Denys Vlasenko
959b04bc0e
tls: add comment about dl.fedoraproject.org needing secp256r1 ECC curve
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2019-01-08 16:09:41 +01:00
Denys Vlasenko
3a4d5a73a8
tls: prepare for ECDH_anon ciphers
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-10 19:19:38 +01:00
Denys Vlasenko
c67ff8a1b0
tls: fix a potential (currently "disabled" by a macro) SHA1-related bug
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-10 18:49:29 +01:00
Denys Vlasenko
63bfe0e4c0
tls: if !ENABLE_FEATURE_TLS_SHA1, tls->MAC_size is always SHA256_OUTSIZE for AES-CBC
...
function old new delta
tls_xread_record 634 636 +2
xwrite_encrypted 579 580 +1
tls_handshake 2095 2085 -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 3/-10) Total: -7 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-10 16:43:53 +01:00
Denys Vlasenko
71fa5b0a4c
tls: introduce FEATURE_TLS_SHA1 to make SHA1 code optional
...
When disabled:
function old new delta
xwrite_encrypted 580 579 -1
prf_hmac_sha256 222 217 -5
hmac_begin 158 149 -9
static.ciphers 32 20 -12
tls_handshake 2115 2095 -20
hmac 87 61 -26
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/6 up/down: 0/-73) Total: -73 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-12-10 16:14:58 +01:00
Denys Vlasenko
dffc8ff6a6
tls: add ECDHE_PSK and remove ARIA cipher ids
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-27 10:35:10 +01:00
Denys Vlasenko
8a46c74f8d
tls: add _anon_ cipher definitions
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 17:33:17 +01:00
Denys Vlasenko
2eb04290f9
tls: enable TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher
...
function old new delta
static.ciphers 30 32 +2
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 16:39:35 +01:00
Denys Vlasenko
60f784027e
tls: cipher 009D is not yet supported, don't test for it
...
function old new delta
tls_handshake 2116 2108 -8
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 16:30:22 +01:00
Denys Vlasenko
d9f6c3b091
tls: speed up prf_hmac_sha256()
...
function old new delta
hmac_sha_precomputed - 58 +58
prf_hmac_sha256 181 222 +41
hmac_sha256 68 - -68
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 1/0 up/down: 99/-68) Total: 31 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 15:55:41 +01:00
Denys Vlasenko
d4681c7293
tls: simplify hmac_begin()
...
function old new delta
hmac_begin 196 158 -38
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 10:33:23 +01:00
Denys Vlasenko
ca7cdd4b03
tls: add support for 8 more cipher ids - all tested to work
...
function old new delta
tls_handshake 2059 2116 +57
static.ciphers - 30 +30
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/0 up/down: 87/0) Total: 87 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-26 00:17:10 +01:00
Denys Vlasenko
838b88c044
tls: fix comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 18:52:47 +01:00
Denys Vlasenko
330d7f53f7
tls: add a comment on expanding list of supported ciphers
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 17:27:48 +01:00
Denys Vlasenko
a6192f347f
tls: do not leak RSA key
...
function old new delta
tls_handshake 1957 2059 +102
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 16:17:26 +01:00
Denys Vlasenko
eb53d01be5
tls: code shrink
...
function old new delta
xwrite_and_update_handshake_hash 81 80 -1
tls_handshake 1987 1957 -30
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 14:45:55 +01:00
Denys Vlasenko
a33b008240
tls: code shrink
...
function old new delta
tls_handshake 1993 1987 -6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 14:28:32 +01:00
Denys Vlasenko
be5ca42e8d
tls: code shrink
...
function old new delta
aesgcm_GHASH 223 196 -27
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 14:03:59 +01:00
Denys Vlasenko
ab3c5e4c44
tls: actually fill in CIPHER_ID3 value in hello message
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-25 00:53:19 +01:00
Denys Vlasenko
d2923b3d23
tls: fix is.gd again, fix AES-CBC using decrypt key instead of encrypt
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 21:26:20 +01:00
Denys Vlasenko
03569bc50f
tls: speed up xor'ing of aligned 16-byte buffers
...
function old new delta
xorbuf_aligned_AES_BLOCK_SIZE - 23 +23
xwrite_encrypted 585 580 -5
aesgcm_GHASH 233 228 -5
GMULT 192 187 -5
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/3 up/down: 23/-15) Total: 8 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 14:08:29 +01:00
Denys Vlasenko
941440cf16
tls: in AES-GCM decoding, avoid memmove
...
function old new delta
xorbuf3 - 36 +36
xorbuf 24 12 -12
tls_xread_record 656 634 -22
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/2 up/down: 36/-34) Total: 2 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-24 13:51:46 +01:00
Denys Vlasenko
624066f0cc
tls: make tls_get_random() FAST_FUNC
...
function old new delta
tls_handshake 1977 1985 +8
tls_get_random 32 28 -4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 8/-4) Total: 4 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 19:24:57 +01:00
Denys Vlasenko
219c9d4b5d
tls: code shrink
...
function old new delta
xwrite_encrypted 599 585 -14
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 18:48:20 +01:00
Denys Vlasenko
ecc9090cfc
tls: simplify aesgcm_GHASH()
...
function old new delta
xwrite_encrypted 604 599 -5
FlattenSzInBits 52 - -52
aesgcm_GHASH 395 262 -133
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/2 up/down: 0/-190) Total: -190 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 18:31:26 +01:00
Denys Vlasenko
5e4236d226
tls: in AES-CBC code, do not set key for every record - do it once
...
function old new delta
aes_setkey 16 212 +196
tls_handshake 1941 1977 +36
aes_encrypt_1 382 396 +14
xwrite_encrypted 605 604 -1
tls_xread_record 659 656 -3
aes_encrypt_one_block 65 59 -6
aes_cbc_encrypt 172 121 -51
aesgcm_setkey 58 - -58
aes_cbc_decrypt 958 881 -77
KeyExpansion 188 - -188
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384) Total: -138 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 18:02:44 +01:00
Denys Vlasenko
83e5c627e1
tls: add support for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher
...
function old new delta
xwrite_encrypted 209 605 +396
GHASH - 395 +395
aes_encrypt_1 - 382 +382
GMULT - 192 +192
tls_xread_record 489 659 +170
aes_encrypt_one_block - 65 +65
aesgcm_setkey - 58 +58
FlattenSzInBits - 52 +52
tls_handshake 1890 1941 +51
xwrite_and_update_handshake_hash 46 81 +35
xorbuf - 24 +24
aes_setkey - 16 +16
psRsaEncryptPub 413 421 +8
stty_main 1221 1227 +6
ssl_client_main 138 143 +5
next_token 841 845 +4
spawn_ssl_client 218 219 +1
volume_id_probe_hfs_hfsplus 564 563 -1
read_package_field 232 230 -2
i2cdetect_main 674 672 -2
fail_hunk 139 136 -3
parse_expr 891 883 -8
curve25519 802 793 -9
aes_cbc_decrypt 971 958 -13
xwrite_handshake_record 43 - -43
aes_cbc_encrypt 644 172 -472
------------------------------------------------------------------------------
(add/remove: 9/1 grow/shrink: 9/8 up/down: 1860/-553) Total: 1307 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 17:48:07 +01:00
Denys Vlasenko
4e46b98a45
tls: add comment, no code changes
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-18 19:50:24 +01:00
Denys Vlasenko
d5a0405a6f
tls: code shrink
...
function old new delta
tls_get_zeroed_outbuf - 28 +28
static.empty_client_cert 7 - -7
tls_handshake 1930 1890 -40
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 0/1 up/down: 28/-47) Total: -19 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 11:58:53 +01:00
Denys Vlasenko
de7b5bb59a
tls: tidy up recently added ECDSA code
...
function old new delta
tls_handshake 1935 1930 -5
static.OID_ECDSA_KEY_ALG 21 11 -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-15) Total: -15 bytes
text data bss dec hex filename
950036 477 7296 957809 e9d71 busybox_old
950048 477 7296 957821 e9d7d busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 11:44:32 +01:00
Denys Vlasenko
bddb6545a9
tls: add support for ECDHE-ECDSA-AES-128-CBC-SHA and x25519 curve
...
function old new delta
curve25519 - 835 +835
tls_handshake 1619 1935 +316
xc_diffadd - 230 +230
fe_mul__distinct - 149 +149
lm_sub - 103 +103
lm_add - 82 +82
fe_mul_c - 74 +74
fe_select - 45 +45
static.f25519_one - 32 +32
static.basepoint9 - 32 +32
static.OID_ECDSA_KEY_ALG - 21 +21
static.OID_RSA_KEY_ALG - 13 +13
static.supported_groups - 8 +8
static.empty_client_cert - 7 +7
der_binary_to_pstm 40 42 +2
static.expected 13 - -13
------------------------------------------------------------------------------
(add/remove: 14/1 grow/shrink: 2/0 up/down: 1949/-13) Total: 1936 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-13 02:17:54 +01:00
Denys Vlasenko
084bac472b
tls: code shrink
...
function old new delta
tls_handshake 1643 1619 -24
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-05 00:19:15 +01:00
Denys Vlasenko
5df3b12241
tls: reorder a few more cipher ids
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04 21:25:41 +01:00
Denys Vlasenko
b29d045581
tls: move TLS_AES_128_GCM_SHA256 definition up
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04 21:18:29 +01:00
Denys Vlasenko
9b0ce4d608
tls: add more cipher ids, no code changes
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-04 20:53:54 +01:00
Ivan Abrea
5cb4f9081f
tls: fix to handle X.509 v1 certificates correctly
...
The syntax of public key certificates can be found in RFC 5280 section
4.1. The relevant part of the syntax is the following:
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
... remaining fields omitted ...
}
The version field has a default value of v1. RFC 5280 section 4.1.2.1
says the following:
If only basic fields are present, the version SHOULD be 1 (the value
is omitted from the certificate as the default value); however, the
version MAY be 2 or 3.
To help detect if the version field is present or not, the type of the
version field has an explicit tag of [0]. Due to this tag, if the
version field is present, its encoding will have an identifier octet
that is distinct from that of the serialNumber field.
ITU-T X.690 specifies how a value of such a type should be encoded with
DER. There is a PDF of X.690 freely available from ITU-T. X.690 section
8.1.2 specifies the format of identifier octets which is the first
component of every encoded value. Identifier octets encode the tag of a
type. Bits 8 and 7 encode the tag class. Bit 6 will be 0 if the encoding
is primitive and 1 if the encoding is constructed. Bits 5 to 1 encode
the tag number.
X.690 section 8.14 specifies what the identifier octet should be for
explicitly tagged types. Section 8.14.3 says if implicit tagging is not
used, then the encoding shall be constructed. The version field uses
explicit tagging and not implicit tagging, so its encoding will be
constructed. This means bit 6 of the identifier octet should be 1.
X.690 section 8.14 and Annex A provide examples. Note from their
examples that the notation for tags could look like [APPLICATION 2]
where both the tag class and tag number are given. For this example, the
tag class is 1 (application) and the tag number is 2. For notation like
[0] where the tag class is omitted and only the tag number is given, the
tag class will be context-specific.
Putting this all together, the identifier octet for the DER encoding of
the version field should have a tag class of 2 (context-specific), bit 6
as 1 (constructed), and a tag number of 0.
Signed-off-by: Ivan Abrea <ivan@algosolutions.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-06-24 20:05:24 +02:00
Denys Vlasenko
a48eadbc22
tls: remove redundant floor prevention
...
function old new delta
tls_xread_record 499 489 -10
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-02-14 17:37:41 +01:00
Denys Vlasenko
403f2999f9
wget: initial support for ftps://
...
function old new delta
spawn_ssl_client - 185 +185
parse_url 409 461 +52
packed_usage 32259 32278 +19
tls_run_copy_loop 293 306 +13
ssl_client_main 128 138 +10
showmode 330 338 +8
P_FTPS - 5 +5
filter_datapoints 177 179 +2
deflate 907 905 -2
decode_one_format 723 716 -7
wget_main 2591 2440 -151
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 6/3 up/down: 294/-160) Total: 134 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-02-06 15:15:08 +01:00
Denys Vlasenko
98066662aa
tls: fix hash calculations if client cert is requested and sent
...
Symptoms: connecting to
openssl s_server -cert vsftpd.pem -port 990 -debug -cipher AES128-SHA
works, but with "-verify 1" option added it does not.
function old new delta
tls_xread_record 474 499 +25
tls_handshake 1582 1607 +25
bad_record_die 98 110 +12
tls_run_copy_loop 282 293 +11
tls_xread_handshake_block 58 51 -7
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 4/1 up/down: 73/-7) Total: 66 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-02-06 13:33:00 +01:00
Denys Vlasenko
558aae1a33
tls: use capped SNI len everywhere
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04 16:52:45 +02:00
Denys Vlasenko
5d561ef634
tls: do not compile in TLS_RSA_WITH_NULL_SHA256 code if unreachable
...
function old new delta
tls_handshake 1595 1588 -7
xwrite_encrypted 244 209 -35
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-04 01:41:15 +02:00
Denys Vlasenko
229d3c467d
tls: avoid using int16 in pstm code
...
function old new delta
pstm_div 1472 1522 +50
psRsaEncryptPub 403 413 +10
pstm_2expt 91 96 +5
pstm_clear 68 72 +4
pstm_init 39 42 +3
pstm_unsigned_bin_size 36 37 +1
pstm_montgomery_reduce 398 399 +1
pstm_init_size 45 46 +1
pstm_zero 39 38 -1
pstm_set 35 34 -1
pstm_read_unsigned_bin 112 109 -3
pstm_mulmod 123 120 -3
pstm_mod 116 113 -3
pstm_cmp 57 54 -3
pstm_sub 107 102 -5
pstm_to_unsigned_bin 157 151 -6
pstm_clamp 63 57 -6
pstm_add 116 108 -8
pstm_grow 81 72 -9
pstm_count_bits 57 48 -9
pstm_init_copy 84 72 -12
pstm_cmp_mag 93 78 -15
pstm_sqr_comba 567 551 -16
pstm_montgomery_calc_normalization 158 140 -18
pstm_copy 115 92 -23
pstm_lshd 133 109 -24
pstm_mul_comba 525 500 -25
pstm_mul_d 251 224 -27
s_pstm_sub 256 228 -28
s_pstm_add 370 337 -33
pstm_div_2d 444 409 -35
pstm_mul_2 195 156 -39
pstm_rshd 154 104 -50
pstm_mul_2d 247 186 -61
pstm_exptmod 1524 1463 -61
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 8/27 up/down: 75/-524) Total: -449 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-03 21:53:29 +02:00
Denys Vlasenko
636c3b627c
tls: merge sha1 and sha256 hmac functions
...
function old new delta
hmac_begin - 196 +196
hmac_sha256 61 68 +7
hmac 250 87 -163
hmac_sha256_begin 190 - -190
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 1/1 up/down: 203/-353) Total: -150 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-03 17:43:44 +02:00
Denys Vlasenko
0ec4d08ea3
tls: covert i/o loop from using select() to poll()
...
function old new delta
tls_run_copy_loop 377 282 -95
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-02-16 16:51:18 +01:00
Denys Vlasenko
c31b54fd81
tls: fold AES CBC en/decryption into single functions
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-02-04 16:23:49 +01:00
Denys Vlasenko
5b05d9db29
wget/tls: session_id of zero length is ok (arxiv.org responds with such)
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-02-03 18:23:52 +01:00
Denys Vlasenko
89193f985b
tls: can download kernels now :)
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24 18:08:07 +01:00
Denys Vlasenko
1500b3a50d
tls: if got CERTIFICATE_REQUEST, send an empty CERTIFICATE
...
wolfssl test server is not satisfied by an empty one,
but some real servers might be.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24 17:06:10 +01:00
Denys Vlasenko
49ecee098d
tls: add 2nd cipher_id, TLS_RSA_WITH_AES_128_CBC_SHA, so far it doesn't work
...
Good news that TLS_RSA_WITH_AES_256_CBC_SHA256 still works with new code ;)
This change adds inevitable extension to have different sized hashes and AES key sizes.
In libbb, md5_end() and shaX_end() are extended to return result size instead of void -
this helps *a lot* in tls (the cost is ~5 bytes per _end() function).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24 16:00:54 +01:00
Denys Vlasenko
7a18b9502a
tls: reorder tls_handshake_data fields for smaller size, tweak comments
...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23 16:37:04 +01:00