Skip to content
Permalink
Browse files

ssl: add draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 Suites

  • Loading branch information...
Andreas Schultz
Andreas Schultz committed Jul 13, 2014
1 parent b304284 commit 68369bf04d9d7597ed2339dad16087e2d12fcb85
Showing with 77 additions and 13 deletions.
  1. +61 −13 lib/ssl/src/ssl_cipher.erl
  2. +11 −0 lib/ssl/src/ssl_cipher.hrl
  3. +1 −0 lib/ssl/src/ssl_record.hrl
  4. +4 −0 lib/ssl/src/tls_v1.erl
@@ -141,8 +141,16 @@ cipher(?AES_CBC, CipherState, Mac, Fragment, Version) ->
%% Use for suites that use authenticated encryption with associated data (AEAD)
%%-------------------------------------------------------------------
cipher_aead(?AES_GCM, CipherState, SeqNo, AAD, Fragment, Version) ->
aead_cipher(aes_gcm, CipherState, SeqNo, AAD, Fragment, Version).
aead_cipher(aes_gcm, CipherState, SeqNo, AAD, Fragment, Version);
cipher_aead(?CHACHA20_POLY1305, CipherState, SeqNo, AAD, Fragment, Version) ->
aead_cipher(chacha20_poly1305, CipherState, SeqNo, AAD, Fragment, Version).

aead_cipher(chacha20_poly1305, #cipher_state{key=Key} = CipherState, SeqNo, AAD0, Fragment, _Version) ->
CipherLen = erlang:iolist_size(Fragment),
AAD = <<AAD0/binary, ?UINT16(CipherLen)>>,
Nonce = <<SeqNo:64/integer>>,
{Content, CipherTag} = crypto:block_encrypt(chacha20_poly1305, Key, Nonce, {AAD, Fragment}),
{<<Content/binary, CipherTag/binary>>, CipherState};
aead_cipher(Type, #cipher_state{key=Key, iv = IV0, nonce = Nonce} = CipherState, _SeqNo, AAD0, Fragment, _Version) ->
CipherLen = erlang:iolist_size(Fragment),
AAD = <<AAD0/binary, ?UINT16(CipherLen)>>,
@@ -224,7 +232,9 @@ decipher(?AES_CBC, HashSz, CipherState, Fragment, Version) ->
%% Use for suites that use authenticated encryption with associated data (AEAD)
%%-------------------------------------------------------------------
decipher_aead(?AES_GCM, CipherState, SeqNo, AAD, Fragment, Version) ->
aead_decipher(aes_gcm, CipherState, SeqNo, AAD, Fragment, Version).
aead_decipher(aes_gcm, CipherState, SeqNo, AAD, Fragment, Version);
decipher_aead(?CHACHA20_POLY1305, CipherState, SeqNo, AAD, Fragment, Version) ->
aead_decipher(chacha20_poly1305, CipherState, SeqNo, AAD, Fragment, Version).

block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0,
HashSz, Fragment, Version) ->
@@ -256,6 +266,12 @@ block_decipher(Fun, #cipher_state{key=Key, iv=IV} = CipherState0,
?ALERT_REC(?FATAL, ?BAD_RECORD_MAC)
end.

aead_ciphertext_to_state(chacha20_poly1305, SeqNo, _IV, AAD0, Fragment, _Version) ->
CipherLen = size(Fragment) - 16,
<<CipherText:CipherLen/bytes, CipherTag:16/bytes>> = Fragment,
AAD = <<AAD0/binary, ?UINT16(CipherLen)>>,
Nonce = <<SeqNo:64/integer>>,
{Nonce, AAD, CipherText, CipherTag};
aead_ciphertext_to_state(_, _SeqNo, <<Salt:4/bytes, _/binary>>, AAD0, Fragment, _Version) ->
CipherLen = size(Fragment) - 24,
<<ExplicitNonce:8/bytes, CipherText:CipherLen/bytes, CipherTag:16/bytes>> = Fragment,
@@ -674,7 +690,15 @@ suite_definition(?TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) ->
suite_definition(?TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256) ->
{ecdh_rsa, aes_128_gcm, null, sha256};
suite_definition(?TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384) ->
{ecdh_rsa, aes_256_gcm, null, sha384}.
{ecdh_rsa, aes_256_gcm, null, sha384};

%% draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 Suites
suite_definition(?TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) ->
{ecdhe_rsa, chacha20_poly1305, null, sha256};
suite_definition(?TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) ->
{ecdhe_ecdsa, chacha20_poly1305, null, sha256};
suite_definition(?TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) ->
{dhe_rsa, chacha20_poly1305, null, sha256}.

%%--------------------------------------------------------------------
-spec suite(erl_cipher_suite()) -> cipher_suite().
@@ -954,7 +978,16 @@ suite({ecdhe_rsa, aes_256_gcm, null}) ->
suite({ecdh_rsa, aes_128_gcm, null}) ->
?TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
suite({ecdh_rsa, aes_256_gcm, null}) ->
?TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384.
?TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;


%% draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 Suites
suite({ecdhe_rsa, chacha20_poly1305, null}) ->
?TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
suite({ecdhe_ecdsa, chacha20_poly1305, null}) ->
?TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256;
suite({dhe_rsa, chacha20_poly1305, null}) ->
?TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256.

%%--------------------------------------------------------------------
-spec openssl_suite(openssl_cipher_suite()) -> cipher_suite().
@@ -1373,6 +1406,9 @@ is_acceptable_cipher(Cipher, Algos)
when Cipher == aes_128_gcm;
Cipher == aes_256_gcm ->
proplists:get_bool(aes_gcm, Algos);
is_acceptable_cipher(Cipher, Algos)
when Cipher == chacha20_poly1305 ->
proplists:get_bool(Cipher, Algos);
is_acceptable_cipher(_, _) ->
true.

@@ -1403,7 +1439,9 @@ bulk_cipher_algorithm(Cipher) when Cipher == aes_128_cbc;
?AES_CBC;
bulk_cipher_algorithm(Cipher) when Cipher == aes_128_gcm;
Cipher == aes_256_gcm ->
?AES_GCM.
?AES_GCM;
bulk_cipher_algorithm(chacha20_poly1305) ->
?CHACHA20_POLY1305.

type(Cipher) when Cipher == null;
Cipher == rc4_128 ->
@@ -1415,7 +1453,8 @@ type(Cipher) when Cipher == des_cbc;
Cipher == aes_256_cbc ->
?BLOCK;
type(Cipher) when Cipher == aes_128_gcm;
Cipher == aes_256_gcm ->
Cipher == aes_256_gcm;
Cipher == chacha20_poly1305 ->
?AEAD.

key_material(null) ->
@@ -1433,6 +1472,8 @@ key_material(aes_256_cbc) ->
key_material(aes_128_gcm) ->
16;
key_material(aes_256_gcm) ->
32;
key_material(chacha20_poly1305) ->
32.

expanded_key_material(null) ->
@@ -1446,7 +1487,8 @@ expanded_key_material('3des_ede_cbc') ->
expanded_key_material(Cipher) when Cipher == aes_128_cbc;
Cipher == aes_256_cbc;
Cipher == aes_128_gcm;
Cipher == aes_256_gcm ->
Cipher == aes_256_gcm;
Cipher == chacha20_poly1305 ->
unknown.


@@ -1461,11 +1503,13 @@ effective_key_bits(Cipher) when Cipher == rc4_128;
effective_key_bits('3des_ede_cbc') ->
168;
effective_key_bits(Cipher) when Cipher == aes_256_cbc;
Cipher == aes_256_gcm ->
Cipher == aes_256_gcm;
Cipher == chacha20_poly1305 ->
256.

iv_size(Cipher) when Cipher == null;
Cipher == rc4_128 ->
Cipher == rc4_128;
Cipher == chacha20_poly1305->
0;

iv_size(Cipher) when Cipher == aes_128_gcm;
@@ -1482,7 +1526,8 @@ block_size(Cipher) when Cipher == des_cbc;
block_size(Cipher) when Cipher == aes_128_cbc;
Cipher == aes_256_cbc;
Cipher == aes_128_gcm;
Cipher == aes_256_gcm ->
Cipher == aes_256_gcm;
Cipher == chacha20_poly1305 ->
16.

prf_algorithm(default_prf, {3, N}) when N >= 3 ->
@@ -1638,7 +1683,8 @@ dhe_rsa_suites() ->
?TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
?TLS_DHE_RSA_WITH_DES_CBC_SHA,
?TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
?TLS_DHE_RSA_WITH_AES_256_GCM_SHA384].
?TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
?TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256].

psk_rsa_suites() ->
[?TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
@@ -1687,7 +1733,8 @@ ecdhe_rsa_suites() ->
?TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
?TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
?TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
?TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384].
?TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
?TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256].

dsa_signed_suites() ->
dhe_dss_suites() ++ srp_dss_suites().
@@ -1737,7 +1784,8 @@ ecdhe_ecdsa_suites() ->
?TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
?TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
?TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
?TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384].
?TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
?TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256].

filter_keyuse(OtpCert, Ciphers, Suites, SignSuites) ->
TBSCert = OtpCert#'OTPCertificate'.tbsCertificate,
@@ -543,4 +543,15 @@
%% TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = {0xC0,0x32};
-define(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, <<?BYTE(16#C0), ?BYTE(16#32)>>).

%%% Chacha20/Poly1305 Suites draft-agl-tls-chacha20poly1305-04

%% TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x13}
-define(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, <<?BYTE(16#CC), ?BYTE(16#13)>>).

%% TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x14}
-define(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, <<?BYTE(16#CC), ?BYTE(16#14)>>).

%% TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x15}
-define(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, <<?BYTE(16#CC), ?BYTE(16#15)>>).

-endif. % -ifdef(ssl_cipher).
@@ -92,6 +92,7 @@
-define(IDEA, 6).
-define(AES_CBC, 7).
-define(AES_GCM, 8).
-define(CHACHA20_POLY1305, 9).

%% CipherType
-define(STREAM, 0).
@@ -221,6 +221,9 @@ suites(Minor) when Minor == 1; Minor == 2 ->
];
suites(3) ->
[
?TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
?TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,

?TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
?TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
?TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
@@ -230,6 +233,7 @@ suites(3) ->
?TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
?TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,

?TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
?TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
?TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
?TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,

0 comments on commit 68369bf

Please sign in to comment.
You can’t perform that action at this time.