diff --git a/btls/btls.h b/btls/btls.h index 81266d0..c99ebf7 100644 --- a/btls/btls.h +++ b/btls/btls.h @@ -39,6 +39,8 @@ extern "C" { #define SSL_BELTCTR 0x02000000U #define SSL_BELTDWP 0x01000000U +#define SSL_BELTCHE 0x04000000U +#define SSL_BASHPRGAE 0x08000000U #define SSL_BELTMAC 0x00001000U #define SSL_HBELT 0x00002000U @@ -71,6 +73,11 @@ extern "C" { #define SSL_TXT_BELTCTR "BELTCTR" #define SSL_TXT_BELTMAC "BELTMAC" #define SSL_TXT_BELTDWP "BELTDWP" +#define SSL_TXT_BELTCHE "BELTCHE" +#define SSL_TXT_BASHPRGAE "BASHPRGAE" + +# define EVP_BELTCHE_TLS_TAG_LEN 8 +# define EVP_BASHPRGAE_TLS_TAG_LEN 32 /* tls1.h */ # define TLS_CT_BIGN_SIGN 231 @@ -111,6 +118,18 @@ extern "C" { # define BTLS1_TXT_DHT_PSK_BIGN_WITH_BELT_DWP_HBELT\ "DHT-PSK-BIGN-WITH-BELT-DWP-HBELT" +# define BTLS1_RFC_BELT_CHE256_BELT_HASH\ + "BTLS_BELT_CHE256_BELT_HASH" +# define BTLS1_TXT_BELT_CHE256_BELT_HASH\ + "BTLS_BELT_CHE256_BELT_HASH" +# define BTLS1_3_CK_BELT_CHE256_BELT_HASH 0x0300ff1d + +# define BTLS1_RFC_BASH_PRG_AE256_BASH256\ + "BTLS_BASH_PRG_AE256_BASH256" +# define BTLS1_TXT_BASH_PRG_AE256_BASH256\ + "BTLS_BASH_PRG_AE256_BASH256" +# define BTLS1_3_CK_BASH_PRG_AE256_BASH256 0x0300ff1e + /* t1_lib.c */ #define BIGN_CURVE256V1_ID 0x0200 diff --git a/btls/legacy/btls.c b/btls/legacy/btls.c index 631df8f..dd3e80d 100644 --- a/btls/legacy/btls.c +++ b/btls/legacy/btls.c @@ -47,11 +47,10 @@ MD-интерфейс belt-mac256 объявлен, но не реализова const EVP_MD* evpMDBeltMac256() { - static const EVP_MD md_belt_mac256 = - { - NID_belt_mac256, - }; - return &md_belt_mac256; + static const EVP_MD md_belt_mac256 = { + NID_belt_mac256, + }; + return &md_belt_mac256; } /* @@ -76,59 +75,77 @@ static int btls_inited = 0; int btls_init() { - if (btls_inited) - return 1; - if (OBJ_create("1.2.112.0.2.0.34.101.45.2.1", - "bign-pubkey", "bign-pubkey") != NID_bign_pubkey) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.31.81", - "belt-hash", "belt-hash") != NID_belt_hash) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.77.12", - "bash384", "bash384") != NID_bash384) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.77.13", - "bash512", "bash512") != NID_bash512) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.31.67", - "belt-dwp-tls", "belt-dwp-tls") != NID_belt_dwpt) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.31.44", - "belt-ctr-tls", "belt-ctr-tls") != NID_belt_ctrt) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.31.53", - "belt-mac256", "belt-mac256") != NID_belt_mac256) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.12", - "bign-with-hbelt", "bign-with-hbelt") != NID_bign_with_hbelt) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.14", - "bign-with-bash384", "bign-with-bash384") != NID_bign_with_bash384) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.15", - "bign-with-bash512", "bign-with-bash512") != NID_bign_with_bash512) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.3.1", - "bign-curve256v1", "bign-curve256v1") != NID_bign_curve256v1) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.3.2", - "bign-curve384v1", "bign-curve384v1") != NID_bign_curve384v1) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.3.3", - "bign-curve512v1", "bign-curve512v1") != NID_bign_curve512v1) - return 0; - if (OBJ_new_nid(1) != NID_kxbdhe) - return 0; - if (OBJ_new_nid(1) != NID_kxbdht) - return 0; - if (OBJ_new_nid(1) != NID_kxbdhe_psk) - return 0; - if (OBJ_new_nid(1) != NID_kxbdht_psk) - return 0; - if (!EVP_add_digest(evpMDBeltMac256())) - return 0; - btls_inited++; - return 1; + if (btls_inited) + return 1; + if (OBJ_create("1.2.112.0.2.0.34.101.45.2.1", + "bign-pubkey", + "bign-pubkey") != NID_bign_pubkey) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.81", "belt-hash", "belt-hash") != + NID_belt_hash) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.77.12", "bash384", "bash384") != + NID_bash384) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.77.13", "bash512", "bash512") != + NID_bash512) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.67", + "belt-dwp-tls", + "belt-dwp-tls") != NID_belt_dwpt) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.44", + "belt-ctr-tls", + "belt-ctr-tls") != NID_belt_ctrt) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.68", + "belt-che-tls", + "belt-che-tls") != NID_belt_chet) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.77.37", + "bash-prg-ae-tls", + "bash-prg-ee-tls") != NID_bash_prg_aet) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.53", + "belt-mac256", + "belt-mac256") != NID_belt_mac256) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.12", + "bign-with-hbelt", + "bign-with-hbelt") != NID_bign_with_hbelt) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.14", + "bign-with-bash384", + "bign-with-bash384") != NID_bign_with_bash384) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.15", + "bign-with-bash512", + "bign-with-bash512") != NID_bign_with_bash512) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.3.1", + "bign-curve256v1", + "bign-curve256v1") != NID_bign_curve256v1) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.3.2", + "bign-curve384v1", + "bign-curve384v1") != NID_bign_curve384v1) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.3.3", + "bign-curve512v1", + "bign-curve512v1") != NID_bign_curve512v1) + return 0; + if (OBJ_new_nid(1) != NID_kxbdhe) + return 0; + if (OBJ_new_nid(1) != NID_kxbdht) + return 0; + if (OBJ_new_nid(1) != NID_kxbdhe_psk) + return 0; + if (OBJ_new_nid(1) != NID_kxbdht_psk) + return 0; + if (!EVP_add_digest(evpMDBeltMac256())) + return 0; + btls_inited++; + return 1; } /* @@ -160,74 +177,74 @@ ssl/statem/statem_clnt.c (см. обработку флага SSL_kBDHE). int btls_construct_ske_bign_dhe(SSL* s, WPACKET* pkt) { - EVP_PKEY_CTX* ctx = NULL; - EVP_PKEY* pk = NULL; - unsigned char* pk_val = NULL; - size_t pk_len = 0; - int ret = 1; - // получить ключ сертификата - EVP_PKEY* pkey = s->cert->pkeys[SSL_PKEY_BIGN].privatekey; - if (!pkey) - { - ret = 0; - goto err; - } - // сгенерировать ключ ДХ - if (s->s3->tmp.pkey != NULL || - (ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || - !EVP_PKEY_keygen_init(ctx) || - !EVP_PKEY_keygen(ctx, &pk)) - { - ret = 0; - goto err; - } - // записать ключ ДХ - if (!EVP_PKEY_get_raw_public_key(pk, NULL, &pk_len) || - !(pk_val = OPENSSL_malloc(pk_len)) || - !EVP_PKEY_get_raw_public_key(pk, pk_val, &pk_len) || - !WPACKET_sub_memcpy_u8(pkt, pk_val, pk_len)) - { - ret = 0; - goto err; - } - // запомнить ключ ДХ - s->s3->tmp.pkey = pk; - pk = NULL; + EVP_PKEY_CTX* ctx = NULL; + EVP_PKEY* pk = NULL; + unsigned char* pk_val = NULL; + size_t pk_len = 0; + int ret = 1; + // получить ключ сертификата + EVP_PKEY* pkey = s->cert->pkeys[SSL_PKEY_BIGN].privatekey; + if (!pkey) + { + ret = 0; + goto err; + } + // сгенерировать ключ ДХ + if (s->s3->tmp.pkey != NULL || + (ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || + !EVP_PKEY_keygen_init(ctx) || !EVP_PKEY_keygen(ctx, &pk)) + { + ret = 0; + goto err; + } + // записать ключ ДХ + if (!EVP_PKEY_get_raw_public_key(pk, NULL, &pk_len) || + !(pk_val = OPENSSL_malloc(pk_len)) || + !EVP_PKEY_get_raw_public_key(pk, pk_val, &pk_len) || + !WPACKET_sub_memcpy_u8(pkt, pk_val, pk_len)) + { + ret = 0; + goto err; + } + // запомнить ключ ДХ + s->s3->tmp.pkey = pk; + pk = NULL; err: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pk); - if (pk_val) - { - OPENSSL_cleanse(pk_val, pk_len); - OPENSSL_free(pk_val); - } - if (ret == 0) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - return ret; + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pk); + if (pk_val) + { + OPENSSL_cleanse(pk_val, pk_len); + OPENSSL_free(pk_val); + } + if (ret == 0) + SSLfatal(s, + SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return ret; } int btls_process_ske_bign_dhe(SSL* s, PACKET* pkt, EVP_PKEY** pkey) { - PACKET encoded_pt; - // определить статический открытый ключ сервера - if ((*pkey = X509_get0_pubkey(s->session->peer)) == 0) - return 0; - // загрузить параметры открытого ключа сервера - if (s->s3->peer_tmp == 0 && (s->s3->peer_tmp = EVP_PKEY_new()) == 0) - return 0; - if (!EVP_PKEY_copy_parameters(s->s3->peer_tmp, *pkey)) - return 0; - // загрузить эфемерный открытый ключ сервера - if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) - return 0; - if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, - PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt))) - return 0; - // завершить - return 1; + PACKET encoded_pt; + // определить статический открытый ключ сервера + if ((*pkey = X509_get0_pubkey(s->session->peer)) == 0) + return 0; + // загрузить параметры открытого ключа сервера + if (s->s3->peer_tmp == 0 && (s->s3->peer_tmp = EVP_PKEY_new()) == 0) + return 0; + if (!EVP_PKEY_copy_parameters(s->s3->peer_tmp, *pkey)) + return 0; + // загрузить эфемерный открытый ключ сервера + if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) + return 0; + if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt))) + return 0; + // завершить + return 1; } /* @@ -239,7 +256,7 @@ int btls_process_ske_bign_dhe(SSL* s, PACKET* pkt, EVP_PKEY** pkey) - S <- C: ClientKeyExchange[psk_identity, client_public] * psk_identity_hint --- подсказка по выбору psk; * oid(curve) --- идентификатор кривой, на которой будет выполняться - протокол ДХ; + протокол ДХ; * server_public, client_public --- эфемерные ключи ДХ; * psk_identity --- идентификатор выбранного psk. @@ -288,7 +305,7 @@ ssl/statem/statem_clnt.c (см. обработку флага SSL_kBDHEPSK). int btls_construct_ske_psk_bign_dhe(SSL* s, WPACKET* pkt) { - int ret = 0; + int ret = 0; size_t len; int curve_id; const TLS_GROUP_INFO* ginf; @@ -296,18 +313,19 @@ int btls_construct_ske_psk_bign_dhe(SSL* s, WPACKET* pkt) unsigned char* oid = NULL; int oid_len; EVP_PKEY_CTX* pctx = NULL; - EVP_PKEY* pk = NULL; + EVP_PKEY* pk = NULL; unsigned char* pk_val = NULL; - size_t pk_len; + size_t pk_len; // записать psk_identity_hint - len = (s->cert->psk_identity_hint == NULL) ? - 0 : strlen(s->cert->psk_identity_hint); - if (len > PSK_MAX_IDENTITY_LEN || + len = (s->cert->psk_identity_hint == NULL) ? + 0 : + strlen(s->cert->psk_identity_hint); + if (len > PSK_MAX_IDENTITY_LEN || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint, len)) - goto err; + goto err; // загружен сертификат сервера? - if (s->s3->tmp.pkey != NULL) - goto err; + if (s->s3->tmp.pkey != NULL) + goto err; // клиент не высылал расширение supported_groups? if (!s->ext.supportedgroups) // ...используем первую кривую bign @@ -316,7 +334,7 @@ int btls_construct_ske_psk_bign_dhe(SSL* s, WPACKET* pkt) else if (!(curve_id = tls1_shared_group(s, -2))) goto err; // определить oid(curve) - if (!(ginf = tls1_group_id_lookup(curve_id)) || + if (!(ginf = tls1_group_id_lookup(curve_id)) || !(obj = OBJ_nid2obj(ginf->nid)) || !(oid_len = i2d_ASN1_OBJECT(obj, &oid))) goto err; @@ -324,68 +342,67 @@ int btls_construct_ske_psk_bign_dhe(SSL* s, WPACKET* pkt) if (!WPACKET_sub_memcpy_u8(pkt, oid, oid_len)) goto err; // генерировать эфемерный ключ - pctx = EVP_PKEY_CTX_new_id(NID_bign_pubkey, NULL); - if (!pctx || - EVP_PKEY_keygen_init(pctx) <= 0 || - EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_ALG_CTRL + 1, - ginf->nid, NULL) <= 0 || + pctx = EVP_PKEY_CTX_new_id(NID_bign_pubkey, NULL); + if (!pctx || EVP_PKEY_keygen_init(pctx) <= 0 || + EVP_PKEY_CTX_ctrl( + pctx, -1, -1, EVP_PKEY_ALG_CTRL + 1, ginf->nid, NULL) <= 0 || EVP_PKEY_keygen(pctx, &pk) <= 0) - goto err; + goto err; // записать эфемерный ключ - if (!EVP_PKEY_get_raw_public_key(pk, NULL, &pk_len) || - !(pk_val = OPENSSL_malloc(pk_len)) || - !EVP_PKEY_get_raw_public_key(pk, pk_val, &pk_len) || - !WPACKET_sub_memcpy_u8(pkt, pk_val, pk_len)) - goto err; + if (!EVP_PKEY_get_raw_public_key(pk, NULL, &pk_len) || + !(pk_val = OPENSSL_malloc(pk_len)) || + !EVP_PKEY_get_raw_public_key(pk, pk_val, &pk_len) || + !WPACKET_sub_memcpy_u8(pkt, pk_val, pk_len)) + goto err; // сохранить эфемерный ключ в состоянии - s->s3->tmp.pkey = pk; - pk = NULL; + s->s3->tmp.pkey = pk; + pk = NULL; ret = 1; err: - EVP_PKEY_CTX_free(pctx); - EVP_PKEY_free(pk); - if (pk_val) + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(pk); + if (pk_val) { OPENSSL_cleanse(pk_val, pk_len); OPENSSL_free(pk_val); } OPENSSL_free(oid); - if (ret == 0) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - return ret; + if (ret == 0) + SSLfatal(s, + SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return ret; } int btls_process_ske_psk_bign_dhe(SSL* s, PACKET* pkt, EVP_PKEY** pkey) { int ret = 0; - unsigned int oid_len; - const unsigned char* oid; + unsigned int oid_len; + const unsigned char* oid; ASN1_OBJECT* obj = NULL; int params_nid; EVP_PKEY* pk = NULL; EVP_PKEY_CTX* pctx = NULL; - PACKET encoded_pt; + PACKET encoded_pt; // загрузить oid(curve) - if (!PACKET_get_1(pkt, &oid_len) || - !PACKET_get_bytes(pkt, &oid, (size_t)oid_len) || + if (!PACKET_get_1(pkt, &oid_len) || + !PACKET_get_bytes(pkt, &oid, (size_t)oid_len) || !(obj = d2i_ASN1_OBJECT(NULL, &oid, oid_len)) || (params_nid = OBJ_obj2nid(obj)) == NID_undef) goto err; // подготовиться к загрузке эфемерного открытого ключа сервера - if (s->s3->peer_tmp == 0 && - (s->s3->peer_tmp = EVP_PKEY_new()) == 0) + if (s->s3->peer_tmp == 0 && (s->s3->peer_tmp = EVP_PKEY_new()) == 0) goto err; if (!(pctx = EVP_PKEY_CTX_new_id(NID_bign_pubkey, NULL)) || EVP_PKEY_paramgen_init(pctx) <= 0 || - EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_ALG_CTRL + 1, - params_nid, NULL) <= 0 || - EVP_PKEY_paramgen(pctx, &pk) <= 0 || + EVP_PKEY_CTX_ctrl( + pctx, -1, -1, EVP_PKEY_ALG_CTRL + 1, params_nid, NULL) <= 0 || + EVP_PKEY_paramgen(pctx, &pk) <= 0 || !EVP_PKEY_copy_parameters(s->s3->peer_tmp, pk)) goto err; - // загрузить эфемерный открытый ключ сервера - if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt) || + // загрузить эфемерный открытый ключ сервера + if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt) || !EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt))) @@ -395,7 +412,7 @@ int btls_process_ske_psk_bign_dhe(SSL* s, PACKET* pkt, EVP_PKEY** pkey) EVP_PKEY_CTX_free(pctx); EVP_PKEY_free(pk); ASN1_OBJECT_free(obj); - return ret; + return ret; } /* @@ -427,99 +444,101 @@ todo: Можно ли взять под контроль генерацию pre_ ******************************************************************************* */ -int btls_construct_cke_bign_dht(SSL* s, WPACKET* pkt){ - unsigned char* pms = NULL; - size_t pms_len = 48; - EVP_PKEY_CTX* pkey_ctx = NULL; - X509* peer_cert; - unsigned char* token = NULL; - size_t token_len = 0; - int ret = 0; - // подготовка pms = pre_master_secret - pms = OPENSSL_malloc(pms_len); - if (!pms) - goto err; - if (!RAND_bytes(pms, (int)pms_len)) - goto err; - peer_cert = s->session->peer; - if (!peer_cert) - goto err; - // определить server_pubkey - pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL); - // token <- bign_keytransport(pms, server_pubkey) - if (!EVP_PKEY_encrypt_init(pkey_ctx)) - goto err; - if (!EVP_PKEY_encrypt(pkey_ctx, NULL, &token_len, pms, pms_len)) - goto err; - token = OPENSSL_malloc(token_len); - if (!token) - goto err; - if (!EVP_PKEY_encrypt(pkey_ctx, token, &token_len, pms, pms_len)) - goto err; - if (!WPACKET_sub_memcpy_u8(pkt, token, token_len)) - goto err; - // сохранить pms - s->s3->tmp.pms = pms; - s->s3->tmp.pmslen = pms_len; - pms = NULL; - ret = 1; +int btls_construct_cke_bign_dht(SSL* s, WPACKET* pkt) +{ + unsigned char* pms = NULL; + size_t pms_len = 48; + EVP_PKEY_CTX* pkey_ctx = NULL; + X509* peer_cert; + unsigned char* token = NULL; + size_t token_len = 0; + int ret = 0; + // подготовка pms = pre_master_secret + pms = OPENSSL_malloc(pms_len); + if (!pms) + goto err; + if (!RAND_bytes(pms, (int)pms_len)) + goto err; + peer_cert = s->session->peer; + if (!peer_cert) + goto err; + // определить server_pubkey + pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL); + // token <- bign_keytransport(pms, server_pubkey) + if (!EVP_PKEY_encrypt_init(pkey_ctx)) + goto err; + if (!EVP_PKEY_encrypt(pkey_ctx, NULL, &token_len, pms, pms_len)) + goto err; + token = OPENSSL_malloc(token_len); + if (!token) + goto err; + if (!EVP_PKEY_encrypt(pkey_ctx, token, &token_len, pms, pms_len)) + goto err; + if (!WPACKET_sub_memcpy_u8(pkt, token, token_len)) + goto err; + // сохранить pms + s->s3->tmp.pms = pms; + s->s3->tmp.pmslen = pms_len; + pms = NULL; + ret = 1; err: - if (pms) - OPENSSL_free(pms); - if (token) - OPENSSL_free(token); - if (pkey_ctx) - EVP_PKEY_CTX_free(pkey_ctx); - if (ret == 0) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - return ret; + if (pms) + OPENSSL_free(pms); + if (token) + OPENSSL_free(token); + if (pkey_ctx) + EVP_PKEY_CTX_free(pkey_ctx); + if (ret == 0) + SSLfatal(s, + SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return ret; } int btls_process_cke_bign_dht(SSL* s, PACKET* pkt) { int ret = 0; EVP_PKEY* pk = NULL; - EVP_PKEY_CTX* pkey_ctx = NULL; - unsigned char* pms = NULL; - size_t pms_len = 0; - const unsigned char* token; - unsigned int token_len; - // подготовить личный ключ - pk = s->cert->pkeys[SSL_PKEY_BIGN].privatekey; - if (pk == NULL) - goto err; - pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); - if (pkey_ctx == NULL) - goto err; - if (!EVP_PKEY_decrypt_init(pkey_ctx)) - goto err; - // извлечь токен ключа - if (!PACKET_get_1(pkt, &token_len) || - !PACKET_get_bytes(pkt, &token, token_len) || - PACKET_remaining(pkt) != 0) - goto err; - // снять защиту с токена - if (!EVP_PKEY_decrypt(pkey_ctx, NULL, &pms_len, token, token_len) || - pms_len != 48) - goto err; - pms = (unsigned char*)OPENSSL_malloc(pms_len); - if (!EVP_PKEY_decrypt(pkey_ctx, pms, &pms_len, token, token_len)) - goto err; - if (!ssl_generate_master_secret(s, pms, pms_len, 0)) - goto err; - ret = 1; + EVP_PKEY_CTX* pkey_ctx = NULL; + unsigned char* pms = NULL; + size_t pms_len = 0; + const unsigned char* token; + unsigned int token_len; + // подготовить личный ключ + pk = s->cert->pkeys[SSL_PKEY_BIGN].privatekey; + if (pk == NULL) + goto err; + pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); + if (pkey_ctx == NULL) + goto err; + if (!EVP_PKEY_decrypt_init(pkey_ctx)) + goto err; + // извлечь токен ключа + if (!PACKET_get_1(pkt, &token_len) || + !PACKET_get_bytes(pkt, &token, token_len) || PACKET_remaining(pkt) != 0) + goto err; + // снять защиту с токена + if (!EVP_PKEY_decrypt(pkey_ctx, NULL, &pms_len, token, token_len) || + pms_len != 48) + goto err; + pms = (unsigned char*)OPENSSL_malloc(pms_len); + if (!EVP_PKEY_decrypt(pkey_ctx, pms, &pms_len, token, token_len)) + goto err; + if (!ssl_generate_master_secret(s, pms, pms_len, 0)) + goto err; + ret = 1; err: - if (pkey_ctx != NULL) - EVP_PKEY_CTX_free(pkey_ctx); - if (pms != NULL) - OPENSSL_free(pms); - if (ret == 0) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - return ret; + if (pkey_ctx != NULL) + EVP_PKEY_CTX_free(pkey_ctx); + if (pms != NULL) + OPENSSL_free(pms); + if (ret == 0) + SSLfatal(s, + SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return ret; } /* diff --git a/btls/legacy/btls.h b/btls/legacy/btls.h index a5a1a34..ecdbbc7 100644 --- a/btls/legacy/btls.h +++ b/btls/legacy/btls.h @@ -35,17 +35,19 @@ extern "C" { #define NID_bash512 (NUM_NID + 3) #define NID_belt_dwpt (NUM_NID + 4) #define NID_belt_ctrt (NUM_NID + 5) -#define NID_belt_mac256 (NUM_NID + 6) -#define NID_bign_with_hbelt (NUM_NID + 7) -#define NID_bign_with_bash384 (NUM_NID + 8) -#define NID_bign_with_bash512 (NUM_NID + 9) -#define NID_bign_curve256v1 (NUM_NID + 10) -#define NID_bign_curve384v1 (NUM_NID + 11) -#define NID_bign_curve512v1 (NUM_NID + 12) -#define NID_kxbdhe (NUM_NID + 13) -#define NID_kxbdht (NUM_NID + 14) -#define NID_kxbdhe_psk (NUM_NID + 15) -#define NID_kxbdht_psk (NUM_NID + 16) +#define NID_belt_chet (NUM_NID + 6) +#define NID_bash_prg_aet (NUM_NID + 7) +#define NID_belt_mac256 (NUM_NID + 8) +#define NID_bign_with_hbelt (NUM_NID + 9) +#define NID_bign_with_bash384 (NUM_NID + 10) +#define NID_bign_with_bash512 (NUM_NID + 11) +#define NID_bign_curve256v1 (NUM_NID + 12) +#define NID_bign_curve384v1 (NUM_NID + 13) +#define NID_bign_curve512v1 (NUM_NID + 14) +#define NID_kxbdhe (NUM_NID + 15) +#define NID_kxbdht (NUM_NID + 16) +#define NID_kxbdhe_psk (NUM_NID + 17) +#define NID_kxbdht_psk (NUM_NID + 18) /* ssl_local.h */ #define SSL_kBDHE 0x00000200U @@ -57,6 +59,8 @@ extern "C" { #define SSL_BELTCTR 0x00400000U #define SSL_BELTDWP 0x00800000U +#define SSL_BELTCHE 0x01000000U +#define SSL_BASHPRGAE 0x02000000U #define SSL_BELTMAC 0x00000400U #define SSL_HBELT 0x00000800U @@ -88,6 +92,11 @@ extern "C" { #define SSL_TXT_BELTCTR "BELTCTR" #define SSL_TXT_BELTMAC "BELTMAC" #define SSL_TXT_BELTDWP "BELTDWP" +#define SSL_TXT_BELTCHE "BELTCHE" +#define SSL_TXT_BASHPRGAE "BASHPRGAE" + +# define EVP_BELTCHE_TLS_TAG_LEN 8 +# define EVP_BASHPRGAE_TLS_TAG_LEN 32 /* tls1.h */ # define TLS_CT_BIGN_SIGN 231 @@ -128,6 +137,17 @@ extern "C" { # define BTLS1_TXT_DHT_PSK_BIGN_WITH_BELT_DWP_HBELT\ "DHT-PSK-BIGN-WITH-BELT-DWP-HBELT" +# define BTLS1_RFC_BELT_CHE256_BELT_HASH\ + "BTLS_BELT_CHE256_BELT_HASH" +# define BTLS1_TXT_BELT_CHE256_BELT_HASH\ + "BTLS_BELT_CHE256_BELT_HASH" +# define BTLS1_3_CK_BELT_CHE256_BELT_HASH 0x0300ff1d + +# define BTLS1_RFC_BASH_PRG_AE256_BASH256\ + "BTLS_BASH_PRG_AE256_BASH256" +# define BTLS1_TXT_BASH_PRG_AE256_BASH256\ + "BTLS_BASH_PRG_AE256_BASH256" +# define BTLS1_3_CK_BASH_PRG_AE256_BASH256 0x0300ff1e /* t1_lib.c */ #define BIGN_CURVE256V1_ID 31 /* indices in TLS_GROUP_INFO nid_list[] */ diff --git a/btls/objects.txt b/btls/objects.txt index 7d82224..0ebd96c 100644 --- a/btls/objects.txt +++ b/btls/objects.txt @@ -5,6 +5,7 @@ 1 2 112 0 2 0 34 101 77 13 : bash512 : bash512 1 2 112 0 2 0 34 101 31 67 : belt-dwpt : belt-dwpt 1 2 112 0 2 0 34 101 31 68 : belt-chet : belt-chet +1 2 112 0 2 0 34 101 31 37 : bash-prg-aet : bash-prg-aet 1 2 112 0 2 0 34 101 31 44 : belt-ctrt : belt-ctrt 1 2 112 0 2 0 34 101 31 53 : belt-mac256 : belt-mac256 1 2 112 0 2 0 34 101 45 12 : bign-with-hbelt : bign-with-hbelt diff --git a/btls/patch/OpenSSL_1_1_1i.patch b/btls/patch/OpenSSL_1_1_1i.patch index 60ea0d1..0750331 100644 --- a/btls/patch/OpenSSL_1_1_1i.patch +++ b/btls/patch/OpenSSL_1_1_1i.patch @@ -9,8 +9,43 @@ index bb2f1deb..e15d5cb0 100644 - statem/statem.c record/ssl3_record_tls13.c + statem/statem.c record/ssl3_record_tls13.c \ + btls.c +diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c +index ab50e376..3aeebc28 100644 +--- a/ssl/record/ssl3_record_tls13.c ++++ b/ssl/record/ssl3_record_tls13.c +@@ -10,6 +10,8 @@ + #include "../ssl_local.h" + #include "record_local.h" + #include "internal/cryptlib.h" ++#include "../btls.h" ++#include + + /*- + * tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for +@@ -107,7 +109,11 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) + taglen = EVP_GCM_TLS_TAG_LEN; + } else if (alg_enc & SSL_CHACHA20) { + taglen = EVP_CHACHAPOLY_TLS_TAG_LEN; +- } else { ++ } else if (alg_enc & SSL_BELTCHE) { ++ taglen = EVP_BELTCHE_TLS_TAG_LEN; ++ } else if (alg_enc & SSL_BASHPRGAE) { ++ taglen = EVP_BASHPRGAE_TLS_TAG_LEN; ++ } else { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return -1; +@@ -171,7 +177,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) + * any AAD. + */ + if (((alg_enc & SSL_AESCCM) != 0 +- && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, ++ && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, + (unsigned int)rec->length) <= 0) + || EVP_CipherUpdate(ctx, NULL, &lenu, recheader, + sizeof(recheader)) <= 0 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 4511b52c..49190d3a 100644 +index 4511b52c..c8aa86df 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -17,6 +17,7 @@ @@ -18,10 +53,49 @@ index 4511b52c..49190d3a 100644 #include #include "internal/cryptlib.h" +#include "btls.h" - + #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) -@@ -3174,6 +3175,135 @@ static SSL_CIPHER ssl3_ciphers[] = { +@@ -111,6 +112,38 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, ++ }, ++{ ++ 1, ++ BTLS1_RFC_BELT_CHE256_BELT_HASH, ++ BTLS1_RFC_BELT_CHE256_BELT_HASH, ++ BTLS1_3_CK_BELT_CHE256_BELT_HASH, ++ SSL_kANY, ++ SSL_aANY, ++ SSL_BELTCHE, ++ SSL_AEAD, ++ TLS1_3_VERSION, TLS1_3_VERSION, ++ 0, 0, ++ SSL_HIGH, ++ SSL_HANDSHAKE_MAC_HBELT | TLS1_PRF_HBELT, ++ 256, ++ 256, ++ }, ++{ ++ 1, ++ BTLS1_RFC_BASH_PRG_AE256_BASH256, ++ BTLS1_RFC_BASH_PRG_AE256_BASH256, ++ BTLS1_3_CK_BASH_PRG_AE256_BASH256, ++ SSL_kANY, ++ SSL_aANY, ++ SSL_BASHPRGAE, ++ SSL_AEAD, ++ TLS1_3_VERSION, TLS1_3_VERSION, ++ 0, 0, ++ SSL_HIGH, ++ SSL_HANDSHAKE_MAC_HBELT | TLS1_PRF_HBELT, ++ 256, ++ 256, + } + }; + +@@ -3174,6 +3207,135 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, }, #endif /* OPENSSL_NO_ARIA */ @@ -155,12 +229,12 @@ index 4511b52c..49190d3a 100644 + 256, + }, }; - + /* -@@ -4342,6 +4472,11 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) +@@ -4342,6 +4504,11 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN); #endif - + + if (s->version >= TLS1_VERSION && (alg_k & SSL_kBDHE)) + return WPACKET_put_bytes_u8(pkt, TLS_CT_BIGN_SIGN); + if (s->version >= TLS1_VERSION && (alg_k & SSL_kBDHTPSK)) @@ -191,7 +265,7 @@ index 0c47241c..76c52283 100644 + {NID_bign_pubkey, SSL_aBIGN}, /* SSL_PKEY_BIGN */ }; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 735a483c..c3272d44 100644 +index 735a483c..e1716af3 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -20,6 +20,7 @@ @@ -199,7 +273,7 @@ index 735a483c..c3272d44 100644 #include "internal/thread_once.h" #include "internal/cryptlib.h" +#include "btls.h" - + #define SSL_ENC_DES_IDX 0 #define SSL_ENC_3DES_IDX 1 @@ -43,7 +44,7 @@ @@ -207,20 +281,22 @@ index 735a483c..c3272d44 100644 #define SSL_ENC_ARIA128GCM_IDX 20 #define SSL_ENC_ARIA256GCM_IDX 21 -#define SSL_ENC_NUM_IDX 22 -+#define SSL_ENC_NUM_IDX 24 - ++#define SSL_ENC_NUM_IDX 26 + /* NB: make sure indices in these tables match values above */ - -@@ -76,6 +77,8 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { + +@@ -76,6 +77,10 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */ {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ + {SSL_BELTCTR, NID_belt_ctrt}, /* SSL_ENC_BELTCTR_IDX 22 */ + {SSL_BELTDWP, NID_belt_dwpt}, /* SSL_ENC_BELTDWP_IDX 23 */ ++ {SSL_BELTCHE, NID_belt_chet}, ++ {SSL_BASHPRGAE, NID_bash_prg_aet}, }; - + static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]; -@@ -110,11 +113,15 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { +@@ -110,11 +115,15 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ @@ -231,14 +307,14 @@ index 735a483c..c3272d44 100644 + {SSL_BASH384, NID_bash384}, /* SSL_MD_BASH384_IDX 14 */ + {SSL_BASH512, NID_bash512} /* SSL_MD_BASH512_IDX 15 */ }; - + static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; - + /* *INDENT-OFF* */ -@@ -128,7 +135,11 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { +@@ -128,7 +137,11 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { {SSL_kPSK, NID_kx_psk}, {SSL_kSRP, NID_kx_srp}, {SSL_kGOST, NID_kx_gost}, @@ -249,9 +325,9 @@ index 735a483c..c3272d44 100644 + {SSL_kBDHEPSK, NID_kxbdhe_psk}, + {SSL_kBDHTPSK, NID_kxbdht_psk} }; - + static const ssl_cipher_table ssl_cipher_table_auth[] = { -@@ -172,7 +183,9 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { +@@ -172,7 +185,9 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { /* GOST2012_512 */ EVP_PKEY_HMAC, /* MD5/SHA1, SHA224, SHA512 */ @@ -260,9 +336,9 @@ index 735a483c..c3272d44 100644 + /* BELTMAC BELTHASH */ + NID_undef, NID_undef }; - + static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX]; -@@ -228,6 +241,10 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -228,6 +243,10 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK}, {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP}, {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST}, @@ -270,38 +346,39 @@ index 735a483c..c3272d44 100644 + {0, SSL_TXT_kBDHT, NULL, 0, SSL_kBDHT}, + {0, SSL_TXT_kBDHEPSK, NULL, 0, SSL_kBDHEPSK}, + {0, SSL_TXT_kBDHTPSK, NULL, 0, SSL_kBDHTPSK}, - + /* server authentication aliases */ {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA}, -@@ -241,6 +258,7 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -241,6 +260,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12}, {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12}, {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP}, + {0, SSL_TXT_aBIGN, NULL, 0, SSL_aBIGN}, - + /* aliases combining key exchange and server authentication */ {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL}, -@@ -280,6 +298,8 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -280,6 +300,9 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM}, {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM}, {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM}, + {0, SSL_TXT_BELTCTR, NULL, 0, 0, 0, SSL_BELTCTR}, + {0, SSL_TXT_BELTDWP, NULL, 0, 0, 0, SSL_BELTDWP}, - ++ {0, SSL_TXT_BELTCHE, NULL, 0, 0, 0, SSL_BELTCHE}, + /* MAC aliases */ {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5}, -@@ -290,6 +310,7 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -290,6 +313,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256}, {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384}, {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256}, + {0, SSL_TXT_BELTMAC, NULL, 0, 0, 0, 0, SSL_BELTMAC}, - + /* protocol version aliases */ {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION}, -@@ -445,6 +466,15 @@ int ssl_load_ciphers(void) +@@ -445,6 +469,15 @@ int ssl_load_ciphers(void) (SSL_aGOST01 | SSL_aGOST12)) disabled_mkey_mask |= SSL_kGOST; - + + ssl_mac_pkey_id[SSL_MD_BELTMAC_IDX] = get_optional_pkey_id("belt-mac256"); + if (ssl_mac_pkey_id[SSL_MD_BELTMAC_IDX]) + ssl_mac_secret_size[SSL_MD_BELTMAC_IDX] = 32; @@ -313,8 +390,8 @@ index 735a483c..c3272d44 100644 + return 1; } - -@@ -1686,6 +1716,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) + +@@ -1686,6 +1719,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kGOST: kx = "GOST"; break; @@ -333,7 +410,7 @@ index 735a483c..c3272d44 100644 case SSL_kANY: kx = "any"; break; -@@ -1719,6 +1761,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1719,6 +1764,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case (SSL_aGOST12 | SSL_aGOST01): au = "GOST12"; break; @@ -343,7 +420,7 @@ index 735a483c..c3272d44 100644 case SSL_aANY: au = "any"; break; -@@ -1792,6 +1837,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1792,6 +1840,15 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_CHACHA20POLY1305: enc = "CHACHA20/POLY1305(256)"; break; @@ -352,11 +429,14 @@ index 735a483c..c3272d44 100644 + break; + case SSL_BELTDWP: + enc = "BELTDWP"; ++ break; ++ case SSL_BELTCHE: ++ enc = "BELTCHE"; + break; default: enc = "unknown"; break; -@@ -1824,6 +1875,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1824,6 +1881,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_GOST12_512: mac = "GOST2012"; break; @@ -375,19 +455,19 @@ index d083d959..d34a8e0c 100644 #include "ssl_local.h" #include "internal/thread_once.h" +#include "btls.h" - + static int stopped; - + @@ -202,6 +203,9 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) opts |= OPENSSL_INIT_LOAD_CONFIG; #endif - + + if (!btls_init()) + return 0; + if (!OPENSSL_init_crypto(opts, settings)) return 0; - + diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 98057921..4ce809a5 100644 --- a/ssl/ssl_lib.c @@ -397,13 +477,13 @@ index 98057921..4ce809a5 100644 #include "internal/cryptlib.h" #include "internal/refcount.h" +#include "btls.h" - + const char SSL_version_str[] = OPENSSL_VERSION_TEXT; - + @@ -3343,6 +3344,11 @@ void ssl_set_masks(SSL *s) } #endif - + + if (ssl_has_cert(s, SSL_PKEY_BIGN)){ + mask_k |= SSL_kBDHE | SSL_kBDHT | SSL_kBDHTPSK; + mask_a |= SSL_aBIGN; @@ -411,11 +491,11 @@ index 98057921..4ce809a5 100644 + if (rsa_enc) mask_k |= SSL_kRSA; - + @@ -3396,6 +3402,10 @@ void ssl_set_masks(SSL *s) mask_k |= SSL_kECDHE; #endif - + +#ifndef OPENSSL_NO_BDHE_PSK + mask_k |= SSL_kBDHEPSK; +#endif @@ -432,16 +512,16 @@ index 8ddbde77..de1152dc 100644 # include "internal/refcount.h" # include "internal/tsan_assist.h" +# include "btls.h" - + # ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN @@ -179,7 +180,7 @@ - + /* all PSK */ - + -# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) +# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK | SSL_kBDHEPSK | SSL_kBDHTPSK) - + /* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */ # define SSL_kANY 0x00000000U @@ -205,7 +206,7 @@ @@ -450,7 +530,7 @@ index 8ddbde77..de1152dc 100644 #define SSL_aCERT \ - (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12) + (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12 | SSL_aBIGN) - + /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001U @@ -270,7 +271,7 @@ @@ -459,16 +539,16 @@ index 8ddbde77..de1152dc 100644 # define SSL_MD_SHA512_IDX 11 -# define SSL_MAX_DIGEST 12 +# define SSL_MAX_DIGEST 16 - + /* Bits for algorithm2 (handshake digests and other extra flags) */ - + @@ -383,7 +384,7 @@ # define SSL_PKEY_GOST12_512 6 # define SSL_PKEY_ED25519 7 # define SSL_PKEY_ED448 8 -# define SSL_PKEY_NUM 9 +# define SSL_PKEY_NUM 10 - + /*- * SSL_kRSA <- RSA_ENC diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c @@ -476,7 +556,7 @@ index bcce0f1d..1ffe8200 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -130,7 +130,7 @@ static int use_ecc(SSL *s) - + alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; - if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) @@ -510,10 +590,10 @@ index 3420ce65..22a44781 100644 + | SSL_kSRP | SSL_kBDHE | SSL_kBDHEPSK | SSL_kBDHTPSK)) { return 1; } - + @@ -2277,7 +2277,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } - + /* Nothing else to do for plain PSK or RSAPSK */ - if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) { + if (alg_k & (SSL_kPSK | SSL_kRSAPSK | SSL_kBDHTPSK)) { @@ -562,7 +642,7 @@ index 3420ce65..22a44781 100644 + } return 1; } - + diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index cf45a40c..89b1ec42 100644 --- a/ssl/statem/statem_srvr.c @@ -614,13 +694,13 @@ index cf45a40c..89b1ec42 100644 if ((s->srp_ctx.N == NULL) || @@ -2673,7 +2682,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } - + #ifndef OPENSSL_NO_PSK - if (type & SSL_PSK) { + if ((type & SSL_PSK) && (s->s3->tmp.new_cipher->algorithm_mkey != SSL_kBDHEPSK)) { size_t len = (s->cert->psk_identity_hint == NULL) ? 0 : strlen(s->cert->psk_identity_hint); - + @@ -3496,6 +3505,16 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) /* SSLfatal() already called */ goto err; @@ -647,7 +727,7 @@ index 48d46f8a..71f861c0 100644 #include "ssl_local.h" #include +#include "btls.h" - + static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); @@ -169,6 +170,9 @@ static const TLS_GROUP_INFO nid_list[] = { @@ -658,7 +738,7 @@ index 48d46f8a..71f861c0 100644 + {NID_bign_curve384v1, 192, TLS_CURVE_CUSTOM}, /* BIGN_CURVE384V1_ID (32) */ + {NID_bign_curve512v1, 256, TLS_CURVE_CUSTOM}, /* BIGN_CURVE512V1_ID (33) */ }; - + static const unsigned char ecformats_default[] = { @@ -674,6 +678,9 @@ static const uint16_t tls12_sigalgs[] = { TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, @@ -668,7 +748,7 @@ index 48d46f8a..71f861c0 100644 + TLSEXT_SIGALG_bign_sign_192, + TLSEXT_SIGALG_bign_sign_256 }; - + #ifndef OPENSSL_NO_EC @@ -769,8 +776,20 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, @@ -698,13 +778,13 @@ index 48d46f8a..71f861c0 100644 tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448); + tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_BIGN); } - + /* User level utility function to check a chain is suitable */ diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c -index e2c397b7..08f80f8d 100644 +index e2c397b7..afa46acf 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c -@@ -443,6 +443,14 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { +@@ -443,6 +443,16 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, {0xFF85, "GOST2012-GOST8912-GOST8912"}, {0xFF87, "GOST2012-NULL-GOST12"}, @@ -716,10 +796,12 @@ index e2c397b7..08f80f8d 100644 + {0xFF1A, "BDHE-PSK-BIGN_WITH-BELT-DWP-HBELT"}, + {0xFF1B, "BDHT-PSK-BIGN_WITH-BELT-CTR-MAC-HBELT"}, + {0xFF1C, "BDHT-PSK-BIGN_WITH-BELT-DWP-HBELT"}, ++ {0xFF1D, "BELT-CHE256-BELT-HASH"}, ++ {0xFF1E, "BASH-PRG_AE256-BASH256"}, }; - + /* Compression methods */ -@@ -572,6 +580,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { +@@ -572,6 +582,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"}, {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"}, {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"}, @@ -727,5 +809,78 @@ index e2c397b7..08f80f8d 100644 + {TLSEXT_SIGALG_bign_sign_192, "bign_auth192"}, + {TLSEXT_SIGALG_bign_sign_256, "bign_auth256"}, }; - + static const ssl_trace_tbl ssl_ctype_tbl[] = { +diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c +index b8fb07f2..30fffc3d 100644 +--- a/ssl/tls13_enc.c ++++ b/ssl/tls13_enc.c +@@ -8,6 +8,7 @@ + */ + + #include ++#include "btls.h" + #include "ssl_local.h" + #include "internal/cryptlib.h" + #include +@@ -369,6 +370,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, + size_t ivlen, keylen, taglen; + int hashleni = EVP_MD_size(md); + size_t hashlen; ++ uint32_t algenc; + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { +@@ -386,28 +388,34 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, + + /* TODO(size_t): convert me */ + keylen = EVP_CIPHER_key_length(ciph); ++ ++ ivlen = EVP_CCM_TLS_IV_LEN; ++ if (s->s3->tmp.new_cipher != NULL) { ++ algenc = s->s3->tmp.new_cipher->algorithm_enc; ++ } else if (s->session->cipher != NULL) { ++ /* We've not selected a cipher yet - we must be doing early data */ ++ algenc = s->session->cipher->algorithm_enc; ++ } else if (s->psksession != NULL && s->psksession->cipher != NULL) { ++ /* We must be doing early data with out-of-band PSK */ ++ algenc = s->psksession->cipher->algorithm_enc; ++ } else { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, ++ ERR_R_EVP_LIB); ++ goto err; ++ } ++ + if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) { +- uint32_t algenc; +- +- ivlen = EVP_CCM_TLS_IV_LEN; +- if (s->s3->tmp.new_cipher != NULL) { +- algenc = s->s3->tmp.new_cipher->algorithm_enc; +- } else if (s->session->cipher != NULL) { +- /* We've not selected a cipher yet - we must be doing early data */ +- algenc = s->session->cipher->algorithm_enc; +- } else if (s->psksession != NULL && s->psksession->cipher != NULL) { +- /* We must be doing early data with out-of-band PSK */ +- algenc = s->psksession->cipher->algorithm_enc; +- } else { +- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, +- ERR_R_EVP_LIB); +- goto err; +- } + if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) + taglen = EVP_CCM8_TLS_TAG_LEN; +- else ++ else + taglen = EVP_CCM_TLS_TAG_LEN; +- } else { ++ } else if (algenc & SSL_BELTCHE) { ++ ivlen = EVP_CIPHER_iv_length(ciph); ++ taglen = EVP_BELTCHE_TLS_TAG_LEN; ++ } else if (algenc & SSL_BASHPRGAE) { ++ ivlen = EVP_CIPHER_iv_length(ciph); ++ taglen = EVP_BASHPRGAE_TLS_TAG_LEN; ++ } else { + ivlen = EVP_CIPHER_iv_length(ciph); + taglen = 0; + } diff --git a/btls/patch/openssl-3.3.1.patch b/btls/patch/openssl-3.3.1.patch index 7c08076..87d480b 100644 --- a/btls/patch/openssl-3.3.1.patch +++ b/btls/patch/openssl-3.3.1.patch @@ -38,7 +38,7 @@ index 7e3d1a7..f4fca39 100644 # if defined(SSL3_CT_NUMBER) # if TLS_CT_NUMBER != SSL3_CT_NUMBER -diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c + diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c index f723461..b55f44f 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -77,7 +77,7 @@ index de28a07..4acb3bd 100644 # For shared builds we need to include the libcrypto packet.c and quic_vlint.c # in libssl as well. diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 2bc5e79..ec89245 100644 +index 2bc5e79..a1967ea 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -20,6 +20,7 @@ @@ -88,7 +88,46 @@ index 2bc5e79..ec89245 100644 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) -@@ -3212,6 +3213,135 @@ static SSL_CIPHER ssl3_ciphers[] = { +@@ -112,7 +113,37 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_HANDSHAKE_MAC_SHA256, + 64, /* CCM8 uses a short tag, so we have a low security strength */ + 128, +- } ++ }, { ++ 1, ++ BTLS1_RFC_BELT_CHE256_BELT_HASH, ++ BTLS1_RFC_BELT_CHE256_BELT_HASH, ++ BTLS1_3_CK_BELT_CHE256_BELT_HASH, ++ SSL_kANY, ++ SSL_aANY, ++ SSL_BELTCHE, ++ SSL_AEAD, ++ TLS1_3_VERSION, TLS1_3_VERSION, ++ 0, 0, ++ SSL_HIGH, ++ SSL_HANDSHAKE_MAC_HBELT | TLS1_PRF_HBELT, ++ 256, ++ 256, ++ }, { ++ 1, ++ BTLS1_RFC_BASH_PRG_AE256_BASH256, ++ BTLS1_RFC_BASH_PRG_AE256_BASH256, ++ BTLS1_3_CK_BASH_PRG_AE256_BASH256, ++ SSL_kANY, ++ SSL_aANY, ++ SSL_BASHPRGAE, ++ SSL_AEAD, ++ TLS1_3_VERSION, TLS1_3_VERSION, ++ 0, 0, ++ SSL_HIGH, ++ SSL_HANDSHAKE_MAC_HBELT | TLS1_PRF_HBELT, ++ 256, ++ 256, ++ } + }; + + /* +@@ -3212,6 +3243,135 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, @@ -224,7 +263,7 @@ index 2bc5e79..ec89245 100644 }; /* -@@ -4400,7 +4530,10 @@ int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt) +@@ -4400,7 +4560,10 @@ int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt) || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)) return 0; #endif @@ -257,7 +296,7 @@ index e4dc806..78b1fe1 100644 + {NID_bign_pubkey, SSL_aBIGN} /* SSL_PKEY_BIGN */ }; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index ddde21b..760db92 100644 +index ddde21b..904cfa6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -21,6 +21,7 @@ @@ -268,16 +307,18 @@ index ddde21b..760db92 100644 /* NB: make sure indices in these tables match values above */ -@@ -55,6 +56,8 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { +@@ -55,6 +56,10 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ {SSL_MAGMA, NID_magma_ctr_acpkm}, /* SSL_ENC_MAGMA_IDX */ {SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm}, /* SSL_ENC_KUZNYECHIK_IDX */ + {SSL_BELTDWP, NID_belt_dwpt}, /* SSL_ENC_BELTDWP_IDX 24 */ + {SSL_BELTCTR, NID_belt_ctrt}, /* SSL_ENC_BELTCTR_IDX 25 */ ++ {SSL_BELTCHE, NID_belt_chet}, ++ {SSL_BASHPRGAE, NID_bash_prg_aet} }; #define SSL_COMP_NULL_IDX 0 -@@ -80,9 +83,13 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { +@@ -80,9 +85,13 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ @@ -293,7 +334,7 @@ index ddde21b..760db92 100644 }; /* *INDENT-OFF* */ -@@ -97,7 +104,11 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { +@@ -97,7 +106,11 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { {SSL_kSRP, NID_kx_srp}, {SSL_kGOST, NID_kx_gost}, {SSL_kGOST18, NID_kx_gost18}, @@ -306,7 +347,7 @@ index ddde21b..760db92 100644 }; static const ssl_cipher_table ssl_cipher_table_auth[] = { -@@ -109,7 +120,7 @@ static const ssl_cipher_table ssl_cipher_table_auth[] = { +@@ -109,7 +122,7 @@ static const ssl_cipher_table ssl_cipher_table_auth[] = { {SSL_aGOST12, NID_auth_gost12}, {SSL_aSRP, NID_auth_srp}, {SSL_aNULL, NID_auth_null}, @@ -315,7 +356,7 @@ index ddde21b..760db92 100644 }; /* *INDENT-ON* */ -@@ -141,7 +152,9 @@ static const int default_mac_pkey_id[SSL_MD_NUM_IDX] = { +@@ -141,7 +154,9 @@ static const int default_mac_pkey_id[SSL_MD_NUM_IDX] = { /* GOST2012_512 */ EVP_PKEY_HMAC, /* MD5/SHA1, SHA224, SHA512, MAGMAOMAC, KUZNYECHIKOMAC */ @@ -326,7 +367,7 @@ index ddde21b..760db92 100644 }; #define CIPHER_ADD 1 -@@ -196,6 +209,10 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -196,6 +211,10 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP}, {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST}, {0, SSL_TXT_kGOST18, NULL, 0, SSL_kGOST18}, @@ -337,7 +378,7 @@ index ddde21b..760db92 100644 /* server authentication aliases */ {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA}, -@@ -209,6 +226,7 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -209,6 +228,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12}, {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12}, {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP}, @@ -345,16 +386,18 @@ index ddde21b..760db92 100644 /* aliases combining key exchange and server authentication */ {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL}, -@@ -251,6 +269,8 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -251,6 +271,10 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM}, {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM}, {0, SSL_TXT_CBC, NULL, 0, 0, 0, SSL_CBC}, + {0, SSL_TXT_BELTDWP, NULL, 0, 0, 0, SSL_BELTDWP}, + {0, SSL_TXT_BELTCTR, NULL, 0, 0, 0, SSL_BELTCTR}, ++ {0, SSL_TXT_BELTCHE, NULL, 0, 0, 0, SSL_BELTCHE}, ++ {0, SSL_TXT_BASHPRGAE, NULL, 0, 0, 0, SSL_BASHPRGAE}, /* MAC aliases */ {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5}, -@@ -261,6 +281,7 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -261,6 +285,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256}, {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384}, {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256}, @@ -362,7 +405,7 @@ index ddde21b..760db92 100644 /* protocol version aliases */ {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION}, -@@ -442,6 +463,18 @@ int ssl_load_ciphers(SSL_CTX *ctx) +@@ -442,6 +467,18 @@ int ssl_load_ciphers(SSL_CTX *ctx) if ((ctx->disabled_auth_mask & SSL_aGOST12) == SSL_aGOST12) ctx->disabled_mkey_mask |= SSL_kGOST18; @@ -381,7 +424,7 @@ index ddde21b..760db92 100644 return 1; } -@@ -1756,6 +1789,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1756,6 +1793,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kGOST18: kx = "GOST18"; break; @@ -400,7 +443,7 @@ index ddde21b..760db92 100644 case SSL_kANY: kx = "any"; break; -@@ -1789,6 +1834,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1789,6 +1838,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case (SSL_aGOST12 | SSL_aGOST01): au = "GOST12"; break; @@ -410,7 +453,7 @@ index ddde21b..760db92 100644 case SSL_aANY: au = "any"; break; -@@ -1868,6 +1916,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1868,6 +1920,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_CHACHA20POLY1305: enc = "CHACHA20/POLY1305(256)"; break; @@ -419,11 +462,17 @@ index ddde21b..760db92 100644 + break; + case SSL_BELTDWP: + enc = "BELTDWP"; ++ break; ++ case SSL_BELTCHE: ++ enc = "BELCHE"; ++ break; ++ case SSL_BASHPRGAE: ++ enc = "BASHPRGAE"; + break; default: enc = "unknown"; break; -@@ -1900,6 +1954,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1900,6 +1964,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_GOST12_512: mac = "GOST2012"; break; @@ -491,7 +540,7 @@ index 5ec6ac4..ae16116 100644 mask_k |= SSL_kPSK; mask_a |= SSL_aPSK; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h -index f448cfd..3d4cff3 100644 +index f448cfd..02be6fc 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -38,6 +38,7 @@ @@ -543,7 +592,7 @@ index f448cfd..3d4cff3 100644 # define SSL_ENC_MAGMA_IDX 22 # define SSL_ENC_KUZNYECHIK_IDX 23 -# define SSL_ENC_NUM_IDX 24 -+# define SSL_ENC_NUM_IDX 26 ++# define SSL_ENC_NUM_IDX 28 /*- * SSL_kRSA <- RSA_ENC @@ -714,7 +763,7 @@ index 5ff479a..e3c05b7 100644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_CIPHER_TYPE); goto err; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index e9aa078..c5c9734 100644 +index e9aa078..1d2417f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -26,6 +26,7 @@ @@ -807,10 +856,10 @@ index e9aa078..c5c9734 100644 mdname = OBJ_nid2sn(sig->hash); supported = EVP_PKEY_digestsign_supports_digest(pkey, sctx->libctx, diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c -index 29dce65..4441511 100644 +index 29dce65..a034917 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c -@@ -449,6 +449,14 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { +@@ -449,6 +449,16 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { {0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC"}, {0xC101, "GOST2012-MAGMA-MAGMAOMAC"}, {0xC102, "GOST2012-GOST8912-IANA"}, @@ -822,10 +871,12 @@ index 29dce65..4441511 100644 + {0xFF1A, "BDHE-PSK-BIGN_WITH-BELT-DWP-HBELT"}, + {0xFF1B, "BDHT-PSK-BIGN_WITH-BELT-CTR-MAC-HBELT"}, + {0xFF1C, "BDHT-PSK-BIGN_WITH-BELT-DWP-HBELT"}, ++ {0xFF1D, "BELT-CHE256-BELT-HASH"}, ++ {0xFF1E, "BASH-PRG_AE256-BASH256"}, }; /* Compression methods */ -@@ -597,6 +605,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { +@@ -597,6 +607,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, "ecdsa_brainpoolP256r1_sha256"}, {TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384, "ecdsa_brainpoolP384r1_sha384"}, {TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512, "ecdsa_brainpoolP512r1_sha512"}, @@ -835,3 +886,69 @@ index 29dce65..4441511 100644 }; static const ssl_trace_tbl ssl_ctype_tbl[] = { +diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c +index 772a6fc..11199ca 100644 +--- a/ssl/tls13_enc.c ++++ b/ssl/tls13_enc.c +@@ -347,6 +347,7 @@ static int derive_secret_key_and_iv(SSL_CONNECTION *s, const EVP_MD *md, + int hashleni = EVP_MD_get_size(md); + size_t hashlen; + int mode; ++ uint32_t algenc; + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { +@@ -363,33 +364,36 @@ static int derive_secret_key_and_iv(SSL_CONNECTION *s, const EVP_MD *md, + + *keylen = EVP_CIPHER_get_key_length(ciph); + ++ *ivlen = EVP_CCM_TLS_IV_LEN; ++ if (s->s3.tmp.new_cipher != NULL) { ++ algenc = s->s3.tmp.new_cipher->algorithm_enc; ++ } else if (s->session->cipher != NULL) { ++ /* We've not selected a cipher yet - we must be doing early data */ ++ algenc = s->session->cipher->algorithm_enc; ++ } else if (s->psksession != NULL && s->psksession->cipher != NULL) { ++ /* We must be doing early data with out-of-band PSK */ ++ algenc = s->psksession->cipher->algorithm_enc; ++ } else { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); ++ return 0; ++ } ++ + mode = EVP_CIPHER_get_mode(ciph); + if (mode == EVP_CIPH_CCM_MODE) { +- uint32_t algenc; +- +- *ivlen = EVP_CCM_TLS_IV_LEN; +- if (s->s3.tmp.new_cipher != NULL) { +- algenc = s->s3.tmp.new_cipher->algorithm_enc; +- } else if (s->session->cipher != NULL) { +- /* We've not selected a cipher yet - we must be doing early data */ +- algenc = s->session->cipher->algorithm_enc; +- } else if (s->psksession != NULL && s->psksession->cipher != NULL) { +- /* We must be doing early data with out-of-band PSK */ +- algenc = s->psksession->cipher->algorithm_enc; +- } else { +- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); +- return 0; +- } + if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) + *taglen = EVP_CCM8_TLS_TAG_LEN; +- else ++ else + *taglen = EVP_CCM_TLS_TAG_LEN; + } else { + int iivlen; + + if (mode == EVP_CIPH_GCM_MODE) { + *taglen = EVP_GCM_TLS_TAG_LEN; +- } else { ++ } else if (algenc & SSL_BELTCHE) { ++ *taglen = EVP_BELTCHE_TLS_TAG_LEN; ++ } else if (algenc & SSL_BASHPRGAE) { ++ *taglen = EVP_BASHPRGAE_TLS_TAG_LEN; ++ } else { + /* CHACHA20P-POLY1305 */ + *taglen = EVP_CHACHAPOLY_TLS_TAG_LEN; + } diff --git a/include/bee2evp/bee2evp.h b/include/bee2evp/bee2evp.h index da3aa6e..17116d9 100644 --- a/include/bee2evp/bee2evp.h +++ b/include/bee2evp/bee2evp.h @@ -415,6 +415,21 @@ extern const char LN_bash_prg_ae2561[]; */ const EVP_CIPHER* evpBashPrgAe2561(); +/* bash-prg-aet */ +extern const char OID_bash_prg_aet[]; +#ifndef NID_bash_prg_aet +extern const char SN_bash_prg_aet[]; +extern const char LN_bash_prg_aet[]; +#define NID_bash_prg_aet OBJ_sn2nid(SN_bash_prg_aet) +#endif + +/*! \brief Описание алгоритмов belt-chet + + Возвращается описание алгоритмов belt-chet (редакция belt-che для TLS). + \return Описание алгоритмов. +*/ +const EVP_CIPHER* evpBashPrgAET(); + /*! \brief Описание алгоритмов belt-dwpt Возвращается описание алгоритмов belt-dwpt (редакция belt-dwp для TLS). diff --git a/scripts/source.sh b/scripts/source.sh index 58a6006..88aa89b 100644 --- a/scripts/source.sh +++ b/scripts/source.sh @@ -22,7 +22,7 @@ usage() { echo " -s, setup" echo " -b, build (=bb+bo+be)" echo " -bb, build Bee2" - echo " -bo, build OpenSSL" + echo " -bo, build OpenSSL" echo " -be, build Bee2evp" echo " -t, test" echo " -h, --help display this help and exit" @@ -148,7 +148,7 @@ system_opt(){ arch=$(uname -m) echo "System detection: OS=$os_name, Arch=$arch" - + case "$os_name" in Linux) # Linux distribution detection @@ -165,7 +165,7 @@ system_opt(){ ossl_config="Cygwin-$arch" ;; *) - # Fallback for unknown systems + # Fallback for unknown systems echo "Unknown system. Default settings are used." ;; esac @@ -212,7 +212,7 @@ patch_openssl(){ then btls_srcs_path=$bee2evp/btls cat $btls_srcs_path/objects.txt >> $openssl/crypto/objects/objects.txt - else + else btls_srcs_path=$bee2evp/btls/legacy fi cp $btls_srcs_path/btls.c ./ssl/ @@ -223,7 +223,7 @@ patch_openssl(){ build_bee2(){ green echo "[-] build bee2" mkdir -p $build_bee2 && cd $build_bee2 - cmake -DCMAKE_BUILD_TYPE=Release \ + cmake -DCMAKE_BUILD_TYPE=$build_type \ -DBUILD_PIC=ON \ -DCMAKE_INSTALL_PREFIX=$local \ -DCMAKE_INSTALL_LIBDIR=$lib_path $bee2 @@ -330,6 +330,6 @@ build(){ if $enable_bee2evp; then build_bee2evp attach_bee2evp - fi + fi green echo "Build ended" } diff --git a/src/belt_tls.c b/src/belt_tls.c index 2513b26..53e6f1f 100644 --- a/src/belt_tls.c +++ b/src/belt_tls.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "bee2evp/bee2evp.h" #include "bee2evp_lcl.h" @@ -110,12 +111,12 @@ const EVP_CIPHER* evpBeltDWPT() typedef struct belt_dwpt_ctx { - octet key[32]; /*< ключ */ - octet iv[16]; /*< синхропосылка */ - octet aad[16]; /*< заголовок TLS */ - size_t aad_len; /*< длина заголовка TLS */ - octet tag[8]; /*< имитовставка */ - mem_align_t state[]; /*< состояние beltDWP */ + octet key[32]; /*< ключ */ + octet iv[16]; /*< синхропосылка */ + octet aad[16]; /*< заголовок TLS */ + size_t aad_len; /*< длина заголовка TLS */ + octet tag[8]; /*< имитовставка */ + mem_align_t state[]; /*< состояние beltDWP */ } belt_dwpt_ctx; static int evpBeltDWPT_init( @@ -288,28 +289,27 @@ const EVP_CIPHER* evpBeltCHET() typedef struct belt_chet_ctx { - octet key[32]; /*< ключ */ - octet iv[16]; /*< синхропосылка */ - octet aad[16]; /*< заголовок TLS */ - size_t aad_len; /*< длина заголовка TLS */ - octet tag[8]; /*< имитовставка */ - mem_align_t state[]; /*< состояние beltCHE */ + octet key[32]; + octet iv[16]; + octet aad[5]; + octet tag[8]; + mem_align_t state[]; } belt_chet_ctx; static int evpBeltCHET_init( EVP_CIPHER_CTX* ctx, const octet* key, const octet* iv, int enc) { belt_chet_ctx* state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - if (iv) - { - memCopy(state->iv, iv, 8); - memSet(state->iv + 8, 0xFF, 8); - } if (key) { memCopy(state->key, key, 32); } - state->aad_len = 0; + + if (iv) + { + memCopy(state->iv, iv, 16); + } + return 1; } @@ -317,48 +317,59 @@ static int evpBeltCHET_cipher( EVP_CIPHER_CTX* ctx, octet* out, const octet* in, size_t len) { belt_chet_ctx* state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - // выполняются соглашения libssl? - if (out != in || !state->aad_len || len < 8 + 8) - return -1; - // обработать явную синхропосылку - if (EVP_CIPHER_CTX_encrypting(ctx)) + int enc = EVP_CIPHER_CTX_encrypting(ctx); + + if (out == NULL) { - // записать синхропосылку в начало фрагмента - memMove(out + 8, in, len); - ASSERT(!memEq(state->aad, state->iv + 8, 8)); - memCopy(out, state->aad, 8); - memCopy(state->iv + 8, state->aad, 8); + if (in && len == 5) + { + memCopy(state->aad, in, len); + return len; + } + else + { + return 0; + } } - else - // прочитать синхропосылку из начала фрагмента - memCopy(state->iv + 8, out, 8); - in += 8, out += 8, len -= 8; - // запустить шифр - beltCHEStart(state->state, state->key, 32, state->iv); - // обработать открытые (ассоциированные) данные - beltCHEStepI(state->aad, state->aad_len, state->state); - // обработать фрагмент (без имитовставки) - len -= 8; - if (EVP_CIPHER_CTX_encrypting(ctx)) + + if (out && in) { - beltCHEStepE(out, len, state->state); - beltCHEStepA(out, len, state->state); - beltCHEStepG(out + len, state->state); - len += 8 + 8; + if (enc) + { + memMove(out, in, len); + } + + beltCHEStart(state->state, state->key, 32, state->iv); + beltCHEStepI(state->aad, 5, state->state); } - else + + if (in) { - beltCHEStepA(out, len, state->state); - if (!beltCHEStepV(out + len, state->state)) + if (enc) { - memWipe(out, len); - return -1; + beltCHEStepE(out, len, state->state); + beltCHEStepA(out, len, state->state); + beltCHEStepG(out + len, state->state); + memCopy(state->tag, out + len, 8); } - beltCHEStepD(out, len, state->state); - memMove(out - 8, out, len); + else + { + beltCHEStepA(out, len, state->state); + + if (!beltCHEStepV(state->tag, state->state)) + { + memWipe(out, len); + return -1; + } + + beltCHEStepD(out, len, state->state); + } + return len; + } + else + { + return 0; } - // число октетов, записанных в out - return (int)len; } static int evpBeltCHET_cleanup(EVP_CIPHER_CTX* ctx) @@ -386,21 +397,24 @@ static int evpBeltCHET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) return 0; break; case EVP_CTRL_GET_IVLEN: - *(int*)p2 = 8; + *(int*)p2 = 16; return 1; case EVP_CTRL_AEAD_SET_IVLEN: - return p1 == 8 ? 1 : 0; + return p1 == 16 ? 1 : 0; case EVP_CTRL_AEAD_SET_IV_FIXED: - if (p1 != 8) + if (p1 != 16) return 0; state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - memCopy(state->iv, p2, 8); + memCopy(state->iv, p2, 16); return 1; case EVP_CTRL_AEAD_SET_TAG: if (p1 != 8) return 0; state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - memCopy(state->tag, p2, 8); + if (p2 != NULL) + { + memCopy(state->tag, p2, 8); + } return 1; case EVP_CTRL_AEAD_GET_TAG: if (p1 != 8) @@ -408,39 +422,181 @@ static int evpBeltCHET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); memCopy(p2, state->tag, 8); return 1; - case EVP_CTRL_AEAD_TLS1_AAD: + default: + return -1; + } + return 1; +} + + +/* +******************************************************************************* +Алгоритмы bash-prg-ae-tls: bash-prg-ae для TLS +******************************************************************************* +*/ + +const char OID_bash_prg_aet[] = "1.2.112.0.2.0.34.101.77.37"; +#ifndef SN_bash_prg_aet +const char SN_bash_prg_aet[] = "bash-prg-ae-tls"; +const char LN_bash_prg_aet[] = "bash-prg-ae-tls"; +#endif + +#define FLAGS_bash_prg_aet \ + (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CTRL_INIT | \ + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_CUSTOM_CIPHER | \ + EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV | EVP_CIPH_VARIABLE_LENGTH) + +static EVP_CIPHER* EVP_bash_prg_aet; +const EVP_CIPHER* evpBashPrgAET() +{ + return EVP_bash_prg_aet; +} + +typedef struct bash_prg_aet_ctx +{ + size_t d; + octet iv[16]; + octet tag[32]; + octet key[32]; + octet ann[24]; + size_t ann_len; + mem_align_t state[]; +} bash_prg_aet_ctx; + +static int evpBashPrgAET_init( + EVP_CIPHER_CTX* ctx, const octet* key, const octet* iv, int enc) +{ + bash_prg_aet_ctx* state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); + + if (!key & !iv) { - size_t len; - state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - // сохранить заголовок фрагмента - if (p1 != EVP_AEAD_TLS1_AAD_LEN) - return 0; - ASSERT(sizeof(state->aad) >= EVP_AEAD_TLS1_AAD_LEN); - memCopy(state->aad, p2, state->aad_len = EVP_AEAD_TLS1_AAD_LEN); - // определить длину фрагмента - len = state->aad[state->aad_len - 2], len <<= 8; - len += state->aad[state->aad_len - 1]; - // защита снимается? - if (!EVP_CIPHER_CTX_encrypting(ctx)) +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + int cipher_nid = EVP_CIPHER_CTX_get_nid(ctx); +#else + int cipher_nid = EVP_CIPHER_CTX_nid(ctx); +#endif + if (cipher_nid == NID_bash_prg_aet) { - // уменьшить длину фрагмента на длину явной - // синхропосылки и имитовставки - if (len < 8 + 8) - return 0; - len -= 8 + 8; + state->d = 1; } - // сохранить уточненную длину - state->aad[state->aad_len - 2] = (octet)(len >> 8); - state->aad[state->aad_len - 1] = (octet)len; - // возвратить поправку длины - return 8 + 8; + + return 1; + } + + if (key) + { + memCopy(state->key, key, 32); + } + + if (iv) + { + memCopy(state->ann, iv, 16); + } + + return 1; +} + +static int evpBashPrgAET_cipher( + EVP_CIPHER_CTX* ctx, octet* out, const octet* in, size_t len) +{ + bash_prg_aet_ctx* state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); + + if (!out && in && len == 5) + { + memCopy(state->ann, state->iv, 16); // S + memCopy(state->ann + 16, in, 5); // I + memSet(state->ann + 21, 0, 3); // 0^24 + + state->ann_len = 24; + + bashPrgStart(state->state, + 256, + state->d, + state->ann, + state->ann_len, + state->key, + 32); + + return 1; + } + + if (!in && out) + { + bashPrgSqueeze(out, 32, state->state); + memCopy(state->tag, out, 32); + return len; } + + if (!out && in) + { + bashPrgAbsorb(in, len, state->state); + return 0; + } + + if (EVP_CIPHER_CTX_encrypting(ctx)) + { + memMove(out, in, len); + bashPrgEncr(out, len, state->state); + } + else + { + memMove(out, in, len); + bashPrgDecr(out, len, state->state); + } + return (int)len; +} + +static int evpBashPrgAET_cleanup(EVP_CIPHER_CTX* ctx) +{ + blobClose(EVP_CIPHER_CTX_get_blob(ctx)); + EVP_CIPHER_CTX_set_blob(ctx, 0); + return 1; +} + +static int evpBashPrgAET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) +{ + bash_prg_aet_ctx* state; + switch (type) + { + case EVP_CTRL_INIT: + { + blob_t blob = blobCreate(sizeof(bash_prg_aet_ctx) + beltCHE_keep()); + if (blob && EVP_CIPHER_CTX_set_blob(ctx, blob)) + break; + blobClose(blob); + return 0; + } + case EVP_CTRL_COPY: + if (!EVP_CIPHER_CTX_copy_blob((EVP_CIPHER_CTX*)p2, ctx)) + return 0; + break; + case EVP_CTRL_GET_IVLEN: + *(int*)p2 = 16; + return 1; + case EVP_CTRL_AEAD_SET_IVLEN: + return p1 == 16 ? 1 : 0; + case EVP_CTRL_AEAD_SET_TAG: + if (p1 != 32) + return 0; + state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); + if (p2 != NULL) + { + memCopy(state->tag, p2, 32); + } + return 1; + case EVP_CTRL_AEAD_GET_TAG: + if (p1 != 32) + return 0; + state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); + memCopy(p2, state->tag, 32); + return 1; default: return -1; } return 1; } + /* ******************************************************************************* Алгоритмы belt-ctr-tls: belt-ctr для TLS @@ -483,12 +639,12 @@ const EVP_CIPHER* evpBeltCTRT() typedef struct belt_ctrt_ctx { - octet ekey[32]; /*< ключ шифрования */ - octet mkey[32]; /*< ключ имитозащиты */ - octet iv[16]; /*< синхропосылка */ - octet aad[16]; /*< заголовок TLS */ - size_t aad_len; /*< длина заголовка TLS */ - mem_align_t state[]; /*< состояние beltCTR + beltMAC */ + octet ekey[32]; /*< ключ шифрования */ + octet mkey[32]; /*< ключ имитозащиты */ + octet iv[16]; /*< синхропосылка */ + octet aad[16]; /*< заголовок TLS */ + size_t aad_len; /*< длина заголовка TLS */ + mem_align_t state[]; /*< состояние beltCTR + beltMAC */ } belt_ctrt_ctx; static int evpBeltCTRT_init( @@ -653,6 +809,8 @@ static int evpBeltTLS_enum( *cipher = EVP_belt_chet; else if (nid == NID_belt_ctrt) *cipher = EVP_belt_ctrt; + else if (nid == NID_bash_prg_aet) + *cipher = EVP_bash_prg_aet; else if (prev_enum && prev_enum != evpBeltTLS_enum) return prev_enum(e, cipher, nids, nid); else @@ -698,6 +856,7 @@ int evpBeltTLS_bind(ENGINE* e) // зарегистрировать алгоритмы и получить nid'ы if (BELT_TLS_REG(belt_dwpt, tmp) == NID_undef || BELT_TLS_REG(belt_chet, tmp) == NID_undef || + BELT_TLS_REG(bash_prg_aet, tmp) == NID_undef || BELT_TLS_REG(belt_ctrt, tmp) == NID_undef) return 0; // создать и настроить описатели @@ -715,7 +874,7 @@ int evpBeltTLS_bind(ENGINE* e) BELT_TLS_DESCR(belt_chet, 1, 32, - 8, + 16, FLAGS_belt_chet, evpBeltCHET_init, evpBeltCHET_cipher, @@ -723,6 +882,17 @@ int evpBeltTLS_bind(ENGINE* e) 0, 0, evpBeltCHET_ctrl); + BELT_TLS_DESCR(bash_prg_aet, + 1, + 32, + 16, + FLAGS_bash_prg_aet, + evpBashPrgAET_init, + evpBashPrgAET_cipher, + evpBashPrgAET_cleanup, + 0, + 0, + evpBashPrgAET_ctrl); BELT_TLS_DESCR(belt_ctrt, 1, 32, @@ -740,13 +910,16 @@ int evpBeltTLS_bind(ENGINE* e) return 0; // зарегистрировать алгоритмы return ENGINE_register_ciphers(e) && EVP_add_cipher(EVP_belt_dwpt) && - EVP_add_cipher(EVP_belt_chet) && EVP_add_cipher(EVP_belt_ctrt); + EVP_add_cipher(EVP_belt_chet) && EVP_add_cipher(EVP_bash_prg_aet) && + EVP_add_cipher(EVP_belt_ctrt); } void evpBeltTLS_finish() { EVP_CIPHER_meth_free(EVP_belt_ctrt); EVP_belt_ctrt = 0; + EVP_CIPHER_meth_free(EVP_bash_prg_aet); + EVP_bash_prg_aet = 0; EVP_CIPHER_meth_free(EVP_belt_chet); EVP_belt_chet = 0; EVP_CIPHER_meth_free(EVP_belt_dwpt); diff --git a/test/btls.py b/test/btls.py index 2632640..d038231 100644 --- a/test/btls.py +++ b/test/btls.py @@ -22,10 +22,14 @@ def btls_issue_cert(cert, privkey): -new -key {} -nodes -out {}'.format(privkey, cert)) openssl(cmd) -def btls_server(tmpdir, suite, curve, cert, psk): +def btls_server(tmpdir, suite, is_tls13, curve, cert, psk): assert cert or psk # prepare cmd - cmd = 's_server -engine bee2evp -tls1_2 -rev' + if is_tls13: + cmd = 's_server -engine bee2evp -tls1_3 -ciphersuites {} -rev'.format(suite) + else: + cmd = 's_server -engine bee2evp -tls1_2 -rev'.format(suite) + if cert: privkey = os.path.join(tmpdir, suite + curve + '.sk') cert = os.path.join(tmpdir, suite + curve + '.cert') @@ -43,10 +47,14 @@ def btls_server(tmpdir, suite, curve, cert, psk): global g_server g_server = openssl2(cmd) -def btls_client(tmpdir, suite, curve, cert, psk): +def btls_client(tmpdir, suite, is_tls13, curve, cert, psk): assert cert or psk # prepare cmd - cmd = 's_client -engine bee2evp -tls1_2 -cipher {}'.format(suite) + if is_tls13: + cmd = 's_client -engine bee2evp -tls1_3 -ciphersuites {}'.format(suite) + else: + cmd = 's_client -engine bee2evp -tls1_2 -cipher {}'.format(suite) + if psk: cmd = cmd + ' -psk 123456' if not cert and curve != 'NULL': @@ -62,9 +70,13 @@ def btls_client(tmpdir, suite, curve, cert, psk): echo2 = f.read() process_result('{}[{}]'.format(suite, curve), echo2[::-1]) -def btls_test(openssl_version_major): +def btls_test(): tmpdir = tempfile.mkdtemp() + tls13_ciphersuites = [ + 'BTLS_BASH_PRG_AE256_BASH256', + 'BTLS_BELT_CHE256_BELT_HASH'] + ciphersuites = [ 'DHE-BIGN-WITH-BELT-DWP-HBELT', 'DHE-BIGN-WITH-BELT-CTR-MAC-HBELT', @@ -73,7 +85,10 @@ def btls_test(openssl_version_major): 'DHE-PSK-BIGN-WITH-BELT-DWP-HBELT', 'DHE-PSK-BIGN-WITH-BELT-CTR-MAC-HBELT', 'DHT-PSK-BIGN-WITH-BELT-DWP-HBELT', - 'DHT-PSK-BIGN-WITH-BELT-CTR-MAC-HBELT'] + 'DHT-PSK-BIGN-WITH-BELT-CTR-MAC-HBELT', + 'BTLS_BASH_PRG_AE256_BASH256', + 'BTLS_BELT_CHE256_BELT_HASH'] + curves_shortlist = [ 'bign-curve256v1', 'bign-curve384v1', 'bign-curve512v1' @@ -98,7 +113,10 @@ def btls_test(openssl_version_major): # run over curves for curve in curves: # prepare args - args = (tmpdir, suite, curve, cert, psk) + if suite in tls13_ciphersuites: + args = (tmpdir, suite, True, curve, True, False) + else: + args = (tmpdir, suite, False, curve, cert, psk) # run server server = threading.Thread(target=btls_server, args=args) server.run() diff --git a/test/test.py b/test/test.py index 2cf8960..bb36301 100644 --- a/test/test.py +++ b/test/test.py @@ -34,11 +34,11 @@ def engine_test(): print(out.decode()) if __name__ == '__main__': - openssl_version_major = int(version_test()) + version_test() engine_test() bash_test() belt_test() bign_test() - btls_test(openssl_version_major) + btls_test() if fail: sys.exit(1) diff --git a/utils/build_debian.sh b/utils/build_debian.sh deleted file mode 100644 index 24b79c1..0000000 --- a/utils/build_debian.sh +++ /dev/null @@ -1,288 +0,0 @@ -#!/bin/bash -# ***************************************************************************** -# \file source.sh -# \project bee2evp [EVP-interfaces over bee2 / engine of OpenSSL] -# \brief Reusable script code -# \created 2025.10.06 -# \version 2025.10.06 -# \copyright The Bee2evp authors -# \license Licensed under the Apache License, Version 2.0 (see LICENSE.txt). -# ***************************************************************************** -set -eo pipefail - -green () { printf "\e[32m" ; $@ ; printf "\e[0m"; } -red () { printf "\e[31m" ; $@ ; printf "\e[0m"; } - -cd "$( dirname "${BASH_SOURCE[0]}" )" - -usage() { - echo "Usage: $0 [OPTIONS] " - echo "Build bee2evp for debian based distributions:" - echo "" - echo " --build-type build type: |Debug|Release|Coverage|" - echo " -d, --debug enable debug mode" - echo " -s, setup" - echo " -b, build" - echo " -t, test" - echo " -h, --help display this help and exit" - exit 1 -} - -build_type=Release -bee2evp=$(pwd)/.. -build_root=$bee2evp/build -bee2=$bee2evp/bee2 -openssl=$bee2evp/openssl -build_bee2evp=$build_root/bee2evp -build_bee2=$build_root/bee2 -build_openssl=$build_root/openssl -local=${BEE2EVP_INSTALL_DIR:-$build_root/local} -lib_path=$local/lib -is_openssl_3=false -openssl_git_url=https://github.com/openssl/openssl.git -btls_srcs_path=$bee2evp/btls/legacy -enable_setup=false -enable_build=false -enable_test=false - -openssl_tag="" - -while [[ $# -gt 0 ]]; do - case $1 in - --build-type=*) - build_type="${1#*=}" - case "$build_type" in - Debug|Release|Coverage) - # Valid value, continue - ;; - *) - echo "received build type: $build_type" - red echo "error: --build-type must be one of: Release, Debug, Coverage" - exit 1 - ;; - esac - shift - ;; - -d|--debug) - build_type=Debug - shift - ;; - -s) - enable_setup=true - shift - ;; - -b) - enable_build=true - shift - ;; - -t) - enable_test=true - shift - ;; - -h|--help) - usage - ;; - -*) - red echo "invalid option -- $1" >&2 - usage - ;; - *) - if [[ ! -z "$1" ]]; then - openssl_tag="$1" - shift - else - usage - fi - ;; - esac -done - -if [[ -z "$openssl_tag" ]]; then - red echo "openssl tag name is required" >&2 - usage -fi - -echo "build_type=$build_type" -echo "openssl_tag=$openssl_tag" - -clean(){ - green echo "[-] clean build files..." - rm -rf $build_root - rm -rf $openssl -} - -check_prereq(){ - set +e - green echo "[-] check prereq" - for package in git gcc cmake python3 - do - which $package &> /dev/null - if [ $? -ne 0 ]; then - set -e - red echo "$package not installed" - exit 1 - fi - done - set -e - export GIT_REDIRECT_STDERR='2>&1' -} - -# Check openssl major version -is_openssl_3() { - if [[ "$openssl_tag" =~ .*[-_]([0-9]).* ]]; - then - openssl_major_version="${BASH_REMATCH[1]}" - fi - - if [[ "$openssl_major_version" = "3" ]]; - then - lib_path=$local/lib64 - is_openssl_3=true - btls_srcs_path=$bee2evp/btls - fi -} - -# Check if openssl tag exist. -check_openssl_tag(){ - green echo "[-] check openssl tag" - git ls-remote $openssl_git_url refs/tags/$openssl_tag -} - -update_repos(){ - green echo "[-] update repos" - git submodule update --init - git clone -b $openssl_tag --depth 1 $openssl_git_url $openssl -} - -patch_openssl(){ - green echo "[-] patch openssl" - cd $openssl - if $is_openssl_3; - then - cat $btls_srcs_path/objects.txt >> $openssl/crypto/objects/objects.txt - fi - cp $btls_srcs_path/btls.c ./ssl/ - cp $btls_srcs_path/btls.h ./ssl/ - git apply $bee2evp/btls/patch/$openssl_tag.patch -} - -build_bee2(){ - green echo "[-] build bee2" - mkdir -p $build_bee2 && cd $build_bee2 - cmake -DCMAKE_BUILD_TYPE=Release \ - -DBUILD_PIC=ON \ - -DCMAKE_INSTALL_PREFIX=$local \ - -DCMAKE_INSTALL_LIBDIR=$lib_path $bee2 - make -j$(nproc) && make install - ls -la $lib_path/libbee2_static.a -} - -build_openssl(){ - green echo "[-] build openssl" - mkdir -p $build_openssl && cd $build_openssl - if [[ "$build_type" -eq "Debug" ]]; then - $openssl/config shared -d --prefix=$local --openssldir=$local - else - $openssl/config shared --prefix=$local --openssldir=$local - fi - - if $is_openssl_3; - then - make update - fi - make -j$(nproc) all - make install > build.log 2>&1 || (cat build.log && exit 1) - ls -la $lib_path/libcrypto.a - ls -la $lib_path/libssl.a - ls -la $lib_path/libcrypto.so - ls -la $lib_path/libssl.so - ls -la $local/bin/openssl -} - -build_bee2evp(){ - green echo "[-] build bee2evp" - mkdir -p $build_bee2evp && cd $build_bee2evp - cmake -DCMAKE_BUILD_TYPE=$build_type \ - -DBUILD_DOC=OFF \ - -DBEE2_LIBRARY_DIRS=$lib_path \ - -DBEE2_INCLUDE_DIRS=$local/include \ - -DOPENSSL_LIBRARY_DIRS=$lib_path \ - -DOPENSSL_INCLUDE_DIRS=$local/include \ - -DCMAKE_INSTALL_LIBDIR=$lib_path \ - -DCMAKE_INSTALL_PREFIX=$local $bee2evp - make -j$(nproc) && make install - ls -la $lib_path/libbee2evp.so -} - -attach_bee2evp(){ - green echo "[-] attach bee2evp" - cp $local/openssl.cnf.dist $local/openssl.cnf - if $is_openssl_3; - then - sed -i "/providers = provider\_sect/a engines = engine_sect\ -\n\n[ engine_sect]\ -\nbee2evp = bee2evp_section\ -\n\n[ bee2evp_section ]\ -\nengine_id = bee2evp\ -\ndynamic_path = $lib_path/libbee2evp.so\ -\ndefault_algorithms = ALL" $local/openssl.cnf - else - sed -i "/\[ new\_oids \]/i openssl_conf = openssl_init\ -\n[ openssl_init ]\ -\nengines = engine_section\ -\n[ engine_section ]\ -\nbee2evp = bee2evp_section\ -\n[ bee2evp_section ]\ -\nengine_id = bee2evp\ -\ndynamic_path = $lib_path/libbee2evp.so\ -\ndefault_algorithms = ALL\ -\n" $local/openssl.cnf - fi -} - -test_bee2evp(){ - cd $local || exit - cp -a $bee2evp/test/. . - export PATH=$local/bin:$PATH - export OPENSSL_CONF=$local/openssl.cnf - export LD_LIBRARY_PATH="$lib_path:${LD_LIBRARY_PATH}" - green echo "[-] test evp" - $build_bee2evp/test/testb2e - green echo "[-] test bee2evp" - python3 test.py - export LD_LIBRARY_PATH=$(echo "$LD_LIBRARY_PATH" | \ - sed -e "s|$lib_path:||") -} - -setup(){ - green echo "Setup..." - clean - check_prereq - check_openssl_tag - update_repos - patch_openssl - green echo "Setup ended" -} - -build(){ - green echo "Building..." - build_bee2 - build_openssl - build_bee2evp - attach_bee2evp - green echo "Build ended" -} - -is_openssl_3 - -if $enable_setup; then - setup -fi - -if $enable_build; then - build -fi - -if $enable_test; then - test_bee2evp -fi