diff options
| author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
| commit | f4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch) | |
| tree | 211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/gtests/ssl_gtest/tls_protect.cc | |
| parent | f7d30133221896638f7bf4f66c504255c4b14f48 (diff) | |
| download | UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.lz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.xz UXP-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.zip | |
Issue #1338 - Part 2: Update NSS to 3.48-RTM
Diffstat (limited to 'security/nss/gtests/ssl_gtest/tls_protect.cc')
| -rw-r--r-- | security/nss/gtests/ssl_gtest/tls_protect.cc | 179 |
1 files changed, 66 insertions, 113 deletions
diff --git a/security/nss/gtests/ssl_gtest/tls_protect.cc b/security/nss/gtests/ssl_gtest/tls_protect.cc index c715a36a6..de91982f7 100644 --- a/security/nss/gtests/ssl_gtest/tls_protect.cc +++ b/security/nss/gtests/ssl_gtest/tls_protect.cc @@ -5,145 +5,98 @@ * You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "tls_protect.h" +#include "sslproto.h" #include "tls_filter.h" namespace nss_test { -AeadCipher::~AeadCipher() { - if (key_) { - PK11_FreeSymKey(key_); +static uint64_t FirstSeqno(bool dtls, uint16_t epoc) { + if (dtls) { + return static_cast<uint64_t>(epoc) << 48; } + return 0; } -bool AeadCipher::Init(PK11SymKey *key, const uint8_t *iv) { - key_ = PK11_ReferenceSymKey(key); - if (!key_) return false; - - memcpy(iv_, iv, sizeof(iv_)); - return true; -} - -void AeadCipher::FormatNonce(uint64_t seq, uint8_t *nonce) { - memcpy(nonce, iv_, 12); - - for (size_t i = 0; i < 8; ++i) { - nonce[12 - (i + 1)] ^= seq & 0xff; - seq >>= 8; +TlsCipherSpec::TlsCipherSpec(bool dtls, uint16_t epoc) + : dtls_(dtls), + epoch_(epoc), + in_seqno_(FirstSeqno(dtls, epoc)), + out_seqno_(FirstSeqno(dtls, epoc)) {} + +bool TlsCipherSpec::SetKeys(SSLCipherSuiteInfo* cipherinfo, + PK11SymKey* secret) { + SSLAeadContext* ctx; + SECStatus rv = SSL_MakeAead(SSL_LIBRARY_VERSION_TLS_1_3, + cipherinfo->cipherSuite, secret, "", + 0, // Use the default labels. + &ctx); + if (rv != SECSuccess) { + return false; } - - DataBuffer d(nonce, 12); -} - -bool AeadCipher::AeadInner(bool decrypt, void *params, size_t param_length, - const uint8_t *in, size_t inlen, uint8_t *out, - size_t *outlen, size_t maxlen) { - SECStatus rv; - unsigned int uoutlen = 0; - SECItem param = { - siBuffer, static_cast<unsigned char *>(params), - static_cast<unsigned int>(param_length), - }; - - if (decrypt) { - rv = PK11_Decrypt(key_, mech_, ¶m, out, &uoutlen, maxlen, in, inlen); - } else { - rv = PK11_Encrypt(key_, mech_, ¶m, out, &uoutlen, maxlen, in, inlen); - } - *outlen = (int)uoutlen; - - return rv == SECSuccess; -} - -bool AeadCipherAesGcm::Aead(bool decrypt, const uint8_t *hdr, size_t hdr_len, - uint64_t seq, const uint8_t *in, size_t inlen, - uint8_t *out, size_t *outlen, size_t maxlen) { - CK_GCM_PARAMS aeadParams; - unsigned char nonce[12]; - - memset(&aeadParams, 0, sizeof(aeadParams)); - aeadParams.pIv = nonce; - aeadParams.ulIvLen = sizeof(nonce); - aeadParams.pAAD = const_cast<uint8_t *>(hdr); - aeadParams.ulAADLen = hdr_len; - aeadParams.ulTagBits = 128; - - FormatNonce(seq, nonce); - return AeadInner(decrypt, (unsigned char *)&aeadParams, sizeof(aeadParams), - in, inlen, out, outlen, maxlen); -} - -bool AeadCipherChacha20Poly1305::Aead(bool decrypt, const uint8_t *hdr, - size_t hdr_len, uint64_t seq, - const uint8_t *in, size_t inlen, - uint8_t *out, size_t *outlen, - size_t maxlen) { - CK_NSS_AEAD_PARAMS aeadParams; - unsigned char nonce[12]; - - memset(&aeadParams, 0, sizeof(aeadParams)); - aeadParams.pNonce = nonce; - aeadParams.ulNonceLen = sizeof(nonce); - aeadParams.pAAD = const_cast<uint8_t *>(hdr); - aeadParams.ulAADLen = hdr_len; - aeadParams.ulTagLen = 16; - - FormatNonce(seq, nonce); - return AeadInner(decrypt, (unsigned char *)&aeadParams, sizeof(aeadParams), - in, inlen, out, outlen, maxlen); + aead_.reset(ctx); + return true; } -bool TlsCipherSpec::Init(uint16_t epoc, SSLCipherAlgorithm cipher, - PK11SymKey *key, const uint8_t *iv) { - epoch_ = epoc; - switch (cipher) { - case ssl_calg_aes_gcm: - aead_.reset(new AeadCipherAesGcm()); - break; - case ssl_calg_chacha20: - aead_.reset(new AeadCipherChacha20Poly1305()); - break; - default: - return false; +bool TlsCipherSpec::Unprotect(const TlsRecordHeader& header, + const DataBuffer& ciphertext, + DataBuffer* plaintext) { + if (aead_ == nullptr) { + return false; } - - return aead_->Init(key, iv); -} - -bool TlsCipherSpec::Unprotect(const TlsRecordHeader &header, - const DataBuffer &ciphertext, - DataBuffer *plaintext) { // Make space. plaintext->Allocate(ciphertext.len()); auto header_bytes = header.header(); - size_t len; - bool ret = - aead_->Aead(true, header_bytes.data(), header_bytes.len(), - header.sequence_number(), ciphertext.data(), ciphertext.len(), - plaintext->data(), &len, plaintext->len()); - if (!ret) return false; + unsigned int len; + uint64_t seqno; + if (dtls_) { + seqno = header.sequence_number(); + } else { + seqno = in_seqno_; + } + SECStatus rv = + SSL_AeadDecrypt(aead_.get(), seqno, header_bytes.data(), + header_bytes.len(), ciphertext.data(), ciphertext.len(), + plaintext->data(), &len, plaintext->len()); + if (rv != SECSuccess) { + return false; + } - plaintext->Truncate(len); + RecordUnprotected(seqno); + plaintext->Truncate(static_cast<size_t>(len)); return true; } -bool TlsCipherSpec::Protect(const TlsRecordHeader &header, - const DataBuffer &plaintext, - DataBuffer *ciphertext) { +bool TlsCipherSpec::Protect(const TlsRecordHeader& header, + const DataBuffer& plaintext, + DataBuffer* ciphertext) { + if (aead_ == nullptr) { + return false; + } // Make a padded buffer. - ciphertext->Allocate(plaintext.len() + 32); // Room for any plausible auth tag - size_t len; + unsigned int len; DataBuffer header_bytes; (void)header.WriteHeader(&header_bytes, 0, plaintext.len() + 16); - bool ret = - aead_->Aead(false, header_bytes.data(), header_bytes.len(), - header.sequence_number(), plaintext.data(), plaintext.len(), - ciphertext->data(), &len, ciphertext->len()); - if (!ret) return false; + uint64_t seqno; + if (dtls_) { + seqno = header.sequence_number(); + } else { + seqno = out_seqno_; + } + + SECStatus rv = + SSL_AeadEncrypt(aead_.get(), seqno, header_bytes.data(), + header_bytes.len(), plaintext.data(), plaintext.len(), + ciphertext->data(), &len, ciphertext->len()); + if (rv != SECSuccess) { + return false; + } + + RecordProtected(); ciphertext->Truncate(len); return true; |