Skip to content
Permalink
Browse files

Add OQS_KEX RLWE BCNS15 ciphersuite to libssl

  • Loading branch information...
dstebila committed Aug 25, 2016
1 parent 58090ad commit 3a04b822b317ac548933c10974bea638086cf29e
Showing with 196 additions and 11 deletions.
  1. +16 −5 ssl/s3_clnt.c
  2. +134 −0 ssl/s3_lib.c
  3. +18 −6 ssl/s3_srvr.c
  4. +3 −0 ssl/ssl.h
  5. +6 −0 ssl/ssl_ciph.c
  6. +2 −0 ssl/ssl_lib.c
  7. +1 −0 ssl/ssl_locl.h
  8. +16 −0 ssl/tls1.h
@@ -169,6 +169,7 @@
#ifndef OPENSSL_NO_OQSKEX
#include <oqs/rand.h>
#include <oqs/kex.h>
#include <oqs/kex_rlwe_bcns15.h>
#endif

static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
@@ -1804,7 +1805,7 @@ int ssl3_get_key_exchange(SSL *s)
#endif /* !OPENSSL_NO_DH */

#ifndef OPENSSL_NO_OQSKEX
else if ((alg_k & SSL_kOQSKEXGENERIC) && !(alg_k & SSL_kEECDH)) {
else if (((alg_k & SSL_kOQSKEXGENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15)) && !(alg_k & SSL_kEECDH)) {
/* Get the OQSKEX message */
srvr_oqskex_msg_len = (p[0] << 8) | p[1];
p += 2;
@@ -1928,7 +1929,7 @@ int ssl3_get_key_exchange(SSL *s)
p += encoded_pt_len;

#ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
if (alg_k & SSL_kOQSKEXGENERIC) {
if ((alg_k & SSL_kOQSKEXGENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15)) {
/* Get the OQSKEX message */
srvr_oqskex_msg_len = (p[0] << 8) | p[1];
p += 2;
@@ -2990,7 +2991,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}

#ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
if (alg_k & SSL_kOQSKEXGENERIC) {
if ((alg_k & SSL_kOQSKEXGENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15)) {
srvr_oqskex_msg = s->session->sess_cert->peer_oqskex_msg_tmp;
srvr_oqskex_msg_len = s->session->sess_cert->peer_oqskex_msg_len_tmp;

@@ -3008,6 +3009,11 @@ int ssl3_send_client_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
}
} else if (alg_k & SSL_kOQSKEX_RLWE_BCNS15) {
if ((oqskex_kex = OQS_KEX_rlwe_bcns15_new(oqskex_rand, NULL, 0)) == NULL) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
}
}

if (OQS_KEX_bob(oqskex_kex, srvr_oqskex_msg, srvr_oqskex_msg_len, &clnt_oqskex_msg, &clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != 1) {
@@ -3073,7 +3079,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}

#ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
if (alg_k & SSL_kOQSKEXGENERIC) {
if ((alg_k & SSL_kOQSKEXGENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15)) {
p[0] = (clnt_oqskex_msg_len >> 8) & 0xFF;
p[1] = clnt_oqskex_msg_len & 0xFF;
p += 2;
@@ -3099,7 +3105,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_OQSKEX
else if ((alg_k & SSL_kOQSKEXGENERIC) && !(alg_k & SSL_kEECDH)) {
else if (((alg_k & SSL_kOQSKEXGENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15)) && !(alg_k & SSL_kEECDH)) {
srvr_oqskex_msg = s->session->sess_cert->peer_oqskex_msg_tmp;
srvr_oqskex_msg_len = s->session->sess_cert->peer_oqskex_msg_len_tmp;

@@ -3117,6 +3123,11 @@ int ssl3_send_client_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
}
} else if (alg_k & SSL_kOQSKEX_RLWE_BCNS15) {
if ((oqskex_kex = OQS_KEX_rlwe_bcns15_new(oqskex_rand, NULL, 0)) == NULL) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
}
}

if (OQS_KEX_bob(oqskex_kex, srvr_oqskex_msg, srvr_oqskex_msg_len, &clnt_oqskex_msg, &clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != 1) {
@@ -3022,6 +3022,140 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {

#endif /* OPENSSL_NO_HYBRID_OQSKEX_ECDHE */

#ifndef OPENSSL_NO_OQSKEX
/* Cipher FF10 */
{
1,
TLS1_TXT_OQSKEX_RLWE_BCNS15_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_OQSKEX_RLWE_BCNS15_RSA_WITH_AES_128_GCM_SHA256,
SSL_kOQSKEX_RLWE_BCNS15,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},

/* Cipher FF11 */
{
1,
TLS1_TXT_OQSKEX_RLWE_BCNS15_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_OQSKEX_RLWE_BCNS15_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_kOQSKEX_RLWE_BCNS15,
SSL_aECDSA,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},

/* Cipher FF12 */
{
1,
TLS1_TXT_OQSKEX_RLWE_BCNS15_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_OQSKEX_RLWE_BCNS15_RSA_WITH_AES_256_GCM_SHA384,
SSL_kOQSKEX_RLWE_BCNS15,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},

/* Cipher FF13 */
{
1,
TLS1_TXT_OQSKEX_RLWE_BCNS15_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_OQSKEX_RLWE_BCNS15_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_kOQSKEX_RLWE_BCNS15,
SSL_aECDSA,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},

#endif /* OPENSSL_NO_OQSKEX */

#ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
/* Cipher FF14 */
{
1,
TLS1_TXT_OQSKEX_RLWE_BCNS15_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_OQSKEX_RLWE_BCNS15_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_kOQSKEX_RLWE_BCNS15|SSL_kEECDH,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},

/* Cipher FF15 */
{
1,
TLS1_TXT_OQSKEX_RLWE_BCNS15_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_OQSKEX_RLWE_BCNS15_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_kOQSKEX_RLWE_BCNS15|SSL_kEECDH,
SSL_aECDSA,
SSL_AES128GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
128,
128,
},

/* Cipher FF16 */
{
1,
TLS1_TXT_OQSKEX_RLWE_BCNS15_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_OQSKEX_RLWE_BCNS15_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_kOQSKEX_RLWE_BCNS15|SSL_kEECDH,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},

/* Cipher FF17 */
{
1,
TLS1_TXT_OQSKEX_RLWE_BCNS15_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_OQSKEX_RLWE_BCNS15_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_kOQSKEX_RLWE_BCNS15|SSL_kEECDH,
SSL_aECDSA,
SSL_AES256GCM,
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP|SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
256,
256,
},

#endif /* OPENSSL_NO_HYBRID_OQSKEX_ECDHE */

#ifdef TEMP_GOST_TLS
/* Cipher FF00 */
{
@@ -172,6 +172,7 @@
#ifndef OPENSSL_NO_OQSKEX
#include <oqs/rand.h>
#include <oqs/kex.h>
#include <oqs/kex_rlwe_bcns15.h>
#endif

#ifndef OPENSSL_NO_SSL3_METHOD
@@ -483,6 +484,7 @@ int ssl3_accept(SSL *s)
|| (alg_k & SSL_kEDH)
|| (alg_k & SSL_kEECDH)
|| (alg_k & SSL_kOQSKEXGENERIC)
|| (alg_k & SSL_kOQSKEX_RLWE_BCNS15)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
@@ -1835,7 +1837,7 @@ int ssl3_send_server_key_exchange(SSL *s)
r[3] = NULL;

#ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
if (type & SSL_kOQSKEXGENERIC) {
if ((type & SSL_kOQSKEXGENERIC) || (type & SSL_kOQSKEX_RLWE_BCNS15)) {
if ((s->s3->tmp.oqskex_rand = OQS_RAND_new()) == NULL) {
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
@@ -1845,6 +1847,11 @@ int ssl3_send_server_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
}
} else if (type & SSL_kOQSKEX_RLWE_BCNS15) {
if ((s->s3->tmp.oqskex_kex = OQS_KEX_rlwe_bcns15_new(s->s3->tmp.oqskex_rand, NULL, 0)) == NULL) {
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
}
}

if (OQS_KEX_alice_0(s->s3->tmp.oqskex_kex, &(s->s3->tmp.oqskex_priv), &oqskex_srvr_msg, &oqskex_srvr_msg_len) != 1) {
@@ -1859,7 +1866,7 @@ int ssl3_send_server_key_exchange(SSL *s)
} else
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_OQSKEX
if ((type & SSL_kOQSKEXGENERIC) && !(type & SSL_kEECDH)) {
if (((type & SSL_kOQSKEXGENERIC) || (type & SSL_kOQSKEX_RLWE_BCNS15)) && !(type & SSL_kEECDH)) {
if ((s->s3->tmp.oqskex_rand = OQS_RAND_new()) == NULL) {
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
@@ -1869,6 +1876,11 @@ int ssl3_send_server_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
}
} else if (type & SSL_kOQSKEX_RLWE_BCNS15) {
if ((s->s3->tmp.oqskex_kex = OQS_KEX_rlwe_bcns15_new(s->s3->tmp.oqskex_rand, NULL, 0)) == NULL) {
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
}
}

if (OQS_KEX_alice_0(s->s3->tmp.oqskex_kex, &(s->s3->tmp.oqskex_priv), &oqskex_srvr_msg, &oqskex_srvr_msg_len) != 1) {
@@ -1987,7 +1999,7 @@ int ssl3_send_server_key_exchange(SSL *s)
#endif

#ifndef OPENSSL_NO_OQSKEX
if (type & SSL_kOQSKEXGENERIC) {
if ((type & SSL_kOQSKEXGENERIC) || (type & SSL_kOQSKEX_RLWE_BCNS15)) {
p[0] = (oqskex_srvr_msg_len >> 8) & 0xFF;
p[1] = oqskex_srvr_msg_len & 0xFF;
p += 2;
@@ -2780,7 +2792,7 @@ int ssl3_get_client_key_exchange(SSL *s)
}

#ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
if (alg_k & SSL_kOQSKEXGENERIC) {
if ((alg_k & SSL_kOQSKEXGENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15)) {
/* Parse client message */
if (n < 2) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BAD_LENGTH);
@@ -2829,7 +2841,7 @@ int ssl3_get_client_key_exchange(SSL *s)
s->s3->tmp.ecdh = NULL;

#ifndef OPENSSL_NO_HYBRID_OQSKEX_ECDHE
if (alg_k & SSL_kOQSKEXGENERIC) {
if ((alg_k & SSL_kOQSKEXGENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15)) {
if (OQS_KEX_alice_1(s->s3->tmp.oqskex_kex, s->s3->tmp.oqskex_priv, clnt_oqskex_msg, clnt_oqskex_msg_len, &pprime_oqskex, &nprime_oqskex) != 1) {
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
goto err;
@@ -2861,7 +2873,7 @@ int ssl3_get_client_key_exchange(SSL *s)
} else
#endif
#ifndef OPENSSL_NO_OQSKEX
if ((alg_k & SSL_kOQSKEXGENERIC) && !(alg_k & SSL_kEECDH)) {
if (((alg_k & SSL_kOQSKEXGENERIC) || (alg_k & SSL_kOQSKEX_RLWE_BCNS15)) && !(alg_k & SSL_kEECDH)) {
int ret = 1;

/* Parse client message */
@@ -254,6 +254,7 @@ extern "C" {
# define SSL_TXT_kEECDH "kEECDH"
# define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */
# define SSL_TXT_kOQSKEXGENERIC "kOQSKEXGENERIC"
# define SSL_TXT_kOQSKEX_RLWE_BCNS15 "kOQSKEX-RLWE-BCNS15"
# define SSL_TXT_kPSK "kPSK"
# define SSL_TXT_kGOST "kGOST"
# define SSL_TXT_kSRP "kSRP"
@@ -281,6 +282,8 @@ extern "C" {
# define SSL_TXT_ECDHE "ECDHE"/* alias for ECDHE" */
# define SSL_TXT_OQSKEXGENERIC "OQSKEXGENERIC"
# define SSL_TXT_OQSKEXGENERICECDHE "OQSKEXGENERIC-ECDHE"
# define SSL_TXT_OQSKEX_RLWE_BCNS15 "OQSKEX-RLWE-BCNS15"
# define SSL_TXT_OQSKEX_RLWE_BCNS15_ECDHE "OQSKEX-RLWE-BCNS15-ECDHE"
# define SSL_TXT_AECDH "AECDH"
# define SSL_TXT_ECDSA "ECDSA"
# define SSL_TXT_KRB5 "KRB5"
@@ -262,6 +262,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kEECDH, 0, 0, 0, 0, 0,
0, 0, 0},
{0, SSL_TXT_kOQSKEXGENERIC, 0, SSL_kOQSKEXGENERIC, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kOQSKEX_RLWE_BCNS15, 0, SSL_kOQSKEX_RLWE_BCNS15, 0, 0, 0, 0, 0, 0, 0, 0},

{0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
@@ -298,6 +299,8 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_OQSKEXGENERIC, 0, SSL_kOQSKEXGENERIC, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_OQSKEXGENERICECDHE, 0, SSL_kEECDH|SSL_kOQSKEXGENERIC, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_OQSKEX_RLWE_BCNS15, 0, SSL_kOQSKEX_RLWE_BCNS15, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_OQSKEX_RLWE_BCNS15_ECDHE, 0, SSL_kEECDH|SSL_kOQSKEX_RLWE_BCNS15, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},

/* symmetric encryption aliases */
{0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0},
@@ -1748,6 +1751,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kOQSKEXGENERIC:
kx = "OQSKEXGENERIC";
break;
case SSL_kOQSKEX_RLWE_BCNS15:
kx = "OQSKEX-RLWE-BCNS15";
break;
case SSL_kPSK:
kx = "PSK";
break;
@@ -2437,6 +2437,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#ifndef OPENSSL_NO_OQSKEX
mask_k |= SSL_kOQSKEXGENERIC;
emask_k |= SSL_kOQSKEXGENERIC;
mask_k |= SSL_kOQSKEX_RLWE_BCNS15;
emask_k |= SSL_kOQSKEX_RLWE_BCNS15;
#endif

#ifndef OPENSSL_NO_PSK
@@ -316,6 +316,7 @@
# define SSL_kSRP 0x00000400L
/* OQS KEX */
# define SSL_kOQSKEXGENERIC 0x00001000L
# define SSL_kOQSKEX_RLWE_BCNS15 0x00002000L

/* Bits for algorithm_auth (server authentication) */
/* RSA auth */

0 comments on commit 3a04b82

Please sign in to comment.
You can’t perform that action at this time.