diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-25 14:28:32 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-25 14:28:32 +0100 |
| commit | a33b0082408a2c9b2b45db205aca41393ba826a2 (patch) | |
| tree | 343362e68f944278c3fde5a45208d1ff1aebbd82 | |
| parent | be5ca42e8d5f36145cca6c2120899e7e2ad4f0b3 (diff) | |
| download | busybox-w32-a33b0082408a2c9b2b45db205aca41393ba826a2.tar.gz busybox-w32-a33b0082408a2c9b2b45db205aca41393ba826a2.tar.bz2 busybox-w32-a33b0082408a2c9b2b45db205aca41393ba826a2.zip | |
tls: code shrink
function old new delta
tls_handshake 1993 1987 -6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/tls.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/networking/tls.c b/networking/tls.c index 85a4e21dd..149f55ee4 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -19,10 +19,6 @@ | |||
| 19 | 19 | ||
| 20 | #include "tls.h" | 20 | #include "tls.h" |
| 21 | 21 | ||
| 22 | //TLS 1.2 | ||
| 23 | #define TLS_MAJ 3 | ||
| 24 | #define TLS_MIN 3 | ||
| 25 | |||
| 26 | //Tested against kernel.org: | 22 | //Tested against kernel.org: |
| 27 | //#define CIPHER_ID TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA // ok, recvs SERVER_KEY_EXCHANGE *** matrixssl uses this on my box | 23 | //#define CIPHER_ID TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA // ok, recvs SERVER_KEY_EXCHANGE *** matrixssl uses this on my box |
| 28 | //#define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // ok, no SERVER_KEY_EXCHANGE | 24 | //#define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // ok, no SERVER_KEY_EXCHANGE |
| @@ -94,6 +90,11 @@ | |||
| 94 | # define dbg_der(...) ((void)0) | 90 | # define dbg_der(...) ((void)0) |
| 95 | #endif | 91 | #endif |
| 96 | 92 | ||
| 93 | |||
| 94 | //TLS 1.2 | ||
| 95 | #define TLS_MAJ 3 | ||
| 96 | #define TLS_MIN 3 | ||
| 97 | |||
| 97 | #define RECORD_TYPE_CHANGE_CIPHER_SPEC 20 /* 0x14 */ | 98 | #define RECORD_TYPE_CHANGE_CIPHER_SPEC 20 /* 0x14 */ |
| 98 | #define RECORD_TYPE_ALERT 21 /* 0x15 */ | 99 | #define RECORD_TYPE_ALERT 21 /* 0x15 */ |
| 99 | #define RECORD_TYPE_HANDSHAKE 22 /* 0x16 */ | 100 | #define RECORD_TYPE_HANDSHAKE 22 /* 0x16 */ |
| @@ -191,13 +192,13 @@ | |||
| 191 | #define TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /*TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD */ | 192 | #define TLS_RSA_WITH_AES_256_CCM_8 0xC0A1 /*TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD */ |
| 192 | #define TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /*TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD */ | 193 | #define TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2 /*TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD */ |
| 193 | #define TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /*TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD */ | 194 | #define TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3 /*TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD */ |
| 194 | #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /*TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD */ | ||
| 195 | #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD */ | ||
| 196 | #define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /*TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD */ | ||
| 197 | #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD */ | 195 | #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD */ |
| 198 | #define TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD */ | 196 | #define TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD */ |
| 199 | #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD */ | 197 | #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD */ |
| 200 | #define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD */ | 198 | #define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD */ |
| 199 | #define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8 /*TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD */ | ||
| 200 | #define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /*TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD */ | ||
| 201 | #define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA /*TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD */ | ||
| 201 | 202 | ||
| 202 | #define TLS_AES_128_GCM_SHA256 0x1301 /*TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD */ | 203 | #define TLS_AES_128_GCM_SHA256 0x1301 /*TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD */ |
| 203 | #define TLS_AES_256_GCM_SHA384 0x1302 /*TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD */ | 204 | #define TLS_AES_256_GCM_SHA384 0x1302 /*TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD */ |
| @@ -259,6 +260,13 @@ enum { | |||
| 259 | // | The length (in bytes) of the following TLSCiphertext.fragment. | 260 | // | The length (in bytes) of the following TLSCiphertext.fragment. |
| 260 | // | The length MUST NOT exceed 2^14 + 2048. | 261 | // | The length MUST NOT exceed 2^14 + 2048. |
| 261 | MAX_INBUF = RECHDR_LEN + (1 << 14) + 2048, | 262 | MAX_INBUF = RECHDR_LEN + (1 << 14) + 2048, |
| 263 | |||
| 264 | /* Bits for tls->flags */ | ||
| 265 | NEED_EC_KEY = 1 << 0, | ||
| 266 | GOT_CERT_RSA_KEY_ALG = 1 << 1, | ||
| 267 | GOT_CERT_ECDSA_KEY_ALG = 1 << 2, // so far unused | ||
| 268 | GOT_EC_KEY = 1 << 3, | ||
| 269 | ENCRYPTION_AESGCM = 1 << 4, // else AES-SHA (or NULL-SHA if CIPHER_ID1 set to allow one) | ||
| 262 | }; | 270 | }; |
| 263 | 271 | ||
| 264 | struct record_hdr { | 272 | struct record_hdr { |
| @@ -267,13 +275,6 @@ struct record_hdr { | |||
| 267 | uint8_t len16_hi, len16_lo; | 275 | uint8_t len16_hi, len16_lo; |
| 268 | }; | 276 | }; |
| 269 | 277 | ||
| 270 | enum { | ||
| 271 | NEED_EC_KEY = 1 << 0, | ||
| 272 | GOT_CERT_RSA_KEY_ALG = 1 << 1, | ||
| 273 | GOT_CERT_ECDSA_KEY_ALG = 1 << 2, | ||
| 274 | GOT_EC_KEY = 1 << 3, | ||
| 275 | ENCRYPTION_AESGCM = 1 << 4, | ||
| 276 | }; | ||
| 277 | struct tls_handshake_data { | 278 | struct tls_handshake_data { |
| 278 | /* In bbox, md5/sha1/sha256 ctx's are the same structure */ | 279 | /* In bbox, md5/sha1/sha256 ctx's are the same structure */ |
| 279 | md5sha_ctx_t handshake_hash_ctx; | 280 | md5sha_ctx_t handshake_hash_ctx; |
| @@ -1379,7 +1380,7 @@ static void find_key_in_der_cert(tls_state_t *tls, uint8_t *der, int len) | |||
| 1379 | } else | 1380 | } else |
| 1380 | if (memcmp(der, OID_ECDSA_KEY_ALG, sizeof(OID_ECDSA_KEY_ALG)) == 0) { | 1381 | if (memcmp(der, OID_ECDSA_KEY_ALG, sizeof(OID_ECDSA_KEY_ALG)) == 0) { |
| 1381 | dbg("ECDSA key\n"); | 1382 | dbg("ECDSA key\n"); |
| 1382 | tls->flags |= GOT_CERT_ECDSA_KEY_ALG; | 1383 | //UNUSED: tls->flags |= GOT_CERT_ECDSA_KEY_ALG; |
| 1383 | } else | 1384 | } else |
| 1384 | bb_error_msg_and_die("not RSA or ECDSA cert"); | 1385 | bb_error_msg_and_die("not RSA or ECDSA cert"); |
| 1385 | } | 1386 | } |