aboutsummaryrefslogtreecommitdiff
path: root/networking/tls.c
AgeCommit message (Collapse)Author
2018-02-06wget: initial support for ftps://Denys Vlasenko
function old new delta spawn_ssl_client - 185 +185 parse_url 409 461 +52 packed_usage 32259 32278 +19 tls_run_copy_loop 293 306 +13 ssl_client_main 128 138 +10 showmode 330 338 +8 P_FTPS - 5 +5 filter_datapoints 177 179 +2 deflate 907 905 -2 decode_one_format 723 716 -7 wget_main 2591 2440 -151 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 6/3 up/down: 294/-160) Total: 134 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-02-06tls: fix hash calculations if client cert is requested and sentDenys Vlasenko
Symptoms: connecting to openssl s_server -cert vsftpd.pem -port 990 -debug -cipher AES128-SHA works, but with "-verify 1" option added it does not. function old new delta tls_xread_record 474 499 +25 tls_handshake 1582 1607 +25 bad_record_die 98 110 +12 tls_run_copy_loop 282 293 +11 tls_xread_handshake_block 58 51 -7 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 4/1 up/down: 73/-7) Total: 66 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-07-04tls: use capped SNI len everywhereDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-04tls: do not compile in TLS_RSA_WITH_NULL_SHA256 code if unreachableDenys Vlasenko
function old new delta tls_handshake 1595 1588 -7 xwrite_encrypted 244 209 -35 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-03tls: avoid using int16 in pstm codeDenys Vlasenko
function old new delta pstm_div 1472 1522 +50 psRsaEncryptPub 403 413 +10 pstm_2expt 91 96 +5 pstm_clear 68 72 +4 pstm_init 39 42 +3 pstm_unsigned_bin_size 36 37 +1 pstm_montgomery_reduce 398 399 +1 pstm_init_size 45 46 +1 pstm_zero 39 38 -1 pstm_set 35 34 -1 pstm_read_unsigned_bin 112 109 -3 pstm_mulmod 123 120 -3 pstm_mod 116 113 -3 pstm_cmp 57 54 -3 pstm_sub 107 102 -5 pstm_to_unsigned_bin 157 151 -6 pstm_clamp 63 57 -6 pstm_add 116 108 -8 pstm_grow 81 72 -9 pstm_count_bits 57 48 -9 pstm_init_copy 84 72 -12 pstm_cmp_mag 93 78 -15 pstm_sqr_comba 567 551 -16 pstm_montgomery_calc_normalization 158 140 -18 pstm_copy 115 92 -23 pstm_lshd 133 109 -24 pstm_mul_comba 525 500 -25 pstm_mul_d 251 224 -27 s_pstm_sub 256 228 -28 s_pstm_add 370 337 -33 pstm_div_2d 444 409 -35 pstm_mul_2 195 156 -39 pstm_rshd 154 104 -50 pstm_mul_2d 247 186 -61 pstm_exptmod 1524 1463 -61 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 8/27 up/down: 75/-524) Total: -449 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-03tls: merge sha1 and sha256 hmac functionsDenys Vlasenko
function old new delta hmac_begin - 196 +196 hmac_sha256 61 68 +7 hmac 250 87 -163 hmac_sha256_begin 190 - -190 ------------------------------------------------------------------------------ (add/remove: 1/1 grow/shrink: 1/1 up/down: 203/-353) Total: -150 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-02-16tls: covert i/o loop from using select() to poll()Denys Vlasenko
function old new delta tls_run_copy_loop 377 282 -95 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-02-04tls: fold AES CBC en/decryption into single functionsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-02-03wget/tls: session_id of zero length is ok (arxiv.org responds with such)Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24tls: can download kernels now :)Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24tls: if got CERTIFICATE_REQUEST, send an empty CERTIFICATEDenys Vlasenko
wolfssl test server is not satisfied by an empty one, but some real servers might be. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-24tls: add 2nd cipher_id, TLS_RSA_WITH_AES_128_CBC_SHA, so far it doesn't workDenys Vlasenko
Good news that TLS_RSA_WITH_AES_256_CBC_SHA256 still works with new code ;) This change adds inevitable extension to have different sized hashes and AES key sizes. In libbb, md5_end() and shaX_end() are extended to return result size instead of void - this helps *a lot* in tls (the cost is ~5 bytes per _end() function). Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23tls: reorder tls_handshake_data fields for smaller size, tweak commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23tls: send EMPTY_RENEGOTIATION_INFO_SCSV in our client helloDenys Vlasenko
Hoped this can make cdn.kernel.org to like us more. Nope. While at it, made error reporting more useful. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23tls: set TLS_DEBUG to 0; placate a gcc indentation warningDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-23separate TLS code into a library, use in in wgetDenys Vlasenko
A new applet, ssl_client, is the TLS debug thing now. It doubles as wget's NOMMU helper. In MMU mode, wget still forks, but then directly calls TLS code, without execing. This can also be applied to sendmail/popmail (SMTPS / SMTP+starttls support) and nc --ssl (ncat, nmap's nc clone, has such option). function old new delta tls_handshake - 1691 +1691 tls_run_copy_loop - 443 +443 ssl_client_main - 128 +128 packed_usage 30978 31007 +29 wget_main 2508 2535 +27 applet_names 2553 2560 +7 ... xwrite_encrypted 360 342 -18 tls_main 2127 - -2127 ------------------------------------------------------------------------------ (add/remove: 4/1 grow/shrink: 13/8 up/down: 2351/-2195) Total: 156 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-21tls: reorder tls_state fields for smaller offsetsDenys Vlasenko
function old new delta xwrite_encrypted 363 360 -3 xwrite_and_update_handshake_hash 117 114 -3 tls_xread_handshake_block 72 69 -3 tls_error_die 211 202 -9 tls_get_outbuf 64 49 -15 tls_main 2163 2127 -36 tls_xread_record 702 639 -63 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 0/7 up/down: 0/-132) Total: -132 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20tls: send SNI in the client helloDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20tls: check size on "MAC-only, no crypt" code path tooDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20tls: AES decrypt does one unnecessary memmoveDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20tls: make input buffer grow as neededDenys Vlasenko
As it turns out, it goes only up to "inbuf_size:4608" for kernel.org - fixed 18kb buffer was x4 larger than necessary. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20tls: improve i/o loopDenys Vlasenko
With tls_has_buffered_record(), entire kernel.org response is printed at once, without 6 second pause to see its delayed EOF. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20tls: was psAesDecrypt'ing one block too many, trashing buffered dataDenys Vlasenko
For the first time printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" | ./busybox tls kernel.org successfully reads entire server response and TLS shutdown. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20tls: do not use common_bufsizDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20tls: decode alerts and in particular, EOF alert.Denys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-20tls: add the i/o loop - largish rework of i/o bufferingDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19tls: tested PSTM_X86_64, not enabling it - too largeDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-19tls: teach it to decrypt AES256-encrypted dataDenys Vlasenko
This adds decryption only. There is no MAC verification, code simply throws away MAC. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18tls: trim commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18tls: teach it to send AES256-encrypted dataDenys Vlasenko
>> CLIENT_HELLO wrote 50 bytes insize:0 tail:0 got block len:74 got HANDSHAKE << SERVER_HELLO insize:79 tail:0 got block len:2397 got HANDSHAKE << CERTIFICATE key bytes:271, first:0x00 server_rsa_pub_key.size:256 insize:2402 tail:0 got block len:4 got HANDSHAKE << SERVER_HELLO_DONE >> CLIENT_KEY_EXCHANGE wrote 267 bytes master secret:c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78 client_write_MAC_key:3b0b7e2bab241b629c37eb3a3824f09b39fe71a00876b0c8026dda16ef0d2f82 client_write_key:d36e801470ed2f0a8fc886ac25df57ffbe4265d06e3192122c4ef4df1e32fab2 >> CHANGE_CIPHER_SPEC from secret: c51df5b1e3b3f57373cdd8ea28e8ce562059636cf9f585d0b89c7f4bacec97e674d7b91f93e7b500cb64637f240c3b78 from labelSeed: 636c69656e742066696e6973686564b22e0e6008b8ee218cc02e4a93e4a42b570535f9b57662e262d43b379d125b69 => digest: a45bfee8ed6507a2a9920d0c >> FINISHED before crypt: 5 hdr + 16 data + 32 hash bytes writing 5 + 16 IV + 64 encrypted bytes, padding_length:0x0f wrote 85 bytes insize:9 tail:0 got block len:1 << CHANGE_CIPHER_SPEC insize:6 tail:0 got block len:80 < hdr_type:22 ver:3.3 len:80 type:21 len24:9541723 |1591985b...a3da| The last line is the server's FINISHED response, encrypted. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18tls: added AES code and made it compile. not used yetDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-18tls: massage writing for encryption support; finer-grained debugDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: address one easy FIXME, tidy up commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: process CHANGE_CIPHER_SPEC and FINISHED from serverDenys Vlasenko
Successfully finishes handshake with test servers using NULL-SHA256 cipher. The "only" thing remaining before there is a chance this can actually work with real servers is AES encrypt/decrypt. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: rearrange function order, improve commentsDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-17tls: make our send_client_finished() pass server checkDenys Vlasenko
sha256 hash should be calculated over incoming handshake packets too! Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16tls: format FINISHED message properly for unencrypted, but sha256 signed modeDenys Vlasenko
Now it at least looks correct, but unfortunately "openssl s_server" says my hash is wrong. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-16tls: add sha256 hmac and prf codeDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15tls: rearrange code, add/improve comments, fix whitespace, no real changes hereDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15tls: send CHANGE_CIPHER_SPECDenys Vlasenko
To "actually implement it" will take more work... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15whitespace fixDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-15tls: format and send CLIENT_KEY_EXCHANGEDenys Vlasenko
$ ./busybox tls kernel.org insize:0 tail:0 got block len:74 got HANDSHAKE got SERVER_HELLO insize:79 tail:4265 got block len:4392 got HANDSHAKE got CERTIFICATE entered der @0x8b217a7:0x30 len:1452 inner_byte @0x8b217ab:0x30 entered der @0x8b217ab:0x30 len:1172 inner_byte @0x8b217af:0xa0 skipped der 0xa0, next byte 0x02 skipped der 0x02, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 entered der @0x8b218b4:0x30 len:418 inner_byte @0x8b218b8:0x30 skipped der 0x30, next byte 0x03 entered der @0x8b218c7:0x03 len:399 inner_byte @0x8b218cb:0x00 key bytes:399, first:0x00 entered der @0x8b218cc:0x30 len:394 inner_byte @0x8b218d0:0x02 binary bytes:385, first:0x00 skipped der 0x02, next byte 0x02 binary bytes:3, first:0x01 server_rsa_pub_key.size:384 insize:4397 tail:9 got block len:4 got SERVER_HELLO_DONE insize:9 tail:0 ^C Next step: send CHANGE_CIPHER_SPEC... and actually implement it. Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14tls: DER length byte 0x81 is actually validDenys Vlasenko
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14tls: a bit more workDenys Vlasenko
$ ./busybox tls kernel.org insize:0 tail:0 got block len:74 got HANDSHAKE got SERVER_HELLO insize:79 tail:4406 got block len:4392 got HANDSHAKE got CERTIFICATE entered der @0x8f7e723:0x30 len:1452 inner_byte @0x8f7e727:0x30 entered der @0x8f7e727:0x30 len:1172 inner_byte @0x8f7e72b:0xa0 skipped der 0xa0, next byte 0x02 skipped der 0x02, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 skipped der 0x30, next byte 0x30 entered der @0x8f7e830:0x30 len:418 inner_byte @0x8f7e834:0x30 skipped der 0x30, next byte 0x03 entered der @0x8f7e843:0x03 len:399 inner_byte @0x8f7e847:0x00 copying key bytes:399, first:0x00 insize:4397 tail:9 got block len:4 got SERVER_HELLO_DONE Now need to teach it to send ClientKeyExchange... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-01-14tls: work-in-progress TLS1.2 test appletDenys Vlasenko
function old new delta tls_main - 733 +733 dump - 230 +230 xread_tls_block - 180 +180 get_der_len - 76 +76 enter_der_item - 70 +70 skip_der_item - 56 +56 get24be - 24 +24 tls_error_die - 19 +19 packed_usage 31010 31027 +17 applet_names 2549 2553 +4 applet_main 1472 1476 +4 applet_suid 92 93 +1 applet_install_loc 184 185 +1 ------------------------------------------------------------------------------ (add/remove: 9/0 grow/shrink: 5/0 up/down: 1415/0) Total: 1415 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>