wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3660 from dgarske/sess_ticket_aes_gcm

Browse Source 
Added support for AES GCM session ticket encryption
This commit is contained in:
toddouska
2021-01-25 15:00:03 -08:00
committed by GitHub
parent f91dcb950c 59305e9346
commit 6e0e507dad
6 changed files with 77 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
examples/echoserver/echoserver.c
View File

@@ -165,8 +165,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
#endif #endif
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ #if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_POLY1305) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
defined(HAVE_AESGCM))
if (TicketInit() != 0) if (TicketInit() != 0)
err_sys("unable to setup Session Ticket Key context"); err_sys("unable to setup Session Ticket Key context");
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);

5
examples/server/server.c
View File

@@ -1800,8 +1800,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb); wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
} }
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ #if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_POLY1305) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
defined(HAVE_AESGCM))
if (TicketInit() != 0) if (TicketInit() != 0)
err_sys_ex(catastrophic, "unable to setup Session Ticket Key context"); err_sys_ex(catastrophic, "unable to setup Session Ticket Key context");
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);

7
tests/api.c
View File

@@ -2646,8 +2646,9 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
ctx = wolfSSL_CTX_new(method); ctx = wolfSSL_CTX_new(method);
} }
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ #if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_POLY1305) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
defined(HAVE_AESGCM))
TicketInit(); TicketInit();
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif #endif
@@ -31486,7 +31487,7 @@ static void test_wolfSSL_SESSION(void)
/* CHACHA and POLY1305 required for myTicketEncCb */ /* CHACHA and POLY1305 required for myTicketEncCb */
#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \ #if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
!defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \ !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
defined(HAVE_POLY1305))) defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
#else #else
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));

57
wolfssl/test.h
View File

@@ -3926,14 +3926,22 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \ #if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_POLY1305) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
defined(HAVE_AESGCM))
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
#include <wolfssl/wolfcrypt/chacha20_poly1305.h> #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#define WOLFSSL_TICKET_KEY_SZ CHACHA20_POLY1305_AEAD_KEYSIZE
#elif defined(HAVE_AESGCM)
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/wc_encrypt.h> /* AES IV sizes in FIPS mode */
#define WOLFSSL_TICKET_KEY_SZ AES_256_KEY_SIZE
#endif
typedef struct key_ctx { typedef struct key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */ byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */ byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
} key_ctx; } key_ctx;
static THREAD_LS_T key_ctx myKey_ctx; static THREAD_LS_T key_ctx myKey_ctx;
@@ -3970,6 +3978,11 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2]; byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2; int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
byte* tmp = aad; byte* tmp = aad;
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
/* chahca20/poly1305 */
#elif defined(HAVE_AESGCM)
Aes aes;
#endif
(void)ssl; (void)ssl;
(void)userCtx; (void)userCtx;
@@ -3986,22 +3999,35 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
tmp += WOLFSSL_TICKET_NAME_SZ; tmp += WOLFSSL_TICKET_NAME_SZ;
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
tmp += WOLFSSL_TICKET_IV_SZ; tmp += WOLFSSL_TICKET_IV_SZ;
XMEMCPY(tmp, &sLen, 2); XMEMCPY(tmp, &sLen, sizeof(sLen));
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv, ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
aad, aadSz, aad, aadSz,
ticket, inLen, ticket, inLen,
ticket, ticket,
mac); mac);
#elif defined(HAVE_AESGCM)
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
ret = wc_AesGcmSetKey(&aes, myKey_ctx.key, sizeof(myKey_ctx.key));
if (ret == 0) {
ret = wc_AesGcmEncrypt(&aes, ticket, ticket, inLen,
iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
aad, aadSz);
}
wc_AesFree(&aes);
#endif
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */ *outLen = inLen; /* no padding in this mode */
} }
/* decrypt */ /* decrypt */
else { else {
/* see if we know this key */ /* see if we know this key */
if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){ if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
printf("client presented unknown ticket key name "); printf("client presented unknown ticket key name %s\n", key_name);
return WOLFSSL_TICKET_RET_FATAL; return WOLFSSL_TICKET_RET_FATAL;
} }
@@ -4010,13 +4036,27 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
tmp += WOLFSSL_TICKET_NAME_SZ; tmp += WOLFSSL_TICKET_NAME_SZ;
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ); XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
tmp += WOLFSSL_TICKET_IV_SZ; tmp += WOLFSSL_TICKET_IV_SZ;
XMEMCPY(tmp, &sLen, 2); XMEMCPY(tmp, &sLen, sizeof(sLen));
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv, ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
aad, aadSz, aad, aadSz,
ticket, inLen, ticket, inLen,
mac, mac,
ticket); ticket);
#elif defined(HAVE_AESGCM)
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
ret = wc_AesGcmSetKey(&aes, myKey_ctx.key, sizeof(myKey_ctx.key));
if (ret == 0) {
ret = wc_AesGcmDecrypt(&aes, ticket, ticket, inLen,
iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
aad, aadSz);
}
wc_AesFree(&aes);
#endif
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT; if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
*outLen = inLen; /* no padding in this mode */ *outLen = inLen; /* no padding in this mode */
} }
@@ -4024,7 +4064,8 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
return WOLFSSL_TICKET_RET_OK; return WOLFSSL_TICKET_RET_OK;
} }
#endif /* HAVE_SESSION_TICKET && HAVE_CHACHA && HAVE_POLY1305 */ #endif /* HAVE_SESSION_TICKET && ((HAVE_CHACHA && HAVE_POLY1305) || HAVE_AESGCM) */
static WC_INLINE word16 GetRandomPort(void) static WC_INLINE word16 GetRandomPort(void)
{ {

10
wolfssl/wolfcrypt/pkcs7.h
View File

@@ -41,6 +41,7 @@
#ifndef NO_DES3 #ifndef NO_DES3
#include <wolfssl/wolfcrypt/des3.h> #include <wolfssl/wolfcrypt/des3.h>
#endif #endif
#include <wolfssl/wolfcrypt/wc_encrypt.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@@ -157,15 +158,6 @@ enum Pkcs7_Misc {
MAX_RECIP_SZ = MAX_VERSION_SZ + MAX_RECIP_SZ = MAX_VERSION_SZ +
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ, MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)))
/* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are
* not in aes.h for use with pkcs7 so enumerate it here outside the fips
* boundary */
GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */
CCM_NONCE_MIN_SZ = 7,
#endif
}; };
enum Cms_Options { enum Cms_Options {

16
wolfssl/wolfcrypt/wc_encrypt.h
View File

@@ -60,6 +60,22 @@
#endif #endif
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)))
/* In FIPS cert 3389 and CAVP selftest v1 build, these enums are
* not in aes.h. Define them here outside the fips boundary.
*/
#ifndef GCM_NONCE_MID_SZ
/* The usual default nonce size for AES-GCM. */
#define GCM_NONCE_MID_SZ 12
#endif
#ifndef CCM_NONCE_MIN_SZ
#define CCM_NONCE_MIN_SZ 7
#endif
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_AES) && defined(HAVE_AES_CBC)
WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
const byte* key, word32 keySz, const byte* key, word32 keySz,