x/busybox
1
0
Fork 0
mirror of https://git.busybox.net/busybox synced 2026-02-15 22:16:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
busybox/networking/tls.h
Denys Vlasenko 22b66febbd tls: server: fix incorrect key_block assignments - now works against openssl s_client 
function                                             old     new   delta
privRsaEncryptSignedElement                            -     236    +236
tls_handshake_as_server                             2033    2264    +231
.rodata                                           108079  108301    +222
initialize_aes_keys                                    -      77     +77
xwrite_encrypted                                     507     506      -1
tls_handshake                                       1519    1500     -19
derive_master_secret_and_keys                        154     123     -31
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 2/3 up/down: 766/-51)           Total: 715 bytes

Totoal growth compared to code before TLS server code:

function                                             old     new   delta
tls_handshake_as_server                                -    2264   +2264
.rodata                                           107074  108301   +1227
psRsaCrypt                                             -     577    +577
load_rsa_priv_key                                      -     282    +282
ssl_server_main                                        -     279    +279
privRsaEncryptSignedElement                            -     236    +236
ssl_client_main                                      137     363    +226
psRsaDecryptPriv                                       -     171    +171
set_cipher_parameters                                  -     161    +161
derive_master_secret_and_keys                          -     123    +123
packed_usage                                       36034   36146    +112
sp_ecc_make_key_256                                    -     103    +103
send_finished                                          -      94     +94
get_change_cipher_spec                                 -      88     +88
initialize_aes_keys                                    -      77     +77
static.BLOCK_NAMES                                     -      70     +70
curve_P256_compute_premaster                           -      65     +65
der_binary_to_pstm                                     -      50     +50
curve_x25519_generate_keypair                          -      44     +44
get_finished                                           -      42     +42
get_outbuf_fill_handshake_record                       -      37     +37
client_hello_ciphers                                   -      32     +32
curve_P256_generate_keypair                            -      27     +27
sp_256_from_bin_8                                      -      26     +26
tls_xread_record                                     681     704     +23
curve_x25519_compute_premaster                         -      15     +15
applet_names                                        2870    2881     +11
applet_main                                         1652    1656      +4
xwrite_encrypted                                     507     506      -1
xwrite_and_update_handshake_hash                      76      59     -17
sp_256_point_from_bin2x32                             70      43     -27
curve_x25519_compute_pubkey_and_premaster             71      39     -32
curve_P256_compute_pubkey_and_premaster              167      65    -102
psRsaEncryptPub                                      395     199    -196
tls_handshake                                       2069    1500    -569
------------------------------------------------------------------------------
(add/remove: 23/0 grow/shrink: 6/7 up/down: 6466/-944)       Total: 5522 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2026-02-15 15:26:31 +01:00

139 lines
4.1 KiB
C
Raw Permalink Blame History

/*
* Copyright (C) 2017 Denys Vlasenko
*
* Licensed under GPLv2, see file LICENSE in this source tree.
*/
/* Interface glue between bbox code and minimally tweaked matrixssl
* code. All C files (matrixssl and bbox (ones which need TLS))
* include this file, and guaranteed to see a consistent API,
* defines, types, etc.
*/
#include "libbb.h"
/* Config tweaks */
#define HAVE_NATIVE_INT64
#undef USE_1024_KEY_SPEED_OPTIMIZATIONS
#undef USE_2048_KEY_SPEED_OPTIMIZATIONS
#define USE_AES
#undef USE_AES_CBC_EXTERNAL
#undef USE_AES_CCM
#undef USE_AES_GCM
#undef USE_3DES
#undef USE_ARC4
#undef USE_IDEA
#undef USE_RC2
#undef USE_SEED
/* pstm: multiprecision numbers */
#undef DISABLE_PSTM
#if defined(__GNUC__) && defined(__i386__)
/* PSTM_X86 works correctly. +25 bytes. */
# define PSTM_32BIT
# define PSTM_X86
#endif
#if defined(__GNUC__) && defined(__x86_64__)
/* PSTM_64BIT + PSTM_X86_64 works correctly, but:
* +928 bytes if PSTM_64BIT but !PSTM_X86_64
* +1003 bytes with INNERMUL8 (loop unrolling in pstm_montgomery_reduce())
* +664 bytes without INNERMUL8
*/
//# define PSTM_64BIT
//# define PSTM_X86_64
#endif
//#if SOME_COND #define PSTM_MIPS, #define PSTM_32BIT
//#if SOME_COND #define PSTM_ARM, #define PSTM_32BIT
#define PS_SUCCESS 0
#define PS_FAILURE -1
#define PS_ARG_FAIL -6 /* Failure due to bad function param */
#define PS_PLATFORM_FAIL -7 /* Failure as a result of system call error */
#define PS_MEM_FAIL -8 /* Failure to allocate requested memory */
#define PS_LIMIT_FAIL -9 /* Failure on sanity/limit tests */
#define PS_UNSUPPORTED_FAIL -10 /* Unsupported algorithm or operation */
#define PS_TRUE 1
#define PS_FALSE 0
#undef ENDIAN_BIG
#undef ENDIAN_LITTLE
#if BB_BIG_ENDIAN
# define ENDIAN_BIG 1
//#???? ENDIAN_32BITWORD
// controls only STORE32L, which we don't use
#else
# define ENDIAN_LITTLE 1
#endif
typedef uint64_t uint64;
typedef int64_t int64;
typedef uint32_t uint32;
typedef int32_t int32;
typedef uint16_t uint16;
typedef int16_t int16;
//typedef char psPool_t;
//#ifdef PS_PUBKEY_OPTIMIZE_FOR_SMALLER_RAM
#define PS_EXPTMOD_WINSIZE 3
//#ifdef PS_PUBKEY_OPTIMIZE_FOR_FASTER_SPEED
//#define PS_EXPTMOD_WINSIZE 5
#define PUBKEY_TYPE 0x01
#define PRIVKEY_TYPE 0x02
#define AES_BLOCK_SIZE 16
void tls_get_random(void *buf, unsigned len) FAST_FUNC;
#define ALIGNED_long ALIGNED(sizeof(long))
#define xorbuf_aligned_AES_BLOCK_SIZE(dst,src) xorbuf16_aligned_long(dst,src)
#define xorbuf_AES_BLOCK_SIZE(dst,src) xorbuf16(dst,src)
#define matrixCryptoGetPrngData(buf, len, userPtr) (tls_get_random(buf, len), PS_SUCCESS)
#define psMalloc(pool, size) xmalloc(size)
#define psFree(p, pool) free(p)
#define psTraceCrypto(msg) bb_simple_error_msg_and_die(msg)
/* Secure zerofill */
#define memset_s(A,B,C,D) memset((A),(C),(D))
/* Constant time memory comparison */
#define memcmpct(s1, s2, len) memcmp((s1), (s2), (len))
#undef min
#define min(x, y) ((x) < (y) ? (x) : (y))
#include "tls_pstm.h"
#include "tls_aes.h"
#include "tls_aesgcm.h"
#include "tls_rsa.h"
#define EC_CURVE_KEYSIZE 32
#define P256_KEYSIZE 32
#define CURVE25519_KEYSIZE 32
/* Separate keypair generation and premaster computation functions */
void curve_x25519_generate_keypair(
uint8_t *privkey32, uint8_t *pubkey32) FAST_FUNC;
void curve_x25519_compute_premaster(
const uint8_t *privkey32, const uint8_t *peerkey32,
uint8_t *premaster32) FAST_FUNC;
#if ENABLE_SSL_SERVER
void curve_P256_generate_keypair(
uint8_t *privkey32, uint8_t *pubkey2x32) FAST_FUNC;
void curve_P256_compute_premaster(
const uint8_t *privkey32, const uint8_t *peerkey2x32,
uint8_t *premaster32) FAST_FUNC;
#endif
/* Combined operations (for client-side use) */
void curve_x25519_compute_pubkey_and_premaster(
uint8_t *pubkey32, uint8_t *premaster32,
const uint8_t *peerkey32) FAST_FUNC;
void curve_P256_compute_pubkey_and_premaster(
uint8_t *pubkey2x32, uint8_t *premaster32,
const uint8_t *peerkey2x32) FAST_FUNC;
void curve_P256_compute_pubkey_and_premaster_NEW(
uint8_t *pubkey2x32, uint8_t *premaster32,
const uint8_t *peerkey2x32) FAST_FUNC;
Reference in a new issue View git blame Copy permalink