Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
move openssl crypto components to fizz/backend/openssl
Summary: As part of the work to decouple openssl from fizz, this diff begins to move openssl related component within fizz to `fizz/backend/openssl`. It also exposes all the openssl dependencies through a single target `fizz/backend:openssl`. Eventually, everything that wants to directly use openssl functionality can depend on that target. This commit will change everything *within* fizz to use the new `openssl::` namespace for the classes that have been moved, but external dependencies still reference the old `fizz::` namespace classes. To maintain compatibility we've added type aliases `fizz::A` to point to `fizz::openssl::A`. Next steps: - convert dependencies to use the new namespace - remove the old files. After that: - A few components need to be moved back out of the `backend/openssl` folder. Like the AES and Sha types. We need to split the openssl info out of those types. Slightly easier to do this in a separate change. - There are still a few things that still need to get moved behind backend/openssl, like DefaultCertificateVerifier and some operations that need to become openssl primitives and get used through the Factory rather than used directly. Reviewed By: mingtaoy Differential Revision: D56274868 fbshipit-source-id: 7ed7473fbe8ebe69b413d02d96a0b0fd85b0eebe
- Loading branch information
1 parent
17a053f
commit 3b2468f
Showing
135 changed files
with
3,887 additions
and
1,063 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
// Copyright 2004-present Facebook. All Rights Reserved. | ||
|
||
#pragma once | ||
|
||
/* | ||
This is the backend for the openssl crypto implementations. | ||
Include this file to use openssl features. | ||
*/ | ||
|
||
#include <fizz/fizz-config.h> | ||
|
||
#include <fizz/backend/openssl/OpenSSLFactory.h> | ||
#include <fizz/backend/openssl/certificate/CertUtils.h> | ||
#include <fizz/backend/openssl/certificate/OpenSSLPeerCertImpl.h> | ||
#include <fizz/backend/openssl/certificate/OpenSSLSelfCertImpl.h> | ||
#include <fizz/backend/openssl/crypto/ECCurve.h> | ||
#include <fizz/backend/openssl/crypto/OpenSSLKeyUtils.h> | ||
#include <fizz/backend/openssl/crypto/Sha256.h> | ||
#include <fizz/backend/openssl/crypto/Sha384.h> | ||
#include <fizz/backend/openssl/crypto/Sha512.h> | ||
#include <fizz/backend/openssl/crypto/aead/AESGCM128.h> | ||
#include <fizz/backend/openssl/crypto/aead/AESGCM256.h> | ||
#include <fizz/backend/openssl/crypto/aead/AESOCB128.h> | ||
#include <fizz/backend/openssl/crypto/aead/ChaCha20Poly1305.h> | ||
#include <fizz/backend/openssl/crypto/aead/OpenSSLEVPCipher.h> | ||
#include <fizz/backend/openssl/crypto/exchange/OpenSSLKeyExchange.h> | ||
#include <fizz/backend/openssl/crypto/signature/Signature.h> | ||
#include <folly/io/IOBuf.h> | ||
|
||
#define CREATE_FIZZ_FN_ALIAS(newname, oldname) \ | ||
template <typename... Args> \ | ||
auto newname(Args&&... args) { \ | ||
return oldname(std::forward<Args>(args)...); \ | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
* Copyright (c) 2018-present, Facebook, Inc. | ||
* All rights reserved. | ||
* | ||
* This source code is licensed under the BSD-style license found in the | ||
* LICENSE file in the root directory of this source tree. | ||
*/ | ||
|
||
#pragma once | ||
|
||
#include <fizz/backend/openssl/crypto/ECCurve.h> | ||
#include <fizz/backend/openssl/crypto/Sha256.h> | ||
#include <fizz/backend/openssl/crypto/Sha384.h> | ||
#include <fizz/backend/openssl/crypto/Sha512.h> | ||
#include <fizz/backend/openssl/crypto/aead/AESGCM128.h> | ||
#include <fizz/backend/openssl/crypto/aead/AESGCM256.h> | ||
#include <fizz/backend/openssl/crypto/aead/AESOCB128.h> | ||
#include <fizz/backend/openssl/crypto/aead/ChaCha20Poly1305.h> | ||
#include <fizz/backend/openssl/crypto/aead/OpenSSLEVPCipher.h> | ||
#include <fizz/backend/openssl/crypto/exchange/OpenSSLKeyExchange.h> | ||
#include <fizz/crypto/exchange/X25519.h> | ||
#include <fizz/protocol/DefaultFactory.h> | ||
|
||
namespace fizz { | ||
class PeerCert; | ||
namespace openssl { | ||
|
||
class OpenSSLFactory : public DefaultFactory { | ||
public: | ||
[[nodiscard]] std::unique_ptr<KeyExchange> makeKeyExchange( | ||
NamedGroup group, | ||
KeyExchangeMode mode) const override; | ||
|
||
[[nodiscard]] std::unique_ptr<Aead> makeAead( | ||
CipherSuite cipher) const override; | ||
|
||
std::unique_ptr<KeyDerivation> makeKeyDeriver( | ||
CipherSuite cipher) const override; | ||
|
||
std::unique_ptr<HandshakeContext> makeHandshakeContext( | ||
CipherSuite cipher) const override; | ||
|
||
[[nodiscard]] std::unique_ptr<PeerCert> makePeerCert( | ||
CertificateEntry certEntry, | ||
bool /*leaf*/) const override; | ||
}; | ||
} // namespace openssl | ||
} // namespace fizz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
/* | ||
* Copyright (c) 2018-present, Facebook, Inc. | ||
* All rights reserved. | ||
* | ||
* This source code is licensed under the BSD-style license found in the | ||
* LICENSE file in the root directory of this source tree. | ||
*/ | ||
|
||
#pragma once | ||
|
||
#include <fizz/backend/openssl/crypto/signature/Signature.h> | ||
#include <fizz/compression/CertificateCompressor.h> | ||
#include <fizz/record/Types.h> | ||
#include <folly/ssl/OpenSSLPtrTypes.h> | ||
|
||
namespace fizz { | ||
|
||
class SelfCert; | ||
class PeerCert; | ||
enum class CertificateVerifyContext; | ||
|
||
namespace openssl { | ||
|
||
class CertUtils { | ||
public: | ||
/** | ||
* Adds the appropriate context data to prepare toBeSigned for a signature | ||
* scheme's signing function. | ||
*/ | ||
static Buf prepareSignData( | ||
CertificateVerifyContext context, | ||
folly::ByteRange toBeSigned); | ||
|
||
static CertificateMsg getCertMessage( | ||
const std::vector<folly::ssl::X509UniquePtr>& certs, | ||
Buf certificateRequestContext); | ||
|
||
template <KeyType T> | ||
static std::vector<SignatureScheme> getSigSchemes(); | ||
|
||
static std::vector<SignatureScheme> getSigSchemes(KeyType type); | ||
|
||
/** | ||
* Create a PeerCert from the ASN1 encoded certData. | ||
*/ | ||
static std::unique_ptr<PeerCert> makePeerCert(Buf certData); | ||
|
||
/** | ||
* Create a PeerCert from a given X509 | ||
*/ | ||
static std::unique_ptr<PeerCert> makePeerCert(folly::ssl::X509UniquePtr cert); | ||
|
||
/** | ||
* Creates a SelfCert using the supplied certificate/key file data and | ||
* compressors. | ||
* Throws std::runtime_error on error. | ||
*/ | ||
static std::unique_ptr<SelfCert> makeSelfCert( | ||
std::string certData, | ||
std::string keyData, | ||
const std::vector<std::shared_ptr<CertificateCompressor>>& compressors = | ||
{}); | ||
|
||
static folly::ssl::EvpPkeyUniquePtr readPrivateKeyFromBuffer( | ||
std::string keyData, | ||
char* password = nullptr); | ||
|
||
/** | ||
* Returns the key type for a public/private key. | ||
*/ | ||
static KeyType getKeyType(const folly::ssl::EvpPkeyUniquePtr& key); | ||
|
||
/** | ||
* Creates a SelfCert using the supplied certificate, encrypted key data, | ||
* and password. Throws std::runtime_error on error. | ||
*/ | ||
static std::unique_ptr<SelfCert> makeSelfCert( | ||
std::string certData, | ||
std::string encryptedKeyData, | ||
std::string password, | ||
const std::vector<std::shared_ptr<CertificateCompressor>>& compressors = | ||
{}); | ||
|
||
static std::unique_ptr<SelfCert> makeSelfCert( | ||
std::vector<folly::ssl::X509UniquePtr> certs, | ||
folly::ssl::EvpPkeyUniquePtr key, | ||
const std::vector<std::shared_ptr<CertificateCompressor>>& compressors = | ||
{}); | ||
|
||
/** | ||
* Clones a compressed cert by copying the relevant fields and cloning the | ||
* underlying data IOBuf. | ||
*/ | ||
static CompressedCertificate cloneCompressedCert( | ||
const CompressedCertificate& src); | ||
}; | ||
} // namespace openssl | ||
} // namespace fizz | ||
|
||
#include <fizz/backend/openssl/certificate/CertUtils-inl.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.