diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-13 13:28:54 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-13 13:28:54 +0000 |
| commit | d7a5dca6a99a801f4ad90bbb2c3d0c5fd6f2ee28 (patch) | |
| tree | f580661734445e00bbfdd7fb56def08c30844611 /lib | |
| parent | 4ba3f4d7afd55dbe28840c70a78ccfd434365480 (diff) | |
Add ChaCha20-Poly1305 based ciphersuites.
Based on Adam Langley's chromium patches.
Tested by and ok sthen@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/src/ssl/s3_lib.c | 53 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl.h | 3 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_ciph.c | 16 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_locl.h | 3 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/tls1.h | 13 |
5 files changed, 81 insertions, 7 deletions
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c index 939557e48ee..fa7df59779c 100644 --- a/lib/libssl/src/ssl/s3_lib.c +++ b/lib/libssl/src/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.60 2014/06/13 13:21:09 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.61 2014/06/13 13:28:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2287,6 +2287,57 @@ SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256 }, #endif + +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CHACHA20POLY1305, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), + .strength_bits = 256, + .alg_bits = 0, + }, + + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, + .algorithm_mkey = SSL_kEECDH, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_CHACHA20POLY1305, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), + .strength_bits = 256, + .alg_bits = 0, + }, + + { + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, + .algorithm_mkey = SSL_kEDH, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CHACHA20POLY1305, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_NOT_EXP|SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + SSL_CIPHER_ALGORITHM2_AEAD|FIXED_NONCE_LEN(0), + .strength_bits = 256, + .alg_bits = 0, + }, +#endif + /* end of list */ }; diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h index 1a2bdf76285..3e09bd35219 100644 --- a/lib/libssl/src/ssl/ssl.h +++ b/lib/libssl/src/ssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.55 2014/06/13 11:52:03 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.56 2014/06/13 13:28:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -289,6 +289,7 @@ extern "C" { #define SSL_TXT_CAMELLIA128 "CAMELLIA128" #define SSL_TXT_CAMELLIA256 "CAMELLIA256" #define SSL_TXT_CAMELLIA "CAMELLIA" +#define SSL_TXT_CHACHA20 "CHACHA20" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c index 25291bfd4ac..a89c8253c8f 100644 --- a/lib/libssl/src/ssl/ssl_ciph.c +++ b/lib/libssl/src/ssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.52 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.53 2014/06/13 13:28:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -916,6 +916,11 @@ ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead) *aead = EVP_aead_aes_256_gcm(); return 1; #endif +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + case SSL_CHACHA20POLY1305: + *aead = EVP_aead_chacha20_poly1305(); + return 1; +#endif default: break; } @@ -1617,7 +1622,11 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - /* AES is our preferred symmetric cipher */ + /* + * CHACHA20 is fast and safe on all hardware and is thus our preferred + * symmetric cipher, with AES second. + */ + ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); /* Temporarily enable everything else for sorting */ @@ -1871,6 +1880,9 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_SEED: enc="SEED(128)"; break; + case SSL_CHACHA20POLY1305: + enc = "ChaCha20-Poly1305"; + break; default: enc="unknown"; break; diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index ea5f8c3d4e5..6ce2e17a155 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.50 2014/06/13 10:52:24 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.51 2014/06/13 13:28:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -296,6 +296,7 @@ #define SSL_SEED 0x00000800L #define SSL_AES128GCM 0x00001000L #define SSL_AES256GCM 0x00002000L +#define SSL_CHACHA20POLY1305 0x00004000L #define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) #define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) diff --git a/lib/libssl/src/ssl/tls1.h b/lib/libssl/src/ssl/tls1.h index dbe8979a883..3bbb2acc2ff 100644 --- a/lib/libssl/src/ssl/tls1.h +++ b/lib/libssl/src/ssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.18 2014/06/13 04:29:13 miod Exp $ */ +/* $OpenBSD: tls1.h,v 1.19 2014/06/13 13:28:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -479,7 +479,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 /* ECDH HMAC based ciphersuites from RFC5289 */ - #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 #define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 #define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 @@ -499,6 +498,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 +/* ChaCha20-Poly1305 based ciphersuites. */ +#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CC13 +#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CC14 +#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CC15 + /* XXX * Inconsistency alert: * The OpenSSL names of ciphers with ephemeral DH here include the string @@ -650,6 +654,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" +/* ChaCha20-Poly1305 based ciphersuites. */ +#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" + #define TLS_CT_RSA_SIGN 1 #define TLS_CT_DSS_SIGN 2 #define TLS_CT_RSA_FIXED_DH 3 |