0x{:x}"), -res); return false; @@ -369,7 +354,3 @@ void cBlockingSslClientSocket::OnDisconnected(void) m_Socket.reset(); m_Event.Set(); } - - - - diff --git a/src/mbedTLS++/BlockingSslClientSocket.h b/src/mbedTLS++/BlockingSslClientSocket.h index 8cd642707..6bb291921 100644 --- a/src/mbedTLS++/BlockingSslClientSocket.h +++ b/src/mbedTLS++/BlockingSslClientSocket.h @@ -16,16 +16,12 @@ -class cBlockingSslClientSocket : - protected cCallbackSslContext::cDataCallbacks +class cBlockingSslClientSocket : protected cCallbackSslContext::cDataCallbacks { -public: + public: cBlockingSslClientSocket(void); - virtual ~cBlockingSslClientSocket(void) override - { - Disconnect(); - } + virtual ~cBlockingSslClientSocket(void) override { Disconnect(); } /** Connects to the specified server and performs SSL handshake. Returns true if successful, false on failure. Sets internal error text on failure. */ @@ -58,7 +54,7 @@ public: /** Returns the text of the last error that has occurred in this instance. */ const AString & GetLastErrorText(void) const { return m_LastErrorText; } -protected: + protected: friend class cBlockingSslClientSocketConnectCallbacks; friend class cBlockingSslClientSocketLinkCallbacks; @@ -112,8 +108,4 @@ protected: // cCallbackSslContext::cDataCallbacks overrides: virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) override; virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) override; -} ; - - - - +}; diff --git a/src/mbedTLS++/BufferedSslContext.cpp b/src/mbedTLS++/BufferedSslContext.cpp index 88b66c592..d31f89df9 100644 --- a/src/mbedTLS++/BufferedSslContext.cpp +++ b/src/mbedTLS++/BufferedSslContext.cpp @@ -10,9 +10,8 @@ -cBufferedSslContext::cBufferedSslContext(size_t a_BufferSize): - m_OutgoingData(a_BufferSize), - m_IncomingData(a_BufferSize) +cBufferedSslContext::cBufferedSslContext(size_t a_BufferSize) : + m_OutgoingData(a_BufferSize), m_IncomingData(a_BufferSize) { } @@ -87,7 +86,3 @@ int cBufferedSslContext::SendEncrypted(const unsigned char * a_Buffer, size_t a_ } return static_cast<int>(a_NumBytes); } - - - - diff --git a/src/mbedTLS++/BufferedSslContext.h b/src/mbedTLS++/BufferedSslContext.h index f48552882..467ad36cf 100644 --- a/src/mbedTLS++/BufferedSslContext.h +++ b/src/mbedTLS++/BufferedSslContext.h @@ -16,13 +16,11 @@ -class cBufferedSslContext: - public cSslContext +class cBufferedSslContext : public cSslContext { using Super = cSslContext; -public: - + public: /** Creates a new context with the buffers of specified size for the encrypted / decrypted data. */ cBufferedSslContext(size_t a_BufferSize = 64000); @@ -36,7 +34,7 @@ public: Returns the number of bytes actually retrieved. */ size_t ReadOutgoing(void * a_Data, size_t a_DataMaxSize); -protected: + protected: /** Buffer for the data that has been encrypted into the SSL stream and should be sent out. */ cByteBuffer m_OutgoingData; @@ -47,8 +45,4 @@ protected: // cSslContext overrides: virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) override; virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) override; -} ; - - - - +}; diff --git a/src/mbedTLS++/CallbackSslContext.cpp b/src/mbedTLS++/CallbackSslContext.cpp index 8dc8486d3..ecd039750 100644 --- a/src/mbedTLS++/CallbackSslContext.cpp +++ b/src/mbedTLS++/CallbackSslContext.cpp @@ -1,7 +1,8 @@ // CallbackSslContext.cpp -// Declares the cCallbackSslContext class representing a SSL context wrapper that uses callbacks to read and write SSL peer data +// Declares the cCallbackSslContext class representing a SSL context wrapper that uses callbacks to read and write SSL +// peer data #include "Globals.h" #include "CallbackSslContext.h" @@ -52,8 +53,3 @@ int cCallbackSslContext::SendEncrypted(const unsigned char * a_Buffer, size_t a_ } return m_Callbacks->SendEncrypted(a_Buffer, a_NumBytes); } - - - - - diff --git a/src/mbedTLS++/CallbackSslContext.h b/src/mbedTLS++/CallbackSslContext.h index abf4eefd7..ada9755ee 100644 --- a/src/mbedTLS++/CallbackSslContext.h +++ b/src/mbedTLS++/CallbackSslContext.h @@ -1,7 +1,8 @@ // CallbackSslContext.h -// Declares the cCallbackSslContext class representing a SSL context wrapper that uses callbacks to read and write SSL peer data +// Declares the cCallbackSslContext class representing a SSL context wrapper that uses callbacks to read and write SSL +// peer data @@ -16,14 +17,13 @@ -class cCallbackSslContext : - public cSslContext +class cCallbackSslContext : public cSslContext { -public: + public: /** Interface used as a data sink for the SSL peer data. */ class cDataCallbacks { - public: + public: // Force a virtual destructor in descendants: virtual ~cDataCallbacks() {} @@ -42,7 +42,7 @@ public: SSL operation that invoked this call will terminate with the same return value, so that the owner is notified of this condition and can potentially restart the operation later on. */ virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) = 0; - } ; + }; /** Creates a new SSL context with no callbacks assigned */ @@ -51,7 +51,7 @@ public: /** Creates a new SSL context with the specified callbacks */ cCallbackSslContext(cDataCallbacks & a_Callbacks); -protected: + protected: /** The callbacks to use to send and receive SSL peer data */ cDataCallbacks * m_Callbacks; @@ -59,7 +59,3 @@ protected: virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) override; virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) override; }; - - - - diff --git a/src/mbedTLS++/CryptoKey.cpp b/src/mbedTLS++/CryptoKey.cpp index 742d9c73c..2c253c500 100644 --- a/src/mbedTLS++/CryptoKey.cpp +++ b/src/mbedTLS++/CryptoKey.cpp @@ -63,15 +63,25 @@ cCryptoKey::~cCryptoKey() -int cCryptoKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength) +int cCryptoKey::Decrypt( + const Byte * a_EncryptedData, + size_t a_EncryptedLength, + Byte * a_DecryptedData, + size_t a_DecryptedMaxLength +) { ASSERT(IsValid()); size_t DecryptedLen = a_DecryptedMaxLength; - int res = mbedtls_pk_decrypt(&m_Pk, - a_EncryptedData, a_EncryptedLength, - a_DecryptedData, &DecryptedLen, a_DecryptedMaxLength, - mbedtls_ctr_drbg_random, m_CtrDrbg.GetInternal() + int res = mbedtls_pk_decrypt( + &m_Pk, + a_EncryptedData, + a_EncryptedLength, + a_DecryptedData, + &DecryptedLen, + a_DecryptedMaxLength, + mbedtls_ctr_drbg_random, + m_CtrDrbg.GetInternal() ); if (res != 0) { @@ -84,14 +94,25 @@ int cCryptoKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, -int cCryptoKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength) +int cCryptoKey::Encrypt( + const Byte * a_PlainData, + size_t a_PlainLength, + Byte * a_EncryptedData, + size_t a_EncryptedMaxLength +) { ASSERT(IsValid()); size_t EncryptedLength = a_EncryptedMaxLength; - int res = mbedtls_pk_encrypt(&m_Pk, - a_PlainData, a_PlainLength, a_EncryptedData, &EncryptedLength, a_EncryptedMaxLength, - mbedtls_ctr_drbg_random, m_CtrDrbg.GetInternal() + int res = mbedtls_pk_encrypt( + &m_Pk, + a_PlainData, + a_PlainLength, + a_EncryptedData, + &EncryptedLength, + a_EncryptedMaxLength, + mbedtls_ctr_drbg_random, + m_CtrDrbg.GetInternal() ); if (res != 0) { @@ -119,20 +140,32 @@ int cCryptoKey::ParsePrivate(const void * a_Data, size_t a_NumBytes, const AStri { ASSERT(!IsValid()); // Cannot parse a second key // mbedTLS requires that PEM-encoded data is passed including the terminating NUL byte, - // and DER-encoded data is decoded properly even with an extra trailing NUL byte, so we simply add one to everything: + // and DER-encoded data is decoded properly even with an extra trailing NUL byte, so we simply add one to + // everything: AString keyData(static_cast<const char *>(a_Data), a_NumBytes); if (a_Password.empty()) { - return mbedtls_pk_parse_key(&m_Pk, reinterpret_cast<const unsigned char *>(keyData.data()), a_NumBytes + 1, nullptr, 0, mbedtls_ctr_drbg_random, m_CtrDrbg.GetInternal()); + return mbedtls_pk_parse_key( + &m_Pk, + reinterpret_cast<const unsigned char *>(keyData.data()), + a_NumBytes + 1, + nullptr, + 0, + mbedtls_ctr_drbg_random, + m_CtrDrbg.GetInternal() + ); } else { return mbedtls_pk_parse_key( &m_Pk, - reinterpret_cast<const unsigned char *>(keyData.data()), a_NumBytes + 1, - reinterpret_cast<const unsigned char *>(a_Password.c_str()), a_Password.size(), - mbedtls_ctr_drbg_random, m_CtrDrbg.GetInternal() + reinterpret_cast<const unsigned char *>(keyData.data()), + a_NumBytes + 1, + reinterpret_cast<const unsigned char *>(a_Password.c_str()), + a_Password.size(), + mbedtls_ctr_drbg_random, + m_CtrDrbg.GetInternal() ); } } diff --git a/src/mbedTLS++/CryptoKey.h b/src/mbedTLS++/CryptoKey.h index 5615d57d0..b36e217ee 100644 --- a/src/mbedTLS++/CryptoKey.h +++ b/src/mbedTLS++/CryptoKey.h @@ -20,7 +20,7 @@ class cCryptoKey { friend class cSslConfig; -public: + public: /** Constructs an empty key instance. Before use, it needs to be filled by ParsePublic() or ParsePrivate() */ cCryptoKey(void); @@ -36,7 +36,12 @@ public: /** Decrypts the data using the stored public key Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large. Returns the number of bytes decrypted, or negative number for error. */ - int Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength); + int Decrypt( + const Byte * a_EncryptedData, + size_t a_EncryptedLength, + Byte * a_DecryptedData, + size_t a_DecryptedMaxLength + ); /** Encrypts the data using the stored public key Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large. @@ -57,7 +62,7 @@ public: /** Returns true if the contained key is valid. */ bool IsValid(void) const; -protected: + protected: /** The mbedTLS representation of the key data */ mbedtls_pk_context m_Pk; @@ -67,10 +72,6 @@ protected: /** Returns the internal context ptr. Only use in mbedTLS API calls. */ mbedtls_pk_context * GetInternal(void) { return &m_Pk; } -} ; +}; typedef std::shared_ptr<cCryptoKey> cCryptoKeyPtr; - - - - diff --git a/src/mbedTLS++/CtrDrbgContext.cpp b/src/mbedTLS++/CtrDrbgContext.cpp index 07f57001d..91df1eff0 100644 --- a/src/mbedTLS++/CtrDrbgContext.cpp +++ b/src/mbedTLS++/CtrDrbgContext.cpp @@ -12,8 +12,7 @@ cCtrDrbgContext::cCtrDrbgContext(void) : - m_EntropyContext(std::make_shared<cEntropyContext>()), - m_IsValid(false) + m_EntropyContext(std::make_shared<cEntropyContext>()), m_IsValid(false) { mbedtls_ctr_drbg_init(&m_CtrDrbg); } @@ -23,8 +22,7 @@ cCtrDrbgContext::cCtrDrbgContext(void) : cCtrDrbgContext::cCtrDrbgContext(const std::shared_ptr<cEntropyContext> & a_EntropyContext) : - m_EntropyContext(a_EntropyContext), - m_IsValid(false) + m_EntropyContext(a_EntropyContext), m_IsValid(false) { mbedtls_ctr_drbg_init(&m_CtrDrbg); } @@ -41,11 +39,13 @@ int cCtrDrbgContext::Initialize(const void * a_Custom, size_t a_CustomSize) return 0; } - int res = mbedtls_ctr_drbg_seed(&m_CtrDrbg, mbedtls_entropy_func, &(m_EntropyContext->m_Entropy), static_cast<const unsigned char *>(a_Custom), a_CustomSize); + int res = mbedtls_ctr_drbg_seed( + &m_CtrDrbg, + mbedtls_entropy_func, + &(m_EntropyContext->m_Entropy), + static_cast<const unsigned char *>(a_Custom), + a_CustomSize + ); m_IsValid = (res == 0); return res; } - - - - diff --git a/src/mbedTLS++/CtrDrbgContext.h b/src/mbedTLS++/CtrDrbgContext.h index fe67504a7..e83b3494c 100644 --- a/src/mbedTLS++/CtrDrbgContext.h +++ b/src/mbedTLS++/CtrDrbgContext.h @@ -28,7 +28,7 @@ class cCtrDrbgContext friend class cRsaPrivateKey; friend class cCryptoKey; -public: + public: /** Constructs the context with a new entropy context. */ cCtrDrbgContext(void); @@ -43,7 +43,7 @@ public: /** Returns true if the object is valid (has been initialized properly) */ bool IsValid(void) const { return m_IsValid; } -protected: + protected: /** The entropy source used for generating the random */ std::shared_ptr<cEntropyContext> m_EntropyContext; @@ -56,8 +56,4 @@ protected: /** Returns the internal context ptr. Only use in mbedTLS API calls. */ mbedtls_ctr_drbg_context * GetInternal(void) { return &m_CtrDrbg; } -} ; - - - - +}; diff --git a/src/mbedTLS++/EntropyContext.cpp b/src/mbedTLS++/EntropyContext.cpp index a5cdcb89e..6092976ea 100644 --- a/src/mbedTLS++/EntropyContext.cpp +++ b/src/mbedTLS++/EntropyContext.cpp @@ -23,7 +23,3 @@ cEntropyContext::~cEntropyContext() { mbedtls_entropy_free(&m_Entropy); } - - - - diff --git a/src/mbedTLS++/EntropyContext.h b/src/mbedTLS++/EntropyContext.h index 1c1695340..8532f33b8 100644 --- a/src/mbedTLS++/EntropyContext.h +++ b/src/mbedTLS++/EntropyContext.h @@ -18,14 +18,11 @@ class cEntropyContext { friend class cCtrDrbgContext; -public: + + public: cEntropyContext(void); ~cEntropyContext(); -protected: + protected: mbedtls_entropy_context m_Entropy; -} ; - - - - +}; diff --git a/src/mbedTLS++/ErrorCodes.h b/src/mbedTLS++/ErrorCodes.h index 36ef86fec..29adcf172 100644 --- a/src/mbedTLS++/ErrorCodes.h +++ b/src/mbedTLS++/ErrorCodes.h @@ -2,17 +2,14 @@ /** Error codes from mbedtls net_sockets.h */ // TODO: Replace with std::error_code -#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ -#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */ -#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */ -#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */ -#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */ -#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */ -#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */ -#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */ -#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ -#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ -#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ - - - +#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ +#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */ +#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */ +#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */ +#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */ +#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */ +#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */ +#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */ +#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ +#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ +#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ diff --git a/src/mbedTLS++/RsaPrivateKey.cpp b/src/mbedTLS++/RsaPrivateKey.cpp index d0c5b7c8b..2cc65a0ac 100644 --- a/src/mbedTLS++/RsaPrivateKey.cpp +++ b/src/mbedTLS++/RsaPrivateKey.cpp @@ -59,7 +59,7 @@ ContiguousByteBuffer cRsaPrivateKey::GetPubKeyDER(void) { class cPubKey { - public: + public: cPubKey(mbedtls_rsa_context * a_Rsa) : m_IsValid(false) { @@ -85,9 +85,9 @@ ContiguousByteBuffer cRsaPrivateKey::GetPubKeyDER(void) } } - operator mbedtls_pk_context * (void) { return &m_Key; } + operator mbedtls_pk_context *(void) { return &m_Key; } - protected: + protected: bool m_IsValid; mbedtls_pk_context m_Key; } PkCtx(&m_Rsa); @@ -98,32 +98,51 @@ ContiguousByteBuffer cRsaPrivateKey::GetPubKeyDER(void) { return {}; } - return { reinterpret_cast<const std::byte *>(buf + sizeof(buf) - res), static_cast<size_t>(res) }; + return {reinterpret_cast<const std::byte *>(buf + sizeof(buf) - res), static_cast<size_t>(res)}; } -int cRsaPrivateKey::Decrypt(const ContiguousByteBufferView a_EncryptedData, Byte * a_DecryptedData, size_t a_DecryptedMaxLength) +int cRsaPrivateKey::Decrypt( + const ContiguousByteBufferView a_EncryptedData, + Byte * a_DecryptedData, + size_t a_DecryptedMaxLength +) { const auto KeyLength = mbedtls_rsa_get_len(&m_Rsa); if (a_EncryptedData.size() < KeyLength) { - LOGD("%s: Invalid a_EncryptedLength: got %zu, exp at least %zu", __FUNCTION__, a_EncryptedData.size(), KeyLength); + LOGD( + "%s: Invalid a_EncryptedLength: got %zu, exp at least %zu", + __FUNCTION__, + a_EncryptedData.size(), + KeyLength + ); ASSERT(!"Invalid a_DecryptedMaxLength!"); return -1; } if (a_DecryptedMaxLength < KeyLength) { - LOGD("%s: Invalid a_DecryptedMaxLength: got %zu, exp at least %zu", __FUNCTION__, a_DecryptedMaxLength, KeyLength); + LOGD( + "%s: Invalid a_DecryptedMaxLength: got %zu, exp at least %zu", + __FUNCTION__, + a_DecryptedMaxLength, + KeyLength + ); ASSERT(!"Invalid a_DecryptedMaxLength!"); return -1; } size_t DecryptedLength; int res = mbedtls_rsa_pkcs1_decrypt( - &m_Rsa, mbedtls_ctr_drbg_random, m_CtrDrbg.GetInternal(), &DecryptedLength, - reinterpret_cast<const unsigned char *>(a_EncryptedData.data()), a_DecryptedData, a_DecryptedMaxLength + &m_Rsa, + mbedtls_ctr_drbg_random, + m_CtrDrbg.GetInternal(), + &DecryptedLength, + reinterpret_cast<const unsigned char *>(a_EncryptedData.data()), + a_DecryptedData, + a_DecryptedMaxLength ); if (res != 0) { diff --git a/src/mbedTLS++/RsaPrivateKey.h b/src/mbedTLS++/RsaPrivateKey.h index 33a016edc..1b02edd47 100644 --- a/src/mbedTLS++/RsaPrivateKey.h +++ b/src/mbedTLS++/RsaPrivateKey.h @@ -21,7 +21,7 @@ class cRsaPrivateKey { friend class cSslContext; -public: + public: /** Creates a new empty object, the key is not assigned */ cRsaPrivateKey(void); @@ -42,7 +42,7 @@ public: Returns the number of bytes decrypted, or negative number for error. */ int Decrypt(ContiguousByteBufferView a_EncryptedData, Byte * a_DecryptedData, size_t a_DecryptedMaxLength); -protected: + protected: /** The mbedTLS key context */ mbedtls_rsa_context m_Rsa; @@ -52,11 +52,6 @@ protected: /** Returns the internal context ptr. Only use in mbedTLS API calls. */ mbedtls_rsa_context * GetInternal(void) { return &m_Rsa; } -} ; +}; typedef std::shared_ptr<cRsaPrivateKey> cRsaPrivateKeyPtr; - - - - - diff --git a/src/mbedTLS++/Sha1Checksum.cpp b/src/mbedTLS++/Sha1Checksum.cpp index 4c4c92298..745ddabf7 100644 --- a/src/mbedTLS++/Sha1Checksum.cpp +++ b/src/mbedTLS++/Sha1Checksum.cpp @@ -144,7 +144,3 @@ void cSha1Checksum::Restart(void) mbedtls_sha1_starts(&m_Sha1); m_DoesAcceptInput = true; } - - - - diff --git a/src/mbedTLS++/Sha1Checksum.h b/src/mbedTLS++/Sha1Checksum.h index dbe7db567..d509923ae 100644 --- a/src/mbedTLS++/Sha1Checksum.h +++ b/src/mbedTLS++/Sha1Checksum.h @@ -18,7 +18,7 @@ /** Calculates a SHA1 checksum for data stream */ class cSha1Checksum { -public: + public: typedef Byte Checksum[20]; // The type used for storing the checksum cSha1Checksum(void); @@ -43,13 +43,9 @@ public: /** Clears the current context and start a new checksum calculation */ void Restart(void); -protected: + protected: /** True if the object is accepts more input data, false if Finalize()-d (need to Restart()) */ bool m_DoesAcceptInput; mbedtls_sha1_context m_Sha1; -} ; - - - - +}; diff --git a/src/mbedTLS++/SslConfig.cpp b/src/mbedTLS++/SslConfig.cpp index 9bcac741f..797b5cbad 100644 --- a/src/mbedTLS++/SslConfig.cpp +++ b/src/mbedTLS++/SslConfig.cpp @@ -14,87 +14,87 @@ #if !defined(NDEBUG) && defined(ENABLE_SSL_DEBUG_MSG) - #include "mbedtls/debug.h" +#include "mbedtls/debug.h" - namespace +namespace +{ +void SSLDebugMessage(void * a_UserParam, int a_Level, const char * a_Filename, int a_LineNo, const char * a_Text) +{ + if (a_Level > 3) { - void SSLDebugMessage(void * a_UserParam, int a_Level, const char * a_Filename, int a_LineNo, const char * a_Text) - { - if (a_Level > 3) - { - // Don't want the trace messages - return; - } - - // Remove the terminating LF: - size_t len = strlen(a_Text) - 1; - while ((len > 0) && (a_Text[len] <= 32)) - { - len--; - } - AString Text(a_Text, len + 1); - - LOGD("SSL (%d): %s", a_Level, Text.c_str()); - } + // Don't want the trace messages + return; + } + + // Remove the terminating LF: + size_t len = strlen(a_Text) - 1; + while ((len > 0) && (a_Text[len] <= 32)) + { + len--; + } + AString Text(a_Text, len + 1); + + LOGD("SSL (%d): %s", a_Level, Text.c_str()); +} - int SSLVerifyCert(void * a_This, mbedtls_x509_crt * a_Crt, int a_Depth, uint32_t * a_Flags) - { - char buf[1024]; - UNUSED(a_This); - - LOG("Verify requested for (Depth %d):", a_Depth); - mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", a_Crt); - LOG("%s", buf); - - uint32_t Flags = *a_Flags; - if ((Flags & MBEDTLS_X509_BADCERT_EXPIRED) != 0) - { - LOG(" ! server certificate has expired"); - } - - if ((Flags & MBEDTLS_X509_BADCERT_REVOKED) != 0) - { - LOG(" ! server certificate has been revoked"); - } - - if ((Flags & MBEDTLS_X509_BADCERT_CN_MISMATCH) != 0) - { - LOG(" ! CN mismatch"); - } - - if ((Flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED) != 0) - { - LOG(" ! self-signed or not signed by a trusted CA"); - } - - if ((Flags & MBEDTLS_X509_BADCRL_NOT_TRUSTED) != 0) - { - LOG(" ! CRL not trusted"); - } - - if ((Flags & MBEDTLS_X509_BADCRL_EXPIRED) != 0) - { - LOG(" ! CRL expired"); - } - - if ((Flags & MBEDTLS_X509_BADCERT_OTHER) != 0) - { - LOG(" ! other (unknown) flag"); - } - - if (Flags == 0) - { - LOG(" This certificate has no flags"); - } - - return 0; - } +int SSLVerifyCert(void * a_This, mbedtls_x509_crt * a_Crt, int a_Depth, uint32_t * a_Flags) +{ + char buf[1024]; + UNUSED(a_This); + + LOG("Verify requested for (Depth %d):", a_Depth); + mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", a_Crt); + LOG("%s", buf); + + uint32_t Flags = *a_Flags; + if ((Flags & MBEDTLS_X509_BADCERT_EXPIRED) != 0) + { + LOG(" ! server certificate has expired"); + } + + if ((Flags & MBEDTLS_X509_BADCERT_REVOKED) != 0) + { + LOG(" ! server certificate has been revoked"); + } + + if ((Flags & MBEDTLS_X509_BADCERT_CN_MISMATCH) != 0) + { + LOG(" ! CN mismatch"); } + + if ((Flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED) != 0) + { + LOG(" ! self-signed or not signed by a trusted CA"); + } + + if ((Flags & MBEDTLS_X509_BADCRL_NOT_TRUSTED) != 0) + { + LOG(" ! CRL not trusted"); + } + + if ((Flags & MBEDTLS_X509_BADCRL_EXPIRED) != 0) + { + LOG(" ! CRL expired"); + } + + if ((Flags & MBEDTLS_X509_BADCERT_OTHER) != 0) + { + LOG(" ! other (unknown) flag"); + } + + if (Flags == 0) + { + LOG(" This certificate has no flags"); + } + + return 0; +} +} // namespace #endif // !defined(NDEBUG) && defined(ENABLE_SSL_DEBUG_MSG) @@ -238,24 +238,24 @@ std::shared_ptr<cSslConfig> cSslConfig::MakeDefaultConfig(bool a_IsClient) // By default we have no root CAs, so no cert verification can be done: Ret->SetAuthMode(eSslAuthMode::None); - #ifndef NDEBUG - #ifdef ENABLE_SSL_DEBUG_MSG - Ret->SetDebugCallback(&SSLDebugMessage, nullptr); - Ret->SetVerifyCallback(SSLVerifyCert, nullptr); - mbedtls_debug_set_threshold(2); - #endif - - /* - // Set ciphersuite to the easiest one to decode, so that the connection can be wireshark-decoded: - Ret->SetCipherSuites( - { - MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, - MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, - MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA - } - ); - */ - #endif +#ifndef NDEBUG +#ifdef ENABLE_SSL_DEBUG_MSG + Ret->SetDebugCallback(&SSLDebugMessage, nullptr); + Ret->SetVerifyCallback(SSLVerifyCert, nullptr); + mbedtls_debug_set_threshold(2); +#endif + + /* + // Set ciphersuite to the easiest one to decode, so that the connection can be wireshark-decoded: + Ret->SetCipherSuites( + { + MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, + MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, + MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA + } + ); + */ +#endif return Ret; } @@ -279,7 +279,3 @@ std::shared_ptr<const cSslConfig> cSslConfig::GetDefaultServerConfig() static const std::shared_ptr<const cSslConfig> ServerConfig = MakeDefaultConfig(false); return ServerConfig; } - - - - diff --git a/src/mbedTLS++/SslConfig.h b/src/mbedTLS++/SslConfig.h index 47a4f7b59..ea0dc2f2e 100644 --- a/src/mbedTLS++/SslConfig.h +++ b/src/mbedTLS++/SslConfig.h @@ -14,10 +14,10 @@ using cX509CertPtr = std::shared_ptr<cX509Cert>; enum class eSslAuthMode { - None = 0, // MBEDTLS_SSL_VERIFY_NONE + None = 0, // MBEDTLS_SSL_VERIFY_NONE Optional = 1, // MBEDTLS_SSL_VERIFY_OPTIONAL Required = 2, // MBEDTLS_SSL_VERIFY_REQUIRED - Unset = 3, // MBEDTLS_SSL_VERIFY_UNSET + Unset = 3, // MBEDTLS_SSL_VERIFY_UNSET }; @@ -25,7 +25,8 @@ enum class eSslAuthMode class cSslConfig { friend class cSslContext; -public: + + public: /** Type of the SSL debug callback. Parameters are: void * Opaque context for the callback @@ -33,7 +34,7 @@ public: const char * File name int Line number const char * Message */ - using cDebugCallback = void(*)(void *, int, const char *, int, const char *); + using cDebugCallback = void (*)(void *, int, const char *, int, const char *); /** Type of the SSL certificate verify callback. Parameters are: @@ -41,7 +42,7 @@ public: mbedtls_x509_crt * Current cert int Cert chain depth uint32_t * Verification flags */ - using cVerifyCallback = int(*)(void *, mbedtls_x509_crt *, int, uint32_t *); + using cVerifyCallback = int (*)(void *, mbedtls_x509_crt *, int, uint32_t *); cSslConfig(); ~cSslConfig(); @@ -79,8 +80,7 @@ public: /** Returns the default config for server connections. */ static std::shared_ptr<const cSslConfig> GetDefaultServerConfig(); -private: - + private: /** Returns a pointer to the wrapped mbedtls representation. */ const mbedtls_ssl_config * GetInternal() const { return &m_Config; } diff --git a/src/mbedTLS++/SslContext.cpp b/src/mbedTLS++/SslContext.cpp index 83bb1955e..bd512ce7c 100644 --- a/src/mbedTLS++/SslContext.cpp +++ b/src/mbedTLS++/SslContext.cpp @@ -12,8 +12,7 @@ cSslContext::cSslContext(void) : - m_IsValid(false), - m_HasHandshaken(false) + m_IsValid(false), m_HasHandshaken(false) { mbedtls_ssl_init(&m_Ssl); } @@ -151,7 +150,3 @@ int cSslContext::NotifyClose(void) { return mbedtls_ssl_close_notify(&m_Ssl); } - - - - diff --git a/src/mbedTLS++/SslContext.h b/src/mbedTLS++/SslContext.h index b4b184403..13baf2cfa 100644 --- a/src/mbedTLS++/SslContext.h +++ b/src/mbedTLS++/SslContext.h @@ -34,7 +34,7 @@ data comes into the system: */ class cSslContext abstract { -public: + public: /** Creates a new uninitialized context */ cSslContext(void); @@ -88,8 +88,7 @@ public: Returns 0 on success, mbedTLS error code on failure. */ int NotifyClose(void); -protected: - + protected: /** Configuration of the SSL context. */ std::shared_ptr<const cSslConfig> m_Config; @@ -119,8 +118,4 @@ protected: /** Called when mbedTLS wants to write encrypted data. */ virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) = 0; -} ; - - - - +}; diff --git a/src/mbedTLS++/X509Cert.cpp b/src/mbedTLS++/X509Cert.cpp index e7484af3b..0d901e0e3 100644 --- a/src/mbedTLS++/X509Cert.cpp +++ b/src/mbedTLS++/X509Cert.cpp @@ -31,11 +31,8 @@ cX509Cert::~cX509Cert() int cX509Cert::Parse(const void * a_CertContents, size_t a_Size) { // mbedTLS requires that PEM-encoded data is passed including the terminating NUL byte, - // and DER-encoded data is decoded properly even with an extra trailing NUL byte, so we simply add one to everything: + // and DER-encoded data is decoded properly even with an extra trailing NUL byte, so we simply add one to + // everything: AString certContents(static_cast<const char *>(a_CertContents), a_Size); return mbedtls_x509_crt_parse(&m_Cert, reinterpret_cast<const unsigned char *>(certContents.data()), a_Size + 1); } - - - - diff --git a/src/mbedTLS++/X509Cert.h b/src/mbedTLS++/X509Cert.h index f46d84bf5..552e5f8da 100644 --- a/src/mbedTLS++/X509Cert.h +++ b/src/mbedTLS++/X509Cert.h @@ -19,7 +19,7 @@ class cX509Cert { friend class cSslConfig; -public: + public: cX509Cert(void); ~cX509Cert(void); @@ -28,15 +28,11 @@ public: Returns 0 on succes, or mbedTLS error code on failure. */ int Parse(const void * a_CertContents, size_t a_Size); -protected: + protected: mbedtls_x509_crt m_Cert; /** Returns the internal cert ptr. Only use in mbedTLS API calls. */ mbedtls_x509_crt * GetInternal(void) { return &m_Cert; } -} ; +}; typedef std::shared_ptr<cX509Cert> cX509CertPtr; - - - - |