diff options
author | Denys Vlasenko | 2021-04-26 13:46:36 +0200 |
---|---|---|
committer | Denys Vlasenko | 2021-04-26 13:46:36 +0200 |
commit | 6b69ab68b47d0933f8b4a1d7ed8460274a736a5f (patch) | |
tree | fd8febe91940f0c2fa8761d5ae6e65bfd4f4ec1f /networking/tls.c | |
parent | f18a1fd6f368ada05b33cf36483304a5e3c4945d (diff) | |
download | busybox-6b69ab68b47d0933f8b4a1d7ed8460274a736a5f.zip busybox-6b69ab68b47d0933f8b4a1d7ed8460274a736a5f.tar.gz |
tls: make x25519 key generation code more similar to P256
function old new delta
curve_x25519_compute_pubkey_and_premaster - 74 +74
tls_handshake 2146 2072 -74
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/1 up/down: 74/-74) Total: 0 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/tls.c')
-rw-r--r-- | networking/tls.c | 61 |
1 files changed, 25 insertions, 36 deletions
diff --git a/networking/tls.c b/networking/tls.c index cacd2e9..5566d79 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -1534,7 +1534,7 @@ static void send_client_hello_and_alloc_hsd(tls_state_t *tls, const char *sni) 0x00,0x0a, //extension_type: "supported_groups" 0x00,0x06, //ext len 0x00,0x04, //list len - 0x00,0x17, //curve_secp256r1 + 0x00,0x17, //curve_secp256r1 (aka P256) //0x00,0x18, //curve_secp384r1 //0x00,0x19, //curve_secp521r1 0x00,0x1d, //curve_x25519 (RFC 7748) @@ -1890,7 +1890,7 @@ static void process_server_key(tls_state_t *tls, int len) tls->flags |= GOT_EC_CURVE_X25519; memcpy(tls->hsd->ecc_pub_key32, keybuf, 32); break; - case _0x03001741: //curve_secp256r1 + case _0x03001741: //curve_secp256r1 (aka P256) /* P256 point can be transmitted odd- or even-compressed * (first byte is 3 or 2) or uncompressed (4). */ @@ -1967,46 +1967,35 @@ static void send_client_key_exchange(tls_state_t *tls) record->key[1] = len & 0xff; len += 2; premaster_size = RSA_PREMASTER_SIZE; - } else /* ECDHE */ - if (tls->flags & GOT_EC_CURVE_X25519) { - /* ECDHE, curve x25519 */ - static const uint8_t basepoint9[CURVE25519_KEYSIZE] ALIGN8 = {9}; - uint8_t privkey[CURVE25519_KEYSIZE]; //[32] - - if (!(tls->flags & GOT_EC_KEY)) - bb_simple_error_msg_and_die("server did not provide EC key"); - - /* Generate random private key, see RFC 7748 */ - tls_get_random(privkey, sizeof(privkey)); - privkey[0] &= 0xf8; - privkey[CURVE25519_KEYSIZE-1] = ((privkey[CURVE25519_KEYSIZE-1] & 0x7f) | 0x40); - - /* Compute public key */ - curve25519(record->key + 1, privkey, basepoint9); - - /* Compute premaster using peer's public key */ - dbg("computing x25519_premaster\n"); - curve25519(premaster, privkey, tls->hsd->ecc_pub_key32); - - len = CURVE25519_KEYSIZE; - record->key[0] = len; - len++; - premaster_size = CURVE25519_KEYSIZE; } else { - /* ECDHE, curve P256 */ + /* ECDHE */ if (!(tls->flags & GOT_EC_KEY)) bb_simple_error_msg_and_die("server did not provide EC key"); - dbg("computing P256_premaster\n"); - curve_P256_compute_pubkey_and_premaster( - record->key + 2, premaster, - /*point:*/ tls->hsd->ecc_pub_key32 - ); - premaster_size = P256_KEYSIZE; - len = 1 + P256_KEYSIZE * 2; + if (tls->flags & GOT_EC_CURVE_X25519) { + /* ECDHE, curve x25519 */ + dbg("computing x25519_premaster\n"); + curve_x25519_compute_pubkey_and_premaster( + record->key + 1, premaster, + /*point:*/ tls->hsd->ecc_pub_key32 + ); + len = CURVE25519_KEYSIZE; + //record->key[0] = len; + //len++; + //premaster_size = CURVE25519_KEYSIZE; + } else { + /* ECDHE, curve P256 */ + dbg("computing P256_premaster\n"); + curve_P256_compute_pubkey_and_premaster( + record->key + 2, premaster, + /*point:*/ tls->hsd->ecc_pub_key32 + ); + record->key[1] = 4; /* "uncompressed point" */ + len = 1 + P256_KEYSIZE * 2; + } record->key[0] = len; - record->key[1] = 4; len++; + premaster_size = P256_KEYSIZE; // = CURVE25519_KEYSIZE = 32 } record->type = HANDSHAKE_CLIENT_KEY_EXCHANGE; |