tls: merge sha1 and sha256 hmac functions

function old new delta hmac_begin - 196 +196 hmac_sha256 61 68 +7 hmac 250 87 -163 hmac_sha256_begin 190 - -190 ------------------------------------------------------------------------------ (add/remove: 1/1 grow/shrink: 1/1 up/down: 203/-353) Total: -150 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-04-03 17:43:44 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-04-03 17:43:44 +0200
commit: 636c3b627cc964f65e5b38bb005d50f2841d6966 (patch)
tree: 1869cd056bfbe1957732b146e9e7c51408abd976 /networking/tls.c
parent: 6e99f1cb45621d36958fa97943074d9c5e2e9306 (diff)
download: busybox-w32-636c3b627cc964f65e5b38bb005d50f2841d6966.tar.gz
busybox-w32-636c3b627cc964f65e5b38bb005d50f2841d6966.tar.bz2
busybox-w32-636c3b627cc964f65e5b38bb005d50f2841d6966.zip
1 files changed, 12 insertions, 44 deletions
diff --git a/networking/tls.c b/networking/tls.c
index cb6b09476..bbf2b158f 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -367,11 +367,12 @@ static unsigned hmac_sha_precomputed_v(
        return sha_end(&pre->hashed_key_xor_opad, out);
 }
-static void hmac_sha256_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned key_size)
+typedef void md5sha_begin_func(md5sha_ctx_t *ctx) FAST_FUNC;
+static void hmac_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned key_size, md5sha_begin_func *begin)
 {
        uint8_t key_xor_ipad[SHA_INSIZE];
        uint8_t key_xor_opad[SHA_INSIZE];
-        uint8_t tempkey[SHA256_OUTSIZE];
+        uint8_t tempkey[SHA1_OUTSIZE < SHA256_OUTSIZE ? SHA256_OUTSIZE : SHA1_OUTSIZE];
        unsigned i;
        // "The authentication key can be of any length up to INSIZE, the
@@ -380,7 +381,7 @@ static void hmac_sha256_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned ke
        // resultant OUTSIZE byte string as the actual key to HMAC."
        if (key_size > SHA_INSIZE) {
                md5sha_ctx_t ctx;
-                sha256_begin(&ctx);
+                begin(&ctx);
                md5sha_hash(&ctx, key, key_size);
                key_size = sha_end(&ctx, tempkey);
        }
@@ -394,41 +395,8 @@ static void hmac_sha256_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned ke
                key_xor_opad[i] = 0x5c;
        }
-        sha256_begin(&pre->hashed_key_xor_ipad);
+        begin(&pre->hashed_key_xor_ipad);
-        sha256_begin(&pre->hashed_key_xor_opad);
+        begin(&pre->hashed_key_xor_opad);
-        md5sha_hash(&pre->hashed_key_xor_ipad, key_xor_ipad, SHA_INSIZE);
-        md5sha_hash(&pre->hashed_key_xor_opad, key_xor_opad, SHA_INSIZE);
-}
-// TODO: ^^^ vvv merge?
-static void hmac_sha1_begin(hmac_precomputed_t *pre, uint8_t *key, unsigned key_size)
-{
-        uint8_t key_xor_ipad[SHA_INSIZE];
-        uint8_t key_xor_opad[SHA_INSIZE];
-        uint8_t tempkey[SHA1_OUTSIZE];
-        unsigned i;
-        // "The authentication key can be of any length up to INSIZE, the
-        // block length of the hash function.  Applications that use keys longer
-        // than INSIZE bytes will first hash the key using H and then use the
-        // resultant OUTSIZE byte string as the actual key to HMAC."
-        if (key_size > SHA_INSIZE) {
-                md5sha_ctx_t ctx;
-                sha1_begin(&ctx);
-                md5sha_hash(&ctx, key, key_size);
-                key_size = sha_end(&ctx, tempkey);
-        }
-        for (i = 0; i < key_size; i++) {
-                key_xor_ipad[i] = key[i] ^ 0x36;
-                key_xor_opad[i] = key[i] ^ 0x5c;
-        }
-        for (; i < SHA_INSIZE; i++) {
-                key_xor_ipad[i] = 0x36;
-                key_xor_opad[i] = 0x5c;
-        }
-        sha1_begin(&pre->hashed_key_xor_ipad);
-        sha1_begin(&pre->hashed_key_xor_opad);
        md5sha_hash(&pre->hashed_key_xor_ipad, key_xor_ipad, SHA_INSIZE);
        md5sha_hash(&pre->hashed_key_xor_opad, key_xor_opad, SHA_INSIZE);
 }
@@ -441,11 +409,11 @@ static unsigned hmac(tls_state_t *tls, uint8_t *out, uint8_t *key, unsigned key_
        va_start(va, key_size);
-        if (tls->MAC_size == SHA256_OUTSIZE)
+        hmac_begin(&pre, key, key_size,
-                hmac_sha256_begin(&pre, key, key_size);
+                        (tls->MAC_size == SHA256_OUTSIZE)
-        else
+                                ? sha256_begin
-                hmac_sha1_begin(&pre, key, key_size);
+                                : sha1_begin
+        );
        len = hmac_sha_precomputed_v(&pre, out, va);
        va_end(va);
@@ -460,7 +428,7 @@ static unsigned hmac_sha256(/*tls_state_t *tls,*/ uint8_t *out, uint8_t *key, un
        va_start(va, key_size);
-        hmac_sha256_begin(&pre, key, key_size);
+        hmac_begin(&pre, key, key_size, sha256_begin);
        len = hmac_sha_precomputed_v(&pre, out, va);
        va_end(va);
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-04-03 17:43:44 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-04-03 17:43:44 +0200
commit	636c3b627cc964f65e5b38bb005d50f2841d6966 (patch)
tree	1869cd056bfbe1957732b146e9e7c51408abd976 /networking/tls.c
parent	6e99f1cb45621d36958fa97943074d9c5e2e9306 (diff)
download	busybox-w32-636c3b627cc964f65e5b38bb005d50f2841d6966.tar.gz busybox-w32-636c3b627cc964f65e5b38bb005d50f2841d6966.tar.bz2 busybox-w32-636c3b627cc964f65e5b38bb005d50f2841d6966.zip

diff --git a/networking/tls.c b/networking/tls.c index cb6b09476..bbf2b158f 100644 --- a/networking/tls.c +++ b/networking/tls.c
@@ -367,11 +367,12 @@ static unsigned hmac_sha_precomputed_v(
367	return sha_end(&pre->hashed_key_xor_opad, out);	367	return sha_end(&pre->hashed_key_xor_opad, out);
368	}	368	}
369		369
370	static void hmac_sha256_begin(hmac_precomputed_t pre, uint8_t key, unsigned key_size)	370	typedef void md5sha_begin_func(md5sha_ctx_t *ctx) FAST_FUNC;
		371	static void hmac_begin(hmac_precomputed_t pre, uint8_t key, unsigned key_size, md5sha_begin_func *begin)
371	{	372	{
372	uint8_t key_xor_ipad[SHA_INSIZE];	373	uint8_t key_xor_ipad[SHA_INSIZE];
373	uint8_t key_xor_opad[SHA_INSIZE];	374	uint8_t key_xor_opad[SHA_INSIZE];
374	uint8_t tempkey[SHA256_OUTSIZE];	375	uint8_t tempkey[SHA1_OUTSIZE < SHA256_OUTSIZE ? SHA256_OUTSIZE : SHA1_OUTSIZE];
375	unsigned i;	376	unsigned i;
376		377
377	// "The authentication key can be of any length up to INSIZE, the	378	// "The authentication key can be of any length up to INSIZE, the
@@ -380,7 +381,7 @@ static void hmac_sha256_begin(hmac_precomputed_t pre, uint8_t key, unsigned ke
380	// resultant OUTSIZE byte string as the actual key to HMAC."	381	// resultant OUTSIZE byte string as the actual key to HMAC."
381	if (key_size > SHA_INSIZE) {	382	if (key_size > SHA_INSIZE) {
382	md5sha_ctx_t ctx;	383	md5sha_ctx_t ctx;
383	sha256_begin(&ctx);	384	begin(&ctx);
384	md5sha_hash(&ctx, key, key_size);	385	md5sha_hash(&ctx, key, key_size);
385	key_size = sha_end(&ctx, tempkey);	386	key_size = sha_end(&ctx, tempkey);
386	}	387	}
@@ -394,41 +395,8 @@ static void hmac_sha256_begin(hmac_precomputed_t pre, uint8_t key, unsigned ke
394	key_xor_opad[i] = 0x5c;	395	key_xor_opad[i] = 0x5c;
395	}	396	}
396		397
397	sha256_begin(&pre->hashed_key_xor_ipad);	398	begin(&pre->hashed_key_xor_ipad);
398	sha256_begin(&pre->hashed_key_xor_opad);	399	begin(&pre->hashed_key_xor_opad);
399	md5sha_hash(&pre->hashed_key_xor_ipad, key_xor_ipad, SHA_INSIZE);
400	md5sha_hash(&pre->hashed_key_xor_opad, key_xor_opad, SHA_INSIZE);
401	}
402	// TODO: ^^^ vvv merge?
403	static void hmac_sha1_begin(hmac_precomputed_t pre, uint8_t key, unsigned key_size)
404	{
405	uint8_t key_xor_ipad[SHA_INSIZE];
406	uint8_t key_xor_opad[SHA_INSIZE];
407	uint8_t tempkey[SHA1_OUTSIZE];
408	unsigned i;
409
410	// "The authentication key can be of any length up to INSIZE, the
411	// block length of the hash function. Applications that use keys longer
412	// than INSIZE bytes will first hash the key using H and then use the
413	// resultant OUTSIZE byte string as the actual key to HMAC."
414	if (key_size > SHA_INSIZE) {
415	md5sha_ctx_t ctx;
416	sha1_begin(&ctx);
417	md5sha_hash(&ctx, key, key_size);
418	key_size = sha_end(&ctx, tempkey);
419	}
420
421	for (i = 0; i < key_size; i++) {
422	key_xor_ipad[i] = key[i] ^ 0x36;
423	key_xor_opad[i] = key[i] ^ 0x5c;
424	}
425	for (; i < SHA_INSIZE; i++) {
426	key_xor_ipad[i] = 0x36;
427	key_xor_opad[i] = 0x5c;
428	}
429
430	sha1_begin(&pre->hashed_key_xor_ipad);
431	sha1_begin(&pre->hashed_key_xor_opad);
432	md5sha_hash(&pre->hashed_key_xor_ipad, key_xor_ipad, SHA_INSIZE);	400	md5sha_hash(&pre->hashed_key_xor_ipad, key_xor_ipad, SHA_INSIZE);
433	md5sha_hash(&pre->hashed_key_xor_opad, key_xor_opad, SHA_INSIZE);	401	md5sha_hash(&pre->hashed_key_xor_opad, key_xor_opad, SHA_INSIZE);
434	}	402	}
@@ -441,11 +409,11 @@ static unsigned hmac(tls_state_t tls, uint8_t out, uint8_t *key, unsigned key_
441		409
442	va_start(va, key_size);	410	va_start(va, key_size);
443		411
444	if (tls->MAC_size == SHA256_OUTSIZE)	412	hmac_begin(&pre, key, key_size,
445	hmac_sha256_begin(&pre, key, key_size);	413	(tls->MAC_size == SHA256_OUTSIZE)
446	else	414	? sha256_begin
447	hmac_sha1_begin(&pre, key, key_size);	415	: sha1_begin
448		416	);
449	len = hmac_sha_precomputed_v(&pre, out, va);	417	len = hmac_sha_precomputed_v(&pre, out, va);
450		418
451	va_end(va);	419	va_end(va);
@@ -460,7 +428,7 @@ static unsigned hmac_sha256(/tls_state_t tls,/ uint8_t out, uint8_t *key, un
460		428
461	va_start(va, key_size);	429	va_start(va, key_size);
462		430
463	hmac_sha256_begin(&pre, key, key_size);	431	hmac_begin(&pre, key, key_size, sha256_begin);
464	len = hmac_sha_precomputed_v(&pre, out, va);	432	len = hmac_sha_precomputed_v(&pre, out, va);
465		433
466	va_end(va);	434	va_end(va);