Skip to content

N
nghttp2
Commit 06272f83 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa
Browse files
Options

quic: Support TLS_AES_128_CCM_SHA256

parent db5ad837
Show whitespace changes
Inline Side-by-side
Showing with 32 additions and 0 deletions
src/quic.cc
View file @ 06272f83
...@@ -45,6 +45,8 @@ const EVP_CIPHER *aead(SSL *ssl) { ...@@ -45,6 +45,8 @@ const EVP_CIPHER *aead(SSL *ssl) {
return EVP_aes_256_gcm(); return EVP_aes_256_gcm();
case 0x03001303u: // TLS_CHACHA20_POLY1305_SHA256 case 0x03001303u: // TLS_CHACHA20_POLY1305_SHA256
return EVP_chacha20_poly1305(); return EVP_chacha20_poly1305();
case 0x03001304u: // TLS_AES_128_CCM_SHA256
return EVP_aes_128_ccm();
default: default:
assert(0); assert(0);
} }
...@@ -53,6 +55,7 @@ const EVP_CIPHER *aead(SSL *ssl) { ...@@ -53,6 +55,7 @@ const EVP_CIPHER *aead(SSL *ssl) {
const EVP_CIPHER *hp(SSL *ssl) { const EVP_CIPHER *hp(SSL *ssl) {
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) { switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
case 0x03001301u: // TLS_AES_128_GCM_SHA256 case 0x03001301u: // TLS_AES_128_GCM_SHA256
case 0x03001304u: // TLS_AES_128_CCM_SHA256
return EVP_aes_128_ctr(); return EVP_aes_128_ctr();
case 0x03001302u: // TLS_AES_256_GCM_SHA384 case 0x03001302u: // TLS_AES_256_GCM_SHA384
return EVP_aes_256_ctr(); return EVP_aes_256_ctr();
...@@ -67,6 +70,7 @@ const EVP_MD *prf(SSL *ssl) { ...@@ -67,6 +70,7 @@ const EVP_MD *prf(SSL *ssl) {
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) { switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
case 0x03001301u: // TLS_AES_128_GCM_SHA256 case 0x03001301u: // TLS_AES_128_GCM_SHA256
case 0x03001303u: // TLS_CHACHA20_POLY1305_SHA256 case 0x03001303u: // TLS_CHACHA20_POLY1305_SHA256
case 0x03001304u: // TLS_AES_128_CCM_SHA256
return EVP_sha256(); return EVP_sha256();
case 0x03001302u: // TLS_AES_256_GCM_SHA384 case 0x03001302u: // TLS_AES_256_GCM_SHA384
return EVP_sha384(); return EVP_sha384();
...@@ -95,6 +99,9 @@ size_t aead_tag_length(const EVP_CIPHER *aead) { ...@@ -95,6 +99,9 @@ size_t aead_tag_length(const EVP_CIPHER *aead) {
if (aead == EVP_chacha20_poly1305()) { if (aead == EVP_chacha20_poly1305()) {
return EVP_CHACHAPOLY_TLS_TAG_LEN; return EVP_CHACHAPOLY_TLS_TAG_LEN;
} }
if (aead == EVP_aes_128_ccm()) {
return EVP_CCM_TLS_TAG_LEN;
}
assert(0); assert(0);
} }
} // namespace } // namespace
...@@ -269,6 +276,11 @@ ssize_t encrypt(uint8_t *dest, size_t destlen, const uint8_t *plaintext, ...@@ -269,6 +276,11 @@ ssize_t encrypt(uint8_t *dest, size_t destlen, const uint8_t *plaintext,
return -1; return -1;
} }
if (aead == EVP_aes_128_ccm() &&
EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, taglen, nullptr) != 1) {
return -1;
}
if (EVP_EncryptInit_ex(actx, nullptr, nullptr, key, nonce) != 1) { if (EVP_EncryptInit_ex(actx, nullptr, nullptr, key, nonce) != 1) {
return -1; return -1;
} }
...@@ -276,6 +288,11 @@ ssize_t encrypt(uint8_t *dest, size_t destlen, const uint8_t *plaintext, ...@@ -276,6 +288,11 @@ ssize_t encrypt(uint8_t *dest, size_t destlen, const uint8_t *plaintext,
size_t outlen = 0; size_t outlen = 0;
int len; int len;
if (aead == EVP_aes_128_ccm() &&
EVP_EncryptUpdate(actx, nullptr, &len, nullptr, plaintextlen) != 1) {
return -1;
}
if (EVP_EncryptUpdate(actx, nullptr, &len, ad, adlen) != 1) { if (EVP_EncryptUpdate(actx, nullptr, &len, ad, adlen) != 1) {
return -1; return -1;
} }
...@@ -333,6 +350,12 @@ ssize_t decrypt(uint8_t *dest, size_t destlen, const uint8_t *ciphertext, ...@@ -333,6 +350,12 @@ ssize_t decrypt(uint8_t *dest, size_t destlen, const uint8_t *ciphertext,
return -1; return -1;
} }
if (aead == EVP_aes_128_ccm() &&
EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, taglen,
const_cast<uint8_t *>(tag)) != 1) {
return -1;
}
if (EVP_DecryptInit_ex(actx, nullptr, nullptr, key, nonce) != 1) { if (EVP_DecryptInit_ex(actx, nullptr, nullptr, key, nonce) != 1) {
return -1; return -1;
} }
...@@ -340,6 +363,11 @@ ssize_t decrypt(uint8_t *dest, size_t destlen, const uint8_t *ciphertext, ...@@ -340,6 +363,11 @@ ssize_t decrypt(uint8_t *dest, size_t destlen, const uint8_t *ciphertext,
size_t outlen; size_t outlen;
int len; int len;
if (aead == EVP_aes_128_ccm() &&
EVP_DecryptUpdate(actx, nullptr, &len, nullptr, ciphertextlen) != 1) {
return -1;
}
if (EVP_DecryptUpdate(actx, nullptr, &len, ad, adlen) != 1) { if (EVP_DecryptUpdate(actx, nullptr, &len, ad, adlen) != 1) {
return -1; return -1;
} }
...@@ -350,6 +378,10 @@ ssize_t decrypt(uint8_t *dest, size_t destlen, const uint8_t *ciphertext, ...@@ -350,6 +378,10 @@ ssize_t decrypt(uint8_t *dest, size_t destlen, const uint8_t *ciphertext,
outlen = len; outlen = len;
if (aead == EVP_aes_128_ccm()) {
return outlen;
}
if (EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, taglen, if (EVP_CIPHER_CTX_ctrl(actx, EVP_CTRL_AEAD_SET_TAG, taglen,
const_cast<uint8_t *>(tag)) != 1) { const_cast<uint8_t *>(tag)) != 1) {
return -1; return -1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment