Skip to content

Commit

Permalink
Add support for the TLS_AEGIS_128L_SHA256 cipher suite
Browse files Browse the repository at this point in the history
  • Loading branch information
jedisct1 committed Dec 4, 2024
1 parent 98acb6b commit 0e74b33
Show file tree
Hide file tree
Showing 34 changed files with 1,359 additions and 20 deletions.
2 changes: 2 additions & 0 deletions Configure
Original file line number Diff line number Diff line change
Expand Up @@ -416,6 +416,7 @@ my @dtls = qw(dtls1 dtls1_2);

my @disablables = (
"acvp-tests",
"aegis",
"afalgeng",
"apps",
"argon2",
Expand Down Expand Up @@ -611,6 +612,7 @@ our %disabled = ( # "what" => "comment"
my @disable_cascades = (
# "what" => [ "cascade", ... ]
"bulk" => [ "shared", "dso",
"aegis",
"aria", "async", "atexit", "autoload-config",
"blake2", "bf", "camellia", "cast", "chacha",
"cmac", "cms", "cmp", "comp", "ct",
Expand Down
9 changes: 6 additions & 3 deletions crypto/objects/obj_dat.h
Original file line number Diff line number Diff line change
Expand Up @@ -1187,7 +1187,7 @@ static const unsigned char so[8504] = {
0x2B,0x06,0x01,0x04,0x01,0x82,0xE4,0x25,0x01, /* [ 8494] OBJ_id_kp_wisun_fan_device */
};

#define NUM_NID 1324
#define NUM_NID (1324 + 1)
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
Expand Down Expand Up @@ -2513,9 +2513,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"id-on-hardwareModuleName", "Hardware Module Name", NID_id_on_hardwareModuleName, 8, &so[8486]},
{"id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)", NID_id_kp_wisun_fan_device, 9, &so[8494]},
{"NULL", "NULL", NID_ac_auditEntity},
{"AEGIS-128L", "aegis-128l", NID_aegis_128l},
};

#define NUM_SN 1315
#define NUM_SN (1315 + 1)
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
Expand Down Expand Up @@ -3832,9 +3833,10 @@ static const unsigned int sn_objs[NUM_SN] = {
160, /* "x509Crl" */
1093, /* "x509ExtAdmission" */
1289, /* "zstd" */
NUM_NID - 1, /* "aegis-128l" */
};

#define NUM_LN 1315
#define NUM_LN (1315 + 1)
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
Expand Down Expand Up @@ -5151,6 +5153,7 @@ static const unsigned int ln_objs[NUM_LN] = {
1207, /* "x942kdf" */
1206, /* "x963kdf" */
125, /* "zlib compression" */
NUM_NID - 1, /* "aegis-128l" */
};

#define NUM_OBJ 1181
Expand Down
1 change: 1 addition & 0 deletions crypto/objects/obj_mac.num
Original file line number Diff line number Diff line change
Expand Up @@ -1321,3 +1321,4 @@ id_ct_rpkiSignedPrefixList 1320
id_on_hardwareModuleName 1321
id_kp_wisun_fan_device 1322
ac_auditEntity 1323
aegis_128l 1324
1 change: 1 addition & 0 deletions crypto/objects/objects.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1691,6 +1691,7 @@ sm-scheme 104 10 : SM4-XTS : sm4-xts
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
: ChaCha20-Poly1305 : chacha20-poly1305
: ChaCha20 : chacha20
: AEGIS-128L : aegis-128l

ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH

Expand Down
7 changes: 7 additions & 0 deletions include/crypto/aegis_128l.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#ifndef OSSL_CRYPTO_AEGIS_128L_H
#define OSSL_CRYPTO_AEGIS_128L_H
# pragma once

#include <stddef.h>

#endif
1 change: 1 addition & 0 deletions include/internal/quic_record_util.h
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ int ossl_quic_provide_initial_secret(OSSL_LIB_CTX *libctx,
# define QRL_SUITE_AES128GCM 1 /* SHA256 */
# define QRL_SUITE_AES256GCM 2 /* SHA384 */
# define QRL_SUITE_CHACHA20POLY1305 3 /* SHA256 */
# define QRL_SUITE_AEGIS128L 4 /* SHA256 */

/* Returns cipher name in bytes or NULL if suite ID is invalid. */
const char *ossl_qrl_get_suite_cipher_name(uint32_t suite_id);
Expand Down
1 change: 1 addition & 0 deletions include/internal/quic_wire_pkt.h
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,7 @@ typedef struct quic_hdr_protector_st {
# define QUIC_HDR_PROT_CIPHER_AES_128 1
# define QUIC_HDR_PROT_CIPHER_AES_256 2
# define QUIC_HDR_PROT_CIPHER_CHACHA 3
# define QUIC_HDR_PROT_CIPHER_AEGIS_128L 4

/*
* Initialises a header protector.
Expand Down
3 changes: 2 additions & 1 deletion include/openssl/evp.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
# define EVP_MAX_KEY_LENGTH 64
# define EVP_MAX_IV_LENGTH 16
# define EVP_MAX_BLOCK_LENGTH 32
# define EVP_MAX_AEAD_TAG_LENGTH 16
# define EVP_MAX_AEAD_TAG_LENGTH 32

# define PKCS5_SALT_LEN 8
/* Default PKCS#5 iteration count */
Expand Down Expand Up @@ -479,6 +479,7 @@ typedef struct {

/* Length of tag for TLS */
# define EVP_CHACHAPOLY_TLS_TAG_LEN 16
# define EVP_AEGIS_128L_TLS_TAG_LEN 16

typedef struct evp_cipher_info_st {
const EVP_CIPHER *cipher;
Expand Down
4 changes: 4 additions & 0 deletions include/openssl/obj_mac.h
Original file line number Diff line number Diff line change
Expand Up @@ -5308,6 +5308,10 @@
#define LN_chacha20 "chacha20"
#define NID_chacha20 1019

#define SN_aegis_128l "AEGIS-128L"
#define LN_aegis_128l "aegis-128l"
#define NID_aegis_128l 1324

#define SN_dhpublicnumber "dhpublicnumber"
#define LN_dhpublicnumber "X9.42 DH"
#define NID_dhpublicnumber 920
Expand Down
7 changes: 5 additions & 2 deletions include/openssl/ssl.h.in
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@ extern "C" {
# define SSL_TXT_ARIA256 "ARIA256"
# define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912"
# define SSL_TXT_CBC "CBC"
# define SSL_TXT_AEGIS_128L "AEGIS-128L"

# define SSL_TXT_MD5 "MD5"
# define SSL_TXT_SHA1 "SHA1"
Expand Down Expand Up @@ -199,9 +200,11 @@ extern "C" {
* DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites()
* Update both macro and function simultaneously
*/
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
# define TLS_DEFAULT_CIPHERSUITES \
"TLS_AES_256_GCM_SHA384:" \
"TLS_CHACHA20_POLY1305_SHA256:" \
"TLS_AES_128_GCM_SHA256"
"TLS_AES_128_GCM_SHA256:" \
"TLS_AEGIS_128L_SHA256"
# endif
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
Expand Down
4 changes: 4 additions & 0 deletions include/openssl/tls1.h
Original file line number Diff line number Diff line change
Expand Up @@ -625,6 +625,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303
# define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304
# define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305
# define TLS1_3_CK_AEGIS_256_SHA512 0x03001306
# define TLS1_3_CK_AEGIS_128L_SHA256 0x03001307

/* Integrity-only ciphersuites from RFC 9150 */
# define TLS1_3_CK_SHA256_SHA256 0x0300C0B4
Expand Down Expand Up @@ -711,6 +713,8 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_3_RFC_SHA384_SHA384 "TLS_SHA384_SHA384"
# define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256"
# define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256"
# define TLS1_3_RFC_AEGIS_128L_SHA256 "TLS_AEGIS_128L_SHA256"
# define TLS1_3_RFC_AEGIS_256_SHA512 "TLS_AEGIS_256_SHA512"
# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
Expand Down
3 changes: 3 additions & 0 deletions providers/defltprov.c
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,9 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
ALG(PROV_NAMES_ChaCha20_Poly1305, ossl_chacha20_ossl_poly1305_functions),
# endif /* OPENSSL_NO_POLY1305 */
#endif /* OPENSSL_NO_CHACHA */
#ifndef OPENSSL_NO_AEGIS
ALG(PROV_NAMES_AEGIS_128L, ossl_aegis_128l_functions),
#endif
{ { NULL, NULL, NULL }, NULL }
};
static OSSL_ALGORITHM exported_ciphers[OSSL_NELEM(deflt_ciphers)];
Expand Down
7 changes: 7 additions & 0 deletions providers/implementations/ciphers/build.info
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ $CHACHA_GOAL=../../libdefault.a
$CHACHAPOLY_GOAL=../../libdefault.a
$SIV_GOAL=../../libdefault.a
$SIV_GCM_GOAL=../../libdefault.a
$AEGIS_GOAL=../../libdefault.a

IF[{- !$disabled{asm} -}]
$GHASHDEF_x86=GHASH_ASM
Expand Down Expand Up @@ -192,3 +193,9 @@ IF[{- !$disabled{chacha} -}]
cipher_chacha20_poly1305.c cipher_chacha20_poly1305_hw.c
ENDIF
ENDIF

IF[{- !$disabled{aegis} -}]
SOURCE[$AEGIS_GOAL]=\
cipher_aegis_128l.c cipher_aegis_128l_hw.c
ENDIF

Loading

0 comments on commit 0e74b33

Please sign in to comment.