From 3ce64da44c6f9c5e8016673b0e746ccdb7f06105 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 4 Feb 2016 09:50:29 -0700 Subject: [PATCH] ChaCha20-Poly1305 PSK cipher suites --- src/internal.c | 63 +++++++++++++++++++++++++++++++++++++++ src/keys.c | 60 +++++++++++++++++++++++++++++++++++++ src/ssl.c | 10 ++++++- tests/test-dtls.conf | 36 ++++++++++++++++++++++ tests/test-psk-no-id.conf | 33 ++++++++++++++++++++ tests/test-qsh.conf | 30 +++++++++++++++++++ tests/test.conf | 30 +++++++++++++++++++ wolfssl/internal.h | 17 +++++++++-- 8 files changed, 276 insertions(+), 3 deletions(-) diff --git a/src/internal.c b/src/internal.c index b055af250..5e76a1a86 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1362,6 +1362,27 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA, } #endif +#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 + if (tls && havePSK) { + suites->suites[idx++] = CHACHA_BYTE; + suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256; + } +#endif + +#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + if (tls && havePSK) { + suites->suites[idx++] = CHACHA_BYTE; + suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256; + } +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + if (tls && havePSK) { + suites->suites[idx++] = CHACHA_BYTE; + suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256; + } +#endif + #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 if (tls && havePSK) { suites->suites[idx++] = ECC_BYTE; @@ -3790,6 +3811,24 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (requirement == REQUIRES_DHE) return 1; break; + + + case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : + if (requirement == REQUIRES_PSK) + return 1; + break; + + case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 : + if (requirement == REQUIRES_PSK) + return 1; + break; + + case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : + if (requirement == REQUIRES_PSK) + return 1; + if (requirement == REQUIRES_DHE) + return 1; + break; } } @@ -9962,6 +10001,18 @@ static const char* const cipher_names[] = #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256", #endif + +#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 + "PSK-CHACHA20-POLY1305", +#endif + +#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + "ECDHE-PSK-CHACHA20-POLY1305", +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + "DHE-PSK-CHACHA20-POLY1305", +#endif }; @@ -10388,6 +10439,18 @@ static int cipher_name_idx[] = #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, #endif + +#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, +#endif + +#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, +#endif }; diff --git a/src/keys.c b/src/keys.c index 3167ee551..07a0b1d38 100644 --- a/src/keys.c +++ b/src/keys.c @@ -172,6 +172,66 @@ int SetCipherSpecs(WOLFSSL* ssl) break; #endif + +#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 + case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + ssl->options.oldPoly = 0; /* use recent padding RFC */ + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = ecdhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + ssl->options.oldPoly = 0; /* use recent padding RFC */ + ssl->options.usingPSK_cipher = 1; + break; +#endif + +#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256: + ssl->specs.bulk_cipher_algorithm = wolfssl_chacha; + ssl->specs.cipher_type = aead; + ssl->specs.mac_algorithm = sha256_mac; + ssl->specs.kea = dhe_psk_kea; + ssl->specs.sig_algo = anonymous_sa_algo; + ssl->specs.hash_size = SHA256_DIGEST_SIZE; + ssl->specs.pad_size = PAD_SHA; + ssl->specs.static_ecdh = 0; + ssl->specs.key_size = CHACHA20_256_KEY_SIZE; + ssl->specs.block_size = CHACHA20_BLOCK_SIZE; + ssl->specs.iv_size = CHACHA20_IV_SIZE; + ssl->specs.aead_mac_size = POLY1305_AUTH_SZ; + + ssl->options.oldPoly = 0; /* use recent padding RFC */ + ssl->options.usingPSK_cipher = 1; + break; +#endif default: WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs ChaCha"); return UNSUPPORTED_SUITE; diff --git a/src/ssl.c b/src/ssl.c index c88516c9c..f96862c55 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10190,7 +10190,15 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; -#endif +#ifndef NO_PSK + case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; + case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"; + case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : + return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; +#endif /* NO_PSK */ +#endif /* HAVE_POLY1305 */ } } #endif diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index 9257a5d4a..7faa856f2 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -64,6 +64,42 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/server-ecc.pem +# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-u +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-u +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-u +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-u +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 PSK-CHACHA20-POLY1305 +-u +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + +# client TLSv1.2 PSK-CHACHA20-POLY1305 +-u +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf index 0169ce321..40f63af36 100644 --- a/tests/test-psk-no-id.conf +++ b/tests/test-psk-no-id.conf @@ -1,3 +1,36 @@ +# No Hint server TLSv1.2 PSK-CHACHA20-POLY1305 +-s +-I +-v 3 +-l PSK-CHACHA20-POLY1305 + +# No Hint client TLSv1.2 PSK-CHACHA20-POLY1305 +-s +-v 3 +-l PSK-CHACHA20-POLY1305 + +# No Hint server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-s +-I +-v 3 +-l DHE-PSK-CHACHA20-POLY1305 + +# No Hint client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-s +-v 3 +-l DHE-PSK-CHACHA20-POLY1305 + +# No Hint server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-s +-I +-v 3 +-l ECDHE-PSK-CHACHA20-POLY1305 + +# No Hint client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-s +-v 3 +-l ECDHE-PSK-CHACHA20-POLY1305 + # No Hint server TLSv1 ECDHE-PSK-AES128-SHA256 -s -I diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf index 9ba4f54a9..b12b49cf7 100644 --- a/tests/test-qsh.conf +++ b/tests/test-qsh.conf @@ -1,3 +1,33 @@ +# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l QSH:DHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l QSH:DHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l QSH:ECDHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l QSH:ECDHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 PSK-CHACHA20-POLY1305 +-v 3 +-s +-l QSH:PSK-CHACHA20-POLY1305 + +# client TLSv1.2 PSK-CHACHA20-POLY1305 +-v 3 +-s +-l QSH:PSK-CHACHA20-POLY1305 + # server TLSv1 DHE-RSA-CHACHA20-POLY1305 -v 1 -l QSH:DHE-RSA-CHACHA20-POLY1305 diff --git a/tests/test.conf b/tests/test.conf index ab067b6c3..1bd560de9 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -52,6 +52,36 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/server-ecc.pem +# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 PSK-CHACHA20-POLY1305 +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + +# client TLSv1.2 PSK-CHACHA20-POLY1305 +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 3d2d2bdd4..adf7a1185 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -532,8 +532,8 @@ typedef byte word24[3]; #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 #endif #endif - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) \ - && !defined(NO_OLD_POLY1305) + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) + #if !defined(NO_OLD_POLY1305) #ifdef HAVE_ECC #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 #ifndef NO_RSA @@ -543,6 +543,16 @@ typedef byte word24[3]; #if !defined(NO_DH) && !defined(NO_RSA) #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 #endif + #endif /* NO_OLD_POLY1305 */ + #if !defined(NO_PSK) + #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 + #ifdef HAVE_ECC + #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + #endif + #ifndef NO_DH + #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 + #endif + #endif /* !NO_PSK */ #endif #endif /* !WOLFSSL_MAX_STRENGTH */ @@ -816,6 +826,9 @@ enum { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa, + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac, + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab, + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad, /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,