From 3c6ec7105a74b5e215ef7fb8f80f562670e2222f Mon Sep 17 00:00:00 2001 From: Yahor Laurenau Date: Tue, 9 Dec 2025 09:35:42 +0300 Subject: [PATCH 1/7] Add bash-prg-ae & belt-che for tls. --- btls/legacy/btls.c | 521 +++++++++++++++++--------------- btls/legacy/btls.h | 42 ++- btls/patch/OpenSSL_1_1_1i.patch | 289 ++++++++++++++---- include/bee2evp/bee2evp.h | 15 + new111i.patch | 304 +++++++++++++++++++ scripts/source.sh | 12 +- server.cert | 12 + server.sk | 4 + src/belt_tls.c | 347 ++++++++++++++++----- utils/build_debian.sh | 2 +- 10 files changed, 1135 insertions(+), 413 deletions(-) create mode 100644 new111i.patch create mode 100644 server.cert create mode 100644 server.sk diff --git a/btls/legacy/btls.c b/btls/legacy/btls.c index 631df8f..dd3e80d 100644 --- a/btls/legacy/btls.c +++ b/btls/legacy/btls.c @@ -47,11 +47,10 @@ MD-интерфейс belt-mac256 объявлен, но не реализова const EVP_MD* evpMDBeltMac256() { - static const EVP_MD md_belt_mac256 = - { - NID_belt_mac256, - }; - return &md_belt_mac256; + static const EVP_MD md_belt_mac256 = { + NID_belt_mac256, + }; + return &md_belt_mac256; } /* @@ -76,59 +75,77 @@ static int btls_inited = 0; int btls_init() { - if (btls_inited) - return 1; - if (OBJ_create("1.2.112.0.2.0.34.101.45.2.1", - "bign-pubkey", "bign-pubkey") != NID_bign_pubkey) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.31.81", - "belt-hash", "belt-hash") != NID_belt_hash) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.77.12", - "bash384", "bash384") != NID_bash384) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.77.13", - "bash512", "bash512") != NID_bash512) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.31.67", - "belt-dwp-tls", "belt-dwp-tls") != NID_belt_dwpt) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.31.44", - "belt-ctr-tls", "belt-ctr-tls") != NID_belt_ctrt) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.31.53", - "belt-mac256", "belt-mac256") != NID_belt_mac256) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.12", - "bign-with-hbelt", "bign-with-hbelt") != NID_bign_with_hbelt) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.14", - "bign-with-bash384", "bign-with-bash384") != NID_bign_with_bash384) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.15", - "bign-with-bash512", "bign-with-bash512") != NID_bign_with_bash512) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.3.1", - "bign-curve256v1", "bign-curve256v1") != NID_bign_curve256v1) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.3.2", - "bign-curve384v1", "bign-curve384v1") != NID_bign_curve384v1) - return 0; - if (OBJ_create("1.2.112.0.2.0.34.101.45.3.3", - "bign-curve512v1", "bign-curve512v1") != NID_bign_curve512v1) - return 0; - if (OBJ_new_nid(1) != NID_kxbdhe) - return 0; - if (OBJ_new_nid(1) != NID_kxbdht) - return 0; - if (OBJ_new_nid(1) != NID_kxbdhe_psk) - return 0; - if (OBJ_new_nid(1) != NID_kxbdht_psk) - return 0; - if (!EVP_add_digest(evpMDBeltMac256())) - return 0; - btls_inited++; - return 1; + if (btls_inited) + return 1; + if (OBJ_create("1.2.112.0.2.0.34.101.45.2.1", + "bign-pubkey", + "bign-pubkey") != NID_bign_pubkey) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.81", "belt-hash", "belt-hash") != + NID_belt_hash) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.77.12", "bash384", "bash384") != + NID_bash384) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.77.13", "bash512", "bash512") != + NID_bash512) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.67", + "belt-dwp-tls", + "belt-dwp-tls") != NID_belt_dwpt) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.44", + "belt-ctr-tls", + "belt-ctr-tls") != NID_belt_ctrt) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.68", + "belt-che-tls", + "belt-che-tls") != NID_belt_chet) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.77.37", + "bash-prg-ae-tls", + "bash-prg-ee-tls") != NID_bash_prg_aet) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.31.53", + "belt-mac256", + "belt-mac256") != NID_belt_mac256) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.12", + "bign-with-hbelt", + "bign-with-hbelt") != NID_bign_with_hbelt) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.14", + "bign-with-bash384", + "bign-with-bash384") != NID_bign_with_bash384) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.15", + "bign-with-bash512", + "bign-with-bash512") != NID_bign_with_bash512) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.3.1", + "bign-curve256v1", + "bign-curve256v1") != NID_bign_curve256v1) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.3.2", + "bign-curve384v1", + "bign-curve384v1") != NID_bign_curve384v1) + return 0; + if (OBJ_create("1.2.112.0.2.0.34.101.45.3.3", + "bign-curve512v1", + "bign-curve512v1") != NID_bign_curve512v1) + return 0; + if (OBJ_new_nid(1) != NID_kxbdhe) + return 0; + if (OBJ_new_nid(1) != NID_kxbdht) + return 0; + if (OBJ_new_nid(1) != NID_kxbdhe_psk) + return 0; + if (OBJ_new_nid(1) != NID_kxbdht_psk) + return 0; + if (!EVP_add_digest(evpMDBeltMac256())) + return 0; + btls_inited++; + return 1; } /* @@ -160,74 +177,74 @@ ssl/statem/statem_clnt.c (см. обработку флага SSL_kBDHE). int btls_construct_ske_bign_dhe(SSL* s, WPACKET* pkt) { - EVP_PKEY_CTX* ctx = NULL; - EVP_PKEY* pk = NULL; - unsigned char* pk_val = NULL; - size_t pk_len = 0; - int ret = 1; - // получить ключ сертификата - EVP_PKEY* pkey = s->cert->pkeys[SSL_PKEY_BIGN].privatekey; - if (!pkey) - { - ret = 0; - goto err; - } - // сгенерировать ключ ДХ - if (s->s3->tmp.pkey != NULL || - (ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || - !EVP_PKEY_keygen_init(ctx) || - !EVP_PKEY_keygen(ctx, &pk)) - { - ret = 0; - goto err; - } - // записать ключ ДХ - if (!EVP_PKEY_get_raw_public_key(pk, NULL, &pk_len) || - !(pk_val = OPENSSL_malloc(pk_len)) || - !EVP_PKEY_get_raw_public_key(pk, pk_val, &pk_len) || - !WPACKET_sub_memcpy_u8(pkt, pk_val, pk_len)) - { - ret = 0; - goto err; - } - // запомнить ключ ДХ - s->s3->tmp.pkey = pk; - pk = NULL; + EVP_PKEY_CTX* ctx = NULL; + EVP_PKEY* pk = NULL; + unsigned char* pk_val = NULL; + size_t pk_len = 0; + int ret = 1; + // получить ключ сертификата + EVP_PKEY* pkey = s->cert->pkeys[SSL_PKEY_BIGN].privatekey; + if (!pkey) + { + ret = 0; + goto err; + } + // сгенерировать ключ ДХ + if (s->s3->tmp.pkey != NULL || + (ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || + !EVP_PKEY_keygen_init(ctx) || !EVP_PKEY_keygen(ctx, &pk)) + { + ret = 0; + goto err; + } + // записать ключ ДХ + if (!EVP_PKEY_get_raw_public_key(pk, NULL, &pk_len) || + !(pk_val = OPENSSL_malloc(pk_len)) || + !EVP_PKEY_get_raw_public_key(pk, pk_val, &pk_len) || + !WPACKET_sub_memcpy_u8(pkt, pk_val, pk_len)) + { + ret = 0; + goto err; + } + // запомнить ключ ДХ + s->s3->tmp.pkey = pk; + pk = NULL; err: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pk); - if (pk_val) - { - OPENSSL_cleanse(pk_val, pk_len); - OPENSSL_free(pk_val); - } - if (ret == 0) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - return ret; + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pk); + if (pk_val) + { + OPENSSL_cleanse(pk_val, pk_len); + OPENSSL_free(pk_val); + } + if (ret == 0) + SSLfatal(s, + SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return ret; } int btls_process_ske_bign_dhe(SSL* s, PACKET* pkt, EVP_PKEY** pkey) { - PACKET encoded_pt; - // определить статический открытый ключ сервера - if ((*pkey = X509_get0_pubkey(s->session->peer)) == 0) - return 0; - // загрузить параметры открытого ключа сервера - if (s->s3->peer_tmp == 0 && (s->s3->peer_tmp = EVP_PKEY_new()) == 0) - return 0; - if (!EVP_PKEY_copy_parameters(s->s3->peer_tmp, *pkey)) - return 0; - // загрузить эфемерный открытый ключ сервера - if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) - return 0; - if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, - PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt))) - return 0; - // завершить - return 1; + PACKET encoded_pt; + // определить статический открытый ключ сервера + if ((*pkey = X509_get0_pubkey(s->session->peer)) == 0) + return 0; + // загрузить параметры открытого ключа сервера + if (s->s3->peer_tmp == 0 && (s->s3->peer_tmp = EVP_PKEY_new()) == 0) + return 0; + if (!EVP_PKEY_copy_parameters(s->s3->peer_tmp, *pkey)) + return 0; + // загрузить эфемерный открытый ключ сервера + if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) + return 0; + if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt))) + return 0; + // завершить + return 1; } /* @@ -239,7 +256,7 @@ int btls_process_ske_bign_dhe(SSL* s, PACKET* pkt, EVP_PKEY** pkey) - S <- C: ClientKeyExchange[psk_identity, client_public] * psk_identity_hint --- подсказка по выбору psk; * oid(curve) --- идентификатор кривой, на которой будет выполняться - протокол ДХ; + протокол ДХ; * server_public, client_public --- эфемерные ключи ДХ; * psk_identity --- идентификатор выбранного psk. @@ -288,7 +305,7 @@ ssl/statem/statem_clnt.c (см. обработку флага SSL_kBDHEPSK). int btls_construct_ske_psk_bign_dhe(SSL* s, WPACKET* pkt) { - int ret = 0; + int ret = 0; size_t len; int curve_id; const TLS_GROUP_INFO* ginf; @@ -296,18 +313,19 @@ int btls_construct_ske_psk_bign_dhe(SSL* s, WPACKET* pkt) unsigned char* oid = NULL; int oid_len; EVP_PKEY_CTX* pctx = NULL; - EVP_PKEY* pk = NULL; + EVP_PKEY* pk = NULL; unsigned char* pk_val = NULL; - size_t pk_len; + size_t pk_len; // записать psk_identity_hint - len = (s->cert->psk_identity_hint == NULL) ? - 0 : strlen(s->cert->psk_identity_hint); - if (len > PSK_MAX_IDENTITY_LEN || + len = (s->cert->psk_identity_hint == NULL) ? + 0 : + strlen(s->cert->psk_identity_hint); + if (len > PSK_MAX_IDENTITY_LEN || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint, len)) - goto err; + goto err; // загружен сертификат сервера? - if (s->s3->tmp.pkey != NULL) - goto err; + if (s->s3->tmp.pkey != NULL) + goto err; // клиент не высылал расширение supported_groups? if (!s->ext.supportedgroups) // ...используем первую кривую bign @@ -316,7 +334,7 @@ int btls_construct_ske_psk_bign_dhe(SSL* s, WPACKET* pkt) else if (!(curve_id = tls1_shared_group(s, -2))) goto err; // определить oid(curve) - if (!(ginf = tls1_group_id_lookup(curve_id)) || + if (!(ginf = tls1_group_id_lookup(curve_id)) || !(obj = OBJ_nid2obj(ginf->nid)) || !(oid_len = i2d_ASN1_OBJECT(obj, &oid))) goto err; @@ -324,68 +342,67 @@ int btls_construct_ske_psk_bign_dhe(SSL* s, WPACKET* pkt) if (!WPACKET_sub_memcpy_u8(pkt, oid, oid_len)) goto err; // генерировать эфемерный ключ - pctx = EVP_PKEY_CTX_new_id(NID_bign_pubkey, NULL); - if (!pctx || - EVP_PKEY_keygen_init(pctx) <= 0 || - EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_ALG_CTRL + 1, - ginf->nid, NULL) <= 0 || + pctx = EVP_PKEY_CTX_new_id(NID_bign_pubkey, NULL); + if (!pctx || EVP_PKEY_keygen_init(pctx) <= 0 || + EVP_PKEY_CTX_ctrl( + pctx, -1, -1, EVP_PKEY_ALG_CTRL + 1, ginf->nid, NULL) <= 0 || EVP_PKEY_keygen(pctx, &pk) <= 0) - goto err; + goto err; // записать эфемерный ключ - if (!EVP_PKEY_get_raw_public_key(pk, NULL, &pk_len) || - !(pk_val = OPENSSL_malloc(pk_len)) || - !EVP_PKEY_get_raw_public_key(pk, pk_val, &pk_len) || - !WPACKET_sub_memcpy_u8(pkt, pk_val, pk_len)) - goto err; + if (!EVP_PKEY_get_raw_public_key(pk, NULL, &pk_len) || + !(pk_val = OPENSSL_malloc(pk_len)) || + !EVP_PKEY_get_raw_public_key(pk, pk_val, &pk_len) || + !WPACKET_sub_memcpy_u8(pkt, pk_val, pk_len)) + goto err; // сохранить эфемерный ключ в состоянии - s->s3->tmp.pkey = pk; - pk = NULL; + s->s3->tmp.pkey = pk; + pk = NULL; ret = 1; err: - EVP_PKEY_CTX_free(pctx); - EVP_PKEY_free(pk); - if (pk_val) + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(pk); + if (pk_val) { OPENSSL_cleanse(pk_val, pk_len); OPENSSL_free(pk_val); } OPENSSL_free(oid); - if (ret == 0) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - return ret; + if (ret == 0) + SSLfatal(s, + SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return ret; } int btls_process_ske_psk_bign_dhe(SSL* s, PACKET* pkt, EVP_PKEY** pkey) { int ret = 0; - unsigned int oid_len; - const unsigned char* oid; + unsigned int oid_len; + const unsigned char* oid; ASN1_OBJECT* obj = NULL; int params_nid; EVP_PKEY* pk = NULL; EVP_PKEY_CTX* pctx = NULL; - PACKET encoded_pt; + PACKET encoded_pt; // загрузить oid(curve) - if (!PACKET_get_1(pkt, &oid_len) || - !PACKET_get_bytes(pkt, &oid, (size_t)oid_len) || + if (!PACKET_get_1(pkt, &oid_len) || + !PACKET_get_bytes(pkt, &oid, (size_t)oid_len) || !(obj = d2i_ASN1_OBJECT(NULL, &oid, oid_len)) || (params_nid = OBJ_obj2nid(obj)) == NID_undef) goto err; // подготовиться к загрузке эфемерного открытого ключа сервера - if (s->s3->peer_tmp == 0 && - (s->s3->peer_tmp = EVP_PKEY_new()) == 0) + if (s->s3->peer_tmp == 0 && (s->s3->peer_tmp = EVP_PKEY_new()) == 0) goto err; if (!(pctx = EVP_PKEY_CTX_new_id(NID_bign_pubkey, NULL)) || EVP_PKEY_paramgen_init(pctx) <= 0 || - EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_ALG_CTRL + 1, - params_nid, NULL) <= 0 || - EVP_PKEY_paramgen(pctx, &pk) <= 0 || + EVP_PKEY_CTX_ctrl( + pctx, -1, -1, EVP_PKEY_ALG_CTRL + 1, params_nid, NULL) <= 0 || + EVP_PKEY_paramgen(pctx, &pk) <= 0 || !EVP_PKEY_copy_parameters(s->s3->peer_tmp, pk)) goto err; - // загрузить эфемерный открытый ключ сервера - if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt) || + // загрузить эфемерный открытый ключ сервера + if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt) || !EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt))) @@ -395,7 +412,7 @@ int btls_process_ske_psk_bign_dhe(SSL* s, PACKET* pkt, EVP_PKEY** pkey) EVP_PKEY_CTX_free(pctx); EVP_PKEY_free(pk); ASN1_OBJECT_free(obj); - return ret; + return ret; } /* @@ -427,99 +444,101 @@ todo: Можно ли взять под контроль генерацию pre_ ******************************************************************************* */ -int btls_construct_cke_bign_dht(SSL* s, WPACKET* pkt){ - unsigned char* pms = NULL; - size_t pms_len = 48; - EVP_PKEY_CTX* pkey_ctx = NULL; - X509* peer_cert; - unsigned char* token = NULL; - size_t token_len = 0; - int ret = 0; - // подготовка pms = pre_master_secret - pms = OPENSSL_malloc(pms_len); - if (!pms) - goto err; - if (!RAND_bytes(pms, (int)pms_len)) - goto err; - peer_cert = s->session->peer; - if (!peer_cert) - goto err; - // определить server_pubkey - pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL); - // token <- bign_keytransport(pms, server_pubkey) - if (!EVP_PKEY_encrypt_init(pkey_ctx)) - goto err; - if (!EVP_PKEY_encrypt(pkey_ctx, NULL, &token_len, pms, pms_len)) - goto err; - token = OPENSSL_malloc(token_len); - if (!token) - goto err; - if (!EVP_PKEY_encrypt(pkey_ctx, token, &token_len, pms, pms_len)) - goto err; - if (!WPACKET_sub_memcpy_u8(pkt, token, token_len)) - goto err; - // сохранить pms - s->s3->tmp.pms = pms; - s->s3->tmp.pmslen = pms_len; - pms = NULL; - ret = 1; +int btls_construct_cke_bign_dht(SSL* s, WPACKET* pkt) +{ + unsigned char* pms = NULL; + size_t pms_len = 48; + EVP_PKEY_CTX* pkey_ctx = NULL; + X509* peer_cert; + unsigned char* token = NULL; + size_t token_len = 0; + int ret = 0; + // подготовка pms = pre_master_secret + pms = OPENSSL_malloc(pms_len); + if (!pms) + goto err; + if (!RAND_bytes(pms, (int)pms_len)) + goto err; + peer_cert = s->session->peer; + if (!peer_cert) + goto err; + // определить server_pubkey + pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL); + // token <- bign_keytransport(pms, server_pubkey) + if (!EVP_PKEY_encrypt_init(pkey_ctx)) + goto err; + if (!EVP_PKEY_encrypt(pkey_ctx, NULL, &token_len, pms, pms_len)) + goto err; + token = OPENSSL_malloc(token_len); + if (!token) + goto err; + if (!EVP_PKEY_encrypt(pkey_ctx, token, &token_len, pms, pms_len)) + goto err; + if (!WPACKET_sub_memcpy_u8(pkt, token, token_len)) + goto err; + // сохранить pms + s->s3->tmp.pms = pms; + s->s3->tmp.pmslen = pms_len; + pms = NULL; + ret = 1; err: - if (pms) - OPENSSL_free(pms); - if (token) - OPENSSL_free(token); - if (pkey_ctx) - EVP_PKEY_CTX_free(pkey_ctx); - if (ret == 0) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - return ret; + if (pms) + OPENSSL_free(pms); + if (token) + OPENSSL_free(token); + if (pkey_ctx) + EVP_PKEY_CTX_free(pkey_ctx); + if (ret == 0) + SSLfatal(s, + SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return ret; } int btls_process_cke_bign_dht(SSL* s, PACKET* pkt) { int ret = 0; EVP_PKEY* pk = NULL; - EVP_PKEY_CTX* pkey_ctx = NULL; - unsigned char* pms = NULL; - size_t pms_len = 0; - const unsigned char* token; - unsigned int token_len; - // подготовить личный ключ - pk = s->cert->pkeys[SSL_PKEY_BIGN].privatekey; - if (pk == NULL) - goto err; - pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); - if (pkey_ctx == NULL) - goto err; - if (!EVP_PKEY_decrypt_init(pkey_ctx)) - goto err; - // извлечь токен ключа - if (!PACKET_get_1(pkt, &token_len) || - !PACKET_get_bytes(pkt, &token, token_len) || - PACKET_remaining(pkt) != 0) - goto err; - // снять защиту с токена - if (!EVP_PKEY_decrypt(pkey_ctx, NULL, &pms_len, token, token_len) || - pms_len != 48) - goto err; - pms = (unsigned char*)OPENSSL_malloc(pms_len); - if (!EVP_PKEY_decrypt(pkey_ctx, pms, &pms_len, token, token_len)) - goto err; - if (!ssl_generate_master_secret(s, pms, pms_len, 0)) - goto err; - ret = 1; + EVP_PKEY_CTX* pkey_ctx = NULL; + unsigned char* pms = NULL; + size_t pms_len = 0; + const unsigned char* token; + unsigned int token_len; + // подготовить личный ключ + pk = s->cert->pkeys[SSL_PKEY_BIGN].privatekey; + if (pk == NULL) + goto err; + pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); + if (pkey_ctx == NULL) + goto err; + if (!EVP_PKEY_decrypt_init(pkey_ctx)) + goto err; + // извлечь токен ключа + if (!PACKET_get_1(pkt, &token_len) || + !PACKET_get_bytes(pkt, &token, token_len) || PACKET_remaining(pkt) != 0) + goto err; + // снять защиту с токена + if (!EVP_PKEY_decrypt(pkey_ctx, NULL, &pms_len, token, token_len) || + pms_len != 48) + goto err; + pms = (unsigned char*)OPENSSL_malloc(pms_len); + if (!EVP_PKEY_decrypt(pkey_ctx, pms, &pms_len, token, token_len)) + goto err; + if (!ssl_generate_master_secret(s, pms, pms_len, 0)) + goto err; + ret = 1; err: - if (pkey_ctx != NULL) - EVP_PKEY_CTX_free(pkey_ctx); - if (pms != NULL) - OPENSSL_free(pms); - if (ret == 0) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - return ret; + if (pkey_ctx != NULL) + EVP_PKEY_CTX_free(pkey_ctx); + if (pms != NULL) + OPENSSL_free(pms); + if (ret == 0) + SSLfatal(s, + SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + return ret; } /* diff --git a/btls/legacy/btls.h b/btls/legacy/btls.h index a5a1a34..ecdbbc7 100644 --- a/btls/legacy/btls.h +++ b/btls/legacy/btls.h @@ -35,17 +35,19 @@ extern "C" { #define NID_bash512 (NUM_NID + 3) #define NID_belt_dwpt (NUM_NID + 4) #define NID_belt_ctrt (NUM_NID + 5) -#define NID_belt_mac256 (NUM_NID + 6) -#define NID_bign_with_hbelt (NUM_NID + 7) -#define NID_bign_with_bash384 (NUM_NID + 8) -#define NID_bign_with_bash512 (NUM_NID + 9) -#define NID_bign_curve256v1 (NUM_NID + 10) -#define NID_bign_curve384v1 (NUM_NID + 11) -#define NID_bign_curve512v1 (NUM_NID + 12) -#define NID_kxbdhe (NUM_NID + 13) -#define NID_kxbdht (NUM_NID + 14) -#define NID_kxbdhe_psk (NUM_NID + 15) -#define NID_kxbdht_psk (NUM_NID + 16) +#define NID_belt_chet (NUM_NID + 6) +#define NID_bash_prg_aet (NUM_NID + 7) +#define NID_belt_mac256 (NUM_NID + 8) +#define NID_bign_with_hbelt (NUM_NID + 9) +#define NID_bign_with_bash384 (NUM_NID + 10) +#define NID_bign_with_bash512 (NUM_NID + 11) +#define NID_bign_curve256v1 (NUM_NID + 12) +#define NID_bign_curve384v1 (NUM_NID + 13) +#define NID_bign_curve512v1 (NUM_NID + 14) +#define NID_kxbdhe (NUM_NID + 15) +#define NID_kxbdht (NUM_NID + 16) +#define NID_kxbdhe_psk (NUM_NID + 17) +#define NID_kxbdht_psk (NUM_NID + 18) /* ssl_local.h */ #define SSL_kBDHE 0x00000200U @@ -57,6 +59,8 @@ extern "C" { #define SSL_BELTCTR 0x00400000U #define SSL_BELTDWP 0x00800000U +#define SSL_BELTCHE 0x01000000U +#define SSL_BASHPRGAE 0x02000000U #define SSL_BELTMAC 0x00000400U #define SSL_HBELT 0x00000800U @@ -88,6 +92,11 @@ extern "C" { #define SSL_TXT_BELTCTR "BELTCTR" #define SSL_TXT_BELTMAC "BELTMAC" #define SSL_TXT_BELTDWP "BELTDWP" +#define SSL_TXT_BELTCHE "BELTCHE" +#define SSL_TXT_BASHPRGAE "BASHPRGAE" + +# define EVP_BELTCHE_TLS_TAG_LEN 8 +# define EVP_BASHPRGAE_TLS_TAG_LEN 32 /* tls1.h */ # define TLS_CT_BIGN_SIGN 231 @@ -128,6 +137,17 @@ extern "C" { # define BTLS1_TXT_DHT_PSK_BIGN_WITH_BELT_DWP_HBELT\ "DHT-PSK-BIGN-WITH-BELT-DWP-HBELT" +# define BTLS1_RFC_BELT_CHE256_BELT_HASH\ + "BTLS_BELT_CHE256_BELT_HASH" +# define BTLS1_TXT_BELT_CHE256_BELT_HASH\ + "BTLS_BELT_CHE256_BELT_HASH" +# define BTLS1_3_CK_BELT_CHE256_BELT_HASH 0x0300ff1d + +# define BTLS1_RFC_BASH_PRG_AE256_BASH256\ + "BTLS_BASH_PRG_AE256_BASH256" +# define BTLS1_TXT_BASH_PRG_AE256_BASH256\ + "BTLS_BASH_PRG_AE256_BASH256" +# define BTLS1_3_CK_BASH_PRG_AE256_BASH256 0x0300ff1e /* t1_lib.c */ #define BIGN_CURVE256V1_ID 31 /* indices in TLS_GROUP_INFO nid_list[] */ diff --git a/btls/patch/OpenSSL_1_1_1i.patch b/btls/patch/OpenSSL_1_1_1i.patch index 60ea0d1..0750331 100644 --- a/btls/patch/OpenSSL_1_1_1i.patch +++ b/btls/patch/OpenSSL_1_1_1i.patch @@ -9,8 +9,43 @@ index bb2f1deb..e15d5cb0 100644 - statem/statem.c record/ssl3_record_tls13.c + statem/statem.c record/ssl3_record_tls13.c \ + btls.c +diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c +index ab50e376..3aeebc28 100644 +--- a/ssl/record/ssl3_record_tls13.c ++++ b/ssl/record/ssl3_record_tls13.c +@@ -10,6 +10,8 @@ + #include "../ssl_local.h" + #include "record_local.h" + #include "internal/cryptlib.h" ++#include "../btls.h" ++#include + + /*- + * tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for +@@ -107,7 +109,11 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) + taglen = EVP_GCM_TLS_TAG_LEN; + } else if (alg_enc & SSL_CHACHA20) { + taglen = EVP_CHACHAPOLY_TLS_TAG_LEN; +- } else { ++ } else if (alg_enc & SSL_BELTCHE) { ++ taglen = EVP_BELTCHE_TLS_TAG_LEN; ++ } else if (alg_enc & SSL_BASHPRGAE) { ++ taglen = EVP_BASHPRGAE_TLS_TAG_LEN; ++ } else { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC, + ERR_R_INTERNAL_ERROR); + return -1; +@@ -171,7 +177,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) + * any AAD. + */ + if (((alg_enc & SSL_AESCCM) != 0 +- && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, ++ && EVP_CipherUpdate(ctx, NULL, &lenu, NULL, + (unsigned int)rec->length) <= 0) + || EVP_CipherUpdate(ctx, NULL, &lenu, recheader, + sizeof(recheader)) <= 0 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 4511b52c..49190d3a 100644 +index 4511b52c..c8aa86df 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -17,6 +17,7 @@ @@ -18,10 +53,49 @@ index 4511b52c..49190d3a 100644 #include #include "internal/cryptlib.h" +#include "btls.h" - + #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) -@@ -3174,6 +3175,135 @@ static SSL_CIPHER ssl3_ciphers[] = { +@@ -111,6 +112,38 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_HANDSHAKE_MAC_SHA256, + 128, + 128, ++ }, ++{ ++ 1, ++ BTLS1_RFC_BELT_CHE256_BELT_HASH, ++ BTLS1_RFC_BELT_CHE256_BELT_HASH, ++ BTLS1_3_CK_BELT_CHE256_BELT_HASH, ++ SSL_kANY, ++ SSL_aANY, ++ SSL_BELTCHE, ++ SSL_AEAD, ++ TLS1_3_VERSION, TLS1_3_VERSION, ++ 0, 0, ++ SSL_HIGH, ++ SSL_HANDSHAKE_MAC_HBELT | TLS1_PRF_HBELT, ++ 256, ++ 256, ++ }, ++{ ++ 1, ++ BTLS1_RFC_BASH_PRG_AE256_BASH256, ++ BTLS1_RFC_BASH_PRG_AE256_BASH256, ++ BTLS1_3_CK_BASH_PRG_AE256_BASH256, ++ SSL_kANY, ++ SSL_aANY, ++ SSL_BASHPRGAE, ++ SSL_AEAD, ++ TLS1_3_VERSION, TLS1_3_VERSION, ++ 0, 0, ++ SSL_HIGH, ++ SSL_HANDSHAKE_MAC_HBELT | TLS1_PRF_HBELT, ++ 256, ++ 256, + } + }; + +@@ -3174,6 +3207,135 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, }, #endif /* OPENSSL_NO_ARIA */ @@ -155,12 +229,12 @@ index 4511b52c..49190d3a 100644 + 256, + }, }; - + /* -@@ -4342,6 +4472,11 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) +@@ -4342,6 +4504,11 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt) && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN); #endif - + + if (s->version >= TLS1_VERSION && (alg_k & SSL_kBDHE)) + return WPACKET_put_bytes_u8(pkt, TLS_CT_BIGN_SIGN); + if (s->version >= TLS1_VERSION && (alg_k & SSL_kBDHTPSK)) @@ -191,7 +265,7 @@ index 0c47241c..76c52283 100644 + {NID_bign_pubkey, SSL_aBIGN}, /* SSL_PKEY_BIGN */ }; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 735a483c..c3272d44 100644 +index 735a483c..e1716af3 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -20,6 +20,7 @@ @@ -199,7 +273,7 @@ index 735a483c..c3272d44 100644 #include "internal/thread_once.h" #include "internal/cryptlib.h" +#include "btls.h" - + #define SSL_ENC_DES_IDX 0 #define SSL_ENC_3DES_IDX 1 @@ -43,7 +44,7 @@ @@ -207,20 +281,22 @@ index 735a483c..c3272d44 100644 #define SSL_ENC_ARIA128GCM_IDX 20 #define SSL_ENC_ARIA256GCM_IDX 21 -#define SSL_ENC_NUM_IDX 22 -+#define SSL_ENC_NUM_IDX 24 - ++#define SSL_ENC_NUM_IDX 26 + /* NB: make sure indices in these tables match values above */ - -@@ -76,6 +77,8 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { + +@@ -76,6 +77,10 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */ {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ + {SSL_BELTCTR, NID_belt_ctrt}, /* SSL_ENC_BELTCTR_IDX 22 */ + {SSL_BELTDWP, NID_belt_dwpt}, /* SSL_ENC_BELTDWP_IDX 23 */ ++ {SSL_BELTCHE, NID_belt_chet}, ++ {SSL_BASHPRGAE, NID_bash_prg_aet}, }; - + static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]; -@@ -110,11 +113,15 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { +@@ -110,11 +115,15 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ @@ -231,14 +307,14 @@ index 735a483c..c3272d44 100644 + {SSL_BASH384, NID_bash384}, /* SSL_MD_BASH384_IDX 14 */ + {SSL_BASH512, NID_bash512} /* SSL_MD_BASH512_IDX 15 */ }; - + static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; - + /* *INDENT-OFF* */ -@@ -128,7 +135,11 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { +@@ -128,7 +137,11 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { {SSL_kPSK, NID_kx_psk}, {SSL_kSRP, NID_kx_srp}, {SSL_kGOST, NID_kx_gost}, @@ -249,9 +325,9 @@ index 735a483c..c3272d44 100644 + {SSL_kBDHEPSK, NID_kxbdhe_psk}, + {SSL_kBDHTPSK, NID_kxbdht_psk} }; - + static const ssl_cipher_table ssl_cipher_table_auth[] = { -@@ -172,7 +183,9 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { +@@ -172,7 +185,9 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { /* GOST2012_512 */ EVP_PKEY_HMAC, /* MD5/SHA1, SHA224, SHA512 */ @@ -260,9 +336,9 @@ index 735a483c..c3272d44 100644 + /* BELTMAC BELTHASH */ + NID_undef, NID_undef }; - + static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX]; -@@ -228,6 +241,10 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -228,6 +243,10 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK}, {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP}, {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST}, @@ -270,38 +346,39 @@ index 735a483c..c3272d44 100644 + {0, SSL_TXT_kBDHT, NULL, 0, SSL_kBDHT}, + {0, SSL_TXT_kBDHEPSK, NULL, 0, SSL_kBDHEPSK}, + {0, SSL_TXT_kBDHTPSK, NULL, 0, SSL_kBDHTPSK}, - + /* server authentication aliases */ {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA}, -@@ -241,6 +258,7 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -241,6 +260,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12}, {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12}, {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP}, + {0, SSL_TXT_aBIGN, NULL, 0, SSL_aBIGN}, - + /* aliases combining key exchange and server authentication */ {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL}, -@@ -280,6 +298,8 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -280,6 +300,9 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM}, {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM}, {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM}, + {0, SSL_TXT_BELTCTR, NULL, 0, 0, 0, SSL_BELTCTR}, + {0, SSL_TXT_BELTDWP, NULL, 0, 0, 0, SSL_BELTDWP}, - ++ {0, SSL_TXT_BELTCHE, NULL, 0, 0, 0, SSL_BELTCHE}, + /* MAC aliases */ {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5}, -@@ -290,6 +310,7 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -290,6 +313,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256}, {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384}, {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256}, + {0, SSL_TXT_BELTMAC, NULL, 0, 0, 0, 0, SSL_BELTMAC}, - + /* protocol version aliases */ {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION}, -@@ -445,6 +466,15 @@ int ssl_load_ciphers(void) +@@ -445,6 +469,15 @@ int ssl_load_ciphers(void) (SSL_aGOST01 | SSL_aGOST12)) disabled_mkey_mask |= SSL_kGOST; - + + ssl_mac_pkey_id[SSL_MD_BELTMAC_IDX] = get_optional_pkey_id("belt-mac256"); + if (ssl_mac_pkey_id[SSL_MD_BELTMAC_IDX]) + ssl_mac_secret_size[SSL_MD_BELTMAC_IDX] = 32; @@ -313,8 +390,8 @@ index 735a483c..c3272d44 100644 + return 1; } - -@@ -1686,6 +1716,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) + +@@ -1686,6 +1719,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kGOST: kx = "GOST"; break; @@ -333,7 +410,7 @@ index 735a483c..c3272d44 100644 case SSL_kANY: kx = "any"; break; -@@ -1719,6 +1761,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1719,6 +1764,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case (SSL_aGOST12 | SSL_aGOST01): au = "GOST12"; break; @@ -343,7 +420,7 @@ index 735a483c..c3272d44 100644 case SSL_aANY: au = "any"; break; -@@ -1792,6 +1837,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1792,6 +1840,15 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_CHACHA20POLY1305: enc = "CHACHA20/POLY1305(256)"; break; @@ -352,11 +429,14 @@ index 735a483c..c3272d44 100644 + break; + case SSL_BELTDWP: + enc = "BELTDWP"; ++ break; ++ case SSL_BELTCHE: ++ enc = "BELTCHE"; + break; default: enc = "unknown"; break; -@@ -1824,6 +1875,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1824,6 +1881,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_GOST12_512: mac = "GOST2012"; break; @@ -375,19 +455,19 @@ index d083d959..d34a8e0c 100644 #include "ssl_local.h" #include "internal/thread_once.h" +#include "btls.h" - + static int stopped; - + @@ -202,6 +203,9 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) opts |= OPENSSL_INIT_LOAD_CONFIG; #endif - + + if (!btls_init()) + return 0; + if (!OPENSSL_init_crypto(opts, settings)) return 0; - + diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 98057921..4ce809a5 100644 --- a/ssl/ssl_lib.c @@ -397,13 +477,13 @@ index 98057921..4ce809a5 100644 #include "internal/cryptlib.h" #include "internal/refcount.h" +#include "btls.h" - + const char SSL_version_str[] = OPENSSL_VERSION_TEXT; - + @@ -3343,6 +3344,11 @@ void ssl_set_masks(SSL *s) } #endif - + + if (ssl_has_cert(s, SSL_PKEY_BIGN)){ + mask_k |= SSL_kBDHE | SSL_kBDHT | SSL_kBDHTPSK; + mask_a |= SSL_aBIGN; @@ -411,11 +491,11 @@ index 98057921..4ce809a5 100644 + if (rsa_enc) mask_k |= SSL_kRSA; - + @@ -3396,6 +3402,10 @@ void ssl_set_masks(SSL *s) mask_k |= SSL_kECDHE; #endif - + +#ifndef OPENSSL_NO_BDHE_PSK + mask_k |= SSL_kBDHEPSK; +#endif @@ -432,16 +512,16 @@ index 8ddbde77..de1152dc 100644 # include "internal/refcount.h" # include "internal/tsan_assist.h" +# include "btls.h" - + # ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN @@ -179,7 +180,7 @@ - + /* all PSK */ - + -# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) +# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK | SSL_kBDHEPSK | SSL_kBDHTPSK) - + /* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */ # define SSL_kANY 0x00000000U @@ -205,7 +206,7 @@ @@ -450,7 +530,7 @@ index 8ddbde77..de1152dc 100644 #define SSL_aCERT \ - (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12) + (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12 | SSL_aBIGN) - + /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001U @@ -270,7 +271,7 @@ @@ -459,16 +539,16 @@ index 8ddbde77..de1152dc 100644 # define SSL_MD_SHA512_IDX 11 -# define SSL_MAX_DIGEST 12 +# define SSL_MAX_DIGEST 16 - + /* Bits for algorithm2 (handshake digests and other extra flags) */ - + @@ -383,7 +384,7 @@ # define SSL_PKEY_GOST12_512 6 # define SSL_PKEY_ED25519 7 # define SSL_PKEY_ED448 8 -# define SSL_PKEY_NUM 9 +# define SSL_PKEY_NUM 10 - + /*- * SSL_kRSA <- RSA_ENC diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c @@ -476,7 +556,7 @@ index bcce0f1d..1ffe8200 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -130,7 +130,7 @@ static int use_ecc(SSL *s) - + alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; - if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) @@ -510,10 +590,10 @@ index 3420ce65..22a44781 100644 + | SSL_kSRP | SSL_kBDHE | SSL_kBDHEPSK | SSL_kBDHTPSK)) { return 1; } - + @@ -2277,7 +2277,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } - + /* Nothing else to do for plain PSK or RSAPSK */ - if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) { + if (alg_k & (SSL_kPSK | SSL_kRSAPSK | SSL_kBDHTPSK)) { @@ -562,7 +642,7 @@ index 3420ce65..22a44781 100644 + } return 1; } - + diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index cf45a40c..89b1ec42 100644 --- a/ssl/statem/statem_srvr.c @@ -614,13 +694,13 @@ index cf45a40c..89b1ec42 100644 if ((s->srp_ctx.N == NULL) || @@ -2673,7 +2682,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } - + #ifndef OPENSSL_NO_PSK - if (type & SSL_PSK) { + if ((type & SSL_PSK) && (s->s3->tmp.new_cipher->algorithm_mkey != SSL_kBDHEPSK)) { size_t len = (s->cert->psk_identity_hint == NULL) ? 0 : strlen(s->cert->psk_identity_hint); - + @@ -3496,6 +3505,16 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) /* SSLfatal() already called */ goto err; @@ -647,7 +727,7 @@ index 48d46f8a..71f861c0 100644 #include "ssl_local.h" #include +#include "btls.h" - + static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); @@ -169,6 +170,9 @@ static const TLS_GROUP_INFO nid_list[] = { @@ -658,7 +738,7 @@ index 48d46f8a..71f861c0 100644 + {NID_bign_curve384v1, 192, TLS_CURVE_CUSTOM}, /* BIGN_CURVE384V1_ID (32) */ + {NID_bign_curve512v1, 256, TLS_CURVE_CUSTOM}, /* BIGN_CURVE512V1_ID (33) */ }; - + static const unsigned char ecformats_default[] = { @@ -674,6 +678,9 @@ static const uint16_t tls12_sigalgs[] = { TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, @@ -668,7 +748,7 @@ index 48d46f8a..71f861c0 100644 + TLSEXT_SIGALG_bign_sign_192, + TLSEXT_SIGALG_bign_sign_256 }; - + #ifndef OPENSSL_NO_EC @@ -769,8 +776,20 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, @@ -698,13 +778,13 @@ index 48d46f8a..71f861c0 100644 tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448); + tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_BIGN); } - + /* User level utility function to check a chain is suitable */ diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c -index e2c397b7..08f80f8d 100644 +index e2c397b7..afa46acf 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c -@@ -443,6 +443,14 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { +@@ -443,6 +443,16 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, {0xFF85, "GOST2012-GOST8912-GOST8912"}, {0xFF87, "GOST2012-NULL-GOST12"}, @@ -716,10 +796,12 @@ index e2c397b7..08f80f8d 100644 + {0xFF1A, "BDHE-PSK-BIGN_WITH-BELT-DWP-HBELT"}, + {0xFF1B, "BDHT-PSK-BIGN_WITH-BELT-CTR-MAC-HBELT"}, + {0xFF1C, "BDHT-PSK-BIGN_WITH-BELT-DWP-HBELT"}, ++ {0xFF1D, "BELT-CHE256-BELT-HASH"}, ++ {0xFF1E, "BASH-PRG_AE256-BASH256"}, }; - + /* Compression methods */ -@@ -572,6 +580,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { +@@ -572,6 +582,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"}, {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"}, {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"}, @@ -727,5 +809,78 @@ index e2c397b7..08f80f8d 100644 + {TLSEXT_SIGALG_bign_sign_192, "bign_auth192"}, + {TLSEXT_SIGALG_bign_sign_256, "bign_auth256"}, }; - + static const ssl_trace_tbl ssl_ctype_tbl[] = { +diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c +index b8fb07f2..30fffc3d 100644 +--- a/ssl/tls13_enc.c ++++ b/ssl/tls13_enc.c +@@ -8,6 +8,7 @@ + */ + + #include ++#include "btls.h" + #include "ssl_local.h" + #include "internal/cryptlib.h" + #include +@@ -369,6 +370,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, + size_t ivlen, keylen, taglen; + int hashleni = EVP_MD_size(md); + size_t hashlen; ++ uint32_t algenc; + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { +@@ -386,28 +388,34 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, + + /* TODO(size_t): convert me */ + keylen = EVP_CIPHER_key_length(ciph); ++ ++ ivlen = EVP_CCM_TLS_IV_LEN; ++ if (s->s3->tmp.new_cipher != NULL) { ++ algenc = s->s3->tmp.new_cipher->algorithm_enc; ++ } else if (s->session->cipher != NULL) { ++ /* We've not selected a cipher yet - we must be doing early data */ ++ algenc = s->session->cipher->algorithm_enc; ++ } else if (s->psksession != NULL && s->psksession->cipher != NULL) { ++ /* We must be doing early data with out-of-band PSK */ ++ algenc = s->psksession->cipher->algorithm_enc; ++ } else { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, ++ ERR_R_EVP_LIB); ++ goto err; ++ } ++ + if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) { +- uint32_t algenc; +- +- ivlen = EVP_CCM_TLS_IV_LEN; +- if (s->s3->tmp.new_cipher != NULL) { +- algenc = s->s3->tmp.new_cipher->algorithm_enc; +- } else if (s->session->cipher != NULL) { +- /* We've not selected a cipher yet - we must be doing early data */ +- algenc = s->session->cipher->algorithm_enc; +- } else if (s->psksession != NULL && s->psksession->cipher != NULL) { +- /* We must be doing early data with out-of-band PSK */ +- algenc = s->psksession->cipher->algorithm_enc; +- } else { +- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, +- ERR_R_EVP_LIB); +- goto err; +- } + if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) + taglen = EVP_CCM8_TLS_TAG_LEN; +- else ++ else + taglen = EVP_CCM_TLS_TAG_LEN; +- } else { ++ } else if (algenc & SSL_BELTCHE) { ++ ivlen = EVP_CIPHER_iv_length(ciph); ++ taglen = EVP_BELTCHE_TLS_TAG_LEN; ++ } else if (algenc & SSL_BASHPRGAE) { ++ ivlen = EVP_CIPHER_iv_length(ciph); ++ taglen = EVP_BASHPRGAE_TLS_TAG_LEN; ++ } else { + ivlen = EVP_CIPHER_iv_length(ciph); + taglen = 0; + } diff --git a/include/bee2evp/bee2evp.h b/include/bee2evp/bee2evp.h index da3aa6e..17116d9 100644 --- a/include/bee2evp/bee2evp.h +++ b/include/bee2evp/bee2evp.h @@ -415,6 +415,21 @@ extern const char LN_bash_prg_ae2561[]; */ const EVP_CIPHER* evpBashPrgAe2561(); +/* bash-prg-aet */ +extern const char OID_bash_prg_aet[]; +#ifndef NID_bash_prg_aet +extern const char SN_bash_prg_aet[]; +extern const char LN_bash_prg_aet[]; +#define NID_bash_prg_aet OBJ_sn2nid(SN_bash_prg_aet) +#endif + +/*! \brief Описание алгоритмов belt-chet + + Возвращается описание алгоритмов belt-chet (редакция belt-che для TLS). + \return Описание алгоритмов. +*/ +const EVP_CIPHER* evpBashPrgAET(); + /*! \brief Описание алгоритмов belt-dwpt Возвращается описание алгоритмов belt-dwpt (редакция belt-dwp для TLS). diff --git a/new111i.patch b/new111i.patch new file mode 100644 index 0000000..d42b507 --- /dev/null +++ b/new111i.patch @@ -0,0 +1,304 @@ +diff --git a/bee2 b/bee2 +--- a/bee2 ++++ b/bee2 +@@ -1 +1 @@ +-Subproject commit fff3273aa9d020280f101a240a9989dfafb14d3a ++Subproject commit fff3273aa9d020280f101a240a9989dfafb14d3a-dirty +diff --git a/scripts/source.sh b/scripts/source.sh +index 58a6006..b19b40c 100644 +--- a/scripts/source.sh ++++ b/scripts/source.sh +@@ -22,7 +22,7 @@ usage() { + echo " -s, setup" + echo " -b, build (=bb+bo+be)" + echo " -bb, build Bee2" +- echo " -bo, build OpenSSL" ++ echo " -bo, build OpenSSL" + echo " -be, build Bee2evp" + echo " -t, test" + echo " -h, --help display this help and exit" +@@ -148,7 +148,7 @@ system_opt(){ + arch=$(uname -m) + + echo "System detection: OS=$os_name, Arch=$arch" +- ++ + case "$os_name" in + Linux) + # Linux distribution detection +@@ -165,7 +165,7 @@ system_opt(){ + ossl_config="Cygwin-$arch" + ;; + *) +- # Fallback for unknown systems ++ # Fallback for unknown systems + echo "Unknown system. Default settings are used." + ;; + esac +@@ -212,7 +212,7 @@ patch_openssl(){ + then + btls_srcs_path=$bee2evp/btls + cat $btls_srcs_path/objects.txt >> $openssl/crypto/objects/objects.txt +- else ++ else + btls_srcs_path=$bee2evp/btls/legacy + fi + cp $btls_srcs_path/btls.c ./ssl/ +@@ -223,7 +223,7 @@ patch_openssl(){ + build_bee2(){ + green echo "[-] build bee2" + mkdir -p $build_bee2 && cd $build_bee2 +- cmake -DCMAKE_BUILD_TYPE=Release \ ++ cmake -DCMAKE_BUILD_TYPE=$build_type \ + -DBUILD_PIC=ON \ + -DCMAKE_INSTALL_PREFIX=$local \ + -DCMAKE_INSTALL_LIBDIR=$lib_path $bee2 +@@ -309,15 +309,15 @@ test_bee2evp(){ + sed -e "s|$lib_path:||") + } + +-setup(){ +- green echo "Setup..." +- clean +- check_prereq +- check_openssl_tag +- update_repos +- patch_openssl +- green echo "Setup ended" +-} ++# setup(){ ++# green echo "Setup..." ++# clean ++# check_prereq ++# check_openssl_tag ++# update_repos ++# patch_openssl ++# green echo "Setup ended" ++# } + + build(){ + green echo "Building..." +@@ -330,6 +330,6 @@ build(){ + if $enable_bee2evp; then + build_bee2evp + attach_bee2evp +- fi ++ fi + green echo "Build ended" + } +diff --git a/src/belt_tls.c b/src/belt_tls.c +index 2513b26..48387d7 100644 +--- a/src/belt_tls.c ++++ b/src/belt_tls.c +@@ -317,50 +317,149 @@ static int evpBeltCHET_cipher( + EVP_CIPHER_CTX* ctx, octet* out, const octet* in, size_t len) + { + belt_chet_ctx* state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); +- // выполняются соглашения libssl? +- if (out != in || !state->aad_len || len < 8 + 8) +- return -1; +- // обработать явную синхропосылку +- if (EVP_CIPHER_CTX_encrypting(ctx)) +- { +- // записать синхропосылку в начало фрагмента +- memMove(out + 8, in, len); +- ASSERT(!memEq(state->aad, state->iv + 8, 8)); +- memCopy(out, state->aad, 8); +- memCopy(state->iv + 8, state->aad, 8); ++ // size_t outlen = 0; ++ int enc = EVP_CIPHER_CTX_encrypting(ctx); ++ ++ if (out == NULL) { ++ if (in) { ++ memCopy(state->aad, in, len); ++ state->aad_len = len; ++ return len; ++ } else { ++ return 0; ++ } + } +- else +- // прочитать синхропосылку из начала фрагмента +- memCopy(state->iv + 8, out, 8); +- in += 8, out += 8, len -= 8; +- // запустить шифр +- beltCHEStart(state->state, state->key, 32, state->iv); +- // обработать открытые (ассоциированные) данные +- beltCHEStepI(state->aad, state->aad_len, state->state); +- // обработать фрагмент (без имитовставки) +- len -= 8; +- if (EVP_CIPHER_CTX_encrypting(ctx)) +- { +- beltCHEStepE(out, len, state->state); +- beltCHEStepA(out, len, state->state); +- beltCHEStepG(out + len, state->state); +- len += 8 + 8; ++ ++ if (out && in) { ++ if (enc) { ++ memMove(out, in, len); ++ // memCopy(out, state->aad, 8); ++ memCopy(state->iv + 8, state->aad, 8); ++ } else { ++ memCopy(state->iv + 8, state->aad, 8); ++ } ++ ++ beltCHEStart(state->state, state->key, 32, state->iv); ++ beltCHEStepI(state->aad, state->aad_len, state->state); + } +- else +- { +- beltCHEStepA(out, len, state->state); +- if (!beltCHEStepV(out + len, state->state)) +- { +- memWipe(out, len); +- return -1; ++ ++ if (in) { ++ if (enc) { ++ beltCHEStepE(out, len, state->state); ++ beltCHEStepA(out, len, state->state); ++ beltCHEStepG(out + len, state->state); ++ memCopy(state->tag, out + len, 8); ++ // len += 8; ++ } else { ++ // beltCHEStepA(out, len, state->state); ++ // beltCHEStepA(out, len, state->state); ++ beltCHEStepA(out, len, state->state); ++ // beltCHEStepG(out + len, state->state); ++ ++ if (!beltCHEStepV(state->tag, state->state)) ++ { ++ memWipe(out, len); ++ return -1; ++ } ++ // if (!memEq(state->tag, out + len, 8)) ++ // { ++ // memWipe(out, len); ++ // return -1; ++ // } ++ ++ beltCHEStepD(out, len, state->state); ++ // memMove(out - 8, out, len); + } +- beltCHEStepD(out, len, state->state); +- memMove(out - 8, out, len); ++ return len; ++ } else { ++ // // Final. ++ // if (enc) { ++ // beltCHEStepG(out + 8 + len, state->state); ++ // memCopy(state->tag, out + 8 + len, 8); ++ // } else { ++ // if (!beltCHEStepV(out + 8 + len, state->state)) { ++ // return -1; ++ // } ++ // } ++ return 0; + } +- // число октетов, записанных в out +- return (int)len; + } + ++// static int evpBeltCHET_cipher( ++// EVP_CIPHER_CTX* ctx, octet* out, const octet* in, size_t inlen) ++// { ++// belt_chet_ctx* state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); ++// size_t outlen = 0; ++// // завершение? ++// if (!in) ++// { ++// if (EVP_CIPHER_CTX_encrypting(ctx)) ++// { ++// // вычислить и отправить имитовставку ++// beltCHEStepG(out, state->state); ++// return 8; ++// } ++// // проверить имитовставку ++// if (state->block_len != 8 || !beltCHEStepV(state->block, state->state)) ++// return -1; ++// return 0; ++// } ++// // открытые данные? ++// if (!out) ++// { ++// beltCHEStepI(in, inlen, state->state); ++// return 0; ++// } ++// // установить защиту ++// if (EVP_CIPHER_CTX_encrypting(ctx)) ++// { ++// // обработать критические данные ++// memMove(out, in, inlen); ++// beltCHEStepE(out, inlen, state->state); ++// beltCHEStepA(out, inlen, state->state); ++// outlen = inlen; ++// } ++// // снять защиту ++// else ++// { ++// // есть что обрабатывать? ++// if (state->block_len + inlen > 8) ++// { ++// // сколько всего обработать октетов ++// size_t l = state->block_len + inlen - 8; ++// // сколько обработать октетов block ++// size_t lb = MIN2(state->block_len, l); ++// // обработать октеты block ++// memCopy(out, state->block, lb); ++// beltCHEStepA(out, lb, state->state); ++// beltCHEStepD(out, lb, state->state); ++// out += lb, outlen += lb; ++// // обработать октеты in ++// memMove(out, in, l - lb); ++// beltCHEStepA(out, l - lb, state->state); ++// beltCHEStepD(out, l - lb, state->state); ++// out += l - lb, outlen += l - lb; ++// // обновить block ++// if (lb < state->block_len) ++// { ++// memMove(state->block, state->block + lb, state->block_len - lb); ++// memCopy(state->block + lb, in, 8 - state->block_len + lb); ++// } ++// else ++// memCopy(state->block, in + inlen - 8, 8); ++// state->block_len = 8; ++// } ++// // обрабатывать нечего, просто расширить блок ++// else ++// { ++// memCopy(state->block + state->block_len, in, inlen); ++// state->block_len += inlen; ++// } ++// } ++// return (int)outlen; ++// } ++ ++ + static int evpBeltCHET_cleanup(EVP_CIPHER_CTX* ctx) + { + blobClose(EVP_CIPHER_CTX_get_blob(ctx)); +@@ -400,7 +499,9 @@ static int evpBeltCHET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) + if (p1 != 8) + return 0; + state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); +- memCopy(state->tag, p2, 8); ++ if (p2 != NULL) { ++ memCopy(state->tag, p2, 8); ++ } + return 1; + case EVP_CTRL_AEAD_GET_TAG: + if (p1 != 8) +diff --git a/utils/build_debian.sh b/utils/build_debian.sh +index 24b79c1..6bc7bc5 100644 +--- a/utils/build_debian.sh ++++ b/utils/build_debian.sh +@@ -169,7 +169,7 @@ patch_openssl(){ + build_bee2(){ + green echo "[-] build bee2" + mkdir -p $build_bee2 && cd $build_bee2 +- cmake -DCMAKE_BUILD_TYPE=Release \ ++ cmake -DCMAKE_BUILD_TYPE=Debug \ + -DBUILD_PIC=ON \ + -DCMAKE_INSTALL_PREFIX=$local \ + -DCMAKE_INSTALL_LIBDIR=$lib_path $bee2 diff --git a/scripts/source.sh b/scripts/source.sh index 58a6006..88aa89b 100644 --- a/scripts/source.sh +++ b/scripts/source.sh @@ -22,7 +22,7 @@ usage() { echo " -s, setup" echo " -b, build (=bb+bo+be)" echo " -bb, build Bee2" - echo " -bo, build OpenSSL" + echo " -bo, build OpenSSL" echo " -be, build Bee2evp" echo " -t, test" echo " -h, --help display this help and exit" @@ -148,7 +148,7 @@ system_opt(){ arch=$(uname -m) echo "System detection: OS=$os_name, Arch=$arch" - + case "$os_name" in Linux) # Linux distribution detection @@ -165,7 +165,7 @@ system_opt(){ ossl_config="Cygwin-$arch" ;; *) - # Fallback for unknown systems + # Fallback for unknown systems echo "Unknown system. Default settings are used." ;; esac @@ -212,7 +212,7 @@ patch_openssl(){ then btls_srcs_path=$bee2evp/btls cat $btls_srcs_path/objects.txt >> $openssl/crypto/objects/objects.txt - else + else btls_srcs_path=$bee2evp/btls/legacy fi cp $btls_srcs_path/btls.c ./ssl/ @@ -223,7 +223,7 @@ patch_openssl(){ build_bee2(){ green echo "[-] build bee2" mkdir -p $build_bee2 && cd $build_bee2 - cmake -DCMAKE_BUILD_TYPE=Release \ + cmake -DCMAKE_BUILD_TYPE=$build_type \ -DBUILD_PIC=ON \ -DCMAKE_INSTALL_PREFIX=$local \ -DCMAKE_INSTALL_LIBDIR=$lib_path $bee2 @@ -330,6 +330,6 @@ build(){ if $enable_bee2evp; then build_bee2evp attach_bee2evp - fi + fi green echo "Build ended" } diff --git a/server.cert b/server.cert new file mode 100644 index 0000000..c545501 --- /dev/null +++ b/server.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBujCCAXSgAwIBAgIUZPYbKRdW16hFH/5Z5fPSSaSW4hgwDQYJKnAAAgAiZS0M +BQAwOTEYMBYGA1UEAwwPd3d3LmV4YW1wbGUub3JnMRAwDgYDVQQKDAdCQ3J5cHRv +MQswCQYDVQQGEwJCWTAeFw0yNTExMTcxMTIyMTZaFw0yNTEyMTcxMTIyMTZaMDkx +GDAWBgNVBAMMD3d3dy5leGFtcGxlLm9yZzEQMA4GA1UECgwHQkNyeXB0bzELMAkG +A1UEBhMCQlkwXTAYBgoqcAACACJlLQIBBgoqcAACACJlLQMBA0EA+oPMSRtkuAL+ +8l4QJzojVAhTK10dF8W7rujA22yZrAz0Ghmtg8KiymngGi90eKzabM4DVQj3hTOD +RnP+bkT0GqNTMFEwHQYDVR0OBBYEFCKU3JkXhbufnIhgmtePqO1ZLtJOMB8GA1Ud +IwQYMBaAFCKU3JkXhbufnIhgmtePqO1ZLtJOMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KnAAAgAiZS0MBQADMQChjNEtBKsTukLeCkPNdJ9fzAMkPrCun2ssnOzDIo43Lk1E +Xod6zAT1G2BiVZ+9hjc= +-----END CERTIFICATE----- diff --git a/server.sk b/server.sk new file mode 100644 index 0000000..4620d47 --- /dev/null +++ b/server.sk @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MD8CAQAwGAYKKnAAAgAiZS0CAQYKKnAAAgAiZS0DAQQg3r7lFzAxejSFFvqc03aw +/wwPsn/9UQtd0oH68aBT1Ug= +-----END PRIVATE KEY----- diff --git a/src/belt_tls.c b/src/belt_tls.c index 2513b26..00aa5ed 100644 --- a/src/belt_tls.c +++ b/src/belt_tls.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "bee2evp/bee2evp.h" #include "bee2evp_lcl.h" @@ -110,12 +111,12 @@ const EVP_CIPHER* evpBeltDWPT() typedef struct belt_dwpt_ctx { - octet key[32]; /*< ключ */ - octet iv[16]; /*< синхропосылка */ - octet aad[16]; /*< заголовок TLS */ - size_t aad_len; /*< длина заголовка TLS */ - octet tag[8]; /*< имитовставка */ - mem_align_t state[]; /*< состояние beltDWP */ + octet key[32]; /*< ключ */ + octet iv[16]; /*< синхропосылка */ + octet aad[16]; /*< заголовок TLS */ + size_t aad_len; /*< длина заголовка TLS */ + octet tag[8]; /*< имитовставка */ + mem_align_t state[]; /*< состояние beltDWP */ } belt_dwpt_ctx; static int evpBeltDWPT_init( @@ -288,12 +289,12 @@ const EVP_CIPHER* evpBeltCHET() typedef struct belt_chet_ctx { - octet key[32]; /*< ключ */ - octet iv[16]; /*< синхропосылка */ - octet aad[16]; /*< заголовок TLS */ - size_t aad_len; /*< длина заголовка TLS */ - octet tag[8]; /*< имитовставка */ - mem_align_t state[]; /*< состояние beltCHE */ + octet key[32]; + octet iv[16]; + octet aad[16]; + size_t aad_len; + octet tag[8]; + mem_align_t state[]; } belt_chet_ctx; static int evpBeltCHET_init( @@ -317,48 +318,76 @@ static int evpBeltCHET_cipher( EVP_CIPHER_CTX* ctx, octet* out, const octet* in, size_t len) { belt_chet_ctx* state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - // выполняются соглашения libssl? - if (out != in || !state->aad_len || len < 8 + 8) - return -1; - // обработать явную синхропосылку - if (EVP_CIPHER_CTX_encrypting(ctx)) + int enc = EVP_CIPHER_CTX_encrypting(ctx); + + // if (!out && in && len == 5) + // { + // memCopy(state->ann, state->iv, 16); // S + // memCopy(state->ann + 16, in, 5); // I + // memSet(state->ann + 21, 0, 3); // 0^24 + + // state->ann_len = 24; + + // return 1; + // } + + if (out == NULL) { - // записать синхропосылку в начало фрагмента - memMove(out + 8, in, len); - ASSERT(!memEq(state->aad, state->iv + 8, 8)); - memCopy(out, state->aad, 8); - memCopy(state->iv + 8, state->aad, 8); + if (in) + { + memCopy(state->aad, in, len); + state->aad_len = len; + return len; + } + else + { + return 0; + } } - else - // прочитать синхропосылку из начала фрагмента - memCopy(state->iv + 8, out, 8); - in += 8, out += 8, len -= 8; - // запустить шифр - beltCHEStart(state->state, state->key, 32, state->iv); - // обработать открытые (ассоциированные) данные - beltCHEStepI(state->aad, state->aad_len, state->state); - // обработать фрагмент (без имитовставки) - len -= 8; - if (EVP_CIPHER_CTX_encrypting(ctx)) + + if (out && in) { - beltCHEStepE(out, len, state->state); - beltCHEStepA(out, len, state->state); - beltCHEStepG(out + len, state->state); - len += 8 + 8; + if (enc) + { + memMove(out, in, len); + memCopy(state->iv + 8, state->aad, 8); + } + else + { + memCopy(state->iv + 8, state->aad, 8); + } + + beltCHEStart(state->state, state->key, 32, state->iv); + beltCHEStepI(state->aad, state->aad_len, state->state); } - else + + if (in) { - beltCHEStepA(out, len, state->state); - if (!beltCHEStepV(out + len, state->state)) + if (enc) { - memWipe(out, len); - return -1; + beltCHEStepE(out, len, state->state); + beltCHEStepA(out, len, state->state); + beltCHEStepG(out + len, state->state); + memCopy(state->tag, out + len, 8); } - beltCHEStepD(out, len, state->state); - memMove(out - 8, out, len); + else + { + beltCHEStepA(out, len, state->state); + + if (!beltCHEStepV(state->tag, state->state)) + { + memWipe(out, len); + return -1; + } + + beltCHEStepD(out, len, state->state); + } + return len; + } + else + { + return 0; } - // число октетов, записанных в out - return (int)len; } static int evpBeltCHET_cleanup(EVP_CIPHER_CTX* ctx) @@ -400,7 +429,10 @@ static int evpBeltCHET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) if (p1 != 8) return 0; state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - memCopy(state->tag, p2, 8); + if (p2 != NULL) + { + memCopy(state->tag, p2, 8); + } return 1; case EVP_CTRL_AEAD_GET_TAG: if (p1 != 8) @@ -408,39 +440,183 @@ static int evpBeltCHET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); memCopy(p2, state->tag, 8); return 1; - case EVP_CTRL_AEAD_TLS1_AAD: + default: + return -1; + } + return 1; +} + + +/* +******************************************************************************* +Алгоритмы bash-prg-ae-tls: belt-che для TLS +******************************************************************************* +*/ + +const char OID_bash_prg_aet[] = "1.2.112.0.2.0.34.101.77.37"; +#ifndef SN_bash_prg_aet +const char SN_bash_prg_aet[] = "bash-prg-ae-tls"; +const char LN_bash_prg_aet[] = "bash-prg-ae-tls"; +#endif + +#define FLAGS_bash_prg_aet \ + (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CTRL_INIT | \ + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_CUSTOM_CIPHER | \ + EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV | EVP_CIPH_VARIABLE_LENGTH) + +static EVP_CIPHER* EVP_bash_prg_aet; +const EVP_CIPHER* evpBashPrgAET() +{ + return EVP_bash_prg_aet; +} + +typedef struct bash_prg_aet_ctx +{ + size_t d; + octet iv[16]; + octet tag[32]; + octet key[32]; + octet ann[24]; + size_t ann_len; + mem_align_t state[]; +} bash_prg_aet_ctx; + +static int evpBashPrgAET_init( + EVP_CIPHER_CTX* ctx, const octet* key, const octet* iv, int enc) +{ + bash_prg_aet_ctx* state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); + + if (!key & !iv) { - size_t len; - state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - // сохранить заголовок фрагмента - if (p1 != EVP_AEAD_TLS1_AAD_LEN) - return 0; - ASSERT(sizeof(state->aad) >= EVP_AEAD_TLS1_AAD_LEN); - memCopy(state->aad, p2, state->aad_len = EVP_AEAD_TLS1_AAD_LEN); - // определить длину фрагмента - len = state->aad[state->aad_len - 2], len <<= 8; - len += state->aad[state->aad_len - 1]; - // защита снимается? - if (!EVP_CIPHER_CTX_encrypting(ctx)) +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + int cipher_nid = EVP_CIPHER_CTX_get_nid(ctx); +#else + int cipher_nid = EVP_CIPHER_CTX_nid(ctx); +#endif + if (cipher_nid == NID_bash_prg_aet) { - // уменьшить длину фрагмента на длину явной - // синхропосылки и имитовставки - if (len < 8 + 8) - return 0; - len -= 8 + 8; + state->d = 1; } - // сохранить уточненную длину - state->aad[state->aad_len - 2] = (octet)(len >> 8); - state->aad[state->aad_len - 1] = (octet)len; - // возвратить поправку длины - return 8 + 8; + + return 1; + } + + if (key) + { + memCopy(state->key, key, 32); + } + + if (iv) + { + memCopy(state->ann, iv, 16); + } + + return 1; +} + +static int evpBashPrgAET_cipher( + EVP_CIPHER_CTX* ctx, octet* out, const octet* in, size_t len) +{ + bash_prg_aet_ctx* state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); + + if (!out && in && len == 5) + { + memCopy(state->ann, state->iv, 16); // S + memCopy(state->ann + 16, in, 5); // I + memSet(state->ann + 21, 0, 3); // 0^24 + + state->ann_len = 24; + + bashPrgStart(state->state, + 256, + state->d, + state->ann, + state->ann_len, + state->key, + 32); + + return 1; + } + + if (!in && out) + { + bashPrgSqueeze(out, 32, state->state); + memCopy(state->tag, out, 32); + return len; + } + + if (!out && in) + { + bashPrgAbsorb(in, len, state->state); + return 0; + } + + if (EVP_CIPHER_CTX_encrypting(ctx)) + { + memMove(out, in, len); + bashPrgEncr(out, len, state->state); } + else + { + memMove(out, in, len); + bashPrgDecr(out, len, state->state); + } + return (int)len; +} + +static int evpBashPrgAET_cleanup(EVP_CIPHER_CTX* ctx) +{ + blobClose(EVP_CIPHER_CTX_get_blob(ctx)); + EVP_CIPHER_CTX_set_blob(ctx, 0); + return 1; +} + +static int evpBashPrgAET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) +{ + bash_prg_aet_ctx* state; + switch (type) + { + case EVP_CTRL_INIT: + { + blob_t blob = blobCreate(sizeof(bash_prg_aet_ctx) + beltCHE_keep()); + if (blob && EVP_CIPHER_CTX_set_blob(ctx, blob)) + break; + blobClose(blob); + return 0; + } + case EVP_CTRL_COPY: + if (!EVP_CIPHER_CTX_copy_blob((EVP_CIPHER_CTX*)p2, ctx)) + return 0; + break; + case EVP_CTRL_GET_IVLEN: + *(int*)p2 = 0; + return 1; + case EVP_CTRL_AEAD_SET_IVLEN: + state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); + state->ann_len = (size_t)p1; + return 1; + case EVP_CTRL_AEAD_SET_TAG: + if (p1 != 32) + return 0; + state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); + if (p2 != NULL) + { + memCopy(state->tag, p2, 32); + } + return 1; + case EVP_CTRL_AEAD_GET_TAG: + if (p1 != 32) + return 0; + state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); + memCopy(p2, state->tag, 32); + return 1; default: return -1; } return 1; } + /* ******************************************************************************* Алгоритмы belt-ctr-tls: belt-ctr для TLS @@ -483,12 +659,12 @@ const EVP_CIPHER* evpBeltCTRT() typedef struct belt_ctrt_ctx { - octet ekey[32]; /*< ключ шифрования */ - octet mkey[32]; /*< ключ имитозащиты */ - octet iv[16]; /*< синхропосылка */ - octet aad[16]; /*< заголовок TLS */ - size_t aad_len; /*< длина заголовка TLS */ - mem_align_t state[]; /*< состояние beltCTR + beltMAC */ + octet ekey[32]; /*< ключ шифрования */ + octet mkey[32]; /*< ключ имитозащиты */ + octet iv[16]; /*< синхропосылка */ + octet aad[16]; /*< заголовок TLS */ + size_t aad_len; /*< длина заголовка TLS */ + mem_align_t state[]; /*< состояние beltCTR + beltMAC */ } belt_ctrt_ctx; static int evpBeltCTRT_init( @@ -653,6 +829,8 @@ static int evpBeltTLS_enum( *cipher = EVP_belt_chet; else if (nid == NID_belt_ctrt) *cipher = EVP_belt_ctrt; + else if (nid == NID_bash_prg_aet) + *cipher = EVP_bash_prg_aet; else if (prev_enum && prev_enum != evpBeltTLS_enum) return prev_enum(e, cipher, nids, nid); else @@ -698,6 +876,7 @@ int evpBeltTLS_bind(ENGINE* e) // зарегистрировать алгоритмы и получить nid'ы if (BELT_TLS_REG(belt_dwpt, tmp) == NID_undef || BELT_TLS_REG(belt_chet, tmp) == NID_undef || + BELT_TLS_REG(bash_prg_aet, tmp) == NID_undef || BELT_TLS_REG(belt_ctrt, tmp) == NID_undef) return 0; // создать и настроить описатели @@ -723,6 +902,17 @@ int evpBeltTLS_bind(ENGINE* e) 0, 0, evpBeltCHET_ctrl); + BELT_TLS_DESCR(bash_prg_aet, + 1, + 32, + 16, + FLAGS_bash_prg_aet, + evpBashPrgAET_init, + evpBashPrgAET_cipher, + evpBashPrgAET_cleanup, + 0, + 0, + evpBashPrgAET_ctrl); BELT_TLS_DESCR(belt_ctrt, 1, 32, @@ -740,13 +930,16 @@ int evpBeltTLS_bind(ENGINE* e) return 0; // зарегистрировать алгоритмы return ENGINE_register_ciphers(e) && EVP_add_cipher(EVP_belt_dwpt) && - EVP_add_cipher(EVP_belt_chet) && EVP_add_cipher(EVP_belt_ctrt); + EVP_add_cipher(EVP_belt_chet) && EVP_add_cipher(EVP_bash_prg_aet) && + EVP_add_cipher(EVP_belt_ctrt); } void evpBeltTLS_finish() { EVP_CIPHER_meth_free(EVP_belt_ctrt); EVP_belt_ctrt = 0; + EVP_CIPHER_meth_free(EVP_bash_prg_aet); + EVP_bash_prg_aet = 0; EVP_CIPHER_meth_free(EVP_belt_chet); EVP_belt_chet = 0; EVP_CIPHER_meth_free(EVP_belt_dwpt); diff --git a/utils/build_debian.sh b/utils/build_debian.sh index 24b79c1..6bc7bc5 100644 --- a/utils/build_debian.sh +++ b/utils/build_debian.sh @@ -169,7 +169,7 @@ patch_openssl(){ build_bee2(){ green echo "[-] build bee2" mkdir -p $build_bee2 && cd $build_bee2 - cmake -DCMAKE_BUILD_TYPE=Release \ + cmake -DCMAKE_BUILD_TYPE=Debug \ -DBUILD_PIC=ON \ -DCMAKE_INSTALL_PREFIX=$local \ -DCMAKE_INSTALL_LIBDIR=$lib_path $bee2 From 175bc82ca5f3f9082a06592791c4cc645d5add57 Mon Sep 17 00:00:00 2001 From: Yahor Laurenau Date: Tue, 9 Dec 2025 10:31:10 +0300 Subject: [PATCH 2/7] Update OpenSSL_1_1_1i patch --- new111i.patch | 304 ------------------------------------------------- server.cert | 12 -- server.sk | 4 - src/belt_tls.c | 54 +++------ test/btls.py | 52 ++++++++- test/test.py | 4 +- 6 files changed, 65 insertions(+), 365 deletions(-) delete mode 100644 new111i.patch delete mode 100644 server.cert delete mode 100644 server.sk diff --git a/new111i.patch b/new111i.patch deleted file mode 100644 index d42b507..0000000 --- a/new111i.patch +++ /dev/null @@ -1,304 +0,0 @@ -diff --git a/bee2 b/bee2 ---- a/bee2 -+++ b/bee2 -@@ -1 +1 @@ --Subproject commit fff3273aa9d020280f101a240a9989dfafb14d3a -+Subproject commit fff3273aa9d020280f101a240a9989dfafb14d3a-dirty -diff --git a/scripts/source.sh b/scripts/source.sh -index 58a6006..b19b40c 100644 ---- a/scripts/source.sh -+++ b/scripts/source.sh -@@ -22,7 +22,7 @@ usage() { - echo " -s, setup" - echo " -b, build (=bb+bo+be)" - echo " -bb, build Bee2" -- echo " -bo, build OpenSSL" -+ echo " -bo, build OpenSSL" - echo " -be, build Bee2evp" - echo " -t, test" - echo " -h, --help display this help and exit" -@@ -148,7 +148,7 @@ system_opt(){ - arch=$(uname -m) - - echo "System detection: OS=$os_name, Arch=$arch" -- -+ - case "$os_name" in - Linux) - # Linux distribution detection -@@ -165,7 +165,7 @@ system_opt(){ - ossl_config="Cygwin-$arch" - ;; - *) -- # Fallback for unknown systems -+ # Fallback for unknown systems - echo "Unknown system. Default settings are used." - ;; - esac -@@ -212,7 +212,7 @@ patch_openssl(){ - then - btls_srcs_path=$bee2evp/btls - cat $btls_srcs_path/objects.txt >> $openssl/crypto/objects/objects.txt -- else -+ else - btls_srcs_path=$bee2evp/btls/legacy - fi - cp $btls_srcs_path/btls.c ./ssl/ -@@ -223,7 +223,7 @@ patch_openssl(){ - build_bee2(){ - green echo "[-] build bee2" - mkdir -p $build_bee2 && cd $build_bee2 -- cmake -DCMAKE_BUILD_TYPE=Release \ -+ cmake -DCMAKE_BUILD_TYPE=$build_type \ - -DBUILD_PIC=ON \ - -DCMAKE_INSTALL_PREFIX=$local \ - -DCMAKE_INSTALL_LIBDIR=$lib_path $bee2 -@@ -309,15 +309,15 @@ test_bee2evp(){ - sed -e "s|$lib_path:||") - } - --setup(){ -- green echo "Setup..." -- clean -- check_prereq -- check_openssl_tag -- update_repos -- patch_openssl -- green echo "Setup ended" --} -+# setup(){ -+# green echo "Setup..." -+# clean -+# check_prereq -+# check_openssl_tag -+# update_repos -+# patch_openssl -+# green echo "Setup ended" -+# } - - build(){ - green echo "Building..." -@@ -330,6 +330,6 @@ build(){ - if $enable_bee2evp; then - build_bee2evp - attach_bee2evp -- fi -+ fi - green echo "Build ended" - } -diff --git a/src/belt_tls.c b/src/belt_tls.c -index 2513b26..48387d7 100644 ---- a/src/belt_tls.c -+++ b/src/belt_tls.c -@@ -317,50 +317,149 @@ static int evpBeltCHET_cipher( - EVP_CIPHER_CTX* ctx, octet* out, const octet* in, size_t len) - { - belt_chet_ctx* state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); -- // выполняются соглашения libssl? -- if (out != in || !state->aad_len || len < 8 + 8) -- return -1; -- // обработать явную синхропосылку -- if (EVP_CIPHER_CTX_encrypting(ctx)) -- { -- // записать синхропосылку в начало фрагмента -- memMove(out + 8, in, len); -- ASSERT(!memEq(state->aad, state->iv + 8, 8)); -- memCopy(out, state->aad, 8); -- memCopy(state->iv + 8, state->aad, 8); -+ // size_t outlen = 0; -+ int enc = EVP_CIPHER_CTX_encrypting(ctx); -+ -+ if (out == NULL) { -+ if (in) { -+ memCopy(state->aad, in, len); -+ state->aad_len = len; -+ return len; -+ } else { -+ return 0; -+ } - } -- else -- // прочитать синхропосылку из начала фрагмента -- memCopy(state->iv + 8, out, 8); -- in += 8, out += 8, len -= 8; -- // запустить шифр -- beltCHEStart(state->state, state->key, 32, state->iv); -- // обработать открытые (ассоциированные) данные -- beltCHEStepI(state->aad, state->aad_len, state->state); -- // обработать фрагмент (без имитовставки) -- len -= 8; -- if (EVP_CIPHER_CTX_encrypting(ctx)) -- { -- beltCHEStepE(out, len, state->state); -- beltCHEStepA(out, len, state->state); -- beltCHEStepG(out + len, state->state); -- len += 8 + 8; -+ -+ if (out && in) { -+ if (enc) { -+ memMove(out, in, len); -+ // memCopy(out, state->aad, 8); -+ memCopy(state->iv + 8, state->aad, 8); -+ } else { -+ memCopy(state->iv + 8, state->aad, 8); -+ } -+ -+ beltCHEStart(state->state, state->key, 32, state->iv); -+ beltCHEStepI(state->aad, state->aad_len, state->state); - } -- else -- { -- beltCHEStepA(out, len, state->state); -- if (!beltCHEStepV(out + len, state->state)) -- { -- memWipe(out, len); -- return -1; -+ -+ if (in) { -+ if (enc) { -+ beltCHEStepE(out, len, state->state); -+ beltCHEStepA(out, len, state->state); -+ beltCHEStepG(out + len, state->state); -+ memCopy(state->tag, out + len, 8); -+ // len += 8; -+ } else { -+ // beltCHEStepA(out, len, state->state); -+ // beltCHEStepA(out, len, state->state); -+ beltCHEStepA(out, len, state->state); -+ // beltCHEStepG(out + len, state->state); -+ -+ if (!beltCHEStepV(state->tag, state->state)) -+ { -+ memWipe(out, len); -+ return -1; -+ } -+ // if (!memEq(state->tag, out + len, 8)) -+ // { -+ // memWipe(out, len); -+ // return -1; -+ // } -+ -+ beltCHEStepD(out, len, state->state); -+ // memMove(out - 8, out, len); - } -- beltCHEStepD(out, len, state->state); -- memMove(out - 8, out, len); -+ return len; -+ } else { -+ // // Final. -+ // if (enc) { -+ // beltCHEStepG(out + 8 + len, state->state); -+ // memCopy(state->tag, out + 8 + len, 8); -+ // } else { -+ // if (!beltCHEStepV(out + 8 + len, state->state)) { -+ // return -1; -+ // } -+ // } -+ return 0; - } -- // число октетов, записанных в out -- return (int)len; - } - -+// static int evpBeltCHET_cipher( -+// EVP_CIPHER_CTX* ctx, octet* out, const octet* in, size_t inlen) -+// { -+// belt_chet_ctx* state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); -+// size_t outlen = 0; -+// // завершение? -+// if (!in) -+// { -+// if (EVP_CIPHER_CTX_encrypting(ctx)) -+// { -+// // вычислить и отправить имитовставку -+// beltCHEStepG(out, state->state); -+// return 8; -+// } -+// // проверить имитовставку -+// if (state->block_len != 8 || !beltCHEStepV(state->block, state->state)) -+// return -1; -+// return 0; -+// } -+// // открытые данные? -+// if (!out) -+// { -+// beltCHEStepI(in, inlen, state->state); -+// return 0; -+// } -+// // установить защиту -+// if (EVP_CIPHER_CTX_encrypting(ctx)) -+// { -+// // обработать критические данные -+// memMove(out, in, inlen); -+// beltCHEStepE(out, inlen, state->state); -+// beltCHEStepA(out, inlen, state->state); -+// outlen = inlen; -+// } -+// // снять защиту -+// else -+// { -+// // есть что обрабатывать? -+// if (state->block_len + inlen > 8) -+// { -+// // сколько всего обработать октетов -+// size_t l = state->block_len + inlen - 8; -+// // сколько обработать октетов block -+// size_t lb = MIN2(state->block_len, l); -+// // обработать октеты block -+// memCopy(out, state->block, lb); -+// beltCHEStepA(out, lb, state->state); -+// beltCHEStepD(out, lb, state->state); -+// out += lb, outlen += lb; -+// // обработать октеты in -+// memMove(out, in, l - lb); -+// beltCHEStepA(out, l - lb, state->state); -+// beltCHEStepD(out, l - lb, state->state); -+// out += l - lb, outlen += l - lb; -+// // обновить block -+// if (lb < state->block_len) -+// { -+// memMove(state->block, state->block + lb, state->block_len - lb); -+// memCopy(state->block + lb, in, 8 - state->block_len + lb); -+// } -+// else -+// memCopy(state->block, in + inlen - 8, 8); -+// state->block_len = 8; -+// } -+// // обрабатывать нечего, просто расширить блок -+// else -+// { -+// memCopy(state->block + state->block_len, in, inlen); -+// state->block_len += inlen; -+// } -+// } -+// return (int)outlen; -+// } -+ -+ - static int evpBeltCHET_cleanup(EVP_CIPHER_CTX* ctx) - { - blobClose(EVP_CIPHER_CTX_get_blob(ctx)); -@@ -400,7 +499,9 @@ static int evpBeltCHET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) - if (p1 != 8) - return 0; - state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); -- memCopy(state->tag, p2, 8); -+ if (p2 != NULL) { -+ memCopy(state->tag, p2, 8); -+ } - return 1; - case EVP_CTRL_AEAD_GET_TAG: - if (p1 != 8) -diff --git a/utils/build_debian.sh b/utils/build_debian.sh -index 24b79c1..6bc7bc5 100644 ---- a/utils/build_debian.sh -+++ b/utils/build_debian.sh -@@ -169,7 +169,7 @@ patch_openssl(){ - build_bee2(){ - green echo "[-] build bee2" - mkdir -p $build_bee2 && cd $build_bee2 -- cmake -DCMAKE_BUILD_TYPE=Release \ -+ cmake -DCMAKE_BUILD_TYPE=Debug \ - -DBUILD_PIC=ON \ - -DCMAKE_INSTALL_PREFIX=$local \ - -DCMAKE_INSTALL_LIBDIR=$lib_path $bee2 diff --git a/server.cert b/server.cert deleted file mode 100644 index c545501..0000000 --- a/server.cert +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBujCCAXSgAwIBAgIUZPYbKRdW16hFH/5Z5fPSSaSW4hgwDQYJKnAAAgAiZS0M -BQAwOTEYMBYGA1UEAwwPd3d3LmV4YW1wbGUub3JnMRAwDgYDVQQKDAdCQ3J5cHRv -MQswCQYDVQQGEwJCWTAeFw0yNTExMTcxMTIyMTZaFw0yNTEyMTcxMTIyMTZaMDkx -GDAWBgNVBAMMD3d3dy5leGFtcGxlLm9yZzEQMA4GA1UECgwHQkNyeXB0bzELMAkG -A1UEBhMCQlkwXTAYBgoqcAACACJlLQIBBgoqcAACACJlLQMBA0EA+oPMSRtkuAL+ -8l4QJzojVAhTK10dF8W7rujA22yZrAz0Ghmtg8KiymngGi90eKzabM4DVQj3hTOD -RnP+bkT0GqNTMFEwHQYDVR0OBBYEFCKU3JkXhbufnIhgmtePqO1ZLtJOMB8GA1Ud -IwQYMBaAFCKU3JkXhbufnIhgmtePqO1ZLtJOMA8GA1UdEwEB/wQFMAMBAf8wDQYJ -KnAAAgAiZS0MBQADMQChjNEtBKsTukLeCkPNdJ9fzAMkPrCun2ssnOzDIo43Lk1E -Xod6zAT1G2BiVZ+9hjc= ------END CERTIFICATE----- diff --git a/server.sk b/server.sk deleted file mode 100644 index 4620d47..0000000 --- a/server.sk +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PRIVATE KEY----- -MD8CAQAwGAYKKnAAAgAiZS0CAQYKKnAAAgAiZS0DAQQg3r7lFzAxejSFFvqc03aw -/wwPsn/9UQtd0oH68aBT1Ug= ------END PRIVATE KEY----- diff --git a/src/belt_tls.c b/src/belt_tls.c index 00aa5ed..53e6f1f 100644 --- a/src/belt_tls.c +++ b/src/belt_tls.c @@ -291,8 +291,7 @@ typedef struct belt_chet_ctx { octet key[32]; octet iv[16]; - octet aad[16]; - size_t aad_len; + octet aad[5]; octet tag[8]; mem_align_t state[]; } belt_chet_ctx; @@ -301,16 +300,16 @@ static int evpBeltCHET_init( EVP_CIPHER_CTX* ctx, const octet* key, const octet* iv, int enc) { belt_chet_ctx* state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - if (iv) - { - memCopy(state->iv, iv, 8); - memSet(state->iv + 8, 0xFF, 8); - } if (key) { memCopy(state->key, key, 32); } - state->aad_len = 0; + + if (iv) + { + memCopy(state->iv, iv, 16); + } + return 1; } @@ -320,23 +319,11 @@ static int evpBeltCHET_cipher( belt_chet_ctx* state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); int enc = EVP_CIPHER_CTX_encrypting(ctx); - // if (!out && in && len == 5) - // { - // memCopy(state->ann, state->iv, 16); // S - // memCopy(state->ann + 16, in, 5); // I - // memSet(state->ann + 21, 0, 3); // 0^24 - - // state->ann_len = 24; - - // return 1; - // } - if (out == NULL) { - if (in) + if (in && len == 5) { memCopy(state->aad, in, len); - state->aad_len = len; return len; } else @@ -350,15 +337,10 @@ static int evpBeltCHET_cipher( if (enc) { memMove(out, in, len); - memCopy(state->iv + 8, state->aad, 8); - } - else - { - memCopy(state->iv + 8, state->aad, 8); } beltCHEStart(state->state, state->key, 32, state->iv); - beltCHEStepI(state->aad, state->aad_len, state->state); + beltCHEStepI(state->aad, 5, state->state); } if (in) @@ -415,15 +397,15 @@ static int evpBeltCHET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) return 0; break; case EVP_CTRL_GET_IVLEN: - *(int*)p2 = 8; + *(int*)p2 = 16; return 1; case EVP_CTRL_AEAD_SET_IVLEN: - return p1 == 8 ? 1 : 0; + return p1 == 16 ? 1 : 0; case EVP_CTRL_AEAD_SET_IV_FIXED: - if (p1 != 8) + if (p1 != 16) return 0; state = (belt_chet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - memCopy(state->iv, p2, 8); + memCopy(state->iv, p2, 16); return 1; case EVP_CTRL_AEAD_SET_TAG: if (p1 != 8) @@ -449,7 +431,7 @@ static int evpBeltCHET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) /* ******************************************************************************* -Алгоритмы bash-prg-ae-tls: belt-che для TLS +Алгоритмы bash-prg-ae-tls: bash-prg-ae для TLS ******************************************************************************* */ @@ -589,12 +571,10 @@ static int evpBashPrgAET_ctrl(EVP_CIPHER_CTX* ctx, int type, int p1, void* p2) return 0; break; case EVP_CTRL_GET_IVLEN: - *(int*)p2 = 0; + *(int*)p2 = 16; return 1; case EVP_CTRL_AEAD_SET_IVLEN: - state = (bash_prg_aet_ctx*)EVP_CIPHER_CTX_get_blob(ctx); - state->ann_len = (size_t)p1; - return 1; + return p1 == 16 ? 1 : 0; case EVP_CTRL_AEAD_SET_TAG: if (p1 != 32) return 0; @@ -894,7 +874,7 @@ int evpBeltTLS_bind(ENGINE* e) BELT_TLS_DESCR(belt_chet, 1, 32, - 8, + 16, FLAGS_belt_chet, evpBeltCHET_init, evpBeltCHET_cipher, diff --git a/test/btls.py b/test/btls.py index 2632640..b8c91c8 100644 --- a/test/btls.py +++ b/test/btls.py @@ -22,10 +22,14 @@ def btls_issue_cert(cert, privkey): -new -key {} -nodes -out {}'.format(privkey, cert)) openssl(cmd) -def btls_server(tmpdir, suite, curve, cert, psk): +def btls_server(tmpdir, suite, is_tls13, curve, cert, psk): assert cert or psk # prepare cmd - cmd = 's_server -engine bee2evp -tls1_2 -rev' + if is_tls13: + cmd = 's_server -engine bee2evp -tls1_3 -ciphersuites {}'.format(suite) + else: + cmd = 's_server -engine bee2evp -tls1_2 -rev'.format(suite) + if cert: privkey = os.path.join(tmpdir, suite + curve + '.sk') cert = os.path.join(tmpdir, suite + curve + '.cert') @@ -43,10 +47,14 @@ def btls_server(tmpdir, suite, curve, cert, psk): global g_server g_server = openssl2(cmd) -def btls_client(tmpdir, suite, curve, cert, psk): +def btls_client(tmpdir, suite, is_tls13, curve, cert, psk): assert cert or psk # prepare cmd - cmd = 's_client -engine bee2evp -tls1_2 -cipher {}'.format(suite) + if is_tls13: + cmd = 's_client -engine bee2evp -tls1_3 -ciphersuites {}'.format(suite) + else: + cmd = 's_client -engine bee2evp -tls1_2 -cipher {}'.format(suite) + if psk: cmd = cmd + ' -psk 123456' if not cert and curve != 'NULL': @@ -62,7 +70,7 @@ def btls_client(tmpdir, suite, curve, cert, psk): echo2 = f.read() process_result('{}[{}]'.format(suite, curve), echo2[::-1]) -def btls_test(openssl_version_major): +def btls12_test(): tmpdir = tempfile.mkdtemp() ciphersuites = [ @@ -98,7 +106,7 @@ def btls_test(openssl_version_major): # run over curves for curve in curves: # prepare args - args = (tmpdir, suite, curve, cert, psk) + args = (tmpdir, suite, False, curve, cert, psk) # run server server = threading.Thread(target=btls_server, args=args) server.run() @@ -110,3 +118,35 @@ def btls_test(openssl_version_major): os.killpg(os.getpgid(g_server.pid), signal.SIGTERM) shutil.rmtree(tmpdir) + +def btls13_test(): + tmpdir = tempfile.mkdtemp() + + ciphersuites = [ + 'BTLS_BASH_PRG_AE256_BASH256', + 'BTLS_BELT_CHE256_BELT_HASH'] + + curves = [ + 'bign-curve256v1', 'bign-curve384v1', 'bign-curve512v1' + ] + + for suite in ciphersuites: + # run over curves + for curve in curves: + # prepare args + args = (tmpdir, suite, True, curve, True, False) + # run server + server = threading.Thread(target=btls_server, args=args) + server.run() + # run client + time.sleep(1) + client = threading.Thread(target=btls_client, args=args) + client.run() + # kill server + os.killpg(os.getpgid(g_server.pid), signal.SIGTERM) + + shutil.rmtree(tmpdir) + +def btls_test(): + btls12_test() + btls13_test() diff --git a/test/test.py b/test/test.py index 2cf8960..bb36301 100644 --- a/test/test.py +++ b/test/test.py @@ -34,11 +34,11 @@ def engine_test(): print(out.decode()) if __name__ == '__main__': - openssl_version_major = int(version_test()) + version_test() engine_test() bash_test() belt_test() bign_test() - btls_test(openssl_version_major) + btls_test() if fail: sys.exit(1) From 9c10a647f4ff6a5d77a0b694092a60ec241e0c6b Mon Sep 17 00:00:00 2001 From: Yahor Laurenau Date: Tue, 9 Dec 2025 11:17:18 +0300 Subject: [PATCH 3/7] Update openssl-3.3.1 patch --- btls/btls.h | 19 +++ btls/objects.txt | 1 + btls/patch/openssl-3.3.1.patch | 203 +++++++++++++++++++++++---------- 3 files changed, 161 insertions(+), 62 deletions(-) diff --git a/btls/btls.h b/btls/btls.h index 81266d0..c99ebf7 100644 --- a/btls/btls.h +++ b/btls/btls.h @@ -39,6 +39,8 @@ extern "C" { #define SSL_BELTCTR 0x02000000U #define SSL_BELTDWP 0x01000000U +#define SSL_BELTCHE 0x04000000U +#define SSL_BASHPRGAE 0x08000000U #define SSL_BELTMAC 0x00001000U #define SSL_HBELT 0x00002000U @@ -71,6 +73,11 @@ extern "C" { #define SSL_TXT_BELTCTR "BELTCTR" #define SSL_TXT_BELTMAC "BELTMAC" #define SSL_TXT_BELTDWP "BELTDWP" +#define SSL_TXT_BELTCHE "BELTCHE" +#define SSL_TXT_BASHPRGAE "BASHPRGAE" + +# define EVP_BELTCHE_TLS_TAG_LEN 8 +# define EVP_BASHPRGAE_TLS_TAG_LEN 32 /* tls1.h */ # define TLS_CT_BIGN_SIGN 231 @@ -111,6 +118,18 @@ extern "C" { # define BTLS1_TXT_DHT_PSK_BIGN_WITH_BELT_DWP_HBELT\ "DHT-PSK-BIGN-WITH-BELT-DWP-HBELT" +# define BTLS1_RFC_BELT_CHE256_BELT_HASH\ + "BTLS_BELT_CHE256_BELT_HASH" +# define BTLS1_TXT_BELT_CHE256_BELT_HASH\ + "BTLS_BELT_CHE256_BELT_HASH" +# define BTLS1_3_CK_BELT_CHE256_BELT_HASH 0x0300ff1d + +# define BTLS1_RFC_BASH_PRG_AE256_BASH256\ + "BTLS_BASH_PRG_AE256_BASH256" +# define BTLS1_TXT_BASH_PRG_AE256_BASH256\ + "BTLS_BASH_PRG_AE256_BASH256" +# define BTLS1_3_CK_BASH_PRG_AE256_BASH256 0x0300ff1e + /* t1_lib.c */ #define BIGN_CURVE256V1_ID 0x0200 diff --git a/btls/objects.txt b/btls/objects.txt index 7d82224..0ebd96c 100644 --- a/btls/objects.txt +++ b/btls/objects.txt @@ -5,6 +5,7 @@ 1 2 112 0 2 0 34 101 77 13 : bash512 : bash512 1 2 112 0 2 0 34 101 31 67 : belt-dwpt : belt-dwpt 1 2 112 0 2 0 34 101 31 68 : belt-chet : belt-chet +1 2 112 0 2 0 34 101 31 37 : bash-prg-aet : bash-prg-aet 1 2 112 0 2 0 34 101 31 44 : belt-ctrt : belt-ctrt 1 2 112 0 2 0 34 101 31 53 : belt-mac256 : belt-mac256 1 2 112 0 2 0 34 101 45 12 : bign-with-hbelt : bign-with-hbelt diff --git a/btls/patch/openssl-3.3.1.patch b/btls/patch/openssl-3.3.1.patch index 7c08076..00d9110 100644 --- a/btls/patch/openssl-3.3.1.patch +++ b/btls/patch/openssl-3.3.1.patch @@ -1,17 +1,3 @@ -diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c -index 4deee46..52233ae 100644 ---- a/crypto/pem/pem_pkey.c -+++ b/crypto/pem/pem_pkey.c -@@ -182,8 +182,7 @@ static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x, - && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { - /* Trying legacy PUBKEY decoding only if we do not want private key. */ - ret = ossl_d2i_PUBKEY_legacy(x, &p, len); -- } else if ((selection & EVP_PKEY_KEYPAIR) == 0 -- && (slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { -+ } else if ((slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { - /* Trying legacy params decoding only if we do not want a key. */ - ret = EVP_PKEY_new(); - if (ret == NULL) diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 4f076c6..c031c07 100644 --- a/include/openssl/ssl3.h @@ -38,30 +24,6 @@ index 7e3d1a7..f4fca39 100644 # if defined(SSL3_CT_NUMBER) # if TLS_CT_NUMBER != SSL3_CT_NUMBER -diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c -index f723461..b55f44f 100644 ---- a/providers/common/capabilities.c -+++ b/providers/common/capabilities.c -@@ -95,6 +95,9 @@ static const TLS_GROUP_CONSTANTS group_list[] = { - { OSSL_TLS_GROUP_ID_ffdhe4096, 128, TLS1_3_VERSION, 0, -1, -1 }, - { OSSL_TLS_GROUP_ID_ffdhe6144, 128, TLS1_3_VERSION, 0, -1, -1 }, - { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_3_VERSION, 0, -1, -1 }, -+ { 0x0200, 128, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION}, -+ { 0x0201, 192, TLS1_2_VERSION, TLS1_2_VERSION, -1, -1}, -+ { 0x0202, 256, TLS1_2_VERSION, TLS1_2_VERSION, -1, -1}, - }; - - #define TLS_GROUP_ENTRY(tlsname, realname, algorithm, idx) \ -@@ -206,6 +209,9 @@ static const OSSL_PARAM param_group_list[][10] = { - TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 36), - TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 37), - # endif -+ TLS_GROUP_ENTRY("bign-curve256v1", "bign-curve256v1", "EC", 38), -+ TLS_GROUP_ENTRY("bign-curve384v1", "bign-curve384v1", "EC", 39), -+ TLS_GROUP_ENTRY("bign-curve512v1", "bign-curve512v1", "EC", 40), - }; - #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ - diff --git a/ssl/build.info b/ssl/build.info index de28a07..4acb3bd 100644 --- a/ssl/build.info @@ -77,7 +39,7 @@ index de28a07..4acb3bd 100644 # For shared builds we need to include the libcrypto packet.c and quic_vlint.c # in libssl as well. diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 2bc5e79..ec89245 100644 +index 2bc5e79..a1967ea 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -20,6 +20,7 @@ @@ -88,7 +50,46 @@ index 2bc5e79..ec89245 100644 #define TLS13_NUM_CIPHERS OSSL_NELEM(tls13_ciphers) #define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) -@@ -3212,6 +3213,135 @@ static SSL_CIPHER ssl3_ciphers[] = { +@@ -112,7 +113,37 @@ static SSL_CIPHER tls13_ciphers[] = { + SSL_HANDSHAKE_MAC_SHA256, + 64, /* CCM8 uses a short tag, so we have a low security strength */ + 128, +- } ++ }, { ++ 1, ++ BTLS1_RFC_BELT_CHE256_BELT_HASH, ++ BTLS1_RFC_BELT_CHE256_BELT_HASH, ++ BTLS1_3_CK_BELT_CHE256_BELT_HASH, ++ SSL_kANY, ++ SSL_aANY, ++ SSL_BELTCHE, ++ SSL_AEAD, ++ TLS1_3_VERSION, TLS1_3_VERSION, ++ 0, 0, ++ SSL_HIGH, ++ SSL_HANDSHAKE_MAC_HBELT | TLS1_PRF_HBELT, ++ 256, ++ 256, ++ }, { ++ 1, ++ BTLS1_RFC_BASH_PRG_AE256_BASH256, ++ BTLS1_RFC_BASH_PRG_AE256_BASH256, ++ BTLS1_3_CK_BASH_PRG_AE256_BASH256, ++ SSL_kANY, ++ SSL_aANY, ++ SSL_BASHPRGAE, ++ SSL_AEAD, ++ TLS1_3_VERSION, TLS1_3_VERSION, ++ 0, 0, ++ SSL_HIGH, ++ SSL_HANDSHAKE_MAC_HBELT | TLS1_PRF_HBELT, ++ 256, ++ 256, ++ } + }; + + /* +@@ -3212,6 +3243,135 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, @@ -224,7 +225,7 @@ index 2bc5e79..ec89245 100644 }; /* -@@ -4400,7 +4530,10 @@ int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt) +@@ -4400,7 +4560,10 @@ int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt) || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_512_SIGN)) return 0; #endif @@ -257,7 +258,7 @@ index e4dc806..78b1fe1 100644 + {NID_bign_pubkey, SSL_aBIGN} /* SSL_PKEY_BIGN */ }; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index ddde21b..760db92 100644 +index ddde21b..904cfa6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -21,6 +21,7 @@ @@ -268,16 +269,18 @@ index ddde21b..760db92 100644 /* NB: make sure indices in these tables match values above */ -@@ -55,6 +56,8 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { +@@ -55,6 +56,10 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ {SSL_MAGMA, NID_magma_ctr_acpkm}, /* SSL_ENC_MAGMA_IDX */ {SSL_KUZNYECHIK, NID_kuznyechik_ctr_acpkm}, /* SSL_ENC_KUZNYECHIK_IDX */ + {SSL_BELTDWP, NID_belt_dwpt}, /* SSL_ENC_BELTDWP_IDX 24 */ + {SSL_BELTCTR, NID_belt_ctrt}, /* SSL_ENC_BELTCTR_IDX 25 */ ++ {SSL_BELTCHE, NID_belt_chet}, ++ {SSL_BASHPRGAE, NID_bash_prg_aet} }; #define SSL_COMP_NULL_IDX 0 -@@ -80,9 +83,13 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { +@@ -80,9 +85,13 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ @@ -293,7 +296,7 @@ index ddde21b..760db92 100644 }; /* *INDENT-OFF* */ -@@ -97,7 +104,11 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { +@@ -97,7 +106,11 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { {SSL_kSRP, NID_kx_srp}, {SSL_kGOST, NID_kx_gost}, {SSL_kGOST18, NID_kx_gost18}, @@ -306,7 +309,7 @@ index ddde21b..760db92 100644 }; static const ssl_cipher_table ssl_cipher_table_auth[] = { -@@ -109,7 +120,7 @@ static const ssl_cipher_table ssl_cipher_table_auth[] = { +@@ -109,7 +122,7 @@ static const ssl_cipher_table ssl_cipher_table_auth[] = { {SSL_aGOST12, NID_auth_gost12}, {SSL_aSRP, NID_auth_srp}, {SSL_aNULL, NID_auth_null}, @@ -315,7 +318,7 @@ index ddde21b..760db92 100644 }; /* *INDENT-ON* */ -@@ -141,7 +152,9 @@ static const int default_mac_pkey_id[SSL_MD_NUM_IDX] = { +@@ -141,7 +154,9 @@ static const int default_mac_pkey_id[SSL_MD_NUM_IDX] = { /* GOST2012_512 */ EVP_PKEY_HMAC, /* MD5/SHA1, SHA224, SHA512, MAGMAOMAC, KUZNYECHIKOMAC */ @@ -326,7 +329,7 @@ index ddde21b..760db92 100644 }; #define CIPHER_ADD 1 -@@ -196,6 +209,10 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -196,6 +211,10 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP}, {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST}, {0, SSL_TXT_kGOST18, NULL, 0, SSL_kGOST18}, @@ -337,7 +340,7 @@ index ddde21b..760db92 100644 /* server authentication aliases */ {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA}, -@@ -209,6 +226,7 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -209,6 +228,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12}, {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12}, {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP}, @@ -345,16 +348,18 @@ index ddde21b..760db92 100644 /* aliases combining key exchange and server authentication */ {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL}, -@@ -251,6 +269,8 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -251,6 +271,10 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM}, {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM}, {0, SSL_TXT_CBC, NULL, 0, 0, 0, SSL_CBC}, + {0, SSL_TXT_BELTDWP, NULL, 0, 0, 0, SSL_BELTDWP}, + {0, SSL_TXT_BELTCTR, NULL, 0, 0, 0, SSL_BELTCTR}, ++ {0, SSL_TXT_BELTCHE, NULL, 0, 0, 0, SSL_BELTCHE}, ++ {0, SSL_TXT_BASHPRGAE, NULL, 0, 0, 0, SSL_BASHPRGAE}, /* MAC aliases */ {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5}, -@@ -261,6 +281,7 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -261,6 +285,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256}, {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384}, {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256}, @@ -362,7 +367,7 @@ index ddde21b..760db92 100644 /* protocol version aliases */ {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION}, -@@ -442,6 +463,18 @@ int ssl_load_ciphers(SSL_CTX *ctx) +@@ -442,6 +467,18 @@ int ssl_load_ciphers(SSL_CTX *ctx) if ((ctx->disabled_auth_mask & SSL_aGOST12) == SSL_aGOST12) ctx->disabled_mkey_mask |= SSL_kGOST18; @@ -381,7 +386,7 @@ index ddde21b..760db92 100644 return 1; } -@@ -1756,6 +1789,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1756,6 +1793,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kGOST18: kx = "GOST18"; break; @@ -400,7 +405,7 @@ index ddde21b..760db92 100644 case SSL_kANY: kx = "any"; break; -@@ -1789,6 +1834,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1789,6 +1838,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case (SSL_aGOST12 | SSL_aGOST01): au = "GOST12"; break; @@ -410,7 +415,7 @@ index ddde21b..760db92 100644 case SSL_aANY: au = "any"; break; -@@ -1868,6 +1916,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1868,6 +1920,18 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_CHACHA20POLY1305: enc = "CHACHA20/POLY1305(256)"; break; @@ -419,11 +424,17 @@ index ddde21b..760db92 100644 + break; + case SSL_BELTDWP: + enc = "BELTDWP"; ++ break; ++ case SSL_BELTCHE: ++ enc = "BELCHE"; ++ break; ++ case SSL_BASHPRGAE: ++ enc = "BASHPRGAE"; + break; default: enc = "unknown"; break; -@@ -1900,6 +1954,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1900,6 +1964,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_GOST12_512: mac = "GOST2012"; break; @@ -491,7 +502,7 @@ index 5ec6ac4..ae16116 100644 mask_k |= SSL_kPSK; mask_a |= SSL_aPSK; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h -index f448cfd..3d4cff3 100644 +index f448cfd..02be6fc 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -38,6 +38,7 @@ @@ -543,7 +554,7 @@ index f448cfd..3d4cff3 100644 # define SSL_ENC_MAGMA_IDX 22 # define SSL_ENC_KUZNYECHIK_IDX 23 -# define SSL_ENC_NUM_IDX 24 -+# define SSL_ENC_NUM_IDX 26 ++# define SSL_ENC_NUM_IDX 28 /*- * SSL_kRSA <- RSA_ENC @@ -714,7 +725,7 @@ index 5ff479a..e3c05b7 100644 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_CIPHER_TYPE); goto err; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index e9aa078..c5c9734 100644 +index e9aa078..1d2417f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -26,6 +26,7 @@ @@ -807,10 +818,10 @@ index e9aa078..c5c9734 100644 mdname = OBJ_nid2sn(sig->hash); supported = EVP_PKEY_digestsign_supports_digest(pkey, sctx->libctx, diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c -index 29dce65..4441511 100644 +index 29dce65..a034917 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c -@@ -449,6 +449,14 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { +@@ -449,6 +449,16 @@ static const ssl_trace_tbl ssl_ciphers_tbl[] = { {0xC100, "GOST2012-KUZNYECHIK-KUZNYECHIKOMAC"}, {0xC101, "GOST2012-MAGMA-MAGMAOMAC"}, {0xC102, "GOST2012-GOST8912-IANA"}, @@ -822,10 +833,12 @@ index 29dce65..4441511 100644 + {0xFF1A, "BDHE-PSK-BIGN_WITH-BELT-DWP-HBELT"}, + {0xFF1B, "BDHT-PSK-BIGN_WITH-BELT-CTR-MAC-HBELT"}, + {0xFF1C, "BDHT-PSK-BIGN_WITH-BELT-DWP-HBELT"}, ++ {0xFF1D, "BELT-CHE256-BELT-HASH"}, ++ {0xFF1E, "BASH-PRG_AE256-BASH256"}, }; /* Compression methods */ -@@ -597,6 +605,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { +@@ -597,6 +607,9 @@ static const ssl_trace_tbl ssl_sigalg_tbl[] = { {TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256, "ecdsa_brainpoolP256r1_sha256"}, {TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384, "ecdsa_brainpoolP384r1_sha384"}, {TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512, "ecdsa_brainpoolP512r1_sha512"}, @@ -835,3 +848,69 @@ index 29dce65..4441511 100644 }; static const ssl_trace_tbl ssl_ctype_tbl[] = { +diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c +index 772a6fc..11199ca 100644 +--- a/ssl/tls13_enc.c ++++ b/ssl/tls13_enc.c +@@ -347,6 +347,7 @@ static int derive_secret_key_and_iv(SSL_CONNECTION *s, const EVP_MD *md, + int hashleni = EVP_MD_get_size(md); + size_t hashlen; + int mode; ++ uint32_t algenc; + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { +@@ -363,33 +364,36 @@ static int derive_secret_key_and_iv(SSL_CONNECTION *s, const EVP_MD *md, + + *keylen = EVP_CIPHER_get_key_length(ciph); + ++ *ivlen = EVP_CCM_TLS_IV_LEN; ++ if (s->s3.tmp.new_cipher != NULL) { ++ algenc = s->s3.tmp.new_cipher->algorithm_enc; ++ } else if (s->session->cipher != NULL) { ++ /* We've not selected a cipher yet - we must be doing early data */ ++ algenc = s->session->cipher->algorithm_enc; ++ } else if (s->psksession != NULL && s->psksession->cipher != NULL) { ++ /* We must be doing early data with out-of-band PSK */ ++ algenc = s->psksession->cipher->algorithm_enc; ++ } else { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); ++ return 0; ++ } ++ + mode = EVP_CIPHER_get_mode(ciph); + if (mode == EVP_CIPH_CCM_MODE) { +- uint32_t algenc; +- +- *ivlen = EVP_CCM_TLS_IV_LEN; +- if (s->s3.tmp.new_cipher != NULL) { +- algenc = s->s3.tmp.new_cipher->algorithm_enc; +- } else if (s->session->cipher != NULL) { +- /* We've not selected a cipher yet - we must be doing early data */ +- algenc = s->session->cipher->algorithm_enc; +- } else if (s->psksession != NULL && s->psksession->cipher != NULL) { +- /* We must be doing early data with out-of-band PSK */ +- algenc = s->psksession->cipher->algorithm_enc; +- } else { +- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); +- return 0; +- } + if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) + *taglen = EVP_CCM8_TLS_TAG_LEN; +- else ++ else + *taglen = EVP_CCM_TLS_TAG_LEN; + } else { + int iivlen; + + if (mode == EVP_CIPH_GCM_MODE) { + *taglen = EVP_GCM_TLS_TAG_LEN; +- } else { ++ } else if (algenc & SSL_BELTCHE) { ++ *taglen = EVP_BELTCHE_TLS_TAG_LEN; ++ } else if (algenc & SSL_BASHPRGAE) { ++ *taglen = EVP_BASHPRGAE_TLS_TAG_LEN; ++ } else { + /* CHACHA20P-POLY1305 */ + *taglen = EVP_CHACHAPOLY_TLS_TAG_LEN; + } From 85f704ab32437763fa8167251a43e921ea11ca08 Mon Sep 17 00:00:00 2001 From: Yahor Laurenau Date: Tue, 9 Dec 2025 12:17:46 +0300 Subject: [PATCH 4/7] Remove unused utils --- utils/build_debian.sh | 288 ------------------------------------------ 1 file changed, 288 deletions(-) delete mode 100644 utils/build_debian.sh diff --git a/utils/build_debian.sh b/utils/build_debian.sh deleted file mode 100644 index 6bc7bc5..0000000 --- a/utils/build_debian.sh +++ /dev/null @@ -1,288 +0,0 @@ -#!/bin/bash -# ***************************************************************************** -# \file source.sh -# \project bee2evp [EVP-interfaces over bee2 / engine of OpenSSL] -# \brief Reusable script code -# \created 2025.10.06 -# \version 2025.10.06 -# \copyright The Bee2evp authors -# \license Licensed under the Apache License, Version 2.0 (see LICENSE.txt). -# ***************************************************************************** -set -eo pipefail - -green () { printf "\e[32m" ; $@ ; printf "\e[0m"; } -red () { printf "\e[31m" ; $@ ; printf "\e[0m"; } - -cd "$( dirname "${BASH_SOURCE[0]}" )" - -usage() { - echo "Usage: $0 [OPTIONS] " - echo "Build bee2evp for debian based distributions:" - echo "" - echo " --build-type build type: |Debug|Release|Coverage|" - echo " -d, --debug enable debug mode" - echo " -s, setup" - echo " -b, build" - echo " -t, test" - echo " -h, --help display this help and exit" - exit 1 -} - -build_type=Release -bee2evp=$(pwd)/.. -build_root=$bee2evp/build -bee2=$bee2evp/bee2 -openssl=$bee2evp/openssl -build_bee2evp=$build_root/bee2evp -build_bee2=$build_root/bee2 -build_openssl=$build_root/openssl -local=${BEE2EVP_INSTALL_DIR:-$build_root/local} -lib_path=$local/lib -is_openssl_3=false -openssl_git_url=https://github.com/openssl/openssl.git -btls_srcs_path=$bee2evp/btls/legacy -enable_setup=false -enable_build=false -enable_test=false - -openssl_tag="" - -while [[ $# -gt 0 ]]; do - case $1 in - --build-type=*) - build_type="${1#*=}" - case "$build_type" in - Debug|Release|Coverage) - # Valid value, continue - ;; - *) - echo "received build type: $build_type" - red echo "error: --build-type must be one of: Release, Debug, Coverage" - exit 1 - ;; - esac - shift - ;; - -d|--debug) - build_type=Debug - shift - ;; - -s) - enable_setup=true - shift - ;; - -b) - enable_build=true - shift - ;; - -t) - enable_test=true - shift - ;; - -h|--help) - usage - ;; - -*) - red echo "invalid option -- $1" >&2 - usage - ;; - *) - if [[ ! -z "$1" ]]; then - openssl_tag="$1" - shift - else - usage - fi - ;; - esac -done - -if [[ -z "$openssl_tag" ]]; then - red echo "openssl tag name is required" >&2 - usage -fi - -echo "build_type=$build_type" -echo "openssl_tag=$openssl_tag" - -clean(){ - green echo "[-] clean build files..." - rm -rf $build_root - rm -rf $openssl -} - -check_prereq(){ - set +e - green echo "[-] check prereq" - for package in git gcc cmake python3 - do - which $package &> /dev/null - if [ $? -ne 0 ]; then - set -e - red echo "$package not installed" - exit 1 - fi - done - set -e - export GIT_REDIRECT_STDERR='2>&1' -} - -# Check openssl major version -is_openssl_3() { - if [[ "$openssl_tag" =~ .*[-_]([0-9]).* ]]; - then - openssl_major_version="${BASH_REMATCH[1]}" - fi - - if [[ "$openssl_major_version" = "3" ]]; - then - lib_path=$local/lib64 - is_openssl_3=true - btls_srcs_path=$bee2evp/btls - fi -} - -# Check if openssl tag exist. -check_openssl_tag(){ - green echo "[-] check openssl tag" - git ls-remote $openssl_git_url refs/tags/$openssl_tag -} - -update_repos(){ - green echo "[-] update repos" - git submodule update --init - git clone -b $openssl_tag --depth 1 $openssl_git_url $openssl -} - -patch_openssl(){ - green echo "[-] patch openssl" - cd $openssl - if $is_openssl_3; - then - cat $btls_srcs_path/objects.txt >> $openssl/crypto/objects/objects.txt - fi - cp $btls_srcs_path/btls.c ./ssl/ - cp $btls_srcs_path/btls.h ./ssl/ - git apply $bee2evp/btls/patch/$openssl_tag.patch -} - -build_bee2(){ - green echo "[-] build bee2" - mkdir -p $build_bee2 && cd $build_bee2 - cmake -DCMAKE_BUILD_TYPE=Debug \ - -DBUILD_PIC=ON \ - -DCMAKE_INSTALL_PREFIX=$local \ - -DCMAKE_INSTALL_LIBDIR=$lib_path $bee2 - make -j$(nproc) && make install - ls -la $lib_path/libbee2_static.a -} - -build_openssl(){ - green echo "[-] build openssl" - mkdir -p $build_openssl && cd $build_openssl - if [[ "$build_type" -eq "Debug" ]]; then - $openssl/config shared -d --prefix=$local --openssldir=$local - else - $openssl/config shared --prefix=$local --openssldir=$local - fi - - if $is_openssl_3; - then - make update - fi - make -j$(nproc) all - make install > build.log 2>&1 || (cat build.log && exit 1) - ls -la $lib_path/libcrypto.a - ls -la $lib_path/libssl.a - ls -la $lib_path/libcrypto.so - ls -la $lib_path/libssl.so - ls -la $local/bin/openssl -} - -build_bee2evp(){ - green echo "[-] build bee2evp" - mkdir -p $build_bee2evp && cd $build_bee2evp - cmake -DCMAKE_BUILD_TYPE=$build_type \ - -DBUILD_DOC=OFF \ - -DBEE2_LIBRARY_DIRS=$lib_path \ - -DBEE2_INCLUDE_DIRS=$local/include \ - -DOPENSSL_LIBRARY_DIRS=$lib_path \ - -DOPENSSL_INCLUDE_DIRS=$local/include \ - -DCMAKE_INSTALL_LIBDIR=$lib_path \ - -DCMAKE_INSTALL_PREFIX=$local $bee2evp - make -j$(nproc) && make install - ls -la $lib_path/libbee2evp.so -} - -attach_bee2evp(){ - green echo "[-] attach bee2evp" - cp $local/openssl.cnf.dist $local/openssl.cnf - if $is_openssl_3; - then - sed -i "/providers = provider\_sect/a engines = engine_sect\ -\n\n[ engine_sect]\ -\nbee2evp = bee2evp_section\ -\n\n[ bee2evp_section ]\ -\nengine_id = bee2evp\ -\ndynamic_path = $lib_path/libbee2evp.so\ -\ndefault_algorithms = ALL" $local/openssl.cnf - else - sed -i "/\[ new\_oids \]/i openssl_conf = openssl_init\ -\n[ openssl_init ]\ -\nengines = engine_section\ -\n[ engine_section ]\ -\nbee2evp = bee2evp_section\ -\n[ bee2evp_section ]\ -\nengine_id = bee2evp\ -\ndynamic_path = $lib_path/libbee2evp.so\ -\ndefault_algorithms = ALL\ -\n" $local/openssl.cnf - fi -} - -test_bee2evp(){ - cd $local || exit - cp -a $bee2evp/test/. . - export PATH=$local/bin:$PATH - export OPENSSL_CONF=$local/openssl.cnf - export LD_LIBRARY_PATH="$lib_path:${LD_LIBRARY_PATH}" - green echo "[-] test evp" - $build_bee2evp/test/testb2e - green echo "[-] test bee2evp" - python3 test.py - export LD_LIBRARY_PATH=$(echo "$LD_LIBRARY_PATH" | \ - sed -e "s|$lib_path:||") -} - -setup(){ - green echo "Setup..." - clean - check_prereq - check_openssl_tag - update_repos - patch_openssl - green echo "Setup ended" -} - -build(){ - green echo "Building..." - build_bee2 - build_openssl - build_bee2evp - attach_bee2evp - green echo "Build ended" -} - -is_openssl_3 - -if $enable_setup; then - setup -fi - -if $enable_build; then - build -fi - -if $enable_test; then - test_bee2evp -fi From b01d2afedad6175189b01ef6e37b626b23e7a556 Mon Sep 17 00:00:00 2001 From: Yahor Laurenau Date: Tue, 9 Dec 2025 14:01:39 +0300 Subject: [PATCH 5/7] --wip-- --- test/btls.py | 13 +++++++------ test/test.py | 6 +++--- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/test/btls.py b/test/btls.py index b8c91c8..64eedca 100644 --- a/test/btls.py +++ b/test/btls.py @@ -42,7 +42,7 @@ def btls_server(tmpdir, suite, is_tls13, curve, cert, psk): cmd = cmd + ' -psk 123456 -psk_hint 123' # prepare output output = os.path.join(tmpdir, suite + curve + '.srv') - cmd = cmd + ' >{}'.format(output) + # cmd = cmd + ' >{}'.format(output) # start server global g_server g_server = openssl2(cmd) @@ -61,14 +61,15 @@ def btls_client(tmpdir, suite, is_tls13, curve, cert, psk): cmd = cmd + ' -curves {}'.format(curve) # prepare output output = os.path.join(tmpdir, suite + curve + '.cli') - cmd = cmd + ' >{}'.format(output) + # cmd = cmd + ' >{}'.format(output) # run cmd echo = 'test_{}={}'.format(curve, suite) - openssl(cmd, prefix='(echo ' + echo + '; sleep 1) |') + retcode, out, err_out = openssl(cmd, prefix='(echo ' + echo + '; sleep 1) |') + print(out, err_out) # test if server returns the reversed initial string - with open(output, 'r') as f: - echo2 = f.read() - process_result('{}[{}]'.format(suite, curve), echo2[::-1]) + # with open(output, 'r') as f: + # echo2 = f.read() + # process_result('{}[{}]'.format(suite, curve), echo2[::-1]) def btls12_test(): tmpdir = tempfile.mkdtemp() diff --git a/test/test.py b/test/test.py index bb36301..ae894dd 100644 --- a/test/test.py +++ b/test/test.py @@ -36,9 +36,9 @@ def engine_test(): if __name__ == '__main__': version_test() engine_test() - bash_test() - belt_test() - bign_test() + # bash_test() + # belt_test() + # bign_test() btls_test() if fail: sys.exit(1) From 9d0d74b0f47ab0ada7d795930111c1f72bf499b9 Mon Sep 17 00:00:00 2001 From: Yahor Laurenau Date: Wed, 10 Dec 2025 09:39:07 +0300 Subject: [PATCH 6/7] Restore prm_pkey patch --- btls/patch/openssl-3.3.1.patch | 38 ++++++++++++++++++++++++++++++++++ test/btls.py | 14 ++++++------- test/test.py | 6 +++--- 3 files changed, 48 insertions(+), 10 deletions(-) diff --git a/btls/patch/openssl-3.3.1.patch b/btls/patch/openssl-3.3.1.patch index 00d9110..87d480b 100644 --- a/btls/patch/openssl-3.3.1.patch +++ b/btls/patch/openssl-3.3.1.patch @@ -1,3 +1,17 @@ +diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c +index 4deee46..52233ae 100644 +--- a/crypto/pem/pem_pkey.c ++++ b/crypto/pem/pem_pkey.c +@@ -182,8 +182,7 @@ static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x, + && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + /* Trying legacy PUBKEY decoding only if we do not want private key. */ + ret = ossl_d2i_PUBKEY_legacy(x, &p, len); +- } else if ((selection & EVP_PKEY_KEYPAIR) == 0 +- && (slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { ++ } else if ((slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { + /* Trying legacy params decoding only if we do not want a key. */ + ret = EVP_PKEY_new(); + if (ret == NULL) diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 4f076c6..c031c07 100644 --- a/include/openssl/ssl3.h @@ -24,6 +38,30 @@ index 7e3d1a7..f4fca39 100644 # if defined(SSL3_CT_NUMBER) # if TLS_CT_NUMBER != SSL3_CT_NUMBER + diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c +index f723461..b55f44f 100644 +--- a/providers/common/capabilities.c ++++ b/providers/common/capabilities.c +@@ -95,6 +95,9 @@ static const TLS_GROUP_CONSTANTS group_list[] = { + { OSSL_TLS_GROUP_ID_ffdhe4096, 128, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe6144, 128, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_3_VERSION, 0, -1, -1 }, ++ { 0x0200, 128, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_VERSION, DTLS1_2_VERSION}, ++ { 0x0201, 192, TLS1_2_VERSION, TLS1_2_VERSION, -1, -1}, ++ { 0x0202, 256, TLS1_2_VERSION, TLS1_2_VERSION, -1, -1}, + }; + + #define TLS_GROUP_ENTRY(tlsname, realname, algorithm, idx) \ +@@ -206,6 +209,9 @@ static const OSSL_PARAM param_group_list[][10] = { + TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 36), + TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 37), + # endif ++ TLS_GROUP_ENTRY("bign-curve256v1", "bign-curve256v1", "EC", 38), ++ TLS_GROUP_ENTRY("bign-curve384v1", "bign-curve384v1", "EC", 39), ++ TLS_GROUP_ENTRY("bign-curve512v1", "bign-curve512v1", "EC", 40), + }; + #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ + diff --git a/ssl/build.info b/ssl/build.info index de28a07..4acb3bd 100644 --- a/ssl/build.info diff --git a/test/btls.py b/test/btls.py index 64eedca..30df7d5 100644 --- a/test/btls.py +++ b/test/btls.py @@ -42,7 +42,7 @@ def btls_server(tmpdir, suite, is_tls13, curve, cert, psk): cmd = cmd + ' -psk 123456 -psk_hint 123' # prepare output output = os.path.join(tmpdir, suite + curve + '.srv') - # cmd = cmd + ' >{}'.format(output) + cmd = cmd + ' >{}'.format(output) # start server global g_server g_server = openssl2(cmd) @@ -61,15 +61,15 @@ def btls_client(tmpdir, suite, is_tls13, curve, cert, psk): cmd = cmd + ' -curves {}'.format(curve) # prepare output output = os.path.join(tmpdir, suite + curve + '.cli') - # cmd = cmd + ' >{}'.format(output) + cmd = cmd + ' >{}'.format(output) # run cmd echo = 'test_{}={}'.format(curve, suite) - retcode, out, err_out = openssl(cmd, prefix='(echo ' + echo + '; sleep 1) |') - print(out, err_out) + openssl(cmd, prefix='(echo ' + echo + '; sleep 1) |') + # print(out, err_out) # test if server returns the reversed initial string - # with open(output, 'r') as f: - # echo2 = f.read() - # process_result('{}[{}]'.format(suite, curve), echo2[::-1]) + with open(output, 'r') as f: + echo2 = f.read() + process_result('{}[{}]'.format(suite, curve), echo2[::-1]) def btls12_test(): tmpdir = tempfile.mkdtemp() diff --git a/test/test.py b/test/test.py index ae894dd..bb36301 100644 --- a/test/test.py +++ b/test/test.py @@ -36,9 +36,9 @@ def engine_test(): if __name__ == '__main__': version_test() engine_test() - # bash_test() - # belt_test() - # bign_test() + bash_test() + belt_test() + bign_test() btls_test() if fail: sys.exit(1) From c0539b6d87085be603423c915a60c5c842c594ac Mon Sep 17 00:00:00 2001 From: Yahor Laurenau Date: Wed, 10 Dec 2025 09:58:11 +0300 Subject: [PATCH 7/7] Add -rev for tls13 in tests. --- test/btls.py | 51 ++++++++++++++------------------------------------- 1 file changed, 14 insertions(+), 37 deletions(-) diff --git a/test/btls.py b/test/btls.py index 30df7d5..d038231 100644 --- a/test/btls.py +++ b/test/btls.py @@ -26,7 +26,7 @@ def btls_server(tmpdir, suite, is_tls13, curve, cert, psk): assert cert or psk # prepare cmd if is_tls13: - cmd = 's_server -engine bee2evp -tls1_3 -ciphersuites {}'.format(suite) + cmd = 's_server -engine bee2evp -tls1_3 -ciphersuites {} -rev'.format(suite) else: cmd = 's_server -engine bee2evp -tls1_2 -rev'.format(suite) @@ -65,15 +65,18 @@ def btls_client(tmpdir, suite, is_tls13, curve, cert, psk): # run cmd echo = 'test_{}={}'.format(curve, suite) openssl(cmd, prefix='(echo ' + echo + '; sleep 1) |') - # print(out, err_out) # test if server returns the reversed initial string with open(output, 'r') as f: echo2 = f.read() process_result('{}[{}]'.format(suite, curve), echo2[::-1]) -def btls12_test(): +def btls_test(): tmpdir = tempfile.mkdtemp() + tls13_ciphersuites = [ + 'BTLS_BASH_PRG_AE256_BASH256', + 'BTLS_BELT_CHE256_BELT_HASH'] + ciphersuites = [ 'DHE-BIGN-WITH-BELT-DWP-HBELT', 'DHE-BIGN-WITH-BELT-CTR-MAC-HBELT', @@ -82,7 +85,10 @@ def btls12_test(): 'DHE-PSK-BIGN-WITH-BELT-DWP-HBELT', 'DHE-PSK-BIGN-WITH-BELT-CTR-MAC-HBELT', 'DHT-PSK-BIGN-WITH-BELT-DWP-HBELT', - 'DHT-PSK-BIGN-WITH-BELT-CTR-MAC-HBELT'] + 'DHT-PSK-BIGN-WITH-BELT-CTR-MAC-HBELT', + 'BTLS_BASH_PRG_AE256_BASH256', + 'BTLS_BELT_CHE256_BELT_HASH'] + curves_shortlist = [ 'bign-curve256v1', 'bign-curve384v1', 'bign-curve512v1' @@ -107,7 +113,10 @@ def btls12_test(): # run over curves for curve in curves: # prepare args - args = (tmpdir, suite, False, curve, cert, psk) + if suite in tls13_ciphersuites: + args = (tmpdir, suite, True, curve, True, False) + else: + args = (tmpdir, suite, False, curve, cert, psk) # run server server = threading.Thread(target=btls_server, args=args) server.run() @@ -119,35 +128,3 @@ def btls12_test(): os.killpg(os.getpgid(g_server.pid), signal.SIGTERM) shutil.rmtree(tmpdir) - -def btls13_test(): - tmpdir = tempfile.mkdtemp() - - ciphersuites = [ - 'BTLS_BASH_PRG_AE256_BASH256', - 'BTLS_BELT_CHE256_BELT_HASH'] - - curves = [ - 'bign-curve256v1', 'bign-curve384v1', 'bign-curve512v1' - ] - - for suite in ciphersuites: - # run over curves - for curve in curves: - # prepare args - args = (tmpdir, suite, True, curve, True, False) - # run server - server = threading.Thread(target=btls_server, args=args) - server.run() - # run client - time.sleep(1) - client = threading.Thread(target=btls_client, args=args) - client.run() - # kill server - os.killpg(os.getpgid(g_server.pid), signal.SIGTERM) - - shutil.rmtree(tmpdir) - -def btls_test(): - btls12_test() - btls13_test()