Denys Vlasenko
5d561ef634
tls: do not compile in TLS_RSA_WITH_NULL_SHA256 code if unreachable
...
function old new delta
tls_handshake 1595 1588 -7
xwrite_encrypted 244 209 -35
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-04 01:41:15 +02:00
Denys Vlasenko
229d3c467d
tls: avoid using int16 in pstm code
...
function old new delta
pstm_div 1472 1522 +50
psRsaEncryptPub 403 413 +10
pstm_2expt 91 96 +5
pstm_clear 68 72 +4
pstm_init 39 42 +3
pstm_unsigned_bin_size 36 37 +1
pstm_montgomery_reduce 398 399 +1
pstm_init_size 45 46 +1
pstm_zero 39 38 -1
pstm_set 35 34 -1
pstm_read_unsigned_bin 112 109 -3
pstm_mulmod 123 120 -3
pstm_mod 116 113 -3
pstm_cmp 57 54 -3
pstm_sub 107 102 -5
pstm_to_unsigned_bin 157 151 -6
pstm_clamp 63 57 -6
pstm_add 116 108 -8
pstm_grow 81 72 -9
pstm_count_bits 57 48 -9
pstm_init_copy 84 72 -12
pstm_cmp_mag 93 78 -15
pstm_sqr_comba 567 551 -16
pstm_montgomery_calc_normalization 158 140 -18
pstm_copy 115 92 -23
pstm_lshd 133 109 -24
pstm_mul_comba 525 500 -25
pstm_mul_d 251 224 -27
s_pstm_sub 256 228 -28
s_pstm_add 370 337 -33
pstm_div_2d 444 409 -35
pstm_mul_2 195 156 -39
pstm_rshd 154 104 -50
pstm_mul_2d 247 186 -61
pstm_exptmod 1524 1463 -61
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 8/27 up/down: 75/-524) Total: -449 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-03 21:53:29 +02:00
Denys Vlasenko
636c3b627c
tls: merge sha1 and sha256 hmac functions
...
function old new delta
hmac_begin - 196 +196
hmac_sha256 61 68 +7
hmac 250 87 -163
hmac_sha256_begin 190 - -190
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 1/1 up/down: 203/-353) Total: -150 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-03 17:43:44 +02:00
Denys Vlasenko
0ec4d08ea3
tls: covert i/o loop from using select() to poll()
...
function old new delta
tls_run_copy_loop 377 282 -95
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-02-16 16:51:18 +01:00
Denys Vlasenko
c31b54fd81
tls: fold AES CBC en/decryption into single functions
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-02-04 16:23:49 +01:00
Denys Vlasenko
5b05d9db29
wget/tls: session_id of zero length is ok (arxiv.org responds with such)
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-02-03 18:23:52 +01:00
Denys Vlasenko
89193f985b
tls: can download kernels now :)
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24 18:08:07 +01:00
Denys Vlasenko
1500b3a50d
tls: if got CERTIFICATE_REQUEST, send an empty CERTIFICATE
...
wolfssl test server is not satisfied by an empty one,
but some real servers might be.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24 17:06:10 +01:00
Denys Vlasenko
49ecee098d
tls: add 2nd cipher_id, TLS_RSA_WITH_AES_128_CBC_SHA, so far it doesn't work
...
Good news that TLS_RSA_WITH_AES_256_CBC_SHA256 still works with new code ;)
This change adds inevitable extension to have different sized hashes and AES key sizes.
In libbb, md5_end() and shaX_end() are extended to return result size instead of void -
this helps *a lot* in tls (the cost is ~5 bytes per _end() function).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24 16:00:54 +01:00
Denys Vlasenko
7a18b9502a
tls: reorder tls_handshake_data fields for smaller size, tweak comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 16:37:04 +01:00
Denys Vlasenko
b5bf1913d3
tls: send EMPTY_RENEGOTIATION_INFO_SCSV in our client hello
...
Hoped this can make cdn.kernel.org to like us more. Nope.
While at it, made error reporting more useful.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 16:12:17 +01:00
Denys Vlasenko
9492da7e63
tls: set TLS_DEBUG to 0; placate a gcc indentation warning
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 01:15:13 +01:00
Denys Vlasenko
9a647c326a
separate TLS code into a library, use in in wget
...
A new applet, ssl_client, is the TLS debug thing now.
It doubles as wget's NOMMU helper.
In MMU mode, wget still forks, but then directly calls TLS code,
without execing.
This can also be applied to sendmail/popmail (SMTPS / SMTP+starttls support)
and nc --ssl (ncat, nmap's nc clone, has such option).
function old new delta
tls_handshake - 1691 +1691
tls_run_copy_loop - 443 +443
ssl_client_main - 128 +128
packed_usage 30978 31007 +29
wget_main 2508 2535 +27
applet_names 2553 2560 +7
...
xwrite_encrypted 360 342 -18
tls_main 2127 - -2127
------------------------------------------------------------------------------
(add/remove: 4/1 grow/shrink: 13/8 up/down: 2351/-2195) Total: 156 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 01:08:16 +01:00
Denys Vlasenko
f6e20724d4
tls: reorder tls_state fields for smaller offsets
...
function old new delta
xwrite_encrypted 363 360 -3
xwrite_and_update_handshake_hash 117 114 -3
tls_xread_handshake_block 72 69 -3
tls_error_die 211 202 -9
tls_get_outbuf 64 49 -15
tls_main 2163 2127 -36
tls_xread_record 702 639 -63
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/7 up/down: 0/-132) Total: -132 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21 02:08:34 +01:00
Denys Vlasenko
dd2577f21a
tls: send SNI in the client hello
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 22:48:41 +01:00
Denys Vlasenko
0af5265180
tls: check size on "MAC-only, no crypt" code path too
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 21:23:10 +01:00
Denys Vlasenko
54b927d78b
tls: AES decrypt does one unnecessary memmove
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 21:19:38 +01:00
Denys Vlasenko
3916139ac4
tls: make input buffer grow as needed
...
As it turns out, it goes only up to "inbuf_size:4608"
for kernel.org - fixed 18kb buffer was x4 larger than necessary.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 20:27:06 +01:00
Denys Vlasenko
38972a8df1
tls: improve i/o loop
...
With tls_has_buffered_record(), entire kernel.org response
is printed at once, without 6 second pause to see its delayed EOF.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 19:11:14 +01:00
Denys Vlasenko
e7863f394e
tls: was psAesDecrypt'ing one block too many, trashing buffered data
...
For the first time
printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" | ./busybox tls kernel.org
successfully reads entire server response and TLS shutdown.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 18:04:04 +01:00
Denys Vlasenko
19e695ebad
tls: do not use common_bufsiz
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 14:27:58 +01:00
Denys Vlasenko
a0aae9f714
tls: decode alerts and in particular, EOF alert.
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 14:12:10 +01:00
Denys Vlasenko
abbf17abcc
tls: add the i/o loop - largish rework of i/o buffering
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20 03:15:09 +01:00
Denys Vlasenko
432f1ae2ff
tls: tested PSTM_X86_64, not enabling it - too large
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 16:32:38 +01:00
Denys Vlasenko
cccf8e735d
tls: teach it to decrypt AES256-encrypted data
...
This adds decryption only.
There is no MAC verification, code simply throws away MAC.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 00:20:45 +01:00
Denys Vlasenko
a9e1866806
tls: trim comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 21:00:23 +01:00
Denys Vlasenko
b5dfc3dfd6
tls: teach it to send AES256-encrypted data
...
>> CLIENT_HELLO
wrote 50 bytes
insize:0 tail:0
got block len:74
got HANDSHAKE
<< SERVER_HELLO
insize:79 tail:0
got block len:2397
got HANDSHAKE
<< CERTIFICATE
key bytes:271, first:0x00
server_rsa_pub_key.size:256
insize:2402 tail:0
got block len:4
got HANDSHAKE
<< SERVER_HELLO_DONE
>> CLIENT_KEY_EXCHANGE
wrote 267 bytes
master secret:c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78
client_write_MAC_key:3b0b7e2bab241b629c37eb3a3824f09b39fe71a00876b0c8026dda16ef0d2f82
client_write_key:d36e801470ed2f0a8fc886ac25df57ffbe4265d06e3192122c4ef4df1e32fab2
>> CHANGE_CIPHER_SPEC
from secret: c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78
from labelSeed: 636c69656e742066696e6973686564b22e0e6008b8ee218cc02e4a93e4a42b570535f9b57662e262d43b379d125b69
=> digest: a45bfee8ed6507a2a9920d0c
>> FINISHED
before crypt: 5 hdr + 16 data + 32 hash bytes
writing 5 + 16 IV + 64 encrypted bytes, padding_length:0x0f
wrote 85 bytes
insize:9 tail:0
got block len:1
<< CHANGE_CIPHER_SPEC
insize:6 tail:0
got block len:80
< hdr_type:22 ver:3.3 len:80 type:21 len24:9541723 |1591985b...a3da|
The last line is the server's FINISHED response, encrypted.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 20:37:24 +01:00
Denys Vlasenko
b7e9ae6e9f
tls: added AES code and made it compile. not used yet
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 17:20:27 +01:00
Denys Vlasenko
c8ba23bcec
tls: massage writing for encryption support; finer-grained debug
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 06:45:50 +01:00
Denys Vlasenko
5d1662ea1c
tls: address one easy FIXME, tidy up comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17 18:17:27 +01:00
Denys Vlasenko
e69d78c038
tls: process CHANGE_CIPHER_SPEC and FINISHED from server
...
Successfully finishes handshake with test servers using NULL-SHA256
cipher.
The "only" thing remaining before there is a chance
this can actually work with real servers is AES encrypt/decrypt.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17 17:24:11 +01:00
Denys Vlasenko
fe0588df3b
tls: rearrange function order, improve comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17 17:04:24 +01:00
Denys Vlasenko
e2cb3b990f
tls: make our send_client_finished() pass server check
...
sha256 hash should be calculated over incoming handshake packets too!
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17 16:53:36 +01:00
Denys Vlasenko
9a6897a48a
tls: format FINISHED message properly for unencrypted, but sha256 signed mode
...
Now it at least looks correct, but unfortunately "openssl s_server"
says my hash is wrong.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16 23:26:33 +01:00
Denys Vlasenko
936e83e694
tls: add sha256 hmac and prf code
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16 04:25:01 +01:00
Denys Vlasenko
3f8ecd933a
tls: rearrange code, add/improve comments, fix whitespace, no real changes here
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 14:16:51 +01:00
Denys Vlasenko
c5540d61f6
tls: send CHANGE_CIPHER_SPEC
...
To "actually implement it" will take more work...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 02:17:03 +01:00
Denys Vlasenko
f78ad0938b
whitespace fix
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:18:22 +01:00
Denys Vlasenko
11d0096516
tls: format and send CLIENT_KEY_EXCHANGE
...
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
Denys Vlasenko
2a17d1fc9b
tls: DER length byte 0x81 is actually valid
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14 22:38:25 +01:00
Denys Vlasenko
b1003f7019
tls: a bit more work
...
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4406
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8f7e723:0x30 len:1452 inner_byte @0x8f7e727:0x30
entered der @0x8f7e727:0x30 len:1172 inner_byte @0x8f7e72b:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8f7e830:0x30 len:418 inner_byte @0x8f7e834:0x30
skipped der 0x30, next byte 0x03
entered der @0x8f7e843:0x03 len:399 inner_byte @0x8f7e847:0x00
copying key bytes:399, first:0x00
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
Now need to teach it to send ClientKeyExchange...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14 13:57:16 +01:00
Denys Vlasenko
ceff6b0ea9
tls: work-in-progress TLS1.2 test applet
...
function old new delta
tls_main - 733 +733
dump - 230 +230
xread_tls_block - 180 +180
get_der_len - 76 +76
enter_der_item - 70 +70
skip_der_item - 56 +56
get24be - 24 +24
tls_error_die - 19 +19
packed_usage 31010 31027 +17
applet_names 2549 2553 +4
applet_main 1472 1476 +4
applet_suid 92 93 +1
applet_install_loc 184 185 +1
------------------------------------------------------------------------------
(add/remove: 9/0 grow/shrink: 5/0 up/down: 1415/0) Total: 1415 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14 12:49:32 +01:00