diff options
Diffstat (limited to 'networking/tls.c')
| -rw-r--r-- | networking/tls.c | 61 |
1 files changed, 25 insertions, 36 deletions
diff --git a/networking/tls.c b/networking/tls.c index cacd2e9ff..5566d7911 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -1534,7 +1534,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) | |||
| 1534 | 0x00,0x0a, //extension_type: "supported_groups" | 1534 | 0x00,0x0a, //extension_type: "supported_groups" |
| 1535 | 0x00,0x06, //ext len | 1535 | 0x00,0x06, //ext len |
| 1536 | 0x00,0x04, //list len | 1536 | 0x00,0x04, //list len |
| 1537 | 0x00,0x17, //curve_secp256r1 | 1537 | 0x00,0x17, //curve_secp256r1 (aka P256) |
| 1538 | //0x00,0x18, //curve_secp384r1 | 1538 | //0x00,0x18, //curve_secp384r1 |
| 1539 | //0x00,0x19, //curve_secp521r1 | 1539 | //0x00,0x19, //curve_secp521r1 |
| 1540 | 0x00,0x1d, //curve_x25519 (RFC 7748) | 1540 | 0x00,0x1d, //curve_x25519 (RFC 7748) |
| @@ -1890,7 +1890,7 @@ static void process_server_key(tls_state_t *tls, int len) | |||
| 1890 | tls->flags |= GOT_EC_CURVE_X25519; | 1890 | tls->flags |= GOT_EC_CURVE_X25519; |
| 1891 | memcpy(tls->hsd->ecc_pub_key32, keybuf, 32); | 1891 | memcpy(tls->hsd->ecc_pub_key32, keybuf, 32); |
| 1892 | break; | 1892 | break; |
| 1893 | case _0x03001741: //curve_secp256r1 | 1893 | case _0x03001741: //curve_secp256r1 (aka P256) |
| 1894 | /* P256 point can be transmitted odd- or even-compressed | 1894 | /* P256 point can be transmitted odd- or even-compressed |
| 1895 | * (first byte is 3 or 2) or uncompressed (4). | 1895 | * (first byte is 3 or 2) or uncompressed (4). |
| 1896 | */ | 1896 | */ |
| @@ -1967,46 +1967,35 @@ static void send_client_key_exchange(tls_state_t *tls) | |||
| 1967 | record->key[1] = len & 0xff; | 1967 | record->key[1] = len & 0xff; |
| 1968 | len += 2; | 1968 | len += 2; |
| 1969 | premaster_size = RSA_PREMASTER_SIZE; | 1969 | premaster_size = RSA_PREMASTER_SIZE; |
| 1970 | } else /* ECDHE */ | ||
| 1971 | if (tls->flags & GOT_EC_CURVE_X25519) { | ||
| 1972 | /* ECDHE, curve x25519 */ | ||
| 1973 | static const uint8_t basepoint9[CURVE25519_KEYSIZE] ALIGN8 = {9}; | ||
| 1974 | uint8_t privkey[CURVE25519_KEYSIZE]; //[32] | ||
| 1975 | |||
| 1976 | if (!(tls->flags & GOT_EC_KEY)) | ||
| 1977 | bb_simple_error_msg_and_die("server did not provide EC key"); | ||
| 1978 | |||
| 1979 | /* Generate random private key, see RFC 7748 */ | ||
| 1980 | tls_get_random(privkey, sizeof(privkey)); | ||
| 1981 | privkey[0] &= 0xf8; | ||
| 1982 | privkey[CURVE25519_KEYSIZE-1] = ((privkey[CURVE25519_KEYSIZE-1] & 0x7f) | 0x40); | ||
| 1983 | |||
| 1984 | /* Compute public key */ | ||
| 1985 | curve25519(record->key + 1, privkey, basepoint9); | ||
| 1986 | |||
| 1987 | /* Compute premaster using peer's public key */ | ||
| 1988 | dbg("computing x25519_premaster\n"); | ||
| 1989 | curve25519(premaster, privkey, tls->hsd->ecc_pub_key32); | ||
| 1990 | |||
| 1991 | len = CURVE25519_KEYSIZE; | ||
| 1992 | record->key[0] = len; | ||
| 1993 | len++; | ||
| 1994 | premaster_size = CURVE25519_KEYSIZE; | ||
| 1995 | } else { | 1970 | } else { |
| 1996 | /* ECDHE, curve P256 */ | 1971 | /* ECDHE */ |
| 1997 | if (!(tls->flags & GOT_EC_KEY)) | 1972 | if (!(tls->flags & GOT_EC_KEY)) |
| 1998 | bb_simple_error_msg_and_die("server did not provide EC key"); | 1973 | bb_simple_error_msg_and_die("server did not provide EC key"); |
| 1999 | 1974 | ||
| 2000 | dbg("computing P256_premaster\n"); | 1975 | if (tls->flags & GOT_EC_CURVE_X25519) { |
| 2001 | curve_P256_compute_pubkey_and_premaster( | 1976 | /* ECDHE, curve x25519 */ |
| 2002 | record->key + 2, premaster, | 1977 | dbg("computing x25519_premaster\n"); |
| 2003 | /*point:*/ tls->hsd->ecc_pub_key32 | 1978 | curve_x25519_compute_pubkey_and_premaster( |
| 2004 | ); | 1979 | record->key + 1, premaster, |
| 2005 | premaster_size = P256_KEYSIZE; | 1980 | /*point:*/ tls->hsd->ecc_pub_key32 |
| 2006 | len = 1 + P256_KEYSIZE * 2; | 1981 | ); |
| 1982 | len = CURVE25519_KEYSIZE; | ||
| 1983 | //record->key[0] = len; | ||
| 1984 | //len++; | ||
| 1985 | //premaster_size = CURVE25519_KEYSIZE; | ||
| 1986 | } else { | ||
| 1987 | /* ECDHE, curve P256 */ | ||
| 1988 | dbg("computing P256_premaster\n"); | ||
| 1989 | curve_P256_compute_pubkey_and_premaster( | ||
| 1990 | record->key + 2, premaster, | ||
| 1991 | /*point:*/ tls->hsd->ecc_pub_key32 | ||
| 1992 | ); | ||
| 1993 | record->key[1] = 4; /* "uncompressed point" */ | ||
| 1994 | len = 1 + P256_KEYSIZE * 2; | ||
| 1995 | } | ||
| 2007 | record->key[0] = len; | 1996 | record->key[0] = len; |
| 2008 | record->key[1] = 4; | ||
| 2009 | len++; | 1997 | len++; |
| 1998 | premaster_size = P256_KEYSIZE; // = CURVE25519_KEYSIZE = 32 | ||
| 2010 | } | 1999 | } |
| 2011 | 2000 | ||
| 2012 | record->type = HANDSHAKE_CLIENT_KEY_EXCHANGE; | 2001 | record->type = HANDSHAKE_CLIENT_KEY_EXCHANGE; |