busybox

Author	SHA1	Message	Date
Denys Vlasenko	0af5265180	tls: check size on "MAC-only, no crypt" code path too Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 21:23:10 +01:00
Denys Vlasenko	54b927d78b	tls: AES decrypt does one unnecessary memmove Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 21:19:38 +01:00
Denys Vlasenko	3916139ac4	tls: make input buffer grow as needed As it turns out, it goes only up to "inbuf_size:4608" for kernel.org - fixed 18kb buffer was x4 larger than necessary. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 20:27:06 +01:00
Denys Vlasenko	38972a8df1	tls: improve i/o loop With tls_has_buffered_record(), entire kernel.org response is printed at once, without 6 second pause to see its delayed EOF. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 19:11:14 +01:00
Denys Vlasenko	e7863f394e	tls: was psAesDecrypt'ing one block too many, trashing buffered data For the first time printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" \| ./busybox tls kernel.org successfully reads entire server response and TLS shutdown. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 18:04:04 +01:00
Denys Vlasenko	19e695ebad	tls: do not use common_bufsiz Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 14:27:58 +01:00
Denys Vlasenko	a0aae9f714	tls: decode alerts and in particular, EOF alert. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 14:12:10 +01:00
Denys Vlasenko	abbf17abcc	tls: add the i/o loop - largish rework of i/o buffering Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-20 03:15:09 +01:00
Denys Vlasenko	432f1ae2ff	tls: tested PSTM_X86_64, not enabling it - too large Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-19 16:32:38 +01:00
Denys Vlasenko	cccf8e735d	tls: teach it to decrypt AES256-encrypted data This adds decryption only. There is no MAC verification, code simply throws away MAC. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-19 00:20:45 +01:00
Denys Vlasenko	a9e1866806	tls: trim comments Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-18 21:00:23 +01:00
Denys Vlasenko	b5dfc3dfd6	tls: teach it to send AES256-encrypted data >> CLIENT_HELLO wrote 50 bytes insize:0 tail:0 got block len:74 got HANDSHAKE << SERVER_HELLO insize:79 tail:0 got block len:2397 got HANDSHAKE << CERTIFICATE key bytes:271, first:0x00 server_rsa_pub_key.size:256 insize:2402 tail:0 got block len:4 got HANDSHAKE << SERVER_HELLO_DONE >> CLIENT_KEY_EXCHANGE wrote 267 bytes master secret:c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78 client_write_MAC_key:3b0b7e2bab241b629c37eb3a3824f09b39fe71a00876b0c8026dda16ef0d2f82 client_write_key:d36e801470ed2f0a8fc886ac25df57ffbe4265d06e3192122c4ef4df1e32fab2 >> CHANGE_CIPHER_SPEC from secret: c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78 from labelSeed: 636c69656e742066696e6973686564b22e0e6008b8ee218cc02e4a93e4a42b570535f9b57662e262d43b379d125b69 => digest: a45bfee8ed6507a2a9920d0c >> FINISHED before crypt: 5 hdr + 16 data + 32 hash bytes writing 5 + 16 IV + 64 encrypted bytes, padding_length:0x0f wrote 85 bytes insize:9 tail:0 got block len:1 << CHANGE_CIPHER_SPEC insize:6 tail:0 got block len:80 < hdr_type:22 ver:3.3 len:80 type:21 len24:9541723 \|1591985b...a3da\| The last line is the server's FINISHED response, encrypted. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-18 20:37:24 +01:00
Denys Vlasenko	b7e9ae6e9f	tls: added AES code and made it compile. not used yet Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-18 17:20:27 +01:00
Denys Vlasenko	c8ba23bcec	tls: massage writing for encryption support; finer-grained debug Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-18 06:45:50 +01:00
Denys Vlasenko	5d1662ea1c	tls: address one easy FIXME, tidy up comments Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-17 18:17:27 +01:00
Denys Vlasenko	e69d78c038	tls: process CHANGE_CIPHER_SPEC and FINISHED from server Successfully finishes handshake with test servers using NULL-SHA256 cipher. The "only" thing remaining before there is a chance this can actually work with real servers is AES encrypt/decrypt. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-17 17:24:11 +01:00
Denys Vlasenko	fe0588df3b	tls: rearrange function order, improve comments Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-17 17:04:24 +01:00
Denys Vlasenko	e2cb3b990f	tls: make our send_client_finished() pass server check sha256 hash should be calculated over incoming handshake packets too! Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-17 16:53:36 +01:00
Denys Vlasenko	9a6897a48a	tls: format FINISHED message properly for unencrypted, but sha256 signed mode Now it at least looks correct, but unfortunately "openssl s_server" says my hash is wrong. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-16 23:26:33 +01:00
Denys Vlasenko	936e83e694	tls: add sha256 hmac and prf code Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-16 04:25:01 +01:00
Denys Vlasenko	3f8ecd933a	tls: rearrange code, add/improve comments, fix whitespace, no real changes here Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-15 14:16:51 +01:00
Denys Vlasenko	c5540d61f6	tls: send CHANGE_CIPHER_SPEC To "actually implement it" will take more work... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-15 02:17:03 +01:00
Denys Vlasenko	f78ad0938b	whitespace fix Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-15 00:18:22 +01:00
Denys Vlasenko	11d0096516	tls: format and send CLIENT_KEY_EXCHANGE $ ./busybox tls kernel.org insize:0 tail:0 got block len:74 got HANDSHAKE got SERVER_HELLO insize:79 tail:4265 got block len:4392 got HANDSHAKE got CERTIFICATE entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30 entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0 skipped der 0xa0, next byte 0x02 skipped der 0x02, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30 skipped der 0x30, next byte 0x03 entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00 key bytes:399, first:0x00 entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02 binary bytes:385, first:0x00 skipped der 0x02, next byte 0x02 binary bytes:3, first:0x01 server_rsa_pub_key.size:384 insize:4397 tail:9 got block len:4 got SERVER_HELLO_DONE insize:9 tail:0 ^C Next step: send CHANGE_CIPHER_SPEC... and actually implement it. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-15 00:12:42 +01:00
Denys Vlasenko	2a17d1fc9b	tls: DER length byte 0x81 is actually valid Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-14 22:38:25 +01:00
Denys Vlasenko	b1003f7019	tls: a bit more work $ ./busybox tls kernel.org insize:0 tail:0 got block len:74 got HANDSHAKE got SERVER_HELLO insize:79 tail:4406 got block len:4392 got HANDSHAKE got CERTIFICATE entered der @0x8f7e723:0x30 len:1452 inner_byte @0x8f7e727:0x30 entered der @0x8f7e727:0x30 len:1172 inner_byte @0x8f7e72b:0xa0 skipped der 0xa0, next byte 0x02 skipped der 0x02, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 entered der @0x8f7e830:0x30 len:418 inner_byte @0x8f7e834:0x30 skipped der 0x30, next byte 0x03 entered der @0x8f7e843:0x03 len:399 inner_byte @0x8f7e847:0x00 copying key bytes:399, first:0x00 insize:4397 tail:9 got block len:4 got SERVER_HELLO_DONE Now need to teach it to send ClientKeyExchange... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-14 13:57:16 +01:00
Denys Vlasenko	ceff6b0ea9	tls: work-in-progress TLS1.2 test applet function old new delta tls_main - 733 +733 dump - 230 +230 xread_tls_block - 180 +180 get_der_len - 76 +76 enter_der_item - 70 +70 skip_der_item - 56 +56 get24be - 24 +24 tls_error_die - 19 +19 packed_usage 31010 31027 +17 applet_names 2549 2553 +4 applet_main 1472 1476 +4 applet_suid 92 93 +1 applet_install_loc 184 185 +1 ------------------------------------------------------------------------------ (add/remove: 9/0 grow/shrink: 5/0 up/down: 1415/0) Total: 1415 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>	2017-01-14 12:49:32 +01:00

1 2

77 Commits