diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-12-10 19:19:38 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-12-10 19:19:38 +0100 |
| commit | 3a4d5a73a876b0922afed095bc9f83dbdf07148e (patch) | |
| tree | 93480ac715eb7e72ff3007eb98158dc7a69e0358 | |
| parent | c67ff8a1b04c56b9445a891cb48db7fc0f0f4445 (diff) | |
| download | busybox-w32-3a4d5a73a876b0922afed095bc9f83dbdf07148e.tar.gz busybox-w32-3a4d5a73a876b0922afed095bc9f83dbdf07148e.tar.bz2 busybox-w32-3a4d5a73a876b0922afed095bc9f83dbdf07148e.zip | |
tls: prepare for ECDH_anon ciphers
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/tls.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/networking/tls.c b/networking/tls.c index 253d687b4..b90f45e8b 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -525,9 +525,9 @@ static unsigned hmac(tls_state_t *tls, uint8_t *out, uint8_t *key, unsigned key_ | |||
| 525 | va_start(va, key_size); | 525 | va_start(va, key_size); |
| 526 | 526 | ||
| 527 | hmac_begin(&pre, key, key_size, | 527 | hmac_begin(&pre, key, key_size, |
| 528 | (!ENABLE_FEATURE_TLS_SHA1 || tls->MAC_size == SHA256_OUTSIZE) | 528 | (ENABLE_FEATURE_TLS_SHA1 && tls->MAC_size == SHA1_OUTSIZE) |
| 529 | ? sha256_begin | 529 | ? sha1_begin |
| 530 | : sha1_begin | 530 | : sha256_begin |
| 531 | ); | 531 | ); |
| 532 | len = hmac_sha_precomputed_v(&pre, out, va); | 532 | len = hmac_sha_precomputed_v(&pre, out, va); |
| 533 | 533 | ||
| @@ -1486,7 +1486,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) | |||
| 1486 | { | 1486 | { |
| 1487 | #define NUM_CIPHERS (7 + 6 * ENABLE_FEATURE_TLS_SHA1 + ALLOW_RSA_NULL_SHA256) | 1487 | #define NUM_CIPHERS (7 + 6 * ENABLE_FEATURE_TLS_SHA1 + ALLOW_RSA_NULL_SHA256) |
| 1488 | static const uint8_t ciphers[] = { | 1488 | static const uint8_t ciphers[] = { |
| 1489 | 0x00,(1 + NUM_CIPHERS) * 2, //len16_be | 1489 | 0x00,2 + NUM_CIPHERS*2, //len16_be |
| 1490 | 0x00,0xFF, //not a cipher - TLS_EMPTY_RENEGOTIATION_INFO_SCSV | 1490 | 0x00,0xFF, //not a cipher - TLS_EMPTY_RENEGOTIATION_INFO_SCSV |
| 1491 | /* ^^^^^^ RFC 5746 Renegotiation Indication Extension - some servers will refuse to work with us otherwise */ | 1491 | /* ^^^^^^ RFC 5746 Renegotiation Indication Extension - some servers will refuse to work with us otherwise */ |
| 1492 | #if ENABLE_FEATURE_TLS_SHA1 | 1492 | #if ENABLE_FEATURE_TLS_SHA1 |
| @@ -1494,6 +1494,8 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) | |||
| 1494 | 0xC0,0x0A, // 2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ok: wget https://is.gd/ | 1494 | 0xC0,0x0A, // 2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ok: wget https://is.gd/ |
| 1495 | 0xC0,0x13, // 3 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA | 1495 | 0xC0,0x13, // 3 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA |
| 1496 | 0xC0,0x14, // 4 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES256-SHA (might fail with older openssl) | 1496 | 0xC0,0x14, // 4 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES256-SHA (might fail with older openssl) |
| 1497 | // 0xC0,0x18, // TLS_ECDH_anon_WITH_AES_128_CBC_SHA | ||
| 1498 | // 0xC0,0x19, // TLS_ECDH_anon_WITH_AES_256_CBC_SHA | ||
| 1497 | #endif | 1499 | #endif |
| 1498 | 0xC0,0x23, // 5 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ok: wget https://is.gd/ | 1500 | 0xC0,0x23, // 5 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ok: wget https://is.gd/ |
| 1499 | // 0xC0,0x24, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet | 1501 | // 0xC0,0x24, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet |
| @@ -1548,7 +1550,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) | |||
| 1548 | uint8_t session_id_len; | 1550 | uint8_t session_id_len; |
| 1549 | /* uint8_t session_id[]; */ | 1551 | /* uint8_t session_id[]; */ |
| 1550 | uint8_t cipherid_len16_hi, cipherid_len16_lo; | 1552 | uint8_t cipherid_len16_hi, cipherid_len16_lo; |
| 1551 | uint8_t cipherid[(1 + NUM_CIPHERS) * 2]; /* actually variable */ | 1553 | uint8_t cipherid[2 + NUM_CIPHERS*2]; /* actually variable */ |
| 1552 | uint8_t comprtypes_len; | 1554 | uint8_t comprtypes_len; |
| 1553 | uint8_t comprtypes[1]; /* actually variable */ | 1555 | uint8_t comprtypes[1]; /* actually variable */ |
| 1554 | /* Extensions (SNI shown): | 1556 | /* Extensions (SNI shown): |
| @@ -1596,7 +1598,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) | |||
| 1596 | memset(record->rand32, 0x11, sizeof(record->rand32)); | 1598 | memset(record->rand32, 0x11, sizeof(record->rand32)); |
| 1597 | /* record->session_id_len = 0; - already is */ | 1599 | /* record->session_id_len = 0; - already is */ |
| 1598 | 1600 | ||
| 1599 | BUILD_BUG_ON(sizeof(ciphers) != 2 + (1 + NUM_CIPHERS) * 2 + 2); | 1601 | BUILD_BUG_ON(sizeof(ciphers) != 2 + 2 + NUM_CIPHERS*2 + 2); |
| 1600 | memcpy(&record->cipherid_len16_hi, ciphers, sizeof(ciphers)); | 1602 | memcpy(&record->cipherid_len16_hi, ciphers, sizeof(ciphers)); |
| 1601 | 1603 | ||
| 1602 | ptr = (void*)(record + 1); | 1604 | ptr = (void*)(record + 1); |
| @@ -1698,6 +1700,8 @@ static void get_server_hello(tls_state_t *tls) | |||
| 1698 | 0xC0,0x0A, // 2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ok: wget https://is.gd/ | 1700 | 0xC0,0x0A, // 2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - ok: wget https://is.gd/ |
| 1699 | 0xC0,0x13, // 3 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA | 1701 | 0xC0,0x13, // 3 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-SHA |
| 1700 | 0xC0,0x14, // 4 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES256-SHA (might fail with older openssl) | 1702 | 0xC0,0x14, // 4 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - ok: openssl s_server ... -cipher ECDHE-RSA-AES256-SHA (might fail with older openssl) |
| 1703 | // 0xC0,0x18, // TLS_ECDH_anon_WITH_AES_128_CBC_SHA | ||
| 1704 | // 0xC0,0x19, // TLS_ECDH_anon_WITH_AES_256_CBC_SHA | ||
| 1701 | #endif | 1705 | #endif |
| 1702 | 0xC0,0x23, // 5 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ok: wget https://is.gd/ | 1706 | 0xC0,0x23, // 5 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - ok: wget https://is.gd/ |
| 1703 | // 0xC0,0x24, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet | 1707 | // 0xC0,0x24, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet |
| @@ -1705,6 +1709,7 @@ static void get_server_hello(tls_state_t *tls) | |||
| 1705 | // 0xC0,0x28, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet | 1709 | // 0xC0,0x28, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - can't do SHA384 yet |
| 1706 | 0xC0,0x2B, // 7 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - ok: wget https://is.gd/ | 1710 | 0xC0,0x2B, // 7 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - ok: wget https://is.gd/ |
| 1707 | // 0xC0,0x2C, // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - wget https://is.gd/: "TLS error from peer (alert code 20): bad MAC" | 1711 | // 0xC0,0x2C, // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - wget https://is.gd/: "TLS error from peer (alert code 20): bad MAC" |
| 1712 | //TODO: GCM_SHA384 ciphers can be supported, only need sha384-based PRF? | ||
| 1708 | 0xC0,0x2F, // 8 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-GCM-SHA256 | 1713 | 0xC0,0x2F, // 8 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher ECDHE-RSA-AES128-GCM-SHA256 |
| 1709 | // 0xC0,0x30, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - openssl s_server ... -cipher ECDHE-RSA-AES256-GCM-SHA384: "decryption failed or bad record mac" | 1714 | // 0xC0,0x30, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - openssl s_server ... -cipher ECDHE-RSA-AES256-GCM-SHA384: "decryption failed or bad record mac" |
| 1710 | //possibly these too: | 1715 | //possibly these too: |
| @@ -1722,8 +1727,10 @@ static void get_server_hello(tls_state_t *tls) | |||
| 1722 | 0x00,0x3D, //12 TLS_RSA_WITH_AES_256_CBC_SHA256 - ok: openssl s_server ... -cipher AES256-SHA256 | 1727 | 0x00,0x3D, //12 TLS_RSA_WITH_AES_256_CBC_SHA256 - ok: openssl s_server ... -cipher AES256-SHA256 |
| 1723 | 0x00,0x9C, //13 TLS_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher AES128-GCM-SHA256 | 1728 | 0x00,0x9C, //13 TLS_RSA_WITH_AES_128_GCM_SHA256 - ok: openssl s_server ... -cipher AES128-GCM-SHA256 |
| 1724 | // 0x00,0x9D, // TLS_RSA_WITH_AES_256_GCM_SHA384 - openssl s_server ... -cipher AES256-GCM-SHA384: "decryption failed or bad record mac" | 1729 | // 0x00,0x9D, // TLS_RSA_WITH_AES_256_GCM_SHA384 - openssl s_server ... -cipher AES256-GCM-SHA384: "decryption failed or bad record mac" |
| 1730 | #if ALLOW_RSA_NULL_SHA256 | ||
| 1725 | 0x00,0x3B, // TLS_RSA_WITH_NULL_SHA256 | 1731 | 0x00,0x3B, // TLS_RSA_WITH_NULL_SHA256 |
| 1726 | #endif | 1732 | #endif |
| 1733 | #endif | ||
| 1727 | cipherid1 = cipherid[1]; | 1734 | cipherid1 = cipherid[1]; |
| 1728 | tls->cipher_id = 0x100 * cipherid[0] + cipherid1; | 1735 | tls->cipher_id = 0x100 * cipherid[0] + cipherid1; |
| 1729 | tls->key_size = AES256_KEYSIZE; | 1736 | tls->key_size = AES256_KEYSIZE; |
| @@ -1736,7 +1743,7 @@ static void get_server_hello(tls_state_t *tls) | |||
| 1736 | /* Odd numbered C0xx use AES128 (even ones use AES256) */ | 1743 | /* Odd numbered C0xx use AES128 (even ones use AES256) */ |
| 1737 | tls->key_size = AES128_KEYSIZE; | 1744 | tls->key_size = AES128_KEYSIZE; |
| 1738 | } | 1745 | } |
| 1739 | if (ENABLE_FEATURE_TLS_SHA1 && cipherid1 <= 0x14) { | 1746 | if (ENABLE_FEATURE_TLS_SHA1 && cipherid1 <= 0x19) { |
| 1740 | tls->MAC_size = SHA1_OUTSIZE; | 1747 | tls->MAC_size = SHA1_OUTSIZE; |
| 1741 | } else | 1748 | } else |
| 1742 | if (cipherid1 >= 0x2B && cipherid1 <= 0x30) { | 1749 | if (cipherid1 >= 0x2B && cipherid1 <= 0x30) { |