Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework KDF interface #1551

Merged
merged 9 commits into from
Oct 26, 2023
Merged

Rework KDF interface #1551

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
73b9f20
Move tls12::prf to crypto::tls12
ctz Oct 23, 2023
307f634
Put TLS1.2 PRF implementation behind a trait
ctz Oct 23, 2023
b63725b
Add test for TLS1.2 PRF using HMAC-SHA384
ctz Oct 3, 2023
029bf28
Put HKDF use behind trait
ctz Oct 24, 2023
2dc4548
Delete unused hkdf.rs: migrate tests to crypto::tls13
ctz Oct 24, 2023
fd18d3b
Arrange for key exchange to be completed in Hkdf trait
ctz Oct 24, 2023
3e2c9cd
Test excess secret exporting, to address TODO
ctz Oct 24, 2023
82f1ccc
Bolt hmac_sign onto `Hkdf` trait
ctz Oct 25, 2023
1fd7697
Return to using ring hkdf API
ctz Oct 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions provider-example/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite =
suite: rustls::CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
hash_provider: &hash::Sha256,
},
hmac_provider: &hmac::Sha256Hmac,
hkdf_provider: &rustls::crypto::tls13::HkdfUsingHmac(&hmac::Sha256Hmac),
ctz marked this conversation as resolved.
Show resolved Hide resolved
aead_alg: &aead::Chacha20Poly1305,
});

Expand All @@ -54,7 +54,7 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS
rustls::SignatureScheme::RSA_PSS_SHA256,
rustls::SignatureScheme::RSA_PKCS1_SHA256,
],
hmac_provider: &hmac::Sha256Hmac,
prf_provider: &rustls::crypto::tls12::PrfUsingHmac(&hmac::Sha256Hmac),
aead_alg: &aead::Chacha20Poly1305,
});

Expand Down
4 changes: 2 additions & 2 deletions rustls/src/client/tls13.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,8 +150,8 @@ pub(super) fn handle_server_hello(
KeySchedulePreHandshake::new(suite)
};

let shared_secret = our_key_share.complete(&their_key_share.payload.0)?;
let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret);
let key_schedule =
key_schedule_pre_handshake.into_handshake(our_key_share, &their_key_share.payload.0)?;

// Remember what KX group the server liked for next time.
config
Expand Down
6 changes: 6 additions & 0 deletions rustls/src/crypto/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ pub mod hmac;
/// Message signing interfaces.
pub mod signer;

/// Cryptography specific to TLS1.2.
pub mod tls12;

/// Cryptography specific to TLS1.3.
pub mod tls13;

pub use crate::rand::GetRandomFailed;

pub use crate::msgs::handshake::KeyExchangeAlgorithm;
Expand Down
32 changes: 17 additions & 15 deletions rustls/src/crypto/ring/quic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::crypto::cipher::{Iv, Nonce};
use crate::crypto::tls13;
use crate::error::Error;
use crate::hkdf;
use crate::quic;
use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key};
use crate::tls13::Tls13CipherSuite;
Expand All @@ -13,7 +13,7 @@ pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey);

impl HeaderProtectionKey {
pub(crate) fn new(
expander: &hkdf::Expander,
expander: &dyn tls13::HkdfExpander,
version: quic::Version,
alg: &'static aead::quic::Algorithm,
) -> Self {
Expand Down Expand Up @@ -114,7 +114,7 @@ pub(crate) struct PacketKey {
impl PacketKey {
pub(crate) fn new(
suite: &'static Tls13CipherSuite,
expander: &hkdf::Expander,
expander: &dyn tls13::HkdfExpander,
version: quic::Version,
aead_algorithm: &'static aead::Algorithm,
) -> Self {
Expand Down Expand Up @@ -208,7 +208,7 @@ impl crate::quic::Algorithm for KeyBuilder {
fn packet_key(
&self,
suite: &'static Tls13CipherSuite,
expander: &hkdf::Expander,
expander: &dyn tls13::HkdfExpander,
version: quic::Version,
) -> Box<dyn quic::PacketKey> {
Box::new(super::quic::PacketKey::new(
Expand All @@ -218,7 +218,7 @@ impl crate::quic::Algorithm for KeyBuilder {

fn header_protection_key(
&self,
expander: &hkdf::Expander,
expander: &dyn tls13::HkdfExpander,
version: quic::Version,
) -> Box<dyn quic::HeaderProtectionKey> {
Box::new(super::quic::HeaderProtectionKey::new(
Expand All @@ -231,10 +231,10 @@ impl crate::quic::Algorithm for KeyBuilder {
mod tests {
use super::*;
use crate::common_state::Side;
use crate::crypto::ring;
use crate::crypto::ring::tls13::{
TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL,
};
use crate::crypto::tls13::OkmBlock;
use crate::quic::HeaderProtectionKey;
use crate::quic::PacketKey;
use crate::quic::*;
Expand All @@ -247,12 +247,14 @@ mod tests {
0x0f, 0x21, 0x63, 0x2b,
];

let expander =
hkdf::Expander::from_okm(&hkdf::OkmBlock::from(SECRET), &ring::hmac::HMAC_SHA256);
let hpk = super::HeaderProtectionKey::new(&expander, version, &aead::quic::CHACHA20);
let expander = TLS13_CHACHA20_POLY1305_SHA256_INTERNAL
.hkdf_provider
.expander_for_okm(&OkmBlock::new(SECRET));
let hpk =
super::HeaderProtectionKey::new(expander.as_ref(), version, &aead::quic::CHACHA20);
let packet = super::PacketKey::new(
TLS13_CHACHA20_POLY1305_SHA256_INTERNAL,
&expander,
expander.as_ref(),
version,
&aead::CHACHA20_POLY1305,
);
Expand Down Expand Up @@ -303,20 +305,20 @@ mod tests {

#[test]
fn key_update_test_vector() {
fn equal_okm(x: &hkdf::OkmBlock, y: &hkdf::OkmBlock) -> bool {
fn equal_okm(x: &OkmBlock, y: &OkmBlock) -> bool {
x.as_ref() == y.as_ref()
}

let mut secrets = Secrets::new(
// Constant dummy values for reproducibility
hkdf::OkmBlock::from(
OkmBlock::new(
&[
0xb8, 0x76, 0x77, 0x08, 0xf8, 0x77, 0x23, 0x58, 0xa6, 0xea, 0x9f, 0xc4, 0x3e,
0x4a, 0xdd, 0x2c, 0x96, 0x1b, 0x3f, 0x52, 0x87, 0xa6, 0xd1, 0x46, 0x7e, 0xe0,
0xae, 0xab, 0x33, 0x72, 0x4d, 0xbf,
][..],
),
hkdf::OkmBlock::from(
OkmBlock::new(
&[
0x42, 0xdc, 0x97, 0x21, 0x40, 0xe0, 0xf2, 0xe3, 0x98, 0x45, 0xb7, 0x67, 0x61,
0x34, 0x39, 0xdc, 0x67, 0x58, 0xca, 0x43, 0x25, 0x9b, 0x87, 0x85, 0x06, 0x82,
Expand All @@ -331,7 +333,7 @@ mod tests {

assert!(equal_okm(
&secrets.client,
&hkdf::OkmBlock::from(
&OkmBlock::new(
&[
0x42, 0xca, 0xc8, 0xc9, 0x1c, 0xd5, 0xeb, 0x40, 0x68, 0x2e, 0x43, 0x2e, 0xdf,
0x2d, 0x2b, 0xe9, 0xf4, 0x1a, 0x52, 0xca, 0x6b, 0x22, 0xd8, 0xe6, 0xcd, 0xb1,
Expand All @@ -341,7 +343,7 @@ mod tests {
));
assert!(equal_okm(
&secrets.server,
&hkdf::OkmBlock::from(
&OkmBlock::new(
&[
0xeb, 0x7f, 0x5e, 0x2a, 0x12, 0x3f, 0x40, 0x7d, 0xb4, 0x99, 0xe3, 0x61, 0xca,
0xe5, 0x90, 0xd4, 0xd9, 0x92, 0xe1, 0x4b, 0x7a, 0xce, 0x3, 0xc2, 0x44, 0xe0,
Expand Down
13 changes: 7 additions & 6 deletions rustls/src/crypto/ring/tls12.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ use crate::crypto::cipher::{
make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce,
Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN,
};
use crate::crypto::tls12::PrfUsingHmac;
use crate::crypto::KeyExchangeAlgorithm;
use crate::enums::{CipherSuite, SignatureScheme};
use crate::error::Error;
Expand All @@ -25,7 +26,7 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
kx: KeyExchangeAlgorithm::ECDHE,
sign: TLS12_ECDSA_SCHEMES,
aead_alg: &ChaCha20Poly1305,
hmac_provider: &super::hmac::HMAC_SHA256,
prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256),
});

/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Expand All @@ -38,7 +39,7 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite =
kx: KeyExchangeAlgorithm::ECDHE,
sign: TLS12_RSA_SCHEMES,
aead_alg: &ChaCha20Poly1305,
hmac_provider: &super::hmac::HMAC_SHA256,
prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256),
});

/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Expand All @@ -51,7 +52,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite =
kx: KeyExchangeAlgorithm::ECDHE,
sign: TLS12_RSA_SCHEMES,
aead_alg: &AES128_GCM,
hmac_provider: &super::hmac::HMAC_SHA256,
prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256),
});

/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Expand All @@ -64,7 +65,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite =
kx: KeyExchangeAlgorithm::ECDHE,
sign: TLS12_RSA_SCHEMES,
aead_alg: &AES256_GCM,
hmac_provider: &super::hmac::HMAC_SHA384,
prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA384),
});

/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Expand All @@ -77,7 +78,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite =
kx: KeyExchangeAlgorithm::ECDHE,
sign: TLS12_ECDSA_SCHEMES,
aead_alg: &AES128_GCM,
hmac_provider: &super::hmac::HMAC_SHA256,
prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256),
});

/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Expand All @@ -90,7 +91,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite =
kx: KeyExchangeAlgorithm::ECDHE,
sign: TLS12_ECDSA_SCHEMES,
aead_alg: &AES256_GCM,
hmac_provider: &super::hmac::HMAC_SHA384,
prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA384),
});

static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[
Expand Down
7 changes: 4 additions & 3 deletions rustls/src/crypto/ring/tls13.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ use crate::crypto::cipher::{
make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm,
UnsupportedOperationError,
};
use crate::crypto::tls13::HkdfUsingHmac;
use crate::enums::{CipherSuite, ContentType, ProtocolVersion};
use crate::error::Error;
use crate::msgs::codec::Codec;
Expand All @@ -23,7 +24,7 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = &
suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
hash_provider: &super::hash::SHA256,
},
hmac_provider: &super::hmac::HMAC_SHA256,
hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA256),
aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&ring::aead::CHACHA20_POLY1305)),
#[cfg(feature = "quic")]
confidentiality_limit: u64::MAX,
Expand All @@ -40,7 +41,7 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite =
suite: CipherSuite::TLS13_AES_256_GCM_SHA384,
hash_provider: &super::hash::SHA384,
},
hmac_provider: &super::hmac::HMAC_SHA384,
hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA384),
aead_alg: &Aes256GcmAead(AeadAlgorithm(&ring::aead::AES_256_GCM)),
#[cfg(feature = "quic")]
confidentiality_limit: 1 << 23,
Expand All @@ -59,7 +60,7 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C
suite: CipherSuite::TLS13_AES_128_GCM_SHA256,
hash_provider: &super::hash::SHA256,
},
hmac_provider: &super::hmac::HMAC_SHA256,
hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA256),
aead_alg: &Aes128GcmAead(AeadAlgorithm(&ring::aead::AES_128_GCM)),
#[cfg(feature = "quic")]
confidentiality_limit: 1 << 23,
Expand Down