Function readvAdvanced [src]

Receives TLS-encrypted data from stream, which must conform to StreamInterface. Returns number of bytes that have been read, populated inside iovecs. A return value of zero bytes does not mean end of stream. Instead, check the eof() for the end of stream. The eof() may be true after any call to read, including when greater than zero bytes are returned, and this function asserts that eof() is false. See readv for a higher level function that has the same, familiar API as other read functions, such as std.fs.File.read.

Prototype

pub fn readvAdvanced(c: *Client, stream: anytype, iovecs: []const std.posix.iovec) !usize

Parameters

c: *Clientiovecs: []const std.posix.iovec

Source

pub fn readvAdvanced(c: *Client, stream: anytype, iovecs: []const std.posix.iovec) !usize { var vp: VecPut = .{ .iovecs = iovecs }; // Give away the buffered cleartext we have, if any. const partial_cleartext = c.partially_read_buffer[c.partial_cleartext_idx..c.partial_ciphertext_idx]; if (partial_cleartext.len > 0) { const amt: u15 = @intCast(vp.put(partial_cleartext)); c.partial_cleartext_idx += amt; if (c.partial_cleartext_idx == c.partial_ciphertext_idx and c.partial_ciphertext_end == c.partial_ciphertext_idx) { // The buffer is now empty. c.partial_cleartext_idx = 0; c.partial_ciphertext_idx = 0; c.partial_ciphertext_end = 0; } if (c.received_close_notify) { c.partial_ciphertext_end = 0; assert(vp.total == amt); return amt; } else if (amt > 0) { // We don't need more data, so don't call read. assert(vp.total == amt); return amt; } } assert(!c.received_close_notify); // Ideally, this buffer would never be used. It is needed when `iovecs` are // too small to fit the cleartext, which may be as large as `max_ciphertext_len`. var cleartext_stack_buffer: [max_ciphertext_len]u8 = undefined; // Temporarily stores ciphertext before decrypting it and giving it to `iovecs`. var in_stack_buffer: [max_ciphertext_len * 4]u8 = undefined; // How many bytes left in the user's buffer. const free_size = vp.freeSize(); // The amount of the user's buffer that we need to repurpose for storing // ciphertext. The end of the buffer will be used for such purposes. const ciphertext_buf_len = (free_size / 2) -| in_stack_buffer.len; // The amount of the user's buffer that will be used to give cleartext. The // beginning of the buffer will be used for such purposes. const cleartext_buf_len = free_size - ciphertext_buf_len; // Recoup `partially_read_buffer` space. This is necessary because it is assumed // below that `frag0` is big enough to hold at least one record. limitedOverlapCopy(c.partially_read_buffer[0..c.partial_ciphertext_end], c.partial_ciphertext_idx); c.partial_ciphertext_end -= c.partial_ciphertext_idx; c.partial_ciphertext_idx = 0; c.partial_cleartext_idx = 0; const first_iov = c.partially_read_buffer[c.partial_ciphertext_end..]; var ask_iovecs_buf: [2]std.posix.iovec = .{ .{ .base = first_iov.ptr, .len = first_iov.len, }, .{ .base = &in_stack_buffer, .len = in_stack_buffer.len, }, }; // Cleartext capacity of output buffer, in records. Minimum one full record. const buf_cap = @max(cleartext_buf_len / max_ciphertext_len, 1); const wanted_read_len = buf_cap * (max_ciphertext_len + tls.record_header_len); const ask_len = @max(wanted_read_len, cleartext_stack_buffer.len) - c.partial_ciphertext_end; const ask_iovecs = limitVecs(&ask_iovecs_buf, ask_len); const actual_read_len = try stream.readv(ask_iovecs); if (actual_read_len == 0) { // This is either a truncation attack, a bug in the server, or an // intentional omission of the close_notify message due to truncation // detection handled above the TLS layer. if (c.allow_truncation_attacks) { c.received_close_notify = true; } else { return error.TlsConnectionTruncated; } } // There might be more bytes inside `in_stack_buffer` that need to be processed, // but at least frag0 will have one complete ciphertext record. const frag0_end = @min(c.partially_read_buffer.len, c.partial_ciphertext_end + actual_read_len); const frag0 = c.partially_read_buffer[c.partial_ciphertext_idx..frag0_end]; var frag1 = in_stack_buffer[0..actual_read_len -| first_iov.len]; // We need to decipher frag0 and frag1 but there may be a ciphertext record // straddling the boundary. We can handle this with two memcpy() calls to // assemble the straddling record in between handling the two sides. var frag = frag0; var in: usize = 0; while (true) { if (in == frag.len) { // Perfect split. if (frag.ptr == frag1.ptr) { c.partial_ciphertext_end = c.partial_ciphertext_idx; return vp.total; } frag = frag1; in = 0; continue; } if (in + tls.record_header_len > frag.len) { if (frag.ptr == frag1.ptr) return finishRead(c, frag, in, vp.total); const first = frag[in..]; if (frag1.len < tls.record_header_len) return finishRead2(c, first, frag1, vp.total); // A record straddles the two fragments. Copy into the now-empty first fragment. const record_len_byte_0: u16 = straddleByte(frag, frag1, in + 3); const record_len_byte_1: u16 = straddleByte(frag, frag1, in + 4); const record_len = (record_len_byte_0 << 8) | record_len_byte_1; if (record_len > max_ciphertext_len) return error.TlsRecordOverflow; const full_record_len = record_len + tls.record_header_len; const second_len = full_record_len - first.len; if (frag1.len < second_len) return finishRead2(c, first, frag1, vp.total); limitedOverlapCopy(frag, in); @memcpy(frag[first.len..][0..second_len], frag1[0..second_len]); frag = frag[0..full_record_len]; frag1 = frag1[second_len..]; in = 0; continue; } const ct: tls.ContentType = @enumFromInt(frag[in]); in += 1; const legacy_version = mem.readInt(u16, frag[in..][0..2], .big); in += 2; _ = legacy_version; const record_len = mem.readInt(u16, frag[in..][0..2], .big); if (record_len > max_ciphertext_len) return error.TlsRecordOverflow; in += 2; const end = in + record_len; if (end > frag.len) { // We need the record header on the next iteration of the loop. in -= tls.record_header_len; if (frag.ptr == frag1.ptr) return finishRead(c, frag, in, vp.total); // A record straddles the two fragments. Copy into the now-empty first fragment. const first = frag[in..]; const full_record_len = record_len + tls.record_header_len; const second_len = full_record_len - first.len; if (frag1.len < second_len) return finishRead2(c, first, frag1, vp.total); limitedOverlapCopy(frag, in); @memcpy(frag[first.len..][0..second_len], frag1[0..second_len]); frag = frag[0..full_record_len]; frag1 = frag1[second_len..]; in = 0; continue; } const cleartext, const inner_ct: tls.ContentType = cleartext: switch (c.application_cipher) { inline else => |*p| switch (c.tls_version) { .tls_1_3 => { const pv = &p.tls_1_3; const P = @TypeOf(p.*); const ad = frag[in - tls.record_header_len ..][0..tls.record_header_len]; const ciphertext_len = record_len - P.AEAD.tag_length; const ciphertext = frag[in..][0..ciphertext_len]; in += ciphertext_len; const auth_tag = frag[in..][0..P.AEAD.tag_length].*; const nonce = nonce: { const V = @Vector(P.AEAD.nonce_length, u8); const pad = [1]u8{0} ** (P.AEAD.nonce_length - 8); const operand: V = pad ++ std.mem.toBytes(big(c.read_seq)); break :nonce @as(V, pv.server_iv) ^ operand; }; const out_buf = vp.peek(); const cleartext_buf = if (ciphertext.len <= out_buf.len) out_buf else &cleartext_stack_buffer; const cleartext = cleartext_buf[0..ciphertext.len]; P.AEAD.decrypt(cleartext, ciphertext, auth_tag, ad, nonce, pv.server_key) catch return error.TlsBadRecordMac; const msg = mem.trimRight(u8, cleartext, "\x00"); break :cleartext .{ msg[0 .. msg.len - 1], @enumFromInt(msg[msg.len - 1]) }; }, .tls_1_2 => { const pv = &p.tls_1_2; const P = @TypeOf(p.*); const message_len: u16 = record_len - P.record_iv_length - P.mac_length; const ad = std.mem.toBytes(big(c.read_seq)) ++ frag[in - tls.record_header_len ..][0 .. 1 + 2] ++ std.mem.toBytes(big(message_len)); const record_iv = frag[in..][0..P.record_iv_length].*; in += P.record_iv_length; const masked_read_seq = c.read_seq & comptime std.math.shl(u64, std.math.maxInt(u64), 8 * P.record_iv_length); const nonce: [P.AEAD.nonce_length]u8 = nonce: { const V = @Vector(P.AEAD.nonce_length, u8); const pad = [1]u8{0} ** (P.AEAD.nonce_length - 8); const operand: V = pad ++ @as([8]u8, @bitCast(big(masked_read_seq))); break :nonce @as(V, pv.server_write_IV ++ record_iv) ^ operand; }; const ciphertext = frag[in..][0..message_len]; in += message_len; const auth_tag = frag[in..][0..P.mac_length].*; in += P.mac_length; const out_buf = vp.peek(); const cleartext_buf = if (message_len <= out_buf.len) out_buf else &cleartext_stack_buffer; const cleartext = cleartext_buf[0..ciphertext.len]; P.AEAD.decrypt(cleartext, ciphertext, auth_tag, ad, nonce, pv.server_write_key) catch return error.TlsBadRecordMac; break :cleartext .{ cleartext, ct }; }, else => unreachable, }, }; c.read_seq = try std.math.add(u64, c.read_seq, 1); switch (inner_ct) { .alert => { if (cleartext.len != 2) return error.TlsDecodeError; const level: tls.AlertLevel = @enumFromInt(cleartext[0]); const desc: tls.AlertDescription = @enumFromInt(cleartext[1]); if (desc == .close_notify) { c.received_close_notify = true; c.partial_ciphertext_end = c.partial_ciphertext_idx; return vp.total; } _ = level; try desc.toError(); // TODO: handle server-side closures return error.TlsUnexpectedMessage; }, .handshake => { var ct_i: usize = 0; while (true) { const handshake_type: tls.HandshakeType = @enumFromInt(cleartext[ct_i]); ct_i += 1; const handshake_len = mem.readInt(u24, cleartext[ct_i..][0..3], .big); ct_i += 3; const next_handshake_i = ct_i + handshake_len; if (next_handshake_i > cleartext.len) return error.TlsBadLength; const handshake = cleartext[ct_i..next_handshake_i]; switch (handshake_type) { .new_session_ticket => { // This client implementation ignores new session tickets. }, .key_update => { switch (c.application_cipher) { inline else => |*p| { const pv = &p.tls_1_3; const P = @TypeOf(p.*); const server_secret = hkdfExpandLabel(P.Hkdf, pv.server_secret, "traffic upd", "", P.Hash.digest_length); if (c.ssl_key_log) |*key_log| logSecrets(key_log.file, .{ .counter = key_log.serverCounter(), .client_random = &key_log.client_random, }, .{ .SERVER_TRAFFIC_SECRET = &server_secret, }); pv.server_secret = server_secret; pv.server_key = hkdfExpandLabel(P.Hkdf, server_secret, "key", "", P.AEAD.key_length); pv.server_iv = hkdfExpandLabel(P.Hkdf, server_secret, "iv", "", P.AEAD.nonce_length); }, } c.read_seq = 0; switch (@as(tls.KeyUpdateRequest, @enumFromInt(handshake[0]))) { .update_requested => { switch (c.application_cipher) { inline else => |*p| { const pv = &p.tls_1_3; const P = @TypeOf(p.*); const client_secret = hkdfExpandLabel(P.Hkdf, pv.client_secret, "traffic upd", "", P.Hash.digest_length); if (c.ssl_key_log) |*key_log| logSecrets(key_log.file, .{ .counter = key_log.clientCounter(), .client_random = &key_log.client_random, }, .{ .CLIENT_TRAFFIC_SECRET = &client_secret, }); pv.client_secret = client_secret; pv.client_key = hkdfExpandLabel(P.Hkdf, client_secret, "key", "", P.AEAD.key_length); pv.client_iv = hkdfExpandLabel(P.Hkdf, client_secret, "iv", "", P.AEAD.nonce_length); }, } c.write_seq = 0; }, .update_not_requested => {}, _ => return error.TlsIllegalParameter, } }, else => { return error.TlsUnexpectedMessage; }, } ct_i = next_handshake_i; if (ct_i >= cleartext.len) break; } }, .application_data => { // Determine whether the output buffer or a stack // buffer was used for storing the cleartext. if (cleartext.ptr == &cleartext_stack_buffer) { // Stack buffer was used, so we must copy to the output buffer. if (c.partial_ciphertext_idx > c.partial_cleartext_idx) { // We have already run out of room in iovecs. Continue // appending to `partially_read_buffer`. @memcpy( c.partially_read_buffer[c.partial_ciphertext_idx..][0..cleartext.len], cleartext, ); c.partial_ciphertext_idx = @intCast(c.partial_ciphertext_idx + cleartext.len); } else { const amt = vp.put(cleartext); if (amt < cleartext.len) { const rest = cleartext[amt..]; c.partial_cleartext_idx = 0; c.partial_ciphertext_idx = @intCast(rest.len); @memcpy(c.partially_read_buffer[0..rest.len], rest); } } } else { // Output buffer was used directly which means no // memory copying needs to occur, and we can move // on to the next ciphertext record. vp.next(cleartext.len); } }, else => return error.TlsUnexpectedMessage, } in = end; } }