Commit Graph

17 Commits

Author SHA1 Message Date
Denys Vlasenko
55578f2fb7 tls: fix the case of sp_256_mont_tpl_10() leaving striay high bits
It has no effect on correctness, but interferes with compating internal state
of different implementations.

function                                             old     new   delta
sp_256_proj_point_dbl_10                             443     451      +8
static.sp_256_mont_sub_10                             46      49      +3
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 11/0)               Total: 11 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-05 19:46:39 +02:00
Denys Vlasenko
074b33bf16 tls: simplify sp_256_ecc_gen_k_10, cosmetic changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 14:33:38 +02:00
Denys Vlasenko
6b69ab68b4 tls: make x25519 key generation code more similar to P256
function                                             old     new   delta
curve_x25519_compute_pubkey_and_premaster              -      74     +74
tls_handshake                                       2146    2072     -74
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/1 up/down: 74/-74)              Total: 0 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 13:46:36 +02:00
Denys Vlasenko
f18a1fd6f3 tls: implement secp256r1 elliptic curve (aka P256)
function                                             old     new   delta
sp_256_mod_mul_norm_10                                 -    1439   +1439
sp_256_ecc_mulmod_10                                   -    1363   +1363
sp_256_proj_point_dbl_10                               -     490    +490
p256_base                                              -     244    +244
static.sp_256_mont_sqr_10                              -     234    +234
static.sp_256_mont_mul_10                              -     214    +214
curve_P256_compute_pubkey_and_premaster                -     197    +197
static.sp_256_mont_reduce_10                           -     176    +176
static.sp_256_from_bin                                 -     149    +149
sp_256_to_bin                                          -     148    +148
tls_handshake                                       2046    2146    +100
static.sp_256_mul_add_10                               -      82     +82
.rodata                                           103275  103336     +61
static.sp_256_mont_sub_10                              -      52     +52
static.sp_256_mont_dbl_10                              -      52     +52
static.sp_256_cmp_10                                   -      43     +43
p256_mod                                               -      40     +40
static.sp_256_cond_sub_10                              -      32     +32
p256_mod_2                                             -      32     +32
sp_256_norm_10                                         -      31     +31
sp_256_cmp_equal_10                                    -      30     +30
sp_256_add_10                                          -      22     +22
addr_mask                                              -       8      +8
------------------------------------------------------------------------------
(add/remove: 22/0 grow/shrink: 2/0 up/down: 5239/0)          Total: 5239 bytes
   text	   data	    bss	    dec	    hex	filename
1018192	    559	   5020	1023771	  f9f1b	busybox_old
1023431	    559	   5020	1029010	  fb392	busybox_unstripped

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 13:30:09 +02:00
James Byrne
6937487be7 libbb: reduce the overhead of single parameter bb_error_msg() calls
Back in 2007, commit 0c97c9d437 ("'simple' error message functions by
Loic Grenie") introduced bb_simple_perror_msg() to allow for a lower
overhead call to bb_perror_msg() when only a string was being printed
with no parameters. This saves space for some CPU architectures because
it avoids the overhead of a call to a variadic function. However there
has never been a simple version of bb_error_msg(), and since 2007 many
new calls to bb_perror_msg() have been added that only take a single
parameter and so could have been using bb_simple_perror_message().

This changeset introduces 'simple' versions of bb_info_msg(),
bb_error_msg(), bb_error_msg_and_die(), bb_herror_msg() and
bb_herror_msg_and_die(), and replaces all calls that only take a
single parameter, or use something like ("%s", arg), with calls to the
corresponding 'simple' version.

Since it is likely that single parameter calls to the variadic functions
may be accidentally reintroduced in the future a new debugging config
option WARN_SIMPLE_MSG has been introduced. This uses some macro magic
which will cause any such calls to generate a warning, but this is
turned off by default to avoid use of the unpleasant macros in normal
circumstances.

This is a large changeset due to the number of calls that have been
replaced. The only files that contain changes other than simple
substitution of function calls are libbb.h, libbb/herror_msg.c,
libbb/verror_msg.c and libbb/xfuncs_printf.c. In miscutils/devfsd.c,
networking/udhcp/common.h and util-linux/mdev.c additonal macros have
been added for logging so that single parameter and multiple parameter
logging variants exist.

The amount of space saved varies considerably by architecture, and was
found to be as follows (for 'defconfig' using GCC 7.4):

Arm:     -92 bytes
MIPS:    -52 bytes
PPC:   -1836 bytes
x86_64: -938 bytes

Note that for the MIPS architecture only an exception had to be made
disabling the 'simple' calls for 'udhcp' (in networking/udhcp/common.h)
because it made these files larger on MIPS.

Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2019-07-02 11:35:03 +02:00
Denys Vlasenko
03569bc50f tls: speed up xor'ing of aligned 16-byte buffers
function                                             old     new   delta
xorbuf_aligned_AES_BLOCK_SIZE                          -      23     +23
xwrite_encrypted                                     585     580      -5
aesgcm_GHASH                                         233     228      -5
GMULT                                                192     187      -5
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/3 up/down: 23/-15)              Total: 8 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 14:08:29 +01:00
Denys Vlasenko
941440cf16 tls: in AES-GCM decoding, avoid memmove
function                                             old     new   delta
xorbuf3                                                -      36     +36
xorbuf                                                24      12     -12
tls_xread_record                                     656     634     -22
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/2 up/down: 36/-34)              Total: 2 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 13:51:46 +01:00
Denys Vlasenko
624066f0cc tls: make tls_get_random() FAST_FUNC
function                                             old     new   delta
tls_handshake                                       1977    1985      +8
tls_get_random                                        32      28      -4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 8/-4)                Total: 4 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 19:24:57 +01:00
Denys Vlasenko
83e5c627e1 tls: add support for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher
function                                             old     new   delta
xwrite_encrypted                                     209     605    +396
GHASH                                                  -     395    +395
aes_encrypt_1                                          -     382    +382
GMULT                                                  -     192    +192
tls_xread_record                                     489     659    +170
aes_encrypt_one_block                                  -      65     +65
aesgcm_setkey                                          -      58     +58
FlattenSzInBits                                        -      52     +52
tls_handshake                                       1890    1941     +51
xwrite_and_update_handshake_hash                      46      81     +35
xorbuf                                                 -      24     +24
aes_setkey                                             -      16     +16
psRsaEncryptPub                                      413     421      +8
stty_main                                           1221    1227      +6
ssl_client_main                                      138     143      +5
next_token                                           841     845      +4
spawn_ssl_client                                     218     219      +1
volume_id_probe_hfs_hfsplus                          564     563      -1
read_package_field                                   232     230      -2
i2cdetect_main                                       674     672      -2
fail_hunk                                            139     136      -3
parse_expr                                           891     883      -8
curve25519                                           802     793      -9
aes_cbc_decrypt                                      971     958     -13
xwrite_handshake_record                               43       -     -43
aes_cbc_encrypt                                      644     172    -472
------------------------------------------------------------------------------
(add/remove: 9/1 grow/shrink: 9/8 up/down: 1860/-553)        Total: 1307 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 17:48:07 +01:00
Denys Vlasenko
bddb6545a9 tls: add support for ECDHE-ECDSA-AES-128-CBC-SHA and x25519 curve
function                                             old     new   delta
curve25519                                             -     835    +835
tls_handshake                                       1619    1935    +316
xc_diffadd                                             -     230    +230
fe_mul__distinct                                       -     149    +149
lm_sub                                                 -     103    +103
lm_add                                                 -      82     +82
fe_mul_c                                               -      74     +74
fe_select                                              -      45     +45
static.f25519_one                                      -      32     +32
static.basepoint9                                      -      32     +32
static.OID_ECDSA_KEY_ALG                               -      21     +21
static.OID_RSA_KEY_ALG                                 -      13     +13
static.supported_groups                                -       8      +8
static.empty_client_cert                               -       7      +7
der_binary_to_pstm                                    40      42      +2
static.expected                                       13       -     -13
------------------------------------------------------------------------------
(add/remove: 14/1 grow/shrink: 2/0 up/down: 1949/-13)        Total: 1936 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 02:17:54 +01:00
Denys Vlasenko
79376ecdbd tls: fix pstm asm constraint problem
function                                             old     new   delta
pstm_sqr_comba                                       551     475     -76

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-15 17:13:08 +02:00
Denys Vlasenko
9887f93eef tls: fix build problem on non-static i386
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-15 13:42:19 +02:00
Denys Vlasenko
432f1ae2ff tls: tested PSTM_X86_64, not enabling it - too large
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 16:32:38 +01:00
Denys Vlasenko
6b1b004845 tls: commented out psPool_t use
function                                             old     new   delta
psAesEncrypt                                         159     162      +3
der_binary_to_pstm                                    42      40      -2
xwrite_and_hash                                      437     434      -3
xread_tls_block                                      446     443      -3
pstm_div_2d                                          449     444      -5
psAesDecrypt                                         179     174      -5
pstm_init_size                                        52      45      -7
pstm_init                                             46      39      -7
pstm_to_unsigned_bin                                 165     157      -8
tls_main                                            1265    1256      -9
pstm_mulmod                                          132     123      -9
pstm_mod                                             125     116      -9
pstm_init_copy                                        93      84      -9
psAesInitKey                                         840     825     -15
send_client_key_exchange                             362     342     -20
psAesInit                                            103      80     -23
psRsaEncryptPub                                      429     403     -26
psAesDecryptBlock                                   1211    1184     -27
psAesEncryptBlock                                   1223    1193     -30
pstm_exptmod                                        1582    1524     -58
pstm_div                                            1557    1472     -85
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/20 up/down: 3/-360)          Total: -357 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19 15:51:00 +01:00
Denys Vlasenko
b7e9ae6e9f tls: added AES code and made it compile. not used yet
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18 17:20:27 +01:00
Denys Vlasenko
936e83e694 tls: add sha256 hmac and prf code
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16 04:25:01 +01:00
Denys Vlasenko
11d0096516 tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C

Next step: send CHANGE_CIPHER_SPEC... and actually implement it.

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00