diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-24 16:00:54 +0100 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-24 16:00:54 +0100 |
commit | 49ecee098d062b92fcf095e05e15779c32899646 (patch) | |
tree | a02df1cfc23064d3f37a7adb15e1dafdf7a76c97 /include/libbb.h | |
parent | 9a64c3337cc0a5e84e9ad457eeb1d475c311e9fc (diff) |
tls: add 2nd cipher_id, TLS_RSA_WITH_AES_128_CBC_SHA, so far it doesn't work
Good news that TLS_RSA_WITH_AES_256_CBC_SHA256 still works with new code ;)
This change adds inevitable extension to have different sized hashes and AES key sizes.
In libbb, md5_end() and shaX_end() are extended to return result size instead of void -
this helps *a lot* in tls (the cost is ~5 bytes per _end() function).
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'include/libbb.h')
-rw-r--r-- | include/libbb.h | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/include/libbb.h b/include/libbb.h index ba3b1479e..b1ceb3278 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -713,18 +713,19 @@ struct hostent *xgethostbyname(const char *name) FAST_FUNC; // Also mount.c and inetd.c are using gethostbyname(), // + inet_common.c has additional IPv4-only stuff -#define SHA256_INSIZE 64 -#define SHA256_OUTSIZE 32 -#define AES_BLOCKSIZE 16 -#define AES128_KEYSIZE 16 -#define AES256_KEYSIZE 32 + +#define TLS_MAX_MAC_SIZE 32 +#define TLS_MAX_KEY_SIZE 32 struct tls_handshake_data; /* opaque */ typedef struct tls_state { - int ofd; - int ifd; + int ofd; + int ifd; - int min_encrypted_len_on_read; - uint8_t encrypt_on_write; + int min_encrypted_len_on_read; + uint16_t cipher_id; + uint8_t encrypt_on_write; + unsigned MAC_size; + unsigned key_size; uint8_t *outbuf; int outbuf_size; @@ -746,10 +747,12 @@ typedef struct tls_state { /*uint64_t read_seq64_be;*/ uint64_t write_seq64_be; - uint8_t client_write_MAC_key[SHA256_OUTSIZE]; - uint8_t server_write_MAC_key[SHA256_OUTSIZE]; - uint8_t client_write_key[AES256_KEYSIZE]; - uint8_t server_write_key[AES256_KEYSIZE]; + uint8_t *client_write_key; + uint8_t *server_write_key; + uint8_t client_write_MAC_key[TLS_MAX_MAC_SIZE]; + uint8_t server_write_MAC_k__[TLS_MAX_MAC_SIZE]; + uint8_t client_write_k__[TLS_MAX_KEY_SIZE]; + uint8_t server_write_k__[TLS_MAX_KEY_SIZE]; } tls_state_t; static inline tls_state_t *new_tls_state(void) @@ -760,6 +763,7 @@ static inline tls_state_t *new_tls_state(void) void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC; void tls_run_copy_loop(tls_state_t *tls) FAST_FUNC; + void socket_want_pktinfo(int fd) FAST_FUNC; ssize_t send_to_from(int fd, void *buf, size_t len, int flags, const struct sockaddr *to, @@ -1799,19 +1803,23 @@ typedef struct sha3_ctx_t { } sha3_ctx_t; void md5_begin(md5_ctx_t *ctx) FAST_FUNC; void md5_hash(md5_ctx_t *ctx, const void *buffer, size_t len) FAST_FUNC; -void md5_end(md5_ctx_t *ctx, void *resbuf) FAST_FUNC; +unsigned md5_end(md5_ctx_t *ctx, void *resbuf) FAST_FUNC; void sha1_begin(sha1_ctx_t *ctx) FAST_FUNC; #define sha1_hash md5_hash -void sha1_end(sha1_ctx_t *ctx, void *resbuf) FAST_FUNC; +unsigned sha1_end(sha1_ctx_t *ctx, void *resbuf) FAST_FUNC; void sha256_begin(sha256_ctx_t *ctx) FAST_FUNC; #define sha256_hash md5_hash #define sha256_end sha1_end void sha512_begin(sha512_ctx_t *ctx) FAST_FUNC; void sha512_hash(sha512_ctx_t *ctx, const void *buffer, size_t len) FAST_FUNC; -void sha512_end(sha512_ctx_t *ctx, void *resbuf) FAST_FUNC; +unsigned sha512_end(sha512_ctx_t *ctx, void *resbuf) FAST_FUNC; void sha3_begin(sha3_ctx_t *ctx) FAST_FUNC; void sha3_hash(sha3_ctx_t *ctx, const void *buffer, size_t len) FAST_FUNC; -void sha3_end(sha3_ctx_t *ctx, void *resbuf) FAST_FUNC; +unsigned sha3_end(sha3_ctx_t *ctx, void *resbuf) FAST_FUNC; +/* TLS benefits from knowing that sha1 and sha256 share these. Give them "agnostic" names too */ +typedef struct md5_ctx_t md5sha_ctx_t; +#define md5sha_hash md5_hash +#define sha_end sha1_end extern uint32_t *global_crc32_table; uint32_t *crc32_filltable(uint32_t *tbl256, int endian) FAST_FUNC; |