tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2017 Denys Vlasenko
|
|
|
|
*
|
|
|
|
* Licensed under GPLv2, see file LICENSE in this source tree.
|
|
|
|
*/
|
2017-01-18 17:20:27 +01:00
|
|
|
/* Interface glue between bbox code and minimally tweaked matrixssl
|
|
|
|
* code. All C files (matrixssl and bbox (ones which need TLS))
|
|
|
|
* include this file, and guaranteed to see a consistent API,
|
|
|
|
* defines, types, etc.
|
|
|
|
*/
|
tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
|
|
|
#include "libbb.h"
|
|
|
|
|
2017-01-18 17:20:27 +01:00
|
|
|
|
|
|
|
/* Config tweaks */
|
|
|
|
#define HAVE_NATIVE_INT64
|
tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
|
|
|
#undef USE_1024_KEY_SPEED_OPTIMIZATIONS
|
|
|
|
#undef USE_2048_KEY_SPEED_OPTIMIZATIONS
|
2017-01-18 17:20:27 +01:00
|
|
|
#define USE_AES
|
|
|
|
#undef USE_AES_CBC_EXTERNAL
|
|
|
|
#undef USE_AES_CCM
|
|
|
|
#undef USE_AES_GCM
|
|
|
|
#undef USE_3DES
|
|
|
|
#undef USE_ARC4
|
|
|
|
#undef USE_IDEA
|
|
|
|
#undef USE_RC2
|
|
|
|
#undef USE_SEED
|
|
|
|
/* pstm: multiprecision numbers */
|
|
|
|
#undef DISABLE_PSTM
|
2017-07-15 17:13:08 +02:00
|
|
|
#if defined(__GNUC__) && defined(__i386__)
|
2017-01-19 16:32:38 +01:00
|
|
|
/* PSTM_X86 works correctly. +25 bytes. */
|
2017-01-18 17:20:27 +01:00
|
|
|
# define PSTM_32BIT
|
|
|
|
# define PSTM_X86
|
|
|
|
#endif
|
|
|
|
//#if defined(__GNUC__) && defined(__x86_64__)
|
2017-01-19 16:32:38 +01:00
|
|
|
// /* PSTM_X86_64 works correctly, but +782 bytes. */
|
|
|
|
// /* Looks like most of the growth is because of PSTM_64BIT. */
|
2017-01-18 17:20:27 +01:00
|
|
|
//# define PSTM_64BIT
|
|
|
|
//# define PSTM_X86_64
|
|
|
|
//#endif
|
|
|
|
//#if SOME_COND #define PSTM_MIPS, #define PSTM_32BIT
|
|
|
|
//#if SOME_COND #define PSTM_ARM, #define PSTM_32BIT
|
tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
|
|
|
|
|
|
|
|
|
|
|
#define PS_SUCCESS 0
|
|
|
|
#define PS_FAILURE -1
|
|
|
|
#define PS_ARG_FAIL -6 /* Failure due to bad function param */
|
|
|
|
#define PS_PLATFORM_FAIL -7 /* Failure as a result of system call error */
|
|
|
|
#define PS_MEM_FAIL -8 /* Failure to allocate requested memory */
|
|
|
|
#define PS_LIMIT_FAIL -9 /* Failure on sanity/limit tests */
|
|
|
|
|
|
|
|
#define PS_TRUE 1
|
|
|
|
#define PS_FALSE 0
|
|
|
|
|
|
|
|
#if BB_BIG_ENDIAN
|
|
|
|
# define ENDIAN_BIG 1
|
|
|
|
# undef ENDIAN_LITTLE
|
|
|
|
//#???? ENDIAN_32BITWORD
|
|
|
|
// controls only STORE32L, which we don't use
|
|
|
|
#else
|
|
|
|
# define ENDIAN_LITTLE 1
|
|
|
|
# undef ENDIAN_BIG
|
|
|
|
#endif
|
|
|
|
|
|
|
|
typedef uint64_t uint64;
|
|
|
|
typedef int64_t int64;
|
|
|
|
typedef uint32_t uint32;
|
|
|
|
typedef int32_t int32;
|
|
|
|
typedef uint16_t uint16;
|
|
|
|
typedef int16_t int16;
|
|
|
|
|
2017-01-19 15:51:00 +01:00
|
|
|
//typedef char psPool_t;
|
tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
|
|
|
|
|
|
|
//#ifdef PS_PUBKEY_OPTIMIZE_FOR_SMALLER_RAM
|
|
|
|
#define PS_EXPTMOD_WINSIZE 3
|
|
|
|
//#ifdef PS_PUBKEY_OPTIMIZE_FOR_FASTER_SPEED
|
|
|
|
//#define PS_EXPTMOD_WINSIZE 5
|
|
|
|
|
|
|
|
#define PUBKEY_TYPE 0x01
|
|
|
|
#define PRIVKEY_TYPE 0x02
|
|
|
|
|
2018-11-23 17:21:38 +01:00
|
|
|
#define AES_BLOCK_SIZE 16
|
|
|
|
|
2018-11-23 19:24:57 +01:00
|
|
|
void tls_get_random(void *buf, unsigned len) FAST_FUNC;
|
2018-11-24 14:08:29 +01:00
|
|
|
|
2018-11-24 13:51:46 +01:00
|
|
|
void xorbuf(void* buf, const void* mask, unsigned count) FAST_FUNC;
|
tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
|
|
|
|
2018-11-24 14:08:29 +01:00
|
|
|
#define ALIGNED_long ALIGNED(sizeof(long))
|
|
|
|
void xorbuf_aligned_AES_BLOCK_SIZE(void* buf, const void* mask) FAST_FUNC;
|
|
|
|
|
tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
|
|
|
#define matrixCryptoGetPrngData(buf, len, userPtr) (tls_get_random(buf, len), PS_SUCCESS)
|
|
|
|
|
|
|
|
#define psFree(p, pool) free(p)
|
libbb: reduce the overhead of single parameter bb_error_msg() calls
Back in 2007, commit 0c97c9d43707 ("'simple' error message functions by
Loic Grenie") introduced bb_simple_perror_msg() to allow for a lower
overhead call to bb_perror_msg() when only a string was being printed
with no parameters. This saves space for some CPU architectures because
it avoids the overhead of a call to a variadic function. However there
has never been a simple version of bb_error_msg(), and since 2007 many
new calls to bb_perror_msg() have been added that only take a single
parameter and so could have been using bb_simple_perror_message().
This changeset introduces 'simple' versions of bb_info_msg(),
bb_error_msg(), bb_error_msg_and_die(), bb_herror_msg() and
bb_herror_msg_and_die(), and replaces all calls that only take a
single parameter, or use something like ("%s", arg), with calls to the
corresponding 'simple' version.
Since it is likely that single parameter calls to the variadic functions
may be accidentally reintroduced in the future a new debugging config
option WARN_SIMPLE_MSG has been introduced. This uses some macro magic
which will cause any such calls to generate a warning, but this is
turned off by default to avoid use of the unpleasant macros in normal
circumstances.
This is a large changeset due to the number of calls that have been
replaced. The only files that contain changes other than simple
substitution of function calls are libbb.h, libbb/herror_msg.c,
libbb/verror_msg.c and libbb/xfuncs_printf.c. In miscutils/devfsd.c,
networking/udhcp/common.h and util-linux/mdev.c additonal macros have
been added for logging so that single parameter and multiple parameter
logging variants exist.
The amount of space saved varies considerably by architecture, and was
found to be as follows (for 'defconfig' using GCC 7.4):
Arm: -92 bytes
MIPS: -52 bytes
PPC: -1836 bytes
x86_64: -938 bytes
Note that for the MIPS architecture only an exception had to be made
disabling the 'simple' calls for 'udhcp' (in networking/udhcp/common.h)
because it made these files larger on MIPS.
Signed-off-by: James Byrne <james.byrne@origamienergy.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2019-07-02 11:35:03 +02:00
|
|
|
#define psTraceCrypto(msg) bb_simple_error_msg_and_die(msg)
|
tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
|
|
|
|
|
|
|
/* Secure zerofill */
|
|
|
|
#define memset_s(A,B,C,D) memset((A),(C),(D))
|
|
|
|
/* Constant time memory comparison */
|
|
|
|
#define memcmpct(s1, s2, len) memcmp((s1), (s2), (len))
|
2017-01-18 17:20:27 +01:00
|
|
|
#undef min
|
tls: format and send CLIENT_KEY_EXCHANGE
$ ./busybox tls kernel.org
insize:0 tail:0
got block len:74
got HANDSHAKE
got SERVER_HELLO
insize:79 tail:4265
got block len:4392
got HANDSHAKE
got CERTIFICATE
entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30
entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0
skipped der 0xa0, next byte 0x02
skipped der 0x02, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
skipped der 0x30, next byte 0x30
entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30
skipped der 0x30, next byte 0x03
entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00
key bytes:399, first:0x00
entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02
binary bytes:385, first:0x00
skipped der 0x02, next byte 0x02
binary bytes:3, first:0x01
server_rsa_pub_key.size:384
insize:4397 tail:9
got block len:4
got SERVER_HELLO_DONE
insize:9 tail:0
^C
Next step: send CHANGE_CIPHER_SPEC... and actually implement it.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15 00:12:42 +01:00
|
|
|
#define min(x, y) ((x) < (y) ? (x) : (y))
|
|
|
|
|
|
|
|
|
|
|
|
#include "tls_pstm.h"
|
2017-01-18 17:20:27 +01:00
|
|
|
#include "tls_symmetric.h"
|
|
|
|
#include "tls_aes.h"
|
2018-11-23 17:21:38 +01:00
|
|
|
#include "tls_aesgcm.h"
|
2018-11-13 02:16:24 +01:00
|
|
|
#include "tls_rsa.h"
|
2021-04-26 13:25:56 +02:00
|
|
|
|
|
|
|
#define EC_CURVE_KEYSIZE 32
|
|
|
|
#define P256_KEYSIZE 32
|
|
|
|
#define CURVE25519_KEYSIZE 32
|
|
|
|
|
2021-04-26 13:46:36 +02:00
|
|
|
void curve_x25519_compute_pubkey_and_premaster(
|
2021-04-26 14:33:38 +02:00
|
|
|
uint8_t *pubkey32, uint8_t *premaster32,
|
2021-04-26 13:46:36 +02:00
|
|
|
const uint8_t *peerkey32) FAST_FUNC;
|
|
|
|
|
2021-04-26 13:25:56 +02:00
|
|
|
void curve_P256_compute_pubkey_and_premaster(
|
2021-04-26 14:33:38 +02:00
|
|
|
uint8_t *pubkey2x32, uint8_t *premaster32,
|
|
|
|
const uint8_t *peerkey2x32) FAST_FUNC;
|
2021-10-05 19:45:56 +02:00
|
|
|
|
|
|
|
void curve_P256_compute_pubkey_and_premaster_NEW(
|
|
|
|
uint8_t *pubkey2x32, uint8_t *premaster32,
|
|
|
|
const uint8_t *peerkey2x32) FAST_FUNC;
|