diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-23 16:37:04 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-23 16:37:04 +0100 |
| commit | 7a18b9502aedbd6a9201c7c7603ded997a401f53 (patch) | |
| tree | 2f0ab11079d84a489cd2be2302906c0ac023d54d /networking/tls.c | |
| parent | b5bf1913d31512d1c5f4c9656dc96e6b8dcd92ba (diff) | |
| download | busybox-w32-7a18b9502aedbd6a9201c7c7603ded997a401f53.tar.gz busybox-w32-7a18b9502aedbd6a9201c7c7603ded997a401f53.tar.bz2 busybox-w32-7a18b9502aedbd6a9201c7c7603ded997a401f53.zip | |
tls: reorder tls_handshake_data fields for smaller size, tweak comments
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/tls.c')
| -rw-r--r-- | networking/tls.c | 25 |
1 files changed, 9 insertions, 16 deletions
diff --git a/networking/tls.c b/networking/tls.c index 4456c7d26..8549a21da 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -112,7 +112,7 @@ | |||
| 112 | #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /* 49193 */ | 112 | #define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029 /* 49193 */ |
| 113 | #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /* 49194 */ | 113 | #define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A /* 49194 */ |
| 114 | 114 | ||
| 115 | // RFC 5288 "AES Galois Counter Mode (GCM) Cipher Suites for TLS" | 115 | /* RFC 5288 "AES Galois Counter Mode (GCM) Cipher Suites for TLS" */ |
| 116 | #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C /* 156 */ | 116 | #define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C /* 156 */ |
| 117 | #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D /* 157 */ | 117 | #define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D /* 157 */ |
| 118 | #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /* 49195 */ | 118 | #define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /* 49195 */ |
| @@ -125,16 +125,13 @@ | |||
| 125 | #define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /* 49202 */ | 125 | #define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032 /* 49202 */ |
| 126 | 126 | ||
| 127 | //Tested against kernel.org: | 127 | //Tested against kernel.org: |
| 128 | //TLS 1.1 | ||
| 129 | //#define TLS_MAJ 3 | ||
| 130 | //#define TLS_MIN 2 | ||
| 131 | //#define CIPHER_ID TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA // ok, recvs SERVER_KEY_EXCHANGE | ||
| 132 | //TLS 1.2 | 128 | //TLS 1.2 |
| 133 | #define TLS_MAJ 3 | 129 | #define TLS_MAJ 3 |
| 134 | #define TLS_MIN 3 | 130 | #define TLS_MIN 3 |
| 135 | //#define CIPHER_ID TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA // ok, recvs SERVER_KEY_EXCHANGE *** matrixssl uses this on my box | 131 | //#define CIPHER_ID TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA // ok, recvs SERVER_KEY_EXCHANGE *** matrixssl uses this on my box |
| 136 | //#define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // ok, no SERVER_KEY_EXCHANGE | 132 | //#define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // ok, no SERVER_KEY_EXCHANGE |
| 137 | // All GCMs: | 133 | //#define CIPHER_ID TLS_DH_anon_WITH_AES_256_CBC_SHA // SSL_ALERT_HANDSHAKE_FAILURE |
| 134 | //^^^^^^^^^^^^^^^^^^^^^^^ (tested b/c this one doesn't req server certs... no luck, server refuses it) | ||
| 138 | //#define CIPHER_ID TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 // SSL_ALERT_HANDSHAKE_FAILURE | 135 | //#define CIPHER_ID TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 // SSL_ALERT_HANDSHAKE_FAILURE |
| 139 | //#define CIPHER_ID TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 // SSL_ALERT_HANDSHAKE_FAILURE | 136 | //#define CIPHER_ID TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 // SSL_ALERT_HANDSHAKE_FAILURE |
| 140 | //#define CIPHER_ID TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 // ok, recvs SERVER_KEY_EXCHANGE | 137 | //#define CIPHER_ID TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 // ok, recvs SERVER_KEY_EXCHANGE |
| @@ -145,9 +142,6 @@ | |||
| 145 | //#define CIPHER_ID TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 // SSL_ALERT_HANDSHAKE_FAILURE | 142 | //#define CIPHER_ID TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 // SSL_ALERT_HANDSHAKE_FAILURE |
| 146 | //#define CIPHER_ID TLS_RSA_WITH_AES_256_GCM_SHA384 // ok, no SERVER_KEY_EXCHANGE | 143 | //#define CIPHER_ID TLS_RSA_WITH_AES_256_GCM_SHA384 // ok, no SERVER_KEY_EXCHANGE |
| 147 | //#define CIPHER_ID TLS_RSA_WITH_AES_128_GCM_SHA256 // ok, no SERVER_KEY_EXCHANGE *** select this? | 144 | //#define CIPHER_ID TLS_RSA_WITH_AES_128_GCM_SHA256 // ok, no SERVER_KEY_EXCHANGE *** select this? |
| 148 | //#define CIPHER_ID TLS_DH_anon_WITH_AES_256_CBC_SHA // SSL_ALERT_HANDSHAKE_FAILURE | ||
| 149 | //^^^^^^^^^^^^^^^^^^^^^^^ (tested b/c this one doesn't req server certs... no luck) | ||
| 150 | //test TLS_RSA_WITH_AES_128_CBC_SHA, in TLS 1.2 it's mandated to be always supported | ||
| 151 | 145 | ||
| 152 | // works against "openssl s_server -cipher NULL" | 146 | // works against "openssl s_server -cipher NULL" |
| 153 | // and against wolfssl-3.9.10-stable/examples/server/server.c: | 147 | // and against wolfssl-3.9.10-stable/examples/server/server.c: |
| @@ -163,6 +157,7 @@ | |||
| 163 | // fail: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-SHA256 | 157 | // fail: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-SHA256 |
| 164 | // ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-GCM-SHA256 | 158 | // ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-GCM-SHA256 |
| 165 | // ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-SHA | 159 | // ok: openssl s_client -connect cdn.kernel.org:443 -debug -tls1_2 -no_tls1 -no_tls1_1 -cipher AES128-SHA |
| 160 | // (TLS_RSA_WITH_AES_128_CBC_SHA - in TLS 1.2 it's mandated to be always supported) | ||
| 166 | #define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // no SERVER_KEY_EXCHANGE from peer | 161 | #define CIPHER_ID TLS_RSA_WITH_AES_256_CBC_SHA256 // no SERVER_KEY_EXCHANGE from peer |
| 167 | 162 | ||
| 168 | enum { | 163 | enum { |
| @@ -220,14 +215,12 @@ struct record_hdr { | |||
| 220 | }; | 215 | }; |
| 221 | 216 | ||
| 222 | struct tls_handshake_data { | 217 | struct tls_handshake_data { |
| 218 | sha256_ctx_t handshake_sha256_ctx; | ||
| 219 | uint8_t client_and_server_rand32[2 * 32]; | ||
| 220 | uint8_t master_secret[48]; | ||
| 223 | //TODO: store just the DER key here, parse/use/delete it when sending client key | 221 | //TODO: store just the DER key here, parse/use/delete it when sending client key |
| 224 | //this way it will stay key type agnostic here. | 222 | //this way it will stay key type agnostic here. |
| 225 | psRsaKey_t server_rsa_pub_key; | 223 | psRsaKey_t server_rsa_pub_key; |
| 226 | // this is also unused after client key is sent | ||
| 227 | uint8_t client_and_server_rand32[2 * 32]; | ||
| 228 | // these two are unused after finished messages are exchanged: | ||
| 229 | sha256_ctx_t handshake_sha256_ctx; | ||
| 230 | uint8_t master_secret[48]; | ||
| 231 | }; | 224 | }; |
| 232 | 225 | ||
| 233 | 226 | ||
| @@ -612,8 +605,8 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type) | |||
| 612 | tls_get_random(buf - AES_BLOCKSIZE, AES_BLOCKSIZE); /* IV */ | 605 | tls_get_random(buf - AES_BLOCKSIZE, AES_BLOCKSIZE); /* IV */ |
| 613 | dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", size, SHA256_OUTSIZE); | 606 | dbg("before crypt: 5 hdr + %u data + %u hash bytes\n", size, SHA256_OUTSIZE); |
| 614 | // RFC is talking nonsense: | 607 | // RFC is talking nonsense: |
| 615 | // Padding that is added to force the length of the plaintext to be | 608 | // "Padding that is added to force the length of the plaintext to be |
| 616 | // an integral multiple of the block cipher's block length. | 609 | // an integral multiple of the block cipher's block length." |
| 617 | // WRONG. _padding+padding_length_, not just _padding_, | 610 | // WRONG. _padding+padding_length_, not just _padding_, |
| 618 | // pads the data. | 611 | // pads the data. |
| 619 | // IOW: padding_length is the last byte of padding[] array, | 612 | // IOW: padding_length is the last byte of padding[] array, |