From a76ba82ccbfee6df5aa86ba2a275b713f3e0f239 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Wed, 9 Dec 2015 21:47:00 +0100 Subject: [PATCH] Wire ChaCha20-Poly1305 to TLS. Reviewed-by: Richard Levitte --- include/openssl/ssl.h | 1 + include/openssl/tls1.h | 18 +++++++ ssl/s3_lib.c | 113 +++++++++++++++++++++++++++++++++++++++++ ssl/ssl_algs.c | 3 ++ ssl/ssl_ciph.c | 4 +- ssl/ssl_locl.h | 1 + ssl/t1_trce.c | 7 +++ 7 files changed, 146 insertions(+), 1 deletion(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index bc58b0b911..81a3ed7044 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -249,6 +249,7 @@ extern "C" { # define SSL_TXT_CAMELLIA128 "CAMELLIA128" # define SSL_TXT_CAMELLIA256 "CAMELLIA256" # define SSL_TXT_CAMELLIA "CAMELLIA" +# define SSL_TXT_CHACHA20 "CHACHA20" # define SSL_TXT_GOST "GOST89" # define SSL_TXT_MD5 "MD5" diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 3bbd1f107e..43a658d52b 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -652,6 +652,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE + /* * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE * ciphers names with "EDH" instead of "DHE". Going forward, we should be @@ -912,6 +921,15 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" +/* draft-ietf-tls-chacha20-poly1305-03 */ +# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" + # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2 # define TLS_CT_RSA_FIXED_DH 3 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 03d03209b5..b6a73b9144 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3527,6 +3527,119 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +# ifndef OPENSSL_NO_EC + /* Cipher CCA8 as per draft-ietf-tls-chacha20-poly1305-03 */ + { + 1, + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305, + SSL_kECDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + SSL_TLSV1_2, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + /* Cipher CCA9 */ + { + 1, + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + SSL_kECDHE, + SSL_aECDSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + SSL_TLSV1_2, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, +# endif +# ifndef OPENSSL_NO_RSA + /* Cipher CCAA */ + { + 1, + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305, + SSL_kDHE, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + SSL_TLSV1_2, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, +# endif +# ifndef OPENSSL_NO_PSK + /* Cipher CCAB */ + { + 1, + TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_PSK_WITH_CHACHA20_POLY1305, + SSL_kPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, + SSL_TLSV1_2, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + /* Cipher CCAC */ + { + 1, + TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305, + SSL_kECDHEPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, + SSL_TLSV1_2, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + /* Cipher CCAD */ + { + 1, + TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305, + SSL_kDHEPSK, + SSL_aPSK, + SSL_CHACHA20POLY1305, + SSL_AEAD, + SSL_TLSV1_2, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, + /* Cipher CCAE */ + { + 1, + TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305, + TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305, + SSL_kRSAPSK, + SSL_aRSA, + SSL_CHACHA20POLY1305, + SSL_AEAD, + SSL_TLSV1_2, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 256, + 256, + }, +# endif +#endif #ifndef OPENSSL_NO_GOST { 1, diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 9a7f15582c..84d4e2342e 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -102,6 +102,9 @@ int SSL_library_init(void) EVP_add_cipher(EVP_camellia_128_cbc()); EVP_add_cipher(EVP_camellia_256_cbc()); #endif +#if !defined(OPENSSL_NO_CHACHA20) && !defined(OPENSSL_NO_POLY1305) + EVP_add_cipher(EVP_chacha20_poly1305()); +#endif #ifndef OPENSSL_NO_SEED EVP_add_cipher(EVP_seed_cbc()); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 69a0cc8984..ea6aba04f4 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -169,7 +169,8 @@ #define SSL_ENC_AES128CCM8_IDX 16 #define SSL_ENC_AES256CCM8_IDX 17 #define SSL_ENC_GOST8912_IDX 18 -#define SSL_ENC_NUM_IDX 19 +#define SSL_ENC_CHACHA_IDX 19 +#define SSL_ENC_NUM_IDX 20 /* NB: make sure indices in these tables match values above */ @@ -199,6 +200,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */ {SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */ {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX */ + {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, }; static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 1e1b26569c..b161387b71 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -368,6 +368,7 @@ # define SSL_AES128CCM8 0x00010000U # define SSL_AES256CCM8 0x00020000U # define SSL_eGOST2814789CNT12 0x00040000U +# define SSL_CHACHA20POLY1305 0x00080000U # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 3a4f039a8c..6f5bed757d 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -461,6 +461,13 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, + {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" }, + {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" }, + {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305" }, + {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305" }, + {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305" }, + {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305" }, + {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305" }, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, }; -- 2.39.5