Add CCM mode support for TLS 1.3
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2550)
This commit is contained in:
parent
aa24c47c83
commit
ec07b1d872
3 changed files with 41 additions and 22 deletions
|
@ -24,7 +24,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
|
|||
{
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
size_t ivlen, offset, loop;
|
||||
size_t ivlen, taglen, offset, loop;
|
||||
unsigned char *staticiv;
|
||||
unsigned char *seq;
|
||||
int lenu, lenf;
|
||||
|
@ -53,21 +53,27 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
|
|||
}
|
||||
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
|
||||
|
||||
if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CCM_MODE) {
|
||||
if (s->s3->tmp.new_cipher->algorithm_enc
|
||||
& (SSL_AES128CCM8 | SSL_AES256CCM8))
|
||||
taglen = EVP_CCM8_TLS_TAG_LEN;
|
||||
else
|
||||
taglen = EVP_CCM_TLS_TAG_LEN;
|
||||
if (send && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
|
||||
NULL) <= 0)
|
||||
return -1;
|
||||
} else {
|
||||
taglen = EVP_GCM_TLS_TAG_LEN;
|
||||
}
|
||||
|
||||
if (!send) {
|
||||
/*
|
||||
* Take off tag. There must be at least one byte of content type as
|
||||
* well as the tag
|
||||
*/
|
||||
/*
|
||||
* TODO(TLS1.3): We're going to need to figure out the tag len based on
|
||||
* the cipher. For now we just support GCM tags.
|
||||
* TODO(TLS1.3): When we've swapped over the record layer to TLSv1.3
|
||||
* then the length must be 1 + the tag len to account for the content
|
||||
* byte that we know must have been encrypted.
|
||||
*/
|
||||
if (rec->length < EVP_GCM_TLS_TAG_LEN)
|
||||
if (rec->length < taglen + 1)
|
||||
return 0;
|
||||
rec->length -= EVP_GCM_TLS_TAG_LEN;
|
||||
rec->length -= taglen;
|
||||
}
|
||||
|
||||
/* Set up IV */
|
||||
|
@ -93,22 +99,21 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send)
|
|||
|
||||
/* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */
|
||||
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, send) <= 0
|
||||
|| (!send && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
|
||||
taglen,
|
||||
rec->data + rec->length) <= 0)
|
||||
|| EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
|
||||
(unsigned int)rec->length) <= 0
|
||||
|| (!send && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
|
||||
EVP_GCM_TLS_TAG_LEN,
|
||||
rec->data + rec->length) <= 0)
|
||||
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
|
||||
|| (size_t)(lenu + lenf) != rec->length) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (send) {
|
||||
/* Add the tag */
|
||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, EVP_GCM_TLS_TAG_LEN,
|
||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
|
||||
rec->data + rec->length) <= 0)
|
||||
return -1;
|
||||
rec->length += EVP_GCM_TLS_TAG_LEN;
|
||||
rec->length += taglen;
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
|
|
@ -281,9 +281,9 @@ int tls1_change_cipher_state(SSL *s, int which)
|
|||
int taglen;
|
||||
if (s->s3->tmp.
|
||||
new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
|
||||
taglen = 8;
|
||||
taglen = EVP_CCM8_TLS_TAG_LEN;
|
||||
else
|
||||
taglen = 16;
|
||||
taglen = EVP_CCM_TLS_TAG_LEN;
|
||||
if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
|
||||
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
|
||||
|| !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
|
||||
|
|
|
@ -264,7 +264,7 @@ int tls13_change_cipher_state(SSL *s, int which)
|
|||
const char *log_label = NULL;
|
||||
EVP_CIPHER_CTX *ciph_ctx;
|
||||
const EVP_CIPHER *ciph = s->s3->tmp.new_sym_enc;
|
||||
size_t ivlen, keylen, finsecretlen = 0;
|
||||
size_t ivlen, keylen, taglen, finsecretlen = 0;
|
||||
const unsigned char *label;
|
||||
size_t labellen, hashlen = 0;
|
||||
int ret = 0;
|
||||
|
@ -373,7 +373,17 @@ int tls13_change_cipher_state(SSL *s, int which)
|
|||
|
||||
/* TODO(size_t): convert me */
|
||||
keylen = EVP_CIPHER_key_length(ciph);
|
||||
if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) {
|
||||
ivlen = EVP_CCM_TLS_IV_LEN;
|
||||
if (s->s3->tmp.new_cipher->algorithm_enc
|
||||
& (SSL_AES128CCM8 | SSL_AES256CCM8))
|
||||
taglen = EVP_CCM8_TLS_TAG_LEN;
|
||||
else
|
||||
taglen = EVP_CCM_TLS_TAG_LEN;
|
||||
} else {
|
||||
ivlen = EVP_CIPHER_iv_length(ciph);
|
||||
taglen = 0;
|
||||
}
|
||||
|
||||
if (!ssl_log_secret(s, log_label, secret, hashlen)) {
|
||||
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
|
||||
|
@ -391,8 +401,12 @@ int tls13_change_cipher_state(SSL *s, int which)
|
|||
goto err;
|
||||
}
|
||||
|
||||
if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, key, NULL,
|
||||
(which & SSL3_CC_WRITE)) <= 0) {
|
||||
if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL,
|
||||
(which & SSL3_CC_WRITE)) <= 0
|
||||
|| !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
|
||||
|| (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
|
||||
taglen, NULL))
|
||||
|| EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) {
|
||||
SSLerr(SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_EVP_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue