feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added support for AES GCM session ticket encryption. If ChaCha/Poly is disabled it will use AES GCM. Thanks Sean for the code in ZD 11511.

Browse Source
This commit is contained in:
David Garske
2021-01-18 10:32:19 -08:00
parent 209c4c08e1
commit 219cbd47eb
4 changed files with 59 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
examples/echoserver/echoserver.c
View File

@ -165,8 +165,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ #if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_POLY1305) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
defined(HAVE_AESGCM))
if (TicketInit() != 0) if (TicketInit() != 0)
err_sys("unable to setup Session Ticket Key context"); err_sys("unable to setup Session Ticket Key context");
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);

5
examples/server/server.c
View File

@ -1739,8 +1739,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb); wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
} }
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ #if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_POLY1305) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
defined(HAVE_AESGCM))
if (TicketInit() != 0) if (TicketInit() != 0)
err_sys_ex(catastrophic, "unable to setup Session Ticket Key context"); err_sys_ex(catastrophic, "unable to setup Session Ticket Key context");
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);

7
tests/api.c
View File

@ -2636,8 +2636,9 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
ctx = wolfSSL_CTX_new(method); ctx = wolfSSL_CTX_new(method);
} }
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ #if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_POLY1305) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
defined(HAVE_AESGCM))
TicketInit(); TicketInit();
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif #endif
@ -31466,7 +31467,7 @@ static void test_wolfSSL_SESSION(void)
/* CHACHA and POLY1305 required for myTicketEncCb */ /* CHACHA and POLY1305 required for myTicketEncCb */
#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \ #if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
!defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \ !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305))) defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
#else #else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));

58
wolfssl/test.h
View File

@ -3926,14 +3926,21 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ #if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_POLY1305) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
defined(HAVE_AESGCM))
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
#include <wolfssl/wolfcrypt/chacha20_poly1305.h> #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#define WOLFSSL_TICKET_KEY_SZ CHACHA20_POLY1305_AEAD_KEYSIZE
#elif defined(HAVE_AESGCM)
#include <wolfssl/wolfcrypt/aes.h>
#define WOLFSSL_TICKET_KEY_SZ AES_256_KEY_SIZE
#endif
typedef struct key_ctx { typedef struct key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */ byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */ byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
} key_ctx; } key_ctx;
static THREAD_LS_T key_ctx myKey_ctx; static THREAD_LS_T key_ctx myKey_ctx;
@ -3970,6 +3977,11 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2; int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
byte* tmp = aad; byte* tmp = aad;
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
/* chahca20/poly1305 */
#elif defined(HAVE_AESGCM)
Aes aes;
#endif
(void)ssl; (void)ssl;
(void)userCtx; (void)userCtx;
@ -3986,22 +3998,35 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
tmp += WOLFSSL_TICKET_NAME_SZ; tmp += WOLFSSL_TICKET_NAME_SZ;
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
tmp += WOLFSSL_TICKET_IV_SZ; tmp += WOLFSSL_TICKET_IV_SZ;
XMEMCPY(tmp, &sLen, 2); XMEMCPY(tmp, &sLen, sizeof(sLen));
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv, ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
aad, aadSz, aad, aadSz,
ticket, inLen, ticket, inLen,
ticket, ticket,
mac); mac);
#elif defined(HAVE_AESGCM)
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
ret = wc_AesGcmSetKey(&aes, myKey_ctx.key, sizeof(myKey_ctx.key));
if (ret == 0) {
ret = wc_AesGcmEncrypt(&aes, ticket, ticket, inLen,
iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
aad, aadSz);
}
wc_AesFree(&aes);
#endif
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */ *outLen = inLen; /* no padding in this mode */
} }
/* decrypt */ /* decrypt */
else { else {
/* see if we know this key */ /* see if we know this key */
if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){ if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
printf("client presented unknown ticket key name "); printf("client presented unknown ticket key name %s\n", key_name);
return WOLFSSL_TICKET_RET_FATAL; return WOLFSSL_TICKET_RET_FATAL;
} }
@ -4010,13 +4035,27 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
tmp += WOLFSSL_TICKET_NAME_SZ; tmp += WOLFSSL_TICKET_NAME_SZ;
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
tmp += WOLFSSL_TICKET_IV_SZ; tmp += WOLFSSL_TICKET_IV_SZ;
XMEMCPY(tmp, &sLen, 2); XMEMCPY(tmp, &sLen, sizeof(sLen));
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv, ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
aad, aadSz, aad, aadSz,
ticket, inLen, ticket, inLen,
mac, mac,
ticket); ticket);
#elif defined(HAVE_AESGCM)
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
ret = wc_AesGcmSetKey(&aes, myKey_ctx.key, sizeof(myKey_ctx.key));
if (ret == 0) {
ret = wc_AesGcmDecrypt(&aes, ticket, ticket, inLen,
iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
aad, aadSz);
}
wc_AesFree(&aes);
#endif
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */ *outLen = inLen; /* no padding in this mode */
} }
@ -4024,7 +4063,8 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
return WOLFSSL_TICKET_RET_OK; return WOLFSSL_TICKET_RET_OK;
} }
#endif /* HAVE_SESSION_TICKET && HAVE_CHACHA && HAVE_POLY1305 */ #endif /* HAVE_SESSION_TICKET && ((HAVE_CHACHA && HAVE_POLY1305) || HAVE_AESGCM) */
static WC_INLINE word16 GetRandomPort(void) static WC_INLINE word16 GetRandomPort(void)
{ {