mirror of https://github.com/wolfSSL/wolfssl
Merge pull request #3660 from dgarske/sess_ticket_aes_gcm
Added support for AES GCM session ticket encryption
This commit is contained in:
commit
6e0e507dad
|
@ -165,8 +165,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
|
|||
CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)
|
||||
#if defined(HAVE_SESSION_TICKET) && \
|
||||
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
|
||||
defined(HAVE_AESGCM))
|
||||
if (TicketInit() != 0)
|
||||
err_sys("unable to setup Session Ticket Key context");
|
||||
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
|
||||
|
|
|
@ -1800,8 +1800,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||
wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb);
|
||||
}
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)
|
||||
#if defined(HAVE_SESSION_TICKET) && \
|
||||
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
|
||||
defined(HAVE_AESGCM))
|
||||
if (TicketInit() != 0)
|
||||
err_sys_ex(catastrophic, "unable to setup Session Ticket Key context");
|
||||
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
|
||||
|
|
|
@ -2646,8 +2646,9 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
|
|||
ctx = wolfSSL_CTX_new(method);
|
||||
}
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)
|
||||
#if defined(HAVE_SESSION_TICKET) && \
|
||||
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
|
||||
defined(HAVE_AESGCM))
|
||||
TicketInit();
|
||||
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
|
||||
#endif
|
||||
|
@ -31486,7 +31487,7 @@ static void test_wolfSSL_SESSION(void)
|
|||
/* CHACHA and POLY1305 required for myTicketEncCb */
|
||||
#if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
|
||||
!defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)))
|
||||
defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
|
||||
AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
|
||||
#else
|
||||
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
|
||||
|
|
|
@ -3926,14 +3926,22 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
|
|||
|
||||
|
||||
|
||||
#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
|
||||
defined(HAVE_POLY1305)
|
||||
#if defined(HAVE_SESSION_TICKET) && \
|
||||
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || \
|
||||
defined(HAVE_AESGCM))
|
||||
|
||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
|
||||
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
|
||||
#define WOLFSSL_TICKET_KEY_SZ CHACHA20_POLY1305_AEAD_KEYSIZE
|
||||
#elif defined(HAVE_AESGCM)
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
#include <wolfssl/wolfcrypt/wc_encrypt.h> /* AES IV sizes in FIPS mode */
|
||||
#define WOLFSSL_TICKET_KEY_SZ AES_256_KEY_SIZE
|
||||
#endif
|
||||
|
||||
typedef struct key_ctx {
|
||||
byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
|
||||
byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; /* cipher key */
|
||||
byte name[WOLFSSL_TICKET_NAME_SZ]; /* name for this context */
|
||||
byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
|
||||
} key_ctx;
|
||||
|
||||
static THREAD_LS_T key_ctx myKey_ctx;
|
||||
|
@ -3970,6 +3978,11 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
|
|||
byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
|
||||
int aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
|
||||
byte* tmp = aad;
|
||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
|
||||
/* chahca20/poly1305 */
|
||||
#elif defined(HAVE_AESGCM)
|
||||
Aes aes;
|
||||
#endif
|
||||
|
||||
(void)ssl;
|
||||
(void)userCtx;
|
||||
|
@ -3986,22 +3999,35 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
|
|||
tmp += WOLFSSL_TICKET_NAME_SZ;
|
||||
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
|
||||
tmp += WOLFSSL_TICKET_IV_SZ;
|
||||
XMEMCPY(tmp, &sLen, 2);
|
||||
XMEMCPY(tmp, &sLen, sizeof(sLen));
|
||||
|
||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
|
||||
ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
|
||||
aad, aadSz,
|
||||
ticket, inLen,
|
||||
ticket,
|
||||
mac);
|
||||
#elif defined(HAVE_AESGCM)
|
||||
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
|
||||
ret = wc_AesGcmSetKey(&aes, myKey_ctx.key, sizeof(myKey_ctx.key));
|
||||
if (ret == 0) {
|
||||
ret = wc_AesGcmEncrypt(&aes, ticket, ticket, inLen,
|
||||
iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
|
||||
aad, aadSz);
|
||||
}
|
||||
wc_AesFree(&aes);
|
||||
#endif
|
||||
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
*outLen = inLen; /* no padding in this mode */
|
||||
}
|
||||
/* decrypt */
|
||||
else {
|
||||
|
||||
/* see if we know this key */
|
||||
if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
|
||||
printf("client presented unknown ticket key name ");
|
||||
printf("client presented unknown ticket key name %s\n", key_name);
|
||||
return WOLFSSL_TICKET_RET_FATAL;
|
||||
}
|
||||
|
||||
|
@ -4010,13 +4036,27 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
|
|||
tmp += WOLFSSL_TICKET_NAME_SZ;
|
||||
XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
|
||||
tmp += WOLFSSL_TICKET_IV_SZ;
|
||||
XMEMCPY(tmp, &sLen, 2);
|
||||
XMEMCPY(tmp, &sLen, sizeof(sLen));
|
||||
|
||||
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
|
||||
ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
|
||||
aad, aadSz,
|
||||
ticket, inLen,
|
||||
mac,
|
||||
ticket);
|
||||
#elif defined(HAVE_AESGCM)
|
||||
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
|
||||
ret = wc_AesGcmSetKey(&aes, myKey_ctx.key, sizeof(myKey_ctx.key));
|
||||
if (ret == 0) {
|
||||
ret = wc_AesGcmDecrypt(&aes, ticket, ticket, inLen,
|
||||
iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE,
|
||||
aad, aadSz);
|
||||
}
|
||||
wc_AesFree(&aes);
|
||||
#endif
|
||||
|
||||
if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
|
||||
*outLen = inLen; /* no padding in this mode */
|
||||
}
|
||||
|
@ -4024,7 +4064,8 @@ static WC_INLINE const char* mymktemp(char *tempfn, int len, int num)
|
|||
return WOLFSSL_TICKET_RET_OK;
|
||||
}
|
||||
|
||||
#endif /* HAVE_SESSION_TICKET && HAVE_CHACHA && HAVE_POLY1305 */
|
||||
#endif /* HAVE_SESSION_TICKET && ((HAVE_CHACHA && HAVE_POLY1305) || HAVE_AESGCM) */
|
||||
|
||||
|
||||
static WC_INLINE word16 GetRandomPort(void)
|
||||
{
|
||||
|
|
|
@ -41,6 +41,7 @@
|
|||
#ifndef NO_DES3
|
||||
#include <wolfssl/wolfcrypt/des3.h>
|
||||
#endif
|
||||
#include <wolfssl/wolfcrypt/wc_encrypt.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
|
@ -157,15 +158,6 @@ enum Pkcs7_Misc {
|
|||
MAX_RECIP_SZ = MAX_VERSION_SZ +
|
||||
MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ +
|
||||
MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ,
|
||||
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
|
||||
(HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \
|
||||
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)))
|
||||
/* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are
|
||||
* not in aes.h for use with pkcs7 so enumerate it here outside the fips
|
||||
* boundary */
|
||||
GCM_NONCE_MID_SZ = 12, /* The usual default nonce size for AES-GCM. */
|
||||
CCM_NONCE_MIN_SZ = 7,
|
||||
#endif
|
||||
};
|
||||
|
||||
enum Cms_Options {
|
||||
|
|
|
@ -60,6 +60,22 @@
|
|||
#endif
|
||||
|
||||
|
||||
#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
|
||||
(HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \
|
||||
(!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)))
|
||||
/* In FIPS cert 3389 and CAVP selftest v1 build, these enums are
|
||||
* not in aes.h. Define them here outside the fips boundary.
|
||||
*/
|
||||
#ifndef GCM_NONCE_MID_SZ
|
||||
/* The usual default nonce size for AES-GCM. */
|
||||
#define GCM_NONCE_MID_SZ 12
|
||||
#endif
|
||||
#ifndef CCM_NONCE_MIN_SZ
|
||||
#define CCM_NONCE_MIN_SZ 7
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
|
||||
WOLFSSL_API int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
|
||||
const byte* key, word32 keySz,
|
||||
|
|
Loading…
Reference in New Issue